WO2021234861A1 - 認証装置、認証方法、及びプログラム - Google Patents

認証装置、認証方法、及びプログラム Download PDF

Info

Publication number
WO2021234861A1
WO2021234861A1 PCT/JP2020/019954 JP2020019954W WO2021234861A1 WO 2021234861 A1 WO2021234861 A1 WO 2021234861A1 JP 2020019954 W JP2020019954 W JP 2020019954W WO 2021234861 A1 WO2021234861 A1 WO 2021234861A1
Authority
WO
WIPO (PCT)
Prior art keywords
challenge
authentication
client terminal
authentication device
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/019954
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
勝 松林
卓麻 小山
靖 岡野
政志 田中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Priority to US17/925,555 priority Critical patent/US12321441B2/en
Priority to PCT/JP2020/019954 priority patent/WO2021234861A1/ja
Priority to JP2022524763A priority patent/JP7452639B2/ja
Publication of WO2021234861A1 publication Critical patent/WO2021234861A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Definitions

  • the present invention relates to challenge-response authentication.
  • challenge response authentication As an authentication method between the server and the client.
  • the server sends a challenge to the client terminal, and the client terminal performs a calculation by combining data such as a password based on the challenge received from the server, and returns the hash value as a response to the server.
  • the server authenticates the client terminal by confirming the hash value received from the client terminal.
  • Challenge-response authentication is used, for example, in an automobile diagnostic communication protocol (UDS: Unified Diagnostic Services) when an ECU (Electronic Control Unit) as a server authenticates a diagnostic tool (Non-Patent Document 1).
  • UDS Unified Diagnostic Services
  • Non-Patent Document 1 for example, as a challenge generation method by the ECU for each manufacturer, (1) a fixed generation method for generating a fixed challenge each time a challenge request is received, and (2) a challenge request. It is possible to select one of two challenge generation methods, which is a random generation method in which a challenge is randomly generated each time a message is received.
  • the present invention has been made in view of the above points, and an object of the present invention is to provide a technique for improving security in challenge-response authentication.
  • an authentication device that authenticates client terminals by the challenge-response authentication method.
  • a receiver that receives a challenge request from the client terminal,
  • a control unit that generates a challenge for the challenge request,
  • a transmission unit that transmits the challenge to the client terminal is provided.
  • the control unit challenges with either a fixed generation method that generates a fixed value challenge or a random generation method that generates a random value challenge according to the state of the authentication device.
  • An authentication device to generate is provided.
  • technology for improving security is provided in challenge-response authentication.
  • FIG. 1 It is a block diagram of the authentication system in embodiment of this invention. It is a sequence diagram for demonstrating the basic operation of an authentication system. It is a figure for demonstrating the attack method in the case of generating a challenge in a fixed manner. It is a figure for demonstrating the attack method in the case of randomly generating a challenge. It is a sequence diagram for demonstrating the operation example of an authentication system. It is a figure for demonstrating a state transition. It is a figure which shows the configuration example of the authentication apparatus. It is a figure which shows the hardware configuration example of an authentication apparatus. It is a figure for demonstrating Example 1. FIG. It is a figure for demonstrating Example 2. FIG.
  • FIG. 1 shows a configuration example of the authentication system according to the present embodiment.
  • the authentication system in the present embodiment has a client terminal 200 and an authentication device 100, and has a configuration in which these are connected to a network 300.
  • the authentication device 100 performs challenge-response authentication to authenticate the client terminal 200.
  • a basic operation example of the authentication system will be described with reference to FIG.
  • the client terminal 200 transmits a challenge request to the authentication device 100.
  • the challenge request is a message requesting the authentication device 100 to send the challenge.
  • the authentication device 100 transmits a challenge to the client terminal 200.
  • the challenge transmitted from the authentication device 100 to the client terminal 200 is a newly generated random value (which may be called a random number) or a fixed value.
  • the fixed value is, for example, a value stored in advance in the authentication device 100. Further, the fixed value may be a value that reuses a value generated as a random value in the past. Reading a fixed value stored in advance in the authentication device 100 and using it as a challenge is included in "generating a challenge".
  • a challenge that is newly generated as a random value each time a challenge is sent is called a random challenge, and a challenge with a fixed value is called a fixed challenge.
  • the selection method of whether to select a random challenge or a fixed challenge will be described later.
