The present disclosure relates to an information processing apparatus, an information processing system, an information processing method, a program and a client terminal.
In the related art, for example, following Japanese Patent Laid-Open No. 2010-67004 discloses a technique of acquiring the number of users at the current time when an authentication server authenticates login users and replying the login wait time to terminals when the capacity is exceeded, in order to adequately reduce the load at the time of log in.
Also, following Japanese Patent Laid-Open No. 2002-278930 discloses a technique of transmitting a desired webpage to a terminal used by the user authenticated once without authentication since the load due to an input requested for the authentication increases as the number of URL's which the user wants to access increases.
However, the technique disclosed in Japanese Patent Laid-Open No. 2010-67004 is a technique that aims to reduce the load on a server, and a harmful effect of causing the wait time occurs in a case where there are a lot of users. Therefore, in a case where there are a lot of users, it is not possible to increase the login speed (i.e. user authentication speed) without causing the wait time.
Also, the technique disclosed in Japanese Patent Laid-Open No. 2002-278930 is a technique of omitting a following password input and not performing authentication for the user authenticated once. Therefore, although it is possible to save the effort of authentication, it is assumed that a stranger pretends to be a real user and logs in because of no authentication, and there is a problem in respect of the security.
Therefore, it is requested to reduce the load at the time of user authentication and secure the security against spoofing or the like.
According to an embodiment of the present disclosure, there is provided an information processing apparatus including a processing request acquisition unit configured to sequentially acquire a plurality of processing requests from a user, and an authentication execution unit configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of processing requests.
Further, the authentication execution unit may set a number of times of the user authentication processing according to an authentication level of each of the plurality of processing requests and execute the user authentication processing.
Further, the authentication execution unit may execute the user authentication processing using an authentication protocol that repeats an exchange of information for the user authentication processing a plurality of times.
Further, the authentication execution unit may execute user authentication processing by an MQ protocol.
Further, the information processing apparatus may further include an authentication count record unit configured to record a repeat count n of the user authentication processing executed. The authentication execution unit may further execute the user authentication processing in a case where the repeat count n does not reach a repeat count n′ set in advance depending on a type of the processing request.
Further, the authentication execution unit may execute the user authentication processing until the repeat count n reaches the repeat count n′ set in advance depending on the type of the processing request.
Further, the authentication execution unit may further execute the user authentication processing (n′−n) times in a case where the repeat count n does not reach the repeat count n′ set in advance depending on the type of the processing request.
Further, the repeat count n′ set in advance may be set to be a higher value as confidentiality of a processing request of a user is higher.
Further, the repeat count n′ set in advance may be set to be a different value for each user.
Further, the authentication execution unit may reset the repeat count n of the user authentication processing executed to 0 in a case where the user authentication processing is not normally executed.
Further, according to an embodiment of the present disclosure, there is provided an information processing system including a client terminal configured to transmit a processing request input from a user, and a server including a processing request acquisition unit configured to sequentially acquire a plurality of the processing requests from the client terminal, and an authentication execution unit configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of the processing requests.
Further, according to an embodiment of the present disclosure, there is provided an information processing method including sequentially acquiring a plurality of processing requests from a user, and distributing and executing user authentication processing according to a timing of acquiring the plurality of processing requests.
Further, according to an embodiment of the present disclosure, there is provided a program that causes a computer to function as a device configured to sequentially acquire a plurality of processing requests from a user, and a device configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of processing requests.
Further, according to an embodiment of the present disclosure, there is provided a client terminal including a transmission unit configured to transmit a processing request input from a user, and a reception unit configured to receive a result of user authentication processing from a server that sequentially acquires a plurality of the processing requests from the client terminal and distributes and executes the user authentication processing according to a timing of acquiring the plurality of the processing requests.
According to the present disclosure, it is possible to reduce the load at the time of user authentication and further secure the security to spoofing or the like.
Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the appended drawings. Note that, in this specification and the appended drawings, structural elements that have substantially the same function and structure are denoted with the same reference numerals, and repeated explanation of these structural elements is omitted.
Here, a flow of explanation related to the following embodiment of the present disclosure is described. First, with reference to
Next, with reference to
Next, with reference to
Also, the explanation is given in the following order.
1: Introduction
1-1: Algorithm of public key authentication scheme
1-2: N-pass public key authentication scheme
2: Construction of algorithm according to 3-pass public key authentication scheme
2-1: Construction example of specific algorithm
2-2: Construction example of serialization algorithm
3: Construction of algorithm according to 5-pass public key authentication scheme
3-1: Construction example of specific algorithm
4: Example of system configuration
4-1: Outline of system according to the present embodiment
4-2: Configuration example of system
4-3: Operation of system
4-4: Regarding user authentication protocol
4-5: Regarding authentication repeat count n′
4-6: Regarding example to change authentication level every user
5: Configuration example of hardware
The present embodiment relates to user authentication when the user logs in a client terminal. First, as a suitable user authentication scheme to apply to the present embodiment originally, a public key authentication scheme (which may be hereafter referred to as “MQ protocol”) that puts grounds of security on the hardness of solving problems with respect to multidimensional multivariable simultaneous equations is explained. However, unlike the related art such as an HFE electronic signature scheme, the present embodiment relates to a public key authentication scheme using multidimensional multivariable simultaneous equations without a method (trapdoor) for efficient solution. Also, as described later, an authentication scheme applicable to the present embodiment is not limited to this. First, the outline is easily explained with respect to an algorithm of a public key authentication scheme and an n-pass public key authentication scheme.
