One-way function generation method, one-way function value generation device, proving device, authentication method, and authentication device
First Claim
1. A method for generating a one-way function dependent on a one-way function H and a unique value d for a user, comprising:
- holding in memory a function generation unique value s by a right issuer for the user;
creating a value generation unique value u in a unique value calculation unit from the function generation unique value s provided from the memory and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user;
creating by a hash value calculation unit a one-way function value X(M) of a message M by applying the one-way function H to the value generation unique value u from the unique value calculation unit and the message M, where the one-way function value X(M)=H(u1|M)| . . . |H(um|M);
holding a certificate C to prove a public key y paired with the one-way function value X(M);
issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; and
verifying the user from the public key y and the capability χ
by a right verifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Without the need to store and manage a private unique value of a hash function for each token, and without the fear of organizational private information of a center being revealed, a hash function is provided to a token. A unique value input unit is supplied with a unique value d, which is a parameter required to generate a hash function X. A message input unit is supplied with a message M from which to find a hash value. A function generation unique value memory unit 3 holds a function generation unique value s, which is a parameter required to generate a value generation unique value. A value generation unique value calculation unit generates a value generation unique value u from the function generation unique value s and the unique value d. A hash value calculation unit generates a hash value X(M) by applying a hash function H to the value generation unique value u and the message M. A hash value output unit outputs the hash value X(M) generated by the hash value calculation unit.
61 Citations
38 Claims
-
1. A method for generating a one-way function dependent on a one-way function H and a unique value d for a user, comprising:
-
holding in memory a function generation unique value s by a right issuer for the user; creating a value generation unique value u in a unique value calculation unit from the function generation unique value s provided from the memory and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; creating by a hash value calculation unit a one-way function value X(M) of a message M by applying the one-way function H to the value generation unique value u from the unique value calculation unit and the message M, where the one-way function value X(M)=H(u1|M)| . . . |H(um|M); holding a certificate C to prove a public key y paired with the one-way function value X(M); issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; andverifying the user from the public key y and the capability χ
by a right verifier. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system that generates one-way function values that calculates a one-way function X dependent on a unique value d for a user, comprising:
-
means for inputting the unique value d; means for inputting a message M; means for holding a function generation unique value s by a right issuer for the user; means for creating a value generation unique value u from the function generation unique value s from the holding means and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u from the u-creating means and the message M, where the one-way function value X(M)=H(u1|M)| . . . |H(um|M);
means for holding a certificate C to prove a public key y paired with the one-way function value X(M); means for issuing a capability X from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; andmeans for verifying the user from the public key y and the capability χ
. - View Dependent Claims (6)
-
-
7. A computer system that performs processing based on a private key for a user dependent on a message M, comprising:
-
means for inputting the message M, the message M including at least identifiers of private key processing algorithms; means for holding a value generation unique value u for the user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u from the holding means and the message M; means for performing processing based on the private key and the one-way function value X(M); means for issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; andmeans for verifying the user from a public key y and the capability χ
,wherein the value generation unique value u is created from a function generation unique value s being held and provided by a right issuer and a unique value d for the user, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user, and the one-way function value X(M)=H(u1|M)| . . . |H(um|M); and wherein the identifiers in the message M enable the private key processing algorithms to be modified. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system that issues a proving instrument T in accordance with a unique value d for a user, comprising:
-
means for inputting the unique value d; means for holding a function generation unique value s by a right issuer for the user; means for creating a value generation unique value u from the function generation unique value s from the holding means and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; means for writing the value generation unique value u from the u-creating means to the proving instrument T; means for issuing the proving instrument T that includes a hash function X dependent on the unique value d; means for issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; andmeans for verifying the user from a public key y and the capability χ
,wherein the proving instrument T holds the value generation unique value u, and upon input of a message M, creates a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u and the message M to perform processing based on the one-way function value X(M) expressed by H(u1|M)| . . . |H(um|M).
