WO2011064833A1 - Information processing apparatus, information processing method, and program - Google Patents

Information processing apparatus, information processing method, and program Download PDF

Info

Publication number
WO2011064833A1
WO2011064833A1 PCT/JP2009/069776 JP2009069776W WO2011064833A1 WO 2011064833 A1 WO2011064833 A1 WO 2011064833A1 JP 2009069776 W JP2009069776 W JP 2009069776W WO 2011064833 A1 WO2011064833 A1 WO 2011064833A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
auxiliary
authentication
secret key
unit
Prior art date
Application number
PCT/JP2009/069776
Other languages
French (fr)
Japanese (ja)
Inventor
清彦 鈴木
輝顕 伊東
英之 小黒
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2011543000A priority Critical patent/JP5398845B2/en
Priority to PCT/JP2009/069776 priority patent/WO2011064833A1/en
Priority to TW099108855A priority patent/TWI464616B/en
Publication of WO2011064833A1 publication Critical patent/WO2011064833A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • the present invention relates to an inter-device authentication mechanism and an authentication method for counterfeit products, and more particularly to an authentication mechanism and an authentication method for authenticating a device with an inexpensive configuration and eliminating the risk of leakage of a secret key.
  • an authentication method using a challenge-response method is generally used technically.
  • the challenge-response method will be briefly described below.
  • the operation of the challenge-response method is shown in FIG. It is assumed that the master device authenticates the slave device, and it is assumed that the master device and the slave device share a secret key in advance. In addition, both have the HASH calculation logic of the same algorithm. In many cases, the SHA-1 algorithm is used for the HASH calculation logic, but the algorithm is arbitrary as long as the calculation logic has one-wayness.
  • the master device and the slave device have the same secret key and HASH calculation logic
  • the HASH calculation logic is executed in both of them using the secret key and two values of an arbitrary value as arguments, the same HASH value is obtained.
  • the arbitrary value at this time serves as a challenge code for the master device to test whether the slave device is a partner that shares the same secret key.
  • the master device Since the master device normally performs complicated processing, it has an arithmetic device such as a CPU (Central Processing Unit). However, slave devices do not always have an arithmetic unit, and as an example, a memory device usually has only a memory circuit on a substrate. Therefore, in recent years, when challenge-response authentication is performed between a master device and a slave device, the master device side is equipped with an arithmetic unit, and the slave side is attached with an authentication IC (Integrated Circuit) for authentication. Perform a series of challenge-response processes.
  • IC Integrated Circuit
  • Non-Patent Document 1 An example of a slave device IC is shown in Non-Patent Document 1.
  • the slave device IC generally has a HASH calculation logic, a secret key storage area that cannot be externally observed, and a nonvolatile storage area that can be externally observed. Sufficiently distributed.
  • a challenge-response method can be used, and an inexpensive authentication IC for slave devices can be used on the slave device side.
  • countermeasures against counterfeit products are not only technical difficulties but also ease of introduction of costs, so it is desirable that countermeasures can be taken without introducing an authentication IC for the master device.
  • the main object of the present invention is to devise a device configuration and an authentication method for performing authentication processing with a simple configuration and preventing leakage of a key value.
  • An information processing apparatus includes: A communication unit that receives an IC specific value unique to each IC and a matching value for matching from an IC (Integrated Circuit); A secret key storage unit for storing the secret key; A one-way calculation unit for performing one-way calculation on the secret key stored in the secret key storage unit and the IC eigenvalue received by the communication unit; A determination unit that compares the collation value received by the communication unit with the calculation value calculated by the one-way calculation unit and determines whether the collation value and the calculation value match; It is characterized by.
  • the IC provided in the authentication object is a regular IC
  • the IC unique value and the collation value that matches the calculated value obtained from the one-way calculation for the secret key are stored.
  • the validity of the authentication object can be determined by comparing the collation value received from the calculated value with the verification value.
  • FIG. 3 is a diagram illustrating a configuration example of an apparatus according to the first embodiment.
  • FIG. 3 shows an internal configuration example of an authentication IC according to the first embodiment.
  • FIG. 3 is a diagram illustrating an internal configuration example of the arithmetic device according to the first embodiment.
  • movement corresponded to the authentication 1st step among the operation
  • FIG. The figure which shows the operation
  • FIG. FIG. 3 shows an internal configuration example of an authentication IC according to the first embodiment.
  • FIG. 6 is a diagram showing an operation of authenticating the validity of the authentication IC on the master device according to the first embodiment.
  • FIG. 10 is a diagram illustrating an operation corresponding to the first authentication stage among the operations for authenticating the validity of the authentication IC on the master device according to the second embodiment.
  • FIG. 10 is a diagram illustrating an operation corresponding to the second stage of authentication among operations for authenticating the validity of the authentication IC on the master device according to the second embodiment.
  • FIG. 4 is a diagram illustrating an example of a device configuration according to a second embodiment.
  • FIG. 6 is a diagram illustrating an internal configuration example of an authentication IC according to a second embodiment.
  • FIG. 6 shows a configuration example of a master device according to a third embodiment.
  • FIG. 4 is a diagram illustrating a hardware configuration example of a master device according to the first to third embodiments. The figure which shows a challenge-response system.
  • FIG. 1 shows an example of a device configuration according to the present embodiment.
  • the authentication IC is mounted on the master device 2 and the slave device 3, and each is the same IC.
  • the master device 2 includes an authentication IC 21 and an arithmetic device 22, and the arithmetic device 22 includes an inward communication path 23 and an outward communication path 24.
  • An authentication IC 21 used by the master device is connected to the inward communication path 23.
  • the outward communication path 24 is a communication path for communicating with the slave device 3, and the authentication IC 31 is also connected to the slave device 3.
  • the authentication IC 21 and the authentication IC 31 are physically different, they are mechanically the same. The mechanism of the authentication IC will be described later with reference to FIG.
  • the master device 2 is an example of an information processing apparatus, and the slave device 3 is an example of an authentication target.
  • the authentication IC 31 is an example of an authentication target IC
  • the authentication IC 21 is an example of an auxiliary IC.
  • slave device 3 There is no need for one slave device 3, and there may be a plurality of slave devices 3 as long as they can be connected to the communication path 24. In the present specification, description will be made assuming an example in which one slave device 3 is connected, but the operation is the same when a plurality of devices are connected.
  • the authentication IC 31 may exist on the communication path 24 or may be at the end of a gateway that straddles the communication path, and the position condition is that it can be controlled from the arithmetic device 22 in the master device 2.
  • the position of the authentication IC 21 does not need to be the inward communication path 23 and may be connected to the outward communication path 24 on the master device 2.
  • the condition of the position is that it can be controlled from the arithmetic unit 22.
  • FIG. 2 shows a functional block diagram of the authentication IC according to the present embodiment.
  • the authentication IC 1 includes a data transmission / reception unit 11, a response code holding unit 12, an IC unique number storage unit 13, a HASH calculation logic unit 14, a secret key storage area 15, and a nonvolatile storage area 16.
  • both the authentication IC 21 and the authentication IC 31 assume the authentication IC 1 of FIG. 2 in terms of mechanism.
  • the HASH calculation logic unit 2114 functions as a one-way calculation unit
  • the secret key storage area 2115 functions as a secret key storage unit.
  • the data transmission / reception unit 11 interprets eight types of commands, and the issuer of the command is the arithmetic device 22 on the master device 2.
  • commands are represented by COM1 to COM8.
  • the breakdown of COM1-8 is as follows.
  • COM1 is a command for the master device 2 to designate a communication partner.
  • the master device 2 outputs the IC unique number of the communication partner to the communication path, and recognizes that the authentication IC holding the same IC unique number is designated by itself.
  • the authentication IC designated by COM1 waits for one command for the next command, and when receiving this, performs processing according to the received command. When this is finished, the authentication IC cancels the recognition designated by itself.
  • the master device 2 needs to specify the authentication IC again with COM1 before commanding another process.
  • a COM8 command is prepared, and all the authentication ICs existing on the communication path output their own unique numbers on the communication path.
  • the communication path is subjected to competition control in a physical layer such as a CSMA (Carrier Sense Multiple Access) system so that electric signals do not compete.
  • the master device 2 periodically outputs a COM8 command and confirms the presence of the authentication IC on the communication path.
  • COM2 is a command that receives a challenge code from the master device 2 and executes HASH calculation logic.
  • the calculated HASH value is stored in the response code holding unit 12.
  • the HASH calculation logic may be executed using the value of the area 16 as an argument. This distinction is as follows.
  • the master side outputs a COM2 command and then outputs a value to be transmitted to the slave side to the communication path 24.
  • a predetermined code for executing the HASH calculation is output to the communication path 24.
  • a predetermined code for prompting the use of the non-volatile storage area 16 is output on the communication path 24, Finally, a code for executing the HASH calculation is output to the communication path 24.
  • COM3 is a command for the master device 2 to read the HASH calculation result.
  • the authentication IC Upon receiving this command, the authentication IC outputs the value stored in the response code holding unit 12 on the communication path.
  • a special value indicating that the calculation is not completed such as a value 0, is output in advance to notify the master device 2 that the calculation is not completed.
  • COM4 is a command for the master to store the secret key in the authentication IC. Since the master device 2 outputs the secret key on the communication path after the command code of COM4, the authentication IC receives the value. It should be noted that once the secret key is set, a mechanism that cannot be set again may be used. Alternatively, the following mechanism may be used. Before shipping, the secret key is set once in the authentication IC by the COM 4, and the value of the secret key is unconditionally adopted as the secret key. After that, when the authentication IC already holds the secret key, the master device 2 outputs the secret key to the communication path after the COM4 command code, and then outputs the HASH value of the current secret key to the communication path.
  • COM5 is a command for the master device 2 to read an IC unique number from the IC unique number storage unit 13. When the authentication IC receives this command, it outputs the IC unique number to the communication path.
  • COM8 is normally issued from the master, but COM5 is used to immediately confirm the IC unique number, and when the response of COM5 is not obtained, it means that the connection of the device having the authentication IC is released. .
  • COM 6 is a command used when the master device 2 transmits a value stored in the nonvolatile storage area 16. After outputting the command code on the communication path, the master device outputs the storage destination address and the stored value, and further outputs the value of the HASH calculation result using the stored value and the secret key as arguments. It is assumed that the amount of transmission is determined in advance, such as 1 byte.
  • the authentication IC receives the command, it temporarily stores the subsequent value and performs HASH calculation together with the secret key. Only when the HASH calculation result matches the HASH value output from the master device 2, the received value is stored in the designated address.
  • COM 7 is a command for the master device 2 to read a value stored in the nonvolatile storage area 16. Following this command, the master device 2 outputs a read destination address on the communication path, and in response to this, the authentication IC outputs the value stored in the designated address in the nonvolatile storage area 16 on the communication path. It is assumed that the amount of data to be read is determined in advance, such as 1 byte, as in the case of COM6. This completes the description of the command.
  • the response code holding unit 12 is an area for temporarily storing the HASH calculation result in the authentication IC until the master device 2 reads the response code. Once the value is read from the master device 2 via the data transmission / reception unit 11, the value is cleared to zero. The reason for this is to prevent a third party other than the master device 2 from reading the value even if an attempt is made to read the value at an arbitrary timing.
  • the IC unique number storage unit 13 stores an IC unique number.
  • the IC unique number is a serial number assigned at the time of manufacturing the IC, and guarantees that the IC manufacturer is the only number in the world.
  • the HASH calculation logic unit 14 is a mechanism for performing HASH calculation such as challenge-response. As long as the same function is implemented by those who perform authentication, the implemented HASH function is arbitrary. That is, the authentication IC 21 and the authentication IC 31 in FIG. 1 are mechanically the authentication IC 1 and include the same HASH calculation logic unit.
  • the secret key storage area 15 is an area for storing a secret key. It is necessary that the stored value cannot be read from the outside, and accordingly, a read request from the outside is not responded.
  • the secret key is stored in accordance with the operation described in the command COM4.
  • the non-volatile storage area 16 is an area used for storing information associated with the slave device 3, and a value that can be stored is preferably arbitrary.
  • One use example of the nonvolatile storage area 16 is as follows. When the IC 1 is used for counterfeiting of printer toner, the printer is a master device and the toner is a slave device. When used in this way, generally, the number of times the toner is used is stored in the nonvolatile storage area 16.
  • the control unit 221 controls the entire arithmetic device 22.
  • the communication unit 222 receives an IC unique number (authentication target IC unique value) stored in the authentication IC 31 in advance from the authentication IC 31 of the slave device 3 and a HASH value (authentication target IC) stored in the authentication IC 31 in advance. Receive the verification value).
  • the communication unit 222 issues the above-described COM1 to COM8.
  • the determination unit 223 compares the HASH value received by the communication unit 222 with the HASH value (calculated value) calculated by the HASH calculation logic unit 2114 of the authentication IC 21, and determines whether or not they match.
  • the HASH calculation logic unit 2114 of the authentication IC 21 performs HASH calculation (one-way calculation) on the secret key stored in the secret key storage area 2115 and the IC unique number of the authentication IC 31 received by the communication unit 222.
  • the HASH value is calculated, and the determination unit 223 collates the HASH value received from the authentication IC 31 with the HASH value calculated by the HASH calculation logic unit 2114 of the authentication IC 21.
  • res1 (224) is a register for accumulating the HASH value calculated by the HASH calculation logic unit 2114 of the authentication IC 21.
  • Res2 (225) is a register for accumulating the HASH value received from the authentication IC 31.
  • FIGS. 4 and 5 show an operation in which the master device 2 authenticates the slave device 3.
  • authentication of the master device 2 with respect to the slave device 3 is divided into two stages. First, according to FIG. 4, it is confirmed that the authentication IC 31 is indeed an IC at the time of shipment of a genuine product, and then challenge-response authentication is performed according to FIG. The operations of FIGS. 4 and 5 are performed once when the master device 2 detects a new slave device 3 on the communication path 24.
  • the original master device 2 and the slave device 3 have a secret key stored at the time of shipment, and the non-volatile storage area 3116 existing in the authentication IC 31 of the slave device 3 includes the IC.
  • a HASH value is stored with the unique number value and secret key as arguments.
  • FIG. 4 For convenience, the operation of FIG. 4 is referred to as the first authentication stage, and the operation of FIG. 5 is referred to as the second authentication stage.
  • the first stage of authentication is processing unrelated to challenge-response authentication, and the second stage of authentication is challenge-response authentication itself. The reason why the first stage of authentication is necessary will be described later.
  • the operation subject is the arithmetic device 22 on the master device, and the authentication IC 21 and the authentication IC 31 are driven according to various commands issued from the communication unit 222 of the arithmetic device 22.
  • the communication unit 222 reads the IC unique number of the authentication IC 31 existing on the detected slave device 3, and uses this value as a challenge code to the authentication IC 21 in the master device 2.
  • challenge-response processing is executed in the HASH calculation logic unit 2114 using the value of the IC unique number of the authentication IC 31 as a challenge code and the secret key as arguments, and a HASH calculation result is obtained.
  • the communication unit 222 receives a response code (HASH calculated value) from the authentication IC 21.
  • the communication unit 222 reads the HASH value stored in advance in the nonvolatile storage area 3116 in the authentication IC 31.
  • the HASH value in the nonvolatile storage area 3116 in the authentication IC 31 is a value stored in advance at the time of shipment.
  • the determination unit 223 receives the response code (HASH calculated value) previously obtained from the authentication IC 21 and the authentication IC 31. Compare the HASH value. If the two match, the first-stage authentication process is terminated and the second-stage authentication process is performed. On the other hand, if they do not match, it means that a counterfeit has been detected and the slave is not used.
  • the determination unit 223 generates a random value as a challenge code, and the communication unit 222 transmits the challenge code to both the authentication IC 21 on the master device 2 and the authentication IC 31 on the slave device 3. Since the authentication IC 21 and the authentication IC 31 calculate the response codes of each other, the two response codes are acquired and matched, and if the values are equal, the newly connected slave device 3 can be determined to be a genuine product. If the response codes of the two parties are different at the second stage of authentication, there is only a case where the secret keys do not match if there is no data destruction in the communication path 23 or the communication path 24.
  • the first stage of authentication it is confirmed whether the value of the secret key is correct and whether the authentication IC itself is a genuine product. This is because device authentication is performed both physically and logically.
  • Challenge-response authentication is a method of authenticating the other party with the correctness of the secret key shared with each other, but is closed to logical calculations and has no relation to physical information. Therefore, if an attacker has a genuine master device and a counterfeit slave device, the authentication IC on the legitimate master device is replaced with a commercial product authentication IC in its initial state, and a counterfeit slave device. Similarly, it is assumed that a commercial product authentication IC in the initial state is attached. That is, with the configuration of FIG.
  • the authentication IC 21 and the authentication IC 31 are left in the initial state when a commercial product is purchased. If only challenge-response authentication is performed under this condition, the authentication is closed with logical information, and the secret key matches with the initial value on both the master device side and the slave device side, and authentication is established. Therefore, it is necessary to perform the first stage of authentication in order to make the authentication relevant to physical information and prevent the imitation product from being used by exchanging the authentication IC.
  • the arithmetic device 22 performs the authentication processing of the slave device according to FIGS. 4 and 5.
  • the authentication IC 21 on the master device 2 has an important role in terms of holding a secret key and executing a HASH operation. Therefore, the master device 2 confirms the validity of its own authentication IC 21 when the power is turned on, and enters the normal operation state when the confirmation is obtained. It is necessary to operate so as to perform authentication processing according to 5.
  • FIG. 7 is a diagram illustrating an authentication operation of the authentication IC 21 on the master device 2. 4 and 5 described above, that is, the operation in which the master device 2 authenticates the slave device 3 is performed by the authentication IC 31 on the slave device 3 on the premise that the authentication IC 21 on the master device 2 is correct and genuine. It is an operation to authenticate.
  • the authentication of the authentication IC 21 on the master device 2 does not have an entity that can guarantee that it is a genuine product at that time (that is, the authentication IC 21 in the master-slave authentication). Therefore, the HASH value is stored in advance in the nonvolatile storage area 2116 of the authentication IC 21 at the time of shipment as in FIG.
  • this HASH value is a HASH value that uses the secret key and the value of the IC unique number of the authentication IC 21 as arguments, and is stored at the time of device shipment.
  • the authentication operation of the authentication IC 21 is generally the same as that in the first stage of authentication described in FIG. 4 except that the authentication target in the master device 2 is the authentication IC 21 on the master device 2.
  • the communication unit 222 of the arithmetic device 22 first receives an IC unique number value (auxiliary IC unique value) from the authentication IC 21 and inputs this value as a challenge code to the authentication IC 21 to obtain a response code (auxiliary IC calculated value).
  • the HASH value (auxiliary IC collation value) is stored in advance in the non-volatile storage area 2116 of the authentication IC 21, the communication unit 222 of the arithmetic device 22 reads out the HASH value, and the determination unit 223 previously obtained. Match the response code.
  • the authentication IC 21 If it is the authentication IC 21 at the time of shipment, since the value of the IC unique number has not changed, the same HASH value should be obtained. Therefore, if the values match, it shifts to the normal operation state, and if not, it means that the authentication IC has been exchanged and the authentication IC 21 is not authenticated.
  • the attacker replaces the authentication IC 21 with a commercially available IC, the value in the nonvolatile storage area of the original authentication IC can be read, so the read value may be stored in the replacement authentication IC.
  • the IC unique numbers are not the same, the HASH calculation result is different from the value stored in the nonvolatile storage area 2116.
  • the HASH value stored in the authentication IC 21 itself and the value calculated and output by the authentication IC 21 itself are used.
  • both the COM3 and the COM7 are used. If any device that returns the same value is attached, the authentication shown in FIG. 7 is established. However, in this case, this time, it does not operate correctly at the time of authentication with the slave device 3. In other words, since a legitimate slave device cannot be connected to the master device that has been imitated, countermeasures against the imitation product are taken as a result.
  • the authentication IC on the master device is properly attached and is an authentication IC attached at the time of shipment, that is, the validity of the authentication IC. According to this form, it is also possible to authenticate the validity of the authentication IC on the master device.
  • the mechanism for realizing counterfeit countermeasures that do not leak the secret key using only a relatively inexpensive authentication IC that does not have a special function has been described. More specifically, in both the master device and the slave device, an authentication IC is provided at a position that can be controlled from the arithmetic device that manages the entire system on the master device.
  • the authentication IC includes a data transmission / reception unit and a response code holding unit.
  • the mechanism including the section, the IC unique number, the HASH calculation logic, the secret key storage area, and the non-volatile storage area has been described.
  • the HASH calculation result with the secret key and IC specific number as arguments is stored in advance in the nonvolatile storage area of the authentication IC, and the master device detects a new slave device during operation.
  • the HASH calculation is recalculated by the authentication IC of the master device using the IC unique number and the secret key of the slave device, and the HASH value stored at the time of shipment is read out from the nonvolatile storage area provided in the authentication IC of the slave device, It has been described that the slave device is authenticated as a genuine product by matching the recalculated HASH value with the read HASH value.
  • the counterfeit product countermeasure method further includes that the authentication IC on the master device is properly attached and is the authentication IC attached at the time of shipment, that is, the validity of the authentication IC, It was explained that it includes a method that makes it possible to authenticate.
  • the counterfeit countermeasure method allows counterfeit countermeasures even when the authentication ICs of both the master device and the slave device are replaced. Therefore, it is possible to prevent the authentication mechanism from being avoided by replacing parts. I explained that.
  • FIG. 8 is called the first authentication stage and FIG. 9 is called the second authentication stage. 4 and 5, the terms “first authentication stage” and “second authentication stage” are used.
  • FIGS. 4 and 5 show the authentication between the master device 2 and the slave device 3, and FIG.
  • FIG. 9 Since 9 is authentication of the authentication IC 21 on the master device 2, the meaning is different. 8 is the same processing as FIG. 7, and FIG. 9 is performed after that. Note that the second authentication stage in FIG. 9 may be performed first, and then the first authentication stage in FIG. 8 may be performed. The authentication IC 21 is not valid if it must be authenticated in both the first and second authentication stages, and if it is authenticated in one stage but not in the other stage.
  • FIG. 10 shows a device configuration assumed in the present embodiment
  • FIG. 11 shows a configuration of the authentication IC.
  • the configuration of the arithmetic unit 22 is the same as that in FIG.
  • the ASIC 25 described in FIG. 10 is not necessarily an ASIC (Application Specific Integrated Circuit), and may be a mechanism other than the authentication IC 21 having the unique number 251. Further, the position of the ASIC 25 does not have to be on the communication path 24, and it is sufficient that the arithmetic device 22 can acquire the value of the unique number 251.
  • the unique number 251 is an example of a backup unique value
  • the ASIC 25 is an example of a backup unique value storage unit.
  • FIG. 11 shows an authentication IC 21 similar to that in FIG. 2, and two areas # 1 and # 2 can be used as the non-volatile storage area 2116.
  • the arithmetic unit 22 specifies # 1 by specifying the access destination address to the non-volatile storage area 2116. Alternatively, it is possible to distinguish access to # 2.
  • the HASH value is stored in advance in the nonvolatile storage area # 1 (21161) and the nonvolatile storage area # 2 (21162) in FIG. Both have different HASH values.
  • the nonvolatile storage area # 1 (21161) as in FIG. 7, the result of the HASH calculation using the IC unique number of the authentication IC 21 and the secret key as arguments is stored.
  • the nonvolatile storage area # 2 (21162) the result (backup verification value) of the HASH calculation using the ASIC unique number 251 and the secret key as arguments is stored.
  • the description of FIG. 8 will be given.
  • the first stage of authentication is almost the same as that in FIG. 7 except that the nonvolatile storage area # 1 (21161) is read by the COM7.
  • the stored value is the same as the value stored in the non-volatile storage area of FIG. If the HASH values match at the first authentication stage in FIG. 8, the process proceeds to the second authentication stage in FIG.
  • FIG. 9 The description of FIG. 9 will be given.
  • the authentication IC 21 is the authentication IC described in FIG. 2, the authentication at the time of shipment is sufficient, but since it is self-authentication, the IC described in FIG. It may be a different mechanism. Therefore, the HASH value is calculated using the unique number 251 of the ASIC 25 that is irrelevant to the authentication IC 21 itself.
  • the communication unit 222 inputs the unique number 251 of the ASIC 25 as a challenge code to the authentication IC 21, receives the unique number 251 and the HASH value (backup calculated value) for the secret key as a response, and receives the received response as the computing device. It is held in 22 registers. Thereafter, the communication unit 222 reads the HASH value (backup comparison value) stored in advance in the nonvolatile storage area # 2 (21162), and the determination unit 223 determines the previous response (backup calculated value) and the nonvolatile storage area # 2. Compare with the HASH value (backup verification value) from (21162). If the two match, the determination unit 223 determines that the authentication IC 21 is valid.
  • the method for authenticating the authenticity of the authentication IC of the master device has been described. More specifically, the strength of authentication is enhanced when a unique number other than the IC unique number of the authentication IC exists on the master device and two types of HASH values can be stored in the nonvolatile storage area in the authentication IC.
  • the method authenticates the authenticity of the authentication IC on the master device in two stages, authentication with the IC unique number of the authentication IC and authentication with the unique number on the master device.
  • Embodiment 3 FIG. In the first embodiment and the second embodiment described above, the example in which the authentication IC 21 is used has been described. In the present embodiment, a configuration in which the slave device is authenticated without using the authentication IC 21 will be described.
  • FIG. 12 shows a configuration example of the master device 2 according to the present embodiment.
  • the configuration of the slave device 3 is as shown in FIG. 1, and the configuration of the authentication IC 31 is also as shown in FIGS.
  • the secret key storage unit 226 has the same function as the secret key storage area 2115 of the authentication IC 21. That is, the secret key storage unit 226 stores a secret key that is secretly shared with the authentication IC 31 of the slave device 3.
  • the HASH calculation logic unit 227 has the same function as the HASH calculation logic unit 2114 of the authentication IC 21. That is, the HASH calculation logic unit 227 performs HASH calculation using the same HASH function as the HASH calculation logic unit 3114 of the authentication IC 31.
  • the HASH calculation logic unit 227 is an example of a one-way calculation unit.
  • the operation of the computing device 22 in the present embodiment is the same as that of the first embodiment except that the operation of the authentication IC 21 of the first embodiment is performed in the computing device 22.
  • the communication unit 222 reads the IC unique number of the authentication IC 31 from the authentication IC 31 of the slave device 3, and transmits this value as a challenge code to the HASH calculation logic unit 227.
  • the HASH calculation logic unit 227 Then, HASH calculation is performed using the value of the IC unique number of the authentication IC 31 and the secret key of the secret key storage unit 226 as arguments, and the HASH calculation value is obtained.
  • the communication unit 222 reads the HASH value stored in advance in the nonvolatile storage area 3116 in the authentication IC 31. Then, the determination unit 223 compares the response code (HASH calculation value) obtained by the HASH calculation logic unit 227 with the HASH value received from the authentication IC 31. If the two match, the first-stage authentication process is terminated and the second-stage authentication process is performed. On the other hand, if they do not match, it means that a counterfeit has been detected and the slave is not used.
  • the determination unit 223 In the second stage of authentication, the determination unit 223 generates a random value as a challenge code, and the communication unit 222 transmits the challenge code to both the HASH calculation logic unit 227 and the authentication IC 31 on the slave device 3. Since the HASH calculation logic unit 227 and the authentication IC 31 calculate the response codes with each other, the response codes of both are acquired and matched, and if they are equal, it can be determined that the newly connected slave device 3 is a genuine product.
  • the authenticity of the slave device is determined by the S / W implementation in the arithmetic device without using the authentication IC 21 as in the first and second embodiments.
  • the S / W implementation there is a possibility that the memory data is observed from the debug I / O on the master device side and the secret key value may be leaked, but such secret key leakage is prevented. If a mechanism is provided, the legitimacy of the slave device can be determined without using the authentication IC 21 as in this embodiment.
  • the master device 2 may be any device including the arithmetic unit 22 as shown in FIG. 1 and the like.
  • a computer such as a personal computer, a copy machine, a mobile phone, a car navigation device, various embedded devices, etc. Information equipment is assumed.
  • FIG. 13 is a diagram illustrating an example of hardware resources of the master device 2 described in the first to third embodiments. Note that the configuration of FIG. 13 is merely an example of the hardware configuration of the master device 2, and the hardware configuration of the master device 2 is not limited to the configuration described in FIG. 13 and may be other configurations. .
  • the master device 2 includes a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program.
  • the CPU 911 corresponds to the arithmetic device 22.
  • the CPU 911 is connected to the authentication IC 906 via the bus 912.
  • the authentication IC 906 corresponds to the authentication IC 21 in FIG.
  • the master device 2 is an information device, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, an FDD 904 (Flexible Disk Drive). These are connected to a compact disk device 905 (CDD) and a magnetic disk device 920 to control these hardware devices.
  • the communication board 915 may support either wired communication or wireless communication.
  • the communication board 915 is connected to a LAN (local area network), the Internet, a WAN (wide area network), a SAN (storage area network), or the like. It doesn't matter.
  • the magnetic disk device 920 may store an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911.
  • the program group 923 stores a program for executing the function described as “-unit” (excluding those included in the authentication IC) in the description of the first to third embodiments.
  • the program is read and executed by the CPU 911.

