WO2024057538A1 - サーバ、認証システム、認証方法及びプログラム - Google Patents

サーバ、認証システム、認証方法及びプログラム Download PDF

Info

Publication number
WO2024057538A1
WO2024057538A1 PCT/JP2022/034780 JP2022034780W WO2024057538A1 WO 2024057538 A1 WO2024057538 A1 WO 2024057538A1 JP 2022034780 W JP2022034780 W JP 2022034780W WO 2024057538 A1 WO2024057538 A1 WO 2024057538A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
key
feature amount
similarity
encrypted
Prior art date
Application number
PCT/JP2022/034780
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
寿幸 一色
春菜 福田
健吾 森
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/034780 priority Critical patent/WO2024057538A1/ja
Priority to JP2024546669A priority patent/JPWO2024057538A1/ja
Publication of WO2024057538A1 publication Critical patent/WO2024057538A1/ja

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a server, an authentication system, an authentication method, and a program.
  • SaaS Software as a Service
  • a terminal device and an Internet environment are available, and if multiple accounts are provided, services can be provided to multiple users. Due to such ease and centralization, various services have been provided.
  • SaaS allows multiple people to receive services using application software by creating accounts and accessing a server via the Internet.
  • users exist across organizations such as companies and departments. In this case, ensuring security between each account becomes a problem.
  • it is necessary to strictly manage passwords and IDs during account authentication.
  • biometric authentication instead of IDs and passwords to prevent unauthorized access.
  • biometric features are leaked, other services that use the leaked biometrics can be accessed, so the so-called template used for biometric authentication and the biometrics obtained during authentication Care must be taken when handling the feature values, etc.
  • the data such as the biometric template and the features obtained during authentication will be handed over to the service provider when registering an account, which poses security issues. will occur.
  • the feature values are not encrypted, it will be possible for the service operator to identify who has authenticated to which service, which creates a need to consider privacy issues.
  • the identification IDs of users in the list included in the matching query information are encrypted using a common key encryption method, and the list in which the identification IDs are arranged according to priority is sent to the service provider's server. It is encrypted in two steps: using the public key of Then, the matching results are processed using the processing information included in the query and then sent to the relay computer, so if it is introduced into an authentication service, the processing speed will be an issue. .
  • the relay computer since the relay computer generates the encryption key using a common key encryption method, it is necessary to deliver the private key to use it on the user's terminal, which poses a security risk.
  • the impact is likely to be severe in situations where a large number of terminals use the private key, such as in an authentication service.
  • an object of the present invention is to provide a server, an authentication system, an authentication method, and a program that contribute to ensuring high-speed processing, high security, and privacy in authentication services.
  • a storage section that stores an encrypted first feature amount, an acquisition section that is accepted by a terminal and obtains an encrypted second feature amount; a calculation unit that calculates a degree of similarity based on the first feature amount and the second feature amount; and a calculation unit that converts the degree of similarity into a format that can be decoded by another server and transmits it to the other server.
  • a server having a conversion transmitter is provided.
  • a storage unit that stores an encrypted first feature quantity; an acquisition unit that is accepted by a terminal and obtains an encrypted second feature quantity; a calculation unit that calculates a degree of similarity based on the first feature amount and the second feature amount; and a calculation unit that converts the degree of similarity into a format that can be decoded by another server and transmits it to the other server.
  • the acquisition unit acquires a user ID that identifies a user in association with a first feature
  • the calculation unit acquires a user ID that identifies a user in association with a first feature
  • the conversion and transmission unit calculates the degree of similarity in an encrypted state based on the above, and the conversion and transmission unit associates the degree of similarity with the user ID and transmits the degree of similarity to another server. and the other server that decrypts the information and obtains one user ID based on the similarity and a predetermined criterion.
