AUTHENTICATION METHOD, AUTHENTICATION DEVICE, AUTHENTICATION TARGET DEVICE AND IMAGE FORMING APPARATUS

US 20200136817A1
Filed: 10/23/2019
Published: 04/30/2020
Est. Priority Date: 10/30/2018
Status: Active Grant

First Claim

Patent Images

1. An authentication method performed bya first device configured to retain, among n×

m original keys identified by combinations of n first identifiers (n is an integer of 2 or greater) having different values and m second identifiers (m is an integer of 2 or greater) having different values, m original keys in which values of first identifiers are a same first value, anda second device configured to retain an authentication identifier and retain n authentication keys generated based on the authentication identifier and each of n original keys in which values of the second identifiers are a same second value among the n×

m original keys,the method comprising;

selecting, at the first device, an original key in which the first identifier has the first value and the second identifier has the second value based on the second value acquired from the second device, from the m original keys and generating, at the first device, an authentication key based on the selected original key and the authentication identifier acquired from the second device;

selecting, at the second device, an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value based on the first value acquired from the first device, from the n authentication keys;

generating, at an authentication target device that is one of the first device and the second device, response data based on challenge data acquired from an authentication device that is the other of the first device and the second device and the authentication key generated or selected by the authentication target device, and notifying, by the authentication target device, the generated response data to the authentication device;

generating, at the authentication device, verification data based on the challenge data and the authentication key generated or selected by the authentication device; and

authenticating, at the authentication device, the authentication target device by comparing the verification data with the response data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method includes: at a first device, selecting an original key in which a first identifier has a first value and a second identifier has a second value from m original keys and generating an authentication key based on the selected original key and the authentication identifier; at a second device, selecting an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value from n authentication keys, generating response data based on challenge data and the authentication key, and notifying the generated response data to the first device; at the first device, generating verification data based on the challenge data and the authentication key, and authenticating the authentication target device by comparing the verification data with the response data.

0 Citations

34 Claims

1. An authentication method performed bya first device configured to retain, among n×
- m original keys identified by combinations of n first identifiers (n is an integer of 2 or greater) having different values and m second identifiers (m is an integer of 2 or greater) having different values, m original keys in which values of first identifiers are a same first value, anda second device configured to retain an authentication identifier and retain n authentication keys generated based on the authentication identifier and each of n original keys in which values of the second identifiers are a same second value among the n×
  
  m original keys,the method comprising;
  
  selecting, at the first device, an original key in which the first identifier has the first value and the second identifier has the second value based on the second value acquired from the second device, from the m original keys and generating, at the first device, an authentication key based on the selected original key and the authentication identifier acquired from the second device;
  
  selecting, at the second device, an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value based on the first value acquired from the first device, from the n authentication keys;
  
  generating, at an authentication target device that is one of the first device and the second device, response data based on challenge data acquired from an authentication device that is the other of the first device and the second device and the authentication key generated or selected by the authentication target device, and notifying, by the authentication target device, the generated response data to the authentication device;
  
  generating, at the authentication device, verification data based on the challenge data and the authentication key generated or selected by the authentication device; and
  
  authenticating, at the authentication device, the authentication target device by comparing the verification data with the response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication method according to claim 1, whereinthe first device is the authentication device andthe second device is the authentication target device.
  - 3. The authentication method according to claim 1, whereinthe second device is the authentication device andthe first device is the authentication target device.
  - 4. The authentication method according to claim 1 further comprising randomly generating the challenge data by the authentication device.
  - 5. The authentication method according to claim 1, wherein the authentication key is generated by a one-way function with the original key and the authentication identifier as input.
  - 6. The authentication method according to claim 1, wherein the authentication key is cryptographic data based on the original key of the authentication identifier;
    - or a cryptographic hash value of a value obtained by concatenating the authentication identifier and the original key.
  - 7. The authentication method according to claim 1, wherein the response data and the verification data are generated by a same algorithm.
  - 8. The authentication method according to claim 7, wherein the response data is generated by a one-way function with the challenge data and the authentication key as input.
  - 9. The authentication method according to claim 7, wherein the response data is cryptographic data based on the authentication key of the challenge data;
    - or a cryptographic hash value of a value obtained by concatenating the challenge data and the authentication key.
  - 10. The authentication method according to claim 1, whereinthe first device retains m verification values respectively corresponding to the m original keys,the second device retains n verification values respectively corresponding to the n original keys used to generate the n authentication keys;
    - andthe method further comprises;
      
      determining, at the first device or the second device, whether a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the m verification values retained in the first device, and a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the n verification values retained in the second device, match each other.

