1. Field of the Invention
The present invention relates to a device for authenticating user's access rights to resource.
2. Description of the Related Art
As prior-art technologies pertinent to the same technical field of the present invention, there has hitherto been known a program execution control technology. This program execution control technology is a technology in which:
1. inserting a user authentication routine into an application program; PA1 2. the above-mentioned routine inspects whether or not a user who tries to execute the application program has a normal authentication key; and PA1 3. only when it is confirmed that the user has the authentication key, the execution of the application program is continued, and in other cases, the execution of the application program is stopped. By utilizing the above-mentioned technology, it is possible to make the normal user having the authentication key capable of executing the application program. This technology is commercially available in the software distributing business. As commercially-available products using such technology, there are known SentinelSuperPro (trademark) of Rainbow Technologies, Inc., and HASP (trademark) of Aladdin Knowledge Systems, Ltd.
The program execution control technology will hereinafter be described more in detail.
1. A user who executes a software has an authentication key as user identification data. The authentication key is an encryption key and a person who permits the use of software, e.g. software vender distributes the authentication key to the user. The authentication key is closely sealed into a memory or the like of a hardware in order to prevent it from being duplicated and distributed to users by use of a physical means such as mail.
2. The user attaches a hardware incorporating therein an authentication key to a user's personal computer/workstation by a designated method. The hardware is attached to a printer board, for example.
3. When the user activates an application program and the execution of the program reaches the user authentication routine, the program communicates with the hardware incorporating the user authentication key. The program identifies the authentication key based on the communication result. If it is determined by the program that there exists the correct authentication key, then the next step is executed. If on the other hand the communication is failed and the existence of the correct authentication key is not confirmed, then the program stops its execution and the execution of the following program is inhibited.
The authentication key is identified by an access rights authentication routine in accordance with the following protocol, for example.
1. The access rights authentication routine generates a proper number and transmits a generated number to a key-incorporating hardware.
2. The key-incorporating hardware encrypts the number transmitted thereto by use of an incorporated authentication key and returns the encrypted number to the access rights authentication routine.
3. The access rights authentication routine determines whether or not the returned number is a previously-expected number, i.e. the number which is obtained by encrypting the number returned to the hardware by a correct authentication key.
4. If the returned number agrees with the expected number, the execution of the program is continued. If on the other hand the returned number does not agree with the expected number, the execution of the program is stopped.
In that case, the communication between the application program and the authentication key-incorporating hardware should become different each time even when the communication is made between the same portion of the same application program and the same hardware. Otherwise, each time the communication program in the normal execution process is recorded once and if the communication content is returned to the application program in exactly the same manner as that of the recording each time the program is executed, a user who does not have the correct authentication key could execute the program. The invalid execution of the application program based on the reproduction of this communication content is referred to as "replay attack".
To prevent the replay attach, it is customary that random numbers which are newly generated each time the communication is made are used as the numbers transmitted to the key-incorporating hardware.
The problems encountered with the related art are originated from a feature such that, when an application program is made, a programmer should execute a program protection processing based on an authentication key with the user's authentication key being assumed in advance.
That is, the programmer expects a correct reply from the key-incorporating hardware when making a program, and should make a program in such a manner that the program is executed correctly only when a correct reply is received.
Fundamentally, there are two modes in which the related art having the above-mentioned feature is used. Both of the two modes have the problems which will be described below.
1. According to a first method, there are prepared user authentication keys which are made different for users. That is, one different authentication key is prepared for each user such as when an authentication key A is prepared for a user A and an authentication key B is prepared for a user B.
In this case, the programmer should make a program by properly switching an authentication routine in the program for each user. That is, since authentication keys are different for every users, the authentication key in the program should be made so as to discriminate the authentication key inherent in the user who uses the program. Hence, the programmer must make different programs in response to the number of users who use such program.
When there are a large number of target users, work for customizing the program for each user imposes an unbearable labor on the programmer, and there is required an enormous list of user authentication keys that should be managed.
2. According to a second method, the programmer prepares different authentication keys for every applications. That is, different authentication keys should be prepared for every application such as when an authentication key A is prepared for an application A and an authentication key B is prepared for an application B. In addition, each application program should be made so as to identify an inherent authentication key.
According to the second method, a program need not be made for every user unlike the first method. Conversely, a user has to keep as many authentication keys as the number of application that the user uses.
This restriction raises the following problems for the programmer and the users.
As described before, the authentication key should be distributed to the user under the condition that it is strictly sealed into the hardware. Accordingly, while a program itself can be easily distributed to the user via a network, the hardware which incorporates therein the authentication key should be distributed to the user through only a physical means such as mail, This restriction imposes a large burden on the programmer from a standpoint of any of a cost, a time and packing.
The programmer has to stock a constant number of different hardware for every application in order to meet with user's requirements, and hence entails a cost of stock control.
Moreover, the user has to endure a troublesome work in exchanging a hardware each time an application used is changed.
There is the inconvenience that, even when the user intends to use a certain application, the user has to wait for the arrival of a hardware in which an authentication key is strictly sealed and the user cannot use the application immediately.
To alleviate the burden imposed upon the user, there is employed a method in which a plurality of authentication keys are previously sealed into the hardware and a password for enabling the user to use a new authentication key in the hardware is taught to the user each time the user is allowed to use such a new application. However, it is clear that, even when this method is used, the above-described problems cannot be solved from a principle standpoint. In actual practice, when a hardware becomes commercially available on the market, in order to alleviate the inconvenience caused by the above-mentioned problems, the hardware is designed in such a manner that a plural kinds of hardware can be connected.
Even when either of the above-mentioned two methods is employed as described above, there still exists a problem of inconvenience in the programmer and the user.
Having considered an external characteristic of execution control, it is to be understood that the above-mentioned related-art technologies can also be applied to a privacy protection of mails, an access control of files and computer resources, and other general digital contents access control. However, the above-mentioned related-art technologies cannot be applied to these fields due to the above-mentioned problems.