CN107710675A - Authenticity determining device and authenticating method - Google Patents
Authenticity determining device and authenticating method Download PDFInfo
- Publication number
- CN107710675A CN107710675A CN201580081185.6A CN201580081185A CN107710675A CN 107710675 A CN107710675 A CN 107710675A CN 201580081185 A CN201580081185 A CN 201580081185A CN 107710675 A CN107710675 A CN 107710675A
- Authority
- CN
- China
- Prior art keywords
- signature
- information
- key
- authentication secret
- storage part
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
To instrument it is normal goods the present invention relates to a kind of or imitates the authenticity determining device that is judged of product.Authenticity determining device possesses:Device information storage part, it is stored to device information, and the device information represents to be determined the intrinsic information of the determine object device of the true and false;Signature storage part, it stores the signature for device information;Key information storage part, it is stored to key information, and the key information is by information derived from authentication secret corresponding with the generation key for generating signature;Authentication secret leading-out portion, it is exported authentication secret using key information;Signature verification portion, it is verified using authentication secret derived from authentication secret leading-out portion is passed through to the legitimacy of device information and the group of signature;And determination unit, it is judged the true and false of determine object device based on the legitimacy verified by signature verification portion.
Description
Technical field
To instrument it is normal goods the present invention relates to a kind of or imitates the authenticity determining device that is judged of product.
Background technology
Along with the development of the manufacturing technology of instrument, the manufacture of the imitation product for the regular instrument that disguises oneself as becomes easier to,
Thus be accordingly used in the importance for the identification technology distinguished normal goods and imitate product increasingly increases.Sentence as the true and false can be used in
One of fixed technology, it is proposed that PUF (Physical Unclonable Function) technology.In PUF technologies, even if using
Manufacture fluctuation this case is also there will necessarily be with the same identical circuit designed and manufactured, enabling from identical
Circuit, generate with each IC chip for being equipped with circuit and different values.Also, because manufacture fluctuation is difficult to
Manual control is imitated, therefore is effective in terms of preventing from manufacturing the imitation product for the normal goods that disguise oneself as.It is public in patent document 1
Following method has been opened, i.e. by using the integrated circuit for secret information being restored using PUF technologies, so as to prevent the imitative of circuit
System, realizes safe certification.
Patent document 1:Japanese Unexamined Patent Publication 2010-226603 publications
The content of the invention
The method of patent document 1 provides following function, i.e. for legal integrated circuit, in the case where being imitated
It is not normal goods that Counterfeit Item, which is characterized as, so as to prevent the imitated of integrated circuit.But for the instrument comprising integrated circuit,
What is utilized for integrated circuit is legal integrated circuit, but the part in addition to legal integrated circuit is imitated by others
For the instrument that product are formed, it is impossible to detect it is imitation product.Accordingly, there exist following problem, it is impossible to prevents for example with regular side
Formula obtains the instrument of low price, and only its outward appearance is reconstructed and the instrument for the high price that disguises oneself as, and is resell this as the instrument of high price
Deng devious conduct.
The present invention proposes to solve above-mentioned problem, it is intended that following authenticity determining devices are realized, should
Authenticity determining device is tested by using the device information intrinsic to the overall related device of the instrument comprising integrated circuit
Card, so that make use of the part of normal goods becomes difficult come the manufacture of the imitation product carried out.
In order to solve above-mentioned problem, authenticity determining device of the invention possesses:Device information storage part, it is to device information
Stored, the device information represents to be determined the intrinsic information of the determine object device of the true and false;Signature storage part, it is stored
For the signature of described device information;Key information storage part, it is stored to key information, the key information be by with life
Into information derived from authentication secret corresponding to the generation key of the signature;Authentication secret leading-out portion, it uses the key
Information exports the authentication secret;Signature verification portion, it, which is used, passes through the checking derived from the authentication secret leading-out portion
Key, the legitimacy of described device information and the group of the signature is verified;And determination unit, it is based on by the signature
The legitimacy that proof department verifies, the true and false of the determine object device is judged.
The effect of invention
According to the present invention, following effects are obtained, i.e. by using the device related to the instrument entirety comprising integrated circuit
Intrinsic information and verified so that make use of the part of normal goods becomes difficult come the manufacture of the imitation product carried out.
Brief description of the drawings
Fig. 1 is the knot in the case that the authenticity determining device for representing embodiment 1 being related to is applied to determine object device
The figure of structure.
Fig. 2 is the figure for a configuration example for representing the authenticity determining device that embodiment 1 is related to.
Fig. 3 is the figure of an example of the hardware configuration for representing authenticity determining device 1.
Fig. 4 is the figure for a configuration example for representing the judgement information registering apparatus 3 that embodiment 1 is related to.
Fig. 5 is the figure for representing to judge an example of the hardware configuration of information registering apparatus 3.
Fig. 6 is to represent the figure in an example of the device information of the storage of device information storage part 25.
Fig. 7 is the flow chart of the flow for the action for representing the judgement information registering apparatus 3 that embodiment 1 is related to.
Fig. 8 is the flow chart of the flow for the action for representing the authenticity determining device 1 that embodiment 1 is related to.
Fig. 9 is the figure for a configuration example for representing the authenticity determining device 1 that embodiment 2 is related to.
Figure 10 is the figure for a configuration example for representing the judgement information registering apparatus 3 that embodiment 2 is related to.
Figure 11 is the figure for a configuration example for representing the second decision maker 58 that embodiment 2 is related to.
Figure 12 is to represent that the second paired generation key ks2 for being stored in signature key to storage part 57 and the second checking are close
The figure of a key kv2 example.
