Authentication method, system and apparatus of an electronic value

US 7,325,132 B2
Filed: 08/25/2003
Issued: 01/29/2008
Est. Priority Date: 08/26/2002
Status: Active Grant

First Claim

Patent Images

1. An authentication method wherein:

a user owns an electronic value including encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to said electronic value specified by said user is encoded by a first irreversible calculation process (F),in a process for authenticating said user as the right owner of said electronic value, an authentication side generates a random number (R) and transmits it to said user side,said user side generates value authentication information (F(VPW′

)) from said authentication information (VPW) corresponding to said electronic value input by said user, further generates authentication information (G(R,F(VPW′

))) wherein said random number (R) and said value authentication information (F(VPW′

)) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value and said authentication information (G(R,F(VPW′

))) to said authentication side,said authentication side decrypts code of said received electronic value, extracts said value authentication information (F(VPW)) from said electronic value, generates authentication information (G(R,F(VPW))) wherein said random number (R) and said value authentication information (F(VPW)) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′

))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system providing a safety authentication process of electronic values with the use of mobile terminals which do not have a tamper-resistant function. The electronic value including encrypted value authentication information (F(VPW)), wherein an authentication information (VPW) corresponding to an electronic value specified by a user is acquired by the hash calculation, is stored in user'"'"'s mobile terminal. In the user authentication process; authentication apparatus generates a random number R and transmits it to mobile terminal, mobile terminal generates value authentication information (F(VPW′)) from authentication information (VPW′) corresponding to electronic value input by user, further executes a hash calculation on data wherein value authentication information (F(VPW′)) and the random number R are concatenated, generates authentication information (F(VPW′)∥R), transmits it to the authentication apparatus with the electronic value, authentication apparatus decrypts the received electronic value, extracts the value authentication information (F(VPW)) from the electronic value, executes the hash calculation on data wherein value authentication information (F(VPW)) and the random number R are concatenated, generates the authentication information (F(VPW)∥R), and collates the received authentication information (F(VPW′)∥R) with the authentication information (F(VPW)∥R), so that the user is authenticated.

190 Citations

21 Claims

1. An authentication method wherein:
- a user owns an electronic value including encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to said electronic value specified by said user is encoded by a first irreversible calculation process (F),in a process for authenticating said user as the right owner of said electronic value, an authentication side generates a random number (R) and transmits it to said user side,said user side generates value authentication information (F(VPW′
  
  )) from said authentication information (VPW) corresponding to said electronic value input by said user, further generates authentication information (G(R,F(VPW′
  
  ))) wherein said random number (R) and said value authentication information (F(VPW′
  
  )) are concatenated and encoded by a second irreversible calculation process (G) and transmits said electronic value and said authentication information (G(R,F(VPW′
  
  ))) to said authentication side,said authentication side decrypts code of said received electronic value, extracts said value authentication information (F(VPW)) from said electronic value, generates authentication information (G(R,F(VPW))) wherein said random number (R) and said value authentication information (F(VPW)) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′
  
  ))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates user.
- View Dependent Claims (2)
- - 2. The authentication method of claim 1 wherein:
    - a decryption key of an encrypted part of said electronic value is generated from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a third irreversible calculation process (H) and a master key,in said process for authenticating said user as the rightful owner of said electronic value, said user side further generates data (H(F(VPW′
      
      ))) wherein said value authentication information (F(VPW′
      
      )) is encoded by said third irreversible calculation process (H), transmits data (H(F(VPW′
      
      ))) with said electronic value and said authentication information (G(R,F(VPW′
      
      ))) to said authentication side,said authentication side generates said decryption key from received data (H(F(VPW′
      
      ))) and said master key, and decrypts code of received electronic value.

3. A mobile terminal wherein:
- comprising storage means storing an electronic value, generating value authentication information (F(VPW′
  
  )) wherein value authentication information (VPW′
  
  ) corresponding to said electronic value input by a user is encoded by a first irreversible calculation process (F), further generating a second random number (R2), said value authentication information (F(VPW′
  
  )) and a first random number (R1) received from an authentication apparatus are concatenated, generating authentication information (G(R1,F(VPW′
  
  ))) by a second irreversible calculation process (G) on said concatenation , and transmitting said electronic value, said authentication information (G(R1,F(VPW′
  
  ))) and said second random number (R2) to said authentication apparatus, thereby authenticating said user to be the rightful owner of said electronic value.
- View Dependent Claims (4, 5, 6)
- - 4. The mobile terminal of claim 3 wherein:
    - a decryption key of an encrypted part of said electronic value is generated from data (H(F(VPW))) wherein value authentication information (F(VPW)) is encoded by a fourth irreversible calculation process (H) and a master key, said mobile terminal generates data (H(F(VPW′
      
