JP2001306401A - Authentication communication device and authentication communication system - Google Patents

Abstract

(57) [Problem] To provide an access device in which information for accessing a confidential data storage area is not leaked. An access device authenticates the validity of a recording medium by a challenge-response type authentication protocol by transmitting disturbed access information generated by disturbing access information indicating the area to a recording medium. In the recording medium, the validity of the access device is authenticated. When both the recording medium and the access device are authenticated as valid, the access information is separated from the transmitted disturbed access information on the recording medium, and the access information is indicated by the separated access information on the access device. Reading digital information from the area or writing digital information to the area indicated by the access information;

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technology for mutually authenticating the validity between a device and a recording medium when a digital work is transferred between the device and a recording medium.

[0002]

2. Description of the Related Art In recent years, with the progress of digital information compression technology,
Due to the explosive spread of global communication infrastructure represented by the Internet, it has been realized to distribute works such as music, images, videos, games and the like as digital works to homes via communication lines.

In order to establish a distribution system for protecting the rights of copyright holders of digital works and the profits of distributors, illegal acquisition or reception of works by eavesdropping, eavesdropping, or spoofing communications. It is an issue to prevent illegal acts such as illegal duplication and illegal tampering from the recording medium on which the recorded data is recorded. There is a need for copyright protection technology such as authentication.

[0004] A variety of copyright protection techniques have been known in the past, and as a typical example, when accessing a confidential data storage area storing confidential data requiring protection of a copyrighted work, There is a challenge-response mutual authentication technology in which random numbers and response values are exchanged between devices to mutually authenticate their validity, and that access is permitted only when they are valid.

[0005]

However, for example, after mutual authentication is performed using a legitimate device, an act of impersonating a legitimate device and accessing a confidential data storage area to illegally obtain confidential data is performed. Can be considered. Therefore, the present invention has been made in view of such a problem, and records an access device, a recording medium, an authentication communication system, an authentication communication method, and an authentication communication program in which information for accessing a confidential data storage area is not leaked. It is an object of the present invention to provide a recording medium and an authentication communication program.

[0006]

To achieve the above object, the present invention provides a recording medium having an area for storing digital information, and an access device for reading digital information from or writing digital information to the area. An authentication communication system, comprising: transmitting the disturbed access information generated by disturbing the access information indicating the area from the access device to the recording medium, so that the access device is a challenge-response type. A first authentication phase for authenticating the validity of the recording medium according to the authentication protocol, a second authentication phase for the recording medium to authenticate the validity of the access device, and both the recording medium and the access device. When the recording medium is authenticated, the recording medium is accessed from the transmitted disturbed access information. Extracting information, the access device reads the digital information from the area indicated by the extracted the access information, or characterized in that it comprises a transfer phase for writing digital information to the area indicated by the access information.

Here, in the first authentication phase,
The access device generates an access information obtaining unit for obtaining access information indicating the area, a random number obtaining unit for obtaining a random number, and synthesizes the obtained access information and the obtained random number to generate randomized access information. And a encrypting unit that performs a cryptographic algorithm on the generated randomized access information to generate disturbed access information, wherein the recording medium generates a response value from the generated disturbed access information. A generating unit, wherein the access device may include an authentication unit that authenticates the validity of the recording medium using the generated response value.

Here, in the transfer phase, the recording medium includes a decoding unit that applies a decoding algorithm to the generated disturbed access information to generate randomized access information, and an access information based on the transmitted randomized access information. And a separating unit for separating the above. Here, in the first authentication phase, the access device further includes a random number seed storage unit that stores a random number seed, and the random number acquisition unit reads the random number seed from the random number seed storage unit, and May be obtained.

Here, in the first authentication phase,
The access device may further be configured to overwrite the disturbed access information as a random number seed in the random number seed storage unit. Here, in the first authentication phase, the access device further includes a random number seed storage unit that stores a random number seed, and the random number acquisition unit reads the random number seed from the random number seed storage unit, and reads the read random number. The random number may be obtained by generating the random number based on the seed.

Here, in the first authentication phase,
The access device may further be configured to overwrite the generated random number as a random number seed in the random number seed storage unit. Here, in the transfer phase, the recording medium that records digital information in the area reads digital information from the area indicated by the access information, and applies an encryption algorithm to the read digital information to encrypt the encrypted digital information. The access device for reading digital information from the area includes a decryption unit that performs a decryption algorithm on the generated encrypted digital information to generate digital information, and the decryption algorithm includes the encryption algorithm. The ciphertext generated by the algorithm may be configured to be decrypted.

Here, in the transfer phase, the access device that writes digital information to the area includes a digital information obtaining unit that obtains digital information, and an encryption algorithm that performs an encryption algorithm on the obtained digital information to generate encrypted digital information. The recording medium includes a decryption unit that performs a decryption algorithm on the generated encrypted digital information to generate digital information, and writes digital information to the area indicated by the access information. The decryption algorithm may be configured to decrypt a ciphertext generated by the encryption algorithm.

Here, in the transfer phase, the access device that writes digital information to the area includes a digital information obtaining unit that obtains digital information, a content key obtaining unit that obtains a content key, A first encryption unit that generates an encrypted content key by applying a first encryption algorithm, and a second encryption unit that generates a double encrypted content key by applying a second encryption algorithm to the generated encrypted content key Using the content key to perform a second encryption algorithm on the obtained digital information to generate encrypted digital information.
An encryption unit, wherein the recording medium performs a first decryption algorithm on the generated double-encrypted content key to generate an encrypted content key, and transmits the encrypted content key to the area indicated by the access information. And the recording medium may further include an area for storing the generated encrypted digital information.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS An authentication communication system 100 according to one embodiment of the present invention will be described. 1. 1A and 1B are external views of authentication communication systems 30 and 31 as a specific configuration example of the authentication communication system 100. FIG.