-
-
21. An authentication method by which a right issuer issues rights to right recipients in association with a message M and a right verifier verifies the rights of the right recipients, the method comprising:
-
creating a value generation unique value u from a function generation unique value s being held and provided by a function generation unique value memory and a unique value d for a user corresponding to the right recipients, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; calculating a one-way function value X(M) of the message M by a hash value generator by applying a one-way function H to the value generation unique value u and the message M, where the one-way function value X(M)=H(u1|M)| . . . H(um|M); issuing a certificate C to prove a public key y paired with the one-way function value X(M) to the right recipients by a certificate issuing unit; presenting the certificate C from the right recipients to the right verifier; performing processing by a private key processing unit based on the one-way function value X(M); verifying the certificate C by a certificate verification unit; and verifying the processing by a private key processing verification unit based on the one-way function value X(M) of the right recipients with a public key y proved by the certificate C. - View Dependent Claims (22, 23, 27)
-
-
24. A computer system that issues a certificate C in accordance with a unique value d for a user and a message M, comprising:
-
means for inputting the unique value d; means for inputting the message M; means for holding a function generation unique value s by a right issuer for the user; means for creating a value generation unique value u from the function generation unique value s from the holding means and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u from the u-creating means and the message M, where the one-way function value X(M)=H(u1|M)| . . . |H(um|M); means for creating a public key y paired with the one-way function value X(M); means for issuing a certificate C to prove the public key y; means for issuing a capability χ
to the user, the capability χ
representing a right of the user in association with the message M; andmeans for verifying the user from the public key y and the capability χ
.
-
-
25. A computer system that performs authentication in accordance with a message M, comprising:
-
means for inputting the message M; means for holding a value generation unique value u for a user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u from the holding means and the message M; means for performing processing based on the one-way function value X(M); means for holding a certificate C to prove a public key y paired with the one-way function value X(M); means for verifying the certificate C; means for issuing a capability χ
to the user, the capability χ
representing a right of the user in association with the message M;means for verifying the user from the public key y and the capability χ
; andmeans for verifying processing based on a private key of the user with the public key y, wherein the value generation unique value u is created from a function generation unique value s being held and provided by a right issuer and the unique value d for the user, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user, and where the one-way function value X(M)=H(u1|M)| . . . |H(um|M).
-
-
26. An authentication method by which a right issuer issues rights to right recipients in association with a message M and a right verifier verifies the rights of the right recipients, the method comprising:
-
creating a value generation unique value u from a function generation unique value s being held and provided by a function generation unique value memory and a unique value d for a user corresponding to the right recipients, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to corresponding tokens for the right recipients; calculating a one-way function value X(M) of the message M by a hash value generator by applying a one-way function H to the value generation unique value u from the right issuer and the message M; issuing an access ticket t by an access ticket issuing unit determined from a private key x and the one-way function value X(M) to the right recipients, where X(M)=H(u1|M)| . . . |H(um|M); performing processing by a private key processing unit based on the one-way function value X(M); converting the processing by a private key processing conversion unit based on the one-way function value X(M) to the processing based on the private key x by the access ticket t; and verifying the processing by a private key processing verification unit based on the one-way function value X(M) of the right recipients with a public key y paired with the private key x by the right verifier.
-
-
28. A computer system that issues an access ticket in accordance with a unique value d for a user and a message M, comprising:
-
means for inputting the unique value d; means for inputting the message M; means for holding a function generation unique value s by a right issuer for the user; means for creating a value generation unique value u from the function generation unique value s from the holding means and the unique value d, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u and the message M, where the one-way function value X(M)=H(u1|M)| . . . |H(um|M); means for creating the access ticket t from a private key x and the one-way function value X(M); means for issuing the access ticket t; means for issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M; andmeans for verifying the user from a public key y and the capability χ
. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A computer system that performs authentication for a user in accordance with a message M, comprising:
-
means for inputting the message M; means for holding a value generation unique value u for the user; means for creating a one-way function value X(M) of the message M by applying a one-way function H to the value generation unique value u from the holding means and the message M; means for performing processing based on the one-way function value X(M); means for holding an access ticket t determined from a private key x and the one-way function value X(M); means for converting the processing based on the one-way function value X(M) to processing based on the private key x by the access ticket t; means for holding a public key y paired with the private key x; means for issuing a capability χ
from the right issuer to the user, the capability χ
representing a right of the user in association with the message M;means for verifying the user from the public key y and the capability χ
; andmeans for verifying the processing based on the private key x with the public key y, wherein the value generation unique value u is created from a function generation unique value s being held and provided by a right issuer and a unique value d provided for the user, the value generation unique value u being provided as a series of m values where u=(u1, . . . um) to a token for the user, and where the one-way function value X(M)=H(u1|M)| . . . |H(um|M). - View Dependent Claims (34, 35, 36, 37, 38)
-
Specification