[go: up one dir, main page]

CN101631017B - Information processing device, and information processing system - Google Patents

Information processing device, and information processing system Download PDF

Info

Publication number
CN101631017B
CN101631017B CN200910158985XA CN200910158985A CN101631017B CN 101631017 B CN101631017 B CN 101631017B CN 200910158985X A CN200910158985X A CN 200910158985XA CN 200910158985 A CN200910158985 A CN 200910158985A CN 101631017 B CN101631017 B CN 101631017B
Authority
CN
China
Prior art keywords
random number
key
messaging device
information
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200910158985XA
Other languages
Chinese (zh)
Other versions
CN101631017A (en
Inventor
滨田宏昭
东川寿充
森田直
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2009078806A external-priority patent/JP4666240B2/en
Application filed by Sony Corp filed Critical Sony Corp
Publication of CN101631017A publication Critical patent/CN101631017A/en
Application granted granted Critical
Publication of CN101631017B publication Critical patent/CN101631017B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.

Description

Messaging device and information processing system
The cross reference of related application
The present invention is contained in the JP 2008-183017 that submits to Japan Patent office respectively on July 14th, 2008 and on March 27th, 2009 and the theme that japanese priority patent application disclosed of JP 2009-078806, and its full content is hereby expressly incorporated by reference.
Technical field
The present invention relates to messaging device, computer program and information processing system, more specifically, relate to the messaging device, computer program and the information processing system that make the user can stop unauthorized access.
Background technology
In recent years, IC-card is extensively popularized and is used for the shopping in the shop is for example paid the bill by a large number of users.In order to stop the use of illegal IC-card, when using IC-card, need between IC-card and read write line, carry out authentication processing.Unilateral authentication method between these two kinds of equipment is defined as double authentication in ISO/IEC 9789-25.1.2.Fig. 1 is the simplified flow chart of this authentication method.
The processing of step S21~S24 indication equipment A, step S1~S8 representes device A is carried out the processing of authenticated device B.
In step S1, equipment B generates random number rb.In step S2, equipment B transfers to device A with random number rb.
In step S21, device A receives the random number rb of slave unit B transmission.In step S22, device A generates key K ab.In step S23, device A is encrypted the random number rb of slave unit B transmission with key K ab.Particularly, device A is calculated following formula to generate information Token ab.In this formula, eKab (rb) expression random number rb is encrypted by key K ab.
Formula 1
Token?ab=eKab(rb)
In step S24, the information Token ab that device A will generate in step S23 transfers to equipment B.
In step S3, equipment B receives slave unit A information transmitted Token ab.In step S4, equipment B generates key K ab.In step S5, equipment B is deciphered the information Token ab that is received with key K ab.Therefore, obtained random number rb.
In step S6, equipment B confirms whether decrypted result is consistent mutually with random number rb.Whether particularly, decipher the random number rb that is obtained through the information Token ab that slave unit A is received among the equipment B random number rb that confirms in step S1, to generate and the step S5 consistent mutually.The key K ab that device A is held is a key of only distributing to regular equipment.Because device A is held key K ab, so device A is a regular equipment.
Mutual when inconsistent as decrypted result and random number rb, in step S7, equipment B is carried out authentification failure to device A and is handled.On the other hand, when decrypted result was consistent mutually with random number rb, in step S8, equipment B was carried out authentication success to device A and is handled.
Mutual authentication method between two kinds of equipment is defined as triple-authentication in ISO/IEC 9789-25.1.2.Fig. 2 is the simplified flow chart of this authentication method.
In step S31, equipment B generates random number rb.In step S32, equipment B transfers to device A with random number rb.
In step S51, device A receives the random number rb of slave unit B transmission.In step S52, device A generates random number ra and key K ab.In step S53, device A is with key K ab encrypted random number ra and random number rb.Particularly, according to following formula, device A is encrypted the combination of the random number rb that the random number ra that in step S52, generates and slave unit B receive.In this formula, the combination of (ra ‖ rb) expression random number ra and random number rb.
Formula 2
Token?ab=eKab(ra‖rb)
In step S54, device A will transfer to equipment B through the information Token ab that formula 2 calculates.
In step S33, equipment B receives slave unit A information transmitted Token ab.In step S34, equipment B generates key K ab.
In step S35, equipment B is deciphered information Token ab with key K ab.As stated, information Token ab encrypts the information that obtained with key K ab to the combination (ra ‖ rb) of random number ra and random number rb through device A in step S53.Therefore, obtain combination (ra ‖ rb) through this decryption processing.
In step S36, equipment B confirms whether decrypted result is consistent mutually with random number rb.Particularly, in this case, equipment B is only extracted the random number rb in the combination (ra ‖ rb) that obtains as decrypted result, and rb is made as comparison other with random number, and random number rb and the random number rb that in step S31, generates are compared.
When device A is regular messaging device, because device A is held correct fixed key Kab, so two random number rb are consistent mutually.
Yet when device A was illegal equipment, device A can not held correct key K ab.As a result, two random number rb are inconsistent mutually.Therefore, in this case, in step S37, equipment B is carried out authentification failure to device A and is handled.
When two random numbers were consistent mutually, in step S38, equipment B was carried out authentication success to device A and is handled.
In addition, in order to make device A equipment B is carried out authentication, in step S39, equipment B is encrypted random number rb and random number ra with key K ab.Particularly, according to following formula, equipment B is encrypted the combination of the random number ra that the random number rb that in step S31, generates and slave unit A receive, to generate information Token ba.
Formula 3
Token?ba=eKab(rb‖ra)
In step S40, equipment B transfers to device A with information Token ba.
In step S55, device A receives slave unit B information transmitted Token ba.In step S56, device A is deciphered information Token ba with key K ab.Information Token ba encrypts the information that obtained with key K ab to the combination (rb ‖ ra) of random number rb and random number ra through equipment B in step S39.Therefore, the combination (rb ‖ ra) that obtains through this decryption processing.
In step S57, whether device A is confirmed as the random number rb of the random number rb of decrypted result and ra and the reception of slave unit A in step S51 and the random number ra that in step S52, generates mutual consistent.
When equipment B was regular equipment, equipment B was held the key K ab identical with device A.Therefore, two consistent mutually and two also mutual unanimities of random number rb of random number ra.
Yet when equipment B was illegal equipment, equipment B can not held the key K ab identical with device A.Therefore, in this case, in step S58, device A is carried out authentification failure to equipment B and is handled.
When random number ra and rb were consistent mutually, in step S59, device A was carried out authentication success to equipment B and is handled.
In the example of Fig. 2, in step S36 and S37, random number ra and rb are set as comparison other.In Fig. 3, illustrated when comparison other performed processing example when being encrypted random number.
The processing of carrying out through equipment B among step S61 in the instance of Fig. 3~S70 basically with Fig. 2 in step S31~S40 in the processing carried out through equipment B identical.But the processing of step S33, S35 and S36 among the processing of the step S63 among Fig. 3, S65 and S66 and Fig. 2 is different.
The processing of the device A among the processing of the device A among the step S81 of Fig. 3~S89 and the step S51 of Fig. 2~S59 is substantially the same.But the processing of step S54, S56 and S57 among the processing of the step S84 among Fig. 3, S86 and S87 and Fig. 2 is different.
Under the situation of instance shown in Figure 3, in step S84, device A is not only transmitted information Token ab, but also transmission random number ra.
In step S63, equipment B not only receives information Token ab, but also receives random number ra.In step S64, equipment B generates key K ab.In step S65, equipment B is encrypted the combination of random number ra and random number rb with key K ab, to generate information Token ab.Calculate following formula:
Formula 4
Token?ab=eKab(ra‖rb)
In step S66, equipment B confirms whether the encrypted result that in step S65, obtains is consistent mutually with the information Token ab that slave unit A in step S63 receives.The information Token ab that receives as information Token ab that calculates through formula 4 and slave unit A is mutual when inconsistent, and in step S67, equipment B is carried out the authentification failure processing to device A.On the other hand, when the information Token ab of information Token ab that calculates through formula 4 and slave unit A reception was consistent mutually, in step S68, equipment B was carried out authentication success to device A and is handled.
In addition, in order to make device A equipment B is carried out authentication, in step S69, equipment B is encrypted the combination of random number rb and random number ra with key K ab.Particularly, according to following formula, equipment B is encrypted the combination of the random number ra that the random number that in step S61, generates and slave unit A receive.
Formula 5
Token?ba=eKab)(rb‖ra)
In step S70, equipment B will transfer to device A through the information Token ba that formula 5 calculates.
In step S85, device A receives slave unit B information transmitted Token ba.In step S86, device A is carried out and to be used for the processing of the random number rb that receives at step S81 slave unit B and the combination that in step S84, is transferred to the random number ra of equipment B being encrypted with key K ab.Particularly, device A is calculated following formula:
Formula 6
Token?ba=eKab(rb‖ra)
In step S87, device A confirms whether the encrypted result (that is the information Token ba that, in step S86, calculates) among the step S86 is consistent mutually with the information Token ba that in step S85, receives.Mutual when inconsistent as two kinds of information Token ba, in step S88, device A is carried out authentification failure to equipment B and is handled.
When two kinds of information Token ba were consistent mutually, in step S89, device A was carried out authentication success to equipment B and is handled.
Other processing are identical with the processing shown in Fig. 2.
The application has also proposed mutual authentication method (for example, No. the 3897177th, Japan Patent).Fig. 4 and Fig. 5 are the simplified flow charts of this authentication method.
In step S141, equipment B generates random number P.In step S142, equipment B generates key K a.In step S143, equipment B is encrypted random number P with key K a, to generate information i1.In step S144, equipment B transfers to device A with information i1.
In step S171, device A slave unit B receives information i1.In step S172, device A generates key K a.In step S173, device A is deciphered information i1 with key K a.Therefore, in step S174, device A obtains random number P.
In step S175, device A generates key K b.In step S176, device A is encrypted random number P with key K b, to generate information i2.In step S177, device A transfers to equipment B with information i2.
In step S145, equipment B receives slave unit A information transmitted i2.In step S146, equipment B generates key K b.In step S147, equipment B is deciphered information i2 with key K b.Therefore, in step S148, equipment B obtains random number P.
In step S149, the consistency of equipment B inspection random number P.Particularly, equipment B confirm in step S141, to generate, whether mutual consistent through deciphering the random number P that is obtained through the information i2 that slave unit A is received among the random number P that encrypts and in step S144, transfer to device A and the step S147.Key K a and key K b only are assigned to regular equipment A.Therefore, when two random number P were consistent mutually, equipment B was a regular equipment with the device A authentication.
Similarly, device A is carried out the processing that is used for equipment B is carried out authentication.
In step S178, device A generates random number Q.In step S179, device A is encrypted random number Q with key K b, to generate information i3.Key K b is generated in step S175.In step S180, device A transfers to equipment B with information i3.
In step S150, equipment B receives slave unit A information transmitted i3.In step S151, equipment is deciphered information i3 with key K b.Key K b is generated in step S146.Therefore, in step S152, equipment B obtains random number Q.
In step S153, equipment B is encrypted random number Q with key K a, to generate information i4.In step S142, generate key K a.In step S154, equipment B transfers to device A with information i4.
In step S181, device A receives slave unit B information transmitted i4.In step S182, device A is deciphered information i4 with key K a.In step S172, generate key K a.Therefore, in step S183, device A obtains random number Q.
In step S184, the consistency of device A inspection random number Q.Particularly, device A confirm in step S178, to generate, through encryption and in step S180, transfer to the random number Q of equipment B and whether in step S182, decipher the random number Q that is obtained through the information i4 that slave unit B is received mutual consistent.Key K a and key K b only are assigned to regular equipment B.Therefore, when two random number Q were consistent mutually, device A was a regular equipment with the equipment B authentication.Device A transfers to equipment B with authentication result.
Summary of the invention
As shown in Figure 6, represented the information exchange between two kinds of equipment in above-mentioned processing.In step S144, B transfers to device A with information i1 slave unit.In step S177 and S180, information i2 and information i3 slave unit A are transferred to equipment B.In step S154, B transfers to device A with information i4 slave unit.
Under the situation of unilateral authentication shown in Figure 1, the same with the situation of two-way authentication, in step S2, B transfers to device A with random number rb slave unit.In step S24, A transfers to equipment B with information Token ab slave unit.
As a result, equipment B can to plain text be encrypted the result that obtained through device A with fixed key to device A input identical plain text and acquisition with needed number of times.
In this case, the user (hacker) who attempts the unauthorized access device A might carry out DFA (differential accident analysis) attack on equipment B.The hacker can analyze the key of being held by device A through repeating following operation: prepares illegality equipment B, when device A performs encryption processing, makes laser beam irradiation on device A, make the equipment generation error with the energy of laser beam, and the acquisition result.
Therefore, expectation makes the user can stop unauthorized access.
According to embodiments of the invention, a kind of messaging device is provided, comprising: receiving element receives first random number from another messaging device; Generation unit generates second random number; The time become the key generation unit, according to second random number generate be used to encrypt the time become key; Ciphering unit, the time spent becomes key first random number is encrypted; And transmission unit, will through the time become secret key encryption first random number and second random number transfer to another information equipment.
In an embodiment of the present invention; Receive first random number from another messaging device; Generate second random number; According to second random number generate be used to encrypt the time become key, the time spent becomes key encrypts first random number, through the time become secret key encryption first random number and second random number be transferred to another messaging device.
According to another embodiment of the invention, a kind of messaging device is provided, has comprised: generation unit generates first random number; Transmission unit transfers to another messaging device with first random number; Receiving element receives through becoming first random number and second random number of secret key encryption at first o'clock from another messaging device; The time become the key generation unit, generate and became key change in identical second o'clock key at first o'clock according to second random number; The authentication information generation unit became key with second o'clock and generates the authentication information that is used for another messaging device is carried out authentication; And authentication ' unit, come another messaging device is carried out authentication according to authentication information.
In an embodiment of the present invention; Generate first random number; First random number is transferred to another messaging device; Receive through becoming first random number and second random number of secret key encryption at first o'clock from another messaging device; Generate and first o'clock change key change in identical second o'clock key according to second random number, became key through second o'clock and generate the authentication information that is used for another messaging device is carried out authentication, and come another messaging device is carried out authentication according to authentication information.
According to another embodiment of the invention; A kind of information processing system is provided; Wherein, first information treatment facility receives random number from second messaging device, generates at first o'clock and becomes key; Became key with first o'clock random number encrypted, and the random number that will pass through encryption with as became in first o'clock key the time become the basis Back ground Information transfer to second messaging device; And second messaging device generate according to Back ground Information and became key at first o'clock and became key at identical second o'clock, with second o'clock change key generation authentication information, and come authentication first information treatment facility according to authentication information.
