WO2015119043A1

WO2015119043A1 - Authentication system

Info

Publication number: WO2015119043A1
Application number: PCT/JP2015/052576
Authority: WO
Inventors: 一男 ▲崎▼山; 陽李
Original assignee: 国立大学法人電気通信大学
Priority date: 2014-02-06
Filing date: 2015-01-29
Publication date: 2015-08-13
Also published as: JPWO2015119043A1; JP6348914B2

Abstract

In order to confirm that an RFID is present in the vicinity of an RFID reader/writer, a side channel emitted by the RFID is received and a correlation coefficient is calculated. If the correlation coefficient is at or above a prescribed threshold, the RFID is determined to be an authentic RFID that is actually present in the vicinity of the RFID reader/writer; therefore, cracking using a relay attack can be prevented in advance.

Description

Authentication system

The present invention relates to an authentication system and an authentication method. More specifically, the present invention relates to a robust authentication system with improved resistance to relay attacks.

Currently, wireless communication devices (hereinafter abbreviated as “IC tags”) such as IC cards and RFID (Radio Frequency IDentification) that have ultra-small functions to be authenticated are widely used in the market. These IC tags perform wireless communication with an authentication system having an authentication function. Then, the authentication system acquires individual information from the IC tag and confirms that the IC tag is authentic. Then, the authentication system proceeds to the next process. For example, if the IC tag is an IC card, the next processing in the authentication system is money deposit / withdrawal after confirming that the owner of the IC card is a genuine owner. For example, if the IC tag is RFID, the next processing in the authentication system is permission for distribution after confirming that the product to which the RFID is attached is a genuine product.

Due to advances in information technology, the price of IC tags has been reduced and has become widespread. At the same time, the threat of malicious persons, such as trying to break the authentication function of the authentication system that communicates with the IC tag or trying to invalidate the function to be authenticated of the IC tag, is increasing. This is because the basis of the authentication function is cryptography, and the progress in computing power of an information processing apparatus such as a computer is also used as a technique for breaking the cryptography.
In view of the market situation, the inventors have invented a wireless tag with a limited number of uses, which is disclosed in Patent Document 1 in order to improve resistance to cracking. The invention disclosed in Patent Document 1 has a technical content in which a finite number of data strings are stored in advance in RFID and used for challenge response authentication.

JP 2010-118796 A

One of the cracking methods in the authentication system is a relay attack. The relay attack is an attack method in which an attacker constructs a communication path that can relay communication between an authenticator and a person to be authenticated, and the attacker impersonates the person to be authenticated from a remote location. As a result, even if the attacker is physically separated from the authenticator, the authentication can be successful.

Most of the countermeasures for relay attacks so far are methods for monitoring the communication time between the authenticator and the person to be authenticated. Arithmetic processing and communication processing in a relay attack tend to increase communication response time. For this reason, when the response time of the device to be authenticated is larger than a specific threshold, the authenticator can reject the authentication request in order to prevent the possibility of a relay attack. However, time-based measures are limited. With the evolution of relay devices and communication technologies, the additional response time from relay processing may become an error range, and it is expected that it will become increasingly difficult in the future.

The object of the present invention is to provide a highly robust authentication system that solves such problems and prevents cracking due to relay attacks by adding simple hardware and software.

In order to solve the above-described problem, an authentication system of the present invention includes a device to be authenticated that includes a response value calculation unit that holds a secret key and calculates a response value using a challenge value and a secret key received from outside. A main channel transmission / reception circuit that transmits a challenge value and a response value to the authentication device, and a side channel signal reception circuit that receives a physical change generated by the response value calculation unit in an arithmetic process as an analog side channel signal; And a verification processing unit that verifies the authenticity of the response value received from the main channel transmitting / receiving circuit and verifies the authenticity of the side channel signal received from the side channel signal receiving circuit.

According to the present invention, it is possible to provide a highly robust authentication system that prevents cracking due to a relay attack by adding simple hardware and software.
Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.

FIG. 1 is a block diagram showing the overall configuration of an RFID system 101 according to the first embodiment of the present invention. 2 is a block diagram illustrating a hardware configuration and software functions of an RFID reader / writer. FIG. It is a block diagram which shows the software function of an authentication server, and a figure which shows the field structure of a RFID table. It is a time chart which shows the flow of authentication operation | movement with an authentication server and RFID reader / writer, and RFID. It is a flowchart which shows the flow of the authentication operation | movement in an authentication server and RFID reader / writer. It is a block diagram which shows the software function which illustrated the flow of data of the authentication server. It is a wave form diagram which shows an example of a side channel signal. It is a block diagram which shows the software function of the authentication server based on 2nd embodiment of this invention, and a figure which shows the field structure of a RFID table. It is a flowchart which shows the flow of the authentication operation | movement in an authentication server and RFID reader / writer. It is a block diagram which shows the whole structure of the RFID system based on 3rd embodiment of this invention. It is a block diagram which shows the hardware constitutions and software function of RFID reader-writer based on 3rd embodiment of this invention. It is a block diagram which shows the software function of an authentication server, and a figure which shows the field structure of a RFID table. It is a time chart which shows the flow of authentication operation | movement with an authentication server and RFID reader / writer, and RFID. It is a flowchart which shows the flow of the authentication operation | movement in an authentication server and RFID reader / writer. It is a time chart which shows the flow of the authentication operation | movement with an authentication server and RFID reader / writer, and RFID in the RFID system which concerns on 4th embodiment of this invention. It is a flowchart which shows the flow of the authentication operation | movement in an authentication server and RFID reader / writer.

In this embodiment, an RFID system is disclosed.
One method of cracking in an authentication system is a side channel attack. A side channel attack is the interception of electromagnetic waves generated by arithmetic processing executed by an IC tag such as an IC card or RFID for authentication operation, and guesses the arithmetic processing itself or data used for the arithmetic processing. This is an attack method that analyzes the encryption key. That is, the IC tag emits an electromagnetic wave during the authentication process. This electromagnetic wave is referred to as a side channel as the opposite of the main channel indicating a communication path provided for transmitting main information such as authentication processing.

The RFID system of the present embodiment actively intercepts this side channel signal from the RFID. Then, the intercepted side channel signal is analyzed to determine whether the authentication target is a genuine authentication target. When the side channel signal assumed by the RFID system can be normally received, it can be determined that the authentication target exists in the immediate vicinity of the RFID reader / writer. That is, it can be determined that the authentication process is not a false authentication process based on a relay attack.
The essence of the vulnerability in the relay attack is that the authentication system only verifies the authentication result (main channel), and does not verify that the appropriate person to be authenticated has performed the calculation. The RFID system according to the present embodiment realizes “verification that an appropriate person to be authenticated performs a calculation” by receiving and analyzing a side channel signal issued by the person to be authenticated.

