Certifying device, verifying device, verifying system, computer program and integrated circuit
First Claim
1. A requesting device for requesting verification of authenticity of the requesting device itself from a verifying device, comprising:
- a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other;
a measuring unit, each time one of the plurality of computer programs is loaded, measuring an amount of characteristics of the one of the plurality of computer programs;
a generation unit which is tamper-resistant and, while a computer program that is one of the plurality of computer programs is loaded, generating certification information reflecting amounts of characteristics of the computer program and other computer programs that have already been loaded and are required to run the computer program;
an output unit outputting the generated certification information;
a requesting unit sending a request for secret information to the verifying device;
a receiving unit receiving either the secret information or an update program, depending on a result of a judgment which is made by the verifying device to confirm whether or not the requesting device is authentic; and
an update unit, when the receiving unit has received the update program, updating the computer program stored in the storage unit in accordance with the received update program,wherein the generation unit includes a plurality of platform configuration registers for storing amounts of characteristics, andthe generation unit receives a specification of one of the platform configuration registers from the verifying device, and generates the certification information in accordance with an amount of characteristics stored in the register indicated by the specification received, andwherein the secret information is an encrypted device key that was generated by encrypting a device key,the requesting device further comprises an encrypting unit,the receiving unit receives the encrypted device key when the verifying device has confirmed authenticity of the encrypting unit,the encrypting unit generates a double-encrypted device key by encrypting the received encrypted device key, based on the device identifier for identifying the requesting device, andthe requesting device further comprises a device key holding unit holding the generated double-encrypted device key.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication system verifies an authentic computer program, certifies the authenticity itself, and verifies a certification. The authentication system includes a terminal (e.g., requesting device) and a card (e.g., verifying device). The card stores secret information to be used by the terminal, and an update program for the terminal. The card verifies authenticity of the terminal using information obtained from the terminal. When it judges that the terminal is authentic, the card outputs the secret information to the terminal. When it judges that the terminal is not authentic, the card outputs the update program. The terminal is forced to update the program when it attempts to use the secret information.
77 Citations
6 Claims
-
1. A requesting device for requesting verification of authenticity of the requesting device itself from a verifying device, comprising:
-
a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other; a measuring unit, each time one of the plurality of computer programs is loaded, measuring an amount of characteristics of the one of the plurality of computer programs; a generation unit which is tamper-resistant and, while a computer program that is one of the plurality of computer programs is loaded, generating certification information reflecting amounts of characteristics of the computer program and other computer programs that have already been loaded and are required to run the computer program; an output unit outputting the generated certification information; a requesting unit sending a request for secret information to the verifying device; a receiving unit receiving either the secret information or an update program, depending on a result of a judgment which is made by the verifying device to confirm whether or not the requesting device is authentic; and an update unit, when the receiving unit has received the update program, updating the computer program stored in the storage unit in accordance with the received update program, wherein the generation unit includes a plurality of platform configuration registers for storing amounts of characteristics, and the generation unit receives a specification of one of the platform configuration registers from the verifying device, and generates the certification information in accordance with an amount of characteristics stored in the register indicated by the specification received, and wherein the secret information is an encrypted device key that was generated by encrypting a device key, the requesting device further comprises an encrypting unit, the receiving unit receives the encrypted device key when the verifying device has confirmed authenticity of the encrypting unit, the encrypting unit generates a double-encrypted device key by encrypting the received encrypted device key, based on the device identifier for identifying the requesting device, and the requesting device further comprises a device key holding unit holding the generated double-encrypted device key. - View Dependent Claims (2, 3)
-
-
4. A verifying device for verifying authenticity of a requesting device in which a plurality of computer programs hierarchically related to each other, the verifying device comprising:
-
an obtaining unit obtaining, from the requesting device, certification information while one computer program among the plurality of computer programs is loaded, the certification information reflecting (a) an amount of characteristics of the one computer program and (b) amounts of characteristics of other computer programs that have already been loaded and are required to run the one computer program; a storing unit preliminarily storing verification information reflecting amounts of characteristics which are to be obtained from the one computer program and the other computer programs when the one computer program and the other computer programs are not tampered with; a judging unit judging, using the verification information and the obtained certification information, whether or not the requesting device is authentic; an information holding unit holding secret information safely; a program storage unit storing an update program for updating a computer program including a plurality of computer instructions for operating the requesting device; and an output unit outputting the secret information held by the information holding unit to the requesting device when authenticity of the requesting device has been confirmed, and outputting the update program stored in the program storage unit to the requesting device when unauthenticity of the requesting device has been confirmed, wherein the obtaining unit obtains certification information that was generated in accordance with an amount of characteristics stored in a platform configuration register specified by the verifying device, and the judging unit judges the authenticity of the requesting device, using the obtained certification information and an amount of characteristics to be stored in the platform configuration register, and wherein the requesting device includes an encrypting unit encrypting an encrypted device key, the information holding unit holds the encrypted device key as the secret information, the judging unit judges the authenticity of the requesting device, by judging whether or not the encrypting unit of the requesting device is authentic, and the output unit outputs the encrypted device key to the requesting device when authenticity of the encrypting unit has been confirmed. - View Dependent Claims (5, 6)
-
Specification