In an embodiment of the present invention; First information treatment facility receives first random number from second messaging device; Generate second random number; According to second random number generate be used to encrypt the time become key, the time spent becomes key and encrypts first random number, and will through the time become secret key encryption first random number and second random number transfer to second messaging device.Second messaging device generates first random number; First random number is transferred to first information treatment facility; Receive through becoming first random number and second random number of secret key encryption at first o'clock from first information treatment facility; Generate and first o'clock change key change in identical second o'clock key according to second random number, became key with second o'clock and generate the authentication information that is used for first information treatment facility is carried out authentication, and come first information treatment facility is carried out authentication according to authentication information.
Except that the foregoing description, the present invention also has the following embodiment that illustrates.
According to still another embodiment of the invention, a kind of messaging device is provided, has comprised: receiving element, from the first information of another information process unit through the encryption of reception use first fixed key; Generation unit generates first fixed key and second fixed key and second random number; Decryption unit is used first fixed key that is generated to decipher the first information that is received, thereby is obtained first random number; Ciphering unit; Predetermined logical operation is applied to through first random number of deciphering and second random number of generation; And use second fixed key to encrypting as the logical operation value that logic operation result obtained; Thereby generate second information, and use second fixed key to encrypt second random number, thereby generate the 3rd information; And transmission unit, with second information and the 3rd message transmission to another messaging device.
Preferably; Receiving element further receives the 4th information through using first fixed key to encrypt from another messaging device; Decryption unit further uses first fixed key of generation to decipher the 4th information that is received; Thereby obtain the predetermined logic operation values of first random number and second random number; And the predetermined logic operation values that the predetermined logic computing is applied to be obtained and through first random number of deciphering, thereby obtain second random number, and messaging device further comprises according to second random number that is obtained and carries out the authentication ' unit to the authentication of another messaging device.
Preferably, the predetermined logic computing is XOR (XOR).
Preferably, messaging device is an IC-card.
According to embodiments of the invention, a kind of computer program is provided, be used to make computer to carry out following the processing: to receive through using the first information of first fixed key encryption from another messaging device; Generate first fixed key; Use first fixed key that is generated to come the first information that is received is deciphered, thereby obtain first random number; Generate second fixed key and second random number; The predetermined logic computing is applied to first random number and second random number that generated through deciphering, and uses second fixed key to encrypting, thereby generate second information as the logical operation value that logic operation result obtained; Use second fixed key to come second random number is encrypted, thereby generate the 3rd information; And with second information and the 3rd message transmission to another messaging device.
According to an embodiment more of the present invention, a kind of messaging device is provided, comprising: generation unit generates first and second fixed key and first random number; Ciphering unit uses first fixed key that first random number is encrypted, thereby generates the first information; Transmission unit transfers to another messaging device with the first information; Receiving element receives second information and the 3rd information from another messaging device; Decryption unit; Use second fixed key that is generated to come second information that is received is deciphered; Thereby obtain the predetermined logic operation values of first random number and second random number, the 3rd information that is received is deciphered, thereby obtain second random number; And the predetermined logic operation values that the predetermined logic computing is applied to be obtained and through second random number of deciphering, to obtain first random number; And authentication ' unit, carry out authentication according to first random number that is obtained to another messaging device.
Preferably; Ciphering unit is further with predetermined logic computing first random number that is applied to generated and second random number that is obtained; And use first fixed key to encrypting as the logical operation value that logic operation result obtained; Thereby generate the 4th information, and transmission unit further with the 4th message transmission to another messaging device.
Preferably, the predetermined logic computing is XOR (XOR).
Preferably, messaging device is a read write line.
According to embodiments of the invention, a kind of computer program is provided, be used to make computer to carry out following the processing: to generate first fixed key and first random number; Use first fixed key that first random number is encrypted, thereby generate the first information; The first information is transferred to another messaging device; Receive second information and the 3rd information from another messaging device; Generate second fixed key; Use second fixed key that is generated that second information that is received is deciphered, thereby obtain the predetermined logic operation values of first random number and second random number; The 3rd information to being received is deciphered, thereby obtains second random number; The predetermined logic computing is applied to predetermined logic operation values that is obtained and second random number of passing through deciphering, thereby obtains first random number; And according to the authentication of first random number execution that is obtained to another messaging device.
According to still another embodiment of the invention, a kind of information processing system is provided, wherein; First information treatment facility receives the first information through using first fixed key to encrypt from second messaging device, generates first fixed key, uses first fixed key that is generated to come the first information that is received is deciphered; Thereby obtain first random number; Generate second fixed key and second random number, the predetermined logic computing is applied to through first random number of deciphering and second random number that is generated, and use second fixed key to come the logical operation value that obtains as logic operation result is encrypted; Thereby generate second information; Use second fixed value that second random number is encrypted, thereby generate the 3rd information, and with second information and the 3rd message transmission to the second messaging device; And second messaging device receive second information and the 3rd information from first information treatment facility; Generate second fixed key; Use second fixed key that is generated to come second information that is received is deciphered; Thereby obtain the predetermined logic operation values of first random number and second random number, the 3rd information that is received is deciphered, thereby obtain second random number; The predetermined logic computing is applied to predetermined logic operation values that is obtained and second random number of passing through deciphering, thereby obtains first random number, and carry out authentication first information treatment facility according to first random number that is obtained.
According to still another embodiment of the invention, a kind of messaging device is provided, has comprised: receiving element receives the first information through using first fixed key to encrypt from another messaging device; Generation unit generates first fixed key and second random number; Decryption unit is used first fixed key that is generated to come the first information that is received is deciphered, thereby is obtained first random number; Ciphering unit uses second random number that is generated to come first random number of process deciphering is encrypted as key, thereby generates second information, and use first fixed key that second random number is encrypted, thereby generates the 3rd information; And transmission unit, with second information and the 3rd message transmission to another messaging device.
Preferably; Receiving element further receives the 4th information through using first random number to encrypt as key from another messaging device; Decryption unit uses first random number that is obtained further the 4th information that is received to be deciphered; Thereby obtain second random number, and messaging device comprises further according to the authentication ' unit of second random number execution that is obtained to the authentication of another messaging device.
Preferably, messaging device is an IC-card.
According to embodiments of the invention, a kind of computer program is provided, be used to make computer to carry out following the processing: to receive through using the first information of first fixed key encryption from another messaging device; Generate first fixed key; Use first fixed key that is generated to come the first information that is received is deciphered, thereby obtain first random number; Generate second random number; Use second random number that is generated to come first random number of process deciphering is encrypted, thereby generate second information as key; Use first fixed key to come second random number is encrypted, thereby generate the 3rd information; And with second information and the 3rd message transmission to another messaging device.
According to still another embodiment of the invention, a kind of messaging device is provided, has comprised: generation unit generates first fixed key and first random number; Ciphering unit uses first fixed key that first random number is encrypted, thereby generates the first information; Transmission unit transfers to another messaging device with the first information; Receiving element receives second information and the 3rd information from another messaging device; Decryption unit is used first fixed key that is generated to come the 3rd information that is received is deciphered, thereby is obtained second random number, and uses second random number that is obtained to come second information that is received is deciphered, thereby obtains first random number; And authentication ' unit, carry out authentication according to first random number that is obtained to another messaging device.
Preferably, ciphering unit further uses first random number that is generated as key second random number that is obtained to be encrypted, thereby generates the 4th information, and transmission unit with the 4th message transmission to another messaging device.
Preferably, messaging device is a reader.
According to embodiments of the invention, a kind of computer program is provided, be used to make computer to carry out following the processing: to generate first fixed key and first random number; Use first fixed key to come first random number is encrypted, thereby generate the first information; The first information is transferred to another messaging device; Receive second information and the 3rd information from another messaging device; Use first fixed key that is generated to come the 3rd information that is received is deciphered, thereby obtain second random number; Use second random number that is obtained to come second information that is received is deciphered, thereby obtain first random number; And according to the authentication of first random number execution that is obtained to another messaging device.
According to still another embodiment of the invention, a kind of information processing system is provided, wherein; First information treatment facility receives the first information through using first fixed key to encrypt from second messaging device; Generate first fixed key, use first fixed key that is generated to come the first information that is received is deciphered, thereby obtain first random number; Generate second random number; Use second random number that is generated to come first random number of process deciphering is encrypted, thereby generate second information, use first fixed key to come second random number is encrypted as key; Thereby generate the 3rd information, and with second information and the 3rd message transmission to the second messaging device; And second messaging device generate first fixed key and first random number; Use first fixed key to come first random number is encrypted, thereby generate the first information, the first information is transferred to first information treatment facility; From first information treatment facility, receive second information and the 3rd information; Use first fixed key that is generated to come the 3rd information that is received is deciphered, thereby obtain second random number, use second random number that is obtained that second information that is received is deciphered; Thereby obtain first random number, and carry out authentication first information treatment facility according to first random number that is obtained.
According to still another embodiment of the invention, a kind of messaging device is provided, has comprised: receiving element receives the first information through using first fixed key to encrypt from another messaging device; Generation unit generates first fixed key and second random number; Decryption unit is used first fixed key that is generated to come the first information that is received is deciphered, thereby is obtained first random number; Ciphering unit; Use second random number that is generated to handle to using conversion through first random number of deciphering; Use second random number to come the conversion process result is encrypted as key; And use first fixed key to come second random number is encrypted, thereby generate the 3rd information; And transmission unit, with second information and the 3rd message transmission to another messaging device.
Preferably; Receiving element further receives through using four information of first random number as secret key encryption from another messaging device; Decryption unit further uses first random number that is obtained to come the 4th information that is received is deciphered; And the 4th information is used inverse conversion handle, thereby obtain second random number, and messaging device further comprises according to the authentication ' unit of second random number execution that is obtained to the authentication of another messaging device.
Preferably, messaging device is an IC-card.
According to embodiments of the invention, a kind of computer program is provided, be used to make computer to carry out following the processing: to receive through using the first information of first fixed key encryption from another messaging device; Generate first fixed key; Use first fixed key that is generated that the first information that is received is deciphered, thereby obtain first random number; Generate second random number; Use second random number that is generated to handle, and use second random number to come the conversion process result is encrypted, thereby generate second information as key to using conversion through first random number of deciphering; Use first fixed key to come second random number is encrypted, thereby generate the 3rd information; And with second information and the 3rd message transmission to another messaging device.
According to still another embodiment of the invention, a kind of messaging device is provided, has comprised: generation unit generates first fixed key and first random number; Ciphering unit uses first fixed key to come first random number is encrypted, thereby generates the first information; Transmission unit transfers to another messaging device with the first information; Receiving element receives second information and the 3rd information from another messaging device; Decryption unit; Use first fixed key that is generated to come the 3rd information that is received is deciphered; Thereby obtain second random number; And use second random number that is obtained to come second information that is received is deciphered and the inverse conversion that second information application conversion is handled is handled, thereby obtain first random number; And authentication ' unit, carry out authentication according to first random number that is obtained to another messaging device.
Preferably, ciphering unit further uses first random number that is generated as key second random number that is obtained to be encrypted, thereby generates the 4th information, and transmission unit further with the 4th message transmission to another messaging device.
Preferably, messaging device is a reader.
According to still another embodiment of the invention, a kind of computer program is provided, has been used to make computer to carry out following the processing: to generate first fixed key and first random number; Use first fixed key to come first random number is encrypted, thereby generate the first information; The first information is transferred to another messaging device; Receive second information and the 3rd information from another messaging device; Use first fixed key that is generated to come the 3rd information that is received is deciphered, thereby obtain second random number; Use second random number that is obtained to come second information that is received is deciphered, and further second information is used the inverse conversion processing that conversion is handled, thereby obtain first random number; And according to the authentication of first random number execution that is obtained to another messaging device.
According to still another embodiment of the invention, a kind of information processing system is provided, wherein; First information treatment facility receives the first information through using first fixed key to encrypt from second messaging device, generates first fixed key, uses first fixed key that is generated to come the first information that is received is deciphered; Thereby obtain first random number; Generate second random number, use second random number that is generated to handle, and use second random number to come the conversion process result is encrypted as key to using conversion through first random number of deciphering; Thereby generate second information; Use first fixed key to come second random number is encrypted, thereby generate the 3rd information, and with second information and the 3rd message transmission to the second messaging device; And second messaging device generate first fixed key and first random number; Use first fixed key to come first random number is encrypted; Thereby the generation first information; The first information is transferred to first information treatment facility, receive second information and the 3rd information, use first fixed key that is generated to come the 3rd information that is received is deciphered from first information treatment facility; Thereby obtain second random number; Use second random number that is obtained to come the inverse conversion that second information that is received is deciphered and further second information application conversion handled is handled, thereby obtain first random number, and carry out authentication first information treatment facility according to first random number that is obtained.