Abstract

In the authentication IC (21) for a master apparatus (2), a secret key is stored previously; in the authentication IC (31) for a slave apparatus (3), an IC-characteristic number and a secret key are stored previously and a HASH calculated value calculated with the secret key and the IC-characteristic number as arguments is stored. Whenever the master apparatus (2) detects a new slave apparatus (3) during operation, an arithmetic device (22) receives the IC-characteristic number from the authentication IC (31), the authentication IC (21) performs HASH calculation using the received IC-characteristic number and the stored secret key, and the arithmetic device (22) reads the HASH calculated value from the authentication IC (31) and compares the HASH calculated value calculated by the authentication IC (21) with the HASH calculated value read from the authentication IC (31), moving to the next-stage authentication operation when both of the values match.

Description

情報処理装置及び情報処理方法及びプログラムInformation processing apparatus, information processing method, and program
 本発明は、模造品対策のための機器間認証機構及び認証方式に関し、特に、安価な構成で、秘密鍵の漏えいの危険性を排除しながら機器の認証を行う認証機構及び認証方式に関する。 The present invention relates to an inter-device authentication mechanism and an authentication method for counterfeit products, and more particularly to an authentication mechanism and an authentication method for authenticating a device with an inexpensive configuration and eliminating the risk of leakage of a secret key.
 模造品あるいは海賊版商品による被害は増加の一途を辿っており、製造業者にとって模造品対策を講じることは急務の課題である。
 模造品は潜在的市場の喪失やブランドイメージの低下を招くのみならず、製造物責任を巡るトラブルの増加により正規品の生産性低下をも招く。 Damage caused by counterfeit products or pirated products continues to increase, and it is an urgent task for manufacturers to take measures against counterfeits.
Counterfeit products not only lead to the loss of potential market and brand image, but also increase the productivity of regular products due to increased troubles related to product liability.
 模造品対策を講じるためには何らかの認証機構を設ける必要がある。
 しかし、認証機構は模造品の使用を防ぐためなので、製造物である装置本来の機能とは無関係であり、ユーザには直接的なメリットが無い。
 一方で対策を講じるためには部品調達や開発費などのコストが必要で、これら模造品対策に要したコストは製造物の原価に含まれる。
 しかしながら、模造品対策を理由として装置価格を上げることは、ユーザにとって不要な機能をユーザが金銭的に負担する構図となるため、通常は市場のユーザから理解を得られない。
 その結果、製造業者は模造品対策が必要であることを認識しながらも、コスト面の制約によりしばしば導入を諦めることがあり、従い如何に安価に実現できるかが重要となる。 In order to take measures against counterfeit products, it is necessary to provide some kind of authentication mechanism.
However, since the authentication mechanism prevents the use of a counterfeit product, the authentication mechanism is irrelevant to the original function of the device, which is a product, and the user has no direct merit.
On the other hand, in order to take countermeasures, costs such as parts procurement and development costs are necessary, and the costs required for countermeasures against these imitations are included in the cost of the product.
However, raising the price of the device for counterfeit countermeasures is a composition in which the user pays financially the functions unnecessary for the user, and usually cannot be understood by market users.
As a result, manufacturers recognize that a countermeasure against counterfeit goods is necessary, but often give up introduction due to cost constraints, and therefore it is important how it can be realized at low cost.
 一方、技術的にはチャレンジ-レスポンス方式を用いた認証方式が一般的に用いられる。以下、チャレンジ-レスポンス方式について簡単に説明する。
 なお、以下で説明するチャレンジ-レスポンス方式を用いた認証技術として、たとえば、特許文献1に開示の技術がある。 On the other hand, an authentication method using a challenge-response method is generally used technically. The challenge-response method will be briefly described below.
As an authentication technique using the challenge-response method described below, for example, there is a technique disclosed in Patent Document 1.
 チャレンジ-レスポンス方式の動作を図14に示す。
 マスタ機器がスレーブ機器を認証する場合を想定しており、マスタ機器とスレーブ機器は予め互いに秘密鍵を共有していることが前提である。
 また、両者は同じアルゴリズムのHASH計算論理を有していることとする。
 多くの場合、このHASH計算論理にはSHA-1アルゴリズムが用いられるが、一方向性を有する計算論理であればアルゴリズムは任意である。 The operation of the challenge-response method is shown in FIG.
It is assumed that the master device authenticates the slave device, and it is assumed that the master device and the slave device share a secret key in advance.
In addition, both have the HASH calculation logic of the same algorithm.
In many cases, the SHA-1 algorithm is used for the HASH calculation logic, but the algorithm is arbitrary as long as the calculation logic has one-wayness.
 ここで、マスタ機器とスレーブ機器が互いに同じ秘密鍵とHASH計算論理を有している場合、秘密鍵と任意の値の2つの情報を引数として、両者においてHASH計算論理を実行すると、同じHASH値を得ることができるはずである。
 この際の任意の値は、マスタ機器が、スレーブ機器が同じ秘密鍵を共有する相手であるかを試すためのチャレンジコードとして働く。 Here, when the master device and the slave device have the same secret key and HASH calculation logic, if the HASH calculation logic is executed in both of them using the secret key and two values of an arbitrary value as arguments, the same HASH value is obtained. You should be able to get
The arbitrary value at this time serves as a challenge code for the master device to test whether the slave device is a partner that shares the same secret key.
 次に図14の動作を説明する。
 マスタ機器はスレーブ機器を認証するために、マスタ機器内で乱数を生成してスレーブ機器に渡す(=チャレンジ)。
 それと同時に、マスタ機器は、生成した乱数と秘密鍵の2つの情報をHASH計算論理へ入力してHASH値を計算する。
 スレーブ機器側もまた、マスタ機器から受取った乱数を用いて同様の計算を行い、HASH値をマスタ機器に送信する(=レスポンス)。
 スレーブ機器が正規のスレーブ機器である場合、マスタ機器と秘密鍵を共有しているので、マスタ機器とスレーブ機器で同じHASH値が得られるはずである。
 チャレンジ-レスポンス方式では、攻撃者が通信路上で観測を行うことを想定している。
 通信路上は乱数値と乱数値に基づくHASH値しかやり取りざれないため、生成する乱数が毎回変化するならば、通信路上の値は常に不規則に変化するため、秘密鍵を特定することは困難である。
 ゆえに第三者が秘密鍵を知りえないため、スレーブ機器の利用に先立ちチャレンジ-レスポンス方式でスレーブ機器を認証すれば、正規品かどうかを知ることが出来る。 Next, the operation of FIG. 14 will be described.
In order to authenticate the slave device, the master device generates a random number in the master device and passes it to the slave device (= challenge).
At the same time, the master device calculates the HASH value by inputting the generated random number and the secret key into the HASH calculation logic.
The slave device also performs the same calculation using the random number received from the master device, and transmits the HASH value to the master device (= response).
If the slave device is a regular slave device, the master device and the slave device should obtain the same HASH value because the master device shares the secret key.
The challenge-response method assumes that an attacker observes on the communication path.
Since only a random value and a HASH value based on the random number value can be exchanged on the communication path, if the generated random number changes every time, the value on the communication path always changes irregularly, so it is difficult to specify the secret key. is there.
Therefore, since a third party cannot know the secret key, if the slave device is authenticated by the challenge-response method before using the slave device, it can be known whether it is a genuine product.
 マスタ機器は通常複雑な処理を行うため、CPU(Central Processing Unit)等の演算装置を有する。
 しかし、スレーブ機器は演算装置を有するとは限らず、一例としてメモリ機器は通常、メモリ回路しか基板上に存在しない。
 そのため、近年ではマスタ機器とスレーブ機器の間でチャレンジ-レスポンス方式の認証を行う場合、マスタ機器側は演算装置にて、スレーブ側は認証用に認証IC(Integrated Circuit)を取り付けこのICにて、チャレンジ-レスポンス方式の一連の処理を行う。 Since the master device normally performs complicated processing, it has an arithmetic device such as a CPU (Central Processing Unit).
However, slave devices do not always have an arithmetic unit, and as an example, a memory device usually has only a memory circuit on a substrate.
Therefore, in recent years, when challenge-response authentication is performed between a master device and a slave device, the master device side is equipped with an arithmetic unit, and the slave side is attached with an authentication IC (Integrated Circuit) for authentication. Perform a series of challenge-response processes.
 近年、携帯電話の普及により携帯電話用の粗悪な不正バッテリが出回り、これら不正バッテリの発火などにより人命が脅かされる状況が発生した。
 こうした社会的背景により、携帯電話のバッテリには正規品であるかどうかを確認できる認証機構を設けることが義務付けられた。
 こうした社会的要請により、スレーブ機器用の認証ICは低価格化、高機能化が進んだ。 In recent years, with the widespread use of mobile phones, inferior illegal batteries for mobile phones have come out, and human life has been threatened by the firing of these illegal batteries.
Because of this social background, it is obliged to provide an authentication mechanism that can confirm whether or not a battery of a mobile phone is genuine.
Due to these social demands, authentication ICs for slave devices have become cheaper and more functional.
 スレーブ機器用ICの一例は非特許文献1に示される。
 スレーブ機器用ICは、HASH計算論理と、外部観測不可能な秘密鍵の記憶領域、外部観測可能な不揮発記憶領域を有することが一般的であり、該構成に類するICは市場にて安価にかつ十分に流通している。 An example of a slave device IC is shown in Non-Patent Document 1.
The slave device IC generally has a HASH calculation logic, a secret key storage area that cannot be externally observed, and a nonvolatile storage area that can be externally observed. Sufficiently distributed.
 スレーブ機器用ICが高度化する一方、マスタ機器用の認証ICは一般に市場流通しておらず、作成する場合は多大なコストを要し現実的ではない。
 この理由として、通常マスタ機器は演算装置を有しており機能的には認証ICが不要であることが考えられる。
 また、他の理由として、スレーブ機器用のICと比較してマスタ機器用のICは出荷個数が少ないことが予想されるため、単価が高価となり、ICベンダが一般用途向けに開発や出荷を行わないことが考えられる。 While ICs for slave devices are becoming more sophisticated, authentication ICs for master devices are not generally distributed on the market, and creating them requires a great deal of cost and is not practical.
As a reason for this, it is conceivable that the master device usually has an arithmetic unit and functionally does not require an authentication IC.
Another reason is that the number of ICs for master devices is expected to be small compared to ICs for slave devices, resulting in higher unit prices and development and shipping by IC vendors for general use. It is possible that there is not.
特開2009-086795号公報JP 2009-086795 A
 一台のマスタ機器と、これに接続する複数台のスレーブ機器からなるシステムにおいて、模造品対策を行うこととは、正規品マスタ機器に模造品スレーブ機器が接続できないこと、模造品マスタ機器に正規品スレーブ機器が接続できないこと、を成し遂げることである。 In a system consisting of one master device and multiple slave devices connected to it, taking counter measures against imitations means that imitation slave devices cannot be connected to genuine master devices, and that imitation master devices are authorized. To achieve that the slave device cannot be connected.
 この目的のためにチャレンジ-レスポンス方式が利用可能で、スレーブ機器側は安価なスレーブ機器用の認証ICが利用可能である。 For this purpose, a challenge-response method can be used, and an inexpensive authentication IC for slave devices can be used on the slave device side.
 他方、従来の実装では、マスタ機器側は演算装置によるS/W(Software)実装が主流である。
 しかし従来の実装では、マスタ機器側にてデバッグI/O(Input Output)からメモリデータが観測され秘密鍵の値が漏えいする場合がある。 On the other hand, in the conventional mounting, S / W (Software) mounting by an arithmetic device is the mainstream on the master device side.
However, in the conventional implementation, there is a case where memory data is observed from a debug I / O (Input Output) on the master device side and a secret key value is leaked.
 また前記の如く、模造品対策は技術的な困難さのみならずコスト面の導入の容易さも課題であるため、マスタ機器用の認証ICを導入せずに対策を講じることが出来ることが望ましい。 As described above, countermeasures against counterfeit products are not only technical difficulties but also ease of introduction of costs, so it is desirable that countermeasures can be taken without introducing an authentication IC for the master device.
 この発明は、これらの点に鑑み、簡易な構成でかつ鍵値の漏えいを防いで認証処理を行うための、機器構成と認証方式を考案することを主な目的とする。 In view of these points, the main object of the present invention is to devise a device configuration and an authentication method for performing authentication processing with a simple configuration and preventing leakage of a key value.
 本発明に係る情報処理装置は、
 IC(Integrated Circuit)から、ICごとに固有のIC固有値と、照合のための照合値を受信する通信部と、
 秘密鍵を記憶する秘密鍵記憶部と、
 前記秘密鍵記憶部に記憶されている前記秘密鍵と前記通信部により受信された前記IC固有値に対して一方向計算を行う一方向計算部と、
 前記通信部により受信された前記照合値と前記一方向計算部により算出された算出値とを照合し、前記照合値と前記算出値とが一致するか否かを判定する判定部とを有することを特徴とする。 An information processing apparatus according to the present invention includes:
A communication unit that receives an IC specific value unique to each IC and a matching value for matching from an IC (Integrated Circuit);
A secret key storage unit for storing the secret key;
A one-way calculation unit for performing one-way calculation on the secret key stored in the secret key storage unit and the IC eigenvalue received by the communication unit;
A determination unit that compares the collation value received by the communication unit with the calculation value calculated by the one-way calculation unit and determines whether the collation value and the calculation value match; It is characterized by.
 本発明によれば、認証対象物に設けられているICが正規なICであれば、IC固有値と秘密鍵に対する一方向計算から得られる算出値に一致する照合値を記憶しているので、ICから受信した照合値と算出値の比較により認証対象物の正当性を判断することができる。 According to the present invention, if the IC provided in the authentication object is a regular IC, the IC unique value and the collation value that matches the calculated value obtained from the one-way calculation for the secret key are stored. The validity of the authentication object can be determined by comparing the collation value received from the calculated value with the verification value.
