JP2001274791A - Device authentication method, device authentication system, receiver and transmitter - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a device authentication system that can exclude an illicit receiver. SOLUTION: In a player 100, selection section 102 selects any of sets each consisting of address data, extended address data and key data stored in a storage section 101, transmission section 103 transmits the address data, conversion section 105 converts the extended address data into 1st data, and transmission section 106 transmits the 1st data. In a key media 150, reception sections 152, 157 receive them, an extraction section 153 extracts the extended address data, from the extended address data including addresses stored in a storage section 151, a conversion section 156 converts the extended address data into 2nd data, a verification section 158 verifies whether the 1st data are identical to the 2nd data, an extraction section 160 extracts encrypted data from a plurality of encrypted data with the extended addresses stored in a storage section 159, when they are the same, and a transmission section 161 transmits the extracted data. In the player 100, a reception section 908 receives the encrypted data, and a decoding section 108 decodes the data by using the key data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an apparatus for performing encrypted communication, and more particularly to an apparatus authentication technique for confirming whether a communication partner apparatus is correct before starting communication.

[0002]

2. Description of the Related Art Generally, in encrypted communication, a device on the transmitting side encrypts plaintext data using an encryption key and transmits the encrypted data via a communication channel, and the device on the receiving side receives the encrypted data and receives a decryption key. Then, plaintext data is obtained by decrypting the data. As described above, only the encrypted data is transmitted to the communication path, so that even if the data on the communication path is intercepted by a third party, the plaintext data is not known and the data is safe. Here, the communication path for transmitting and receiving the encrypted data is referred to as SECURE AUTHENTICATE.
Called D CHANNEL.

[0003] In addition, the transmitting device confirms that the receiving device is a correct receiver having an appropriate decryption key.
URE AUTHENTICATED CHANNEL
Device authentication processing for checking prior to opening is widely implemented. On the other hand, since digital audio data such as music is completely identical to the original when it is copied, there is a strong demand from the viewpoint of copyright protection not to copy easily. Therefore, a memory card that always encrypts and outputs recorded digital audio data has appeared. This memory card performs mutual authentication with the audio device for reproduction, and transmits digital audio data encrypted using the common key data generated in the process of mutual authentication to the audio device that has been authenticated as a correct receiver.

FIG. 3 is a diagram showing an encrypted communication system for explaining an outline of a device authentication process in a conventional encrypted communication. 3 includes a player 900 and a key medium 950. Here, the player is an audio device or the like capable of receiving encrypted digital audio data and reproducing the audio, and the key medium is provided with a function of encrypting and transmitting the recorded digital audio data. Memory stick or the like.

The player 900 includes an authentication request unit 901, an encrypted data set receiving unit 902, a data set storage unit 90
3. Data set selection unit 904, encrypted data extraction unit 9
05, a decryption unit 906, a mutual authentication unit 907, an encrypted audio data reception unit 908, and an audio reproduction unit 909. The authentication request unit 901 requests the key medium 950 for device authentication.

[0006] After receiving the device authentication request from the authentication requesting unit 901, the encrypted data set receiving unit 902 sends the key medium 9.
From 50, an encrypted data set with an address is received. Here, the encrypted data set with address is a key medium 9
50 is a set of encrypted data obtained by encrypting common plaintext data stored in advance with various key data using common encryption means, and each encrypted data has an address. Thus, the encrypted data can be specified from the data at this address. Here, one piece of encrypted data is 8 bytes, and the set of encrypted data with addresses is a set of 16 rows × 512 columns (8K) pieces of encrypted data with addresses.

[0007] The data set storage unit 903 stores one or more data sets including address data and key data in advance. The address indicated by the address data in the data set is the encrypted data set receiving unit 9
02, it matches any address in the set of encrypted data with address received. The encrypted data to which this address is added is encrypted using the key data in this data set. It has become. Here, 16 data sets are stored in advance.

[0008] The data set selection section 904 arbitrarily selects one set from one or more data sets stored in the data set storage section 903 in advance. The encrypted data extraction unit 905 extracts the encrypted data specified by the address data in the data set selected by the data set selection unit 904 from the encrypted data set with addresses received by the encrypted data set reception unit 902. Extract.

[0009] The decryption unit 906 includes the encrypted data extraction unit 9.
05 is decrypted using the key data in the data set selected by the data set selection unit 904 to generate plaintext data, and furthermore, by using the shared key generated by the mutual authentication unit 907. , Key media 95
The encrypted audio data received from 0 is decrypted to generate audio data.

[0010] Mutual authentication section 907 performs mutual authentication processing for mutually authenticating devices between the player and the key medium. The mutual authentication section 907 receives the plaintext data decrypted by decryption section 906 and the plaintext data received from key medium 950. A predetermined one-way conversion is performed using the one random number data to generate and transmit player authentication data indicating that it is a correct receiver to the key medium 950. Also, the first random number data is generated by itself and the key medium 950 is generated.
, And receives key medium authentication data indicating that the key medium 950 is a correct transmitter, and performs the one-way conversion using the plaintext data and the first random number data generated by itself. If it matches the generated key media authentication data, it authenticates that it is the correct transmitter. Further, a shared key used to decrypt the encrypted audio data received from the key medium 950 is generated.

Here, the shared key is obtained by performing the one-way conversion using added random number data obtained by performing an exclusive OR operation on the received first random number data and the second random number data generated by itself and the plaintext data. Generate. The encrypted audio data is
It is transmitted only when the key medium 950 authenticates the player 900 as a correct receiver.

[0012] The encrypted voice data receiving section 908 receives the encrypted voice data from the key medium 950. The audio reproducing unit 909 reproduces audio using the audio data generated by decoding by the decoding unit 906. Key media 9
50 is a plaintext data storage unit 951, an authentication request receiving unit 95
2. Encrypted data set storage unit 953, encrypted data set transmission unit 954, mutual authentication unit 955, audio data recording unit 9
56, an encryption unit 957, and an encrypted audio data transmission unit 958.

[0013] The plaintext data storage unit 951 stores one piece of predetermined plaintext data in advance. Here, one piece of 7-byte plaintext data is stored in advance. The authentication request receiving unit 952 receives an authentication request from the player 900. The encrypted data set storage unit 953 stores an encrypted data set with an address in advance. Here, the encrypted data set with addresses is a set of encrypted data with addresses of 16 rows × 512 columns (8K), and one encrypted data is 8 bytes.

When the authentication request is received by the authentication request receiving unit 951, the encrypted data set transmitting unit 954
The encrypted data set stored in the encrypted data set storage unit 952 is returned. The mutual authentication unit 955 includes the mutual authentication unit 9
07 and a mutual authentication process.
The random number data is generated and transmitted to the player 900, the player authentication data is received, and the plaintext data storage unit 951 is generated.
Is a correct receiver if it matches the player authentication data generated by performing the same one-way conversion as the mutual authentication unit 907 using the plaintext data stored in the storage unit and the second random number data generated by itself. And authenticate. Further, the one-way conversion is performed using the plaintext data and the second random number data received from the player 900 to generate and transmit key media authentication data. Further, a shared key used to encrypt the audio data recorded in the audio data recording unit 956 into encrypted audio data to be transmitted to the player 900 is generated.

