MXPA01009266A - Authentication communication device and authentication communication system - Google Patents

Authentication communication device and authentication communication system

Info

Publication number
MXPA01009266A
MXPA01009266A MXPA/A/2001/009266A MXPA01009266A MXPA01009266A MX PA01009266 A MXPA01009266 A MX PA01009266A MX PA01009266 A MXPA01009266 A MX PA01009266A MX PA01009266 A MXPA01009266 A MX PA01009266A
Authority
MX
Mexico
Prior art keywords
unit
random number
information
access
authentication
Prior art date
Application number
MXPA/A/2001/009266A
Other languages
Spanish (es)
Inventor
Shibata Osamu
Hirota Teruto
Yugawa Taihei
Sekibe Tsutomu
Saito Yoshiyuki
Otake Toshihiko
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of MXPA01009266A publication Critical patent/MXPA01009266A/en

Links

Abstract

An authentication communication device comprises a storage medium having an area for storing digital information therein and an access unit for reading digital information from the area and writing digital information in the area. The access unit authenticates the storage medium according to a challenge response authentication protocol using disturbed access information produced by disturbing access information indicative of the area. The access unit is authenticated by the storage medium. When the validity is of both the storage medium and the access unit authenticated, the access unit reads out digital information from the area of thestorage medium corresponding to access information separated from the disturbed access information or writes digital information therein.

