Authentication method performed between IC card and terminal unit and system therefor

US 5,355,413 A
Filed: 03/01/1993
Issued: 10/11/1994
Est. Priority Date: 03/06/1992
Status: Expired due to Term

First Claim

Patent Images

1. An authentication method for authentication between an IC card and a terminal unit in which both said IC card and said terminal unit include a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said IC card and said terminal unit, including means for generating random numbers and comparison means, said authentication method comprising:

generating a random number in a first device selected from an IC card and a terminal unit and transmitting the generated random number to a second device that is the other of said IC card and said terminal unit;

a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data;

transmitting the encrypted authentication data to the first device from the second device when a time represented by time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal;

a second encryption step of counting, in the first device, a time interval from transmission of a predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the time interval counted in the second device to generate authentication data; and

comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an authentication method between an IC card and a terminal unit, authentication is performed without an authentication code or an address therefor being transmitted directly between the two devices so as to assure the security of the authentication operation. Both of the IC card and the terminal unit include multiple authentication codes each code having a corresponding time data item, and an encryption algorithm. In one of the IC card and the terminal unit, one of the authentication codes is selected, and the selected authentication code is encrypted according to the encryption algorithm. The encrypted authentication code is transmitted to the other device as authentication data. The time data corresponding to the selected authentication code is transmitted to the other device as a time interval between commands or signals. In the other device, the authentication code obtained from the time data is encrypted according to the encryption algorithm to generate authentication data. The generated authentication data is compared with the authentication data sent from the other device.

132 Citations

13 Claims

1. An authentication method for authentication between an IC card and a terminal unit in which both said IC card and said terminal unit include a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said IC card and said terminal unit, including means for generating random numbers and comparison means, said authentication method comprising:
- generating a random number in a first device selected from an IC card and a terminal unit and transmitting the generated random number to a second device that is the other of said IC card and said terminal unit;
  
  a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data;
  
  transmitting the encrypted authentication data to the first device from the second device when a time represented by time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal;
  
  a second encryption step of counting, in the first device, a time interval from transmission of a predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the time interval counted in the second device to generate authentication data; and
  
  comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. An authentication method according to claim 1 comprising transmitting a count starting signal to the first device from the second device after the second device has received the random number wherein the authentication data is transmitted to the first device when the time represented by the time data corresponding to the authentication code has elapsed after transmission of the count starting signal and wherein, in the second encryption step, the time interval from when the count starting signal has been received to when the authentication data is received is counted in the first device and the random number is encrypted according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the counted time interval in the same manner as in the second device.
  - 3. An authentication method according to claim 1 wherein the authentication data is transmitted to the first device when the time represented by the time data corresponding to the authentication code has elapsed after reception of the random number by the second device and wherein, in the second encryption step, the time interval from when the random number has been transmitted to when the authentication data is received is counted in the first device and the random number is encrypted according to the algorithm using, as a key, the authentication code corresponding to the time data which coincides with the counted time interval in the same manner as in the second device.
  - 4. An authentication method according to claim 1 comprising loading the encryption algorithm from said terminal unit into said IC card prior to the transmission of the random number.
  - 5. An authentication method according to claim 1 wherein, in the first encryption step, transactions between said IC card and said terminal unit are counted and the authentication code to be selected is changed when the counted transactions have reached a predetermined value.
  - 6. An authentication method according to claim 1 wherein both said IC card and said terminal unit have N authentication codes, and wherein in said first encryption step, if a remainder obtained by dividing the random number by N is m, the M+1th authentication code is selected.

7. A system including an IC card and a terminal unit, said system performing an authentication operation between said IC card and said terminal unit, both of said IC card and said terminal unit comprising:
- storage means for storing at least a single encryption algorithm, at least a single system key, a plurality of authentication codes, each code having a corresponding time data item, and programs including an authentication program for authentication;
  
  input/output control means for input/output control of data;
  
  data control/processing means for processing and controlling data according to the programs stored in said storage means and for authentication according to the authentication program;
  
  timer means for counting time; and
  
  bus means connecting said storage means, said input/output means, said data control/processing means, and said timer means with each other;
  
  a first device of said IC card and said terminal unit comprising;
  
  means for generating a random number and for transmitting the generated random number to a second device that is the other of said IC card and said terminal unit;
  
  first encryption means for counting a time interval from transmission of a predetermined signal to reception of encrypted authentication data from the second device using said timer means and for encrypting the random number according to the encryption algorithm using, as a key, the authentication code corresponding to the time data that coincides with the time interval in the same manner as the second device to generate authentication data; and
  
  means for comparing the authentication data generated by said encryption means with the authentication data transmitted from the second device and for transmitting a resultant signal indicating coincidence or non-coincidence of the two authentication data to the second device according to said data control/processing means;
  
  the second device comprising;
  
  Second encryption means for encrypting a random number received from the first device according to the algorithm using, as a key, one of the plurality of authentication codes to generate authentication data; and
  
  means for transmitting the authentication data generated by said second encryption means when a time represented by the time data corresponding to the authentication code has elapsed after transmission of the predetermined signal according to the authentication program.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A system including an IC card and a terminal unit according to claim 7 wherein the predetermined signal is the random number transmitted from the first device to the second device.
  - 9. A system including an IC card and a terminal unit according to claim 7 wherein the second device comprises means for transmitting a count starting signal to the first device and wherein the predetermined signal is a count starting signal.
  - 10. A system including an IC card and a terminal unit according to claim 7 wherein said terminal unit comprises algorithm loading means for loading the algorithm into said IC card when said IC card has not stored the algorithm beforehand.
  - 11. A system including an IC card and a terminal unit according to claim 7 wherein the second device comprises authentication code selection means for counting transactions between said IC card and said terminal unit and for changing the authentication code when the counted transactions have reached a predetermined value.
  - 12. A system including an IC card and a terminal unit according to claim 7 wherein both said IC card and said terminal unit have N authentication codes and wherein said second device comprises authentication code selection means for selecting m+1th authentication code when a remainder obtained by dividing the random number by N is m.

13. An authentication method for authentication between two electrical devices in which both said electrical devices contain a plurality of authentication codes, each code having a corresponding time data item, encryption means for encrypting data according to a predetermined algorithm, and timer means, one of said two electrical devices including means for generating random numbers and comparison means, said authentication method comprising:
- generating a random number in a first of two electrical devices and transmitting the generated random numbers to a second of said two electrical devices;
  
  a first encryption step of encrypting the received random number in the second device according to an algorithm using one of a plurality of authentication codes as a key to generate authentication data;
  
  transmitting the authentication data to the first device from the second device when a time represented by the time data corresponding to the authentication code used has elapsed after transmission of a predetermined signal;
  
  a second encryption step of counting in the first device a time interval from transmission of the predetermined signal to reception of the authentication data from the second device and of encrypting the random number according to the algorithm using, as a key, the authentication codes corresponding to the time data which coincides with the time interval counted to generate authentication data; and
  
  comparing in the first device the authentication data generated in said second encryption step with the authentication data transmitted from the second device and transmitting a result signal indicating coincidence or non-coincidence of the two authentication data to the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Renesas Electronics Corporation
Original Assignee
Mitsubishi Denki Kabushiki Kaisha (Mitsubishi Electric Corporation)
Inventors
Ohno, Hisashi
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/024,319
Time in Patent Office

589 Days
Field of Search

380/23, 380/24, 380/25
US Class Current

713/159
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3674   involving authentication

G06Q 20/40975   using encryption therefor

G07C 9/21   having a variable access code

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Authentication method performed between IC card and terminal unit and system therefor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

132 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method performed between IC card and terminal unit and system therefor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links