Authentication method, communication method, and information processing apparatus

US 6,073,236 A
Filed: 06/20/1997
Issued: 06/06/2000
Est. Priority Date: 06/28/1996
Status: Expired due to Term

First Claim

Patent Images

1. An authentication method between a first information processing apparatus and a second information processing apparatus, wherein said first information processing apparatus and said second information processing apparatus include storage means for storing a first key and a second key, encryption means for encrypting predetermined data using either one of said first key and said second key and decryption means for decrypting a code generated by either one of said second key and said first key, said method comprising the steps of:

encrypting random first data into a first code using said first key of said encryption means of said first information processing apparatus;

decrypting said first code into second data using said first key of said decryption means of said second information processing apparatus;

encrypting said second data into a second code using said second key of said encryption means of said second information processing apparatus;

encrypting random third data into a third code using said second key of said encryption means of said second information processing apparatus;

decrypting said second code into fourth data using said second key of said decryption means of said first information processing apparatus;

authenticating said second information processing apparatus by said first information processing apparatus on the basis of said first data and said fourth data;

decrypting said third code into fifth data using said second key of said decryption means of said first information processing apparatus;

encrypting said fifth data into a fourth code using said first key of said encryption means of said first information processing apparatus;

decrypting said fourth code into sixth data using said first key of said decryption means of said second information processing apparatus; and

authenticating said first information processing apparatus by said second information processing apparatus on the basis of said third data and said sixth data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mutual authentication is performed. A reader/writer (R/W) transmits to an IC card a code C₁ that is a random number R_A encrypted using a key K_B. The IC card decrypts the code C₁ into plain text M₁ using the key K_B. The IC card transmits to the R/W a code C₂ that is the plain text M₁ encrypted using a key K_A and a code C₃ that is a random number R_B encrypted using the key K_A. The R/W decrypts the codes C₂ and C₃ into plain text M₂ and plain text M₃, respectively, using the key K_A. When the R/W determines that the plain text M₂ and the random number R_A are the same, it authenticates the IC card. Next, the R/W transmits to the IC card a code C₄ that is the plain text M₃ encrypted using the key K_B. The IC card decrypts the code C₄ into plain text M₄ using the key K_B. When the IC card determines that the plain text M₄ and the random number R_B are the same, it authenticates the R/W.

Citations

30 Claims

1. An authentication method between a first information processing apparatus and a second information processing apparatus, wherein said first information processing apparatus and said second information processing apparatus include storage means for storing a first key and a second key, encryption means for encrypting predetermined data using either one of said first key and said second key and decryption means for decrypting a code generated by either one of said second key and said first key, said method comprising the steps of:
- encrypting random first data into a first code using said first key of said encryption means of said first information processing apparatus;
  
  decrypting said first code into second data using said first key of said decryption means of said second information processing apparatus;
  
  encrypting said second data into a second code using said second key of said encryption means of said second information processing apparatus;
  
  encrypting random third data into a third code using said second key of said encryption means of said second information processing apparatus;
  
  decrypting said second code into fourth data using said second key of said decryption means of said first information processing apparatus;
  
  authenticating said second information processing apparatus by said first information processing apparatus on the basis of said first data and said fourth data;
  
  decrypting said third code into fifth data using said second key of said decryption means of said first information processing apparatus;
  
  encrypting said fifth data into a fourth code using said first key of said encryption means of said first information processing apparatus;
  
  decrypting said fourth code into sixth data using said first key of said decryption means of said second information processing apparatus; and
  
  authenticating said first information processing apparatus by said second information processing apparatus on the basis of said third data and said sixth data.