Here, the shared key is obtained by performing the one-way conversion using the added random number data obtained by exclusive ORing the first random number data generated by itself and the received second random number data and the plaintext data. Generate. The audio data recording unit 956 records audio data. When the mutual authentication unit 955 authenticates the player 900 as a correct receiver, the encryption unit 957 converts the audio data recorded in the audio data recording unit 956 with the shared key generated by the mutual authentication unit 955. To generate encrypted audio data.

[0016] The encrypted audio data transmission section 958 transmits the encrypted audio data generated by the encryption section 957 to the player 900. Here, operations of sharing plaintext data, mutual authentication processing, generation of a shared key, transmission and reception of encrypted audio data, and reproduction of audio in the conventional encrypted communication will be described. (1) The authentication request unit 901 of the player 900 requests the key medium 950 for device authentication. (2) The authentication request receiving unit 951 of the key medium 950 receives a device authentication request. (3) When the key medium 950 receives the device authentication request, the encrypted data set transmission unit 953 of the key medium 950
Returns the encrypted data set stored in the encrypted data set storage unit 952. (4) Encrypted data set receiving unit 902 of player 900
Receives the returned encrypted data set with address. (5) The data set selection unit 904 of the player 900
One set is arbitrarily selected from the data sets stored in advance in the data set storage unit 903. (6) The encrypted data extraction unit 905 of the player 900
From the encrypted data set with address received by the encrypted data set receiving section 902, the data set selecting section 90
4 to extract the encrypted data specified by the address data in the data set selected. (7) The decryption unit 906 of the player 900 decrypts the encrypted data extracted by the encrypted data extraction unit 905 using the key data in the data set to generate plaintext data. (8) The mutual authentication unit 955 of the key medium 950 generates first random number data and transmits it to the player 900. (9) The mutual authentication unit 907 of the player 900 receives the first random number data from the key medium 950, and
A predetermined one-way conversion is performed using the plaintext data decrypted by the above and the received first random number data to generate player authentication data, and the key medium 950 is generated.
To the key media 95
Send to 0. (10) The mutual authentication unit 955 of the key medium 950 receives the player authentication data, performs the one-way conversion using the plaintext data and the first random number data generated by itself, and converts the player authentication data. Generate and authenticate the player 900 as the correct receiver if they match. If they do not match, the processing is stopped. (11) If the player 900 is authenticated as a correct receiver, the mutual authentication unit 955 of the key medium 950 receives the second random number data from the player 900 and receives the second random number data from the player 900 and the plaintext data stored in the plaintext data storage unit 951. The one-way conversion is performed using the obtained second random number data to generate key media authentication data, which is transmitted to the player 900, and the first random number data generated by itself and the received second random number data are The one-way conversion is performed using the added random number data obtained by exclusive ORing the above and the plaintext data to generate a shared key. (12) The mutual authentication unit 907 of the player 900 receives the key media authentication data, performs the one-way conversion using the plaintext data and the second random number data generated by itself, and performs the key media authentication data. Is generated, and when they match, the key medium 950 is authenticated as the correct transmitter. If they do not match, the processing is stopped. (13) If the key medium 950 is authenticated as a correct transmitter, the mutual authentication unit 907 of the player 900 performs an exclusive OR operation on the received first random number data and the second random number data generated by itself. The one-way conversion is performed using the random number data and the plaintext data to generate a shared key. (14) The encryption unit 957 of the key medium 950 encrypts the audio data recorded in the audio data recording unit 956 using the shared key generated by the mutual authentication unit 955 to generate encrypted audio data. (15) Encrypted audio data transmission section 9 of key medium 950
58 transmits the encrypted audio data generated by the encryption unit 957 to the player 900. (16) Encrypted audio data receiving section 90 of player 900
8 receives the encrypted audio data from the key medium 950. (17) The decryption unit 906 of the player 900 uses the shared key generated by the mutual authentication unit 907 to decrypt the encrypted voice data received from the key medium 950 to generate voice data. (18) The audio reproduction unit 909 of the player 900 reproduces audio using the audio data generated by decoding by the decoding unit 906.

As described above, in the conventional encryption communication system, the key medium recognizes that the player is a correct receiver because the player holds at least one or more appropriate key data, and It has a mechanism to permit the output of the data recorded by. Further, in the above-described conventional encrypted communication system, the key medium has a function of excluding a player who is considered to be illegal for some reason. Rather, key media that is manufactured or released after being deemed fraudulent can be rendered unusable by players deemed fraudulent.

It is assumed that the encrypted data set storage unit 953 of the key medium 950 stores, for example, 8K pieces of encrypted data with addresses that are all valid at the time of release. For example, 16 data sets are stored in the data set storage unit 903 of the player 900, and each of the 16 data sets is stored in the encrypted data set storage unit 953 of the key medium 950.
It corresponds to any of the K pieces, and is a different combination depending on the manufacturer and model of the player.

Here, if for some reason a certain player is deemed to be fraudulent, the encrypted data corresponding to the 16 data sets stored in the data set storage unit 903 of the player deemed to be fraudulent is Then, all of the encrypted data sets stored in the encrypted data set storage unit 953 of the key medium 950 manufactured or sold thereafter are replaced with invalid data.

[0020] By doing so, all the data sets stored in the data set storage unit of the player deemed to be invalid become invalid, and the player deemed to be improper reads data from the key medium. I can not put it out. In the other players, the 16 data sets are 1
If at least one is valid, data can be read from the key medium, so that it can support other types of players.

[0021]

Here, the player stores the plaintext data which is properly obtained before it is regarded as illegal, and after the player has been regarded as illegal, the player does not hold appropriate plaintext data. By transmitting the data address of the key data to the key medium to obtain encrypted data, and proceeding with the subsequent processing using plaintext data stored in advance without decrypting the encrypted data, the player can You can impersonate the correct receiver.

When the player performs such processing, the key medium makes the illusion that the player is a correct receiver even though the player does not hold the key data corresponding to the data address transmitted from the player. The key media recognizes that the player is the correct receiver because the player holds the appropriate key data, and permits the output of the data recorded by the key media. Will not work.

Therefore, the present invention provides a device authentication system, a transmitting device, and a receiving device that can exclude a receiving device that is deemed to be fraudulent even if the plaintext data is stored before the receiving device is deemed to be fraudulent. , Those methods, and
It is an object to provide a recording medium on which those programs are recorded.