First, with reference to
The public key authentication is used by a certain person (i.e., certifier) to convince other persons (e.g., verifier) of the identical person by public key pk and secret key sk. For example, public key pkA of certifier A is published to verifier B. Meanwhile, secret key skA of certifier A is secretly managed by certifier A. In the mechanism of the public key authentication, a person who knows secret key skA corresponding to public key pkA is regarded as certifier A.
To use the mechanism of the public key authentication and certify to verifier B that certifier A is identified as certifier A, it may be requested to present evidence that certifier A knows secret key skA corresponding to public key pkA, to verifier B through the conversation protocol. Subsequently, in a case where the evidence that certifier A knows secret key skA is presented to verifier B and verifier B has confirmed the evidence, the validity of certifier A (i.e., identical person) is certified.
However, to assure the security, the mechanism of the public key authentication is requested to meet the following conditions.
The first condition is that “the probability of perjury establishment by a perjurer who does not have secret key sk when a conversation protocol is executed is recued as much as possible.” Establishment of this first condition is referred to as “soundness.” That is, the soundness is paraphrased with “the perjury is not established by the perjurer who does not have secret key sk at a measurable probability while the conversation protocol is being executed.” The second condition is that “all information on secret key skA held by certifier A does not leak to verifier B even if the conversation protocol is executed.” Establishment of this second condition is referred to as “zero knowledge.”
To safely perform public key authentication, it is requested to use a conversation protocol having the soundness and the zero knowledge. If authentication processing is performed using a conversation protocol without the soundness and the zero knowledge, since it is not possible to deny the possibility of perjury and the possibility of a leakage of information on a secret key, it does not follow that the validity of the certifier is not certified even if the processing itself is successfully completed. Therefore, it is significant how the soundness and zero knowledge of the conversation protocol are secured.
As illustrated in
Meanwhile, the verifier executes the conversation protocol using verifier algorithm V, and verifies whether the certifier owns the secret key supporting a public key published by the certifier. That is, the verifier is an entity to verify whether the certifier owns the secret key supporting the public key. Thus, the model of the public key authentication scheme includes two entities of the certifier and the verifier, and three algorithms of key generation algorithm Gen, certifier algorithm P and verifier algorithms V.
Also, in the following explanation, although expressions of “certifier” and “verifier” are used, these expressions absolutely denote entities. Therefore, the subject that executes key generation algorithm Gen and certifier algorithm P is an information processing apparatus corresponding to the entity of “certifier.” Similarly, the subject that executes verifier algorithm V is an information processing apparatus. The hardware configurations of these information processing apparatuses are as illustrated in
Key generation algorithm Gen is used by the certifier. Key generation algorithm Gen is an algorithm to generate a combination of secret key sk and public key pk to the certifier. Public key pk generated by key generation algorithm Gen is published. Subsequently, published public key pk is used by the verifier. Meanwhile, the certifier secretly manages secret key sk generated by key generation algorithm Gen. Subsequently, secret key sk secretly managed by the certifier is used to certify to the verifier that the certifier owns secret key sk supporting public key pk. Formally, key generation algorithm Gen receives an input of security parameter 1λ (where λ is an integer equal to or greater than 0) and is expressed as Expression (1) listed below, as an algorithm to output secret key sk and public key pk.
(sk,pk)←Gen(1λ) (1)
Certifier algorithm P is used by the certifier. Certifier algorithm P is an algorithm to certify to the verifier that the certifier owns secret key sk supporting public key pk. That is, certifier algorithm P is an algorithm to receive an input of secret key sk and public key pk and execute a conversation protocol.
Verifier algorithm V is used by the verifier. Verifier algorithm V is an algorithm to verify whether the certifier owns secret key sk supporting public key pk in a conversation protocol. Verifier algorithm V is an algorithm to receive an input of public key pk and output 0 or 1 (1 bit) according to an execution result of the conversation protocol. Also, the verifier determines that the certifier is unauthorized in a case where verifier algorithm V outputs 0, and determines that the certifier is authorized in a case where verifier algorithm V outputs 1. Formally, verifier algorithm V is expressed as Expression (2) listed below.
