JPH063905B2 - Authentication method between the center and the user - Google Patents
Authentication method between the center and the userInfo
- Publication number
- JPH063905B2 JPH063905B2 JP59164277A JP16427784A JPH063905B2 JP H063905 B2 JPH063905 B2 JP H063905B2 JP 59164277 A JP59164277 A JP 59164277A JP 16427784 A JP16427784 A JP 16427784A JP H063905 B2 JPH063905 B2 JP H063905B2
- Authority
- JP
- Japan
- Prior art keywords
- center
- encryption key
- card
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
Description
【発明の詳細な説明】 〔発明の技術分野〕 この発明は、センタと端末間の通信にICカードを用い
る場合のセンタと利用者間の相手認証方法に関するもの
である。Description: TECHNICAL FIELD The present invention relates to a method for authenticating a partner between a center and a user when an IC card is used for communication between the center and a terminal.
従来のICカードを用いた通信方式は一般に第1図のよ
うな構成をとっている。A conventional communication system using an IC card generally has a configuration as shown in FIG.
第1図において、1は有線網、2は端末機、3はセンタ
であり、端末機2にICカードを用いて入力し、センタ
3でこれを確認し、以後、両者間で通信が行われる。こ
のような、有線網1ではオンラインスコープ4等による
タッピングにより、また、無線網では無線機により通信
の内容を盗読されるおそれがある。このことは、個人の
プライバシーの侵害等の社会問題の原因となる。In FIG. 1, 1 is a wired network, 2 is a terminal device, 3 is a center, which is input to the terminal device 2 by using an IC card and confirmed by the center 3, and thereafter, communication is performed between them. . In such a wired network 1, the contents of communication may be read by tapping by the online scope 4 or the like, and by a wireless device in a wireless network. This causes social problems such as invasion of individual privacy.
これに対処するため、第2図のようにRSA法、DES
法を用いた暗号化装置5を端末機2、センタ3と有線網
1の間にそれぞれ置く方法が現在研究されている。しか
し、前者の方法においては、処理がきわめて複雑なこ
と、暗号化データがぼう大になることから実用化されて
いない。また、後者においても鍵が長いこと、鍵の配送
が難しいこと、処理が難しいこと等問題点があり、装置
はきわめて高価なものとなっている。これらの方式にお
いては、個人が暗号化鍵、復号化鍵の保持、持ち運び、
管理を安全に行えないという点を、守秘能力の強いアル
ゴリズムを使うことによって解決しようとするため、上
記の問題点が生じている。In order to deal with this, as shown in FIG. 2, RSA method, DES
A method of placing the encryption device 5 using the method between the terminal 2, the center 3 and the wired network 1 is currently being studied. However, the former method has not been put to practical use because the processing is extremely complicated and the encrypted data becomes very large. The latter also has problems such as long keys, difficult key distribution, and difficult processing, which makes the device extremely expensive. In these methods, an individual holds and carries an encryption key and a decryption key,
The problem described above occurs because an attempt is made to solve the problem that the management cannot be performed safely by using an algorithm with strong confidentiality.
この発明は、これらの問題点を解決するため、アルゴリ
ズムの簡易な暗号方式の鍵を、個人が手軽に持ち運びで
き、鍵を安全に格納でき、かつ、暗号化処理の可能なI
Cカードに格納し、しかも、暗号化鍵、復号化鍵を通信
のたびに変更することによりセキュリティを確保したも
ので、その目的は、アルゴリズムの簡易な暗号方式によ
り、セキュリティを確保することにある。In order to solve these problems, the present invention makes it possible for an individual to easily carry a key of an encryption method having a simple algorithm, store the key safely, and enable encryption processing.
The security is ensured by storing it in the C card and changing the encryption key and the decryption key each time communication is performed. The purpose is to ensure the security by the simple encryption method of the algorithm. .
以下この発明を図面について説明する。The present invention will be described below with reference to the drawings.