2. A communication method between a first information processing apparatus and a second information processing apparatus, wherein said first information processing apparatus and said second information processing apparatus include storage means for storing a first key and a second key, encryption means for encrypting predetermined data using either one of said first key and said second key, decryption means for decrypting a code generated by either one of said second key and said first key, transmission means for transmitting said encrypted predetermined data and receiving means for receiving said encrypted predetermined data, said method comprising the steps of:
- encrypting random first data into a first code using said first key of said encryption means of said first information processing apparatus;
  
  transmitting said first code to said second information processing apparatus using said transmission means of said first information processing apparatus;
  
  receiving said first code from said first information processing apparatus using said receiving means of said second information processing apparatus;
  
  decrypting said first code into second data using said first key of said decryption means of said second information processing apparatus;
  
  encrypting said second data into a second code using said second key of said encrypting means of said second information processing apparatus;
  
  encrypting random third data into a third code using said second key of said encryption means of said second information processing apparatus;
  
  transmitting said second code and said third code to said first information processing apparatus using said transmission means of said second information processing apparatus;
  
  receiving said second code and said third code from said second information processing apparatus using said receiving means of said first information processing apparatus;
  
  decrypting said second code into fourth data using said second key of said decryption means of said first information processing apparatus;
  
  authenticating said second information processing apparatus by said first information processing apparatus on the basis of said first data and said fourth data;
  
  decrypting said third code into fifth data using said second key of said decryption means of said first information processing apparatus;
  
  encrypting said fifth data into a fourth code using said first key of said second encryption means of said first information processing apparatus;
  
  transmitting said fourth code to said second information processing apparatus using said transmission means of said first information processing apparatus;
  
  receiving said fourth code from said first information processing apparatus using said receiving means of said second information processing apparatus;
  
  decrypting said fourth code into sixth data using said first key of said decryption means of said second information processing apparatus; and
  
  authenticating said first information processing apparatus by said second information processing apparatus on the basis of said third data and said sixth data.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 3. The communication method according to claim 2,wherein said first data is a predetermined identification number, said third data is a third key, said encryption means of said first information processing apparatus encrypts a first command into a fifth code using said third key and encrypts said predetermined identification number into a sixth code using said third key, said transmission means of said first information processing apparatus transmits said fifth code with said sixth code, said receiving means of said second information processing apparatus receives said fifth code and said sixth code, said decryption means of said second information processing apparatus decrypts said fifth code into a second command using said third key and decrypts said sixth code into seventh data using said third key, and said second information processing apparatus authenticates said second command on the basis of said seventh data and said predetermined identification number.
  - 4. The communication method according to claim 3,wherein said predetermined identification number of said first information processing apparatus is changed for each encryption of said first command.
  - 5. The communication method according to claim 4,wherein said predetermined identification number of said first information processing apparatus is increased for each encryption of said first command.
  - 6. The communication method according to claim 3,wherein said second information processing apparatus authenticates said second command when said seventh data has a value within a predetermined range corresponding to said predetermined identification number.
  - 7. The communication method according to claim 3,wherein said second information processing apparatus compares a first value of said seventh data in a range of a predetermined number of digits with a second value of said predetermined identification number in said range of said predetermined number of digits and authenticates said second command when the first value within said range of said predetermined number of digits in said seventh data is at least equal to the second value within said range of said predetermined number of digits in said predetermined identification number.
  - 8. The communication method according to claim 3,wherein said second information processing apparatus performs a process corresponding to said second command and generates response data corresponding to the process results, said encryption means of said second information processing apparatus encrypts said response data into a seventh code using said third key and encrypts said predetermined identification number into an eighth code using said third key, said transmission means of said second information processing apparatus transmits said seventh code with said eighth code, said receiving means of said first information processing apparatus receives said seventh code and said eighth code, said decryption means of said first information processing apparatus decrypts said seventh code into eighth data using said third key and decrypts said eighth code into ninth data using said third key, and said first information processing apparatus authenticates said eighth data as said response data on the basis of said ninth data and said predetermined identification number.
  - 9. The communication method according to claim 8,wherein said predetermined identification number of said second information processing apparatus is changed for each encryption of said eighth data.
  - 10. The communication method according to claim 9,wherein said predetermined identification number of said second information processing apparatus is increased for each encryption of said eighth data.
  - 11. The communication method according to claim 8,wherein said first information processing apparatus authenticates said eighth data as said response data when said ninth data has a value within a predetermined range corresponding to said predetermined identification number.
  - 12. The communication method according to claim 8,wherein said first information processing apparatus compares a first value of said ninth data in a range of a predetermined number of digits with a second value of said predetermined identification number in said range of said predetermined number of digits, and authenticates said eighth data as said response data when the first value within said range of said predetermined number of digits in said ninth data is at least equal to the second value within said range of said predetermined number of digits in said predetermined identification number.
  - 13. The communication method according to claim 8,wherein said first information processing apparatus increases said predetermined identification number when a predetermined time has elapsed, the predetermined time being from when said fifth code is transmitted with said sixth code until said seventh code and said eighth code are received, encrypts said predetermined identification number into said sixth code, and retransmits said fifth code with said sixth code.
  - 14. The communication method according to claim 8,wherein when said first information processing apparatus does not authenticate said eighth data as said response data, said first information processing apparatus increases said predetermined identification number, encrypts said predetermined identification number into said sixth code, and retransmits said fifth code with said sixth code.