As stated, according to embodiments of the invention, can stop unauthorized access.
Description of drawings
Fig. 1 is the flow chart that is used to explain the processing of former unilateral authentication;
Fig. 2 is the flow chart that is used to explain former two-way authentication processing;
Fig. 3 is the flow chart that is used to explain former two-way authentication processing;
Fig. 4 is the flow chart that is used to explain former two-way authentication processing;
Fig. 5 is the flow chart that is used to explain former two-way authentication processing;
Fig. 6 is the diagrammatic sketch that is used to explain former two-way authentication processing;
Fig. 7 is the block diagram according to the instance of the information processing system of the embodiment of the invention;
Fig. 8 is the block diagram of structure example of a messaging device of configuration information treatment system;
Fig. 9 is the block diagram of structure example of another messaging device of configuration information treatment system;
Figure 10 is used to explain the flow chart of handling according to the unilateral authentication of first system of first embodiment of the invention;
Figure 11 is used to explain the diagrammatic sketch according to the authentication processing of first embodiment;
Figure 12 is used to explain the flow chart of handling according to the two-way authentication of first system of first embodiment;
Figure 13 is used to explain the flow chart of handling according to the two-way authentication of first system of first embodiment;
Figure 14 is used to explain the flow chart of handling according to the two-way authentication of first system of first embodiment;
Figure 15 is used to explain the flow chart of handling according to the two-way authentication of first system of first embodiment;
Figure 16 is used to explain the flow chart of handling according to the unilateral authentication of second system of second embodiment of the invention;
Figure 17 is used to explain the flow chart of handling according to the two-way authentication of second system of second embodiment;
Figure 18 is used to explain the flow chart of handling according to the two-way authentication of second system of second embodiment;
Figure 19 is used to explain the flow chart of handling according to the two-way authentication of second system of second embodiment;
Figure 20 is used to explain the flow chart of handling according to the two-way authentication of second system of second embodiment;
Figure 21 is the flow chart that is used to explain the two-way authentication processing of uniting according to the tertiary system of third embodiment of the invention;
Figure 22 is the flow chart that is used to explain the modification that the two-way authentication of tertiary system system shown in Figure 21 is handled;
Figure 23 is the flow chart that is used to explain the two-way authentication processing of uniting according to the Quaternary system of fourth embodiment of the invention;
Figure 24 is the flow chart that is used to explain the modification that the two-way authentication of Quaternary system system shown in Figure 23 is handled; And
Figure 25 is used to explain the flow chart of handling according to the two-way authentication of the 5th system of fifth embodiment of the invention.
Embodiment
Specify embodiments of the invention below with reference to accompanying drawings.To describe according to the following stated order.
1. the structure example of information processing system
2. first embodiment
3. second embodiment
4. the 3rd embodiment
5. the 4th embodiment
6. the 5th embodiment
1. the structure example of information processing system
Below will combine accompanying drawing that embodiments of the invention are described.
Fig. 7 is the structured flowchart according to the information processing system of embodiment.Structure processing system 100 comprises messaging device 111 and messaging device 141.For example, messaging device 111 is IC-cards.For example, messaging device 141 is readers of visit IC-card.For example, messaging device 111 is carried out short-range communication and exchange message with messaging device 141.In case of necessity, messaging device 141 is connected to unshowned computer.
Fig. 8 is the structured flowchart according to the messaging device of embodiment.In this embodiment, messaging device 111 comprises antenna element 121, receiving element 122, decryption unit 123, authentication ' unit 124, ciphering unit 125, transmission unit 126, generation unit 127, generation unit 128 and memory cell 129.
Antenna element 121 communicates through the antenna element 151 (referring to Fig. 9 of reference after a while) of exchange electromagnetic wave and messaging device 141.Receiving element 122 receives from the signal of messaging device 141 transmission and to this signal via antenna element 121 and carries out demodulation.123 pairs of enciphered messages that receive through receiving element 122 of decryption unit are deciphered.Authentication ' unit 124 is carried out authentication based on the information from decryption unit 123 grades to messaging device 141, and controls each unit.
Ciphering unit 125 is encrypted by authentication ' unit 124 controls and to the information that will transfer to messaging device 141.125 pairs of ciphering units will transfer to the information of messaging device 141 or handle from the inverse conversion of messaging device 141 information transmitted application predetermined logic calculation process or conversion processing and conversion process.126 pairs of information that provided by ciphering unit 125 grades of transmission unit are modulated, and export information to antenna element 121, and make antenna element 121 with message transmission to messaging device 141.Generation unit 127 generates and is used to encrypt or the key of decryption information.This key can calculate and generate at any time, and the key that perhaps can store through reading generates.Generation unit 127 generates random number.The random number of random number on need not mathematical meaning, but can be any numeral (for example, pseudo random number or the count value that generates by the counter device), as long as should numeral in fact can be taken as random number.
Generation unit 128 become when generating from the information of generation unit 127 grades key and will the time become key and offer decryption unit 123 and ciphering unit 125.The time to become key be the key that all changes when becoming key when at every turn generating.Memory cell 129 is connected to authentication ' unit 124, and has stored data necessary, program and other information.
Except that decryption unit 123, the output of receiving element 122 also is provided for authentication ' unit 124, ciphering unit 125, generation unit 128 etc.Except that ciphering unit 125, the output of authentication ' unit 124 also is provided for transmission unit 126 etc.Except that generation unit 128, the output of generation unit 127 also is provided for decryption unit 123, authentication ' unit 124, ciphering unit 125, transmission unit 126 etc.Except that decryption unit 123 and ciphering unit 125, the output of generation unit 128 also is provided for authentication ' unit 124.
Fig. 9 is the structured flowchart according to the messaging device 141 of this embodiment.In the present embodiment, messaging device 141 comprises antenna element 151, receiving element 152, decryption unit 153, authentication ' unit 154, ciphering unit 155, transmission unit 156, generation unit 157, generation unit 158, memory cell 159 and interface 160.
Antenna element 151 communicates through the antenna element 121 of exchange electromagnetic wave and messaging device 111.Receiving element 152 receives from signal and this signal of demodulation of messaging device 111 transmission via antenna element 151.153 pairs of enciphered messages that received by receiving element 152 of decryption unit are deciphered.Authentication ' unit 154 is carried out authentication based on the information from decryption unit 153 grades to messaging device 141, and controls each unit.
Ciphering unit 155 is encrypted by authentication ' unit 154 controls and to the information that will transfer to messaging device 111.155 pairs of ciphering units will transfer to the information of messaging device 111 or handle from the inverse conversion of messaging device 111 information transmitted application predetermined logic calculation process or conversion processing and conversion process.156 pairs of information that provided by ciphering unit 155 grades of transmission unit are modulated, and export information to antenna element 151, and make antenna element 151 with message transmission to messaging device 111.Generation unit 157 generates and is used for key that information is encrypted or deciphered.This key can calculate and generate at any time, and the key that perhaps can store through reading generates.Generation unit 157 generates random number.The numeral of this random number on need not mathematical meaning, but can be any numeral (for example, pseudo random number), as long as should numeral in fact can be taken as random number.
Generation unit 158 become when generating from the information of generation unit 157 grades key and will the time become key and offer decryption unit 153 and ciphering unit 155.Memory cell 159 is connected to authentication ' unit 154 and stores data necessary, program and other information.Interface 160 is connected to the authentication ' unit 154 that communicates with outer computer.
Except that decryption unit 153, the output of receiving element 152 also is provided for authentication ' unit 154, ciphering unit 155, generation unit 158 etc.Except that ciphering unit 155, the output of authentication ' unit 154 also is provided for transmission unit 156 etc.Except that generation unit 158, the output of generation unit 157 also is provided for decryption unit 153, authentication ' unit 154, ciphering unit 155, transmission unit 156 etc.Except that decryption unit 153 and ciphering unit 155, the output of generation unit 158 also is provided for authentication ' unit 154.
2. first embodiment
Authentication processing according to first system of first embodiment of the invention below will be described.In the authentication processing of first system, the random number that is used for authentication with encrypted state from authentic device transmission to authenticating device.
At first, in conjunction with Figure 10 instruction book to authentication processing.
In messaging device 141, in step S1001, generation unit 157 generates random number A.In step S1002, generation unit 157 generates key K 1.In step S1003, ciphering unit 155 usefulness key K 1 come random number A is encrypted.Particularly, calculate following formula.In this formula, eK1 (A) refers to come encrypted random number A through key K 1.
Formula 7
Token?BA=eK1(A)
In step S1004, transmission unit 156 transfers to messaging device 111 with information I1.Information I1 is transferred to messaging device 111 via antenna element 151.Information I1 comprises the information Token BA that calculates through formula 7.
In messaging device 111, in step S1051, receiving element 122 receives from messaging device 141 information transmitted I1 via antenna element 121.In step S1052, generation unit 127 generates key K 1.In step S1053, decryption unit 123 usefulness key K 1 are come decryption information I1.Therefore, in step S1054, decryption unit 123 obtains random number A.
In step S1055, generation unit 127 generates key K 2.In step S1056, generation unit 127 generates random number C.In step S1057, generation unit 128 generates key K 2C.Particularly, generation unit 128 makes random number C act on fixed key K2 to generate key K 2C according to following formula:
Formula 8
K2C=f(C,K2)
Because random number C changes at every turn, so be the time change key that all changes at every turn through making random number C act on key K 2C that fixed key K2 calculated.Therefore, random number C be as as the time become key the time become the random number of the Back ground Information on basis.
In step S1058, ciphering unit 125 usefulness key K 2C come encrypted random number A.Particularly, calculate following formula:
Formula 9
Token?AB=eK2C(A)
In step S1059, transmission unit 126 transfers to messaging device 141 with information I2.Information I2 is transferred to messaging device 141 via antenna element 121.Information I2 comprises information Token AB that calculates through formula 9 and the random number C that in step S1056, generates.
In messaging device 141, in step S1005, receiving element 152 receives from messaging device 111 information transmitted I2 via antenna element 151.In step S1006, generation unit 157 generates key K 2.In step S1007, generation unit 158 extracts random number C from the information I2 that among step S1005, receives.In step S1008, generation unit 158 generates key K 2.Particularly, calculate following formula:
Formula 10
K2C=f(C,K2)
In step S1008, carry out the processing that is used for being created on the definite authentication information of step S1011 execution authentication as the decryption unit 153 of authentication information generation unit.Particularly, under the situation that this unilateral authentication is handled, decryption unit 153 usefulness key K 2C decryption information I2.Therefore, in step S1010, decryption unit 153 obtains random number A.
In step S1011, authentication ' unit 154 is carried out authentication according to the consistency of random number A.Particularly, authentication ' unit 154 confirm in step S1001, to generate, encrypted and whether transfer to the random number A of information process unit 111 consistent mutually with the random number A that in step S1010, obtains in step S1003.Key K 1 is keys of only being held by regular messaging device 111 with key K 2.Therefore, when messaging device A was regular messaging device, two random number A were consistent mutually.On the other hand, when messaging device 111 is not regular messaging device, because messaging device 111 is not held key K 1 and key K 2, so two random number A are inconsistent mutually.Therefore, messaging device 141 can come authentication information treatment facility 111 according to the consistency of two random numbers.
As stated, 141 pairs of messaging devices of messaging device 111 carry out authentication.
Shown in figure 11, be illustrated in the above-mentioned processing information exchange between two equipment.In step S1004, messaging device 141 transfers to messaging device 111 with information I1.In step S1059, messaging device 111 transfers to messaging device 141 with information I2 with random number C.
In step S1004, messaging device more than 141 time offers messaging device 111 with identical information I1.In step S1005, messaging device 141 can acquired information I2 as result to information I1.Yet, through all changes at every turn the time become the information I2 of key K 2C calculating as result.Therefore, even a large amount of results is attacked collected by DFA and analyzed, also be difficult to confirm the key of deal with data.In other words, can protected data avoid the DFA attack.
To combine the flow chart of Figure 12 and Figure 13 to explain that the two-way authentication of first system handles below.
At first, messaging device 141 is carried out the processing that is used for authentication information treatment facility 111.This processing is identical with processing shown in Figure 10 basically.
In step S1151, the generation unit 157 of messaging device 141 generates random number A.In step S1152, generation unit 157 generates key K 1.In step S1153, ciphering unit 155 usefulness key K 1 encrypted random number A.Particularly, calculate following formula:
Formula 11
Token?BA=eK1(A)
In step S1154, transmission unit 156 transfers to messaging device 111 with information I1.Information I1 comprises the information Token BA that calculates through formula 11.
In messaging device 111, in step S1181, receiving element 122 receives from messaging device 141 information transmitted I1.In step S1182, generation unit 127 generates key K 1.In step S1183, decryption unit 123 usefulness key K 1 decryption information I1.Therefore, in step S1184, decryption unit 123 obtains random number A.
In step S1185, generation unit 127 generates key K 2.In step S1186, generation unit 127 generates random number C.In step S1187, generation unit 128 generates key K 2C.Particularly, generation unit 128 makes random number C act on fixed key K2 to generate key K 2C according to following formula:
Formula 12
K2C=f(C,K2)
In step S1188, ciphering unit 125 usefulness key K 2C encrypted random number A.Particularly, calculate following formula:
Formula 13
Token?AB=eK2C(A)
In step S1189, transmission unit 126 transfers to messaging device 141 with information I2.Information I2 comprises information Token AB that calculates through formula 13 and the random number C that in step S1186, generates.
In messaging device 141, in step S1155, receiving element 152 receives from messaging device 111 information transmitted I2.In step S1156, generation unit 157 generates key K 2.In step S1157, generation unit 158 extracts random number C from the information I2 that among step S1155, receives.In step S1158, generation unit 158 generates key K 2.Particularly, calculate following formula:
Formula 14
K2C=f(C,K2)
In step S1159, carry out the processing that is used for being created on the definite authentication information of step S1161 execution authentication as the decryption unit 153 of authentication information generation unit.Particularly, under the situation that this two-way authentication is handled, decryption unit 153 usefulness key K 2C decryption information I2.Therefore, in step S1160, decryption unit 153 obtains random number A.
In step S1161, authentication ' unit 154 is carried out authentication according to the consistency of random number A.Particularly, authentication ' unit 154 confirm in step S1151, to be generated, encrypted and whether transfer to the random number A of information process unit 111 consistent mutually with the random number A that in step S1160, obtains in step S1153.Key K 1 is keys of only being held by regular messaging device 111 with key K 2.Therefore, when messaging device A was regular messaging device, two random number A were consistent mutually.On the other hand, when messaging device 111 is not regular messaging device, because messaging device 111 is not held key K 1 and key K 2, so two random number A are inconsistent mutually.Therefore, messaging device 141 can come messaging device 111 is carried out authentication according to the consistency of two random numbers.
Therefore, as stated, when 141 pairs of messaging devices of messaging device 111 carried out authentication processing, messaging device 111 was carried out the processing that is used for messaging device 141 is carried out authentication subsequently.
