JP2005094128A - Authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system for preventing occurrence of troubles and accidents due to connection of counterfeit devices not having predetermined performance and standards.
When a device to be authenticated is connected to an authentication device, an authentication system generates a random number and stores the random number in a comparison unit, and also performs a function operation using a random number in one of the authentication device and the device to be authenticated. On the other hand, the operation result is calculated as an inverse function. The comparison unit 8 compares the result of the inverse function calculation with the stored random number to determine whether or not the connected device to be authenticated is a genuine product. If it is not a genuine product, the connection of the device to be authenticated is rejected.
[Selection] Figure 1

Description

  In the present invention, a user can freely select a main unit to connect any connection device so that a simple example can be seen in the relationship between a personal computer (hereinafter referred to as a PC) and peripheral devices such as a printer connected thereto. When possible, in order to prevent the occurrence of problems and accidents associated with the connection device not having the proper performance and function, the connection device to which the main unit is connected is proper. The present invention relates to an authentication system for making it possible to recognize whether or not it is a thing.

  For example, a notebook-type portable PC (hereinafter referred to as a notebook PC) is equipped with a battery pack as a battery power source as a standard equipment, so that it can be carried and used anywhere. A battery pack applied to a notebook PC is configured by using a secondary battery and can be repeatedly used by charging. However, the battery pack has a life because deterioration progresses depending on a charge / discharge cycle, a use state, a storage environment, and the like. When the secondary battery reaches the end of its life or when it is desired to use a battery pack having a large battery capacity so that the notebook PC can be used for a long time, the battery pack is replaced. In principle, it is necessary to replace the battery pack with a regular battery pack approved by the notebook PC manufacturer. However, non-certified replacement battery packs may be sold at a low price. It may be attached to a PC. Even if it is a non-certified battery pack, if the electrical requirements are met, the notebook PC will operate without problems.

  However, since lithium ion secondary batteries, which are mainly applied as secondary batteries for laptop PC battery packs, use flammable organic solvents as electrolytes, ensuring safety is important. Safety in the event of an abnormality for some reason is ensured not only by the protection circuit but also by a protection circuit or the like. In non-certified battery packs, there is no problem if the secondary battery and its peripheral configuration are equivalent to those of the certified product, but it is impossible to make all the components equivalent, and it is aimed at low cost. Therefore, it is necessary to take measures to avoid a situation in which an inferior configuration is made and an accident occurs due to a notebook PC or a battery pack on which it is mounted.

  From the above viewpoint, a battery pack having a recognition function for identifying a regular battery pack and a non-certified battery pack and rejecting the connection when the non-certified battery pack is attached to a notebook PC is known. (See Patent Document 1).

In the above prior art, as shown in FIG. 6, when the battery pack 61 is connected, the application circuit 60 (notebook PC or the like) 60 generates a random number a, which is transmitted through the connection line to the battery pack. Simultaneously with the transmission to 61, the function calculation is executed by the function arithmetic expression [b = g (a)] stored using the random number a. On the battery pack 61 side, the same function calculation as that of the application circuit 60 is executed by the function arithmetic expression [c = f (a)] stored using the transmitted random number a, and the calculation result c is applied to the application circuit 60 side. Reply to The application circuit 60 compares the returned calculation result c with the calculation result b calculated in the application circuit 60. If b = c, the battery pack 61 recognizes that the battery pack 61 is valid and the battery. If the connection of the pack 61 is permitted and b ≠ c, it is determined that the battery pack 61 is illegal, and the application circuit 60 is put into a non-operating state.
JP-T 09-500520 (pages 3-8, FIG. 6)

  In the above prior art, the application circuit 60 and the battery pack 61 perform the same function calculation, so that information stored in the memory of the application circuit 60 or the battery pack 61 can be read to imitate the function calculation. It is. In the case of the battery pack 61, it is considered that there are many cases in which a microcomputer (hereinafter referred to as a microcomputer) that executes a function calculation and a memory that stores a calculation procedure are integrated into an IC for miniaturization. It is very difficult to read the part. However, when the application circuit 60 side is a notebook PC, this function is necessary only when the battery pack 61 is installed. Therefore, in order to prevent the cost from rising, random numbers are assigned to the microcomputer and OS included in the notebook PC. It is desirable to provide a memory for storing functions and other procedures by providing functions for generation and function calculation. Therefore, there is a problem that the battery pack 61 can be forged by copying the contents of the memory on the application circuit 60 side.