0/1←V(pk) (2)
As described above, to realize significant public key authentication, the conversation protocol is requested to satisfy two conditions of the soundness and the zero knowledge. However, to certify that the certifier owns secret key sk, the verifier is requested to perform procedures depending on secret key sk, report the result to the verifier and then cause the verifier to perform verification based on the report content. To perform the procedures depending on secret key sk is requested to assure the soundness. Meanwhile, it is requested not to leak all information on secret key sk to the verifier. Therefore, it is requested to cleverly design the above-mentioned key generation algorithm Gen, certifier algorithm P and verifier algorithm V so as to satisfy these requirements.
The outline of the algorithm of the public key authentication scheme has been described above.
Next, with reference to
As described above, the public key authentication scheme is an authentication scheme to certify to the verifier that the certifier owns secret key sk supporting public key pk in the conversation protocol. Also, the conversation protocol is requested to satisfy two conditions of the soundness and the zero knowledge. Therefore, in the conversation protocol, as illustrated in
In the case of an n-pass public key authentication scheme, processing (step #1) is performed by the certifier using certifier algorithm P and information T1 is transmitted to the verifier. Next, processing (step #2) is performed by the verifier using verifier algorithm V and information T2 is transmitted to the certifier. Further, execution of processing and transmission of information Tk are sequentially performed with respect to k=3 to-n, and processing (step #n+1) is performed at the end. Thus, a scheme to transmit and receive information n times is referred to as the “n-pass” public key authentication scheme.
The n-pass public key authentication scheme has been described above.
In the following, an algorithm according to the 3-pass public key authentication scheme is explained. Also, in the following explanations, the 3-pass public key authentication scheme may be referred to as “3-pass scheme.”
First, with reference to
Also, a combination of quadratic polynomials (f1(x), . . . , fm(x)) can be express as Expression (7) listed below. Also, A1, . . . , Am are an n×n matrix. Further, b1, . . . , bm are n×1 vectors respectively.
When this expression is used, multivariable polynomial F can be expressed as Expression (8) and Expression (9) listed below. Establishment of this expression can be easily confirmed from Expression (10) listed below.
Thus, when F(x+y) is divided into the first part depending on x, the second part depending on y and the third part depending on both x and y, member G(x,y) corresponding to the third part becomes bilinear with respect to x and y. In the following, member G(x,y) may be referred to as “bilinear member.” When this character is used, it is possible to construct an efficient algorithm.
For example, using vectors t0εKn and e0εKm, multivariable polynomial F1(x) used for the mask of multivariable polynomial F(x+r) is expressed as F1(x)=G(x,t0)+e0. In this case, the sum of multivariable polynomials F(x+r0) and F1 (x) is expressed as Expression (11) listed below. Here, when t1=r0+t0 and e1=F(r0)+e0 are set, multivariable polynomial F2(x)=F(x+r0)+F1(x) can be expressed by vectors t1εKn and e1εKm. Therefore, when F1(x)=G(x,t0)+e0 is set, it is possible to express F1 and F2 by the use of the vector on Kn and the vector on Km, and it is possible to realize an efficient algorithm in which a data size requested for communication is small.
Here, all information on r0 is not leaked from F2 (or F1). For example, even if e1 and t1 (or e0 and t0) are given, it is not possible to know all information on r0 as long as e0 and t0 (or e1 and t1) are not known. Therefore, the zero knowledge is assured. In the following, the 3-pass scheme algorithm constructed based on the above-mentioned logic is explained. The algorithm of the 3-pass scheme explained herein includes key generation algorithm Gen, certifier algorithm P and verifier algorithm V as listed below.
Key generation algorithm Gen generates m items of multivariable polynomials f1(x1, . . . , xn), . . . , Fm(x1, . . . , xn) defined on ring K, and vector s=(s1, . . . , sn) εKn. Next, key generation algorithm Gen calculates y=(y1, . . . , ym)←(f1(s), . . . , fm(s)). Subsequently, key generation algorithm Gen sets (f1(x1, . . . , xn), . . . , fm(x1, . . . , xn),y) as public key pk and sets s as a secret key.
In the following, with reference to
As illustrated in
Next, certifier algorithm P calculates c0←H(r1,G(t0,r1)+e0). Next, certifier algorithm P calculates c1←H(t0,e0). Next, certifier algorithm P calculates c2←H(t1,e1). Message (c0,c1,c2) generated in step #1 is sent to verifier algorithm V.
Verifier algorithm V having received message (c0,c1,c2) selects which verification pattern is used among three verification patterns. For example, verifier algorithm V selects one numerical value from three numerical values {0, 1, 2} indicating the verification pattern types, and sets the selected numerical value as request Ch. This request Ch is sent to certifier algorithm P.
Certifier algorithm P having received request Ch generates response Rsp sent to verifier algorithm V, according to received request Ch. In the case of Ch=0, certifier algorithm P generates response Rsp=(r0,t1,e1). In the case of Ch=1, certifier algorithm P generates response Rsp=(r1,t0,e0). In the case of Ch=2, certifier algorithm P generates response Rsp=(r1,t1,e1). Response Rsp generated in step #3 is sent to verifier algorithm V.
Verifier algorithm V having received response Rsp performs the following verification processing by the use of received response Rsp.