As shown in FIG. 1A, an authentication communication system 30 comprises a personal computer and a memory card 20.
Consists of The personal computer has a display unit, keyboard, speaker, microprocessor,
It includes a RAM, a ROM, a hard disk unit, and the like, and is connected to a network represented by the Internet via a communication line. The memory card 20
It is inserted from the memory card slot and mounted on a personal computer.

As shown in FIG. 1B, the authentication communication system 31 includes a headphone stereo, a memory card 20, and headphones. The memory card 20 is inserted from the memory card insertion slot of the headphone stereo,
Attached to the headphone stereo. In a headphone stereo, a plurality of operation buttons are arranged on an upper surface, and headphones are connected to another side surface.

A user inserts the memory card 20 into a personal computer, takes in digital works such as music from an external Web server via the Internet, and stores the digital works into the memory card 2.
Write to 0. Next, the user attaches the memory card 20 on which the digital work is recorded to the headphone stereo, and enjoys playing the digital work recorded on the memory card 20 by the headphone stereo.

Here, between the personal computer and the memory card 20, and between the headphone stereo and the memory card 20, the validity of each device is verified by a challenge-response type authentication protocol. Only when the device is authenticated, the digital work is transferred between the devices. 2. Configuration of Authentication Communication System 100 The authentication communication system 100 includes a reader / writer device 10 and a memory card 20, as shown in FIG.
Here, the reader / writer device 10 corresponds to the personal computer and the headphone stereo shown in FIGS. 1 (a) and 1 (b).

2.1 Configuration of Reader / Writer 10 The reader / writer 10 includes an access information storage unit 101,
Random number seed storage unit 102, synthesis unit 103, common key storage unit 10
4, an encryption unit 105, a random number seed update unit 106, a mutual authentication unit 107, a time-varying key generation unit 108, an encryption / decryption unit 109, a data storage unit 110, and an input / output unit 111.

The reader / writer device 10 specifically includes a microprocessor, a RAM, a ROM, and the like.
A computer program is recorded in M or the like, and the microprocessor operates according to the computer program. (1) Input / Output Unit 111 The input / output unit 111 accepts a user's operation and generates access information for accessing music information stored in the data storage unit 209 of the memory card 20. As shown in FIG. 3, the access information has a 32-bit length, and includes address information indicating an address of an area of the data storage unit of the memory card 20 and size information indicating a size of the area. The address information is 24 bits long, and the size information is 8 bits long.

The input / output unit 111 is connected to the data storage unit 1.
The music information CT is read out from the device 10, and the read music information CT is converted into an audio signal and output. Also, the input / output unit 1
11 receives a user operation, acquires music information CT from outside, and stores the acquired music information CT in the data storage unit 1.
Write to 10. (2) Access Information Storage Unit 101 The access information storage unit 101 is specifically composed of a semiconductor memory and has an area for storing access information.

(3) Random seed storage unit 102 The random seed storage unit 102 is specifically composed of a semiconductor memory, and stores in advance a 64-bit random seed as shown in FIG. The random number seed is recorded when the device is manufactured. The random number seed storage unit 102 is a protected storage unit that does not have a unit that can be directly accessed from outside.

(4) Combining Unit 103 The combining unit 103 reads out the access information from the access information storage unit 101 and reads out the random number seed from the random number seed storage unit 102. Next, as shown in FIG. 3, the read access information is combined with the read lower 32 bits of the random number seed to generate 64-bit randomized access information. The generated randomized access information is output to encryption section 105.

(5) Common Key Storage Unit 104 The common key storage unit 104 is specifically composed of a semiconductor memory and has an area for storing a common key UK having a length of 56 bits. The reader / writer device 10 includes the memory card 2
0 to the common key UK stored in the common key storage unit 201
Is secretly obtained, and the common key storage unit 104 stores the obtained common key UK.

The common key storage unit 104 has no means for directly accessing from outside, and is a protected storage means. (6) Encryption Unit 105 The encryption unit 105 sends the common key UK from the common key storage unit 104.
And receives randomized access information from the synthesizing unit 103. Next, using the common key UK, the encryption unit 105 performs encryption algorithm E1 on the received randomized access information to generate encrypted access information R1. Here, the encryption unit 105 determines, as the encryption algorithm E1,
DES (Data Encryption Stand)
ard).

Next, encryption section 105 outputs the generated encrypted access information R1 to mutual authentication section 107, random number seed updating section 106, and time-varying key generation section 108. Also,
The generated encrypted access information R1 is stored in the memory card 20.
To the decryption unit 205, the mutual authentication unit 207, and the time-varying key generation unit 208. The encrypted access information R1 generated in this manner disturbs the access information.
(mble) processing.

(7) Random seed updating section 106 The random seed updating section 106 receives the encrypted access information R1 from the encrypting section 105, and uses the received encrypted access information R1 as a new random seed to the random seed storage section 102. Overwrite. (8) Mutual Authentication Unit 107 The mutual authentication unit 107 receives the encrypted access information R1, reads out the common key UK from the common key storage unit 104, and uses the received R1 and the common key UK as a response according to Expression 1. The value V2 'is calculated. (Equation 1) V2 ′ = F1 (R1, UK) = SHA (R1 + UK) Here, as an example, the function F1 (a, b) combines a and b, and SHA (Secure)
Hash Algorithm).
Note that + is an operator indicating a combination.

