System and method for authentication, and device and method for authentication

US 6,058,477 A
Filed: 03/23/1998
Issued: 05/02/2000
Est. Priority Date: 03/26/1997
Status: Expired

First Claim

Patent Images

1. An authentication system for performing authentication processing between a first device and a second device, said first device comprising:

first memory means for storing a plurality of data areas and a first plurality of keys, wherein each of said first plurality of keys indicates access to a corresponding one of said plurality of data areas;

first generation means for generating a first single authentication key from two or more of the first plurality of keys stored in said first memory means, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas; and

first communication means for communicating said first single authentication key with said second device, andsaid second device comprising;

second memory means for storing a second plurality of keys equivalent to said first plurality of keys;

second generation means for generating a second single authentication key from two or more of the second plurality of keys stored in said second memory means; and

second communication means for communicating said second single authentication key with said first device,wherein one of said first device and said second device further comprises encipherment means for enciphering information using a corresponding one of said first single authentication key and said second single authentication key, andwherein another of said first device and said second device further comprises decipherment means for deciphering said information enciphered by said encipherment means using another corresponding one of said first single authentication key and said second single authentication key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In authentication using a plurality of cipher keys, the authentication time is shortened. In the case that an encipher key to encipher key are required to take an access to each area out of the area to area in a memory of an IC card, a plurality of areas to have an access is informed to the IC card from a reader writer, a plurality of cipher keys corresponding to these areas (for example, cipher key 1, cipher key 2, and cipher key 4) is read out, and reduction processing section generates one reduction key from these cipher keys. A random number which is generated from a random number generation section of the reader writer is transferred to the IC card, and an encipherment section enciphers the random number using the reduction key. The reader writer receives the enciphered random number from the IC card, and deciphers it using the reduction key, and judges the IC card to be proper if the deciphered random number is equal to the generated random number.

94 Citations

View as Search Results

22 Claims

1. An authentication system for performing authentication processing between a first device and a second device, said first device comprising:
- first memory means for storing a plurality of data areas and a first plurality of keys, wherein each of said first plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  first generation means for generating a first single authentication key from two or more of the first plurality of keys stored in said first memory means, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas; and
  
  first communication means for communicating said first single authentication key with said second device, andsaid second device comprising;
  
  second memory means for storing a second plurality of keys equivalent to said first plurality of keys;
  
  second generation means for generating a second single authentication key from two or more of the second plurality of keys stored in said second memory means; and
  
  second communication means for communicating said second single authentication key with said first device,wherein one of said first device and said second device further comprises encipherment means for enciphering information using a corresponding one of said first single authentication key and said second single authentication key, andwherein another of said first device and said second device further comprises decipherment means for deciphering said information enciphered by said encipherment means using another corresponding one of said first single authentication key and said second single authentication key.
- View Dependent Claims (2, 3)
- - 2. An authentication system according to claim 1, wherein:
    - said one of said first device and said second device further comprises notification means for notifying, to said another of said first device and said second device, information required to generate said corresponding one of said first single authentication key and said second single authentication key, andsaid another of said first device and said second device generates said another corresponding one of said first single authentication key and said second single authentication key corresponding to the information notified by said notification means.
  - 3. An authentication system according to claim 1, wherein:
    - at least one of said first device and said second device further comprises a random number generation means for generating a random number,said encipherment means enciphers said random number generated by said random number generation means, andsaid decipherment means deciphers said random number enciphered by said encipherment means.

4. An authentication method for performing authentication processing between a first device and a second device, the method in said first device comprising:
- a first memory step of storing a plurality of data areas and a first plurality of keys, wherein each of said first plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  a first generation step of generating a first single authentication key from two or more of the first plurality of keys stored in said first memory step, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas; and
  
  a first communication step of communicating said first single authentication key with said second device, andthe method in said second device comprising;
  
  a second memory step of storing a second plurality of keys equivalent to said first plurality of keys;
  
  second generation step of generating a second single authentication key from two or more of the second plurality of keys stored in said second memory step; and
  
  a second communication step of communicating said second single authentication key with said first device,wherein one of said first device and said second device further performs processing in an encipherment step of enciphering information using a corresponding one of said first single authentication key and said second single authentication key, andwherein another of said first device and said second device further performs processing in a decipherment step of deciphering said information enciphered in said encipherment step using another corresponding one of said first single authentication key and said second single authentication key.

5. An authentication device for performing authentication processing with another device, said authentication device comprising:
- communication means for communicating a first single authentication key with said another device;
  
  memory means for storing a first plurality of keys;
  
  generation means for generating said first single authentication key from two or more of said first plurality of keys stored in said memory means;
  
  notification means for notifying, to said another device, information required to generate a second single authentication key from two or more of a second plurality of keys stored in said another device and data to be enciphered using said second single authentication key, wherein said second plurality of keys is equivalent to said first plurality of keys; and
  
  decipherment means for decoding the enciphered data using said first single authentication key.
- View Dependent Claims (6)
- - 6. An authentication device according to claim 5, wherein said notification means notifies a random number as said data to be enciphered.