[First Embodiment: Overall Configuration of Authentication System]
FIG. 1 is a block diagram showing the overall configuration of an RFID system 101 according to the first embodiment of the present invention.
The RFID system 101 includes an RFID 102 that is an authentication target device, an RFID reader / writer 103 that performs wireless communication with the RFID 102, and an authentication server 104 that processes and transmits information to and from the RFID 102 through the RFID reader / writer 103.
The authentication server 104 is a general computer. A CPU 105, a ROM 106, a RAM 107, a non-volatile storage 108 such as an HDD, and a serial interface (hereinafter abbreviated as “serial I / F”) 109 such as a USB are connected to the bus 110. The RFID reader / writer 103 is connected to the authentication server 104 through the serial I / F 109. When the computer is a personal computer, the display unit 111 and the operation unit 112 are also connected to the bus 110, but the display unit 111 and the operation unit 112 are not necessarily required.
The authentication server 104 performs wireless communication with the RFID 102 through the RFID reader / writer 103 and acquires ID information of the RFID 102. When it is confirmed that the RFID 102 is a genuine RFID, the authentication result is output to another information processing apparatus or the like (not shown) together with the ID information of the RFID 102, or used for predetermined information processing by the authentication server 104 itself.

The RFID 102 includes an antenna coil L113, a capacitor C114, a modulation unit 115, a demodulation unit 116, a sequence control unit 117, a power supply circuit 118, a response value calculation unit 119, a clock circuit 120, a ROM 121, and a RAM 122.
The antenna coil L113 and the capacitor C114 are connected in parallel to constitute a resonance circuit having the same resonance frequency as the radio wave having the frequency transmitted and received by the RFID reader / writer 103.

The sequence control unit 117 controls the modulation unit 115 and the demodulation unit 116 to operate exclusively.
The power supply circuit 118 includes a rectifier circuit (not shown) and a charging capacitor, rectifies the current of the radio wave obtained from the antenna coil L113, and charges the charging capacitor to provide a power source for operating other circuit blocks. Supply.
The clock circuit 120 supplies a clock signal necessary for the operation of other circuit blocks while receiving power from the power supply circuit 118.
The response value calculation unit 119 performs a predetermined calculation process using the challenge value received from the authentication server 104 through the demodulation unit 116 and temporarily stored in the RAM 122, and the secret key stored in the ROM 121, and the calculation result The response value that is is output. The response value is returned to the authentication server 104 through the modulation unit 115.

The ROM 121 is a nonvolatile memory such as a flash memory or an EEPROM in which ID information for uniquely identifying the RFID 102 itself and data such as a secret key used for challenge response authentication are stored.
On the other hand, the RAM 122 is a well-known volatile memory such as SRAM. The RAM 122 is used for such purposes as temporarily storing a challenge value received from the authentication server 104 and used by the response value calculation unit 119 for calculation processing for challenge response authentication.

[First Embodiment: Hardware Configuration and Software Function of RFID Reader / Writer 103]
FIG. 2A is a block diagram showing a hardware configuration of the RFID reader / writer 103.
In the RFID reader / writer 103, a CPU 201, a ROM 202, a RAM 203, and a serial I / F 204 are connected to a bus 205. Further, a modulation unit 206 and a demodulation unit 207 are connected to the bus 205. A resonance circuit including an antenna coil L208 and a capacitor C209 is connected to the modulation unit 206 and the demodulation unit 207. The antenna coil L208, the capacitor C209, the modulation unit 206, and the demodulation unit 207 constitute a main channel transmission / reception circuit 210.

Further, a quantization processing unit 211 is connected to the bus 205. A resonance circuit including an antenna coil L213 and a capacitor C214 is connected to the quantization processing unit 211 via an A / D converter 212. The antenna coil L213, the capacitor C214, the A / D converter 212, and the quantization processing unit 211 constitute a side channel signal receiving circuit 215.
An analog side channel signal generated from the RFID 102 is received by a resonance circuit including an antenna coil L213 and a capacitor C214, and then digitized (PCM) by an A / D converter 212 to be converted into waveform data. Then, the quantization processing unit 211 extracts necessary information from the waveform data and performs processing for generating reception side channel data. For example, the quantization processing unit 211 performs signal processing such as AM demodulation by arithmetic processing.
Instead of the quantization processing unit 211, an analog circuit may be provided before the A / D converter 212. For example, AM demodulation is performed using a diode and a capacitor. In this case, reception side channel data is generated directly from the A / D converter 212.

FIG. 2B is a block diagram illustrating software functions of the RFID reader / writer 103.
The CPU 201, the ROM 202, the RAM 203, and the serial I / F 204 connected to the bus 205 in FIG. 2A provide a function as the control unit 216.
The control unit 216 is connected to the modulation unit 206 and the demodulation unit 207 of the main channel transmission / reception circuit 210 and the quantization processing unit 211 of the side channel signal reception circuit 215. The control unit 216 controls the modulation unit 206 and the demodulation unit 207 to operate exclusively and performs communication with the authentication server 104.

The main channel transmission / reception circuit 210 of the RFID reader / writer 103 constitutes an interface with the RFID 102 for the authentication server 104. The data transmitted by the authentication server 104 is transmitted to the RFID 102 through the RFID reader / writer 103 almost as it is. Similarly, the data transmitted by the RFID 102 is transmitted to the authentication server 104 through the RFID reader / writer 103 almost as it is.
On the other hand, the side channel signal receiving circuit 215 of the RFID reader / writer 103 digitizes the side channel signal received from the RFID 102 by the A / D converter 212 and performs the predetermined data processing by the quantization processing unit 211. The side channel data is transmitted to the authentication server 104 in real time.

[First Embodiment: Software Function of Authentication Server 104]
FIG. 3A is a block diagram illustrating software functions of the authentication server 104.
FIG. 3B is a diagram showing a field configuration of the RFID table 302.
The control unit 301 receives ID information, a response value, and reception side channel data from the RFID 102 through the RFID reader / writer 103, and transmits a challenge value to the RFID 102 through the RFID reader / writer 103.
Further, the control unit 301 searches the RFID table 302 based on the ID information received from the RFID 102 and acquires a secret key corresponding to the ID information of the RFID 102.
The challenge value generation unit 303 includes a random number generator, and generates a challenge value to be transmitted to the RFID 102.

