Device for authenticating user's access rights to resources and method
First Claim
1. A device for authenticating user'"'"'s access rights to resources by verifying legitimacy of proof data generated in order to prove the right of said user, said device for authenticating user'"'"'s access rights to resources comprising:
- first memory means for storing first authentication data;
second memory means for storing unique identifying information of the user;
third memory means for storing proof support information which are executed results obtained when said the user unique identifying information and unique security characteristic information are calculated in a predetermined manner;
proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and
verification means for verifying the legitimacy of said proof data by verifying that said authentication data and unique security characteristic information satisfy a specific predefined relation,provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=ax modp, where p is a modulus and a is a positive integer,said proof data generation means generating a value which is obtained by multiplying said first authentication data stored in said first memory means by a power of said X value under the modulus p as proof data, and said verfication means verifies the legitimacy of proof data by verifying that the proof proof data generated by said proof data generation means is identical with decryption of the data which is encrypted with encryption key corresponding to said decryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Both of a user side and a protect side such as a programmer of an application programmer need not handle a large number of inherent information such as authentication keys. An access ticket generation device generates an access ticket from user unique identifying information and access rights authentication feature information. As unique security characteristic information, there is used a secret key of an elliptic curve encryption or an ElGamal encryption. A proof data generation device receives the access ticket, converts authentication data received from a proof data verification device into proof data by use of the access ticket and the user unique identifying information, and returns the resultant proof data to the proof data verification device. The proof data generation device or the proof data verification device decrypts the above-mentioned encryption. The proof data verification device verifies the access rights as correct access only when a combination of an access ticket and user unique identifying information used in the proof data generation device is correct.
202 Citations
78 Claims
-
1. A device for authenticating user'"'"'s access rights to resources by verifying legitimacy of proof data generated in order to prove the right of said user, said device for authenticating user'"'"'s access rights to resources comprising:
-
first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are executed results obtained when said the user unique identifying information and unique security characteristic information are calculated in a predetermined manner; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying the legitimacy of said proof data by verifying that said authentication data and unique security characteristic information satisfy a specific predefined relation, provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=ax modp, where p is a modulus and a is a positive integer, said proof data generation means generating a value which is obtained by multiplying said first authentication data stored in said first memory means by a power of said X value under the modulus p as proof data, and said verfication means verifies the legitimacy of proof data by verifying that the proof proof data generated by said proof data generation means is identical with decryption of the data which is encrypted with encryption key corresponding to said decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13, 14, 17, 19, 21, 23, 65, 66, 67, 68, 69, 70, 71, 72, 73, 75)
-
-
7. A device for authenticating user'"'"'s access rights to resources by verifying legitimacy of proof data generated in order to prove said user'"'"'s right, said device for authenticating user'"'"'s access rights to resources comprising:
-
first memory means for storing first authentication data; second memory means for storing unique identifying information of the user; third memory means for storing proof support information which are results obtained by the application of specified calculation to said the user unique identifying information and unique security characteristic information; fourth memory means for storing second authentication data; random number generation means; proof data generation means for generating proof data by the application of specified calculation to said first authentication data stored in said first memory means, said the user unique identifying information stored in said second memory means, and said proof support information stored in said third memory means; and verification means for verifying whether or not said proof data generated by said proof data generation means is generated based on said unique security characteristic information, said second authentication data is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generation means storing, in said first memory means, a set of a first authentication data C1 and a second authentication data C2 which are randomized by said random number, said verification means verifying the legitimacy of a value which is de-randomize proof data generated by said proof data generation means by verifying that the value is identical with decryption of the second authentication data C2 stored in said fourth memory means by decryption key which is said unique security characteristic information; provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged in such a way as to satisfy a relationship expressed as Y=ax modp where p is a modulus and a is a positive integer. - View Dependent Claims (8, 9, 10, 15, 16, 18, 20, 22, 24)
-
-
25. A device for authenticating user'"'"'s access rights to resources for authenticating a user'"'"'s access rights by verifying whether or not proof data generated in order to prove a right of said user is valid, said device for authenticating user'"'"'s access rights to resources comprising:
-
first memory means for storing first authentication data; second memory means for storing user unique identifying information ; third memory means for storing proof support information which is an executed result which is obtained by executing a predetermined calculation on said user unique identifying information and unique security characteristic information; proof data generation means for generating proof data by executing predetermined calculations on authentication data stored in said first memory means, said user unique identifying information stored in said second memory means and said proof support information stored in said third memory mean; verification means for verifying whether or not proof data generated by said proof data generation means is generated based on said unique security characteristic information; and said unique security characteristic information being a decryption key in an asymmetric encryption key defined in a finite elliptic curve. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
74. The device for authenticating user'"'"'s access rights to resources as claimed in 2, wherein said verification means further includes program execution means, said second authentication data is data which is obtained by encrypting a program, said verification means transfers a value of said proof data generated by said proof data generation means or a value obtained as a result of a specific computation using said proof data to said program execution means as a part of or whole of a program, whereby only when said proof data generation means correctly decodes said second authentication data which is an encrypted program, i.e. when the encrypted program is correctly decrypted, said program execution means carries out a correct operation.
-
76. An access rights authentication method for authenticating the user'"'"'s access rights by verifying the validity of proof data generated to prove user'"'"'s right, said accesss rights authentication method comprising the steps of:
-
a first memory step for storing first authentication data; a second memory step for storing user unique identifying information; a third memory step for storing proof support information which is obtained by effecting predetermined calculations on said user unique identifying information and unique security characteristic information; a proof data generating step for generating proof data by effecting predetermined calculations on said first authentication data stored at said first memory step, said user unique identifying information stored at said second memory step and said proof support information stored at said third memory step; and a proof data verifying step for verifying whether or not proof data generated at said proof data generating step is generated based on said unique security characteristic information, providing that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged so as to satisfy a relationship of Y=a mod p in which p is a modulus and a is a positive integer, and Y is an encryption key corresponding to X, said proof data generating step generating a value which is obtained by exponentiation of said first authentication data stored at said first memory step with a value of said X under the modulus p, said proof data verifying step verifying, by use of proof data generated at said proof data generating step, whether or not data encrypted by said Y can be decrypted correctly.
-
-
77. An access rights authentication method for authenticating the user'"'"'s access rights by verifying whether or not proof data generated to prove user'"'"'s right is valid, said access rights authentication method comprising the steps of:
-
a first memory step for storing first authentication data; a second memory step for storing user unique identifying information; a third memory step for storing proof support information which is obtained by effecting predetermined calculations on said user unique identifying information and unique security characteristic information; a fourth memory step for storing second authentication data; a random number generating step; a proof data generating step for generating proof data by effecting predetermined calculations on said first authentication data stored at said first memory step, said user unique identifying information stored at said second memory step, and said proof support information stored at said third memory step; and a proof data verifying step for verifying whether or not proof data generated at said proof data generating step is generated based on said unique security characteristic information, said second authentication data being data which is obtained by encrypting predetermined data by use of an encryption key corresponding to said decryption key, said random number generating step memorizes a set of a value which is obtained by randomizing first authentication data C1 and second authentication data C2 or a value which is obtained by randomizing second authentication data C2 by said first memory step, said proof data verifying step verifying legitimacy of the result which is obtained by de-randomizing proof data generated at said proof data generating step by verifying that the results is identical with decryption of said second authentication data C2 stored in said fourth memory step by said decryption key which is said unique security characteristic information, provided that, in particular, said unique security characteristic information X is a decryption key in an asymmetric cryptosystem arranged so as to satisfy a relationship of Y=ax modp in which p is a modulus and a is a positive integer, and Y is an encryption key corresponding to X.
-
-
78. An access rights authentication method for authenticating said user access rights by verifying the validity of proof data generated to prove user'"'"'s right, said access rights authentication method comprising the steps of:
-
a first memory step for storing first authentication data; a second memory step for storing user unique identifying information; a third memory step for storing proof support information which is obtained by effecting predetermined calculations on said user unique identifying information and unique security characteristic information; a proof data generating step for generating proof data by effecting predetermined calculations on said first authentication data stored at said first memory step, said user unique identifying information stored at said second memory step and said proof support information stored at said third memory step; and a proof data verifying step for verifying whether or not proof data generated at said proof data generating step is generated based on said unique security characteristic information, said unique security characteristic information being a decryption key of asymmetric key encryption defined in an elliptic curve on a finite field.
-
Specification