JPH0624360B2 - Method for authenticating a data processing device - Google Patents

Description

Detailed Description of the Invention A. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to data communication between data processing devices via unsecured communication links or connection paths, such as public switched networks, and more particularly, conversations via such networks. A method for authenticating (or authenticating) a subscriber before it can be started.

B. 2. Description of the Related Art With the distribution of data processing devices over a large area, there is an increasing need to use public switched networks to interconnect these wide area distributed data processing devices. Such distributed systems are widely used in the finance industry, transportation and lodging reservation systems, and a wide variety of other applications.

In most of these applications, the data processing unit will have a central data source over the dial or public switched network.
Gain access to a base or distributed database. As a result, anyone with a telephone number can establish a connection to the database. With varying degrees of success, many techniques have been adopted to limit access to the database to authorized devices only.

The most commonly used technique is to use a password known only to the database and access device. This technique is effective in many applications where the transmission facilities used to connect the communication devices are secured. However, if the transmission facility is in an unsecured environment, such as the public switched network, this technique has proven inadequate. What an unauthorized person would like to do is tap a telephone line to intercept it, learn the password used, and gain unauthorized access to the database.

The obvious solution to this problem is to do password encryption and decryption. While this obvious solution is effective, it also comes with substantial costs in addition to the additional drawbacks. Once the decryption requirements are removed, the substantial expense and some other drawbacks can be eliminated.

FIG. 2 shows a case where a conventional technique using only encryption is adopted.
A series of exchanges between two data processing devices 10, 11 is shown.
Device 11 wants to connect to and establish contact with device 10 via the public switched network. This sequence begins when device 11 sends a dial number over the public switched network to establish a connection. The connection is completed when device 10 unhooks in response to the bell signal received from the public switched network. The completion of the connection is signaled to device 11 by the tone generated by device 10.

At this point, device 11 has network ID and random number n1.
1 is transmitted to the device 10. The device 10 uses the random number n11 or En11 encrypted with the key k to obtain its I
Respond to D10 and another random number n10. Device 11 also encrypts n10 with key k and sends En10 to device 10. The devices 10 and 11 compare the encrypted random numbers En10 and En11 with the locally generated encrypted random numbers En10 ′ and En11 ′, respectively. If both comparisons are successful, the conversation takes place. If either is unsuccessful, the connection is terminated and no conversation takes place.

FIG. 3 shows that a fraudulent device 13 pretending to be a device 11 has a device 11 in the system using the aforementioned authentication technique shown in FIG.
Shows how to get access and establish communication. The device 13 can obtain all the necessary information by tapping and monitoring the information exchange between the devices 11 and 10. Where these information exchanges use the public switched network, access to that switched network is easy.

Once the unauthorized device 13 has the ID 11 of the device 11 and the device 1
When the telephone number of 0 is obtained, the device 1 is connected as shown in FIG.
Initiate a call to 0. Device 10 unhooks,
A tone is sent to the device 13 which responds with the ID 11 of the device 11 and the random number n13. In response to this information, the device 10 transmits En13, ID10, and random number n10 of the unauthorized device.
In the meantime, the unauthorized device 13 establishes a connection with the device 11 by making a call to the device 11 and receiving a reply tone. When the unauthorized device 13 receives the ID 10 and n10 from the device 10, the unauthorized device 13 relays this information to the device 11,
Returns an encrypted random number En10. This is all that the rogue device 13 needs to be authenticated by the device 10. En10 is relayed to the device 10, and a conversation between the unauthorized device 13 and the device 10 is established. At this time,
The unauthorized device 13 has the same access right to the device 10 as the authorized device 11.

C. SUMMARY OF THE INVENTION The present invention provides a method for authenticating a data processing device before a conversation is established in a system in which the connection is initiated by one device. After the connection is established, the device exchanges ID and random number. The called device takes no further action after this exchange until it receives a valid cryptographic version of the random number sent to the first device. After verifying the received encrypted random number, the called device returns a cryptographic version of the caller's random number. This cryptographic version, if confirmed by the calling party, allows a conversation between the calling device and the called device to proceed.

D. Example The method is a method for authenticating a data processing device before a conversation is established, in which case the calling device and the called device, after a connection is made, are an identifier and a locally generated random number. To replace. The called device must return a cryptographic version of the calling device's random
Wait to receive a valid cryptographic version of that random number from the calling device. The device establishes a conversation only after a valid encrypted random number has been exchanged.

