JP5499145B2 - Authentication system and media - Google Patents

Description

  Embodiments described herein relate to an authentication system and media.

In recent years, with the development of the information society, content that has been digitized such as books, newspapers, music and videos is distributed, and the content recorded on the recording medium via the user terminal or the user terminal is transmitted to the user terminal or the PC environment. Content distribution systems that enable browsing are widely used.

JP 2005-341156 A JP 2010-268417 A

  The embodiment described below aims to improve security.

An information recording apparatus according to an embodiment described below is for performing data communication via a secure channel with a memory unit storing various data, a controller configured to control the given memory unit, and a host device. Interface unit. The controller
A controller key and first controller identification information unique to the controller are held.

The controller includes a controller unique key generation unit that generates a unique controller unique key for each controller based on the controller key and the first controller identification information;
A controller identification information generation unit that generates second controller identification information based on the controller identification information, an authentication key exchange processing unit that executes an authentication key exchange process between the decoder and the host device.

The memory unit includes a normal recording unit that can be freely accessed from the outside, a secret recording unit, and a system information recording unit. The secret recording unit can be accessed on condition that the predetermined authentication process is completed. The system information recording unit includes an encrypted media device key obtained by encrypting a media device key that functions as a private key for public key cryptography with a controller unique key, a media device key certificate that functions as a public key for public key cryptography, Is stored.

The decryptor is configured to be able to obtain the media device key by decrypting the encrypted media device key using the controller unique key.

The authentication key exchange processing unit performs authentication key exchange processing with the host device via the interface unit using the media device key, the media device key certificate, and the second controller identification information. After establishing a secure channel, the media device key, media device key certificate,
The second controller identification information is transmitted to the host unit via the secure channel and interface unit.

The processing method of the information recording device of the embodiment described below is a method of executing authentication processing between the information recording device and the host device. The information recording apparatus has a memory unit and a controller that controls the memory unit. In addition, the information recording apparatus is given a controller key and first controller identification information, and further, a media device key that functions as a secret key of the public key cryptosystem, and a media device key certificate that functions as a public key of the public key cryptosystem Is stored in the secret recording unit in the memory unit. The media device key is encrypted by the controller unique key generated based on the controller key and the first controller identification information, and is recorded in the secret recording unit as an encrypted media device key.

The host device holds a host device key that functions as a secret key of the public key cryptosystem and a host device key certificate that functions as a public key of the public key cryptosystem.

  This method consists of the following steps.

(1) Second controller identification information (IDcntr) based on the first controller identification information
(2) An authentication key exchange process is executed based on the encrypted media device key, the media device key certificate, the second controller identification information, and the host device key and the host device certificate, and the media device key A step of acquiring in the host device the media device key certificate information and the second controller identification information embedded in the certificate. (3) Based on the media device key certificate information and the second controller identification information received by the host device. Step of generating information recording device identification information (4) Step of generating a media unique key based on information recording device identification information

It is a block diagram which shows the structure of the memory card 1000 used for the information recording system which concerns on 1st Embodiment. FIG. 2 is an equivalent circuit diagram showing a configuration of the memory 100 (NAND flash memory) in FIG. 1. 6 is a schematic diagram illustrating a method for writing an encrypted media device key and a media device key certificate to the memory card 1000 in the first embodiment. FIG. It is a block diagram which shows the structure and operation | movement of the memory card 1000 and the host apparatus 2000 which are included in the information recording system which concerns on 1st Embodiment. It is a block diagram which shows the structure and operation | movement of the memory card 1000 and the host apparatus 2000 which are included in the information recording system which concerns on 1st Embodiment. It is a block diagram which shows the structure and operation | movement of the memory card 1000 and the host apparatus 2000 which are included in the information recording system which concerns on 2nd Embodiment. It is a flowchart which shows operation | movement of the information recording system which concerns on 2nd Embodiment.

Electronic content (hereinafter simply referred to as content) can be easily duplicated,
Fraudulent behavior that ignores copyright associated with content is likely to occur. From the viewpoint of protecting the content from such illegal acts, the content is normally encrypted and recorded on a recording medium, and is decrypted at the time of reproduction only by a legitimate device.

