Authenticating method
First Claim
1. A user authentication method comprising the steps of authenticating user-ID carrying equipment connected to a communication network, such as communication terminal equipment in which a user ID used for user authentication is registered, or equipment in which a user ID, such as an electronic ID card used by mounting on communication terminal equipment is recorded, by carrying out “
- authentication having ‘
the possibility of spoofing by the authenticating side though there is no danger of monitoring,’ and
‘
the possibility of spoofing as the result of theft of authentication information from the authentication device,’ and
specific problems in the contents of authentication”
using a dual-key encryption system, a biometrics-based system, a one-time password system or a pass-sentence system based on a long-worded, sentence-like password in a pass-code p1 authentication process (10), so as to prevent “
spoofing as the result of ‘
leakage of authentication information through the interception of communications,’
‘
leakage of authentication information through monitoring of the traffic,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
leakage of authentication information beyond the control of the user and outside the system,’ and
‘
duplication or forgery of authentication information’
” and
prevent “
spoofing by the authenticating side”
and “
spoofing as the result of theft of authentication information from the authentication device”
by establishing a collatable but irreversible relationship to compare using random numbers the authentication information issued by the user with the authentication information registered in the authentication device, and authenticating a user by carrying out authentication while securing safety against “
spoofing by the authenticating side,”
“
spoofing as the result of theft of authentication information from the authentication device,” and
“
spoofing as the result of ‘
leakage of authentication information through interception of communications,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
duplication and forgery of authentication information,’ and
‘
theft of user-ID carrying equipment’
using the fact that the user can be identified by carrying out authentication using authenticating key information, such as a password having a large number of combinations, with which no spoofing is possible against the user'"'"'s will in the pass-code p2 authentication process (11), so that user authentication can be performed at least specifically to prevent “
spoofing by the authenticating side,”
“
spoofing as the result of theft of authentication information from the authentication device,”
“
spoofing as the result of ‘
leakage of authentication information through monitoring,’
‘
leakage of authentication information through interception of communications,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
leakage of authentication information beyond the control of the user and outside the system,’
‘
duplication or forgery of authentication information,’ and
‘
theft of user-ID carrying equipment’
by carrying out “
user authentication” and
”
authentication of user-ID carrying equipment connected to a communication network in two stages.
1 Assignment
0 Petitions
Accused Products
Abstract
All conceivable problems associated with user authentication can be coped with at least individually by preventing spoofing as the result of leakage of authentication information through interception of communications, monitoring, stealthy glance, brute-force attack, and beyond the control of the user and outside the system, duplication and forgery of authentication information by carrying out an “authentication method that can cope with every possible problem in relation to authentication, excluding monitoring” and an “authentication method authentication having the possibility of spoofing by the authenticating side though there is no danger of monitoring and he possibility of spoofing as the result of theft of authentication information from the authentication device” in two stages in one user authentication processing, and “preventing spoofing by the authenticating side and as the result of theft of authentication information from the authentication device by establishing a collatable and irreversible relationship between the authentication information issued by the user and the authentication information registered in the authentication device” in the latter authentication method.
-
Citations
5 Claims
-
1. A user authentication method comprising the steps of authenticating user-ID carrying equipment connected to a communication network, such as communication terminal equipment in which a user ID used for user authentication is registered, or equipment in which a user ID, such as an electronic ID card used by mounting on communication terminal equipment is recorded, by carrying out “
- authentication having ‘
the possibility of spoofing by the authenticating side though there is no danger of monitoring,’ and
‘
the possibility of spoofing as the result of theft of authentication information from the authentication device,’ and
specific problems in the contents of authentication”
using a dual-key encryption system, a biometrics-based system, a one-time password system or a pass-sentence system based on a long-worded, sentence-like password in a pass-code p1 authentication process (10), so as to prevent “
spoofing as the result of ‘
leakage of authentication information through the interception of communications,’
‘
leakage of authentication information through monitoring of the traffic,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
leakage of authentication information beyond the control of the user and outside the system,’ and
‘
duplication or forgery of authentication information’
” and
prevent “
spoofing by the authenticating side”
and “
spoofing as the result of theft of authentication information from the authentication device”
by establishing a collatable but irreversible relationship to compare using random numbers the authentication information issued by the user with the authentication information registered in the authentication device, andauthenticating a user by carrying out authentication while securing safety against “
spoofing by the authenticating side,”
“
spoofing as the result of theft of authentication information from the authentication device,” and
“
spoofing as the result of ‘
leakage of authentication information through interception of communications,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
duplication and forgery of authentication information,’ and
‘
theft of user-ID carrying equipment’
using the fact that the user can be identified by carrying out authentication using authenticating key information, such as a password having a large number of combinations, with which no spoofing is possible against the user'"'"'s will in the pass-code p2 authentication process (11),so that user authentication can be performed at least specifically to prevent “
spoofing by the authenticating side,”
“
spoofing as the result of theft of authentication information from the authentication device,”
“
spoofing as the result of ‘
leakage of authentication information through monitoring,’
‘
leakage of authentication information through interception of communications,’
‘
leakage of authentication information through a stealthy glance,’
‘
leakage of authentication information through a brute-force attack,’
‘
leakage of authentication information beyond the control of the user and outside the system,’
‘
duplication or forgery of authentication information,’ and
‘
theft of user-ID carrying equipment’
by carrying out “
user authentication” and
”
authentication of user-ID carrying equipment connected to a communication network in two stages. - View Dependent Claims (2, 3, 4, 5)
- authentication having ‘
Specification