The mutual authentication unit 107 receives the response value V2 from the mutual authentication unit 207. Next, the mutual authentication unit 107
It is determined whether or not V2 and V2 'match. If they do not match, it is determined that the memory card 20 is an unauthorized device, and other components are prohibited from performing subsequent operations.
If they match, the mutual authentication unit 107 determines that the memory card 20 is a legitimate device, and permits other components to execute the subsequent operations.

Further, the mutual authentication unit 107 includes the random number generation unit 2
04, and receives the random number R2,
Using the common key UK, a response value V1 is calculated by Expression 2, and the calculated response value V1 is output to the mutual authentication unit 207. (Equation 2) V1 = F2 (R2, UK) = SHA (R2 + UK) (9) Time-Varying Key Generation Unit 108 The time-varying key generation unit 108 recognizes that the memory card 20 is a legitimate device and executes the operation. Is received, the encrypted access information R1 and the random number R2 are received, and a time-varying key VK is generated from R1 and R2 using Expression (3). VK = F3 (R1, R2) = SHA (R1 + R2) Next, the time-varying key generation unit 108 outputs the generated time-varying key VK to the encryption / decryption unit 109.

(10) Encryption / decryption unit 109 The encryption / decryption unit 109 sends the time-variant key V
Receive K. The encryption / decryption unit 109 includes an encryption / decryption unit 210
Receives the encrypted music information EncCT, generates a music information CT by applying the decryption algorithm D3 to the encrypted music information EncCT using the time-varying key VK, and writes the generated music information CT to the data storage unit 110.

Here, the encryption / decryption unit 109 uses DES as the decryption algorithm E3. Further, the encryption / decryption unit 109 reads out the music information CT from the data storage unit 110, performs an encryption algorithm E2 on the music information CT using the time-varying key VK, generates encrypted music information EncCT, and generates the generated encryption information. The encrypted music information EncCT is output to the encryption / decryption unit 210.

Here, the encryption / decryption unit 109 uses DES as the encryption algorithm E2. (11) Data Storage Unit 110 The data storage unit 110 is specifically composed of a semiconductor memory and has an area for storing music information CT.

2.2 Memory Card 20 The memory card 20 includes a common key storage unit 201, a random number seed storage unit 202, a random number seed update unit 203, a random number generation unit 204, a decryption unit 205, a separation unit 206, and a mutual authentication unit 207. , Time-varying key generation unit 208, data storage unit 209, and encryption / decryption unit
10.

(1) Common Key Storage Unit 201 The common key storage unit 201 is specifically composed of a semiconductor memory and stores a 56-bit long common key UK.
The common key UK is recorded when the memory card 20 is manufactured. The common key storage unit 201 has no means for directly accessing from outside, and is a protected storage means.

(2) Random seed storage unit 202 The random seed storage unit 202 is specifically composed of a semiconductor memory, and stores in advance a 64-bit random number seed. The random number seed is recorded when the memory card 20 is manufactured. The random number seed storage unit 202 does not have a unit that can be directly accessed from outside, and is a protected storage unit.

(3) Random Number Generating Unit 204 The random number generating unit 204 reads out a random number seed from the random number seed storage unit 202, generates a 64-bit random number R2 using the read random number seed, and converts the generated random number R2 into a random number. Seed update unit 20
3, the mutual authentication unit 207, and the time-varying key generation unit 208, and the generated random number R2 is output to the mutual authentication unit 107 and the time-varying key generation unit 108 of the reader / writer device 10.

(4) Random number seed updating unit 203 The random number seed updating unit 203
And overwrites the received random number R2 as a new random number seed in the random number seed storage unit 202. (5) Decryption Unit 205 The decryption unit 205 sends the common key UK
Is read from the encryption unit 105 and the encrypted access information R
Receive 1 Next, using the read common key UK,
By applying the decryption algorithm D1 to the received encrypted access information R1, randomized access information is generated, and the generated randomized access information is output to the separation unit 206.

Here, the decoding unit 205 uses DES as the decoding algorithm D1. Decryption algorithm D
1 decrypts the cipher text generated by the encryption algorithm E1. (6) Separating Unit 206 The separating unit 206 receives the randomized access information from the decoding unit 205, separates the upper 32 bits of the data as the access information from the received randomized access information, and stores the access information in the data storage unit. 209.

(7) Mutual Authentication Unit 207 The mutual authentication unit 207 stores the common key U from the common key storage unit 201.
K is read out, the encrypted access information R1 is received, a response value V2 is calculated by the equation 4 using the received R1 and the common key UK, and the calculated V2 is read by the reader / writer device 1.
0 to the mutual authentication unit 107. (Equation 4) V2 = F1 (R1, UK) = SHA (R1 + UK) Here, F1 may be the same function as F1 shown in Equation 1.

The mutual authentication unit 207 includes a random number generation unit 2
04, and receives the random number R2,
Using the common key UK, the response value V1 '
Is calculated. (Equation 5) V1 ′ = F2 (R2, UK) = SHA (R2 + UK) Here, F2 may be the same function as F2 shown in Equation 2.

Next, the mutual authentication unit 207 performs the mutual authentication unit 1
07, it is determined whether or not V1 and V1 ′ match. If they do not match, the reader / writer device 10 is determined to be an unauthorized device, and the following components are notified to other components. Prohibits execution of the operation. If they match, the mutual authentication unit 207 determines that the reader / writer device 10 is a legitimate device, and permits other components to execute the subsequent operations.

(8) Time-Varying Key Generation Unit 208 The time-varying key generation unit 208, when the reader / writer device 10 is determined to be a legitimate device and is permitted to execute an operation, transmits the encrypted access information R1 Receiving a random number R2,
A time-varying key VK is generated from R1 and R2 using Expression (6). (Expression 6) VK = F3 (R1, R2) = SHA (R1 + R2) Here, F3 is the same as the function F3 shown in Expression 3. is there.