The response value calculation unit 304 calculates a response value using the secret key obtained by the control unit 301 searching the RFID table 302 and the challenge value generated by the challenge value generation unit 303.
The side channel data generation unit 305 generates side channel model data using the secret key obtained by the control unit 301 searching the RFID table 302 and the challenge value generated by the challenge value generation unit 303. The side channel data generation unit 305 is a program function that imitates the response value calculation unit 119 of the RFID 102 and also imitates a change in current consumption that occurs in the calculation process executed by the response value calculation unit 119 by the calculation process. Then, as a result of the imitation calculation process, original waveform data that imitates a change in current consumption of the response value calculation unit 119 is generated. Further, by applying arithmetic processing equivalent to the quantization processing unit 211 of the RFID reader / writer 103 to the original waveform data, as a result, waveform data similar to the reception side channel data is generated.
Hereinafter, the waveform data generated by the side channel data generation unit 305 is referred to as side channel model data.

The side channel memory 306 temporarily stores reception side channel data received from the RFID 102.
The matching processing unit 307 includes a main channel matching unit 308, a side channel matching unit 309, and a threshold 310.
The main channel matching unit 308 compares the response value received from the RFID 102 with the response value calculated by the response value calculation unit 304 and determines a match / mismatch.
The side channel verification unit 309 calculates a correlation coefficient between the received side channel data received from the RFID 102 and the side channel model data generated by the side channel data generation unit 305. Then, the correlation coefficient is compared with the threshold 310 to determine the level of coincidence of the received side channel data.

The RFID table 302, which can be called an authenticated device table, has an ID information field and a secret key field.
ID information for uniquely identifying the RFID 102 is stored in the ID information field.
A secret key corresponding to the ID information of the RFID 102 is stored in the secret key field.
In the RFID table 302 in the first embodiment, one record is provided for one RFID 102.

[First Embodiment: Operation of Authentication Server 104]
FIG. 4 is a time chart showing a flow of authentication operation between the authentication server 104, the RFID reader / writer 103, and the RFID 102.
The RFID reader / writer 103 continues to transmit a query command until a query response is received from the RFID 102 (S401, S402).
When the RFID 102 comes close to the RFID reader / writer 103, the RFID 102 receives a query command (S403) issued by the RFID reader / writer 103 and returns a query response to the RFID reader / writer 103 (S404).

When recognizing that a query response has been received from the RFID 102, the control unit 301 of the authentication server 104 transmits a command requesting the RFID 102 to transmit ID information (S405). When the RFID 102 receives the command for requesting transmission of the ID information, the RFID 102 returns the ID information through the RFID reader / writer 103 (S406).
When recognizing that the ID information has come from the RFID 102, the control unit 301 of the authentication server 104 activates the challenge value generation unit 303 to generate a challenge value (S407), and transmits the challenge value to the RFID 102 (S408). ). When the RFID 102 receives this challenge value, the response value calculation unit 119 calculates a response value using the received challenge value and the secret key stored in the ROM (S409).

On the other hand, after transmitting the challenge value to the RFID 102 in step S408, the authentication server 104 immediately starts an operation of recording the received side channel data in the side channel memory 306 (S410).
When the response value calculation unit 119 finishes calculating the response value in step S409, the RFID 102 returns this response value through the RFID reader / writer 103 (S411).
Upon receiving the response value, the control unit 301 of the authentication server 104 stops receiving the side channel signal (recording the received side channel data in the side channel memory 306), and the verification processing unit 307 verifies the authenticity of the RFID 102. Determination is made (S412).

FIG. 5 is a flowchart showing a flow of authentication operation in the authentication server 104 and the RFID reader / writer 103.
When the process is started (S501), the RFID reader / writer 103 transmits a query command (S502), and checks whether a query response has been received (S503). If there is no query response (NO in S503), the RFID reader / writer 103 transmits a query command again (S502). That is, the RFID reader / writer 103 repeats transmission of a query command until a query response is received from the RFID 102 (YES in S503) (S401 and S402 in FIG. 4).

When a query response is received from the RFID 102 (YES in S503), the control unit 301 of the authentication server 104 transmits a command requesting the RFID 102 to transmit ID information (S504 = S405 in FIG. 4). Then, the control unit 301 of the authentication server 104 checks whether or not the RFID 102 has returned ID information through the RFID reader / writer 103 (S505 = S406 in FIG. 4). The control unit 301 of the authentication server 104 waits for a reply of ID information (NO in S505).

When the ID information is returned from the RFID 102 (YES in S505), the control unit 301 of the authentication server 104 next activates the challenge value generation unit 303 to generate a challenge value. Then, the control unit 301 transmits this challenge value to the RFID 102 (S506 = steps S407 and S408 in FIG. 4). Next, after transmitting the challenge value to the RFID 102 in step S506, the control unit 301 immediately starts an operation of recording the received side channel data in the side channel memory 306 (S507 = step S410 in FIG. 4).
The control unit 301 searches the RFID table 302 based on the ID information received from the RFID 102 at the time of step S505, identifies the record, and acquires a secret key corresponding to the ID information (S508). The control unit 301 passes this secret key to the response value calculation unit 304 together with the challenge value generated in step S506, and causes the response value calculation unit 304 to calculate a response value (S509). Further, the control unit 301 passes this secret key to the side channel data generation unit 305 together with the challenge value, and causes the side channel data generation unit 305 to generate side channel model data (S510).

And the control part 301 confirms whether the response value was returned from RFID102 (S511). When a response value is returned from the RFID 102 (YES in S511), the control unit 301 stops recording the received side channel data in the side channel memory 306 (S512). Then, the control unit 301 activates the collation processing unit 307. The main channel matching unit 308 of the matching processing unit 307 compares the response value received from the RFID 102 with the response value calculated by the response value calculation unit 304, and outputs a match / mismatch result. The side channel verification unit 309 of the verification processing unit 307 calculates a correlation coefficient between the received side channel data received from the RFID 102 and recorded in the side channel memory 306 and the side channel model data created by the side channel data generation unit 305. calculate. Then, the calculated correlation coefficient is compared with the threshold 310 to determine the degree of coincidence between the received side channel data and the side channel model data. Finally, the verification processing unit 307 outputs a logical product of the logical output of the main channel verification unit 308 and the logical output of the side channel verification unit 309 to an output destination such as a predetermined host device (S513 = FIG. 4). In step S412), the series of processing ends (S514).

