AUTHENTICATION ENTITY DEVICE, VERIFICATION DEVICE AND AUTHENTICATION REQUEST DEVICE
First Claim
Patent Images
1. An authentication entity device communicable with a verification device which verifies authentication processes and adapted to individually execute authentication subprocesses making up the authentication process, comprising:
- a receiving module configured to receive challenge information generated by the verification device;
a confidential information storage module configured to store confidential information for the verification;
an authenticator generating module configured to generate an authenticator for the execution content of the authentication subprocesses and the challenge information based on the confidential information;
an authentication context generating module configured to generate an authentication context describing the authenticator, the execution content and the challenge information in accordance with a specified format; and
an authentication context transmitting module configured to transmit the authentication context to the verification device, wherein the authentication context is such that the verification device verifies whether the challenge information identical to the challenge information generated by the verification device is described or not, the authenticator is verified by the verification device based on the authenticator verification information corresponding to the confidential information, and the legitimacy is verified based on the verification result.
1 Assignment
0 Petitions
Accused Products
Abstract
A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved.
-
Citations
9 Claims
-
1. An authentication entity device communicable with a verification device which verifies authentication processes and adapted to individually execute authentication subprocesses making up the authentication process, comprising:
-
a receiving module configured to receive challenge information generated by the verification device;
a confidential information storage module configured to store confidential information for the verification;
an authenticator generating module configured to generate an authenticator for the execution content of the authentication subprocesses and the challenge information based on the confidential information;
an authentication context generating module configured to generate an authentication context describing the authenticator, the execution content and the challenge information in accordance with a specified format; and
an authentication context transmitting module configured to transmit the authentication context to the verification device, wherein the authentication context is such that the verification device verifies whether the challenge information identical to the challenge information generated by the verification device is described or not, the authenticator is verified by the verification device based on the authenticator verification information corresponding to the confidential information, and the legitimacy is verified based on the verification result. - View Dependent Claims (8)
-
-
2. A verification device communicable with a plurality of authentication entity devices which individually execute authentication subprocesses making up an authentication process and adapted to verify the authentication processes executed by the authentication entity devices, comprising:
-
a verification information storage module configured to store authenticator verification information corresponding to confidential information stored in the authentication entity devices;
a challenge generating module configured to generate challenge information;
a challenge storage module configured to store the challenge information;
a challenge information transmitting module configured to transmit the challenge information;
an authentication context receiving module configured to receive authentication contexts transmitted from the authentication entity devices after the authentication entity devices generate an authenticator for the execution content of the authentication subprocesses and the challenge information based on the confidential information, and the authentication context is generated by describing the authenticator, the execution content and the challenge information in accordance with a specified format;
a challenge verification module configured to verify whether the challenge information identical to the challenge information in the challenge storage module is described for each authentication context received;
an authenticator verification module configured to verify an authenticator for each of the authentication contexts based on the authenticator verification information; and
an authentication context verification module configured to verify the legitimacy of the authentication contexts based on the verification result by the verification module. - View Dependent Claims (6, 7, 9)
-
-
3. At least one first-stage authentication entity device communicable with both a verification device which verifies authentication processes and at least one second-stage authentication entity device included in a plurality of authentication entity devices which individually execute authentication subprocesses making up the authentication process, comprising:
-
a first-stage hash value generating module configured to generate a first-stage hash value for a confidential execution content included in the execution contents of the authentication subprocesses which is input to a second-stage authentication subprocess and hidden from the verification device;
a first-stage confidential information storage module configured to store confidential information for the verification;
a first-stage authenticator generating module configured to generate an authenticator for the execution content of the authentication subprocesses and the first-stage hash value based on the confidential information;
a first-stage authentication context generating module configured to generate a first-stage authentication context describing the authentication, the execution content for other than the first-stage hash value and the first-stage hash value in accordance with a specified format; and
a first-stage transmitting module configured to transmit the authentication context and the confidential execution content, wherein the confidential execution content is received by the second-stage authentication entity device and converted into a second-stage hash value for the particular confidential execution content, the second-stage hash value is converted into an authenticator for the second-stage hash value together with the execution content of the authentication subprocess based on the confidential information by the second-stage authentication entity device on the one hand, and described in the second-stage authentication context in accordance with a specified format together with the authenticator and the execution content while at the same time being transmitted together with the second-stage authentication context on the other hand, and the authentication contexts are such that the verification device verifies by comparison that the first-stage hash value and the second-stage hash value received and contained in the authentication contexts are identical to each other, and based on the authenticator verification information corresponding to the confidential information, the authenticator is verified for each authentication context thereby to verify the legitimacy based on each verification result.
