WO2015019821A1 - 情報処理装置、情報処理方法及びコンピュータプログラム - Google Patents
情報処理装置、情報処理方法及びコンピュータプログラム Download PDFInfo
- Publication number
- WO2015019821A1 WO2015019821A1 PCT/JP2014/069063 JP2014069063W WO2015019821A1 WO 2015019821 A1 WO2015019821 A1 WO 2015019821A1 JP 2014069063 W JP2014069063 W JP 2014069063W WO 2015019821 A1 WO2015019821 A1 WO 2015019821A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- information
- secret
- information processing
- use permission
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present disclosure relates to an information processing apparatus, an information processing method, and a computer program.
- the method of authenticating an individual can be classified into three types: authentication by knowledge, authentication by possession, and authentication by biometric information.
- Authentication by knowledge includes, for example, authentication by password
- authentication by possession includes, for example, authentication by a magnetic card having a magnetic stripe and an IC card having an IC chip.
- the biometric information authentication includes fingerprint authentication, vein authentication, iris authentication, and the like.
- the present disclosure provides a new and improved information processing apparatus, information processing method, and computer program capable of ensuring the safety without depending on the distance of wireless communication while maintaining the convenience of the key device. provide.
- a key storage unit that stores one or more secret keys respectively corresponding to one or more public keys, and a key usage permission state that stores whether or not each of the one or more secret keys is permitted to use. And a storage unit, wherein at least one of the one or more secret keys can be switched between presence / absence of use permission stored in the key use permission state storage unit.
- a key storage unit that stores one or more public keys respectively corresponding to one or more secret keys held by an apparatus that requests authentication, and provides the first information to the apparatus, Second information generated using the secret key for the first information is acquired from the device, and an authentication request from the device is verified using the public key and the second information.
- An information processing apparatus is provided.
- the method includes the steps of holding one or more secret keys corresponding to one or more public keys, and storing whether or not use is permitted for each of the one or more secret keys.
- An information processing method is provided in which at least one of the one or more secret keys can be switched between presence / absence of use permission stored in the step of storing presence / absence of use permission.
- An information processing method is provided.
- a new and improved information processing apparatus and information processing that can ensure the safety without depending on the distance of wireless communication while maintaining the convenience of the key device Methods and computer programs can be provided.
- FIG. 3 is an explanatory diagram illustrating a functional configuration example of a mobile terminal 100 according to an embodiment of the present disclosure.
- FIG. 3 is an explanatory diagram illustrating a functional configuration example of a PC 200 according to an embodiment of the present disclosure.
- FIG. 5 is a flowchart illustrating an operation example of the information processing system 1 according to an embodiment of the present disclosure.
- 5 is a flowchart illustrating an operation example of the information processing system 1 according to an embodiment of the present disclosure.
- 5 is a flowchart illustrating an operation example of the mobile terminal 100 according to an embodiment of the present disclosure.
- 6 is an explanatory diagram illustrating an example of a screen displayed on the mobile terminal 100.
- FIG. 6 is an explanatory diagram illustrating an example of a screen displayed on the mobile terminal 100.
- FIG. It is explanatory drawing which shows the example of whole structure of the information processing system 1 concerning one Embodiment of this indication.
- 3 is an explanatory diagram illustrating a functional configuration example of a server device 300 according to an embodiment of the present disclosure.
- FIG. 4 is an explanatory diagram illustrating an example of a login screen of a Web service provided by the server apparatus 300 according to an embodiment of the present disclosure.
- FIG. 4 is an explanatory diagram illustrating an example of a login screen of a Web service provided by the server apparatus 300 according to an embodiment of the present disclosure.
- FIG. FIG. 9 is an explanatory diagram illustrating a modified example of the mobile terminal 100 according to an embodiment of the present disclosure.
- FIG. 9 is an explanatory diagram illustrating a modified example of the mobile terminal 100 according to an embodiment of the present disclosure. It is explanatory drawing which shows the hardware structural example. It is explanatory drawing shown about a public key authentication system. It is explanatory drawing shown about an electronic signature system.
- Patent Document 1 functions safely when the key device and the vehicle are connected by wireless communication at a close distance (for example, about 1 meter), for example, a distance of several tens of meters or more. It is not assumed that the key device and the vehicle are connected by wireless communication. If the smart entry system disclosed in Patent Document 1 is applied to wireless communication over a distance of several tens of meters, the key device responds to a call signal from a far away vehicle, There is a risk that the door will be unlocked and a third party will get away.
- a close distance for example, about 1 meter
- the key device when the key device itself is out of the user's field of view, it is assumed that the key device may react arbitrarily to the call signal from the device, even though the owner of the key device does not intend. Is done.
- the wireless communication between the device and the key device is not necessarily encrypted.
- the ID signal When a response signal including unique ID information is transmitted in the unencrypted wireless communication, the ID signal is transmitted by wiretapping. It is also assumed that leaks.
- a personal computer or web service on the Internet is locked and a personal computer or web service is to be authenticated using a key device, one key device is used. From the viewpoint of usability, it is desirable to store two or more keys and switch the keys for use.
- FIG. 1 is an explanatory diagram illustrating an overall configuration example of an information processing system 1 according to an embodiment of the present disclosure.
- FIG. 1 is an explanatory diagram illustrating an overall configuration example of an information processing system 1 according to an embodiment of the present disclosure.
- FIG. 1 is an explanatory diagram illustrating an overall configuration example of an information processing system 1 according to an embodiment of the present disclosure.
- FIG. 1 is an explanatory diagram illustrating an overall configuration example of an information processing system 1 according to an embodiment of the present disclosure.
- FIG. 1 is an explanatory diagram illustrating an overall configuration example of an information processing system 1 according to an embodiment of the present disclosure.
- the information processing system 1 includes a mobile terminal 100 and a PC (Personal Computer) 200.
- PC Personal Computer
- the information processing system 1 is a system that authenticates a user who intends to use the service provided by the PC 200 by a public key authentication method or a digital signature method when the user uses the service.
- the mobile terminal 100 is a device that generates a key pair including a public key pk and a secret key sk. When using the service provided by the PC 200, the mobile terminal 100 transmits only the public key pk to the PC 200 in the generated key pair.
- the mobile terminal 100 can generate not only one but a plurality of key pairs.
- the mobile terminal 100 can set different public keys pk for a plurality of services to be authenticated by generating a plurality of key pairs.
- the PC 200 is a device that performs authentication by a public key authentication method or an electronic signature method.
- the PC 200 holds a public key pk generated by the mobile terminal 100 and registered from the mobile terminal 100 in advance. Then, the PC 200 tries to use the service using the public key pk registered from the mobile terminal 100 and the information generated using the secret key sk corresponding to the public key pk generated by the mobile terminal 100. Authenticate the user.
- the services provided by the PC 200 include, for example, login to the PC 200, unlocking, execution of applications installed on the PC 200, content on the PC 200 (for example, music data, still image data, moving image data, electronic book data, etc.). Playback may be included.
- the content playback processing on the PC 200 may include, for example, music or video playback processing, image display processing, electronic book playback processing, and the like.
- the user of the PC 200 generates a key pair composed of the public key pk and the secret key sk on the mobile terminal 100 and registers the public key pk in the PC 200, so that the login and unlocking to the PC 200 as described above, It is possible to lock the execution of an application installed on the PC 200, the reproduction of content on the PC 200, and the like.
- the PC 200 When the PC 200 tries to execute the locked service, the PC 200 transmits an authentication request to the mobile terminal 100 having the secret key sk corresponding to the public key set for the service, and the mobile terminal Using the answer from 100, it is determined whether or not there is an authority to execute the service.
- the mobile terminal 100 may be a device such as a smartphone, a tablet-type terminal, a mobile phone, or a PHS, and may be a wristwatch-type, wristband-type, ring-type, glasses-type or other wearable device, key-holder-type device, or the like. May be.
- the portable terminal 100 may be in any form as long as it can generate or hold a key pair including the public key pk and the secret key sk and can communicate with the PC 200.
- the PC 200 may be, for example, a television, a smartphone, a tablet terminal, a glasses-type wearable device, a camera, a camcorder, a hard disk recorder, a game machine, or the like.
- the PC 200 may be in any form as long as it can hold the public key pk and can communicate with the mobile terminal 100.
- the communication between the portable terminal 100 and the PC 200 may be wired communication or wireless communication. In the following description, it is assumed that communication between the portable terminal 100 and the PC 200 is wireless communication unless otherwise specified.
- a wireless LAN, Bluetooth (registered trademark), ZigBee (registered trademark), or the like may be used.
- FIG. 2 is an explanatory diagram illustrating a functional configuration example of the mobile terminal 100 according to an embodiment of the present disclosure.
- a functional configuration example of the mobile terminal 100 according to an embodiment of the present disclosure will be described with reference to FIG.
- the mobile terminal 100 includes a control unit 102, a key generation unit 104, a key input unit 106, a key storage unit 108, a key selection unit 110, A key usage notification unit 112, a key usage permission state storage unit 114, a key usage permission switching unit 116, a key usage permission state display unit 118, a reception unit 120, and a transmission unit 122 are configured. .
