USRE39622E1 - System and method for authentication, and device and method for authentication - Google Patents

System and method for authentication, and device and method for authentication Download PDF

Info

Publication number
USRE39622E1
USRE39622E1 US10/138,355 US13835502A USRE39622E US RE39622 E1 USRE39622 E1 US RE39622E1 US 13835502 A US13835502 A US 13835502A US RE39622 E USRE39622 E US RE39622E
Authority
US
United States
Prior art keywords
key
data
authentication key
keys
single authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US10/138,355
Inventor
Susumu Kusakabe
Masayuki Takada
Yoshihito Ishibashi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=26414357&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=USRE39622(E1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Sony Corp filed Critical Sony Corp
Priority to US10/138,355 priority Critical patent/USRE39622E1/en
Application granted granted Critical
Publication of USRE39622E1 publication Critical patent/USRE39622E1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Definitions

  • This invention relates to a system and method for authentication and device and method for authentication, and particularly relates to a system and method for authentication and device and method for authentication which are capable of authenticating rapidly.
  • FIG. 20 shows an exemplary structure of a conventional authentication system using an IC card.
  • authentication processing is performed between the IC card 102 and reader writer 101 .
  • the area for storing information is divided into 5 areas of area 1 to area 5 . Respective areas correspond to different cipher key 1 to key 5 . To take an access to area i, the corresponding cipher key i is required.
  • the reader writer 101 When the reader writer 101 records a data in, for example, area 1 of the IC card, or reads a data stored therein, first mutual authentication processing is performed.
  • the reader writer 101 previously stores the same cipher key 1 to cipher key 5 as the cipher key 1 to cipher key 5 stored in the IC card 102 .
  • the reader writer 101 takes an access to area 1 of the IC card 102 , the reader writer 101 reads the cipher key 1 corresponding to the area 1 and performs an authentication processing using this key.
  • the reader writer 101 generates a prescribed random number, and informs the random number and the number of 1 of the area to be addressed to the IC card 102 .
  • the IC card 102 reads the cipher key 1 corresponding to the informed number of 1 , enciphers the random number using the cipher key 1 .
  • the enciphered random number is informed to the reader writer 101 .
  • the reader writer 101 deciphers the ciphered random number using the cipher key. If the random number informed to the IC card 102 coincides with the deciphered random number, the IC card 102 is judged to be proper.
  • the IC card 102 generates a prescribed random number, and outputs it to the reader writer 101 .
  • the reader writer 101 enciphers the random number using the cipher key 1 , and informs the enciphered random number to the IC card 102 .
  • the IC card 102 deciphers the enciphered random number using the cipher key 1 . If the deciphered random number is coincident with the random number posted to the reader writer 101 , the reader writer 101 is determined to be a proper reader writer.
  • the processing described above is performed on respective areas.
  • the present invention was accomplished in view of such a problem, and it is the object of the present invention to shorten the time for authentication.
  • An authentication system described in one embodiment comprises the first device and second device.
  • the first device has first memory means (for example, a memory 11 shown in FIG. 1 ) for storing a plurality of keys, first generation means (for example, a reduction processing section 13 shown in FIG. 1 ) for generating one authentication key from the arbitrary number of keys out of the plurality of the keys stored in the first memory means, and first communication means (for example, a communication section 12 shown in FIG. 1 ) for communicating with the second device.
  • the second device has second memory means (for example, a memory 31 shown in FIG. 1 ) for storing a plurality of keys, second generation means (for example, a reduction processing section 32 shown in FIG.
  • the one device for example, an IC card 3 shown in FIG. 1
  • the one device out of the first device and second device has encipherment means (for example, encipherment section 34 shown in FIG. 1 ) for enciphering using the authentication key
  • the other device for example, a controller 1 and reader writer 2 shown in FIG. 1
  • decipherment means for example, encipherment section 22 shown in FIG. 1
  • one authentication key is generated from a plurality of keys. Data are enciphered and deciphered using the one authentication key.
  • the one device out of the first device and second device additionally has notification means (for example, the step S 6 shown in FIG. 7 ) for notifying information required to generate one corresponding authentication key from arbitrary number of keys out of the plurality of the keys stored therein to the other device.
  • the other device out of the first device and second device generates the authentication key corresponding to the information informed from the notification means.
  • At least any one device of the first device and second device is provided with a random number generation means (for example, random number generation sections 23 and 35 in FIG. 1 ) for generating a random number, and the encipherment means enciphers a random number generated by the random number generation means, and the decipherment means deciphers the enciphered random number.
  • a random number generation means for example, random number generation sections 23 and 35 in FIG. 1
  • An authentication device described in still another embodiment has communication means (for example, a communication section 21 shown in FIG. 1 ) for communicating between the other device, memory means (for example, the memory 11 shown in FIG. 1 ) for storing a plurality of keys, generation means (for example, the reduction means 13 shown in FIG. 1 ) for generating one authentication key from the arbitrary number of keys out of a plurality of the keys stored in the memory means, notification means (for example, the communication section 12 shown in FIG.
  • communication means for example, a communication section 21 shown in FIG. 1
  • memory means for example, the memory 11 shown in FIG. 1
  • generation means for example, the reduction means 13 shown in FIG. 1
  • notification means for example, the communication section 12 shown in FIG.
  • decipherment means for example, the encipherment section 22 shown in FIG. 1 ) for deciphering, using the authentication key, the data enciphered by the other device using the authentication key.
  • An authentication device described in another embodiment has communication means (for example, the communication section 33 shown in FIG. 1 ) for communicating between the other device, a memory means (for example, the memory 31 shown in FIG. 1 ) for storing a plurality of keys, generation means (for example, the reduction processing section 32 shown in FIG. 1 ) for generating one authentication key from the arbitrary number of keys out of the plurality of the keys stored in the memory means based on information informed from the other device, and encipherment means (for example, the encipherment section 34 shown in FIG. 1 ) for enciphering the data informed from the other device using the authentication key.
  • communication means for example, the communication section 33 shown in FIG. 1
  • a memory means for example, the memory 31 shown in FIG. 1
  • generation means for example, the reduction processing section 32 shown in FIG. 1
  • encipherment means for example, the encipherment section 34 shown in FIG. 1
  • one authentication key is generated from a plurality of keys based on the information informed from the other device.
  • the first device stores a key assigned to this device and has first memory means (for example, a memory 11 shown in FIG. 9 ) for storing a key assigned to this device and individual data generated using a prescribed common data and a prescribed number of keys held by the second device, first generation means (for example, a reduction processing section 13 shown in FIG. 9 ) for generating an authentication key from the key stored in the first memory means and the individual data, first notification means (for example, a control section 24 shown in FIG. 9 ) for notifying information required for the other device to generate corresponding the key, and a first communication means (for example, a communication section 21 shown in FIG. 9 ) for communicating between the second device.
  • first memory means for example, a memory 11 shown in FIG. 9
  • first generation means for example, a reduction processing section 13 shown in FIG. 9
  • first notification means for example, a control section 24 shown in FIG. 9
  • a first communication means for example, a communication section 21 shown in FIG. 9 ) for communicating between the second device.
  • the second device is provided with a second memory means (for example, a memory 31 shown in FIG. 9 ) for storing a plurality of keys and the common data, a second generation means (for example, a reduction processing section 32 shown in FIG. 9 ) for generating the authentication key from a key corresponding to the information from the communication means of the first device out of the plurality of the keys stored in the second memory means and the common data, and a communication means (for example, a communication section 33 shown in FIG. 9 ) for communicating between the first device.
  • the one device out of the first device and second device is provided with an encipherment means (for example, an encipherment section 22 shown in FIG.
  • a decipherment means for example, an encipherment section 34 shown in FIG. 9 ) for deciphering the data enciphered by the encipherment means using the authentication key.
  • a key assigned to this device and individual data are stored in the first device, and an authentication key is generated correspondingly to these key and data.
  • an authentication key is generated from the information received from the first device and common data.
  • an authentication key comprises a first authentication key and second authentication key.
  • the first generation means generates the first authentication key from the key stored in the first memory means assigned thereto and the individual data, and generates the second authentication key using the key assigned thereto and the first authentication key.
  • the second generation means generates the first authentication key from a key corresponding to the of information from the notification means of the first device out of the plurality of the keys stored in the second memory means and the common data, and generates the second authentication key using the first authentication key and a key corresponding to the information from the notification means of the first device.
  • Both the first device and second device are provided with the encipherment means and decipherment means respectively, the one device out of the first device and second device is provided additionally with a random number generation means (for example, the random number generation section 23 shown in FIG. 9 ) for generating a random number.
  • a random number generation means for example, the random number generation section 23 shown in FIG. 9
  • An encipherment means of the one device out of the first device and second device enciphers the random number generated from the random number generation means of the one device out of the first device and second device ( ⁇ 2) using the first authentication key, a decipherment means of the other device out of the first device and second device deciphers the random number enciphered by the encipherment means of the one device out of the first device and second device using the first authentication key, an encipherment means of the other device out of the first device and second device enciphers the random number deciphered by the decipherment means of the other device out of the first device and second device using the second authentication key, and a decipherment means of the one device out of the first device and second device deciphers the random number enciphered by the encipherment means of the other device out of the first device and second device using the second authentication key.
  • the second device is provided additionally with the second decipherment means (for example, an encipherment section 34 shown in FIG. 18 ) for deciphering the first enciphered data and second enciphered data received from the first communication means of the first device using the first key corresponding to the key identification number, and a changing means (for example, a control section 36 shown in FIG. 18 ) for judging whether the second key and third key are in a prescribed relation and for changing the first key using the second key correspondingly to the judgement result.
  • the second decipherment means for example, an encipherment section 34 shown in FIG. 18
  • a changing means for example, a control section 36 shown in FIG. 18
  • An authentication device described in yet another embodiment provided with a memory means (for example, the memory 11 shown in FIG. 19 ) for storing a key assigned to this device and storing individual data generated using a prescribed common data and a prescribed number of keys held by the other device, a generation means (for example, the reduction processing section 13 shown in FIG. 9 ) for generating an authentication key from the key stored in the memory means and the individual data, notification means (for example, the control section 24 shown in FIG. 9 ) for notifying information required for the other device to generate the corresponding authentication keys, a communication means (for example, the communication section 21 shown in FIG. 9 ) for communicating between the other device, and an encipherment means (for example, the encipherment section 22 shown in FIG. 9 ) for enciphering using the authentication key.
  • a memory means for example, the memory 11 shown in FIG. 19
  • a generation means for example, the reduction processing section 13 shown in FIG. 9
  • notification means for example, the control section 24 shown in FIG. 9
  • An authentication device described in still another embodiment is provided with a memory means (for example, the memory 31 shown in FIG. 9 ) for storing a plurality of keys and common data, a generation means (for example, the reduction processing section 13 shown in FIG. 9 ) for generating an authentication key from a key corresponding to the information from the other device out of the plurality of the keys stored in the memory means and the common data, a communication means (for example, the communication means 21 shown in FIG. 9 ) for communicating between the other device, and, a decipherment means (for example, the encipherment section 34 shown in FIG. 9 ) for deciphering the data enciphered by the other device using the authentication key.
  • a memory means for example, the memory 31 shown in FIG. 9
  • a generation means for example, the reduction processing section 13 shown in FIG. 9
  • a communication means for example, the communication means 21 shown in FIG. 9
  • a decipherment means for example, the encipherment section 34 shown in FIG. 9
  • an authentication key is generated from a key corresponding to the information from the other device and common data.
  • the second decipherment means and changing means are additionally provided, when the first enciphered data which is generated by enciphering the second key using the first key and the second enciphered data which is generated by enciphering the third key having a prescribed relation to the second key using the first key are transmitted, together with the key identification number of the key to be changed, from the other device in order to change the first key out of the plurality of the keys stored in the memory means, the second decipherment means (for example, the encipherment section 34 shown in FIG.
  • the changing means for example, the control section 36 shown in FIG. 18 ) judges whether the deciphered second key and third key are in a prescribed relation and changes the first key using the second key correspondingly to the judgement result.
  • FIG. 1 is a block diagram for illustrating an exemplary structure of an authentication system of the present invention.
  • FIG. 2 is a diagram for illustrating an exemplary data structure of the memory 31 shown in FIG. 1 .
  • FIGS. 3A and 3B are block diagrams for illustrating an exemplary structure of a reduction processing section 13 shown in FIG. 1 .
  • FIG. 4 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3 .
  • FIG. 5 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3 .
  • FIG. 6 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3 .
  • FIGS. 7A and 7B are timing charts for describing operations of the authentication system shown in FIG. 1 .
  • FIGS. 8A and 8B are block diagrams for illustrating another exemplary structure of the reduction processing section 13 shown in FIG. 1 .
  • FIG. 9 is a block diagram for illustrating an exemplary structure of an authentication system of a provider in the case that a reduction key is generated in the exemplary structure shown in FIG. 8 .
  • FIG. 10 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 2 in the case that a reduction key is generated in the exemplary structure shown in FIG. 8 .
  • FIG. 11 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 4 in the case that a reduction key is generated in the exemplary structure shown in FIG. 8 .
  • FIG. 12 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 9 .
  • FIG. 13 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 10 .
  • FIG. 14 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 11 .
  • FIGS. 15A and 15B are block diagrams for illustrating yet another exemplary structure of the reduction processing section 13 shown in FIG. 1 .
  • FIG. 16 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 4 in the case that a reduction key is generated by the method shown in FIG. 15 .
  • FIGS. 17A and 17B are timing charts for describing operations of the example shown in FIG. 16 .
  • FIG. 18 is a diagram for describing operations for changing a key.
  • FIGS. 19A and 19B are block diagrams for illustrating another authentication processing.
  • FIG. 20 is a diagram for illustrating a structure of a conventional authentication system.
  • FIG. 1 shows an exemplary structure of an authentication system of the present invention.
  • the system comprises a controller 1 , reader writer 2 , and IC card 3 .
  • a user instead of a commutation ticket, for example, carries the IC card 3 .
  • the reader writer 2 is installed at a ticket gate of a rail way company who employs the IC card 3 .
  • the term “system” means a whole apparatus having a plurality of devices.
  • the controller 1 is provided with a memory 11 , which stores cipher keys for access to areas of a memory 31 of the IC card 3 , and corresponding provider numbers.
  • a communication section 12 communicates between a communication section 21 of the reader writer 2 by wire or radio transmission.
  • a reduction processing section 13 reads a cipher key of a prescribed number out of a plurality of cipher keys stored in the memory 11 , and generates one reduction key.
  • a controller 14 controls operations of components in the controller 1 , and performs authentication processing.
  • the communication section 21 of the reader writer 2 communicates between the communication section 12 of the controller 1 or a communication section 33 of the IC card 3 .
  • An encipherment section 22 enciphers a random number generated from a random number generation section 23 , and deciphers an enciphered random number transmitted from the IC card 3 .
  • a control section 24 controls operations of components of the reader writer 2 , and performs authentication processing.
  • the IC card 3 is provided with the memory 31 .
  • the memory 31 is divided into a plurality of areas (for example 5 areas in FIG. 1 ). Each provider (for example, Railway Company) takes an access to the corresponding area, and writes and reads data as desired. Each area corresponds to a specific cipher key, and a corresponding cipher key i is required to take an access to a specified area i.
  • a reduction processing section 32 reduces a plurality of cipher keys, and generates one reduction key.
  • An encipherment section 34 enciphers a random number generated by random number generation section 35 , and deciphers the enciphered data supplied from the reader writer 2 .
  • a controller 36 controls operations of components of the IC card 3 , and performs authentication processing.
  • FIG. 2 shows a detailed example of a data structure of the memory 31 of the IC card 3 .
  • the area 51 is assigned as a common area, in which data common to respective providers are stored.
  • the area 52 is assigned as an area for exclusive use by respective providers, and only the provider corresponding to a specific area can make an access to this area.
  • the information comprises provider numbers assigned to respective providers, block assignment information for indicating the area which is assigned to the provider, permission information such as that only reading is possible, only writing is possible, or both reading and writing are possible, cipher key, and version of the cipher key.
  • the provider number 00 is common to respective providers, and as the block assignment information, an address of the area 51 , which is the common area, is written.
  • the permission information information which is possible to take an access to the area 51 , which is the common area, is specified.
  • version information of the cipher key the cipher key required to take an access to the area 51 , which is the common area, and the version thereof are applied.
  • An area 54 is assigned as a system ID block, and an ID of a system to which this IC card 3 is applied is written.
  • the provider number, permission information, cipher key version, and cipher key shown in FIG. 2 are stored in the memory 11 of the controller 1 .
  • FIGS. 3A and 3B show an exemplary structure of the reduction processing section 13 (or reduction processing section 32 ). The processing is performed actually by software in many cases.
  • n cipher keys are provided in the IC card 3 , (n ⁇ 1) circuits of two-input reduction circuits 81 - 1 to 81 -(n ⁇ 1) are provided, two data are inputted to each reduction circuit, and one data is outputted.
  • a cipher key of the provider 1 (rail way company 1 )
  • a cipher key of the provider 2 (rail way company 2 ) are inputted.
  • the two-input reduction circuit 81 - 1 generates one reduction key from the two cipher keys, and supplies it to the subsequent two-input reduction circuit 81 - 2 .
  • the two-input reduction circuit 81 - 2 reduces the reduction key inputted from the two-input reduction circuit 81 - 1 and a cipher key of the provider 3 (rail way company 3 ), and outputs it to the subsequent two-input reduction circuit 81 - 3 (not shown in the drawing).
  • the same processing is performed in each two-input reduction circuit 81 -i, and the reduction key generated from the final two-input reduction circuit 81 -(n ⁇ 1) is regarded as one final reduction key.
  • the input cipher key is outputted, as it is, as a reduction key.
  • FIGS. 4 to 6 show exemplary structures of the two-input reduction circuit 81 -i shown in FIG. 3 .
  • An encipherment circuit 81 -i shown in FIG. 4 enciphers an input from the front end corresponding to a cipher key prepared previously, and outputs it to the rear end.
  • the two-input reduction circuit 81 - 1 comprises the encipherment circuit 81 -i
  • a cipher key of the provider 1 is inputted as a data
  • a cipher key of the provider 2 is inputted as a cipher key.
  • the cipher key (data) of the provider 1 is enciphered and outputted to the two-input reduction circuit 81 - 2 .
  • An encipherment circuit 81 -i shown in FIG. 5 receives the input from the front end, enciphers it, and outputs it to the rear end. For example, if the encipherment circuit 81 -i is applied to the two-input reduction circuit 81 - 1 , a cipher key of the provider 2 is inputted as a data, and a cipher key of the provider 1 is inputted as a cipher key. The cipher key of the provider 2 is enciphered using the cipher key of the provider 1 , and outputted to the subsequent two-input reduction circuit 81 - 2 as a reduction key.
  • DES Data Encryption Standard
  • FEAL Fast Data Encipherment Algorithm
  • the encipherment circuit 81 -i comprises an exclusive OR circuit (XOR).
  • XOR exclusive OR circuit
  • an cipher key of each provider is a digital data having 30 bytes.
  • a reduction key is a digital data having the same bytes.
  • controller 1 and reader writer 2 are shown as separate devices in this embodiment, however, it is possible to use these devices as one combined device.
  • the controller section 14 of the controller 1 controls the communication section 12 , and indicates polling with a sufficiently short period (period sufficient for detecting passage of users who pass through a ticket gate of a rail way station having an IC card) for the reader writer 2 (step S 1 ).