In FIG. 1, a central processing unit (CPU) 10 including a database or the like is connected to a public switched network (hereinafter also simply referred to as network) 9 by a plurality of telephone lines. Multiple remote devices or stations 1
, N are also connected to the public switched network by telephone lines. By disconnecting the handset and sending a specific dial digit to the network 9,
The connection can be initiated to any other device, including the CPU 10. The network 9 sends a call bell signal to the device connected to the telephone line identified by the dial digit, and the called device responds to the call bell signal and disconnects the handset to establish the connection. The called device typically returns a tone or equivalent signal so that the calling device knows that it has been connected. At this time, information can be exchanged.

FIG. 4 illustrates the information exchanges and time relationships that exist when an authorized device 11 initiates a call to an authorized device 10. Device 11 initiates the call by disconnecting the handset and sending a dialed digit representing the telephone number of device 10 on the telephone line after detecting a dial tone. The connection is established when the network sends a call bell signal to device 10, which disconnects the handset and sends a tone signal to device 11.

At this point, the device 11 sends the network ID 11 and the random number n11 to the device 10. The device 10 responds with its network ID 10 and random number n10. The device 10 receives the encrypted random number En10 from the device 11 and returns the returned En10 and the locally generated version En1.
Until it checks for plausibility by comparing 0 ',
Take no further action. If the comparison is successful, the device 10
Returns the encrypted random number En11 of the device 11 to the device 11. The device 11 compares the returned En11 with the locally generated version En11 '. If this comparison is successful, the authentication process is complete and the devices 10, 11 have a conversation, whereby the desired information is exchanged.

FIG. 5 is similar to FIG. 3 and shows how the method according to the invention denies an unauthorized device 13 pretending to have access to the device 10 as an authorized device 11.

As described above, the unauthorized device 13 pretending to be the authorized device 11 establishes a connection to the authorized device 10 and
ID 11 and random number n13 are sent to the device 10. The device 10 responds with its ID 10 and random number n10. At the same time, the unauthorized device 13 establishes a connection to the device 11 and relays the ID 10 of the device 10 and the random number n10 to the device 11. This is indicated by the broken line in FIG. The device 11 returns the ID 11 and the random number n11 to the unauthorized device 13.

Since both device 10 and device 11 have not started the call, they wait to receive the encrypted random numbers En10 and En11 respectively before responding. Illegal device 13
Cannot have an encrypted random number En10 because it has no key. This key is secure because it is never sent over the network. Obviously, attention must be paid to key distribution and security. However, this key is never exposed to the network and can be handed over, for example, with a guaranteed courier service or other secure method.

The devices 10, 11 wait for a fixed or variable time for the cryptographic versions of their respective random numbers and, if the response time ends without receiving the same, disconnect the devices to the unauthorized device 13. It is advantageous to have an adjustable timeout taking into account the response times of various networks. For example, satellite networks have longer response times than terrestrial networks due to long round trip flight times from satellites.

The flowcharts of FIGS. 6 and 7 show the steps required for initiated and reply calls, respectively. In FIG. 6, assume that device 11 has invoked device 10 to access a database managed by device 10.

Device 11 begins this process by removing the handset and sending a dialed digit representing the telephone number of device 10 to the network. The device 11 waits for a tone response from the device 10, and accordingly, the device 11 transmits its ID 11 and the random number Rn11. The device 11 generates an encrypted version ERn11 ′ of the random number, which ERn11 ′ is the device 10
Stored for later comparison with the ERn returned by. After receiving the ID 10 and the random number Rn10 from the device 10, the device 11 encrypts Rn10 using a predetermined key and the encryption algorithm, and sends ERn10 to the device 10 via the network. At this point, device 11 sets a timer and waits to receive ERn11 from device 10. If the timer expires before receiving ERn11, the call is aborted. If the ERn11 is received before the timer expires, the device 11 compares the ERn11 received from the device 10 with the stored ERn11 ', and if they are not equal, disconnects. When the encrypted random numbers of both are the same, the device 11 becomes able to talk with the device 10.

In FIG. 7, device 10 responds to the bell signal by removing the handset and returning a tone to device 11. Device 1
0 waits for reception of the ID 11 of the device 11 and the random number Rn11. The received random number is encrypted using a predetermined key and stored for later transmission to device 11. At this point, the device 10 transmits the ID 10 and the random number Rn10 to the device 11. The device 10 also encrypts the random number, E
Rn10 'is stored and the timer is set.