Figure 13 is the flow chart of the flow for the action for representing the judgement information registering apparatus 3 that embodiment 2 is related to.
Figure 14 is the flow chart of the flow for the action for representing the authenticity determining device 1 that embodiment 2 is related to.
Embodiment
Embodiment 1.
Fig. 1 is in the case that the authenticity determining device 1 for representing embodiment 1 being related to is applied to determine object device 2
The figure of structure.
In Fig. 1, the determine object device 2 for turning into the determine object of the true and false possesses authenticity determining device 1.Identification fills
Putting 1 has identification function, i.e. using the intrinsic signature verification key of determine object device 2 to determine object device 2 for close
Enter line justification by this case that the device of method.In authenticity determining device 1, when factory carries out the manufacture of determine object device 2, lead to
Cross the judgement information for judging that information registering apparatus 3 is registered for being judged the true and false.Thereafter, will be provided with being registered with judgement information
Authenticity determining device 1 determine object device 2 as product and dispatched from the factory from factory.
Next, the structure for the authenticity determining device 1 being related to embodiment 1 illustrates.
Fig. 2 is the figure for a configuration example for representing the authenticity determining device 1 that embodiment 1 is related to.
In fig. 2, safety circuit 20 is that to carry out having for free access anti-tamper for preventing from having despiteful attacker
Property circuit, be for preventing from the outer circuit to be conducted interviews to authentication secret described later of safety circuit 20 especially.Safety electricity
Road 20 is that IC (Integrated Circuit) chip is realized for example by integrated circuit.
Key information storage part 21 is to being exported authentication secret and required key information by authentication secret leading-out portion 22
The memory stored.Authentication secret both merely can be stored as numerical data by key information storage part 21, can also
To when authentication secret leading-out portion 22 carries out key export can using the information of physical characteristic etc. store.In addition, test
Card key leading-out portion 22 will can also store in the lump for the auxiliary information for exporting same authentication key every time.In addition, it make use of
The key export processing of the information of physical characteristic etc. can use existing PUF technologies to realize.
Authentication secret leading-out portion 22 is consolidated determine object device 2 using the key information that key information storage part 21 is stored
Some information is authentication secret export.Both can be that will only make in key information storage part 21 on authentication secret leading-out portion 22
The processing merely read for the authentication secret of numerical data storage, can also utilize the thing stored in key information storage part 21
Information of characteristic etc. is managed, the authentication secret information intrinsic as determine object device 2 is exported.In addition, if being performed a plurality of times makes
Exported with the key of authentication secret leading-out portion 22, then export identical authentication secret every time.Close using physical characteristic progress
In the case of key is derived, because physical characteristic is possible to error, therefore authentication secret leading-out portion 22 can also possess and be used for
Error is modified, exports the mechanism of identical authentication secret every time.The mechanism, which can use, is used as existing coding techniques
Error correction and realize.
Signature verification portion 23 carries out signature verification process using the authentication secret as derived from authentication secret leading-out portion 22.The label
Name verification process can be used as the signature verification technique of existing encryption technology and realized.
Communication unit 24 is the communication module to be communicated with the communication unit 28 in the outside of safety circuit 20.
Device information storage neck portion 25 is the storage that the information i.e. device information intrinsic to determine object device 2 is stored
Device.Example as device information is enumerated:The text messages such as the device name of determine object device 2, manufacture date, sequence number,
The image informations such as device appearance.
Signature storage part 26 is the memory stored to signing messages, and the signing messages is stored for device information
The device information that neck portion 25 is stored, entered by the generation key paired with the authentication secret as derived from authentication secret leading-out portion 22
Signature of having gone generates the result of processing.
Determination unit 27 utilizes the signature verification portion 23 of the inside in safety circuit 20, to what is stored by signature storage part 26
Whether signing messages is that correct signing messages is judged relative to the device information stored by device information storage part 25.
Communication unit 28 be communicated with the communication unit 24 in the inside of safety circuit 20, with determine object device 2
The communication module that outside is communicated.
Fig. 3 is the figure of an example of the hardware configuration for representing authenticity determining device 1.
Authenticity determining device 1 is computer, and each structural element of authenticity determining device 1 can be realized by program.As
The hardware configuration of authenticity determining device 1, memory 31, processor 32, safety circuit 33, communication module 34, input interface 35, with
And display 36 is connected with bus 30.
Memory 31 is main storage means, ROM (Read Only such as RAM (Random Access Memory)
Memory), the external memory such as flash memory or hard disk unit.
Processor 32 is CPU (Central Processing Unit) of configuration processor etc..
Safety circuit 33 is integrated circuit i.e. IC (Integrated Circuit) chip, is had inside safety circuit 33
It is standby:Computing circuit, it performs the calculation process for the structural element realized by software;And internal memory, it is to software
Configuration processor and stored by the configuration processor of software come data, the result handled.
Communication module 34 is the electronic circuit for the communication process for performing data, e.g. communication board etc..
Input interface 35 is equipment of the processing for the input data of authenticity determining device 1, e.g. touch panel, hardware
Key, mouse, keyboard etc..
Display 36 is the equipment shown to the output data of the identification result of authenticity determining device 1.
Program is normally stored in the internal memory inside memory 31 or safety circuit 33, by processor 32 or safety
Computing circuit inside circuit 33 reads in, performed.The program is to realize the authentication secret export as authenticity determining device 1 is formed
Portion 22, signature verification portion 23, communication unit 24, determination unit 27 and communication unit 28 and the program of function illustrated.