  • the computer stores the encrypted first feature amount, and the computer obtains the encrypted second feature amount accepted by the terminal. a step in which the computer calculates a degree of similarity based on the first feature amount and the second feature amount; and a step in which the computer converts the degree of similarity into a format that can be decoded by another server. and transmitting the information to the other server.
  • the process of storing the encrypted first feature quantity the process of acquiring the encrypted second feature quantity accepted by the terminal, and the process of storing the encrypted first feature quantity; a process of calculating a degree of similarity based on the first feature amount and the second feature amount; a process of converting the degree of similarity into a format that can be decoded by another server and transmitting it to the other server;
  • a program for causing a computer to execute is provided.
  • the present invention provides a server, an authentication system, an authentication method, and a program that contribute to ensuring high-speed processing, high security, and privacy in authentication services. .
  • FIG. 1 is a block diagram showing an example of the configuration of a server according to an embodiment.
  • FIG. 2 is a schematic diagram showing an overview of server processing according to the first embodiment.
  • FIG. 2 is a block diagram showing an example of the configuration of a server according to the first embodiment.
  • FIG. 2 is a flowchart showing the operation of the server (key generation and storage of registered feature amounts) according to the first embodiment.
  • FIG. 2 is a flowchart showing the operation (verification process) of the server according to the first embodiment.
  • FIG. 2 is a schematic diagram showing the hardware configuration of a server according to the first embodiment.
  • FIG. 2 is a block diagram illustrating an example of the configuration of a server according to a second embodiment.
  • FIG. 7 is a sequence diagram illustrating an example of the operation (key generation) of the server according to the second embodiment.
  • FIG. 7 is a sequence diagram illustrating an example of the operation (registration of feature amounts) of the server according to the second embodiment.
  • FIG. 7 is a sequence diagram illustrating an example of the operation (verification) of the server according to the second embodiment.
  • FIG. 7 is a sequence diagram showing an example of another operation (key generation) of the server according to the second embodiment.
  • FIG. 7 is a sequence diagram showing an example of another operation (verification) of the server according to the second embodiment.
  • connection lines between blocks in each figure include both bidirectional and unidirectional connections.
  • the unidirectional arrows schematically indicate the main signal (data) flow, and do not exclude bidirectionality.
  • an input port and an output port are present at the input end and output end of each connection line, respectively. The same applies to the input/output interface.
  • FIG. 1 is a block diagram showing an example of the configuration of a server according to an embodiment.
  • the server 10 according to one embodiment includes a storage section 11, an acquisition section 12, a calculation section 13, and a conversion transmission section 14.
  • the storage unit 11 stores the encrypted first feature amount.
  • the acquisition unit 12 acquires the encrypted second feature amount accepted by the terminal.
  • the calculation unit 13 calculates the degree of similarity based on the first feature amount and the second feature amount.
  • the conversion transmitting unit 14 converts the similarity into a format that can be decoded by another server and transmits it to the other server.
  • the degree of similarity is calculated between a first feature amount, which is a so-called template, and a second feature amount, which is acquired from a terminal and is authentication query information for attempting authentication.
  • a first feature amount which is a so-called template
  • a second feature amount which is acquired from a terminal and is authentication query information for attempting authentication.
  • new encryption can be performed by converting the calculated similarity into a feature encrypted with a key that can be decrypted with a private key that exists on another server that provides the service. Therefore, it is possible to perform the authentication process while keeping the first and second feature amounts secret.
  • FIG. 2 is a schematic diagram showing an overview of server processing according to the first embodiment.
  • a server 10 that performs authentication processing
  • a server 21 that provides service A
  • a server 22 that provides service B.
  • the server 10 provides authentication services as SaaS.
  • the server 10 stores encrypted feature amounts for authentication that are registered in advance. Note that although FIG. 2 is an example in which two services A and B exist for one authentication SaaS, the number of services is not limited to two.
