JP2013074322A - Message authentication system, communication device, and communication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To increase resistance to an attack about which a device having acquired knowledge of a message authentication key earlier spoofs as a message transmission device and attacks in the case that there is a message receiving device which conveys the message authentication key earlier and a message receiving device which conveys it later.SOLUTION: A message generation unit 11 of a message transmission device 1 generates a message, a message authentication key generation unit 12 generates a message authentication key, and an authentication code generation unit 13 generates an authentication code for the message by use of the message authentication key and notifies message receiving devices of the message authentication key and the authentication code separately from the message. In addition, each of the message receiving devices performs authentication of the transmitted message by use of the notified message authentication key and the authentication code.

Description

  The present invention relates to a message authentication system, a communication apparatus, and a communication program. For example, in a sensor network system, a server that manages and controls the system transmits a message to a sensor node, and the message is transmitted from the server. This can be applied to a message authentication system, a communication apparatus, and a communication program in which a node confirms this.

  For example, in a sensor network system, a node (communication device) is developed with an emphasis on cost reduction, and is often predicated on the following restrictions.

  The first restriction is that a CPU having a high processing capacity is not always mounted. The second restriction is that a tamper resistant memory is not always installed.

  For example, in a sensor network system, it is common to adopt a multi-hop communication form in which a plurality of nodes relay data exchange.

  Here, it is assumed that the server transmits software update data to a plurality of nodes. In this case, the server transmits update data by multicast to the node group to be updated, and the node authenticates that the update data is correct data from the server.

  Conventionally, there is a digital signature technique using public key cryptography as a technique for realizing authentication of such multicast data.

  However, in the situation of the first restriction described above, the application of the public key cryptosystem may increase the processing load, and the application of the common key cryptosystem with a low processing load is more preferable. For example, a method in which a server and a node group have a group common key, and a node authenticates data from the server using the group common key corresponds to this. However, under the situation of the second restriction described above, it is difficult to guarantee that the group common key of the node is not leaked, and it is difficult to guarantee that the node is not changed to a node that performs an illegal operation.

  Therefore, even update data that each node succeeded in authentication processing may be attack software introduced by an attacker (malicious person), or it is tampered with by an unauthorized router node in the middle of relaying multi-hop communication. It is necessary to consider that it may be.

  Under the above-described circumstances, the technologies described in Non-Patent Document 1 and Patent Documents 1 to 3 are known as conventional techniques for providing resistance to an attacker's spoofing attack when a node authenticates software update data from a server. is there.

  Non-Patent Document 1 describes that a server and a node are time synchronized, and the server changes a message authentication key used for generating an authentication code of a message for each time interval.

  In the technology described in Non-Patent Document 1, the node regards each message authentication key as valid only in each time interval to which each key is assigned. Then, at the time of message transmission, the server generates an authentication code while keeping the message authentication key considered valid in the time interval secret from the node, and adds the generated authentication code to the message for transmission. Then, after the time interval in which the message authentication key is considered valid, the message authentication key is disclosed to the nodes. The node authenticates that the published message authentication key is a key published by the server, and further uses the message authentication key that has succeeded in the authentication to receive the message received in the time interval for the message authentication key. By verifying the authentication code, it is possible to provide resistance against an attacker's spoofing attack on the server.

  Further, in Non-Patent Document 1, instead of time synchronization, the server performs transmission confirmation (authentication number synchronization) to the node using the technique described in Patent Document 1, so that an attacker's spoofing attack on the server is performed. A technique for providing tolerance to the above has been proposed.

  In this case, the server discloses the message authentication key after confirming whether or not the message to be authenticated by the node group has surely reached all the nodes in the group. When the server discloses the message authentication key, it means that the correct message has arrived at all the nodes to which the message is sent. Therefore, even if an attacker inputs an impersonation message to the server after the message authentication key is disclosed, it can be excluded that the reception order is a later message in each node.

  Furthermore, when it is desired to authenticate a message having a large data size such as software update data, the technique of Non-Patent Document 1 cannot start the message authentication process until the message authentication key is released. There is a problem that the memory burden increases. In view of the above problems, Patent Documents 2 and 3 describe a method in which only an authentication code is transmitted before a message and a message is transmitted later.

  The transmission confirmation (authentication frequency synchronization) that is a point in the above-described conventional technology is a problem that a node that knows the message authentication key in advance can send an impersonation message to the server to a node that knows later. It is made to solve the problem.

JP 2006-157856 A JP 2006-345408 A JP 2008-141360 A

Adrian Perrig, J.M. D. By Tyger, directed by Fumio Mizoguchi, "Security of Broadcast Communication in Wired / Wireless Networks", Kyoritsu Shuppan, pp. 172-177

  However, when various scenarios at the time of software update data transmission are taken into consideration, the above-mentioned transmission confirmation (synchronization of the number of authentications) in the prior art (Patent Documents 1-3, Non-Patent Document 1, etc.) is desired to be broken Is also present.

  For example, when there is a node that is in a communication-disabled state due to power saving control of the sensor network, etc., when it is desired to have the node in the communication-enabled state first authenticate update data, or For example, when the update data is transmitted / authenticated step by step, the update data is transmitted from an adjacent node that has already successfully authenticated the update data.

  However, breaking the synchronization of authentication in the node group in this way means that there is a node that teaches the message authentication key in advance, and the node that knows the message authentication key in advance will know later. There is a risk of spoofing messages to the server.

  Therefore, in a group of message receiving devices that are subject to message transmission, if there are a message receiving device that transmits the message authentication key in advance and a message receiving device that transmits the message authentication key later (even if the synchronization of authentication is lost), message authentication is performed. There is a need for a message authentication system, a communication device, and a communication program capable of providing resistance to a device that knows the key in advance and attacking as a message transmission device.

  In order to solve such a problem, in the present invention, a message transmission device generates an authentication code for a message for transmission using a message authentication key, and the message authentication key and the authentication code are generated separately from the message. The receiving apparatus is notified.

  The first aspect of the present invention is a message authentication system in which one or a plurality of message receiving devices authenticate a message from a message transmitting device, wherein (A) the message transmitting device is (A-1) each message receiving device is not yet acquired. Authentication code generating means for generating an authentication code for a message for transmission using the message authentication key of (A-2), including information including the message authentication key and the authentication code, the information being sent from the message transmitting device Authentication information notifying means for generating authentication information notification information that allows each message receiving device to specify that the information is correct, and (A-3) a message for distributing a message for transmission to each message receiving device Message distribution means for generating distribution information; (A-4) authentication information notification information generated by the authentication information notification means; Transmission means for transmitting the message distribution information generated by the sage distribution means to the message receiving device, and (B) each message receiving device: (B-1) authentication information notification information and message distribution information. Receiving means for receiving; (B-2) authentication information acquiring means for acquiring a message authentication key and an authentication code included in the authentication information notification information that can be identified as correct information from the message transmitting device; (B-3) A message authentication system comprising message authentication means for authenticating a message distributed by message distribution information using the message authentication key and authentication code acquired by the authentication information acquisition means. .