In the case of Ch=0, verifier algorithm V verifies whether the equal sign of c1=H(r0−t1,F(r0)−e1) is established. Further, verifier algorithm V verifies whether the equal sign of c2=H(t1,e1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of Ch=1, verifier algorithm V verifies whether the equal sign of c0=H(r1,G(t0,r1)+e0) is established. Further, verifier algorithm V verifies whether the equal sign of c1=H(t0,e0) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of Ch=2, verifier algorithm V verifies whether the equal sign of c0=H(r1,y−F(r1)−G(t1,r1)−e1) is established. Further, verifier algorithm V verifies whether the equal sign of c2=H(t1,e1) is satisfied. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
A construction example of an efficient algorithm according to the 3-pass scheme has been described above.
Next, with reference to
Here, if the above conversation protocol is applied, it is possible to suppress the probability of perjury success to ⅔ or less. Therefore, if this conversation protocol is executed twice, it is possible to suppress the probability of perjury success to (⅔)2 or less. Further, if this conversation protocol is executed N times, the probability of perjury success becomes (⅔)N, and, by setting N to a sufficiently high number (for example, N=140), the probability of perjury success becomes vanishingly small.
As a method of executing the conversation protocol multiple times, for example, as illustrated in
As illustrated in
Next, certifier algorithm P calculates c0,1←H(r1,1,G(t0,1,r1,1)+e0,1). Next, certifier algorithm P calculates c1,1←H(t0,1,e0,1). Next, certifier algorithm P calculates c2,1←H(t1,1,e1,1). Message (c0,1,c1,1,c2,1) generated in step #1 is sent to verifier algorithm V.
Verifier algorithm V having received message (c0,1,c1,1,c2,1) selects which verification pattern is used among three verification patterns. For example, verifier algorithm V selects one numerical value from three numerical values {0, 1, 2} indicating the verification pattern types, and sets the selected numerical value as request Ch1. This request Ch1 is sent to certifier algorithm P.
Certifier algorithm P having received request Ch1 generates response Rsp to be sent to verifier algorithm V, according to received request Ch1. In the case of Ch1=0, certifier algorithm P generates response σ1=(r0,1,t1,1,e1,1). In the case of Ch1=1, certifier algorithm P generates response σ1=(r1,1,t0,1,e0,1). In the case of Ch1=2, certifier algorithm P generates response σ1=(r1,1,t1,1,e1,1). Response σ1 generated in step #3 is sent to verifier algorithm V.
Verifier algorithm V having received response σ1 performs the following verification processing by the use of received response σ1.
In the case of Ch1=0, verifier algorithm V verifies whether the equal sign of c1,1=H(r0,1−t1,1,F(r0,1)−e1,1) is established. Further, verifier algorithm V verifies whether the equal sign of c2,1=H(t1,1,e1,1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of Ch1=1, verifier algorithm V verifies whether the equal sign of c0,1=H(r1,1,G(t0,1,r1,1)+e0,1) is established. Further, verifier algorithm V verifies whether the equal sign of c1,1=H(t0,1,e0,1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of Ch1=2, verifier algorithm V verifies whether the equal sign of c0,1=H(r1,1,y−F(r1,1)−G(t1,1,r1,1)−e1,1) is established. Further, verifier algorithm V verifies whether the equal sign of c2,1=H(t1,1,e1,1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
When steps 1,1 to 4,1 are finished, processing similar to steps 1,1 to 4,1 is performed N times. The N-th processing is as follows.
As illustrated in
Next, certifier algorithm P calculates c0,N←H(r1,N,G(t0,N,r1,N)+e0,N). Next, certifier algorithm P calculates c1,N←H(t0,N,e0,N). Next, certifier algorithm P calculates c2,N←H(t1,N,e1,N). Message (c0,N,c1,N,c2,N) generated in step #1 is sent to verifier algorithm V.
Verifier algorithm V having received message (c0,N,c1,N,c2,N) selects which verification pattern is used among three verification patterns. For example, verifier algorithm V selects one numerical value from three values {0, 1, 2} indicating the verification pattern types, and sets the selected numerical value as request ChN. This request ChN is sent to certifier algorithm P.
Certifier algorithm P having received request ChN generates response σN to be sent to verifier algorithm V, according to received request ChN. In the case of ChN=0, certifier algorithm P generates response σN=(r0,N,t1,N,e1,N). In the case of ChN=2, certifier algorithm P generates response σN=(r1,N,t0,N,e0,N). In the case of ChN=2, certifier algorithm P generates response σN=(r1,N,t1,N,e1,N). Response σN generated in step #3 is sent to verifier algorithm V.
Verifier algorithm V having received response σN performs the following verification processing by the use of received response σN.
