1. Field of the Invention
The present invention relates to a device for verifying use qualifications.
2. Description of the Prior Art
With the development of networks, intellectual properties represented by digital information such as software and multimedia data are growing rapidly. The digital information can be duplicated easily and illegally without leaving evidence. Hence, there is a problem with the protection of a copyright on digital information.
Tickets are commonly used as the representation of a right for use and attempts to digitize them have been carried out. However, this poses the same copyright protection problem as described above.
A conventional technique for verifying qualifications for using software is disclosed in U.S. Pat. No. 5,586,186 (hereinafter referred to as the prior art). This technique, which implements access control of software, can also be used to digitize tickets by acknowledging use qualifications in a manner that sees whether given encrypted information is correctly decrypted, instead of decrypting encrypted software.
With the prior art, encrypted software is distributed, and when a user wishes to use the software, information for decrypting (user key) is purchased from a software vendor. RSA (Rivest-Shamir-Adleman) public key cryptography is used for encryption, and a value obtained by performing a predetermined operation on a private key of an RSA public key pair and user identification information is used as a user key.
The prior art employs an RSA-based authentication system which is computatively complex. According to Bruce Schneier, Applied Cryptography (second edition), Wiley, 1996, by use of the RSA cryptography that uses modulus of 1024 bits and public key of eight bits, a workstation (SPARC2) requires 0.97 seconds for signature and 0.08 seconds for verification to process 1024 bits of data. Accordingly, devices such as an IC card, which have much smaller CPU power and memory than those of workstations, have a problem that too much time is required for authentication.
The present invention has been made in consideration of the above problem and its object is to implement a use qualification verification device which enables even devices having small CPU power and memory to perform authentication fast.
To solve the above-mentioned problem, a use qualification verification device according to Claim 1 comprises a proof support information issuance unit, a verification unit, and a proof unit. The proof support information issuance unit comprises: a proof information management part that manages proof information: used for authentication of use qualifications; a private information management part that manages private information; a first unidirectional function computation part used to compute proof support information; a proof support information computation part that computes proof support information; and a first communication part. The verification unit comprises: a proof information memory part that stores proof information; a challenge information computation part that computes challenge information; a second unidirectional function computation part; a response information verification part that verifies response information; and a second communication part. Furthermore, the proof unit comprises: a private information memory part that stores private information; a proof support information management part that manages proof support information; a third unidirectional function computation part; a response information computation part that computes response information; and a third communication part.
A use qualification verification device according to Claim 2 comprises a proof support information issuance unit, a verification unit, and a proof unit. The proof support information issuance unit comprises: a proof information management part that manages proof information; a private information management part that manages private information; a first unidirectional function computation part used to compute proof support information; a proof support information computation part that computes proof support information; and a first communication part. The verification unit comprises: a first private information memory part that stores private information; a first proof support information management part that manages proof support information; a challenge information computation part that computes challenge information; a second unidirectional function computation part; a response information verification part that verifies response information; and a second communication part. Furthermore, the proof unit comprises: a second private information memory part that stores private information; a second proof support information management part that manages proof support information; a third unidirectional function computation part; a response information computation part that computes response information; and a third communication part.
A use qualification verification device according to Claim 3 is a use qualification verification device set forth in Claim 1 or 2, wherein the proof information management part manages a use limitation description, which gives information indicating use conditions, together with proof information, and the proof support information management part manages the use limitation description together with proof support information, and the use limitation description is used to compute proof support information in the proof part and response information in the proof part.
A use qualification verification device according to Claim 4 is a use qualification verification device set forth in Claim 1 through 3, wherein the use qualification verification device includes a decryption part that, if use qualifications are acknowledged, decrypts information by using proof information or a value obtained from the proof information as a decryption key of the decryption part.
A use qualification verification device according to Claim 5 is a use qualification verification device set forth in Claim 1 through 4, wherein the use qualification verification device includes a history management part that manages a history of use qualification verifications and a first proof support information management part manages transfer information together with proof support information, the challenge information further contains transfer information, and the transfer information is stored in the history management part during use qualification verification.