- the control unit 102 controls the operation of the mobile terminal 100. That is, each component of the mobile terminal 100 illustrated in FIG. 2 operates under the control of the control unit 102. Further, when an authentication request is transmitted from the PC 200, the control unit 102 generates a response to the authentication request by using one secret key sk from among secret keys sk stored in the key storage unit 108 described later. Execute the process.
- the key generation unit 104 generates a key pair including the public key pk and the secret key sk.
- the public key authentication method is not limited to a specific one.
- an RSA cipher may be used, or an elliptic curve cipher may be used.
- a public key authentication method disclosed in, for example, Japanese Patent Application Laid-Open No. 2012-98690 and the like, which bases security on the difficulty of solving a multi-order multivariable simultaneous equation, may be used. .
- the key input unit 106 allows the user of the mobile terminal 100 to input a key pair including the public key pk and the secret key sk.
- the public key authentication method based on the difficulty of solving problems for multi-order multivariable simultaneous equations disclosed in the above-mentioned Japanese Patent Application Laid-Open No. 2012-98690 and the like is for securing 80-bit security.
- the key length is 80 bits. Therefore, if a public key authentication method that bases security on the difficulty of solving the multivariable simultaneous equations is used, the key input unit 106 is very high by allowing the user to input information of 140 bits or less, for example. Security key information can be set.
- the key storage unit 108 stores a key pair made up of the public key pk and the secret key sk, which is generated by the key generation unit 104 or input by the key input unit 106.
- the public key pk can be transmitted from the transmission unit 112 to the PC 200 in order to lock the service provided by the PC 200.
- the secret key sk is stored in the key storage unit 108, it is desirable that the key storage unit 108 has tamper resistance.
- the key selection unit 110 determines which secret key sk among the secret keys sk stored in the key storage unit 108 is to be selected. When one of the secret keys sk stored in the key storage unit 108 is selected by the key selection unit 110, the mobile terminal 100 uses the secret key sk in the selected state to receive a signal from the PC 200. An answer to the authentication request can be generated.
- the key use notification unit 112 uses the secret key sk when the control unit 102 generates a response to the authentication request from the PC 200 using one secret key sk from among the secret keys sk stored in the key storage unit 108. This is notified by an image, sound, vibration or the like.
- the key use permission state storage unit 114 stores a use permission state for each secret key sk stored in the key storage unit 108.
- the key usage permission switching unit 116 indicates whether or not each of the secret keys sk stored in the key storage unit 108 stored in the key usage permission status storage unit 114 can be used. Switch based on.
- the key use permission state display unit 118 indicates whether each of the secret keys sk stored in the key storage unit 108 stored in the key use permission state storage unit 114 is usable or not. Display based on user operation.
- the key usage permission switching unit 116 may collectively switch the availability status of a part of or all of the secret key sk stored in the key storage unit 108. In this case, when the usage permission status for all the secret keys sk and the usage permission status for the individual secret keys sk are different, the key usage permission switching unit 116 prioritizes the presence or absence of the usage permission for all the secret keys sk. Alternatively, priority may be given to the presence or absence of permission to use the individual secret key sk.
- the receiving unit 120 receives information wirelessly transmitted from the PC 200.
- the information received by the receiving unit 120 from the PC 200 includes, for example, a registration request for the public key pk to the PC 200 and an authentication request using the public key pk.
- the transmission unit 122 wirelessly transmits information to the PC 200.
- the information that the transmission unit 122 transmits to the PC 200 includes, for example, the public key pk in response to the registration request for the public key pk to the PC 200 and the response generated by the control unit 102 in response to the authentication request using the public key pk. .
- the mobile terminal 100 according to an embodiment of the present disclosure can hold a plurality of secret keys sk in the key storage unit 108 by having the configuration illustrated in FIG.
- the mobile terminal 100 according to an embodiment of the present disclosure has the configuration illustrated in FIG. 2, so that one secret key sk is set to a selected state from among a plurality of secret keys sk held in the key storage unit 108. it can.
- the mobile terminal 100 according to an embodiment of the present disclosure has the configuration illustrated in FIG. 2, thereby setting whether or not each of the plurality of secret keys sk held in the key storage unit 108 can be used. Can show the availability status.
- FIG. 3 is an explanatory diagram illustrating a functional configuration example of the PC 200 according to an embodiment of the present disclosure.
- a functional configuration example of the PC 200 according to an embodiment of the present disclosure will be described with reference to FIG.
- the PC 200 includes a control unit 202, a public key storage unit 204, a verification result output unit 206, a transmission unit 208, and a reception unit 210. Consists of.
- the control unit 202 controls the operation of the PC 200. That is, each component of the PC 200 illustrated in FIG. 3 operates under the control of the control unit 202. In addition, the control unit 202 transmits an authentication request from the PC 200, and when a response to the authentication request is transmitted from the mobile terminal 100, the response is verified to authenticate the mobile terminal 100 that transmitted the response. .
- the public key storage unit 204 stores the public key pk in the key pair including the public key pk and the secret key sk generated by the mobile terminal 100.
- the public key pk generated by the portable terminal 100 is received by the reception unit 210 and stored in the public key storage unit 204 by the control unit 202.
- the verification result output unit 206 transmits an authentication request from the PC 200, and when a response to the authentication request is transmitted from the mobile terminal 100, the verification result for the response is output as an image, sound, vibration, or the like.
- the transmission unit 208 wirelessly transmits information to the mobile terminal 100.
- the information that the transmission unit 208 transmits to the mobile terminal 100 includes, for example, a registration request for the public key pk to the mobile terminal 100 and an authentication request using the public key pk held in the public key storage unit 204.
- the receiving unit 210 receives information wirelessly transmitted from the mobile terminal 100.
- Information received from the mobile terminal 100 by the receiving unit 210 is sent, for example, in response to an authentication request using the public key pk or public key pk sent to the PC 200 in response to the public key pk registration request. Includes answers.
- the public key authentication method is an authentication method in which a certain person (certifier) uses the public key pk and the secret key sk to convince another person (verifier) that the person is the principal.
- the prover A's public key pk A is disclosed to the verifier.
- the secret key sk A of the prover A is secretly managed by the prover.
- the person who knows the secret key sk A corresponding to the public key pk A is regarded as the prover A himself.
- the prover A If the prover A is trying to prove their identity to the verifier B, the prover A is to perform an interactive protocol with the verifier B, the secret key itself corresponding to the public key pk A sk A Prove that you know.
- the verifier B proves that the prover A knows the secret key sk A by the interactive protocol, the authenticity of the prover A (identity) is proved.
- the first condition is to reduce as much as possible the probability that a falsification is established by a falsifier who does not have the secret key sk when the interactive protocol is executed.
- the fact that this first condition is satisfied is called “soundness”.
- soundness In other words, in a dialogue protocol having soundness, it is paraphrased that a falsification cannot be established with a probability that cannot be ignored by a falsifier who does not have the secret key sk.
- the second condition is that even if the interactive protocol is executed, the information on the secret key sk A possessed by the prover A is not leaked to the verifier B at all. The fact that this second condition is satisfied is called “zero knowledge”.
- the security of the public key authentication method is ensured by using the dialogue protocol having the above soundness and zero knowledge.
- the prover uses a key generation algorithm Gen to generate a pair of a secret key sk and a public key pk unique to the prover.
- the prover executes an interactive protocol with the verifier using the set of the secret key sk and the public key pk generated using the key generation algorithm Gen.
- the prover uses the prover algorithm P to execute the interactive protocol.
- the prover uses the prover algorithm P to prove to the verifier that the secret key sk is held.
- the verifier executes the interactive protocol by using the verifier algorithm V, and verifies whether or not the prover has a secret key corresponding to the public key published by the prover. That is, the verifier is an entity that verifies whether the prover has a secret key corresponding to the public key.
- the public key authentication method model includes two entities, a prover and a verifier, and three algorithms, a key generation algorithm Gen, a prover algorithm P, and a verifier algorithm V.
- the expressions “prover” and “verifier” are used, but these expressions only mean entities. Therefore, the subject that executes the key generation algorithm Gen and the prover algorithm P is an information processing apparatus corresponding to the entity of the “certifier”. Similarly, the subject that executes the verifier algorithm V is an information processing apparatus.
- the key generation algorithm Gen is used by the prover.
- the key generation algorithm Gen is an algorithm for generating a set of a secret key sk and a public key pk unique to the prover.
- the public key pk generated by the key generation algorithm Gen is made public.
- the public key pk that is made public is used by the verifier.
- the secret key sk managed secretly is used to prove to the verifier that the secret key sk corresponding to the public key pk is held.
- the key generation algorithm Gen is expressed as the following equation (1) as an algorithm that inputs a security parameter 1 ⁇ ( ⁇ is an integer of 0 or more) and outputs a secret key sk and a public key pk.
- the prover algorithm P is used by the prover.
- the prover algorithm P is an algorithm for proving that the secret key sk corresponding to the public key pk is held.
- the prover algorithm P is defined as an algorithm that receives the prover's private key sk and public key pk as input and executes an interactive protocol with the verifier.
- the verifier algorithm V is used by the verifier.