In the case of Ch1=0, verifier algorithm V verifies whether the equal sign of c1,N=H(r0,N−t1,N,F(r0,N)−e1,N) is established. Further, verifier algorithm V verifies whether the equal sign of c2,1=H(t1,N,e1,N) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of ChN=1, verifier algorithm V verifies whether the equal sign of c0,N=H(r1,N,G(t0,N,r1,N)+e0,N) is established. Further, verifier algorithm V verifies whether the equal sign of c1,N=H(t0,N,e0,N) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
In the case of ChN=2, verifier algorithm V verifies whether the equal sign of c0,N=H(r1,N,y−F(r1,N)−G(t1,N,r1,N)−e1,N) is established. Further, verifier algorithm V verifies whether the equal sign of c2,N=H(t1,N,e1,N) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where these verifications succeed, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verifications.
A construction example of an efficient serialization algorithm according to the 3-pass scheme has been described above.
Next, the algorithm according to the 5-pass public key authentication scheme is explained. Also, in the following explanations, the 5-pass public key authentication scheme may be referred to as “5-pass scheme.”
Although the perjury probability per once in the conversation protocol is ⅔ in the case of the 3-pass scheme, the perjury probability per once in the conversation protocol is ½+1/q in the case of the 5-pass scheme. However, q is an order of a used ring. Therefore, in a case where the order of the ring is sufficiently large, it is possible to reduce the perjury probability per once more in the 5-pass scheme, and it is possible to sufficiently reduce the perjury probability with a small number of executions of the conversation protocol.
For example, in a case where it is requested to adjust the perjury probability to ½n or less, it is requested to execute the conversation protocol in the 3-pass scheme n/(log 3−1)=1.701n times or more. Meanwhile, in a case where it is requested to adjust the perjury probability to ½n or less, it is requested to execute the conversation protocol in the 5-pass scheme n/(1−log(1+1/q)) times or more. Therefore, if q=24 is set, the communication traffic requested to realize the same security level is smaller in the 5-pass scheme than the 3-pass scheme.
First, with reference to
Similar to an algorithm according to the 3-pass scheme, multivariable polynomial F1(x) used to mask multivariable polynomial F(x+r0) by the use of two vector t0εKn and e0εKm is expressed as F1(x)=G(x,t0)+e0. When this expression is used, the relation expressed by Expression (23) listed below is acquired with respect to multivariable polynomial F(x+r0).
Therefore, if t1=ChA·r0+t0 and e1=ChA·F(r0)+e0 are set, masked multivariable polynomial F2(x)=ChA·F(x+r0)+F1(x) can be expressed by two vectors t1εKn and e1εKm. In view of these reasons, if F1(x)=G(x,t0)+e0 is set, it is possible to express F1 and F2 by the use of the vector on Kn and the vector on Km, and it is possible to realize an efficient algorithm in which the data size requested for the communication is small.
Also, all information on r0 is not leaked from F2 (or F1). For example, even if e1 and t1 (or, e0 and t0) are given, it is not possible to know all information on r0 as long as e0 and t0 (or e1 and t1) are not known. Therefore, the zero knowledge is assured. In the following, the algorithm of the 5-pass scheme constructed based on the above-mentioned logic is explained. The algorithm of the 5-pass scheme described herein includes key generation algorithms Gen, certifier algorithms P and verifier algorithms V as listed below.
Key generation algorithm Gen generates multivariable polynomials f1(x1, . . . , xn), . . . , fm(x1, . . . , xn) defined on ring K and vector s=(s1, . . . , sn)εKn. Next, key generation algorithm Gen calculates y=(y1, . . . , ym)←(f1(s), . . . , fm(s)). Subsequently, key generation algorithm Gen sets (f1, . . . , fm,y) as public key pk and sets s as a secret key. In the following, vector (x1, . . . , xn) is written as “x” and a combination of multivariable polynomials (f1(x), . . . , fm(x)) is written as “F(x).”
In the following, with reference to
As illustrated in
Verifier algorithm V having received message (c0,c1) randomly selects one number ChA from q kinds of rings K and sends selected number ChA to certifier algorithm P.
Certifier algorithm P having received number ChA calculates t1←ChA·r0−t0. Further, certifier algorithm P calculates e1←ChA·F(r0)−e0. Subsequently, certifier algorithm P sends t1 and e1 to verifier algorithm V.
Verifier algorithm V having received t1 and e1 selects which verification pattern is used among two verification patterns. For example, verifier algorithm V selects one numerical value from two numerical values {0, 1} indicating the verification pattern types, and sets the selected numerical value as request ChB. This request ChB is sent to certifier algorithm P.
Certifier algorithm P having received request ChB generates response Rsp to be sent back to verifier algorithm V, according to received request ChB. In the case of ChB=0, certifier algorithm P generates response Rsp=r0. In the case of ChB=1,certifier algorithm P generates response Rsp=r1. Response Rsp generated in step #5 is sent to verifier algorithm V.
Verifier algorithm V having received response Rsp performs the following verification processing by the use of received response Rsp.
In the case of ChB=0, verifier algorithm V executes r0←Rsp. Subsequently, verifier algorithm V verifies whether the equal sign of c0=H(r0,ChA·r0−t1,ChA·F(r0)−e1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where this verification succeeds, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verification.
