Device authentication system which allows the authentication function to be changed

US 6,034,618 A
Filed: 09/29/1997
Issued: 03/07/2000
Est. Priority Date: 10/31/1996
Status: Expired due to Term

First Claim

Patent Images

1. A device authentication system, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, where the first appliance verifies authenticity of the second appliance,the first appliance comprising:

verification function storing means for storing a plurality of verification functions for verifying the authenticity of the second appliance;

first challenge data transmitting means for generating first challenge data and transmitting the first challenge data to the second appliance;

first response data receiving means for receiving first response data from the second appliance, the first response data corresponding to the first challenge data;

first verifying means for verifying whether the first challenge data and the first response data are related by a verification function out of the plurality of verification functions; and

first authenticating means for authenticating the second appliance when the first verifying means finds the verification function that relates the first challenge data and the first response data,and the second appliance comprising;

claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the second appliance, wherein the plurality of claimant functions each correspond to a different verification function out of the plurality of verification functions;

first challenge data receiving means for receiving the first challenge data transmitted by the first appliance;

claimant function selecting means for selecting one claimant function out of the plurality of claimant functions; and

first response data transmitting means for generating the first response data from the first challenge data based on the claimant function selected by the claimant function selecting means, and transmitting the first response data to the first appliance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The decoder apparatus 90 generates a random number R1 for authenticating the optical disc drive apparatus 70 and sends it to the optical disc drive apparatus 70 as the challenge data CHA1. The optical disc drive apparatus 70 selects one out of the sixteen claimant functions stored in the claimant function unit 722 and calculates the function value fi(CHA1) which it sends to the decoder apparatus 90 as the response data RES1. The decoder apparatus 90 compares the response data RES1 with sixteen function values f1(R1) to f16(R1) that are obtained using the sixteen verification functions stored in the verification function unit 922, and authenticates the optical disc drive apparatus 70 when at least one of the function values matches the response data RES1.

82 Citations

View as Search Results

28 Claims

1. A device authentication system, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, where the first appliance verifies authenticity of the second appliance,the first appliance comprising:
- verification function storing means for storing a plurality of verification functions for verifying the authenticity of the second appliance;
  
  first challenge data transmitting means for generating first challenge data and transmitting the first challenge data to the second appliance;
  
  first response data receiving means for receiving first response data from the second appliance, the first response data corresponding to the first challenge data;
  
  first verifying means for verifying whether the first challenge data and the first response data are related by a verification function out of the plurality of verification functions; and
  
  first authenticating means for authenticating the second appliance when the first verifying means finds the verification function that relates the first challenge data and the first response data,and the second appliance comprising;
  
  claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the second appliance, wherein the plurality of claimant functions each correspond to a different verification function out of the plurality of verification functions;
  
  first challenge data receiving means for receiving the first challenge data transmitted by the first appliance;
  
  claimant function selecting means for selecting one claimant function out of the plurality of claimant functions; and
  
  first response data transmitting means for generating the first response data from the first challenge data based on the claimant function selected by the claimant function selecting means, and transmitting the first response data to the first appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device authentication system of claim 1,wherein the first verifying means includes:
    - a verifying function selecting unit for selecting one verification function out of the plurality of verification functions;
      
      a single function verifying unit for verifying whether the first challenge data and the first response data are related by the verification function selected by the verifying function selecting unit;
      
      a repetitive control unit for controlling the verifying function selecting unit and the single function verifying unit to select a yet unselected verification function and to perform verification when a verification performed by the single function verifying unit is unsuccessful,wherein the first authenticating means authenticates the second appliance when the single function verifying unit verifies that the first challenge data and the first response data are related by the selected verification function.
  - 3. The device authentication system of claim 2,wherein the claimant function selecting means selects one claimant function out of the plurality of claimant functions so as to satisfy a predetermined condition, the predetermined condition being that the first verifying means will be able to exclusively determine only one verification function that relates the first challenge data and the first response data, out of the plurality of verification functions.
  - 4. The device authentication system of claim 3,wherein the claimant function selecting means includes:
    - a provisional selecting unit for provisionally selecting one claimant function out of the plurality of claimant functions; and
      