15. An information processing apparatus of a plurality of information processing apparatuses, comprising:
- storage means for storing a first key and a second key;
  
  encryption means for encrypting predetermined data using one of said first key and said second key;
  
  decryption means for decrypting a code generated by one of said second key and said first key;
  
  transmission means for transmitting a code encrypted by said encryption means to one of said plurality of information processing apparatuses;
  
  receiving means for receiving a code from said one of said plurality of information processing apparatuses; and
  
  authentication means for authenticating said one of said plurality of information processing apparatuses on the basis of said predetermined data and data generated by decrypting the code received from said one of said plurality of information processing apparatuses,wherein said encryption means encrypts random first data into a first code using said first key, said transmission means transmits said first code to said one of said plurality of information processing apparatuses, said receiving means receives a second code and a third code from said one of said plurality of information processing apparatuses, said decryption means decrypts said second code into second data using said second key and decrypts said third code into third data using said second key, said authentication means authenticates said one of said plurality of information processing apparatuses on the basis of said first data and said second data, said encryption means encrypts said third data into a fourth code using said first key, and said transmission means transmits said fourth code to said one of said plurality of information processing apparatuses.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The information processing apparatus of said plurality of information processing apparatuses according to claim 15,wherein said first data is a predetermined identification number, said third data is a third key, said encryption means encrypts a first command into a fifth code using said third key and encrypts said predetermined identification number into a sixth code using said third key, and said transmission means transmits said fifth code with said sixth code to said one of said plurality of information processing apparatuses.
  - 17. The information processing apparatus of said plurality of information processing apparatuses according to claim 16,wherein said receiving means receives from said one of said plurality of information processing apparatuses a seventh code encrypted from response data corresponding to processing results corresponding to said first command and receives an eighth code encrypted from said predetermined identification number in said of one of said plurality of information processing apparatuses, said decryption means decrypts said seventh code into fourth data using said third key and decrypts said eighth code into fifth data using said third key, and said authentication means authenticates said fourth data as said response data on the basis of said fifth data and said predetermined identification number.
  - 18. The information processing apparatus of said plurality of information processing apparatuses according to claim 16,wherein said predetermined identification number is changed for each encryption of said first command.
  - 19. The information processing apparatus of said plurality of information processing apparatuses according to claim 18,wherein said predetermined identification number is increased for each encryption of said first command.
  - 20. The information processing apparatus of said plurality of information processing apparatuses according to claim 17,wherein said authentication means authenticates said fourth data as said response data when said fifth data has a value within a predetermined range corresponding to said predetermined identification number.
  - 21. The information processing apparatus of said plurality of information processing apparatuses according to claim 20,wherein said authentication means compares a first value of said fifth data in a range of a predetermined number of digits with a second value of said predetermined identification number in said range of said predetermined number of digits, and authenticates said fourth data as said response data when the first value within said range of said predetermined number of digits in said fifth data is at least equal to the second value within said range of said predetermined number of digits in said predetermined identification number.
  - 22. The information processing apparatus of said plurality of information processing apparatuses according to claim 17,wherein when a predetermined time has elapsed, the predetermined time being from when said fifth code is transmitted with said sixth code until said seventh code and said eighth code are received, said predetermined identification number is increased, said predetermined identification number is encrypted to said sixth code, and said fifth code is retransmitted with said sixth code.
  - 23. The information processing apparatus of said plurality of information processing apparatuses according to claim 17,wherein when said authentication means does not authenticate said fourth data as said response data, said predetermined identification number is increased, said predetermined identification number is encrypted to said sixth code, and said fifth code is retransmitted with said sixth code.

