Device authentication system
First Claim
1. A device authentication system comprising a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server;
- wherein said device authentication server authenticates said terminal device by checking that server-specific information generated by said device authentication server is correctly encrypted by said terminal device using said secret information, whereas said terminal device authenticates said device authentication server by checking that terminal-specific information generated by said terminal device and encrypted using said secret information is correctly decrypted by said device authentication server;
wherein either said terminal device or said device authentication server generates a session key following the authentication, encrypts said session key using said secret information, and transmits the encrypted session key to the other device so as to share said session key therebetween;
wherein said device authentication server using said session key encrypts certificate information for certifying that said terminal device has been authenticated and transmits the encrypted certificate information to said terminal device;
wherein said terminal device acquires said certificate information sent from said device authentication server by decrypting said encrypted certificate information using said session key, and transmits the acquired certificate information to said service server; and
wherein said service server receives said certificate information from said terminal device and transmits the received certificate information to said device authentication server prompting said device authentication server to check that said certificate information is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein is a device authentication system capable of authenticating devices efficiently using the common key system. When a CE device requests service offerings from a service server, the service server in turn requests the CE device to be authenticated by a device authentication server. Given the request, the CE device causes the device authentication server to perform device authentication on that device and transmits the result of the device authentication to the service server. Upon receipt of the device authentication result from the CE device, the service server causes the device authentication server to check that the authentication has been performed correctly and then starts offering services to the CE device. The CE device and device authentication server share a pass phrase, and each of the two parties checks that the other party indeed retains the pass phrase for mutual authentication.
106 Citations
33 Claims
-
1. A device authentication system comprising a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server;
-
wherein said device authentication server authenticates said terminal device by checking that server-specific information generated by said device authentication server is correctly encrypted by said terminal device using said secret information, whereas said terminal device authenticates said device authentication server by checking that terminal-specific information generated by said terminal device and encrypted using said secret information is correctly decrypted by said device authentication server;
wherein either said terminal device or said device authentication server generates a session key following the authentication, encrypts said session key using said secret information, and transmits the encrypted session key to the other device so as to share said session key therebetween;
wherein said device authentication server using said session key encrypts certificate information for certifying that said terminal device has been authenticated and transmits the encrypted certificate information to said terminal device;
wherein said terminal device acquires said certificate information sent from said device authentication server by decrypting said encrypted certificate information using said session key, and transmits the acquired certificate information to said service server; and
wherein said service server receives said certificate information from said terminal device and transmits the received certificate information to said device authentication server prompting said device authentication server to check that said certificate information is valid. - View Dependent Claims (2, 3, 4)
-
-
5. A device authentication server used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said device authentication server comprising:
-
request accepting means for accepting a request for device authentication from said terminal device;
server-specific information transmitting means for transmitting server-specific information generated by said device authentication server to said terminal device from which said request is accepted;
encrypted server-specific information receiving means for receiving from said terminal device said server-specific information encrypted by use of said secret information;
device authenticating means for authenticating said terminal device by checking that the encrypted server-specific information received is correctly decrypted using said secret information;
session key acquiring means for acquiring a session key to be shared with said terminal device, said session key being acquired either by receiving said session key from said terminal device in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said terminal device;
certificate information transmitting means for transmitting to said terminal device certificate information for certifying that said terminal device has been authenticated by said device authenticating means, said certificate information being encrypted using the acquired session key for the transmission; and
certificate information receiving means for receiving said certificate information from said service server which has acquired said certificate information from said terminal device. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A terminal device used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said terminal device comprising:
-
requesting means for requesting device authentication from said device authentication server;
encrypted server-specific information transmitting means for transmitting to said device authentication server server-specific information sent from said device authentication server in response to said request, said server-specific information being encrypted using said secret information for the transmission;
session key acquiring means for acquiring a session key to be shared with said device authentication server, said session key being acquired either by receiving said session key from said device authentication server in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said device authentication server;
certificate information receiving means for receiving from said device authentication server certificate information for certifying that said terminal device has been authenticated by said device authentication server, said certificate information being encrypted using said session key; and
certificate information transmitting means for transmitting the received certificate information to said service server after decrypting the encrypted certificate information using said session key. - View Dependent Claims (12, 13)
-
-
14. A device authentication method for use with a device authentication server used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server;
-
wherein said device authentication server includes request accepting means, server-specific information transmitting means, encrypted server-specific information receiving means, device authenticating means, session key acquiring means, certificate information transmitting means, and certificate information receiving means, said device authentication method comprising the steps of;
causing said request accepting means to accept a request for device authentication from said terminal device;
causing said server-specific information transmitting means to transmit server-specific information generated by said device authentication server to said terminal device from which said request is accepted;
causing said encrypted server-specific information receiving means to receive from said terminal device said server-specific information encrypted by use of said secret information;
causing said device authenticating means to authenticate said terminal device by checking that the encrypted server-specific information received is correctly decrypted using said secret information;
causing said session key acquiring means to acquire a session key to be shared with said terminal device, said session key being acquired either by receiving said session key from said terminal device in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said terminal device;
causing said certificate information transmitting means to transmit to said terminal device certificate information for certifying that said terminal device has been authenticated by said device authenticating means, said certificate information being encrypted using the acquired session key for the transmission; and