      ))) wherein said value authentication information (F(VPW′
      
      )) is encoded by said fourth irreversible calculation process (H) and transmits said electronic value, said authentication information (G(R,F(VPW′
      
      ))) and said data (H(F(VPWD))to said authentication apparatus,thereby authenticating said user to be the rightful owner of said electronic value.
  - 5. The mobile terminal of claim 3 characterized in that:
    - said storage means stores a property which is attribute information set with respect to each electronic value,in authentication process with the use of said electronic value, an operation is executed based on said property.
  - 6. The mobile terminal of claim 3 characterized in that:
    - said storage means stores a property which is attribute information set with respect to each electronic value,in authentication process with the use of said electronic value, an operation is executed based on user terminal control information received from said authentication information and said property.

7. An authentication apparatus characterized in:
- generating a random number (R) and transmitting it to a mobile terminal, receiving authentication information (G(R,F(VPW′
  
  ))) and an electronic value from said mobile terminal,decrypting code of an encrypted part of said electronic value, and validating said electronic value, further extracting value authentication information (F(VPW)) from said electronic value, wherein the function (F) is a first irreversible calculation process, generating authentication information (G(R,F(VPW))) wherein said value authentication information (F(VPW)) and said random number (R) are concatenated and encoded by a second irreversible calculation process (G), and collating received authentication information (G(R,F(VPW′
  
  ))) with generated authentication information (G(R,F(VPW))), verifying that they are identical, thereby authenticating a user.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The authentication apparatus of claim 7 wherein:
    - a decryption key for said encrypted part of said electronic value is generated from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a third irreversible calculation process (H) and a master key,said authentication apparatus generates said decryption key from data (H(F(VPW′
      
      ))) received from said mobile terminal and said master key, and decrypts code of said received electronic value.
  - 9. The authentication apparatus of claim 7, comprising a security module having a tamper-resistant function, characterized in that:
    - said security module decrypts the encrypted part of said electronic value, stores a negative list of electronic values, and verifies that said received electronic value is not listed in said negative list of electronic value at the point of validation of said received electronic value.
  - 10. The authentication apparatus of claim 9 wherein:
    - said security module communicates with a center and updates information stored in said security module.
  - 11. The authentication apparatus of claim 7 wherein:
    - transmitting user terminal information to said mobile terminal and controlling operation of said mobile terminal at the point of said authenticating step by said electronic value and executing operation of its own based on service terminal control information received from said mobile terminal.

12. An electronic value issuance server wherein:
- extracting authentication information (VPW) corresponding to an electronic value specified by a user from electronic value issuance request received from said mobile terminal,generating value authentication information (F(VPW)) wherein said authentication information (VPW) corresponding to said electronic value is encoded by a first irreversible calculation process (F), generating an encryption key from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a third irreversible calculation process (H) and a master key, generating said electronic value with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmitting said electronic value to said mobile terminal.
- View Dependent Claims (14, 15, 16)
- - 14. The electronic value issuance server of either claim 12 or 13 wherein:
    - said electronic value includes electronic value disclosure information and security information,said security information is data including electronic value secret information, wherein said value authentication information (F(VPW)) and signature information are encrypted by said generated encryption key,said signature information is a digital signature for data wherein said electronic value disclosure information, said electronic value secret information, and said value authentication information (F(VPW)) are concatenated.
  - 15. The electronic value issuance server of either claim 12 or 13 wherein:
    - said electronic value includes electronic value disclosure information and security information,said security information is data wherein electronic value secret information, said value authentication information (F(VPW)) and signature information are encrypted by said generated encryption key,said signature information is a result of a hash calculation for data wherein said electronic value disclosure information, said electronic value secret information, and said value authentication information (F(VPW)) are concatenated.
  - 16. The electronic value issuance server of claim 14 wherein:
    - generating risk management information based on credit information of said user and a result of risk evaluation on said value authentication information (F(VPW)) corresponding to said electronic value specified by said user and building said risk management information in said electronic value secret information.

13. An electronic value issuance server wherein:
- extracting authentication information (F(VPW)) corresponding to an electronic value specified by user, wherein authentication information (VPW) is encoded by a first irreversible calculation process (F), from electronic value issuance request message received from a mobile terminal, generating an encryption key from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a second irreversible calculation process (H) and a master key, generating said electronic value with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmitting said electronic value to mobile terminal.