In addition, an encrypted double key scheme in which a content key for encrypting content is double-encrypted with two types of keys is considered. Of the encryption keys, a key unique to the recording medium (for example, a media unique key) is securely recorded in a secret area of the recording medium and cannot be accessed from the outside of the recording medium. For this reason, for example, even if only encrypted content key data is copied illegally, the content cannot be used (decrypted) without a media unique key necessary for decrypting the encrypted content key.

However, when such a media unique key is illegally read out by some method and passed to an unauthorized recording medium (memory card) manufacturer, a clone card that copies a legitimate recording medium (memory card) will be circulated, It is possible that content data is used illegally.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 shows a configuration of a memory card (nonvolatile memory system) 1000 used in the information recording system according to the first embodiment. The memory card 1000 is configured to be able to store content data encrypted. Note that the nonvolatile memory system is not necessarily in the form of a memory card, and the memory card 1000 may be mounted in a manner that is not removable from the host device 2000.

The memory card 1000 is configured to be connectable to a host device 2000 (not shown in FIG. 1), and is configured to execute a predetermined authentication key exchange process with the host device 2000. When the authentication key exchange process is completed, the memory card 10 is sent from the host device 2000.
Data can be written to or read from the 00 system information recording unit and secret recording unit. Further, the memory card 10 can be obtained by the host device 2000 or a playback device connected thereto.
Data necessary for decrypting the encrypted content data stored in 00 can be read, and the content data can be reproduced.

Then, the memory card 1000 according to the present embodiment uses the media device key Kmd_i, which is a secret key of the public key cryptosystem, and the public key of the public key cryptosystem for the authentication key exchange process with the host device 2000. The included media device key certificate Cert _media can be stored. Details will be described later.

The memory card 1000 includes a NAND flash memory 100 (hereinafter referred to as a memory 10).
0) and a controller 200 for controlling the read / write operation in the memory 100. Here, a case where a NAND flash memory is adopted as an example of the memory 100 will be described. However, other memory devices (magnetic disk drive device, resistance change memory, ferroelectric memory, magnetic memory that can store data in a nonvolatile manner are described. It is also possible to employ a resistance memory, a phase change memory, or the like) as the memory 100.

The controller 200 temporarily holds a NAND flash interface 201 for performing data transfer with the memory 100, a host interface 202 for performing data transfer with an external device such as the host device 2000, and read / write data. Buffer RAM 203, MPU 204 for performing data transfer control, NAND flash memory 21
Hardware sequencer 205, decryptor 206, encryptor 207, and fuse circuit 20 used for read / write sequence control of firmware (FW)
8 has.

The NAND flash interface 201 includes an error correction circuit (ECC).
When writing data to the NAND flash memory, the NAND flash interface 201 calculates an error correction code using an error correction circuit, and converts the data and the error correction code to NA.
Write to the ND flash memory 21. The NAND flash interface 201
When reading data from the NAND flash memory, the syndrome is calculated from the data and the error correction code, and the error of the data is corrected within a predetermined error correction capability range.

Firmware (FW) necessary for the controller 200 is stored in the memory 10 in an initialization operation (power-on initial setup operation) that is automatically executed after power-on.
It is automatically read from 0 and transferred to the data register (buffer RAM) 203.
This read control is performed by the hardware sequencer 205. The firmware may be stored in a ROM in the controller 200. The firmware in this embodiment includes a unidirectional converter 211, an ID generator 212, an authentication key exchange processing unit 213, and the like, as will be described later.

The fuse circuit 208 stores a controller key Kc and a controller unique ID (IDcu) for identifying the controller 20. The controller key Kc and the controller unique ID (IDcu) are used to generate a controller unique key Kcu as will be described later. The controller unique key Kcu is the media device key Km described above.
It is used to encrypt d_i when it is recorded in the system information recording unit 103 of the memory card 1000. The controller unique key Kcu is generated in the unidirectional converter 211 using the controller key Kc and the controller unique ID (IDcu) as input values. That is, the one-way converter 211 is an aspect of a controller unique key generation unit for generating a controller unique key.

Further, the ID generator 212 (controller identification information generation unit) generates a public controller unique ID (IDcntr) transmitted to the outside using the controller key Kc and the controller unique ID (IDcu) as input values.

