Scheme, system and equipment for inter-equipment authentication and key delivery
First Claim
1. An equipment authentication and cryptographic communication system, comprising:
- user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, wherein;
said user-end equipment provided with individual user-end equipment information issued by said key center and individual user-end equipment secret information corresponding to said individual user-end equipment'"'"'s information, and said user-end equipment transmits said individual user-end equipment information to said system-end equipment;
said system-end equipment receives said individual user-end equipment information from said user-end equipment, reproduces by a system conversion said individual user-end equipment secret information from said received individual user-end equipment information using an equivalent secret key cryptographic algorithm of the key center, and authenticates said user-end equipment by confirming that said user-end equipment legitimately has said individual user-end equipment secret information by using a challenge response utilizing a common key cryptographic algorithm; and
said user-end equipment and said system-end equipment execute a cryptographic communication with each other using said individual user-end equipment secret information,said system-end equipment is provided with a secret-key cryptographic algorithm, and reproduces said individual user-end equipment secret information by a system conversion of said individual user-end equipment information using a secret key,said system-end equipment and said user-end equipment are both provided with common secret information shared therebetween by exchanging individually held secret information,said system-end equipment and said user-end equipment (a) exchange with each other individually held secret information, and (b) generate new secret information by combining said individually held secret information and said secret information exchanged therebetween according to a predetermined procedure,said system-end equipment and said user-end equipment use said individual user-end equipment secret information for encrypting said new secret information, which is provided by combining said information and said exchanged information, andsaid system-end equipment and said user-end equipment (a) individually generate random digits, (b) exchange said generated random digits with each other, and (c) share the same secret information particular to said system-end equipment and said user-end equipment by combining said generated random digits and said exchanged random digits according to a predetermined procedure.
2 Assignments
0 Petitions
Accused Products
Abstract
An inter-equipment authentication and key delivery scheme, system, and equipment is provided which is capable of making authentication of an IC card ID signature, by comparison of a decrypted ICCID with another ICCID reproduced by dividing transmitted data. The inter-equipment authentication and key delivery scheme, system, and equipment can be used, for example, when an automobile passes by roadside equipment at a tollbooth, and the roadside equipment transmits a random digit (RND) generated therein as challenge data to an IC card via onboard equipment, and the IC card transmits back to the roadside equipment the random digit after encrypting it with a secret key Kicc. The IC card also transmits its ID (ICCID) and a certificate of individual IC card key CERT-Kicc together with the random digit. The roadside equipment divides the transmitted data into a response data E(Kicc, RND), the ICCID, and the certificate of individual IC card key CERT-Kicc. The roadside equipment 130 reproduces the Kicc and the ICCID by decrypting (DEC) the certificate of individual IC card key CERT-Kicc using a validation key PC.
28 Citations
8 Claims
-
1. An equipment authentication and cryptographic communication system, comprising:
- user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, wherein;
said user-end equipment provided with individual user-end equipment information issued by said key center and individual user-end equipment secret information corresponding to said individual user-end equipment'"'"'s information, and said user-end equipment transmits said individual user-end equipment information to said system-end equipment; said system-end equipment receives said individual user-end equipment information from said user-end equipment, reproduces by a system conversion said individual user-end equipment secret information from said received individual user-end equipment information using an equivalent secret key cryptographic algorithm of the key center, and authenticates said user-end equipment by confirming that said user-end equipment legitimately has said individual user-end equipment secret information by using a challenge response utilizing a common key cryptographic algorithm; and said user-end equipment and said system-end equipment execute a cryptographic communication with each other using said individual user-end equipment secret information, said system-end equipment is provided with a secret-key cryptographic algorithm, and reproduces said individual user-end equipment secret information by a system conversion of said individual user-end equipment information using a secret key, said system-end equipment and said user-end equipment are both provided with common secret information shared therebetween by exchanging individually held secret information, said system-end equipment and said user-end equipment (a) exchange with each other individually held secret information, and (b) generate new secret information by combining said individually held secret information and said secret information exchanged therebetween according to a predetermined procedure, said system-end equipment and said user-end equipment use said individual user-end equipment secret information for encrypting said new secret information, which is provided by combining said information and said exchanged information, and said system-end equipment and said user-end equipment (a) individually generate random digits, (b) exchange said generated random digits with each other, and (c) share the same secret information particular to said system-end equipment and said user-end equipment by combining said generated random digits and said exchanged random digits according to a predetermined procedure. - View Dependent Claims (2, 3, 4, 5)