  According to a second aspect of the present invention, in a communication device that transmits a message to one or a plurality of message receiving devices, (1) an authentication code for a message for transmission using a message authentication key that has not been acquired by each message receiving device. And (2) information including a message authentication key and an authentication code, and authentication enabling each message receiving device to specify that the information is correct information from the communication device. Authentication information notification means for generating information notification information, (3) message distribution means for generating message distribution information for distributing a message for transmission to each message receiving device, and (4) authentication information notification means Transmitting means for transmitting authentication information notification information and message distribution information generated by the message distribution means to the message receiving device; A communication device, characterized in that it comprises.

  The third aspect of the present invention is a communication device that receives a message from a message transmission device, and includes (1) authentication information notification information including a message authentication key and an authentication code for the message, and a message for transmission from the message transmission device. Receiving means for receiving message distribution information; and (2) acquisition of authentication information for acquiring a message authentication key and an authentication code included in authentication information notification information that can be identified as correct information from the message transmitting device. And (3) a message authentication unit that authenticates a message distributed by message distribution information using the message authentication key and authentication code acquired by the authentication information acquisition unit. .

  According to a fourth aspect of the present invention, there is provided a communication program for transmitting a message to one or a plurality of message receiving devices, and (1) a message for transmission using a message authentication key that has not been acquired by each message receiving device. (2) information including a message authentication key and an authentication code, and causing each message receiving device to specify that the information is correct information from the communication device. Authentication information notification means for generating authentication information notification information, (3) message distribution means for generating message distribution information for distributing a message for transmission to each message receiving device, and (4) authentication information notification means Authentication information notification information and message distribution information generated by the message distribution means to the message receiving device. A communication program for causing to function as transmission means signals for.

  According to a fifth aspect of the present invention, there is provided a communication program for receiving a message from a message transmission device, wherein: (1) authentication information notification information including a message authentication key and an authentication code for the message is transmitted from the message transmission device; Receiving means for receiving message distribution information including a message; and (2) authentication for acquiring a message authentication key and an authentication code included in authentication information notification information that can be identified as correct information from the message transmitting device. An information acquisition means, and (3) a communication program that functions as a message authentication means for authenticating a message distributed by message distribution information using the message authentication key and authentication code acquired by the authentication information acquisition means. is there.

  According to the present invention, when there is a message receiving apparatus that transmits a message authentication key in advance and a message receiving apparatus that transmits a message authentication key later, an apparatus that has previously received the message authentication key impersonates a message transmitting apparatus and attacks. It is possible to have resistance against this.

It is a block diagram which shows the internal structure of the message transmission apparatus of the node (communication apparatus) in 1st Embodiment. It is a block diagram which shows the internal structure of the message receiving apparatus of the node (communication apparatus) in 1st Embodiment. It is explanatory drawing explaining the structural example and precondition of the communication system which performs the message authentication system of 1st Embodiment. It is explanatory drawing explaining the process of the notification and acquisition of the authentication information of the 1st step of 1st Embodiment. It is explanatory drawing explaining the message distribution and authentication process of the 2nd step of 1st Embodiment. It is explanatory drawing explaining the effect by notifying the message authentication key and authentication code | symbol of 1st Embodiment simultaneously. It is a figure which shows the internal structure of the message transmission apparatus of the node (communication apparatus) in 2nd Embodiment. It is a figure which shows the internal structure of the message receiver of the node (communication apparatus) in 2nd Embodiment. It is explanatory drawing explaining operation | movement of the message notification process of the 1st step of 2nd Embodiment. It is explanatory drawing explaining operation | movement of the request | requirement process of the authentication information of the 2nd step of 2nd Embodiment. It is explanatory drawing explaining operation | movement of the notification of the authentication information and acquisition process of the 3rd step of 2nd Embodiment. It is explanatory drawing explaining operation | movement of the message delivery request process of the 4th step of 2nd Embodiment. It is explanatory drawing explaining operation | movement of the distribution of the message of the 5th step of 2nd Embodiment, and an authentication process.

(A) First Embodiment Hereinafter, a first embodiment of a message authentication system, a communication device, and a communication program of the present invention will be described in detail with reference to the drawings.

  The first embodiment will be described by exemplifying an embodiment in which the present invention is applied to each node (communication device) configuring a sensor network adopting multi-hop communication, for example.

  The first embodiment is characterized in that the message transmitting device notifies the message authentication key and the authentication code to the message receiving device in a form that can uniquely identify the notification from itself.

(A-1) Configuration of First Embodiment FIG. 1 is a block diagram showing an internal configuration of a message transmission device of a node (communication device) in the first embodiment.

  A message transmission device 1 illustrated in FIG. 1 includes a program execution configuration such as a CPU, ROM, RAM, EEPROM, and hard disk, and an interface for communicating with other communication devices. The message transmitting apparatus 1 may be able to realize the function by installing the processing program according to the embodiment. Even in this case, the message transmitting apparatus 1 has the configuration shown in FIG.

  In FIG. 1, the message transmission device 1 includes a message generation unit 11, a message authentication key generation unit 12, an authentication code generation unit 13, an authentication information notification unit 14, a message distribution unit 15, and a transmission unit 16.

  The message generator 11 generates a message that the message receiving device 2 wants to authenticate. Here, the message may include message identification information used to identify each generated message. The message generator 11 gives the generated message to the authentication code generator 13 and the message distributor 15.

  The message authentication key generation unit 12 generates a message authentication key used for generating an authentication code for a message. Here, the message authentication key generation unit 12 may change and generate a message authentication key for each message generated by the message generation unit 11. The method for generating the message authentication key is not particularly limited. For example, it is assumed that a random number bit string generated using a random number generator is used. The message authentication key generation unit 12 gives the generated message authentication key to the authentication code generation unit 13.

  The authentication code generation unit 13 generates an authentication code for the message given from the message generation unit 11 by using the message authentication key given from the message authentication key generation unit 12. The authentication code generation unit 13 gives the generated authentication code and the message authentication key given from the message authentication key generation unit 12 to the authentication information notification unit 14. The authentication code generation unit 13 authenticates the message identification information in order to identify which message the authentication code generated using the message authentication key from the message authentication key generation unit 12 is generated for. You may give to the information notification part 14. FIG.

