Authentication method, system and apparatus of an electronic value
First Claim
1. An authentication method wherein:
- a user owns an electronic value including encrypted value authentication information (F(VPW)) wherein said authentication information (VPW) corresponding to said electronic value specified by user is encoded by a first irreversible calculation process (F), in process for authenticating user as the right owner of said electronic value, authentication side generates a random number (R) and transmits it to user side, a user side generates value authentication information (F(VPW′
)) from authentication information (VPW) corresponding to an electronic value input by user, further generates authentication information (G(R,F(VPW′
))) wherein said random number (R) and value authentication information (F(VPW′
)) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value and authentication information (G(R,F(VPW′
))) to said authentication side, said authentication side decrypts code of received electronic value, extracts value authentication information (F(VPW)) from electronic value, generates authentication information (G(R,F(VPW))) wherein said random number (R) and value authentication information (F(VPW)) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′
))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates user.
6 Assignments
0 Petitions
Accused Products
Abstract
An authentication system providing a safety authentication process of electronic values with the use of mobile terminals which do not have a tamper-resistant function. The electronic value including encrypted value authentication information (F(VPW)), wherein an authentication information (VPW) corresponding to an electronic value specified by a user is acquired by the hash calculation, is stored in user'"'"'s mobile terminal. In the user authentication process; authentication apparatus generates a random number R and transmits it to mobile terminal, mobile terminal generates value authentication information (F(VPW′)) from authentication information (VPW′) corresponding to electronic value input by user, further executes a hash calculation on data wherein value authentication information (F(VPW′)) and the random number R are concatenated, generates authentication information (F(VPW′)∥R), transmits it to the authentication apparatus with the electronic value, authentication apparatus decrypts the received electronic value, extracts the value authentication information (F(VPW)) from the electronic value, executes the hash calculation on data wherein value authentication information (F(VPW)) and the random number R are concatenated, generates the authentication information (F(VPW)∥R), and collates the received authentication information (F(VPW′)∥R) with the authentication information (F(VPW)∥R), so that the user is authenticated.
-
Citations
39 Claims
-
1. An authentication method wherein:
-
a user owns an electronic value including encrypted value authentication information (F(VPW)) wherein said authentication information (VPW) corresponding to said electronic value specified by user is encoded by a first irreversible calculation process (F), in process for authenticating user as the right owner of said electronic value, authentication side generates a random number (R) and transmits it to user side, a user side generates value authentication information (F(VPW′
)) from authentication information (VPW) corresponding to an electronic value input by user, further generates authentication information (G(R,F(VPW′
))) wherein said random number (R) and value authentication information (F(VPW′
)) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value and authentication information (G(R,F(VPW′
))) to said authentication side,said authentication side decrypts code of received electronic value, extracts value authentication information (F(VPW)) from electronic value, generates authentication information (G(R,F(VPW))) wherein said random number (R) and value authentication information (F(VPW)) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′
))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates user. - View Dependent Claims (2)
-
-
3. A mutual authentication method wherein:
-
a user owns an electronic value including an encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to said electronic value specified by user is encoded by a first irreversible calculation process (F), in a mutual authentication process, wherein a user is authenticated as the rightful owner of said electronic value and user authenticates the authentication side, authentication side generates a first random number (R1) and transmits it to user side, said user side generates value authentication information (F(VPW′
)) from authentication information (VPW′
) corresponding to electronic value input by user, generates a second random number (R2), further generates authentication information (G(R1,F(VPW′
))) wherein said first random number (R1) and said value authentication information (F(VPW′
)) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value, authentication information (G(R1,F(VPW′
))) and second random number (R2) to said authentication side,authentication side decrypts code of received electronic value, extracts value authentication information (F(VPW)) from said electronic value, generates authentication information (G(R1,F(VPW))) wherein said first random number (R1) and value authentication information (F(VPW)) are concatenated and encoded by a second irreversible calculation process (G), collates said received authentication information (G(R1,F(VPW′