- user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, wherein;
-
6. An equipment authentication and cryptographic communication system, comprising:
- user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, wherein;
said key center is provided with a first system converter for generating user-end equipment secret information from user-end equipment information; said user-end equipment is provided with a first storage unit for storing said user-end equipment information provided by said key center, a second storage unit for storing said user-end equipment secret information, a first encryption unit, and a first decryption unit; and said system-end equipment is provided with a second system converter for generating said user-end equipment secret information by a system conversion of said user-end equipment information received from said user-end equipment, a second encryption unit, and a second decryption unit, said second system converter using an equivalent secret key cryptographic algorithm of the first system converter to generate said user-end equipment secret information from said received user-end equipment information, said user-end equipment and said system-end equipment share and utilize said user-end equipment secret information as a common key for encryption and decryption in said first encryption unit and said first decryption unit in said user-end equipment, and said second encryption unit and said second decryption unit in said system-end equipment, said user-end equipment further comprises a first random digit generator for generating a random digit, a second random digit generator for generating a random digit, a first combiner for combining a pair of random digit data according to a predetermined procedure, a first divider for dividing a combined pair of random digit data to reproduce original random digits prior to combining, a first common key generator for combining a pair of random digit data according to a predetermined procedure, and a first matching determination unit for determining if two random digit data match each other; and said system-end equipment further comprises a third random digit generator for generating a random digit, a fourth random digit generator for generating another random digit, a second combiner for combining a pair of random digit data according to a predetermined procedure, a second divider for dividing a combined pair of random digit data to reproduce original random digits prior to combining, a second common key generator for combining a pair of random digit data according to a predetermined procedure, and a second matching determination unit for determining if two random digit data match each other.
- user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, wherein;
-
7. A method of equipment authentication and cryptographic communication for an equipment authentication and cryptographic communication system including user-end equipment, system-end equipment, and a key center for administrating authentication of equipment in said system, said method comprising the steps of:
-
generating user-end equipment secret information from user-end equipment information in said key center; receiving said user-end equipment information and said user-end equipment secret information in said user-end equipment from said key center; receiving said user-end equipment information from said user-end equipment, and generating said user-end equipment secret information from said user-end equipment information received in said system-end equipment by a system conversion using an equivalent secret key cryptographic algorithm of said key center; using said user-end equipment secret information as a common key for encryption and decryption in both of said user-end equipment and said system-end equipment; generating a first random digit in said user-end equipment, and transmitting said first random digit to said system-end equipment; generating a second random digit in said system-end equipment, combining said second random digit and said first random digit received from said user-end equipment, encrypting combined data of said second random digit and said first random digit using said common key, and transmitting said encrypted data to said user-end equipment; decrypting said encrypted data received in said user-end equipment using said common key, and reproducing said first random digit and said second random digit by dividing decrypted data of said encrypted data received in said user-end equipment; determining in said user-end equipment if said first random digit reproduced in the preceding decryption step matches with another first random digit generated therein; generating a third random digit in said user-end equipment, combining said third random digit and said second random digit reproduced in the decryption step, encrypting combined data of said third random digit and said second random digit using said common key, and transmitting encrypted data of said combined data to said system-end equipment; generating a fourth random digit in said system-end equipment, and transmitting said fourth random digit to said user-end equipment; combining said fourth random digit received in said user-end equipment from said system-end equipment and said third random digit generated therein, encrypting combined data of said fourth random digit and said third random digit using said common key, and transmitting encrypted data of said combine data to said system-end equipment; decrypting said encrypted data received in said system-end equipment using said common key, and reproducing said third random digit and said fourth random digit by dividing decrypted data of said encrypted data received in said system-end equipment; and determining in said system-end equipment if said fourth random digit reproduced in the preceding decryption step matches with another fourth random digit generated therein. - View Dependent Claims (8)
-
Specification