[0024]

In order to achieve the above object, an apparatus authentication method according to the present invention provides an encrypted communication data in which communication data is encrypted from a transmitting device to a receiving device before encrypted communication. The receiving device shares the communication data stored in advance by the transmitting device by decoding the encrypted communication data received by the receiving device using the decryption key data held by the receiving device. A device authentication method in a cryptographic communication system for performing cryptographic communication using communication data shared subsequently to said operation, wherein said receiving device comprises a first address data, a second address data, and a decryption key data. One or more sets are stored in advance, and the transmitting device stores the second address data with the first address that can specify the second address data from the first address data, and the second address data. A plurality of encrypted communication data with a second address, which can specify the encrypted communication data from the address data, are respectively stored in advance, and the receiving device transmits the receiving device from the receiving device to the transmitting device. A first address data transmitting step of transmitting first address data belonging to one data set, and the first address data from the receiving device from a plurality of second address data with the first address stored in the transmitting device in advance. A second address data extracting step of extracting second address data specified by the first address data transmitted by the transmitting step; a second address data belonging to the one data set in the receiving device and the second address data in the transmitting device. The second address extracted by the second address data extraction step And a plurality of encrypted communication data with a second address stored in advance in the transmitting device when the data is verified to have the same value by the verification step. Extracting the encrypted communication data specified by the second address data extracted from the second address data extraction step from the encrypted communication data, and transmitting the encrypted communication data from the transmitting device to the receiving device. An encrypted communication data transmission step of transmitting the encrypted communication data extracted by the data extraction step,
Decrypting the encrypted communication data transmitted by the encrypted communication data transmitting step in the receiving device using decryption key data belonging to the one data set to generate communication data. It is characterized by having.

To achieve the above object, a device authentication system according to the present invention transmits encrypted communication data in which communication data is encrypted from a transmitting device to a receiving device before performing encrypted communication, and The receiving device shares the communication data stored in advance by the transmitting device by decrypting the encrypted communication data received by the device using the decryption key data held by the device, and subsequently shares the operation. An apparatus authentication system comprising a transmitting apparatus and a receiving apparatus for performing cryptographic communication using communication data, wherein the receiving apparatus comprises:
A data set storage means for storing at least one data set including address data, second address data and decryption key data; and one of the data sets stored in the data set storage means to the transmitting device. First address data transmitting means for transmitting first address data belonging to a data set; and performing predetermined data conversion based on the second address data belonging to the one data set to generate first verification data. A first data conversion unit, a first verification data transmission unit that transmits the first verification data to the transmission device, an encrypted communication data reception unit that receives encrypted communication data from the transmission device,
Decrypting means for decrypting the encrypted communication data received by the encrypted communication data receiving means using decryption key data belonging to the one data set to generate communication data; The apparatus includes a plurality of second address data with a first address that can specify second address data from the first address data and a plurality of encrypted communication data with a second address that can specify encrypted communication data from the second address data. Collective storage means for storing in advance; first address data receiving means for receiving first address data from the receiving device; and a plurality of second address data with a first address stored in the collective storage means from the receiving device. A second address specified by the first address data received by the first address data receiving means;
Second address data extraction means for extracting address data, first verification data reception means for receiving the first verification data from the receiving device, and second address data extracted by the second address data extraction means A second data conversion unit that performs the same data conversion as the first data conversion unit to generate second verification data based on the first verification data received by the first verification data reception unit; The second data generated by the second data conversion means
Verification means for verifying whether the verification data has the same value,
When the same value is verified by the verification means, the data is specified by the second address data extracted by the second address data extraction means from the plurality of encrypted communication data with second addresses stored in advance. Encrypted communication data extraction means for extracting encrypted communication data, and encrypted communication data transmission means for transmitting the encrypted communication data extracted by the encrypted communication data extraction means to the receiving device. It is characterized by having.

[0026]

DESCRIPTION OF THE PREFERRED EMBODIMENTS <Overview> According to the present invention, a transmitting apparatus previously stores an extended address data set with an address and an encrypted data set with an extended address, and a receiving apparatus (player) stores address data, extended address data, and At least one data set including key data is stored in advance, and the address of the encrypted data is indirectly referenced. Before starting the encrypted communication, the transmitting device (key medium) uses the extended address data to determine whether the receiving device is valid. Is an encrypted communication system that transmits only the encrypted data corresponding to the extended address data to the receiving device without transmitting and receiving the entire encrypted data set as in the related art. Is decrypted by the receiving device to become plaintext data, thereby sharing the plaintext data, and encrypted communication is performed using the plaintext data.

<Structure> FIG. 1 is a diagram showing a structure of an encryption communication system according to the present embodiment. The encrypted communication system shown in FIG.
Consists of zero. The player 100 is an audio device or the like capable of receiving the encrypted digital audio data and reproducing the audio, and the key media before transmitting the encrypted data which is the source of the plaintext data used for the encryption communication. 1
It is verified that the receiver is a valid receiver at 50,
Data set storage unit 101, data set selection unit 10
2. Address data transmission unit 103, random number data reception unit 1
04, one-way conversion section 105, verification data transmission section 10
6, the encrypted data receiving unit 107, the decrypting unit 108, the mutual authentication unit 907, the encrypted voice data receiving unit 908,
An audio reproducing unit 909 is provided.

The key medium 150 is a memory stick or the like having a function of encrypting and transmitting recorded digital audio data, and checks whether the player 100 is a valid receiver before transmitting the encrypted data. The plaintext data storage unit 951, the extension address data set storage unit 151, the address data reception unit 152, the extension address data extraction unit 153, the random number data generation unit 154, the random number data transmission unit 155, and the one-way conversion unit 156, a verification data reception unit 157, a verification unit 158, an encrypted data set storage unit 159, an encrypted data extraction unit 160, an encrypted data transmission unit 161, a mutual authentication unit 955, a voice data recording unit 956, and an encryption unit 957. , And an encrypted audio data transmitting unit 958. Here, components denoted by the same reference numerals as those in the conventional encrypted communication system have the same functions, and description thereof will be omitted.

The data set storage unit 101 stores at least one data set including address data, extended address data, and key data in advance. Here 16
Are stored in advance. The data set selection unit 102 arbitrarily selects one data set from one or more data sets stored in the data set storage unit 101 in advance.

Address data transmitting section 103 transmits the address data in the data set selected by data set selecting section 102 to key medium 150. The random number data receiving unit 104 receives random number data from the key medium 150. The one-way conversion unit 105 performs one-way conversion using the extended address data in the data set selected by the data set selection unit 102 and the random number data received by the random number data reception unit 104, and performs verification for verification. Generate data.

The verification data transmitting section 106 transmits the verification data generated by the one-way conversion section 105 to the key medium 150.
Send to The encrypted data receiving unit 107 receives the encrypted data from the key medium 150. Here, one piece of 8-byte encrypted data is received. The decryption unit 108 decrypts the encrypted data received by the encrypted data reception unit 107 using the key data in the data set selected by the data set selection unit 102 to generate plaintext data. Using the shared key generated by the authentication unit 907, the encrypted audio data received from the key medium 150 is decrypted to generate audio data.

The extended address data set storage unit 151
The extended address data set with address is stored. Here, the extended address data set with address is a set of data indicating the extended addresses in the encrypted data set with extended addresses stored in the encrypted data set storage unit 159, and each extended address data has an address. The extension address data can be specified from the data at this address. Here, the extended address data set with addresses is a set of extended address data with addresses of 16 rows × 512 columns (8K).

The address data receiving section 152 receives address data from the player 100. The extension address data extraction unit 153
From the extended address data set with addresses stored in 51, extended address data to which the address indicated by the address data received by the address data receiving unit 152 is added is extracted.

The random number data generation section 154 generates random number data. The random number data transmission unit 155 transmits the random number data generated by the random number data generation unit 154 to the player 100
Send to The one-way conversion unit 156 performs one-way conversion using the extended address data extracted by the extended address data extraction unit 153 and the random number data generated by the random number data generation unit 154 to generate verification data. I do.