17. An authentication system, comprised of a mobile terminal managed by a user, an authentication apparatus and an electronic value issuance server, wherein:
- said mobile terminal stores an electronic value received from said electronic value issuance server,said electronic value includes an encrypted value authentication information (F(VPW)) wherein authentication information (VPW) corresponding to said electronic value specified by said user is encoded by a first irreversible calculation process (F),in a process for authenticating said user to be the rightful owner of said electronic value,said authentication apparatus generates a random number (R) and transmits said random number to said mobile terminal,said mobile terminal generates value authentication information (F(VPW′
  
  )) from authentication information (VPW′
  
  ) corresponding to said electronic value specified by said user,further generates authentication information (G(R,F(VPW′
  
  ))) wherein said value authentication information (F(VPW′
  
  )) and said random number (R) are concatenated and encoded by a second irreversible calculation process (G), and transmits said electronic value and said authentication information (G(R,F(VPW′
  
  ))) to said authentication apparatus,said authentication apparatus decrypts code of received electronic said value, extracts value authentication information (F(VPW)) from said electronic value, generates authentication information (G(R,F(VPW))) wherein said value authentication information (F(VPW)) and said random number (R) are concatenated and encoded by said second irreversible calculation process (G), collates said received authentication information (G(R,F(VPW′
  
  ))) with said generated authentication information (G(R,F(VPW))), verifies that they are identical, and authenticates said user.
- View Dependent Claims (18)
- - 18. The authentication system of claim 17 wherein:
    - a decryption key from an encrypted part of said electronic value is generated from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a third irreversible calculation process (H) and a master key,in said process for authenticating said user as the right owner of said electronic value, said user side further generates data (H(F(VPW′
      
      ))) wherein said value authentication information (F(VPW′
      
      )) is encoded by said third irreversible calculation process (H), transmits data (H(F(VPW′
      
      ))) with said electronic value and said authentication information (G(R,F(VPW′
      
      ))) to said authentication apparatus,said authentication apparatus generates said decryption key from received data (H(F(VPW′
      
      ))) and said master key, decrypts code of said received electronic value.

19. A lock apparatus wherein:
- in issuance of an electronic key, an issuance function of said electronic key extracting value authentication information (F(VPW)) corresponding to said electronic key specified by a user, wherein authentication information (VPW) is encoded by a first irreversible calculation process (F), from an electronic key issuance request message received from a mobile terminal,generating an encryption key from data (H(F(VPW))) wherein said value authentication information (F(VPW)) is encoded by a second irreversible calculation process (H) and a master key, generating said electronic key with the use of said value authentication information (F(VPW)) and said generated encryption key, and transmits said encryption key to said mobile terminal,in authentication of said electronic key, an authentication function of said electronic key generating a random number (R) and transmitting said random number to said mobile terminal, receiving authentication information (G(R,F(VPW′
  
  ))) and said electronic key from said mobile terminal, decrypting code of an encrypted part of said electronic key, and validating said electronic key, further extracting said value authentication information (F(VPW)) from said electronic key, generating authentication information (G(R,F(VPW))) wherein said value authentication information (F(VPW)) and said random number (R) are concatenated and encoded by a third irreversible calculation process (G), and collating said received authentication information (G(R,F(VPW′
  
  ))) with said generated authentication information (G(R,F(VPW))), verifying that they are identical, thereby authenticating said user.
- View Dependent Claims (20, 21)
- - 20. The lock apparatus of claim 19 wherein:
    - in issuance of said electronic key, generating a second random number (R0), transmitting said second random number to said mobile terminal, extracting user identification information (J(LN′
      
      ,R0)) wherein lock number (LN′
      
      ) input to a mobile phone by said user and said second random number (R0) are concatenated and encoded by a fourth irreversible calculation process (J) from said electronic key issuance request message received from said mobile terminal, generating user identification information (J(LN,R0)) wherein lock number (LN) and said second random number (R0) are concatenated and encoded by said fourth irreversible calculation process (J), collating said received user identification information (J(LN′
      
      ,R0)) with said generated user identification information (J(LN,R0)), verifying that they are identical, and authenticating said user, thereby issuing said electronic key.
  - 21. The lock apparatus of claim 19 or 20 wherein:
    - having storage means storing key ID of said issued electronic key,in authentication of said electronic key, collating received key ID of said electronic key with said key ID stored in said storage means,executing said authentication process based on said authentication information (G(R,F(VPW′
      
      ))) received from said mobile terminal and said electronic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Takayama, Hisashi, Furuyama, Junko
Primary Examiner(s)
Lanier, Benjamin E.

Application Number

US10/647,640
Publication Number

US 20040039919A1
Time in Patent Office

1,618 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/326   Payment applications instal...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/382   insuring higher security of...

G06Q 20/3827   Use of message hashing

Authentication method, system and apparatus of an electronic value

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

190 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Authentication method, system and apparatus of an electronic value

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others