11. An authentication device configured to authenticate an authentication target device configured to retain, among n×
- m original keys identified by combinations of n first identifiers (n is an integer of 2 or greater) having different values and m second identifiers (m is an integer of 2 or greater) having different values, m original keys in which values of first identifiers are a same first value,the authentication device comprising;
  
  a storage unit configured to store an authentication identifier and store n authentication keys generated based on the authentication identifier and each of n original keys in which values of the second identifiers are a same second value among the n×
  
  m original keys;
  
  a notification unit configured to notify, to the authentication target device, the authentication identifier, the second value, and challenge data;
  
  a selection unit configured to acquire the first value from the authentication target device and to select an authentication key generated from an original key in which the first identifier has the first value and the second identifier has the second value, from the n authentication keys;
  
  a generating unit configured to generate verification data based on the authentication key selected by the selecting unit and the challenge data; and
  
  an authentication unit configured to authenticate the authentication target device by comparing the verification data with response data acquired from the authentication target device as a response to the challenge data notified to the authentication target device.
- View Dependent Claims (12, 13, 15, 17, 18, 19, 20, 21, 22)
- - 12. The authentication device according to claim 11, wherein the response data is data generated based on the challenge data and the authentication key that is generated based on the authentication identifier and the original key in which the first identifier has the first value and the second identifier has the second value among the m original keys retained in the authentication target device.
  - 13. The authentication device according to claim 11, whereinthe storage unit stores n verification values respectively corresponding to the n original keys used to generate the n authentication keys, andthe authentication device further comprises:
    - a determination unit configured to determine whether a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the n verification values, and a verification value, acquired from the authentication target device as a response to the second value notified to the authentication target device, match each other.
  - 15. The authentication device according to claim 13, wherein the response data is data generated based on the challenge data and an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value among the n authentication keys retained in the authentication target device.
  - 17. The authentication device according to claim 11 further comprising a unit configured to randomly generate the challenge data.
  - 18. The authentication device according to claim 11, wherein the authentication key is generated by a one-way function with the original key and the authentication identifier as input.
  - 19. The authentication device according to claim 11, wherein the authentication key is cryptographic data based on the original key of the authentication identifier;
    - or a cryptographic hash value of a value obtained by concatenating the authentication identifier and the original key.
  - 20. The authentication device according to claim 11, wherein the response data and the verification data are generated by a same algorithm.
  - 21. The authentication device according to claim 19, wherein the response data is generated by a one-way function with the challenge data and the authentication key as input.
  - 22. The authentication device according to claim 20, wherein the response data is cryptographic data based on the authentication key of the challenge data;
    - or a cryptographic hash value of a value obtained by concatenating the challenge data and the authentication key.

14. An authentication device configured to authenticate an authentication target device configured to retain an authentication identifier and retain n authentication keys (n is an integer of 2 or greater) generated based on the authentication identifier and each of n original keys in which values of second identifiers are a same second value among n×
- m original keys identified by combinations of n first identifiers having different values and m second identifiers (m is an integer of 2 or greater) having different values,the authentication device comprising;
  
  a storage unit configured to store m original keys in which values of first identifiers are a same first value among the n×
  
  m original keys;
  
  a notification unit configured to notify, to the authentication target device, the first value and challenge data;
  
  a selection unit configured to acquire the second value from the authentication target device and to select an original key in which the first identifier has the first value and the second identifier has the second value;
  
  a first generating unit configured to generate an authentication key based on the original key selected by the selection unit and the authentication identifier acquired from the authentication target device;
  
  a second generating unit configured to generate verification data based on the authentication key generated by the first generating unit and the challenge data; and
  
  an authentication unit configured to authenticate the authentication target device by comparing the verification data with response data acquired from the authentication target device as a response to the challenge data notified to the authentication target device.
- View Dependent Claims (16)
- - 16. The authentication device according to claim 14, whereinthe storage unit stores m verification values respectively corresponding to the m original keys, andthe authentication device further comprises:
    - a determination unit configured to determine whether a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the m verification values, and a verification value, acquired from the authentication target device as a response to the first value notified to the authentication target device, match each other.

23. An image forming apparatus including an authentication device configured to authenticate an authentication target device configured to retain, among n×
- m original keys identified by combinations of n first identifiers (n is an integer of 2 or greater) having different values and m second identifiers (m is an integer of 2 or greater) having different values, m original keys in which values of first identifiers are a same first value,the image forming apparatus comprising;
  
  a storage unit configured to store an authentication identifier and store n authentication keys generated based on the authentication identifier and each of n original keys in which values of the second identifiers are a same second value among the n×
  
  m original keys;
  
  a notification unit configured to notify, to the authentication target device, the authentication identifier, the second value, and challenge data;
  
  a selection unit configured to acquire the first value from the authentication target device and to select an authentication key generated from an original key in which the first identifier has the first value and the second identifier has the second value, from the n authentication keys;
  
  a generating unit configured to generate verification data based on the authentication key selected by the selecting unit and the challenge data; and
  
  an authentication unit configured to authenticate the authentication target device by comparing the verification data with response data acquired from the authentication target device as a response to the challenge data notified to the authentication target device.
- View Dependent Claims (25, 26)
- - 25. The image forming apparatus according to claim 23, wherein the authentication target device is a unit that is detachable from the image forming apparatus, andthe unit includes a member used to form an image.
  - 26. The image forming apparatus according to claim 25, wherein the member includes a photosensitive member.