In messaging device 111, in step S1190, generation unit 127 generates random number B.In step S1191, ciphering unit 125 usefulness key K 2C encrypted random number B.Particularly, calculate following formula:
Formula 15
Token?AB=eK2C(B)
In step S1192, transmission unit 126 transfers to messaging device 141 with information I3.Information I3 comprises information Token AB that calculates through formula 15 and the random number B that in step S1190, generates.
In messaging device 141, in step S1162, receiving element 152 receives from messaging device 111 information transmitted I3.In step S1163, decryption unit 153 usefulness key K 2 decryption information I3.In step S1158, generate key K 2C.Information I3 is included in the information through being obtained with key K 2C encrypted random number B among the step S1191.Therefore, in step S1164, decryption unit 153 obtains random number B.
In step S1165, ciphering unit 155 usefulness key K 1 encrypted random number B.Particularly, calculate following formula:
Formula 16
Token?BA=eK1(B)
In step S1166, transmission unit 156 transfers to messaging device 111 with information I4.Information I4 comprises the information Token AB that calculates through formula 16.
In messaging device 111, in step S1193, receiving element 122 receives from messaging device 141 information transmitted I4.In step S1194, carry out the processing that is used for being created on the definite authentication information of step S1196 execution authentication as the decryption unit 123 of authentication information generation unit.Particularly, under the situation that this two-way authentication is handled, decryption unit 123 usefulness key K 1 decryption information I4.Therefore, in step S1195, decryption unit 153 obtains random number B.In step S1182, generate key K 1.
In step S1196, authentication ' unit 124 is carried out authentication according to the consistency of random number B.Particularly, in step S1196, authentication ' unit 124 is confirmed among the step S1191 encrypted and whether transfer to the random number B of messaging device 141 mutual consistent with the random number B that in step S1195, obtains.Key K 1 is keys of only being held by regular treatment facility 141 with key K 2.Therefore, when messaging device 141 was regular messaging device, two random number B were consistent mutually.On the other hand, when messaging device 141 is not regular messaging device, because messaging device 141 is not held key K 1 and key K 2, so two random number B are inconsistent mutually.Therefore, messaging device 111 can come authentication information treatment facility 141 according to the consistency of two random numbers.Authentication result is transferred to messaging device 141.
In Figure 12 and two-way authentication shown in Figure 13 are handled, decryption unit 123 in step S1194 decryption information I4 obtaining random number B, and authentication ' unit 124 in step S1196 according to carrying out authentication processing based on the consistency of random number B.Yet authentication can be by authentication under the encrypted state of random number B.The two-way authentication of this situation is handled shown in Figure 14 and 15.
The processing of step S1151~S1166 among the processing of carrying out through messaging device 141 among step S1221~S1236 among Figure 14 and Figure 15 and Figure 12 and Figure 13 is identical.The processing of step S1181~S1192 among the processing of carrying out through messaging device 111 among step S1261~S1272 among Figure 14 and Figure 15 and Figure 12 and Figure 13 is identical.The processing of step S1194~S1196 among the processing of step S1273 among Figure 15~S1276 and Figure 13 is different.
In Figure 14 and two-way authentication shown in Figure 15 are handled, in step S1273, carry out as the ciphering unit 125 of the messaging device 111 of authentication information generation unit and to be used for being created on the processing that step S1276 carries out the authentication information that authentication confirms.Particularly, in this two-way authentication is handled, ciphering unit 125 usefulness key K 1 encrypted random number B.Particularly, calculate following formula.Key K 1 is generated in step S1262.
Formula 17
Token?AB=eK1(B)
Therefore, in step S1274, generation unit 127 acquired information I4.Information I4 comprises the information Token AB that calculates through formula 17, that is, and and through the random number B of key K 1 encryption.
In step S1275, receiving element 122 receives from messaging device 141 information transmitted I4.Information I4 is included in the random number B that encrypts through key K 1 among the step S1235.Therefore, in step S1276, can carry out authentication according to the consistency of information I4 (the random number B of encryption).Particularly, if the information I4 that in step S1274, obtains (the random number B of encryption) is consistent mutually with the information I4 that in step S1275, receives (the random number B of encryption), then messaging device 141 is by authentication.
As stated, in the step S1196 of Figure 13, relatively be in the random number B of unencrypted.On the other hand, in the step S1276 of Figure 15, relatively be in the random number B of encrypted state.
3. second embodiment
Authentication processing according to second system of second embodiment of the invention below will be described.In the authentication processing of second system, the random number that is used for authentication transfers to authentic equipment from authenticating device under not encrypted situation.
At first, with reference to Figure 16 instruction book to authentication processing.Under the situation that this unilateral authentication is handled, 141 pairs of messaging devices of messaging device 111 carry out authentication.
In step S2101, the generation unit 157 of messaging device 141 generates random number B.In step S2102, transmission unit 156 transmission are from the random number R B of generation unit 157 inputs.Random number R B offers messaging device 111 via antenna element 151.
In step S2121, the receiving element 122 of messaging device 111 receives from the random number R B of messaging device 141 transmission via antenna element 121.In step S2122, generation unit 127 generates random number R C and key K AB.Random number R C be with act in following step S2123 handles, change in time change as the time become the Back ground Information on basis of the key K C of key.Key K AB is the key of only being held in advance by regular messaging device 111.
In step S2123, generation unit 128 is according to random number R C and key K AB computation key KC.Particularly, calculate following formula:
Formula 18
KC=f(RC,KAB)
Because random number R C changes at every turn, so be the time change key that all changes at every turn through making random number R C act on key K C that fixed key KAB calculated.
In step S2124, ciphering unit 125 usefulness key K C encrypted random number RB.Particularly, calculate following formula:
Formula 19
Token?AB=eKC(RB)
In step S2125, transmission unit 126 will transfer to messaging device 141 by the information Token AB of ciphering unit 125 generations and the random number R C that is generated by generation unit 127.Particularly, transfer to messaging device 141 through the information Token AB of formula 19 calculating and the random number R C that in step S2122, generates from antenna element 121.
In step S2103, the receiving element 152 of messaging device 141 receives from messaging device 111 information transmitted Token AB and random number R C via antenna element 151.In step S2104, generation unit 157 generates key K AB.Key K AB is and the identical key of key K AB that in step S2122, is generated by messaging device 111.Only messaging device 141 is held key K AB in advance.
In step S2105, generation unit 158 comes computation key KC according to following formula with random number R C and key K AB:
Formula 20
KC=f(RC,KAB)
Random number R C receives from messaging device 111 in step S2103.In step S2104, generate key K AB.
In step S2106, carry out the processing that is used for being created on the definite authentication information of following step S2107 execution authentication as the decryption unit 153 of authentication information generation unit.Particularly, under the situation that this unilateral authentication is handled, the information Token AB that decryption unit 153 usefulness key K C deciphering receives from messaging device 111 in step S2103.As stated, information Token AB is the information that in step S2124, is obtained through messaging device 111 usefulness key K C encrypted random number RB.Therefore, according to decryption processing, obtain random number R B as being used to carry out the information that authentication is confirmed.
In step S2107, authentication ' unit 154 confirms whether decrypted result is consistent mutually with random number R B.Whether particularly, authentication ' unit 154 will compare through random number R B that is obtained with key K C decryption information Token AB and the random number R B that in step S2101, generates in step S2106, consistent mutually to confirm random number R B.
Therefore, when messaging device 111 was regular messaging device, messaging device 111 was held correct fixed key KAB.Therefore, make key K AB act on the identical numerical value of key K C that key K C that random number R C generated has and in step S2105, generated by messaging device 141 through messaging device 111.Therefore, in this case, two random number R B are consistent mutually.Therefore, in step S2109,154 pairs of messaging devices of authentication ' unit 111 are carried out authentication success and are handled.
On the other hand, when messaging device 111 was illegal messaging device, messaging device 111 was not held correct key K AB.Therefore, two random number R B are also inconsistent mutually.Therefore, in this case, in step S2108,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failure and are handled.
In step S2102, messaging device more than 141 time offers messaging device 111 with identical data.In step S2103, messaging device 141 can obtain the result to data.Yet, result through all change at every turn the time become key K C and calculate.Therefore, in this unilateral authentication is handled,, use invalid information treatment facility 141 to collect and analyze, also be difficult to confirm the key of deal with data even a large amount of results is attacked by DFA like above-mentioned authentication processing.
To combine the flow chart of Figure 17 to explain that the two-way authentication of second system handles below.
In step S2301, the generation unit 157 of messaging device 141 generates random number R B.In step S2302, transmission unit 156 transfers to messaging device 111 with random number R B.
In messaging device 111, in step S2321, receiving element 122 receives from the random number R B of messaging device 141 transmission.In step S2322, generation unit 127 generates random number RA and RB and key K AB.In step S2323, generation unit 128 according to as as the time become key the time become the Back ground Information on basis random number R C and key K AB come computation key KC.Particularly, calculate following formula with generate as the time change key key K C:
Formula 21
KC=f(RC,KAB)
In step S2324, ciphering unit 125 usefulness key K C encrypted random number RA and random number R B.Particularly, the combination (RA ‖ RB) of the random number R B that receives to the random number RA that in step S2322, generates with from messaging device 141 according to following formula of ciphering unit 125 is encrypted:
Formula 22
Token?AB=eKC(RA‖RB)
In step S2325, transmission unit 126 transfers to messaging device 141 with information Token AB and random number R C.Information Token AB is the value by formula 22 expressions.Random number R C is the value that in step S2322, generates.
In messaging device 141, in step S2303, receiving element 152 receives from messaging device 111 information transmitted Token AB and random number R C.In step S2304, generation unit 157 generates key K AB.
In step S2305, generation unit 158 comes computation key KC according to random number R C and key K AB.Particularly, calculate following formula with generation key K C as the time become key:
Formula 23
KC=f(RC,KAB)
In step S2306, carry out the processing that is used for being created on the definite authentication information of step S2307 execution authentication as the decryption unit 153 of authentication information generation unit.Particularly, under the situation that this two-way authentication is handled, the information Token AB that decryption unit 153 usefulness key K C deciphering receives from messaging device 111 in step S2030.As stated, information Token AB encrypts the combination (RA ‖ RB) of random number RA and random number R B with key K C in step S2324 through messaging device 111 to obtain.Therefore, obtain combination (RA ‖ RB) through this decryption processing.
In step S2307, authentication ' unit 154 confirms whether decrypted result is consistent mutually with random number R B.Yet, in this case, only extract the random number R B in the combination (RA ‖ RB) that obtains as decrypted result, be made as comparison other, compare with the random number R B that in step S2301, generates, in step S2302, transfer to messaging device 111.The random number RA that is extracted is used in the processing among the step S2310 that explains after a while.
When messaging device 111 was regular messaging device, messaging device 111 was held correct fixed key KAB.Therefore, make random number R C act on the identical value of key K C that key K C that key K AB generates has and in step S2305, generated by messaging device 141 through messaging device 111.Therefore, in this case, two random numbers are consistent mutually.
But when messaging device 111 was illegal messaging device, messaging device 111 was not held correct key K AB.As a result, two random number R B are inconsistent mutually.Therefore, in this case, in step S2308,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failure and are handled.
When two random number R B were consistent mutually, in step S2309,154 pairs of messaging devices of authentication ' unit 111 were carried out authentication success and are handled.By this way, 141 pairs of messaging devices of messaging device 111 carry out authentication.
In step S2302, messaging device more than 141 time offers messaging device 111 with identical data.In step S2303, messaging device 141 can obtain the result of data.Yet, result be through each all change at any time the time become key K C and calculate.Therefore, even use invalid information treatment facility 141 to attack collection and analyze a large amount of results, also be difficult to confirm the key of deal with data through DFA.
In order further to make 111 pairs of messaging devices of messaging device 141 carry out authentication, carry out processing hereinafter described.
In step S2310, ciphering unit 155 usefulness key K C encrypted random number RB and random number RA.Particularly, the combination (RB ‖ RA) of the random number RA that receives to the random number R B that in step S2302, transfers to messaging device 111 with from messaging device 111 according to following formula of ciphering unit 155 is encrypted:
Formula 24
Token?BA=eKC(RB‖RA)
Through in step S2324, according to formula 22 usefulness key K C the combination (RA ‖ RB) of random number RA and random number R B being encrypted the Token AB that obtains and had different value through in step S2310, according to formula 24 usefulness key K C the Token BA that obtains being encrypted in the combination (RB ‖ RA) of random number R B and random number RA, this is that to count RA because of combining random different with the order of random number R B.
In step S2311, transmission unit 156 will transfer to messaging device 111 through the information TokenBA that formula 24 calculates.
In messaging device 111, in step S2326, receiving element 122 receives from messaging device 141 information transmitted Token BA.In step S2327, carry out the processing that is used for being created on the definite authentication information of following step S2328 execution authentication as the decryption unit 123 of authentication information generation unit.Particularly, in the situation that this two-way authentication is handled, the information Token BA that decryption unit 123 usefulness key K C deciphering receives from messaging device 141 in step S2326.As stated, information Token BA encrypts the combination (RB ‖ RA) of random number R B and random number RA through messaging device 141 usefulness key K C to obtain in step S2310.Therefore, obtain combination (RB ‖ RA) according to this decryption processing.
In step S2328, authentication ' unit 124 confirms whether decrypted result is consistent mutually with random number RA and RB.Particularly; In this case; Random number RA and random number R B are all from as decrypted result and by the combination (RB ‖ RA) that the obtained combination; Be made as comparison other, and be included in random number RA among the information Token AB, that in step S2325, transfer to messaging device 141 and the random number R B value before encrypting and comparing through formula 22.
When messaging device 141 was regular messaging device, messaging device 141 was held correct fixed key KAB.Therefore, make random number R C act on the identical numerical value of key K C that key K C that key K AB generates has and in step S2323, generated by messaging device 111 through messaging device 141.Therefore, in this case, two combinations of random number RA and random number R B are consistent mutually.
But when messaging device 141 was illegal messaging device, messaging device 141 was not held correct key K AB.As a result, two combinations of random number RA and random number R B are inconsistent mutually.Therefore, in this case, in step S2329,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failure and are handled.
When two combinations of random number RA and random number R B were consistent mutually, in step S2330,124 pairs of messaging devices of authentication ' unit 141 were carried out authentication success and are handled.
In two-way authentication shown in Figure 17 is handled, in step S2328, decrypted result and random number RA and RB are compared.But, can also directly come random number RA and random number R B are compared with encrypted state.The two-way authentication of this situation is handled shown in figure 18.
The processing of step S2301~S2311 among the processing of carrying out through messaging device 141 among step S2361 among Figure 18~S2371 and Figure 17 is identical.The processing of step S2321~S2325 among the processing of carrying out through messaging device 111 among step S2391 among Figure 18~S2395 and Figure 17 is identical.The processing of step S2326~S2330 among the processing of step S2396 among Figure 18~S2400 and Figure 17 is different.
Particularly,, two-way authentication shown in Figure 180 carries out the illustrated processing of hereinafter in handling.In messaging device 111, in step S2396, carry out the processing that is used for being created on the required authentication information of step S2398 execution authentication processing in advance as the ciphering unit 125 of authentication information generation unit.Particularly, in the situation that this two-way authentication is handled, in step S2398, carry out comparison with the information Token BA that receives from messaging device 141.Therefore, ciphering unit 125 is encrypted the combination (RB ‖ RA) of random number R B and random number RA with key K C according to following formula, to generate the value AnwserBA of expectation:
