The present invention relates to an authentication system, an authentication side device, and a security system.
Authentication systems or cryptographic communication systems are commonly used when there is a desire to conceal the content of services being provided and enjoyed with a specific partner.
In an authentication system, for example, both a side that provides services (referred to as “authentication server” here) and a side that receives services (referred to as “client” here) share confidential information unknown to a third party and identify and authenticate a counterpart by collating it. For example, an authentication system using a secret password, an individual identification recognition (identification (ID)) number, a fingerprint, a face, or the like, media access control (MAC) authentication using a MAC address which is an individual identification number of a device, and the like are often used.
In the cryptographic communication system, encryption and decryption of information (plain text) which is transmitted and received are performed using a public key system using a public key or a common key system using a common key.
The authentication systems and the cryptographic communication systems are used in various fields such as electronic payment systems using cash cards, credit cards, and the like and security gate systems that manage entrance and exit of office buildings, security rooms, and the like. In these systems, it is necessary to identify authorized users and unauthorized persons quickly and reliably. As an authentication system satisfying such requirements, for example, systems that identify and authenticate users using an ID number, fingerprint authentication, or face authentication are widely used.
On the other hand, attacks by unauthorized persons, for example, by copying or forging ID cards are well known. As one countermeasure to this, there is a method of combining and using a secret password known only to the user and the system administrator in the above authentication system, like that used in an automatic teller machines (ATM) at a bank or the like.
A problem of the method using this password lies in generation and management of the password. In other words, a problem is how the administrator of the authentication system and the authorized user share the password while preventing the password from being known to an unauthorized person.
For example, when a fixed password is used in a plurality of authentication systems, an unauthorized person can easily infer the password. An effective method of solving this is to change the secret password frequently. However, each time the password is changed, it is necessary to memorize a new password, which is a large burden on an authorized user.
Further, when a password is frequently received via a communication line which is generally used, an unauthorized person is likely to steal the password by wiretapping the communication line. In this case, information passing through the communication line is a classical information amount. For this reason, it is possible to copy and use the password, and the possibility of unauthorized use further increases.
In recent years, a password generation method using a terminal such as a security token has emerged. However, this password generation method is based on a mathematical algorithm. For this reason, when the algorithm is known, it is possible to infer the password.
Further, it is known that in cryptographic communication using quantum mechanical properties for generation and distribution of passwords, it is possible to implement communication of the utmost confidentiality, and an authentication system using this cryptographic communication has been proposed (for example, JP 2000-201144A).