実施の形態1に係る装置構成例を示す図。FIG. 3 is a diagram illustrating a configuration example of an apparatus according to the first embodiment. 実施の形態1に係る認証ICの内部構成例を示す図。FIG. 3 shows an internal configuration example of an authentication IC according to the first embodiment. 実施の形態1に係る演算装置の内部構成例を示す図。FIG. 3 is a diagram illustrating an internal configuration example of the arithmetic device according to the first embodiment. 実施の形態1に係るスレーブ機器を認証する動作のうち、認証1段階目に相当する動作を示す図。The figure which shows the operation | movement corresponded to the authentication 1st step among the operation | movement which authenticates the slave apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係るスレーブ機器を認証する動作のうち、認証2段階目に相当する動作を示す図。The figure which shows the operation | movement equivalent to the authentication 2nd step among the operation | movement which authenticates the slave apparatus which concerns on Embodiment 1. FIG. 実施の形態1に係る認証ICの内部構成例を示す図。FIG. 3 shows an internal configuration example of an authentication IC according to the first embodiment. 実施の形態1に係るマスタ機器上の認証ICの正当性を認証する動作を示す図。FIG. 6 is a diagram showing an operation of authenticating the validity of the authentication IC on the master device according to the first embodiment. 実施の形態2に係るマスタ機器上の認証ICの正当性を認証する動作うち、認証1段階目に相当する動作を示す図。FIG. 10 is a diagram illustrating an operation corresponding to the first authentication stage among the operations for authenticating the validity of the authentication IC on the master device according to the second embodiment. 実施の形態2に係るマスタ機器上の認証ICの正当性を認証する動作うち、認証2段階目に相当する動作を示す図。FIG. 10 is a diagram illustrating an operation corresponding to the second stage of authentication among operations for authenticating the validity of the authentication IC on the master device according to the second embodiment. 実施の形態2に係る装置構成例を示す図。FIG. 4 is a diagram illustrating an example of a device configuration according to a second embodiment. 実施の形態2に係る認証ICの内部構成例を示す図。FIG. 6 is a diagram illustrating an internal configuration example of an authentication IC according to a second embodiment. 実施の形態3に係るマスタ機器の構成例を示す図。FIG. 6 shows a configuration example of a master device according to a third embodiment. 実施の形態1~3に係るマスタ機器のハードウェア構成例を示す図。FIG. 4 is a diagram illustrating a hardware configuration example of a master device according to the first to third embodiments. チャレンジ-レスポンス方式を示す図。The figure which shows a challenge-response system.
 実施の形態1.
 図1は、本実施の形態に係る装置構成例を示す。
 認証ICは、マスタ機器2とスレーブ機器3とに搭載されており、各々、同じICである。
 マスタ機器2は、認証IC21と、演算装置22を備え、演算装置22は内向きの通信路23と外向きの通信路24を備える。
 内向きの通信路23にはマスタ機器が用いる認証IC21が接続されている。
 また、外向きの通信路24はスレーブ機器3との通信を行うための通信路で、スレーブ機器3にもまた認証IC31が接続されている。
 認証IC21と認証IC31は物理的には異なるものだが、機構的には同一のものである。
 認証ICの機構は後述の図2にて述べる。
 なお、マスタ機器2は情報処理装置の例であり、スレーブ機器3は認証対象物の例である。
 また、認証IC31は認証対象ICの例であり、認証IC21は補助ICの例である。 Embodiment 1 FIG.
FIG. 1 shows an example of a device configuration according to the present embodiment.
The authentication IC is mounted on the master device 2 and the slave device 3, and each is the same IC.
The master device 2 includes an authentication IC 21 and an arithmetic device 22, and the arithmetic device 22 includes an inward communication path 23 and an outward communication path 24.
An authentication IC 21 used by the master device is connected to the inward communication path 23.
The outward communication path 24 is a communication path for communicating with the slave device 3, and the authentication IC 31 is also connected to the slave device 3.
Although the authentication IC 21 and the authentication IC 31 are physically different, they are mechanically the same.
The mechanism of the authentication IC will be described later with reference to FIG.
The master device 2 is an example of an information processing apparatus, and the slave device 3 is an example of an authentication target.
The authentication IC 31 is an example of an authentication target IC, and the authentication IC 21 is an example of an auxiliary IC.
 スレーブ機器3は1台である必要は無く、通信路24に接続できる限り複数台存在してよい。
 本明細書では、スレーブ機器3が1台接続されている例を想定して説明するが、複数台接続の場合も動作は同様である。 There is no need for one slave device 3, and there may be a plurality of slave devices 3 as long as they can be connected to the communication path 24.
In the present specification, description will be made assuming an example in which one slave device 3 is connected, but the operation is the same when a plurality of devices are connected.
 認証IC31は通信路24上に存在するか、あるいは通信路を跨ぐゲートウェイの先にあってもよく、マスタ機器2内の演算装置22から制御可能であることが位置の条件である。 The authentication IC 31 may exist on the communication path 24 or may be at the end of a gateway that straddles the communication path, and the position condition is that it can be controlled from the arithmetic device 22 in the master device 2.
 認証IC21の位置もまた内向きの通信路23である必要は無く、マスタ機器2上の外向き通信路24に接続されていても良い。位置の条件は演算装置22から制御可能であることである。 The position of the authentication IC 21 does not need to be the inward communication path 23 and may be connected to the outward communication path 24 on the master device 2. The condition of the position is that it can be controlled from the arithmetic unit 22.
 図2は、本実施の形態に係る認証ICの機能ブロック図を示す。
 認証IC1は、その内部にデータ送受信部11と、レスポンスコード保持部12と、IC固有番号格納部13と、HASH計算論理部14と、秘密鍵格納領域15と、不揮発記憶領域16と、を備える。
 図6に示すように、認証IC21及び認証IC31の両者は、機構的には図2の認証IC1を想定している。
 なお、認証IC21においては、HASH計算論理部2114は一方向計算部として機能し、また、秘密鍵格納領域2115は秘密鍵記憶部として機能する。
 以下にて、図2の認証IC1の各構成要素を説明する。 FIG. 2 shows a functional block diagram of the authentication IC according to the present embodiment.
The authentication IC 1 includes a data transmission / reception unit 11, a response code holding unit 12, an IC unique number storage unit 13, a HASH calculation logic unit 14, a secret key storage area 15, and a nonvolatile storage area 16. .
As shown in FIG. 6, both the authentication IC 21 and the authentication IC 31 assume the authentication IC 1 of FIG. 2 in terms of mechanism.
In the authentication IC 21, the HASH calculation logic unit 2114 functions as a one-way calculation unit, and the secret key storage area 2115 functions as a secret key storage unit.
Below, each component of authentication IC1 of FIG. 2 is demonstrated.
 データ送受信部11は8種類のコマンドを解釈するものとし、コマンドの発行者はマスタ機器2上の演算装置22である。
 本明細書ではコマンドをCOM1~8で表す。
 COM1~8の内訳は次の通りである。 The data transmission / reception unit 11 interprets eight types of commands, and the issuer of the command is the arithmetic device 22 on the master device 2.
In this specification, commands are represented by COM1 to COM8.
The breakdown of COM1-8 is as follows.
 COM1は、マスタ機器2が通信相手を指定するコマンドである。
 COM1コマンドではマスタ機器2が通信相手のIC固有番号を通信路に出力し、同じIC固有番号を保持する認証ICが、自身の指定されたことを認識する。
 COM1で指定された認証ICは、次のコマンドを1コマンドだけ待ち、これを受取ると受信したコマンドに従った処理を行う。
 これを終えると認証ICは自身が指定された認識を解除する。
 マスタ機器2は別の処理をコマンド指示する前に、再度COM1で認証ICを特定する必要がある。 COM1 is a command for the master device 2 to designate a communication partner.
In the COM1 command, the master device 2 outputs the IC unique number of the communication partner to the communication path, and recognizes that the authentication IC holding the same IC unique number is designated by itself.
The authentication IC designated by COM1 waits for one command for the next command, and when receiving this, performs processing according to the received command.
When this is finished, the authentication IC cancels the recognition designated by itself.
The master device 2 needs to specify the authentication IC again with COM1 before commanding another process.
 認証ICの固有番号が不明な場合、認証ICを特定することが出来ない。
 そのためCOM8コマンドが用意されており、これは通信路上に存在する全ての認証ICが、自身の固有番号を通信路上に出力する。
 電気信号が競合しないよう、通信路はCSMA(Carrier Sense Multiple Access)方式など物理層にて競合制御が行われる。
 マスタ機器2は定期的にCOM8コマンドを出力し、通信路上の認証ICの存在を確認する。 If the unique number of the authentication IC is unknown, the authentication IC cannot be specified.
Therefore, a COM8 command is prepared, and all the authentication ICs existing on the communication path output their own unique numbers on the communication path.
The communication path is subjected to competition control in a physical layer such as a CSMA (Carrier Sense Multiple Access) system so that electric signals do not compete.
The master device 2 periodically outputs a COM8 command and confirms the presence of the authentication IC on the communication path.
 COM2は、マスタ機器2からチャレンジコードを受取り、HASH計算論理を実行するコマンドである。
 計算されたHASH値はレスポンスコード保持部12に格納される。
 HASH計算論理の実行は2種類あり、鍵値とマスタ側が送信した値(=チャレンジ-レスポンスにおけるチャレンジコード)を引数としてHASH計算論理を実行する場合と、鍵値、マスタ側が送信した値と不揮発記憶領域16の値を引数としてHASH計算論理を実行する場合がある。
 この区別は以下の通りである。 COM2 is a command that receives a challenge code from the master device 2 and executes HASH calculation logic.
The calculated HASH value is stored in the response code holding unit 12.
There are two types of execution of the HASH calculation logic. The HASH calculation logic is executed with the key value and the value transmitted from the master side (= the challenge code in the challenge-response) as an argument, and the key value, the value transmitted from the master side and the nonvolatile storage. The HASH calculation logic may be executed using the value of the area 16 as an argument.
This distinction is as follows.
 まず、マスタ側はCOM2コマンドを出力した後、スレーブ側へ送信する値を通信路24に出力する。
 直ちにHASH計算を行う場合は次にHASH計算実行のための予め定められたコードを通信路24に出力する。
 あるいは不揮発記憶領域16の値まで含める場合、COM2コマンドに続きスレーブ側への送信値を出力した後、不揮発記憶領域16の利用を促すための予め定められたコードを通信路24上に出力し、最後にHASH計算実行のためのコードを通信路24に出力する。 First, the master side outputs a COM2 command and then outputs a value to be transmitted to the slave side to the communication path 24.
When the HASH calculation is performed immediately, a predetermined code for executing the HASH calculation is output to the communication path 24.
Or when including the value of the non-volatile storage area 16, after outputting the transmission value to the slave side following the COM2 command, a predetermined code for prompting the use of the non-volatile storage area 16 is output on the communication path 24, Finally, a code for executing the HASH calculation is output to the communication path 24.
 COM3はHASH計算結果をマスタ機器2が読み出すためのコマンドである。
 認証ICは本コマンドを受信すると、レスポンスコード保持部12に格納されている値を通信路上に出力する。
 計算が終了していない場合は、値0など、予め計算未終了を示す特別な値を出力してマスタ機器2に未終了である旨を通知する。 COM3 is a command for the master device 2 to read the HASH calculation result.
Upon receiving this command, the authentication IC outputs the value stored in the response code holding unit 12 on the communication path.
When the calculation is not completed, a special value indicating that the calculation is not completed, such as a value 0, is output in advance to notify the master device 2 that the calculation is not completed.
 COM4はマスタが秘密鍵を認証ICに格納するためのコマンドである。
 マスタ機器2はCOM4のコマンドコードの後、通信路上に秘密鍵を出力するため、認証ICはその値を受取る。
 なお、一度秘密鍵を設定したら以降二度と設定できない機構で良い。
 あるいは、次のような機構でも良い。
 出荷前にCOM4により認証ICに秘密鍵を一度設定し、この際は秘密鍵の値を無条件で秘密鍵として採用する。
 その後、認証ICが既に秘密鍵を保持している場合、マスタ機器2はCOM4コマンドコードの後に秘密鍵を通信路に出力し、さらにその後、現在の秘密鍵のHASH値を通信路に出力する。 COM4 is a command for the master to store the secret key in the authentication IC.
Since the master device 2 outputs the secret key on the communication path after the command code of COM4, the authentication IC receives the value.
It should be noted that once the secret key is set, a mechanism that cannot be set again may be used.
Alternatively, the following mechanism may be used.
Before shipping, the secret key is set once in the authentication IC by the COM 4, and the value of the secret key is unconditionally adopted as the secret key.
After that, when the authentication IC already holds the secret key, the master device 2 outputs the secret key to the communication path after the COM4 command code, and then outputs the HASH value of the current secret key to the communication path.
 COM5はマスタ機器2がIC固有番号格納部13からIC固有番号を読み出すコマンドである。
 認証ICはこのコマンドを受取ると、通信路にIC固有番号を出力する。
 COM8は通常マスタから発行されるが、COM5は直ちにIC固有番号を確認する場合に用いられ、COM5の応答が得られない場合は、当該認証ICを有する機器の接続が解除されたことを意味する。 COM5 is a command for the master device 2 to read an IC unique number from the IC unique number storage unit 13.
When the authentication IC receives this command, it outputs the IC unique number to the communication path.
COM8 is normally issued from the master, but COM5 is used to immediately confirm the IC unique number, and when the response of COM5 is not obtained, it means that the connection of the device having the authentication IC is released. .
 COM6はマスタ機器2が不揮発記憶領域16に格納する値を送信する際のコマンドである。
 マスタ機器は通信路上にコマンドコードを出力した後、続いて格納先アドレスと、格納する値を出力し、さらに、格納する値と秘密鍵を引数とするHASH計算結果の値を出力する。
 なお、格納する値は1Byteなど、予め1回の送信量が決められているものとする。
 認証ICはコマンドを受取ると、その後の値を一旦格納して、秘密鍵と共にHASH計算を行う。
 HASH計算結果と、マスタ機器2が出力したHASH値とが一致した場合のみ、受信した値を指定されたアドレスに格納する。 COM 6 is a command used when the master device 2 transmits a value stored in the nonvolatile storage area 16.
After outputting the command code on the communication path, the master device outputs the storage destination address and the stored value, and further outputs the value of the HASH calculation result using the stored value and the secret key as arguments.
It is assumed that the amount of transmission is determined in advance, such as 1 byte.
When the authentication IC receives the command, it temporarily stores the subsequent value and performs HASH calculation together with the secret key.
Only when the HASH calculation result matches the HASH value output from the master device 2, the received value is stored in the designated address.
 COM7はマスタ機器2が不揮発記憶領域16に格納されている値を読み出すためのコマンドである。
 マスタ機器2はこのコマンドに続き読み出し先のアドレスを通信路上に出力し、これを受けて、認証ICは不揮発記憶領域16内の指定されたアドレスに格納されている値を通信路上に出力する。
 COM6と同様に読み出すデータ長は1Byteなど、予め1回の送信量が決められているものとする。
 コマンドの説明は以上である。 COM 7 is a command for the master device 2 to read a value stored in the nonvolatile storage area 16.
Following this command, the master device 2 outputs a read destination address on the communication path, and in response to this, the authentication IC outputs the value stored in the designated address in the nonvolatile storage area 16 on the communication path.
It is assumed that the amount of data to be read is determined in advance, such as 1 byte, as in the case of COM6.
This completes the description of the command.
