Authenticating system, authenticating method, and authenticating program

US 8,180,054 B2
Filed: 01/17/2008
Issued: 05/15/2012
Est. Priority Date: 01/25/2007
Status: Active Grant

First Claim

Patent Images

1. An authenticating system for, with a client apparatus and a server apparatus connected via a communication line, executing an authentication of a user of said client apparatus by employing a hash algorithm, wherein:

said client apparatus comprises;

an authenticating information inputter for inputting authentication information including identification information and a password of the user;

a client-side hash value creator for creating a first hash value from said authentication information by employing a first hash algorithm that corresponds to a first hash algorithm identifier transmitted from said server apparatus, and creating a second hash value from said first hash value and a random number transmitted from said server apparatus by employing said first hash algorithm; and

an authentication request manager for transmitting authentication request information for causing said server apparatus to start an authenticating process to said server apparatus, receiving said random number and said first hash algorithm identifier from said server apparatus, transmitting said identification information of the user input from said authentication information inputter and said second hash value to said server apparatus, and receiving an authentication result from said server apparatus; and

said server apparatus comprises;

a user information storage in which user information has been stored that includes a second hash algorithm identifier that respectively corresponds for each said identification information of the user, and a third hash value pre-created from the authentication information including said identification information and said password of the user by employing a second hash algorithm that corresponds to this hash algorithm identifier;

a random number creator for creating a random number;

a server-side hash value creator for creating a hash value; and

an authentication information manager for, upon receipt of said authentication request information from said client apparatus, causing said random number creator to create a random number, and transmitting said random number and said first hash algorithm identifier to said client apparatus, and for, upon receipt of said identification information of the user and said second hash value from said client apparatus, acquiring user information, which corresponds to this received identification information of the user, from said user information storage, determining whether or not said second hash algorithm identifier, which is included in said acquired user information, coincides with said first hash algorithm identifier, causing said server-side hash value creator to create a fourth hash value from a third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm in a case where it coincides, determining whether or not said second hash value coincides with said fourth hash value, transmitting the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmitting the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide; and

the authentication system allows a change of a hash algorithm in the server apparatus, and then a gradual change of corresponding hash algorithms in a plurality of client apparatuses one by one, without changing corresponding hash algorithms of all client apparatuses at once,wherein;

said authentication information manager in said server apparatus transmits said second hash algorithm identifier to said client apparatus as hash algorithm change request information in a case of having determined that said second hash algorithm identifier does not coincides with said first hash algorithm identifier;

said authentication request manager in said client apparatus, upon receipt of said second hash algorithm identifier, causes said authentication information inputter to re-input said identification information, a password, and a new password of the user, causes said client-side hash value creator to create a new third hash value from said identification information and said password of the user, which were re-input, by employing said second hash algorithm, to create a new fourth hash value from said new third hash value and said random number by employing said first hash algorithm, and further to create a fifth hash value from said identification information and said new password of the user, which were re-input, by employing said first hash algorithm, and transmits said identification information of the user, said new fourth hash value, and said fifth hash value to said server apparatus; and

said authentication information manager in said server apparatus, upon receipt of said identification information of the user, said new fourth hash value, and said fifth hash value, causes said server-side hash value creator to create a fourth hash value from the third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm, determines whether or not said fourth hash value coincides with said new fourth hash value, updates said second hash algorithm identifier and said third hash value that correspond to said identification information of the user in said user information storage into said first hash algorithm identifier and said fifth hash value, respectively, to transmit the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmits the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticating system is provided including a client and a receiver. The client creates a first hash value using a first hash algorithm, and creates a second hash value from the first hash value. The receiver receives a first hash algorithm identifier from a server, transmits the second hash value, and receives an authentication result. The server stores a third hash value created using a second hash algorithm identifier, transmits the first hash algorithm identifier to a PC, receives the second hash value, determines if the second hash algorithm identifier coincides with the first hash algorithm identifier, creates a fourth hash value from the third hash value using the first hash algorithm where it coincides, determines whether the second hash value coincides with the fourth hash value, transmits that the authentication is successful where it coincides, and transmits that the authentication is unsuccessful where it does not coincide.