  • the control section 24 of the reader writer 2 controls the communication section 21 to perform polling to the IC card 3 (step S 2 ).
  • the control section 36 of the IC card 3 informs the existence of this control section 36 (step S 3 ).
  • the control section 24 of the reader writer 2 informs the existence of the IC card 3 to the controller 1 (step S 4 ).
  • the control section 14 of the controller 1 controls the reduction processing section 13 (step S 5 ).
  • the reduction processing section 13 reads out the cipher key of an area to be addressed from the memory 11 .
  • the cipher key 1 , cipher key 2 , and cipher key 4 are read out to the reduction processing section 13 to take access to the area 1 , area 2 , and area 4 .
  • the reduction processing section 13 reduces using these three cipher keys. In detail, as shown in FIG.
  • the cipher key 1 is enciphered using the cipher key 2 , and outputted to the two-input reduction circuit 81 - 2 .
  • the two-input reduction circuit 81 - 2 enciphers the reduction key obtained by reducing the cipher key 1 and cipher key 2 supplied from the two-input reduction circuit 81 - 1 using the cipher key 3 .
  • the obtained reduction key is used as the final reduction key.
  • the control section 14 informs it to reader writer 2 together with provider numbers (key number), number of providers (number of keys), and order of reduction processing (step S 6 ).
  • the control section 24 of the reader writer 2 Upon receiving this information from the communication section 12 of the controller 1 through the communication section 21 , the control section 24 of the reader writer 2 instructs the random number generation section 23 to generate a random number r1 (step S 7 ).
  • the controller 24 instructs the communication section 21 to inform the random number r1 to the IC card 3 (step S 8 ).
  • the control section 24 informs also the number of providers and provider numbers supplied from the controller 1 to the IC card 3 .
  • the controller 36 of the IC card 3 Upon receiving this information, the controller 36 of the IC card 3 performs first reduction key generation processing (step S 9 ).
  • the control section 36 reads the cipher key corresponding to the provider number (key number) transmitted from the reader writer 2 from the memory 31 , and supplies it to the reduction processing section 32 to perform reduction processing.
  • the provider numbers corresponding to the cipher key 1 , cipher key 2 , and cipher key 4 are transmitted, the cipher key 1 , cipher key 2 , and cipher key 4 corresponding to these provider numbers respectively are read out from the memory 31 , and supplied to the reduction processing section 32 .
  • the reduction processing section 32 reduces these three reduction keys in a specified order (for example, in order of input of the providers), and finally generates one reduction key. As the result, the same reduction key as the reduction key generated by the controller 1 in the step S 5 is generated to the IC card 3 .
  • control section 36 outputs the random number r1 informed from the reader writer 2 and the reduction key generated from the reduction processing section 32 to the encipherment section 34 , and the encipherment section 34 enciphers the random number r1 using the reduction key (step S 10 ) to generates an enciphered random number R 1 .
  • the control section 36 generates a prescribed random number r2 in the random number generation section 35 (step S 11 ).
  • the control section 36 controls the communication section 33 to transfer the enciphered random number R 1 and random number r2 generated in the step S 11 to the reader writer 2 (step S 12 ).
  • the control section 24 of the reader writer 2 controls the encipherment section 22 to decipher the enciphered random number R 1 using the reduction key received from the controller 1 (step S 13 ).
  • the controller 24 checks whether the random number obtained by deciphering is equal to the random number r1 generated in the step S 7 , and if the result is NO, then the IC card 3 is judged to be an improper IC card, and the control section 24 informs the judgement to the controller 1 in the step S 14 . Then, the controller 1 performs error processing (for example, prevent the user from passing the ticket gate).
  • the control section 24 control the encipherment section 22 to encipher the random number r2 supplied from the IC card 3 using the reduction key supplied from the controller 1 , and an enciphered random number R 2 is generated (step S 15 ). Further, the control section 24 transfers the enciphered random number R 2 generated as described herein above to the IC card 3 (step S 16 ).
  • the control section 36 of the IC card 3 controls the encipherment section 34 to decipher the enciphered random number R 2 using the reduction key generated in the step S 9 (step S 17 ). Whether the deciphered random number is equal to the random number r2 generated in the step S 11 is judged. The judgement result is transferred to the reader writer 2 through the communication section 33 (step S 18 ).
  • control section 24 of the reader writer 2 Upon receiving information of authentication result from the IC card 3 , the control section 24 of the reader writer 2 informs this result to the controller 1 from the communication section 21 (step S 19 ).
  • the controller 14 of the controller 1 Upon receiving this information through the communication section 12 , the controller 14 of the controller 1 performs error processing if the information indicates NG. On the other hand, if the information indicates OK (the IC card is judged to be a proper IC card), the control section 14 of the controller 1 outputs a necessary command such as read out or write to the reader writer 2 (step S 20 ). Upon receiving transfer of the command, the reader writer 2 outputs a read or write command to the IC card 3 (step 21 ). In this case, read or write of the area 1 , area 2 , and area 4 of the IC card 3 is instructed as described herein above.
  • the control section 36 of the IC card 3 performs write processing. If read is instructed, the control section 36 of the IC card 3 performs read processing.
  • the read data is transferred from the IC card 3 to the reader writer 2 (step S 22 ), and transferred from the reader writer 2 to the controller 1 (step S 23 ).
  • cipher keys required individually are not authenticated individually.
  • authentication processing is performed not individually on the cipher key 1 , cipher key 2 , and cipher key 4 (in other words, performed not three times).
  • one reduction key is generated from a plurality of cipher keys, and authentication processing is performed only once using this one reduction key; as a result, it is possible to perform authentication processing rapidly.
  • the number of bytes (length) of a reduction key is equal to that of a cipher key in this example; however, it is possible to use different number of bytes. Because a reduction key is used only for authentication, it is not necessary to restore a reduction key to a plurality of original cipher keys.
  • FIG. 8 shows another method for generating a reduction key.
  • cipher keys K1 to KnK P1 to K Pn are assigned to respective providers 1 to n, and secret data D 0 (not necessary secret because this data is common for the respective providers) which is contained previously are inputted to the first two-input reduction circuit 81 - 1 , and the two-reduction circuit 81 - 1 enciphers the data D 0 based on the cipher key K1K P1 of the provider 1 .
  • the two-input reduction circuit 81 - 2 enciphers the output D 1 from the two-input reduction circuit 81 - 1 based on the cipher key K2K P2 of the provider 2 .
  • the same processing is performed successively by the two-input reduction circuit 81 -i, the output from the final two-input reduction circuit 81 -n is the final reduction key.
  • the provider 2 can not generate a reduction key unless the provider 2 knows the cipher key of the provider 1 . Because the respective providers are independent basically, it is not preferable for security that the cipher key of a certain provided is informed to other providers.
  • the method for generating a reduction key as shown in FIG. 8 is preferable because a provider can generate a reduction key without being informed the cipher key of another provider.
  • FIGS. 9 to 11 show exemplary structures of a controller 1 , reader writer 2 , and IC card 3 of the provider 1 , provider 2 , and provider 4 for the case that a reduction key is generated by the method as shown in FIG. 8 .
  • a prescribed data (common data) D 0 is stored previously in the memory 31 in addition to the cipher key K1 to cipher key K5 corresponding to the area 1 to area 5 respectively.
  • the cipher key K1 of this provider 1 and data D 024 are stored in the memory 11 of the provider 1 (FIG. 9 ), the cipher key K1 of this provider 2 and data D 014 are stored in the memory 11 of the provider 2 (FIG. 10 ), and the cipher key K4 of this provider 4 and data D 012 are stored in the memory 11 of the provider 4 (FIG. 11 ).
  • the provider 1 asks the provider 2 to reduce the predetermined data D 0 using the cipher key K2 K P2 in the two-input reduction circuit 81 - 1 to generate data D 02 . Then, the provider 1 provides the data D 02 to the provider 4 , the provider 4 then reduces using the cipher key K4 K P4 in the two-input reduction circuit 81 - 2 to generate data D 024 . The provider 1 receives supply of the data D 024 from the provider 4 , and stores it in the memory 11 .
  • the data D 0 is provided first to the provider 4 , the provider 4 reduces it using the cipher key K4 K P4 to generate data D 04 , and then the data D 04 is provided to the provider 2 , the provider 2 reduces it using the cipher key K2 K P2 to generate data D 042 , and the data D 042 is stored in the memory 11 .
  • the provider 1 stores the order of reduction which indicates that the reduction is performed in what order.
  • the provider 2 asks the provider 1 to generate data D 01 which is generated by reducing data D 0 using the cipher key K1 K P1 .
  • the provider 2 provides the data D 01 to the provider 4 , and asks the provider 4 to generate data D 014 by reducing the data D 01 using the cipher key K4 K P4 .
  • the data D 014 is stored in the memory 11 .
  • the provider 2 asks reduction processing first to the provider 4 , and then provides the data D 04 generated using the cipher key K4 K P4 to the provider 1 , the provider 1 reduces it using the cipher key K1 K P1 to generate data D 41 , the provider 2 obtains the data D 041 and stores it in the memory 11 .
  • the provider 2 stores also the order of reduction in the memory 11 .
  • the provider 4 asks the provider 1 to degenerate the data D 0 using the cipher key K1 K P1 , and the provider 1 generates data D 01 .
  • the data D 01 is provided to the provider 2 , the provider 2 reduces it using the cipher key K2 K P2 to generate data D 012 .
  • the provider 4 stores the data D 012 in the memory 11 .
  • the provider 4 asks reduction processing first to the provider 2 to degenerate the data D 0 using the cipher key K2 K P2 , data D 02 is generated, the provider 1 reduces the data D 02 using the cipher key K1 K P1 to generate data D 021 .
  • the provider 4 also stores the order of reduction in the memory 11 .
  • the respective providers can perform authentication processing as described below.
  • the control section 14 controls the reduction processing section 13 as shown in FIG. 9 , reads the data D 024 and cipher key K1 from the memory 11 to generate a reduction key.
  • the reduction key is transferred to the reader writer 2 .
  • the number of providers in this example, the number is three
  • provider numbers in this example, provider 1 , provider 2 , and provider 4
  • order of reduction in this example, in the order of the provider 2 , provider 4 , and provider 1
  • the control section 24 controls the communication section 21 , and informs the number of providers, provider numbers, and order of reduction transferred from the control section 14 of the controller 1 to the IC card 3 .
  • the control section 36 controls the reduction processing section 32 corresponding to this information.
  • the reduction processing section 32 reads the data D 0 from the memory 31 , reduces the data D 0 successively using a specified order and the cipher key of a specified provider number to generate a reduction key.
  • the data D 0 is reduced using the cipher key K 2 , and a reduction key is generated.
  • the reduction key generated as described herein above is the same reduction key as generated by the reduction processing section 13 of the controller 1 .
  • authentication processing is performed by performing processing following the step S 10 as in the case described with reference to FIG. 7 .
  • the reader writer 2 of the provider 1 can take an access to the area 1 , area 2 , and area 4 of the memory 31 of the IC card 3 .
  • the control section 14 controls the reduction processing section 13 to read the data D 014 from the memory 11 , and to regenerate it using the cipher key K2 read from also from the memory 11 .
  • the generated reduction key is transferred to the reader writer 2 .
  • the number of providers in this example, the number is three
  • provider numbers in this example, provider 1 , provider 2 , and provider 4
  • order of reduction in this example, in the order of the provider 1 , provider 4 , and provider 2
  • the reader writer 2 the number of providers (in this example, the number is three), provider numbers (in this example, provider 1 , provider 2 , and provider 4 ), and order of reduction (in this example, in the order of the provider 1 , provider 4 , and provider 2 ) are informed to the reader writer 2 .
  • the reader writer 2 transfers this information to the IC card 3 .
  • a reduction key is generated corresponding to this information.
  • the reduction processing section 32 of the IC card 3 reads the data D 0 from the memory 31 , reduces first using the cipher key K1 to obtain data D 01 .
  • the data D 01 is then reduced using the cipher key K4 and data D 014 is generated.
  • the data D 014 is reduced using the cipher key K2.
  • the reduction key generated as described herein above is the same reduction key as generated by the controller 1 . Therefore the reader writer 2 of the provider 2 can make an access to the area 1 , area 2 , and area 4 of the memory 31 of the IC card 3 .
  • the control section 14 of the controller 1 controls the reduction processing section 13 to degenerate the data D 012 stored in the memory 11 using the cipher key K4 and to generate a reduction key, and transfers it to the reader writer 2 .
  • the number of providers in in this example, the number is three
  • provider numbers in this example, provider 1 , provider 2 , and provider 4
  • order of reduction in this example, in the order of the provider 1 , provider 2 , and provider 4
  • This information is transferred to the IC card 3 .
  • the IC card 3 performs reduction processing based on this information.
  • the reduction processing section 32 reads the data D 0 from the memory 31 , and generates data D 01 using the cipher key K1.
  • the data D 01 is then reduced using the cipher key K2, and data D 012 is generated.
  • the data D 012 is reduced using the cipher key K4, and the final reduction key is generated.
  • the reduction key generated as described herein above is the same reduction key as generated by the controller 1 . Therefore the reader writer 2 can make an access to the area 1 , area 2 , and area 4 of the memory 31 of the IC card 3 .
  • FIG. 15 shows yet another method for reduction key generation.
  • data Dn- 1 inputted to the two-input reduction circuit 81 -n which generates the final reduction key and an ID number held previously by the IC card are mathematically operated, the mathematical operation result is subjected to processing using the cipher key Kn, and a reduction key is generated. Other processes are performed as shown in FIG. 8 .
  • FIG. 16 shows an exemplary structure of a controller 1 , reader writer 2 , and IC card 3 for generating a reduction key according to the method shown in FIG. 15 .
  • This figure shows the structure of the provider 4 .
  • the memory 11 of the controller 1 stores the data D 012 , the cipher key K4, and the reduction order.
  • the reader writer 2 is provided with an ID acquisition section 211 for acquiring an ID from the data received by the communication section 21 .
  • the IC card 3 stores previously an ID number specific to the IC card 3 in the memory 201 (the memory 201 may be the same memory as the memory 31 ).
  • the reader writer 2 requests an ID to the IC card 3 (step S 41 ). Not only a communication section 33 of the IC card 3 A but also a communication section 33 of the IC card 3 B receive the request.
  • the control section 36 of the IC card 3 A controls the random number generation section 35 to generate a certain random number (step S 42 ).
  • the control section 36 of the IC card 3 A performs assignment processing of time slot corresponding to the generated random number (step S 43 ).
  • communication between the reader writer 2 and IC card 3 is performed by time-division multiplex operation, and the IC card 3 A assigns a time slot corresponding to the generated random number out of a plurality of time slots as the time slot for communication of this IC card 3 A.
  • the control section 36 of the IC card 3 A transmits an ID number (IDA) read out from the memory 201 to the reader writer 2 through the communication section 33 (step S 44 ).
  • IDA ID number
  • the control section 36 of the IC card 3 B controls the random number generation section 35 to generate a random number (step S 45 ).
  • the control section 36 of the IC card 3 B assigns the time slot corresponding to the generated random number as the time slot of this IC card 3 B (step S 46 ).
  • An ID number (IDB) stored in the memory 201 is read out, and transferred to the reader writer 2 at the timing corresponding to the assigned time slot (step S 47 ).
  • the reader writer 2 supplies it to the ID acquirement section 211 for storage.
  • the control section 24 controls the random number generation section 23 to generate a random number r1 (step S 48 ). Further, the control section 24 selects the ID which is acquired, for example, first out of acquired ID's (step S 48 ).
  • the control section receives supply of data D 01 , cipher key K4, and reduction order, and generates a reduction key corresponding this information.
  • control section 24 performs a prescribed mathematical operation on the selected ID (for example, IDA of the IC card 3 ), namely data D 012 .
  • the mathematical operation may be addition or mathematical operation of exclusive OR.
  • the control section 24 reduces the mathematical operation result using the cipher key K4 to generate a reduction key.
  • the number of providers, provider numbers, reduction order, and random number r1 are transmitted to the IC card 3 (step S 50 ).
  • the information is received by both the IC card 3 A and IC card 3 B.
  • the IC card 3 B reduces the data D 0 using the cipher key K1 according to the specified order and obtains data D 0
  • the data D 01 is reduced using the cipher key K2 and data D 012 is obtained (step S 51 ).
  • the IDB is read out from the memory 201 , and the result obtained by mathematical operation of the IDB and data D 012 is reduced using the cipher key K4.
  • the encipherment section 34 deciphers the enciphered random number r1 using the reduction key generated as described above. However, because the random number r1 was enciphered using the reduction key generated using the IDA, the random number r 1 cannot be deciphered using the reduction key generated using the IDB. Therefore the IC card 3 B does not respond to transmission from the reader writer 2 hereafter.
  • the control section 36 generates a reduction key corresponding to the information transmitted from the reader writer 2 (step S 52 ).
  • the reduction processing section 32 of the IC card 3 A reduces data D 0 read out from the memory 31 first using the cipher key K1 read out from the area 1 according to the specified reduction order to generate data D 01 .
  • the data D 01 is reduced using the cipher key K2 read out from the area 2 , and data D 012 is generated.
  • the data D 012 and ID number (IDA) read out from the memory 210 are subjected together to the prescribed mathematical operation, and the mathematical operation result is reduced using the cipher key K4 read out from the area 4 to generate a reduction key.
  • the reduction key generated as described above is the same reduction key as generated by the reader writer 2 in the step S 49 .
  • step S 53 to step S 59 which are corresponding to the step S 10 to step S 17 in FIG. 7 hereafter, authentication processing is performed.
  • the processing is the same processing as described with reference to FIG. 7 , and the description is omitted.
  • FIG. 18 shows a method for changing a cipher key.
  • the provider 1 wants to change the cipher key K1, a prescribed random number e1 is generated, and used as a new key K1′.
  • the provider 1 can change desirably by itself the cipher key K1 stored in the area 1 of the memory 31 of the IC card 3 of the user who uses the reader writer 2 of the provider 1 .
  • the provider 1 can change the cipher key K 1 to the new cipher key K1′ without notifying the new cipher key K1′ to other provider 2 or provider 4 .
  • E(A, B) means encipherment of the data A using the key B.
  • a method of encipherment such as DES or FEAL may be used.
  • the value F is a predetermined value, which other provider 2 and provider 4 know the value as a value which is to be used when they change their cipher keys, and is previously stored in the memory 31 of the IC card 3 .
  • the provider 1 When the provider 1 generates the data C1 and C2 as described above, the provider 1 informs this value to other providers together with the key number (in this case, the key number 1 ) assigned to the cipher key K1 of the provider 1 .
  • Each respective provider changes, using these data, the key K1 in the memory 31 of the IC card 3 which uses its reader writer 2 by the way as described below. This change processing is described below with an example for the provider 4 .
  • the reader writer 2 of the provider 4 transmits the data C1 and C2 to the IC card 3 .
  • D(A, B) means encipherment of the data A using the key B.
  • the IC card 3 can obtain the data e1 and e2 by deciphering the data C1 and C2 using the key K1 stored in the memory 31 .
  • the control section 36 adds e1 and e2 obtained as described above, and judges whether the addition result is equal to the prescribed value F stored previously in the memory 31 . If the result is YES, then the data e 1 obtained by deciphering the data C1 is registered as a new key K1′ which will be used instead of the key K1.
  • e1′ D(C1′, K1)
  • e2′ D(C2′, K1)
  • C1′ and C2′ are values which the malicious provider sets fittingly.
  • the provider 2 also performs the same processing to change the cipher key K1 in the memory 31 of the IC card which uses the reader writer 2 of the provider 2 .
  • the provider 1 , provider 2 , and provider 4 perform again the same processing as described with reference to FIGS. 12 to 14 to change data D 024 , D 014 , and D 012 to be stored respectively.
  • FIG. 19 shows another method of authentication processing.
  • a reader writer 2 shown in FIG. 2 represents the reader writer of the provider 4 .
  • control section 24 generates a reduction key Ks using the cipher key K4 and data D 012 stored in the memory 11 .
  • the control section 24 for example, synthesizes an even number bit and odd number bit of the cipher key K4 to generate the first reduction key K4s1, and synthesizes an odd number bit and even number bit of the cipher key K4 to generate the second reduction key K4s2.
  • the first reduction key K4s1 is inputted to the encipherment section 22 A of the encipherment section 22 , and is used to encipher a random number generated by the random number generation section 23 .
  • the enciphered random number is transmitted to the IC card 3 .
  • information required to generate a reduction key is transmitted simultaneously to the IC card 3 .
  • the IC card 3 reads out the data D 0 from the memory 31 using this information, and generates a reduction key Ks by applying cipher keys K1, K2, and K4 successively.
  • the reduction key Ks has the same value as the reduction key Ks generated by the reader writer 2 .
  • the control section 36 generates the first reduction key K4s1 and second reduction key K4s2 by performing the same processing as the reader writer 2 .
  • the decipherment section 34 B of the encipherment section 34 deciphers the enciphered random number transmitted from the reader writer 2 , and transmits the deciphered random number to the encipherment section 34 A.
  • the encipherment section 34 A enciphers it using the second reduction key K4s2 and transmits it to the reader writer 2 .
  • the decipherment section 22 B of the encipherment section 22 in the reader writer 2 deciphers the enciphered random number transmitted from the IC card 3 .
  • the deciphered result is transmitted to the control section 24 .
  • the random number deciphered as described above is equal to the same random number as generated by the random number generation section 23 if the IC card is proper. Accordingly, by judging whether the received random number is equal to the generated random number, authentication processing is performed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