Formula 25
Anwser?BA=eKC(RB‖RA)
In step S2397, receiving element 122 receives from messaging device 141 information transmitted Token BA.Information Token BA generates in step S2370, and obtain through with key K C the combination (RB ‖ RA) of random number R B and random number RA being encrypted.
In step S2398, whether authentication ' unit 124 confirms in step S2397, to receive information Token BA from messaging device 141 consistent mutually with the desired value Anwser BA that among step S2396, generates.
When messaging device 141 was regular messaging device, messaging device 141 was held correct fixed key KAB.Therefore, in step S2365, make random number R C act on the identical value of key K C that key K C that key K AB generates has and in step S2393, generated by messaging device 111 through messaging device 141.Therefore, in this case, information Token BA is consistent mutually with the value Anwser BA of expectation.
Yet when messaging device 141 was illegal messaging device, messaging device 141 was not held correct key K AB.As a result, the value Anwser BA of information Token BA and expectation is inconsistent mutually.Therefore, in this case, in step S2399,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failure and are handled.
When the information Token BA and the value Anwser BA of expectation were consistent mutually, in step S2400,124 pairs of messaging devices of authentication ' unit 141 were carried out authentication success and are handled.
In two-way authentication shown in Figure 17 was handled, in step S2307, random number B was set as comparison other.In step S2328, random number RA and random number R B are set as comparison other.Comparison other can also be encrypted random number.Two-way authentication is in this case handled shown in figure 19.
The processing of carrying out through messaging device 141 among step S2501~S2511 during two-way authentication shown in Figure 19 is handled basically with Figure 17 in step S2301~S2311 in the processing carried out through messaging device 141 identical.But the processing of step S2303, S2306 and S2307 among the processing of the step S2303 among Figure 19, S2506 and S2507 and Figure 17 is different.
The processing of carrying out through messaging device 111 among step S2531 among Figure 19~S2540 basically with Figure 17 in step S2321~S2330 in the processing carried out through messaging device 111 identical.But the processing of step S2325, S2327 and S2328 among the processing of the step S2535 among Figure 19, S2537 and S2538 and Figure 17 is different.
Particularly, under the situation that two-way authentication shown in Figure 19 is handled, in step S2535, the transmission unit 126 of messaging device 111 not only transmits information Token AB with random number R C but also transmit random number RA.In step S2534, pass through ciphering unit 125 generations and pass through with the combination (RB ‖ RA) of key K C encrypted random number RA and random number R B acquired information Token AB.
In messaging device 141, in step S2503, receiving element 152 not only receives information Token AB and random number R C, but also receives random number RA.In step S2504, generation unit 157 generates key K AB.In step S2505, generation unit 158 makes random number R C act on key K AB to generate key K C according to following formula: formula 26
KC=f(RC,KAB)
In step S2506, carry out the processing that is used for being created on the required authentication information of step S2507 execution authentication processing as the ciphering unit 155 of authentication information generation unit.Particularly, under the situation that this two-way authentication is handled, in step S2507, carry out comparison with the information Token AB that receives from messaging device 111.Therefore, ciphering unit 155 usefulness key K C encrypt to generate information Token AB the combination (RA ‖ RB) of random number RA and random number R B.Particularly, calculate following formula:
Formula 27
Token?AB=eKC(RA‖RB)
In step S2507, authentication ' unit 154 confirms whether the encrypted result that in step S2506, obtains is consistent mutually with the information Token AB from messaging device 111 receptions in step S2503.Mutual when inconsistent as information Token AB that calculates through formula 27 and the information Token AB that receives from messaging device 111, in step S2508,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failures and are handled.On the other hand, when information Token AB that calculates through formula 27 and the information Token AB that receives from messaging device 111 were consistent mutually, in step S2509,154 pairs of messaging devices of authentication ' unit 111 were carried out authentication success and are handled.
In addition, carry out authentication in order to make 111 pairs of messaging devices of messaging device 141, in step S2510, ciphering unit 155 usefulness key K C encrypted random number RB and random number RA.Particularly, ciphering unit 155 is encrypted with the combination (RB ‖ RA) of the random number RA that receives from messaging device 111 the random number R B that in step S2501, generates according to following formula:
Formula 28
Token?BA=eKC(RB‖RA)
In step S2511, transmission unit 156 will transfer to messaging device 111 through the information TokenBA that formula 28 calculates.
In messaging device 111, in step S2536, receiving element 122 receives from messaging device 141 information transmitted Token BA.In step S2537, carry out the processing that is used for being created on the definite authentication information of following step S2538 execution authentication as the ciphering unit 125 of authentication information generation unit.Particularly; Under the situation that this two-way authentication is handled, ciphering unit 125 is carried out and is used for the processing to encrypting from messaging device 141 random number R B that receives and the combination (RB ‖ RA) that among step S2532, transfers to the random number RA of messaging device 141 at step S2531 with key K C.
Particularly, calculate following formula:
Formula 29
Token?BA=eKC(RB‖RA)
In step S2538; Authentication ' unit 124 confirms whether the encrypted result (that is the information Token BA that, in step S2537, calculates according to formula 29) among the step S2537 is consistent mutually with the information Token BA from messaging device 141 receptions in step S2536.Mutual when inconsistent as these two information Token BA, in step S2539,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failures and are handled.
When two information Token BA were consistent mutually, in step S2540,124 pairs of messaging devices of authentication ' unit 141 were carried out authentication success and are handled.
Because other processing are same as shown in Figure 17, so omit explanation to its processing.
In two-way authentication shown in Figure 19 is handled, in step S2536 after messaging device 141 receives information Token BA, in step S2537, ciphering unit 125 usefulness key K C encrypted random number RB and random number RA.Yet random number R B and random number RA can also be encrypted before the reception among the step S2536 is handled.Two-way authentication is in this case handled shown in figure 20.
In two-way authentication shown in Figure 20 is handled, identical among the step S2501~S2511 among the processing of carrying out through messaging device 141 among step S2551~S2561 and Figure 19 through the processing of messaging device 141 execution.The processing of carrying out through messaging device 111 among step S2581 among Figure 20~S2590 basically with Figure 19 in step S2531~S2540 in the processing carried out through messaging device 111 identical.Yet, with Figure 19 in corresponding Figure 20 of processing of step S2536 in the processing of step S2587 before carry out with Figure 19 in corresponding Figure 20 of processing of step S2537 in the processing of step S2586.
Particularly, in two-way authentication shown in Figure 20 is handled, in step S2587, receive before the messaging device 141 information transmitted Token BA, ciphering unit 125 performs encryption processing according to following formula in step S2586:
Formula 30
Answer?BA=eKC(RB‖RA)
In step S2588, information Token BA that will in step S2587, receive and the Answer BA that in step S2586, generates compare.Mutual when inconsistent as information Token BA and Answer BA, in step S2589, carry out the authentification failure of messaging device 141 is handled.When information Token BA and Answer BA are consistent mutually, in step S2590, carry out the authentication success of messaging device 141 is handled.
Other processing are same as shown in Figure 19.
4. the 3rd embodiment
Two-way authentication processing according to the tertiary system system of third embodiment of the invention below will be described.In the two-way authentication of tertiary system system was handled, the random number that is used for authentication transferred to authentic equipment from authenticating device with encrypted state.In the authentication processing of tertiary system system, two kinds of random number R a and random number R b and two kinds of fixed key Ka and fixed key Kb have been used.
Figure 21 is the flow chart that is used to explain that the two-way authentication of tertiary system system is handled.
In messaging device 141, in step S3101, generation unit 157 generates random number R a and fixed key Ka.In step S3102, ciphering unit 155 usefulness fixed key Ka encrypted random number Ra are to generate information Ma.Particularly, calculate following formula:
Formula 31
M1=eKa(Ra)
In step S3103, transmission unit 156 transfers to messaging device 111 with information M1.Information M1 transfers to messaging device 111 via antenna element 151.
In messaging device 111, in step S3151, receiving element 122 receives from messaging device 141 information transmitted M1 via antenna element 121.In step S3152, generation unit 127 generates fixed key Ka and fixed key Ka is offered decryption unit 123.Decryption unit 123 is through obtaining random number R a with fixed key Ka decryption information M1.
In step S3153, generation unit 127 generates random number R b and fixed key Kb.In step S3154, ciphering unit 125 calculates the XOR (XOR) of random number R a and random number R b also with key K b cryptographic calculation results, thus the information of generation M2.Particularly, calculate following formula:
Formula 32
M2=eKb(Ra?XOR?Rb)
In step S3155, ciphering unit 125 usefulness key K b encrypted random number Rb, thereby the information of generation M3.Particularly, calculate following formula:
Formula 33
M3=eKb(Rb)
In step S3156, transmission unit 126 transfers to messaging device 141 with information M2.Information M2 is transferred to messaging device 141 via antenna element 121.In step S3157, transmission unit 126 transfers to messaging device 141 with information M3.Information M3 transfers to messaging device 141 via antenna element 121.
Information M2 and information M3 can be transferred to messaging device 141 simultaneously.
In messaging device 141, in step S3104, receiving element 152 receives from messaging device 111 information transmitted M2 via antenna element 151.In step S3105, generation unit 157 generates key K b and key K b is offered decryption unit 153.Decryption unit 153 usefulness fixed key Kb decryption information M2, thus obtain the XOR OR (Ra XOR Rb) of random number R a and random number R b and export XOR OR to authentication ' unit 154.
In step S3106, receiving element 152 receives from messaging device 111 information transmitted M3 via antenna element 151.In step S3107, decryption unit 153 usefulness fixed key Kb decryption information M3, thus obtain random number R b and export random number R b to authentication ' unit 154.
In step S3108, ciphering unit 155 calculates the XOR OR (Ra XOR Rb) of random number R a and random number R b and the XOR OR of random number R b according to the control of authentication ' unit 154, thereby obtains random number R a.Particularly, calculate following formula:
Formula 34
Ra=(Ra?XOR?Rb)XOR?Rb
In step S3109, authentication ' unit 154 is carried out authentication according to the consistency of random number R a.Particularly, authentication ' unit 154 confirms whether random number R a that in step S3101, generates and the random number R a that in step S3108, obtains be consistent mutually.Fixed key Ka and fixed key Kb are the keys of only being held by regular messaging device 111.Therefore, when messaging device 111 was regular messaging device, two random number R a were consistent mutually.Therefore, in this case, in step S3111,154 pairs of messaging devices of authentication ' unit 111 are carried out authentication success and are handled.
On the other hand, when messaging device 111 was not regular messaging device, messaging device 111 was not held fixed key Ka and fixed key Kb.Therefore, two random number R a are inconsistent mutually.Therefore, in this case, in step S3110,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failure and are handled.
In addition, carry out authentication, carry out hereinafter illustrated processing in order to make 111 pairs of messaging devices of messaging device 141.
In step S3112, ciphering unit 155 is encrypted the XOR OR (Ra XOR Rb) of random number R a and random number R b with fixed key Ka according to the control of authentication ' unit 154, thus the information of generation M4.Particularly, calculate following formula:
Formula 35
M4=eKa(Ra?XOR?Rb)
In step S3113, transmission unit 156 transfers to messaging device 111 with information M4.Information M4 transfers to messaging device 111 via antenna element 151.
In messaging device 111, in step S3158, receiving element 122 receives from messaging device 141 information transmitted M4 via antenna element 121.In step S3159, decryption unit 123 usefulness fixed key Ka decryption information M4, thus obtain the XOR OR (Ra XOR Rb) of random number R a and random number R b and export XOR OR to authentication ' unit 124.
In step S3160, ciphering unit 125 calculates the XOR OR (Ra XOR Rb) of random number R a and random number R b and the XOR OR of random number R a according to the control of authentication ' unit 124, thereby obtains random number R b.Particularly, calculate following formula:
Formula 36
Rb=(Ra?XOR?Rb)XOR?Ra
In step S3161, authentication ' unit 124 is carried out authentication according to the consistency of random number R b.Particularly, in step S3153, authentication ' unit 124 confirms whether random number R b that in step S3153, generates and the random number R b that in step S3160, obtains be consistent mutually.Fixed key Ka and fixed key Kb are the keys of only being held by regular messaging device 141.Therefore, messaging device 141 is regular messaging devices, and two random number R b are consistent mutually.Therefore, in this case, in step S3163,124 pairs of messaging devices of authentication ' unit 141 are carried out authentication success and are handled.
On the other hand, when messaging device 141 was not regular messaging device, messaging device 141 was not held fixed key Ka and fixed key Kb.Therefore, two random number R b are inconsistent mutually.Therefore, in this case, in step S3162,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failure and are handled.As stated, messaging device 111 has also carried out authentication to messaging device 141.
In the two-way authentication of the illustrated tertiary system of preceding text system is handled, because the key of holding in advance (fixed key Ka and Kb) is used to encryption and decryption, so become key need not generate the time.In messaging device 111 and the messaging device 141 each all only need generate one time random number.
Even identical information M1 is repeatedly offered messaging device 111, and repeatedly obtain for assault as information M2, also through use the random number R b that all changes to calculate information M2 at every turn as result to the result of information M1.Therefore, even attack collection and analyze a large amount of results, also be difficult to confirm the key of deal with data through DFA.In other words, can protected data avoid the DFA attack.
In two-way authentication shown in Figure 21 is handled, in step S3154, generate information M2 through using fixed key Kb that XOR OR calculated value is encrypted.In step S3105, obtain XOR OR calculated value through information M2 being deciphered with key K b.In step S3155, generate information M3 through using fixed key Kb encrypted random number Rb.In step S3107, through obtaining random number R b with key K b decryption information M3.Because the correlation between the encryption and decryption is so can exchange encryption and decryption.Two-way authentication is in this case handled shown in figure 22.
In the two-way authentication of Figure 22 is handled, the processing of carrying out through messaging device 141 among step S3201~S3213 basically with Figure 21 in step S3101~S3113 in the processing carried out through messaging device 141 identical.Yet the processing among the step S3105~S3107 among the processing among the step S3205 among Figure 22~S3207 and Figure 21 is different.
The processing of carrying out through messaging device 111 among step S3251 in Figure 22~S3263 basically with Figure 21 in step S3151~S3163 in the processing carried out through messaging device 111 identical.Yet the processing among the step S3154~S3155 among the processing among the step S3254 among Figure 22~S3255 and Figure 21 is different.
Particularly, in two-way authentication shown in Figure 22 was handled, in messaging device 111, in step S3254, ciphering unit 125 calculated the XOR OR (XOR) of random number R a and random number R b.Decryption unit 123 is used fixed key Kb deciphering result of calculation, thus the information of generation M2.Particularly, calculate following formula.In this formula, for example, dK (A) expression comes decrypted value A through key K.
Formula 37
M2=dKb(Ra?XOR?Rb)
In step S3255, decryption unit 123 uses fixed key Kb decrypted random to count Rb, thus the information of generation M3.Particularly, calculate formula:
Formula 38
M3=dKb(Rb)
In messaging device 141, in step S3205, generation unit 157 generates key K b and key K b is offered ciphering unit 155.Ciphering unit 155 usefulness fixed key Kb enciphered message M2, thus the XOR OR (Ra XOR Rb) of random number R a and random number R b obtained, and export XOR OR to authentication ' unit 154.
In step S3207, ciphering unit 155 usefulness fixed key Kb enciphered message M3, thus obtain random number R b, and export random number R b to authentication ' unit 154.
Other are handled with shown in Figure 21 identical.
5. the 4th embodiment
Two-way authentication processing according to the Quaternary system system of fourth embodiment of the invention below will be described.In the two-way authentication of Quaternary system system was handled, the random number that is used for authentication transferred to authentic equipment from authenticating device with encrypted state.In the two-way authentication of Quaternary system system is handled, two kinds of random number R a and random number R b and a kind of fixed key Ka have been used.The random number R a and the Rb that generate are used separately as encryption key and decruption key.
Figure 23 is the flow chart that is used to explain that the two-way authentication of Quaternary system system is handled.
