Authentication method performed between IC card and terminal unit and system therefor
First Claim
1. An authentication method for authentication between an IC card and a terminal unit in which both said IC card and said terminal unit include a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said IC card and said terminal unit, including means for generating random numbers and comparison means, said authentication method comprising:
- generating a random number in a first device selected from an IC card and a terminal unit and transmitting the generated random number to a second device that is the other of said IC card and said terminal unit;
a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data;
transmitting the encrypted authentication data to the first device from the second device when a time represented by time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal;
a second encryption step of counting, in the first device, a time interval from transmission of a predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the time interval counted in the second device to generate authentication data; and
comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device.
2 Assignments
0 Petitions
Accused Products
Abstract
In an authentication method between an IC card and a terminal unit, authentication is performed without an authentication code or an address therefor being transmitted directly between the two devices so as to assure the security of the authentication operation. Both of the IC card and the terminal unit include multiple authentication codes each code having a corresponding time data item, and an encryption algorithm. In one of the IC card and the terminal unit, one of the authentication codes is selected, and the selected authentication code is encrypted according to the encryption algorithm. The encrypted authentication code is transmitted to the other device as authentication data. The time data corresponding to the selected authentication code is transmitted to the other device as a time interval between commands or signals. In the other device, the authentication code obtained from the time data is encrypted according to the encryption algorithm to generate authentication data. The generated authentication data is compared with the authentication data sent from the other device.
132 Citations
13 Claims
-
1. An authentication method for authentication between an IC card and a terminal unit in which both said IC card and said terminal unit include a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said IC card and said terminal unit, including means for generating random numbers and comparison means, said authentication method comprising:
-
generating a random number in a first device selected from an IC card and a terminal unit and transmitting the generated random number to a second device that is the other of said IC card and said terminal unit; a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data; transmitting the encrypted authentication data to the first device from the second device when a time represented by time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal; a second encryption step of counting, in the first device, a time interval from transmission of a predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the time interval counted in the second device to generate authentication data; and comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system including an IC card and a terminal unit, said system performing an authentication operation between said IC card and said terminal unit, both of said IC card and said terminal unit comprising:
-
storage means for storing at least a single encryption algorithm, at least a single system key, a plurality of authentication codes, each code having a corresponding time data item, and programs including an authentication program for authentication; input/output control means for input/output control of data; data control/processing means for processing and controlling data according to the programs stored in said storage means and for authentication according to the authentication program; timer means for counting time; and bus means connecting said storage means, said input/output means, said data control/processing means, and said timer means with each other; a first device of said IC card and said terminal unit comprising; means for generating a random number and for transmitting the generated random number to a second device that is the other of said IC card and said terminal unit; first encryption means for counting a time interval from transmission of a predetermined signal to reception of encrypted authentication data from the second device using said timer means and for encrypting the random number according to the encryption algorithm using, as a key, the authentication code corresponding to the time data that coincides with the time interval in the same manner as the second device to generate authentication data; and means for comparing the authentication data generated by said encryption means with the authentication data transmitted from the second device and for transmitting a resultant signal indicating coincidence or non-coincidence of the two authentication data to the second device according to said data control/processing means; the second device comprising; Second encryption means for encrypting a random number received from the first device according to the algorithm using, as a key, one of the plurality of authentication codes to generate authentication data; and means for transmitting the authentication data generated by said second encryption means when a time represented by the time data corresponding to the authentication code has elapsed after transmission of the predetermined signal according to the authentication program. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An authentication method for authentication between two electrical devices in which both said electrical devices contain a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said two electrical devices including means for generating random numbers and comparison means, said authentication method comprising:
-
generating a random number in a first of two electrical devices and transmitting the generated random numbers to a second of said two electrical devices; a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data; transmitting the authentication data to the first device from the second device when a time represented by the time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal; a second encryption step of counting in the first device a time interval from transmission of the predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication codes corresponding to the time data which coincides with the time interval counted to generate authentication data; and comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device.
-
Specification