causing said certificate information receiving means to receive said certificate information from said service server which has acquired said certificate information from said terminal device. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A device authentication method for use with a terminal device used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server;
-
wherein said terminal device includes requesting means, encrypted server-specific information transmitting means, session key acquiring means, certificate information receiving means, and certificate information transmitting means, said device authentication method comprising the steps of;
causing said requesting means to request device authentication from said device authentication server;
causing said encrypted server-specific information transmitting means to transmit to said device authentication server server-specific information sent from said device authentication server in response to said request, said server-specific information being encrypted using said secret information for the transmission;
causing said session key acquiring means to acquire a session key to be shared with said device authentication server, said session key being acquired either by receiving said session key from said device authentication server in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said device authentication server;
causing said certificate information receiving means to receive from said device authentication server certificate information for certifying that said terminal device has been authenticated by said device authentication server, said certificate information being encrypted using said session key; and
causing said certificate information transmitting means to transmit the received certificate information to said service server after decrypting the encrypted certificate information using said session key. - View Dependent Claims (21, 22)
-
-
23. A device authentication program for operating a device authentication server constituted by a computer and used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said program causing said computer to carry out a procedure comprising:
-
a request accepting function of accepting a request for device authentication from said terminal device;
a server-specific information transmitting function of transmitting server-specific information generated by said device authentication server to said terminal device from which said request is accepted;
an encrypted server-specific information receiving function of receiving from said terminal device said server-specific information encrypted by use of said secret information;
a device authenticating function of authenticating said terminal device by checking that the encrypted server-specific information received is correctly decrypted using said secret information;
a session key acquiring function of acquiring a session key to be shared with said terminal device, said session key being acquired either by receiving said session key from said terminal device in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said terminal device;
a certificate information transmitting function of transmitting to said terminal device certificate information for certifying that said terminal device has been authenticated by said device authenticating means, said certificate information being encrypted using the acquired session key for the transmission; and
a certificate information receiving function of receiving said certificate information from said service server which has acquired said certificate information from said terminal device. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A device authentication program for operating a terminal device constituted by a computer and used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said device authentication program causing said computer to carry out a procedure comprising:
-
a requesting function of requesting device authentication from said device authentication server;
an encrypted server-specific information transmitting function of transmitting to said device authentication server server-specific information sent from said device authentication server in response to said request, said server-specific information being encrypted using said secret information for the transmission;
a session key acquiring function of acquiring a session key to be shared with said device authentication server, said session key being acquired either by receiving said session key from said device authentication server in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said device authentication server;
a certificate information receiving function of receiving from said device authentication server certificate information for certifying that said terminal device has been authenticated by said device authentication server, said certificate information being encrypted using said session key; and
a certificate information transmitting function of transmitting the received certificate information to said service server after decrypting the encrypted certificate information using said session key. - View Dependent Claims (30, 31)
-
-
32. A storage medium which stores in computer-readable fashion a device authentication program for operating a device authentication server constituted by a computer and used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said program causing said computer to carry out a procedure comprising:
-
a request accepting function of accepting a request for device authentication from said terminal device;
a server-specific information transmitting function of transmitting server-specific information generated by said device authentication server to said terminal device from which said request is accepted;
an encrypted server-specific information receiving function of receiving from said terminal device said server-specific information encrypted by use of said secret information;
a device authenticating function of authenticating said terminal device by checking that the encrypted server-specific information received is correctly decrypted using said secret information;
a session key acquiring function of acquiring a session key to be shared with said terminal device, said session key being acquired either by receiving said session key from said terminal device in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said terminal device;
a certificate information transmitting function of transmitting to said terminal device certificate information for certifying that said terminal device has been authenticated by said device authenticating means, said certificate information being encrypted using the acquired session key for the transmission; and
a certificate information receiving function of receiving said certificate information from said service server which has acquired said certificate information from said terminal device.
-
-
33. A storage medium which stores in computer-readable fashion a device authentication program for operating a terminal device constituted by a computer and used in a device authentication system including a terminal device which stores predetermined secret information, a device authentication server which stores said secret information and authenticates said terminal device, and a service server which offers services to said terminal device authenticated by said device authentication server, said device authentication program causing said computer to carry out a procedure comprising:
-
a requesting function of requesting device authentication from said device authentication server;
an encrypted server-specific information transmitting function of transmitting to said device authentication server server-specific information sent from said device authentication server in response to said request, said server-specific information being encrypted using said secret information for the transmission;
a session key acquiring function of acquiring a session key to be shared with said device authentication server, said session key being acquired either by receiving said session key from said device authentication server in encrypted form based on said secret key in order to decrypt the received session key using said secret key, or by generating said session key and encrypting the generated session key using said secret key before transmitting the encrypted session key to said device authentication server;
a certificate information receiving function of receiving from said device authentication server certificate information for certifying that said terminal device has been authenticated by said device authentication server, said certificate information being encrypted using said session key; and
a certificate information transmitting function of transmitting the received certificate information to said service server after decrypting the encrypted certificate information using said session key.
-
Specification