The verification data receiving section 157 receives the verification data from the player 100. The verification unit 158 includes verification data generated by the one-way conversion unit 156,
It verifies whether or not the verification data received by the verification data receiving unit 157 has the same value. The encrypted data set storage unit 159 stores an encrypted data set with an extended address. Here, the encrypted data set with an extended address is obtained by encrypting common plaintext data stored in advance in the plaintext data storage unit 951 of the key medium 150 using various key data by common encryption means. This is a set of encrypted data. Each encrypted data has an extended address, and the encrypted data can be identified from the data of the extended address. Here, one piece of encrypted data is 8 bytes, and the set of encrypted data with extended addresses is a set of 16 rows × 512 columns (8K) pieces of encrypted data with extended addresses.

When the verification data has the same value, the encrypted data set storage section 159
From the encrypted data set with the extended address stored in
The encrypted data specified by the extended address data extracted by the extended address data extraction unit 153 is extracted. The encrypted data transmitting section 161 transmits the encrypted data extracted by the encrypted data extracting section 160 to the player 100.
Send to Here, one piece of 8-byte encrypted data is transmitted.

<Operation> Here, operations of sharing of plaintext data, mutual authentication processing, generation of a shared key, transmission and reception of encrypted voice data, and reproduction of voice in the encrypted communication according to the present embodiment will be described. FIG. 2 is a diagram illustrating an example of an operation of the encryption communication system according to the present embodiment. (1) The data set selection unit 102 of the player 100
One data set is arbitrarily selected from one or more data sets stored in advance in the data set storage unit 101 (step S1). (2) Address data transmission unit 103 of player 100
Transmits the address data in the data set selected by the data set selection unit 102 to the key medium 150 (step S2). (3) Address data receiving section 152 of key medium 150
Receives the address data from the player 100 (step S3). (4) Extended address data extraction unit 1 of key medium 150
53 extracts the extended address data specified by the address data received by the address data receiving unit 152 from the extended address data set with addresses stored in the extended address data set storage unit 151 (step S4). (5) The random number data generation unit 154 of the key medium 150
Generate random number data (step S5). (6) The random number data transmission unit 155 of the key medium 150
The random number data generated by the random number data generator 154 is transmitted to the player 100 (step S6). (7) The random number data receiving unit 104 of the player 100 receives the random number data from the key medium 150 (Step S)
7). (8) The unidirectional conversion unit 105 of the player 100 uses the extended address data in the data set selected by the data set selection unit 102 and the random number data received by the random number data reception unit 104 to perform one-way conversion. Conversion is performed to generate verification data (step S8). (9) The verification data transmission unit 106 of the player 100
The verification data generated by the one-way conversion unit 105 is transmitted to the key medium 150 (step S9). (10) The one-way conversion unit 156 of the key medium 150
The one-way conversion is performed using the extended address data extracted by the extended address data extraction unit 153 and the random number data generated by the random number data generation unit 154 to generate verification data (step S10). (11) The verification unit 158 of the key medium 150 determines whether the verification data generated by the one-way conversion unit 156 and the verification data received by the verification data reception unit 157 have the same value. Verify (step S11). If the values are not the same, the subsequent processing is stopped. (12) If the verification data has the same value, the encrypted data extraction unit 160 of the key medium 150 extracts the extended address data from the encrypted data set with the extended address stored in the encrypted data set storage unit 159. The encrypted data specified by the extension address data extracted by the unit 153 is extracted (step S12). (13) Encrypted data transmission section 161 of key medium 150
Transmits the encrypted data extracted by the encrypted data extraction unit 160 to the player 100 (step S1).
3). (14) Encrypted data receiving unit 107 of player 100
Receives the encrypted data from the key medium 150 (step S14). (15) The decryption unit 108 of the player 100 decrypts the encrypted data received by the encrypted data reception unit 107 using the key data in the data set selected by the data set selection unit 102, and converts the plaintext data. It is generated (step S15).

Up to this point, the sharing of the plaintext data has been completed. The operations of mutual authentication, generation of a shared key, transmission and reception of encrypted audio data, and reproduction of audio (step S16) described below are the same as those described in the related art. (16) The mutual authentication unit 955 of the key medium 150 generates first random number data and transmits it to the player 900. (17) The mutual authentication unit 907 of the player 100 receives the first random number data from the key medium 150, and
8 performs a predetermined one-way conversion using the plaintext data decrypted in step 8 and the received first random number data to generate player authentication data to generate the key medium 15.
0 to generate the second random number data and generate the key medium 1
Send to 50. (18) The mutual authentication unit 955 of the key medium 150 receives the player authentication data, performs the one-way conversion using the plaintext data and the first random number data generated by itself, and converts the player authentication data. Generate and authenticate the player 100 as the correct receiver if they match. If they do not match, the processing is stopped. (19) If the player 100 is authenticated as a correct receiver, the mutual authentication unit 955 of the key medium 150 receives the second random number data from the player 100, and receives the plaintext data stored in the plaintext data storage unit 951. Using the obtained second random number data, the one-way conversion is performed, key media authentication data is generated and transmitted to the player 100, and the first random number data generated by itself and the received second random number data are The one-way conversion is performed using the added random number data obtained by exclusive ORing the above and the plaintext data to generate a shared key. (20) The mutual authentication unit 907 of the player 100 receives the key media authentication data, performs the one-way conversion using the plaintext data and the second random number data generated by itself, and performs the key media authentication data. Is generated, and when they match, the key medium 950 is authenticated as the correct transmitter. If they do not match, the processing is stopped. (21) If the key medium 150 is authenticated as a correct transmitter, the mutual authentication unit 907 of the player 100 performs an exclusive OR operation on the received first random number data and the second random number data generated by itself. The one-way conversion is performed using the random number data and the plaintext data to generate a shared key. (22) The encryption unit 957 of the key medium 150 encrypts the audio data recorded in the audio data recording unit 956 using the shared key generated by the mutual authentication unit 955 to generate encrypted audio data. (23) Encrypted audio data transmission section 9 of key medium 150
58 transmits the encrypted audio data generated by the encryption unit 957 to the player 100. (24) Encrypted audio data receiving section 90 of player 100
8 receives the encrypted audio data from the key medium 150. (25) The decryption unit 108 of the player 100 decrypts the encrypted audio data received from the key medium 150 using the shared key generated by the mutual authentication unit 907 to generate audio data. (26) The audio reproduction unit 909 of the player 100 reproduces audio using the audio data generated by decoding by the decoding unit 108.

As described above, according to the encryption communication system of the present embodiment, the player 100
Only when the extended address data corresponding to the address data transmitted to 0 is held, encrypted data can be obtained. Therefore, even if the player 100 transmits appropriate address data not held by the player 100 to the key medium 150, the player 100 cannot obtain encrypted data and cannot impersonate a correct receiver.

In this embodiment, the key media 15
Although 0 includes the random number data generator and the random number data generator, the player 100 may include them. In short, it is only necessary that the same random number data can be shared by generating random number data in the player 100 or the key medium 150 and transmitting the generated random number data to the other. The one-way conversion performed by one-way converter 105 and one-way converter 156 does not necessarily need to use random number data. Further, the data conversion performed here need not always be a one-way conversion, and may be anything as long as these two conversion units perform the same data conversion.
However, when one-way conversion is performed using random number data as in the present embodiment, there is a risk that the extended address data will be known even if the converted extended address data is intercepted by a third party on the communication path. Extremely low and safe.

Also, the random number data generation unit and the one-way conversion unit originally include the conventional mutual authentication unit 907 and the conventional mutual authentication unit 955.
It is included in and can be shared with these,
Adds less hardware and software.
In the present embodiment, the encrypted data set storage unit 15
9 stored the encrypted data set with the extended address,
An encrypted data set with an address may be stored. In such a case, the encrypted data extraction unit 160 extracts the encryption specified by the address data received by the address data reception unit 152 from the encrypted data set with address stored in the encrypted data set storage unit 159. Extract data.

Although the present embodiment has been described with reference to an audio device capable of reproducing sound and a memory stick as an example, the present invention may be applied to any device that performs encrypted communication. For example, some data may be transmitted and received between personal computers via a communication line such as the Internet. In addition, a program capable of causing a computer to execute an operation as in the present embodiment,
It is recorded on a computer-readable recording medium, and this recording medium can be distributed and dealt with.

Here, the computer-readable recording medium is, for example, a floppy (registered trademark) disk, C
It is a removable recording medium such as D, MO, DVD, or memory card, or a fixed recording medium such as a hard disk or a semiconductor memory, and is not particularly limited.

[0044]

According to the device authentication method of the present invention, the encrypted communication data in which the communication data is encrypted is transmitted from the transmitting device to the receiving device before the encrypted communication, and the encrypted data received by the receiving device is transmitted. The receiving device shares the communication data stored in advance by the transmitting device by decrypting the communication data using the decryption key data held by itself, and then uses the shared communication data following this operation. A device authentication method in a cryptographic communication system for performing cryptographic communication by using the receiving device, wherein the receiving device stores in advance at least one data set including first address data, second address data, and decryption key data, The transmitting device specifies the second address data with the first address that can specify the second address data from the first address data and the encrypted communication data from the second address data. And a plurality of encrypted communication data with a second address, respectively, and the first address data belonging to one of the data sets stored in advance by the receiving device from the receiving device to the transmitting device. A first address data transmission step of transmitting
The first address transmitted in the first address data transmitting step from the receiving device from the plurality of second address data with the first address stored in the transmitting device in advance.
A second address data extracting step of extracting second address data specified by the address data; a second address data belonging to the one data set in the receiving device; and a second address data extracting step in the transmitting device. A verifying step of verifying whether or not the obtained second address data has the same value; and a plurality of ciphers with a second address stored in advance in the transmitting device when the verifying step verifies that the data has the same value. Extracting the encrypted communication data specified by the second address data extracted from the encrypted communication data by the second address data extraction step; and transmitting the encrypted communication data from the transmitting device to the receiving device. Encrypted communication data extracted in the encrypted communication data extraction step Transmitting the encrypted communication data to be transmitted, and decrypting the encrypted communication data transmitted by the encrypted communication data transmission step in the receiving device using the decryption key data belonging to the one data set. And a decoding step of generating communication data.

According to this method, the receiving device (player)
The transmitting device (key medium) transmits the encrypted data and the receiving device (player) encrypts the data only when the device has the second address data corresponding to the first address data transmitted to the transmitting device (key medium). Encrypted data can be received, and encrypted communication can be performed following this operation. Therefore, the receiving device (player) cannot perform encrypted communication unless it holds a valid set of the first address data and the second address data. Therefore, the receiving device (player) transmits the appropriate first address data to the transmitting device (key medium). Will not be able to impersonate the correct receiver.

An apparatus authentication system according to the present invention transmits encrypted communication data in which communication data is encrypted from a transmitting device to a receiving device before encrypted communication, and transmits the encrypted communication data received by the receiving device. The receiving device shares the communication data stored in advance by the transmitting device by decrypting the data by using the decryption key data held by itself, and then performs the encryption communication using the shared communication data following this operation. A device authentication system comprising a transmitting device and a receiving device for performing the following, wherein the receiving device divides a data set including first address data, second address data, and decryption key data into one data set.
Data set storage means for storing at least one set in advance, first address data transmission means for transmitting, to the transmission device, first address data belonging to one of the data sets stored in the data set storage means, First data conversion means for performing predetermined data conversion based on the second address data belonging to the one data set to generate first verification data, and transmitting the first verification data to the transmission device A first verification data transmitting unit, an encrypted communication data receiving unit that receives encrypted communication data from the transmitting device, and an encrypted communication data received by the encrypted communication data receiving unit. Decrypting means for decrypting using the decryption key data belonging to one data set to generate communication data, wherein the transmitting device comprises a first address. The second of the second address data from the first address with the second address data and second address data that can be identified from the data can identify the encrypted communication data
Collective storage means for storing a plurality of encrypted communication data with addresses in advance; first address data receiving means for receiving first address data from the receiving device; and a plurality of first address data stored in the collective storage means. Second address data extracting means for extracting second address data specified by the first address data received from the receiving apparatus by the first address data receiving means from the address-added second address data; A first verification data receiving unit that receives the first verification data; and a second data conversion unit that performs the same data conversion as the first data conversion unit based on the second address data extracted by the second address data extraction unit. (2) a second data conversion means for generating verification data, and a first verification data received by the first verification data receiving means. Verification data for verifying whether the data for verification and the second verification data generated by the second data conversion means have the same value, and storing in advance if the verification data verifies that the data has the same value. Encrypted communication data extraction means for extracting encrypted communication data specified by the second address data extracted by the second address data extraction means from the plurality of encrypted communication data with second addresses, An encrypted communication data transmitting unit for transmitting the encrypted communication data extracted by the encrypted communication data extracting unit to a receiving device.

According to this configuration, the receiving device (player)
The transmitting device (key medium) transmits the encrypted data and the receiving device (player) encrypts the data only when the device has the second address data corresponding to the first address data transmitted to the transmitting device (key medium). Encrypted data can be received, and encrypted communication can be performed following this operation. Therefore, the receiving device (player) cannot perform encrypted communication unless it holds a valid set of the first address data and the second address data. Therefore, the receiving device (player) transmits the appropriate first address data to the transmitting device (key medium). Will not be able to impersonate the correct receiver.

The receiving apparatus according to the present invention transmits encrypted communication data in which communication data is encrypted from the transmitting apparatus to the receiving apparatus before the encrypted communication, and transmits the encrypted communication data received by the receiving apparatus. The receiving device shares the communication data stored in advance by the transmitting device by decrypting the data using the decryption key data held by itself, and subsequently performs the encrypted communication using the shared communication data following this operation. A data set storing means for storing at least one data set including first address data, second address data, and decryption key data in advance, wherein the data set is stored in the transmitting apparatus. First address data transmitting means for transmitting first address data belonging to one of the data sets stored in the storage means; Data conversion means for performing predetermined data conversion on the basis of second address data belonging to a data set to generate verification data, verification data transmission means for transmitting the verification data to the transmitting device, An encrypted communication data receiving unit for receiving the encrypted communication data from the device, and using the decryption key data belonging to the one data set to the encrypted communication data received by the encrypted communication data receiving unit. And decoding means for decoding to generate communication data.