      a final selecting unit for judging whether the claimant function provisionally selected by the provisional selecting unit satisfies the predetermined condition, if so, confirming the provisionally selected claimant function as the claimant function selected by the claimant function selecting means, and if not, searching for another claimant function that satisfies the predetermined condition and confirming the other claimant function as the claimant function selected by the claimant function selecting means.
  - 5. The device authentication system of claim 4,wherein the final selecting unit includes:
    - a claimant function selection ranking storing unit for storing priority rankings for selecting one claimant function out of the plurality of claimant functions;
      
      a provisional response data generating unit for generating provisional response data from the first challenge data based on the claimant function selected by the provisional selecting unit;
      
      a suitability judging unit for judging whether there is a claimant function that generates response data from the first challenge data that is identical to the provisional response data and that has a higher priority ranking than the claimant function selected by the provisional selecting unit; and
      
      a final determining unit for finally selecting, when the suitability judging unit has found at least one claimant function that results in the same response data and has a higher priority ranking, a claimant function found by the suitability judging unit with a highest priority ranking, and for finally selecting, when the suitability judging unit has not found a claimant function that results in the same response data and has a higher priority ranking, the claimant function provisionally selected by the provisional selecting unit,wherein the first verifying means further includes a verification function selection ranking storing unit for storing priority rankings for selecting one verification function out of the plurality of verification functions, the priority rankings corresponding to the priority rankings stored in the claimant function selection ranking storing unit, andwherein the verification function selection unit selects one verification function out of the plurality of verification functions in accordance with the priority rankings stored in the verification function selection ranking storing unit.
  - 6. The device authentication system of claim 5,wherein the second appliance includes a recording medium reading means for reading selection information recorded on a recording medium,and wherein the provisional selecting unit provisionally selects one claimant function in accordance with the selection information read by the recording medium reading means.
  - 7. The device authentication system of claim 6,wherein the first appliance further comprises:
    - authentication notifying means for notifying the second appliance that the first authenticating means has authenticated the second appliance;
      
      second challenge data receiving means for receiving second challenge data transmitted by the second appliance; and
      
      second response data transmitting means for generating second transmission data from the second challenge data based on the verification function which was found by the first verifying means to relate the first challenge data and first response data, and transmitting the generated second transmission data to the second appliance,and wherein the second appliance includes;
      
      second challenge data transmitting means for generating, after being notified that the first authenticating means has authenticated the second appliance, the second challenge data and transmitting the second challenge data to the first appliance;
      
      second response data receiving means for receiving the second response data transmitted by the first appliance;
      
      second verifying means for verifying that the second challenge data and the second response data are related by the claimant function selected by the claimant function selecting means; and
      
      second authenticating means for authenticating the first appliance when the second verifying means verifies that the second challenge data and the second response data are related by the selected claimant function.
  - 8. The device authentication system of claim 7,wherein the second appliance further comprises:
    - digital production reading means for reading a digital production recorded on the recording medium; and
      
      digital production transmitting means for transmitting, when the second appliance has authenticated the first appliance, the digital production to the first appliance,wherein the first appliance further comprises;
      
      digital production receiving means for receiving the digital production transmitted by the second appliance; and
      
      digital production processing means for processing the digital production to enable use of the digital production.
  - 9. The device authentication system of claim 8,wherein the digital production recorded on the recording medium is encrypted, and wherein the digital production processing means decrypts the encrypted digital production.
  - 10. The device authentication system of claim 9,wherein the plurality of verification functions and the plurality of claimant functions are such that each verification function and corresponding claimant function is an identical one-way function;
    - wherein the first verifying means performs verification by judging whether the first response data matches a result of when the first challenge data is subjected to any of the plurality of verification functions, andwherein the second verifying means performs verification by judging whether the second response data matches a result of when the second challenge data is subjected to any of the plurality of claimant functions.