In messaging device 141, in step S3301, generation unit 157 generates random number R a and fixed key Ka.In step S3302, ciphering unit 155 according to following formula with fixed key Ka encrypted random number Ra, to generate information M1:
Formula 39
M1=eKa(Ra)
In step S3303, transmission unit 156 transfers to messaging device 111 with information M1.Information M1 is transferred to messaging device 111 via antenna element 151.
In messaging device 111, in step S3351, receiving element 122 receives from messaging device 141 information transmitted M1 via antenna element 121.In step S3352, generation unit 127 generates fixed key Ka and fixed key Ka is offered decryption unit 123.Decryption unit 123 usefulness fixed key Ka decryption information M1, thus random number R a ' obtained.If the fixed key Ka that in deciphering, uses with encrypt during the fixed key Ka that uses identical, then random number R a ' is identical with the random number R a that is obtained.
In step S3353, generation unit 127 generates random number R b.In step S3354, ciphering unit 125 uses random number R b to come encrypted random number Ra ' as key, thus the information of generation M2.Particularly, calculate following formula:
Formula 40
M2=eRb(Ra’)
In step S3355, ciphering unit 125 usefulness fixed key Ka encrypted random number Rb, thereby the information of generation M3.Particularly, calculate following formula:
Formula 41
M3=eKa(Rb)
In step S3356, transmission unit 126 transfers to messaging device 141 with information M2.Information M2 is transferred to messaging device 141 via antenna element 121.
In step S3357, transmission unit 126 transfers to messaging device 141 with information M3.Information M3 is transferred to messaging device 141 via antenna element 121.Information M2 and information M3 can be transferred to messaging device 141 simultaneously.
In messaging device 141, in step S3304, receiving element 152 receives from messaging device 111 information transmitted M2 via antenna element 151.In step S3305, receiving element 152 receives from messaging device 111 information transmitted M3 via antenna element 151.
In step S3306, decryption unit 153 usefulness fixed key Ka decryption information M3, thus obtain random number R b '.If the fixed key Ka that in deciphering, uses with encrypt during the fixed key Ka that uses identical, then random number R b ' is identical with the random number R b that is obtained.
In step S3307, decryption unit 153 uses random number R b ' to come decryption information M2 as key, and the random number R a that will obtain as decrypted result " export authentication ' unit 154 to.
In step S3308, authentication ' unit 154 is carried out according to the consistency of random number R a and is handled.Particularly, authentication ' unit 154 is confirmed random number R a that in step S3301, generates and the random number R a that in step S3307, obtains " whether consistent mutually.Fixed key Ka is the key of only being held by regular messaging device 111.Therefore, when messaging device 111 is regular messaging device, random number R a and random number R a " consistent mutually.Therefore, in this case, in step S3310,154 pairs of messaging devices of authentication ' unit 111 are carried out authentication success and are handled.
On the other hand, when messaging device 111 was not regular messaging device, messaging device 111 was not held correct fixed key Ka.Therefore, random number R a and random number R a " inconsistent mutually.Therefore, in this case, in step S3309,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failure and are handled.
In addition, carry out authentication, illustrated processing below the execution in order to make 111 pairs of messaging devices of messaging device 141.
In step S3311, ciphering unit 155 uses random number R a to come encrypted random number random number R b ' as key according to the control of authentication ' unit 154, thus the information of generation M4.Particularly, calculate following formula:
Formula 42
M4=eRa(Rb’)
In step S3312, transmission unit 156 transfers to messaging device 111 with information M4.Information M4 is transferred to messaging device 111 via antenna element 151.
In messaging device 111, in step S3358, receiving element 122 receives from messaging device 141 information transmitted M4 via antenna element 121.In step S3359, decryption unit 123 uses random number R a ' to come decryption information M4 as key, and the random number R b that will obtain as decrypted result " export authentication ' unit 124 to.
In step S3360, authentication ' unit 124 is carried out authentication according to the consistency of random number R b.Particularly, authentication ' unit 124 is confirmed random number R b that in step S3353, generates and the random number R b that in step S3359, obtains " whether consistent mutually.Fixed key Ka is the key of only being held by regular messaging device 141.Therefore, when messaging device 141 is regular messaging device, random number R b and random number R b " consistent mutually.Therefore, in this case, in step S3362,124 pairs of messaging devices of authentication ' unit 141 are carried out authentication success and are handled.
On the other hand, when messaging device 141 was not regular messaging device, messaging device 141 was not held fixed key Ka.Therefore, random number R b and random number R b " inconsistent mutually.Therefore, in this case, in step S3361,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failure and are handled.As stated, 111 pairs of messaging devices of messaging device 141 carry out authentication.
Two-way authentication through top illustrated Quaternary system is united is handled, and messaging device 111 only need be held a key (fixed key Ka) in advance with messaging device 141.Each of messaging device 111 and messaging device 141 all only need generate one time random number.
Even identical information M1 is repeatedly offered messaging device 111; And repeatedly obtain the information M2 of conduct for the purpose of assault, also through use the random number R b that all changes to encrypt information M2 at every turn as result as key to the result of information M1.Therefore, even attack collection and analyze a large amount of results, also be difficult to confirm the key of deal with data through DFA.In other words, but protected data avoid DFA and attack.
In two-way authentication shown in Figure 23 is handled, in step S3302, generate information M1 through using fixed key Ka to encrypt.In step S3352, information M1 is deciphered through key K a.In step S3311, generate information M4 as secret key encryption through using fixed key Rb.In step S3359, decipher as key pair information M4 through using random number R a '.Because the correlation between the encryption and decryption is so encryption and decryption can be exchanged.Two-way authentication is in this case handled shown in figure 24.
In the two-way authentication of Figure 24 is handled, the processing of carrying out through messaging device 141 among step S3401~S3412 basically with Figure 23 in step S3301~S3312 in the processing carried out through messaging device 141 identical.But the step S3302 among the step S3402 among Figure 24 and the processing of S3411 and Figure 23 is different with the processing of S3311.
The processing of carrying out through messaging device 111 among step S3451 among Figure 24~S3462 basically with Figure 22 in step S3351~S3362 in the processing carried out through messaging device 111 identical.But the step S3352 among the step S3452 among Figure 24 and the processing of S3459 and Figure 23 is different with the processing of S3359.
Under the situation that two-way authentication shown in Figure 24 is handled, in messaging device 141, in step S3402, decryption unit 153 usefulness fixed key Ka decrypted randoms are counted Ra, thus the information of generation M1.Particularly, calculate following formula:
Formula 43
M1=dKa(Ra)
In step S3411, decryption unit 153 uses random number R a decrypted random to count Rb ', thus the information of generation M4.Particularly, calculate formula:
Formula 44
M4=dRa(Rb’)
In messaging device 111, in step S3452, generation unit 127 generates fixed key Ka and fixed key Ka is offered ciphering unit 125.Ciphering unit 125 usefulness fixed key Ka enciphered message M1, thus random number R a ' obtained.
In step S3459, ciphering unit 125 is used random number R a ' enciphered message M4, thereby obtains random number R b ".
Other are handled with shown in Figure 23 identical.
6. the 5th embodiment
Two-way authentication processing according to the 5th system of fifth embodiment of the invention below will be described.In the two-way authentication of the 5th system was handled, the random number that is used for authentication was transferred to authentic equipment from authenticating device with encrypted state.In the authentication processing of the 5th system, two kinds of random number R a and random number R b and a kind of fixed key Ka have been used.The random number R a and the Rb that generate are used separately as encryption key and decruption key.In addition, used the conversion process F that adopts random number R R(X) and inverse conversion handle F -1 R(X).
Figure 25 is the flow chart that is used to the two-way authentication processing of the 5th system that explains.
In messaging device 141, in step S3501, generation unit 157 generates random number R a and fixed key Ka.In step S3502, ciphering unit 155 comes encrypted random number Ra according to following formula with fixed key Ka, to generate information M1:
Formula 45
M1=eKa(Ra)
In step S3503, transmission unit 156 transfers to messaging device 111 with information M1.Information M1 is transferred to messaging device 111 via antenna element 151.
In messaging device 111, in step S3551, receiving element 122 receives from messaging device 141 information transmitted M1 via antenna element 121.In step S3552, generation unit 127 generates fixed key Ka and fixed key Ka is offered decryption unit 123.Decryption unit 123 usefulness fixed key Ka decryption information M1, thus random number R a ' obtained.If be used in the deciphering fixed key Ka with encrypt during the fixed key Ka that uses identical, then obtain the random number R a ' identical with random number R a.
In step S3553, generation unit 127 generates random number R b.In step S3554, the conversion process F of 125 couples of random number R a ' of ciphering unit application sample random number R b Rb(X).In addition, in step S3555, ciphering unit 125 use random number R b as key to conversion process F as a result Rb(Ra ') encrypt, thus the information of generation M2.Particularly, calculate following formula:
Formula 46
M2=eRb(F Rb(Ra’))
In step S3556, ciphering unit 125 usefulness fixed key Ka encrypted random number Rb, thereby the information of generation M3.Particularly, calculate following formula:
Formula 47
M3=eKa(Rb)
In step S3557, transmission unit 126 transfers to messaging device 141 with information M2.Information M2 is transferred to messaging device 141 via antenna element 121.
In step S3558, transmission unit 126 transfers to messaging device 141 with information M3.Information M3 is transferred to messaging device 141 via antenna element 121.Information M2 and information M3 can be transferred to messaging device 141 simultaneously.
In messaging device 141, in step S3504, receiving element 152 receives from messaging device 111 information transmitted M2 via antenna element 151.In step S3505, receiving element 152 receives from messaging device 111 information transmitted M3 via antenna element 151.
In step S3506, decryption unit 153 usefulness fixed key Ka decryption information M3, thus obtain random number R b '.If be used in the deciphering fixed key Ka with encrypt during the fixed key Ka that uses identical, then be attained at the identical random number R b ' of random number R b.
In step S3507, decryption unit 153 uses random number R b ' as secret key decryption information M2, thereby obtains conversion process F as a result Rb(Ra ') and with conversion process F as a result Rb(Ra ') offers authentication ' unit 154.In step S3508, ciphering unit 155 according to the control of authentication ' unit 154 to conversion process F as a result Rb(Ra ') uses the inverse conversion that adopts random number R b ' and handles F -1 Rb 'And will handle F (X), as inverse conversion -1 Rb '(X) result and the random number R a that obtains " export authentication ' unit 154 to.
In step S3509, authentication ' unit 154 is carried out authentication according to the consistency of random number R a.Particularly, authentication ' unit 154 is confirmed random number R a that in step S3501, generates and the random number R a that in step S3508, obtains " whether consistent mutually.Fixed key Ka is the key of only being held by regular messaging device 111.Therefore, when messaging device 111 is regular messaging device, random number R a and random number R a " consistent mutually.Therefore, in this case, in step S3511,154 pairs of messaging devices of authentication ' unit 111 are carried out authentication success and are handled.
On the other hand, when messaging device 111 was not regular messaging device, messaging device 111 was not held correct fixed key Ka.Therefore, random number R a and random number R a " inconsistent mutually.Therefore, in this case, in step S3510,154 pairs of messaging devices of authentication ' unit 111 are carried out authentification failure and are handled.
In addition, carry out authentication, illustrated processing below the execution in order to make 111 pairs of messaging devices of messaging device 141.
In step S3512, ciphering unit 155 is used the conversion process F that adopts random number R a according to the control of authentication ' unit 154 to random number R b ' Ra(X).In addition, in step S3513, ciphering unit 155 use random number R a as key to transformation result F Ra(Rb ') encrypt, thus the information of generation M4.In addition, calculate following formula:
Formula 48
M4=eRa(F Ra(Rb’))
In step S3514, transmission unit 156 transfers to messaging device 111 with information M4.Information M4 is transferred to messaging device 111 via antenna element 151.
In messaging device 111, in step S3559, receiving element 122 receives from messaging device 141 information transmitted M4 via antenna 121.In step S3560, decryption unit 123 uses random number R a ' to come decryption information M4 as key, thereby obtains conversion process F as a result Ra(Rb ') and with conversion process F as a result Ra(Rb ') exports authentication ' unit 124 to.
In step S3561, ciphering unit 125 according to the control of authentication ' unit 124 to conversion process F as a result Ra(Rb ') uses the inverse conversion that adopts random number R a ' and handles F -1 Ra '(X) also will handle F as inverse conversion -1 Ra '(X) result and the random number R b that obtains " export authentication ' unit 124 to.
In step S3562, authentication ' unit 124 is carried out authentication according to the consistency of random number R b.Particularly, authentication ' unit 124 is confirmed random number R b that in step S3553, generates and the random number R b that in step S3561, obtains " whether consistent mutually.Fixed key Ka is the key of only being held by regular messaging device 141.Therefore, when messaging device 141 is regular messaging device, random number R b and random number R b " consistent mutually.Therefore, in this case, in step S3564,124 pairs of messaging devices of authentication ' unit 141 are carried out authentication success and are handled.
On the other hand, when messaging device 141 was not regular messaging device, messaging device 141 was not held correct fixed key Ka.Therefore, random number R b and random number R b " inconsistent mutually.Therefore, in this case, in step S3563,124 pairs of messaging devices of authentication ' unit 141 are carried out authentification failure and are handled.As stated, messaging device 111 also carries out authentication to messaging device 141.
The two-way authentication of the 5th system through top explanation is handled, and messaging device 111 only need be held a key (fixed key Ka) in advance with messaging device 141.Each of messaging device 111 and messaging device 141 is random number of only essential generation all.
Even identical information M1 is repeatedly offered messaging device 111; And for the purpose of assault repeatedly obtains the information M2 of conduct to the result of information M1, also through use the random number R b that all changes to encrypt information M2 at every turn as result as key.Therefore, even attack collection and analyze a large amount of results, also be difficult to confirm the key of deal with data through DFA.In other words, but protected data avoid DFA and attack.
The present invention can also be applied to except that IC-card and the messaging device the reader.
Communication can be the communication except that short-range communication.Except that radio communication, communication not only can be wire communication, communicates by letter with wire communication mixes mutually but also can be radio communication,, carries out radio communication and execution wire communication in other intervals between given zone that is.In addition, the communication from particular device to other equipment can be carried out through radio communication, and the communication from other equipment to particular device can be carried out through wire communication.
Above-mentioned a series of processing can be carried out through hardware maybe can pass through software executing.When through this series of processes of software executing, the computer program of formation software is installed to the computer of incorporating specialized hardware into from program recorded medium and is perhaps for example carried out in the general purpose personal computer of various functions through various computer programs are installed.
For example; Be installed in the computer and the program recorded medium of the computer program that storage can be carried out by computer (for example; Memory cell 129 and memory cell 159 shown in Figure 9 shown in Figure 8) comprise removable medium as encapsulation medium, comprise the ROM or the hard disk of disk (comprising floppy disk), CD (comprising CD-ROM (compact disc read-only memory) and DVD (digital universal disc)), magneto optical disk or semiconductor memory or interim or permanent storage computer program.The storage of computer program is through using wired or wireless communication medium (for example, local area network (LAN), the Internet or digital satellite broadcasting) as required through carrying out as the communication unit (for example, router or modulator-demodulator) of interface in the program recorded medium.
In this manual, the step of describing computer program not only comprises the processing of carrying out with sequential according to said order, but also comprises processing parallel or that carry out separately, though always do not handle with sequential.
In this manual, system representation comprises the whole device of a plurality of equipment.
Embodiments of the invention are not limited to the foregoing description.Under the situation that does not deviate from spirit of the present invention, can carry out various modifications.
One skilled in the art will understand that according to designing requirement and other factors, multiple modification, combination can be arranged, make up again and improve, all should be included within the scope of claim of the present invention or equivalent.