  Here, the method of generating the authentication code is not particularly limited, but the authentication code generation unit 13 can apply a method of generating the authentication code using the authentication code generation function. For example, as the authentication code generation function, a method using a hash function, a MAC (Message Authentication Code) generation algorithm, or the like can be applied. Further, as a MAC generation algorithm, for example, CBC-MAC (Cipher Block Chaining-MAC) using block cipher such as AES cipher can be applied, and as a hash function, for example, MD5 (Message Digest 5), SHA-1 (Secure Hash Algorithm-1) can be applied. These authentication code generation functions must be determined in advance between the devices that perform communication and held mutually.

  The authentication information notification unit 14 generates authentication information notification information including a message authentication key, an authentication code, and message identification information given from the authentication code generation unit 13.

  Here, it is preferable that the authentication information notification information is uniquely specified to the message reception device 2 as being correct information from the message transmission device 1.

  Therefore, the authentication information notification unit 14 performs a unique specifying process for uniquely specifying that the authentication information notification information is correct information.

  Various methods can be widely applied as a method for causing the message receiving device 2 to uniquely identify the authentication information notification information. For example, the authentication information notification unit 14 is configured such that the message transmitting device 1 is a message receiving device. A method of generating an authentication code using a unique key (shared key) shared by a pair with 2 and adding the generated authentication code to the authentication information notification information can be applied. Thereby, it is possible to confirm that the authentication information notification information is correct information of the message transmitting apparatus 1 by authenticating the message receiving apparatus 2 using the fixed key and succeeding in the authentication.

  As another method, for example, the authentication information notification unit 14 performs an encryption process on the authentication information notification information in order to uniquely identify the authentication information notification information with the message receiving device 2. It may be.

  The authentication information notification unit 14 provides the generated authentication information notification information to the transmission unit 15.

  The message distribution unit 15 generates message distribution information for distributing the message given from the message generation unit 11 to the message receiving device.

  Here, if the message data size is larger than the size that can be delivered in one data frame, the message distribution unit 15 divides the message into a plurality of message distribution information and generates a plurality of message distribution information. Also good. Each message distribution information may be separately encrypted or an authentication code may be added. For example, an authentication code is added using a common key shared by the message transmission device 1 and all the message reception devices 2 that are the transmission targets of the message, so that an unauthorized operation by a third party who does not know the common key is performed. Of message distribution information can be prevented. The message distribution unit 15 gives the generated message distribution information to the transmission unit 16.

  The transmission unit 16 transmits the authentication information notification information from the authentication information notification unit 14 to the message reception device 2 that is a message transmission target. The transmission unit 16 transmits the message distribution information from the message distribution unit 15 to the message reception device 2 that is a message transmission target. Here, when there are a plurality of message receiving devices 2 as destinations, not only unicast transmission but also multicast transmission or broadcast transmission may be used.

  FIG. 2 is a block diagram illustrating an internal configuration of a message receiving device of a node (communication device) in the first embodiment.

  The message receiving device 2 shown in FIG. 2 has a program execution configuration such as a CPU, ROM, RAM, EEPROM, and hard disk, and an interface for communicating with other communication devices. The message receiving device 2 may be able to realize a function by installing the processing program according to the embodiment. Even in this case, the message receiving device 2 has a configuration functionally shown in FIG.

  In FIG. 2, the message reception device 2 includes a reception unit 21, an authentication information acquisition unit 22, a message authentication unit 23, a routing unit 24, and a transmission unit 25.

The receiving unit 21 provides authentication information notification information or message distribution information addressed to itself from another device to the authentication information acquisition unit 22 and the message authentication unit 23, respectively. The receiving unit 21 also gives the given information to the routing unit 24 when a destination other than itself is included in the final destination of each information. For example, when the broadcast address is set as the destination, or when the broadcast address is itself a relay device for multihop communication, the receiving unit 21 gives the given information to the routing unit 24.

  The authentication information acquisition unit 22 verifies whether the authentication information notification information given from the reception unit 21 is correct information from the message transmission device 1. If the verification is successful, the message authentication included in the information is verified. A key and an authentication code are acquired as message authentication information.

  Here, when the identification information of the message is included in the received authentication information notification information, the authentication information acquisition unit 22 authenticates the message indicated by the identification information with the authentication information of the acquired message. You may judge that it is information. The method for verifying the validity of the authentication information notification information is not particularly limited. For example, the authentication code added to the authentication information notification information is shared between the message receiving device 2 and the message transmitting device 1. It is possible to apply a method for verifying whether or not a key is generated using a pair of unique keys. The authentication information acquisition unit 22 gives the acquired message identification information, message authentication key information, and authentication code to the message authentication unit 23.

  The message authentication unit 23 restores a message from one or more message distribution information given from the reception unit 21, and uses the message authentication key and the authentication code given from the authentication information acquisition unit 22 to restore the restored message, It is to authenticate. The message authentication unit 22 acquires the identification information of the message from the restored message, and authenticates the message indicated by the identification information in the set of the message authentication key and the authentication code given from the authentication information acquisition unit 22 Message authentication processing may be performed using a message authentication key and an authentication code that are used for this purpose.

  The routing unit 24 refers to the authentication information notification information given from the receiving unit 21 or the final destination of the message distribution information, and specifies authentication information notification information specifying a route for delivery to the destination device, or Message distribution information is generated. The routing unit 24 gives the generated authentication information notification information or message distribution information to the transmission unit 25.

  The transmission unit 25 transmits authentication information notification information or message distribution information given from the routing unit 24 to another communication device.

(A-2) Operation of the First Embodiment Next, the operation of the message authentication system of the first embodiment will be described with reference to FIGS. Here, the operation of the message authentication system of the first exemplary embodiment mainly includes three steps (S101 to S103).

  FIG. 3 is an explanatory diagram illustrating a configuration example and preconditions of the communication system 9 that performs the message authentication system according to the first embodiment. FIG. 3 illustrates a communication system between a plurality of nodes constituting a sensor network that employs multi-hop communication, for example.

  The message transmitting device 000 shown in FIG. 3 and the circle shown in FIG. 3 are both nodes (communication devices). For convenience of explanation, a message transmitting device is referred to as a message transmitting device 000, and the other circles are referred to as message receiving devices.

  In the first embodiment, the message transmission device 000 sends a message M to a message reception device belonging to the group 101 that is a message transmission target (in FIG. 3, “A” is shown in a circle). Authenticate.

  Here, it is assumed that the group 101 includes message receiving devices 001 to 008 as shown in FIG.

  The message transmitting device 000 and the message receiving devices 001 to 008 share a pair of unique keys K_001 to K_008, respectively.