11. A device authentication method, for a communication system composed of a first appliance and a second appliance that are connected by a communication path, whereby the first appliance verifies authenticity of the second appliance,the first appliance having a plurality of verification functions for verifying the authenticity of the second appliance, the second appliance having a plurality of claimant functions for proving the authenticity of the second appliance, and the plurality of claimant functions each corresponding to a different verification function out of the plurality of verification functions,the device authentication method comprising:
- a challenge data transmitting step where the first appliance generates challenge data and transmits the challenge data to the second appliance;
  
  a challenge data receiving step where the second appliance receives the challenge data;
  
  a claimant function selecting step where the second appliance selects one claimant function out of the plurality of claimant functions;
  
  a response data transmitting step where the second appliance generates response data from the challenge data based on the selected claimant function, and transmits the generated response data to the first appliance;
  
  a response data receiving step where the first appliance receives the response data;
  
  a verifying step where the first appliance verifies that the challenge data and the response data are related according to at least one verification function out of the plurality of verification functions; and
  
  an authenticating step where the first appliance authenticates the second appliance when verification in the verifying step is successful.
- View Dependent Claims (12, 13)
- - 12. The device authentication method of claim 11,wherein in the claimant function selecting step the second appliance provisionally selects a provisional claimant function out of the plurality of claimant functions, calculates a provisional function value from the challenge data based on the provisional claimant function, judges whether a function value equal to the provisional function value is calculated from the challenge data by any other claimant function, and, when there is at least one other function with a matching function value, finally selects one claimant function with a function value equal to the provisional function value as a finally selected claimant function and, when these is no other function with a matching function value, finally selects the provision claimant function as the finally selected claimant function.
  - 13. The device authentication method of claim 12,wherein in the claimant function selecting step, the second appliance obtains an indication inputted from outside and selects the provisional claimant function out of the plurality of claimant functions based on the inputted indication.

14. An appliance, connected to another device by a communication path, for proving authenticity in accordance with a device authentication protocol of challenge-response type, the appliance comprising:
- claimant function storing means for storing a plurality of claimant functions for proving the authenticity of the appliance;
  
  challenge data receiving means for receiving challenge data transmitted from the other device;
  
  claimant function selecting means for selecting one out of the plurality of claimant functions;
  
  response data transmitting means for generating response data from the challenge data, based on the selected claimant function, and transmitting the response data to the other device.
- View Dependent Claims (15, 16)
- - 15. The appliance of claim 14,wherein the claimant function selecting means provisionally selects one claimant function out of the plurality of claimant functions, calculates a provisional function value from the challenge data based on the provisionally selected claimant function, judges whether a function value equal to the provisional function value is calculated from the challenge data by any other claimant function, and, when there is at least one other function with a matching function value, finally selects one claimant function with a function value equal to the provisional function value as a finally selected claimant function and, when these is no other function with a matching function value, finally selects the provision claimant function as the finally selected claimant function.
  - 16. The appliance of claim 15, wherein the claimant function selecting means obtains an indication inputted from outside and provisionally selects one claimant function out of the plurality of claimant functions in accordance with the inputted indication.

17. An appliance, connected to another device by a communication path, for verifying authenticity of the other device in accordance with a device authentication protocol of challenge-response type, the appliance comprising:
- verification function storing means for storing a plurality of verification functions for verifying the authenticity of the other device;
  
  challenge data transmitting means for generating challenge data and transmitting the challenge data to the other device;
  
  response data receiving means for receiving response data corresponding to the challenge data from the other device;
  
  verifying means for verifying whether the challenge data and the response data are related by any of the plurality of verification functions; and
  
  authenticating means for verifying the authenticity of the other device when the verifying means finds that the challenge data and the response data are related by at least one of the plurality of verification functions.
- View Dependent Claims (18)
- - 18. The appliance of claim 17, further comprising:
    - a verification function selection ranking storing unit for storing predetermined priority rankings for selecting one verification function out of the plurality of verification functions; and
      
      verification function specifying means for specifying, when the verifying means finds that the challenge data and the response data are related by at least one of the plurality of verification functions, one of the verification functions that relates the challenge data and the response data, based on the priority rankings.

19. A device authentication system for a communication system between a first appliance and a second appliance connectable by a communication path, comprising:
- the first appliance comprising;
  
  a first verification storing means for storing a predetermined plurality of verification functions, each verification function being different from another one;
  
  a first challenge data transmitting means for generating a variable first challenge data that can be operated upon by anyone of the verification functions, and transmitting the first challenge data to the second appliance; and
  
  a first comparing unit for receiving a first response data, from the second appliance, in response to the sending of the first challenge data to the second appliance that is related to the first challenge data and comparing the first response data with a plurality of operands of operations between the plurality of verification functions and the first challenge data whereby if one of the stored verification functions is found a first authentication signal is generated, andthe second appliance comprising;
  
  a second verification storing means for storing the predetermined plurality of verification functions;
  