Claims (14)

1. messaging device comprises:
Receiving element receives first random number through encrypting from another messaging device;
Generation unit generates second random number, and generates first fixed key and as second fixed key of fixed key;
The time become the key generation unit, make said second random number act on said fixed key, become key when generating, become key when said and be the key that all changes when at every turn generating;
Ciphering unit becomes key when said said first random number is encrypted;
Transmission unit, said first random number that becomes secret key encryption with said second random number with when said transfers to said another messaging device; And
Decryption unit is deciphered first random number through encrypting that receives from said another messaging device with said second fixed key, wherein,
Said generation unit further generates the 3rd random number,
Said ciphering unit further becomes key when said to be encrypted said the 3rd random number,
The 3rd random number that said transmission unit further will pass through encryption transfers to said another messaging device,
Said receiving element receives said the 3rd random number of encrypting through said second fixed key from said another messaging device,
The 3rd random number that said decryption unit is encrypted process with said second fixed key is deciphered, and
Said messaging device further comprises:
Authentication ' unit is according to carrying out authentication through the 3rd random number of deciphering.
2. messaging device comprises:
Receiving element receives first random number through encrypting from another messaging device;
Generation unit generates second random number, and generates first fixed key and as second fixed key of fixed key;
The time become the key generation unit, make said second random number act on said fixed key, become key when generating, become key when said and be the key that all changes when at every turn generating;
Ciphering unit becomes key when said said first random number is encrypted;
Transmission unit, said first random number that becomes secret key encryption with said second random number with when said transfers to said another messaging device; And
Decryption unit is deciphered first random number through encrypting that receives from said another messaging device with said second fixed key, wherein,
Said generation unit further generates the 3rd random number,
Said ciphering unit further becomes key when said to be encrypted said the 3rd random number,
The 3rd random number that said transmission unit further will pass through encryption transfers to said another messaging device,
Said ciphering unit is further encrypted said the 3rd random number with said second fixed key,
Said receiving element receives said the 3rd random number of encrypting through said second fixed key from said another messaging device, and
Said messaging device further comprises:
Authentication ' unit is according to carrying out authentication through the 3rd random number of encrypting.
3. messaging device comprises:
Receiving element receives first random number from another messaging device;
Generation unit generates second random number and fixed key;
The time become the key generation unit, make said second random number act on said fixed key, become key when generating, become key when said and be the key that all changes when at every turn generating;
Ciphering unit becomes key when said said first random number is encrypted; And
Transmission unit, said first random number that becomes secret key encryption with said second random number with when said transfers to said another messaging device, wherein
Said generation unit further generates the 3rd random number,
Said ciphering unit becomes key when said to be encrypted the combination of said the 3rd random number and said first random number,
Said transmission unit is the combination of transmitted of said the 3rd random number and said first random number to said another messaging device,
Said receiving element further receives said first random number of change secret key encryption when said and the combination of said the 3rd random number from said another messaging device, and
Said messaging device further comprises:
Decryption unit becomes key when said, to receive from said another messaging device, decipher through said first random number of encrypting and the combination of said the 3rd random number; And
Authentication ' unit is according to carrying out authentication through the 3rd random number of deciphering with through first random number of deciphering.
4. messaging device comprises:
Receiving element receives first random number from another messaging device;
Generation unit generates second random number and fixed key;
The time become the key generation unit, make said second random number act on said fixed key, become key when generating, become key when said and be the key that all changes when at every turn generating;
Ciphering unit becomes key when said said first random number is encrypted; And
Transmission unit, said first random number that becomes secret key encryption with said second random number with when said transfers to said another messaging device, wherein
Said generation unit further generates the 3rd random number,
Said ciphering unit becomes key when said to be encrypted the combination of said the 3rd random number and said first random number,
Said transmission unit will pass through combination of transmitted to said another messaging device of said the 3rd random number and said first random number of encryption,
Said ciphering unit further becomes key when said to be encrypted the combination of said first random number and said the 3rd random number,
Said receiving element further receives through said first random number of encryption and the combination of said the 3rd random number from said another messaging device, and
Said messaging device further comprises:
Authentication ' unit is according to carrying out authentication through said first random number of encryption and the combination of said the 3rd random number.
5. messaging device according to claim 4; Wherein, Said receiving element received the combination through said first random number of encrypting and said the 3rd random number from said another messaging device after, said ciphering unit change key when said was encrypted the combination of said first random number and said the 3rd random number.
6. according to each the described messaging device in the claim 1 to 4, wherein,
Said messaging device is an IC-card.
7. messaging device comprises:
Generation unit generates first random number;
Transmission unit transfers to another messaging device with said first random number;
Receiving element receives second random number and through becoming said first random number of secret key encryption at first o'clock from said another messaging device;
The time become the key generation unit, generate and became key at said first o'clock and became key at identical second o'clock according to said second random number, the change key is the key that all changes when at every turn generating when said;
The authentication information generation unit generates and is used for authentication information that said another messaging device is carried out authentication with becoming key at said second o'clock; And
Authentication ' unit is carried out authentication according to said authentication information to said another messaging device.
8. messaging device according to claim 7, said generation unit generates fixed key, wherein,
Become the key generation unit when said and make said second random number act on said fixed key, become key to generate at said second o'clock.
9. messaging device according to claim 8, wherein,
Said generation unit also generates second fixed key with as fixed key except generating first fixed key, wherein, said second random number acts on said first fixed key, and
Said transmission unit further transmits said first random number of encrypting through said second fixed key.
10. messaging device according to claim 9, wherein,
Said receiving element further receives the 3rd random number through change secret key encryption in said first o'clock from said another messaging device,
Said messaging device further comprises:
Decryption unit is with said second o'clock change key, to deciphering through said the 3rd random number that became secret key encryption at said first o'clock; And
Ciphering unit with said second fixed key, is encrypted said the 3rd random number that obtains through said decryption unit deciphering, and
Said transmission unit further will transfer to said another messaging device through said the 3rd random number that said second fixed key is encrypted.
11. messaging device according to claim 8, wherein,
Said receiving element receives and is in combination encrypted state, the 3rd random number and said first random number,
Said authentication information generation unit is a decryption unit, became key with said second o'clock the combination of said the 3rd random number and said first random number deciphered, and to generate said first random number, as said authentication information,
Said messaging device further comprises: ciphering unit, the combination of said first random number and said the 3rd random number is encrypted, and
Said transmission unit further will pass through combination of transmitted to said another messaging device of said first random number and said the 3rd random number of encryption.
12. messaging device according to claim 8, wherein,
Said receiving element receives and is in combination encrypted state, the 3rd random number and said first random number,
Said authentication information generation unit is a decryption unit, became key with said second o'clock the combination of said the 3rd random number and said first random number deciphered, and generating said authentication information,
Said messaging device further comprises ciphering unit, and its combination to said first random number and said the 3rd random number is encrypted, and
Said transmission unit further will pass through combination of transmitted to said another messaging device of said first random number and said the 3rd random number of encryption.
13. messaging device according to claim 8, wherein, said messaging device is a read write line.
14. an information processing system, wherein,
First information treatment facility receives random number from second messaging device; Generate at first o'clock and become key; Becoming key with said first o'clock encrypts said random number; And the random number that will pass through encryption with as became in said first o'clock key the time become the basis Back ground Information transfer to said second messaging device, and
Said second messaging device generates with said first o'clock change key according to said Back ground Information and became key at identical second o'clock; Become key with said second o'clock and generate authentication information; And said first information treatment facility is carried out authentication according to said authentication information; Become key when wherein, said and be the key that all changes when at every turn generating.
CN200910158985XA 2008-07-14 2009-07-13 Information processing device, and information processing system Active CN101631017B (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2008183017 2008-07-14
JP2008183017 2008-07-14
JP2008-183017 2008-07-14
JP2009-078806 2009-03-27
JP2009078806A JP4666240B2 (en) 2008-07-14 2009-03-27 Information processing apparatus, information processing method, program, and information processing system
JP2009078806 2009-03-27