  • the client terminal 200 that has received the challenge performs an operation to obtain a hash value using the challenge, generates a response that is the operation result, and transmits the response to the authentication device 100.
  • the authentication device 100 performs the same calculation as the calculation on the client terminal 200 using the challenge, compares the calculation result and the response, and if they match, it is determined that the authentication is successful, and if they do not match, it is determined. It is determined that the authentication has failed, and the authentication result (authentication success or authentication failure) is returned to the client terminal 200.
  • the authentication device 100 If the authentication fails, it is assumed that the client terminal 200 sends the challenge request again. Authentication is performed again based on the challenge request again. However, when the authentication device 100 detects that the authentication failure for the client terminal 200 has occurred continuously more than the allowable number of times N (N is an integer of 0 or more), the authentication device 100 starts from the client terminal 200 for a predetermined time period. Do not return a challenge to the challenge request.
  • a password (or a user ID and a password) may be further used.
  • the client terminal 200 obtains a hash value from the value obtained by concatenating the challenge and the password by using a hash function, and sends the hash value as a response to the authentication device 100.
  • the authentication device 100 uses the password of the client terminal 200 stored in advance to perform the same calculation as the calculation on the client terminal to perform authentication.
  • the authentication device 100 improves security by selecting either a fixed generation method for generating a fixed challenge or a random generation method for generating a random challenge. If it does not have a mechanism to select either the fixed generation method or the random generation method, that is, if either the fixed generation method or the random generation method is used in a fixed manner, it is vulnerable to an attack.
  • an example of an attack in the case where either the fixed generation method or the random generation method is used in a fixed manner will be described.
  • the client terminal 200 executes various Response Attacks and side channel attacks by transmitting various responses to the same fixed challenge to the authentication device 100, and estimates the correct response.
  • a correct response is estimated for the fixed challenge of S22, and authentication is successful. That is, the authentication is illegally broken. Especially when the permissible number of times N is large, the risk to this attack increases.
  • the client terminal 200 which is an attacker, knows the response R to a certain challenge C.
  • the client terminal 200 repeats only the challenge request until the challenge C (target challenge) is obtained (S31, S41), and responds to the response R when the challenge C is acquired in S42 (S43). As a result, the authentication is illegally broken.
  • the client terminal 200 does not return a response until Challenge C is transmitted from the authentication device 100, so authentication never fails. Therefore, even if the permissible number of times N is small, the attack is established.
  • the authentication device 100 switches the challenge generation method (fixed generation method or random generation method) at an appropriate timing according to the state of the authentication device 100.
  • the authentication device 100 generates the first challenge and the first challenge after receiving the response that causes authentication failure by a random generation method, and generates challenges other than these by a fixed generation method.
  • the challenge request is first received from the client terminal 200.
  • the authentication device 100 When in the state, the authentication device 100 generates a challenge by a random generation method, and the authentication device 100 receives a second challenge request or a second and subsequent challenge requests from the client terminal 200 before receiving the response. If it is in the above state, generate a challenge by the fixed generation method.
  • the client terminal 200 transmits a challenge request to the authentication device 100.
  • the authentication device 100 generates a random challenge and transmits the random challenge to the client terminal 200.
  • the client terminal 200 attempts to perform the attack described in FIG.
  • the client terminal 200 transmits a challenge request to the authentication device 100.
  • the authentication device 100 generates a fixed challenge and transmits the fixed challenge to the client terminal 200.
  • the client terminal 200 transmits a challenge request to the authentication device 100.
  • the authentication device 100 generates a fixed challenge and transmits the fixed challenge to the client terminal 200.
  • the client terminal 200 recognizes that it receives a fixed challenge, so it is assumed that the client terminal 200 attempts to perform the attack described in FIG.
  • the client terminal 200 transmits a response to the authentication device 100.
  • the authentication device 100 transmits an authentication result (authentication failure) to the client terminal 200.
  • the client terminal 200 transmits a challenge request to the authentication device 100.
  • the authentication device 100 generates a random challenge and transmits the random challenge to the client terminal 200. As a result, even if the attack described with reference to FIG. 3 is attempted, it cannot be performed.