FIG. 6 is a block diagram illustrating the software function of the authentication server 104 illustrating the data flow. In FIG. 6, in order to clarify the data flow in each functional block, the data flow through the control unit 301 is omitted.
First, when receiving the ID information from the RFID 102, the control unit 301 searches the RFID table 302 to obtain a secret key. This secret key is supplied to the response value calculation unit 304 and the side channel data generation unit 305 together with the challenge value generated by the challenge value generation unit 303. The challenge value is transmitted to the RFID 102.
The response value calculated by the response value calculation unit 304 is supplied to the main channel verification unit 308 together with the response value received from the RFID 102, and a match / mismatch is determined.
After the side channel model data generated by the side channel data generation unit 305 is received from the RFID 102 and supplied to the side channel verification unit 309 together with the received side channel data recorded in the side channel memory 306, the correlation coefficient is calculated. The correlation coefficient is compared with the threshold 310, and the degree of coincidence is determined.
The determination result output from the main channel verification unit 308 and the determination result output from the side channel verification unit 309 are logically AND (authentication determination result) output by the AND gate 601 in the verification processing unit 307 and output destinations of a predetermined host device or the like. Is output.

FIG. 7 is a waveform diagram showing an example of a side channel signal. In FIG. 7, the vertical axis represents signal level (power), and the horizontal axis represents time.
As is well known, the response value calculation unit 304, which is a main component of the RFID 102, is an integrated circuit, and the integrated circuit is an aggregate of CMOS gates. In the CMOS gate, a through current flows only when the logic state changes from true to false and from false to true. The sum total of the through currents is the consumption current of the response value calculation unit 304. The response value calculation unit 304 is driven by a clock output from the clock circuit. As the arithmetic processing inside the response value calculation unit 304 proceeds with the clock, the number of CMOS gates whose logic state changes fluctuates. Then, the consumption current, which is the sum of the through currents, fluctuates for each clock step. That is, the current consumption waveform changes. Due to such factors, the current consumption of the response value calculation unit 304 fluctuates for each clock. Therefore, when an AC component is extracted from the current consumption, an AC waveform as shown in FIG. 7 is formed.

The inventors examined the correlation between the side channel signal and the response value, and found that the waveform of the side channel signal has high uniqueness. That is, for the combination of the secret key and the challenge value, the side channel signal generated by these has high identification ability in principle.
The waveform of the side channel signal can be generated by calculation processing relatively easily by imitating the CMOS gate, which is a component of the response value calculation unit 304, by the program and calculating the current consumption generated by the calculation processing by the program. Is possible. This calculation process is the side channel data generation unit 305. In order to obtain the similarity between analog waveforms by calculation, it is only necessary to convert them into digital data (numerical data string) and calculate the statistical similarity between the numerical data strings. The simplest calculation method for calculating the similarity between numerical data strings is the calculation of a correlation coefficient. Since the correlation coefficient obtained by the calculation is a scalar value, it may be determined whether the similarity of the waveform is sufficiently high as compared with the predetermined threshold 310. This calculation processing is the side channel verification unit 309.

The RFID system 101 according to the first embodiment adds authenticity determination using a side channel signal in addition to challenge response authentication in the main channel, which is a conventional technique. Further, the authentication server 104 obtains not only the presence / absence of the side channel signal generated from the RFID 102 but also the similarity of the side channel signal by calculation processing, and includes this determination result in the authentication determination of the RFID 102. For this reason, even if a malicious third party succeeds in cracking the main channel, cracking of the side channel signal is almost impossible unless reverse engineering of the RFID 102 is performed. Therefore, the RFID system 101 according to the first embodiment realizes extremely high robustness and safety against cracking by a malicious third party.

[Second Embodiment: Software Function of Authentication Server 804]
In the first embodiment, the side channel data generation unit 305 is provided in the authentication server 104, and the side channel model data is generated every time the challenge value generation unit 303 generates a challenge value. However, the side channel data generation unit 305 is not necessarily indispensable. Even if the side channel data generation unit 305 is not provided, side channel authentication can be realized although it is limited.
FIG. 8A is a block diagram showing software functions of the authentication server 804 according to the second embodiment of the present invention.
FIG. 8B is a diagram showing a field configuration of the RFID table 802.
The RFID system according to the second embodiment of the present invention is different only in the software function of the authentication server 104 of the first embodiment, and other components are the same. Therefore, since the components are the same up to FIG. 1, FIG. 2A and FIG. 2B, description thereof will be omitted.

First, before describing the authentication server 804 shown in FIG. 8A, the field configuration of the RFID table 802 will be described with reference to FIG. 8B.
The RFID table 802 includes an ID information field, a secret key field, a challenge value field, a response value field, a side channel model data field, and a used flag field.
The ID information field and the secret key field are the same as the field with the same name in the RFID table 302 of the first embodiment.
A challenge value is stored in the challenge value field.
The response value field stores a response value calculated from the secret key in the secret key field and the challenge value in the challenge value field.
The side channel model data field stores side channel model data generated from the secret key in the secret key field and the challenge value in the challenge value field.
The used flag field stores a flag indicating whether or not the record is used.

In the RFID table 802 according to the second embodiment, a plurality of records corresponding to the required number of uses is provided for one RFID 102. For example, if the RFID 102 is to be used 10 times, 10 records are provided. In these 10 records, the contents of the ID information field are the same, and the contents of the challenge value field, response value field, and side channel model data field are different.
That is, challenge values are generated in advance for a finite number of times of use, and response values and side channel model data corresponding to the challenge values are generated and recorded in the RFID table 802. Then, a used flag in the used flag field is set in the record of the RFID table 802 that has been used after authentication.

Since challenge values, response values, and side channel model data are created in advance and recorded in the RFID table 802, unlike the authentication server 104 of the first embodiment, the authentication server 804 includes a challenge value generation unit 303 and a response. The value calculation unit 304 and the side channel data generation unit 305 are not necessary.
The difference between the authentication server 804 shown in FIG. 8A and the authentication server 104 in the first embodiment is that the challenge value generation unit 303, the response value calculation unit 304, and the side channel data generation unit 305 are omitted. As shown in FIG. 8B, the field configuration of the RFID table 802 is different.