Publications (2)

Publication Number Publication Date
CN101631017A CN101631017A (en) 2010-01-20
CN101631017B true CN101631017B (en) 2012-11-28

Family

ID=41575979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910158985XA Active CN101631017B (en) 2008-07-14 2009-07-13 Information processing device, and information processing system

Country Status (2)

Country Link
JP (1) JP5263627B2 (en)
CN (1) CN101631017B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045333B (en) * 2010-06-29 2013-06-19 飞天诚信科技股份有限公司 Method for generating safety message process key
FR3004561B1 (en) * 2013-04-15 2016-11-11 Banque Accord METHOD AND SYSTEM FOR ENHANCING SECURITY OF ELECTRONIC TRANSACTIONS
CN108738014B (en) * 2017-04-14 2021-09-21 上海复旦微电子集团股份有限公司 Wireless radio frequency equipment, authentication server, authentication system and security authentication method
CN107635227B (en) * 2017-10-30 2021-01-29 中国联合网络通信集团有限公司 Group message encryption method and device
CN108123805A (en) * 2017-12-15 2018-06-05 上海汽车集团股份有限公司 Communication security authentication method between vehicle-mounted ECU
JP7609077B2 (en) * 2020-01-08 2025-01-07 ソニーグループ株式会社 Information processing device, information processing method, and program
CN111464293A (en) * 2020-03-25 2020-07-28 福尔达车联网(深圳)有限公司 Data sending method, data receiving method, storage medium and terminal equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1256459A (en) * 1998-10-16 2000-06-14 松下电器产业株式会社 Digital Works Protection System
CN1620005A (en) * 2003-11-18 2005-05-25 华为技术有限公司 A method for securely sending transmission keys
CN1768502A (en) * 2002-06-19 2006-05-03 安全通信公司 Inter-authentication method and device
CN101165701A (en) * 2006-10-17 2008-04-23 国际商业机器公司 Methods and systems for providing radio frequency identification (RFID) security mutual authentication

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2831650B2 (en) * 1988-05-06 1998-12-02 日本放送協会 Signal scramble transmission system and device
JPH0244389A (en) * 1988-08-04 1990-02-14 Matsushita Electric Ind Co Ltd Ic card apparatus
JPH0575598A (en) * 1991-09-18 1993-03-26 Matsushita Electric Ind Co Ltd Key data sharing device
JP3541522B2 (en) * 1995-10-09 2004-07-14 松下電器産業株式会社 Communication protection system and equipment between devices
JP3526524B2 (en) * 1996-10-31 2004-05-17 松下電器産業株式会社 One-way data conversion device and device authentication system
JPH10210023A (en) * 1997-01-27 1998-08-07 Oki Electric Ind Co Ltd Authentication method, cipher key sharing method, and communication system
JP2002508892A (en) * 1997-03-10 2002-03-19 ガイ・エル・フィールダー Two-way authentication and encryption system
JP2002314532A (en) * 2001-04-11 2002-10-25 Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd Duplicate terminal discovery method
JP2003234734A (en) * 2002-02-07 2003-08-22 Nippon Telegr & Teleph Corp <Ntt> Mutual authentication method, server device and client device, mutual authentication program, and storage medium storing mutual authentication program
JP4550438B2 (en) * 2004-01-21 2010-09-22 三菱電機株式会社 Authentication device, authentication system, authentication method, and authentication integrated circuit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1256459A (en) * 1998-10-16 2000-06-14 松下电器产业株式会社 Digital Works Protection System
CN1768502A (en) * 2002-06-19 2006-05-03 安全通信公司 Inter-authentication method and device
CN1620005A (en) * 2003-11-18 2005-05-25 华为技术有限公司 A method for securely sending transmission keys
CN101165701A (en) * 2006-10-17 2008-04-23 国际商业机器公司 Methods and systems for providing radio frequency identification (RFID) security mutual authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JP特開2003-234734A 2003.08.22

Also Published As

Publication number Publication date
CN101631017A (en) 2010-01-20
JP5263627B2 (en) 2013-08-14
JP2011010345A (en) 2011-01-13

Similar Documents

Publication Publication Date Title
CN101631017B (en) Information processing device, and information processing system
JP4666240B2 (en) Information processing apparatus, information processing method, program, and information processing system
Garg et al. Secure and lightweight authentication scheme for smart metering infrastructure in smart grid
US20210314143A1 (en) Encryption for blockchain cryptocurrency transactions and uses in conjunction with carbon credits
CN101170554B (en) Message safety transfer system
CN113111364A (en) Block chain data privacy protection system and protection method thereof
CN110598422A (en) Trusted identity authentication system and method based on mobile digital certificate
CN104301317B (en) On-site operation and maintenance data encryption transmission verification method of power communication network
ES2768963T3 (en) Entity authentication procedure and device
CN104010297B (en) Wireless terminal configuration method and device and wireless terminal
CN110661790A (en) Block chain private data protection method, device, equipment and medium
CN109729041A (en) A kind of publication of encrypted content and acquisition methods and device
CN109450648A (en) Key generating device, data processing equipment and stream compression system
CN110324321A (en) Data processing method and device
CN110519211A (en) A kind of video monitoring safety certification acquisition system and method based on equipment identities certification
CN113329014A (en) Information transmission device based on electric power thing networking encryption communication authentication
Lin et al. Research on PUF-based security enhancement of narrow-band Internet of Things
CN109104476A (en) A kind of security information for power system system based on block chain
CN103118351B (en) The generation method and apparatus of repaid card data
Yu et al. A Machine Learning Attack-Resistant PUF-based Robust and Efficient Mutual Authentication Scheme in Fog-enabled IoT Environments
William et al. Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment
CN114244509A (en) Method for carrying out SM2 one-time pad bidirectional authentication unlocking by using mobile terminal
CN103096305B (en) Wireless network connection method and device and access point thereof
JP2010041387A (en) Information processor and information processing system
CN114117499B (en) Trusted data exchange method based on authority management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant