摘要 |
An authentication method adopting simple steps, in which it is difficult for a third person, who steals authentication data, to reuse (to replay, for attacking purpose) the stolen authentication data. First inspection data (value=Dn-1), used for inspecting client's authentication data, is stored in a server in advance, while the client also stores first seed data (value=Dn-1) for generating authentication data. The client first sends an authentication request to the server, and receives an authentication data request from the server. Then the client generates authentication data (value=Dn) by enciphering the first seed data (value=Dn-1) using a client's secret key (Ks), and sends the enciphered data to the server. The server deciphers the received authentication data (value=Dn) by using a public key (Kp) of the client to generate second inspection data (value=Dn-1), compares the second inspection data with the first inspection data (value=Dn-1), and when they are coincident, grants the authentication request and stores the authentication data (value=Dn) in place of the first inspection data. Upon receiving the grant, the client stores the authentication data (value=Dn) as second seed data in place of the first seed data (value=Dn-1).
|