Authentication system using authentication information valid one-time
First Claim
1. An authentication method for authenticating an authentication requester by using a public-key enciphering scheme in response to an authentication request sent by the authentication requester, comprising:
- a storing step of storing first inspection data into an authenticator'"'"'s memory in advance for inspecting authentication data of the authentication requester;
an authentication request sending step of sending an authentication request from the authentication requester to the authenticator;
an authentication-data requesting step of sending an authentication-data request from the authenticator to the authentication requester in response to the authentication request sent by the authentication requester;
an authentication-data sending step of sending from the authentication requester to the authenticator, in response to the authentication-data request, first authentication information which is generated by enciphering first seed data held by the authentication requester with utilizing a secret key of the authentication requester, and storing the generated first authentication data as second seed data for a next authentication request in place of the stored first seed data;
a comparing step of deciphering the first authentication data, sent by the authentication requester, by utilizing a public key of the authentication requester, generating second inspection data, and comparing the second inspection data with the first inspection data stored in advance; and
an updating step of notifying the authentication requester of grant of the authentication request in a case where the second inspection data coincides with the first inspection data, and storing the first authentication data in place of the first inspection data in the memory.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication method adopting simple steps, in which it is difficult for a third person, who steals authentication data, to reuse (to replay, for attacking purpose) the stolen authentication data. First inspection data (value=Dn-1), used for inspecting client'"'"'s authentication data, is stored in a server in advance, while the client also stores first seed data (value=Dn-1) for generating authentication data. The client first sends an authentication request to the server, and receives an authentication data request from the server. Then the client generates authentication data (value=Dn) by enciphering the first seed data (value=Dn-1) using a client'"'"'s secret key (Ks), and sends the enciphered data to the server. The server deciphers the received authentication data (value=Dn) by using a public key (Kp) of the client to generate second inspection data (value=Dn-1), compares the second inspection data with the first inspection data (value=Dn-1), and when they are coincident, grants the authentication request and stores the authentication data (value=Dn) in place of the first inspection data. Upon receiving the grant, the client stores the authentication data (value=Dn) as second seed data in place of the first seed data (value=Dn-1).
285 Citations
23 Claims
-
1. An authentication method for authenticating an authentication requester by using a public-key enciphering scheme in response to an authentication request sent by the authentication requester, comprising:
-
a storing step of storing first inspection data into an authenticator'"'"'s memory in advance for inspecting authentication data of the authentication requester; an authentication request sending step of sending an authentication request from the authentication requester to the authenticator; an authentication-data requesting step of sending an authentication-data request from the authenticator to the authentication requester in response to the authentication request sent by the authentication requester; an authentication-data sending step of sending from the authentication requester to the authenticator, in response to the authentication-data request, first authentication information which is generated by enciphering first seed data held by the authentication requester with utilizing a secret key of the authentication requester, and storing the generated first authentication data as second seed data for a next authentication request in place of the stored first seed data; a comparing step of deciphering the first authentication data, sent by the authentication requester, by utilizing a public key of the authentication requester, generating second inspection data, and comparing the second inspection data with the first inspection data stored in advance; and an updating step of notifying the authentication requester of grant of the authentication request in a case where the second inspection data coincides with the first inspection data, and storing the first authentication data in place of the first inspection data in the memory. - View Dependent Claims (6, 10, 13, 17, 18, 20)
-
-
2. An authentication server storing authentication data for granting authentication in response to an authentication request sent by a plurality of authentication requesters, comprising:
-
a memory storing inspection data for inspecting authentication data of an authentication requester for each authentication request; sending means for sending an authentication-data request message to an arbitrary authentication requester when the server receives an authentication request from the arbitrary authentication requester; comparing means for generating new inspection data by deciphering authentication data sent by the authentication requester by utilizing a public key of the authentication requester, and comparing the newly generated inspection data with the inspection data stored in said memory; and grant means for granting the authentication request in a case where the newly generated inspection data coincides with the stored inspection data, and storing the authentication data sent by the authentication requester in place of the stored inspection data. - View Dependent Claims (16, 19)
-
-
3. An authentication apparatus for granting authentication, in response to an authentication request sent by an authentication requester, in support of an external authentication server, comprising:
-
a memory storing seed data from which authentication data is generated for authentication of the authentication requester; sending/receiving means for sending an authentication request message to the authentication server, and receiving an authentication-data request message from the authentication server responding to the authentication request message; enciphering means for enciphering, in response to the authentication-data request message sent by the authentication server, the seed data stored in said memory by utilizing a secret key to generate authentication data; and authentication-data sending means for sending the generated authentication data to the authentication server, and storing the generated authentication data in said memory in place of the stored seed data. - View Dependent Claims (7, 11, 14)
-
-
4. An authentication terminal apparatus for granting authentication to an authentication request sent by an authentication requester via a storage medium, in support of an external authentication server, comprising:
-
a main body; and interface means for accepting a storage medium storing; seed data used for generating authentication data to authenticate an authentication requester, a secret key of the authentication requester and a program for generating authentication data based on the seed data utilizing the secret key, and said main body comprising; receiving means for receiving an authentication request from the authentication requester; requesting means for sending an authentication request message to the authentication server in response to the authentication request, and receiving an authentication-data request message from the authentication server responding to the authentication request; instructing means for executing the program stored in the storage medium via said interface means in response to the authentication-data request message, said instructing means instructing the program to generate authentication data of the authentication requester based on the seed data by using the secret key, instructing the program to return the generated authentication data to the main body via said interface means, and instructing the program to update the seed data stored in the storage medium with the generated authentication data; and authentication-data sending means for sending the returned authentication data to the authentication server. - View Dependent Claims (8, 12, 15, 21, 22, 23)
-
-
5. A storage medium storing an authentication program for granting authentication to an authentication request sent by an authentication requester, in support of an external authentication server, said authentication program comprising:
-
first program code means for storing seed data in a memory for generating authentication data to authenticate the authentication requester; second program code means for sending an authentication request message to the authentication server; third program code means for receiving the authentication request message from the authentication server; fourth program code means for generating authentication data based on the seed data stored in the memory by utilizing a secret key in response to the authentication data request message; and fifth program code means for sending the generated authentication data to the authentication server and storing the generated authentication data as new seed data in place of the old seed data. - View Dependent Claims (9)
-
Specification