Moreover, being also stored with operating system (OS) in the external memory of memory 31, OS at least a portion carries
Enter to main storage means, processor 32 and perform OS while performing said procedure.
In addition, in the explanation of following embodiment, will by key information storage part 21, device information storage part 25,
Information that signature storage part 26 stores, data and represent authentication secret leading-out portion 22, signature verification portion 23, communication unit 24, sentence
Determine the information of the result of portion 27 and communication unit 28, data, signal value, variate-value, be stored as a file in memory 31.
In addition, an example of the hardware configuration of only device shown in Fig. 3 structure, the hardware configuration respectively put is simultaneously
The structure or other structures being not limited to described in Fig. 3.
Fig. 4 is the figure for a configuration example for representing the judgement information registering apparatus 3 that embodiment 1 is related to.
In Fig. 4, signature key generates the life of the paired signature needed for the utilization in digital signature to generating unit 40
Into key and authentication secret.The existing encryption skill of conduct can be used by generating the processing of the paired generation key and authentication secret
The public key cryptography of art and realize.For example, generation rsa encryption private key and be used as signature generation key, generate and private key
The public key of paired rsa encryption and as signature authentication secret.
Signature generating unit 41 is defeated for having provided using the generation key generated by signature key to generating unit 40, generation
The digital signature entered i.e. signing messages.The generation processing of the signing messages can use to be added as the public key of existing encryption technology
Secret skill art and realize.
Judge that information register 43 is given birth to by the authentication secret generated by signature key to generating unit 40, by signature generating unit 41
Into signing messages etc. be registered in determine object device 2.
Communication unit 42 is with judging that the outside of information registering apparatus 3 is communicated.
Fig. 5 is the figure for representing to judge an example of the hardware configuration of information registering apparatus 3.
Judgement information registering apparatus 3 is computer, can be realized by program and judge that each structure of information registering apparatus 3 will
Element.As judge information registering apparatus 3 hardware configuration, memory 51, processor 52, communication module 53, input interface 54, with
And display 55 is connected with bus 50.
Memory 51 is, for example, main storage means, ROM (the Read Only such as RAM (Random Access Memory)
Memory), the external memory such as flash memory or hard disk unit.
Processor 52 is CPU (Central Processing Unit) of configuration processor etc..
Communication module 53 is the electronic circuit for the communication process for performing data, e.g. communication board etc..
Input interface 54 be processing for judge information registering apparatus 3 input data equipment, e.g. touch panel,
Hardware keys, mouse, keyboard etc..
Display 36 is set to what the output data of the registration process situation of judgement information registering apparatus 3 etc. was shown
It is standby.
Program is normally stored in memory 51, is read in, performs by processor 52.The program is to realize to judge letter as composition
Cease the signature key of calling mechanism 3 to generating unit 40, signature generating unit 41, communication unit 42 and judge information register 43 and
The program for the function of illustrating.
Moreover, being also stored with operating system (OS) in the external memory of memory 51, OS at least a portion carries
Enter to main storage means, processor 52 and perform OS while performing said procedure.
In addition, in the explanation of following embodiment, will represent signature key to generating unit 40, signature generating unit 41,
Communication unit 42, the information of result for judging information register 43, data, signal value, variate-value are stored as a file in and deposited
Reservoir 51.
In addition, an example of the hardware configuration of the only device of Fig. 5 representation, the hardware configuration respectively put is simultaneously
The structure or other structures being not limited to described in Fig. 5.
Next, the flow of the action for the authenticity determining device 1 being related to embodiment 1 illustrates.Identification fills
The action for putting 1 is roughly divided into following two processing, the registration process of (1) identification information, the processing of (2) identification.Hereinafter,
While with reference to flow chart while being illustrated to each processing.In addition, the logical of each device is utilized in the transmitting-receiving of information between device
Letter portion.
(1) registration process of identification information
In the registration process of identification information, judge information registering apparatus 3 to the judgement as identification object
The information that the possessed authenticity determining device 1 of object apparatus 2 carries out needed for identification is to judge the registration of information.In addition,
In present embodiment, it is set to before this registration process, determine object device 2 is produced, the information related to the device
I.e. device information has been stored in device information storage part 25.
Fig. 6 is to represent the figure in an example of the device information of the storage of device information storage part 25.
In figure 6, device information is shown below example:The entitled ABC-device of device, manufacture date are in January, 2015
16 days, Serial No. 012345.
Fig. 7 is the flow chart of the flow for the action for representing the judgement information registering apparatus 3 that embodiment 1 is related to.
First, in the step s 100, judge that the signature key of information registering apparatus 3 is generated in digital signature to generating unit 40
Utilization needed for paired signature generation key ks1 and authentication secret kv1.In the generation key ks1 of signature and checking
In key kv1 generation processing, such as perform following key schedule.
<Key schedule>
Step1:The fully big prime number p of generation, q, are set to n=pq.
Step2:Φ is set to the Φ functions of Euler, selection is less than Φ (n) and the positive number e relatively prime with Φ (n).
Step3:Obtain de=1 (mod Φ (n)) positive number d.
Step4:D is determined as secret information and generates key, e, n are determined as public information i.e. authentication secret.
Next, in step S101, signature generating unit 41 is believed via communication unit 42 from the device of authenticity determining device 1
Cease the acquisition device information m of storage part 25.Specifically, generating unit 41 of signing sends dress to the communication unit 28 of authenticity determining device 1
Confidence breath m acquirement request, communication unit 28 obtain the device information m stored in device information storage part 25 via determination unit 27,
To judge information registering apparatus 3 the dispensing device information m of communication unit 42, communication unit 42 by the device information m received send to
Signature generating unit 41.
