Encryption apparatus for ensuring security in communication between devices
First Claim
1. An encryption apparatus for devices which perform a challenge/response-type authentication of a device in communication, distribute a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the encryption apparatus comprising:
- first random number generation means for generating first random number for distributing the data transfer key;
first random number storage means for storing the generated first random number;
first transmission means for incorporating the generated first random number into either challenge data or response data and transmitting either the challenge data or response data with the first random number to a device in communication, the challenge data being used to authenticate the device in communication and the response data being used to certify legitimacy of the encryption apparatus itself,wherein the device in communication is another device in current encrypted communication;
data transfer key generation means for generating the data transfer key through use of the first random number stored by the first random number R1 storage means, the data transfer key being time-varying;
transfer data encryption means for encrypting the transfer data to be transferred in the encrypted communication through use of the data transfer key,wherein the first random number generation means, the first random number storage means, the data transfer key generation means, and the transfer data encryption means are implemented through a single IC chip, andwherein the first random number storage means stores the first random number in an area tamper-proof from outside the single IC chip.
2 Assignments
0 Petitions
Accused Products
Abstract
In the first devices, MPU 53 generates random number R1 as challenge data. Random number R3 is generated by first encryption IC 54, and then combined with random number R1, encrypted, and sent to second device 52 as encrypted text C1. When encrypted text C2 is similarly received from second device 52, first encryption IC 54 decrypts C2 and separates the decrypted result into first separated data RR2 and second separated data RR4. The first encryption IC 54 returns the first separated data to second device 52 as response data. MPU 53 compares the first separated data returned from second device 52 with random number R1, and in the event of a match, authenticates second device 52 as a legitimate device. The first encryption IC 54 generates the time-varying data transfer key by combining second separated data RR4 with random number R3, and transfers the digital copyrighted data to second device 52 by using the data transfer key.
-
Citations
33 Claims
-
1. An encryption apparatus for devices which perform a challenge/response-type authentication of a device in communication, distribute a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the encryption apparatus comprising:
-
first random number generation means for generating first random number for distributing the data transfer key; first random number storage means for storing the generated first random number; first transmission means for incorporating the generated first random number into either challenge data or response data and transmitting either the challenge data or response data with the first random number to a device in communication, the challenge data being used to authenticate the device in communication and the response data being used to certify legitimacy of the encryption apparatus itself, wherein the device in communication is another device in current encrypted communication; data transfer key generation means for generating the data transfer key through use of the first random number stored by the first random number R1 storage means, the data transfer key being time-varying; transfer data encryption means for encrypting the transfer data to be transferred in the encrypted communication through use of the data transfer key, wherein the first random number generation means, the first random number storage means, the data transfer key generation means, and the transfer data encryption means are implemented through a single IC chip, and wherein the first random number storage means stores the first random number in an area tamper-proof from outside the single IC chip. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A communication system made up of a transmitter and a receiver which conduct distribution of a data transfer key and encrypted communication using the data transfer key, the transmitter and receiver, being devices in communication which mutually authenticate each other through communication based on an authentication protocol of challenge/response type, wherein the transmitter and the receiver each comprise:
-
first random number generation means for generating a first random number to be used as challenge data; second random number generation means for generating a second random number to be used as the data transfer key; combination means for combining the first random number with the second random number; encryption means for encrypting the combined data; first transmission means for transmitting the encrypted combined data to the device in communication; first receiving means for receiving the encrypted combined data sent from the first transmission means; decryption means for decrypting the received combined data; separation means for separating the decrypted combined data into a first separated data which corresponds to the response data, and a remaining second separated data to be used for the data transfer key; second transmission means for transmitting the first separated data to the device in communication as response data, second receiving means for receiving the first separated data returned from the second transmission means of the device in communication; comparison means which compares the received first separated data with the first random number, and in the event of a match, authenticates the device in communication as a legitimate device; data transfer key generation means for generating the data transfer key by combining the second random number with the second separated data; and encrypted communication means for conducting encrypted communication with the device in communication by using the generated data transfer key when authentication has been achieved; wherein, the second random number generation means, the combination means, the encryption means, the decryption means, the separation means, the data transfer key generation means, and the encrypted communication means are implemented in a circuit in a single IC chip.