24. An image forming apparatus including an authentication device configured to authenticate an authentication target device configured to retain an authentication identifier and retain n authentication keys (n is an integer of 2 or greater) generated based on the authentication identifier and each of n original keys in which values of second identifiers are a same second value among n×
- m original keys identified by combinations of n first identifiers having different values and m second identifiers (m is an integer of 2 or greater) having different values,the image forming apparatus comprising;
  
  a storage unit configured to store m original keys in which values of the first identifiers are a same first value among the n×
  
  m original keys;
  
  a notification unit configured to notify, to the authentication target device, the first value and challenge data;
  
  a selection unit configured to acquire the second value from the authentication target device and to select an original key in which the first identifier has the first value and the second identifier has the second value;
  
  a first generating unit configured to generate an authentication key based on the original key selected by the selection unit and the authentication identifier acquired from the authentication target device;
  
  a second generating unit configured to generate verification data based on the authentication key generated by the first generating unit and the challenge data; and
  
  an authentication unit configured to authenticate the authentication target device by comparing the verification data with response data acquired from the authentication target device as a response to the challenge data notified to the authentication target device.

27. An authentication target device configured to be authenticated by an authentication device configured to retain an authentication identifier and retain n (n is an integer of 2 or greater) authentication keys generated based on the authentication identifier and each of n original keys in which values of second identifiers are a same second value among n×
- m original keys identified by combinations of first identifiers having different values and m second identifiers having different values,the authentication target device comprising;
  
  a storage unit configured to store m original keys in which values of the first identifiers are a same first value among the n×
  
  m original keys;
  
  a selection unit configured to acquire the second value from the authentication device and to select an original key in which the first identifier has the first value and the second identifier has the second value;
  
  a first generating unit configured to generate an authentication key based on the original key selected by the selection unit and the authentication identifier acquired from the authentication device;
  
  a second generating unit configured to generate response data based on the authentication key generated by the first generating unit and challenge data acquired from the authentication device; and
  
  a notification unit configured to notify, to the authentication device, the first value and the response data.
- View Dependent Claims (28, 31, 32)
- - 28. The authentication target device according to claim 27, whereinthe storage unit stores m verification values respectively corresponding to the m original keys, andthe authentication target device further comprises:
    - a determination unit configured to determine whether a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the m verification values, and a verification value, acquired from the authentication device as a response to the first value notified to the authentication device, match each other.
  - 31. The authentication target device according to claim 27, wherein the authentication target device is a unit that is detachable from an image forming apparatus, andthe unit includes a member used to form an image.
  - 32. The authentication target device according to claim 31, wherein the member includes a photosensitive member.

29. An authentication target device configured to be authenticated by an authentication device configured to retain, among n×
- m original keys identified by combinations of n first identifiers (n is an integer of 2 or greater) having different values and m second identifiers (m is an integer of 2 or greater) having different values, m original keys in which values of first identifiers are a same first value,the authentication target device comprising;
  
  a storage unit configured to store an authentication identifier and store n authentication keys generated based on the authentication identifier and each of n original keys in which values of the second identifiers are a same second value among the n×
  
  m original keys;
  
  a selection unit configured to acquire the first value from the authentication device and to select an authentication key generated from an original key in which the first identifier has the first value and the second identifier has the second value, from the n authentication keys;
  
  a generating unit configured to generate response data based on the authentication key selected by the selecting unit and challenge data acquired from the authentication device; and
  
  a notification unit configured to notify, to the authentication device, the authentication identifier, the second value, and response data.
- View Dependent Claims (30, 33, 34)
- - 30. The authentication target device according to claim 29, whereinthe storage unit stores n verification values respectively corresponding to the n original keys used to generate the n authentication keys, andthe authentication target device further comprises:
    - a determination unit configured to determine whether a verification value, corresponding to the original key in which the first identifier has the first value and the second identifier has the second value among the n verification values, and a verification value, acquired from the authentication device as a response to the second value notified to the authentication device, match each other.
  - 33. The authentication target device according to claim 29, wherein the authentication target device is a unit that is detachable from an image forming apparatus, andthe unit includes a member used to form an image.
  - 34. The authentication target device according to claim 33, wherein the member includes a photosensitive member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Iijima, Ichiro, Hori, Kenjiro, Ittogi, Hirotaka

Granted Patent

US 10,965,451 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0844   with user authentication or...

H04L 9/0861   Generation of secret inform...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3242   involving keyed hash functi...

H04L 9/3271   using challenge-response

AUTHENTICATION METHOD, AUTHENTICATION DEVICE, AUTHENTICATION TARGET DEVICE AND IMAGE FORMING APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION METHOD, AUTHENTICATION DEVICE, AUTHENTICATION TARGET DEVICE AND IMAGE FORMING APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links