System for and method of authenticating a client
First Claim
1. A system for authenticating a client in a data distributing system having a data supplying apparatus for holding data and a client receiving the data distributed via a communication interface from said data supplying apparatus, said data supplying apparatus comprising:
- a key outputting unit for outputting a first key generated by processing identification data intrinsic to each said client;
random-number generating means for generating a random number in response to an access request from said client;
first encrypting means for encrypting the random number and the identification data with said first key and thereby outputting a first authenticator;
first transmitting means for transmitting the random number to said client;
first receiving means for receiving a second authenticator from said client; and
comparing means for comparing the first and second authenticators with each other and, if the two authenticators are coincident with each other, authenticating the access request from said client;
said client comprising;
identification data holding means for holding an identification data intrinsic to said client;
access requesting means for making an access request to said data supplying apparatus with said identification data;
second receiving means for receiving the random number transmitted from said data supplying apparatus;
key holding means for holding a second key identical with said first key;
second encrypting means for encrypting the random number and said identification data with the second key and thereby outputting the second authenticator; and
second transmitting means for transmitting the second authenticator to said data supplying apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
A key management unit of a service provider system generates an individual key corresponding to a portable module connected to a service client making an access request and informs an authenticating unit of this individual key. The individual key is stored beforehand also in the portable module. A random-number generator generates a random number, transmits this random number to the portable module and informs the authenticating unit of it. The portable module encrypts the random number with the individual key and sends it back to the service provider system. An encrypting portion of the authenticating unit encrypts the random number with the individual key. A comparator of the authenticating unit compares data encrypted by the encrypting portion with encrypted data transmitted from the portable module and, if the two items of data are coincident with each other, confirms an access request from the portable module.
316 Citations
8 Claims
-
1. A system for authenticating a client in a data distributing system having a data supplying apparatus for holding data and a client receiving the data distributed via a communication interface from said data supplying apparatus, said data supplying apparatus comprising:
-
a key outputting unit for outputting a first key generated by processing identification data intrinsic to each said client; random-number generating means for generating a random number in response to an access request from said client; first encrypting means for encrypting the random number and the identification data with said first key and thereby outputting a first authenticator; first transmitting means for transmitting the random number to said client; first receiving means for receiving a second authenticator from said client; and comparing means for comparing the first and second authenticators with each other and, if the two authenticators are coincident with each other, authenticating the access request from said client; said client comprising; identification data holding means for holding an identification data intrinsic to said client; access requesting means for making an access request to said data supplying apparatus with said identification data; second receiving means for receiving the random number transmitted from said data supplying apparatus; key holding means for holding a second key identical with said first key; second encrypting means for encrypting the random number and said identification data with the second key and thereby outputting the second authenticator; and second transmitting means for transmitting the second authenticator to said data supplying apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of authenticating a client in a data distributing system constructed of a data supplying apparatus for holding data and a client receiving the data transmitted via a communication interface from said data supplying apparatus, said method comprising the steps of:
-
causing said client to make an access request to said data supplying apparatus with an identification data for identifying said client itself informed to the apparatus; causing said data supplying apparatus to generate a random number in response to the access request, transmit the random number to said client, encrypt the random number and said identification data by use of a first key generated by processing said identification data and convert the encrypted number into a first authenticator; causing said client to encrypt the random number by use of a second key previously held as the one having the same content as that of the first key, convert the encrypted random number and said identification data into a second authenticator to said data supplying apparatus, and causing said data supplying apparatus to compare the first authenticator with the second authenticator and, if the two authenticators are coincident with each other, authenticate that an access request is given from said client.
-
Specification