))) with said generated authentication information (G(R1,F(VPW))), verifies that they are identical, and authenticates user,further generates authentication information (I(R1,R2,F(VPW))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW)) are concatenated and encoded by a fourth irreversible calculation process (I), transmits it to user side, said user side generates authentication information (I(R1,R2,F(VPW′
))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW′
)) are concatenated and encoded by said fourth irreversible calculation process (I), collates said received authentication information (I(R1,R2,F(VPW))) with said generated authentication information (I(R1,R2,F(VPW′
))), verifies that they are identical, and authenticates authentication side. - View Dependent Claims (4)
-
-
5. An update processing method wherein:
-
a user owns electronic value including an encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to electronic value specified by user is encoded by a first irreversible calculation process (F), in update process wherein authentication side validates said electronic value and updates content of electronic value, authentication side generates a first random number (R1) and transmits it to user side, user side generates value authentication information (F(VPW′
)) from authentication information (VPW′
) corresponding to electronic value input by user, generates a second random number (R2), further generates authentication information (G(R1,F(VPW′
))) wherein said first random number (R1) and said value authentication information (F(VPW′
)) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value, authentication information (G(R1,F(VPW′
))) and said second random number (R2) to authentication side,authentication side decrypts code of received said electronic value, extracts value authentication information (F(VPW)) from said electronic value, generates value authentication information (G(R1,F(VPW))) wherein said first random number (R1) and value authentication information (F(VPW)) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R1,F(VPW′
))) with said generated authentication information (G(R1,F(VPW))), verifies that they are identical, and authenticates user,further generates said electronic value whose content is updated, further generates authentication information (I(R1,R2,F(VPW))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW)) are concatenated and encoded by a third irreversible calculation process (I), transmits said electronic value whose content is updated to user side and authentication information (I(R1,R2,F(VPW))) to user side, user side generates authentication information (I(R1,R2,F(VPW′
))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW′
)) are concatenated and encoded by said third irreversible calculation process (I), collates said received authentication information (I(R1,R2,F(VPW))) with generated authentication information (I(R1,R2,F(VPW′
))), verifies that they are identical, authenticates authentication side, and updates electronic value to received said electronic value whose content is updated. - View Dependent Claims (6)
-
-
7. A mobile terminal wherein:
comprising storage means storing electronic value, generating value authentication information (F(VPW′
)) wherein value authentication information (VPW) corresponding to said electronic value input by a user is encoded by a first irreversible calculation process (F), further generating a second random number (R2), further encoding by an irreversible calculation process (F) on data wherein said value authentication information (F(VPW′
)) and a first random number (R1) received from authentication apparatus are concatenated, generating authentication information (G(R1,F(VPW′
))), and transmitting said electronic value, authentication information (G(R1,F(VPW′
))) and said second random number (R2) to authentication apparatus, thereby authenticating user to be the rightful owner of said electronic value.- View Dependent Claims (10, 11, 12)
-
8. A mobile terminal wherein:
comprising storage means storing electronic value, generating value authentication information (F(VPW′
)) wherein value authentication information (VPW) corresponding to said electronic value input by a user is encoded by a first irreversible calculation process (F), further generating a second random number (R2), further encoded by a second irreversible calculation process (G) on data wherein said value authentication information (F(VPW′
)) and a first random number (R1) received from authentication apparatus are concatenated, generating authentication information (G(R1,F(VPW′
))), and transmitting said electronic value, authentication information (G(R1,F(VPW′
))) and said second random number (R2) to authentication apparatus, thereby authenticating user to be the rightful owner of said electronic value, generating authentication information (I(R1,R2,F(VPW′
))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW′
)) are concatenated and encoded by a third irreversible calculation process (I), collating said authentication information (I(R1,R2,F(VPW))) received from said authentication apparatus with generated authentication information (I(R1,R2,F(VPW′
))), verifying that they are identical, and authenticating said authentication apparatus.