Next, in step s 102, signature generating unit 41 carries out following signature by the generation key ks1 of signature and given birth to
Into computing Fs, generation signing messages s1.
<Signature generation computing>
S1=Fs (m, d)=md(mod n)
Wherein, m:Device information, d:Secret information, n:Public information.
Herein, due to d=ks1, therefore
S1=Fs (m, ks1)=mks1(mod n)
In addition, device information m is, for example, to be provided by the link of each information stored by device information storage part 25
's.In the example of fig. 6, by the ABC-device of device name, manufacture the date 20150116 and sequence number 012345
These information link, and device information m is set into ABC-device20150116012345.
Then, in step s 103, judge that information register 43 will be registered for the key information for exporting authentication secret kv1
In the key information storage part 21 of determine object device 2.On key information, such as authentication secret kv1 can both be entered in itself
Row registration, existing PUF technologies etc. can also be utilized, to carrying out what can be utilized during key export in authentication secret leading-out portion 21
Information of physical characteristic etc. is stored.
Finally, in step S104, judge that signing messages s1 is registered in the label of determine object device 2 by information register 43
Name storage part 26.Specifically, judge that information register 43, will to the communication unit 28 of authenticity determining device 1 via communication unit 42
Signing messages s1 registration request and signing messages s1 is sent together, the A.L.S. that communication unit 28 will receive via determination unit 27
Breath s1 is stored in signature storage part 26.
Thus, judge that information registering apparatus 3 finishes the registration process of identification information.
(2) identification is handled
In identification processing, the true of information is judged to be registered by the registration process of (1) identification information
Whether pseudo- decision maker 1 is that legal device is carried out to determine object device 2 using the intrinsic authentication secret of determine object device 2
Judge.
Fig. 8 is the flow chart of the flow for the action for representing the authenticity determining device 1 that embodiment 1 is related to.
First, in step s 200, the reader unit information storage part 25 of determination unit 27 is stored device information m and
The signing messages s1 that signature storage part 26 is stored.
Then, in step s 201, determination unit 27 in the inside of safety circuit 20 signature verification portion 23 commission pair
Whether signing messages s1 is to be verified relative to device information m correct signing messages.Specifically, determination unit 27 via
Communication unit 28, to the communication unit 24 in the inside of safety circuit 20, by signing messages s1 and device information m checking request with
Signing messages s1 and device information m are sent together, and communication unit 24 believes the checking request received and signing messages s1 and device
Breath m sends to signature verification portion 23, commission and verified together.In addition, signature verification portion 23 entrusts to authentication secret leading-out portion 22
Support verify required authentication secret kv1 export.
Next, in step S202, the authentication secret leading-out portion 22 in the inside of safety circuit 20 is believed using key
The key information that breath storage part 21 is stored, it is authentication secret kv1 export by the intrinsic information of determine object device 2.On testing
Key kv1 is demonstrate,proved, such as can both use the authentication secret kv1 registered in key information storage part 21 in itself, can also be utilized existing
Some PUF technologies etc., key export is carried out using information of physical characteristic registered in key information storage part 21 etc..
Next, in step S203, signature verification portion 23 carries out following signature verification computing by authentication secret kv1
Fv, device information m and signing messages s1 group legitimacy are verified, obtained the result r1 is sent to determination unit
27。
[signature verification computing]
R1=Fv (m, s1, e)=" being proved to be successful " (m=s1eThe situation of (mod n))
" authentication failed " (m ≠ s1eThe situation of (mod n))
Wherein, m:Device information, s1:Signing messages, e, n:Public information (authentication secret kv1).
Next, in step S204, determination unit 27 is based on the result r1 drawn by signature verification portion 23, to checking
Whether successfully judged.If the result r1 is " being proved to be successful ", step S205 is branched into by Yes, will be sentenced
Object apparatus 2 is determined this case that legal device to be exported together with device information m to such as display 36.If the result
R1 is " authentication failed ", then branches into step S206 by No, is not this feelings of legal device by determine object device 2
Condition is exported together with device information m to such as display 36.
Thus, authenticity determining device 1 finishes identification processing.
After above-mentioned identification processing terminates, judgement person is only corresponding with determine object device 2 in device information m, and
In the case of having obtained as legal device this result of determination, it is legal to be judged as determine object device 2.
As described above, in the invention of present embodiment 1, by using overall related to the instrument comprising integrated circuit
The intrinsic device information of device and verified, so as to obtain following effects, i.e. enable to make use of the part of normal goods
The manufacture of the imitation product of progress becomes difficult.Device information m and signing messages s1 correspondence is only using authentication secret kv1
In the case of be judged as it is legal, in addition, from the outside of safety circuit 20 can not to authentication secret kv1 carry out free access, because
As long as this safety circuit 20 is not imitated completely, then the imitation product for arbitrarily having used legal (m, s1) to organize can not pass through the true and false
Judge.Moreover, the completely imitated of safety circuit 20 is prevented by PUF technologies etc..
Further, since the output of determination unit 27 includes device information m, thus want with legal determine object device 2 be
The attacker that basis is only palmed off to device name, outward appearance needs to distort device information m, but in accordance with the invention it is possible to passes through number
Word signature technology detects that this is distorted.In addition, even if legal (m, s1) group is obtained from the determine object device 2 of high price, by it
Device information storage part 25, the signature storage part 26 of the determine object device 2 of low price are write, it is close due to being verified between these devices
Key is different, therefore can not pass through identification.