  a first challenge data receiving means for receiving the first challenge data;
  
  a first function selecting means for selecting one of the predetermined plurality of verification functions stored in the second verification storing means; and
  
  a first response data transmitting means for generating the first response data from the selected verification function and the first challenge data and transmitting the first response data to the first appliance.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The device authentication system of claim 19, further including a medium for storing proprietary data and a selection value, and the second appliance includes a function selection unit for reading the stored proprietary data and the selection value and transmitting the selection value to the first function selection means.
  - 21. The device authentication system of claim 20, wherein the function selection unig further stores a table of priority ranking for the plurality of verification functions and selects the highest priority of the plurality of verification functions that can correspond to the first response data.
  - 22. The device authentication system of claim 20, further including a transmission means for transmitting the proprietary data between the first and second appliance when the first authentication signal is generated.
  - 23. The device authentication system of claim 19 further including in the second appliance a second challenge data transmitting means for generating a variable second challenge data that can be operated upon by anyone of the verification functions and transmitting the second challenge data to the first appliance, and a second comparing unit for receiving a second respond data, from the first appliance in response to the sending of the second challenge data to the first appliance, that is related to the second challenge data and comparing the second response data to determine if an operand with the same verification function was used to generate the first challenge data, whereby if the same verification function was used, a second authentication signal is generated, andthe first appliance further includes means for storing the verification functions used to generate the first challenge data and means for generating a second respond data from the second challenge data and transmitting the second respond data to the second appliance.
  - 24. The device authentication system of claim 23 further including a transmission means for transmitting the proprietary data between the first and second appliance when the first and second authentication signals are generated.

25. A method of authenticating a communication system between a first appliance and a second appliance, comprising the steps of:
- generating a variable first challenge data and transmitting it from a first appliance to a second appliance;
  
  selecting one of a predetermined plurality of verification functions stored in the second appliance, each verification function being different from another one;
  
  generating a first response data by the second appliance using the selected verification function and the received first challenge data and transmitting it to the first appliance;
  
  comparing the first response data in the first appliance by using the first challenge data and a plurality of the same predetermined verification functions which are also stored in the first appliance to determine if one of the stored verification functions was used to create the first response data;
  
  issuing a first authenticating signal only if the comparing step finds a matching verification function;
  
  generating a variable second challenge data, upon receipt of the first authentication signal, and transmitting it from the second appliance to the first appliance;
  
  generating a second response data by the first appliance using the same verification function determined in the comparing of the first response data and the second challenge data and transmitting it to the second appliance;
  
  comparing the second response data in the second appliance by using the second challenge data and the selected verification function; and
  
  issuing a second authentication signal only if the comparing step finds a matching verification function.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein the selecting of one of the stored predetermined plurality of verification functions is made by decoding proprietary data to be transmitted after authentication is established and using an encoded selection value contained in the decoded data.
  - 27. The method of claim 25, wherein a priority table of the plurality of verification functions is stored in each appliance and the highest priority verification function is used in preparing a first response data.
  - 28. The method of claim 25, wherein the selecting of one of the stored predetermined plurality of verification functions is made initially by decoding proprietary data to be transmitted after authentication is established and using an encoded selection value contained in the decoded data, the initial verification function is used with the first challenge data and the resulting first response data is then reviewed with the remaining stored verification functions and the highest verification function that is applicable is then selected as the verification function to be stored for future comparisons.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation), Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation), Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Tatebayashi, Makoto, Fukushima, Yoshihisa, Matsuzaki, Natsume, Ishihara, Atsushi, Hirayama, Koichi
Primary Examiner(s)
Zimmerman, Brian
Assistant Examiner(s)
Dalencourt, Yves

Application Number

US08/940,076
Time in Patent Office

890 Days
Field of Search

340/825.34, 340/825.3, 340/825.54, 340/505, 340/10.1, 395/186, 395/188.01, 705/18, 705/44, 707/9, 711/163, 711/164, 380/3, 380/4, 380/5, 380/9, 380/23, 380/25, 455/410, 455/411, 1/1, 709/229, 713/200, 713/201, 713/202
US Class Current

340/5.8
CPC Class Codes

H04L 9/3271 using challenge-response

Device authentication system which allows the authentication function to be changed

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Device authentication system which allows the authentication function to be changed

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links