-
9. A mobile terminal wherein:
comprising storage means storing an electronic value, generating value authentication information (F(VPW′
)) wherein value authentication information (VPW) corresponding to said electronic value input by a user is encoded by a first irreversible calculation process (F), further generating a first random number (R2), further encoding by a second irreversible calculation process (G) on data wherein said value authentication information (F(VPW′
)) and said first random number (R1) received from authentication apparatus are concatenated, generating authentication information (G(R1,F(VPW′
))), and transmitting said electronic value, authentication information (G(R1,F(VPW′
))) and said second random number (R2) to authentication apparatus, thereby authenticating user to be the rightful owner of said electronic value, generating authentication information (I(R1,R2,F(VPW′
))) wherein said first random number (R1), said second random number (R2) and value authentication information (F(VPW′
)) are concatenated and encoded by a third irreversible calculation process (I), collating said authentication information (I(R1,R2,F(VPW))) received from said authentication apparatus with generated authentication information (I(R1,R2,F(VPW′
))), verifying that they are identical, and authenticating said authentication apparatus, and updating said electronic value to electronic value received from said authentication apparatus.
-
13. An authentication apparatus wherein:
generating a random number (R) and transmitting it to mobile terminal, receiving authentication information (G(R,F(VPW′
))) and electronic value from said mobile terminal, decrypting code of encrypted part of electronic value, and validating said electronic value, further extracting value authentication information (F(VPW)) from said electronic value, generating authentication information (G(R,F(VPW))) wherein value authentication information (F(VPW)) and random number (R) are concatenated and encoded by an irreversible calculation process (G), and collating received authentication information (G(R,F(VPW′
))) with generated authentication information (G(R,F(VPW))), verifying that they are identical, thereby authenticating user.- View Dependent Claims (16, 17, 18, 19)
-
14. An authentication apparatus wherein:
generating a first random number (R1) and transmitting it to mobile terminal, receiving authentication information (G(R1,F(VPW′
))), electronic value and a second random number (R2) from said mobile terminal, decrypting code of encrypted part of electronic value, and validating said electronic value, further extracting value authentication information (F(VPW)), generating authentication information (G(R1,F(VPW))) wherein value authentication information (F(VPW)) and said first random number (R1) are concatenated and encoded by a irreversible calculation process (G), and collating received authentication information (G(R1,F(VPW′
))) with generated authentication information (G(R1,F(VPW))), verifying that they are identical, authenticating user, further generating authentication information (I(R1,R2,F(VPW))) wherein value authentication information (F(VPW)), said first random number (R1) and said second random number (R2) received from mobile terminal are concatenated and encoded by a irreversible calculation process (I), and transmitting said authentication information (I(R1,R2,F(VPW))) to user side, thereby being authenticated by mobile terminal.
-
15. An authentication apparatus wherein:
generating a first random number (R1) and transmitting it to mobile terminal, receiving authentication information (G(R1,F(VPW′
))), electronic value and a second random number (R2) from said mobile terminal, decrypting code of encrypted part of electronic value, and validating said electronic value, further extracting value authentication information (F(VPW)), generating authentication information (G(R1,F(VPW))) wherein value authentication information (F(VPW)) and said first random number (R1) are concatenated and encoded by a first irreversible calculation process (G), and collating received authentication information (G(R1,F(VPW′
))) with generated authentication information (G(R1,F(VPW))), verifying that they are identical, authenticating user, further generates electronic value whose content is updated, further generates authentication information (I(R1,R2,F(VPW))) wherein value authentication information (F(VPW)), said first random number (R1) and said second random number (R2) received from mobile terminal are concatenated and encoded by a second irreversible calculation process (I), and transmitting said authentication information (I(R1,R2,F(VPW))) to user side, and updating electronic value in mobile terminal to said updated electronic value.