第3図はICカードの構成の一例を示す図である。6は
ICカード、7はメモリIC、8はCPU、9は配線、
10はコンタクトである。ICカード6においては、メ
モリIC7、CPU8はモールドされており、この内容
を不正に読むことができない。すなわち、ICカード6
へのアクセスは、コンタクト10を通す方法に限定され
る。したがって、CPU8の中にプログラムを入れてお
き、暗号化鍵、復号化鍵の外部への送出を禁止し、外部
へ送出するデータの暗号化をプログラムにより行えば、
端末を介して回線へ送出するデータのセキュリティは保
たれる。FIG. 3 is a diagram showing an example of the configuration of an IC card. 6 is an IC card, 7 is a memory IC, 8 is a CPU, 9 is wiring,
10 is a contact. In the IC card 6, the memory IC 7 and the CPU 8 are molded, and the contents cannot be read illegally. That is, the IC card 6
Access to is limited to the way through contacts 10. Therefore, if the program is stored in the CPU 8 to prohibit the sending of the encryption key and the decryption key to the outside and the data to be sent to the outside is encrypted by the program,
The security of the data sent to the line via the terminal is maintained.
第4図はこの発明の一実施例を示す構成ならびに信号の
授受を示す図であり、銀行のセンタおよび公衆電話網の
交換機センタが相手の認証を行う場合を示している。こ
の場合、センタ3は、ICカード6より送られてくる個
人のPIDコードとパスワードにより認証を行うが、パ
スワードを送る場合は、偽証を防止するため暗号化を行
う。すなわち、ICカード6のメモリIC7は個人ファ
イル11として使用されており、その中にPID11
a、暗号化鍵11b、パスワード11cが格納されてい
る。一方、センタ3のファイル中には、システム利用者
ファイル12があり、各利用者ごとのPID12a、暗
号化鍵12b、パスワード12cが格納されている。FIG. 4 is a diagram showing a configuration and signal transmission / reception according to an embodiment of the present invention, and shows a case where a bank center and a public telephone network switch center authenticate each other. In this case, the center 3 authenticates with the PID code and password of the individual sent from the IC card 6, but when sending the password, encryption is performed to prevent forgery. That is, the memory IC 7 of the IC card 6 is used as the personal file 11, and the PID 11
a, an encryption key 11b, and a password 11c are stored. On the other hand, in the file of the center 3, there is the system user file 12, and the PID 12a, the encryption key 12b, and the password 12c for each user are stored.
個人がセンタ3にアクセスする際、まずICカード6よ
りPID11aをセンタ3に送り、センタ3はPID1
1aに対応するシステム利用者ファイル12をさがす。
次に、ICカード6より暗号化鍵11bでパスワード1
1cを暗号化し、センタ3に送る。この場合の暗号アル
ゴリズムは簡易なもので良く、第4図の実施例では暗号
化鍵11bとパスワード11cの排他的論理和をとる場
合(バーナム暗号方式)を示している。暗号器13は、
CPU8内にプログラムされている。When an individual accesses the center 3, the IC card 6 first sends the PID 11a to the center 3, and the center 3 sends the PID 1
The system user file 12 corresponding to 1a is searched.
Next, the password 1 from the IC card 6 with the encryption key 11b
1c is encrypted and sent to the center 3. The encryption algorithm in this case may be a simple one, and the embodiment of FIG. 4 shows the case where the exclusive OR of the encryption key 11b and the password 11c is obtained (Vernam encryption method). The encryption device 13
It is programmed in the CPU 8.
この方法の利点は、復号化も暗号化鍵11bと同じもの
でよく、アルゴリズムもまた同じで良い点である。The advantage of this method is that the decryption may be the same as the encryption key 11b and the algorithm may be the same.
センタ3では、受けとったデータをシステム利用者ファ
イル12の暗号化鍵12bで復号し、パスワード12c
が一致すれば本人として認証する。しかし、この方式で
はアルゴリズムが簡易であるため、暗号化鍵11b(1
2b)を固定しておくと、セキュリティ上問題である。At the center 3, the received data is decrypted by the encryption key 12b of the system user file 12, and the password 12c
If the two match, the person is authenticated. However, since the algorithm is simple in this method, the encryption key 11b (1
Fixing 2b) is a security problem.