A use qualification verification device according to Claim 6 comprises a proof support information issuance unit, a verification unit, and a proof unit. The proof support information issuance unit comprises: a proof information management part that manages proof information used for authentication of use qualifications; a private information management part that manages private information; a first unidirectional function computation part that, to at least the private information managed by the private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a proof support information computation part that computes proof support information based on the private information managed by the private information management part and the computation results of the first unidirectional function computation part; and a first communication part that sends and receives information in the process of computation of proof support information. The verification unit comprises: a proof information memory part that stores proof information; a first challenge information computation part that computes first challenge information; a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a first response information computation part that lets the second unidirectional function computation part act on received second challenge information to compute first response information; a first response information verification part that lets the second unidirectional function computation part act on the proof information stored in the proof information memory unit and a value obtained based on a part or all of the first challenge information and checks whether an obtained result and second response information are equal; and a second communication part that sends and receives information in the process of authentication of use qualifications. Furthermore, the proof unit comprises: a private information memory part that stores private information; a proof support information management part that manages proof support information used to create response information; an internal state management part that manages an internal state corresponding to proof support information; a second challenge information computation part that computes challenge information; a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a second response information computation part that lets the third unidirectional function computation part act on a part or all of received information, the private information stored in the private information memory part, and a value obtained based on the proof support information managed by the proof support information management part to compute second response information; a second challenge information computation part that computes second challenge information; a second response information verification part that lets the third unidirectional function computation part act on the first response information, a part or all of the second challenge information, the private information stored in the private information memory part, and a value obtained based on the proof support information managed by the proof support information management part and checks whether an obtained result and response information are equal; and a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation.
A use qualification verification device according to Claim 7 comprises a proof support information issuance unit, a verification unit, and a proof unit. The proof support information issuance unit comprises: a proof information management part that manages proof information used for authentication of use qualifications; a private information management part that manages private information; a first unidirectional function computation part that, to at least the private information managed by the private information management part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a proof support information computation part that computes proof support information based on the private information managed by the private information management part and the computation results of the first unidirectional function computation part; a first communication part that sends and receives information in the process of computation of proof support information; a first private information memory part that stores private information; a first proof support information management part that manages proof support information; a first challenge information computation part that computes first challenge information; a second unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a first response information computation part that lets the second unidirectional function computation part act on the received second challenge information to compute first response information; a first response information verification part that lets the second unidirectional function computation part act on the proof information stored in the proof information memory unit and a value obtained based on a part or all of the first challenge information and checks whether an obtained result and second response information are equal; and a second communication part that sends and receives information in the process of authentication of use qualifications. Furthermore, the proof unit comprises: a second private information memory part that stores private information; a second proof support information management part that manages proof support information used to create response information; an internal state management part that manages an internal state corresponding to proof support information; a second challenge information computation part that computes challenge information; a third unidirectional function computation part that applies a unidirectional function whose inverse function is at least computationally difficult to obtain; a second response information computation part that lets the third unidirectional function computation part act on a part or all of received information, the private information stored in the private information memory part, and a value obtained based on the proof support information managed by the proof support information management part to compute second response information; a second challenge information computation part that computes second challenge information; a second response information verification part that lets the third unidirectional function computation part act on the first response information, a part or all of the second challenge information, the private information stored in the private information memory part, and a value obtained based on the proof support information managed by the proof support information management part and checks whether an obtained result and response information are equal; and a third communication part that sends and receives information in the process of authentication of use qualifications and in the process of proof support information computation.
A use qualification verification device according to Claim 8 is a use qualification verification device set forth in Claim 6 or 7, wherein a proof information management part manages a use limitation description, which gives information indicating use conditions, together with proof information, and a proof support information management part manages the use limitation description together with proof support information and includes the use limitation description to compute proof support information used in the proof part and response information generated in the proof part.