In addition, it is to use the digital signature technology based on public key encryption, by the generation key of signature in the present embodiment
Different values is set to authentication secret, but as the digital signature technology based on public-key encryption, can also be utilized for example
The technologies such as HMAC (Hash-based Message Authentication Code).In this case, the generation key of signature
It is identical value with authentication secret.
In addition, in the present embodiment, before the registration process of above-mentioned (1) identification information, filled with determine object
Put 2 related device informations and be stored in device information storage part 25 but it is also possible to be judging that information registering apparatus 3 believes device
Breath is stored in the device information storage part 25 of determine object device 2.
In addition, in the present embodiment, in the processing of above-mentioned (2) identification, judgement person is to device information m and judgement pair
As the correspondence of device 2 is confirmed, but there can also be the function of being automated.Especially, include and sentence in device information m
In the case of determining the image informations such as the outward appearance of object apparatus 2, it is possible to have following function, i.e. device information m is included
Image information and image information obtained from being shot on the spot to determine object device 2 carry out machine contrast, it is automatic judge it is outer
The uniformity of sight.
In addition, be premised on following situations in the present embodiment, i.e. by the device information m of determine object device 2,
Signing messages is electronically stored in device information storage part 25, signature storage part 26, but can also be by them in judgement pair
As the framework of device 2 printed in the form of word, bar code, Quick Response Code etc., is shown.In this case, by these information with
With it is respective printing, show that corresponding appropriate method is inputted to determination unit 27.As described above, by by device information m, label
Name information is printed in the framework of determine object device 2, shown, obtains device information m, the reading of signing messages and input and becomes
Obtain easy effect.
Embodiment 2.
The identification processing of embodiment 1 is for distorting the device information storage part 25 of authenticity determining device 1, signature is deposited
The attacker in storage portion 26 is safe, but is possible to uneasy for attacker powerful also being distorted such as determination unit 27
Entirely.In present embodiment 2, illustrate by using from derived authentication secret is different in authenticity determining device 1 second tests
Key is demonstrate,proved, realizes the embodiment for the above-mentioned powerful attacker also authenticity determining device 1 of safety.
Next, the structure for the authenticity determining device 1 being related to embodiment 2 illustrates.
Fig. 9 is the figure for a configuration example for representing the authenticity determining device 1 that embodiment 2 is related to.
In fig.9, the second signature storage part 56 is the memory stored to the second signing messages, second A.L.S.
Breath is the device information stored for device information storage part 25, passes through the signature key pair by judgement information registering apparatus 3
The second generation key that storage part 57 is stored has carried out the result of signature generation processing.Due to other structures in Fig. 9 with
Structure of the same name in the authenticity determining device 1 of embodiment 1 is identical, therefore omits the description.
Figure 10 is the figure for a configuration example for representing the judgement information registering apparatus 3 that embodiment 2 is related to.
In Fig. 10, signature key is to deposit the second generation key and the second authentication secret in couples to storage part 57
The memory of storage, the second generation key are used for second that generation stores in the second signature storage part 56 of authenticity determining device 1
Signing messages, second authentication secret are used to verify the second signing messages.Due to the other structures and reality in Figure 10
That applies mode 1 judges that the structure of the same name in information registering apparatus 3 is identical, therefore omits the description.
Figure 11 is the figure for a configuration example for representing the second decision maker 58 that embodiment 2 is related to.
In fig. 11, the second authentication secret storage part 60 is the memory stored to the second authentication secret, and this second
Authentication secret is used to verify the second signing messages stored by the second signature storage part 56 of authenticity determining device 1.
Signature verification portion 61 carries out signature verification using the second authentication secret stored by the second authentication secret storage part 60
Processing.The signature verification process can be used as the signature verification technique of existing encryption technology and realized.Signature verification portion
61 be an example in the second signature verification portion.
Determination unit 62 using signature verification portion 61, to stored by the second signature storage part 56 of authenticity determining device 1 the
Whether two signing messages are correctly to sign relative to the device information stored by the device information storage part 25 of authenticity determining device 1
Name information is judged.Determination unit 62 is an example of the second determination unit.
Communication unit 59 is the communication module to be communicated with the outside of the second decision maker 58.
In addition, the hardware configuration of the second decision maker 58 is identical with the hardware configuration shown in Fig. 5.
Program is normally stored in memory 51, is read in, performs by processor 52.The program is to realize to sentence as composition second
The program for the function of determining communication unit 59, signature verification portion 61 and the determination unit 62 of device 58 and illustrate.
Next, the flow of the action for the authenticity determining device 1 being related to embodiment 2 illustrates.Identification fills
The action for putting 1 is roughly divided into following four processing, the overall initial setting of (1) system, the registration office of (2) identification information
Reason, the registration process of (3) authentication secret, the processing of (4) identification.Hereinafter, each processing is illustrated.In addition, in device
Between information transmitting-receiving in utilize each device communication unit.
(1) the overall initial setting of system
In the overall initial setting of system, judge that the signature key of information registering apparatus 3 is generated in number to generating unit 40
Second generation key ks2 and the second authentication secret kv2 of the paired signature needed for the utilization of word signature, it is close to be stored in signature
Key is to storage part 57.
Figure 12 is to represent that the second paired generation key ks2 for being stored in signature key to storage part 57 and the second checking are close
The figure of a key kv2 example.