Citations

6 Claims

1. An authenticating system for, with a client apparatus and a server apparatus connected via a communication line, executing an authentication of a user of said client apparatus by employing a hash algorithm, wherein:
- said client apparatus comprises;
  
  an authenticating information inputter for inputting authentication information including identification information and a password of the user;
  
  a client-side hash value creator for creating a first hash value from said authentication information by employing a first hash algorithm that corresponds to a first hash algorithm identifier transmitted from said server apparatus, and creating a second hash value from said first hash value and a random number transmitted from said server apparatus by employing said first hash algorithm; and
  
  an authentication request manager for transmitting authentication request information for causing said server apparatus to start an authenticating process to said server apparatus, receiving said random number and said first hash algorithm identifier from said server apparatus, transmitting said identification information of the user input from said authentication information inputter and said second hash value to said server apparatus, and receiving an authentication result from said server apparatus; and
  
  said server apparatus comprises;
  
  a user information storage in which user information has been stored that includes a second hash algorithm identifier that respectively corresponds for each said identification information of the user, and a third hash value pre-created from the authentication information including said identification information and said password of the user by employing a second hash algorithm that corresponds to this hash algorithm identifier;
  
  a random number creator for creating a random number;
  
  a server-side hash value creator for creating a hash value; and
  
  an authentication information manager for, upon receipt of said authentication request information from said client apparatus, causing said random number creator to create a random number, and transmitting said random number and said first hash algorithm identifier to said client apparatus, and for, upon receipt of said identification information of the user and said second hash value from said client apparatus, acquiring user information, which corresponds to this received identification information of the user, from said user information storage, determining whether or not said second hash algorithm identifier, which is included in said acquired user information, coincides with said first hash algorithm identifier, causing said server-side hash value creator to create a fourth hash value from a third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm in a case where it coincides, determining whether or not said second hash value coincides with said fourth hash value, transmitting the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmitting the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide; and
  
  the authentication system allows a change of a hash algorithm in the server apparatus, and then a gradual change of corresponding hash algorithms in a plurality of client apparatuses one by one, without changing corresponding hash algorithms of all client apparatuses at once,wherein;
  
  said authentication information manager in said server apparatus transmits said second hash algorithm identifier to said client apparatus as hash algorithm change request information in a case of having determined that said second hash algorithm identifier does not coincides with said first hash algorithm identifier;
  
  said authentication request manager in said client apparatus, upon receipt of said second hash algorithm identifier, causes said authentication information inputter to re-input said identification information, a password, and a new password of the user, causes said client-side hash value creator to create a new third hash value from said identification information and said password of the user, which were re-input, by employing said second hash algorithm, to create a new fourth hash value from said new third hash value and said random number by employing said first hash algorithm, and further to create a fifth hash value from said identification information and said new password of the user, which were re-input, by employing said first hash algorithm, and transmits said identification information of the user, said new fourth hash value, and said fifth hash value to said server apparatus; and
  
  said authentication information manager in said server apparatus, upon receipt of said identification information of the user, said new fourth hash value, and said fifth hash value, causes said server-side hash value creator to create a fourth hash value from the third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm, determines whether or not said fourth hash value coincides with said new fourth hash value, updates said second hash algorithm identifier and said third hash value that correspond to said identification information of the user in said user information storage into said first hash algorithm identifier and said fifth hash value, respectively, to transmit the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmits the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide.
- View Dependent Claims (2)
- - 2. The authenticating system according to claim 1, wherein:
    - said client apparatus comprises a hash algorithm identifier storage in which a list of hash algorithm identifiers has been stored that are usable in the above client apparatus;
      
      said server apparatus comprises a hash algorithm intensity storage in which an intensity of the hash algorithm has been stored that corresponds for each identifier of the hash algorithm;
      
      said authentication request manager in said client apparatus, at the time of transmitting said authentication request information to said server apparatus, transmits said list of the hash algorithm identifiers to said server apparatus; and
      
      said authentication information manager in said server apparatus, upon receipt of said authentication request information and said list of the hash algorithm identifiers from said client apparatus, selects an identifier of the hash algorithm having a highest intensity from among said list of the hash algorithm identifiers based upon the intensity of each hash algorithm stored in said hash algorithm intensity storage, and transmits this selected identifier as said first hash algorithm identifier together with said random number to said client apparatus.