7. An authentication method for performing authentication processing between an authentication device and another device, comprising:
- a communication step of communicating a first single authentication key with said another device;
  
  a memory step of storing a first plurality of keys;
  
  a generation step of generating said first single authentication key from two or more of said first plurality of keys stored in said memory step;
  
  a notification step of notifying, to said another device, information required to generate a second single authentication key from two or more of a second plurality of keys stored in said another device and data to be enciphered using said second single authentication key, wherein said second plurality of keys is equivalent to said first plurality of keys; and
  
  a decipherment step of deciphering the enciphered data using said first single authentication key.

8. An authentication device for performing authentication processing with another device, said authentication device comprising:
- communication means for communicating a single authentication key with said another device;
  
  memory means for storing a plurality of data areas and a plurality of keys, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  generation means for generating said single authentication key from two or more of the plurality of keys stored in said memory means based on information notified by said another device, wherein said single authentication key indicates access to two or more corresponding of said plurality of data areas; and
  
  an encipherment means for enciphering the information notified by said another device using said single authentication key.

9. An authentication method for performing authentication processing between an authentication device and another device, comprising:
- a communication step of communicating a single authentication key with said another device;
  
  a memory step of storing a plurality of data areas and a plurality of keys, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  a generation step of generating said single authentication key from two or more of the plurality of keys stored in said memory step based on information notified by said another device, wherein said single authentication key indicates access to two or more corresponding of said plurality of data areas; and
  
  an encipherment step of enciphering the information notified by said another device using said single authentication key.

10. An authentication system for performing authentication processing between a first device and a second device, said first device comprising:
- first memory means for storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
  
  first generation means for generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
  
  first notification means for notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key; and
  
  first communication means for communicating said first single authentication key with said second device, andsaid second device comprising;
  
  second memory means for storing a plurality of data areas, said second plurality of keys and a second common data equivalent to said first common data, wherein each of said second plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  second generation means for generating said second single authentication key from the notified information, two or more of said second plurality of keys, and said common data; and
  
  second communication means for communicating said second single authentication key with said first device; and
  
  wherein one of said first device and said second device further comprises encipherment means for enciphering data using a corresponding one of said first single authentication key and said second single authentication key, andwherein another of said first device and said second device further comprises decipherment means for deciphering the data enciphered by said encipherment means using another corresponding one of said first single authentication key and said second single authentication key.
- View Dependent Claims (11, 12, 13)
- - 11. An authentication system according to claim 10, wherein:
    - said another of said first device and said second device further comprises second encipherment means for enciphering second data using said another corresponding one of said first single authentication key and said second single authentication key;
      
      said one of said first device and said second device further comprises second decipherment means for deciphering the enciphered second data using said corresponding one of said first single authentication key and said second single authentication key;
      
      said first device further comprises random number generation means for generating a random number;
      
      said encipherment means enciphers said random number using said corresponding one of said first single authentication key and said second single authentication key;
      
      said decipherment means deciphers the enciphered random number using said another corresponding one of said first single authentication key and said second single authentication key;
      
      said second encipherment means enciphers the deciphered random number using said another corresponding one of said first single authentication key and said second single authentication key; and
      
      said second decipherment means deciphers the enciphered deciphered random number using said corresponding one of said first single authentication key and said second single authentication key.
  - 12. An authentication system according to claim 10, wherein:
    - the one of said first device and said second device receives from the another device of said first device and said second device a device identification number specific to the another device of said first device and said second device,the another of said first device and said second device stores said device identification number in a corresponding one of said first memory means and said second memory means, andsaid first generation means and said second generation means use said device identification number for generating a respective one of said first single authentication key and said second single authentication key.
  - 13. An authentication system according to claim 10, wherein:
    - said first memory means further stores a first verification value;
      
      said second memory means further stores a second verification value having a value equivalent to said first verification value;
      
      said first generation means further generates a replacement key and a verification key, wherein said replacement key corresponds to one of said first plurality of keys that is to be replaced, and wherein said replacement key, said verification key and said first verification value are related;
      
      said first device further comprises said encipherment means, wherein said encipherment means further enciphers first data and second data using said one of said first plurality of keys that is to be replaced, wherein said first data corresponds to said replacement key and said second data corresponds to said verification key;
      
      said first communication means further communicates the enciphered first data and the enciphered second data with said second device;
      
      said second device further comprises said decipherment means, wherein said decipherment means further deciphers the enciphered first data and the enciphered second data using a corresponding one of said second plurality of keys and in accordance therewith generates a deciphered replacement key and a deciphered verification key; and
      
      said second device further comprises control means for verifying that said deciphered replacement key, said deciphered verification key, and said second verification value are related, and in accordance therewith replacing said corresponding one of said second plurality of keys with said deciphered replacement key.