[Second Embodiment: Operation of Authentication Server 804]
FIG. 9 is a flowchart showing a flow of authentication operations in the authentication server 804 and the RFID reader / writer 103.
Steps S901, S902, S903, S904, and S905 are the same as steps S501, S502, S503, S504, and S505 described with reference to FIG.
In step S905, when the ID information is received from the RFID 102 (YES in S905), the control unit 301 searches the RFID table 302 with the ID information, and the used flag field flag is not set, that is, an unused record. get. If there are a plurality of acquired records, one of the records is specified as a record to be used. And a response value, a challenge value, and side channel model data are acquired from the specified record (S906). Then, the challenge value acquired from the record specified in step S906 is transmitted to the RFID 102 (S907). Next, after transmitting the challenge value to the RFID 102 in step S907, the control unit 301 immediately starts an operation of recording the received side channel data in the side channel memory 306 (S908).
Then, the control unit 301 confirms whether or not a response value is returned from the RFID 102 (S909). When the response value is returned from the RFID 102 (YES in S909), the control unit 301 stops recording the received side channel data in the side channel memory 306 (S910). Then, the control unit 301 activates the collation processing unit 307.

The main channel matching unit 308 of the matching processing unit 307 compares the response value received from the RFID 102 with the response value acquired from the record identified in step S906, and outputs a match / mismatch result. The side channel verification unit 309 of the verification processing unit 307 compares the received side channel data received from the RFID 102 and recorded in the side channel memory 306 with the response value acquired from the record identified in step S906, The correlation coefficient with the model data is calculated. Then, the calculated correlation coefficient is compared with the threshold 310 to determine the degree of coincidence between the received side channel data and the side channel model data. Finally, the verification processing unit 307 outputs a logical product signal of the logical output of the main channel verification unit 308 and the logical output of the side channel verification unit 309 to an output destination such as a predetermined host device (S911). Then, the logical value of the used flag field of the record specified in step S906 is set to true. That is, a used flag is set (S912). In this way, a series of processing is completed (S913).

As described above, the authentication server 804 according to the second embodiment is different from the authentication server 104 according to the first embodiment in that the challenge value generation unit 303, the response value calculation unit 304, and the side channel data generation unit 305 are omitted. Yes. The challenge value, response value, and side channel model data are obtained from the RFID table 302. Therefore, the challenge value is acquired from the RFID table 302 instead of the operation of starting the challenge value generation unit 303 and generating the challenge value in step S506 of FIG. 5 (steps S906 and S907). For this reason, before sending the challenge value (S907), it is necessary to search the RFID table 302 with the ID information and specify the record (S906). Further, after the authentication is completed, it is necessary to set a flag on the used record (S912).

The RFID system according to the second embodiment realizes extremely high robustness and safety against cracking by a malicious third party, like the RFID system 101 of the first embodiment, although the number of authentications is limited. The difference between the first embodiment and the second embodiment is whether the challenge value, the response value, and the side channel model data are dynamically generated or statically held in the RFID table 302 and used.
In addition, although step S407 of FIG. 4 describes “challenge value generation or acquisition”, “challenge value generation” indicates an operation of dynamically generating a challenge value by the challenge value generation unit 303 of the first embodiment. “Challenge value acquisition” indicates an operation of statically acquiring a challenge value from the challenge value field of the RFID table 802 of the second embodiment.

[Third Embodiment: Hardware Configuration of RFID System 1001, Hardware Configuration and Software Function of RFID Reader / Writer 1003]
As described in the first embodiment, the inventors have found that the side channel signal has high uniqueness. If the characteristics of the side channel signal are used more actively, not only the role of the challenge response authentication of the main channel but also the identification and authentication of the device to be authenticated and authentication can be realized by the side channel alone. It was judged. Thus, an embodiment in which authentication is performed using only the side channel signal will be described.

FIG. 10 is a block diagram showing the overall configuration of an RFID system 1001 according to the third embodiment of the present invention.
Unlike the RFID 102 of the first embodiment, the RFID 1002 used in the RFID system 1001 according to the third embodiment of the present invention does not include the modulation unit 115 and the sequence control unit 117. The ROM 1021 stores a secret key but does not store ID information. In addition, the RFID system 1001 according to the third embodiment of the present invention uses, instead of the RFID reader / writer 103 of the first embodiment, an RFID reader / writer 1003 that does not have a demodulator that reads the main channel from the RFID 1002.
That is, when the RFID 1002 receives the challenge value from the RFID reader / writer 1003, the response value calculation unit 304 calculates the response value, but there is no modulation unit for transmitting the calculated response value on the main channel. The response value is not transmitted on the main channel. Even if the RFID reader / writer 1003 transmits a response value, the RFID reader / writer 1003 does not receive a response value from the RFID 1002 on the main channel because there is no demodulator for receiving the response value. Further, since the RFID 1002 does not have a function of transmitting information to the RFID reader / writer 1003 through the main channel, the ID information cannot be transmitted. Accordingly, no ID information is stored in the ROM 1021.

FIG. 11A is a block diagram showing a hardware configuration of the RFID reader / writer 1003 according to the third embodiment of the present invention.
FIG. 11B is a block diagram showing software functions of the RFID reader / writer 1003 according to the third embodiment of the present invention.
Unlike the RFID reader / writer 103 of the first embodiment, the RFID reader / writer 1003 used in the RFID system 1001 according to the third embodiment of the present invention does not have the demodulation unit 207. Therefore, a main channel transmission circuit 1110 having only a transmission function for the main channel is provided instead of the main channel transmission / reception circuit 210 of the first embodiment.

[Third embodiment: Software function of authentication server]
FIG. 12A is a block diagram illustrating software functions of the authentication server 1004.
FIG. 12B is a diagram showing a field configuration of the RFID table 302.
The difference between the authentication server 1004 shown in FIG. 12A and the authentication server 104 of the first embodiment is that the verification processing unit 1207 does not include the main channel verification unit 308 and that the timer 1204 and the side channel model table 1202 are different. It is a point provided.
The timer 1204 measures a time sufficient for the RFID 1002 to calculate the response value.
The authentication server 104 of the first embodiment can clearly recognize that the RFID 102 has finished calculating the response value by receiving the response value. However, unlike the authentication server 104 of the first embodiment, the authentication server 1004 according to the third embodiment does not receive the main channel, and thus cannot clearly recognize that the RFID 1002 has finished calculating the response value. Therefore, the timer 1204 is used to obtain the timing for ending the reception of the side channel signal.