According to this configuration, the receiving device (player)
Can generate the verification data based on the second address data only when the second address data corresponding to the first address data to be transmitted to the transmitting device (key medium) is held. You can no longer impersonate the machine. The transmitting apparatus according to the present invention transmits encrypted communication data in which communication data is encrypted from the transmitting apparatus to the receiving apparatus before the encrypted communication, and transmits the encrypted communication data received by the receiving apparatus to itself. The device authentication that the receiving device shares the communication data stored in advance by the transmitting device by decrypting using the held decryption key data, and performs the encryption communication using the shared communication data following this operation. A transmission device in a system, comprising: a second address data with a first address capable of specifying second address data from first address data; and a second address-encrypted communication capable of specifying encrypted communication data from the second address data. Collective storage means for pre-storing a plurality of data for each, first address data receiving means for receiving first address data from the receiving device, Extracting second address data specified by the first address data received by the first address data receiving unit from the receiving device from the plurality of second address data with the first address stored in the set storage unit; 2 address data extracting means, verification data receiving means for receiving the first verification data from the receiving device, and predetermined data conversion based on the second address data extracted by the second address data extracting means. Performing a second verification data by applying the first verification data received by the verification data receiving unit and the second verification data generated by the data conversion unit having the same value. Verification means for verifying whether or not the plurality of second addresses are stored in advance when the verification means verifies the same value. Encrypted communication data extraction means for extracting encrypted communication data specified by the second address data extracted by the second address data extraction means from the encrypted communication data; And an encrypted communication data transmitting unit that transmits the encrypted communication data extracted by the communication data extracting unit.

According to this configuration, the transmitting device (key medium) transmits the encrypted data only when correct data for verification is received from the receiving device (player), and can perform encrypted communication following this operation. Therefore, encryption is not performed with a receiving device (player) that does not transmit correct verification data, so that it is safe. The computer-readable recording medium on which the program of the receiving device according to the present invention is recorded transmits and receives the encrypted communication data in which the communication data is encrypted from the transmitting device to the receiving device before the encrypted communication. The receiving device shares the communication data stored in advance by the transmitting device by decrypting the encrypted communication data received by the device using the decryption key data held by the device, and subsequently shares the operation. What is claimed is: 1. A computer-readable recording medium recording a program on a receiving device side in a device authentication system for performing cryptographic communication using communication data, said receiving device comprising: first address data, second address data, and decryption key data. One or more data sets are stored in advance, and the receiving device stores the data in the transmitting device in the computer in advance. A first address data transmitting step of transmitting first address data belonging to one of the data sets, and a verification data by performing predetermined data conversion based on the second address data belonging to the one data set Generating the verification data, transmitting the verification data to the transmission device, transmitting the verification data to the transmission device, receiving the encrypted communication data from the transmission device, receiving the encrypted communication data, And decrypting the encrypted communication data received in the communication data receiving step using the decryption key data belonging to the one data set to generate communication data. .

According to this program, the receiving device (player) uses the second address data based on the second address data only when the receiving device (player) holds the second address data corresponding to the first address data transmitted to the transmitting device (key medium). Since the verification data can be generated at the same time, it becomes impossible to impersonate the correct receiver. The computer-readable recording medium on which the program of the transmitting device according to the present invention is recorded transmits encrypted authentication data in which the authentication data is encrypted from the transmitting device to the receiving device before the encrypted communication, and The receiving device shares the authentication data stored in advance by the transmitting device by decrypting the encrypted authentication data received by the device using the decryption key data held by itself, and subsequently shares the operation with this operation. A computer-readable recording medium in which a program for a transmitting device in an apparatus authentication system for performing cryptographic communication using authentication data is recorded.
A plurality of second address data with the first address that can specify the address data and a plurality of encrypted communication data with the second address that can specify the encrypted communication data from the second address data are stored in advance, respectively. A first address data receiving step of receiving first address data from a receiving device; and a first address data receiving step from the receiving device from a plurality of second address data with a first address stored in the receiving device in advance. A second address data extracting step of extracting second address data specified by the received first address data, a verification data receiving step of receiving the first verification data from the receiving device, and the second address Based on the second address data extracted in the data extraction step, A data conversion step of performing the data conversion of the first verification data and the first verification data received by the verification data receiving step and the second verification data generated by the data conversion step. A verifying step for verifying whether the values are the same, and a step of extracting the second address data from a plurality of encrypted communication data with second addresses stored in advance when the values are verified to be the same by the verifying step. Extracting the encrypted communication data specified by the second address data extracted by the encryption communication data extracting step, and encrypting the encrypted communication data extracted by the encrypted communication data extracting step to the receiving device. And transmitting the encrypted communication data transmission step of transmitting the program. Computer readable recording medium.

According to this program, the transmitting device (key medium) transmits the encrypted data only when correct verification data is received from the receiving device (player), and can perform the encrypted communication following this operation. Therefore, encryption is not performed with a receiving device (player) that does not transmit correct verification data, so that it is safe. Further, in the device authentication method, the verification step includes a random number data sharing sub-step of sharing the same random number data by generating random number data in the receiving device or the transmitting device and transmitting the generated random number data to the other device. A first data conversion sub-step of performing a predetermined data conversion on the second address data belonging to the one data set and the shared random number data to generate first verification data in the receiving device; A first verification data transmission sub-step of transmitting the first verification data from a reception device to the transmission device; and the transmission device shares the second verification data with the second address data extracted in the second address data extraction step. The same data conversion as in the first data conversion sub-step is performed on the random number data to generate second verification data. A second data conversion sub-step to perform, and a verification sub-step of verifying whether the first verification data and the second verification data have the same value in the transmitting device. it can.

[0053] In the device authentication system, the first data conversion means provided in the reception device includes random number data reception means for receiving random number data from the transmission device, and the first data conversion means includes the first data conversion means. Based on the second address data belonging to the data set and the random number data received by the random number data receiving means, predetermined data conversion is performed to generate first verification data, and the second data included in the transmission device is generated. The converting means includes random number data generating and transmitting means for generating random number data and transmitting the generated random number data to the receiving device, and wherein the second data converting means includes the second random number data extracted by the second address data extracting means. A predetermined data conversion is performed on the basis of the address data and the random number data generated by the random number data generating and transmitting means to perform a second verification. The first data conversion means included in the receiving device generates the random number data and transmits the generated random number data to the transmitting device. Transmitting means, wherein the first data converting means performs predetermined data conversion based on second address data belonging to the one data set and random number data generated by the random number data generating transmitting means, 1 Generate data for verification,
The second data conversion means provided in the transmission device includes random number data reception means for receiving random number data from the reception device, and the second data conversion means includes a second random number data extracted by the second address data extraction means. The second verification data may be generated by performing predetermined data conversion based on the address data and the random number data received by the random number data receiving means.