Next, time-varying key generation section 208 outputs the generated time-varying key VK to encryption / decryption section 210. (9) Data Storage Unit 209 The data storage unit 209 is specifically composed of a semiconductor memory and has an area for storing music information CT.

(10) Encryption / Decryption Unit 210 The encryption / decryption unit 210 sends the time-varying key V
Receive K. The decryption unit 210 includes the decryption unit 109
Receives the encrypted music information EncCT, generates decryption music D by applying the decryption algorithm D2 to the encrypted music information EncCT using the time-varying key VK, and stores the generated music information CT in the data storage unit 209. Write to the area indicated by the information.

Here, the encryption / decryption unit 210 uses DES as the decryption algorithm D2. The decryption algorithm D2 decrypts the cipher text generated by the encryption algorithm E2. Further, the encryption / decryption unit 210 reads out the music information CT from the area indicated by the access information in the data storage unit 209, applies the encryption algorithm E3 to the music information CT using the time-varying key VK, and encrypts the music information CT. EncCT is generated, and the generated encrypted music information EncC is generated.
T is output to the encryption / decryption unit 109.

Here, the encryption / decryption unit 210 uses DES as the encryption algorithm E3. The decryption algorithm D3 decrypts the cipher text generated by the encryption algorithm E3. 3. Operation of authentication communication system 100 (1) Read operation Reader / writer device 1 constituting authentication communication system 100
0 and the operation of the memory card 20 will be described with reference to the flowcharts shown in FIGS.

Here, the reader / writer device 10
The description will be made on the assumption that the device reads information stored in a memory card, such as a headphone stereo shown in FIG. The synthesizing unit 103 includes the random number seed storage unit 1
02 is read from the access information storage unit 101
, And combines the read random number seed with the read access information to generate randomized access information (step S101).
The common key is read from the common key storage unit 104, and the randomized access information is encrypted using the read common key to generate encrypted access information R1 (step S102).
The mutual authentication unit 107 calculates V2 ′ = F1 (R1) (step S103), and the random number seed updating unit 106 overwrites the generated randomized access information in the random number seed storage unit 102 as a new random number seed (step S103). Step S104).

The encryption section 105 outputs the generated encrypted access information R1 to the memory card 20, and the mutual authentication section 207 of the memory card receives the encrypted access information R1 (step S105). The mutual authentication unit 207 uses V2
= F1 (R1) (Step S106), outputs V2 to the mutual authentication unit 107 of the reader / writer device 10, and the mutual authentication unit 107 receives V2 (Step S10).
7).

The mutual authentication unit 107 determines whether or not V2 and V2 'match. If they do not match (step S108), the memory card 20 is determined to be an unauthorized device, and the subsequent operations are performed. To stop. If they match (step S108), the mutual authentication unit 107
The random number generation unit 204 of the memory card 20 reads the random number seed from the random number seed storage unit 202, generates a random number R2 using the read random number seed (Step S109), The authentication unit 207 determines that V1 ′ =
F2 (R2) is calculated (step S110), and the random number seed updating unit 203 overwrites the generated random number R2 as a new random number in the random number seed storage unit 202 (step S11).
1). Next, the random number generation unit 204 outputs the generated random number R2 to the mutual authentication unit 107 of the reader / writer device 10, and the mutual authentication unit 107 receives the random number R2 (step S1).
12), the mutual authentication unit 107 generates V1 = F2 (R2) (step S113), outputs the generated V1 to the mutual authentication unit 207 of the memory card 20, and generates the mutual authentication unit 207.
Receives V1 (step S114).

Next, a mutual authentication unit 207
Determines whether V1 and V1 'match, and if they do not match (step S115), it is determined that the reader / writer device 10 is an unauthorized device, and the subsequent operations are stopped. If they match (step S115), the mutual authentication unit 207 determines that the reader / writer device 10 is a legitimate device, and the time-varying key generation unit 108 of the reader / writer device 10
Generates a time-varying key VK using R1 and R2 (step S121). Decryption unit 205 of memory card 20
Reads out the common key UK from the common key storage unit 201, decrypts R1 using the read common key UK, generates randomized access information (step S122), and
Separates the access information from the randomized access information (step S123), and the time-variant key generation unit 208
And generates a time-varying key VK (step S124).
The encryption / decryption unit 210 reads the music information CT from the area of the data storage unit 209 indicated by the access information (step S125), and the encryption / decryption unit 210 reads the music information CT read using the generated time-varying key VK. To generate encrypted music information EncCT (step S1).
26), and outputs the generated encrypted music information EncCT to the encryption / decryption unit 109 of the reader / writer device 10 (step S127).

The encryption / decryption unit 109 decrypts the encrypted music information EncCT using the time-varying key VK, generates music information CT, and writes it to the data storage unit 110 (step S12).
8), the input / output unit 111 reads the music information CT from the data storage unit 110, converts the read music information CT into an audio signal, and outputs the audio signal (step S129). (2) Write Operation Reader / Writer 1 Constituting Authentication Communication System 100
0 and the operation of the memory card 20 will be described with reference to the flowchart shown in FIG.

In this case, the reader / writer device 10
The description will be made assuming that the apparatus writes information to a memory card like a personal computer shown in FIG. Since the read operation and the write operation are similar, only the differences will be described. When steps S125 to S129 in the flowcharts of FIGS. 4 and 5 are replaced with the steps shown in FIG. 6, the write operation of the authentication communication system 100 is performed.

The encryption / decryption unit 109 includes a data storage unit 110
(Step S131), encrypts the read music information CT using the time-varying key VK to generate encrypted music information CT (step S132), and stores the generated encrypted music information CT in the memory card. 20 to the encryption / decryption unit 210, and the encryption / decryption unit 210 receives the encrypted music information CT (step S133).