-
-
27. A communication system made up of a transmitter and a receiver which conduct distribution of a data transfer key and encrypted communication using the data transfer key, the transmitter and receiver, being devices in communication which mutually authenticate each other through communication based on an authentication protocol of challenge/response type, wherein the transmitter and the receiver each comprise:
-
first random number generation means for generating a first random number to be used as challenge data; first transmission means for transmitting the first random number to the device in communication; first receiving means for receiving the first random number sent from the first transmission means of the device in communication; second random number generation means for generating a second random umber to be used for the data transfer key;
combination means for combining the received first random number with the second random number;encryption means for encrypting the combined data;
second transmission means for transmitting the encrypted combined data to the device in communication;second receiving means for receiving the encrypted combined data sent from the second transmission means of the device in question; decryption means for decrypting the received combined data; separation means for separating the decrypted combined data into a first separated data which corresponds to the response data and a second separated data to be used for the data transfer key; data transfer key generation means for generating the data transfer key by combining the second random number with the second separated data; and encrypted communication means for conducting encrypted communication with the device in communication by using the generated data transfer key when authentication has been achieved; wherein, the second random number generation means, the combination means, the encryption means, the decryption means, the separation means, the data transfer key generation means, and the encrypted communication means are implemented in a circuit in a single IC chip.
-
-
28. A communication system made up of a transmitter and a receiver which conduct distribution of a data transfer key and encrypted communication using the data transfer key, the transmitter and receiver, being devices in communication which mutually authenticate each other through communication based on an authentication protocol of challenge/response type, wherein the transmitter comprises:
-
first random number generation means for generating a first random number; first encryption means for encrypting the first random number; and first transmission means for transmitting the encrypted first random number to the receiver, wherein the receiver comprises; first receiving means for receiving the encrypted random number; first decryption means for decrypting the received first random number; second random number generator for generating a second random number; first combination means for generating combined data by combining the first random number with the second random number; second encryption means for encryption the combined data; and second transmission means for transmitting the encrypted combined data to the transmitter, wherein the transmitter further comprises; second receiving means for receiving the encrypted combined data; second decryption means for decrypting the received combined data; a separation means for separating the decrypted combined data into a first separated data which corresponds to the first random number and a second separated data which corresponds to the second random number; first comparison means which compares the first random number with the first separated data, and in the event of a match, authenticates the receiver as a legitimate device; third encryption means for encrypting the second separated data in the event of authentication; and first data transfer key generation means for generating the data transfer key by combining the first random number generated by the first random number generation means and second separated data obtained by the separation means wherein the receiving means further comprises; third receiving means for receiving the encrypted second separated data; third decryption means for decrypting the received second separated data; second comparison means which compares the decrypted second separated data with the second random number, and in the event of a match, authorizes the transmitter as a legitimate device; and second data transfer key generation means for generating the data transfer key by combining the first random number obtained by the first decryption means with the second random number generated by the second random number generation means, wherein the transmitter further comprises; fourth encryption means for encrypting transfer data using the data transfer key generated by the first data transfer key generation means; and fourth transmission means for transmitting the encrypted transfer data to the receiver, and wherein the receiver also comprises; fourth receiving means to receive the encrypted transfer data from the transmitter; and fourth decryption means for decrypting the encrypted transfer data using the data transfer key generated by the second data transfer key generation means, wherein, the first random number generation means, the first encryption means, the second decryption means, the separation means, the first comparison means, the third encryption means, the first data transfer key generation means, the fourth encryption means, and the fourth decryption means of the transmitter are implemented in a circuit in a single IC chip, and the first decryption means, the second random number generation means, the first combination means, the second encryption means, the third decryption means, the second separation means, and the second data transfer key generation means of the receiver are implemented in a circuit in a single IC chip.
-
-
29. A communication device which performs a challenge/response-type authentication of a device in communication, distributes a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the communication device comprising:
-
first random number generation means for generating a first random number to be used for authenticating the device in communication; second random number generation means for generating a second random number to be used for data transmission; combination means for combining the first random number with the second random number; encryption means for encrypting the combined data; first transmission means for transmitting the encrypted combined data to the device in communication as challenge data; first receiving means for receiving challenge data from the device in communication; decryption means for decrypting the received challenge data; separation means for separating the decrypted challenge data into a first separated data which corresponds to response data, and a remaining second separated data to be used for the data transfer key; second transmission means for returning the first separated data to the device in communication as response data; second receiving means for receiving response data returned from the device in communication; comparison means which compares the received response data with the first random number, and in the event of a match, authenticates the device in communication as a legitimate device; data transfer key generation means for generating the data transfer key by combining the second random number with the second separated data; and encrypted communication means for conducting encrypted communication with the device in communication by using the generated data transfer key when authentication has been achieved, wherein the second random number generation means, the combination means, the encryption means, the decryption means, the separation means, the data transfer key generation means, and the encrypted communication means are implemented in a circuit in a single IC chip, and the first random number generation means, the first transmission means, the first receiving means, the second transmission means, the second receiving means, the comparison means are implemented in a circuit other than the circuit in the single IC chip.
-
-
30. A communication device which performs a challenge/response-type authentication of a device in communication, distributes a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the communication device comprising:
-
first random number generation means for generating a first random number to be used for authenticating the device in communication; first transmission means for transmitting the first random number to the device in communication as challenge data; first receiving means for receiving challenge data from the device in communication; second random number generation means for generating a second random number to be used for data transmission; combination means for combining the received challenge data with the second random number; encryption means for encrypting the combined data; second transmission means for returning the encrypted combined data to the device in communication as response data; second receiving means for receiving response data returned from the device in communication; decryption means for decrypting the received response data; separation means for separating the decrypted response data into a first separated data which corresponds to challenge data, and a remaining second separated data to be used for data transmission; comparison means which compares the first separated data with the first random number, and in the event of a match, authenticates the device in communication as a legitimate device; data transfer key generation means for generating the data transfer key by combining the second random number with the second separated data; and encrypted communication means for conducting encrypted communication with the device in communication by using the generated data transfer key when authentication has been achieved, wherein the second random number generation means, the combination means, the encryption means, the decryption means, the separation means, the data transfer key generation means, and the encrypted communication means are implemented in a circuit in a single IC chip, and the first random number generation means, the first transmission means, the first receiving means, the second transmission means, the second receiving means, the comparison means are implemented in a circuit other than the circuit in the single IC chip.
-
-
31. A communication device which performs a challenge/response-type authentication of a device in communication, distributes a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the communication device comprising:
-
random number generation means for generating a random number to be used for authenticating the device in communication and for data transmission; first encryption means for encrypting the random number; first transmission means for transmitting the encrypted random number to the device in communication as challenge data; receiving means for receiving first response data returned from the device in communication in response to challenge data; decryption means for decrypting the received first response data; separation means for separating the decrypted first response data into a first separated data which corresponds to the challenge data and a second separated data to be used for data transmission; comparison means which compares the first separated data with the random number, and in the event of a match, authenticates the device in communication as a legitimate device;
second encryption means for encrypting the second separated data;second transmission means for transmitting the encrypted second separated data to the device in communication as second response data; data transfer key generation means for generating the data transfer key by combining the random number with the second separated data; and encrypted communication means for conducting encrypted communication with the device in communication by using the generated data transfer key when authentication has been achieved, wherein the random number generation means, the first encryption means, the decryption means, the separation means, the second encryption means, the data transfer key generation means, and the encrypted communication means are implemented in a circuit in a single IC chip, and the first transmission means, the receiving means, the comparison means, and the second transmission means are implemented in a circuit other than the circuit in the single IC chip.
-
-
32. A communication device which performs a challenge/response-type authentication of a device in communication, distributes a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the communication device comprising:
-
random number generation means for generating a random number to be used for authenticating the device in communication and for data transmission; transmission means for transmitting the random number to the device in communication as challenge data; receiving means for receiving response data returned from the device in communication in response to challenge data; decryption means for decrypting the received response data; comparison means which compares the decrypted response data with the random number, and in the event of a match, authenticates the device in communication as a legitimate device; and encrypted communication means for conducting encrypted communication with the device in communication by using the random number as a data transfer key when authentication has been achieved, wherein the random number generation means, the decryption means, the comparison means, and the encrypted communication means are implemented in a circuit in a single IC chip, and the transmission means and the receiving means are implemented in a circuit other than the circuit in the single IC chip.
-
-
33. An encryption apparatus for devices which perform a challenge/response-type authentication of a device in communication, distribute a data transfer key to the device in communication and use the data transfer key to perform encrypted communication with the device in communication, the encryption apparatus comprising:
-
first random number generation unit for generating first random number for distributing the data transfer key; first random number storage member for storing the generated first random number; a first transmitter unit for incorporating the generated first random number into either challenge data or response data and transmitting either the challenge data or response data with the first random number to a device in communication, the challenge data being used to authenticate the device in communication, and the response data being used to certify legitimacy of the encryption apparatus itself, wherein the device in communication is another device in current encrypted communication; data transfer key generator means for generating the data transfer key through use of the first random number stored by the first random number in the storage member, the data transfer key being time-varying; a transfer data encryption unit for encrypting the transfer data to be transferred in the encrypted communication through use of the data transfer key, and a single IC chip consisting of the first random number generation unit, the first random number storage member, the data transfer key generator, and the transfer data encryption unit on a substrate, wherein the first random number storage member stores the first random number in a portion of the single IC chip which is tamper-proof from third party communications originating from outside the single IC chip.
-
Specification