Device for verifying use qualifications
First Claim
1. A use qualification verification device comprising a proof support information issuance unit, a verification unit, and a proof unit,wherein said proof support information issuance unit comprises:
- a proof information management part that manages proof information used for authentication of use qualifications;
a private information management part that manages private information;
a first unidirectional function computation part that, to at least private information managed by said private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a proof support information computation part that computes proof support information, based on private information managed by said private information management part and a computation result of said first unidirectional function computation part; and
a first communication part that sends and receives information in the process of computation of proof support information;
wherein said verification unit comprises;
a proof information memory part that stores proof information;
a challenge information computation part that computes challenge information;
a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information verification part that lets said second unidirectional function computation part act on the proof information stored in said proof information memory unit and a value obtained based on a part or all of the challenge information and checks whether an obtained result and the response information are equal; and
a second communication part that sends and receives information in the process of authentication of use qualifications; and
wherein said proof unit comprises;
a private information memory part that stores private information;
a proof support information management part that manages proof support information used to compute response information;
a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information computation part that lets said third unidirectional function computation part act on a part or all of the challenge information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part to compute response information; and
a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation.
1 Assignment
0 Petitions
Accused Products
Abstract
Authentication is performed at a high speed even in a device with small CPU power and memory. A challenge information computation unit of a verification instrument generates a random number and transfers the random number and identification information together as challenge information to a proving instrument. A unidirectional function computation unit of a proving instrument applies a unidirectional function to private information stored in a private information memory unit and right identification information of challenge information. A response information computation unit performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information. A unidirectional function computation part applies a unidirectional function to the proof information and a random number contained in the challenge information to obtain response information and returns it to the verification unit. A unidirectional function computation unit of the verification instrument applies a unidirectional function to the proof information and a random number of the challenge information. A response information verification instrument compares the application result of the unidirectional function with the response information and acknowledges use qualifications if and only if they coincide.
35 Citations
10 Claims
-
1. A use qualification verification device comprising a proof support information issuance unit, a verification unit, and a proof unit,
wherein said proof support information issuance unit comprises: -
a proof information management part that manages proof information used for authentication of use qualifications;
a private information management part that manages private information;
a first unidirectional function computation part that, to at least private information managed by said private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a proof support information computation part that computes proof support information, based on private information managed by said private information management part and a computation result of said first unidirectional function computation part; and
a first communication part that sends and receives information in the process of computation of proof support information;
wherein said verification unit comprises;
a proof information memory part that stores proof information;
a challenge information computation part that computes challenge information;
a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information verification part that lets said second unidirectional function computation part act on the proof information stored in said proof information memory unit and a value obtained based on a part or all of the challenge information and checks whether an obtained result and the response information are equal; and
a second communication part that sends and receives information in the process of authentication of use qualifications; and
wherein said proof unit comprises;
a private information memory part that stores private information;
a proof support information management part that manages proof support information used to compute response information;
a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information computation part that lets said third unidirectional function computation part act on a part or all of the challenge information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part to compute response information; and
a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation. - View Dependent Claims (3, 4, 5)
said proof support information management part manages the use limitation description together with proof support information, and the use limitation description is used to compute proof support information in said proof part and response information in said proof part. -
4. The use qualification verification device according to claim 1, wherein said use qualification verification device includes a decryption part that, if use qualifications are acknowledged, decrypts information by using proof information or a value obtained from the proof information as a decryption key of said decryption part.
-
5. The use qualification verification device according to claim 1, wherein said use qualification verification device includes a history management part that manages a history of use qualification verifications, the proof information memory part or a first proof support information management part manages transfer information together with the proof information or proof support information, the challenge information further contains the transfer information, and said transfer information is stored in the history management part during use qualification verification.