In the case of ChB=1, verifier algorithm V executes r1←Rsp. Subsequently, verifier algorithm V verifies whether the equal sign of c1=H1(r1,ChA·(y−F(r1))−G(t1,r1)−e1) is established. Verifier algorithm V outputs a value of 1 indicating the authentication success in a case where this verification succeeds, and outputs a value of 0 indicating the authentication failure in a case where there is a failure in the verification.
A construction example of an efficient algorithm according to the 5-pass scheme has been described above.
The method of serializing the algorithm of the 5-pass scheme illustrated in
First, with reference to
However, in the system illustrated in
Meanwhile, if a method such as omitting a password input in a predetermined case is adopted like Japanese Patent Laid-Open No. 2002-278930 to reduce the load of the server 200, others other than the identical person can login and the decrease in security is assumed (i.e., problem of so-called “impersonation”).
Therefore, in the present embodiment, by distributing authentication processing even at the time of processing requests other than a login request of the user, load reduction of the server 200 is performed.
As an example, in the system illustrated in
By contrast with this, in the method according to the present embodiment illustrated in
Further, when the user performs a predetermined operation to change the personal information, the server 200 performs authentication processing by the repeat count of 100 times in total added up after the user authentication. Accordingly, the user can change the personal information (such as the password change and the change in the address and the telephone number).
After that, when the user performs a predetermined operation for credit card transactions, the server 200 performs authentication processing by the repeat count of 140 times in total added up after the user authentication. Accordingly, the user can perform credit-card transactions.
As described above, in the present embodiment, by distributing authentication processing even at the time of processing requests other than login requests, it is possible to achieve load reduction of the server 200. Accordingly, by distributing the number of authentication of many users, it is possible to distribute the load on the side of the 200 server. Also, since the authentication processing is smoothly performed, the user can perform an operation such as authentication processing while feeling a so-called “smooth sense” without feeling the time of the authentication processing. Also, on the side to build a site of the server 200, by recognizing the repeat count at the time of building the site, it is possible to recognize the degree of importance of requested processing.
Thus, in the present embodiment, it is possible to adjust the authentication level by the setting of repeat count N. Also, since the repeat count has no relation with the strength of a secret key, it is possible to perform processing without decreasing the strength of the secret key. Further, it is possible to set the authentication level according to the degree of importance of requested processing. Moreover, by cumulating the authentication count according to the hierarchy, it is possible to enhance the authentication strength.
The server 200 includes a communication unit 201, a request processing execution processing 202, an authentication execution unit 204, an authentication count record unit 206, a database 208 and a display panel 210. The communication unit 201 performs communication with the client terminal 100 through the network 300, receives a processing request sent from the client terminal 100 and transmits a response with respect to the processing request. The request processing execution processing 202 executes processing according to a processing request transmitted from the client terminal 100. In a case where a processing request of user authentication is sent from the client terminal 100, the processing request execution unit 202 acquires this processing request, requests the user authentication to the authentication execution unit 204 and receives information on permission/non-permission of authentication from the authentication execution unit 204. Also, when a processing request to browse specific information is given from the client terminal 100, the request processing execution processing 202 extracts information corresponding to the processing request from the database 208 and transmits it to the client terminal 100 through the communication unit 201.
The authentication execution unit 204 executes user authentication by the above public key authentication scheme. The authentication execution unit 204 performs authentication processing by distributing multiple times of repetition per hierarchy of access to the server 200, using the above sequential method in which exchange of a message, request or response is sequentially repeated multiple times at the time of user authentication. In the example illustrated in
The authentication count record unit 206 records the repeat count of authentication. Especially, the authentication count record unit 206 can record the repeat count of authentication added up after the user authentication. The database 208 stores data related to a service chiefly provided by the server 200. For example, in a case where the server 200 is a social network server, the database 208 stores information on the information of each user registered in the social network. Also, in a case where the server 200 is a portal server to provide a portal site, the database 208 stores information on the portal site.
Also, the components of the server 200 illustrated in
In the configuration illustrated in
The authentication execution unit 204 acquires the number of authentication to jump to a hierarchy corresponding to a user's processing request, on the basis of the number of authentication recorded in the authentication count record unit 206. Subsequently, the authentication execution unit 204 executes authentication of the acquired authentication count. When the authentication is terminated, the authentication execution unit 204 records the number of authentication newly performed, in the authentication count record unit 206. Accordingly, the authentication count record unit 206 records the total number of authentication performed after the user logs in.
In the case of the example illustrated in
In the case of n−n′≧0 in step S12, it proceeds to step S18. In a case where it proceeds to step S18, since the repeat count n of authentication up to now is larger than the repeat count n′ corresponding to the processing request from the client terminal 100, the repeat count n′ corresponding to the processing request is already achieved. Therefore, a session is maintained/started in step S18.
