Certifying device, verifying device, verifying system, computer program and integrated circuit

US 8,296,561 B2
Filed: 07/02/2007
Issued: 10/23/2012
Est. Priority Date: 07/03/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A requesting device for requesting verification of authenticity of the requesting device itself from a verifying device, comprising:

a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other;

a measuring unit, each time one of the plurality of computer programs is loaded, measuring an amount of characteristics of the one of the plurality of computer programs;

a generation unit which is tamper-resistant and, while a computer program that is one of the plurality of computer programs is loaded, generating certification information reflecting amounts of characteristics of the computer program and other computer programs that have already been loaded and are required to run the computer program;

an output unit outputting the generated certification information;

a requesting unit sending a request for secret information to the verifying device;

a receiving unit receiving either the secret information or an update program, depending on a result of a judgment which is made by the verifying device to confirm whether or not the requesting device is authentic; and

an update unit, when the receiving unit has received the update program, updating the computer program stored in the storage unit in accordance with the received update program,wherein the generation unit includes a plurality of platform configuration registers for storing amounts of characteristics, andthe generation unit receives a specification of one of the platform configuration registers from the verifying device, and generates the certification information in accordance with an amount of characteristics stored in the register indicated by the specification received, andwherein the secret information is an encrypted device key that was generated by encrypting a device key,the requesting device further comprises an encrypting unit,the receiving unit receives the encrypted device key when the verifying device has confirmed authenticity of the encrypting unit,the encrypting unit generates a double-encrypted device key by encrypting the received encrypted device key, based on the device identifier for identifying the requesting device, andthe requesting device further comprises a device key holding unit holding the generated double-encrypted device key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system verifies an authentic computer program, certifies the authenticity itself, and verifies a certification. The authentication system includes a terminal (e.g., requesting device) and a card (e.g., verifying device). The card stores secret information to be used by the terminal, and an update program for the terminal. The card verifies authenticity of the terminal using information obtained from the terminal. When it judges that the terminal is authentic, the card outputs the secret information to the terminal. When it judges that the terminal is not authentic, the card outputs the update program. The terminal is forced to update the program when it attempts to use the secret information.

77 Citations

View as Search Results

6 Claims

1. A requesting device for requesting verification of authenticity of the requesting device itself from a verifying device, comprising:
- a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other;
  
  a measuring unit, each time one of the plurality of computer programs is loaded, measuring an amount of characteristics of the one of the plurality of computer programs;
  
  a generation unit which is tamper-resistant and, while a computer program that is one of the plurality of computer programs is loaded, generating certification information reflecting amounts of characteristics of the computer program and other computer programs that have already been loaded and are required to run the computer program;
  
  an output unit outputting the generated certification information;
  
  a requesting unit sending a request for secret information to the verifying device;
  
  a receiving unit receiving either the secret information or an update program, depending on a result of a judgment which is made by the verifying device to confirm whether or not the requesting device is authentic; and
  
  an update unit, when the receiving unit has received the update program, updating the computer program stored in the storage unit in accordance with the received update program,wherein the generation unit includes a plurality of platform configuration registers for storing amounts of characteristics, andthe generation unit receives a specification of one of the platform configuration registers from the verifying device, and generates the certification information in accordance with an amount of characteristics stored in the register indicated by the specification received, andwherein the secret information is an encrypted device key that was generated by encrypting a device key,the requesting device further comprises an encrypting unit,the receiving unit receives the encrypted device key when the verifying device has confirmed authenticity of the encrypting unit,the encrypting unit generates a double-encrypted device key by encrypting the received encrypted device key, based on the device identifier for identifying the requesting device, andthe requesting device further comprises a device key holding unit holding the generated double-encrypted device key.
- View Dependent Claims (2, 3)
- - 2. The requesting device of claim 1, whereinthe encrypting unit includes:
    - a storage subunit storing an encryption program including a plurality of computer instructions constituting an encryption algorithm; and
      
      a microprocessor that operates in accordance with the encryption program,the receiving unit, when the verifying device has failed to confirm authenticity of the encrypting unit, receives, as the update program, an authentic encryption program including a plurality of computer instructions constituting an encryption algorithm, and overwrites the encryption program stored in the storage subunit with the received authentic encryption program, andthe encrypting unit achieves a function of the encryption algorithm as the microprocessor operates in accordance with the authentic encryption program.
  - 3. The requesting device of claim 2, whereinwhen it has been confirmed that the encryption program for performing an individual encryption was deleted, the receiving unit further receives, from the verifying device, a key that is indispensably required for decrypting the received encrypted device key.

4. A verifying device for verifying authenticity of a requesting device in which a plurality of computer programs hierarchically related to each other, the verifying device comprising:
- an obtaining unit obtaining, from the requesting device, certification information while one computer program among the plurality of computer programs is loaded, the certification information reflecting (a) an amount of characteristics of the one computer program and (b) amounts of characteristics of other computer programs that have already been loaded and are required to run the one computer program;
  
  a storing unit preliminarily storing verification information reflecting amounts of characteristics which are to be obtained from the one computer program and the other computer programs when the one computer program and the other computer programs are not tampered with;
  
  a judging unit judging, using the verification information and the obtained certification information, whether or not the requesting device is authentic;
  
  an information holding unit holding secret information safely;
  
  a program storage unit storing an update program for updating a computer program including a plurality of computer instructions for operating the requesting device; and
  
  an output unit outputting the secret information held by the information holding unit to the requesting device when authenticity of the requesting device has been confirmed, and outputting the update program stored in the program storage unit to the requesting device when unauthenticity of the requesting device has been confirmed,wherein the obtaining unit obtains certification information that was generated in accordance with an amount of characteristics stored in a platform configuration register specified by the verifying device, andthe judging unit judges the authenticity of the requesting device, using the obtained certification information and an amount of characteristics to be stored in the platform configuration register, andwherein the requesting device includes an encrypting unit encrypting an encrypted device key,the information holding unit holds the encrypted device key as the secret information,the judging unit judges the authenticity of the requesting device, by judging whether or not the encrypting unit of the requesting device is authentic, andthe output unit outputs the encrypted device key to the requesting device when authenticity of the encrypting unit has been confirmed.
- View Dependent Claims (5, 6)
- - 5. The verifying device of claim 4, whereinthe encrypting unit of the requesting device includes (i) a storage subunit storing an encryption program including a plurality of computer instructions constituting an encryption algorithm, and (ii) a microprocessor that operates in accordance with the encryption program,the program storage unit stores, as the update program, an authentic encryption program including a plurality of computer instructions constituting the encryption algorithm, andthe output unit outputs the authentic encryption program to the requesting device when unauthenticity of the encrypting unit has been confirmed.
  - 6. The verifying device of claim 5, whereinthe output unit outputs a key required for decrypting the encrypted device key when the judging unit has confirmed that the encryption program for performing an individual encryption was deleted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Kanemura, Kouichi, Ito, Yoshikatsu, Haga, Tomoyuki, Matsushima, Hideki, Ito, Takayuki
Primary Examiner(s)
McNally, Michael S

Application Number

US12/306,816
Publication Number

US 20090204806A1
Time in Patent Office

1,940 Days
Field of Search

713/155
US Class Current

713/155
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/445   by mutual authentication, e...

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2129   Authenticate client device ...

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04L 9/3234   involving additional secure...

Certifying device, verifying device, verifying system, computer program and integrated circuit

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

6 Claims

Specification

Use Cases

Quick Links

Others

Certifying device, verifying device, verifying system, computer program and integrated circuit

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

6 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others