[0053] The encryption / decryption unit 210 provides encrypted music information En.
The cCT is decrypted using the time-varying key VK to generate music information CT (step S134), and the generated music information CT is written to the area in the data storage unit 209 indicated by the access information (step S135). 4. Conclusion As described above, at the same time as mutual authentication, information for accessing the confidential data storage area where confidential data is recorded is disturbed and transferred. Can be enhanced.

Even if the information for accessing the confidential data storage area is falsified and transferred to another information due to unauthorized impersonation, mutual authentication is not established, so that the confidential data storage area is not established. Can be made inaccessible. In addition, since the access information for accessing the confidential data storage area is not related to the update of the random number, the periodicity of the random number can be improved.

5. Authentication Communication System 100a An authentication communication system 100a as a modification of the authentication communication system 100 will be described. 5.1 Configuration of Authentication Communication System 100a The authentication communication system 100a includes a reader / writer device 10a and a memory card 20, as shown in FIG.

Since the memory card 20 is the same as the memory card 20 shown in FIG. 2, the description is omitted here. The reader / writer device 10a includes the access information storage unit 1
01, random number seed storage unit 102, synthesis unit 103, common key storage unit 104, encryption unit 105, random number seed update unit 106, mutual authentication unit 107, time-varying key generation unit 108, encryption / decryption unit 10.
9, a data storage unit 110, an input / output unit 111, and a random number generation unit 112.

The following description focuses on the differences from the reader / writer device 10. The other points are the same as those of the reader / writer device 10, and the description is omitted. (1) Random Number Generation Unit 112 The random number generation unit 112 reads a random number seed from the random number seed storage unit 102, generates a 64-bit random number using the read random number seed, and transmits the generated random number to the synthesis unit 103 and the random number seed. Output to the update unit 106.

(2) Random number seed updating unit 106 The random number seed updating unit 106 receives a random number from the random number generating unit 112 and overwrites the received random number as a new random number seed on the random number seed storage unit 102. (3) Combining Unit 103 The combining unit 103 receives the random number from the random number generation unit 112, reads out the access information from the access information storage unit 101, combines the received random number with the read access information, and performs randomized access. Generate information.

5.2 Operation of Authentication Communication System 100a The operation of the authentication communication system 100a will be described with reference to the flowchart shown in FIG. Random number generator 112
Reads a random number seed from the random number seed storage unit 102 (step S201), generates a 64-bit random number using the read random number seed (step S202), and updates the random number seed updating unit 1
06 receives a random number from the random number generation unit 112 and overwrites the received random number as a new random number seed on the random seed storage unit 102 (step S203). Next, the combining unit 103
Receives the random number from the random number generation unit 112, reads the access information from the access information storage unit 101, and combines the received random number with the read access information to generate randomized access information (step S20).
4).

Next, the process continues to step S102 in FIG. The following is the same as the operation of the authentication communication system 100, and the description is omitted. 5.3 Summary As described above, since the access information for accessing the confidential data storage area is not related to the update of the random number, the periodicity of the random number can be improved.

6. Authentication Communication System 100b An authentication communication system 100b as a modification of the authentication communication system 100a will be described. 6.1 Configuration of Authentication Communication System 100b As shown in FIG. 9, the authentication communication system 100b includes a reader / writer device 10b and a memory card 20b.

(1) Configuration of Reader / Writer 10b The reader / writer 10b
1. random number seed storage unit 102, synthesis unit 103, common key storage unit 104, encryption unit 105, random number seed update unit 106, mutual authentication unit 107, time-varying key generation unit 108, data storage unit 11.
0, an input / output unit 111, a random number generation unit 112, a content key generation unit 113, an encryption unit 114, a content additional information storage unit 115, an encryption / decryption unit 116, and an encryption unit 117.

The following description focuses on differences from the reader / writer device 10a. The other points are the same as those of the reader / writer device 10a, and thus the description is omitted. (A) Input / Output Unit 111 The input / output unit 111 receives input of content additional information by a user operation, and writes the received content additional information to the content additional information storage unit 115.

Here, an example of the content additional information is the number of times the content has been reproduced and the period of use, and the content additional information is 8 bits long. Also, the input / output unit 111
The content data CD is obtained by a user operation, and the obtained content data CD is written in the data storage unit 110. Here, the content data CD is music content information as an example.

(B) Random Number Generation Unit 112 The random number generation unit 112 outputs the generated random number R3 to the content key generation unit 113. (C) Content Key Generation Unit 113 The content key generation unit 113 reads the content additional information from the content additional information storage unit 115, receives the random number R3 from the random number generation unit 112, and uses the random number R3 and the read content additional information. The content key CK is generated by Expression 7. Here, the content key CK is 6
It is 4 bits long. (Equation 7) CK = F4 (R3, content additional information) = content additional information (8-bit length) + lower 56 bits of R3 Here, + is an operator indicating combination of data and data.

Next, the content key generating unit 113 transmits the generated content key CK to the encrypting unit 114 and the encrypting unit 1.
17 and output. (D) Encryption Unit 114 The encryption unit 114 receives the content key CK from the content key generation unit 113, reads the common key UK from the common key storage unit 104, and uses the read common key UK to read the received content key. By applying the encryption algorithm E4 to the CK, an encrypted content key EncCK is generated, and the generated encrypted content key EncCK is output to the encryption / decryption unit 116.

Here, the encryption unit 114 uses DES as the encryption algorithm E4. (E) Encryption / Decryption Unit 116 The encryption / decryption unit 116 receives the encrypted content key EncCK from the encryption unit 114, performs an encryption algorithm E2 on the received encrypted content key EncCK using the time-varying key VK, and performs Enc. (EncCK), and outputs the generated Enc (EncCK) to the encryption / decryption unit 211.