-
-
2. A use qualification verification device comprising a proof support information issuance unit, a verification unit, and a proof unit,
wherein said proof support information issuance unit comprises: -
a proof information management part that manages proof information used for authentication of use qualifications;
a private information management part that manages private information;
a first unidirectional function computation part that, to at least private information managed by said private information management part, applies a first unidirectional function whose inverse function is at least computationally difficult to obtain;
a proof support information computation part that computes proof support information, based on private information managed by said private information management part and a computation result of said first unidirectional function computation part; and
a first communication part that sends and receives information in the process of computation of proof support information;
wherein said verification unit comprises;
a private information memory part that stores private information;
a first proof support information management part that manages proof support information;
a challenge information computation part that computes challenge information;
a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information verification part that lets said second unidirectional function computation part act on the private information stored in said first, proof information memory unit and a value obtained based on a part or all of the challenge information and checks whether an obtained result and the response information are equal; and
a second communication part that sends and receives information in the process of authentication of use qualifications; and
wherein said proof unit comprises;
a second private information memory part that stores private information;
a second proof support information management part that manages proof support information used to compute response information;
a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a response information computation part that lets said third unidirectional function computation part act on a part or all of the challenge information, the private information stored in said second private information memory part, and a value obtained based on the proof support information managed by said second proof support information management part to compute response information; and
a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation.
-
-
6. A use qualification verification device comprising a proof support information issuance unit, a verification unit, and a proof unit,
wherein said proof support information issuance unit comprises: -
a proof information management part that manages proof information used for authentication of use qualifications;
a private information management part that manages private information;
a first unidirectional function computation part that, to at least the private information managed by said private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a proof support information computation part that computes proof support information based on the private information managed by said private information management part and the computation results of said first unidirectional function computation part; and
a first communication part that sends and receives information in the process of computation of proof support information;
wherein said verification unit comprises;
a proof information memory part that stores proof information;
a first challenge information computation part that computes first challenge information;
a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a first response information computation part that lets said second unidirectional function computation part act on received second challenge information to compute first response information;
a first response information verification part that lets the second unidirectional function computation part act on the proof information stored in said proof information memory unit and a value obtained based on a part or all of the first challenge information and checks whether an obtained result and second response information are equal; and
a second communication part that sends and receives information in the process of authentication of use qualifications; and
wherein said proof unit comprises;
a private information memory part that stores private information;
a proof support information management part that manages proof support information used to create response information;
an internal state management part that manages an internal state corresponding to proof support information;
a second challenge information computation part that computes challenge information;
a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a second response information computation part that lets said third unidirectional function computation part act on a part or all of received information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part to compute second response information;
a second challenge information computation part that computes second challenge information;
a second response information verification part that lets said third unidirectional function computation part act on the first response information, a part or all of the second challenge information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part and checks whether an obtained result and response information are equal; and
a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation. - View Dependent Claims (8, 9, 10)
-
-
7. A use qualification verification device comprising a proof support information issuance unit, a verification unit, and a proof unit,
wherein said proof support information issuance unit comprises: -
a proof information management part that manages proof information used for authentication of use qualifications;
a private information management part that manages private information;
a first unidirectional function computation part that, to at least the private information managed by said private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a proof support information computation part that computes proof support information based on the private information managed by said private information management part and the computation results of said first unidirectional function computation part; and
a first communication part that sends and receives information in the process of computation of proof support information;
wherein said verification unit comprises;
first private information memory part that stores private information;
a first proof support information management part that manages proof support information;
a first challenge information computation part that computes first challenge information;
a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a first response information computation part that lets said second unidirectional function computation part act on the received second challenge information to compute first response information;
a first response information verification part that lets said second unidirectional function computation part act on the proof information stored in said proof information memory unit and a value obtained based on a part or all of the first challenge information and checks whether an obtained result and second response information are equal; and
a second communication part that sends and receives information in the process of authentication of use qualifications; and
wherein said proof unit comprises;
a second private information memory part that stores private information;
a second proof support information management part that manages proof support information used to create response information;
an internal state management part that manages an internal state corresponding to proof support information;
a second challenge information computation part that computes challenge information;
a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain;
a second response information computation part that lets said third unidirectional function computation part act on a part or all of received information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part to compute second response information;
a second challenge information computation part that computes second challenge information;
a second response information verification part that lets said third unidirectional function computation part act on the first response information, a part or all of the second challenge information, the private information stored in said private information memory part, and a value obtained based on the proof support information managed by said proof support information management part and checks whether an obtained result and response information are equal; and
a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation.
-
Specification