14. An authentication method for performing authentication processing between a first device and a second device,the method in said first device comprising:
- a first memory step of storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
  
  a first generation step generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
  
  an first information step of notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key; and
  
  a first communication step of communicating said first single authentication key with said second device, andthe method in said second device comprising;
  
  a second memory step of storing a plurality of data areas, said second plurality of keys and a second common data equivalent to said first common data, wherein each of said second plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  a second generation step of generating said second single authentication key from the notified information, two or more of said second plurality of keys, and said common data; and
  
  a second communication step of communicating said second single authentication key with said first device, andwherein one of said first device and said second device further performs an encipherment step of enciphering data using a corresponding one of said first single authentication key and said second single authentication key, andwherein another of said first device and said second device further performs a decipherment step of deciphering the data enciphered in said encipherment step using another corresponding one of said first single authentication key and said second single authentication key.

15. An authentication device for performing authentication processing with a second device comprising:
- memory means for storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
  
  generation means for generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
  
  notification means for notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key;
  
  communication means for communicating said first single authentication key with said second device; and
  
  encipherment means for enciphering data using said first single authentication key.
- View Dependent Claims (16, 17)
- - 16. An authentication device according to claim 15, wherein said generation means uses a device identification number specific to said second device for generating said first single authentication key.
  - 17. An authentication device according to claim 15, wherein:
    - said memory means further stores a first verification value;
      
      said generation means further generates a replacement key and a verification key, wherein said replacement key corresponds to one of said first plurality of keys that is to be replaced, and wherein said replacement key, said verification key and said first verification value are related;
      
      said encipherment means further enciphers first data and second data using said one of said first plurality of keys that is to be replaced, wherein said first data corresponds to said replacement key and said second data corresponds to said verification key; and
      
      said communications means further communicates the enciphered first data and the enciphered second data with said second device.

18. An authentication method for performing authentication processing with a second device, the method comprising:
- a memory step of storing a first authentication key, a first common data and a first plurality of keys, wherein each of said first plurality of keys corresponds to said first common data combined with a respective one of a second plurality of keys;
  
  a generation step of generating a first single authentication key from said first authentication key and a corresponding one of said first plurality of keys;
  
  a notification step of notifying information required for said second device to generate a second single authentication key corresponding to said first single authentication key;
  
  a communication step of communicating said first single authentication key with said second device; and
  
  an encipherment step of enciphering data using said first single authentication key.

19. An authentication device for performing authentication processing with a second device, said authentication device comprising:
- memory means for storing a plurality of data areas, a plurality of keys and common data, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  generation means for generating a first single authentication key from two or more of the plurality of keys and said common data, in accordance with information received from said second device, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas;
  
  communication means for communicating said first single authentication key with said second device; and
  
  decipherment means for deciphering data using said first single authentication key, wherein said data was enciphered by said second device.
- View Dependent Claims (20, 21)
- - 20. An authentication device according to claim 19, wherein said generation means uses a device identification number specific to said authentication device in addition to the information received from said second device.
  - 21. An authentication device according to claim 19, wherein:
    - said memory means further stores a verification value;
      
      said decipherment means further deciphers an enciphered first data and an enciphered second data received from said second device using a corresponding one of said plurality of keys and said common data, and in accordance therewith generates a deciphered replacement key and a deciphered verification key; and
      
      said authentication device further comprises control means for verifying that said deciphered replacement key, said deciphered verification key, and said verification value are related, and in accordance therewith replacing said corresponding one of said plurality of keys with said deciphered replacement key.

22. An authentication method for performing authentication processing with a second device, the method comprising:
- a memory step of storing a plurality of data areas, a plurality of keys and common data, wherein each of said plurality of keys indicates access to a corresponding one of said plurality of data areas;
  
  a generation step of generating a first single authentication key from two or more of the plurality of keys keys and said common data, in accordance with information received from said second device, wherein said first single authentication key indicates access to two or more corresponding of said plurality of data areas;
  
  a communication step of communicating said first single authentication key with said second device; and
  
  a decipherment step of deciphering data using said first single authentication key, wherein said data was enciphered by said second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Takada, Masayuki, Ishibashi, Yoshihito, Kusakabe, Susumu
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Darrow, Justin T.

Application Number

US09/046,249
Time in Patent Office

771 Days
Field of Search

713/201, 713/169, 713/170, 713/171, 380/21, 380/25, 380/283, 380/284, 709/227, 709/229
US Class Current

713/169
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 63/062   for key distribution, e.g. ...

System and method for authentication, and device and method for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication, and device and method for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links