Cryptography – Particular algorithmic function encoding – Nbs/des algorithm
Patent
1995-11-06
2000-01-04
Hayes, Gail O.
Cryptography
Particular algorithmic function encoding
Nbs/des algorithm
380 23, 380 21, 380 28, 380 30, 380 49, H04L 900, H04K 100
Patent
active
060118482
DESCRIPTION:
BRIEF SUMMARY
TECHNICAL FIELD
The present invention relates message delivery method and system for making it such that, in a case an information provider provides a message requested by a user by using an electric communication system, the information provider authenticates an authenticity of the user by the user authentication, while surely delivering to the user the message requested by the user, and in response to a lodging of an objection from the user later on that the requested message has not been received, it is possible to prove a fact that the information provider has definitely delivered the requested message to the user and the user has received that, which are particularly useful for a charged information providing service, delivery proof service, etc.
BACKGROUND ART
Conventionally, the representative authentication methods include a user authentication scheme for checking an authenticity of a system user, a message authentication scheme for proving that a message is an authentic one, and a digital signature scheme in which they are combined further and the information producer guarantees that a produced message is an authentic one. Here, the user authentication scheme, the message authentication scheme, and the digital signature scheme will be briefly explained with references to the respective figures.
FIG. 1A is a conceptual diagram of an authentication scheme according to the Fiat Shamir scheme which is the representative example of the user authentication scheme. (A. Fiat and A. Shamir: "How to prove yourself, practical solutions to identification and signature problems", Proc. of Crypto' 86, 1986.5, and U.S. Pat. No. 4,748,668.
According to this Fiat Shamir scheme, when a party (referred hereafter as a prover) which owns a secret information s tries to prove its authenticity to a verifier, it is authenticated as follows, with N (=pq: p and q are mutually different large prime numbers) and I (=s.sup.2 (mod N)) as the public information of the prover, and s, p and q as the secret information of the prover.
First, at the beginning, the prover generates a random number R, calculates a preresponsive message X=R.sup.2 (mod N), and sends X to the verifier. The verifier who received said X selects 0 or 1 randomly as a check bit e, and sends e to the prover. The prover who received said e calculates a responsive message Y=Rs.sup.e (mod N), and sends Y to the verifier. The prover who received said Y verifies whether a verification formula y.sup.2 =X.times.I.sup.e (mod N) holds.
By setting what are up to this point as one round, and repeating this for t rounds, a probability for a third party who does not know the secret information s to clear the verification formula of the verifier becomes (1/2.sup.t). Therefore, when the authentication is finished normally for sufficiently large t, the verifier may very well judge that the verification target (prover) is an authentic prover who owns the secret information s.
Here, this authentication scheme is generally referred as an authentication scheme based on the zero knowledge interactive proof, which has a merit in that the prover notifies only a fact that it owns the secret information s to the verifier, without leaking other contents related to the secret information s at all.
However, in the Fiat Shamir scheme, there has been a problem that the log for the prover and the verifier cannot be used later on as an evidence for a fact that the verifier has authenticated the prover. For this reason, there is a proposition of an authentication scheme in Sakurai (Japanese Patent Application Laid Open No. 5-12321) as a solution method for this problem. According to this authentication scheme, it is said that, an evidence for a fact that the verifier has really authenticated the prover remains even after the verifier has authenticated the prover.
However, what remains as an evidence here is only for a fact that the verifier authenticated the prover through a communication at best, and apart from this authenticated fact, it does not refer to anything as to what kind of com
REFERENCES:
patent: 4748668 (1988-05-01), Shamir et al.
patent: 4932056 (1990-06-01), Shamir
patent: 5136642 (1992-08-01), Kawamura et al.
patent: 5140634 (1992-08-01), Guillou et al.
patent: 5245657 (1993-09-01), Sakurai
patent: 5373558 (1994-12-01), Chaum
patent: 5483597 (1996-01-01), Stern
patent: 5553145 (1996-09-01), Micali
patent: 5581615 (1996-12-01), Stern
B. Schneier, "Applied Cryptography." pp. 101-111.
Article entitled, "A Method for Obtaining Digital Signature and Public-Key Cryptosystems", by Rivest, Shamir and Adleman, Feb. 1978, Communications of the ACM.
Article entitled, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems", by Fiat and Shamir, Department of Applied Mathematics, The Welzmann Institute of Science, Rehovot 76100, Israel.
Article entitled, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems", by Fiat and Shamir, Department of Applied Mathematics, The Welzmann Institute of Science, Rehovot 76100, Israel.
Article entitled, "An Extension of the Fiat-Shamir Scheme Based on Higher Degree Roots", by Ohta and Okamoto, NTT Communications and Information Processing Laboratories, Nippon Telegraph and Telephone Corporation, Aug. 1988.
Kanda Masayuki
Takashima Youichi
Yamanaka Kiyoshi
Hayes Gail O.
Nippon Telegraph and Telephone Corporation
Sayadian Hrayr A.
LandOfFree
Method and system for message delivery utilizing zero knowledge does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for message delivery utilizing zero knowledge , we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for message delivery utilizing zero knowledge will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1078605