Device authentication system which allows the authentication function to be changed
First Claim
1. A device authentication system, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, where the first appliance verifies authenticity of the second appliance,the first appliance comprising:
- verification function storing means for storing a plurality of verification functions for verifying the authenticity of the second appliance;
first challenge data transmitting means for generating first challenge data and transmitting the first challenge data to the second appliance;
first response data receiving means for receiving first response data from the second appliance, the first response data corresponding to the first challenge data;
first verifying means for verifying whether the first challenge data and the first response data are related by a verification function out of the plurality of verification functions; and
first authenticating means for authenticating the second appliance when the first verifying means finds the verification function that relates the first challenge data and the first response data,and the second appliance comprising;
claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the second appliance, wherein the plurality of claimant functions each correspond to a different verification function out of the plurality of verification functions;
first challenge data receiving means for receiving the first challenge data transmitted by the first appliance;
claimant function selecting means for selecting one claimant function out of the plurality of claimant functions; and
first response data transmitting means for generating the first response data from the first challenge data based on the claimant function selected by the claimant function selecting means, and transmitting the first response data to the first appliance.
1 Assignment
0 Petitions
Accused Products
Abstract
The decoder apparatus 90 generates a random number R1 for authenticating the optical disc drive apparatus 70 and sends it to the optical disc drive apparatus 70 as the challenge data CHA1. The optical disc drive apparatus 70 selects one out of the sixteen claimant functions stored in the claimant function unit 722 and calculates the function value fi(CHA1) which it sends to the decoder apparatus 90 as the response data RES1. The decoder apparatus 90 compares the response data RES1 with sixteen function values f1(R1) to f16(R1) that are obtained using the sixteen verification functions stored in the verification function unit 922, and authenticates the optical disc drive apparatus 70 when at least one of the function values matches the response data RES1.
82 Citations
28 Claims
-
1. A device authentication system, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, where the first appliance verifies authenticity of the second appliance,
the first appliance comprising: -
verification function storing means for storing a plurality of verification functions for verifying the authenticity of the second appliance; first challenge data transmitting means for generating first challenge data and transmitting the first challenge data to the second appliance; first response data receiving means for receiving first response data from the second appliance, the first response data corresponding to the first challenge data; first verifying means for verifying whether the first challenge data and the first response data are related by a verification function out of the plurality of verification functions; and first authenticating means for authenticating the second appliance when the first verifying means finds the verification function that relates the first challenge data and the first response data, and the second appliance comprising; claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the second appliance, wherein the plurality of claimant functions each correspond to a different verification function out of the plurality of verification functions; first challenge data receiving means for receiving the first challenge data transmitted by the first appliance; claimant function selecting means for selecting one claimant function out of the plurality of claimant functions; and first response data transmitting means for generating the first response data from the first challenge data based on the claimant function selected by the claimant function selecting means, and transmitting the first response data to the first appliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device authentication method, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, whereby the first appliance verifies authenticity of the second appliance,
the first appliance having a plurality of verification functions for verifying the authenticity of the second appliance, the second appliance having a plurality of claimant functions for proving the authenticity of the second appliance, and the plurality of claimant functions each corresponding to a different verification function out of the plurality of verification functions, the device authentication method comprising: -
a challenge data transmitting step where the first appliance generates challenge data and transmits the challenge data to the second appliance; a challenge data receiving step where the second appliance receives the challenge data; a claimant function selecting step where the second appliance selects one claimant function out of the plurality of claimant functions; a response data transmitting step where the second appliance generates response data from the challenge data based on the selected claimant function, and transmits the generated response data to the first appliance; a response data receiving step where the first appliance receives the response data; a verifying step where the first appliance verifies that the challenge data and the response data are related according to at least one verification function out of the plurality of verification functions; and an authenticating step where the first appliance authenticates the second appliance when verification in the verifying step is successful. - View Dependent Claims (12, 13)
-
-
14. An appliance, connected to another device by a communication path, for proving authenticity in accordance with a device authentication protocol of challenge-response type, the appliance comprising:
-
claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the appliance; challenge data receiving means for receiving challenge data transmitted from the other device; claimant function selecting means for selecting one out of the plurality of claimant functions; response data transmitting means for generating response data from the challenge data, based on the selected claimant function, and transmitting the response data to the other device. - View Dependent Claims (15, 16)
-
-
17. An appliance, connected to another device by a communication path, for verifying authenticity of the other device in accordance with a device authentication protocol of challenge-response type, the appliance comprising:
-
verification function storing means for storing a plurality of verification functions for verifying the authenticity of the other device; challenge data transmitting means for generating challenge data and transmitting the challenge data to the other device; response data receiving means for receiving response data corresponding to the challenge data from the other device; verifying means for verifying whether the challenge data and the response data are related by any of the plurality of verification functions; and authenticating means for verifying the authenticity of the other device when the verifying means finds that the challenge data and the response data are related by at least one of the plurality of verification functions. - View Dependent Claims (18)
-
-
19. A device authentication system for a communication system between a first appliance and a second appliance connectable by a communication path, comprising:
-
the first appliance comprising; a first verification storing means for storing a predetermined plurality of verification functions, each verification function being different from another one; a first challenge data transmitting means for generating a variable first challenge data that can be operated upon by anyone of the verification functions, and transmitting the first challenge data to the second appliance; and a first comparing unit for receiving a first response data, from the second appliance, in response to the sending of the first challenge data to the second appliance that is related to the first challenge data and comparing the first response data with a plurality of operands of operations between the plurality of verification functions and the first challenge data whereby if one of the stored verification functions is found a first authentication signal is generated, and the second appliance comprising; a second verification storing means for storing the predetermined plurality of verification functions; a first challenge data receiving means for receiving the first challenge data; a first function selecting means for selecting one of the predetermined plurality of verification functions stored in the second verification storing means; and a first response data transmitting means for generating the first response data from the selected verification function and the first challenge data and transmitting the first response data to the first appliance. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method of authenticating a communication system between a first appliance and a second appliance, comprising the steps of:
-
generating a variable first challenge data and transmitting it from a first appliance to a second appliance; selecting one of a predetermined plurality of verification functions stored in the second appliance, each verification function being different from another one; generating a first response data by the second appliance using the selected verification function and the received first challenge data and transmitting it to the first appliance; comparing the first response data in the first appliance by using the first challenge data and a plurality of the same predetermined verification functions which are also stored in the first appliance to determine if one of the stored verification functions was used to create the first response data; issuing a first authenticating signal only if the comparing step finds a matching verification function; generating a variable second challenge data, upon receipt of the first authentication signal, and transmitting it from the second appliance to the first appliance; generating a second response data by the first appliance using the same verification function determined in the comparing of the first response data and the second challenge data and transmitting it to the second appliance; comparing the second response data in the second appliance by using the second challenge data and the selected verification function; and issuing a second authentication signal only if the comparing step finds a matching verification function. - View Dependent Claims (26, 27, 28)
-
Specification