  • a user 23 who intends to use service A inputs biometric information at the terminal 24. For example, with facial recognition, the person faces the camera and inputs the image into the device. Features of the input video are extracted and encrypted at the terminal. The encrypted feature quantity is sent to the server 10, which is an authentication server, together with the service ID "A" as an authentication query.
  • the server 10 calculates the degree of similarity with the registered feature amounts. Calculation is performed between the registered feature amount and the feature amount of the authentication query, but both are homomorphically encrypted, so calculation can be performed with them encrypted.
  • the encryption similarity D1 which is the calculation result, is encrypted with the key of the authentication service.
  • the authentication service key is converted to the service A key using the proxy re-encryption method.
  • the converted Enc(D 1 ) is sent to the server 21 of service A and decoded on the server 21.
  • the server 21 It is determined on the server 21 whether the decrypted D1 is within a predetermined value range, that is, an acceptance range. If it is within the acceptance range, an OK message is sent to the terminal 24 and service A is permitted. If it is outside the acceptance range, an NG message is sent and the series of authentication processes ends.
  • the user 25 who is attempting to use service B also performs similar processing.
  • the difference is that the service ID “B” is sent to the server 10 as an authentication query, and the encryption similarity Enc (D 2 ) converted from the authentication service key to the service B key by the server 10 is sent to the server 22. This is the point where it is sent.
  • FIG. 3 is a block diagram showing an example of the configuration of the server 10 according to this embodiment.
  • the server 10 according to the first embodiment includes a storage section 11, an acquisition section 12, a calculation section 13, a conversion transmission section 14, a key generation section 15, and a conversion key acquisition section 16. and has.
  • the storage unit 11 stores the encrypted first feature amount.
  • Various methods can be used for "encryption”.
  • the server of this embodiment uses a public key cryptosystem, a common key cryptosystem may also be used. However, it is necessary to distribute the private key, which poses a security problem, so it is desirable to use public key cryptography.
  • the "first feature quantity" is a so-called template for reference of biometric information, and exists at least as many as the number of users registered in advance.
  • the storage unit 11 may hold a user ID (of each service) that identifies the user in association with the encrypted first feature amount.
  • the acquisition unit 12 acquires the second feature quantity that is received and encrypted by the terminal.
  • the second feature amount is included in an authentication query that attempts authentication.
  • the encryption must be performed using at least the same key as the first feature amount.
  • Biometric information is acquired at the terminal, and feature amounts are extracted based on the biometric information.
  • the extracted feature amount is encrypted and sent to the server 10.
  • the feature amount is received by the server 10 and sent to the calculation unit 13 while being encrypted.
  • the calculation unit 13 calculates the degree of similarity based on the first feature amount and the second feature amount.
  • the distance between the first feature vector and the second feature vector is used as the similarity.
  • various similarity measures such as Euclidean distance, Hamming distance, cos similarity, and the square of Euclidean distance can be employed.
  • homomorphic encryption In the present embodiment, homomorphic encryption, homomorphic operation, and the like are used, as examples, in order to match the feature amounts while they are encrypted.
  • an encryption method called Somewhat homomorphic encryption has homomorphism regarding an arbitrary number of additions and a finite number of multiplications (given the ciphertexts Enc(m 1 ) and Enc(m 2 ) of the plaintexts m 1 and m 2
  • " ⁇ " is a binary operation, such as addition "+” or multiplication "x”. Since it is a homomorphic encryption having a binary operation, it can be applied to similarity calculation, etc., which is a matching means in the calculation unit 13.
  • the conversion transmission unit 14 converts the similarity into a format that can be decoded by another server and transmits it to the other server.
  • the first feature amount and the second feature amount are encrypted using a key generated by the server 10, which is an authentication server. This is converted into a decryptable key by the server providing each service, and sent to the server of each service.
  • Proxy re-encryption is a technology that can convert the ciphertext of the first key into the ciphertext of the second key without obtaining plaintext information.
  • it is used to convert the public key of the server 10 into a public key generated by the server providing each service without decrypting it.
  • a conversion key is generated.
  • pk2 is the public key of the ciphertext to be converted
  • sk1 is the private key of the ciphertext to be converted.
