TOP > 外国特許検索 > Authentication method, authentication apparatus, and computer product

Authentication method, authentication apparatus, and computer product 新技術説明会

外国特許コード F160008876
整理番号 H27010
掲載日 2016年10月18日
出願国 アメリカ合衆国
出願番号 200611368601
公報番号 20070050631
公報番号 8423766
出願日 平成18年3月7日(2006.3.7)
公報発行日 平成19年3月1日(2007.3.1)
公報発行日 平成25年4月16日(2013.4.16)
優先権データ
  • 特願2005-246506 (2005.8.26) JP
発明の名称 (英語) Authentication method, authentication apparatus, and computer product 新技術説明会
発明の概要(英語) In a server for authenticating a user, an acquiring unit acquires current authentication information that is created using an arbitrary value and that is used for a current authentication process, from user.
A receiving unit receives first transmission information in which next authentication information to be used for a next authentication process is hidden using the current authentication information, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the user.
A calculating unit calculates the next authentication information based on the first transmission information and the current authentication information, and the arbitrary value based on calculated next authentication information and the second transmission information.
A determining unit determines whether to authenticate the user based on the arbitrary value and the current authentication information.
従来技術、競合技術の概要(英語) BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a technology for an authentication processing for authenticating a communication party or a user in an information communication system.
2. Description of the Related Art
Conventionally, when an authenticator (server) authenticates a party to be authenticated (user), a password authentication method is widely used, in which the server requests the user to input a password, and authenticate the user with a validity of the input password.
In addition, to secure a safety, a one-time password method in which a password valid for only one authentication is used, or an authentication method in which authentication information created from a password is used instead of the password itself is used.
A simple and secure password authentication protocol Ver. 2 (SAS-2) authentication method is an example of the password authentication method in which a server authenticates a user based on following procedures (see, for example, Information and Communication Engineers, OIS2002-30, Vol. 102, No. 314, pp. 7-11, 2002, The Institute of Electronics, "Simple and secure password authentication protocol, Ver. 2 (SAS-2)" by Takasuke Tsuji, et. al.).
FIG. 10 and FIG. 11 are flowcharts of a processing procedure for a user authentication in the SAS-2 authentication method.
In the following explanation, "<--" indicates a substitution to a left-hand side by a right-hand side, "S" represents a password that is privately held by a user, "ID" represents an identifier for a user, "XOR" represents an exclusive-OR operator, "n" is the number of authentication, and "Nn" is a random number (n is a positive integer equal to or greater than "1", and is used for specifying the random number).
In addition, "F" and "H" represent one-way functions that do not use the password S, "X" is a one-way function that uses the password S and the random number Nn, and Xn=X(ID, S XOR Nn).
Initially, a user makes a registration in a server from which the user wants to get an authentication (hereinafter, the operation of the registration is referred to as "an initial registration").
FIG. 10 is a flowchart of the initial registration of a user, according to the conventional technology.
The user possesses a user identifier ID and a password S in advance.
The user creates a random number N1 and stores the created random number N1 (step S1001).
The user calculates initial authentication information A1 defined by Equation 1 using the random number N1, the password S that is held privately, and the user identifier ID (step S1002), and transmits the authentication information A1 with the user identifier ID via a safe means (step S1003).
The safe means includes a dedicated line for the authentication information, and a mailing of a recording medium in which the authentication information is stored.
The authentication information A1 is authentication information used for the first time (n=1) authentication.
A1<--X1(ID, S XOR N1) (1)
The server stores the authentication information A1 in association with the user identifier ID, which is transmitted at step S1003 (step S1004).
In this manner, the initial registration of the user is completed.
FIG. 11 is a flowchart of an nth time authentication after the first time (n=1) authentication, according to the conventional technology.
At this moment, the user possesses ID, S, and Nn, and the server holds ID and An (at the time of the first time authentication, n=1).
The user calculates An defined by Equation 2, from the stored random number Nn (step S1101).
An<--Xn(ID, S XOR Nn) (2)
Then, the user creates a new random number Nn+1 and stores the created random number Nn+1, or takes An as Nn+1 and stores Nn+1 (step S1102).
Subsequently, C and D defined by Equations 3 and 4, respectively, are calculated using Nn+1, and alpha , AND beta defined by Equations 5 and 6, respectively, are calculated using C, D, and An (step S1103).
C<--Xn(ID, S XOR Nn+1) (3)
D<--F(ID, C) (4)
alpha <--C XOR (D+An) (5)
beta <--D XOR An (6)
Finally, the user transmits calculated alpha AND beta together with ID to the server (step S1104).
At this time, An is current authentication information used for a current authentication process, C is next authentication information to be used for a next authentication process, and D is another next authentication information obtained by unidirectional conversion of the next authentication information C.
Upon receiving alpha AND beta from the user, the server calculates D defined by Equation 7 using the current authentication information An that is registered corresponding to ID, and calculates C defined by Equation 8 using calculated D and the current authentication information, with respect to received alpha AND beta (step S1105).
D<--beta XOR An (7)
C<--alpha XOR (D+An) (8)
Thereafter, the server carries out a unidirectional conversion of C calculated from Equation 8 with ID, and verifies if a result of the unidirectional conversion is identical to D (F(ID, C)=D?) (step S1106).
If the result of the unidirectional conversion is identical to D ("YES" at step S1106), the server authenticates the user (authentication complete), and stores the next authentication information C as authentication information to be used for the next ((n+1)th) authentication (step S1107).
On the other hand, if the result of the unidirectional conversion is not identical to D ("NO" at step S1106), the server denies the authentication of the user (step S1108), and ends the process of the flowchart.
By carrying out the above process, the server determines whether to authenticate a user who calls for an authentication.
According to the above conventional technology, the authentication process is carried out based on transmission information that is mask-processed using the current authentication information A that is registered in the server.
Therefore, it is possible to create the transmission information with ease by stealing the current authentication information stored in the server, and as a result, a malice third party can carry out an illegal authentication.
In particular, a server installed in a public place or a server installed by a person who does not have enough knowledge of a security is apt to be a target of a malice, and the current authentication information can be easily stolen.
In addition, when there is a malice on the server side, the malice can take on the position of a legal user to be authenticated by using the current authentication information stored in the server.
Furthermore, if the malice can succeed to obtain an illegal authentication by taking on the position of the legal user, private information can be leak, or information of the legal user can be illegally modified.
Once information is disclosed, it cannot be returned to a private state, resulting in a serious damage to both the authenticator and the user.