  The present invention was devised in view of the problems as shown in the above-described conventional example, and an authentication system that prevents the occurrence of problems and accidents associated with the installation of a device that does not have an appropriate function to the main unit. It is intended to provide.

  To achieve the above object, the first invention of the present application is an authentication system for authenticating whether or not an authenticated device connected to an authentication device as a main device has a normal function, wherein the authentication When the device to be authenticated is connected, the device generates a random number from the random number generation means and stores the generated random number, and processes the random number a by the signal processing means in either the authentication device or the authentication target device Then, the processed signal is processed, and on the other hand, the processed signal is recovered by the signal recovery means and processed into the recovered signal. The authentication apparatus compares the stored random number with the recovered signal, and [random number = restored signal] is detected. The authentication target device is permitted to be connected, and when [random number ≠ restoration signal] is detected, the connection of the authentication target device is rejected.

  According to the above configuration, since the signal processing unit and the signal restoration unit are allocated to the authentication device and the device to be authenticated, the random number output from the random number generation unit is set in advance by either the recognition device or the device to be recognized. On the other hand, the processed signal processed by the processed method can be returned to a random number by a preset recovery method. Since the processing method and the restoration method become a hidden key, an authenticated device cannot be manufactured unless it can be decrypted, and an authenticated device can be manufactured only by an authorized manufacturer provided with a hidden key, Even if an authorized manufacturer who does not have a hidden key manufactures a counterfeit product, it cannot be connected to the authentication device, and it is possible to prevent accidents and malfunctions due to the connection of the counterfeit product.

  In the authentication system, the signal processing means can be configured to perform a function operation using a random number to process the processed signal, and the signal restoration means can calculate an inverse function of the processing signal to process the restored signal. The signal processing means processes the random number into a processed signal encrypted by a predetermined encryption algorithm, and the signal restoration means processes the encrypted processed signal into a restored signal decrypted by a predetermined decryption algorithm. Can be configured.

  The second invention of the present application is an authentication system for authenticating whether or not an authenticated device connected to an authentication device as a main device has a normal function, and generates a random number a. Means, a first calculation means for calculating the function b = f (a) using the random number a, and an inverse function c = g {f (a)} using the calculation result b by the first calculation means. A second computing means for computing, a comparing means for comparing whether the calculation result c by the second computing means and the random number a outputted from the random number generating means are equal to a = c, and the comparison A connection refusal means for refusing the connection of the device to be authenticated when a ≠ b is detected by the means, the first computing means or the second computing means is provided on the authenticated device side, and the other constituent means is the authentication device. It is provided on the side.

  According to the above configuration, since the arithmetic expression executed on the authentication target device side and the authentication device side to which it is connected are different, even if the arithmetic expression stored in the authentication device side memory is read out, The device to be authenticated cannot be counterfeited using. When the same operation is executed on the device to be authenticated and the device to be authenticated as in the configuration shown in the prior art, it is possible to forge the device to be authenticated if the arithmetic expression is copied from either readable side. However, if the function operation expression is different between the authenticated device side and the authentication device side as in this configuration, even if one of the function operation expressions can be read, the function form must be deciphered. For example, it is extremely difficult to forge the device to be authenticated.

  In the above configuration, an encryption unit for encrypting a calculation result by the first calculation unit or the second calculation unit is provided on the authenticated device side, and a decryption unit for decoding the encrypted calculation result is provided on the authentication device side. With this configuration, since encryption is added, it becomes more difficult to decipher the function arithmetic expression, and forgery prevention of the device to be authenticated becomes more reliable.

  The third invention of the present application is an authentication system for authenticating whether or not an authenticated device connected to an authentication device as a main device has a normal function, and a random number generating means for generating a random number And encrypting means for encrypting the random number and outputting an encrypted signal; decrypting means for decrypting the encrypted signal and outputting a decrypted signal; and storing the random number output from the random number generating means The comparing means for comparing the decoded signal output from the decoding means and the random number output from the random number generating means to detect whether or not they are the same, and by this comparing means [random number ≠ decoded signal] A connection determination unit that rejects the connection of the device to be authenticated connected to the authentication device when the authentication is detected, the encryption unit or the decryption unit is provided on the device to be authenticated, and the other configuration unit is authenticated Do not install on the device side It is characterized in.