In the receiving apparatus, the data converting means includes random number data receiving means for receiving random number data from the transmitting apparatus, wherein the data converting means includes a second address data belonging to the one data set and the second address data. It may be characterized in that predetermined data conversion is performed on the basis of the random number data received by the random number data receiving means to generate verification data, and the data conversion means generates random number data. A random number data generating / transmitting unit for transmitting the generated random number data to the transmitting device; wherein the data converting unit includes second address data belonging to the one data set and random number data generated by the random number data generating / transmitting unit The verification data may be generated by performing a predetermined data conversion based on the above.

In the transmitting apparatus, the data converting means includes random number data generating transmitting means for generating random number data and transmitting the generated random number data to the receiving apparatus, wherein the data converting means includes the second address. The second verification data is generated by performing a predetermined data conversion based on the second address data extracted by the data extraction unit and the random number data generated by the random number data generation and transmission unit. The data conversion means may include random number data receiving means for receiving random number data from the receiving device, and the data conversion means may store the second address data extracted by the second address data extraction means and the second address data. A predetermined data conversion is performed based on the random number data received by the random number data
It may be characterized in that data for verification is generated.

As a result, since the second address data is converted and transmitted using the random number data, even if the data on the communication path is intercepted by a third party, the second address data is not known and is safe. is there.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of an encryption communication system according to the present embodiment.

FIG. 2 is a diagram illustrating an example of an operation of the encryption communication system according to the present embodiment.

FIG. 3 is a diagram showing an encrypted communication system for explaining an outline of a device authentication process in conventional encrypted communication.

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 player 101 data set storage section 102 data set selection section 103 address data transmission section 104 random number data reception section 105 one-way conversion section 106 verification data transmission section 107 encrypted data reception section 108 decryption section 907 mutual authentication section 908 encryption Coded audio data receiving unit 909 audio reproducing unit 150 key media 151 extended address data set storage unit 152 address data receiving unit 153 extended address data extracting unit 154 random number data generating unit 155 random number data transmitting unit 156 one-way conversion unit 157 verification data Receiving unit 158 Verification unit 159 Encrypted data set storage unit 160 Encrypted data extraction unit 161 Encrypted data transmission unit 955 Mutual authentication unit 956 Audio data recording unit 957 Encryption unit 958 Encrypted audio data transmission unit

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B017 AA03 BA07 BB09 CA16 5J104 AA07 AA13 AA16 EA04 EA24 KA02 KA03 KA06 KA10 NA02 NA27 PA14 9A001 BB03 BB04 EE02 EE03 GG22 JJ18 KK56 LL03

Claims (13)