The RFID table 302 shown in FIG. 12B has the same field configuration as the RFID table 302 of the first embodiment.
The side channel model table 1202 has an ID information field, a side channel model data field, and a valid flag field.
The ID information field is the same as the field with the same name in the RFID table 302. Therefore, the side channel model table 1202 is linked to the RFID table 302 by the ID information field.
The side channel model data generated by the side channel data generation unit 305 is stored in the side channel model data field.
In the valid flag field, a flag indicating whether or not the correlation coefficient between the side channel model data related to the record and the received side channel data stored in the side channel memory 306 exceeds the threshold 310 is stored. The

[Third Embodiment: Operation of Authentication Server 1004]
FIG. 13 is a time chart showing the flow of authentication operation between the authentication server 1004, the RFID reader / writer 1003, and the RFID 1002.
The RFID reader / writer 1003 continues to transmit a query command until receiving a side channel signal corresponding to the query response from the RFID 1002 (S1301, S1302).
When the RFID 1002 comes close to the RFID reader / writer 1003, the RFID 1002 receives a query command (S403) issued by the RFID reader / writer 1003 and performs a process for returning a query response to the RFID reader / writer 1003 (S1304). Then, the RFID reader / writer 1003 issues a side channel signal in response to the query response return process.
The control unit 301 of the authentication server 1004 recognizes that the RFID 1002 exists in the vicinity of the RFID reader / writer 1003 by receiving a side channel signal corresponding to the query response from the RFID 1002 (S1305).

When the control unit 301 of the authentication server 1004 recognizes that the side channel signal corresponding to the query response has been received from the RFID 1002, it activates the challenge value generation unit 303 to generate a challenge value, and transmits the challenge value to the RFID 1002. To do. At this time, the timer 1204 is started (S1306). When the RFID 1002 receives this challenge value, the response value calculation unit 119 calculates a response value using the received challenge value and the secret key stored in the ROM (S1307).

On the other hand, the authentication server 1004 starts the operation of recording the received side channel data in the side channel memory 306 immediately after transmitting the challenge value to the RFID 1002 in step S1307. Further, based on the challenge value generated in step S1307, the side channel model data is calculated and recorded for the record in which the valid flag is set in the side channel model table 1202 (S1308).
When recognizing that the timer 1204 has timed a predetermined time, the control unit 301 stops the timer 1204 and stops recording the received side channel data in the side channel memory 306. Then, the matching processing unit 1207 calculates a correlation coefficient between the side channel model data and the reception side channel data of the record for which the valid flag is set in the side channel model table 1202, and compares the correlation coefficient with the threshold 310. Then, the flag in the valid flag field of the record that does not exceed the threshold 310 in the side channel model table 1202 is lowered (S1309).
The processing from step S1306 to step S1310 can hardly specify one record with a valid flag field of the side channel model table 1202 as one. Therefore, the processing from step S1306 to step S1309 is repeated (S1310 to S1313), the record of the side channel model table 1202 is finally specified, and the ID information and the result of the authentication determination are output to a predetermined host device (S1314). ).

FIG. 14 is a flowchart showing a flow of authentication operations in the authentication server 1004 and the RFID reader / writer 1003.
When the process is started (S1401), the RFID reader / writer 1003 transmits a query command (S1402). The authentication server 1004 receives the side channel signal and confirms whether or not the side channel signal corresponding to the query response has been received (S1403). If the side channel signal corresponding to the query response cannot be received (NO in S1403), the authentication server 1004 causes the RFID reader / writer 1003 to transmit a query command again (S1402). That is, the authentication server 1004 and the RFID reader / writer 1003 repeat the transmission of the query command until the side channel signal corresponding to the query response can be received from the RFID 1002 (YES in S1403) (S1301 and S1302 in FIG. 13).

When recognizing that the side channel signal corresponding to the query response has been received from the RFID 1002 (YES in S1403), the control unit 301 activates the challenge value generation unit 303 to generate a challenge value. Then, the control unit 301 transmits this challenge value to the RFID 1002. At the same time, the timer 1204 is started (S1405 = step S1306 in FIG. 13).
Next, after transmitting the challenge value to the RFID 1002 in step S1405, the control unit 301 immediately starts the operation of recording the received side channel data in the side channel memory 306. Also, based on the challenge value generated in step S1405, side channel model data is calculated and recorded for the record in which the valid flag is set in the side channel model table 1202 (S1407 = step S1308 in FIG. 13).

Then, the control unit 301 monitors the timer 1204 to confirm whether or not the specified time has elapsed (S1408). When the specified time has elapsed (YES in S1408), the control unit 301 stops the timer 1204 (S1409), and stops recording the received side channel data in the side channel memory 306 (S1410). Then, the control unit 301 activates the collation processing unit 1207. The side channel matching unit 309 of the matching processing unit 1207 calculates the correlation coefficient between the side channel model data and the received side channel data of the record for which the valid flag is set in the side channel model table 1202, and compares it with the threshold 310. . Then, the flag in the valid flag field of the record that does not exceed the threshold 310 in the side channel model table 1202 is lowered (S1411).
The control unit 301 checks whether or not there are more than 1 records in the side channel model table 1202 in which the valid flag field is true (S1412). If there are two or more records in which the valid flag field is true (YES in S1412), the processing is repeated from the side step S1405. In this way, the processing from step S1405 to step S1412 is repeated until there is one record in the side channel model table 1202 where the valid flag field is true.

Finally, when the loop from step S1405 to step S1412 is exited, there are only one case where the valid flag field of the side channel model table 1202 is true and there is no record at all. When there is one record in the side channel model table 1202 in which the valid flag field is true, it can be seen that the record is an RFID 1002 record, and that the RFID 1002 that has received the side channel signal is an authentic RFID. If there is no record in which the valid flag field of the side channel model table 1202 is true, it can be seen that the RFID 1002 that has received the side channel signal is not a genuine RFID. The control unit 301 outputs the determination result to a predetermined host device (S1413), and ends a series of processing (S1414).

The side channel signal is an analog signal. However, this analog signal is a signal waveform resulting from the time transition of power consumption generated by the calculation process of the response value calculation unit 304, and if the response value calculated by the response value calculation unit 304 has uniqueness, Channel signals are also inherently unique. Accordingly, the matching processing unit 1207 calculates all correlation coefficients between the received side channel data and the side channel model data for all the records in the RFID table 302 and compares the correlation coefficient with the threshold 310. Since a correlation coefficient between analog signal waveforms is calculated, it is difficult to specify a record at one time. Therefore, this round robin and narrowing down are repeated several times to specify only one record in the RFID table 302.
That is, the identification and authentication of the RFID 1002 can be performed in this way using only the side channel signal.