In authentication using a plurality of cipher keys, the authentication time is shortened. In the case that an encipher key to encipher key are required to take an access to each area out of the area to area in a memory of an IC card, a plurality of areas to have an access is informed to the IC card from a reader writer, a plurality of cipher keys corresponding to these areas (for example, cipher key 1, cipher key 2, and cipher key 4) is read out, and reduction processing section generates one reduction key from these cipher keys. A random number which is generated from a random number generation section of the reader writer is transferred to the IC card, and an encipherment section enciphers the random number using the reduction key. The reader writer receives the enciphered random number from the IC card, and deciphers it using the reduction key, and judges the IC card to be proper if the deciphered random number is equal to the generated random number.

Description

BACKGROUND OF THE INVENTION
This invention relates to a system and method for authentication and device and method for authentication, and particularly relates to a system and method for authentication and device and method for authentication which are capable of authenticating rapidly.
DESCRIPTION OF RELATED ART
FIG. 20 shows an exemplary structure of a conventional authentication system using an IC card. In this exemplary structure, authentication processing is performed between the IC card 102 and reader writer 101. In the IC card 102, the area for storing information is divided into 5 areas of area 1 to area 5. Respective areas correspond to different cipher key 1 to key 5. To take an access to area i, the corresponding cipher key i is required.
When the reader writer 101 records a data in, for example, area 1 of the IC card, or reads a data stored therein, first mutual authentication processing is performed. The reader writer 101 previously stores the same cipher key 1 to cipher key 5 as the cipher key 1 to cipher key 5 stored in the IC card 102. When the reader writer 101 takes an access to area 1 of the IC card 102, the reader writer 101 reads the cipher key 1 corresponding to the area 1 and performs an authentication processing using this key.
For example, the reader writer 101 generates a prescribed random number, and informs the random number and the number of 1 of the area to be addressed to the IC card 102. The IC card 102 reads the cipher key 1 corresponding to the informed number of 1, enciphers the random number using the cipher key 1. The enciphered random number is informed to the reader writer 101. The reader writer 101 deciphers the ciphered random number using the cipher key. If the random number informed to the IC card 102 coincides with the deciphered random number, the IC card 102 is judged to be proper.
Similarly, the IC card 102 generates a prescribed random number, and outputs it to the reader writer 101. The reader writer 101 enciphers the random number using the cipher key 1, and informs the enciphered random number to the IC card 102. The IC card 102 deciphers the enciphered random number using the cipher key 1. If the deciphered random number is coincident with the random number posted to the reader writer 101, the reader writer 101 is determined to be a proper reader writer.
The processing described above is performed on respective areas.
In the conventional system, it has been difficult to take an access to areas rapidly because mutual authentication processing is performed individually for each area. As the result, it has been difficult that a reader writer 101 makes an access to a prescribed area of the IC card 102 and then writes and reads information in a short time, for example, when a commuter passes a gate installed at a ticket gate.
The present invention was accomplished in view of such a problem, and it is the object of the present invention to shorten the time for authentication.
SUMMARY OF THE INVENTION
Embodiments of the present invention are described hereinafter. In the description, features of the present invention are described with a corresponding embodiment (one example) in parentheses after each means in order for clear understanding of mutual correspondence between respective means described in claims and embodiments described hereinafter. However, these descriptions by no means limits respective means to those described hereinafter.
An authentication system described in one embodiment comprises the first device and second device. The first device has first memory means (for example, a memory 11 shown in FIG. 1) for storing a plurality of keys, first generation means (for example, a reduction processing section 13 shown in FIG. 1) for generating one authentication key from the arbitrary number of keys out of the plurality of the keys stored in the first memory means, and first communication means (for example, a communication section 12 shown in FIG. 1) for communicating with the second device. The second device has second memory means (for example, a memory 31 shown in FIG. 1) for storing a plurality of keys, second generation means (for example, a reduction processing section 32 shown in FIG. 1) for generating one authentication key from the arbitrary number of keys out of the plurality of the keys stored in the first memory means, and second communication means (for example, a communication section 33 shown in FIG. 1) for communicating with the first device. The one device (for example, an IC card 3 shown in FIG. 1) out of the first device and second device has encipherment means (for example, encipherment section 34 shown in FIG. 1) for enciphering using the authentication key, and the other device (for example, a controller 1 and reader writer 2 shown in FIG. 1) out of the first device and second device has decipherment means (for example, encipherment section 22 shown in FIG. 1) for deciphering data enciphered by the encipherment means using the authentication key.
In the above-mentioned authentication system, one authentication key is generated from a plurality of keys. Data are enciphered and deciphered using the one authentication key.
In the authentication system described in another embodiment, the one device out of the first device and second device additionally has notification means (for example, the step S6 shown in FIG. 7) for notifying information required to generate one corresponding authentication key from arbitrary number of keys out of the plurality of the keys stored therein to the other device. The other device out of the first device and second device generates the authentication key corresponding to the information informed from the notification means.
In the authentication system described in yet another embodiment, at least any one device of the first device and second device is provided with a random number generation means (for example, random number generation sections 23 and 35 in FIG. 1) for generating a random number, and the encipherment means enciphers a random number generated by the random number generation means, and the decipherment means deciphers the enciphered random number.
An authentication device described in still another embodiment has communication means (for example, a communication section 21 shown in FIG. 1) for communicating between the other device, memory means (for example, the memory 11 shown in FIG. 1) for storing a plurality of keys, generation means (for example, the reduction means 13 shown in FIG. 1) for generating one authentication key from the arbitrary number of keys out of a plurality of the keys stored in the memory means, notification means (for example, the communication section 12 shown in FIG. 1) for notifying information required to generate one corresponding authentication key from the arbitrary number of keys out of the plurality of the keys stored in the other device and data to be enciphered using the authentication key to the other device, and decipherment means (for example, the encipherment section 22 shown in FIG. 1) for deciphering, using the authentication key, the data enciphered by the other device using the authentication key.
In the above-mentioned authentication device, information required to generate one authentication key is informed to other device. Data enciphered using an authentication key generated by other device are deciphered using the authentication key.
An authentication device described in another embodiment has communication means (for example, the communication section 33 shown in FIG. 1) for communicating between the other device, a memory means (for example, the memory 31 shown in FIG. 1) for storing a plurality of keys, generation means (for example, the reduction processing section 32 shown in FIG. 1) for generating one authentication key from the arbitrary number of keys out of the plurality of the keys stored in the memory means based on information informed from the other device, and encipherment means (for example, the encipherment section 34 shown in FIG. 1) for enciphering the data informed from the other device using the authentication key.
In the above-mentioned authentication device, one authentication key is generated from a plurality of keys based on the information informed from the other device.
In an authentication system described in still another embodiment, the first device stores a key assigned to this device and has first memory means (for example, a memory 11 shown in FIG. 9) for storing a key assigned to this device and individual data generated using a prescribed common data and a prescribed number of keys held by the second device, first generation means (for example, a reduction processing section 13 shown in FIG. 9) for generating an authentication key from the key stored in the first memory means and the individual data, first notification means (for example, a control section 24 shown in FIG. 9) for notifying information required for the other device to generate corresponding the key, and a first communication means (for example, a communication section 21 shown in FIG. 9) for communicating between the second device. The second device is provided with a second memory means (for example, a memory 31 shown in FIG. 9) for storing a plurality of keys and the common data, a second generation means (for example, a reduction processing section 32 shown in FIG. 9) for generating the authentication key from a key corresponding to the information from the communication means of the first device out of the plurality of the keys stored in the second memory means and the common data, and a communication means (for example, a communication section 33 shown in FIG. 9) for communicating between the first device. The one device out of the first device and second device is provided with an encipherment means (for example, an encipherment section 22 shown in FIG. 9) for enciphering using the authentication key, and the other device out of the first device and second device is provided with a decipherment means (for example, an encipherment section 34 shown in FIG. 9) for deciphering the data enciphered by the encipherment means using the authentication key.
In the above-mentioned authentication system, a key assigned to this device and individual data are stored in the first device, and an authentication key is generated correspondingly to these key and data. In the second device, an authentication key is generated from the information received from the first device and common data.
In the authentication system described in yet another embodiment, an authentication key comprises a first authentication key and second authentication key. The first generation means generates the first authentication key from the key stored in the first memory means assigned thereto and the individual data, and generates the second authentication key using the key assigned thereto and the first authentication key. The second generation means generates the first authentication key from a key corresponding to the of information from the notification means of the first device out of the plurality of the keys stored in the second memory means and the common data, and generates the second authentication key using the first authentication key and a key corresponding to the information from the notification means of the first device. Both the first device and second device are provided with the encipherment means and decipherment means respectively, the one device out of the first device and second device is provided additionally with a random number generation means (for example, the random number generation section 23 shown in FIG. 9) for generating a random number. An encipherment means of the one device out of the first device and second device enciphers the random number generated from the random number generation means of the one device out of the first device and second device (¥2) using the first authentication key, a decipherment means of the other device out of the first device and second device deciphers the random number enciphered by the encipherment means of the one device out of the first device and second device using the first authentication key, an encipherment means of the other device out of the first device and second device enciphers the random number deciphered by the decipherment means of the other device out of the first device and second device using the second authentication key, and a decipherment means of the one device out of the first device and second device deciphers the random number enciphered by the encipherment means of the other device out of the first device and second device using the second authentication key.
In the authentication system described in another embodiment, the second device is provided additionally with the second decipherment means (for example, an encipherment section 34 shown in FIG. 18) for deciphering the first enciphered data and second enciphered data received from the first communication means of the first device using the first key corresponding to the key identification number, and a changing means (for example, a control section 36 shown in FIG. 18) for judging whether the second key and third key are in a prescribed relation and for changing the first key using the second key correspondingly to the judgement result.
An authentication device described in yet another embodiment provided with a memory means (for example, the memory 11 shown in FIG. 19) for storing a key assigned to this device and storing individual data generated using a prescribed common data and a prescribed number of keys held by the other device, a generation means (for example, the reduction processing section 13 shown in FIG. 9) for generating an authentication key from the key stored in the memory means and the individual data, notification means (for example, the control section 24 shown in FIG. 9) for notifying information required for the other device to generate the corresponding authentication keys, a communication means (for example, the communication section 21 shown in FIG. 9) for communicating between the other device, and an encipherment means (for example, the encipherment section 22 shown in FIG. 9) for enciphering using the authentication key.
An authentication device described in still another embodiment is provided with a memory means (for example, the memory 31 shown in FIG. 9) for storing a plurality of keys and common data, a generation means (for example, the reduction processing section 13 shown in FIG. 9) for generating an authentication key from a key corresponding to the information from the other device out of the plurality of the keys stored in the memory means and the common data, a communication means (for example, the communication means 21 shown in FIG. 9) for communicating between the other device, and, a decipherment means (for example, the encipherment section 34 shown in FIG. 9) for deciphering the data enciphered by the other device using the authentication key.
In the above-mentioned authentication device, an authentication key is generated from a key corresponding to the information from the other device and common data.
The authentication device described in another embodiment, the second decipherment means and changing means are additionally provided, when the first enciphered data which is generated by enciphering the second key using the first key and the second enciphered data which is generated by enciphering the third key having a prescribed relation to the second key using the first key are transmitted, together with the key identification number of the key to be changed, from the other device in order to change the first key out of the plurality of the keys stored in the memory means, the second decipherment means (for example, the encipherment section 34 shown in FIG. 18) deciphers the first enciphered data and second enciphered data using the first key corresponding to the key identification number of the key to be changed, and the changing means (for example, the control section 36 shown in FIG. 18) judges whether the deciphered second key and third key are in a prescribed relation and changes the first key using the second key correspondingly to the judgement result.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram for illustrating an exemplary structure of an authentication system of the present invention.
FIG. 2 is a diagram for illustrating an exemplary data structure of the memory 31 shown in FIG. 1.
FIGS. 3A and 3B are block diagrams for illustrating an exemplary structure of a reduction processing section 13 shown in FIG. 1.
FIG. 4 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3.
FIG. 5 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3.
FIG. 6 is a block diagram for illustrating an exemplary structure of a two-input reduction circuit shown in FIG. 3.
FIGS. 7A and 7B are timing charts for describing operations of the authentication system shown in FIG. 1.
FIGS. 8A and 8B are block diagrams for illustrating another exemplary structure of the reduction processing section 13 shown in FIG. 1.
FIG. 9 is a block diagram for illustrating an exemplary structure of an authentication system of a provider in the case that a reduction key is generated in the exemplary structure shown in FIG. 8.
FIG. 10 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 2 in the case that a reduction key is generated in the exemplary structure shown in FIG. 8.
FIG. 11 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 4 in the case that a reduction key is generated in the exemplary structure shown in FIG. 8.
FIG. 12 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 9.