[Claims] An encrypted communication data in which communication data is encrypted is transmitted from a transmitting device to a receiving device before the encrypted communication, and the receiving device holds the encrypted communication data received by the receiving device. The receiving device shares the communication data stored in advance by the transmitting device by performing decryption using the decryption key data that has been performed, and performs the encrypted communication using the shared communication data following this operation. A device authentication method in a cryptographic communication system, wherein the receiving device stores in advance one or more data sets each including first address data, second address data, and decryption key data, Second address data with a first address that can specify second address data from the first address data, and second address data that can specify encrypted communication data from the second address data And a plurality of pre-stored encrypted communication data, and the first address data belonging to one of the data sets stored in advance by the receiving device is transmitted from the receiving device to the transmitting device. The first address data transmitted from the plurality of second address data with the first address stored in advance in the transmitting device from the receiving device in the first address data transmitting step. A second address data extracting step of extracting second address data specified by: a second address data belonging to the one data set in the receiving device, and a second address data extracting step in the transmitting device. A verification step for verifying whether or not the second address data has the same value. If the same value is verified by the verification step, the transmission device extracts the plurality of encrypted communication data with the second address from the pre-stored encrypted communication data with the second address in the second address data extraction step. An encrypted communication data extraction step of extracting encrypted communication data specified by the second address data, and an encrypted communication extracted by the encrypted communication data extraction step from the transmitting device to the receiving device. Data transmission step for transmitting encrypted data, and in the receiving device, the encrypted communication data transmitted in the encrypted communication data transmission step is converted to decryption key data belonging to the one data set. And a decryption step of decrypting the data to generate communication data. 2. The verification step includes generating random number data in the receiving device or the transmitting device, and transmitting the generated random number data to the other device, thereby sharing the same random number data. Sub-steps, in the receiving device, the second address data belonging to the one data set, and the shared random number data,
A first data conversion sub-step of performing predetermined data conversion to generate first verification data; and a first verification data transmission sub-step of transmitting the first verification data from the receiving device to the transmitting device. The transmitting device performs the same data conversion as in the first data conversion sub-step on the second address data extracted in the second address data extraction step and the shared random number data, and performs a second verification. A second data conversion sub-step of generating verification data; and a verification sub-step of verifying whether the first verification data and the second verification data have the same value in the transmitting device. The device authentication method according to claim 1, wherein 3. Transmitting encrypted communication data in which communication data has been encrypted from a transmitting device to a receiving device before the encrypted communication, and owning the encrypted communication data received by the receiving device. By performing decryption using the decryption key data, the receiving device shares the communication data stored in advance by the transmitting device, and, following this operation, performs encrypted communication using the shared communication data. A device authentication system comprising a transmitting device and a receiving device, wherein the receiving device stores at least one data set including first address data, second address data, and decryption key data in advance. And first address data for transmitting, to the transmitting device, first address data belonging to one of the data sets stored in the data set storage unit. Transmitting means; first data converting means for performing predetermined data conversion based on second address data belonging to the one data set to generate first verification data; 1 First to send verification data
Verification data transmitting means; encrypted communication data receiving means for receiving encrypted communication data from the transmitting device; and encrypting communication data received by the encrypted communication data receiving means. Decryption means for decrypting using the decryption key data belonging to the data set of the first set to generate communication data, wherein the transmitting device is capable of specifying the second address data from the first address data. Collective storage means for previously storing a plurality of pieces of second address data and a plurality of encrypted communication data with a second address capable of specifying the encrypted communication data from the second address data; and First to receive
Address data receiving means; and a plurality of second address data with a first address stored in the collective storage means, the second address data specified by the first address data received by the first address data receiving means from the receiving device. (2) second address data extracting means for extracting the address data; first verification data receiving means for receiving the first verification data from the receiving device; and second data extracted by the second address data extracting means.
A second data conversion unit that performs the same data conversion as the first data conversion unit based on the address data to generate second verification data; and a first data conversion unit that receives the first verification data reception unit. A verification unit that verifies whether the verification data and the second verification data generated by the second data conversion unit have the same value; and when the verification unit verifies that the data has the same value,
Encrypted communication data extracted from a plurality of previously stored encrypted communication data with a second address, the encrypted communication data specified by the second address data extracted by the second address data extracting means. A device authentication system comprising: an extracting unit; and an encrypted communication data transmitting unit that transmits the encrypted communication data extracted by the encrypted communication data extracting unit to the receiving device. 4. The first data conversion means included in the reception device includes a random number data reception means for receiving random number data from the transmission device, and the first data conversion means belongs to the one data set. Second address data;
Performing predetermined data conversion based on the random number data received by the random number data receiving unit to generate first verification data, the second data conversion unit included in the transmitting device converts the random number data into And generating means for transmitting the generated random number data to the receiving device. The second data conversion means includes a second random number data extracting means for extracting the second random number data extracted by the second address data extracting means.
The apparatus according to claim 3, wherein predetermined data conversion is performed on the basis of the address data and the random number data generated by the random number data generating and transmitting means to generate second verification data. Authentication system. 5. The first data conversion means provided in the reception device includes the random number data generation transmission means for generating random number data and transmitting the generated random number data to the transmission device. The means comprises: second address data belonging to the one data set;
A predetermined data conversion is performed based on the random number data generated by the random number data generation / transmission unit to generate first verification data, and the second data conversion unit included in the transmission device includes the reception unit A random number data receiving unit for receiving random number data from the device, wherein the second data converting unit includes a second data extracting unit that extracts the second address data extracted by the second address data extracting unit.
4. The device authentication according to claim 3, wherein a predetermined data conversion is performed based on the address data and the random number data received by the random number data receiving means to generate second verification data. system. 6. Transmitting encrypted communication data in which communication data is encrypted from a transmitting device to a receiving device before the encrypted communication, and owning the encrypted communication data received by the receiving device. By performing decryption using the decryption key data being performed, the receiving device shares the communication data stored in advance by the transmitting device, and, following this operation, a device that performs cryptographic communication using the shared communication data A receiving device in an authentication system, comprising: a data set storage unit configured to previously store at least one data set including first address data, second address data, and decryption key data; and storing the data set in the transmitting device. First address data transmitting means for transmitting first address data belonging to one of the data sets stored in the means; A data conversion unit that performs predetermined data conversion based on the second address data belonging to the data to generate verification data; and a verification data transmission unit that transmits the verification data to the transmitting device. An encrypted communication data receiving unit that receives encrypted communication data from the transmitting device; and a decryption unit that encrypts the encrypted communication data received by the encrypted communication data receiving unit and belongs to the one data set. A decryption means for decrypting using the key data to generate communication data. 7. The data conversion means includes random number data reception means for receiving random number data from the transmission device, wherein the data conversion means comprises: second address data belonging to the one data set;
7. The receiving apparatus according to claim 6, wherein predetermined data conversion is performed on the basis of the random number data received by the random number data receiving means to generate verification data. 8. The data conversion unit includes a random number data generation and transmission unit that generates random number data and transmits the generated random number data to the transmission device, wherein the data conversion unit belongs to the one data set. Second address data;
7. The receiving apparatus according to claim 6, wherein predetermined data conversion is performed on the basis of the random number data generated by the random number data generating and transmitting unit to generate verification data. 9. Transmitting encrypted communication data in which communication data has been encrypted from a transmitting apparatus to a receiving apparatus before the encrypted communication, and owning the encrypted communication data received by the receiving apparatus. By performing decryption using the decryption key data being performed, the receiving device shares the communication data stored in advance by the transmitting device, and, following this operation, a device that performs cryptographic communication using the shared communication data A transmission device in an authentication system, comprising: a second address data with a first address capable of specifying second address data from first address data; and a second address encryption capable of specifying encrypted communication data from the second address data. A collective storage unit that stores a plurality of communication data in advance; and a first storage unit that receives first address data from the receiving device.
Address data receiving means; and a plurality of second address data with a first address stored in the collective storage means, the second address data specified by the first address data received by the first address data receiving means from the receiving device. (2) second address data extracting means for extracting address data, verification data receiving means for receiving the first verification data from the receiving device, and second data extracted by the second address data extracting means.
Data conversion means for performing predetermined data conversion on the basis of the address data to generate second verification data; first verification data received by the verification data receiving means and generation by the data conversion means Verification means for verifying whether or not the obtained second verification data has the same value; and when the verification means verifies that the data has the same value,
Encrypted communication data extracted from a plurality of previously stored encrypted communication data with a second address, the encrypted communication data specified by the second address data extracted by the second address data extracting means. A transmitting apparatus comprising: an extracting unit; and an encrypted communication data transmitting unit that transmits the encrypted communication data extracted by the encrypted communication data extracting unit to the receiving device. 10. The data conversion means includes a random number data generation and transmission means for generating random number data and transmitting the generated random number data to the receiving device, wherein the data conversion means comprises a second address data extraction means. The second extracted by
10. The transmission according to claim 9, wherein predetermined data conversion is performed on the basis of the address data and the random number data generated by the random number data generation / transmission unit to generate second verification data. apparatus. 11. The data conversion means includes a random number data receiving means for receiving random number data from the receiving device, and the data conversion means includes a second random number data extracted by the second address data extraction means.
10. The transmitting apparatus according to claim 9, wherein a predetermined data conversion is performed based on the address data and the random number data received by the random number data receiving means to generate second verification data. . 12. Encrypted communication data in which communication data is encrypted is transmitted from a transmitting device to a receiving device before the encrypted communication, and the encrypted communication data received by the receiving device is transmitted.
By decrypting using the decryption key data held by itself, the receiving device shares the communication data stored in advance by the transmitting device, and following this operation, the encrypted communication is performed using the shared communication data. A computer-readable recording medium in which a program on a receiving device side in a device authentication system for performing the above is recorded, wherein the receiving device stores a data set including first address data, second address data, and decryption key data in one. A first address data transmitting step of transmitting, to the computer, first address data belonging to one of the data sets stored in advance by the receiving device to the transmitting device; A predetermined data conversion is performed based on the second address data belonging to one data set, and the verification data is obtained. A data conversion step of generating; a verification data transmission step of transmitting the verification data to the transmission device; an encryption communication data reception step of receiving encrypted communication data from the transmission device; Decrypting the encrypted communication data received in the encrypted communication data receiving step using the decryption key data belonging to the one data set to generate communication data. A computer-readable recording medium on which a program on the receiving device side is recorded. 13. Encrypted authentication data in which authentication data is encrypted is transmitted from a transmitting device to a receiving device before encrypted communication, and the encrypted authentication data received by the receiving device is transmitted to the receiving device.
By decrypting using the decryption key data held by itself, the receiving device shares the authentication data stored in advance by the transmitting device, and following this operation, the encrypted communication is performed using the shared authentication data. A computer-readable recording medium in which a program on a transmission device side in a device authentication system for performing the following is recorded, the transmission device comprising: a second address data with a first address capable of specifying second address data from the first address data; , A plurality of encrypted communication data with a second address capable of specifying the encrypted communication data from the second address data, and a plurality of the encrypted communication data with the second address are stored in advance in the computer. 1
An address data receiving step, from the plurality of second address data with the first address stored in advance by the receiving device,
A second address data extracting step of extracting second address data specified by the first address data received in the address data receiving step; and a verification data receiving step of receiving the first verification data from the receiving device. A data conversion step of performing predetermined data conversion based on the second address data extracted in the second address data extraction step to generate second verification data; and a verification data reception step. A verification step for verifying whether the received first verification data and the second verification data generated by the data conversion step have the same value, and when the verification step verifies that the received data has the same value. From a plurality of encrypted communication data with a second address stored in advance, the second address data An encrypted communication data extraction step of extracting encrypted communication data specified by the second address data extracted by the extraction step; and an encryption extracted by the encrypted communication data extraction step to the receiving device. A computer-readable recording medium on which a program for a transmission device is recorded, wherein the transmission data is transmitted in an encrypted communication data transmission step of transmitting communication data.