A use qualification verification device according to Claim 9 is a use qualification verification device set forth in Claim 6 through 8, wherein the use qualification verification device includes a decryption part that, if use qualifications are acknowledged, decrypts information by using proof information or a value obtained from the proof information as a decryption key of the decryption part.
A use qualification verification device according to Claim 10 is a use qualification verification device set forth in Claim 6 through 9, wherein the use qualification verification device includes a history management part that manages a history of use qualification verifications, and a first proof support information management part manages transfer information together with proof support information, and challenge information further contains transfer information and the transfer information is stored in the history management part during use qualification verification.
[Operation]
A use qualification verification device of the present invention performs the issuance of proof support information and the verification of use qualifications.
In a use qualification verification device set forth in any claim, the parts operate as described below to issue proof support information.
The first communication part receives information for identifying what right to issue to which equipment having the private information memory part. If a use limitation description is made to limit the right by a time period or other items, the use limitation description is specified together at this time.
The private information management part, based on information to identify an equipment, searches for private information stored in the private information memory part of the equipment.
The proof information management part, based on information to identify a right, searches for proof information corresponding to the right. The first unidirectional function computation part, to at least the private information and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain. If a use limitation description exists, a unidirectional function is also applied to the use limitation description.
The proof support information computation part computes proof support information based on the proof information and a value resulting from the application of the unidirectional function.
The proof support information is sent from the first communication part and transferred to the communication part of relevant equipment, and stored in the proof support information management part of the relevant equipment.
The use qualification verification device according to Claim 1 verifies use qualifications as described below.
The challenge information computation part generates a random number and outputs the random number and right identification information stored in the proof information memory part together as challenge information.
The challenge information is transferred from the second communication part to the third communication part. The proof support information management part searches for proof support information corresponding to right identification information contained in the challenge information.
The third unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information. The third unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain, thereby outputting response information.
The third communication part transfers response information to the second communication part.
The second unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information verification unit compares a result of the application of the unidirectional function with the response information, and acknowledges use qualifications if and only if they coincide.
The use qualification verification device according to Claim 2 verifies use qualifications as described below.
Prior to the verification of use qualifications, it is determined which right is to be verified, by inputting right identification information from the second communication part or performing computations according to predetermined rules.
The challenge information computation part generates a random number and outputs the random number and the right identification information together as challenge information.
The challenge information is transferred from the second communication part to the third communication part. The second proof support information management part searches for proof support information corresponding to right identification information contained in the challenge information.
The third unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information.
The third unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain, thereby producing response information.
The third communication part transfers response information to the second communication part.
The second unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information.
The second unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information verification unit compares a result of the application of the unidirectional function with the response information, and acknowledges use qualifications if and only if they coincide.
In the use qualification verification device according to Claim 3, the verification of use qualifications is performed as described below.
This use qualification verification device has the same parts as the use qualification verification device according to Claim 1 or 2.
The proof support information management part managing proof support information used to compute response information manages a use limitation description together with proof support information, and when searching for proof support information from right identification information, searches for the use limitation description as well.
The third unidirectional function computation part, to the right identification information, the use limitation description, and private information stored in the private information memory part, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information. The third unidirectional function computation part, to the proof information, a random number of the challenge information, and the use limitation description, applies a unidirectional function whose inverse function is at least computationally difficult to obtain. The use limitation description and a value obtained here together are output as response information.
The response information verification part acknowledges use qualifications only when a value resulting from the application of the first unidirectional function computation part to the proof information, a random number of the challenge information, and the use limitation description of the response information equals to information other than the use limitation description of the response information, and the use limitation description satisfies given conditions. (An alternative method is for the response information computation part to determine whether the use limitation description satisfies given conditions.)
The use qualification verification device according to Claim 4 verifies use qualifications as described below.
This use qualification verification device has the same parts as the use qualification verification device according to Claim 1 through 3.
If use qualifications are acknowledged by the response information verification part, the decryption part decrypts information by using proof information or a value obtained from the proof information as a decryption key.
The use qualification verification device according to Claim 5 verifies use qualifications as described below.