[Fourth Embodiment: Operation of Authentication Server 1004]
In the third embodiment, the RFID 1002 is specified and authenticated only by the side channel signal. As a premise of this, it is necessary to recognize that the RFID 1002 is close to the RFID reader / writer 1003, that is, a trigger to record the received side channel data in the side channel memory 306.
In order to recognize that the RFID 1002 is close to the RFID reader / writer 1003 only by the side channel signal, a query command is used in the third embodiment. The RFID reader / writer 1003 issues a query command, and the RFID reader / writer 1003 receives a side channel signal generated from the response value calculation unit 304 of the RFID 1002 in accordance with the query response calculation process, and the RFID 1002 is in proximity to the RFID reader / writer 1003 Recognized.
As a method for recognizing that the RFID 1002 is close to the RFID reader / writer 1003 only by the side channel signal, a challenge value itself for obtaining the side channel signal may be used in addition to the query command.

FIG. 15 is a time chart showing the flow of authentication operation between the authentication server 1004 and the RFID reader / writer 1003 and the RFID 1002 in the RFID system according to the fourth embodiment of the present invention.
In the RFID system of the fourth embodiment, a block diagram (FIGS. 10, 11A) showing a hardware configuration and a block diagram (FIGS. 11B, 12A, 12B) showing software functions are shown in FIG. Since it is the same as the system, explanation with illustration is omitted.
The difference between the RFID system of the fourth embodiment and the RFID system 1001 of the third embodiment is that the method for recognizing that the RFID 1002 is close to the RFID reader / writer 1003 is different. In the third embodiment, a query command is transmitted from the RFID reader / writer 1003 to recognize that the RFID 1002 has approached the RFID reader / writer 1003. In contrast, in the fourth embodiment, the RFID reader / writer 1003 transmits the challenge value from the RFID reader / writer 1003 instead of the query command, and verifies whether or not a valid side channel signal has been received. It is a point that recognizes the proximity. That is, the main channel data transmitted from the RFID reader / writer 1003 is only the challenge value.

The difference between the time chart shown in FIG. 15 and the time chart of the third embodiment shown in FIG. 13 is that a query command is transmitted in the third embodiment (S1301, S1302), whereas the fourth embodiment is different from the time chart shown in FIG. Then, the challenge value is transmitted.
The control unit 301 of the authentication server 1004 activates the challenge value generation unit 303 to generate a challenge value, transmits the challenge value through the RFID reader / writer 1003, and activates the timer 1204 (S1501). Next, after transmitting the challenge value in step S1501, the control unit 301 immediately starts an operation of recording the received side channel data in the side channel memory 306. Further, based on the challenge value generated in step S1501, side channel model data is calculated and recorded for the record in which the valid flag is set in the side channel model table 1202 (S1502).
Then, the control unit 301 monitors the timer 1204 to check whether or not a specified time has elapsed. When the specified time has elapsed, the control unit 301 stops the timer 1204 and stops recording the received side channel data in the side channel memory 306 (S1503). At this time, if valid reception side channel data is not recorded in the side channel memory 306, the control unit 301 determines that the RFID 1002 is not in proximity to the RFID reader / writer 1003. Therefore, the processing is repeated from the generation of the challenge location again (S1504, S1505, S1506).
The processing from step S1507 to S1515 is the same as the processing from step S1306 to S1314 in FIG.

FIG. 16 is a flowchart showing a flow of authentication operations in the authentication server 1004 and the RFID reader / writer 1003.
The flowchart shown in FIG. 16 differs from the flowchart of the third embodiment shown in FIG. 14 in that the third embodiment transmits a query command (S1402) and confirms reception of a side channel signal corresponding to the query response. (S1403), but this processing has been eliminated. Instead, after the recording of the reception side channel data in the side channel memory 306 is stopped (S1608), it is confirmed whether or not valid reception side channel data is recorded in the side channel memory 306 (S1609). Have been added. Steps S1602 to S1608 are the same as steps S1404 to S1410 in FIG. 14, and steps S1610 to S1613 are the same as steps S1411 to S1414 in FIG.

In the fourth embodiment, only the challenge value is transmitted from the RFID reader / writer 1003. In the fourth embodiment, as in the third embodiment, the RFID 1002 can be specified and authenticated only by the side channel signal.
In the third embodiment and the fourth embodiment, a high computing capability is required for the authentication server. However, when the inventors conducted an experiment, when the RFID table 302 is about several hundred thousand records, the calculation of the side channel model data for all records and the calculation of the correlation coefficient by brute force are performed on a commercially available personal computer. It was completed in about 1 second. Therefore, the RFID system according to the third embodiment and the fourth embodiment can be sufficiently realized by reinforcing the computing capability by the current cloud technology.

In addition to the embodiment described above, the following application examples (a) to (d) are conceivable.
(A) The method of emitting a side channel signal is not limited to electromagnetic waves. It is only necessary that the waveform of the current flowing through the response value calculation unit 304 can be transmitted in an analog manner. For example, the current flowing through the response value calculation unit 304 is detected and amplified by an operational amplifier or the like, and the obtained analog signal is converted into multi-color modulation such as intensity of light or color map, such as an LED or a liquid crystal display. Light is emitted from the illuminant. The side channel signal may be obtained by photographing the light emitted from the light emitter with a digital camera or the like.
In the case of a contact type IC card having electrodes, the current can be easily detected from the power supply line. A precise side channel signal can be detected by directly detecting a change in current.

(B) In the third embodiment and the fourth embodiment, the calculation of the side channel model data for the record in which the valid flag field of the RFID table 302 is true, and the calculation of the correlation coefficient based on the received side channel data and the brute force are effective. Repeat until the flag record is true and the last record becomes one. The calculation processing load increases cumulatively as the number of records in the RFID table 302 increases, and as a result, the time required for the authentication processing increases. As a method for shortening the authentication processing time, it is conceivable to change the resolution of the reception side channel data between the first calculation process and the second and subsequent calculation processes.
For example, the first calculation process includes setting the sampling frequency of the A / D converter 212 of the RFID reader / writer 1003 to a low one, reducing the number of sample bits of the A / D converter 212, and the like. By reducing the amount of received side channel data, the time required for the arithmetic processing can be shortened. Of course, when the data amount of the received side channel data is reduced, it is necessary to apply the same treatment to the side channel model data.

(C) The authentication server 104 of the first embodiment and the side channel data generation unit 305 in the authentication server 1004 of the third and fourth embodiments generate side channel data by simulation calculation using software. On the other hand, the side channel data may be generated using hardware instead of simulation calculation. That is, the response value calculation unit 119 itself mounted on the actual RFID 102 is provided in the authentication server, current consumption of the response value calculation unit 119 is detected, A / D converted, and a predetermined value such as the quantization processing unit 211 The side channel model data is obtained through the filtering process. In particular, in the case of the third and fourth embodiments, it is possible to obtain a large amount of side channel model data in a short time by processing a large number of response value calculation units 119 in parallel.