  • the authentication device 100 randomly generates a challenge after receiving a response (authentication failure), so that the above problem can be solved. Therefore, it is possible to provide challenge-response authentication that is strong against attacks such as estimating the response by brute force attack or side channel attack.
  • the random generation method was used in a fixed manner, as explained with reference to FIG. 4, it was a problem that only the challenge request could be repeated until the desired challenge was obtained.
  • the authentication device 100 transmits the same fixed challenge, so that the above problem can be solved. Therefore, it is possible to provide challenge-response authentication that is resistant to attacks by knowing the response to a specific challenge.
  • S 0 is a state in which a challenge has not been generated and a response is not accepted.
  • the challenge generation method is random generation.
  • S 1 is a state in which no response is accepted, and the authentication device 100 randomly generates a challenge.
  • S 2 when the generation of the challenge by the authentication device 100 is completed, the state transitions to S 2.
  • the authentication device 100 transmits the generated challenge, a state of the response wait.
  • Challenge generating method is fixed generator, the authentication device 100, in the state of S 2, each time it receives the challenge request and sends a fixed challenge.
  • State of S 4 is a challenge request wait state, a state that does not accept the response.
  • the challenge generation method is fixed generation.
  • the authentication device 100 receives the challenge request, the state transitions to S 1.
  • State of S 3 is a state that does not return a challenge, is a state that does not accept the response.
  • the challenge generation method is fixed generation.
  • FIG. 7 shows a configuration example of the authentication device 100 according to the present embodiment.
  • the authentication device 100 in the present embodiment includes a transmission unit 110, a reception unit 120, a control unit 130, and a data storage unit 140.
  • the transmission unit 110 transmits a challenge to the client terminal 200. Further, the transmission unit 110 transmits the authentication result to the client terminal 200.
  • the receiving unit 120 receives the challenge request from the client terminal 200. Further, the receiving unit 120 receives a response from the client terminal 200.
  • the data storage unit 140 stores data used for processing, such as a fixed challenge, an allowable number of times, and a predetermined time length.
  • the control unit 130 executes a random challenge generation, an authentication calculation, an authentication process, and the like. Further, the control unit 130 reads out and uses the data stored in the data storage unit 140 to execute the state transition control described with reference to FIG.
  • the client terminal 200 may be any device as long as it has an existing challenge-response authentication client function.
  • the authentication device 100 in the present embodiment can be realized by, for example, causing a computer to execute a program describing the processing contents described in the present embodiment.
  • the "computer” may be a physical machine or a virtual machine on the cloud.
  • the "hardware” described here is virtual hardware.
  • the above program can be recorded on a computer-readable recording medium (portable memory, etc.), saved, and distributed. It is also possible to provide the above program through a network such as the Internet or e-mail.
  • FIG. 8 is a diagram showing an example of the hardware configuration of the above computer.
  • the computer of FIG. 8 has a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, and the like, which are connected to each other by a bus BS, respectively.
  • the program that realizes the processing on the computer is provided by, for example, a recording medium 1001 such as a CD-ROM or a memory card.
  • a recording medium 1001 such as a CD-ROM or a memory card.
  • the program is installed in the auxiliary storage device 1002 from the recording medium 1001 via the drive device 1000.
  • the program does not necessarily have to be installed from the recording medium 1001, and may be downloaded from another computer via the network.
  • the auxiliary storage device 1002 stores the installed program and also stores necessary files, data, and the like.
  • the memory device 1003 reads and stores the program from the auxiliary storage device 1002 when there is an instruction to start the program.
  • the CPU 1004 realizes the function related to the authentication device 100 according to the program stored in the memory device 1003.
  • the interface device 1005 is used as an interface for connecting to a network.
  • the display device 1006 displays a GUI (Graphical User Interface) or the like by a program.
  • the input device 1007 is composed of a keyboard, a mouse, buttons, a touch panel, and the like, and is used for inputting various operation instructions.
  • the output device 1008 outputs the calculation result.
  • the first embodiment is an example of applying the authentication device 100 to the challenge response authentication defined by UDS (Unified Diagnosis Services).
  • UDS is an application-level protocol for diagnosing in-vehicle ECUs, updating software, changing settings, and so on.
  • the ECU authenticates the diagnostic tool by the challenge response authentication specified by UDS, and the ECU approves that the diagnostic tool performs diagnosis and setting change to the ECU. ..