This use qualification verification device has the same parts as the use qualification verification device according to Claim 1 through 4.
The proof information memory part or the first proof support information management part manages transfer information together with proof information or proof support information.
Challenge information further contains the transfer information.
The transfer information is stored in the history management part during use qualification verification.
The use qualification verification device according to Claim 6 verifies use qualifications as described below.
The first challenge information computation part generates a first random number and outputs at least the random number and right identification information stored in the proof information memory part together as challenge information.
The challenge information is transferred from the second communication part to the third communication part.
The second challenge information computation part generates a second random number and outputs it as second challenge information.
The third communication part transfers the second challenge information to the second communication part. The first response information computation part inputs at least the second challenge information to the second unidirectional function computation part and outputs information containing a value obtained here as first response information.
The first response information is transferred from the second communication part to the third communication part. The third unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The proof support information management part searches for proof support information corresponding to right identification information contained in the challenge information.
The second response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information. Next, the first response information is compared with a value resulting from the application of the third unidirectional function computation part to the second challenge information and information containing the proof information.
If the value does not satisfy a given relation, a meaningless value is generated as second response information, and if the value satisfies the given relation, change of internal state and computation of response information are performed as described later.
The internal state management part searches for an internal state corresponding to the right identification information and changes the internal state in accordance with information obtained from the first challenge information or the first response information.
The third unidirectional function computation part, to the proof information and a first random number contained in the first challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The second response information computation part outputs this value as second response information.
The third communication part transfers the response information to the second communication part.
The second unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information verification unit compares a result of the application of the unidirectional function with the response information, and acknowledges use qualifications if and only if they coincide.
The use qualification verification device according to Claim 7 verifies use qualifications as described below.
Prior to the verification of use qualifications, it is determined which right is to be verified, by inputting right identification information from the second communication part or performing computations according to predetermined rules.
The challenge information computation part generates a random number and outputs the random number and the right identification information together as challenge information.
The challenge information is transferred from the second communication part to the third communication part. The first proof support information management part searches for proof support information corresponding to right identification information contained in the challenge information.
The first challenge information computation part generates a first random number and outputs at least the random number and right identification information stored in the proof information memory part together as challenge information. The challenge information is transferred from the second communication part to the third communication part. The second challenge information computation part generates a second random number and outputs it as second challenge information.
The third communication part transfers second challenge information to the second communication part. The second unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The first response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information.
The first response information computation part inputs at least the proof information and the second challenge information to the second unidirectional function computation part and outputs information containing a value obtained here as first response information.
The first response information is transferred from the second communication part to the third communication part. The third unidirectional function computation part, to private information stored in the private information memory part and the right identification information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The proof support information management part searches for proof support information corresponding to right identification information contained in the challenge information.
The second response information computation part performs operations on a computation result of the unidirectional function and the proof support information to obtain proof information. Next, the first response information is compared with a value resulting from the application of the third unidirectional function computation part to the second challenge information and information containing the proof information.
If the value does not satisfy a given relation, a meaningless value is generated as second response information, and if the value satisfies the given relation, change of internal state and computation of response information are performed as described later.
The internal state management part searches for an internal state corresponding to the right identification information and changes the internal state in accordance with information obtained from the first challenge information or the first response information.
The third unidirectional function computation part, to the proof information and a first random number contained in the first challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The second response information computation part outputs this value as second response information.
The third communication part transfers the response information to the second communication part.
The second unidirectional function computation part, to the proof information and a random number of the challenge information, applies a unidirectional function whose inverse function is at least computationally difficult to obtain.
The response information verification unit compares a result of the application of the unidirectional function with the response information, and acknowledges use qualifications if and only if they coincide.
The use qualification verification device according to Claim 10 verifies use qualifications as described below.
This use qualification verification device has the same parts as the use qualification verification device according to Claim 6 through 9.
The proof information memory part or the first proof support information management part manages transfer information together with proof information or proof support information.
The first challenge information or the first response information further contains the transfer information.
The transfer information is stored in the history management part during use qualification verification.