  FIG. 3A shows, for example, the holding state of the unique key of each message reception device stored in the storage unit by the message transmission device 000. As shown in FIG. 3A, the message transmission device 000 is shared between “identification information” for identifying the devices constituting the group and the corresponding device for each “group identification information” of the message transmission target. The “unique key” to be associated is held. For example, in FIG. 3A, “identification information: 001” to “identification information: 008” belong to “group identification information: 101”. For example, the unique key of the device of “identification information: 001” is “ This indicates that it is “unique key: K — 001”.

  Hereinafter, an operation example in the case where the message transmitting device 000 authenticates a message prior to the message receiving devices 001 to 004 among the devices belonging to the group 101 will be described.

"First stage: Notification and acquisition of authentication information (S101)"
FIG. 4 is an explanatory diagram illustrating the first-stage authentication information notification and acquisition process.

  First, the message generation unit 11 of the message transmission device 000 generates a message (I_M0 || M0). Here, || indicates concatenation of data strings. “I_M0” is identification information of the message M0, and the message includes the identification information I_M0.

  The message authentication key generation unit 12 of the message transmission device 000 generates a message authentication key AK_M0 of the message (I_M0 || M0).

  The authentication code generation unit 13 of the message transmission device 000 generates an authentication code MAC (AK_M0, “I_M0 || M0”) for the message (I_M0 || M0) using the generated message authentication key AK_M0.

  Here, MAC (X, Y) indicates an authentication code for the data string Y generated using the key X.

  In the message transmission device 000, the authentication information notification unit 14 generates authentication information notification information including message identification information I_M0, a message authentication key AK_M0, and an authentication code MAC (AK_M0, “I_M0 || M0”).

  For example, when generating authentication information notification information addressed to the message receiving device 002, authentication information is used to uniquely confirm that the authentication information notification information is the correct information transmitted by the message transmitting device 000. The information notification unit 14 generates an authentication code using a fixed key (shared key) “K — 002” shared by the message transmission device 000 and the message reception device 002 as a pair, and adds the authentication code to the authentication information notification information.

  FIG. 4A is a configuration diagram illustrating the configuration of authentication information notification information. FIG. 4A shows a configuration example of authentication information notification information addressed to the message receiving device 002. For example, the authentication information notification information includes “destination identification information: 002”, “sender identification information: 000”, “message identification information: I_MO”, “message authentication key AK_M0”, “authentication code MAC (AK_M0,“ I_M0 | ”). | M0 ")".

  The authentication information notification unit 14 generates an authentication code using a pair of unique keys “K — 002” between the message transmission device 000 and the message reception device 002, and adds the authentication code to the authentication information notification information.

  Here, the method for generating the authentication code by the authentication information notification unit 14 is not particularly limited, but for example, a method using an authentication code generation function such as a hash function or a MAC (Message Authentication Code) generation algorithm can be applied. .

  The authentication information notification information to which the authentication code is added by the authentication information notification unit 14 is transmitted to the message reception devices 001 to 008 belonging to the group 101 that is a message transmission target via the transmission unit 16.

  When the authentication information notification information is received by the reception unit 21 in the message reception devices 001 to 008, the received authentication information notification information is given to the authentication information acquisition unit 22.

  For example, in the case of the message reception device 002, the authentication information acquisition unit 22 verifies the authentication code included in the received authentication information notification information using the unique key “K — 002” shared with the message transmission device 000 as a pair, It is verified whether the given authentication information notification information is correct information from the message transmitting device 000. When the verification is successful, the message authentication key AK_M0 and the authentication code MAC (AK_M0, “I_M0 || M0”) included in the authentication information notification information are acquired as the authentication information of the message indicated by the identification information I_M0.

  Similarly, with respect to the other message receiving devices 001, 003, and 004, the authentication information notification information is transmitted from the message transmitting device 000, and each message receiving device acquires the authentication information given from the message transmitting device 000.

“Second stage: Message distribution and authentication (S102)”
FIG. 5 is an explanatory diagram for explaining message distribution and authentication processing in the second stage.

  In the message transmission device 100, the message distribution unit 15 receives the message (I_M0 || M0) generated by the message generation unit 11, and generates one or more message distribution information.

  FIG. 5A is an explanatory diagram illustrating the configuration of message distribution information. FIG. 5A illustrates a case where the broadcast address of “group: 101” is used. The message distribution information includes “destination identification information: 101”, “transmission source identification information: 000”, and “message: I_M0 || M0”.

  The message distribution information is transmitted to the message receiving device that is the message transmission target via the transmission unit 16. Here, it is assumed that a message is received by the message receiving devices 001 to 004 in the group 101 of message receiving devices to be transmitted.

  In each of the message receiving devices 001 to 004, when the message distribution information is received by the reception unit 21, the received message distribution information is given to the message authentication unit 23.

  In each of the message reception devices 001 to 004, the message authentication unit 23 restores the message identification information I_M0 and the message M0 from the received message distribution information.

  At this time, the message authentication unit 23 uses the same authentication code generated using the message authentication key AK_M0 indicated by the identification information I_M0 from the authentication information acquisition unit 23 for the restored message (I_M0 || M0). It is verified whether or not it matches with the authentication code MAC (AK_M0, “I_M0 || M0”) from the authentication information acquisition unit 23.

  If they match, the verification succeeds and the verification succeeds, thereby authenticating that the restored message M0 is a correct message transmitted by the message transmitting device 000.

  In the above operation, the message transmitting device 000 notifies the message receiving devices 001 to 004 that are the object of message transmission of a message authentication key and an authentication code for authenticating the message separately from the message.

  Only when the message receiving device 001 to 004 can uniquely identify that the message is correct information from the message transmitting device using the notified message authentication key and authentication code when the message is delivered. It is obtained as authentication information of a message.

  Thus, in the first embodiment, the message transmitting apparatus 000 notifies not only the message authentication key but also the message authentication code at the same time. The effect of notifying the message authentication key and the authentication code at the same time will be described below.

  FIG. 6 is an explanatory diagram for explaining the effect of simultaneously notifying the message authentication key and the authentication code.

  FIG. 6 shows a state in which only the message receiving devices 001 to 004 have authenticated the message M0 among the plurality of message receiving devices 001 to 008 to be transmitted. That is, each of the message receiving devices 001 to 004 has already acquired the message authentication key AK_M0.

  Here, the malicious message receiving device 004 that previously knew the message authentication key AK_M0 impersonated the message sending device 000 against the message receiving devices 005 to 008 that do not yet know the message authentication key AK_M0. Consider a case where an attempt is made to input a message M1 ".

  First, the case where the message transmitting apparatus 000 notifies the message receiving apparatus of only the message authentication key will be described.