 レスポンスコード保持部12は、マスタ機器2がレスポンスコードを読み出すまでに、認証IC内に一時的にHASH計算結果を格納しておく領域である。
 マスタ機器2からデータ送受信部11経由で一度値を読まれると、値をゼロクリアする。
 この理由は、マスタ機器2以外の第三者が任意のタイミングで値の読み出しを試みても読み出せないようにするためである。 The response code holding unit 12 is an area for temporarily storing the HASH calculation result in the authentication IC until the master device 2 reads the response code.
Once the value is read from the master device 2 via the data transmission / reception unit 11, the value is cleared to zero.
The reason for this is to prevent a third party other than the master device 2 from reading the value even if an attempt is made to read the value at an arbitrary timing.
 IC固有番号格納部13は、IC固有番号を格納する。
 IC固有番号は該ICの製造の際に割り当てられるシリアル番号で、該ICの製造者が世の中に唯一の番号であることを保証するものである。 The IC unique number storage unit 13 stores an IC unique number.
The IC unique number is a serial number assigned at the time of manufacturing the IC, and guarantees that the IC manufacturer is the only number in the world.
 HASH計算論理部14は、チャレンジ-レスポンスなど、HASH計算を行うための機構である。
 認証を行う者同士で同じ関数を実装している限り、実装されているHASH関数は任意である。
 即ち、図1の認証IC21と認証IC31は機構的には認証IC1であり、同じHASH計算論理部を備える。 The HASH calculation logic unit 14 is a mechanism for performing HASH calculation such as challenge-response.
As long as the same function is implemented by those who perform authentication, the implemented HASH function is arbitrary.
That is, the authentication IC 21 and the authentication IC 31 in FIG. 1 are mechanically the authentication IC 1 and include the same HASH calculation logic unit.
 秘密鍵格納領域15は、秘密鍵を格納するための領域である。
 格納した値を外部から読み出すことが出来ない必要があり、従い外部からの読み出し要求には応じない。
 秘密鍵の格納はコマンドCOM4に述べる動作に従う。 The secret key storage area 15 is an area for storing a secret key.
It is necessary that the stored value cannot be read from the outside, and accordingly, a read request from the outside is not responded.
The secret key is stored in accordance with the operation described in the command COM4.
 不揮発記憶領域16は、スレーブ機器3に付随する情報を格納することに用いられる領域であり、格納できる値は任意であることが望ましい。
 不揮発記憶領域16の一つの利用例は以下である。
 該IC1をプリンタトナーの模造品対策に用いる場合、プリンタがマスタ機器、トナーがスレーブ機器である。
 このように利用する場合、一般的にはトナーの使用回数などが不揮発記憶領域16に格納される。 The non-volatile storage area 16 is an area used for storing information associated with the slave device 3, and a value that can be stored is preferably arbitrary.
One use example of the nonvolatile storage area 16 is as follows.
When the IC 1 is used for counterfeiting of printer toner, the printer is a master device and the toner is a slave device.
When used in this way, generally, the number of times the toner is used is stored in the nonvolatile storage area 16.
 次に、マスタ機器2の演算装置22の内部構成例を図3に示す。 Next, an internal configuration example of the arithmetic unit 22 of the master device 2 is shown in FIG.
 制御部221は、演算装置22全体の制御を行う。
 通信部222は、スレーブ機器3の認証IC31から、認証IC31に予め格納されているIC固有番号(認証対象IC固有値)と、認証IC31に予め格納されている照合のためのHASH値(認証対象IC照合値)を受信する。
 また、通信部222は、前述のCOM1~COM8を発行する。
 判定部223は、通信部222により受信されたHASH値と認証IC21のHASH計算論理部2114により算出されたHASH値(算出値)とを照合し、両者が一致するか否かを判定する。
 つまり、認証IC21のHASH計算論理部2114は、秘密鍵格納領域2115に格納されている秘密鍵と通信部222により受信された認証IC31のIC固有番号に対してHASH計算(一方向計算)を行ってHASH値を算出し、判定部223は認証IC31から受信したHASH値と認証IC21のHASH計算論理部2114により算出されたHASH値とを照合する。
 res1(224)は、認証IC21のHASH計算論理部2114により算出されたHASH値を蓄積するためのレジスタである。
 res2(225)は、認証IC31から受信したHASH値を蓄積するためのレジスタである。 The control unit 221 controls the entire arithmetic device 22.
The communication unit 222 receives an IC unique number (authentication target IC unique value) stored in the authentication IC 31 in advance from the authentication IC 31 of the slave device 3 and a HASH value (authentication target IC) stored in the authentication IC 31 in advance. Receive the verification value).
In addition, the communication unit 222 issues the above-described COM1 to COM8.
The determination unit 223 compares the HASH value received by the communication unit 222 with the HASH value (calculated value) calculated by the HASH calculation logic unit 2114 of the authentication IC 21, and determines whether or not they match.
That is, the HASH calculation logic unit 2114 of the authentication IC 21 performs HASH calculation (one-way calculation) on the secret key stored in the secret key storage area 2115 and the IC unique number of the authentication IC 31 received by the communication unit 222. The HASH value is calculated, and the determination unit 223 collates the HASH value received from the authentication IC 31 with the HASH value calculated by the HASH calculation logic unit 2114 of the authentication IC 21.
res1 (224) is a register for accumulating the HASH value calculated by the HASH calculation logic unit 2114 of the authentication IC 21.
Res2 (225) is a register for accumulating the HASH value received from the authentication IC 31.
 図4及び図5は、マスタ機器2がスレーブ機器3を認証する動作を示す。
 本実施の形態では、マスタ機器2のスレーブ機器3に対する認証を2つの段階に分けている。
 先ず図4に従い、認証IC31が確かに正規品出荷時のICであることを確認し、その後、図5に従いチャレンジ-レスポンス認証を行う。
 図4及び図5の動作はマスタ機器2が通信路24上に新たなスレーブ機器3を検出した際に1度行われる。 4 and 5 show an operation in which the master device 2 authenticates the slave device 3.
In the present embodiment, authentication of the master device 2 with respect to the slave device 3 is divided into two stages.
First, according to FIG. 4, it is confirmed that the authentication IC 31 is indeed an IC at the time of shipment of a genuine product, and then challenge-response authentication is performed according to FIG.
The operations of FIGS. 4 and 5 are performed once when the master device 2 detects a new slave device 3 on the communication path 24.
 図4に先立ち、正規品のマスタ機器2及びスレーブ機器3には出荷時点で秘密鍵が格納されており、かつ、スレーブ機器3の認証IC31の内部に存在する不揮発記憶領域3116には、該ICの固有番号の値と秘密鍵とを引数とするHASH値が格納されているとする。 Prior to FIG. 4, the original master device 2 and the slave device 3 have a secret key stored at the time of shipment, and the non-volatile storage area 3116 existing in the authentication IC 31 of the slave device 3 includes the IC. Assume that a HASH value is stored with the unique number value and secret key as arguments.
 便宜上、図4の動作を認証1段階目、図5の動作を認証2段階目と呼ぶ。
 認証1段階目はチャレンジ-レスポンス認証とは無関係の処理であり、認証2段階目はチャレンジ-レスポンス認証そのものである。
 認証1段階目が必要な理由については後述する。 For convenience, the operation of FIG. 4 is referred to as the first authentication stage, and the operation of FIG. 5 is referred to as the second authentication stage.
The first stage of authentication is processing unrelated to challenge-response authentication, and the second stage of authentication is challenge-response authentication itself.
The reason why the first stage of authentication is necessary will be described later.
 図4の認証1段目について動作を説明する。
 なお、図4、図5とも、動作の主体はマスタ機器上の演算装置22であり、演算装置22の通信部222より発せられる各種コマンドに従い認証IC21及び認証IC31が駆動する。
 新たなスレーブ機器を検出したマスタ機器2では、通信部222が、検出したスレーブ機器3上に存在する認証IC31のIC固有番号を読み出し、この値をチャレンジコードとして、マスタ機器2内の認証IC21に送信する。
 認証IC21では、チャレンジコードである認証IC31のIC固有番号の値と、秘密鍵とを引数としてHASH計算論理部2114においてチャレンジ-レスポンス処理が実行され、HASH計算結果が得られる。
 演算装置22では通信部222が認証IC21からレスポンスコード(HASH計算値)を受取る。
 次に、通信部222が認証IC31内の不揮発記憶領域3116に予め格納されているHASH値を読み出す。
 認証IC31内の不揮発記憶領域3116内のHASH値は出荷時点で予め格納された値であり、判定部223において、先に認証IC21より得られたレスポンスコード(HASH計算値)と、認証IC31から受信したHASH値とを比較する。
 この両者が一致する場合、認証1段階目の処理を終了し、認証2段階目の処理を行う。
 他方、両者が一致しない場合、模造品を検出したこととなり、該スレーブを利用しない。 The operation of the first authentication stage in FIG. 4 will be described.
4 and 5, the operation subject is the arithmetic device 22 on the master device, and the authentication IC 21 and the authentication IC 31 are driven according to various commands issued from the communication unit 222 of the arithmetic device 22.
In the master device 2 that has detected the new slave device, the communication unit 222 reads the IC unique number of the authentication IC 31 existing on the detected slave device 3, and uses this value as a challenge code to the authentication IC 21 in the master device 2. Send.
In the authentication IC 21, challenge-response processing is executed in the HASH calculation logic unit 2114 using the value of the IC unique number of the authentication IC 31 as a challenge code and the secret key as arguments, and a HASH calculation result is obtained.
In the arithmetic device 22, the communication unit 222 receives a response code (HASH calculated value) from the authentication IC 21.
Next, the communication unit 222 reads the HASH value stored in advance in the nonvolatile storage area 3116 in the authentication IC 31.
The HASH value in the nonvolatile storage area 3116 in the authentication IC 31 is a value stored in advance at the time of shipment. The determination unit 223 receives the response code (HASH calculated value) previously obtained from the authentication IC 21 and the authentication IC 31. Compare the HASH value.
If the two match, the first-stage authentication process is terminated and the second-stage authentication process is performed.
On the other hand, if they do not match, it means that a counterfeit has been detected and the slave is not used.
 図5の認証2段階目について動作を説明する。
 先に述べた如く、認証2段階目はいわゆるチャレンジ-レスポンス認証を実施する。
 演算装置22では、判定部223が、チャレンジコードとして乱数値を生成し、通信部222が、マスタ機器2上の認証IC21と、スレーブ機器3上の認証IC31の双方にチャレンジコードを送信する。
 認証IC21及び認証IC31では互いにレスポンスコードを計算するため、両者のレスポンスコードを取得して突き合わせ、等しい値であれば、新規に接続されたスレーブ機器3は正規品であると判断できる。
 認証2段階目において、二者のレスポンスコードが異なる場合、通信路23あるいは通信路24におけるデータ破壊が無ければ、秘密鍵が一致しない場合だけである。 The operation will be described for the second stage of authentication in FIG.
As described above, the so-called challenge-response authentication is performed in the second authentication stage.
In the arithmetic device 22, the determination unit 223 generates a random value as a challenge code, and the communication unit 222 transmits the challenge code to both the authentication IC 21 on the master device 2 and the authentication IC 31 on the slave device 3.
Since the authentication IC 21 and the authentication IC 31 calculate the response codes of each other, the two response codes are acquired and matched, and if the values are equal, the newly connected slave device 3 can be determined to be a genuine product.
If the response codes of the two parties are different at the second stage of authentication, there is only a case where the secret keys do not match if there is no data destruction in the communication path 23 or the communication path 24.
 認証1段階目では、秘密鍵の値の正しさと、認証IC自体が正規品出荷時のものであるかどうかを確認している。
 この理由は、機器認証を物理的にも論理的にも行うためである。
 チャレンジ-レスポンス認証は互いに共有する秘密鍵の正しさをもって相手を認証する方式であるが、論理的な計算に閉じており物理情報との関連性が無い。
 そのため、仮に攻撃者が、正規品のマスタ機器と模造品のスレーブ機器を有しており、正規品マスタ機器上の認証ICを初期状態のままの市販品認証ICと取り替え、かつ模造品スレーブ機器にも同様に、初期状態のままの市販品認証ICを取り付けたとする。
 即ち、図1の構成で、認証IC21及び認証IC31が市販品購入時の初期状態のままとする。
 この条件でチャレンジ-レスポンス認証のみ実施すると、認証は論理的な情報で閉じており、マスタ機器側もスレーブ機器側も秘密鍵が初期値のまま一致してしまい、認証が成立してしまう。
 ゆえに、認証に物理情報との関連性を持たせ、認証ICの交換で模造品が利用できてしまうことを防ぐために、認証1段階目を実施する必要がある。 In the first stage of authentication, it is confirmed whether the value of the secret key is correct and whether the authentication IC itself is a genuine product.
This is because device authentication is performed both physically and logically.
Challenge-response authentication is a method of authenticating the other party with the correctness of the secret key shared with each other, but is closed to logical calculations and has no relation to physical information.
Therefore, if an attacker has a genuine master device and a counterfeit slave device, the authentication IC on the legitimate master device is replaced with a commercial product authentication IC in its initial state, and a counterfeit slave device. Similarly, it is assumed that a commercial product authentication IC in the initial state is attached.
That is, with the configuration of FIG. 1, the authentication IC 21 and the authentication IC 31 are left in the initial state when a commercial product is purchased.
If only challenge-response authentication is performed under this condition, the authentication is closed with logical information, and the secret key matches with the initial value on both the master device side and the slave device side, and authentication is established.
Therefore, it is necessary to perform the first stage of authentication in order to make the authentication relevant to physical information and prevent the imitation product from being used by exchanging the authentication IC.
 以上の如く、マスタ機器2が新規のスレーブ機器3の接続を検出すると、演算装置22は図4及び図5に従いスレーブ機器の認証処理を行う。
 一連の動作において、マスタ機器2上の認証IC21は秘密鍵の保持とHASH演算の実行を行う意味で重要な役割を有する。
 それゆえに、マスタ機器2は電源投入時、自己の有する認証IC21の正当性を確認し、確認が取れた段階で通常運用状態となり、新規のスレーブ機器3の接続を検出する度に図4、図5に従った認証処理を行うように動作する必要がある。 As described above, when the master device 2 detects the connection of the new slave device 3, the arithmetic device 22 performs the authentication processing of the slave device according to FIGS. 4 and 5.
In a series of operations, the authentication IC 21 on the master device 2 has an important role in terms of holding a secret key and executing a HASH operation.
Therefore, the master device 2 confirms the validity of its own authentication IC 21 when the power is turned on, and enters the normal operation state when the confirmation is obtained. It is necessary to operate so as to perform authentication processing according to 5.
 次に、マスタ機器2上で、自己の有する認証IC21の正当性を確認する動作について述べる。 Next, the operation for confirming the validity of the authentication IC 21 owned by the master device 2 will be described.
 図7はマスタ機器2上の認証IC21の認証動作を述べた図である。
 先に述べた図4及び図5、即ちマスタ機器2がスレーブ機器3の認証を行う動作は、マスタ機器2上の認証IC21が正しく正規品である、という前提でスレーブ機器3上の認証IC31を認証する動作である。
 その動作と比較して、マスタ機器2上の認証IC21の認証は、その時点では正規品であることを担保できる存在(即ち、マスタ-スレーブ間認証における認証IC21)が無い。
 そこで、図4即ち認証1段階目と同様、認証IC21の不揮発記憶領域2116にも、出荷時に予めHASH値を格納しておく。