3. An authenticating method of, with a client apparatus and a server apparatus connected via a communication line, executing an authentication of a user of said client apparatus by employing a hash algorithm, wherein:
- an authentication request manager in said client apparatus transmits authentication request information for causing said server apparatus to start an authenticating process to said server apparatus;
  
  an authentication information manager in said server apparatus, upon receipt of said authentication request information from said client apparatus, causes a random number creator in said server apparatus to create a random number, and transmits said random number and a predetermined first hash algorithm identifier to said client apparatus;
  
  said authentication request manager in said client apparatus receives said random number and said first hash algorithm identifier from said server apparatus;
  
  an authentication information inputter in said client apparatus inputs authentication information including identification information and a password of the user;
  
  a client-side hash value creator in said client apparatus creates a first hash value from said authentication information by employing a first hash algorithm that corresponds to said first hash algorithm identifier, and creates a second hash value from said first hash value and said random number by employing said first hash algorithm;
  
  said authentication request manager in said client apparatus transmits said identification information of the user and said second hash value to said server apparatus;
  
  said authentication information manager in said server apparatus, upon receipt of said identification information of the user and said second hash value from said client apparatus, acquires user information that corresponds to this received identification information of the user from a user information storage in which user information has been pre-stored that includes a second hash algorithm identifier that respectively corresponds for each said identification information of the user, and a third hash value pre-created from the authentication information including said identification information and said password of the user by employing a second hash algorithm that corresponds to this hash algorithm identifier, determines whether or not said second hash algorithm identifier, which is included in said acquired user information, coincides with said first hash algorithm identifier, causes a server-side hash value creator in said server apparatus to create a fourth hash value from a third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm in a case where it coincides, determines whether or not said second hash value coincides with said fourth hash value, transmits the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmits the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide; and
  
  said authentication request manager in said client apparatus receives the authentication result from said server apparatus; and
  
  wherein;
  
  the method allows a change of a hash algorithm in the server apparatus, and then a gradual change of corresponding hash algorithms in a plurality of client apparatuses one by one, without changing corresponding hash algorithms of all client apparatuses at once,said authentication information manager in said server apparatus transmits said second hash algorithm identifier to said client apparatus as hash algorithm change request information in a case of having determined that said second hash algorithm identifier does not coincide with said first hash algorithm identifier;
  
  said authentication request manager in said client apparatus, upon receipt of said second hash algorithm identifier, causes said authentication information inputter in said client apparatus to re-input said identification information, a password, and a new password of the user, causes said client-side hash value creator in said client apparatus to create a new third hash value from said identification information and said password of the user, which were re-input, by employing said second hash algorithm, to create a new fourth hash value from said new third hash value and said random number by employing said first hash algorithm, and further to create a fifth hash value from said identification information and said new password of the user, which were re-input, by employing said first hash algorithm, and transmits said identification information of the user, said new fourth hash value, and said fifth hash value to said server apparatus; and
  
  said authentication information manager in said server apparatus, upon receipt of said identification information of the user, said new fourth hash value, and said fifth hash value, causes said server-side hash value creator in said server apparatus to create a fourth hash value from the third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm, determines whether or not said fourth hash value coincides with said new fourth hash value, updates said second hash algorithm identifier and said third hash value that correspond to said identification information of the user in said user information storage into said first hash algorithm identifier and said fifth hash value, respectively, to transmit the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmits the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide.
- View Dependent Claims (4)
- - 4. The authenticating method according to claim 3, wherein:
    - said client apparatus comprises a hash algorithm identifier storage in which a list of hash algorithm identifiers has been stored that are usable in the above client apparatus;
      
      said server apparatus comprises a hash algorithm intensity storage in which an intensity of the hash algorithm has been stored that corresponds for each identifier of the hash algorithm;
      
      said authentication request manager in said client apparatus, at the time of transmitting said authentication request information to said server apparatus, transmits said list of the hash algorithm identifiers to said server apparatus; and
      
      said authentication information manager in said server apparatus, upon receipt of said authentication request information and said list of the hash algorithm identifiers from said client apparatus, selects an identifier of the hash algorithm having a highest intensity from among said list of the hash algorithm identifiers based upon the intensity of each hash algorithm stored in said hash algorithm intensity storage, and transmits this selected identifier as said first hash algorithm identifier together with said random number to said client apparatus.

5. An authenticating program stored on a non-transitory medium for causing a client apparatus and a server apparatus connected via a communication line to execute an authentication of a user of said client apparatus by employing a hash algorithm, wherein execution of the medium causes:
- said client apparatus to function as;
  
  an authentication information inputter for inputting authentication information including identification information and a password of the user;
  
  a client-side hash value creator for creating a first hash value from said authentication information by employing a first hash algorithm that corresponds to a first hash algorithm identifier transmitted from said server apparatus, and creating a second hash value from said first hash value and a random number transmitted from said server apparatus by employing said first hash algorithm; and
  