Description

APPARATUS AND AUTHENTICATION COMMUNICATION SYSTEM TECHNICAL FIELD The present invention relates to a technique of mutual authentication between a device and a storage medium, before digital works protected by copyright are transferred between them.
BACKGROUND OF THE INVENTION In recent years, as a result of progress in digital information compression techniques and the widespread use of global communication infrastructures, such as the Internet, works protected by copyright such as music, images, video and Games are distributed via communication lines to houses as digital works protected by copyright. In order to establish a distribution system that protects the rights of copyright holders of digital works protected by copyright and profits of distributors, it is critical to prevent dishonest acts such as the acquisition of digital work protected by copyright through the interception of communications, capturing REF: 132930 telephone messages, usurpation of personalities and duplication and falsification of the data received and stored in a storage medium. Therefore, copyright protection techniques, such as encryption and authentication, are necessary to authenticate if a system is authorized and to encode the data. A variety of copyright protection techniques have been used in a conventional manner. A representative technique is a technique of mutual authentication of response to the identification signal. In this technique, when you have access to a confidential data storage area that stores confidential data, which requires copyright protection, a random number and a reply number are exchanged between the devices to authenticate in a mutual if the other is authorized. Access is allowed only when authentication is successful. After mutual authentication between the authorized devices has been carried out, an unauthorized party can usurp one of the authorized devices and dishonestly acquire confidential data by accessing the confidential data storage area.
DESCRIPTION OF THE INVENTION The present invention has been developed in view of these problems. The object of the present invention is to provide an access device, a storage medium, an authentication communication system, an authentication communication method and a storage medium that stores an authentication communication program that prevents the information to have access to a confidential data storage area. In order to achieve the above object, the present invention is an authentication communication system which is broadly composed of (a) a storage medium having an area for storing digital information and (b) an access device for reading / write digital information from / to the area, the authentication communication system includes: a first phase of authentication in which the authentic access device if the storage medium is authorized according to an authentication protocol of response to the signal of identification, when transmitting the coded access information generated when coding the access information showing the area, to the storage means; a second phase of authentication in which the authentic storage medium if the access device is authorized; and a transfer phase in which, when the storage means and the access device have authenticated each other as authorized devices, the storage means extracts the access information from the encrypted access information and the access device reads / write the digital information from / to the area shown by the access information. In this way, when mutual authentication is performed, information is encoded and transferred to access a confidential data storage area. Therefore, the confidentiality of the information can be improved to have access to a confidential data storage area. If the information to access a confidential data storage area is changed into different information and transferred for dishonest usurpation, mutual authentication is not successful. Therefore, access to the confidential data storage area is prevented.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows the external appearances of authentication communication systems 30 and 31 as specific example structures of an authentication communication system 100. Figure 1 (a) shows the external appearance of the authentication communication system 30 which is composed in general lines of a personal computer and a memory card 20, and Figure 1 (b) shows the external appearance of the communication system 31 of authentication which is composed in general lines of a personal stereo device, to the memory card 20, and a hearing aid; Figure 2 is a block diagram showing the constructions of a reader / writer apparatus and the memory card 20 that is included in the authentication communication system 100; Figure 3 shows the data structures of the access information, a seed of the random number and the access information of the random number; Figure 4 is a flow diagram showing an operation of the particular authentication communication system 100 which assumes that the information stored on a memory card is read, which is continued in Figure 5; Figure 5 is a continuation of the flow diagram in Figure 4 showing the operation of the authentication communication system 100; Figure 6 is a flowchart showing another operation of the particular authentication communication system 100 which assumes that the reader / writer apparatus 10 is an apparatus for writing information on a memory card; Figure 7 is a block diagram of the construction of an authentication communication system 100a as another embodiment; Figure 8 is a flow chart showing an operation that is unique to the authentication communication system 100a; Figure 9 is a block diagram of the construction of an authentication communication system 100b as another embodiment; Figure 10 is a flow diagram showing an operation that is unique to the authentication communication system 100b.
BEST MODE FOR CARRYING OUT THE INVENTION An authentication communication system 100 is explained below, as one embodiment of the present invention. 1. External Appearance and Pattern of Use of the Authentication Communication System 100 The external appearances of the authentication communication systems 30 and 31 as example-specific constructions of the authentication communication system 100 are shown in Figure 1 (a) and Figure 1. Kb). As shown in Figure 1 (a), the authentication communication system 30 is generally composed of a personal computer and a memory card 20. The personal computer includes a display unit, a keyboard, a loudspeaker, a microprocessor, a RAM (Random Access Memory), a ROM (Read Memory Only), and a hard disk drive, and is connected to a network such as the Internet via a communication line. The memory card 20 is inserted into a memory card slot that is to be loaded into the computer. As shown in Figure 1 (b), the authentication communication system 31 is generally composed of a personal stereo device, the memory card 20 and a hearing aid. The memory card 20 is inserted into a memory card slot to be loaded into the personal stereo device. The personal stereo apparatus is provided with a plurality of operating buttons on the upper surface and is connected to the hearing aid on a lateral surface. A user loads the memory card 20 into the personal computer, obtains a digital work protected by copyright, such as music from a server on the network (Web server), externally, via the Internet, and writes the protected digital work by copyright on the memory card 20. The user then loads the memory card 20 which stores the digital work protected by the copyright on the personal stereo device, and enjoy reproducing digital work protected by copyright by the personal stereo. Here, authentication according to an authentication protocol responsive to the identification signal is performed between the personal computer and the memory card 20 and between the personal stereo device and the memory card 20. Only when they mutually authenticate each other the devices, digital work protected by copyright is transferred between the devices. 2. Construction of the Authentication Communication System 100 As shown in Figure 2, the authentication communication system 100 is broadly composed of a reader / writer apparatus and the memory card 20. Here, the reader / writer apparatus 10 corresponds to the personal computer or the personal stereo device respectively shown in Figures 1 (a) and (b). 2. 1 Construction of the Reading / Writing Apparatus 10 The reader / writer apparatus 10 includes an access information storage unit 101, a random number seed storage unit 102, a combination unit 103, a storage unit 104, and public key, an encryption unit 105, a random number seed update unit 106, a mutual authentication unit 107, a temporary key generation unit 108, an encryption / decryption unit 109, a storage unit 110 of data and an input / output unit 111. The reader / writer apparatus 10 is equipped with a microprocessor, a RAM, a ROM and the like. Computer programs are stored in the ROM or similar, and the microprocessor operates in accordance with computer programs. (1) Input / Output Unit 111 The input / output unit 111 accepts a user operation and generates the access information to access the music information that is stored in a data storage unit 209 of the card. memory 20. As shown in Figure 3, the access information is 32 bits in length and is composed of the address information showing an address of an area in the data storage unit 209 on the memory card 20 and the size information that shows the size of the area. The address information is 24 bits in length and the size information is 8 bits in length. The input / output unit 111 also reads CT music information from the data storage unit 110, converts the music information CT into an audio signal and transfers the audio signal. Additionally, the input / output unit 111 accepts a user operation, obtains the CT music information from the outside, and writes the music information CT to the data storage unit 110. (2) Access Information Storage Unit 101 The access information storage unit 101 is equipped with a semiconductor memory, and includes an area for storing the access information. (3) Storage unit 102 of the Random Number Seed The storage unit 102 of the random number seed is equipped with a semiconductor memory and pre-stores a 64-bit random number seed shown in Figure 3. Random number seed is recorded when the device is made. The storage unit 102 of the random number seed does not allow direct access from outside. In other words, the storage unit of the random number seed is protected from outside access. (4) Combination unit 103 The combination unit 103 reads access information from the access information storage unit 101 and the random number seed of the random number seed storage unit 102. Then, as shown in Figure 3, the combination unit 103 combines the access information and the lower 32 bits of the access number seed, to generate the 64-bit random number access information. The combination unit 103 then transfers the random number access information to the encryption unit 105. (5) Public Key Storage Unit 104 The public key storage unit 104 is equipped with a semiconductor memory and includes an area for storing a 56-bit public key UK. The reader / writer apparatus 10 secretly obtains a public key UK stored in a public key storage unit 201 from the memory card 20 and the public key unit 104 stores the public key UK. The public key storage unit 104 does not allow direct access from the outside. In other words, the public key storage unit 104 is protected from outside access. (6) Encryption Unit 105 Encryption unit 105 reads public key UK from public key storage unit 104 and receives the random number access information from combination unit 103. Then, the encryption unit 105 encrypts the random number access information according to an encryption algorithm using the public key UK, to generate the access information Rl, encrypted. Here, the encryption unit 105 uses DES (Data Encryption Standard) for the identification algorithm El. The encryption unit 105 then transfers the encrypted access information Rl to the mutual authentication unit 107, the updating unit 106. of seed of random number and unit 108 of generation of temporary key. The encryption unit 105 also transfers the encrypted access information Rl to a decryption unit 205, the mutual authentication unit 207 and the temporary key generating unit 208 on the memory card 20. The access information Rl, encrypted, generated in this way, is coded information that is obtained by encoding the access information. (7) Unit 106 Updating the Random Number Seed Unit 106 Updating the Random Number Seed receives the encrypted access information Rl from the encryption unit 105, and writes the access information RL, encrypted, on the random number seed stored in the storage unit 102 of the random number seed as a new seed of random number. (8) Mutual Authentication Unit 107 Mutual authentication unit 107 receives the encrypted access information Rl, reads public key UK from public key storage unit 104 and calculates a response value V2 'when evaluating Expression 1 using the encrypted access Rl information and the public key UK.
(Expression 1) V2 '= F1 (Rl, UK) = SHA (R1 + UK) Here, the function Fl (a, b) is, for example, a function that combines a and b and submits the result of the combination to SHA (Arbitrary Algorithm, Secure). Also, "+" is an operator that denotes combination. The mutual authentication unit 107 receives a response value V2 from the mutual authentication unit 207. The mutual authentication unit 107 then judges whether the response values V2 and V2 'correspond.
When they do not correspond, the mutual authentication unit 107 judges that the memory card 20 is an unauthorized device and prohibits the other elements of the construction from executing the subsequent operations. When they correspond, on the other hand, the mutual authentication unit 107 authenticates the memory card 20 as an authorized device and allows the other elements of the construction to execute the subsequent operations. Also, the mutual authentication unit 107 receives a random number R2 from a random number generation unit 204, calculates a response value VI when evaluating the response V2 using the random number R2 and the public key UK and transfers the response value VI to the mutual authentication unit 207.
(Expression 2) V1 = F2 (R2, UK) = SHA (R2 + UK) (9) Temporary Key Generation Unit 108 The temporary key generating unit 108 receives, when the memory card 20 is authenticated as an authorized device and is allowed to execute the operation, the encrypted access information Rl and the random number R2 and generates a temporary key VK when evaluating the expression 3 using the access information Rl, encrypted and the random number R2.
(Expression 3) VK = F3 (R1.R2) = SHA (R1 + R2) The temporary key generation unit 108 then transfers the temporary key VK to the encryption / decryption unit 109. (10) Encryption / Decryption Unit 109 Encryption / decryption unit 109 receives the temporary key VK of the temporary key generation unit 108. The encryption / decryption unit 109 receives the music information, encrypted, EncCT of an encryption / decryption unit 210, decrypts encrypted music information EncCT according to a decryption algorithm D3 using the temporary key VK to obtain the music information CT and write the music information CT in the unit 110 data storage. Here, the encryption / decryption unit 109 uses DES for the decryption algorithm D3. The encryption / decryption unit 109 also reads the CT music information from the data storage unit 110, encrypts the music information CT according to an E2 encryption algorithm using the temporary key VK to generate the encrypted music information EncCT and transfer the EncCT encrypted music information to the encryption / decryption unit 210. Here, the encryption / decryption unit 109 uses DES for the encryption algorithm E2. (11) Data Storage Unit 110 The data storage unit 110 is equipped with a semiconductor memory, and includes an area for storing the music information CT. 2. 2 Memory Card 20 The memory card includes the public key storage unit 201, a random number seed storage unit 202, a random number seed update unit 203, the number generation unit 204 random, the decryption unit 205, a separation unit 206, the mutual authentication unit 207, the temporary key generation unit 208, a data storage unit 209, and the encryption / decryption unit 210. (1) Public Key Storage Unit 201 Public key storage unit 201 is equipped with a semiconductor memory and stores a 56-bit public key UK. The public key UK is recorded when the memory card 20 is made. The public key storage unit 201 does not allow direct access from the outside. Therefore, the public key storage unit 201 is protected from outside access. (2) Random Number Seed Storage Unit 201 The random number seed storage unit 202 is equipped with a semiconductor memory and pre-stores a 64-bit random number seed. The random number seed is recorded when the memory card 20 is processed. The storage unit 202 of the random number seed does not allow direct access from the outside. In other words, the storage unit of the random number seed is protected from outside access. (3) Unit Random Number Generation 204 The random number generation unit 204 reads the random number seed of the storage unit 202 of the random number seed, generates a random number R2 of 64 bits using the number seed randomized, transfers the random number R2 to the random number seed update unit 203, the mutual authentication unit 207, and the temporary key generation unit 208. The random number generation unit 204 also transfers the random number R2 to the mutual authentication unit 107 and the temporary key generation unit 108 in the reader / writer apparatus. (4) Random Number Seed Update Unit 203 Random number seed update unit 203 receives the random number R2 of the random number generation unit 204 and describes the random number R2 on the random number seed stored in the storage unit 202 of the random number seed as a new seed of random number. (5) Decryption Unit 205 The decryption unit 205 reads the public key UK from the public key storage unit 201 and receives the encrypted access information Rl from the encryption unit 105. Then, the decryption unit 205 decrypts the access information R1, encrypted, according to a Di decryption algorithm using the public key UK to obtain the random number access information, and transfers the random number access information to the 206 separation unit. Here, the decryption unit 205 uses DES for the decryption algorithm DI. The decryption algorithm Di decrypts a cryptogram that is generated by the encryption algorithm. (6) Separation Unit 206 Separation unit 206 receives the random number access information from the decryption unit 205, separates the upper 32 bits of the random number access information data as the access information and transfers the access information to the data storage unit 209. (7) Unit 207 of Mutual Authentication. The mutual authentication unit 207 reads the public key UK from the public key storage unit 201, receives the encrypted access information Rl, calculates the response value V2 when evaluating Expression 4 using the encrypted access information RL and the key public and transfers the response value V2 to the mutual authentication unit 107 in the reader / writer apparatus.
(Expression 4) V2 = F1 (R1, UK) = SHA (R1 + UK) Here, this function Fl is equal to the function Fl in Expression 1. Also, the mutual authentication unit 207 receives the random number R2 of the random number generation unit 204 and calculates the response value VI 'when evaluating the Expression 5 using the random number R2 and the public key UK.
(Expression 5) V1 '= F2 (R2, UK) = SHA (R2 + UK) Here, this function F2 is equal to the function F2 in Expression 2. Then, the mutual authentication unit 207 receives the response value VI from the mutual authentication unit 107 and judges whether the response values VI and VI 'correspond. When they do not correspond, the mutual authentication unit 207 judges that the reader / writer apparatus 10 is an unauthorized device and prohibits the other elements of the construction from executing the subsequent operations. When they correspond, the mutual authentication unit 207 authenticates reader / writer apparatus 10 as an authorized device and allows construction elements to execute subsequent operations. (8) Temporal Key Generation Unit 208 The temporary key generation unit 208 receives, when the reader / writer apparatus 10 is authenticated as an authorized device and is allowed to execute the operation, the access, encrypted and access information Rl. random number R2, and generates a temporary key VK by evaluating expression 6 using the access information Rl, encrypted and the random number R2. + (Expression 6) VK = F3 (Rl, R2) = SHA (Rl + R2) Here, this function F3 is equal to the function F3 in Expression 3. The key generation unit 208 then transfers the temporary key VK to the encryption / decryption unit 210. (9) Data Storage Unit 209 The data storage unit 209 is equipped with a semiconductor memory, which includes an area for storing music information CT. (10) Encryption / Decryption Unit 210 The encryption / decryption unit 210 receives the temporary key VK of the temporary key generating unit 208. The encryption / decryption unit 210 receives the encrypted music information EncCT of the encryption / decryption unit 109, decrypts the encrypted music information EncCT according to a decryption algorithm D2 using the temporary key VK to obtain the music information CT , and write the music information CT in the area in the data storage unit 209 shown by the access information. Here, the encryption / decryption unit 210 uses DES for the decryption algorithm D2. The decryption algorithm D2 decrypts a cryptogram that is generated by the encryption algorithm E2. Also, the encryption / decryption unit 210 of the music information CT of the area in the data storage unit 209 shown by the access information, encrypts the music information CT according to the encryption algorithm E3 to generate the information of EncCT encrypted music and transfers the EncCT encrypted music information to the encryption / decryption unit 109. Here, the encryption / decryption unit 210 uses DES for the encryption algorithm E3. The decryption algorithm D3 decrypts a cryptogram that is generated by the encryption algorithm E3. 3. Operation of the Authentication Communication System 100 (1) Read Operation An operation of the reader / writer apparatus and the memory card 20 that is included in the authentication communication system 100 is explained with reference to Figures 4 and 5. Here, it is assumed that the reader / writer apparatus 10 is, as a personal stereo device shown in Figure 1 (b), an apparatus for reading information stored on a memory card. The combination unit 103 reads a random number seed from the storage unit 102 of the random number seed, reads the access information of the access information storage unit 101, and combines the random number seed and the access information, to generate the random number access information (Step S101). The encryption unit reads a public key from the public key storage unit 104, and encrypts the random number access information using the public key, to generate the encrypted access information Rl (Step S102). The mutual authentication unit 107 calculates V2 '= F1 (R1) (Step S103). The random number update unit 106 writes the random number access information on the random number seed stored in the storage unit 102 of the random number seed as a random number seed (Step S104). The encryption unit 105 transfers the encrypted access information Rl to the memory card 20 and the mutual authentication unit 207 on the memory card 20 receives the encrypted access information Rl (Step S105). The mutual authentication unit 207 calculates V2 = F1 (R1) (Step S106) and transfers the response value V2 to the mutual authentication unit 107 in the reader / writer apparatus (Step S107). The mutual authentication unit 107 judges whether the response values V2 and V2 'correspond. When they do not correspond (Step S108), the mutual authentication unit 107 judges that the memory card 20 is an unauthorized device and cancels the subsequent overruns. When they correspond (Step S108), the mutual authentication unit 107 authenticates the memory card 20 as an authorized device. After that, the random number generation unit 204 on the memory card 20 reads a random number seed from the random number seed storage unit 202 and generates a random number R2 using the random number seed (Step S109) ). The mutual authentication unit 207 calculates V1 '= F2 (R2) (Step S110). The random number seed update unit 203 writes the random number R2 on the random number seed stored in the random number seed storage unit 202 as a new random number seed (Step Slll). Then, the random number generation unit 204 transfers the random number R2 to the mutual authentication unit 107 in the reader / writer apparatus 10, and the mutual authentication unit 107 receives the random number R2 (Step S112). The mutual authentication unit 107 generates V1 = F2 (R2) (Step S113) and transfers the response value VI to the mutual authentication unit 207 of the memory card 20, and the mutual authentication unit 207 receives the response value VI (Step S114). Then, the mutual authentication unit 207 judges whether it corresponds to the response values VI and VI '. When they do not correspond (Step S115), the mutual authentication unit 207 judges that the reader / writer apparatus 10 is an unauthorized device and cancels subsequent operations.
When they correspond (Step S115), the mutual authentication unit 207 authenticates the reader / writer apparatus as an authorized device. After that, the key generation unit 108 in the reader / writer apparatus 10 generates a temporary key VK using the encrypted access information Rl and the random number R2 (Step S121). The decryption unit 205 on the memory card 20 reads a public key UK from the public key storage unit 201 and decrypts the encrypted access information Rl using the public key UK to obtain the access information in the random number (Step S122). The separation unit 206 separates the access information from the random number access information (Step S123). The temporary key generation unit 208 generates a temporary key VK using the access information Rl, encrypted, and the random number R2 (Step S124). The encryption / decryption unit 210 in the music information CT of the area in the data storage unit 209 shown by the access information (Step S125). The encryption / decryption unit 210 encrypts the music information CT using the temporary key VK to generate the encrypted music information EncCT (Step S126), and transfers the encrypted music information, generated EncCT to the encryption / decryption unit 109 in the reader / writer apparatus (Step S127). The encryption / decryption unit 109 decrypts the encrypted music information EncCT using the temporary key VK to obtain the music information CT, and writes it to the data storage unit 110 (Step S128). The input / output unit 111 reads the music information CT, and converts the read music information CT into an audio unit, and transfers it (Step S129). (2) Write operation Another operation of the reader / writer apparatus and the memory card 20 that are included in the authentication communication system 100 is explained with reference to Figure 6. Here, the explanation is given assuming that the apparatus The reader / writer is, like the personal computer shown in Figure 1 (a), an apparatus for writing information on a memory card. Since the read operation and the write operation are similar, only the differences are explained. A flow chart obtained by replacing steps S125 to S129 in the flow chart shown in Figures 4 and 5 with the steps shown in Figure 6 illustrates the write operation of the authentication communication system 100. The encryption / decryption unit 109 reads the music information CT from the data storage unit 110 (Step S131), encrypts the music information CT using the temporary key VK to generate the encrypted music information CT (Step S132) and transfers the encrypted music information to the encryption / decryption unit 210 on the memory card 20 and the encryption / decryption unit 210 receives the encrypted CT music information (Step 133). The encryption / decryption unit 210 decrypts the encrypted music information EncCT using the VK temporary key to obtain the music information CT (Step S134) and writes the music information obtained CT in the area in the data storage unit 204 shown by the access information (Step S135). 4. Summary As described above, when mutual authentication is performed, the information is encrypted and transferred for access to a confidential data storage area that stores confidential data, so that the confidentiality of information can be improved to access to the confidential data storage area. If the information to access a confidential data storage area is changed into different information and transferred for dishonest usurpation, mutual authentication can not be successfully performed. Accordingly, this system can prevent access to the confidential data storage area. When a random number is updated, access information is not used to access a confidential data storage area. Therefore, the periodicity of the random number can be improved.
. Authentication Communication System 100a A authentication communication system 100a is explained below, as a modification of the authentication communication system 100. . 1 Construction of the Authentication Communication System 100 The authentication communication system 100a is composed, in general, as shown in FIG.
Figure 7, of a reader / writer device 10 and the memory card 20. The memory card 20 is the same as the memory card 20 shown in Figure 2. In this way, the explanation of the memory card will be omitted here. memory 20. Reader / writer apparatus 10a includes an access information storage unit 101, a random number seed storage unit 102, a combination unit 103, a public key storage unit 104, a unit 105 of encryption, a unit 106 for updating the seed of a random number, a mutual authentication unit 107, a temporary key generation unit 108, an encryption / decryption unit 109, a data storage unit 110, a unit 111 input / output and a random number generation unit 112. The following explanation focuses on the differences of the reader / writer apparatus. The other points are the same as those of the reader / writer apparatus. In this way, the explanation thereof will be omitted here. (1) Random Number Generation Unit 112 The random number generating unit 112 reads a random number seed from the random number seed storage unit 102, generates a random number of 64 bits using the random number seed , and transfers the random number to the combination unit 103 and the random number update unit 106. (2) Unit 106 Update of the Random Number Seed The unit 106 of updating the seed of random number receives the random number of the unit 112 of generation of random number and writes the random number on the seed of random number stored in the storage unit 102 of the random number seed as a new seed of random number. (3) Combination Unit 103 The combination unit 103 receives the random number of the random number generating unit 112, reads the access information of the access information storage unit 101, and combines the random number and the information access, to generate the random number access information. . 2 Operation of the Authentication Communication System 100a An operation of the authentication communication system 100a is explained with reference to Figure 8. The random number generation unit 112 reads a seed of • random number from the storage unit 102 of the random number seed (Step S201) and generates a random number of 64 bits using the random number seed (Step S202). The random number seed update unit 106 receives the random number from the random number generating unit 112, and writes the random number on the random number seed stored in the random number seed storage unit 102 as a new random number seed (Step S203). Then, the combination unit 103 receives the random number of the unit 112 generating a random number, reads the access information of the access information storage unit 101, and combines the random number and the access information, for generate the random access information (Step S204). Then, it is followed by step S102 in Figure 4.
The subsequent steps are the same as those of the authentication communication system 100. In this way, the explanation of them is omitted here. . 3 Summary As described above, when the random number is updated, access information is not used to access a confidential data storage area. Therefore, the periodicity of the random number can be improved. 6. Authentication Communication System 100b. An authentication communication system 100b is explained below, as a modification of the authentication communication system 100a. 6. 1 Construction of the Authentication Communication System 100b The authentication communication system 100b is composed, broadly, as shown in Figure 9, of a reader / writer apparatus 10b and a memory card 20b. (1) Construction of Apparatus 10b reader / writer Apparatus 10b reader / writer includes a unit 101 storage of access information, a unit 102 for storage of the random number seed, a combination unit 103, a public key storage unit 104, an encryption unit 105, a random number seed update unit 106, a mutual authentication unit 107, a temporary key generation unit 108, a data storage unit 110, an input / output unit 111, a random number generation unit 112, a content key generation unit 113, an encryption unit 114, an additional content information storage unit 115, an encryption / decryption unit 116, and an encryption unit 117. The following explanation focuses on the differences of the reader / writer apparatus. The other points are the same as those of the reader / writer apparatus. In this way, the explanation thereof is omitted here. (a) Input / Output Unit 111 The input / output unit 111 accepts the entry of the additional content information by a user operation and writes the additional content information in the unit 115 for storage of additional content information. Here, the additional content information shows, for example, the number of times a content has been played and the period of time that the content has been used. The additional content information is 8 bits in length. The input / output unit 111 also obtains the CD content data according to the operation of the user and writes the CD content data in the data storage unit 110. Here, the CD content data is for example, music content information. (b) Random Number Generating Unit 112 The random number generating unit 112 transfers the random number R3 to the content key generation unit 113. (c) Content Key Generating Unit 113 The content key generation unit 113 reads the additional content information of the additional content information storage unit 115, receives the random number R13 of the generation unit 112. random number, and generates a CK content key by evaluating expression 7 using the random number R3 and the additional content information. Here, the CK content key is 64 bits in length.
(Expression 7) CK = F4 (R3, additional content information) = additional content information (8 bits of length) + the lower 56 bits of R3 Here, "+" is an operator that denotes a combination of data and data. Then, the content key generation unit 113 transfers the content key CK to the encryption unit 114 and the encryption unit 117. (d) Encryption Unit 114 Encryption unit 114 receives content key CK from content key generation unit 113, reads public key UK from public key storage unit 104, encrypts content key CK according to an encryption algorithm E4 using the public key UK to generate an encrypted content key EncCK, and transfer the encrypted content key EncCK to the decryption unit 116. Here, the encryption unit 114 uses DES for the encryption algorithm E4 (e) Encryption / Decryption Unit 116 The encryption / decryption unit 116 receives the content key, encrypted EncCK of the encryption unit 114, encrypts the EncCK encrypted content key according to an E2 encryption algorithm using the temporary key VK to generate a dually encrypted content key Ene (EncCK) and transfers the doubly encrypted content key Ene (EncCK) to the encryption / decryption unit 211. Here, the encryption / decryption unit 116 uses DES for the encryption algorithm E2. (f) Encryption Unit 117 Encryption unit 117 reads the CD content data from the data storage unit 110 and encrypts the CD content data according to an E5 encryption algorithm using the content key CK to generate the data. encrypted content data EncCD. Then, the encryption unit 117 transfers the encrypted content data EncCD to the data storage unit 213. Here, the encryption unit 117 uses DES for the encryption algorithm E5. (2) Construction of the Memory Card 20b The memory card 20b includes a public key storage unit 201, a random number seed storage unit 202, a random number seed update unit 203, a random number generation unit 204, a decryption unit 205, a separation unit 206, a mutual authentication unit 207, a temporary key generation unit 208, an encryption / decryption unit 211, a storage unit 212 key data and a data storage unit 213. The following explanation focuses on the differences of the memory card 20. The other points are the same as those on the memory card 20. In this way, the explanation thereof is omitted. (a) Temporal Key Generating Unit 208 The temporary key generating unit 208 transfers the temporary key VK to the encryption / decryption unit 211. (b) Encryption / Decryption Unit 211 Encryption / decryption unit 211 receives the temporary key VK of the temporary key generation unit 208 and the doubly encrypted content key Ene (EncCK) of the encryption / decryption unit 116. Then, the encryption / decryption unit 211 decrypts the doubly encrypted content key Ene (EncCK) according to a decryption algorithm D2 using the temporary key VK to obtain the encrypted content key EncCK and writes the encrypted content key EncCK in an area in the key data storage unit 212 shown by the access information. (c) Key Data Storage Unit 212 The key data storage unit 212 includes an area for storing the EncCK encrypted content key. (d) Data Storage Unit 213 The data storage unit 213 receives the EncCD encrypted content data and stores the encrypted EncCD content data. 6. 2 Operation of the Authentication Communication System 100b An operation of the authentication communication system 100b similar to that of the authentication communication system 100a. In this way, only the differences of the authentication communication system 100a are explained. The operation of the authentication communication system 100b is illustrated by a flowchart obtained by replacing steps S121 and forward in the flowchart showing the operation of the authentication communication system 100a with the flowchart shown in the Figure 10. The content key generation unit 113 reads the additional content information from the additional content information storage unit 115 (Step S301). The random number generation unit 112 transfers the random number R3 to the content key generation unit 113. The content key generation unit 113 receives the random number R3 of the random number generation unit 112, generates a content key CK using the random number R3 and the content key CK and transfers the content key CK to the encryption unit 114 and the encryption unit 117 (Step S302). The encryption unit 114 receives the content key CK of the content key generation unit 113, of the public key UK of the public key storage unit 104, and encrypts the content key CK according to an encryption algorithm E4 using the public key UK to generate the encrypted content key EncCK and transfers the encrypted content key EncCK to the encryption / decryption unit 116 (Step S303) . Then, the encryption / decryption unit 116 receives the encrypted content key EncCK, or encrypts the EncCK encrypted content key according to an E2 encryption algorithm using the temporary key VK, to generate a dually encrypted content key En (EncCK) ) (Step S304). The encryption / decryption unit 116 then transfers the dually encrypted content key Ene (EncCK) to the encryption / decryption unit 211, and the encryption / decryption unit 211 receives the dually encrypted content key Enc (EncCK) (Step S305 ). The encryption / decryption unit 211 decrypts the doubly encrypted content key Ene (EncCK) according to the decryption algorithm D2 using the temporary key VK to obtain the encrypted content key EncCK, and writes the EncCK encrypted content key in the area a in the key data storage unit 212 shown by the access information (Step S306). The encryption unit 117 reads the CD content data from the data storage unit 110 (Step S307) and encrypts the CD content data according to an E5 encryption algorithm using the content key CK, to generate the data from encrypted EncCD content (Step S308). The encryption unit 117 transfers the encrypted content data EncCD to the data storage unit 213 and the data storage unit 213 receives the encrypted content data EncCD (Step S309). The data storage unit 213 stores the encrypted content data EncCD (Step S310). 6. 3 Summary As described above, the authentication communication system 100b does not need another random number generation mechanism to generate a content key to encrypt the content data. The random number generating mechanism used to combine the access information can be double such as that to generate the content key. 7. Other Modifications Although the present invention has been described based on the above embodiments, the present invention is not, of course, limited to the above embodiments. The following cases are also included in the present invention. (1) Although a digital work protected by copyright is music information in the above modalities, it may be character data such as a novel and a thesis, a computer program for a computer game, compressed audio data represented by MP3 (audio from the group of experts of Images in Motion, layer 3), an image of the JPEG format (Group of Photographic Experts of Union) or similar, or a moving image of the MPEG format (Group of Experts of Images in Motion) or similar. Also, the reader / writer device is not limited to a personal computer and can be an output device to sell or distribute the above variety of digital works protected by copyright. Additionally, the reader / writer apparatus is not limited to a personal stereo device and may be a reproduction device for reproducing digital works protected by copyright. For example, it can be a computer game device, a band-type information terminal, a dedicated terminal or a personal computer. The reader / writer apparatus may include both functions of the above output device and the above reproduction device. (2) In the above modalities, DES is used for the encryption / decryption algorithms. However, other ciphers can be used instead. Also, SHA is used in the above modalities. However, other unidirectional functions can be used instead. Although a public key and a temporary key are 56 bits in length, different lengths of the keys can be used. (3) Although the combination unit 103 combines the access information and the lower 32 bits of the random number seed to generate a 64-bit random access information in the above mode, it is not limited thereto. It can be done as follows. The combination unit 103 can combine 32-bit access information and the lower 32 bits of a random number seed, so that each bit of the same is alternately arranged to generate the 64-bit random access information. The combination unit 103 can also combine the 32-bit access information and the 32 lower bits of a random number seed, so that groups of bits of the same are arranged in an alternative way. In these cases, the separation unit 206 reverses the operation of the combination unit 103. (4) Although the random number generation unit 204 in the memory card 20 generates a random number R2 using a random number seed stored in the random number seed storage unit 202 in the above embodiments, the unit 204 of Random number generation can generate the random number R2 as a seed of random number. Also, although the temporary key generation units 108 and 208 generate a temporary key using the encrypted access information Rl and the random number R2, they can use response values. They can use a public key UK, too. (5) In the authentication communication system 100b, the encryption unit 117 writes the encrypted content data EncCD to the data storage unit 213. Nevertheless, the encryption unit 117 can treat the encrypted EncCD content data as confidential data and write it in an area shown by the access information. Also, the encryption unit 117 can write the encrypted content data EncCD in the data storage unit 213 without treating it as confidential data. In addition, any of the encryption units 114 need not be provided and the remaining encryption unit can be duplicated like the other. (6) The present invention may be the method shown in the above embodiments. Additionally, the present invention may be a computer program that performs this method on a computer and may be a digital signal that constitutes the computer program. Also, the present invention can be a computer-readable storage medium, for example, a floppy disk, a hard disk, a CD-ROM (Memory Memory Only of the Compact Disk), a disk MO (Magnetic-Optical), a DVD (Digital Versatile Disk), a DVD-ROM, a DVD-RAM, or a semiconductor memory, in which the computer program or a digital signal is stored. On the contrary, the present invention can also be the computer program or the digital signal stored in these storage means. Additionally, the present invention can be realized by transmitting the computer program to the digital signal via a network, such as an electrical communication network, a wireless or wire communication network, or the Internet. Additionally, the present invention may be a computer system equipped with a microprocessor and a memory. The memory stores the computer program and the microprocessor operates according to the computer program. The present invention can be implemented in another independent computer system by transferring the computer program or the digital signal stored in any of the storage means, or by transmitting the computer program and the digital signal via the network or the like. (4) Various combinations of the above modalities and the above modifications are possible.
INDUSTRIAL APPLICATION The present invention can be used for mutual authentication between an output device that transfers digital works protected by copyright and a semiconductor storage medium before duplicating a digital work protected by copyright from the device output in the semiconductor storage medium. In addition, the present invention can be used for mutual authentication between a semiconductor storage medium that stores a digital work protected by the copyright and a reproduction device before reading the digital work protected by the copyright of the media. Semiconductor storage and reproduce digital work protected by copyright. It is noted that in relation to this date, the best method known by the applicant to carry out the present invention is that which is clear from the present description of the invention.

Claims (16)

  1. CLAIMS Having described the invention as above, the content of the following claims is claimed as property: 1. An authentication communication system that includes (a) a storage medium that has an area for storing digital information and (b) a storage device. access to read / write digital information from / to the area, the authentication communication system is characterized in that it comprises: a first phase of authentication in which the access device authenticates if the storage medium is authorized according to a protocol of authentication of the response to the identification signal, when transmitting the coded access information, generated when coding the access information showing the area, to the storage means; a second authentication phase in which the storage means authenticates if the access device is authorized; and a transfer phase in which, when the storage means and the access device have authenticated each other as authorized devices, the storage means extracts the access information from the coded access information, and the access device reads / writes the digital information from / to the area shown by the access information.
  2. 2. The authentication authentication communication system according to claim 1, characterized in that in the first authentication phase, the access device includes: an access information acquisition unit that acquires the access information that shows the area; a unit of acquisition of the random number to acquire a random number; a generating unit for generating the random number access information by combining the access information and the random number; and an encryption unit for encrypting the access and random number information according to an encryption algorithm, for generating the coded access information, the storage means includes a response value generation unit for generating a response value of the encrypted access information, and the access device includes an authentication unit for authenticating whether the storage medium is authorized using the response value.
  3. 3. The authentication communication system according to claim 2, characterized in that in the transfer phase, the storage means includes: a decryption unit for decrypting the access information encoded according to a decryption algorithm to obtain the information of random number access; and a separation unit for separating the access information from the random number access information. The authentication communication system according to claim 3, characterized in that in the first authentication step, the access device additionally includes a storage unit of the random number seed to store a seed of random number, and the random number acquisition unit acquires the random number when reading the random number seed of the storage unit of the random number seed. 5. The authentication communication system according to claim 4, characterized in that in the first authentication step, the access device additionally writes the coded access information on the random number seed stored in the seed storage unit. of random number, as a new seed of random number. The conformance authentication communication system, with claim 3, characterized in that in the first authentication step, the access device additionally includes a seed storage unit in random number to store a seed of random number., and the random number acquisition unit acquires the random number, by reading the seed of random number of the storage unit of the random number seed and generating the random number eri base to the seed of random number. The authentication communication system according to claim 6, characterized in that in the first authentication step, the access device additionally writes the random number on the random number seed stored in the storage unit of the number seed. Random as a new seed of random number. The authentication communication system according to claim 3, characterized in that in the transfer phase, the storage medium, which stores digital information in the area, includes an encryption unit for reading the digital information of the area shown by the access information and encrypt the digital information according to an encryption algorithm to generate the encrypted digital information, and the access device that reads the digital information of the area, includes a decryption unit to decrypt the digital information encrypted according to a decryption algorithm to obtain digital information, the decryption algorithm that is an algorithm to decrypt a cryptogram generated according to the encryption algorithm. 9. The authentication communication system according to claim 3, characterized in that in the transfer phase, the access device, which writes the digital information in the area, includes: a digital information acquisition unit for acquiring the information digital; and an encryption unit for encrypting the digital information according to an encryption algorithm for generating the encrypted digital information, and the storage means includes a decryption unit for decrypting the encrypted digital information according to a decryption algorithm to obtain the encryption. digital information, and write the digital information in the area shown by the access information, the decryption algorithm that is an algorithm to decrypt a cryptogram generated according to the encryption algorithm. The authentication communication system according to claim 3, characterized in that in the transfer phase, the access device, which writes the digital information, in the area, includes: a digital information acquisition unit for acquiring the digital information; a content key acquisition unit for acquiring a content key; a first encryption unit for encrypting the content key acquired according to a first encryption algorithm to generate an encrypted content key; a second encryption unit for encrypting the encrypted content key according to a second encryption algorithm to generate a doubly encrypted content key; and a third encryption unit for encrypting the digital information according to a second encryption algorithm using the content key, to generate the encrypted digital information, the storage means includes a decryption unit for decrypting the dually encrypted content key of the encryption unit. according to a first decryption algorithm to obtain the encrypted content key and write the encrypted content key in the area shown by the access information, and the storage means additionally includes an area for storing the encrypted digital information. 11. An authentication communication method that includes (a) a storage medium that has an area for storing digital information and (b) an access device for reading / writing digital information from / to the area, the method of communication of authentication is characterized in that it comprises: a first authentication step in which the access device authenticates if the storage means is authorized according to an authentication protocol in response to the identification signal when transmitting the generated coded access information to the encode the access information that shows the area, to the storage medium; a second authentication step in which the storage means authenticates if the access device is authorized; and a transfer step in which, when the storage means and the access device have authenticated each other as authorized devices, the storage means extracts the access information from the coded access information, and the access device reads / write digital information from / to the area shown by the access information. 12. A computer-readable storage medium that stores an authentication communication program for use in an authentication communication system, characterized in that it (a) includes a storage medium that has an area for storing digital information of an authentication device. access to read / write digital information from / to the area, and (b) in which the digital information is transferred after each of the storage medium and the access device authenticates the other as an authorized device, the communication program authentication comprises: a first authentication step in which the access device authenticates if the storage means is authorized according to an authentication protocol responsive to the identification signal when transmitting coded access information generated when coding access information that shows the area, to the storage medium; a second authentication step in which the storage means authenticates if the access device is authorized; and a transfer step in which, when the storage means and the access device have authenticated each other as authorized devices, the storage means extracts the access information from the coded access information, and the access device reads / write digital information from / to the area shown by the access information. 13. An access device characterized in that it is included in the communication and authentication system of claim 1. 1
  4. 4. An access device characterized in that it is included in the authentication communication system of claim 2. 1
  5. 5. A storage medium characterized in that it is included in the authentication communication system of claim 1. 1
  6. 6. A storage means characterized in that it is included in the authentication communication system of claim 3.
MXPA/A/2001/009266A 2000-01-14 2001-09-13 Authentication communication device and authentication communication system MXPA01009266A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2000-006989 2000-01-14
JP2000-041317 2000-02-18

Publications (1)

Publication Number Publication Date
MXPA01009266A true MXPA01009266A (en) 2002-05-09

Family

ID=

Similar Documents

Publication Publication Date Title
AU784850B2 (en) Authentication communication device and authentication communication system
US7134026B2 (en) Data terminal device providing backup of uniquely existable content data
KR101574618B1 (en) Recordingreproducing system recording medium device and recordingreproducing device
EP1276106B1 (en) Digital work protection system, recording medium apparatus, transmission apparatus, and playback apparatus
AU761097B2 (en) Digital data recording device, digital data memory device, and digital data utilizing device for converting management information which contains restrictive information using a different key in each management information send/receive session
JP4224262B2 (en) Digital information protection system, recording medium device, transmission device, and playback device
KR20020079900A (en) Content data transmitting device and method, and recording/reproducing device
WO2004064063A1 (en) Content distribution system, content recording device and recording method, content reproduction device and reproduction method, and computer program
MXPA01010347A (en) Method of and apparatus for providing secure communication of digital data between devices.
JP2000260121A (en) Information reproducing device and information recording device
US7617402B2 (en) Copyright protection system, encryption device, decryption device and recording medium
JP2008263645A (en) Data protection system for protecting data through encryption
JP2001211442A (en) Contents information transmission method, contents information recording method, contents information transmitter, contents information recorder, transmission medium, and recording medium
JP4713745B2 (en) Authentication communication apparatus and authentication communication system
JP4153716B2 (en) Public key encryption key update method, receiving terminal, and key management apparatus
JP4731034B2 (en) Copyright protection system, encryption device, decryption device, and recording medium
MXPA01009266A (en) Authentication communication device and authentication communication system
KR100364751B1 (en) Apparatus for protecting data of digital magnetic recording and playback system
JP2001156771A (en) Encrypted information transmission method, encrypted information transmitter and transmission medium
JP2001156772A (en) Encrypted information reproduction method and encrypted information reproduction device
JPH09307545A (en) Book data reproduction method and device
WO2006006233A1 (en) Content recording apparatus and data distributing system