 このHASH値はやはり認証1段階目と同様、秘密鍵と、認証IC21のIC固有番号の値とを引数とするHASH値とし、装置出荷時点に格納するものである。 FIG. 7 is a diagram illustrating an authentication operation of the authentication IC 21 on the master device 2.
4 and 5 described above, that is, the operation in which the master device 2 authenticates the slave device 3 is performed by the authentication IC 31 on the slave device 3 on the premise that the authentication IC 21 on the master device 2 is correct and genuine. It is an operation to authenticate.
Compared with the operation, the authentication of the authentication IC 21 on the master device 2 does not have an entity that can guarantee that it is a genuine product at that time (that is, the authentication IC 21 in the master-slave authentication).
Therefore, the HASH value is stored in advance in the nonvolatile storage area 2116 of the authentication IC 21 at the time of shipment as in FIG.
Similarly to the first stage of authentication, this HASH value is a HASH value that uses the secret key and the value of the IC unique number of the authentication IC 21 as arguments, and is stored at the time of device shipment.
 認証IC21の認証動作は概ね図4に述べた認証1段階目と同様だが、マスタ機器2にて認証する対象がマスタ機器2上の認証IC21である点が異なる。
 演算装置22の通信部222が、まず認証IC21よりIC固有番号の値(補助IC固有値)を受取り、この値をチャレンジコードとして認証IC21に入力し、レスポンスコード(補助IC算出値)を得る。
 他方、認証IC21の不揮発記憶領域2116には予めHASH値(補助IC照合値)が格納されており、演算装置22の通信部222が、このHASH値を読み出し、判定部223が、先に得たレスポンスコードと突き合わせる。
 もし出荷時の認証IC21であれば、IC固有番号の値は変化していないため、同じHASH値が得られているはずである。
 それゆえ値が一致すれば通常運用状態へ移行し、そうで無い場合は認証ICの交換を検出したこととなり、認証IC21を認証しない。 The authentication operation of the authentication IC 21 is generally the same as that in the first stage of authentication described in FIG. 4 except that the authentication target in the master device 2 is the authentication IC 21 on the master device 2.
The communication unit 222 of the arithmetic device 22 first receives an IC unique number value (auxiliary IC unique value) from the authentication IC 21 and inputs this value as a challenge code to the authentication IC 21 to obtain a response code (auxiliary IC calculated value).
On the other hand, the HASH value (auxiliary IC collation value) is stored in advance in the non-volatile storage area 2116 of the authentication IC 21, the communication unit 222 of the arithmetic device 22 reads out the HASH value, and the determination unit 223 previously obtained. Match the response code.
If it is the authentication IC 21 at the time of shipment, since the value of the IC unique number has not changed, the same HASH value should be obtained.
Therefore, if the values match, it shifts to the normal operation state, and if not, it means that the authentication IC has been exchanged and the authentication IC 21 is not authenticated.
 もしも攻撃者が市販品ICにて認証IC21を交換した場合、元の認証ICの不揮発記憶領域の値は読み出せるため、読み出した値を交換後の認証ICに格納する可能性がある。
 しかしながらIC固有番号が同一ではないため、HASH計算結果は不揮発記憶領域2116に格納された値と異なる。 If the attacker replaces the authentication IC 21 with a commercially available IC, the value in the nonvolatile storage area of the original authentication IC can be read, so the read value may be stored in the replacement authentication IC.
However, since the IC unique numbers are not the same, the HASH calculation result is different from the value stored in the nonvolatile storage area 2116.
 図7に述べた認証IC21の正当性の認証動作では、認証IC21自身に格納されたHASH値と、同じく認証IC21自身が計算して出力した値を用いている。
 模造品を製造する攻撃者が、図2に述べる市販品の認証ICを用いる限りにおいては図7で正当性を確認することが可能であるが、当該ICの替わりに、COM3とCOM7の両方に同じ値を返す何らかの装置を取り付けると図7の認証が成立してしまう。
 しかしながらこの場合、今度はスレーブ機器3との認証の時点で正しく動作しない。
 即ち、模造したマスタ機器に正規のスレーブ機器が接続できないこととなるため、結果的にこの場合も模造品対策が成されている。 In the authenticity authentication operation of the authentication IC 21 described in FIG. 7, the HASH value stored in the authentication IC 21 itself and the value calculated and output by the authentication IC 21 itself are used.
As long as an attacker who manufactures a counterfeit product uses the commercial authentication IC described in FIG. 2, it is possible to confirm the validity in FIG. 7, but instead of the IC, both the COM3 and the COM7 are used. If any device that returns the same value is attached, the authentication shown in FIG. 7 is established.
However, in this case, this time, it does not operate correctly at the time of authentication with the slave device 3.
In other words, since a legitimate slave device cannot be connected to the master device that has been imitated, countermeasures against the imitation product are taken as a result.
 このように、本実施の形態によれば、認証ICにスレーブ用ICのみを用いる安価な構成で、外部から観測できる場所に秘密鍵を置くことなく模造品対策が可能となる。 As described above, according to the present embodiment, it is possible to take counterfeit measures without placing a secret key in a place where it can be observed from the outside, with an inexpensive configuration using only a slave IC as an authentication IC.
 また、本実施の形態によれば、マスタ機器とスレーブ機器の両方の認証ICが取り替えられても模造品対策が可能であり、ゆえに、部品の取替えによる認証機構の回避を防止することが可能となる。 Further, according to the present embodiment, even if the authentication ICs of both the master device and the slave device are replaced, it is possible to take countermeasures against counterfeit products, and therefore it is possible to prevent the authentication mechanism from being avoided by replacing parts. Become.
 また、マスタ機器上の認証ICが確かに正規に取り付けられたものであり、かつ出荷時に取り付けられていた認証ICであること、即ち認証ICの正当性、が重要な意味を持つが、本実施の形態によれば、マスタ機器上の認証ICの正当性を認証することもまた可能である。 In addition, it is important that the authentication IC on the master device is properly attached and is an authentication IC attached at the time of shipment, that is, the validity of the authentication IC. According to this form, it is also possible to authenticate the validity of the authentication IC on the master device.
 以上、本実施の形態では、秘密鍵の漏えいしない模造品対策を、特別な機能を有さない比較的安価な認証ICのみを用いて実現する機構を説明した。
 より具体的には、マスタ機器とスレーブ機器の双方において、マスタ機器上でシステム全体を管理する演算装置から制御可能な位置に認証ICを備え、該認証ICは、データ送受信部と、レスポンスコード保持部と、IC固有番号と、HASH計算論理と、秘密鍵格納領域と、不揮発記憶領域とを備える機構を説明した。
 そして、模造品対策方式として、認証ICの不揮発記憶領域には出荷時に予め秘密鍵とIC固有番号を引数とするHASH計算結果を格納しておき、運用時にマスタ機器が新たなスレーブ機器を検出する毎に、スレーブ機器のIC固有番号と秘密鍵によりHASH計算をマスタ機器の認証ICで再計算すると共に、スレーブ機器の認証ICの内部に備わる不揮発記憶領域から出荷時に格納されたHASH値を読み出し、再計算したHASH値と、読み出したHASH値との一致をもって、スレーブ機器が正規品であるかを認証することを説明した。 As described above, in the present embodiment, the mechanism for realizing counterfeit countermeasures that do not leak the secret key using only a relatively inexpensive authentication IC that does not have a special function has been described.
More specifically, in both the master device and the slave device, an authentication IC is provided at a position that can be controlled from the arithmetic device that manages the entire system on the master device. The authentication IC includes a data transmission / reception unit and a response code holding unit. The mechanism including the section, the IC unique number, the HASH calculation logic, the secret key storage area, and the non-volatile storage area has been described.
As a counterfeit countermeasure method, the HASH calculation result with the secret key and IC specific number as arguments is stored in advance in the nonvolatile storage area of the authentication IC, and the master device detects a new slave device during operation. Each time, the HASH calculation is recalculated by the authentication IC of the master device using the IC unique number and the secret key of the slave device, and the HASH value stored at the time of shipment is read out from the nonvolatile storage area provided in the authentication IC of the slave device, It has been described that the slave device is authenticated as a genuine product by matching the recalculated HASH value with the read HASH value.
 また、前記模造品対策方式には、さらに、マスタ機器上の認証ICが確かに正規に取り付けられたものであり、かつ出荷時に取り付けられていた認証ICであること、即ち認証ICの正当性、を認証することを可能とする方式を含むことを説明した。 Further, the counterfeit product countermeasure method further includes that the authentication IC on the master device is properly attached and is the authentication IC attached at the time of shipment, that is, the validity of the authentication IC, It was explained that it includes a method that makes it possible to authenticate.
 そして、前記模造品対策方式により、マスタ機器とスレーブ機器の両方の認証ICが取り替えられても模造品対策が可能であり、ゆえに、部品の取替えによる認証機構の回避を防止することが可能であることを説明した。 The counterfeit countermeasure method allows counterfeit countermeasures even when the authentication ICs of both the master device and the slave device are replaced. Therefore, it is possible to prevent the authentication mechanism from being avoided by replacing parts. I explained that.
 実施の形態2.
 マスタ機器2上に、認証IC21のIC固有番号以外の固有番号が存在する場合、かつ認証IC21内の不揮発記憶領域2116に2種類のHASH値が格納可能な場合、図7に述べたマスタ機器上の認証ICを認証する手続きを強化することが可能である。
 この処理を図8及び図9に示す。
 この実施の形態では、マスタ機器2上の認証IC21の正当性を認証する処理は2段階で成されるため、図8を認証1段階目、図9を認証2段階目と呼ぶ。
 なお、図4及び図5でも認証1段階目、認証2段階目との用語を用いたが、前記図4、図5はマスタ機器2とスレーブ機器3の間の認証であり、図8及び図9はマスタ機器2上の認証IC21の認証であるため、意味が異なる。
 また、図8は図7と同じ処理であり、その後に図9を行う。
 なお、図9の認証第2段階目を先に行い、次に図8の認証第1段階目を行うようにしてもよい。
 認証第1段階目と認証第2段階目の両方において正当と認証されなければならず、一方の段階で認証されても他方の段階で認証されなければ、認証IC21は正当ではない。 Embodiment 2. FIG.
When a unique number other than the IC unique number of the authentication IC 21 exists on the master device 2 and when two types of HASH values can be stored in the nonvolatile storage area 2116 in the authentication IC 21, It is possible to strengthen the procedure for authenticating other authentication ICs.
This process is shown in FIGS.
In this embodiment, since the process of authenticating the authenticity of the authentication IC 21 on the master device 2 is performed in two stages, FIG. 8 is called the first authentication stage and FIG. 9 is called the second authentication stage.
4 and 5, the terms “first authentication stage” and “second authentication stage” are used. However, FIGS. 4 and 5 show the authentication between the master device 2 and the slave device 3, and FIG. Since 9 is authentication of the authentication IC 21 on the master device 2, the meaning is different.
8 is the same processing as FIG. 7, and FIG. 9 is performed after that.
Note that the second authentication stage in FIG. 9 may be performed first, and then the first authentication stage in FIG. 8 may be performed.
The authentication IC 21 is not valid if it must be authenticated in both the first and second authentication stages, and if it is authenticated in one stage but not in the other stage.
 また、本実施の形態で想定する装置構成を図10に示すと共に、認証ICの構成を図11に示す。
 なお、演算装置22の構成は、図3と同じである。 Further, FIG. 10 shows a device configuration assumed in the present embodiment, and FIG. 11 shows a configuration of the authentication IC.
The configuration of the arithmetic unit 22 is the same as that in FIG.
 図10に述べるASIC25は必ずしもASIC(Application Specific Integrated Circuit)である必要は無く、固有番号251を有する、認証IC21以外の機構であればよい。
 また、ASIC25の位置は通信路24上である必要も無く、演算装置22が固有番号251の値を取得可能であれば良い。
 固有番号251はバックアップ固有値の例であり、ASIC25はバックアップ固有値記憶部の例である。 The ASIC 25 described in FIG. 10 is not necessarily an ASIC (Application Specific Integrated Circuit), and may be a mechanism other than the authentication IC 21 having the unique number 251.
Further, the position of the ASIC 25 does not have to be on the communication path 24, and it is sufficient that the arithmetic device 22 can acquire the value of the unique number 251.
The unique number 251 is an example of a backup unique value, and the ASIC 25 is an example of a backup unique value storage unit.
 図11は図2と同様の認証IC21で、不揮発記憶領域2116として2つの領域#1及び#2が利用可能であり、演算装置22は不揮発記憶領域2116へのアクセス先アドレスの指定により、#1あるいは#2へのアクセスを区別することが可能である。 FIG. 11 shows an authentication IC 21 similar to that in FIG. 2, and two areas # 1 and # 2 can be used as the non-volatile storage area 2116. The arithmetic unit 22 specifies # 1 by specifying the access destination address to the non-volatile storage area 2116. Alternatively, it is possible to distinguish access to # 2.
 図11の不揮発記憶領域#1(21161)及び不揮発記憶領域#2(21162)には、出荷時に予めHASH値を格納する。両者は異なるHASH値である。
 まず、不揮発記憶領域#1(21161)には、図7と同様、認証IC21のIC固有番号と秘密鍵とを引数とするHASH計算の結果を格納する。
 次いで、不揮発記憶領域#2(21162)には、ASICの固有番号251と秘密鍵とを引数とするHASH計算の結果(バックアップ照合値)を格納する。 The HASH value is stored in advance in the nonvolatile storage area # 1 (21161) and the nonvolatile storage area # 2 (21162) in FIG. Both have different HASH values.
First, in the nonvolatile storage area # 1 (21161), as in FIG. 7, the result of the HASH calculation using the IC unique number of the authentication IC 21 and the secret key as arguments is stored.
Next, in the nonvolatile storage area # 2 (21162), the result (backup verification value) of the HASH calculation using the ASIC unique number 251 and the secret key as arguments is stored.
 図8の説明を行う。
 認証1段階目は図7とほとんど同じであり、COM7で不揮発記憶領域#1(21161)を読み出すことのみが異なる。
 しかし格納されている値は図7の不揮発記憶領域に格納された値と同じである。
 図8の認証1段階目でHASH値が一致すれば、図2の認証第2段階目に移行する。 The description of FIG. 8 will be given.
The first stage of authentication is almost the same as that in FIG. 7 except that the nonvolatile storage area # 1 (21161) is read by the COM7.
However, the stored value is the same as the value stored in the non-volatile storage area of FIG.
If the HASH values match at the first authentication stage in FIG. 8, the process proceeds to the second authentication stage in FIG.
 図9の説明を行う。
 図8の認証1段階目では認証IC21が図2に述べる認証ICであるならば、出荷時のICであることの十分な認証となるが、自己認証であるため、図2に述べるICとは異なる機構であるかもしれない。
 それゆえに、認証IC21自身にとって自己と無関係であるASIC25の固有番号251にてHASH値を計算する。 The description of FIG. 9 will be given.
In the first stage of authentication in FIG. 8, if the authentication IC 21 is the authentication IC described in FIG. 2, the authentication at the time of shipment is sufficient, but since it is self-authentication, the IC described in FIG. It may be a different mechanism.
Therefore, the HASH value is calculated using the unique number 251 of the ASIC 25 that is irrelevant to the authentication IC 21 itself.
 演算装置22では、通信部222がASIC25の固有番号251をチャレンジコードとして認証IC21に入力し、固有番号251と秘密鍵に対するHASH値(バックアップ算出値)をレスポンスとして受信し、受信したレスポンスを演算装置22のレジスタにて保持する。
 その後、通信部222は、予め不揮発記憶領域#2(21162)に格納していたHASH値(バックアップ照合値)を読み出し、判定部223が、先のレスポンス(バックアップ算出値)と不揮発記憶領域#2(21162)からのHASH値(バックアップ照合値)と比較する。
 両者が一致すれば、判定部223は、認証IC21は正当であると判断する。 In the computing device 22, the communication unit 222 inputs the unique number 251 of the ASIC 25 as a challenge code to the authentication IC 21, receives the unique number 251 and the HASH value (backup calculated value) for the secret key as a response, and receives the received response as the computing device. It is held in 22 registers.
Thereafter, the communication unit 222 reads the HASH value (backup comparison value) stored in advance in the nonvolatile storage area # 2 (21162), and the determination unit 223 determines the previous response (backup calculated value) and the nonvolatile storage area # 2. Compare with the HASH value (backup verification value) from (21162).
If the two match, the determination unit 223 determines that the authentication IC 21 is valid.
 単純にCOM3とCOM7の応答を同じくする機構では、攻撃者は二段階の認証に対処できず、またマスタ上の認証IC21以外の情報(固有番号251)を用いることから、別のマスタ機器から認証ICを引き剥がして不正修理により流用することも不可能である。 In the mechanism where the responses of COM3 and COM7 are simply the same, the attacker cannot deal with two-step authentication, and since information other than the authentication IC 21 on the master (unique number 251) is used, authentication is performed from another master device. It is impossible to peel off the IC and divert it by unauthorized repair.
 このように、本実施の形態によれば、マスタ機器上の認証IC以外の機構が何らかの固有番号を有する場合、これを用いることで、マスタ機器上の認証ICの正当性を認証する方式を強化することが可能になる。 As described above, according to the present embodiment, when a mechanism other than the authentication IC on the master device has some unique number, a method for authenticating the validity of the authentication IC on the master device is strengthened by using this mechanism. It becomes possible to do.
 以上、本実施の形態では、マスタ装置の認証ICの正当性を認証する方式を説明した。
 より具体的には、マスタ機器上において認証ICのIC固有番号以外の固有番号が存在し、かつ認証IC内の不揮発記憶領域に2種類のHASH値が格納可能な場合に、認証の強度を強化することを可能とする方式を説明した。
 そして、その方式は、認証ICのIC固有番号による認証と、マスタ機器上の固有番号による認証の、2段階によりマスタ機器上の認証ICの正当性を認証するものである。 As described above, in the present embodiment, the method for authenticating the authenticity of the authentication IC of the master device has been described.
More specifically, the strength of authentication is enhanced when a unique number other than the IC unique number of the authentication IC exists on the master device and two types of HASH values can be stored in the nonvolatile storage area in the authentication IC. Explained how to make it possible.
The method authenticates the authenticity of the authentication IC on the master device in two stages, authentication with the IC unique number of the authentication IC and authentication with the unique number on the master device.
 実施の形態3.
 以上の実施の形態1及び実施の形態2では、認証IC21を用いる例を説明したが、本実施の形態では認証IC21を用いることなくスレーブ機器の認証を行う構成を説明する。 Embodiment 3 FIG.
In the first embodiment and the second embodiment described above, the example in which the authentication IC 21 is used has been described. In the present embodiment, a configuration in which the slave device is authenticated without using the authentication IC 21 will be described.
 図12は、本実施の形態に係るマスタ機器2の構成例を示す。
 なお、スレーブ機器3の構成は図1に示す通りであり、また、認証IC31の構成も図2及び図6に示す通りである。 FIG. 12 shows a configuration example of the master device 2 according to the present embodiment.
The configuration of the slave device 3 is as shown in FIG. 1, and the configuration of the authentication IC 31 is also as shown in FIGS.
 図12において、制御部221、通信部222、判定部223、res1(224)、res2(225)は、図3に示したものと同様であり、説明を省略する。
 秘密鍵記憶部226は、認証IC21の秘密鍵格納領域2115と同様の機能である。
 つまり、秘密鍵記憶部226は、スレーブ機器3の認証IC31と秘密に共有している秘密鍵を記憶している。
 また、HASH計算論理部227は、認証IC21のHASH計算論理部2114と同様の機能である。
 つまり、HASH計算論理部227は、認証IC31のHASH計算論理部3114と同じHASH関数を用いてHASH計算を行う。
 なお、HASH計算論理部227は一方向計算部の例である。 In FIG. 12, a control unit 221, a communication unit 222, a determination unit 223, res1 (224), and res2 (225) are the same as those shown in FIG.
The secret key storage unit 226 has the same function as the secret key storage area 2115 of the authentication IC 21.
That is, the secret key storage unit 226 stores a secret key that is secretly shared with the authentication IC 31 of the slave device 3.
The HASH calculation logic unit 227 has the same function as the HASH calculation logic unit 2114 of the authentication IC 21.
That is, the HASH calculation logic unit 227 performs HASH calculation using the same HASH function as the HASH calculation logic unit 3114 of the authentication IC 31.
The HASH calculation logic unit 227 is an example of a one-way calculation unit.
 本実施の形態における演算装置22の動作は、実施の形態1の認証IC21の動作を演算装置22内で行っている点を除けば、実施の形態1と同様である。 The operation of the computing device 22 in the present embodiment is the same as that of the first embodiment except that the operation of the authentication IC 21 of the first embodiment is performed in the computing device 22.
 つまり、認証1段目では、通信部222が、スレーブ機器3の認証IC31から認証IC31のIC固有番号を読み出し、この値をチャレンジコードとしてHASH計算論理部227に送信し、HASH計算論理部227では、認証IC31のIC固有番号の値と、秘密鍵記憶部226の秘密鍵とを引数としてHASH計算を行い、HASH計算値を得る。
 次に、通信部222が認証IC31内の不揮発記憶領域3116に予め格納されているHASH値を読み出す。
 そして、判定部223において、HASH計算論理部227により得られたレスポンスコード(HASH計算値)と、認証IC31から受信したHASH値とを比較する。
 この両者が一致する場合、認証1段階目の処理を終了し、認証2段階目の処理を行う。
 他方、両者が一致しない場合、模造品を検出したこととなり、該スレーブを利用しない。 That is, in the first authentication stage, the communication unit 222 reads the IC unique number of the authentication IC 31 from the authentication IC 31 of the slave device 3, and transmits this value as a challenge code to the HASH calculation logic unit 227. The HASH calculation logic unit 227 Then, HASH calculation is performed using the value of the IC unique number of the authentication IC 31 and the secret key of the secret key storage unit 226 as arguments, and the HASH calculation value is obtained.
Next, the communication unit 222 reads the HASH value stored in advance in the nonvolatile storage area 3116 in the authentication IC 31.
Then, the determination unit 223 compares the response code (HASH calculation value) obtained by the HASH calculation logic unit 227 with the HASH value received from the authentication IC 31.
If the two match, the first-stage authentication process is terminated and the second-stage authentication process is performed.
On the other hand, if they do not match, it means that a counterfeit has been detected and the slave is not used.
 認証2段階目では、判定部223が、チャレンジコードとして乱数値を生成し、通信部222が、HASH計算論理部227とスレーブ機器3上の認証IC31の双方にチャレンジコードを送信する。
 HASH計算論理部227及び認証IC31では互いにレスポンスコードを計算するため、両者のレスポンスコードを取得して突き合わせ、等しい値であれば、新規に接続されたスレーブ機器3は正規品であると判断できる。 In the second stage of authentication, the determination unit 223 generates a random value as a challenge code, and the communication unit 222 transmits the challenge code to both the HASH calculation logic unit 227 and the authentication IC 31 on the slave device 3.
Since the HASH calculation logic unit 227 and the authentication IC 31 calculate the response codes with each other, the response codes of both are acquired and matched, and if they are equal, it can be determined that the newly connected slave device 3 is a genuine product.
 実施の形態3では、実施の形態1及び2のように認証IC21を用いずに、演算装置におけるS/W実装でスレーブ機器の正当性を判断している。
 前述のように、S/W実装の場合はマスタ機器側にてデバッグI/Oからメモリデータが観測され秘密鍵の値が漏えいする可能性があるが、このような秘密鍵の漏えいを防止する機構を設ければ、本実施の形態のように認証IC21を用いなくてもスレーブ機器の正当性を判断することができる。 In the third embodiment, the authenticity of the slave device is determined by the S / W implementation in the arithmetic device without using the authentication IC 21 as in the first and second embodiments.
As described above, in the case of S / W implementation, there is a possibility that the memory data is observed from the debug I / O on the master device side and the secret key value may be leaked, but such secret key leakage is prevented. If a mechanism is provided, the legitimacy of the slave device can be determined without using the authentication IC 21 as in this embodiment.
 以上、本実施の形態では、認証IC21を用いないでスレーブ機器3の正当性を判断断する構成を説明した。 As described above, in the present embodiment, the configuration in which the validity of the slave device 3 is determined without using the authentication IC 21 has been described.
 最後に、実施の形態1~3に示したマスタ機器2のハードウェア構成例について説明する。
 マスタ機器2は、図1等に示すように演算装置22を含む装置であればよく、前述のプリンタのほか、パーソナルコンピュータ等のコンピュータ、コピー機、携帯電話機、カーナビゲーション装置、各種組み込み機器等の情報機器が想定される。
 図13は、実施の形態1~3に示すマスタ機器2のハードウェア資源の一例を示す図である。
 なお、図13の構成は、あくまでもマスタ機器2のハードウェア構成の一例を示すものであり、マスタ機器2のハードウェア構成は図13に記載の構成に限らず、他の構成であってもよい。 Finally, a hardware configuration example of the master device 2 shown in the first to third embodiments will be described.
The master device 2 may be any device including the arithmetic unit 22 as shown in FIG. 1 and the like. In addition to the above-described printer, a computer such as a personal computer, a copy machine, a mobile phone, a car navigation device, various embedded devices, etc. Information equipment is assumed.
FIG. 13 is a diagram illustrating an example of hardware resources of the master device 2 described in the first to third embodiments.
Note that the configuration of FIG. 13 is merely an example of the hardware configuration of the master device 2, and the hardware configuration of the master device 2 is not limited to the configuration described in FIG. 13 and may be other configurations. .
 図13において、マスタ機器2は、プログラムを実行するCPU911(Central Processing Unit、中央処理装置、処理装置、マイクロプロセッサ、マイクロコンピュータ、プロセッサともいう)を備えている。
 CPU911は演算装置22に相当する。
 CPU911は、バス912を介して、認証IC906に接続されている。認証IC906は、図1等の認証IC21に相当する。 In FIG. 13, the master device 2 includes a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program.
The CPU 911 corresponds to the arithmetic device 22.
The CPU 911 is connected to the authentication IC 906 via the bus 912. The authentication IC 906 corresponds to the authentication IC 21 in FIG.
 また、マスタ機器2が情報機器であれば、例えば、ROM(Read Only Memory)913、RAM(Random Access Memory)914、通信ボード915、表示装置901、キーボード902、マウス903、FDD904(Flexible Disk Drive)、コンパクトディスク装置905(CDD)、磁気ディスク装置920と接続され、これらのハードウェアデバイスを制御する。
 通信ボード915は、有線通信、無線通信のいずれに対応していてもよく、例えば、LAN(ローカルエリアネットワーク)、インターネット、WAN(ワイドエリアネットワーク)、SAN(ストレージエリアネットワーク)などに接続されていても構わない。
 磁気ディスク装置920には、オペレーティングシステム921(OS)、ウィンドウシステム922、プログラム群923、ファイル群924が記憶されていてもよい。
 プログラム群923のプログラムは、CPU911が実行する。 Further, if the master device 2 is an information device, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, an FDD 904 (Flexible Disk Drive). These are connected to a compact disk device 905 (CDD) and a magnetic disk device 920 to control these hardware devices.
The communication board 915 may support either wired communication or wireless communication. For example, the communication board 915 is connected to a LAN (local area network), the Internet, a WAN (wide area network), a SAN (storage area network), or the like. It doesn't matter.
The magnetic disk device 920 may store an operating system 921 (OS), a window system 922, a program group 923, and a file group 924.
The programs in the program group 923 are executed by the CPU 911.
 プログラム群923には、実施の形態1~3の説明において「~部」(認証ICに含まれているものを除く)として説明している機能を実行するプログラムが記憶されている。プログラムは、CPU911により読み出され実行される。 The program group 923 stores a program for executing the function described as “-unit” (excluding those included in the authentication IC) in the description of the first to third embodiments. The program is read and executed by the CPU 911.
 また、実施の形態1~3の説明において「~部」として説明しているものは、「~回路」、「~装置」、「~機器」であってもよく、また、「~ステップ」、「~手順」、「~処理」であってもよい。
 すなわち、実施の形態1~3で説明したフローチャートに示すステップ、手順、処理により、本発明に係る情報処理方法を実現することができる。 In the description of the first to third embodiments, what is described as “to part” may be “to circuit”, “to device”, “to device”, and “to step” It may be “˜procedure” or “˜processing”.
That is, the information processing method according to the present invention can be realized by the steps, procedures, and processes shown in the flowcharts described in the first to third embodiments.
 1 認証IC、2 マスタ機器、3 スレーブ機器、11 データ送受信部、12 レスポンスコード保持部、13 IC固有番号格納部、14 HASH計算論理部、15 秘密鍵格納領域、16 不揮発記憶領域、21 認証IC、22 演算装置、23 通信路、24 通信路、25 ASIC、31 認証IC、221 制御部、222 通信部、223 判定部、224 res1、225 res2、251 固有番号、2111 データ送受信部、2112 レスポンスコード保持部、2113 IC固有番号格納部、2114 HASH計算論理部、2115 秘密鍵格納領域、2116 不揮発記憶領域、3111 データ送受信部、3112 レスポンスコード保持部、3113 IC固有番号格納部、3114 HASH計算論理部、3115 秘密鍵格納領域、3116 不揮発記憶領域。 1 authentication IC, 2 master device, 3 slave device, 11 data transmission / reception unit, 12 response code holding unit, 13 IC unique number storage unit, 14 HASH calculation logic unit, 15 secret key storage region, 16 non-volatile storage region, 21 authentication IC , 22 arithmetic unit, 23 communication channel, 24 communication channel, 25 ASIC, 31 authentication IC, 221 control unit, 222 communication unit, 223 determination unit, 224 res1, 225 res2, 251 unique number, 2111 data transmission / reception unit, 2112 response code Holding part, 2113 IC unique number storage part, 2114 HASH calculation logic part, 2115 private key storage area, 2116 non-volatile storage area, 3111 data transmission / reception part, 3112 response code holding part, 3113 IC unique number storage part, 3114 H SH calculation logic, 3115 secret key storage area, 3116 the non-volatile memory area.