- the verifier algorithm V is an algorithm for verifying whether or not the prover has a secret key sk corresponding to the public key pk in the interactive protocol.
- the verifier algorithm V is defined as an algorithm that takes the public key pk of the prover as an input, outputs a 0 or 1 (1 bit) after executing a dialogue protocol with the prover. In the case of output 0, it is assumed that the prover is invalid, and in the case of output 1, the prover is valid.
- the verifier algorithm V is expressed as the following equation (2).
- the public key authentication method is required to satisfy the two conditions of soundness and zero knowledge to ensure safety.
- the prover executes a procedure depending on the secret key sk, notifies the verifier of the result, and notifies It is necessary to have the verifier perform verification based on the contents.
- the execution of the procedure depending on the secret key sk is necessary to ensure soundness.
- FIG. 17 is an explanatory diagram for explaining the outline of the algorithm of the electronic signature method.
- the electronic signature refers to a mechanism in which signature data known only to the creator of the data is provided to the recipient in association with the data, and the signature data is verified on the recipient side.
- the digital signature scheme model includes two entities, a signer and a verifier.
- the model of the electronic signature scheme is composed of three algorithms: a key generation algorithm Gen, a signature generation algorithm Sig, and a signature verification algorithm Ver.
- the signer uses a key generation algorithm Gen to generate a pair of a signer-specific signature key sk and a verification key pk. Further, the signer generates an electronic signature ⁇ to be given to the document M using the signature generation algorithm Sig. That is, the signer is an entity that gives an electronic signature to the document M.
- the verifier verifies the electronic signature ⁇ attached to the document M using the signature verification algorithm Ver. That is, the verifier is an entity that verifies the electronic signature ⁇ in order to confirm whether or not the creator of the document M is a signer.
- the expressions “signer” and “verifier” are used, but these expressions only mean entities. Accordingly, the subject that executes the key generation algorithm Gen and the signature generation algorithm Sig is an information processing apparatus corresponding to the entity of the “signer”. Similarly, the subject that executes the signature verification algorithm Ver is an information processing apparatus.
- the key generation algorithm Gen is used by the signer.
- the key generation algorithm Gen is an algorithm for generating a set of a signer-specific signature key sk and a verification key pk.
- the verification key pk generated by the key generation algorithm Gen is made public.
- the signature key sk generated by the key generation algorithm Gen is secretly managed by the signer.
- the signature key sk is used to generate an electronic signature ⁇ given to the document M.
- the key generation algorithm Gen receives the security parameter 1 ⁇ ( ⁇ is an integer greater than or equal to 0), and outputs the signature key sk and the public key pk.
- the key generation algorithm Gen can be formally expressed as the following equation (3).
- the signature generation algorithm Sig is used by the signer.
- the signature generation algorithm Sig is an algorithm for generating an electronic signature ⁇ given to the document M.
- the signature generation algorithm Sig is an algorithm that receives the signature key sk and the document M and outputs an electronic signature ⁇ .
- This signature generation algorithm Sig can be formally expressed as the following formula (4).
- the signature verification algorithm Ver is used by a verifier.
- the signature verification algorithm Ver is an algorithm for verifying whether or not the electronic signature ⁇ is a valid electronic signature for the document M.
- the signature verification algorithm Ver is an algorithm that inputs the verification key pk of the signer, the document M, and the electronic signature ⁇ , and outputs 0 or 1 (1 bit).
- This signature verification algorithm Ver can be formally expressed as the following formula (5).
- the verifier determines that the electronic signature ⁇ is invalid when the signature verification algorithm Ver outputs 0 (when the public key pk rejects the document M and the electronic signature ⁇ ), and outputs 1 ( When the public key pk accepts the document M and the electronic signature ⁇ , it is determined that the electronic signature ⁇ is valid.
- the public key authentication method and the electronic signature method are not limited to specific ones.
- an RSA cipher may be used, or an elliptic curve cipher may be used.
- a public key authentication method or a digital signature method that is based on the difficulty of solving a multi-order multivariable simultaneous equation disclosed in JP 2012-98690 A or the like may be used.
- the function used in the above document is a function composed of m n-variable quadratic polynomials (m and n are both integers of 2 or more).
- the key length for ensuring 80-bit security is 80 bits. Therefore, when a user registers a public key or is authenticated using a secret key in a service such as a Web service, the number of characters input by the user is reduced. It is more desirable to use a public key authentication method that bases security on the difficulty of solving problems for simultaneous equations.
- the public key size is small when using a public key authentication method or an electronic signature method that is based on the difficulty of solving a multi-dimensional multivariable simultaneous equation disclosed in Japanese Patent Application Laid-Open No. 2012-98690. Therefore, it can be expected to further reduce the operational and administrative effort and improve the long-term safety level. For example, in terms of operation, there are few restrictions on the display of the public key, and the effect that the length that can be input and transmitted can be shortened can be expected. In terms of management, since the public key size is short, the database size can be reduced, and the key can be set only by copying the character string. Furthermore, in terms of safety, it is a method that relies on mathematical challenges, so long-term safety can be expected.
- FIG. 4 is a flowchart illustrating an operation example of the information processing system 1 according to an embodiment of the present disclosure.
- the flowchart shown in FIG. 4 shows an operation in which a key registration request is transmitted from the PC 200 to the portable terminal 100, a key is generated by the portable terminal 100, and a public key pk is transmitted from the portable terminal 100 to the PC 200.
- a key registration request is transmitted from the PC 200 to the portable terminal 100
- a key is generated by the portable terminal 100
- a public key pk is transmitted from the portable terminal 100 to the PC 200.
- step S101 When the PC 200 requests key registration to the mobile terminal 100, first, the control unit 202 executes key registration request transmission processing (step S101).
- This key registration request transmission process can be executed in various situations. For example, when the user of the PC 200 intends to register the public key pk in the PC 200, this key registration request transmission process can be executed by operating the PC 200.
- step S101 the PC 200 then wirelessly transmits a key registration request from the transmission unit 208 to the mobile terminal 100 (step S102).
- step S102 the reception unit 120 of the mobile terminal 100 receives the key registration request wirelessly transmitted from the transmission unit 208 in step S102, the mobile terminal 100 executes a process at the time of receiving the key registration request with the reception of the key registration request. (Step S103).
- the processing at the time of receiving the key registration request in step S103 may include processing for generating a key pair including the public key pk and the secret key sk, or processing for causing the user to input the public key pk and the secret key sk.
- the key generation unit 104 executes processing for generating a key pair including the public key pk and the secret key sk
- the key input unit 106 can execute processing for causing the user to input the public key pk and the secret key sk.
- the mobile terminal 100 When the processing at the time of receiving the key registration request is executed in step S103, the mobile terminal 100 subsequently wirelessly transmits an answer to the key registration request to the PC 200 from the transmission unit 122 (step S104).
- the reply to the key registration request wirelessly transmitted from the transmission unit 122 in step S104 includes the public key pk generated in step S103.
- step S104 when receiving a reply to the key registration request wirelessly transmitted from the portable terminal 100, the PC 200 registers the public key pk included in the reply (step S105).
- the registration of the public key pk in step S105 can be executed by the control unit 202.
- the public key pk received by the PC 200 is stored in the public key storage unit 204.
- the mobile terminal 100 and the PC 200 operate as shown in FIG. 4 to transmit a key registration request from the PC 200 to the mobile terminal 100, generate a key in the mobile terminal 100, and generate a public key pk from the mobile terminal 100 to the PC 200. Can be sent.
- the PC 200 can store the public key pk transmitted from the portable terminal 100 by operating as shown in FIG.
- FIG. 5 is a flowchart illustrating an operation example of the information processing system 1 according to an embodiment of the present disclosure.
- the flowchart shown in FIG. 5 is an example of an authentication process using the public key pk stored in the PC 200.
- an operation example of the information processing system 1 according to an embodiment of the present disclosure will be described with reference to FIG.
- the PC 200 When executing the authentication process using the public key pk, the PC 200 first executes an authentication request transmission process in the control unit 202 (step S111).
- This authentication request transmission process can be executed in various situations. For example, when a user of the PC 200 tries to log in to the PC 200, tries to unlock the PC 200, or tries to execute an application installed on the PC 200, the application installed on the PC 200 is used.
- the authentication request transmission process can be executed when a certain process is to be executed, or when content is to be reproduced on the PC 200.
- the process using the application installed in the PC 200 can include, for example, a process of trying to access a specific page using a Web browser, a document editing process using document creation software, and the like.
- the content reproduction processing on the PC 200 may include, for example, music and moving image reproduction processing, image display processing, electronic book reproduction processing, and the like.
- the PC 200 When the authentication request transmission process is executed in step S111, the PC 200 then wirelessly transmits an authentication request from the transmission unit 208 to the mobile terminal 100 (step S112).
- the reception unit 120 of the portable terminal 100 receives the authentication request wirelessly transmitted from the transmission unit 208 in step S102, the portable terminal 100 executes processing at the time of receiving the authentication request along with the reception of the authentication request (step S113). ).
- the information transmitted from the PC 200 to the portable terminal 100 in the above step S112 may include a challenge generated by the PC 200 at the time of authentication in a challenge / response method using a public key authentication method, for example.
