The present invention relates to an authentication method and system using authentication information valid for one-time. The invention also relates to an authentication apparatus and an authentication server serving as an authenticator in the authentication processing.
As data processing systems play a main role in various aspects of social activities in recent years, there is an urgent problem of security protection in data communication among individuals or between individuals and business entities via network.
Particularly, considering the fact that a recent network system is publicly open and widely used, security function is indispensable in the field such as electronic commerce or confidential-data transfer. For instance, in a case where legal action is taken between business entities or between individuals, conventionally (or even now), a contract or the like is written on a physical document, signed, impressed with a seal, and if necessary, accompanied with a registration certificate of seal impression or a notary certificate by notary officials, and the document is mailed to the other party by registered mail or contents-certified mail.
Technology in electronic data communication that safely substitutes the above action taken mostly on physical documents, is the network security technology. Today, as the data communication network using computers and networks spans worldwide, the demands for the network security technology are steadily increasing.
The purpose of the network security consists in assuring security of a network, that is, protecting data from various threats according to the level of confidentiality of the network system. In general, the purpose is to maintain 1 confidentiality, 2 integrity, 3 availability and 4 non-repudiation. Meanwhile, typical threats to the network that may be assumed to happen are wiretapping, leakage, masquerading, tampering/forgery, unauthorized intrusion/unauthorized access, interception, repudiation of facts, destruction and so on.
The essential techniques for network security are security technology, authentication technology, technology for transferring keys, technology for non-repudiation, a third-party credit agency, access control technology, security inspection, security evaluation standard and so on.
When data communication is performed via a network system, it is important, also necessary, to verify, control and manage who has used the system and how the system has been used, in order to maintain security. Most events occurred in the system are caused by a particular entity related to data communication; therefore, awareness of such fact is the basics for security assurance.
Authentication is to verify whether or not an entity (human being, or processes, software, hardware, communication data or the like which function in place of a human being) participating in data communication is the true (authentic) entity. In general, authentication can be classified as shown in FIG. 1, depending on the entity to be authenticated.
Entity authentication is to verify authenticity of an entity related to data communication e.g., a sender/receiver of a message or the like, while message authentication is to verify authenticity of a sent/received message. Note that entity authentication is sometimes called user authentication.
An entity authentication mechanism can be classified into entity identifying processing and entity authentication processing. The entity identifying processing is the processing for identifying who the user of the system is, and entity authentication processing is the processing for verifying whether or not the user is an authentic entity. In the former processing, generally a user identification name (user ID) or the like which is a known identifier is utilized. In the latter processing, the intrinsic authentication processing is performed, utilizing information which is available only to an authentic person.
The following description regarding the entity authentication mechanism explains the entity authentication processing.
The entity authentication mechanism can be roughly classified into four types, depending on the data used in authentication: authentication using knowledge, authentication using cipher, authentication using possession and authentication using biological characteristics. Details thereof will be described next.