(2) registration process of identification information
The registration process of identification information performs after the overall initial setting of (1) system, judges information registration dress
Put the letter needed for the 3 pairs of possessed authenticity determining devices 1 of determine object device 2 for turning into identification object progress identifications
Breath judges the registration of information.In addition, in the same manner as embodiment 1, it is set to before this registration process, determine object device 2
Produced, the information related to the device is that device information has been stored in device information storage part 25.Device information is deposited
It is identical with the example shown in Fig. 6 to store up example.
Figure 13 is the flow chart of the flow for the action for representing the judgement information registering apparatus 3 that embodiment 2 is related to.
First, the stream in Fig. 7 related to the registration process of (1) identification information of embodiment 1 is similarly performed
Whole processing that journey figure is recorded.Specifically, in fig. 13, step S300 to S304 processing is performed.
Then, in step S305, signature generating unit 41 carries out following signature by the generation key ks2 of signature and generated
Computing Fs, generation signing messages s2.
<Signature generation computing>
S2=Fs (m, d)=md(mod n)
Wherein, m:Device information, d:Secret information, n:Public information.
Herein, due to d=ks2, therefore
S2=Fs (m, ks2)=mks2(mod n)
Finally, in step S306, judge that signing messages s2 is registered in the of determine object device 2 by information register 43
Two signature storage parts 56.Specifically, information register 43 is judged via communication unit 42, to the communication unit of authenticity determining device 1
28 send signing messages s2 registration request together with signing messages s2, and communication unit 28 stores the signing messages s2 received
In the second signature storage part 56.
Thus, judge that information registering apparatus 3 finishes the registration process of identification information.
(3) registration process of authentication secret
The registration process of authentication secret performs after the overall initial setting of (1) system, judges that information registering apparatus 3 is right
The information performed needed for the second decision maker 58 progress identification of identification is to judge the registration of information.Specifically,
Judge information registering apparatus 3 communication unit 42 by the second authentication secret kv2 stored in signature key to storage part 57 send to
Second decision maker 58.The second decision maker 58 that have received the second authentication secret kv2 is stored in the second authentication secret and deposited
Storage portion 60.
Thus, judge that information registering apparatus 3 finishes the registration process of the identification information to the second decision maker 58.
(4) identification is handled
In identification processing, the of the second authentication secret has been registered by the registration process of (3) authentication secret
Two decision makers 58 utilize second that first authentication secret and the second decision maker 58 as derived from authenticity determining device 1 are stored
Authentication secret, to possessing whether the determine object device 2 of authenticity determining device 1 is that legal device judges.
Figure 14 is the flow chart of the flow for the action for representing the authenticity determining device 1 that embodiment 2 is related to.
First, in step S400 to S404 processing, it make use of first checking as derived from authenticity determining device 1
The judgement of key.Because the processing is identical with the processing recorded in (2) identification processing of embodiment 1, therefore omit detailed
Thin content.
Then, in step s 404, determination unit 27 is to checking based on the result r1 drawn by signature verification portion 23
It is no successfully to be judged.If the result r1 is " authentication failed ", step S405 is branched into by No, will judgement pair
As device 2 is not that legal device this case is exported together with device information m to such as display 36, end processing.If
The result r1 is " being proved to be successful ", then branches into step S406 by Yes.
Then, in step S406, the signature verification portion 61 of the second decision maker 58 is from the reader unit of authenticity determining device 1
Information m and signing messages s2.Specifically, communication unit 28 of the signature verification portion 61 via communication unit 59 to authenticity determining device 1
Dispensing device information m and signing messages s2 acquirement request.The communication unit 28 of authenticity determining device 1 obtains dress via determination unit 27
The device information m that information storage part 25 is stored is put, in addition, the signing messages s2 that the second signature storage part 56 is stored is obtained,
Send to the communication unit 59 of the second decision maker 58.The communication unit 59 of second decision maker 58 by the device information m received and
Signing messages s2 is sent to signature verification portion 61.
Then, in step S 407, signature verification portion 61 carries out following signature verification computing by authentication secret kv2
Fv, device information m and signing messages s2 group legitimacy are verified, obtained the result r2 is sent to determination unit
62。
<Signature verification computing>
R2=Fv (m, s2, e)=" being proved to be successful " (m=s2eThe situation of (mod n))
" authentication failed " (m ≠ s2eThe situation of (mod n))
Wherein, m:Device information, s2:Signing messages, e, n:Public information (authentication secret kv2).
Then, in step S408, determination unit 62 is to checking based on the result r2 drawn by signature verification portion 61
It is no successfully to be judged.If the result r2 is " being proved to be successful ", step S409 is branched into by Yes, will be judged
Object apparatus 2 exports to such as display 55 for legal device this case together with device information m.If the result r2
For " authentication failed ", then step S405 is branched into by No, be not legal device this case by determine object device 2
With being exported together with device information m to such as display 55.
Thus, authenticity determining device 1 finishes identification processing.
As described above, in the invention of present embodiment 2, due to using the of the outside for being present in determine object device 2
Two authentication secret kv2 confirm to device information m and signing messages s2 correspondence, therefore the effect recorded in embodiment 1
On the basis of fruit, following effects are also obtained, i.e. powerful as being distorted the determination unit 27 of authenticity determining device 1 existing
Attacker in the case of, also can correctly detect imitation product.In addition, the deformation described in embodiment 1 also can be identical
Ground is applied to present embodiment 2.
In addition, present embodiment 2 is in the case where multiple determine object devices be present, judge that information registering apparatus 2 exists
Using the embodiment of common the second generation key and the second authentication secret in whole determine object devices, but can also be directed to
Each determine object device generates the second different generation keys and the second authentication secret.But in this case, second judges dress
The the second authentication secret storage part 60 for putting 58 enters multiple second authentication secrets in the form of associated with each determine object device
Row storage.