24. An information processing apparatus for use with a plurality of information processing apparatuses, comprising:
- storage means for storing a first key and a second key;
  
  encryption means for encrypting predetermined data using one of said first key and said second key;
  
  decryption means for decrypting a code generated by one of said second key and said first key;
  
  transmission means for transmitting a code encrypted by said encryption means to one of said plurality of information processing apparatuses;
  
  receiving means for receiving a code from said one of said plurality of information processing apparatuses; and
  
  authentication means for authenticating said one of said plurality of information processing apparatuses on the basis of said predetermined data and data obtained by decrypting said code received from one of said plurality of information processing apparatuses,wherein said receiving means receives a first code from said one of said plurality of information processing apparatuses, said decryption means decrypts said first code into first data using said first key, said encryption means encrypts said first data into a second code using said second key and encrypts random second data into a third code using said second key, said transmission means transmits said second code and said third code to said one of said plurality of information processing apparatuses, said receiving means receives a fourth code from said one of said plurality of information processing apparatuses, said decryption means decrypts said fourth code into third data using said second key, and said authentication means authenticates said one of said plurality of information processing apparatuses on the basis of said second data and said third data.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The information processing apparatus of said plurality of information processing apparatuses according to claim 24,wherein said first data is a predetermined identification number, said second data is a third key, said receiving means receives from said one of said plurality of information processing apparatuses a fifth code encrypted from a first command using said third key and a sixth code encrypted from said predetermined identification number of said one of said plurality of information processing apparatuses, said decryption means decrypts said fifth code into a second command using said third key and decrypts said sixth code into fourth data using said third key, and said authentication means authenticates said second command on the basis of said fourth data and said predetermined identification number.
  - 26. The information processing apparatus of said plurality of information apparatuses according to claim 25, further comprising:
    - processing means for performing a process corresponding to said second command and for generating response data corresponding to the process results, wherein said encryption means encrypts said response data into a seventh code using said third key and encrypts said predetermined identification number into an eighth code using said third key, and said transmission means transmits said seventh code with said eighth code.
  - 27. The information processing apparatus of said plurality of information processing apparatuses according to claim 26,wherein said predetermined identification number is changed for each encryption of said seventh code.
  - 28. The information processing apparatus of said plurality of information processing apparatuses according to claim 27,wherein said predetermined identification number is increased for each encryption of said seventh code.
  - 29. The information processing apparatus of said plurality of information processing apparatuses according to claim 25,wherein said authentication means authenticates said second command when said fourth data has a value within a predetermined range corresponding to said predetermined identification number.
  - 30. The information processing apparatus of said plurality of information processing apparatuses according to claim 25,wherein said authentication means compares a first value of said fourth data in a range of a predetermined number of digits with a second value of said predetermined identification number in said range of said predetermined number of digits and authenticates said second command when the first value within said range of said predetermined number of digits in said fourth data is at least equal to the second value within said range of said predetermined number of digits in said predetermined identification number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Takada, Masayuki, Kusakabe, Susumu
Primary Examiner(s)
Swann, Tod R
Assistant Examiner(s)
DARROW, JUSTIN T

Application Number

US08/879,188
Time in Patent Office

1,082 Days
Field of Search

380/28, 380/21, 380/25, 380/283, 380/284, 709/227, 709/228, 713/200, 713/201, 713/169, 713/170, 713/171
US Class Current

713/169
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/3273   for mutual authentication n...

Authentication method, communication method, and information processing apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method, communication method, and information processing apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links