  If the message transmitting apparatus 000 notifies only the message authentication key AK_M0 as the message authentication information, the malicious message receiving apparatus 004 uses the already acquired message authentication key AK_M0 to indicate “illegal message”. An unauthorized authentication code MAC (AK_M0, “I_M0 || M1”) that bypasses the authentication for “M1” can be generated. Therefore, if the message receiving device 004 inputs the unauthorized authentication code together with the “illegal message M1” to the message receiving devices 005 to 008, the message receiving device 005 to 008 sends “illegal message M1” from the message transmitting device 000. If it is correct information, it will be illegally authenticated.

  On the other hand, when the message transmitting apparatus 000 notifies the message authentication key and the authentication code as message authentication information simultaneously as in the first embodiment, the malicious message receiving apparatus 004 Either of them must succeed.

  The first attack is established when the malicious message receiving device 004 illegally acquires the unique keys K005 to K_008 that the message transmitting device 000 and the message receiving devices 005 to 008 share in pairs.

  In this case, the malicious message receiving device 004 obtains the unique key, thereby obtaining a fake message authentication key AK_M1 and a fake authentication code MAC (AK_M1, I_M0) used for authenticating the “illegal message M1”. || M1) is impersonated as false authentication information notification information, and the message transmission device 000 is impersonated and notified. Accordingly, the malicious message receiving device 004 can cause the message receiving device that has notified the false authentication information to authenticate the “illegal message M1” as a correct message transmitted by the message transmitting device 000.

  This attack does not hold on the premise that the unique key shared by the message transmitting device 000 and the message receiving device is secure. For example, even if the unique key of an arbitrary message receiving apparatus is illegally leaked, the above attack is effective only for the message receiving apparatus and does not affect other message receiving apparatuses.

  The second attack is established when the malicious message receiving device 004 finds an unauthorized message M0 'that passes through the authentication check using the correct authentication information notified by the message transmitting device 000.

  That is, the malicious message receiving device 004 finds “illegal message M1” in which MAC (AK_M0, I_M0 || M0) = MAC (AK_M0, I_M0 || M1).

  However, it may be considered that this attack is extremely difficult in terms of calculation amount by setting appropriate parameters such as an authentication code length and a key length.

(A-3) Effect of First Embodiment As described above, in the first embodiment, in a group of message receiving devices to be transmitted, a message receiving device that teaches a message authentication key in advance and a message that is taught later. Even if there is a receiving device (even if the synchronization of authentication is lost), it is possible to withstand a spoofing attack on the message transmitting device of a device that has previously known the message authentication key.

(B) Second Embodiment Next, a second embodiment of the message authentication system, communication apparatus, and communication program of the present invention will be described with reference to the drawings.

  In the second embodiment, in a group of message receiving devices that are message transmission targets, a message receiving device that has previously authenticated the message delivers the message to another message receiving device instead of the message transmitting device. It is characterized by doing.

(B-1) Configuration of Second Embodiment FIG. 7 is a diagram illustrating an internal configuration of a message transmission device of a node (communication device) in the second embodiment.

  7, the message transmission device 3 includes a message generation unit 11, a message authentication key generation unit 12, an authentication code generation unit 13, an authentication information notification unit 31, a message distribution unit 15, a transmission unit 16, and a reception unit 32.

  In FIG. 7, the same components as those in the first embodiment are denoted by the same reference numerals. Below, it demonstrates in detail centering on the authentication information notification part 31 and the receiving part 32 in which operation | movement differs from 2nd Embodiment.

  The authentication information notification unit 31 basically performs the same operation as the authentication information notification unit 14 described in the first embodiment.

  Further, in addition to the operation described in the first embodiment, the authentication information notification unit 31 receives the authentication information request information from the reception unit 32, generates authentication information notification information including the authentication information of the corresponding message, and responds. To do.

  The authentication information notification unit 31 manages message authentication information generated in the past. For example, the authentication information notification unit 31 can apply a method of managing message identification information, a message authentication key indicated by the message identification information, and an authentication code in association with each other.

  Then, the authentication information notification unit 31 refers to the message authentication information corresponding to the message identification information included in the received authentication information request information, and sends the message identification to the message receiving device that is the request source of the authentication information request information. Authentication information notification information including a message authentication key and an authentication code corresponding to the information is generated and given to the transmission unit 16.

  The receiving unit 32 gives the authentication information requesting information received from the message receiving device 2 to the authentication information notifying unit 31.

  FIG. 8 is a diagram illustrating an internal configuration of a message receiving device of a node (communication device) in the second embodiment.

  In FIG. 8, the message reception device 4 includes a reception unit 41, an authentication information acquisition unit 22, a message authentication unit 42, a message management unit 43, a message distribution unit 44, an authentication information request unit 45, a routing unit 24, and a transmission unit 46. .

  In FIG. 8, the same code | symbol is attached | subjected to the component demonstrated in 1st Embodiment. Hereinafter, the operations of the reception unit 41, the message authentication unit 42, the message management unit 43, the message distribution unit 44, the authentication information request unit 45, and the transmission unit 46, which are different from those in the first embodiment, will be described in detail. .

  The receiving unit 41 is basically the same as the operation of the receiving unit 21 of the first embodiment, but further receives message notification information addressed to itself and message distribution request information given from another device. This is given to the message management unit 43.

  The message authentication unit 42 is basically the same as the operation of the message authentication unit 23 of the first embodiment, but further provides the message management unit 43 with a message that has been successfully authenticated.

  The message management unit 43 manages messages that have been successfully authenticated. Notification of management messages to other message receiving devices, identification of unacquired messages, request for message delivery to other message receiving devices Instructing message delivery to other message receivers.

  In other words, the message management unit 43 manages a message given from the message authentication unit 42 and successfully authenticated. For example, the message management unit 43 holds message identification information of a message that has been successfully authenticated.

  The message management unit 43 generates message notification information and notifies the transmission unit 46 of the generated message notification information in order to notify other message receiving devices of the presence of a message that has already been successfully authenticated and managed. You may make it give.

  Here, as message notification information, for example, it is assumed that message identification information is included, but the present invention is not limited to this. The message notification information may be encrypted or an authentication code may be added.

  Next, the message management unit 43 gives a message managed by the message management unit 43 to the message distribution unit in order to distribute it to other message reception devices instead of the message transmission device. For example, the requested message may be given to the message distribution unit 44 by receiving message distribution request information from the reception unit 41.

  Next, the message management unit 43 generates message distribution request information and gives the message distribution request information to the transmission unit 46 in order to acquire an unacquired message from another message receiving device. For example, message distribution request information may be given to the transmission unit 46 by receiving message notification information from the reception unit 41 and identifying that the message notified by the message notification information has not yet been acquired. .

  Next, the message management unit 43 provides the authentication information requesting unit 45 with identification information of an unacquired message in order to request the message transmitting apparatus 1 for authentication information of an unacquired message.