  • the key generation unit 15 generates a pair of private key and public key.
  • the generated public key is distributed to each terminal receiving the service.
  • the first feature amount is encrypted at the time of template registration, and the second feature amount is encrypted using the public key generated at the time of authentication.
  • Proxy re-encryption technology includes a method in which the conversion key can be converted in one direction as described above, as well as a method in which the conversion key can be converted in both directions.
  • the server 10 may have the acquisition unit 12 acquire a user ID that identifies the user, such as a user ID of a service currently provided by another server, in association with the second feature amount.
  • the conversion transmitting unit 14 may also associate the calculated degree of similarity with the user ID and transmit it to another server.
  • FIG. 4 is an explanation of an example of the operation of generating a key and storing a registered feature amount
  • FIG. 5 is an explanation of an example of the operation at the time of verification.
  • a pair of private key and public key is generated in the server 10 (step S101).
  • the public key is distributed to each terminal (step S102).
  • the server 10 acquires the private key and the public key (or private key) generated by another server serving as a server for each service, and generates and acquires a conversion key (step S103).
  • each terminal acquires and encrypts the first feature amount (step S104).
  • the acquired first feature quantity is stored in the storage area of the server 10 (step S105).
  • the server 10 acquires the second feature amount from the terminal (step S201). Next, a degree of similarity is calculated based on the first feature amount and the second feature amount (step S202). Next, the similarity is converted into a format that can be decoded by other servers. When the conversion is completed, the encrypted similarity is transmitted to other servers serving as servers for each service (S204).
  • the server 10 of this embodiment can be executed by an information processing device (computer) and has a configuration illustrated in FIG. 6 .
  • the server 10 includes a CPU (Central Processing Unit) 301, a memory 302, an input/output interface 303, a NIC (Network Interface Card) 304 serving as a communication means, etc., which are interconnected by an internal bus 305.
  • the server 10 may include hardware that is not shown, and may not include the input/output interface 303 if necessary. Furthermore, the number of CPUs included in these devices is not limited to the example shown in FIG. 6; for example, a plurality of CPUs may be included in the server 10.
  • the memory 302 is a RAM (Random Access Memory), a ROM (Read Only Memory), or an auxiliary storage device (hard disk, etc.).
  • the input/output interface 303 is a means that serves as an interface for a display device or an input device (not shown).
  • the display device is, for example, a liquid crystal display.
  • the input device is, for example, a camera or sensor that receives biometric information, or a device that receives user operations such as a keyboard or mouse.
  • the functions of the server 10 include a group of programs (processing modules) such as a storage program, an acquisition program, a calculation program, a conversion transmission program, a key generation program, a conversion key acquisition program, etc. stored in the memory 302, and the programs used by each program.
  • This is realized by a data group such as parameters.
  • the processing module is realized, for example, by the CPU 301 executing each program stored in the memory 302. Further, the program can be updated via a network or by using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip. That is, any means for executing the functions performed by the processing module using some hardware and/or software is sufficient.
  • the key generation program is called from the memory 302, and the CPU 301 enters the execution state.
  • the program generates a set of public key and private key of the server 10 that provides authentication SaaS, and stores it in the memory 302.
  • a conversion key acquisition program is called from the memory 302 and is put into execution by the CPU 301.
  • the program receives the public key (or private key) of the server from another server that provides each service via the NIC 304, and uses it together with the private key of the server 10 to generate a conversion key.
  • the generated conversion key is temporarily stored in memory 302.
  • a stored program is called from the memory 302, and the CPU 301 enters an execution state.
  • the program receives the encrypted first feature amount, which is the feature amount of the authentication query, from the user terminal via the NIC 304 and stores it in the memory 302.
  • the acquisition program is called from the memory 302 in the server 10 and is put into execution state in the CPU 301.
  • the program receives the second feature amount of the biometric information acquired by the user terminal via the NIC 304 in an encrypted state.