The device 10 receives the ERn10 from the device 11 until
Take no further steps. If the timer expires before receiving ERn10, or if the received ERn10 is not equal to the stored ERn10 ', then the connection is dropped. ERn10 is received before the timer expires, and ER
If it is equal to n10 ′, the device 10 sends ERn11 to the device 11 and prepares to start a conversation with the device 11.

E. As described above, according to the present invention, excellent security protection is provided in the data communication network.

Although the above method is particularly suitable for use in a public switched network, the method provides a high level of security protection and thus is not limited to use in a public switched network environment only.
Suitable for use in any network. Moreover, the method does not depend on a particular encryption system. The method can be used on standardized systems or on any system as long as the user-selected system is used globally.

[Brief description of drawings]

FIG. 1 is a block diagram showing an environment in which the present invention can be used. FIG. 2 is a diagram showing information exchange between two permission devices using a conventional authentication method. FIG. 3 is a diagram showing information exchange between an unauthorized device and two permission devices. When the method according to the conventional technique used in FIG. Is a diagram showing how access can be obtained. FIG. 4 is a diagram showing information exchange between two permission devices using the method of the present invention. FIG. 5 is a diagram showing information exchange between an unauthorized device and two permission devices, and how the method of the present invention denies access to the unauthorized device. FIG. 6 is a flow chart showing the steps required to call an initiating station to implement the method of the present invention. FIG. 7 is a flow chart showing the steps required in the call answering device to implement the method of the present invention.

Claims (5)

[Claims] 1. A first data processing device, which starts establishing a connection to a second data processing device, and when the connection is established, transmitting a number Rn1 to the second data processing device through the connection. , In the second data processing device, responding to the start of connection establishment to complete the connection, receiving the number Rn1 from the first data processing device, and sending the number Rn1 to the first data processing device via the connection. Transmitting Rn2, receiving the number Rn2 in the first data processing device, encrypting the number Rn2 using a predetermined key, and processing the encrypted number ERn2 through the connection in the second data processing Sending to the device the encrypted number ERn2 received at the second data processing device and the locally stored encrypted version generated by a predetermined key. If both of them match by comparison, the number Rn1 is encrypted using a predetermined key, the encrypted number ERn1 is transmitted to the first data processing device via a tangent line, and the conversation with the first data processing device is performed. The step of enabling the encrypted number ER in the first data processing device.
receiving n1 and comparing it with a locally stored encrypted number ERn1 generated by a predetermined key and enabling a conversation with a second data processing device if they match. Including a method for authenticating a data processing device before establishing a conversation. 2. If the second data processing device sets a predetermined period when transmitting the number Rn2, and the first data processing device does not return the encrypted number ERn2 before the expiration of the predetermined period, The method of claim 1, wherein the connection is released. 3. The number ER in which the first data processing device is encrypted
The method according to claim 1, wherein a predetermined period is set when n10 is transmitted, and if the second data processing device does not return the encrypted number ERn1 before the predetermined period expires, the connection is released. The method described. 4. The method according to claim 1, wherein the numbers transmitted by the first and second data processing devices are randomly selected. 5. A step of starting establishment of a connection to a second data processing apparatus in the first data processing device, and a random number Rn1 is generated when the connection is established, and a second random number Rn1 is generated through a connection that has already been established. Transmitting to the data processing device; encrypting the random number Rn1 and storing the encrypted random number ERn1; and, in the second data processing device, in response to the initiation of the establishment of the connection, establishment of the connection. A step of completing, a step of receiving the random number Rn1 through the established connection, encrypting the received random number, and storing the received and encrypted random number ERn1, and a step of generating a random number Rn2 and passing the established connection First
Transmitting to the data processing device, encrypting the random number Rn2 and storing the encrypted random number ERn2, and receiving the random number Rn2 via the established connection in the first data processing device, Encrypting the received random number Rn2 and transmitting the encrypted random number ERn2 to the second data processing device through the established connection; and in the second data processing device, the received and encrypted random number ERn2 Encrypted random number ER stored as
When n2 is compared and both match, the stored encrypted random number ERn1 is transmitted to the first data processing device via the established connection, and the conversation with the first data processing device is enabled. And the encrypted random number E in the first data processing device.
Before establishing a conversation, including the step of receiving Rn1 and comparing it with the stored encrypted random number ERn1 and enabling a conversation with the second data processing device if they match. Method for authenticating a data processing device.