  The message distribution unit 44 generates message distribution information for distributing the message given from the message management unit 43 to other message receiving devices.

  When the message data size is larger than the size that can be delivered in one data frame, the message may be divided into a plurality of message distribution information to generate a plurality of message distribution information. Each message distribution information may be separately encrypted or an authentication code may be added. For example, by adding an authentication code using a common key shared with other message receiving apparatuses, it is possible to prevent unauthorized message distribution information from being input by a third party who does not know the common key. The message distribution unit gives the generated message distribution information to the transmission unit 46.

  The authentication information request unit 45 receives the identification information of the unacquired message from the message management unit 43, so that the authentication information request unit 45 requests the message transmission apparatus 1 for the authentication information of the message indicated by the identification information. Generate request information.

  Here, the authentication information request | requirement part 45 produces | generates what includes the identification information of the message which wants to acquire authentication information (a message authentication key and an authentication code) in authentication information request information, for example. Further, the authentication information request unit 45 gives the generated authentication information request information to the transmission unit 46.

  The transmission unit 46 is basically the same as the operation of the transmission unit 25 of the first embodiment, but further transmits the message notification information and the message delivery request information given from the message management unit 43 to other communication devices. To send to. The transmission unit 46 transmits the authentication information request information given from the authentication information request unit 45 to the message transmission device 1. Further, the transmission unit 46 transmits the message distribution information given from the message distribution unit 44 to the target message receiving device.

(B-2) Operation of Second Embodiment Next, the operation of the message authentication system of the second embodiment will be described with reference to FIGS.

  The operation of the second embodiment will be described on the assumption that the operation of the first embodiment described with reference to FIGS. 3 to 6 has been completed.

  Here, the operation of the message authentication system of the second exemplary embodiment mainly includes five steps (S201 to S205).

“First stage: message notification (S201)”
FIG. 9 is an explanatory diagram for explaining the operation of the message notification processing in the first stage of the second embodiment.

  First, in the message receiving device 004, the message management unit 43 manages a message (I_M0 || M0) that has been successfully authenticated. The message management unit 43 generates message notification information including identification information I_M0 of the acquired message in order to notify other message reception devices of acquisition of a new message. Then, this message notification information is transmitted to another message reception device 2 via the transmission unit 46.

  For example, in the case of FIG. 9A, the message receiving device 004 transmits message notification information including “destination identification information: 101”, “transmission source identification information:”, and “message identification information: I_M0” indicating the group 1. To do. The message notification information is transferred to another message receiving device by multi-hop communication.

“Second stage: Request for authentication information (S202)”
FIG. 10 is an explanatory diagram for explaining the operation of the authentication information request process in the second stage of the second embodiment.

  Message notification information from the message reception device 004 is received by the message reception devices 005 and 006.

  In the message reception devices 005 and 006, the message management unit 43 determines whether or not the message management unit 43 is the message identification information of the message already acquired based on the message identification information I_M0 included in the message notification information received by the reception unit 41. Identify

  That is, the message management unit 43 holds message identification information of a message that has been successfully authenticated, and whether the message identification information included in the message notification information received this time is present in the message identification information held by itself. Judge whether or not. The message management unit 43 identifies that the message has been acquired when the message identification information exists, and identifies that the message has not been acquired when it does not exist.

  When the message management unit 43 determines that the message has not been acquired, the message management unit 43 requests authentication information (message authentication key and authentication code) of the message from the message transmitting device 000. The message identification information I_M0 is given to 45.

  The authentication information request unit 45 generates authentication information request information including the received message identification information I_M0, and gives the generated authentication information request information to the transmission unit 46. The transmission unit 46 transmits the authentication information request information to the message transmission device 000.

  Here, FIG. 10A is a configuration example of authentication information request information transmitted by the message receiving device 005, and FIG. 10B shows a configuration example of authentication information request information transmitted by the message receiving device 006. . As shown in FIGS. 10A and 10B, the authentication information request information includes the message transmission device 000 as “destination identification information: 000” and the “message identification information: I_M0” of the message for requesting the authentication information. include.

“Third stage: Notification and acquisition of authentication information (S203)”
FIG. 11 is an explanatory diagram for explaining the operation of authentication information notification and acquisition processing in the third stage of the second embodiment.

  Authentication information request information from the message receiving devices 005 and 006 is received by the message transmitting device 000. In the message transmission device 000, the authentication information notification unit 31 receives the authentication information request information from the reception unit 32.

  Since the authentication information notification unit 31 manages past message authentication information, the message authentication key AK_M0 corresponding to the message identification information I_M0 included in the authentication information request information received this time and the authentication code MAC (AK_M0) , “I_M0 || M0”).

  Then, the authentication information notification unit 31 generates authentication information notification information using the message identification information I_M0, the message authentication key AK_M0, and the authentication code MAC (AK_M0, “I_M0 || M0”).

  FIG. 11A is a configuration diagram illustrating a configuration example of authentication information notification information addressed to the message reception device 005.

  As shown in FIG. 11A, the authentication information notification unit 31 sets “destination identification information: 005” and “transmission source identification information: 000”, “message identification information I_M0”, “message authentication key AK_M0”, and , Information including “authentication code MAC (AK_M0,“ I_M0 || M0 ”)” is generated.

  Further, the authentication information notifying unit 31 generates an authentication code using the pair of unique keys “K — 005” between the message transmitting device 000 and the message receiving device 005, and assigns the authentication code to the above information to perform authentication. Information notification information is generated.

  The authentication information notification information generated as described above is transmitted to the message reception devices 005 and 006 via the transmission unit 16.

  In the message receiving device 005, the authentication information notification information received by the receiving unit 32 is given to the authentication information acquiring unit 22.

  The authentication information acquisition unit 32 of the message reception device 005 verifies the authentication code included in the given authentication information notification information by using a shared key (unique key) K_005 shared with the message transmission device 000 as a pair. It is verified whether the authentication information notification information is correct information transmitted from the message transmitting apparatus 000.

  Then, when the verification is successful, the authentication information acquisition unit 32 indicates the message authentication key AK_M0 and the authentication code MAC (AK_M0, “I_M0 || M0”) included in the authentication information notification information by the identification information I_M0. Obtained as authentication information for messages.

  Similarly, the message reception device 006 transmits the authentication information notification information from the message transmission device 000, and acquires the authentication information of the message M0.

“Fourth stage: message delivery request (S204)”
FIG. 12 is an explanatory diagram for explaining the operation of the message delivery request process in the fourth stage of the second embodiment.

  When the authentication information is acquired in the message receiving devices 005 and 006, the message management unit 43 generates message delivery request information and sends the transmission unit 46 in order to have the message M0 to be received by the message management unit 43 delivered. To the message receiving device 004.