そこで、通信終了時に、第5図に示した方法により、セ
ンタ3からICカード6へ、次回通信時に用いる新暗号
化鍵14を配送する。すなわち、センタ3で、通信終了
時に新暗号化鍵14を生成し、現在の暗号化鍵で暗号化
してカードに送る。ICカード6は暗号化データを現在
の暗号化鍵で復号化し、新暗号化鍵14を取り出して、
現在の暗号化鍵の代りに格納する。この方法によれば、
個人は、常に、独自の暗号化鍵11bを安全に保有し、
通信のたびに新しい暗号化鍵を用いるため、高度なセキ
ュリティが確保される。Therefore, at the end of communication, the new encryption key 14 used at the next communication is delivered from the center 3 to the IC card 6 by the method shown in FIG. That is, the center 3 generates a new encryption key 14 at the end of communication, encrypts it with the current encryption key, and sends it to the card. The IC card 6 decrypts the encrypted data with the current encryption key, extracts the new encryption key 14,
Store instead of the current encryption key. According to this method
Individuals always have their own encryption key 11b safely
A high level of security is ensured because a new encryption key is used for each communication.
なお、上記の実施例では、暗号化鍵を復号化鍵にも用い
たが、このように両者を同一のものとせず異なるものを
用いてもよい。Although the encryption key is also used as the decryption key in the above embodiment, different keys may be used instead of the same key.
以上詳細に説明したように、この発明は、センタと端末
間を網で結び、前記センタまたは端末の一方から送出す
るデータを暗号化鍵で暗号化して送出し、他方で復号化
鍵を用いて復号し前記データを得てパスワードの一致を
判定して相手の認証を行う通信において、前記網に送出
したデータの暗号化鍵を前記端末で用いるICカードに
格納しておき、復号化鍵を前記センタのシステム利用者
ファイルに格納しておき、1回の通信のたびに前記IC
カードに格納された暗号化鍵と前記利用者ファイルに格
納された復号化鍵を変え、さらに次回の通信に用いる暗
号化鍵と復号化鍵の配送を現在の暗号化鍵と復号化鍵を
用いて行って前記ICカードに暗号化鍵を、また前記シ
ステム利用者ファイルに復号化鍵をそれぞれ格納してお
くようにし、個人の暗号化鍵を安全に格納できるICカ
ードおよび多人数の人間の暗号化鍵を安全に管理するセ
ンタにより実行され、しかも、暗号化鍵を通信のたびに
変えるため、以下の利点を有する。As described above in detail, according to the present invention, the center and the terminal are connected by the network, the data transmitted from one of the center and the terminal is encrypted by the encryption key and transmitted, and the other uses the decryption key. In the communication in which the data is decrypted, the password is determined to be the same, and the other party is authenticated, the encryption key of the data transmitted to the network is stored in the IC card used in the terminal, and the decryption key is stored in the IC card. It is stored in the system user file of the center, and the IC is used for each communication.
The encryption key stored in the card and the decryption key stored in the user file are changed, and the delivery of the encryption key and the decryption key used for the next communication is performed using the current encryption key and the decryption key. The encryption key is stored in the IC card, and the decryption key is stored in the system user file, so that the personal encryption key can be safely stored and the encryption of a large number of people. Since the encryption key is executed safely by the center, and the encryption key is changed every communication, the following advantages are obtained.
(1)簡易な暗号アルゴリズムにかかわらず高度なセキュ
リティが確保できる。(1) High security can be secured regardless of the simple encryption algorithm.
(2)アルゴリズムが簡易であるため、ICカードによる
暗号化・復号化が実現でき、システムのコストが安くて
すむ。(2) Since the algorithm is simple, encryption / decryption with an IC card can be realized, and the system cost is low.
(3)暗号化鍵がICカードに格納されているため、IC
カードを持っている人間は、どのような通信システムに
おいても、暗号化通信が可能である。(3) Since the encryption key is stored in the IC card, the IC
A person holding a card can perform encrypted communication in any communication system.
(4)暗号化鍵が個人対応で異なるため、一般データの通
信においても、受信者による送信者の認証が可能であ
る。(4) Since the encryption key is different for each person, the sender can be authenticated by the receiver even in general data communication.
(5)万一、1つの暗号化鍵が見破られても、1個人のセ
キュリティがおびやかされるだけで、システム全体とし
ては大きなダメージは受けない。また個人のセキュリテ
ィも鍵を変えることで、ふたたび確保される。(5) Even if one encryption key is discovered, the security of one person is threatened, and the system as a whole is not seriously damaged. Also, personal security can be secured again by changing the key.
第1図は従来の暗号化を行わない場合のセンタと端末間
の通信システムを示す図、第2図はRSA,DES等の
暗号器を用いた通信システムを示す図、第3図はICカ
ードの構成例を示す図、第4図はこの発明の一実施例に
よる暗号化通信システムと信号の授受を示す図、第5図
はこの発明による暗号化鍵の更新方法を示す図である。 図中、1は有線網、2は端末機、3はセンタ、4はオン
ラインスコープ、5は暗号化装置、6はICカード、7
はメモリIC、8はCPU、9は配線、10はコンタク
ト、11はICカード内の個人ファイル、12はセンタ
内のシステム利用者ファイル、13は暗号器(復号
器)、14は新暗号化鍵である。FIG. 1 is a diagram showing a communication system between a center and a terminal when conventional encryption is not performed, FIG. 2 is a diagram showing a communication system using an encryption device such as RSA or DES, and FIG. 3 is an IC card. FIG. 4 is a diagram showing an example of the configuration of FIG. 4, FIG. 4 is a diagram showing signal transmission / reception with an encrypted communication system according to an embodiment of the present invention, and FIG. 5 is a diagram showing an encryption key updating method according to the present invention. In the figure, 1 is a wired network, 2 is a terminal, 3 is a center, 4 is an online scope, 5 is an encryption device, 6 is an IC card, and 7
Is a memory IC, 8 is a CPU, 9 is a wiring, 10 is a contact, 11 is a personal file in the IC card, 12 is a system user file in the center, 13 is an encoder (decryptor), and 14 is a new encryption key. Is.
Claims (2)
たは端末の一方から送出するデータを暗号化鍵で暗号化
して送出し、他方で復号化鍵を用いて復号し前記データ
を得てパスワードの一致を判定して相手の認証を行う通
信において、前記網に送出したデータの暗号化鍵を前記
端末で用いるICカードに格納しておき、復号化鍵を前
記センタのシステム利用者ファイルに格納しておき、1
回の通信のたびに前記ICカードに格納された暗号化鍵
と前記利用者ファイルに格納された復号化鍵を変え、さ
らに次回の通信に用いる暗号化鍵と復号化鍵の配送を現
在の暗号化鍵と復号化鍵を用いて行って前記ICカード
に暗号化鍵を、また前記システム利用者ファイルに復号
化鍵をそれぞれ格納しておくことを特徴とするセンタと
利用者間の相手認証方法。1. A center and a terminal are connected by a network, data transmitted from one of the center and the terminal is encrypted with an encryption key and transmitted, and the other is decrypted using a decryption key to obtain the data. In the communication for authenticating the other party by judging the coincidence of passwords, the encryption key of the data sent to the network is stored in the IC card used in the terminal, and the decryption key is stored in the system user file of the center. Store it 1
The encryption key stored in the IC card and the decryption key stored in the user file are changed for each communication, and the distribution of the encryption key and the decryption key used for the next communication is performed by the current encryption. Authentication method between the center and the user, characterized in that the encryption key and the decryption key are used to store the encryption key in the IC card and the decryption key in the system user file. .
ことを特徴とする特許請求の範囲第1項記載のセンタと
利用者間の相手認証方法。2. The partner authentication method between the center and the user according to claim 1, wherein the same encryption key and decryption key are used.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59164277A JPH063905B2 (en) | 1984-08-07 | 1984-08-07 | Authentication method between the center and the user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59164277A JPH063905B2 (en) | 1984-08-07 | 1984-08-07 | Authentication method between the center and the user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPS6143034A JPS6143034A (en) | 1986-03-01 |
| JPH063905B2 true JPH063905B2 (en) | 1994-01-12 |
Family
ID=15790028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP59164277A Expired - Lifetime JPH063905B2 (en) | 1984-08-07 | 1984-08-07 | Authentication method between the center and the user |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPH063905B2 (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH01231451A (en) * | 1988-01-22 | 1989-09-14 | Iwatsu Electric Co Ltd | Communication control system |
| JP2850391B2 (en) * | 1989-08-16 | 1999-01-27 | 国際電信電話株式会社 | Confidential communication relay system |
| DE69220016T2 (en) * | 1991-12-27 | 1998-01-02 | Zexel Corp | Locking system |
| US6868408B1 (en) | 1994-04-28 | 2005-03-15 | Citibank, N.A. | Security systems and methods applicable to an electronic monetary system |
| JP4910629B2 (en) * | 2006-10-26 | 2012-04-04 | 富士通株式会社 | Information access system, read / write device, and active contactless information storage device |
| JP2009171253A (en) * | 2008-01-16 | 2009-07-30 | Trinity Security Systems Inc | Key sharing method, authentication method, authentication program, recording medium, and communication system |
| JP2008167505A (en) * | 2008-03-26 | 2008-07-17 | Dainippon Printing Co Ltd | Public key encryption processing system and method |
| JP2010056673A (en) * | 2008-08-26 | 2010-03-11 | Tss Lab:Kk | Authentication processing method, authentication processing program, recording medium, and authentication processing system |
| JP2015192352A (en) * | 2014-03-28 | 2015-11-02 | 富士通株式会社 | Program, cryptographic processing method, and cryptographic processing apparatus |
-
1984
- 1984-08-07 JP JP59164277A patent/JPH063905B2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| JPS6143034A (en) | 1986-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11622265B2 (en) | Security system for handheld wireless devices using time-variable encryption keys | |
| US6151677A (en) | Programmable telecommunications security module for key encryption adaptable for tokenless use | |
| US4969188A (en) | Process and apparatus for the protection of secret elements in a network of encrypting devices with open key management | |
| CN100517354C (en) | Computer implemented method for securely acquiring a binding key and securely binding system | |
| JP2883243B2 (en) | Remote party authentication / encryption key distribution method | |
| RU2415470C2 (en) | Method of creating security code, method of using said code, programmable device for realising said method | |
| JP4954628B2 (en) | Authentication device, authenticator and authentication method using true random number generator or pseudorandom number generator | |
| US6460138B1 (en) | User authentication for portable electronic devices using asymmetrical cryptography | |
| KR980007143A (en) | Authentication method, communication method and information processing device | |
| JPH09167098A (en) | Communication system for portable device | |
| US20010054147A1 (en) | Electronic identifier | |
| JP2000261427A (en) | Encryption communication terminal, encryption communication center equipment, encryption communication system and storage medium | |
| US20020018570A1 (en) | System and method for secure comparison of a common secret of communicating devices | |
| US20020091932A1 (en) | Qualification authentication method using variable authentication information | |
| JPH0575598A (en) | Key data sharing device | |
| JPH09147072A (en) | Personal authentication system, personal authentication card and center equipment | |
| US7177425B2 (en) | Device and method for securing information associated with a subscriber in a communication apparatus | |
| JPH063905B2 (en) | Authentication method between the center and the user | |
| JPH04247737A (en) | Enciphering device | |
| US20030097559A1 (en) | Qualification authentication method using variable authentication information | |
| CN111263360B (en) | Wireless encryption device and method using public key to protect variable mechanical authentication password | |
| JP4372403B2 (en) | Authentication system | |
| JP2003134107A (en) | System, method and program for individual authentication | |
| JP2003309552A (en) | Control system for electronic certificate by portable telephone | |
| CN113162766B (en) | Key management method and system for key component |