FIG. 13 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 10.
FIG. 14 is a block diagram for illustrating generation of data to be stored in a memory 11 shown in FIG. 11.
FIGS. 15A and 15B are block diagrams for illustrating yet another exemplary structure of the reduction processing section 13 shown in FIG. 1.
FIG. 16 is a block diagram for illustrating an exemplary structure of an authentication system of the provider 4 in the case that a reduction key is generated by the method shown in FIG. 15.
FIGS. 17A and 17B are timing charts for describing operations of the example shown in FIG. 16.
FIG. 18 is a diagram for describing operations for changing a key.
FIGS. 19A and 19B are block diagrams for illustrating another authentication processing.
FIG. 20 is a diagram for illustrating a structure of a conventional authentication system.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
FIG. 1 shows an exemplary structure of an authentication system of the present invention. The system comprises a controller 1, reader writer 2, and IC card 3. A user instead of a commutation ticket, for example, carries the IC card 3. The reader writer 2 is installed at a ticket gate of a rail way company who employs the IC card 3. In this specification, the term “system” means a whole apparatus having a plurality of devices.
The controller 1 is provided with a memory 11, which stores cipher keys for access to areas of a memory 31 of the IC card 3, and corresponding provider numbers. A communication section 12 communicates between a communication section 21 of the reader writer 2 by wire or radio transmission. A reduction processing section 13 reads a cipher key of a prescribed number out of a plurality of cipher keys stored in the memory 11, and generates one reduction key. A controller 14 controls operations of components in the controller 1, and performs authentication processing.
The communication section 21 of the reader writer 2 communicates between the communication section 12 of the controller 1 or a communication section 33 of the IC card 3. An encipherment section 22 enciphers a random number generated from a random number generation section 23, and deciphers an enciphered random number transmitted from the IC card 3. A control section 24 controls operations of components of the reader writer 2, and performs authentication processing.
The IC card 3 is provided with the memory 31. The memory 31 is divided into a plurality of areas (for example 5 areas in FIG. 1). Each provider (for example, Railway Company) takes an access to the corresponding area, and writes and reads data as desired. Each area corresponds to a specific cipher key, and a corresponding cipher key i is required to take an access to a specified area i.
A reduction processing section 32 reduces a plurality of cipher keys, and generates one reduction key. An encipherment section 34 enciphers a random number generated by random number generation section 35, and deciphers the enciphered data supplied from the reader writer 2. A controller 36 controls operations of components of the IC card 3, and performs authentication processing.
FIG. 2 shows a detailed example of a data structure of the memory 31 of the IC card 3. In this example, the area 51 is assigned as a common area, in which data common to respective providers are stored. The area 52 is assigned as an area for exclusive use by respective providers, and only the provider corresponding to a specific area can make an access to this area.
In an area 53, information required to manage the area 51 and area 52 is recorded. The information comprises provider numbers assigned to respective providers, block assignment information for indicating the area which is assigned to the provider, permission information such as that only reading is possible, only writing is possible, or both reading and writing are possible, cipher key, and version of the cipher key.
For example, the provider number 00 is common to respective providers, and as the block assignment information, an address of the area 51, which is the common area, is written. As the permission information, information which is possible to take an access to the area 51, which is the common area, is specified. Further, as the version information of the cipher key, the cipher key required to take an access to the area 51, which is the common area, and the version thereof are applied.
An area 54 is assigned as a system ID block, and an ID of a system to which this IC card 3 is applied is written.
The provider number, permission information, cipher key version, and cipher key shown in FIG. 2 are stored in the memory 11 of the controller 1.
FIGS. 3A and 3B show an exemplary structure of the reduction processing section 13 (or reduction processing section 32). The processing is performed actually by software in many cases.
In the reduction processing section 13 or 32, in the case that n cipher keys are provided in the IC card 3, (n−1) circuits of two-input reduction circuits 81-1 to 81-(n−1) are provided, two data are inputted to each reduction circuit, and one data is outputted. In the two-input reduction circuit 81-1, a cipher key of the provider 1 (rail way company 1) and a cipher key of the provider 2 (rail way company 2) are inputted. The two-input reduction circuit 81-1 generates one reduction key from the two cipher keys, and supplies it to the subsequent two-input reduction circuit 81-2. The two-input reduction circuit 81-2 reduces the reduction key inputted from the two-input reduction circuit 81-1 and a cipher key of the provider 3 (rail way company 3), and outputs it to the subsequent two-input reduction circuit 81-3 (not shown in the drawing). The same processing is performed in each two-input reduction circuit 81-i, and the reduction key generated from the final two-input reduction circuit 81-(n−1) is regarded as one final reduction key.
If n=1 (one cipher key is involved), the input cipher key is outputted, as it is, as a reduction key.
FIGS. 4 to 6 show exemplary structures of the two-input reduction circuit 81-i shown in FIG. 3. An encipherment circuit 81-i shown in FIG. 4 enciphers an input from the front end corresponding to a cipher key prepared previously, and outputs it to the rear end. For example, if the two-input reduction circuit 81-1 comprises the encipherment circuit 81-i, a cipher key of the provider 1 is inputted as a data, and a cipher key of the provider 2 is inputted as a cipher key. The cipher key (data) of the provider 1 is enciphered and outputted to the two-input reduction circuit 81-2.
An encipherment circuit 81-i shown in FIG. 5 receives the input from the front end, enciphers it, and outputs it to the rear end. For example, if the encipherment circuit 81-i is applied to the two-input reduction circuit 81-1, a cipher key of the provider 2 is inputted as a data, and a cipher key of the provider 1 is inputted as a cipher key. The cipher key of the provider 2 is enciphered using the cipher key of the provider 1, and outputted to the subsequent two-input reduction circuit 81-2 as a reduction key.
For example, DES (Data Encryption Standard) and FEAL (Fast Data Encipherment Algorithm) are used as an encipherment method shown in FIGS. 4 and 5.
In FIG. 6, the encipherment circuit 81-i comprises an exclusive OR circuit (XOR). For example, if the encipherment circuit 81-i is applied to the two-input reduction circuit 81-1 shown in FIG. 3, an exclusive OR of the cipher key of the provider 1 and the cipher key of the provider 2 is mathematically operated, and the mathematical operation result is outputted to the subsequent two-input reduction circuit 81-2 as a reduction key.
In FIG. 3, an cipher key of each provider is a digital data having 30 bytes. In this case, also a reduction key is a digital data having the same bytes.
Next, operations are described with reference to a timing chart shown in FIGS. 7A and 7B. The controller 1 and reader writer 2 are shown as separate devices in this embodiment, however, it is possible to use these devices as one combined device.
The controller section 14 of the controller 1 controls the communication section 12, and indicates polling with a sufficiently short period (period sufficient for detecting passage of users who pass through a ticket gate of a rail way station having an IC card) for the reader writer 2 (step S1). Upon receiving the indication through the communication section 21, the control section 24 of the reader writer 2 controls the communication section 21 to perform polling to the IC card 3 (step S2). Upon receiving indication of polling from the communication section 21 of the reader writer 2 through the communication section 33, the control section 36 of the IC card 3 informs the existence of this control section 36 (step S3). Upon receiving this information from the IC card 3 through the communication section 21, the control section 24 of the reader writer 2 informs the existence of the IC card 3 to the controller 1 (step S4).
Upon receiving this information through the communication section 12, the control section 14 of the controller 1 controls the reduction processing section 13 (step S5). The reduction processing section 13 reads out the cipher key of an area to be addressed from the memory 11. In the example shown in FIG. 1, the cipher key 1, cipher key 2, and cipher key 4 are read out to the reduction processing section 13 to take access to the area 1, area 2, and area 4. The reduction processing section 13 reduces using these three cipher keys. In detail, as shown in FIG. 3, in the two-input reduction circuit 81-1, the cipher key 1 is enciphered using the cipher key 2, and outputted to the two-input reduction circuit 81-2. The two-input reduction circuit 81-2 enciphers the reduction key obtained by reducing the cipher key 1 and cipher key 2 supplied from the two-input reduction circuit 81-1 using the cipher key 3. The obtained reduction key is used as the final reduction key.
When one reduction key is generated as described herein above, the control section 14 informs it to reader writer 2 together with provider numbers (key number), number of providers (number of keys), and order of reduction processing (step S6). Upon receiving this information from the communication section 12 of the controller 1 through the communication section 21, the control section 24 of the reader writer 2 instructs the random number generation section 23 to generate a random number r1 (step S7). The controller 24 instructs the communication section 21 to inform the random number r1 to the IC card 3 (step S8). Then, the control section 24 informs also the number of providers and provider numbers supplied from the controller 1 to the IC card 3.
Upon receiving this information, the controller 36 of the IC card 3 performs first reduction key generation processing (step S9). In detail, the control section 36 reads the cipher key corresponding to the provider number (key number) transmitted from the reader writer 2 from the memory 31, and supplies it to the reduction processing section 32 to perform reduction processing. In the case shown in FIG. 1, because the provider numbers corresponding to the cipher key 1, cipher key 2, and cipher key 4 are transmitted, the cipher key 1, cipher key 2, and cipher key 4 corresponding to these provider numbers respectively are read out from the memory 31, and supplied to the reduction processing section 32. The reduction processing section 32 reduces these three reduction keys in a specified order (for example, in order of input of the providers), and finally generates one reduction key. As the result, the same reduction key as the reduction key generated by the controller 1 in the step S5 is generated to the IC card 3.
Next, the control section 36 outputs the random number r1 informed from the reader writer 2 and the reduction key generated from the reduction processing section 32 to the encipherment section 34, and the encipherment section 34 enciphers the random number r1 using the reduction key (step S10) to generates an enciphered random number R1.
The control section 36 generates a prescribed random number r2 in the random number generation section 35 (step S11). The control section 36 controls the communication section 33 to transfer the enciphered random number R1 and random number r2 generated in the step S11 to the reader writer 2 (step S12).
Upon receiving supply of the random number r2 and enciphered random number R1, the control section 24 of the reader writer 2 controls the encipherment section 22 to decipher the enciphered random number R1 using the reduction key received from the controller 1 (step S13). The controller 24 checks whether the random number obtained by deciphering is equal to the random number r1 generated in the step S7, and if the result is NO, then the IC card 3 is judged to be an improper IC card, and the control section 24 informs the judgement to the controller 1 in the step S14. Then, the controller 1 performs error processing (for example, prevent the user from passing the ticket gate).
On the other hand, if the deciphered random number is equal to the random number r1 in the step S13, then the control section 24 control the encipherment section 22 to encipher the random number r2 supplied from the IC card 3 using the reduction key supplied from the controller 1, and an enciphered random number R2 is generated (step S15). Further, the control section 24 transfers the enciphered random number R2 generated as described herein above to the IC card 3 (step S16).
Upon receiving supply of the enciphered random number R2 as described herein above, the control section 36 of the IC card 3 controls the encipherment section 34 to decipher the enciphered random number R2 using the reduction key generated in the step S9 (step S17). Whether the deciphered random number is equal to the random number r2 generated in the step S11 is judged. The judgement result is transferred to the reader writer 2 through the communication section 33 (step S18).
Upon receiving information of authentication result from the IC card 3, the control section 24 of the reader writer 2 informs this result to the controller 1 from the communication section 21 (step S19).
Upon receiving this information through the communication section 12, the controller 14 of the controller 1 performs error processing if the information indicates NG. On the other hand, if the information indicates OK (the IC card is judged to be a proper IC card), the control section 14 of the controller 1 outputs a necessary command such as read out or write to the reader writer 2 (step S20). Upon receiving transfer of the command, the reader writer 2 outputs a read or write command to the IC card 3 (step 21). In this case, read or write of the area 1, area 2, and area 4 of the IC card 3 is instructed as described herein above.
As the result, if write in the area 1, area 2, or area 4 is instructed, then the control section 36 of the IC card 3 performs write processing. If read is instructed, the control section 36 of the IC card 3 performs read processing. The read data is transferred from the IC card 3 to the reader writer 2 (step S22), and transferred from the reader writer 2 to the controller 1 (step S23).
As described herein above, when a plurality of areas receives the access, cipher keys required individually are not authenticated individually. (For example, in the case of the example shown in FIG. 1, authentication processing is performed not individually on the cipher key 1, cipher key 2, and cipher key 4 (in other words, performed not three times).) Instead, one reduction key is generated from a plurality of cipher keys, and authentication processing is performed only once using this one reduction key; as a result, it is possible to perform authentication processing rapidly.
The number of bytes (length) of a reduction key is equal to that of a cipher key in this example; however, it is possible to use different number of bytes. Because a reduction key is used only for authentication, it is not necessary to restore a reduction key to a plurality of original cipher keys.
FIG. 8 shows another method for generating a reduction key. In this example, cipher keys K1 to KnKP1 to K Pn are assigned to respective providers 1 to n, and secret data D0 (not necessary secret because this data is common for the respective providers) which is contained previously are inputted to the first two-input reduction circuit 81-1, and the two-reduction circuit 81-1 enciphers the data D0 based on the cipher key K1KP1 of the provider 1. Next, the two-input reduction circuit 81-2 enciphers the output D1 from the two-input reduction circuit 81-1 based on the cipher key K2KP2 of the provider 2. Then, the same processing is performed successively by the two-input reduction circuit 81-i, the output from the final two-input reduction circuit 81-n is the final reduction key.
When a reduction key is generated as shown in FIG. 3, the provider 2 can not generate a reduction key unless the provider 2 knows the cipher key of the provider 1. Because the respective providers are independent basically, it is not preferable for security that the cipher key of a certain provided is informed to other providers.
On the other hand, the method for generating a reduction key as shown in FIG. 8 is preferable because a provider can generate a reduction key without being informed the cipher key of another provider.
FIGS. 9 to 11 show exemplary structures of a controller 1, reader writer 2, and IC card 3 of the provider 1, provider 2, and provider 4 for the case that a reduction key is generated by the method as shown in FIG. 8.
As shown in these drawings, a prescribed data (common data) D0 is stored previously in the memory 31 in addition to the cipher key K1 to cipher key K5 corresponding to the area 1 to area 5 respectively.
The cipher key K1 of this provider 1 and data D024 are stored in the memory 11 of the provider 1 (FIG. 9), the cipher key K1 of this provider 2 and data D014 are stored in the memory 11 of the provider 2 (FIG. 10), and the cipher key K4 of this provider 4 and data D012 are stored in the memory 11 of the provider 4 (FIG. 11).
These data (individual data) D024, D014, and D012 are generated by methods shown in FIGS. 12 to 14.
In FIG. 12, the provider 1 asks the provider 2 to reduce the predetermined data D0 using the cipher key K2 KP2 in the two-input reduction circuit 81-1 to generate data D02. Then, the provider 1 provides the data D02 to the provider 4, the provider 4 then reduces using the cipher key K4 KP4 in the two-input reduction circuit 81-2 to generate data D024. The provider 1 receives supply of the data D024 from the provider 4, and stores it in the memory 11.