  Here, FIG. 12A is a configuration diagram showing a configuration example of message delivery request information transmitted by the message receiving device 005, and FIG. 12B shows message delivery request information transmitted by the message receiving device 006. It is a block diagram which shows a structural example. The message delivery request information includes “destination identification information”, “transmission source identification information”, and “message identification information”.

  As shown in FIGS. 12A and 12B, the transmission destination of the message delivery request information is “destination identification information: 004”. That is, the message receiving devices 005 and 006 transmit message delivery request information to the message receiving device 004 that is the transmission source of the message notification information.

  In the message reception device 004, when the message management unit 43 receives the message delivery request information from the reception unit 41, the message (I_M0) indicated by the identification information I_M0 included in the message delivery request information among the messages managed by the message management unit 43 itself. || M0) is given to the message distribution unit 44.

“Fifth stage: Message distribution and authentication (S205)”
FIG. 13 is an explanatory diagram for explaining the operation of message distribution and authentication processing in the fifth stage of the second embodiment.

  In the message receiving device 004, the message distribution unit 44 receives the message (I_M0 || M0) from the message management unit 43 and generates one or more message distribution information. Then, the message distribution unit 44 transmits the generated one or more message distribution information to the message reception devices 005 and 006 via the transmission unit 46.

  In each of the message reception devices 005 and 006, the message distribution information received by the reception unit 41 is given to the message authentication unit 42.

  In each of the message reception devices 005 and 006, the message authentication unit 41 restores the message identification information I_M0 and the message M0.

  The message authentication unit 41 uses the authentication code generated using the authentication key AK_M0 of the message indicated by the identification information I_M0 from the authentication information acquisition unit 22 for the restored message (I_M0 || M0). It is verified whether or not the authentication code MAC (AK_M0, “I_M0 || M0”) from the authentication information acquisition unit 22 matches. If they match, the message authentication unit 41 determines that the verification is successful, and authenticates that the restored message M0 is a correct message transmitted from the message transmission device 000.

(B-3) Effect According to the second embodiment, in a group of message receiving devices that are message transmission targets, a message receiving device that has previously authenticated and acquired a message is replaced with another message transmitting device. The message is distributed to the message receiving apparatus.

  When it is desired to distribute the same message having a large data size to a plurality of message receiving apparatuses, it is preferable that the message can be efficiently distributed using multicast delivery or the like. Here, let us consider a state in which a message has not yet been acquired for an arbitrary number of message receiving devices among a plurality of message receiving devices to be transmitted.

  At this time, the message transmitting apparatus needs to retransmit the message to each message receiving apparatus. In the case of a multi-hop network, message delivery from the message transmitting apparatus to each message receiving apparatus is performed by a plurality of message receiving apparatuses. There is a problem that the delivery cost of the relay device increases.

  In the second embodiment, message delivery efficiency can be improved by delivering a message to a message reception device that has not yet obtained a message, instead of the message transmission device being executed by the message reception device that has already obtained the message. . Also, each message receiving device obtains the authentication information of the distributed message safely from the message sending device, so that the malicious message receiving device throws an illegal message as in the first embodiment. Even in this case, it can be eliminated by an authentication check.

(C) Third Embodiment Next, a third embodiment of the message authentication system, the communication device, and the communication program of the present invention will be described with reference to the drawings.

  The first and second embodiments have described the case where the message transmitting apparatus notifies each message receiving apparatus of a common message authentication key and authentication code for each message.

  On the other hand, the third embodiment is an embodiment in which the message transmitting device notifies each message receiving device of a message authentication key and an authentication code that are different for each message and message receiving device.

(C-1) Configuration and Operation of Third Embodiment The third embodiment is different from the first and second embodiments in the internal configuration of the message transmitting apparatus. Specifically, the processing of the message authentication key generation unit 12 provided in the message transmission devices of the first and second embodiments shown in FIGS. 1 and 7 is different, and the other components are the first and second components. This is the same as the embodiment.

  Therefore, in the third embodiment, the processing of the message authentication key generation unit 12 of the message transmission devices 1 and 3 will be mainly described with reference to FIGS. 1 and 7.

  The message authentication key generation unit 12 of the third embodiment is basically the same as that of the first and second embodiments.

  The message authentication key generation unit 12 according to the third embodiment generates a different message authentication key for each message generated by the message generation unit 11. Furthermore, the message authentication key generation unit 12 of the third embodiment may generate a different message authentication key for each message receiving device 2 and 4 that is a message transmission target.

  For example, in FIG. 3, when the message transmission devices 1 and 3 transmit “message M0” to the message reception device 001, the message authentication key generation unit 12 of the third embodiment uses a random number generator to A different message authentication key AK_MO_001 is generated for each message receiving device 001.

  Therefore, when the message transmission devices 1 and 3 transmit “message M0” to the message reception devices 001 to 008, the message authentication key generation unit 12 of the third embodiment performs the process for each message and message reception device 001 to 008. Different message authentication keys AK_M0_001 to AK_M0_008 are generated.

  The authentication code generation unit 13 generates an authentication code for the corresponding message using the message authentication keys AK_M0_001 to AK_M0_008 for each message receiving device 001 to 008. Thereby, a different authentication code can be generated for each message and message receiving device. Note that the method described in the first and second embodiments can be applied to the method for generating the authentication code.

  For example, the authentication code generation unit 13 uses the message authentication key AK_M0_001 as a key input value to the authentication code generation function as an authentication code of “message MO” to be transmitted to the message receiving device 001, and uses MAC (AK_M0_001, “ I_M0 || M0 ").

  Similarly, the authentication code generation unit 13 uses authentication codes MAC (AK_M0_002, “I_M0 || M0”) to MAC (AK_M0_008, “I_M0 ||) as authentication codes of“ message MO ”to be transmitted to the message receiving devices 002 to 008. M0 ") is generated.

  The authentication information notification units 14 and 31 notify the corresponding message reception devices of the authentication information notification information including the message authentication key and the authentication code generated for each message reception device 2 and 4 for each message.

  The message receiving devices 2 and 4 have the same components as the internal configurations described in FIGS. 2 and 8 described in the first and second embodiments.

  Further, the operations in the message receiving devices 2 and 4 are different only in the message authentication key and the authentication code used for authenticating whether or not the message is correctly transmitted from the message transmitting device. The same as in the first and second embodiments.

(C-2) Effects of Third Embodiment As described above, according to the third embodiment, the message transmitting apparatus notifies the message authentication key and the authentication code that are different for each message receiving apparatus for each message. be able to.

  In the first embodiment, a malicious message receiving apparatus uses correct authentication information (message authentication key AK_M0 and authentication code MAC (AK_M0, “I_M0 || M0”)) notified by the message transmitting apparatus. It has been explained that an attack is established when an “illegal message M1” that passes through the authentication check can be found.