Meanwhile, in the case of n−n′<0 in step S12, it proceeds to step S14. In a case where it proceeds to step S14, since the repeat count n′ corresponding to the processing request from the client terminal 100 is larger than the repeat count n of authentication up to now, the repeat count of authentication up to now is insufficient. Therefore, in step S14, the shortfall of the repeat count of authentication is calculated by calculating n′−n and n′−n times of authentication are executed.
When n′−n times of authentication succeed in step S14, it proceeds to step S16 and the repeat count n of authentication achieved up to now is replaced with the value of n′ corresponding to the processing request received in step S10 (n←n′) and recorded in the authentication count record unit 206.
In next step S18, since the authentication succeeds in step S14, the session corresponding to the processing request is maintained or the session is started.
Meanwhile, in a case where n′−n times of authentication fails in step S14, it proceeds to step S20. The failure of authentication is caused due to a case where there is a mistake in user's authentication information (in the case of so-called “impersonation by others”) or a communication environment degrades. In this case, the session is interrupted in step S20 and the repeat count n achieved up to now is reset to 0 in step S22 (n←0). Accordingly, in a case where the user performs a processing request next, authentication is executed from the beginning. After steps S18 and S22, the processing is terminated (i.e. end).
In the present embodiment, as described above, a scheme of user authentication has been described above using, as an example, the public key authentication scheme providing security grounds by the hardness of a solving problem with respect to multidimensional multivariable simultaneous equations. The user authentication protocol is not limited to this, and other protocols are widely available as long as they are authentication protocols that can adopt the sequential configuration as illustrated in
Especially, since an MQ protocol provides high security, is able to adopt a sequential configuration and provides the repeat count having no relation with the strength of the secret key, it can be suitably used for authentication processing according to the present embodiment.
As other authentication protocols, for example, an authentication protocol based on the syndrome decoding problem can be used (a new paradigm for public key identification, CRYPTO 1993, IEEE Trans. on IT 1996).
The authentication count n′ to be passed per processing can be arbitrarily set by the site designer on the side of the server 200. Here, it is preferable to set authentication count n′ according to the following policies.
The repeat count is increased in processing with a lot of prior procedures.
For example, a general SNS sets the repeat count n′ to be larger in order of “browsing of public information<login<browsing of member information<browsing of personal information<personal information change<transaction operation” (see
When the perjury probability by one repeat count is ⅔, regarding processing with the largest number, it is desirable to set it to 140 times recommended in a code theory.
In the above example, although same authentication repeat count n′ is set to each user, it is possible to recognize the user ID on the server side and set a different authentication level value (authentication count n′) every user ID.
Accordingly, it is possible to vary the weighting by the setting of authentication levels, between the user who is certainly to be authenticated in view of the side of the server 200 (i.e., site side) and the user who is less likely to be authenticated. For example, in a case where it is known that a certain user is a celebrity, authentication count n′ is uniformly set higher than general users. For example, in
Each above algorithm can be executed using a hardware configuration of an information processing apparatus illustrated in
As illustrated in
The CPU 902 functions as an arithmetic processing unit or a control unit, for example, and controls entire operation or a part of the operation of each structural element based on various programs recorded on the ROM 904, the RAM 906, the storage unit 920, or a removable recording medium 928. The ROM 904 is a mechanism for storing, for example, a program to be loaded on the CPU 902 or data or the like used in an arithmetic operation. The RAM 906 temporarily or perpetually stores, for example, a program to be loaded on the CPU 902 or various parameters or the like arbitrarily changed in execution of the program.
These structural elements are connected to each other by, for example, the host bus 908 capable of performing high-speed data transmission. For its part, the host bus 908 is connected through the bridge 910 to the external bus 912 whose data transmission speed is relatively low, for example. Furthermore, the input unit 916 is, for example, a mouse, a keyboard, a touch panel, a button, a switch, or a lever. Also, the input unit 916 may be a remote control that can transmit a control signal by using an infrared ray or other radio waves.
The output unit 918 is, for example, a display device such as a CRT, an LCD, a PDP or an ELD, an audio output device such as a speaker or headphones, a printer, a mobile phone, or a facsimile, that can visually or auditorily notify a user of acquired information. Moreover, the CRT is an abbreviation for Cathode Ray Tube. The LCD is an abbreviation for Liquid Crystal Display. The PDP is an abbreviation for Plasma Display Panel. Also, the ELD is an abbreviation for Electro-Luminescence Display.
The storage unit 920 is a device for storing various data. The storage unit 920 is, for example, a magnetic storage device such as a hard disk drive (HDD), a semiconductor storage device, an optical storage device, or a magneto-optical storage device. The HDD is an abbreviation for Hard Disk Drive.
The drive 922 is a device that reads information recorded on the removable recording medium 928 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, or writes information in the removable recording medium 928. The removable recording medium 928 is, for example, a DVD medium, a Blu-ray medium, an HD-DVD medium, various types of semiconductor storage media, or the like. Of course, the removable recording medium 928 may be, for example, an electronic device or an IC card on which a non-contact IC chip is mounted. The IC is an abbreviation for Integrated Circuit.