  • Example 1 the technique according to the present invention is applied to this certification. That is, it is possible to perform the authentication described with reference to FIGS. 5 and 6 without changing the UDS protocol by dynamically switching the challenge generation method from the application running on UDS.
  • FIG. 9 shows an example of the system configuration of the first embodiment.
  • the ECU 400 is mounted on the vehicle 500, the ECU 400 is connected to the diagnostic tool 600 by a connector such as OBD2, and communication is performed between the ECU 400 and the diagnostic tool 600.
  • a connector such as OBD2
  • the ECU 400 includes the function of the authentication device 100, and the diagnostic tool 600 includes the function of the client terminal 200.
  • the ECU 400 authenticates the diagnostic tool 600 by the same authentication method as the authentication method by the authentication device 100 described so far.
  • the second embodiment is an example in which the authentication device 100 is applied to CHAP (Challenge Handshake Authentication Protocol) authentication.
  • CHAP authentication is an authentication method commonly used for remote access.
  • FIG. 10 shows an example of the system configuration of the second embodiment. As shown in FIG. 10, this system has a configuration in which a server 700 corresponding to a remote access server and a client terminal 900 that executes remote access are connected by a network 800.
  • the server 700 includes the function of the authentication device 100, and the client terminal 900 includes the function of the client terminal 200.
  • the server 700 authenticates the client terminal 200 by the same authentication method as the authentication method by the authentication device 100 described so far.
  • CHAP authentication when the client terminal 900 sends a user name to the server 700, the server 700 generates a random number key (challenge) based on the user name and sends it back to the client terminal 900.
  • the client terminal 900 uses the key to encrypt the password and sends it back to the server 700.
  • the encrypted password corresponds to the response.
  • the server 700 compares the received encrypted password with the encrypted password generated from the password held by the server 700 itself, and if these match, it is determined that the authentication is successful, and the client terminal 900 determines that the authentication is successful. Allow login.
  • the authentication device 100 makes it possible to improve security in challenge-response authentication.
  • This specification describes at least the authentication device, the authentication method, and the program described in each of the following items.
  • (Section 1) It is an authentication device that authenticates client terminals using the challenge-response authentication method.
  • a receiver that receives a challenge request from the client terminal,
  • a control unit that generates a challenge for the challenge request,
  • a transmission unit that transmits the challenge to the client terminal is provided.
  • the control unit challenges with either a fixed generation method that generates a fixed value challenge or a random generation method that generates a random value challenge according to the state of the authentication device.
  • Authentication device to generate.
  • the authentication device is in a state where the challenge request is first received from the client terminal, or the authentication device is in a state where the challenge request is first received from the client terminal after receiving a response that causes authentication failure. If there is, the authentication device according to the first item, wherein the control unit generates a challenge by the random generation method. (Section 3) If the authentication device is in a state of receiving the second challenge request or the second and subsequent challenge requests from the client terminal before receiving the response, the control unit generates a challenge by the fixed generation method.
  • a challenge is created by either a fixed generation method that generates a fixed value challenge or a random generation method that generates a random value challenge according to the state of the authentication device.
  • the authentication method to generate (Section 6) A program for making a computer function as each part in the authentication device according to any one of the items 1 to 4.
  • Authentication device 110 Transmission unit 120 Reception unit 130 Control unit 140 Data storage unit 200, 900 Client terminal 300, 800 Network 400 ECU 500 Vehicle 600 Diagnostic Tool 700 Server 1000 Drive Device 1001 Recording Medium 1002 Auxiliary Storage Device 1003 Memory Device 1004 CPU 1005 Interface device 1006 Display device 1007 Input device 1008 Output device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PCT/JP2020/019954 2020-05-20 2020-05-20 認証装置、認証方法、及びプログラム Ceased WO2021234861A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US17/925,555 US12321441B2 (en) 2020-05-20 2020-05-20 Authentication apparatus, authentication method and program for generating a challenge in accordance with a state of challenge-response authentication with a client terminal
PCT/JP2020/019954 WO2021234861A1 (ja) 2020-05-20 2020-05-20 認証装置、認証方法、及びプログラム
JP2022524763A JP7452639B2 (ja) 2020-05-20 2020-05-20 認証装置、認証方法、及びプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/019954 WO2021234861A1 (ja) 2020-05-20 2020-05-20 認証装置、認証方法、及びプログラム