-
-
4. At least one second-stage authentication entity device communicable with both a verification device to verify an authentication process and at least one first-stage authentication entity device among a plurality of authentication entity devices which individually execute authentication subprocesses making up the authentication process, comprising:
-
a confidential execution content receiving module configured to receive, from the first-stage authentication entity device, a confidential execution content included in the authentication subprocesses which is input to a second-stage authentication subprocess and hidden from the verification device;
a second-stage hash value generating module configured to generate a second-stage hash value for the confidential execution content received;
a second-stage confidential information storage module configured to store confidential information for the verification;
a second-stage authenticator generating module configured to generate an authenticator for the execution content of the authentication subprocess and the second-stage hash value based on the confidential information;
a second-stage authentication context generating module configured to generate an authentication context describing the authenticator, the execution content and the second-stage hash value in accordance with a specified format; and
a second-stage transmitting module configured to transmit the authentication context, wherein the confidential execution content is converted into a first-stage hash value for the particular confidential execution content by the first-stage authentication entity device before being transmitted from the first-stage entity device, the first-stage hash value is converted into an authenticator for the first-stage hash value together with the execution content of the authentication subprocess by the first-stage authentication entity device based on the confidential information, while at the same time being described in the first-stage authentication context in accordance with a specified format together with the authenticator and the execution content and transmitted together with the first-stage authentication context, and the authentication context is such that the verification device verifies by comparison that the first-stage hash value and the second-stage hash value received and contained in the authentication contexts are identical to each other, and based on authenticator verification information corresponding to the confidential information, the authenticator is verified for each authentication context thereby to verify the legitimacy based on each verification result.
-
-
5. A verification device communicable with a plurality of authentication entity devices which individually execute authentication subprocesses making up an authentication process and adapted to verify the authentication process executed by each authentication entity device, comprising:
-
a verification information storage module configured to store authenticator verification information corresponding to confidential information stored in the authentication entity devices;
a first authentication context receiving module operated in such a manner that at least one first-stage authentication entity device among the authentication entity devices generates a first-stage hash value for a confidential execution content included in the execution contents of the authentication subprocesses and input to a second-stage authentication subprocess and hidden from the verification device, an authenticator for the execution content of the authentication subprocess and the first-stage hash value is generated based on the confidential information, and a first-stage authentication context is generated by describing the authenticator, the execution content for other than the first-stage hash value and the first-stage hash value in accordance with a specified format, after which the first-stage authentication context transmitted from the first-stage authentication entity device is received;
a second authentication context receiving module operated in such a manner that at least one second-stage authentication entity device among the authentication entity devices receives the confidential execution content transmitted from the first-stage authentication entity device, a second-stage hash value for the confidential execution content is generated, an authenticator is generated for the execution content of the authentication subprocess and the second-stage hash value based on the confidential information, and a second-stage authentication context is generated by describing the authenticator, the execution content and the second-stage hash value in accordance with a specified format, after which the second-stage authentication context transmitted from the second-stage authentication entity device is received;
a hash value comparative verification module configured to verifying by comparison that the first-stage hash value and the second-stage hash value contained in the received authentication contexts are identical to each other;
an authenticator verification module configured to verify the authenticator for each authentication context based on the authenticator verification information; and
an authentication context verification module configured to verify the legitimacy of each authentication contexts based on the verification result of each verification module.
-
Specification