The connection port 924 is a port such as an USB port, an IEEE1394 port, a SCSI, an RS-232C port, or a port for connecting an externally connected device 930 such as an optical audio terminal. The externally connected device 930 is, for example, a printer, a mobile music player, a digital camera, a digital video camera, or an IC recorder. Moreover, the USB is an abbreviation for Universal Serial Bus. Also, the SCSI is an abbreviation for Small Computer System Interface.
The communication unit 926 is a communication device to be connected to a network 932, and is, for example, a communication card for a wired or wireless LAN, Bluetooth (registered trademark), or WUSB, an optical communication router, an ADSL router, or a device for contact or non-contact communication, or the like. The network 932 connected to the communication unit 926 is configured from a wire-connected or wirelessly connected network, and is the Internet, a home-use LAN, infrared communication, visible light communication, broadcasting, or satellite communication, for example. Moreover, the LAN is an abbreviation for Local Area Network. Also, the WUSB is an abbreviation for Wireless USB. Furthermore, the ADSL is an abbreviation for Asymmetric Digital Subscriber Line.
The technical content described above is applicable to various kinds of information processing apparatuses such as a PC, a mobile phone, a game machine, an information terminal, information appliances and a car navigation system. Here, functions of an information processing apparatus described below can be realized using one information processing apparatus or realized using a plurality of information processing apparatuses. Also, a data storage unit and computation processing unit used at the time of performing processing by an information processing apparatus described below may be installed in the information processing apparatus or may be installed in a device connected through a network.
As described above, according to the present embodiment, by distributing authentication processing even at processing requests other than a login request of the user, it is possible to reduce the load of the server 200. Therefore, since the authentication processing is smoothly performed, the user can perform an operation such as authentication processing in a comfortable manner without feeling the time of the authentication processing.
It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and alterations may occur depending on design requirements and other factors insofar as they are within the scope of the appended claims or the equivalents thereof.
Additionally, the present technology may also be configured as below.
(1) An information processing apparatus including:
a processing request acquisition unit configured to sequentially acquire a plurality of processing requests from a user; and
an authentication execution unit configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of processing requests.
(2) The information processing apparatus according to (1), wherein the authentication execution unit sets a number of times of the user authentication processing according to an authentication level of each of the plurality of processing requests and executes the user authentication processing.
(3) The information processing apparatus according to (1), wherein the authentication execution unit executes the user authentication processing using an authentication protocol that repeats an exchange of information for the user authentication processing a plurality of times.
(4) The information processing apparatus according to (3), wherein the authentication execution unit executes user authentication processing by an MQ protocol.
(5) The information processing apparatus according to (3), further including an authentication count record unit configured to record a repeat count n of the user authentication processing executed,
wherein the authentication execution unit further executes the user authentication processing in a case where the repeat count n does not reach a repeat count n′ set in advance depending on a type of the processing request.
(6) The information processing apparatus according to (5), wherein the authentication execution unit executes the user authentication processing until the repeat count n reaches the repeat count n′ set in advance depending on the type of the processing request.
(7) The information processing apparatus according to (5), wherein the authentication execution unit further executes the user authentication processing (n′−n) times in a case where the repeat count n does not reach the repeat count n′ set in advance depending on the type of the processing request.
(8) The information processing apparatus according to (5), wherein the repeat count n′ set in advance is set to be a higher value as confidentiality of a processing request of a user is higher.
(9) The information processing apparatus according to (5), wherein the repeat count n′ set in advance is set to be a different value for each user.
(10) The information processing apparatus according to (5), wherein the authentication execution unit resets the repeat count n of the user authentication processing executed to 0 in a case where the user authentication processing is not normally executed.
(11) An information processing system including:
a client terminal configured to transmit a processing request input from a user; and
a server including a processing request acquisition unit configured to sequentially acquire a plurality of the processing requests from the client terminal, and an authentication execution unit configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of the processing requests.
(12) An information processing method including:
sequentially acquiring a plurality of processing requests from a user; and
distributing and executing user authentication processing according to a timing of acquiring the plurality of processing requests.
(13) A program that causes a computer to function as:
a device configured to sequentially acquire plurality of processing requests from a user; and
a device configured to distribute and execute user authentication processing according to a timing of acquiring the plurality of processing requests.
(14) A client terminal including:
a transmission unit configured to transmit a processing request input from a user; and
a reception unit configured to receive a result of user authentication processing from a server that sequentially acquires a plurality of the processing requests from the client terminal and distributes and executes the user authentication processing according to a timing of acquiring the plurality of the processing requests.
The present disclosure contains subject matter related to that disclosed in Japanese Priority Patent Application JP 2012-193891 filed in the Japan Patent Office on Sep. 4, 2012, the entire content of which is hereby incorporated by reference.
Number | Date | Country | Kind |
---|---|---|---|
2012-193891 | Sep 2012 | JP | national |