In addition, in present embodiment 2, identical digital signature make use of to calculate in signing messages s1 and signing messages s2
Method, but different Digital Signature Algorithms can also be utilized.
In addition, in present embodiment 2, it will judge that the decision maker 58 of information registering apparatus 3 and second is set to the dress of split
Put, but both functions can also be had concurrently by a device.
In addition, in present embodiment 2, without the communication means between specifically mentioned each device, but at (4) identification
In reason, between the decision maker 58 of authenticity determining device 1 and second, such as it can also be communicated via internet.That is, also may be used
So that the second decision maker 58 is arranged at for example in web server, authenticity determining device 1 is via internet to the second decision maker
58 commissions carry out identification.
In addition, in present embodiment 2, the second decision maker 58 only stores to the second authentication secret, but can also
Pair supplement information related to determine object device 2 stores.It can also be the dress for example preserved in authenticity determining device 1
In the case that confidence breath is only the text messages such as device name, the second decision maker 58 is believed the corresponding of device name and appearance images etc.
Breath is stored, and in 62 output device information of determination unit, corresponding appearance images etc. are exported in the lump.
In addition, in present embodiment 2, in the processing of (4) identification, it is " authentication failed " in the result r1, sentences
It is set at the time of be not legal device and terminates processing, but directly can also also carries out make use of sentencing for the second authentication secret
It is fixed, the result of determination of whole is exported in detail.
The explanation of label
1 authenticity determining device, 2 determine object devices, 3 judge information registering apparatus, 20,33 safety circuits, 21 keys letter
Breath storage part, 22 authentication secret leading-out portions, 23,61 signature verification portions, 24,28,42,59 communication units, 25 device information storage parts,
26 signature storage parts, 27,62 determination units, 30,50 buses, 31,51 memories, 32,52 processors, 34,53 communication modules, 35,
54 input interfaces, 36,55 displays, 40 signature keys are to generating unit, 41 signature generating units, and 43 judge information registers, and 56 the
Two signature storage parts, 57 signature keys are to storage part, 58 second decision makers, 60 second authentication secret storage parts.
Claims (8)
1. a kind of authenticity determining device, possesses:
Device information storage part, it is stored to device information, and the device information represents to be determined the determine object dress of the true and false
The intrinsic information put;
Signature storage part, it stores the signature for described device information;
Key information storage part, it is stored to key information, and the key information is by the generation with generating the signature
Information derived from authentication secret corresponding to key;
Authentication secret leading-out portion, it is exported the authentication secret using the key information;
Signature verification portion, it is used by the authentication secret derived from the authentication secret leading-out portion, to described device information
Verified with the legitimacy of the group of the signature;And
Determination unit, it is based on the legitimacy verified by the signature verification portion, to the true and false of the determine object device
Judged.
2. authenticity determining device according to claim 1, wherein,
The key information storage part, the authentication secret leading-out portion and the signature verification portion are stored in tamper-resistance properties
Safety circuit.
3. authenticity determining device according to claim 2, wherein,
The key information storage part by PUF to using the safety circuit of the physical characteristic of safety circuit generation
The intrinsic key information stored, wherein, PUF refers to physics unclonable function,
The authentication secret leading-out portion exports the authentication secret and the key information generated using by the PUF.
4. authenticity determining device according to claim 1, wherein,
Possesses judgement information registering apparatus, the judgement information registering apparatus possesses:
For signature key to generating unit, it generates the generation key of the paired signature and the authentication secret;
Signature generating unit, its generation key generated using described device information and the signature key to generating unit are raw
Into the signature;And
Judge information register, it is i.e. described by the information for exporting the authentication secret that the signature key generates to generating unit
Key information is registered in the key information storage part, and the signature of the signature generating unit generation is registered in into the signature
Storage part.
5. authenticity determining device according to claim 1, wherein,
The authenticity determining device possesses the second signature storage part, this second signature storage part for described device information storage with
The second different signature of the signature,
The authenticity determining device possesses the second decision maker, and second decision maker possesses:
Second authentication secret storage part, its pair second authentication secret different from the authentication secret store;
Second signature verification portion, it uses conjunction of second authentication secret to described device information and the group of second signature
Method is verified;And
Second determination unit, it is filled based on the legitimacy verified by the second signature verification portion to the determine object
The true and false put is judged.
6. authenticity determining device according to claim 5, wherein,
In the judgement information registering apparatus,
The signature key generates paired second generation different from the generation key and the authentication secret to generating unit
Key and the second authentication secret,
Second generation that the signature generating unit is generated using described device information and the signature key to generating unit is close
The signature of key generation second,
Second authentication secret for judging that information register generates the signature key to generating unit is registered in described
The second authentication secret storage part of second decision maker, second signature of the signature generating unit generation is registered in
The second signature storage part of authenticity determining device.
7. authenticity determining device according to claim 1, wherein,
Described device information and described sign are shown in the framework of the determine object device.