  On the other hand, according to the third embodiment, the message authentication key and the authentication code used for authenticating the same message M0 are different for each message receiving device.

  That is, even if the attacker finds “illegal message M1” that passes through the authentication check, the message authentication key and the authentication code are different, so that the “illegal message M1” is an authentication check for other message receiving devices. Does not pass.

  Further, when the authentication information notification information is notified by encrypting with a unique key shared by the message transmitting device and the message receiving device, the malicious message receiving device can authenticate the message by another message receiving device. Since even the message authentication information to be used cannot be specified, a spoofing attack on the message transmission device can be made more difficult.

(D) Other Embodiments In the description of each of the above embodiments, various modified embodiments have been referred to. However, modified embodiments as exemplified below can be cited.

(D-1) In the present invention, an operation for generating an authentication code using a message authentication key frequently appears. This is because the message authentication key is input as it is as an input value of the key to the authentication code generation function. Not exclusively. For example, an output value obtained by inputting the message authentication key to a specified function may be used as a key input to the authentication code generation function. The authentication code may be generated including information such as counter information, time information, and communication device identification information in order to prevent a replay attack.

(D-2) Although an example in which only one message is authenticated has been described in the present invention, the present invention is not limited to this. For example, a plurality of messages or their authentication information can be distributed in parallel. In this case, the correspondence between the message and its authentication information can be identified by adding message identification information to each message or each authentication information.

(D-3) In the present invention, the example in which the message is delivered after notifying the message authentication key and the authentication code has been described. However, the present invention is not limited to this. For example, the message authentication key and the authentication code may be notified after the message is distributed.

1 and 3 ... message transmitting device,
11 ... message generator, 12 ... message authentication key generator,
13 ... Authentication code generation unit, 14 ... Authentication information notification unit, 15 ... Message distribution unit,
16 ... Transmitting section, 31 ... Authentication information notifying section, 32 ... Receiving section,
2 and 4 ... message receiver,
21 and 41 ... receiving unit, 22 ... authentication information acquiring unit,
23 and 42 ... message authentication part, 24 ... routing part, 25 ... transmission part,
43 ... Message management unit, 44 ... Message distribution unit, 45 ... Authentication information request unit.

Claims (10)

In a message authentication system in which one or more message receiving devices authenticate a message from a message sending device,
The message transmitting device is
Authentication code generation means for generating an authentication code for a message for transmission using a message authentication key that has not been acquired by each of the message receiving devices,
Authentication information for generating authentication information notification information that includes the message authentication key and the authentication code, and that allows each message receiving device to specify that the information is correct information from the message transmitting device. Notification means;
Message distribution means for generating message distribution information for distributing the message for transmission to the message receiving devices;
Transmission means for transmitting the authentication information notification information generated by the authentication information notification means and the message distribution information generated by the message distribution means to the message receiving device;
Each of the message receiving devices
Receiving means for receiving the authentication information notification information and the message distribution information;
Authentication information acquisition means for acquiring the message authentication key and the authentication code included in the authentication information notification information that can be identified as correct information from the message transmitting device;
A message authentication system comprising: message authentication means for authenticating the message distributed by the message distribution information using the message authentication key and the authentication code acquired by the authentication information acquisition means. Each of the message receiving devices further includes
Message management means for managing the message authenticated by the message authentication means;
Message distribution means for generating message distribution information for distributing the message managed by the message management means to the other message receiving devices;
The message authentication system according to claim 1, further comprising: a transmission unit that transmits the message distribution information generated by the message distribution unit to the other message receiving device. The message transmission device further includes:
Receiving means for receiving authentication information request information for the distributed message from the message receiving device;
The message receiving device further comprises:
Authentication information requesting means for generating authentication information request information for requesting a message authentication key and an authentication code used to authenticate the message to the message transmitting device;
The message authentication system according to claim 1, further comprising: a transmission unit that transmits the authentication information request information generated by the authentication information request unit to the message transmission device. Each of the message transmitting device and each message receiving device has a pair of unique keys,
The authentication information notifying means of the message transmitting device generates the authentication information notifying information using the unique key with each of the message receiving devices,
The authentication information acquisition means of each message receiving device specifies that the authentication information notification information received using the unique key is correct information from the message transmitting device. The message authentication system according to claim 1.   The message authentication system according to claim 1, wherein the authentication code generation unit generates the authentication code using a message authentication key that is different for each message.   5. The message authentication according to claim 1, wherein the authentication code generation unit generates the authentication code using a message authentication key different for each of the message and the message receiving device. system. In a communication device that transmits a message to one or more message receiving devices,
Authentication code generation means for generating an authentication code for a message for transmission using a message authentication key that has not been acquired by each of the message receiving devices,
Authentication information notification for generating authentication information notification information that is information including the message authentication key and the authentication code, and that allows the message receiving device to specify that the information is correct information from the communication device. Means,
Message distribution means for generating message distribution information for distributing the message for transmission to the message receiving devices;
A communication apparatus comprising: the authentication information notification information generated by the authentication information notification means; and the transmission means for transmitting the message distribution information generated by the message distribution means to the message receiving apparatus. In a communication device that receives a message from a message transmission device,
Receiving means for receiving authentication information notification information including a message authentication key and an authentication code for the message and message distribution information including a message for transmission from the message transmitting device;
Authentication information acquisition means for acquiring the message authentication key and the authentication code included in the authentication information notification information that can be identified as correct information from the message transmitting device;
And a message authentication unit that authenticates the message distributed by the message distribution information using the message authentication key and the authentication code acquired by the authentication information acquisition unit. In a communication program for transmitting a message to one or a plurality of message receiving devices,
Computer
Authentication code generation means for generating an authentication code for a message for transmission using a message authentication key that has not been acquired by each message receiving device,
Authentication information notification for generating authentication information notification information that is information including the message authentication key and the authentication code, and that allows the message receiving device to specify that the information is correct information from the communication device. Means,
Message distribution means for generating message distribution information for distributing the message for transmission to each of the message receiving devices;
A communication program for causing the authentication information notification information generated by the authentication information notification means and the message distribution information generated by the message distribution means to function as a transmission means for transmitting to the message receiving device. In a communication program for receiving a message from a message transmission device,
Computer
Receiving means for receiving authentication information notification information including a message authentication key and an authentication code for the message and message distribution information including a message for transmission from the message transmitting device;
Authentication information acquisition means for acquiring the message authentication key and the authentication code included in the authentication information notification information that can be identified as correct information from the message transmitting device;
A communication program that functions as a message authentication unit that authenticates the message distributed by the message distribution information by using the message authentication key and the authentication code acquired by the authentication information acquisition unit.

Images