-
20. An electronic value issuance server wherein:
extracting authentication information (VPW) corresponding to an electronic value specified by user from electronic value issuance request received from said mobile terminal, generating value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to said electronic value is encoded by said first irreversible calculation process (F), generating encryption key from data (H(F(VPW))) wherein value authentication information (F(VPW)) is encoded by a third irreversible calculation process (H) and master key, generating said electronic value with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmitting it to said mobile terminal. - View Dependent Claims (22, 23, 24)
-
21. An electronic value issuance server wherein:
extracting authentication information (F(VPW)) corresponding to an electronic value specified by user, wherein authentication information (VPW) is encoded by a first irreversible calculation process (F), from electronic value issuance request message received from a mobile terminal, generating encryption key from data (H(F(VPW))) wherein value authentication information (F(VPW)) is encoded by a second irreversible calculation process (H) and a master key, generating said electronic value with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmitting it to mobile terminal.
-
25. An authentication system, comprised of mobile terminal managed by user, authentication apparatus and electronic value issuance server, wherein:
-
said mobile terminal stores electronic value received from said electronic value issuance server, said electronic value includes an encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to electronic value specified by user is encoded by a first irreversible calculation process (F), in process for authenticating user to be the rightful owner of said electronic value, authentication apparatus generates random number (R) and transmits it to mobile terminal, mobile terminal generates value authentication information (F(VPW′
)) from authentication information (VPW′
) corresponding to electronic value specified by user, further generates authentication information (G(R,F(VPW′
))) wherein value authentication information (F(VPW′
)) and said random number (R) are concatenated and encoded by a second irreversible calculation process (G), and transmits said electronic value and authentication information (G(R,F(VPW′
))) to said authentication apparatus,authentication apparatus decrypts code of received electronic value, extracts value authentication information (F(VPW)) from electronic value, generates authentication information (G(R,F(VPW))) wherein value authentication information (F(VPW)) and said random number (R) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′
))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates user. - View Dependent Claims (26)
-
-
27. A mutual authentication system, comprised of mobile terminal managed by user, authentication apparatus and electronic value issuance server, wherein:
-
said mobile terminal stores electronic value received from said electronic value issuance server, said electronic value includes an encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to electronic value specified by user is encoded by a first irreversible calculation process (F), in mutual authentication process wherein authentication apparatus authenticates user as the right owner of said electronic value and user authenticates authentication apparatus, authentication apparatus generates a first random number (R1) and transmits it to mobile terminal mobile terminal generates value authentication information (F(VPW′
)) from authentication information (VPW′
) corresponding to electronic value specified by user, further generates a second random number (R2), further generates authentication information (G(R1,F(VPW′
))) wherein value authentication information (F(VPW′
)) and said first random number (R1) are concatenated and encoded by a second irreversible calculation process (G), transmits said electronic value, authentication information (G(R1,F(VPW′
))) and said second random number (R2) to said authentication apparatus,authentication apparatus decrypts code of received electronic value, extracts value authentication information (F(VPW)) from electronic value, generates authentication information (G(R1,F(VPW))) wherein value authentication information (F(VPW)) and said first random number (R1) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R1,F(VPW′
))) with said generated authentication information (G(R1,F(VPW))), verifies that they are identical, and authenticates user, further generates authentication information (I(R1,R2,F(VPW))) wherein value authentication information (F(VPW)), said first random number (R1), and said second random number (R2) are concatenated and encoded by a third irreversible calculation process (I), and transmits it to mobile terminal,mobile terminal generates authentication information (I(R1,R2,F(VPW′
))) wherein value authentication information (F(VPW′
)), said first random number (R1), and said second random number (R2) are concatenated and encoded by said third irreversible calculation process (I), collates said received authentication information (G(R1,F(VPW))) with said generated authentication information (G(R1,F(VPW′
))), verifies that they are identical, and authenticates authentication apparatus. - View Dependent Claims (28)
-
-
29. An electronic value update system wherein:
-
a mobile terminal stores an electronic value received from an electronic value issuance server, said electronic value includes encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to electronic value specified by user is encoded by a first irreversible calculation process (F), an authentication apparatus validates said electronic value and updates content of electronic value during updated, said authentication apparatus generates a first random number (R1) and transmits it to said mobile terminal said mobile terminal generates value authentication information (F(VPW′