  an authentication request manager for transmitting authentication request information for causing said server apparatus to start an authenticating process to said server apparatus, receiving said random number and said first hash algorithm identifier from said server apparatus, transmitting said identification information of the user input from said authentication information inputter and said second hash algorithm to said server apparatus, and receiving an authentication result from said server apparatus; and
  
  said server apparatus to function as;
  
  a random number creator for creating a random number;
  
  a server-side hash value creator for creating a hash value; and
  
  an authentication information manager for, upon receipt of said authentication request information from said client apparatus, causing said random number creator to create a random number, and transmitting said random number and a predetermined first hash algorithm identifier to said client apparatus, and for, upon receipt of said identification information of the user and said second hash value from said client apparatus, acquiring said user information, which corresponds to this received identification information of the user, from a user information storage in which user information has been stored that includes a second hash algorithm identifier that respectively corresponds for each said identification information of the user, and a third hash value pre-created from the authentication information including said identification information and said password of the user by employing the second hash algorithm that corresponds to this hash algorithm identifier, determining whether or not said second hash algorithm identifier, which is included in said acquired user information, coincides with said first hash algorithm identifier, causing said server-side hash value creator to create a fourth hash value from a third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm in a case where it coincides, determining whether or not said second hash value coincides with said fourth hash value, transmitting the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and transmitting the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide; and
  
  wherein execution of the medium allows a change of a hash algorithm in the server apparatus, and then a gradual change of corresponding hash algorithms in a plurality of client apparatuses one by one, without changing corresponding hash algorithms of all client apparatuses at once; and
  
  wherein execution of the medium causes;
  
  said authentication information manager in said server apparatus to transmit said second hash algorithm identifier to said client apparatus as hash algorithm change request information in a case of having determined that said second hash algorithm identifier does not coincides with said first hash algorithm identifier;
  
  said authentication information inputter in said client apparatus to re-input said identification information, a password, and a new password of the user when said second hash algorithm identifier is received by said authentication request manager in said client apparatus;
  
  said client-side hash value creator in said client apparatus to create a new third hash value from said identification information and said password of the user, which were re-input, by employing said second hash algorithm, to create a new fourth hash value from said new third hash value and said random number by employing said first hash algorithm, and further to create a fifth hash value from said identification information and said new password of the user, which were re-input, by employing said first hash algorithm;
  
  said authentication request manager in said client apparatus to transmit said identification information of the user, said new fourth hash value, and said fifth hash value to said server apparatus;
  
  said server-side hash value creator in said server apparatus to create a fourth hash value from the third hash value, which is included in said acquired user information, and said random number by employing said first hash algorithm when said identification information of the user, said new fourth hash value, and said fifth hash value are received by said authentication information manager in said server apparatus; and
  
  said authentication information manager in said server apparatus to determine whether or not said fourth hash value coincides with said new fourth hash value, to respectively update said second hash algorithm identifier and said third hash value that correspond to said identification information of the user in said user information storage into said first hash algorithm identifier and said fifth hash value and to transmit the authentication result indicating that the authentication is successful to said client apparatus in a case where it coincides, and to transmit the authentication result indicating that the authentication is unsuccessful to said client apparatus in a case where it does not coincide.
- View Dependent Claims (6)
- - 6. The authenticating program according to claim 5, wherein execution of the medium causes:
    - said client apparatus to function as a hash algorithm identifier storage in which a list of hash algorithm identifiers has been stored that are usable in the above client apparatus;
      
      said server apparatus to function as a hash algorithm intensity storage in which an intensity of the hash algorithm has been stored that corresponds for each identifier of the hash algorithm;
      
      said authentication request manager in said client apparatus to transmit said list of the hash algorithm identifiers to said server apparatus at the time of transmitting said authentication request information to said server apparatus,; and
      
      said authentication information manager in said server apparatus to select an identifier of the hash algorithm having a highest intensity from among said list of the hash algorithm identifiers based upon the intensity of each hash algorithm stored in said hash algorithm intensity storage when said authentication request information and said list of the hash algorithm identifiers are received from said client apparatus, and to transmit this selected identifier as said first hash algorithm identifier together with said random number to said client apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Sakamoto, Yu
Primary Examiner(s)
Simitoski, Michael
Assistant Examiner(s)
OLION, BRIAN L

Application Number

US12/015,630
Publication Number

US 20080181403A1
Time in Patent Office

1,580 Days
Field of Search

None
US Class Current

380/258
CPC Class Codes

G06F 7/582 Pseudo-random number genera...

H04L 9/3236 using cryptographic hash fu...

Authenticating system, authenticating method, and authenticating program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating system, authenticating method, and authenticating program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links