Claims (13)

  1.  IC(Integrated Circuit)から、ICごとに固有のIC固有値と、照合のための照合値を受信する通信部と、
     秘密鍵を記憶する秘密鍵記憶部と、
     前記秘密鍵記憶部に記憶されている前記秘密鍵と前記通信部により受信された前記IC固有値に対して一方向計算を行う一方向計算部と、
     前記通信部により受信された前記照合値と前記一方向計算部により算出された算出値とを照合し、前記照合値と前記算出値とが一致するか否かを判定する判定部とを有することを特徴とする情報処理装置。     A communication unit that receives an IC specific value unique to each IC and a matching value for matching from an IC (Integrated Circuit);
    A secret key storage unit for storing the secret key;
    A one-way calculation unit for performing one-way calculation on the secret key stored in the secret key storage unit and the IC eigenvalue received by the communication unit;
    A determination unit that compares the collation value received by the communication unit with the calculation value calculated by the one-way calculation unit and determines whether the collation value and the calculation value match; An information processing apparatus characterized by the above.
  2.  前記通信部は、
     前記情報処理装置以外の認証対象物に設けられている認証対象ICから、前記認証対象ICに予め格納されているIC固有値及び照合値を認証対象IC固有値及び認証対象IC照合値として受信し、
     前記一方向計算部は、
     前記秘密鍵記憶部に記憶されている前記秘密鍵と前記通信部により受信された前記認証対象IC固有値に対して一方向計算を行い、
     前記判定部は、
     前記認証対象IC照合値と前記一方向計算部による算出値とを照合し、前記認証対象IC照合値と前記算出値とが一致しない場合に前記認証対象物を認証しないことを特徴とする請求項1に記載の情報処理装置。     The communication unit is
    From an authentication target IC provided in an authentication target other than the information processing apparatus, an IC specific value and a verification value stored in advance in the authentication target IC are received as an authentication target IC specific value and an authentication target IC verification value.
    The one-way calculation unit
    Perform one-way calculation on the authentication target IC eigenvalue received by the secret key and the communication unit stored in the secret key storage unit,
    The determination unit
    The authentication target IC verification value is compared with a value calculated by the one-way calculation unit, and the authentication target is not authenticated when the authentication target IC verification value does not match the calculated value. The information processing apparatus according to 1.
  3.  前記秘密鍵記憶部に記憶されている前記秘密鍵と同じ秘密鍵と前記認証対象IC固有値に対して前記一方向計算部と同じ一方向計算が行われて算出された値が前記認証対象IC照合値として受信された場合に、前記判定部により前記認証対象IC照合値と前記算出値とが一致すると判定されることを特徴とする請求項2に記載の情報処理装置。 A value calculated by performing the same one-way calculation as the one-way calculation unit for the same secret key and the authentication target IC unique value as the secret key stored in the secret key storage unit is the authentication target IC verification. 3. The information processing apparatus according to claim 2, wherein, when received as a value, the determination unit determines that the authentication target IC collation value matches the calculated value. 4.
  4.  前記情報処理装置には、前記秘密鍵記憶部と前記一方向計算部が含まれるICが補助ICとして設けられ、
     前記通信部は、
     受信した前記認証対象IC固有値を前記補助ICの前記一方向計算部に対して送信し、前記補助ICの前記一方向計算部から前記算出値を受信し、
     前記判定部は、
     前記通信部により受信された前記認証対象IC照合値と前記補助ICの前記一方向計算部による前記算出値とを照合することを特徴とする請求項2に記載の情報処理装置。     In the information processing apparatus, an IC including the secret key storage unit and the one-way calculation unit is provided as an auxiliary IC,
    The communication unit is
    The received authentication target IC specific value is transmitted to the one-way calculation unit of the auxiliary IC, and the calculated value is received from the one-way calculation unit of the auxiliary IC,
    The determination unit
    The information processing apparatus according to claim 2, wherein the authentication target IC collation value received by the communication unit is collated with the calculation value by the one-way calculation unit of the auxiliary IC.
  5.  前記情報処理装置には、IC固有値と、照合のための照合値が予め格納されている補助ICが設けられ、
     前記通信部は、
     前記補助ICから前記補助ICのIC固有値を補助IC固有値として受信し、受信した前記補助IC固有値を前記補助ICの前記一方向計算部に対して送信し、前記補助ICの前記一方向計算部から前記補助IC固有値と前記秘密鍵に対して一方向計算が行われて算出された値を補助IC算出値として受信し、更に、前記補助ICから前記補助ICの照合値を補助IC照合値として受信し、
     前記判定部は、
     前記通信部により受信された前記補助IC照合値と前記補助IC算出値とを照合し、前記補助IC照合値と前記補助IC算出値とが一致するか否かを判定することを特徴とする請求項4に記載の情報処理装置。     The information processing device is provided with an auxiliary IC in which an IC eigenvalue and a collation value for collation are stored in advance,
    The communication unit is
    An IC eigenvalue of the auxiliary IC is received as an auxiliary IC eigenvalue from the auxiliary IC, and the received auxiliary IC eigenvalue is transmitted to the one-way calculation unit of the auxiliary IC, from the one-way calculation unit of the auxiliary IC A value calculated by performing one-way calculation on the auxiliary IC unique value and the secret key is received as an auxiliary IC calculated value, and further, a verification value of the auxiliary IC is received from the auxiliary IC as an auxiliary IC verification value. And
    The determination unit
    The auxiliary IC collation value received by the communication unit and the auxiliary IC calculated value are collated, and it is determined whether or not the auxiliary IC collation value matches the auxiliary IC calculated value. Item 5. The information processing apparatus according to Item 4.
  6.  前記判定部は、
     前記補助IC照合値と前記補助IC算出値とが一致しない場合に前記補助ICを認証しないことを特徴とする請求項5に記載の情報処理装置。     The determination unit
    The information processing apparatus according to claim 5, wherein the auxiliary IC is not authenticated when the auxiliary IC collation value does not match the auxiliary IC calculated value.
  7.  前記秘密鍵と前記補助IC固有値に対して前記一方向計算部と同じ一方向計算が行われて算出された値が前記補助IC照合値として受信された場合に、前記判定部により前記補助IC照合値と前記補助IC算出値とが一致すると判定されることを特徴とする請求項5に記載の情報処理装置。 When the value calculated by performing the same one-way calculation as the one-way calculation unit for the secret key and the auxiliary IC eigenvalue is received as the auxiliary IC verification value, the determination unit receives the auxiliary IC verification value. 6. The information processing apparatus according to claim 5, wherein it is determined that a value matches the auxiliary IC calculated value.
  8.  前記情報処理装置には、2つの照合値が補助IC照合値とバックアップ照合値として予め格納されている補助ICが設けられ、
     前記情報処理装置は、更に、
     前記補助IC外で、前記補助IC固有値以外の固有値をバックアップ固有値として記憶するバックアップ固有値記憶部を有し、
     前記通信部は、
     前記補助ICから前記補助IC固有値を受信し、受信した前記補助IC固有値を前記補助ICの前記一方向計算部に対して送信し、前記補助ICの前記一方向計算部から前記補助IC算出値を受信し、前記補助ICから前記補助IC照合値を受信し、更に、前記バックアップ固有値記憶部から前記バックアップ固有値を受信し、受信した前記バックアップ固有値を前記補助ICの前記一方向計算部に対して送信し、前記補助ICの前記一方向計算部から前記バックアップ固有値と前記秘密鍵に対して一方向計算が行われて算出された値をバックアップ算出値として受信し、前記補助ICから前記バックアップ照合値を受信し、
     前記判定部は、
     前記通信部により受信された前記補助IC照合値と前記補助IC算出値とを照合し、前記補助IC照合値と前記補助IC算出値とが一致するか否かを判定し、更に、前記通信部により受信された前記バックアップ照合値と前記バックアップ算出値とを照合し、前記バックアップ照合値と前記バックアップ算出値とが一致するか否かを判定することを特徴とする請求項5に記載の情報処理装置。     The information processing apparatus is provided with an auxiliary IC in which two verification values are stored in advance as an auxiliary IC verification value and a backup verification value,
    The information processing apparatus further includes:
    A backup eigenvalue storage unit for storing eigenvalues other than the auxiliary IC eigenvalues as backup eigenvalues outside the auxiliary IC;
    The communication unit is
    The auxiliary IC eigenvalue is received from the auxiliary IC, the received auxiliary IC eigenvalue is transmitted to the one-way calculation unit of the auxiliary IC, and the auxiliary IC calculated value is transmitted from the one-way calculation unit of the auxiliary IC. Receiving the auxiliary IC collation value from the auxiliary IC, further receiving the backup eigenvalue from the backup eigenvalue storage unit, and transmitting the received backup eigenvalue to the one-way calculation unit of the auxiliary IC A value calculated by performing one-way calculation on the backup unique value and the secret key from the one-way calculation unit of the auxiliary IC as a backup calculation value, and receiving the backup verification value from the auxiliary IC. Receive
    The determination unit
    The auxiliary IC collation value received by the communication unit and the auxiliary IC calculated value are collated to determine whether or not the auxiliary IC collation value and the auxiliary IC calculated value match, and the communication unit 6. The information processing according to claim 5, wherein the backup collation value and the backup calculation value received by the collation are collated to determine whether or not the backup collation value and the backup calculation value match. apparatus.
  9.  前記判定部は、
     前記補助IC照合値と前記補助IC算出値との間の不一致、前記バックアップ照合値と前記バックアップ算出値との不一致の少なくともいずれかがある場合に前記補助ICを認証しないことを特徴とする請求項8に記載の情報処理装置。     The determination unit
    The auxiliary IC is not authenticated when there is at least one of a mismatch between the auxiliary IC verification value and the auxiliary IC calculated value and a mismatch between the backup verification value and the backup calculated value. The information processing apparatus according to 8.
  10.  前記秘密鍵と前記補助IC固有値に対して前記一方向計算部と同じ一方向計算が行われて算出された値が前記補助IC照合値として受信された場合に、前記判定部により前記補助IC照合値と前記補助IC算出値とが一致すると判定され、
     前記秘密鍵と前記バックアップ固有値に対して前記一方向計算部と同じ一方向計算が行われて算出された値が前記バックアップ照合値として受信された場合に、前記判定部により前記バックアップ照合値と前記バックアップ算出値とが一致すると判定されることを特徴とする請求項8に記載の情報処理装置。     When the value calculated by performing the same one-way calculation as the one-way calculation unit for the secret key and the auxiliary IC eigenvalue is received as the auxiliary IC verification value, the determination unit receives the auxiliary IC verification value. It is determined that the value and the auxiliary IC calculated value match,
    When the same one-way calculation as the one-way calculation unit is performed on the secret key and the backup unique value and the calculated value is received as the backup verification value, the determination unit receives the backup verification value and the backup verification value. The information processing apparatus according to claim 8, wherein it is determined that the backup calculation value matches.
  11.  前記補助ICが、
     前記認証対象ICと同じ機構のICであることを特徴とする請求項5に記載の情報処理装置。     The auxiliary IC is
    The information processing apparatus according to claim 5, wherein the information processing apparatus is an IC having the same mechanism as the authentication target IC.
  12.  秘密鍵を記憶している機器が、IC(Integrated Circuit)から、ICごとに固有のIC固有値と、照合のための照合値を受信し、
     前記機器が、前記秘密鍵と受信した前記IC固有値に対して一方向計算を行い、
     前記機器が、受信した前記照合値と前記一方向計算により算出した算出値とを照合し、前記照合値と前記算出値とが一致するか否かを判定することを特徴とする情報処理方法。     A device storing a secret key receives an IC specific value unique to each IC and a verification value for verification from an IC (Integrated Circuit),
    The device performs a one-way calculation on the secret key and the received IC unique value,
    The information processing method, wherein the device collates the received collation value with the calculated value calculated by the one-way calculation, and determines whether or not the collation value and the calculated value match.
  13.  秘密鍵を記憶している機器に、
     IC(Integrated Circuit)から、ICごとに固有のIC固有値と、照合のための照合値を受信する通信処理と、
     前記秘密鍵と前記通信処理により受信された前記IC固有値に対して一方向計算を行う一方向計算処理と、
     前記通信処理により受信された前記照合値と前記一方向計算処理により算出された算出値とを照合し、前記照合値と前記算出値とが一致するか否かを判定する判定処理とを実行させることを特徴とするプログラム。     To the device that stores the secret key,
    A communication process for receiving an IC specific value unique to each IC and a matching value for matching from an IC (Integrated Circuit);
    One-way calculation processing for performing one-way calculation on the secret key and the IC eigenvalue received by the communication processing;
    The collation value received by the communication process is collated with the calculation value calculated by the one-way calculation process, and a determination process for determining whether or not the collation value and the calculation value match is executed. A program characterized by that.
PCT/JP2009/069776 2009-11-24 2009-11-24 Information processing apparatus, information processing method, and program WO2011064833A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2011543000A JP5398845B2 (en) 2009-11-24 2009-11-24 Information processing apparatus and program
PCT/JP2009/069776 WO2011064833A1 (en) 2009-11-24 2009-11-24 Information processing apparatus, information processing method, and program
TW099108855A TWI464616B (en) 2009-11-24 2010-03-25 Apparatus for processing information, and computor program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2009/069776 WO2011064833A1 (en) 2009-11-24 2009-11-24 Information processing apparatus, information processing method, and program