)) from authentication information (VPW′
) corresponding to an electronic value specified by a user, further generates a second random number (R2), further generates authentication information (G(R,F(VPW′
))) wherein value authentication information (F(VPW′
)) and said first random number (R1) are concatenated and encoded by a second irreversible calculation process (G), and transmits said electronic value,authentication information (G(R1,F(VPW′
))) and said second random number (R2) to said authentication apparatus, authentication apparatus decrypts code of said received electronic value, extracts value authentication information (F(VPW)) from said electronic value, generates authentication information (G(R1,F(VPW))) wherein value authentication information (F(VPW)) and said first random number (R1) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R1,F(VPW′
))) with said generated authentication information (G(R1,F(VPW))), verifies that they are identical, and authenticates the user, further generates authentication information (I(R1,R2,F(VPW))) wherein value authentication information (F(VPW)), said first random number (R1), and said second random number (R2) are concatenated and encoded by a third irreversible calculation process (I), transmits said electronic value whose content is updated and authentication information (I(R1,R2,F(VPW))) to said mobile terminal,said mobile terminal generates authentication information (I(R1,R2,F(VPW′
))) wherein value authentication information (F(VPW′
)), said first random number (R1), and said second random number (R2) are concatenated and encoded by said third irreversible calculation process (I), collates said received authentication information (G(R1,F(VPW))) with said generated authentication information (G(R1,F(VPW′
))), verifies that they are identical, and authenticates authentication apparatus, and updates said electronic value to said received electronic value. - View Dependent Claims (30)
-
-
31. A lock apparatus wherein:
-
in issuance of electronic key, an issuance function of electronic key extracting authentication information (F(VPW)) corresponding to electronic key specified by a user, wherein authentication information (VPW) is encoded by a first irreversible calculation process (F), from an electronic key issuance request message received from a mobile terminal, generating an encryption key from data (H(F(VPW))) wherein value authentication information (F(VPW)) is encoded by a second irreversible calculation process (H) and a master key, generating electronic key with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmits it to said mobile terminal, in authentication of electronic key, an authentication function of electronic key generating a random number (R) and transmitting it to said mobile terminal, receiving authentication information (G(R,F(VPW′
))) and said electronic key from said mobile terminal, decrypting code of encrypted part of said electronic key, and validating said electronic key, further extracting value authentication information (F(VPW)) from said electronic key, generating authentication information (G(R,F(VPW))) wherein value authentication information (F(VPW)) and said random number (R) are concatenated and encoded by a third irreversible calculation process (G), and collating received authentication information (G(R,F(VPW′
))) with generated authentication information (G(R,F(VPW))), verifying that they are identical, thereby authenticating user. - View Dependent Claims (32, 33)
-
-
34. An authentication request apparatus, requesting authentication to authentication apparatus, comprising an encrypted first information acquisition unit acquiring encrypted first information wherein the first information is encrypted in a form that can be decrypted by a decryption key stored in said authentication apparatus,
a second information acquisition unit acquiring the second information, is to determine whether the relationship with said first information is a predetermined relationship, a transmission unit transmitting encrypted first information acquired by said encrypted first information acquisition unit in relation to the second information acquired by said second information acquisition unit to said authentication apparatus.
-
38. An authentication apparatus comprising a reception unit receiving encrypted first information transmitted from a transmission unit of an authentication request apparatus and the second information transmitted in relation to the encrypted first information, a decryption key storage unit stores decryption key for decrypting encrypted first information, a decryption unit decrypting encrypted first information received by reception unit with the use of said decryption key stored in said decryption key storage unit and acquiring the first information, and a determination unit determining whether the first information decrypted by decryption unit and the second information received in relation to encrypted first information, which is the first information before being decrypted, have a predetermined relationship.
-
39. An information relating apparatus comprising an authentication information acquisition unit acquiring authentication information, the first information generation unit generating the first information having a predetermined relationship with said authentication information with the use of authentication information acquired by authentication information acquisition unit, an encryption key storage unit storing encryption key, and an encryption unit encrypting the first information generated by said first information generation unit with the use of encryption key stored by said encryption key storage unit.
Specification