In this case, it may be possible that the data D0 is provided first to the provider 4, the provider 4 reduces it using the cipher key K4 KP4 to generate data D04, and then the data D04 is provided to the provider 2, the provider 2 reduces it using the cipher key K2 KP2 to generate data D042, and the data D042 is stored in the memory 11. The provider 1 stores the order of reduction which indicates that the reduction is performed in what order.
As shown in FIG. 13, the provider 2 asks the provider 1 to generate data D01 which is generated by reducing data D0 using the cipher key K1 KP1. The provider 2 provides the data D01 to the provider 4, and asks the provider 4 to generate data D014 by reducing the data D01 using the cipher key K4 KP4. The data D014 is stored in the memory 11. Like the preceding case, it may be possible that the provider 2 asks reduction processing first to the provider 4, and then provides the data D04 generated using the cipher key K4 KP4 to the provider 1, the provider 1 reduces it using the cipher key K1 KP1 to generate data D41, the provider 2 obtains the data D041 and stores it in the memory 11. The provider 2 stores also the order of reduction in the memory 11.
Further, as shown in FIG. 14, the provider 4 asks the provider 1 to degenerate the data D0 using the cipher key K1 KP1, and the provider 1 generates data D01. The data D01 is provided to the provider 2, the provider 2 reduces it using the cipher key K2 KP2 to generate data D012. The provider 4 stores the data D012 in the memory 11. Like the preceding cases, it may be possible that the provider 4 asks reduction processing first to the provider 2 to degenerate the data D0 using the cipher key K2 KP2, data D02 is generated, the provider 1 reduces the data D02 using the cipher key K1 KP1 to generate data D021. The provider 4 also stores the order of reduction in the memory 11.
The respective providers can perform authentication processing as described below. For example, in the provider 1, the control section 14 controls the reduction processing section 13 as shown in FIG. 9, reads the data D024 and cipher key K1 from the memory 11 to generate a reduction key. The reduction key is transferred to the reader writer 2. Then, the number of providers (in this example, the number is three), provider numbers (in this example, provider 1, provider 2, and provider 4), and order of reduction (in this example, in the order of the provider 2, provider 4, and provider 1) are informed to the reader writer 2. The control section 24 controls the communication section 21, and informs the number of providers, provider numbers, and order of reduction transferred from the control section 14 of the controller 1 to the IC card 3.
In the IC card 3, when the communication section 33 receives these information, the control section 36 controls the reduction processing section 32 corresponding to this information. The reduction processing section 32 reads the data D0 from the memory 31, reduces the data D0 successively using a specified order and the cipher key of a specified provider number to generate a reduction key. In detail, the data D0 is reduced using the cipher key K2, and a reduction key is generated. The reduction key generated as described herein above is the same reduction key as generated by the reduction processing section 13 of the controller 1.
Accordingly, authentication processing is performed by performing processing following the step S10 as in the case described with reference to FIG. 7. The reader writer 2 of the provider 1 can take an access to the area 1, area 2, and area 4 of the memory 31 of the IC card 3.
On the other hand, in the provider 2, as shown in FIG. 10, the control section 14 controls the reduction processing section 13 to read the data D014 from the memory 11, and to regenerate it using the cipher key K2 read from also from the memory 11. The generated reduction key is transferred to the reader writer 2. Then, the number of providers (in this example, the number is three), provider numbers (in this example, provider 1, provider 2, and provider 4), and order of reduction (in this example, in the order of the provider 1, provider 4, and provider 2) are informed to the reader writer 2.
The reader writer 2 transfers this information to the IC card 3. In the IC card 3, a reduction key is generated corresponding to this information.
In detail, the reduction processing section 32 of the IC card 3 reads the data D0 from the memory 31, reduces first using the cipher key K1 to obtain data D01. The data D01 is then reduced using the cipher key K4 and data D014 is generated. The data D014 is reduced using the cipher key K2. The reduction key generated as described herein above is the same reduction key as generated by the controller 1. Therefore the reader writer 2 of the provider 2 can make an access to the area 1, area 2, and area 4 of the memory 31 of the IC card 3.
Further as shown in FIG. 11, in the provider 4, the control section 14 of the controller 1 controls the reduction processing section 13 to degenerate the data D012 stored in the memory 11 using the cipher key K4 and to generate a reduction key, and transfers it to the reader writer 2. Then, the number of providers in (in this example, the number is three), provider numbers (in this example, provider 1, provider 2, and provider 4), and order of reduction (in this example, in the order of the provider 1, provider 2, and provider 4) are informed. This information is transferred to the IC card 3. The IC card 3 performs reduction processing based on this information.
In detail, the reduction processing section 32 reads the data D0 from the memory 31, and generates data D01 using the cipher key K1. The data D01 is then reduced using the cipher key K2, and data D012 is generated. The data D012 is reduced using the cipher key K4, and the final reduction key is generated. The reduction key generated as described herein above is the same reduction key as generated by the controller 1. Therefore the reader writer 2 can make an access to the area 1, area 2, and area 4 of the memory 31 of the IC card 3.
FIG. 15 shows yet another method for reduction key generation. In this method, data Dn-1 inputted to the two-input reduction circuit 81-n which generates the final reduction key and an ID number held previously by the IC card are mathematically operated, the mathematical operation result is subjected to processing using the cipher key Kn, and a reduction key is generated. Other processes are performed as shown in FIG. 8.
FIG. 16 shows an exemplary structure of a controller 1, reader writer 2, and IC card 3 for generating a reduction key according to the method shown in FIG. 15. This figure shows the structure of the provider 4. As shown in this drawing, the memory 11 of the controller 1 stores the data D012, the cipher key K4, and the reduction order. The reader writer 2 is provided with an ID acquisition section 211 for acquiring an ID from the data received by the communication section 21. The IC card 3 stores previously an ID number specific to the IC card 3 in the memory 201 (the memory 201 may be the same memory as the memory 31).
By performing authentication processing in this way using ID number, confusion which may happen when a plurality of users having IC cards containing the same provider combination (for example, combination of the provider 1, provider 2, and provider 4) passed adjacently together a ticket gate of a certain provider can be avoided.
In detail, when a plurality of IC cards 3 passes near the reader writer 2 of a certain provider, the plurality of IC cards 3 respond respectively to the request from the reader writer 2, the reader writer 2 cannot judge, that this response is a response from which IC card, and erroneous processing is performed. However, by using the ID number, such confusion can be avoided.
For example, as shown in FIG. 17, when an IC card 3A and IC card 3B are passing near the reader writer 2, the reader writer 2 requests an ID to the IC card 3 (step S41). Not only a communication section 33 of the IC card 3A but also a communication section 33 of the IC card 3B receive the request. Upon receiving an ID request signal as described herein above, the control section 36 of the IC card 3A controls the random number generation section 35 to generate a certain random number (step S42). The control section 36 of the IC card 3A performs assignment processing of time slot corresponding to the generated random number (step S43). In detail, communication between the reader writer 2 and IC card 3 is performed by time-division multiplex operation, and the IC card 3A assigns a time slot corresponding to the generated random number out of a plurality of time slots as the time slot for communication of this IC card 3A. At the timing of the assigned time slot, the control section 36 of the IC card 3A transmits an ID number (IDA) read out from the memory 201 to the reader writer 2 through the communication section 33 (step S44).
The same processing is performed in the other IC card 3B. In detail, upon receiving an ID request signal from the reader writer 2, the control section 36 of the IC card 3B controls the random number generation section 35 to generate a random number (step S45). The control section 36 of the IC card 3B assigns the time slot corresponding to the generated random number as the time slot of this IC card 3B (step S46). An ID number (IDB) stored in the memory 201 is read out, and transferred to the reader writer 2 at the timing corresponding to the assigned time slot (step S47).
When the communication section 21 receives the ID number transmitted from the IC cards 3A and 3B, the reader writer 2 supplies it to the ID acquirement section 211 for storage. The control section 24 controls the random number generation section 23 to generate a random number r1 (step S48). Further, the control section 24 selects the ID which is acquired, for example, first out of acquired ID's (step S48). The control section receives supply of data D01, cipher key K4, and reduction order, and generates a reduction key corresponding this information.
First, the control section 24 performs a prescribed mathematical operation on the selected ID (for example, IDA of the IC card 3), namely data D012. The mathematical operation may be addition or mathematical operation of exclusive OR. The control section 24 reduces the mathematical operation result using the cipher key K4 to generate a reduction key.
Further, the number of providers, provider numbers, reduction order, and random number r1 are transmitted to the IC card 3 (step S50). The information is received by both the IC card 3A and IC card 3B. Upon receiving the information, the IC card 3B reduces the data D0 using the cipher key K1 according to the specified order and obtains data D0, the data D01 is reduced using the cipher key K2 and data D012 is obtained (step S51). The IDB is read out from the memory 201, and the result obtained by mathematical operation of the IDB and data D012 is reduced using the cipher key K4.
The encipherment section 34 deciphers the enciphered random number r1 using the reduction key generated as described above. However, because the random number r1 was enciphered using the reduction key generated using the IDA, the random number r1 cannot be deciphered using the reduction key generated using the IDB. Therefore the IC card 3B does not respond to transmission from the reader writer 2 hereafter.
On the other hand, in the IC card 3A, the control section 36 generates a reduction key corresponding to the information transmitted from the reader writer 2 (step S52). In detail, the reduction processing section 32 of the IC card 3A reduces data D0 read out from the memory 31 first using the cipher key K1 read out from the area 1 according to the specified reduction order to generate data D01. The data D01 is reduced using the cipher key K2 read out from the area 2, and data D012 is generated. The data D012 and ID number (IDA) read out from the memory 210 are subjected together to the prescribed mathematical operation, and the mathematical operation result is reduced using the cipher key K4 read out from the area 4 to generate a reduction key. The reduction key generated as described above is the same reduction key as generated by the reader writer 2 in the step S49.
Accordingly, by performing the processing of the step S53 to step S59 which are corresponding to the step S10 to step S17 in FIG. 7 hereafter, authentication processing is performed. The processing is the same processing as described with reference to FIG. 7, and the description is omitted.
FIG. 18 shows a method for changing a cipher key. For example, when the provider 1 wants to change the cipher key K1, a prescribed random number e1 is generated, and used as a new key K1′. When the cipher key of the provider itself is changed as described above, the provider 1 can change desirably by itself the cipher key K1 stored in the area 1 of the memory 31 of the IC card 3 of the user who uses the reader writer 2 of the provider 1. However, it is required that the cipher key K1 of the IC card 3 of a user who uses the reader writer 2 of other provider 2 or provider 4 must be changed. In this case, the provider 1 can change the cipher key K1 to the new cipher key K1′ without notifying the new cipher key K1′ to other provider 2 or provider 4.
In this case, the provider 1 generates data and first by mathematical operation of the following equations:
C1=E(e1, K1)
C2=E(e2, K1)
Herein, E(A, B) means encipherment of the data A using the key B. A method of encipherment such as DES or FEAL may be used.
e2 is a value which satisfies the following equation:
e1+e2=F
The value F is a predetermined value, which other provider 2 and provider 4 know the value as a value which is to be used when they change their cipher keys, and is previously stored in the memory 31 of the IC card 3.
When the provider 1 generates the data C1 and C2 as described above, the provider 1 informs this value to other providers together with the key number (in this case, the key number 1) assigned to the cipher key K1 of the provider 1. Each respective provider changes, using these data, the key K1 in the memory 31 of the IC card 3 which uses its reader writer 2 by the way as described below. This change processing is described below with an example for the provider 4.
In detail, the reader writer 2 of the provider 4 transmits the data C1 and C2 to the IC card 3. The encipherment section 34 of the IC card 3 calculates e1 and e2 by performing mathematical operation of the following equations:
e1=D(C1, K1)
e2=D(C2, K1)
Herein, D(A, B) means encipherment of the data A using the key B.
Accordingly, the IC card 3 can obtain the data e1 and e2 by deciphering the data C1 and C2 using the key K1 stored in the memory 31.
The control section 36 adds e1 and e2 obtained as described above, and judges whether the addition result is equal to the prescribed value F stored previously in the memory 31. If the result is YES, then the data e1 obtained by deciphering the data C1 is registered as a new key K1′ which will be used instead of the key K1.
On the other hand, if the sum of e1 and e2 is not equal to F, change processing is not performed because the change request is regarded improper.
For example, if a malicious provider wants to alter the cipher key K1 of the provider 1, it and mathematically operates the following equation to obtain e1′ and e2′:
e1′=D(C1′, K1)
e2′=D(C2′, K1)
C1′ and C2′ are values which the malicious provider sets fittingly.
However, if e1′ and e2′ generated as described herein above are added, the addition result is generally not equal to the value F. It takes a long time to find a combination of e1′ and e2′ which results in the value equal to F, and it is substantially very difficult. Therefore the alteration of a cipher key by a third party is prevented.
The provider 2 also performs the same processing to change the cipher key K1 in the memory 31 of the IC card which uses the reader writer 2 of the provider 2.
When the cipher key K1 of the provider 1 is changed as described herein above, the provider 1, provider 2, and provider 4 perform again the same processing as described with reference to FIGS. 12 to 14 to change data D024, D014, and D012 to be stored respectively.
FIG. 19 shows another method of authentication processing. A reader writer 2 shown in FIG. 2 represents the reader writer of the provider 4.
In this example, the control section 24 generates a reduction key Ks using the cipher key K4 and data D012 stored in the memory 11. The control section 24, for example, synthesizes an even number bit and odd number bit of the cipher key K4 to generate the first reduction key K4s1, and synthesizes an odd number bit and even number bit of the cipher key K4 to generate the second reduction key K4s2.
The first reduction key K4s1 is inputted to the encipherment section 22A of the encipherment section 22, and is used to encipher a random number generated by the random number generation section 23. The enciphered random number is transmitted to the IC card 3. When, as in the case described herein above, information required to generate a reduction key is transmitted simultaneously to the IC card 3.
The IC card 3 reads out the data D0 from the memory 31 using this information, and generates a reduction key Ks by applying cipher keys K1, K2, and K4 successively. The reduction key Ks has the same value as the reduction key Ks generated by the reader writer 2.
The control section 36 generates the first reduction key K4s1 and second reduction key K4s2 by performing the same processing as the reader writer 2.
The decipherment section 34B of the encipherment section 34 deciphers the enciphered random number transmitted from the reader writer 2, and transmits the deciphered random number to the encipherment section 34A. The encipherment section 34A enciphers it using the second reduction key K4s2 and transmits it to the reader writer 2.
The decipherment section 22B of the encipherment section 22 in the reader writer 2 deciphers the enciphered random number transmitted from the IC card 3. The deciphered result is transmitted to the control section 24.
The random number deciphered as described above is equal to the same random number as generated by the random number generation section 23 if the IC card is proper. Accordingly, by judging whether the received random number is equal to the generated random number, authentication processing is performed.

Claims (60)

1. An authentication system for performing authentication processing between a first device and a second device, said first device comprising:
first memory means for storing a plurality of data areas and a first plurality of keys, wherein each of said first plurality of keys indicates access to a corresponding one of said plurality of data areas;
first generation means for generating a first single authentication key from two or more of the first plurality of keys stored in said first memory means, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas; and
first communication means for communicating said first single authentication key with said second device, and
said second device comprising:
second memory means for storing a second plurality of keys equivalent to said first plurality of keys;
second generation means for generating a second single authentication key from two or more of the second plurality of keys stored in said second memory means; and
second communication means for communicating said second single authentication key with said first device,
wherein one of said first device and said second device further comprises encipherment means for enciphering information using a corresponding one of said first single authentication key and said second single authentication key, and
wherein another of said first device and said second device further comprises decipherment means for deciphering said information enciphered by said encipherment means using another corresponding one of said first single authentication key and said second single authentication key.
2. An authentication system according to claim 1, wherein:
said one of said first device and said second device further comprises notification means for notifying, to said another of said first device and said second device, information required to generate said corresponding one of said first single authentication key and said second single authentication key, and
said another of said first device and said second device generates said another corresponding one of said first single authentication key and said second single authentication key corresponding to the information notified by said notification means.
3. An authentication system according to claim 1, wherein:
at least one of said first device and said second device further comprises a random number generation means for generating a random number,
said encipherment means enciphers said random number generated by said random number generation means, and
said decipherment means deciphers said random number enciphered by said encipherment means.
4. An authentication method for performing authentication processing between a first device and a second device, the method in said first device comprising:
a first memory step of storing a plurality of data areas and a first plurality of keys, wherein each of said first plurality of keys indicates access to a corresponding one of said plurality of data areas;
a first generation step of generating a first single authentication key from two or more of the first plurality of keys stored in said first memory means, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas; and
a first communication step of communicating said first single authentication key with said second device, and
the method in said second device comprising:
a second memory step of storing a second plurality of keys equivalent to said first plurality of keys;
second generation step of generating a second single authentication key from two or more of the second plurality of keys stored in said second memory step; and
a second communication step of communicating said second single authentication key with said first device,
wherein one of said first device and said second device further performs processing in an encipherment step of enciphering information using a corresponding one of said first single authentication key and said second single authentication key, and
wherein another of said first device and said second device further performs processing in a decipherment step of deciphering said information enciphered in said encipherment step using another corresponding one of said first single authentication key and said second single authentication key.
5. An authentication device for performing authentication processing with another device, said authentication device comprising:
communication means for communicating a first single authentication key with said another device;
memory means for storing a first plurality of keys;
generation means for generating said first single authentication key from two or more of said first plurality of keys stored in said memory means;
notification means for notifying, to said another device, information required to generate a second single authentication key from two or more of a second plurality of keys stored in said another device and data to be enciphered using said second single authentication key, wherein said second plurality of keys is equivalent to said first plurality of keys; and
decipherment means for decoding the enciphered data using said first single authentication key.
6. An authentication device according to claim 5, wherein said notification means notifies a random number as said data to be enciphered.
7. An authentication method for performing authentication processing between an authentication device and another device, comprising:
a communication step of communicating a first single authentication key with said another device;
a memory step of storing a first plurality of keys;
a generation step of generating said first single authentication key from two or more of said first plurality of keys stored in said memory step;
a notification step of notifying, to said another device, information required to generate a second single authentication key from two or more of a second plurality of keys stored in said another device and data to be enciphered using second single authentication key, wherein said second plurality of keys is equivalent to said first plurality of keys; and
a decipherment step of deciphering the enciphered data using said first single authentication key.
8. An authentication device for performing authentication processing with another device, said authentication device comprising:
communication means for communicating a single authentication key with said another device;
memory means for storing a plurality of data areas and a plurality of keys, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
generation means for generating said single authentication key from two or more of the plurality of keys stored in said memory means based on information notified by said another device, wherein said single authentication key indicates access to two or more corresponding of said plurality of data areas; and
an encipherment means for enciphering the information notified by said another device using said single authentication key.
9. An authentication method for performing authentication processing between an authentication device and another device, comprising:
a communication step of communicating a single authentication key with said another device;
a memory step of storing a first plurality of data areas and a plurality of keys, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
a generation step of generating said single authentication key from two or more of the plurality of keys stored in said memory step based on information notified by said another device, wherein said single authentication key indicates access to two or more corresponding of said plurality of data areas; and
an encipherment step of enciphering the information notified by said another device using said single authentication key.
10. An authentication system for performing authentication processing between a first device and a second device, said first device comprising:
first memory means for storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
first generation means for generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
first notification means for notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key; and
first communication means for communicating said first single authentication key with said second device, and
said second device comprising:
second memory means for storing a plurality of data areas, said second plurality of keys and a second common data equivalent to said first common data, wherein each of said second plurality of keys indicates access to a corresponding one of said plurality of data areas;
second generation means for generating said second single authentication key from the notified information, two or more of said second plurality of keys, and said common data; and
second communication means for communicating said second single authentication key with said first device; and
wherein one of said first device and said second device further comprises encipherment means for enciphering data using a corresponding one of said first single authentication key and said second single authentication key, and
wherein another of said first device and said second device further comprises decipherment means for deciphering the data enciphered by said encipherment means using another corresponding one of said first single authentication key and said second single authentication key.
11. An authentication system according to claim 10, wherein:
said another of said first device and said second device further comprises second encipherment means for enciphering second data using said another corresponding one of said first single authentication key and said second single authentication key;
said one of said first device and said second device further comprises second decipherment means for deciphering the enciphered second data using said corresponding one of said first single authentication key and said second single authentication key;
said first device further comprises random number generation means for generating a random number;
said encipherment means enciphers said random number using said corresponding one of said first single authentication key and said second single authentication key;
said decipherment means deciphers the enciphered random number using said another corresponding one of said first single authentication key and said second single authentication key;
said second encipherment means enciphers the deciphered random number using said another corresponding one of said first single authentication key and said second single authentication key; and
said second decipherment means deciphers the enciphered deciphered random number using said corresponding one of said first single authentication key and said second single authentication key.
12. An authentication system according to claim 10, wherein:
the one of said first device and said second device receives from the another device of said first device and said second device a device identification number specific to the another device of said first device and said second device,
the another of said first device and said second device stores said device identification number in a corresponding one of said first memory means and said second memory means, and
said first generation means and said second generation means use said device identification number for generating a respective one of said first single authentication key and said second single authentication key.
13. An authentication system according to claim 10, wherein:
said first memory means further stores a first verification value;
said second memory means further stores a second verification value having a value equivalent to said first verification value;
said first generation means further generates a replacement key and a verification key, wherein said replacement key corresponds to one of said first plurality of keys that is to be replaced, and wherein said replacement key, said verification key and said first verification value are related;
said first device further comprises said encipherment means, wherein said encipherment means further enciphers first data and second data using said one of said first plurality of keys that is to be replaced, wherein said first data corresponds to said replacement key and said second data corresponds to said verification key;
said first communication means further communicates the enciphered first data and the enciphered second data with said second device;
said second device further comprises said decipherment means, wherein said decipherment means further deciphers the enciphered first data and the enciphered second data using a corresponding one of said second plurality of keys and in accordance therewith generates a deciphered replacement key and a deciphered verification key; and
said second device further comprises control means for verifying that said deciphered replacement key, said deciphered verification key, and said second verification value are related, and in accordance therewith replacing said corresponding one of said second plurality of keys with said deciphered replacement key.
14. An authentication method for performing authentication processing between a first device and a second device, the method in said first device comprising:
a first memory step of storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
a first generation step generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
a first information step of notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key; and
a first communication step of communicating said first single authentication key with said second device; and
the method in said second device comprising:
a second memory step of storing a plurality of data areas, said second plurality of keys and a second common data equivalent to said first common data, wherein each of said second plurality of keys indicates access to a corresponding one of said plurality of data areas;
a second generation step of generating said second single authentication key from the notified information, two or more of said second plurality of keys, and said common data; and
a second communication step of communicating said second single authentication key with said first device, and
wherein one of said first device and said second device further performs an encipherment step of enciphering data using a corresponding one of said first single authentication key and said second single authentication key, and
wherein another of said first device and said second device further performs a decipherment step of deciphering the data enciphered in said encipherment step using another corresponding one of said first single authentication key and said second single authentication key.
15. An authentication device for performing authentication processing with a second device comprising:
memory means for storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
generation means for generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
notification means for notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key;
communication means for communicating said first single authentication key with said second device; and
encipherment means for enciphering data using said first single authentication key.
16. An authentication device according to claim 15, wherein said generation means uses a device identification number specific to said second device for generating said first single authentication key.
17. An authentication device according to claim 15, wherein:
said memory means further stores a first verification value;
said generation means further generates a replacement key and a verification key, wherein said replacement key corresponds to one of said first plurality of keys that is to be replaced, and wherein said replacement key, said verification key and said first verification value are related;
said encipherment means further enciphers first data and second data using said one of said first plurality of keys that is to be replaced, wherein said first data corresponds to said replacement key and said second data corresponds to said verification key; and
said communication means further communicates the enciphered first data and the enciphered second data with said second device.
18. An authentication method for performing authentication processing with a second device, the method comprising:
a memory step of storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
a generation step of generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
a notification step of notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key;
a communication step of communicating said first single authentication key with said second device; and
an encipherment step of enciphering data using said first single authentication key.
19. An authentication device for performing authentication processing with a second device, said authentication device comprising:
memory means for storing a plurality of data areas, a plurality of keys and common data, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
generation means for generating a first single authentication key from two or more of the plurality of keys and said common data, in accordance with information received from said second device, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas;
communication means for communicating said first single authentication key with said second device; and
decipherment means for deciphering data using said first single authentication key, wherein said data was enciphered by said second device.
20. An authentication device according to claim 19, wherein said generation means uses a device identification number specific to said authentication device in addition to the information received from said second device.
21. An authentication device according to claim 19, wherein:
said memory means further stores a verification value;
said decipherment means further deciphers an enciphered first data and an enciphered second data received from said second device using a corresponding one of said plurality of keys and said common data, and in accordance therewith generates a deciphered replacement key and a deciphered verification key; and
said authentication device further comprises control means for verifying that said deciphered replacement key, said deciphered verification key, and said verification value are related, and in accordance therewith replacing said corresponding one of said plurality of keys with said deciphered replacement key.
22. An authentication method for performing authentication processing with a second device, the method comprising:
a memory step of storing a plurality of data areas, a plurality of keys and common data, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
a generation step of generating a first single authentication key from two or more of the plurality of keys and said common data, in accordance with information received from said second device, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas;
a communication step of communicating said first single authentication key with said second device; and
a decipherment step of deciphering data using said first single authentication key, wherein said data was enciphered by said second device.
23. An authentication system for performing authentication processing between a first device and a second device,
said first device comprising:
a first memory means for storing a plurality of data areas and a first plurality of keys, each of said data areas being accessible by a corresponding one of said first plurality of keys;
a first generation means for generating a first single authentication key from at least two of the first plurality of keys stored in said first memory means; and
a first communication means for communicating with said second device by notifying a first message generated via said first single authentication key; and
said second device comprising:
a second memory means for storing a second plurality of keys equivalent to said first plurality of keys;
a second generation means for generating a second single authentication key from at least two of the second plurality of keys stored in said second memory means; and
a second communication means for communicating with said first device by notifying a second message generated via said second single authentication key;
wherein one of said first and second devices further comprises an encipherment means for enciphering data using a corresponding one of said first single authentication key and said second single authentication key, and the other of said first and second devices further comprises a decipherment means for deciphering said data enciphered by said encipherment means using the other corresponding one of said first single authentication key and said second single authentication key.
24. An authentication system according to claim 23, wherein said one of said first and second communication means notifies information required to generate said corresponding one of said first single authentication key and said second single authentication key to the other of said first and second communication means, and the other of said first and second devices generates said corresponding one of said first single authentication key and said second single authentication key corresponding to the information notified.
25. An authentication system according to claim 23, wherein at least one of said first device and said second device further comprises a random number generation means for generating a random number, said encipherment means enciphering said random number generated by said random number generation means, and said decipherment means deciphering said random number enciphered by said encipherment means.
26. An authentication system according to claim 23, wherein said first message is an enciphered random number generated via said first single authentication key, and said second message is an enciphered random number generated via said second single authentication key.
27. An authentication system according to claim 24, wherein said information includes an order using at least two of said plurality of keys corresponding to one of said first single authentication key and said second single authentication key.
28. An authentication method for performing authentication processing between a first device storing a first plurality of keys and a second device storing a second plurality of keys equivalent to the first plurality of keys and a plurality of data areas, wherein each of said data areas is accessible by a corresponding one of the first plurality of keys, the method comprising the steps of:
generating a first single authentication key from at least two of the first plurality of keys stored in a first memory of said first device;
sending a command to said second device, said command including a first random number and information;
receiving said command from said first device;
generating a second single authentication key from at least two of the second plurality of keys stored in a second memory of said second device based on said information;
enciphering said first random number using said second single authentication key in said second device to generate a second random number;
generating a third random number in said second device;
sending said enciphered second random number and said third random number to said first device;
deciphering said enciphered second random number using said first single authentication key; and
comparing said deciphered second random number and said first random number.
29. An authentication method according to claim 28, the method further comprising the steps of:
enciphering said third random number using said first single authentication key in said first device to generate a fourth random number;
sending a command to said second device, said command including said fourth random number and information;
deciphering said fourth random number using said second single authentication key in said second device; and
comparing said deciphered fourth random number and said third random number.
30. An authentication method according to claim 28, wherein said information is an order of reduction of said second plurality of keys to generate said second single authentication key.
31. An authentication method for performing processing between a first device storing a first plurality of keys and a second device storing a second plurality of keys equivalent to the first plurality of keys and a plurality of data areas, wherein each of said data areas is accessible by a corresponding one of the first plurality of keys, the method comprising the steps of:
generating a first single authentication key from at least two of a first plurality of keys stored in a first memory of said first device;
generating a first random number in said first device;
enciphering said first random number by using said first single authentication key;
sending a first command to said second device, said first command including said enciphered first random number and information;
generating a second single authentication key from at least two of a second plurality of keys stored in a second memory of said second device based on said information;
deciphering said enciphered first random number by using said second single authentication key;
enciphering said deciphered first random number by using said second single authentication key in said second device to generate a first response to said first command;
receiving a first response from said second device;
deciphering said first response by using said first single authentication key in said first device; and
comparing said deciphered first response and said first random number.
32. An authentication method according to claim 31, further comprising the steps of:
generating a second random number in said second device;
enciphering said second random number to generate a second response in said second device;
receiving said second response from said second device;
deciphering said second response by using said first single authentication key;
enciphering said deciphered second response by using said first single authentication key to generate a second command in said first device;
sending said second command to said second device;
deciphering said second command in said second device; and
comparing said deciphered second command and said second random number.
33. An authentication device for performing authentication processing with another device, said authentication device comprising:
a memory means for storing a first plurality of prescribed data, each of said first plurality of prescribed data being a first cipher key which indicates access to a corresponding data area in said another device;
a generation means for generating a first random number;
a generation means for generating a first single authentication key from at least two of said first plurality of prescribed data;
an encipherment means for enciphering said first random number using said first single authentication key and for deciphering enciphered data sent from said another device using said first single authentication key, said enciphered data being enciphered using a second single authentication key transmitted from said authentication device to generate said second single authentication key from at least two of a second plurality of prescribed data stored in said another device; and
a communication means for communicating with said another device.
34. An authentication device according to claim 33, wherein each of said second plurality of prescribed data is a second cipher key equivalent to a first plurality of keys.
35. An authentication device according to claim 33, wherein said first plurality of prescribed data includes individual data and a cipher key assigned to said authentication device, said individual data being generated by data combined with at least two cipher keys assigned to other providers.
36. An authentication device according to claim 34, wherein said second plurality of prescribed data includes data and a plurality of cipher keys, each of said plurality of cipher keys indicating access to a corresponding one data area.
37. An authentication device according to claim 35, wherein said encipherment means deciphers an enciphered second random number using said first single authentication key, and said enciphered second random number is enciphered using said second single authentication key.
38. An authentication device according to claim 33, wherein said communication means notifies information required to generate said second singe authentication key.
39. An authentication device according to claim 38, wherein said information is an order using said at least two of a second plurality of prescribed data.
40. An authentication device according to claim 33, wherein said first single authentication key is generated using an identification number specific to said another device by receiving said identification number from said another device.
41. An authentication device according to claim 33, wherein said another device is an IC card.
42. An authentication device for performing authentication processing with another device, comprising:
a memory means for storing a first plurality of prescribed data including a first plurality of keys, each of which indicates access to a corresponding area;
a generating means for generating a first single authentication key from at least two of said first plurality of keys based on information notified from said another device; and
an encipherment means for enciphering a message to said another device using said first single authentication key.
43. An authentication device according to claim 42, wherein said first plurality of prescribed data includes common data.
44. An authentication device according to claim 43, wherein said encipherment means deciphers a message sent from said another device.
45. An authentication device according to claim 43, wherein said message is a random number.
46. A method for performing authentication processing via an authentication device, said processing occurring with another device, the method comprising the steps of:
storing a first plurality of prescribed data in a memory means of the authentication device each of said first plurality of prescribed data being a first cipher key which indicates access to a corresponding data area in said another device;
generating a first random number via a generation means of said authentication device;
generating a first single authentication key from at least two of said first plurality of prescribed data via a further generation means of the authentication device;
enciphering said first random number, via an encipherment means of said authentication device, using said first single authentication key, and deciphering an enciphered data sent from said another device using said first single authentication key, said enciphered data being enciphered using a second single authentication key transmitted from said authentication device to generate said second single authentication key from at least two of a second plurality of prescribed data stored in said another device; and
communicating with said another device via a communication means.
47. A method for performing authentication processing according to claim 46, wherein each of said second plurality of prescribed data is a second cipher key equivalent to a first plurality of keys.
48. A method for performing authentication processing according to claim 46, wherein said first plurality of prescribed data includes individual data and a cipher key assigned to said authentication device, said individual data being generated by data combined with at least two of said cipher keys assigned to other providers.
49. A method for performing authentication processing according to claim 47, wherein said second plurality of prescribed data includes data and a plurality of cipher keys, each of said plurality of cipher keys indicating access to a corresponding single area.
50. A method for performing authentication processing according to claim 48, wherein said encipherment means deciphers an enciphered second random number using said first single authentication key, and said enciphered second random number is enciphered using said second single authentication key.
51. A method for performing authentication processing according to claim 46, wherein said communication means notifies information required to generate said second single authentication key.
52. A method for performing authentication processing according to claim 51, wherein said information is an order using said at least two of said second plurality of prescribed data.
53. A method for performing authentication processing according to claim 46, wherein said first single authentication key is generated using an identification number specific to said another device by receiving said identification number from said another device.
54. A method for performing authentication processing according to claim 46, wherein said another device is an IC card.
55. A method for performing authentication processing via an authentication device, said processing being performed with another device, the method comprising the steps of:
storing a first plurality of prescribed data in a memory means of said authentication device, said first plurality of prescribed data including a first plurality of keys, each of which indicates access to a corresponding area;
generating a first single authentication key, via a generation means of said authentication device, from at least two of said first plurality of keys based on information notified from another device; and
enciphering a message to said another device, via a encipherment means of said authentication device, using said first single authentication key.
56. A method for performing authentication processing according to claim 55, wherein said first plurality of prescribed data includes common data.
57. A method for performing authentication processing according to claim 56, wherein said encipherment means deciphers a message sent from said another device.
58. A method for performing authentication processing according to claim 56, wherein said message is a random number.
59. A method for generating an authentication key for authenticating a plurality of data areas stored in a device, wherein each of the data areas is accessible by a cipher key, the method comprising the steps of:
providing common data;
generating a first reduction key by combining said common data with a first cipher key for access to a first data area;
generating a second reduction key by combining said first reduction key with a second cipher key for access to a second data area; and
generating an authentication key by combining said second reduction key with a key assigned to an authentication device that authenticates said first and second data areas in said device.
60. A method for replacing a first key of a plurality of keys stored in a memory of a multi-application device for providing a plurality of services with a second key, wherein each of the services is provided by using at least one data area of the multi-application device, and said data area is accessible by a corresponding one of the plurality of keys, the method comprising the steps of:
receiving first and second data with an identification number which indicates a first key to be replaced, said first data being generated by enciphering a second key using said first key, and said second data being generated by enciphering a third key which has a relationship to the second key using said first key;
deciphering said first and second data using said first key;
determining whether said deciphered second data has the relationship to said third key; and
replacing said first key with said second key in accordance with the result of the determining step.
US10/138,355 1997-03-26 2002-05-02 System and method for authentication, and device and method for authentication Expired - Lifetime USRE39622E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/138,355 USRE39622E1 (en) 1997-03-26 2002-05-02 System and method for authentication, and device and method for authentication

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP7320597 1997-03-26
JP11088997A JP4268690B2 (en) 1997-03-26 1997-04-28 Authentication system and method, and authentication method
US09/046,249 US6058477A (en) 1997-03-26 1998-03-23 System and method for authentication, and device and method for authentication
US10/138,355 USRE39622E1 (en) 1997-03-26 2002-05-02 System and method for authentication, and device and method for authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/046,249 Reissue US6058477A (en) 1997-03-26 1998-03-23 System and method for authentication, and device and method for authentication

Publications (1)

Publication Number Publication Date
USRE39622E1 true USRE39622E1 (en) 2007-05-08

Family

ID=26414357

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/046,249 Ceased US6058477A (en) 1997-03-26 1998-03-23 System and method for authentication, and device and method for authentication
US10/138,355 Expired - Lifetime USRE39622E1 (en) 1997-03-26 2002-05-02 System and method for authentication, and device and method for authentication

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/046,249 Ceased US6058477A (en) 1997-03-26 1998-03-23 System and method for authentication, and device and method for authentication

Country Status (7)

Country Link
US (2) US6058477A (en)
EP (2) EP0867843B1 (en)
JP (1) JP4268690B2 (en)
KR (1) KR100506559B1 (en)
DE (1) DE69821159T2 (en)
MY (1) MY114941A (en)
TW (1) TW423242B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050246546A1 (en) * 2003-07-16 2005-11-03 Yoshihiko Takagi Access method
US20060155992A1 (en) * 2002-09-19 2006-07-13 Sony Corporation Data processing method, its program and its device
US20080059797A1 (en) * 2005-03-03 2008-03-06 Felica Networks, Inc. Data Communication System, Agent System Server, Computer Program, and Data Communication Method
US20100180118A1 (en) * 2008-10-14 2010-07-15 Yasumasa Nakatsugawa Information Processing Apparatus, Method for Switching Cipher and Program
US20130007452A1 (en) * 2006-05-09 2013-01-03 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US9258283B2 (en) 2012-01-25 2016-02-09 Panasonic Intellectual Property Management Co., Ltd. Key management system, key management method, and communication device

Families Citing this family (114)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19840742B4 (en) * 1998-09-07 2006-04-20 T-Mobile Deutschland Gmbh Method for increasing the security of authentication methods in digital mobile radio systems
JP4206529B2 (en) * 1998-09-17 2009-01-14 ソニー株式会社 Content management method and content storage system
JP2000231608A (en) * 1999-02-10 2000-08-22 Hitachi Ltd Mobile object identification device and ic card
KR100302368B1 (en) * 1999-02-13 2001-09-26 이계철 The selective user authentication method for International Mobile Telecommunication-2000 service
JP4204133B2 (en) 1999-02-26 2009-01-07 ローム株式会社 Communications system
US6349338B1 (en) * 1999-03-02 2002-02-19 International Business Machines Corporation Trust negotiation in a client/server data processing network using automatic incremental credential disclosure
TW518497B (en) * 1999-03-30 2003-01-21 Sony Corp Information processing system
FR2796175B1 (en) * 1999-07-09 2001-08-31 Sagem METHOD FOR PRESERVING DATA INTEGRITY SOFTWARE FOR IMPLEMENTING SENSITIVE CONFIDENTIAL DATA AND SUPPORT CARD FOR SUCH DATA
JP4731000B2 (en) * 1999-08-20 2011-07-20 パナソニック株式会社 Data reproducing apparatus and data reproducing method
US7239226B2 (en) * 2001-07-10 2007-07-03 American Express Travel Related Services Company, Inc. System and method for payment using radio frequency identification in contact and contactless transactions
JP2001175468A (en) * 1999-12-20 2001-06-29 Sony Corp Method and device for controlling use of software
WO2001047789A1 (en) * 1999-12-28 2001-07-05 Matsushita Electric Industrial Co., Ltd. Information recording medium, noncontact ic tag, access device, access system, life cycle management system, input/output method, and access method
JP4501197B2 (en) * 2000-01-07 2010-07-14 ソニー株式会社 Information portable processing system, information portable device access device and information portable device
EP1267515A3 (en) 2000-01-21 2004-04-07 Sony Computer Entertainment Inc. Method and apparatus for symmetric encryption/decryption of recorded data
TW514844B (en) * 2000-01-26 2002-12-21 Sony Corp Data processing system, storage device, data processing method and program providing media
FR2807245B1 (en) * 2000-03-30 2002-05-24 France Telecom METHOD FOR PROTECTING A CHIP FROM FRAUD
US6920559B1 (en) * 2000-04-28 2005-07-19 3Com Corporation Using a key lease in a secondary authentication protocol after a primary authentication protocol has been performed
US7480939B1 (en) * 2000-04-28 2009-01-20 3Com Corporation Enhancement to authentication protocol that uses a key lease
SE0002416L (en) * 2000-06-27 2001-12-28 Tds Todos Data System Ab Method and apparatus for communication
JP4501241B2 (en) * 2000-07-10 2010-07-14 ソニー株式会社 IC card and IC card data communication method
JP4403649B2 (en) * 2000-09-11 2010-01-27 ソニー株式会社 Authentication system, authentication method, and IC card
SG154320A1 (en) 2001-02-16 2009-08-28 Sony Corp Data processing method and its apparatus
JP2002244756A (en) * 2001-02-19 2002-08-30 Sony Corp Data processing method, semiconductor circuit, and certification device
JP2002281009A (en) * 2001-03-15 2002-09-27 Sony Corp Mutual authentication system, and its method, memory mounted device, memory access equipment and program storage medium
FI114953B (en) * 2001-09-28 2005-01-31 Nokia Corp The method of identifying the user on the terminal, the identification system, the terminal and the authentication device
JP2003157332A (en) * 2001-11-21 2003-05-30 Oki Electric Ind Co Ltd Personal identification device, personal identification system, card issuing device and card issuing system
US7085386B2 (en) * 2001-12-07 2006-08-01 Activcard System and method for secure replacement of high level cryptographic keys in a personal security device
PL374305A1 (en) * 2001-12-28 2005-10-03 Jeffrey James Jonas Real time data warehousing
US20030152231A1 (en) * 2002-02-07 2003-08-14 Minolta Co., Ltd. Verification system, server, and electronic instrument
US7162644B1 (en) 2002-03-29 2007-01-09 Xilinx, Inc. Methods and circuits for protecting proprietary configuration data for programmable logic devices
KR20040028939A (en) * 2002-07-09 2004-04-03 아메리칸 익스프레스 트레블 릴레이티드 서비스즈 컴퍼니, 아이엔씨. System and method for incenting payment using radio frequency identification in contact and contactless transactions
WO2004010584A2 (en) * 2002-07-24 2004-01-29 Congruence Llc. Code for object identification
KR20040013982A (en) * 2002-08-09 2004-02-14 이훈재 A lock using an encryption algorithm
JP2004112510A (en) * 2002-09-19 2004-04-08 Sony Corp Data processing apparatus, program thereof, and apparatus thereof
US7900052B2 (en) * 2002-11-06 2011-03-01 International Business Machines Corporation Confidential data sharing and anonymous entity resolution
US8620937B2 (en) * 2002-12-27 2013-12-31 International Business Machines Corporation Real time data warehousing
JP2006512864A (en) 2002-12-31 2006-04-13 インターナショナル・ビジネス・マシーンズ・コーポレーション Allowed anonymous authentication
US7200602B2 (en) * 2003-02-07 2007-04-03 International Business Machines Corporation Data set comparison and net change processing
US7962757B2 (en) 2003-03-24 2011-06-14 International Business Machines Corporation Secure coordinate identification method, system and program
US20090267747A1 (en) * 2003-03-31 2009-10-29 Rivest Ronald L Security and Data Collision Systems and Related Techniques for Use With Radio Frequency Identification Systems
FR2858145A1 (en) * 2003-07-24 2005-01-28 France Telecom User authentication method for IP transport network, involves calculating authentication data of user close to near service providers, inserting identification and authentication data in request, and transmitting them to access controller
JP4608857B2 (en) * 2003-08-06 2011-01-12 株式会社デンソー Connection confirmation information management system
US7281103B2 (en) * 2003-10-01 2007-10-09 Kabushiki Kaisha Toshiba Microcomputer with a security function for accessing a program storage memory
US9191215B2 (en) * 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
JP2005260614A (en) * 2004-03-12 2005-09-22 Dainippon Printing Co Ltd Encryption device
JP4646050B2 (en) 2004-05-06 2011-03-09 大日本印刷株式会社 Method to issue IC card and perform encryption / decryption
JP4582619B2 (en) * 2004-05-06 2010-11-17 大日本印刷株式会社 IC card for encryption or decryption processing, and encryption communication system and encryption communication method using the same
JP4599899B2 (en) * 2004-06-14 2010-12-15 ソニー株式会社 Information management apparatus and information management method
JP2006101213A (en) * 2004-09-29 2006-04-13 Sony Corp Information processing apparatus and method therefor, program, and recording medium
JP4516394B2 (en) * 2004-09-30 2010-08-04 フェリカネットワークス株式会社 Information management apparatus and method, and program
JP3810425B2 (en) 2004-12-16 2006-08-16 松下電器産業株式会社 Falsification detection data generation method, and falsification detection method and apparatus
JP4864456B2 (en) * 2004-12-16 2012-02-01 パナソニック株式会社 Data generation method for falsification detection
EP1836543A1 (en) * 2004-12-22 2007-09-26 Telecom Italia S.p.A. Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
KR100839177B1 (en) * 2005-01-21 2008-06-23 김월영 Locking apparatus for using cipher algorithm
JP2006268614A (en) * 2005-03-25 2006-10-05 Sony Corp System, apparatus and method for processing information, program, and recording medium
JP4403512B2 (en) * 2005-03-29 2010-01-27 ソニー株式会社 Information processing system, information processing apparatus and method, program, and recording medium
JP2006323498A (en) * 2005-05-17 2006-11-30 Sony Corp Management system, management method, information processor, and information processing method
JP2006350993A (en) * 2005-05-17 2006-12-28 Sony Corp Selling device, selling method, and program
JP4768327B2 (en) * 2005-06-13 2011-09-07 フェリカネットワークス株式会社 Authentication system, information processing apparatus, information processing method, and computer program
JP4524647B2 (en) * 2005-06-14 2010-08-18 ソニー株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM
JP2006352700A (en) * 2005-06-17 2006-12-28 Sony Corp System, apparatus, method, and program for communication
JP2006352699A (en) * 2005-06-17 2006-12-28 Sony Corp Communication system, communication apparatus and method, and program
JP2007020066A (en) * 2005-07-11 2007-01-25 Sony Corp Information processing apparatus and method, program, and authentication system
US20080123599A1 (en) * 2005-07-25 2008-05-29 Yoshihito Ishibashi Communication System, Communication Device And Method, And Program
JP4797506B2 (en) * 2005-08-11 2011-10-19 富士電機リテイルシステムズ株式会社 Non-contact communication medium identification method and settlement apparatus
KR100648540B1 (en) * 2005-09-29 2006-11-27 주식회사 유비닉스 Smart card, card management system, and key management method thereof
EP1938504B1 (en) 2005-10-21 2020-04-29 Honeywell Limited An authorisation system and a method of authorisation
JP4435076B2 (en) 2005-11-18 2010-03-17 フェリカネットワークス株式会社 Mobile terminal, data communication method, and computer program
JP4435084B2 (en) * 2005-12-27 2010-03-17 フェリカネットワークス株式会社 Communication system, reader / writer, authentication method, and computer program
FR2899706B1 (en) * 2006-04-07 2012-11-30 Radiotelephone Sfr METHOD OF ADAPTIVE RESPONSE BY AUTHENTICATION TO A REQUEST FOR ACTION
JP4951305B2 (en) * 2006-09-29 2012-06-13 株式会社日立製作所 Data carrier and its system
FR2906960B1 (en) * 2006-10-05 2009-04-17 Radiotelephone Sfr METHOD FOR THE CLOSED DISPOSAL OF AN ELECTRONIC SERVICE.
US8204831B2 (en) * 2006-11-13 2012-06-19 International Business Machines Corporation Post-anonymous fuzzy comparisons without the use of pre-anonymization variants
JP5073312B2 (en) * 2007-02-16 2012-11-14 株式会社日立製作所 IC tag system
JP5080837B2 (en) * 2007-03-27 2012-11-21 パナソニック株式会社 Network system
US8351350B2 (en) 2007-05-28 2013-01-08 Honeywell International Inc. Systems and methods for configuring access control devices
US8598982B2 (en) 2007-05-28 2013-12-03 Honeywell International Inc. Systems and methods for commissioning access control devices
JP4448167B2 (en) * 2007-12-28 2010-04-07 フェリカネットワークス株式会社 Communication device, remote server and terminal device
US8255688B2 (en) * 2008-01-23 2012-08-28 Mastercard International Incorporated Systems and methods for mutual authentication using one time codes
JP5133743B2 (en) * 2008-03-17 2013-01-30 フェリカネットワークス株式会社 Authentication system, authentication method, reader / writer, and program
JP2009258860A (en) 2008-04-14 2009-11-05 Sony Corp Information processing device and method, recording medium, program and information processing system
US8941469B1 (en) * 2010-06-14 2015-01-27 Impinj, Inc. RFID tag authentication with public-key cryptography
US9129168B1 (en) * 2008-04-30 2015-09-08 Impinj, Inc. RFID readers causing tags to backscatter based on challenge
JP2009294821A (en) 2008-06-04 2009-12-17 Sony Corp Information processor, information processing method, program, and information processing system
JP4631935B2 (en) 2008-06-06 2011-02-16 ソニー株式会社 Information processing apparatus, information processing method, program, and communication system
WO2009157048A1 (en) * 2008-06-27 2009-12-30 独立行政法人情報通信研究機構 Wireless communication authentication method, wireless communication system, and wireless sensor
US8204220B2 (en) 2008-09-18 2012-06-19 Sony Corporation Simulcrypt key sharing with hashed keys
EP2332386A4 (en) 2008-09-30 2014-07-23 Honeywell Int Inc Systems and methods for interacting with access control devices
US8878931B2 (en) 2009-03-04 2014-11-04 Honeywell International Inc. Systems and methods for managing video data
EP2408984B1 (en) 2009-03-19 2019-11-27 Honeywell International Inc. Systems and methods for managing access control devices
US8522338B2 (en) * 2009-06-22 2013-08-27 Analogic Corporation Two-way authentication
JP5423280B2 (en) 2009-09-25 2014-02-19 ソニー株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, PROGRAM, AND COMMUNICATION SYSTEM
US9280365B2 (en) 2009-12-17 2016-03-08 Honeywell International Inc. Systems and methods for managing configuration data at disconnected remote devices
US8707414B2 (en) 2010-01-07 2014-04-22 Honeywell International Inc. Systems and methods for location aware access control management
US8787725B2 (en) 2010-11-11 2014-07-22 Honeywell International Inc. Systems and methods for managing video data
WO2012174603A1 (en) 2011-06-24 2012-12-27 Honeywell International Inc. Systems and methods for presenting dvm system information
US10362273B2 (en) 2011-08-05 2019-07-23 Honeywell International Inc. Systems and methods for managing video data
US9344684B2 (en) 2011-08-05 2016-05-17 Honeywell International Inc. Systems and methods configured to enable content sharing between client terminals of a digital video management system
CN104137154B (en) 2011-08-05 2019-02-01 霍尼韦尔国际公司 Systems and methods for managing video data
CN102426719B (en) * 2011-08-19 2013-11-06 深圳市怡化电脑有限公司 Key loading method and key loading system for password keyboard
KR101959738B1 (en) 2012-05-24 2019-03-19 삼성전자 주식회사 Apparatus for generating secure key using device ID and user authentication information
JP6301579B2 (en) * 2012-12-03 2018-03-28 フェリカネットワークス株式会社 COMMUNICATION TERMINAL, COMMUNICATION METHOD, PROGRAM, AND COMMUNICATION SYSTEM
CN103136798B (en) * 2012-12-16 2016-04-27 四川久远新方向智能科技有限公司 The method of controlling security of rail traffic ticket automatic selling and checking system one-way ticket card
JP5681225B2 (en) * 2013-03-11 2015-03-04 俊則 清水 Certification system
JP6163402B2 (en) * 2013-09-30 2017-07-12 株式会社エヌ・ティ・ティ・データ Key exchange device, key exchange method, and program
US10523903B2 (en) 2013-10-30 2019-12-31 Honeywell International Inc. Computer implemented systems frameworks and methods configured for enabling review of incident data
JP6337472B2 (en) * 2014-01-15 2018-06-06 富士通株式会社 Fraudulent email detection device
AT513782B1 (en) * 2014-04-11 2018-08-15 Avl List Gmbh Device and method for transmitting data
JP2017085225A (en) 2015-10-23 2017-05-18 ソニーモバイルコミュニケーションズ株式会社 Communication device, communication method, and communication system
JP6868819B2 (en) * 2017-04-21 2021-05-12 パナソニックIpマネジメント株式会社 Communication systems, integrated communication systems, relay systems, receiving systems, communication methods, and programs
JP6489661B2 (en) * 2017-04-24 2019-03-27 フェリカネットワークス株式会社 COMMUNICATION TERMINAL, COMMUNICATION METHOD, PROGRAM, AND COMMUNICATION SYSTEM
JP7090496B2 (en) * 2017-10-12 2022-06-24 キヤノン株式会社 Authentication method, authentication device, authenticated device and image forming device
JP7207412B2 (en) * 2018-02-06 2023-01-18 ソニーグループ株式会社 Information processing device, information processing method, and program
US10868679B1 (en) * 2019-07-25 2020-12-15 Cypress Semiconductor Corporation Nonvolatile memory device with regions having separately programmable secure access features and related methods and systems