特許請求の範囲(英語) [claim1]
1. A method of authenticating a subject device to be authenticated, comprising: acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device; receiving first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
calculating the next authentication information based on the first transmission information and the current authentication information;
calculating the arbitrary value based on calculated next authentication information and the second transmission information; and
determining whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information;
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
[claim2]
2. The method according to claim 1, wherein the acquiring includes acquiring the current authentication information that is created by performing an operation using a one-way function on an arbitrary value, and
the determining includes performing the operation using the one-way function on the calculated arbitrary value; and
determining whether a value obtained by performing the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
[claim3]
3. The method according to claim 1, wherein the receiving includes receiving a value obtained by performing an operation using a mask function on the next authentication information and the current authentication information, as the first transmission information, and a value obtained by performing the operation using the mask function on the arbitrary value and the next authentication information, as the second transmission information,
the calculating the next authentication information includes calculating the next authentication information by performing the operation using the mask function on the first transmission information and the current authentication information, and
the calculating the arbitrary value includes calculating the arbitrary value by performing the operation using the mask function on the calculated next authentication information and the second transmission information.
[claim4]
4. The method according to claim 1, further comprising acquiring an authentication key from the subject device, wherein the authentication key is unique to the subject device, wherein
the receiving includes receiving a value in which the arbitrary value is hidden by a value obtained by performing an operation using the authentication key on the next authentication information as the second transmission information, and
the calculating the arbitrary value includes calculating the arbitrary value based on the authentication key, the calculated next authentication information, and the second transmission information.
[claim5]
5. The method according to claim 1, further comprising acquiring an authentication key from the subject device, wherein the authentication key is unique to the subject device, wherein
the receiving includes receiving a value in which a value obtained by performing an operation using the authentication key on the next authentication information is hidden using the current authentication information, as the first transmission information, and
the calculating the next authentication information includes calculating the next authentication information based on the authentication key, the first transmission information, and the current authentication information.
[claim6]
6. A method of requesting an authentication to an authenticating apparatus from a subject device to be authenticated, comprising: creating current authentication information that is used for a current authentication process, using an arbitrary value;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
delivering the current authentication information and the encryption information to the authenticating apparatus;
creating first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
creating second transmission information in which the arbitrary value is hidden using the next authentication information;
transmitting the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
[claim7]
7. The method according to claim 6, wherein the creating current authentication information includes creating the current authentication information by performing an operation using a one-way function.
[claim8]
8. The method according to claim 6, wherein the creating the first transmission information includes performing an operation using a mask function on the next authentication information and the current authentication information, and
the creating the second transmission information includes creating the second transmission information by performing the operation using the mask function on the arbitrary value and the next authentication information.
[claim9]
9. The method according to claim 6, further comprising: creating an authentication key that is unique to a subject device to be authenticated; and
delivering the authentication key to the authenticating apparatus, wherein
the creating second transmission information includes performing an operation using the authentication key on the next authentication information; and
creating the second transmission information in which the arbitrary value is hidden by a value obtained by performing the operation using the authentication key on the next authentication information.
[claim10]
10. The method according to claim 6, further comprising: creating an authentication key that is unique to a subject device to be authenticated; and
delivering the authentication key to the authenticating apparatus, wherein