Here, the encryption / decryption unit 116 uses DES as the encryption algorithm E2. (F) Encryption Unit 117 The encryption unit 117 reads the content data CD from the data storage unit 110, and reads the read content data C
D is subjected to an encryption algorithm E5 using the content key CK to generate encrypted content data EncCD. Next, the encryption unit 117 outputs the generated encrypted content data EncCD to the data storage unit 213.

Here, the encryption unit 117 uses DES as the encryption algorithm E5. (2) Configuration of Memory Card 20b The memory card 20b includes a common key storage unit 201, a random number seed storage unit 202, a random number seed update unit 203, a random number generation unit 204,
It comprises a decryption unit 205, a separation unit 206, a mutual authentication unit 207, a time-varying key generation unit 208, an encryption / decryption unit 211, a key data storage unit 212, and a data storage unit 213.

The following description focuses on differences from the memory card 20. The other points are the same as those of the memory card 20, and the description is omitted. (A) Time-Varying Key Generation Unit 208 The time-varying key generation unit 208 decrypts the time-varying key VK
Output to (B) Encryption / decryption unit 211 The encryption / decryption unit 211 sends the time-variant key V
K, and receives Enc (EncC
K).

Next, the encryption / decryption unit 211 generates an encrypted content key EncCK by applying a decryption algorithm D2 to Enc (EncCK) using the time-varying key VK, and uses the generated encrypted content key EncCK as the access information. Is written to the area of the key data storage unit 212 indicated by. (C) Key Data Storage Unit 212 The key data storage unit 212 stores the encrypted content key EncC
An area for storing K is provided.

(D) Data Storage Unit 213 The data storage unit 213 stores the encrypted content data Enc
Receiving the CD and the received encrypted content data E
Store ncCD. 6.2 Operation of Authentication Communication System 100b The operation of authentication communication system 100b is similar to the operation of authentication communication system 100a. Here, only the differences from the authentication communication system 100a will be described.

The operation of the authentication communication system 100b is shown by a flowchart in which the operation after step S121 is replaced with the flowchart shown in FIG. 10 in the flowchart showing the operation of the authentication communication system 100a. The content key generation unit 113 stores the content additional information storage unit 11
5 to read out the content additional information (step S30).
1) The random number generation unit 112 outputs the generated random number R3 to the content key generation unit 113,
3 receives R3 from the random number generation unit 112 and uses R3 and the read content additional information to generate a content key C
K is generated, and the generated content key CK is
4 and the encryption unit 117 (step S30).
2), the encryption unit 114 receives the content key CK from the content key generation unit 113, reads the common key UK from the common key storage unit 104, and encrypts the received content key CK using the read common key UK. Apply algorithm E4 to generate an encrypted content key EncCK,
Encrypting / decrypting unit 1
16 (step S303). Next, the encryption / decryption unit 116 receives the encrypted content key EncCK, performs an encryption algorithm E2 on the received encrypted content key EncCK using the time-varying key VK, and performs Enc (EcCK
ncCK) (Step S304), the encryption / decryption unit 116 outputs the generated Enc (EncCK) to the encryption / decryption unit 211, and the encryption / decryption unit 211 outputs the Enc (EncCK).
CK) (step S305), and the decryption unit 2
Reference numeral 11 denotes an encrypted content key Enc which performs a decryption algorithm D2 on Enc (EncCK) using a time-varying key VK.
CK is generated, and the generated encrypted content key EncCK is generated.
To the key data storage unit 21 indicated by the access information.
The data is written in the area No. 2 (step S306).

The encryption section 117 reads the content data CD from the data storage section 110 (step S30).
7) The encrypted content data EncCD is generated by applying the encryption algorithm E5 to the read content data CD using the content key CK (step S30).
8). The encryption unit 117 outputs the generated encrypted content data EncCD to the data storage unit 213, and the data storage unit 213 receives the encrypted content data EncCD (step S309), and the data storage unit 213
Stores the received encrypted content data EncCD (step S310).

6.3 Summary As described above, in the authentication communication system 100b, a new random number generation mechanism is required to generate a content key for encrypting content data. Can be shared with the random number generation mechanism used for 7. Other Modifications Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.

(1) In the above embodiment, the digital work is music information, but character data such as novels and papers, computer program software for computer games, and compression such as MP3 Audio data, still images such as JPEG, MP
It may be a moving image such as EG. Further, the reader / writer device is not limited to a personal computer, and may be an output device for selling or distributing the various digital works described above. Further, the reader / writer device is not limited to the headphone stereo, but may be a reproducing device for reproducing a digital work. For example, it may be a computer game device, a band-type information terminal, a dedicated device, a personal computer, or the like. Further, the reader / writer device may have both the output device and the reproducing device.

(2) In the above embodiment, the encryption algorithm and the decryption algorithm use DES, but other encryption may be used. In the above embodiment, SHA is used, but
Other one-way functions may be used. The key length of the common key and the time-varying key is 56 bits, but a key of another length may be used.

(3) In the above embodiment, the combining unit 103 combines the access information and the lower 32 bits of the random number seed to generate 64-bit randomized access information. It is not limited to. The following may be performed. The combining unit 103 may generate the 64-bit-length randomized access information by alternately combining the 32-bit access information and the lower 32 bits of the random number seed one bit at a time. Alternatively, a plurality of bits may be alternately combined. In this case, the separation unit 206 performs the reverse operation.