  • the calculation program is called from the memory 302, and the CPU 301 enters the execution state.
  • the program calculates the degree of similarity between the first feature stored in the memory 302 and the obtained second feature without decoding the two features while they are encrypted.
  • the conversion and transmission program is called from the memory 302 and put into execution by the CPU 301.
  • the program reads the conversion key temporarily stored in the memory 302 and the calculated similarity, and converts the public key of the server 10 that encrypts the calculated similarity into the public key generated by the server of each service. Convert to key.
  • the converted encryption similarity is sent via the NIC 304 to other servers serving as servers for each service by the same program.
  • the transmitted encrypted similarity after conversion is decrypted on another server using its own private key, and the other server executes a process to determine whether it is within the acceptance range.
  • the server 10 of this embodiment when the authentication service based on biometric information is SaaS, the authentication process can be executed while keeping it secret from the SaaS provider, and high security and privacy protection can be achieved. Furthermore, by converting the key that encrypts the encryption similarity using the conversion key, it is possible to realize high-speed authentication processing.
  • the authentication system of this embodiment is based on the authentication server of the first embodiment, and further decrypts the similarity encrypted by another server and determines whether it is within the acceptance range.
  • This is an authentication system that can authenticate services provided by .
  • FIG. 7 is a block diagram showing the configuration of an authentication system according to the second embodiment.
  • the server of this embodiment includes another server group 20 and a server 10.
  • the configuration of the server 10 is the same as described above, and includes a storage section 11, an acquisition section 12, a calculation section 13, a conversion transmission section 14, a key generation section 15, and a conversion key acquisition section 16.
  • the plurality of other server groups 20 are configured such that at least one server is assigned to each service (services A to X).
  • the configuration of the server 10 has already been explained above, so a description thereof will be omitted.
  • the other server group 20 obtains the encrypted similarity from the server 10 and decrypts it. As a result of decoding, if the degree of similarity is within a predetermined acceptance range, a message indicating that authentication is OK is notified to the terminal. On the other hand, if the degree of similarity is a value outside the predetermined acceptance range, an authentication NG message is notified to the terminal.
  • the other server group 20 may identify the user based on the degree of similarity and predetermined criteria. You may also obtain an ID. For example, a process may be performed to obtain the user ID associated with the feature with the highest degree of similarity. The user ID obtained here may be used as a login ID for a service being executed on another server 20.
  • the other server group 20 may be configured to acquire payment information including the user ID based on the authentication result, transmit the payment information to the payment server, and receive payment result information from the payment server.
  • FIG. 8 to 10 are sequence diagrams showing an example of the operation of the server according to the second embodiment.
  • FIG. 8 shows an example of the operation when generating a key
  • FIG. 9 shows an example of the operation when registering the first feature amount
  • FIG. 10 shows an example of the operation when comparing the second feature amount and the first feature amount.
  • the server 10 and other servers 20 corresponding to service A share public key and private key pairs (pk A , sk A ) and (pk S , sk S ). are generated respectively (steps S401 and S402).
  • the public key pk A (or sk A ) is sent from the other server 20 to the server 10 .
  • a conversion key rk S ⁇ A is generated using the private key sk S and the received public key pk A (step S403).
  • the generated public key pk_S of the server 10 is sent to the user terminal 1. Note that if no more services are added, that is, the number of other servers 20 does not increase, the private key skS may be deleted (step S404).
  • the public key of the server 10 is sent to the user terminal 1 of service A (reprinted).
  • the user terminal 1 of the service A acquires the biometric feature x 1 of the user 1.
  • the obtained x1 is encrypted using the sent public key of the server 10 (step S405).
  • the encrypted data is sent to the server 10 as a first feature amount.
  • the user ID of user 1 may be associated and sent. This operation is repeated as many times as there are users.
  • the service ID "SID(A)" is sent from another server 20.
  • the user terminal 1 acquires the biometric feature amount y1 of the user 1 who is about to be authenticated.
