AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, AND AUTHENTICATION CHIP USING COMMON KEY CRYPTOGRAPHY

US 20140181524A1
Filed: 09/06/2013
Published: 06/26/2014
Est. Priority Date: 03/09/2011
Status: Active Grant

First Claim

Patent Images

1. An authentication method for authenticating, by a processor that controls a first device including a first authentication chip, a second device including a second authentication chip, the method comprising:

generating a random number;

transmitting the random number to the first authentication chip and the second authentication chip;

receiving, from the first authentication chip, a first response value obtained by operating a first transform function, which is decided based on a value set in the first authentication chip, for an output value generated by operating an encryption function for performing encryption for an integer stored in the first authentication chip as a secret key and the random number;

receiving, from the second authentication chip, a second response value obtained by operating a second transform function, which is decided based on a value set in the second authentication chip, for the output value generated by operating the encryption function for performing encryption for an integer, which is stored in the second authentication chip as a secret key and is the same as the integer stored in the first authentication chip as the secret key, and the random number; and

authenticating the second device by making a comparison between a value obtained by operating, for the first response value, a third transform function, which is decided based on a number of a difference between the value set in the first authentication chip and the value set in the second authentication chip, and the second response value, or by making a comparison between a value obtained by operating the third transform function for the second response value and the first response value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for authenticating, by a processor that controls a parent device, a child device includes: authenticating the child device by making a comparison between a value obtained by operating, for a first response value, a third transform function, which is decided based on a number of a difference between the value set in an authentication chip of the parent device and the value set in an authentication chip of the child device, and the second response value, wherein a first and a second response values are obtained by operating a first and a second transform functions for output values generated by operating an encryption function for performing encryption for secret keys in authentication chips of the parent device and the child device, respectively.

17 Citations

View as Search Results

14 Claims

1. An authentication method for authenticating, by a processor that controls a first device including a first authentication chip, a second device including a second authentication chip, the method comprising:
- generating a random number;
  
  transmitting the random number to the first authentication chip and the second authentication chip;
  
  receiving, from the first authentication chip, a first response value obtained by operating a first transform function, which is decided based on a value set in the first authentication chip, for an output value generated by operating an encryption function for performing encryption for an integer stored in the first authentication chip as a secret key and the random number;
  
  receiving, from the second authentication chip, a second response value obtained by operating a second transform function, which is decided based on a value set in the second authentication chip, for the output value generated by operating the encryption function for performing encryption for an integer, which is stored in the second authentication chip as a secret key and is the same as the integer stored in the first authentication chip as the secret key, and the random number; and
  
  authenticating the second device by making a comparison between a value obtained by operating, for the first response value, a third transform function, which is decided based on a number of a difference between the value set in the first authentication chip and the value set in the second authentication chip, and the second response value, or by making a comparison between a value obtained by operating the third transform function for the second response value and the first response value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, whereinthe first transform function decided based on the value set in the first authentication chip is a power of a specified function,an exponent of the power is a first exponent decided based on the value set in the first authentication chip,the second transform function decided based on the value set in the second authentication chip is a power of the specified function,an exponent of the power is a second exponent that is decided based on the value set in the second authentication chip and is different from the first exponent,the third transform function decided based on the number of the difference between the value set in the first authentication chip and the value set in the second authentication chip is a power of the specified function, andan exponent of the power is a third exponent equal to an absolute value of a difference between the first exponent and the second exponent.
  - 3. The method according to claim 2, whereinthe specified function is a hash function.
  - 4. The method according to claim 2, whereinthe specified function is a constant bit shift.
  - 5. The method according to claim 2, whereinthe specified function is repetitions of a modulo operation process of a characteristic polynomial in GF(2^m) by the number of bits of a constant after a 1-bit left shift.
  - 6. The method according to claim 1, whereinthe first transform function is decided based on the value set in the first authentication chip, and a shared value, which is an integer preset in common to the second authentication chip, andthe second transform function is decided based on the value set in the second authentication chip, and the shared value.
  - 7. The method according to claim 1, whereinthe first response value is obtained by operating a fourth transform function decided based on a unique value, which is a value unique to the processor, for the output value in addition to the first transform function.
  - 8. The method according to claim 6, whereinthe second transform function decided based on the value set in the second authentication chip and the shared value is an XOR operation with parameters.
  - 9. The method according to claim 6, whereinthe second transform function decided based on the value set in the second authentication chip and the shared value is a modulo operation with parameters.
  - 10. The method according to claim 6, whereinthe second transform function decided based on the value set in the second authentication chip and the shared value is an operation for taking out data values of a width of lowest-order bits of a constant of the hash operation with parameters.
  - 11. The method according to claim 6, whereinthe second transform function decided based on the value set in the second authentication chip and the shared value is a calculation implemented by combining a constant bit shift with parameters, XOR, and a subtraction.
  - 12. The method according to claim 1, whereinthe processor, the first authentication chip, and the second authentication chip are connected by a serial bus for a mutual communication,the authentication chip of the first device and the authentication chip of the second device respectively have a first address and a second address for the communication, anda value set in the authentication chip of the first device and a value set in the authentication chip of the second device are decided respectively based on the first address and the second address.

13. An authentication system where a first device authenticates a second device, comprising:
- a processor, included in the first device, configured to execute a process for generating a random number, for transmitting the random number to a first authentication chip included in the first device and a second authentication chip included in the second device, for respectively receiving a first response value and a second response value as responses to the random number from the first authentication chip and the second authentication chip, and for authenticating the second device by using the first response value and the second response value;
  
  the first authentication chip, connected to the processor, comprisingfirst random number receiver configured to receive the random number,first storage configured to store an integer as a secret key,first encryption calculator configured to generate an output value by operating an encryption function for performing encryption for the integer stored as the secret key and the random number, andfirst response value generator configured to generate the first response value by operating a first transform function decided based on a first set value for the generated output value; and
  
  a second authentication chip, connected to at least the processor, comprisingsecond random number receiver configured to receive the random number,second storage configured to store an integer as a secret key,second encryption calculator configured to generate an output value by operating an encryption function for performing encryption for the integer stored as the secret key and the random number, andsecond response value generator configured to generate the second response value by operating a second transform function decided based on a second set value for the output value, whereinthe processor executes the process for authenticating the second device by making a comparison between a number, which is obtained by operating, for the first response value, a third transform function decided based on an absolute value of a difference between the first set value and the second set value, and the second response value, or by making a comparison between a number obtained by operating the third transform function for the second response value and the first response value.

14. An authentication chip, comprising:
- a memory configured to store a secret key, which is an integer;
  
  receiver configured to receive the integer;
  
  response value generator configured to generate a response value obtained by operating a transform function for an output value generated by operating an encryption function for performing encryption for the integer and the secret key; and
  
  transmitter configured to transmit the response value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
ITOH, Kouichi, TAKENAKA, Masahiko

Granted Patent

US 9,166,800 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/174
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/445   by mutual authentication, e...

H04L 9/3273   for mutual authentication n...

Y04S 40/20   Information technology spec...

AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, AND AUTHENTICATION CHIP USING COMMON KEY CRYPTOGRAPHY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION METHOD, AUTHENTICATION SYSTEM, AND AUTHENTICATION CHIP USING COMMON KEY CRYPTOGRAPHY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links