  According to the above configuration, since the encryption unit and the decryption unit are allocated to the authentication target device and the authentication device, the random number output from the random number generation unit is set in advance by either the authentication device or the authentication target device. On the other hand, the encrypted signal can be returned to a random number by a preset decryption algorithm. The device to be authenticated cannot be manufactured unless the encryption algorithm and the decryption algorithm can be decrypted, and the device to be authenticated can be manufactured only by an authorized manufacturer provided with the encryption algorithm or the decryption algorithm. Even if a certified manufacturer manufactures a counterfeit product, it cannot be connected to the authentication device, and it is possible to prevent accidents and malfunctions caused by the connection of the counterfeit product.

  In the above configuration, the random number generating means generates a random number composed of a matrix of a plurality of rows and columns with 1 and 0 as elements, and the encrypting means performs encryption by performing a replacement process for changing the order of the elements of the random number rows and columns. By outputting the signal, it is possible to perform encryption that is difficult to decipher.

  The fourth invention of the present application is an authentication system for authenticating whether or not an authenticated device connected to an authenticating device as a main device has a normal function, and a random number generating means for generating a random number An encryption means for outputting an encrypted signal obtained by encrypting the random number, a first operation means for performing a function operation using the random number or the encrypted signal, and vice versa using an operation result obtained by the first operation means. Second computing means for computing a function; decoding means for decoding a result of computation by the second computing means and outputting a decoded signal; storing the random number output from the random number generating means; Comparing means for detecting whether or not they are the same as the decrypted signal output from the processing, and when the [random number ≠ decrypted signal] is detected by the comparing means, the authenticating device connected to the authenticating device Connection refuses connection And a judging means, the encryption means and the first calculating means or the second calculation means and the decoding means provided in the authentication apparatus, characterized by comprising providing the other configuration means to the authentication device.

  According to the above configuration, since the random number is encrypted and the function operation is added, the decryption becomes more difficult, and the effect of preventing forgery of the device to be authenticated is improved even if the encryption algorithm is simplified and the processing configuration is simplified. Can do.

  The random number generation means in the above configuration generates a random number composed of a matrix of a plurality of rows and a plurality of columns having 1 and 0 as elements, and the encryption means performs a replacement process for changing the order of the elements of the random numbers in the rows and columns. The encryption can be simplified by outputting the encrypted signal that has been subjected to the common subtraction processing for the elements of the column. In order to compensate for the simplification of encryption, the first calculation means uses 1 and 0 as elements for the random number matrix after random number or row replacement processing or after column replacement processing, and these are randomly arranged. It is difficult to decipher by performing exclusive OR with the predetermined matrix R, and the second operation means performs exclusive OR with the same matrix R again on the random number matrix subjected to the exclusive OR. The degree can be improved in each stage.

  According to the authentication system of the present invention, it is possible to recognize whether the device to be authenticated connected to the authentication device is a genuine one or a counterfeit product, and if it is a counterfeit product, the connection is rejected. It is possible to prevent inconveniences and accidents resulting from the connection of the device to be authenticated not equipped with the above.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Embodiments that are examples of the invention will now be described with reference to the accompanying drawings. This embodiment shows an example in which an authentication apparatus to which an authentication system according to the present invention is applied is a notebook PC, and a battery pack that is attached to the notebook PC and serves as a battery power source of the notebook PC is an authenticated apparatus. It is.

  In FIG. 1, a notebook PC (authentication device) 1 includes a CPU, an input means such as a keyboard, and a display means such as an LCD, although not particularly shown, and operates as a personal computer by an OS. The operating power uses DC power obtained by converting commercial power into DC power by the AC adapter 11 or DC power from the battery pack (authenticated device) 2, and the battery pack 2 uses DC power obtained from the AC adapter 11. The secondary battery 3 provided is configured to be charged by the charging circuit 12. The switching for obtaining the operating power from the AC adapter 11 or the battery pack 2 and the supply of the charging power to the battery pack 2 are controlled by the power management circuit 13, and the power management is performed while the power is supplied from the AC adapter 11. The circuit 13 performs control to obtain operating power of the notebook PC 1 from the AC adapter 11 and supply charging power to the battery pack 2 in response to a request from the battery pack 2.

  The battery pack 2 is detachably attached to the notebook PC 1, and although not particularly shown, a battery protection circuit for protecting the secondary battery 3 from overcharge, overdischarge, and overcurrent, and a remaining capacity for calculating the remaining capacity of the secondary battery 3. By including an arithmetic circuit and the like and being attached to the notebook PC 1, a power line is connected to the notebook PC 1 and a signal transmission line by a communication bus is connected.