(4) In the above embodiment, the random number generation unit 204 of the memory card 20
The random number generation unit 204 may generate the random number seed as the random number R2 using the random number seed stored in. In addition, the time-varying key generation units 108 and 20
8, the time-varying key is generated using R1 and R2, but a response value may be used. Also, the common key UK
May be entangled.

(5) In the authentication communication system 100b, the encrypting unit 117 stores the encrypted content data Enc
Although the CD is written in the data storage unit 213, the encrypted content data EncCD may be treated as confidential data and written in the area indicated by the access information. Further, the encrypted content key EncCK may be written in the data storage unit 213 without being treated as confidential data.

Further, the encrypting unit 114 and the encrypting unit 117
May be eliminated, and the remaining one may be shared. (6) The present invention may be the method described above.
Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.

Further, the present invention provides a computer-readable recording medium for the computer program or the digital signal, for example, a floppy (registered trademark) disk, hard disk, CD-ROM, MO, DVD, D
The information may be recorded on a VD-ROM, a DVD-RAM, a semiconductor memory, or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

Further, according to the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like. The present invention may also be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, by recording the program or the digital signal on the recording medium and transferring it, or by transferring the program or the digital signal via the network or the like, another independent computer system is provided. May be implemented. (4) The above embodiment and the above modifications may be combined.

8. Possibility of industrial use When copying a digital work from an output device that outputs a digital work to a semiconductor recording medium, use when the output device and the semiconductor recording medium mutually authenticate the validity. Can be. Also, when reading and reproducing a digital work from a semiconductor recording medium on which the digital work is recorded, the digital work is used when the respective devices mutually authenticate the validity between the semiconductor recording medium and the reproducing apparatus. can do.

[0086]

To achieve the above object, the present invention comprises a recording medium having an area for storing digital information, and an access device for reading digital information from the area or writing digital information to the area. An authentication communication system, wherein the access device transmits the disturbed access information generated by disturbing the access information indicating the area from the access device to the recording medium, so that the access device uses the challenge response type authentication protocol. A first authentication phase for authenticating the validity of the recording medium, a second authentication phase for the recording medium to authenticate the validity of the access device, and a case where both the recording medium and the access device have validity. If authenticated, the recording medium extracts access information from the transmitted disturbed access information, Serial access device reads the digital information from the area indicated by the extracted the access information, or characterized in that it comprises a transfer phase for writing digital information to the area indicated by the access information.

As a result, at the same time as mutual authentication, information for accessing the confidential data storage area in which the confidential data is recorded is disturbed and transferred. Can be increased. Further, even if the information for accessing the confidential data storage area is falsified and transferred to another information due to unauthorized spoofing, mutual authentication does not succeed. You can make it impossible.

[Brief description of the drawings]

FIG. 1 shows the appearance of authentication communication systems 30 and 31 as a specific configuration example of an authentication communication system 100. FIG. 1A shows the appearance of an authentication communication system 30 composed of a personal computer and a memory card 20, and FIG. 1B shows an authentication communication system 31 composed of a headphone stereo, a memory card 20 and headphones. Show the appearance.

FIG. 2 is a block diagram showing respective configurations of a reader / writer device 10 and a memory card 20 which constitute the authentication communication system 100.

FIG. 3 shows a data structure of access information, a random number seed, and randomized access information.

FIG. 4 is a flowchart showing the operation of the authentication communication system 100, and particularly assumes a case where information stored in a memory card is read. FIG.
followed by.

FIG. 5 is a flowchart showing an operation of the authentication communication system 100. Continued from FIG.

FIG. 6 is a flowchart showing an operation of the authentication communication system 100. In particular, FIG.
Is a device assumed to be a device for writing information to a memory card.

FIG. 7 is a block diagram showing a configuration of an authentication communication system 100a as another embodiment.

FIG. 8 is a flowchart showing an operation specific to the authentication communication system 100a.

FIG. 9 is a block diagram showing a configuration of an authentication communication system 100b as another embodiment.

FIG. 10 is a flowchart showing an operation specific to the authentication communication system 100b.

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 authentication communication system 10 reader / writer device 101 access information storage unit 102 random number seed storage unit 103 combining unit 104 common key storage unit 105 encryption unit 106 random number seed update unit 107 mutual authentication unit 108 time-varying key generation unit 109 encryption / decryption unit 110 Data storage unit 111 Input / output unit 20 Memory card 201 Common key storage unit 202 Random seed storage unit 203 Random seed update unit 204 Random number generation unit 205 Decryption unit 206 Separation unit 207 Mutual authentication unit 208 Time-varying key generation unit 209 Data storage unit 210 encryption / decryption unit

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (reference) G09C 1/00 660 G06K 19/00 R H04L 9/08 H04L 9/00 601A 9/10 621A 9/32 675A (72) Inventor Tsutomu Sekibe 1006 Kadoma, Kazuma, Osaka Pref. Matsushita Electric Industrial Co., Ltd. 1006 Kadoma, Kadoma Matsushita Electric Industrial Co., Ltd. KA02 KA04 KA08 KA35 YA20 5J104 AA01 AA07 AA15 AA16 EA06 EA07 JA13 KA02 KA04 KA06 NA02 NA35 NA37

Claims (17)

