Authentication method and communication terminal and communication processing unit using the method
First Claim
1. In a communication system which includes a communication processing unit having a first authentication key Kb and performing communication processing, a communication terminal having a second authentication key Ka unique thereto and connected via a communication channel to said communication processing unit, and a storage storing said second authentication key Ka for authenticating said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, an authentication method whereby said communication processing unit verifies the validity of said communication terminal when receiving therefrom a communication request;
- said authentication method including a step wherein said communication processing unit responds to a communication request signal from said communication terminal to determine if said communication request signal is a first one and if so, a first processing mode is executed and if not, a second processing mode is executed;
A. said first processing mode comprising the steps;
wherein said communication processing unit;
(a) responds to said communication request from said communication terminal to acquire said second authentication key Ka of said communication terminal from said storage; and
(b) generates authentication information Xbi enciphered by said first authentication key Kb and random information Yi and transmits an authentication request signal containing said pieces of information, to said communication terminal;
wherein said communication terminal;
(c) transmits information Ka[Yi] as an authentication response signal to said communication processing unit, said information Ka[Yi] being obtained by enciphering said random information Yi with said second authentication key Ka; and
(d) stores said enciphered authentication information Xbi; and
wherein said communication processing unit;
(e) verifies said authentication response signal using said second authentication key Ka; and
B. said second processing mode comprising the steps;
wherein said communication terminal;
(f) transmits to said communication processing unit a communication request signal containing said enciphered authentication information Xbi obtained by authentication processing executed in response to the previous communication request;
wherein said communication processing unit;
(g) deciphers said enciphered authentication information Xbi into a deciphered authentication key Kci;
(h) generates new random information Yi; and
(i) transmits an authentication request signal containing said random information Yi to said communication terminal;
wherein said communication terminal;
(j) enciphers said received random information Yi by said authentication key Kci and sends said enciphered random information as an authentication response signal to said communication processing unit; and
wherein said communication processing unit;
(k) verifies said received authentication response signal using said deciphered authentication key Kci.
1 Assignment
0 Petitions
Accused Products
Abstract
In a first processing mode for a first communication request, a communication processing unit responds to a communication request signal from a communication terminal to acquire an authentication key Ka corresponding thereto from a storage, generates pieces of enciphered authentication information Xai and Xbi enciphered by the authentication key Ka of the communication terminal and an authentication key Kb of the communication processing unit, respectively, and random information Yi and transmits these pieces of information Xai, Xbi and Yi as an authentication request signal to the communication terminal. The communication terminal sends, as an authentication response signal, information Ka[Yi] obtained by enciphering the received random information Yi with the authentication key Ka, back to the communication processing unit, and at the same time, the communication terminal stores the received enciphered pieces of authentication information Xai and Xbi. The communication processing unit verifies the authentication response signal by use of the authentication key Ka.
In a second processing mode, the communication terminal transmits previous enciphered authentication information Xb(i-1) as a communication request signal to the communication processing unit and deciphers previous information Xa(i-1) to generate an authentication key Kci. The communication processing unit deciphers the received enciphered authentication information Xbi to generate a deciphered authentication key Kci and transmits to the communication terminal an authentication request signal containing newly generated pieces of enciphered authentication information Xai and Xbi and the random information Yi. The communication terminal stores the received pieces of enciphered authentication information Xai and Xbi and enciphers the random information Yi by the authentication key Kci and sends it as an authentication response signal Kci[Yi] to the communication processing unit, which verifies the authentication response signal by the deciphered authentication key Kci.