(D) In the authentication server 1004 of the third and fourth embodiments, the timing for ending the reception of the side channel signal is obtained using the timer 1204. Instead of this timer, it is also possible to confirm the start and end of reception of the side channel signal from the waveform pattern of the reception side channel data. If the waveform pattern recognition process is used, the timer 1204 becomes unnecessary.

As described above, the RFID system 101 according to the first embodiment and the second embodiment receives the side channel signal emitted by the RFID 102 in order to confirm that the RFID 102 exists in the immediate vicinity of the RFID reader / writer 103. Then, the correlation coefficient between the received side channel data obtained by converting the side channel signal into a digital value and the side channel model data created by the arithmetic processing is taken and compared with the threshold 310. If the correlation coefficient is greater than or equal to the threshold value 310, it can be seen that the RFID 102 is a genuine RFID that exists in the immediate vicinity of the RFID reader / writer 103, so that cracking due to a relay attack can be prevented in advance.
Further, the RFID system 1001 according to the third embodiment and the fourth embodiment receives a side channel signal generated by the RFID 1002 in order to confirm that the RFID 1002 exists in the immediate vicinity of the RFID reader / writer 1003. Then, the correlation coefficient between the received side channel data obtained by converting the side channel signal into a digital value and the side channel model data for all records in the RFID table 302 is taken and compared with the threshold 310 in the round robin. By repeating this process, the record of the RFID table 302 is specified. Identification and authentication of the RFID 1002 are possible only with the side channel signal.

The embodiments of the present invention have been described above. However, the present invention is not limited to the above-described embodiments, and other modifications and application examples are provided without departing from the gist of the present invention described in the claims. including.
For example, the above-described exemplary embodiments are detailed and specific descriptions of the configuration of the apparatus and the system in order to explain the present invention in an easy-to-understand manner, and are not necessarily limited to those having all the configurations described. . Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Moreover, it is also possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
Each of the above-described configurations, functions, processing units, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Further, each of the above-described configurations, functions, and the like may be realized by software for interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function is stored in a memory, a hard disk, a volatile or non-volatile storage such as an SSD (Solid State Drive), or a recording medium such as an IC card or an optical disk. be able to.
In addition, the control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

DESCRIPTION OF SYMBOLS 101 ... RFID system, 102 ... RFID, 103 ... RFID reader / writer, 104 ... Authentication server, 105 ... CPU, 106 ... ROM, 107 ... RAM, 108 ... Nonvolatile storage, 109 ... Serial interface, 110 ... Bus, 111 ... Display 112, operation unit, 115, modulation unit, 116 ... demodulation unit, 117 ... sequence control unit, 118 ... power supply circuit, 119 ... response value calculation unit, 120 ... clock circuit, 121 ... ROM, 122 ... RAM, 201 ... CPU, 202 ... ROM, 203 ... RAM, 205 ... bus, 206 ... modulator, 207 ... demodulator, 210 ... main channel transmission / reception circuit, 211 ... quantization processor, 212 ... A / D converter, 215 ... side channel Signal receiving circuit, 216 ... control unit, 301 ... control unit, 302 ... RFID table , 303 ... Challenge value generation unit, 304 ... Response value calculation unit, 305 ... Side channel data generation unit, 306 ... Side channel memory, 307 ... Verification processing unit, 308 ... Main channel verification unit, 309 ... Side channel verification unit, 310 Threshold value 601 AND gate 802 RFID table 804 Authentication server 1001 RFID system 1002 RFID 1003 RFID reader / writer 1004 Authentication server 1021 ROM 1110 Main channel transmission circuit 1202 ... Side channel model table, 1204 ... Timer, 1207 ... Verification processing unit

Claims

A device to be authenticated having a response value calculating unit that holds a secret key and calculates a response value using a challenge value received from the outside and the secret key;
A main channel transmission / reception circuit for transmitting the challenge value and receiving the response value to the device to be authenticated;
A side channel signal receiving circuit that receives a physical change generated by the response value calculation unit in the calculation process as an analog side channel signal;
An authentication system comprising: a verification processing unit that verifies the authenticity of the response value received from the main channel transmission / reception circuit and verifies the authenticity of the side channel signal received from the side channel signal reception circuit.
The collation processing unit is a side channel model generated by arithmetic processing using the received side channel data obtained by converting the side channel signal received from the side channel signal receiving circuit into digital data, the secret key, and the challenge value. The authentication system according to claim 1, wherein similarity with data is calculated and compared with a predetermined threshold value.
The authentication system according to claim 2, wherein the verification processing unit calculates a correlation coefficient between the reception side channel data and the side channel model data.
Furthermore,
A challenge value generator for generating the challenge value;
The authentication system according to claim 3, further comprising: a side channel data generation unit that generates the side channel model data by an arithmetic process using the secret key and the challenge value.
Furthermore,
An ID information field for storing ID information for uniquely identifying the device to be authenticated, a secret key field for storing the secret key, a challenge value field for storing the challenge value, the secret key, and the challenge A side channel model data field in which the side channel model data generated by calculation processing using values is stored, and a used flag field in which flag information indicating whether or not the corresponding record has been used is stored. An authenticated device table having
The fact that the used flag field of the record in the authenticated device table used by the verification processing unit in the authentication process records that it has been used when the authentication process is performed. Authentication system.
A device to be authenticated having a response value calculating unit that holds a secret key and calculates a response value using a challenge value received from the outside and the secret key;
A main channel transmission circuit for transmitting the challenge value to the device to be authenticated;
A side channel signal receiving circuit that receives a physical change generated by the response value calculation unit in the calculation process as an analog side channel signal;
An authenticated device table having an ID information field in which ID information for uniquely identifying the authenticated device is stored; and a secret key field in which the secret key is stored;
For the received side channel data obtained by converting the side channel signal received from the side channel signal receiving circuit into digital data, the secret key and the challenge value stored in the secret key field of all records of the device table to be authenticated are set. An authentication system comprising: a verification processing unit that specifies identification and authenticity of the ID information of the device to be authenticated by specifying a record having the most similar side channel model data generated by arithmetic processing.
The authentication system according to claim 6, wherein the verification processing unit calculates a correlation coefficient between the reception side channel data and the side channel model data.