The authentication key exchange processing unit 213 executes an authentication key exchange process with the host device 2000 based on the media device key Kmd_i and the media device key certificate Cert _media .

As shown in FIG. 2, the memory 100 includes a NAND cell unit (NAND string) in which a plurality of electrically rewritable nonvolatile memory cells (32 memory cells in the illustrated example) M0 to M31 are connected in series. NU is arranged.

One end of the NAND cell unit NU is connected to the bit line B via the selection gate transistor S1.
The other end of Lo and BLe is connected to the common source line CELSRC via the selection gate transistor S2.
Connected to. The control gates of the memory cells M0 to M31 are word lines WL0 to WL3, respectively.
1 and the gates of the selection gate transistors S1, S2 are selection gate lines SGD, SG.
Connected to S.

A set of NAND cell units arranged in the word line direction constitutes a block serving as a minimum unit of data erasure, and a plurality of blocks BLK0 to BLK are arranged in the bit line direction as shown in the figure.
n-1 is arranged. Some of the blocks BLK are set as the normal recording unit 101 that the user can freely access without special authentication processing, and the other part can be accessed after a certain authentication key exchange processing The other part is set as the system information recording unit 103 that records predetermined information at the time of manufacturing the memory card. Each of the normal recording unit 101, the secret recording unit 102, and the system information recording unit 103 is assigned a logical address. Designation of the logical address of the secret recording unit 102 is allowed only when an authentication key exchange process described later is completed.

In the normal recording unit 101, data of 2 bits or more can be stored in one memory cell. On the other hand, the secret recording unit 102 and the system information recording unit 103 can store only 1-bit data in one memory cell from the viewpoint of ensuring data reliability. In the normal recording unit 11, the correspondence relationship between the logical address and the physical address is dynamically changed as the data is updated. However, the data recording reliability of the secret recording unit 12 and the system information recording unit 103 is ensured. From the viewpoint, the correspondence between the logical address and the physical address may be controlled to be fixed statically.

A sense amplifier circuit 3 used for reading and writing cell data is arranged on one end side of the bit lines BLe and BLo, and a row decoder 2 for selecting and driving the word line and the selection gate line is arranged on one end side of the word line. The In the figure, adjacent even-numbered bit lines BLe and odd-numbered bit lines BLo are selectively connected to each sense amplifier S of the sense amplifier circuit 3 by a bit line selection circuit.
A case of being connected to A is shown.

Next, a manufacturing process of the memory card 1000 and a method of writing the media device key Kmd_i and the media device key certificate Cert _media of FIG. 1 will be described with reference to FIG.

The media device key Kmd_i and the media device key certificate Cert _media to be written to the memory card 1000 are sent from the key issuing / management center 3000 to the memory card manufacturer C.
1 and the memory 1 constituting the memory card 1000 via the controller 200
00 is written in the system information recording unit 103. Although not shown in FIG. 1, the memory card 1000 is connected to a device (a personal computer, a mobile phone terminal, a public terminal, etc.) having a predetermined communication function. The key issuing / management center 3 is connected via a device having such a communication function.
Data issued from 000 is written to the memory card 1000.

As described above, the media device key Kmd_i is a secret key of the public key cryptosystem, while the media device key certificate Cert _media is data including a public key corresponding to the media device key Kmd_i as a secret key. Media device key certificate Cert _{m
The media} includes a media device key certificate ID (IDm_c) that is identification information unique to the certificate.
ert) is also embedded.

In the manufacture of the memory card 1000, the controller 200 is provided from the controller manufacturer A, and the memory 100 is provided from the memory manufacturer B to the memory card manufacturer C. In addition, any or all of manufacturers A, B, and C may be the same company. In order for the memory card 1000 to be operable, the memory card manufacturer C must
Write necessary information.

When the controller manufacturer A manufactures the controller 200, the controller 200
Of the controller key Kc and the controller unique ID (IDcu) as confidential information.
) Is written. The controller key Kc is used for a plurality of controllers 2 for reasons of manufacturing processes.
00 may be a common key. On the other hand, the controller unique ID is different for each controller 200, and a controller unique key generated in one controller 200 is always different from a controller unique key generated in another controller 200.

The controller manufacturer A discloses the data of the controller key Kc assigned to the controller 200 to the key issuing / management center 3000. The controller key Kc can be transmitted from the controller manufacturer A to the key issuing / management center 3000 using PGP encryption or the like.

Key issuing / management center 3000, the media device key Kmd_i or media device key certificate and key generating unit 3002 for generating a _{Cert media,} generated media device key Kmd_i and a device key database managing media device key certificate _{Cert media} 3001 And an encryption unit 3003 for encrypting the media device key Kmd_i using the controller key Kc received from the controller manufacturer A.

The controller key Kc is the media device key K in the key issuing / management center 3000.
Used to encrypt md_i. The media device key Kmd_i is the key generator 30
After being generated at 02, it is stored in the device key database 3001. Encryptor 3003
Is supplied with the corresponding media device key Kmd_i from the device key database 3001, and encrypts it with the controller key Kc to encrypt the encrypted media device key Enc (Kc,
Kmd_i) is generated.

The controller key Kc is information that only the controller manufacturer A and the key issuing / management center 3000 can know. However, in order to reduce the damage when the information of the controller key Kc leaks to the outside due to some accident or circumstances, it is desirable to change it in units of a certain amount of controller, for example, every production lot.

In the key generator 3002 and the device key database 3001, the memory card 100
Not only the media device key Kmd_i for 0 and the media device key certificate Cert _media but also the host device key Khd_i and host device certificate Certost for the host device 2000 described later are generated and managed in the same manner.

The memory card manufacturer C receives the supply of the controller 200 from the controller manufacturer A, and encrypts the media device key (encrypted media device key Enc (Kc, Kmd_i) for the controller 200 and the corresponding media) The device key certificate Cert _media is received from the key issuance / key management center 3000. In order to receive the desired encrypted media device key Enc (Kc, Kmd_i), for example, the model number or manufacturing lot number of the controller 200 is presented. It is possible to receive the media device key encrypted with the correct controller key Kc.

The encrypted media device key Enc (Kc, Kmd_i) is temporarily written in the buffer RAM 203 of the controller 200. Then, the controller 200 decrypts the encrypted media device key Enc (Kc, Kmd_i) in the decryptor 206 using the controller key Kc that the controller 200 has. As a result, the media device key Kmd_i is obtained in the controller 200.

On the other hand, the one-way converter 211 calculates a one-way function using the controller key Kc and controller unique ID (IDcu) held in the controller 200 as input values, and generates a controller unique key Kcu. Using this newly generated controller unique key Kcu, the media device key Kmd_i is encrypted again by the encryptor 207,
An encrypted media device key Enc (Kcu, Kmd_i) is generated. The encrypted media device key Enc (Kcu, Kmd_i) is stored in the system information recording unit 103 of the memory 100 supplied from the memory manufacturer B. Media device key certificate Cert _me corresponding to the encrypted media device key Enc (Kcu, Kmd_i) written at this time
_Dia is similarly stored in the system information recording unit 103.

The controller unique key (Kcu) is generated using the controller key Kc and the controller unique ID (IDcu) that are concealed in the controller 200. Therefore, there is little risk that information necessary for decrypting the encrypted media device key Enc (Kcu, Kmd_i) will be leaked to the outside, and the encrypted media device key Enc once written in the memory 100
In order to make (Kcu, Kmd_i) usable by the separate controller 200, it is very difficult to illegally re-encrypt (encrypt with the original controller unique key Kcu1 and then with another controller unique key Kcu2). It has become difficult.

In the first embodiment, the controller key Kc and the controller unique ID (IDc
The one-way function is used when generating the controller unique key Kcu from u).
Any function that can generate one output data from one input data may be used, and the function is not particularly limited to a one-way function.

Next, the overall configuration and operation of the information recording system according to the first embodiment will be described with reference to FIG. The memory card 1000 given the encrypted media device key Enc (Kcu, Kmd_i) and the media device key certificate Cert _media as described above is connected to the host device 2000 as shown in FIG. The content data C can be written from the host device 2000, or the captured content data C can be output to the host device 2000. The memory card 1000 and the host device 2000 constitute one information recording system.

Here, the structure of the host device 2000 will be described. The host device 2000 includes a holding unit 401, an authentication key exchange processing unit 402, an ID combination unit 403, a one-way converter 404, a random number generator 405, an encryption / decryption unit 406, and an encryption / decryption unit 407.

The holding unit 401 stores the host device key Khd_j and the host device certificate C described above.
It stores ert _host . The host device key Khd_j is a private key of a public key cryptosystem, and the host device certificate Cert _host is data including a public key that is paired with the host device key Khd_j.

The authentication key exchange processing unit 402 executes an authentication key exchange process with the authentication key exchange processing unit 213 of the memory card 1000 via the interface units 500 and 202 and the secure channel to perform a media device key certificate ID (IDm_cert ). The ID combining unit 403 also uses the memory card unique ID (IDmc) based on the public controller unique ID (IDcntr) and the media device key certificate ID (IDm_cert).
). This ID combination unit 403 is a controller unique ID.
It functions as an identification information generating unit that generates a memory card unique ID (IDmc) based on (IDcntr) and the media device key certificate ID (IDm_cert). This I
The D combining unit 403 generates another new ID by simply combining two IDs. Instead of such simple coupling, a new ID may be generated using, for example, a one-way function or a cryptographic algorithm.

The one-way converter 404 has a memory card unique ID (IDmc) and a random number generator 4
A media unique key Kmu is generated by a one-way function using the media key Km generated in 05 as an input. The random number generator 405 generates a random number and generates a media key Km and a title key Kt based on the acquired random number. The encryption / decryption device 406 encrypts the title key Kt with the above-mentioned media unique key Kmu. The encryption / decryption device 407 encrypts the content data C with the title key Kt (encrypted content data Enc (K
t, C)).

The media unique key Kmu is generated by the host device 2000 and is used as an encryption key for encrypting the title key Kt in the present embodiment. Similarly to the conventional content protection technology, a form in which the media unique key Kmu recorded in the secret recording unit 102 is directly used for encryption of the content data C is also possible. Also applicable to the double encryption method that encrypts the user key Ku unique to the user with the media unique key Kmu, further encrypts the content key Kct with the user key Ku, and further encrypts the content data with the content key Kct. It is.

In addition, the media key Km and the title key Kt are not only generated in the host device, but may be written in a memory card in advance or may be given from an external device (not shown).

Next, the operation when the content data C is written from the host device 2000 to the memory card 1000 will be described with reference to FIG. First, the memory card 10
00 uses the one-way converter 211 and the controller key Kc and the controller unique I
A controller unique key Kcu is generated from D (IDcu). Then, using this controller unique key Kcu, the encrypted media device key Enc (Kcu, Kmd_i)
To obtain the media device key Kmd_i. The media device key Kmd_i and the media device key certificate Cert _media are transferred to the authentication key exchange processing unit 213.

On the other hand, the host device 2000 transfers the host device key Khd_j and the host device key certificate Cert _host to the authentication key exchange processing unit 402. As a result, the authentication key exchange processing units 213 and 402 execute an authentication key exchange process. When the processing is completed, a secure channel is established between the memory card 1000 and the host device 2000. When the secure channel is established, the ID generator 212 can output the public controller unique ID (IDcntr) generated by the ID generator 212 through the secure channel via the interface unit.

When the secure channel is established, the ID generator 403 performs public controller unique I
A memory card unique ID (IDmc) is generated by combining D (IDcntr) and the media device key certificate ID (IDm_cert).

The host device 2000 generates a media key (Km) using the random number generator 405 and records the generated media key Km in the secret recording unit 102 of the memory card 1000 via the secure channel and interface units 500 and 202.

The host device 2000 generates a media unique key Kmu from the media key Km and the memory card unique ID (IDmc) using the unidirectional converter 404.

The host device 2000 generates the title key Kt using the random number generator 405, further encrypts the title key Kt with the media unique key Kmu using the encryption / decryption device 406, and encrypts the encrypted title key Kte = Enc (Kmu, Kt ) Is recorded in the normal recording unit 101 of the memory card 100. Further, the host device 2000 encrypts the content data C using the title key Kt, and records the encrypted content data Ce = Enc (Kt, C)) in the normal recording unit 101 of the memory card 1000. Thus, the recording operation of the content data C is completed.

Next, an operation when reading content data C from the memory card 1000 to the host device 2000 will be described with reference to FIG. The authentication key exchange processing by the authentication key exchange processing units 213 and 402 and the operation in the ID combination unit 403 are substantially the same as in the case of the write operation (FIG. 4).

When the authentication key exchange process is completed and the secure channel is established, the secret recording unit 102 and the system information recording unit 103 can be accessed (that is, the logical addresses of the secret recording unit 102 and the system information recording unit 103 are set). The media key Km recorded in the secret recording unit 102 of the memory card 1000 is provided to the unidirectional converter 404 of the host device 2000 via the secure channel. The one-way converter 404 generates a media unique key Kmu using the media key Km and the above-mentioned memory card unique ID (IDmc). The encryption / decryption device 407 uses this media unique key Kmu to decrypt the encrypted title key Enc (Kmu, Kt) stored in the memory card 100 to obtain the title key Kt. Then, using the obtained title key Kt, the memory card 1
The content data C is obtained by decrypting the encrypted content data Enc (Kt, C) stored in 00.

As described above, in this embodiment, the media device key Kmd_i and the media device key certificate Cert _media according to the public key cryptosystem are used for the authentication key exchange process. However, the controller key Kc of the controller 200 and the controller unique I
A controller unique ID (IDcntr) is generated based on D (IDcu), and this controller unique ID (IDcntr) is supplied to the host device 2000 via a secure channel. Since the transmission is via the secure channel, the controller unique ID (IDcntr) is not leaked to the outside, and tampering is prevented. Further, the controller unique ID (IDcntr) and the media device key certificate ID (IDm
_Cert) and the ID combination unit 403 based on the memory card unique ID (ID
mc) is generated. Based on this memory card unique ID (IDmc), a media unique key Kmu of the memory 100 in the memory card 1000 is generated. in this way,
According to the present embodiment, even when an authentication key exchange process using a public key cryptosystem is performed,
A public key / private key pair and a controller unique ID (IDc unique to the controller 200)
ntr) can be associated with each other, thereby preventing the spread of clone cards.

[Second Embodiment]
FIG. 6 is a block diagram showing a configuration of an information recording system according to the second embodiment. Since the hardware configuration of the memory card 1000 may be the same as that shown in FIGS. 1 and 2, description thereof will be omitted below. In the present embodiment, as shown in FIG. 6, the authentication key exchange processing unit 213
The operation is different. That is, the authentication key exchange processing unit 213 here is the ID generator 21.
The controller unique ID (IDcntr) generated in step 2 is directly connected to the host device 2000.
Is transmitted to the authentication key exchange processing unit 213 in the controller 200. The controller unique ID (IDcntr) is used as one of the parameters for the authentication key exchange process. When the authentication key exchange process is completed, the controller unique ID (I
Dcntr) is transmitted to the ID combination unit 403 together with the media device key certificate ID (IDm_cert). Subsequent operations are substantially the same as those in the first embodiment.

FIG. 7 illustrates an operation procedure when standard authentication key exchange based on elliptic curve cryptography is used.

The host device generates a random number RNh (step S1), and the host device key certificate Cert
_The data is sent to the memory card 1000 together with the _host (step S2). The memory card 1000 verifies the digital signature attached to the received host device key certificate Cert _host and generates a random number RNm (step S3).

Subsequently, the memory card 1000 stores the random number RNm and the media device key certificate (Cert _m
edia ) is sent to the host device (step S4). In response to this, the host device 2000 verifies the digital signature attached to the received media device key certificate Cert _media . The memory card 1000 performs the process of step S4, generates a random number Mk necessary for Diffie-Hellman key exchange processing in elliptic curve cryptography, and uses the base point G of the elliptic curve for a challenge value Mv (= Mk * G) is calculated. Then, IDcntr is generated by the ID generator 212, the challenge value Mv using the media device key Kmd_i, the random number RNh received in step S2, and the controller unique I
A digital signature for D (IDcntr) is generated (step S6). Memory card 1
000 is the challenge value Mv generated in step S6, the controller unique ID (I
Dcntr) and the digital signature are sent to the host device 2000 (step S7).

The host apparatus 2000 verifies the signature received in step S7, and D in the elliptic curve encryption
A random number Hk necessary for the iffie-Hellman key exchange process is generated, and a challenge value Hv (= Hk * G) is calculated using the base point G of the elliptic curve. Then, using the host device key Khd_j, the challenge value Hv and the random number RNm received in step S4
And a shared key K generated by the authentication key exchange process
s (= Hk * Mv) is calculated (step S8). The host device 2000 sends the challenge value Hv and the digital signature generated in step S8 to the memory card 1000 (step S9). In response to this, the memory card 1000 verifies the digital signature received in step S9 and calculates a shared key Ks (= Mk * Hv). If the signature cannot be correctly verified in the digital signature verification process of the above process, the subsequent process is stopped in any step.

By performing the above authentication key exchange process, the host device and the memory card can share the shared key secretly. In the authentication key exchange process, since the shared key is calculated using the challenges generated by the host device and the memory card, the value of the shared key differs for each authentication key exchange process.

As mentioned above, although several embodiment of this invention was described, these embodiment is shown as an example and is not intending limiting the range of invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof. For example, in the above embodiment, the ID generator 212 generates a controller unique ID (IDcntr) based on the controller key Kc and controller unique ID (IDcu) pair. However, instead of this, the controller unique ID (IDcntr) may be generated based only on the controller unique ID (IDcu). Controller unique ID (IDcu) concealed by the controller 200
If other unique information that can be disclosed to the outside can be generated while keeping the information secret, the parameters used are not questioned. However, the function used for generation is irreversible, such as a one-way function, and a function that does not obtain the original control unique ID (IDcu) by performing a reverse calculation from the obtained control unique ID (IDcntr). Must be selected.

  Several embodiments will be described below.

[1] Host key information and host certification information are stored, a first random number is generated, and the first random number and the host certification information with the first signature information are sent to a medium, and the medium From the second random number, the media certification information stored in the medium, and the signature processing using the media key information, the first random number, the third random number different from the second random number, and the base of the elliptic curve Receiving the first value calculated using the points and the unique ID information generated by executing a one-way function calculation based on the controller key information and the controller identification information stored in the medium, Verifying the second signature information attached to the media certification information sent from, generating a fourth random number, calculating a second value using the fourth random number and the base point of the elliptic curve, Using the serial host key information, the signature processing performed on the second value and the second random number sent from the media, generating the shared key information shared key exchange process with the media.

In the description of [2] and [1], when the verification of the second signature information fails, the processing after the verification is stopped.

[3] In the description of [1], the shared key information is generated based on the fourth random number and the first value.

[4] In the description of [1], the second value is sent to the medium,
The shared key information can be newly generated based on the third random number and the second value.

In [5] and [1], the shared key information is set to a different value each time the key exchange process is performed.

[6] Having host certification information, generating a first random number, sending the first random number and the host certification information to a medium, and sending the second random number, the media certification information, and an elliptic curve from the medium Based on the first value calculated using the base point and the third random number, and the controller key information and controller identification information stored in the medium, the one-way function calculation is performed and the media key information is generated. Receiving the unique ID information subjected to the signature processing, generating a fourth random number, calculating a second value using the fourth random number and the base point of the elliptic curve, and calculating the first value and the first Based on the four random numbers, shared key information shared by the key exchange process with the medium is generated.

[7] The first random number and the host certification information are sent to the medium, the second random number, the media certification information, the value calculated using the third random number from the medium, the controller key information of the medium, and The unique ID information generated based on the controller identification information and signed using the media key information is received, a fourth random number is generated, and calculated using the fourth random number and the third random number. The shared key information is generated based on the obtained value.

[8] Sending the host certification information to the medium, receiving the media certification information from the medium, verifying the signature information of the media certification information, and calculating from the medium using a random number generated by the medium And the second signature information subjected to the signature processing using the media key information in the information including the unique ID information generated based on the controller key information and the controller identification information, the second signature information is Validate.

1000 ... Memory card, 2000 ... Host device, 3000 ... Key issuance /
Management center, 100 ... memory, 200 ... controller.

Claims (10)

In the authentication system between the media that authenticates using the key information and the host,
The medium includes a memory and a controller that controls the memory, and stores media key information (Kmd_i) , media certification information, controller key information, and controller identification information.
The host stores host key information and host certification information;
The host is
Generating a first random number, sending the first random number and the host certification information to the medium;
The media is
Verifying the first signature information attached to the host certification information sent from the host;
Generating a second random number and a third random number calculated based on the elliptic curve cryptography, calculating a first value using the third random number and a base point of the elliptic curve,
Generates unique ID information (IDcntr) running a one-way function operation based on said controller identification information and the controller key information,
Using the media key information (Kmd_i) , signature processing is performed on the first random number, the first value, and the unique ID information (IDcntr) to generate second signature information, and the second signature information And sending the first random number different from the second signature information , the first value, the unique ID information (IDcntr) , and the media certification information to the host,
The host is
Authentication system characterized by verifying the second signature information sent from the media. The authentication system according to claim 1,
When the verification of the first signature information fails for the media, the authentication system stops processing after the verification. In the authentication system according to claim 1 or 2,
An authentication system in which the host stops processing after the verification when the verification of the second signature information fails. In the authentication system according to claim 1 or claim 3,
The host is
Generating a fourth random number calculated based on the elliptic curve encryption, calculating a second value using the fourth random number and the base point of the elliptic curve,
A signature process is performed on the second random number and the second value using the host key information,
An authentication system for generating shared key information shared by key exchange processing with the media. The authentication system according to claim 4,
The shared key information is an authentication system generated based on the third random number and the second value. The authentication system according to claim 4,
The host is
Sending the second value to the media;
An authentication system in which the medium newly generates shared key information based on the third random number and the second value. In the authentication system according to claim 4 or 6,
An authentication system in which the shared key information takes a different value each time the key exchange process is performed. In an authentication system between a host having host certification information and media having media key information (Kmd_i) , media certification information, controller key information, and controller identification information,
The host is
Generating a first random number, sending the first random number and the host certification information to the medium;
The media is
Verifying the first signature information attached to the host certification information sent from the host;
Generating a second random number and a third random number calculated based on the elliptic curve cryptography, calculating a first value using the third random number and a base point of the elliptic curve,
Generates unique ID information (IDcntr) running a one-way function operation based on said controller identification information and the controller key information,
Using the media key information (Kmd_i) , signature processing is performed on the first random number, the first value, and the unique ID information (IDcntr) to generate second signature information, and the second signature information And sending the first random number, the first value, the unique ID information (IDcntr) , and the media certification information different from the second signature information to the host. Memory,
A controller for controlling the memory,
Media key information (Kmd_i) , media certification information, controller key information, and controller identification information are stored.
When receiving the first random number and the host certification information from the host, the first signature information attached to the host certification information is verified,
When it is determined that the verification of the first signature information is successful, a second random number and a third random number calculated based on the elliptic curve cryptography are generated, and the third random number and the base point of the elliptic curve are used to generate the second random number. 1 value is calculated, to generate a unique ID information (IDcntr) running a one-way function operation based on said controller key information and said controller identification information, the using the media key information (Kmd_i) first Signature processing is performed on one random number, the first value, and the unique ID information (IDcntr) to generate second signature information, and the second signature information is different from the second signature information . 2 random numbers, the first value, the unique ID information (IDcntr) , and the media certification information are sent to the host,
When the verification of the second signature information in the previous SL host fails, media, wherein the processes after said verification is stopped. With a controller that controls the memory,
Media key information (Kmd_i) , media certification information, controller key information, and controller identification information;
When receiving the first random number and the host certification information from the host, the first signature information attached to the host certification information is verified,
Generating a second random number and a third random number calculated based on the elliptic curve cryptography, calculating a first value using the third random number and a base point of the elliptic curve,
Generates unique ID information (IDcntr) running a one-way function operation based on said controller identification information and the controller key information,
Using the media key information (Kmd_i) , signature processing is performed on the first random number, the first value, and the unique ID information (IDcntr) to generate second signature information, and the second signature information And sending the second random number, the first value, the unique ID information (IDcntr) , and the media certification information different from the second signature information to the host.

Images