  • y1 is encrypted using the public key pkS sent from the server 10 (step S406).
  • the encrypted feature quantity y1 is sent to the server 10 as a second feature quantity together with the service ID: SID(A).
  • the server 10 calculates the degree of similarity between the first feature amount and the second feature amount (step S407). Since the calculated Enc(pk S , D(x 1 , y 1 )) is encrypted with the public key pk S of the server 10, the other server 20 can decrypt it with its own private key sk S.
  • step S408 Key conversion is performed using conversion key rk S ⁇ A (step S408).
  • step S409 the encrypted similarity Enc (pk A , D (x 1 , y 1 )) is sent from the server 10 to the other server 20, and decryption processing is performed (step S409). It is determined whether the decoded D has a value within a predetermined range (step S410). Depending on the result, the other server 20 notifies the user terminal of an OK or NG message.
  • Figures 11 and 12 illustrate the operation of the system when using endpoints.
  • An "endpoint” refers to a device that can receive authentication services, such as a terminal installed at a convenience store.
  • the endpoint of service A generates the key instead of the user's terminal.
  • a public key/private key pair (pk ⁇ , sk ⁇ ) of endpoint ⁇ is generated (step S501). Further, a set of public key and private key is generated for both the other servers 20 and 10 (steps S502 and S503).
  • a conversion key rk S ⁇ A is generated on the server 10 (step S504).
  • the endpoint ⁇ receives the public key pk S (or sk S ) from the server 10 and generates a conversion key rk ⁇ S (step S505). Note that the secret key sk ⁇ may be deleted after the conversion key is generated (step S506).
  • the user's terminal When registering a template, the user's terminal can be used to transmit encrypted biometric information of the user as the first feature amount to the server 10 and store it. In this case, the operation is the same as that in FIG. 9, so the explanation will be omitted.
  • the endpoint ⁇ acquires the biometric information of the user performing authentication, extracts the feature quantity y1 , and encrypts it with its own public key pk ⁇ (step S507).
  • the encrypted authentication query data is sent to the server 10 along with the service ID: SID (A) and the endpoint ID: EID ( ⁇ ).
  • the server 10 first, the encrypted second feature Enc (pk ⁇ , y 1 ) is converted to Enc (pk S , y 1 ) for comparison with the first feature using the conversion key rk ⁇ S . ) (step S508). Then, the degree of similarity with the registered first feature amount is calculated (step S509).
  • the key is again converted from pks to pk A so that it can be decrypted with the key of another server 20 (step S510).
  • the similarity is decoded in another server 20 (step S511), and a determination is made as to whether it is within the acceptance range (step S512). The result of the determination is notified to the endpoint ⁇ .
  • the first feature amount is encrypted and registered in the server 10 by the user terminal.
  • the second feature amount which is the authentication query, is similarly encrypted, and the server 10 calculates the degree of similarity while it remains encrypted.
  • the server 10 calculates the degree of similarity while it remains encrypted.
  • the calculation unit is the server according to Supplementary note 1, which calculates the degree of similarity based on the first feature amount and the second feature amount, each of which is encrypted.
  • a key generation unit that generates a set of a private key and a public key, and a conversion key acquisition unit that acquires a conversion key from the private key generated by the key generation unit and the key acquired from another server.
  • the server further comprises a server according to Supplementary Note 1 or 2.
  • the storage unit stores a user ID that identifies the user in association with the first feature amount, and the conversion transmission unit associates the degree of similarity with the user ID and transmits it to another server, preferably according to appendices 1 to 3.
  • One of the servers is the same as the authentication system according to the second viewpoint described above.
  • the other server decodes the similarity and obtains the user ID associated with the highest similarity.
  • the server includes a key generation unit that generates a pair of private key and public key, and a conversion key acquisition unit that acquires a conversion key from the private key generated by the key generation unit and a key acquired from another server.
  • the authentication system according to appendix 5 or 6 further comprises.
  • the other server transmits payment information including the one user ID to the payment server and receives payment result information from the payment server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
PCT/JP2022/034780 2022-09-16 2022-09-16 サーバ、認証システム、認証方法及びプログラム WO2024057538A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2022/034780 WO2024057538A1 (ja) 2022-09-16 2022-09-16 サーバ、認証システム、認証方法及びプログラム
JP2024546669A JPWO2024057538A1 (enrdf_load_stackoverflow) 2022-09-16 2022-09-16

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/034780 WO2024057538A1 (ja) 2022-09-16 2022-09-16 サーバ、認証システム、認証方法及びプログラム

Publications (1)

Publication Number Publication Date
WO2024057538A1 true WO2024057538A1 (ja) 2024-03-21

Family

ID=90274782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/034780 WO2024057538A1 (ja) 2022-09-16 2022-09-16 サーバ、認証システム、認証方法及びプログラム

Country Status (2)

Country Link
JP (1) JPWO2024057538A1 (enrdf_load_stackoverflow)
WO (1) WO2024057538A1 (enrdf_load_stackoverflow)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011052056A1 (ja) * 2009-10-29 2011-05-05 三菱電機株式会社 データ処理装置
JP2017225116A (ja) * 2016-06-17 2017-12-21 パロ・アルト・リサーチ・センター・インコーポレーテッドPalo Alto Research Center Incorporated データ再暗号化を介して機密データを保護するためのコンピュータ実施システムおよび方法
CN110011954A (zh) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 基于同态加密的生物识别方法、装置、终端及业务服务器

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011052056A1 (ja) * 2009-10-29 2011-05-05 三菱電機株式会社 データ処理装置
JP2017225116A (ja) * 2016-06-17 2017-12-21 パロ・アルト・リサーチ・センター・インコーポレーテッドPalo Alto Research Center Incorporated データ再暗号化を介して機密データを保護するためのコンピュータ実施システムおよび方法
CN110011954A (zh) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 基于同态加密的生物识别方法、装置、终端及业务服务器

Also Published As

Publication number Publication date
JPWO2024057538A1 (enrdf_load_stackoverflow) 2024-03-21

Similar Documents

Publication Publication Date Title
US10880732B2 (en) Authentication of phone caller identity
CN111079128B (zh) 一种数据处理方法、装置、电子设备以及存储介质
KR101130415B1 (ko) 비밀 데이터의 노출 없이 통신 네트워크를 통해 패스워드 보호된 비밀 데이터를 복구하는 방법 및 시스템
US8719952B1 (en) Systems and methods using passwords for secure storage of private keys on mobile devices
US7325133B2 (en) Mass subscriber management
TWI489847B (zh) 資料加密方法、資料驗證方法及電子裝置
JP2005102163A (ja) 機器認証システム、機器認証サーバ、端末機器、機器認証方法、機器認証プログラム、及び記憶媒体
KR20150079489A (ko) 실시간 통신 방법 및 시스템
CN111355702B (zh) 安全传输数据集的方法和系统、医学设施和程序产品
JP6930053B2 (ja) 装置認証キーを利用したデータ暗号化方法およびシステム
JP2023532976A (ja) ユーザの身元の検証のための方法およびシステム
CN116866029B (zh) 随机数加密数据传输方法、装置、计算机设备及存储介质
WO2018220693A1 (ja) 情報処理装置、検証装置、情報処理システム、情報処理方法、及び、記録媒体
CN114117386B (zh) 会议管理方法及装置、计算机可读存储介质、电子设备
CN111541708B (zh) 一种基于电力配电的身份认证方法
CN116170131A (zh) 密文处理方法、装置、存储介质及可信执行设备
CN109802834A (zh) 一种对业务层数据进行加密、解密的方法及系统
WO2024057538A1 (ja) サーバ、認証システム、認証方法及びプログラム
EP4020875A1 (en) Method, first server, second server, and system for transmitting securely a key
JPH06284124A (ja) 情報伝送システム
CN114095150B (zh) 身份鉴定方法、装置、设备及可读存储介质
US12400016B2 (en) System and method for managing data-file transmission and access right to data files
US20250211439A1 (en) Matching system, matching apparatus, matching method, and program
JPH09326789A (ja) 携帯無線端末間通信における相手認証方法及びシステム
WO2025021952A1 (en) Improved system for secure transmission of authentication data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22958857

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024546669

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE