Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Device and method for authenticating user's access rights to resources

a technology for authenticating users and access rights, applied in the direction of program/content distribution protection, unauthorized memory use protection, instruments, etc., can solve the problems of replay attacks, unable to continue the execution of subsequent steps, and improper execution of application programs by replaying communication content, etc., to achieve easy and simple authentication

Inactive Publication Date: 2011-09-27
FUJIFILM BUSINESS INNOVATION CORP
View PDF29 Cites 133 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0019]The present invention has been made in view of the above circumstances and has an object to provide a device for authenticating user's access rights to resources and its method which set both users and the protecting side such as application providers free from inconveniences caused by handling of large amount of unique information, for example, a lot of authentication keys, and thereby user's access rights are easily and simply authenticated when the execution control of the program, privacy protection of electronic mails, access control of files or computer resources and so forth are carried out.
[0021]With the above constitution, the unique security characteristic information of the device assigned to the protecting side and the unique identifying information of the user are made to be independent of each other. The information on actual access rights is represented as proof support information (i.e., an access ticket). The user has the user unique identifying information in advance, and on the other hand, a protector, such as a program creator prepares the unique security characteristic information, or the counterpart of the unique security characteristic information in terms of the public key cryptography, independent of the user unique identifying information held by the user. An access ticket is generated based on the user unique identifying information and the unique security characteristic information used in creation of the application program or the like. Access tickets are distributed to the users, whereby authentication of the user's access rights to resources such as execution control can be performed. Thus complexity occurring in the case where both sides of user and protector use the same information for performing authentication can be avoided.

Problems solved by technology

If the communication fails and the verification of the existence of the authentication key is not established, the program stops automatically, discontinuing the execution of subsequent steps.
Such improper execution of the application program by replaying the communication content is called a replay attack.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for authenticating user's access rights to resources
  • Device and method for authenticating user's access rights to resources
  • Device and method for authenticating user's access rights to resources

Examples

Experimental program
Comparison scheme
Effect test

first embodiment

[0077]In a first embodiment, an access ticket t is defined as the relation (1).

t=D−e+ωφ(n)  (1)

[0078]In the following bulleted paragraphs, symbols used in the above relation are described.[0079]An integer n is an RSA modulus, hence, a product of two very large prime numbers p and q (n=pq).[0080]φ(n) denotes the Euler number of n, hence, a product of two integers p−1 and q−1 (φ(n)=(p−1)(q−1)).[0081]A piece of user identifying information e is an integer allocated to each user. A piece of user identifying information is unique to a user: a different user identifying information is allocated to a different user.[0082]An access-ticket secret key D is a private key of an RSA public key pair. Since the modulus is assumed to be n, the relation 2 is derived from the definition.

gcd (D, φ(n))=1   (2)[0083]In the above, gcd (x, y) denotes the greatest common divisor of two integers x and y. The existence of an integer E satisfying the relation (3), which is called an access-ticket public key, ...

second embodiment

[0097]A second embodiment to be described is the same as the first embodiment regarding the definition of an access ticket t and the function of the proving device. However, the verification device works differently. The difference in the roles between challenging data C and a response R causes the difference in the function between the two embodiments: in the first embodiment, a response R is encryption of a random challenging data C; in the second embodiment, a response R will be decryption of challenging data C which is encryption of some other meaningful data.

[0098]FIG. 5 depicts the constitution of devices of the second embodiment, and FIG. 6 depicts flow of data. A verification device 10 comprises the following means: an access ticket public key storing means 101; a random number generation means 102; a random number storing means 103; a response storing means 105; a randomizing means 121; a challenge seed storing means 122; a de-randomizing means 123; and an execution means 3...

third embodiment

[0117]In a third embodiment, the definition of an access ticket is given as the relation (16).

t=D+F(n, e)   (16)

The following bulleted paragraphs illustrate the symbols appearing in the relation (16).[0118]An integer n is an RSA modulus, hence, a product of two very large prime numbers p and q (n=pq).[0119]φ(n) denotes the Euler number of n, hence, a product of two integers p−1 and q−1 (φ(n)=(p−1)(q−1)).[0120]A user identifying information e is an integer allocated to each user. The user identifying information e is unique to each user: a different user identifying information is allocated to a different user.[0121]An access-ticket secret key D is the private key of an RSA public key pair. Since the assumed modulus is n, D satisfies the relation (17).

gcd(D, φ(n))=1   (17)[0122]In the above, gcd(x, y) denotes the greatest common divisor of two integers x arid y. The existence of an integer E satisfying the relation (18), which is called an access-ticket public key, is derived form th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a device for authenticating user's access rights to resources, which comprises first memory means for storing challenging data, second memory means for storing unique identifying information of the user, third memory means for storing proof support information which is a result of executing predetermined computations to the unique identifying information of the user and unique security characteristic information of the device, response generation means for generating a response from the challenging data stored in the first memory means, the unique identifying information stored in the second memory means and the proof support information stored in the third memory means, and verification means for verifying the legitimacy of the response by verifying that the response, the challenging data and the unique security characteristic information of the device satisfy a specific predefined relation.

Description

[0001]This is a Continuation-in-Part of Application Ser. No. 08 / 731,928, filed Oct. 18, 1996, now abandoned.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates to a device for authenticating user's access rights to resources.[0004]2. Discussion of the Related Art[0005]Program execution control technologies are known in the field to which the present invention belongs. The program execution control technologies are technologies to:[0006]1. Embed a routine for user authentication during the use of an application program;[0007]2. Have the routine examine whether the user attempting execution of the application possesses a key for proper authentication; and[0008]3. Continue the program only when the existence of the key for authentication is verified, otherwise to halt execution.[0009]By using these technologies, execution of the application program is enabled only for proper users having the authentication key. The technologies are commercializ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F12/14G06F1/00G06F9/06G06F21/12G06F21/14G06F21/33G06F21/60G06F21/62G06F21/64G06F21/86G09C1/00H04L9/30H04L9/32
CPCH04L9/3271H04L63/08H04L9/302H04L9/3234H04L2209/603G06F21/316G06F21/34G06F2221/2139
Inventor SHIN, KIL-HOKOBAYASHI, KENICHIARATANI, TORU
Owner FUJIFILM BUSINESS INNOVATION CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com