[Claims] 1. An authentication communication system comprising: a recording medium having an area for storing digital information; and an access device for reading digital information from or writing digital information to the area, wherein the access device By transmitting the disturbed access information generated by disturbing the access information indicating the area to the recording medium, the access device authenticates the validity of the recording medium by a challenge-response type authentication protocol. And a second authentication phase in which the recording medium authenticates the validity of the access device. If the recording medium and the access device are both authenticated, the recording medium is transmitted. Access information from the disturbed access information thus obtained, and the access device extracts the access information A transfer phase for reading digital information from an area indicated by the access information or writing digital information to an area indicated by the access information. 2. In the first authentication phase, the access device acquires an access information acquisition unit that acquires access information indicating the area, a random number acquisition unit that acquires a random number, and the acquired access information. A generating unit for generating randomized access information by synthesizing a random number; and an encrypting unit for applying a cryptographic algorithm to the generated randomized access information to generate disturbed access information. A response value generation unit that generates a response value from the disturbed access information, wherein the access device includes an authentication unit that performs authentication of the recording medium using the generated response value. The authentication communication system according to claim 1, wherein 3. In the transfer phase, the recording medium performs a decoding algorithm on the generated disturbed access information to generate randomized access information, and stores access information from the transmitted randomized access information. The authentication communication system according to claim 2, further comprising: a separation unit configured to separate the authentication system. 4. In the first authentication phase, the access device further includes a random number seed storage unit that stores a random number seed, and the random number acquisition unit reads the random number seed from the random number seed storage unit. 4. A random number is obtained.
2. The authentication communication system according to 1. 5. The authentication communication system according to claim 4, wherein in the first authentication phase, the access device further overwrites the disturbed access information as a random number seed in the random number seed storage unit. . 6. In the first authentication phase, the access device further includes a random number seed storage unit that stores a random number seed, and the random number acquisition unit reads and reads the random number seed from the random number seed storage unit. 4. The authentication communication system according to claim 3, wherein the random number is obtained by generating the random number based on the random number seed. 7. The authentication communication system according to claim 6, wherein in the first authentication phase, the access device further overwrites the generated random number as a random number seed in the random number seed storage unit. . 8. In the transfer phase, the recording medium recording digital information in the area reads digital information from the area indicated by the access information, and encrypts the read digital information by performing an encryption algorithm. The access device that includes an encryption unit that generates digital information, reads the digital information from the area, includes a decryption unit that performs a decryption algorithm on the generated encrypted digital information to generate digital information, and the decryption algorithm includes: 4. The method according to claim 3, wherein the ciphertext generated by the encryption algorithm is decrypted.
2. The authentication communication system according to 1. 9. In the transfer phase, the access device that writes digital information to the area includes a digital information obtaining unit that obtains digital information, and performs an encryption algorithm on the obtained digital information to generate encrypted digital information. The recording medium includes a decryption unit that performs a decryption algorithm on the generated encrypted digital information to generate digital information, and writes the digital information to the area indicated by the access information; 4. The algorithm according to claim 3, wherein the algorithm decrypts a ciphertext generated by the encryption algorithm.
2. The authentication communication system according to 1. 10. In the transfer phase, the access device that writes digital information to the area includes: a digital information obtaining unit that obtains digital information; a content key obtaining unit that obtains a content key; A first encryption unit that applies an encryption algorithm to generate an encrypted content key; and a second encryption unit that applies a second encryption algorithm to the generated encryption content key to generate a double-encryption content key. A third encryption unit that performs a second encryption algorithm on the obtained digital information using the content key to generate encrypted digital information, and wherein the recording medium is configured to generate the double-encrypted content. A first decryption algorithm is applied to the key to generate an encrypted content key, and to the area indicated by the access information Includes a decoding unit for writing the issue of content key, the recording medium is further claim 3, characterized in that it comprises an area for storing the generated the encrypted digital information
2. The authentication communication system according to 1. 11. An authentication communication method used in an authentication communication system comprising: a recording medium having an area for storing digital information; and an access device for reading digital information from said area or writing digital information to said area. By transmitting the disturbed access information generated by disturbing the access information indicating the area from the access device to the recording medium, the access device can verify the validity of the recording medium by a challenge-response type authentication protocol. A first authentication step of performing authentication of the access device; a second authentication step of performing authentication of the validity of the access device by the recording medium; and a case where the recording medium and the access device are both authenticated. The recording medium extracts access information from the transmitted disturbed access information, A transfer device that reads digital information from an area indicated by the extracted access information or writes digital information to an area indicated by the access information. 12. A recording medium having an area for storing digital information, and an access device for reading digital information from the area or writing digital information to the area, wherein an access device is provided between the recording medium and the access device. A computer-readable recording medium that records an authentication communication program used in an authentication communication system that transfers digital information after authenticating each device, and wherein the authentication communication program includes the access device. Transmitting the disturbed access information generated by disturbing the access information indicating the area from the access device to the recording medium, whereby the access device authenticates the validity of the recording medium by a challenge response type authentication protocol. (1) an authentication step, wherein the recording medium verifies the validity of the access device; A second authentication step of performing authentication, and when the recording medium and the access device are both authenticated, the recording medium extracts access information from the transmitted disturbed access information, A transfer device that reads digital information from an area indicated by the extracted access information or writes digital information to an area indicated by the access information. 13. An access device constituting the authentication communication system according to claim 1. 14. An access device constituting the authentication communication system according to claim 2. 15. A recording medium constituting the authentication communication system according to claim 1. 16. A recording medium constituting the authentication communication system according to claim 3. 17. A recording medium having an area for storing digital information, and an access device for reading digital information from or writing digital information to the area, wherein an access device is provided between the recording medium and the access device. An authentication communication program used in an authentication communication system for transferring digital information after authenticating each device, wherein the access information indicating the area is generated by disturbing the access information from the access device to the recording medium. A first authentication step in which the access device authenticates the validity of the recording medium by a challenge-response type authentication protocol by transmitting the disturbed access information, and the recording medium authenticates the validity of the access device. A second authentication step of performing, and both the recording medium and the access device are legitimate If it is authenticated that the recording medium has extracted access information from the transmitted disturbed access information, the access device reads digital information from an area indicated by the extracted access information, or A transfer step of writing digital information to an area indicated by the access information.