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4803725A (en) 1985-03-11 1989-02-07 General Instrument Corp. Cryptographic system using interchangeable key blocks and selectable key fragments
US4887296A (en) * 1984-10-26 1989-12-12 Ricoh Co., Ltd. Cryptographic system for direct broadcast satellite system
EP0422230A1 (en) 1989-01-24 1991-04-17 Matsushita Electric Industrial Co., Ltd. Data carrier and data communication apparatus using the same
EP0427465A2 (en) 1989-11-09 1991-05-15 AT&T Corp. Databaseless security system
EP0447063A2 (en) 1990-03-13 1991-09-18 General Instrument Corporation Of Delaware Security enhancement in a data processor through use of dynamic parameter authentication
EP0552392A1 (en) 1992-01-22 1993-07-28 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method for mutual authentification of an IC-card and a terminal
US5293029A (en) 1989-01-17 1994-03-08 Kabushiki Kaisha Toshiba System for mutually certifying an IC card and an IC card terminal
EP0604911A2 (en) 1992-12-28 1994-07-06 Nippon Telegraph And Telephone Corporation Authentication and communication terminal and communication processing unit using the method
US5371794A (en) 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5381481A (en) 1993-08-04 1995-01-10 Scientific-Atlanta, Inc. Method and apparatus for uniquely encrypting a plurality of services at a transmission site
WO1995001684A1 (en) 1993-06-29 1995-01-12 Motorola Inc. Method and apparatus for efficient real-time authentication and encryption in a communication system
JPH07123086A (en) 1993-10-27 1995-05-12 Nippon Telegr & Teleph Corp <Ntt> Literary work communication control system using ic card
US5455862A (en) * 1993-12-02 1995-10-03 Crest Industries, Inc. Apparatus and method for encrypting communications without exchanging an encryption key
US5506904A (en) 1993-08-04 1996-04-09 Scientific-Atlanta, Inc. System and method for transmitting and receiving variable length authorization control for digital services
EP0739109A2 (en) 1995-04-20 1996-10-23 UNITED TECHNOLOGIES AUTOMOTIVE, Inc. Method and apparatus for authentication in an electronic locking system
JPH08305662A (en) 1995-05-02 1996-11-22 Fujitsu Ltd Method and system for client authentication
US5613214A (en) 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
US5812666A (en) * 1995-03-31 1998-09-22 Pitney Bowes Inc. Cryptographic key management and validation system
US5933501A (en) 1996-08-01 1999-08-03 Harris Corporation `Virtual` encryption scheme combining different encryption operators into compound-encryption mechanism
US6377691B1 (en) * 1996-12-09 2002-04-23 Microsoft Corporation Challenge-response authentication and key exchange for a connectionless security protocol

Patent Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4887296A (en) * 1984-10-26 1989-12-12 Ricoh Co., Ltd. Cryptographic system for direct broadcast satellite system
US4803725A (en) 1985-03-11 1989-02-07 General Instrument Corp. Cryptographic system using interchangeable key blocks and selectable key fragments
US5293029A (en) 1989-01-17 1994-03-08 Kabushiki Kaisha Toshiba System for mutually certifying an IC card and an IC card terminal
EP0422230A1 (en) 1989-01-24 1991-04-17 Matsushita Electric Industrial Co., Ltd. Data carrier and data communication apparatus using the same
EP0427465A2 (en) 1989-11-09 1991-05-15 AT&T Corp. Databaseless security system
EP0447063A2 (en) 1990-03-13 1991-09-18 General Instrument Corporation Of Delaware Security enhancement in a data processor through use of dynamic parameter authentication
EP0552392A1 (en) 1992-01-22 1993-07-28 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method for mutual authentification of an IC-card and a terminal
EP0604911A2 (en) 1992-12-28 1994-07-06 Nippon Telegraph And Telephone Corporation Authentication and communication terminal and communication processing unit using the method
WO1995001684A1 (en) 1993-06-29 1995-01-12 Motorola Inc. Method and apparatus for efficient real-time authentication and encryption in a communication system
US5506904A (en) 1993-08-04 1996-04-09 Scientific-Atlanta, Inc. System and method for transmitting and receiving variable length authorization control for digital services
US5381481A (en) 1993-08-04 1995-01-10 Scientific-Atlanta, Inc. Method and apparatus for uniquely encrypting a plurality of services at a transmission site
JPH09501288A (en) 1993-08-04 1997-02-04 サイエンテイフイク−アトランタ・インコーポレーテツド Method and apparatus for uniquely encrypting multiple services at a transmission point
US5613214A (en) 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
JPH07123086A (en) 1993-10-27 1995-05-12 Nippon Telegr & Teleph Corp <Ntt> Literary work communication control system using ic card
US5371794A (en) 1993-11-02 1994-12-06 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in wireless networks
US5455862A (en) * 1993-12-02 1995-10-03 Crest Industries, Inc. Apparatus and method for encrypting communications without exchanging an encryption key
US5812666A (en) * 1995-03-31 1998-09-22 Pitney Bowes Inc. Cryptographic key management and validation system
EP0739109A2 (en) 1995-04-20 1996-10-23 UNITED TECHNOLOGIES AUTOMOTIVE, Inc. Method and apparatus for authentication in an electronic locking system
JPH08305662A (en) 1995-05-02 1996-11-22 Fujitsu Ltd Method and system for client authentication
US5784464A (en) 1995-05-02 1998-07-21 Fujitsu Limited System for and method of authenticating a client
US5933501A (en) 1996-08-01 1999-08-03 Harris Corporation `Virtual` encryption scheme combining different encryption operators into compound-encryption mechanism
US6377691B1 (en) * 1996-12-09 2002-04-23 Microsoft Corporation Challenge-response authentication and key exchange for a connectionless security protocol

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060155992A1 (en) * 2002-09-19 2006-07-13 Sony Corporation Data processing method, its program and its device
US7716477B2 (en) * 2002-09-19 2010-05-11 Sony Corporation Data processing method, program of the same, and device of the same
US20050246546A1 (en) * 2003-07-16 2005-11-03 Yoshihiko Takagi Access method
US7559090B2 (en) * 2003-07-16 2009-07-07 Matsushita Electric Industrial Co., Ltd. Memory, information apparatus for access to the memory, and method for the information apparatus
US20080059797A1 (en) * 2005-03-03 2008-03-06 Felica Networks, Inc. Data Communication System, Agent System Server, Computer Program, and Data Communication Method
US20130007452A1 (en) * 2006-05-09 2013-01-03 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US8762719B2 (en) * 2006-05-09 2014-06-24 Broadcom Corporation Method and system for command authentication to achieve a secure interface
US20100180118A1 (en) * 2008-10-14 2010-07-15 Yasumasa Nakatsugawa Information Processing Apparatus, Method for Switching Cipher and Program
US8458473B2 (en) 2008-10-14 2013-06-04 Sony Corporation Information processing apparatus, method for switching cipher and program
US9258283B2 (en) 2012-01-25 2016-02-09 Panasonic Intellectual Property Management Co., Ltd. Key management system, key management method, and communication device

Also Published As

Publication number Publication date
TW423242B (en) 2001-02-21
DE69821159D1 (en) 2004-02-26
DE69821159T2 (en) 2004-09-09
EP1339028A2 (en) 2003-08-27
EP0867843B1 (en) 2004-01-21
EP0867843A2 (en) 1998-09-30
JP4268690B2 (en) 2009-05-27
KR100506559B1 (en) 2005-11-16
JPH10327142A (en) 1998-12-08
MY114941A (en) 2003-02-28
KR19980080678A (en) 1998-11-25
EP1339028A3 (en) 2009-06-24
EP1339028B1 (en) 2017-05-17
EP0867843A3 (en) 2000-09-20
US6058477A (en) 2000-05-02

Similar Documents

Publication Publication Date Title
USRE39622E1 (en) System and method for authentication, and device and method for authentication
US7962754B2 (en) Method and equipment for encrypting/decrypting physical characteristic information, and identification system utilizing the physical characteristic information
US5745576A (en) Method and apparatus for initialization of cryptographic terminal
US7502467B2 (en) System and method for authentication seed distribution
EP0189476B1 (en) Security system and method for remote terminal network
JP2746352B2 (en) Secure security communication system and method for communication by a remotely located computer
JPH09238132A (en) Portable terminal communication system and its communication method
WO1996007256A1 (en) Certifying system
US6988198B1 (en) System and method for initializing operation for an information security operation
WO1997045979A9 (en) Method and apparatus for initialization of cryptographic terminal
JP2001195548A (en) Information carrying and processing system, access device for information carrying device, and information carrying device
WO2007001075A1 (en) Encryption device, encryption method, decryption device, decryption method, and data structure
US20040165729A1 (en) System and method for securing information, including a system and method for setting up a correspondent pairing
CN101622818A (en) IC tag system
JP4268817B2 (en) Authentication method
JPH1020778A (en) Encoding device, decoding device and ic card
JP4207016B2 (en) Authentication system, authentication apparatus and method
JPH11328325A (en) Ic card system
JP5012818B2 (en) Authentication apparatus and authentication method
JP3436476B2 (en) How to change the encryption key for authentication
US6493823B1 (en) Instrument for making secure data exchanges
JP2000232442A (en) Information processing method/system
JP4368274B2 (en) How to update
JPH0397089A (en) Access control method for ic card
JP4140586B2 (en) Authentication key generation method

Legal Events

Date Code Title Description
FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12