Publications (1)

Publication Number Publication Date
WO2021234861A1 true WO2021234861A1 (ja) 2021-11-25

Family

ID=78708303

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/019954 Ceased WO2021234861A1 (ja) 2020-05-20 2020-05-20 認証装置、認証方法、及びプログラム

Country Status (3)

Country Link
US (1) US12321441B2 (https=)
JP (1) JP7452639B2 (https=)
WO (1) WO2021234861A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679293A (zh) * 2021-06-15 2022-06-28 腾讯云计算(北京)有限责任公司 基于零信任安全的访问控制方法、设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002026898A (ja) * 2000-07-11 2002-01-25 Matsushita Electric Ind Co Ltd セキュリティホールとならないテスト方法を有する暗号処理装置
US20070157300A1 (en) * 2005-12-29 2007-07-05 Samsung Electronics Co., Ltd. Method and apparatus to protect server from DOS attack
WO2019026833A1 (ja) * 2017-08-04 2019-02-07 日本電産株式会社 認証システム、当該認証システムにおいて用いられる電子機器および認証方法

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7882361B2 (en) * 2004-02-05 2011-02-01 Oracle America, Inc. Method and system for accepting a pass code
US7512794B2 (en) * 2004-02-24 2009-03-31 Intersil Americas Inc. System and method for authentication
US8156333B2 (en) * 2008-05-29 2012-04-10 Red Hat, Inc. Username based authentication security
US8667280B2 (en) * 2010-02-24 2014-03-04 Ca, Inc. Method and apparatus for applying a partial password in a multi-factor authentication scheme
US8832825B2 (en) * 2012-11-29 2014-09-09 GM Global Technology Operations LLC Challenge-response methodology for securing vehicle diagnostic services
US10623401B1 (en) * 2017-01-06 2020-04-14 Allstate Insurance Company User authentication based on telematics information
US11138302B2 (en) * 2019-02-27 2021-10-05 International Business Machines Corporation Access control using multi-authentication factors

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002026898A (ja) * 2000-07-11 2002-01-25 Matsushita Electric Ind Co Ltd セキュリティホールとならないテスト方法を有する暗号処理装置
US20070157300A1 (en) * 2005-12-29 2007-07-05 Samsung Electronics Co., Ltd. Method and apparatus to protect server from DOS attack
WO2019026833A1 (ja) * 2017-08-04 2019-02-07 日本電産株式会社 認証システム、当該認証システムにおいて用いられる電子機器および認証方法

Also Published As

Publication number Publication date
US12321441B2 (en) 2025-06-03
US20230205863A1 (en) 2023-06-29
JPWO2021234861A1 (https=) 2021-11-25
JP7452639B2 (ja) 2024-03-19

Similar Documents

Publication Publication Date Title
CN109088889B (zh) 一种ssl加解密方法、系统及计算机可读存储介质
US7886346B2 (en) Flexible and adjustable authentication in cyberspace
EP2078260B1 (en) Detecting stolen authentication cookie attacks
US8627493B1 (en) Single sign-on for network applications
US20110264913A1 (en) Method and apparatus for interworking with single sign-on authentication architecture
US8495710B2 (en) Port tapping for secure access
CN109413076B (zh) 域名解析方法及装置
US8191122B2 (en) Provisioning a network appliance
WO2018010146A1 (zh) 一种虚拟网络计算认证中应答的方法、装置、系统和代理服务器
WO2007149483A2 (en) Computer system authentication using security indicator
US12088737B2 (en) Method to establish an application level SSL certificate hierarchy between master node and capacity nodes based on hardware level certificate hierarchy
JP4608929B2 (ja) 認証システム、サーバ用認証プログラム、およびクライアント用認証プログラム
CN113761509B (zh) iframe验证登录方法及装置
CN115473655B (zh) 接入网络的终端认证方法、装置及存储介质
CN109587180B (zh) 一种建立连接的方法、客户端及服务器
EP4482079A1 (en) Identity authentication using time-based one-time password algorithm
WO2021234861A1 (ja) 認証装置、認証方法、及びプログラム
CN106802832B (zh) Jenkins节点状态管理方法及装置
CN117336092A (zh) 一种客户端登录方法、装置、电子设备和存储介质
KR101737925B1 (ko) 도전-응답 기반의 사용자 인증 방법 및 시스템
CN119382888B (zh) 用户认证方法、智能业务系统、设备、介质及程序
JP4543789B2 (ja) トランザクションに基づく証明書検証情報管理方法
US20240283794A1 (en) Digest Access Authentication for a Client Device
CN117077114A (zh) 一种内核层与应用层的通信优化方法、装置、设备及介质
US20230129128A1 (en) Secure and documented key access by an application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20936369

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022524763

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20936369

Country of ref document: EP

Kind code of ref document: A1

WWG Wipo information: grant in national office

Ref document number: 17925555

Country of ref document: US