  The secondary battery 3 constituting the battery pack 2 can be repeatedly used by charging, but its lifetime is limited. When the secondary battery 3 reaches the end of its life, the battery pack 2 is replaced. In some cases, the secondary battery 3 may be replaced with a battery pack 2 having a large battery capacity and a long continuous usable time even before reaching the end of its life. At this time, there is no problem when the secondary battery 3 has a predetermined performance and standard, and is replaced with a genuine product configured as a battery pack 2 having the predetermined performance and standard. When the battery pack 2 is replaced with a non-product battery, there is a risk of malfunction or accident. Therefore, it is necessary to provide an authentication system for determining whether or not the battery pack 2 is a genuine product. Hereinafter, an embodiment of an authentication system for recognizing whether the battery pack is a regular battery pack will be described.

  In FIG. 1, when the battery pack 2 is attached to the notebook PC 1 and the battery pack 2 attached thereto, it is recognized whether or not the battery pack 2 is a genuine product. An authentication system 10 is provided. The authentication system 10 includes a function of an authentication device provided on the notebook PC 1 side and a function of an authentication target device provided on the battery pack 2 side.

  On the notebook type PC 1 side, a random number generating means 5 for generating a random number a, a second calculating means 7 for storing a calculation expression g (x) and calculating a given function x, and a second calculating means 7 Comparing means 8 that determines whether or not the battery pack 2 is a genuine product by comparing the calculation result with the random number a, and a signal indicating connection or rejection of connection of the battery pack 2 based on the determination result by the comparing means 8 Connection determination means 9 for outputting to the circuit 13 is provided, and on the battery pack 2 side, first calculation means 6 for storing the arithmetic expression f (x) and calculating a given function of x is provided. . Signal transmission in the authentication system 10 spanning between the notebook PC 1 and the battery pack 2 is performed using the communication bus described above. A processing procedure for authentic recognition by the authentication system 10 will be described with reference to a flowchart shown in FIG. In FIG. 2, S1, S2,... Are step numbers indicating processing procedures, and coincide with numbers added in the text.

When the battery pack 2 is attached to the notebook PC 1, the authentication system 10 starts operating. First, the random number generation means 5 generates a random number a (S1). The generated random number a is transmitted to the battery pack 2 through the communication bus and simultaneously stored in the comparison means 8. The battery pack 2 calculates the function b = f (a) using the random number a by the first calculation means 6 (S2), and returns the calculation result b to the notebook PC 1 through the communication bus. In the notebook PC 1, the second calculation means 7 calculates the function c = g (b) = g {f (a)} using the calculation result b (S3). The comparison unit 8 compares the calculation result c of the second calculation unit 7 with the stored random number a to determine whether a = c (S4). The relation between the arithmetic expression f (x) stored in the first arithmetic means 6 and the arithmetic expression g (x) stored in the second arithmetic means 7 is f ⁻¹ (x) = g (x), that is, second Since the calculation means 7 calculates the inverse function of the calculation result of the first calculation means 6, a = c when the battery pack 2 is valid.

For example, the random number a = (a ₁ , a ₂ ..., A _N ) ^T generated by the random number generation means 5, the matrix used for the linear transformation performed by the first calculation means 6 on the battery pack 2 side is A (Equation 1) If the matrix used for the linear transformation performed by the second computing means 8 on the mold PC1 side is A ⁻¹ (Equation 2),

  The calculation result b converted by the first calculation means 6 is as shown in Equation 3,

  The calculation result c converted by the second calculation means 7 using the calculation result b is as shown in Equation 4.

When the battery pack 2 is a regular product, c = A ⁻¹ b = A ⁻¹ Aa = a.

  Therefore, when the comparison unit 8 determines that a = c, since the connected battery pack 2 is a genuine product, a connection signal is output from the connection determination unit 9 to the power management circuit 13 (S5), and the power management circuit 13 connects the power line between the battery pack 2 and the notebook PC 1 and starts charging the battery pack 2 (S6). That is, since the secondary battery 3 is likely to be deteriorated when stored in the fully charged state, the secondary battery 3 is in a shallow charged state in the new battery pack 2, and when it is determined that the battery pack 2 is a regular battery pack 2, The management circuit 13 performs control so that charging power is supplied from the charging circuit 12 to the battery pack 2 by connection of the power line.