the creating the first transmission information includes performing an operation using the authentication key on the next authentication information; and
creating the first authentication information in which a value obtained by performing the operation using the authentication key is hidden using the current authentication information.
[claim11]
11. A non-transitory computer-readable recording medium that stores therein a computer program for authenticating a subject device to be authenticated, the computer program making a computer execute: acquiring current authentication information that is created using an arbitrary value, and that is used for a current authentication process, from the subject device;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device; receiving first transmission information that is expressed as the next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
calculating the next authentication information based on the first transmission information and the current authentication information;
calculating the arbitrary value based on calculated next authentication information and the second transmission information; and
determining whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information: and
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
[claim12]
12. A non-transitory computer-readable recording medium that stores therein a computer program for requesting an authentication to an authenticating apparatus from a subject device to be authenticated, the computer program making a computer execute: creating current authentication information that is used for a current authentication process, using an arbitrary value;
acquiring encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device; delivering the current authentication information and the encryption information to the authenticating apparatus;
creating first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
creating second transmission information in which the arbitrary value is hidden using the next authentication information; and
transmitting the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
[claim13]
13. An authentication apparatus comprising: a first acquiring unit configured to acquire, from a subject device to be authenticated, current authentication information that is created using an arbitrary value and that is used for a current authentication process, and encryption information that is the arbitrary value encrypted using next authentication information as an encryption key, from the subject device;
a receiving unit configured to receive, via a network interface, first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication, and second transmission information in which the arbitrary value is hidden using the next authentication information, from the subject device;
a first calculating unit configured to calculate the next authentication information based on the first transmission information and the current authentication information;
a second calculating unit configured to calculate the arbitrary value based on calculated next authentication information and the second transmission information; and
a determining unit configured to determine whether to authenticate the subject device based on a calculated arbitrary value and the current authentication information,
wherein the acquiring includes acquiring the current authentication information that is created by performing, two times, an operation using a one-way function on the arbitrary value, and
wherein the determining includes decrypting the encryption information using the next authentication information;
determining whether to authenticate the subject device based on decrypted encryption information; and
performing, two times, the operation using the one-way function on the calculated arbitrary value; and
determining whether to authenticate the subject device based on whether a value obtained by performing, two times, the operation using the one-way function on the calculated arbitrary value is identical to the current authentication information.
[claim14]
14. An authentication apparatus comprising: a creating unit configured to: create current authentication information that is used for a current authentication process, using an arbitrary value;
create first transmission information that is expressed as next authentication information exclusive-OR the current authentication information, the next authentication information being used for a next authentication process;
create second transmission information in which the arbitrary value is hidden using the next authentication information; and
acquire encryption information that is the arbitrary value encrypted using the next authentication information as an encryption key;
a delivering unit configured to deliver the current authentication information and the encryption information to an authenticating apparatus that authenticates the authentication apparatus; and
a transmitting unit configured to transmit, via a network interface, the first transmission information and the second transmission information to the authenticating apparatus,
wherein the creating current authentication information includes creating the current authentication information by performing, two times, an operation using a one-way function on the arbitrary value.
  • 発明者/出願人(英語)
  • SHIMIZU AKIHIRO
  • TSUJI TAKASUKE
  • KOCHI UNIVERSITY OF TECHNOLOGY
国際特許分類(IPC)
米国特許分類/主・副
  • 713/168
  • 380/28
  • 380/44
  • 455/411
  • 705/67
  • 713/182
  • 726/4

PAGE TOP

close
close
close
close
close
close