Publications (1)

Publication Number Publication Date
WO2011064833A1 true WO2011064833A1 (en) 2011-06-03

Family

ID=44065957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/069776 WO2011064833A1 (en) 2009-11-24 2009-11-24 Information processing apparatus, information processing method, and program

Country Status (3)

Country Link
JP (1) JP5398845B2 (en)
TW (1) TWI464616B (en)
WO (1) WO2011064833A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220058295A1 (en) * 2020-08-20 2022-02-24 Micron Technology, Inc. Safety and security for memory

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007048297A (en) * 2006-08-17 2007-02-22 Sony Corp Information processor, information processing method and computer program
JP2008059013A (en) * 2006-08-29 2008-03-13 Hitachi Ltd Ic memory and access device for ic memory, and validity verification method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963134A (en) * 1997-07-24 1999-10-05 Checkpoint Systems, Inc. Inventory system using articles with RFID tags
US8254568B2 (en) * 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
JP4618259B2 (en) * 2007-02-16 2011-01-26 ソニー株式会社 Data storage device and data storage method
JP4814993B2 (en) * 2007-03-27 2011-11-16 富士通株式会社 Device to be debugged, authentication program, and debug authentication method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007048297A (en) * 2006-08-17 2007-02-22 Sony Corp Information processor, information processing method and computer program
JP2008059013A (en) * 2006-08-29 2008-03-13 Hitachi Ltd Ic memory and access device for ic memory, and validity verification method

Also Published As

Publication number Publication date
TW201118640A (en) 2011-06-01
JPWO2011064833A1 (en) 2013-04-11
JP5398845B2 (en) 2014-01-29
TWI464616B (en) 2014-12-11

Similar Documents

Publication Publication Date Title
US11301554B2 (en) Secure tamper resistant smart card
EP2979221B1 (en) Systems, methods and apparatuses for secure storage of data using a security-enhancing chip
JPH11506560A (en) How to safely put commands on a smart card
US9118643B2 (en) Authentication and data integrity protection of token
US11522714B2 (en) User apparatus using block chain, block chain system including the same and product information managing method thereof
CN106533687A (en) Identity authentication method and device
CN108399329A (en) A method of improving trusted application safety
US20220038287A1 (en) Protection device and dongle and method for using the same
JP2014505943A (en) System and method for tamper resistant boot processing
CN106156635A (en) Method for starting terminal and device
US20230394130A1 (en) Secure tamper resistant smart card
CN100566253C (en) A kind of method and system of using intelligent key apparatus safely
CN106295404A (en) Integrated SOC based on security kernel
CN110210863A (en) Block chain method for secure transactions, device, electronic equipment and storage medium
CN111160879A (en) Hardware wallet and security improving method and device thereof
WO2006075355A1 (en) Programmable logic controller peripheral device
JP5183517B2 (en) Information processing apparatus and program
KR20140048094A (en) Method for programming a mobile terminal chip
US9177123B1 (en) Detecting illegitimate code generators
JP5398845B2 (en) Information processing apparatus and program
US20230146558A1 (en) Secure Pairing for Payment Devices
JP2021508892A (en) Perfection inspection of electronic devices
US20150052060A1 (en) Plagiarism Protection
US20130311770A1 (en) Tracing device and method
US20230259929A1 (en) Blockchain based identity management for a supply chain of a computerised network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09851625

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2011543000

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09851625

Country of ref document: EP

Kind code of ref document: A1