  On the other hand, when the comparison unit 8 determines that a ≠ c, the connection determination unit 9 outputs a connection refusal signal to the power management circuit 13 (S7), so that the power line between the battery pack 2 and the notebook PC 1 is A warning is displayed on the display 14 indicating that it is not connected and cannot be used because it is not a regular product according to a preset procedure (S8).

  Due to the function of the authentication system 10, even if the battery pack 2 is forged without providing the regular secondary battery 3 or the regular function, connection to the notebook PC 1 is not possible, and the battery pack 2 that is not a regular product is mounted. Occurrence of malfunctions and accidents due to

  In order to forge the battery pack 2 having the above-described configuration, it is necessary to decipher the arithmetic expression stored in the first arithmetic means 6 included in the battery pack 2, but the circuit including the memory storing the arithmetic procedure is described above. Since the integrated circuit is integrated with the remaining amount calculation circuit, it is extremely difficult to copy the entire circuit or a part thereof. When the same calculation is performed on the battery pack side and the device side as in the prior art, if the decryption from the battery pack side is impossible, the forgery of the battery pack 2 is performed by copying the calculation formula on the device side. Is possible. However, in this configuration, even if the arithmetic expression stored in the second arithmetic means 7 on the device side, that is, the notebook PC 1 side is copied, if the functional form is not decoded, the functional form to be processed on the battery pack 2 side is derived. It is not possible. It is extremely difficult to decode a program stored in machine language and find its function form, and the forgery is much more difficult than the conventional technique in which an arithmetic expression can be read by copying.

  In the above configuration, the first calculation means 6 is provided on the battery pack 2 side, but the same effect can be obtained by providing the first calculation means 6 on the notebook PC 1 side and the second calculation means 7 on the battery pack 2 side. Is obtained.

  As shown in FIG. 3, the authentication system 20 includes first calculation means 6 on the notebook PC 1 side, and second calculation means that performs function calculation using the calculation result b by the first calculation means 6 on the battery pack 2 side. 7 is provided.

  When the battery pack 2 is connected, the random number a generated by the random number generation means 5 is input to the first calculation means 6 and b = f (a) is calculated and simultaneously input to the comparison means 8 for storage. . Since the calculation result b by the first calculation means 6 is transmitted to the battery pack 2 through the communication bus, the second calculation means 7 calculates c = g (b) = g {f (a)} using the calculation result b. Then, since the calculation result c is returned to the notebook PC 1 side, the comparison means 8 compares the stored random number a with the calculation result c to determine whether a = c. In order to make the operation an integer operation, the operation may be an operation modulo an appropriately determined prime number m.

  Next, the structure for raising the level which prevents forgery is demonstrated as Examples 2-4 below.

  The authentication system 30 according to the second embodiment encrypts a calculation result calculated on the battery pack 2 side, returns it to the notebook PC 1 side, and decrypts it on the notebook PC 1 side.

  As shown in FIG. 4, in addition to the configuration shown in FIG. 1, the authentication system 30 is provided with encryption means 15 for encrypting the calculation result b by the first calculation means 6 on the battery pack 2 side, and a notebook type On the PC 1 side, decryption means 16 for decrypting the encrypted signal h (b) returned from the battery pack 2 is provided.

When the battery pack 2 is attached to the notebook PC 1, the random number generating means 5 generates a random number a. The random number a is transmitted to the battery pack 2 and stored in the comparison means 8 at the same time. In the battery pack 2, the first calculation means 6 performs function calculation b = f (a) using the random number a, the calculation result b is encrypted by the encryption means 15, and the encrypted signal h (b) is the notebook type PC1. Will be returned. In the notebook PC 1, the encrypted signal h (b) returned from the battery pack 2 is decrypted by the decrypting means 16 to obtain b = h ⁻¹ {h (b)}. For the decoded signal, the second computing means 7 computes c = g (b) = g {f (a)}, and the computation result c is input to the comparing means 8. The comparison means 8 compares the stored random number a and the calculation result c to determine whether a = c.

  Even when the second calculation means 7 is provided on the battery pack 2 side, as shown in FIG. 5, the encryption means 15 is provided on the battery pack 2 side and the calculation result c by the second calculation means 7 is obtained. Encrypt. Since the encrypted calculation result is returned to the notebook PC 1, the notebook PC 1 obtains the calculation result c when it is decrypted by the decryption means 16, so that the comparison means 8 stores the calculation result c and the stored random number a. To determine whether a = c.

  As shown in FIG. 6, the authentication system 50 according to the third embodiment includes a random number generation unit 18, an encryption unit 19, and a comparison unit 8 on the notebook PC 1 side, and a decryption unit 20 on the battery pack 2 side. It is configured.

When the battery pack 2 is attached to the notebook PC 1, the random number generation means 18 generates an n-row N-column matrix random number A having 1 and 0 as shown in Equation 5. In Equation 5, a _j is an n-dimensional vertical vector whose elements are 1, 0, and b _i is an N-dimensional horizontal vector whose elements are 1, 0.

  The matrix random number A is output to the encryption means 19 and stored in the comparison means 8 at the same time. First, the encryption means 19 performs a replacement process for the matrix random number A by replacing the order of the row vector elements for each row by a method unique to each row, thereby generating a row replacement matrix shown in Equation 6.

Here, F _i is an N × N matrix of 1 and 0, and replaces the elements of the vector b _{i in} the i-th row of the matrix A. That, _{b i} element number of the column number of the, b 'the _i element number of the row number, j = 1,2, ..., N , m = 1,2, ..., N and for each, the _{F i} ( If the m, j) element is 1 and the other elements in the same row and the same column (m rows and j columns) are 0, b ′ _i = b _i F _i is given.

  Next, for each column of the row permutation matrix, a permutation process is performed in which the order of the elements of the column vector is changed by a method specific to each column to generate a matrix permutation matrix shown in Equation 7, which is used as an encrypted output in the battery pack 2 To transmit.

Here, E _i is an n × n matrix of 1 and 0, and replaces the elements of the column vector a ′ _j of the j-th column of the matrix A ′. That is, the element number of a ′ _j is the row number, the element number of a ′ _i is the column number, and i = 1, 2,..., N, k = 1, 2 _,. (k, i) 1 element, if the other elements of the bank same rank (k row i column) and 0 is given by _{a "j = E j a '} j.

  The decoding means 20 provided in the battery pack 2 performs a decoding process for returning the order of the elements for each column vector of the transmitted matrix permutation matrix (Equation 7), and the row shown in Equation 6 Obtain a substitution matrix. Further, for each row vector, the obtained row permutation matrix is subjected to decryption processing for returning the order of the elements, and decryption for returning to the matrix random number A shown in Formula 5 is performed.

Here, a "from the obtained original a _'j is an inverse matrix E ^-1 _j of _{E j} a" over the left ^{_{j, E -1 j a "j}} = E -1 j E j may if _{a 'j = a' j,} a " from the first k elements of the _j is bring the position of the i element of a _'j, E ^-1 _j is a transposition matrix of E _j Thus, E ^-1 _j = E ^T _j .

Further, b 'to get the original _{b i} from _i, the inverse matrix F ^-1 _i of _{F i} b' over the right ^{_{i, b 'i F -1 i}} = b i F i F -1 i = B _i , but since the j-th element of b ′ _i is brought to the position of the m- _th element of b _i , F ⁻¹ _i is a transpose matrix of F _i , and F ⁻¹ _i = F ^T _i .

  Therefore, when the decryption algorithm by the decryption means 20 provided in the battery pack 2 functions correctly, the encrypted signal obtained by replacing the row vector and column vector of the matrix random number A is decrypted into the matrix random number A. When this decoded signal is transmitted to the notebook type PC, the comparison means 8 compares the stored matrix random number and the decoded signal, and if [matrix random number = decoded signal], then the battery pack 2 is regarded as a genuine product. to decide.

  Whether or not the connected battery pack 2 is a genuine product even if the encryption means 19 is provided on the battery pack 2 side and the decryption means 20 is provided on the notebook PC 1 side as in the authentication system 60 shown in FIG. Can be authenticated.

  In the third embodiment, the replacement processing is performed for each element of each row vector of the matrix random number, and further the replacement processing is performed for each element of each column vector, but common to the elements of several row vectors and several column vectors. By performing this replacement process, the encryption and decryption algorithms can be simplified.

For example, when the same conversion is performed on the row vectors b _i and b _{k of} the i-th row and the k-th row with respect to A, F _i = F _k may be set. When the same conversion is performed on the column vectors a ₁ and a _m , E ₁ = E _m may be set. Others are the same. Even at the expense of some difficulty of decryption, in that simplification can be a _{F 1 = F 2 = ... =} F n, E 1 = E 2 = ... = E N.

In FIG. 8, when the battery pack 2 is connected to the notebook PC 1, the random number generation means 18 outputs the matrix random number A (Equation 5) shown in Equation 5. The matrix random number A is output to the encryption means 21 and stored in the comparison means 8 at the same time. The encryption means 19 first performs a replacement process for the matrix random number A to replace the order of the elements of the row vector by common replacement for each row, and generates a row replacement matrix shown in Formula 8. In Formula 8, F ₁ = F ₂ = ... = F _n = F And

Next, a replacement process is performed in which the order of the elements of the column vector is changed by common replacement for each column of the row replacement matrix, and a matrix replacement matrix shown in Formula 9 is generated. In Equation 9, E ₁ = E ₂ =... = E _N = E.

  As described above, if the replacement processing matrix is made common for each row and each column, there is an advantage that the number of replacement processing matrices to be stored can be reduced. However, since the key signal becomes one for each row and each column, it is decrypted. There is a greater risk. Therefore, in the above encryption process, it is possible to significantly improve the security by adding a function operation to the matrix random number, after the row replacement process, or after the column replacement process.

  If a similar function operation is added without performing the above-described extreme simplification, the number of replacement processing matrices to be stored increases according to the degree of simplification, but it goes without saying that the safety is further improved.

  As the function calculation, as shown in Equation 10, a matrix R of n rows and N columns having 1 and 0 as randomly generated elements is used as a further key signal, the matrix random number, or the matrix after row replacement processing. Or the matrix after column replacement processing is added (exclusive OR). Now, when x and y are variables having values of 1 and 0, the original value can be obtained by adding the same value again to the relationship shown in Equation 11, that is, the value once added.

  Here, the first computing means 22 transmits an exclusive OR of the matrix R of n rows and N columns to the battery pack 2 as a transmission signal for the matrix after the column replacement process.

  The second calculation means 23 provided in the battery pack 2 performs a process of decoding by the decoding means 24 after exclusive-ORing R to the transmitted transmission signal and returning it to the original value.

  The decoding unit 24 performs a decoding process for restoring the original order of the elements common to each column vector of the column permutation matrix (Equation 9) returned to the original value by the second calculation unit 23, and further obtained. Decoding processing for returning the order of elements common to each row vector to the original row permutation matrix is performed, and decoding for returning to the matrix random number A shown in Equation 5 is performed.

  Therefore, when the decryption algorithm by the second arithmetic unit 23 and the decryption unit 24 provided in the battery pack 2 functions correctly, the encrypted signal obtained by replacing the row vector and the column vector of the matrix random number A becomes the matrix random number A. When the decoded signal is transmitted to the notebook type PC, the comparison means 8 compares the stored matrix random number with the decoded signal, and if [matrix random number = decoded signal], then the battery pack 2 Is determined to be genuine.

  In the above configuration, the encryption unit 21 and the first calculation unit 22 are provided on the notebook PC 1 side, and the second calculation unit 23 and the decryption unit 24 are provided on the battery pack 2 side. The authentication function can be obtained.

  The embodiment described above has shown the configuration in which the notebook PC 1 is used as an authentication device and the battery pack 2 connected to the laptop PC 1 is used as an authentication target device. However, the present invention is not limited to this. However, a device that can freely connect peripheral devices can be configured similarly.

  By providing the authentication system according to the present invention, it is possible to prevent the occurrence of problems and accidents due to the fact that a device to be authenticated having required performance and standards is mounted on the authentication device. It is possible to improve reliability when a new device to be authenticated is mounted by eliminating loss of trust or causing damage to the user.

1 is a block diagram illustrating a configuration of an authentication system according to a first embodiment. The flowchart which shows the recognition operation by a system same as the above. The block diagram which shows the modification of a system same as the above. FIG. 9 is a block diagram illustrating a configuration of an authentication system according to a second embodiment. The block diagram which shows the modification of a system same as the above. FIG. 9 is a block diagram illustrating a configuration of an authentication system according to a third embodiment. The block diagram which shows the modification of a system same as the above. FIG. 9 is a block diagram illustrating a configuration of an authentication system according to a fourth embodiment. The block diagram which shows the structure of the recognition apparatus which concerns on a prior art.

Explanation of symbols

1 Notebook PC (equipment)
2 Battery pack 3 Secondary battery 5 Random number generation means 6, 22 First calculation means 7, 23 Second calculation means 8 Comparison means 9 Connection determination means 10, 20, 30, 40, 50, 60, 70 Authentication system 15, 19 , 21 Encryption means 16, 20, 24 Decryption means

Claims (10)

An authentication system for determining whether or not an authenticated device connected to an authentication device as a main device has a proper function,
When the device to be authenticated is connected, the authentication device generates a random number from a random number generation unit and stores the generated random number, and processes the random number by a signal processing unit in either the authentication device or the device to be authenticated The processed signal is processed into a processed signal, and on the other hand, the processed signal is recovered by the signal recovery means and processed into the recovered signal. The authentication device compares the stored random number with the recovered signal, and [random number = restored signal] An authentication system that permits connection of a device to be authenticated when detected, and rejects connection of the device to be authenticated when [random number ≠ restoration signal] is detected. The authentication system according to claim 1, wherein the signal processing means performs a function calculation using a random number to process the processed signal, and the signal restoration means calculates an inverse function of the processing signal to process the restored signal. The signal processing means processes the random number into a processed signal encrypted by a predetermined encryption algorithm, and the signal restoration means processes the encrypted processed signal into a restored signal decrypted by a predetermined decryption algorithm. The described authentication system. An authentication system for determining whether or not an authenticated device connected to an authentication device as a main device has a proper function,
A random number generating means for generating a random number a; a first calculating means for calculating a function b = f (a) using the random number a; and an inverse function c = g using an operation result b by the first calculating means. (B) = g {f (a)} is calculated, and the random number a output from the random number generation means is stored and compared with the calculation result c by the second calculation means, a = c A comparison means for detecting whether or not the connection and a connection determination means for rejecting the connection of the device to be authenticated connected to the authentication device when a ≠ c is detected by the comparison means,
An authentication system comprising the first computing means or the second computing means on the authenticated device side, and other constituent means on the authentication device side. An encryption means for encrypting a calculation result by the first calculation means or the second calculation means is provided on the authenticated apparatus side, and a decryption means for decoding the encrypted calculation result is provided on the authentication apparatus side. 4. The authentication system according to 4. An authentication system for determining whether or not an authenticated device connected to an authentication device as a main device has a proper function,
A random number generating means for generating a random number, an encryption means for encrypting the random number and outputting an encrypted signal, a decrypting means for decrypting the encrypted signal and outputting a decrypted signal, and the random number generating means Comparing means for storing the output random number and comparing the decoded signal output from the decoding means and the random number output from the random number generating means to detect whether or not they are the same, by this comparing means Connection determination means for refusing connection of the device to be authenticated connected to the authentication device when [random number ≠ decryption signal] is detected,
An authentication system, wherein the authentication unit is provided with the encryption unit or the decryption unit, and other configuration units are provided on the authentication device side. The random number generation means generates a random number composed of a matrix of a plurality of rows and columns with 1 and 0 as elements, and the encryption means outputs an encrypted signal that has undergone a replacement process for changing the order of the rows and columns of the random numbers. The authentication system according to claim 6. An authentication system for determining whether or not an authenticated device connected to an authentication device as a main device has a proper function,
A random number generation means for generating a random number; an encryption means for outputting an encrypted signal obtained by encrypting the random number; a first operation means for performing a function operation using the random number or the encrypted signal; and the first operation means. A second computing means for computing the inverse function using the computation result, a decoding means for decoding the computation result by the second computing means and outputting a decoded signal, and a random number output from the random number generating means. Comparing means for storing and detecting whether or not they are the same as compared with the decrypted signal outputted from the decrypting means processing, and connected to the authentication device when [random number ≠ decoded signal] is detected by the comparing means Connection determination means for rejecting the connection of the authenticated device,
An authentication system, wherein the authentication device side is provided with the encryption means and the first operation means or the second operation means and the decryption means, and other constituent means are provided on the authentication device side. The random number generation means generates a random number composed of a matrix of a plurality of rows and columns with 1 and 0 as elements, and the encryption means commonly uses a replacement process for changing the order of the elements of the random number rows and columns for a plurality of rows and columns. The authentication system according to claim 8, wherein the encrypted signal subjected to the reduced substituting process is output. The first calculating means excludes a random number or a row element or a random number matrix after row element substitution processing from 1 and 0 as elements, and exclusion from a predetermined matrix R in which they are randomly arranged. 10. The authentication system according to claim 8, wherein the second arithmetic unit performs exclusive OR with the same matrix R again on the random number matrix on which exclusive OR is performed.

Images