- the process at the time of receiving the authentication request in step S113 includes a process in which the control unit 102 generates a response to the challenge transmitted from the PC 200 using the secret key sk stored in the key storage unit 108.
- the PC 200 may transmit the challenge with predetermined signature information added when transmitting the authentication request in step S112.
- predetermined signature information for example, the date and time when the challenge is generated may be used.
- the PC 200 can send a response including the signature information to the portable terminal 100 by adding the predetermined signature information to the challenge and transmitting it.
- the PC 200 can determine whether the challenge is created by the PC 200 itself by checking the signature information included in the response.
- the mobile terminal 100 When the processing at the time of receiving the authentication request is executed in step S113, the mobile terminal 100 then wirelessly transmits a response to the authentication request to the PC 200 from the transmission unit 122 (step S114).
- the response to the authentication request wirelessly transmitted from the transmission unit 122 in step S114 includes a response to the challenge generated in step S113.
- the PC 200 executes an authentication process using the response included in the response (step S115).
- the control unit 202 can execute the authentication process in step S115.
- the authentication process in step S115 is performed by determining whether or not the response included in the answer from the mobile terminal 100 is a correct value.
- the PC 200 executes a predetermined authentication protocol necessary for the portable terminal 100 (step S116).
- This authentication protocol may be performed as necessary, and is not necessarily executed in the case of an authentication protocol in which the authentication processing is completed in one round trip.
- the transmission of the challenge from the PC 200 to the mobile terminal 100 and the transmission of the response from the mobile terminal 100 to the PC 200 in response to the challenge may be executed a plurality of times. By transmitting the challenge and response a plurality of times, it is possible to improve the security of authentication by the public key authentication method.
- FIG. 6 is a flowchart illustrating an operation example of the mobile terminal 100 according to an embodiment of the present disclosure.
- the flowchart shown in FIG. 6 shows in detail the processing when the mobile terminal 100 receives an authentication request in step S113.
- an operation example of the mobile terminal 100 according to an embodiment of the present disclosure will be described with reference to FIG.
- the control unit 102 determines whether or not there is one or more secret keys sk that are permitted to use. (Step S122). Information about whether or not use permission is granted to the secret key sk is stored in the key use permission state storage unit 114. Therefore, the control unit 102 refers to the key usage permission state storage unit 114 to determine whether or not there is one or more secret keys sk to which usage permission is given.
- step S122 if one or more secret keys sk to which use permission is given exist, the portable terminal 100 subsequently sends the target secret to the authentication request transmitted wirelessly from the PC 200.
- the control unit 102 determines whether information specifying a key is included (step S123). That is, the control unit 102 determines whether or not a response to the challenge is designated to be generated with the secret key designated by the PC 200.
- step S123 when the authentication request transmitted wirelessly from the PC 200 includes information specifying the target secret key, the portable terminal 100 subsequently uses the specified secret key.
- the control unit 102 determines whether or not permission is given (step S124).
- step S124 If use permission is given to the designated key as a result of the determination in step S124, the mobile terminal 100 then uses the designated secret key to reply to the authentication request, that is, a response to the challenge. Is generated by the control unit 102 (step S125).
- step S123 if the authentication request transmitted wirelessly from the PC 200 does not include information specifying the target secret key, the mobile terminal 100 continues to select the secret currently in the selected state. It is determined whether the key exists (step S126). Whether or not the secret key is in the selected state can be determined on the condition that the secret key information is displayed on the screen, whether or not the secret key is stored in the key storage unit 108 as being in the selected state, and the like.
- FIG. 7 is an explanatory diagram illustrating an example of a screen displayed on the mobile terminal 100.
- FIG. 7 shows that one of the secret keys stored in the portable terminal 100 is in the selected state (shown as the key use notification unit 112 in FIG. 7). It is shown by the display. That is, FIG. 7 shows that the secret key sk named “key # 1” is in a selected state.
- the control unit 102 determines that the secret key sk named “key # 1” is in a selected state. judge.
- the criterion for determining which secret key is in a selected state is not limited to such an example.
- the mobile terminal 100 subsequently determines whether the use permission is given to the secret key in the selected state by the control unit 102. (Step S127). If the use permission is given to the secret key in the selected state as a result of the determination in step S127, the mobile terminal 100 subsequently uses the secret key in the selected state to reply to the authentication request, that is, challenge A response is generated by the control unit 102 (step S128).
- control unit 102 determines in step S122 that there is no secret key sk to which use permission is given, the control unit 102 determines in step S124 that use permission is not given to the specified key. If it is determined, or if it is determined in step S127 that use permission is not given to the secret key in the selected state, a series of processing is terminated without generating a response to the authentication request (step S130). .
- control unit 102 determines in step S122 that there is no secret key sk to which use permission is given, the control unit 102 determines in step S124 that use permission is not given to the designated key. If it is determined that the use permission is not given to the secret key in the selected state in step S127, processing for requesting the use permission of the secret key may be executed.
- the process for requesting permission to use the secret key includes, for example, a process for displaying on the screen a message for allowing the user to select whether to permit the use of the secret key.
- FIG. 8 is an explanatory diagram illustrating an example of a screen displayed on the mobile terminal 100.
- FIG. 8 shows a screen displayed on the portable terminal 100 in the case of notifying that the private key has been used by displaying a message on the screen (in FIG. 8, illustrated as the key usage notification unit 112). Example).
- the key usage notification unit 112 illustrated as the key usage notification unit 112
- the mobile terminal 100 can notify the user that the secret key has been used.
- FIG. 8 shows only an example of a message displayed when the secret key is used. In the present disclosure, the message displayed when the secret key is used is limited to such an example. It goes without saying that it is not a thing.
- the mobile terminal 100 has a configuration as illustrated in FIG. 2, and uses a key by performing the operation illustrated in FIG. 6 when an authentication request is received from the PC 200. Since the presence or absence of permission can be switched and the current state can be confirmed, it is possible to reduce the risk that the secret key is used at an unnecessary timing.
- the portable terminal 100 according to an embodiment of the present disclosure can switch whether or not use is permitted for each secret key, so that when one key is used, another key can be expected. There is an effect to prevent the use of the system.
- the mobile terminal 100 according to an embodiment of the present disclosure has the configuration illustrated in FIG. 2, so that the user can be notified when the secret key is used.
- the mobile terminal 100 according to an embodiment of the present disclosure notifies the user when the secret key is used, thereby preventing the damage when the secret key stored in the mobile terminal 100 is used without permission. Can do.
- the mobile terminal 100 according to an embodiment of the present disclosure can also be expected to have a psychological suppression effect on an attacker who intends to illegally use the secret key by notifying the user when the secret key is used.
- the mobile terminal 100 according to an embodiment of the present disclosure uses public key authentication.
- the mobile terminal 100 according to an embodiment of the present disclosure can obtain the following effects by using public key authentication.
- the mobile terminal 100 sends a response to a person other than the other party who should respond, the information on the secret key stored in the mobile terminal 100 is not leaked. Will not be affected. Even if the wireless communication between the portable terminal 100 and the PC 200 is not encrypted, the secret key information is not leaked when the communication content is wiretapped.
- the public key can be shared with other devices and services different from the PC 200.
- the public key can be used to log in to services on the Internet as described later. At this time, it is possible to log in to a service on the Internet from a plurality of devices (not registered in the device).
- the mobile terminal 100 When the mobile terminal 100 according to an embodiment of the present disclosure grants the use permission to the secret key by the key use permission switching unit 116, authentication based on knowledge, authentication based on biometric information, authentication based on property, or a combination of these The user may be confirmed by.
- the mobile terminal 100 according to an embodiment of the present disclosure can further increase the strength at the time of authentication by confirming the user based on knowledge, biological information, possession, or a combination thereof.
- Authentication by knowledge includes, for example, authentication by passcode, and authentication by biometric information includes authentication by fingerprint, authentication by vein, authentication by iris, and the like.
- Authentication by possession includes authentication by a card provided with an IC chip, a portable terminal, etc., authentication by a Bluetooth device, or the like.
- the mobile terminal 100 may automatically cancel the use permission after a certain time has elapsed since the use permission was given to the secret key.
- the portable terminal 100 may automatically cancel the use permission when the use of the secret key has not been used for a certain period of time after the use permission is given to the secret key.
- the mobile terminal 100 responds to a request when the device that has sent the authentication request is not a pre-registered device even when the use permission of the secret key is given. You may not do it.
- the device registration information may be stored in the key storage unit 108. If the device registration information is not registered in the key storage unit 108, the key use permission switching unit 116 determines whether the secret key that is the target of the authentication request is stored. By canceling the usage permission, the request may not be answered.
- the mobile terminal 100 may perform device registration as a device for requesting use of a key, for example, by sending a public key from a counterpart device.
- the mobile terminal 100 may have a function of shortening the wireless reach by reducing the output of the wireless device by a user operation.
- an authentication request is received unintentionally when an authentication request comes from outside the user's field of view of the mobile terminal 100 by shortening the wireless reach by reducing the output of the wireless device by the user's operation
- the mobile terminal 100 may display information on a device that has sent the authentication request.
- the mobile terminal 100 according to an embodiment of the present disclosure receives an authentication request from a device other than a registered device, the notification is different from the normal notification, for example, unusual sound, different vibration, different color light, etc. You may notify by.
- the mobile terminal 100 may record the time when the authentication request is made and the information of the partner who requested the authentication as a history.
- the mobile terminal 100 according to an embodiment of the present disclosure can confirm whether or not there is a suspicious request by recording the time when the authentication request is made and the information of the partner who has made the authentication request as a history. be able to.
- the history may be stored in the key storage unit 108, for example.
- an authentication function based on a public key authentication method can be executed even if a secret key is not stored inside an apparatus that executes a Web browser, and an ID is assigned to each Web site.
- An example of a technique capable of switching between authentication using a password and authentication using a response to a challenge is shown.
- FIG. 9 is an explanatory diagram illustrating an overall configuration example of the information processing system 1 according to an embodiment of the present disclosure.
- an overall configuration example of the information processing system 1 according to an embodiment of the present disclosure will be described with reference to FIG.
- the information processing system 1 includes a mobile terminal 100, a PC 200, and a server device 300.
- a server device 300 is added to the configuration shown in FIG.
- the server apparatus 300 authenticates the user by causing the user of the PC 200 to input an ID and password to a web browser executed on the PC 200, and provides a service on the Internet to the authenticated user. It is a server.
- Examples of services (Web services) provided by the server apparatus 300 include SNS (social networking service or social networking system), Web mail service, and net banking service.
- SNS social networking service or social networking system
- Web mail service Web mail service
- net banking service net banking service
- the portable terminal 100 generates a key pair composed of the public key pk and the secret key sk as in the above-described embodiment. Then, in response to a request from the PC 200, the generated public key pk is provided to the PC 200 from the portable terminal 100. Then, the PC 200 provides the public key pk acquired from the mobile terminal 100 to the server device 300 for authentication by the server device 300.
- the server device 300 uses the public key pk to respond to the challenge transmitted from the server device 300 to the mobile terminal 100 via the PC 200.
- the authentication using the response transmitted from the PC 200 and acquired by the PC 200 from the mobile terminal 100 is executed.
- the server device 300 when the server device 300 authenticates the user, the server device 300 displays on the PC 200 a screen for selecting authentication using the ID and password and authentication using a response to the challenge. Then, the server apparatus 300 causes the PC 200 to display a screen corresponding to the selection result.
- the server apparatus 300 does not need to store a key in the Web browser executed on the PC 200 by selecting the authentication method for each Web site in this way, and authentication using an ID and a password for each Web site. And authentication using a response to the challenge.
- FIG. 10 is an explanatory diagram illustrating a functional configuration example of the server apparatus 300 according to an embodiment of the present disclosure. Note that FIG. 10 also illustrates a functional configuration example of the PC 200 according to an embodiment of the present disclosure. Hereinafter, a functional configuration example of the server apparatus 300 according to the embodiment of the present disclosure will be described with reference to FIG.
- the server device 300 includes a control unit 302, a public key storage unit 304, a verification result output unit 306, a transmission unit 308, a reception unit 310, It is comprised including.
- the PC 200 according to an embodiment of the present disclosure includes a verification result display unit 212.
- the control unit 302 controls the operation of the server device 300.
- the public key storage unit 304 stores the public key pk among the key pair composed of the public key pk and the secret key sk generated by the mobile terminal 100.
- the verification result output unit 306 transmits an authentication request from the server device 300, and when a response to the authentication request is transmitted from the portable terminal 100 via the PC 200, the verification result for the response is displayed as a verification result of the PC 200.
- the verification result display unit 212 of the PC 200 acquires the verification result output from the verification result output unit 306 of the server device 300 and displays it on a predetermined position on the screen.
- the transmission unit 308 transmits information to the PC 200.
- Information transmitted from the transmission unit 208 to the PC 200 includes, for example, a registration request for the public key pk and an authentication request using the public key pk held in the public key storage unit 304.
- the receiving unit 310 receives information transmitted from the PC 200.
- the information received from the PC 200 by the reception unit 310 includes, for example, a public key pk sent in response to a registration request for the public key pk and a reply sent in response to an authentication request using the public key pk.
- the server apparatus 300 has such a configuration, and can authenticate a user who uses the PC 200 by authentication using a response to a challenge when the user is authenticated.
- the server apparatus 300 may transmit the challenge with predetermined signature information added thereto.
- the server device 300 can cause the portable terminal 100 to send back a response including the signature information by adding predetermined signature information to the challenge and transmitting the challenge. Then, the server device 300 can determine whether the challenge is created by the server device 300 itself by checking the signature information included in the response.
- the function configuration example of the server device 300 according to the embodiment of the present disclosure has been described above with reference to FIG. Next, an example of a web service login screen provided by the server apparatus 300 according to an embodiment of the present disclosure will be described.
- FIG. 11 and 12 are explanatory diagrams illustrating an example of a login screen of a Web service provided by the server apparatus 300 according to an embodiment of the present disclosure.
- the PC 200 accesses the server apparatus 300 and is displayed on the PC 200 screen. It is an example of a login screen.
- FIG. 11 is an example of a screen displayed on the screen of the PC 200 when the Web service provided by the server device 300 does not support the public key authentication method.
- FIG. 12 is an example of a screen displayed on the screen of the PC 200 when the Web service provided by the server apparatus 300 is compatible with the public key authentication method.
- the server device 300 when the Web service provided by the server device 300 is compatible with the public key authentication method, the server device 300 presents that fact on the login screen.
- the user of the PC 200 can select the authentication using the ID and password and the authentication using the response to the challenge by looking at the login screen on which the fact that it corresponds to the public key authentication method is presented.
- the login screen of the Web service provided by the server apparatus 300 is not limited to such an example.
- FIGS. 13 and 14 are explanatory diagrams illustrating modifications of the mobile terminal 100 according to an embodiment of the present disclosure.
- the mobile terminal 100 according to an embodiment of the present disclosure may have an appearance as illustrated in FIGS. 13 and 14.
- the key use permission switching unit 116 in FIGS. 13 and 14 can switch the use permission of the secret key corresponding to the number by turning on / off the switch. In the example shown in FIG. 13, use permission is given only to the secret key corresponding to No. 1.
- the key use notification unit 112 in FIGS. 13 and 14 notifies the user that the private key has been used by lighting up. Accordingly, the key use notification unit 112 may be configured by, for example, an LED (Light Emitting Diode).
- the portable terminal 100 turns on the portion corresponding to the used secret key in the key use notification unit 112 as shown in FIG. Since the key use notification unit 112 is lit in this manner, the mobile terminal 100 can present to the user that the secret key has been used.
- Each of the above algorithms can be executed using, for example, the hardware configuration of the information processing apparatus shown in FIG. That is, the processing of each algorithm is realized by controlling the hardware shown in FIG. 15 using a computer program.
- the form of this hardware is arbitrary, for example, personal information terminals such as personal computers, mobile phones, PHS, PDAs, game machines, contact or non-contact IC chips, contact or non-contact ICs This includes cards or various information appliances.
- PHS is an abbreviation of Personal Handy-phone System.
- the PDA is an abbreviation for Personal Digital Assistant.
- the hardware mainly includes a CPU 902, a ROM 904, a RAM 906, a host bus 908, and a bridge 910. Further, this hardware includes an external bus 912, an interface 914, an input unit 916, an output unit 918, a storage unit 920, a drive 922, a connection port 924, and a communication unit 926.
- the CPU is an abbreviation for Central Processing Unit.
- the ROM is an abbreviation for Read Only Memory.
- the RAM is an abbreviation for Random Access Memory.
- the CPU 902 functions as, for example, an arithmetic processing unit or a control unit, and controls the overall operation of each component or a part thereof based on various programs recorded in the ROM 904, the RAM 906, the storage unit 920, or the removable recording medium 928.
- the ROM 904 is a means for storing a program read by the CPU 902, data used for calculation, and the like.
- a program read by the CPU 902 various parameters that change as appropriate when the program is executed, and the like are temporarily or permanently stored.
- a host bus 908 capable of high-speed data transmission.
- the host bus 908 is connected to an external bus 912 having a relatively low data transmission speed via a bridge 910, for example.
- a bridge 910 for example.
- the input unit 916 for example, a mouse, a keyboard, a touch panel, a button, a switch, a lever, or the like is used.
- a remote controller capable of transmitting a control signal using infrared rays or other radio waves may be used.
- a display device such as a CRT, LCD, PDP, or ELD
- an audio output device such as a speaker or a headphone, a printer, a mobile phone, or a facsimile, etc.
- the above CRT is an abbreviation of Cathode Ray Tube.
- the LCD is an abbreviation for Liquid Crystal Display.
- the PDP is an abbreviation for Plasma Display Panel.
- the above ELD is an abbreviation for Electro-Luminescence Display.
- the storage unit 920 is a device for storing various data.
- a magnetic storage device such as a hard disk drive (HDD), a semiconductor storage device, an optical storage device, a magneto-optical storage device, or the like is used.
- HDD hard disk drive
- the above HDD is an abbreviation for Hard Disk Drive.
- the drive 922 is a device that reads information recorded on a removable recording medium 928 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, or writes information to the removable recording medium 928.
- the removable recording medium 928 is, for example, a DVD medium, a Blu-ray medium, an HD DVD medium, various semiconductor storage media, or the like.
- the removable recording medium 928 may be, for example, an IC card on which a non-contact type IC chip is mounted, an electronic device, or the like.
- the above IC is an abbreviation for Integrated Circuit.
- the connection port 924 is a port for connecting an external connection device 930 such as a USB port, an IEEE 1394 port, a SCSI, an RS-232C port, or an optical audio terminal.
- the external connection device 930 is, for example, a printer, a portable music player, a digital camera, a digital video camera, or an IC recorder.
- the USB is an abbreviation for Universal Serial Bus.
- the SCSI is an abbreviation for Small Computer System Interface.
- the communication unit 926 is a communication device for connecting to the network 932.
- a wired or wireless LAN for example, a wired or wireless LAN, Bluetooth (registered trademark), or a WUSB communication card, an optical communication router, an ADSL router, or a contact Or a device for non-contact communication.
- the network 932 connected to the communication unit 926 is configured by a wired or wireless network, such as the Internet, home LAN, infrared communication, visible light communication, broadcast, or satellite communication.
- the above LAN is an abbreviation for Local Area Network.
- the WUSB is an abbreviation for Wireless USB.
- the above ADSL is an abbreviation for Asymmetric Digital Subscriber Line.
- the CPU 902 can take on the functions of the control unit 102 and the key generation unit 104, for example.
- the functions of the key input unit 106, the key selection unit 110, and the key use permission switching unit 116 can be performed by the input unit 916.
- the functions of the key storage unit 108 and the key use permission state storage unit 114 are the key use notification unit. 112 and the function of the key use permission state storage unit 114 can be performed by the ROM 904, the RAM 906, the storage unit 920, or the removable recording medium 928.
- the function of the key usage permission state display unit 118 can be performed by the output unit 918.
- the functions of the reception unit 120 and the transmission unit 122 can be performed by the communication unit 926.
- the mobile terminal 100 that can hold a plurality of secret keys sk is provided.
- the mobile terminal 100 according to an embodiment of the present disclosure has the configuration illustrated in FIG. 2, so that one private key sk can be set to a selected state from among a plurality of private keys sk held in the key storage unit 108.
- the mobile terminal 100 according to an embodiment of the present disclosure has the configuration illustrated in FIG. 2, thereby setting whether or not each of the plurality of secret keys sk held in the key storage unit 108 can be used. Can show the availability status.
- the PC 200 or the server device 300 that performs user authentication using the public key provided from the mobile terminal 100 is provided.
- each step in the processing executed by each device in this specification does not necessarily have to be processed in chronological order in the order described as a sequence diagram or flowchart.
- each step in the processing executed by each device may be processed in an order different from the order described as the flowchart, or may be processed in parallel.
- the computer program can be distributed from a predetermined application distribution site existing on a network such as the Internet as an application program for various information processing terminals such as smartphones and tablets.
- a predetermined application distribution site includes a storage device that stores a program and a server device that includes a communication device that transmits the application program in response to a download request from a client (various information processing terminals such as a smartphone or a tablet).
- client various information processing terminals such as a smartphone or a tablet.
- this technique can also take the following structures.
- a key storage unit that holds one or more private keys respectively corresponding to one or more public keys;
- a key use permission state storage unit for storing presence / absence of use permission for each of the one or more secret keys;
- An information processing apparatus capable of switching presence / absence of use permission stored in the key use permission state storage unit for at least one of the one or more secret keys.
- the information processing apparatus according to any one of (1) to (10), further including an interface that receives an input of at least one secret key from a user.
- the key storage unit stores a history of authentication requests for each secret key.
- a key storage unit that stores one or more public keys respectively corresponding to one or more secret keys held by an apparatus that requests authentication; Providing first information to the device, obtaining second information generated from the device using the secret key for the first information, and obtaining the public key and the second information A verification unit for verifying an authentication request from the device using information;
- An information processing apparatus comprising: (14) The information processing apparatus according to (13), wherein the verification unit transmits the first information with signature information added to the apparatus that requests the authentication.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Telephone Function (AREA)
Abstract
Description
<1.本開示の背景>
<2.本開示の一実施形態>
[システム構成例]
[機能構成例]
[公開鍵認証方式及び秘密鍵の説明]
[動作例]
<3.ハードウェア構成例>
<4.まとめ>
まず、本開示の実施の形態について詳細に説明する前に、本開示の背景について触れる。本開示の背景に触れた後に、その背景に対する本開示の実施の形態を詳細に説明する。
[システム構成例]
まず、図面を参照しながら本開示の一実施形態にかかる情報処理システムの構成例を説明する。図1は、本開示の一実施形態にかかる情報処理システム1の全体構成例を示す説明図である。以下、図1を用いて本開示の一実施形態にかかる情報処理システム1の全体構成例について説明する。
図2は、本開示の一実施形態に係る携帯端末100の機能構成例を示す説明図である。以下、図2を用いて本開示の一実施形態に係る携帯端末100の機能構成例について説明する。
続いて、公開鍵認証方式及び秘密鍵の説明を行なう。公開鍵認証方式とは、ある人(証明者)が、公開鍵pk及び秘密鍵skを利用して、他の人(検証者)に本人であることを納得させるための認証方式である。例えば、証明者Aの公開鍵pkAは、検証者に公開される。一方、証明者Aの秘密鍵skAは、証明者により秘密に管理される。公開鍵認証方式では、公開鍵pkAに対応する秘密鍵skAを知る者が証明者A本人であるとみなされる。
鍵生成アルゴリズムGenは、証明者により利用される。そして、鍵生成アルゴリズムGenは、証明者に固有の秘密鍵skと公開鍵pkの組を生成するアルゴリズムである。鍵生成アルゴリズムGenにより生成された公開鍵pkは公開される。そして、公開された公開鍵pkは、検証者により利用される。一方、鍵生成アルゴリズムGenにより生成された秘密鍵skは、証明者が秘密に管理する。そして、秘密に管理される秘密鍵skは、検証者に対して公開鍵pkに対応する秘密鍵skを保有していることを証明するために利用される。形式的に、鍵生成アルゴリズムGenは、セキュリティパラメータ1λ(λは0以上の整数)を入力とし、秘密鍵skと公開鍵pkを出力するアルゴリズムとして、下記の式(1)のように表現される。
証明者アルゴリズムPは、証明者により利用される。そして、証明者アルゴリズムPは、公開鍵pkに対応する秘密鍵skを保有していることを証明するアルゴリズムである。証明者アルゴリズムPは、証明者の秘密鍵skと公開鍵pkを入力とし、検証者との対話プロトコルを実行するアルゴリズムとして定義される。
検証者アルゴリズムVは、検証者により利用される。そして、検証者アルゴリズムVは、対話プロトコルの中で、公開鍵pkに対応する秘密鍵skを証明者が保有しているか否かを検証するアルゴリズムである。検証者アルゴリズムVは、証明者の公開鍵pkを入力とし、証明者との間で対話プロトコルを実行した後、0又は1(1bit)を出力するアルゴリズムとして定義される。なお、出力0の場合には証明者が不正なものであり、出力1の場合には証明者が正当なものであるとする。形式的に、検証者アルゴリズムVは、下記の式(2)のように表現される。
電子署名方式のモデルには、図17に示すように、署名者及び検証者という2つのエンティティが存在する。そして、電子署名方式のモデルは、鍵生成アルゴリズムGen、署名生成アルゴリズムSig、署名検証アルゴリズムVerという3つのアルゴリズムにより構成される。
鍵生成アルゴリズムGenは、署名者により利用される。鍵生成アルゴリズムGenは、署名者固有の署名鍵skと検証鍵pkとの組を生成するアルゴリズムである。鍵生成アルゴリズムGenにより生成された検証鍵pkは公開される。一方、鍵生成アルゴリズムGenにより生成された署名鍵skは、署名者により秘密に管理される。そして、署名鍵skは、文書Mに付与される電子署名σの生成に利用される。例えば、鍵生成アルゴリズムGenは、セキュリティパラメータ1λ(λは0以上の整数)を入力とし、署名鍵sk及び公開鍵pkを出力する。この場合、鍵生成アルゴリズムGenは、形式的に、下記の式(3)のように表現することができる。
署名生成アルゴリズムSigは、署名者により利用される。署名生成アルゴリズムSigは、文書Mに付与される電子署名σを生成するアルゴリズムである。署名生成アルゴリズムSigは、署名鍵skと文書Mとを入力とし、電子署名σを出力するアルゴリズムである。この署名生成アルゴリズムSigは、形式的に、下記の式(4)のように表現することができる。
署名検証アルゴリズムVerは、検証者により利用される。署名検証アルゴリズムVerは、電子署名σが文書Mに対する正当な電子署名であるか否かを検証するアルゴリズムである。署名検証アルゴリズムVerは、署名者の検証鍵pk、文書M、電子署名σを入力とし、0又は1(1bit)を出力するアルゴリズムである。この署名検証アルゴリズムVerは、形式的に、下記の式(5)のように表現することができる。なお、検証者は、署名検証アルゴリズムVerが0を出力した場合(公開鍵pkが文書Mと電子署名σを拒否する場合)に電子署名σが不当であると判断し、1を出力した場合(公開鍵pkが文書Mと電子署名σを受理する場合)に電子署名σが正当であると判断する。
続いて、本開示の一実施形態に係る情報処理システム1の動作例について説明する。図4は、本開示の一実施形態に係る情報処理システム1の動作例を示す流れ図である。図4に示した流れ図は、PC200から携帯端末100へ鍵登録要求を送信し、携帯端末100で鍵を生成し、携帯端末100からPC200へ公開鍵pkを送信する動作を示したものである。以下、図4を用いて本開示の一実施形態に係る情報処理システム1の動作例について説明する。
上記の各アルゴリズムは、例えば、図15に示す情報処理装置のハードウェア構成を用いて実行することが可能である。つまり、当該各アルゴリズムの処理は、コンピュータプログラムを用いて図15に示すハードウェアを制御することにより実現される。なお、このハードウェアの形態は任意であり、例えば、パーソナルコンピュータ、携帯電話、PHS、PDA等の携帯情報端末、ゲーム機、接触式又は非接触式のICチップ、接触式又は非接触式のICカード、又は種々の情報家電がこれに含まれる。但し、上記のPHSは、Personal Handy-phone Systemの略である。また、上記のPDAは、Personal Digital Assistantの略である。
以上説明したように本開示の一実施形態によれば、複数の秘密鍵skを保持できる携帯端末100が提供される。本開示の一実施形態に係る携帯端末100は、図2に示した構成を有することにより、鍵記憶部108に保持した複数の秘密鍵skの中から1つの秘密鍵skを選択状態に設定できる。また本開示の一実施形態に係る携帯端末100は、図2に示した構成を有することにより、鍵記憶部108に保持した複数の秘密鍵skのそれぞれに対し、利用の可否を設定し、また利用の可否の状態を提示できる。
(1)
1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持する鍵記憶部と、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶する鍵利用許可状態記憶部と、
を備え、
前記1以上の秘密鍵の少なくともいずれかは、前記鍵利用許可状態記憶部が記憶する利用許可の有無が切り替え可能である、情報処理装置。
(2)
前記1以上の秘密鍵のそれぞれに対して前記鍵利用許可状態記憶部が記憶する利用許可の有無を切り替える鍵利用許可切替部をさらに備える、前記(1)に記載の情報処理装置。
(3)
前記鍵利用許可切替部は、ユーザの生体情報を用いて該ユーザが認証された後に利用許可の有無を切り替える、前記(2)に記載の情報処理装置。
(4)
前記鍵利用許可切替部は、ユーザが保有する知識を用いて該ユーザが認証された後に利用許可の有無を切り替える、前記(2)に記載の情報処理装置。
(5)
前記鍵利用許可切替部は、ユーザが所有する所有物を用いて該ユーザが認証された後に利用許可の有無を切り替える、前記(2)に記載の情報処理装置。
(6)
前記鍵利用許可切替部は、前記1以上の秘密鍵のそれぞれに対して利用許可を与えた後に、利用許可を与えた秘密鍵が使用された場合は、該秘密鍵の利用許可を取り消す、前記(2)~(5)のいずれかに記載の情報処理装置。
(7)
前記鍵利用許可切替部は、前記1以上の秘密鍵のそれぞれに対して利用許可を与えた後に、所定の時間が経過すると、該秘密鍵の利用許可を取り消す、前記(2)~(5)のいずれかに記載の情報処理装置。
(8)
前記鍵利用許可状態記憶部は、各秘密鍵に対する認証要求を送信した機器が登録されている場合に、該秘密鍵の利用許可を与える、前記(2)~(7)のいずれかに記載の情報処理装置。
(9)
前記鍵記憶部が保持し、前記鍵利用許可状態記憶部により利用許可が記憶されている前記秘密鍵のいずれかが使用されたことを通知する鍵利用通知部をさらに備える、前記(1)に記載の情報処理装置。
(10)
前記鍵利用許可状態記憶部が記憶する利用許可の有無の情報を表示する鍵利用許可状態表示部をさらに備える、前記(1)~(9)のいずれかに記載の情報処理装置。
(11)
ユーザから少なくとも一つの秘密鍵の入力を受け付けるインターフェースをさらに備える、前記(1)~(10)のいずれかに記載の情報処理装置。
(12)
前記鍵記憶部は、各秘密鍵に対する認証要求の履歴を記憶する、前記(1)~(11)のいずれかに記載の情報処理装置。
(13)
認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶する鍵記憶部と、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証する検証部と、
を備える、情報処理装置。
(14)
前記検証部は、前記認証を要求する装置へ署名情報を付加した前記第1の情報を送信する、前記(13)に記載の情報処理装置。
(15)
前記検証部は、前記公開鍵を用いた認証と、ユーザが保有する知識による認証とを切替可能とする、前記(13)または(14)に記載の情報処理装置。
(16)
1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持することと、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶することと、
を備え、
前記1以上の秘密鍵の少なくともいずれかは、前記記憶される利用許可の有無が切り替え可能である、情報処理方法。
(17)
認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶することと、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証することと、
を備える、情報処理方法。
(18)
コンピュータに、
1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持することと、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶することと、
を実行させ、
前記1以上の秘密鍵の少なくともいずれかは、前記記憶される利用許可の有無が切り替え可能である、コンピュータプログラム。
(19)
コンピュータに、
認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶することと、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証することと、
を実行させる、コンピュータプログラム。
100 携帯端末
200 PC
300 サーバ装置
Claims (19)
- 1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持する鍵記憶部と、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶する鍵利用許可状態記憶部と、
を備え、
前記1以上の秘密鍵の少なくともいずれかは、前記鍵利用許可状態記憶部が記憶する利用許可の有無が切り替え可能である、情報処理装置。 - 前記1以上の秘密鍵のそれぞれに対して前記鍵利用許可状態記憶部が記憶する利用許可の有無を切り替える鍵利用許可切替部をさらに備える、請求項1に記載の情報処理装置。
- 前記鍵利用許可切替部は、ユーザの生体情報を用いて該ユーザが認証された後に利用許可の有無を切り替える、請求項2に記載の情報処理装置。
- 前記鍵利用許可切替部は、ユーザが保有する知識を用いて該ユーザが認証された後に利用許可の有無を切り替える、請求項2に記載の情報処理装置。
- 前記鍵利用許可切替部は、ユーザが所有する所有物を用いて該ユーザが認証された後に利用許可の有無を切り替える、請求項2に記載の情報処理装置。
- 前記鍵利用許可切替部は、前記1以上の秘密鍵のそれぞれに対して利用許可を与えた後に、利用許可を与えた秘密鍵が使用された場合は、該秘密鍵の利用許可を取り消す、請求項2に記載の情報処理装置。
- 前記鍵利用許可切替部は、前記1以上の秘密鍵のそれぞれに対して利用許可を与えた後に、所定の時間が経過すると、該秘密鍵の利用許可を取り消す、請求項2に記載の情報処理装置。
- 前記鍵利用許可状態記憶部は、各秘密鍵に対する認証要求を送信した機器が登録されている場合に、該秘密鍵の利用許可を与える、請求項2に記載の情報処理装置。
- 前記鍵記憶部が保持し、前記鍵利用許可状態記憶部により利用許可が記憶されている前記秘密鍵のいずれかが使用されたことを通知する鍵利用通知部をさらに備える、請求項1に記載の情報処理装置。
- 前記鍵利用許可状態記憶部が記憶する利用許可の有無の情報を表示する鍵利用許可状態表示部をさらに備える、請求項1に記載の情報処理装置。
- ユーザから少なくとも一つの秘密鍵の入力を受け付けるインターフェースをさらに備える、請求項1に記載の情報処理装置。
- 前記鍵記憶部は、各秘密鍵に対する認証要求の履歴を記憶する、請求項1に記載の情報処理装置。
- 認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶する鍵記憶部と、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証する検証部と、
を備える、情報処理装置。 - 前記検証部は、前記認証を要求する装置へ署名情報を付加した前記第1の情報を送信する、請求項13に記載の情報処理装置。
- 前記検証部は、前記公開鍵を用いた認証と、ユーザが保有する知識による認証とを切替可能とする、請求項13に記載の情報処理装置。
- 1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持することと、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶することと、
を備え、
前記1以上の秘密鍵の少なくともいずれかは、前記記憶される利用許可の有無が切り替え可能である、情報処理方法。 - 認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶することと、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証することと、
を備える、情報処理方法。 - コンピュータに、
1以上の公開鍵にそれぞれ対応する1以上の秘密鍵を保持することと、
前記1以上の秘密鍵のそれぞれに対して利用許可の有無を記憶することと、
を備え、
前記1以上の秘密鍵の少なくともいずれかは、前記記憶される利用許可の有無が切り替え可能である、コンピュータプログラム。 - コンピュータに、
認証を要求する装置が保持する1以上の秘密鍵にそれぞれ対応する1以上の公開鍵を記憶することと、
前記装置に対して第1の情報を提供し、該第1の情報に対して前記秘密鍵を用いて生成される第2の情報を前記装置から取得して、前記公開鍵及び該第2の情報を用いて前記装置からの認証の要求を検証することと、
を実行させる、コンピュータプログラム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/910,500 US10447673B2 (en) | 2013-08-05 | 2014-07-17 | Information processing apparatus, information processing method, and computer program |
JP2015530779A JPWO2015019821A1 (ja) | 2013-08-05 | 2014-07-17 | 情報処理装置、情報処理方法及びコンピュータプログラム |
EP14835331.1A EP3029879B1 (en) | 2013-08-05 | 2014-07-17 | Information processing device, information processing method, and computer program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013162282 | 2013-08-05 | ||
JP2013-162282 | 2013-08-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015019821A1 true WO2015019821A1 (ja) | 2015-02-12 |
Family
ID=52461160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/069063 WO2015019821A1 (ja) | 2013-08-05 | 2014-07-17 | 情報処理装置、情報処理方法及びコンピュータプログラム |
Country Status (4)
Country | Link |
---|---|
US (1) | US10447673B2 (ja) |
EP (1) | EP3029879B1 (ja) |
JP (1) | JPWO2015019821A1 (ja) |
WO (1) | WO2015019821A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019096077A (ja) * | 2017-11-22 | 2019-06-20 | キヤノン株式会社 | 情報処理装置、情報処理装置における方法、およびプログラム |
WO2023181871A1 (ja) * | 2022-03-22 | 2023-09-28 | ソニーグループ株式会社 | 情報処理装置および方法、並びに、情報処理システム |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10148646B2 (en) | 2016-07-20 | 2018-12-04 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using tokenized authentication techniques |
US10057255B2 (en) | 2016-07-20 | 2018-08-21 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using multi-device authentication techniques |
US10057249B2 (en) | 2016-07-20 | 2018-08-21 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using tokenized authentication techniques |
JP6918576B2 (ja) * | 2017-05-24 | 2021-08-11 | キヤノン株式会社 | システム、情報処理装置、方法及びプログラム |
CN110740043B (zh) * | 2019-10-21 | 2020-08-07 | 飞天诚信科技股份有限公司 | 一种智能密钥设备及其验证方法 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61296487A (ja) * | 1985-06-25 | 1986-12-27 | Fujitsu Ltd | 複数サ−ビス用icカ−ド |
WO1999022486A1 (de) * | 1997-10-28 | 1999-05-06 | Brokat Infosystems Ag | Verfahren zum digitalen signieren einer nachricht |
WO2002013455A1 (en) * | 2000-08-04 | 2002-02-14 | First Data Corporation | Person-centric account-based digital signature system |
WO2002035764A2 (en) * | 2000-10-24 | 2002-05-02 | It Security Solutions Llc | Process and apparatus for improving the security of digital signatures |
JP2004072185A (ja) * | 2002-08-01 | 2004-03-04 | Shinko Electric Ind Co Ltd | コンピュータシステムおよびコンピュータシステムにおけるユーザ認証方法 |
JP2005127050A (ja) | 2003-10-24 | 2005-05-19 | Denso Corp | スマートエントリーシステム |
WO2008099756A1 (ja) * | 2007-02-07 | 2008-08-21 | Nippon Telegraph And Telephone Corporation | クライアント装置、鍵装置、サービス提供装置、ユーザ認証システム、ユーザ認証方法、プログラム、記録媒体 |
JP2008262363A (ja) * | 2007-04-11 | 2008-10-30 | Fuji Xerox Co Ltd | 情報処理装置及び情報処理プログラム |
JP2012098690A (ja) | 2010-05-31 | 2012-05-24 | Sony Corp | 認証装置、認証方法、プログラム、及び署名生成装置 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6567913B1 (en) | 1998-12-24 | 2003-05-20 | Pitney Bowes Inc. | Selective security level certificate meter |
JP3775791B2 (ja) * | 2002-08-13 | 2006-05-17 | 株式会社エヌ・ティ・ティ・データ | Ic、データ処理システム及びコンピュータプログラム |
JP4653436B2 (ja) | 2004-08-04 | 2011-03-16 | 株式会社リコー | 電子署名付与方法、電子署名付与装置、電子署名付与プログラム、及び記録媒体 |
EP1868025A4 (en) * | 2005-02-22 | 2010-05-12 | Ngk Insulators Ltd | OPTICAL MODULATOR |
MX2010014364A (es) * | 2008-06-30 | 2011-08-12 | Morphotek Inc | Anticuerpos anti-gd2 y metodos y usos relacionados con los mismos. |
CN102456193A (zh) * | 2010-10-28 | 2012-05-16 | 中国银联股份有限公司 | 移动存储设备、基于该设备的数据处理系统和方法 |
JP2015033038A (ja) | 2013-08-05 | 2015-02-16 | ソニー株式会社 | 情報処理装置、情報処理方法及びコンピュータプログラム |
-
2014
- 2014-07-17 JP JP2015530779A patent/JPWO2015019821A1/ja active Pending
- 2014-07-17 US US14/910,500 patent/US10447673B2/en active Active
- 2014-07-17 EP EP14835331.1A patent/EP3029879B1/en not_active Not-in-force
- 2014-07-17 WO PCT/JP2014/069063 patent/WO2015019821A1/ja active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61296487A (ja) * | 1985-06-25 | 1986-12-27 | Fujitsu Ltd | 複数サ−ビス用icカ−ド |
WO1999022486A1 (de) * | 1997-10-28 | 1999-05-06 | Brokat Infosystems Ag | Verfahren zum digitalen signieren einer nachricht |
WO2002013455A1 (en) * | 2000-08-04 | 2002-02-14 | First Data Corporation | Person-centric account-based digital signature system |
WO2002035764A2 (en) * | 2000-10-24 | 2002-05-02 | It Security Solutions Llc | Process and apparatus for improving the security of digital signatures |
JP2004072185A (ja) * | 2002-08-01 | 2004-03-04 | Shinko Electric Ind Co Ltd | コンピュータシステムおよびコンピュータシステムにおけるユーザ認証方法 |
JP2005127050A (ja) | 2003-10-24 | 2005-05-19 | Denso Corp | スマートエントリーシステム |
WO2008099756A1 (ja) * | 2007-02-07 | 2008-08-21 | Nippon Telegraph And Telephone Corporation | クライアント装置、鍵装置、サービス提供装置、ユーザ認証システム、ユーザ認証方法、プログラム、記録媒体 |
JP2008262363A (ja) * | 2007-04-11 | 2008-10-30 | Fuji Xerox Co Ltd | 情報処理装置及び情報処理プログラム |
JP2012098690A (ja) | 2010-05-31 | 2012-05-24 | Sony Corp | 認証装置、認証方法、プログラム、及び署名生成装置 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019096077A (ja) * | 2017-11-22 | 2019-06-20 | キヤノン株式会社 | 情報処理装置、情報処理装置における方法、およびプログラム |
JP7091057B2 (ja) | 2017-11-22 | 2022-06-27 | キヤノン株式会社 | 情報処理装置、情報処理装置における方法、およびプログラム |
WO2023181871A1 (ja) * | 2022-03-22 | 2023-09-28 | ソニーグループ株式会社 | 情報処理装置および方法、並びに、情報処理システム |
Also Published As
Publication number | Publication date |
---|---|
US10447673B2 (en) | 2019-10-15 |
US20160182476A1 (en) | 2016-06-23 |
EP3029879A1 (en) | 2016-06-08 |
JPWO2015019821A1 (ja) | 2017-03-02 |
EP3029879B1 (en) | 2018-07-04 |
EP3029879A4 (en) | 2017-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
EP3061027B1 (en) | Verifying the security of a remote server | |
WO2015019821A1 (ja) | 情報処理装置、情報処理方法及びコンピュータプログラム | |
US11831680B2 (en) | Electronic authentication infrastructure | |
KR101482564B1 (ko) | 신뢰성있는 인증 및 로그온을 위한 방법 및 장치 | |
US10516529B2 (en) | Information processing apparatus and information processing method | |
KR20160097323A (ko) | Nfc 인증 메커니즘 | |
US9807071B2 (en) | Information processing apparatus, information processing system, information processing method and computer program | |
JP2014052588A (ja) | 情報処理装置、情報処理方法及びコンピュータプログラム | |
GB2554082B (en) | User sign-in and authentication without passwords | |
JP7250960B2 (ja) | ユーザのバイオメトリクスを利用したユーザ認証および署名装置、並びにその方法 | |
Varmedal et al. | The offpad: Requirements and usage | |
JP6201835B2 (ja) | 情報処理装置、情報処理方法及びコンピュータプログラム | |
JP2017530636A (ja) | 認証スティック | |
US20240039707A1 (en) | Mobile authenticator for performing a role in user authentication | |
JP2018026141A (ja) | 情報処理装置、情報処理方法及びコンピュータプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14835331 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015530779 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14910500 Country of ref document: US Ref document number: 2014835331 Country of ref document: EP |