-
Citations
22 Claims
-
1. In a communication system which includes a communication processing unit having a first authentication key Kb and performing communication processing, a communication terminal having a second authentication key Ka unique thereto and connected via a communication channel to said communication processing unit, and a storage storing said second authentication key Ka for authenticating said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, an authentication method whereby said communication processing unit verifies the validity of said communication terminal when receiving therefrom a communication request;
-
said authentication method including a step wherein said communication processing unit responds to a communication request signal from said communication terminal to determine if said communication request signal is a first one and if so, a first processing mode is executed and if not, a second processing mode is executed; A. said first processing mode comprising the steps; wherein said communication processing unit; (a) responds to said communication request from said communication terminal to acquire said second authentication key Ka of said communication terminal from said storage; and (b) generates authentication information Xbi enciphered by said first authentication key Kb and random information Yi and transmits an authentication request signal containing said pieces of information, to said communication terminal; wherein said communication terminal; (c) transmits information Ka[Yi] as an authentication response signal to said communication processing unit, said information Ka[Yi] being obtained by enciphering said random information Yi with said second authentication key Ka; and (d) stores said enciphered authentication information Xbi; and wherein said communication processing unit; (e) verifies said authentication response signal using said second authentication key Ka; and B. said second processing mode comprising the steps; wherein said communication terminal; (f) transmits to said communication processing unit a communication request signal containing said enciphered authentication information Xbi obtained by authentication processing executed in response to the previous communication request; wherein said communication processing unit; (g) deciphers said enciphered authentication information Xbi into a deciphered authentication key Kci; (h) generates new random information Yi; and (i) transmits an authentication request signal containing said random information Yi to said communication terminal; wherein said communication terminal; (j) enciphers said received random information Yi by said authentication key Kci and sends said enciphered random information as an authentication response signal to said communication processing unit; and wherein said communication processing unit; (k) verifies said received authentication response signal using said deciphered authentication key Kci. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. In a telecommunication system which comprises a communication terminal having a unique second authentication key Ka, a communication processing unit having a first authentication key Kb, connected via a communication channel to said communication terminal and responsive to a communication request signal from said communication terminal to verify the validity of said communication terminal, and a storage storing said second authentication key Ka for the authentication of said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, said communication terminal comprising:
-
means for receiving, as an authentication request signal from said communication processing unit, random information Yi and enciphered authentication information Xbi enciphered by said first authentication key Kb; means whereby said random information Yi contained in said authentication request signal received from said communication processing unit is enciphered with said second authentication key Ka to generate an authentication response signal to be sent back to said communication processing unit and said random information Yi contained in said authentication request signal received in response to a second or subsequent communication request is enciphered with an authentication key Kci to generate said authentication response signal; storage means for storing said enciphered authentication information contained in said authentication request signal; and means for sending a communication request signal containing identification information, in said first communication request, and for sending, in said second or subsequent communication request, a communication request signal containing said enciphered authentication information Xbi read out from said storage means. - View Dependent Claims (15, 17, 18, 20, 21)
-
-
14. In a telecommunication system which comprises a communication terminal having a unique second authentication key Ka, a communication processing unit having a first authentication key Kb, connected via a communication channel to said communication terminal and responsive to a communication request signal from said communication terminal to verify the validity of said communication terminal, and a storage storing said second authentication key Ka for the authentication of said communication terminal and responsive to a request from said communication processing unit to provide thereto said second authentication key Ka, said communication processing unit comprising:
-
means for determining if said communication request signal received from said communication terminal is a first communication request signal; means for obtaining said second authentication key Ka from said storage in the case of a first communication request; means responsive to each communication request to generate random information Yi; means responsive to said first communication request signal to generate enciphered authentication information Xbi enciphered by said first authentication key Kb of said communication processing unit; means for sending said enciphered authentication information Xbi as a first authentication request signal to said communication terminal and for sending at least said random information Yi as said second or subsequent authentication request signal to said communication terminal; means for receiving said second or subsequent communication request signal and for obtaining a deciphered authentication key Kci by deciphering said enciphered authentication information contained in said second or subsequent communication request signal and sent to said communication terminal in the previous authentication processing; and means for verifying the validity of an authentication response signal from said communication terminal through use of said deciphered authentication key Kci and said random information Yi. - View Dependent Claims (16, 19, 22)
-
Specification