8. a kind of authenticating method, it is the authenticating method of authenticity determining device, and the authenticity determining device is to representing quilt
Judge the intrinsic information of the determine object device of the true and false device information, for described device information signature and will be with
Generate information i.e. key information derived from authentication secret corresponding to the generation key of the signature to be stored, to the judgement
The true and false of object apparatus judged,
The authenticating method possesses following step:
Authentication secret deriving step, authentication secret leading-out portion are exported the authentication secret using the key information;
Signature verification step, signature verification portion is used by the authentication secret derived from the authentication secret deriving step, right
The legitimacy of described device information and the group of the signature is verified;And
Determination step, determination unit are filled based on the legitimacy verified by the signature verification step to the determine object
The true and false put is judged.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2015/067862 WO2016207944A1 (en) | 2015-06-22 | 2015-06-22 | Authenticity determination device, and authenticity determination method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107710675A true CN107710675A (en) | 2018-02-16 |
Family
ID=57585148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201580081185.6A Pending CN107710675A (en) | 2015-06-22 | 2015-06-22 | Authenticity determining device and authenticating method |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP6386181B2 (en) |
CN (1) | CN107710675A (en) |
TW (1) | TWI590637B (en) |
WO (1) | WO2016207944A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920984A (en) * | 2018-07-06 | 2018-11-30 | 北京计算机技术及应用研究所 | The anti-clone of one kind distorts safe SSD main control chip framework |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020194476A1 (en) * | 2001-06-19 | 2002-12-19 | International Business Machines Corporation | Method and apparatus for uniquely and authoritatively identifying tangible objects |
CN1797500A (en) * | 2004-12-28 | 2006-07-05 | 国际商业机器公司 | Apparatus and method for verifying the ownership of an owner's authority in terms of product and service |
CN101933066A (en) * | 2007-12-03 | 2010-12-29 | 国际先端技术综合研究所株式会社 | Genuine&counterfeit certification member |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1391853A1 (en) * | 2001-11-30 | 2004-02-25 | STMicroelectronics S.A. | Diversification of the unique identifier of an integrated circuit |
JP5315892B2 (en) * | 2008-09-24 | 2013-10-16 | 富士ゼロックス株式会社 | Authenticity verification system, authenticity verification device, and authenticity verification program |
JP2012060320A (en) * | 2010-09-07 | 2012-03-22 | Hitachi Ulsi Systems Co Ltd | Information protection system, information storage medium and information processor |
US8938792B2 (en) * | 2012-12-28 | 2015-01-20 | Intel Corporation | Device authentication using a physically unclonable functions based key generation system |
US20160080153A1 (en) * | 2013-05-15 | 2016-03-17 | Mitsubishi Electric Corporation | Device authenticity determination system and device authenticity determination method |
-
2015
- 2015-06-22 CN CN201580081185.6A patent/CN107710675A/en active Pending
- 2015-06-22 JP JP2017524287A patent/JP6386181B2/en active Active
- 2015-06-22 WO PCT/JP2015/067862 patent/WO2016207944A1/en active Application Filing
- 2015-06-25 TW TW104120460A patent/TWI590637B/en not_active IP Right Cessation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020194476A1 (en) * | 2001-06-19 | 2002-12-19 | International Business Machines Corporation | Method and apparatus for uniquely and authoritatively identifying tangible objects |
CN1797500A (en) * | 2004-12-28 | 2006-07-05 | 国际商业机器公司 | Apparatus and method for verifying the ownership of an owner's authority in terms of product and service |
CN101933066A (en) * | 2007-12-03 | 2010-12-29 | 国际先端技术综合研究所株式会社 | Genuine&counterfeit certification member |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108920984A (en) * | 2018-07-06 | 2018-11-30 | 北京计算机技术及应用研究所 | The anti-clone of one kind distorts safe SSD main control chip framework |
CN108920984B (en) * | 2018-07-06 | 2021-11-16 | 北京计算机技术及应用研究所 | Prevent cloning and falsify safe SSD main control chip |
Also Published As
Publication number | Publication date |
---|---|
TWI590637B (en) | 2017-07-01 |
JPWO2016207944A1 (en) | 2017-09-14 |
TW201701610A (en) | 2017-01-01 |
JP6386181B2 (en) | 2018-09-05 |
WO2016207944A1 (en) | 2016-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11550935B2 (en) | Method, apparatus, and electronic device for blockchain-based recordkeeping | |
CN108898389B (en) | Content verification method and device based on block chain and electronic equipment | |
CN109639410B (en) | Block chain-based data evidence storing method and device and electronic equipment | |
CN107888382B (en) | A kind of methods, devices and systems of the digital identity verifying based on block chain | |
US10880080B1 (en) | Cryptographic key generation from biometric data | |
Islam et al. | On IC traceability via blockchain | |
CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
CN109509287B (en) | Electronic voting system and control method | |
CN112084484B (en) | Equipment hardware safety detection method and device, electronic equipment and storage medium | |
JP7064947B2 (en) | Electronic voting system and control method | |
CN109509288A (en) | Electronic voting system and control method | |
JP5661772B2 (en) | How to check if a product is genuine product manufacturer | |
CN111695097A (en) | Login checking method and device and computer readable storage medium | |
JP5183517B2 (en) | Information processing apparatus and program | |
CN104618307B (en) | Network bank business Verification System based on credible calculating platform | |
CN107710675A (en) | Authenticity determining device and authenticating method | |
JP2021108088A (en) | Authentication request system and authentication request method | |
CN110009342A (en) | Data sending, receiving method, device and electronic equipment | |
CN108416588A (en) | Data processing method and device for electronic transaction verification | |
CN114629663A (en) | Block chain-based digital commodity transaction method and device | |
CN112488261A (en) | Method and system for identifying authenticity of article based on block chain information storage | |
CN117272396B (en) | Anti-tampering method for test result | |
CN114500433B (en) | Multi-mail data security method based on blockchain and merck tree | |
CN112507370A (en) | Electronic license verification method based on block chain network | |
CN107735983A (en) | Authenticity determining device, identification system and authenticating method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180216 |