[go: up one dir, main page]

WO2020044624A1 - Mutual authentication method and communication system - Google Patents

Mutual authentication method and communication system Download PDF

Info

Publication number
WO2020044624A1
WO2020044624A1 PCT/JP2019/009533 JP2019009533W WO2020044624A1 WO 2020044624 A1 WO2020044624 A1 WO 2020044624A1 JP 2019009533 W JP2019009533 W JP 2019009533W WO 2020044624 A1 WO2020044624 A1 WO 2020044624A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
communication device
count value
encryption
communication
Prior art date
Application number
PCT/JP2019/009533
Other languages
French (fr)
Japanese (ja)
Inventor
村田 眞司
桝田屋 秀樹
Original Assignee
アルプスアルパイン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by アルプスアルパイン株式会社 filed Critical アルプスアルパイン株式会社
Priority to JP2020540033A priority Critical patent/JP7105894B2/en
Publication of WO2020044624A1 publication Critical patent/WO2020044624A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a mutual authentication method and a communication system.
  • a device authentication system for authenticating that a partner is a legitimate device
  • the first device includes the first device
  • a verification function storage unit that stores a plurality of verification functions for verifying the validity of the two devices in advance
  • a first challenge data transmission unit that generates first challenge data and transmits the first challenge data to the second device
  • First response data receiving means for receiving first response data corresponding to challenge data from the second device, and whether the first challenge data and the first response data are associated by any of the plurality of verification functions
  • a first verification unit that verifies whether or not the second device is valid if the first verification unit verifies positively
  • the second device is a proof function storage unit that stores in advance a plurality of proof functions corresponding to the plurality of verification functions, respectively, for proving its own validity.
  • First challenge data receiving means for receiving the obtained first challenge data, proof function selecting means for selecting one from the plurality of proof functions, and the first challenge data based on the proof function selected by the proof function selecting means.
  • a device authentication system comprising: first response data transmitting means for generating first response data from challenge data and transmitting the generated first response data to the first device.
  • first response data transmitting means for generating first response data from challenge data and transmitting the generated first response data to the first device.
  • the first device and the second device need two round-trip data communication to authenticate each other, and thus the communication time required for authentication is long. There is a problem that.
  • an object of the present invention is to provide a mutual authentication method and a communication system capable of performing authentication in a short time.
  • a mutual authentication method includes a first communication device having a common key and a second communication device, wherein the first communication device and the second communication device have a first count value indicating the number of times of communication, and A mutual authentication method in a communication system holding a second count value, wherein the first communication device encrypts the first count value with the common key to generate a first encryption value, and generates the first encryption value.
  • FIG. 1 is a diagram illustrating a communication system 10 that executes a mutual authentication method.
  • FIG. 4 is a task diagram showing an authentication process performed by the R / W 50 and the RFID tag 100.
  • FIG. 5 is a diagram showing a flowchart illustrating a mutual authentication process executed by the R / W 50.
  • FIG. 4 is a diagram illustrating a flowchart illustrating a mutual authentication process performed by the RFID tag 100.
  • FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification.
  • FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification.
  • FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification.
  • FIG. 1 is a diagram illustrating a communication system 10 that performs a mutual authentication method.
  • the communication system 10 includes an R / W (reader / writer) 50 and an RFID tag 100.
  • the R / W 50 is an example of a first communication device
  • the RFID tag 100 is an example of a second communication device.
  • the sensor 30 is connected to the RFID tag 100.
  • the RFID tag 100 is installed on a bridge, a slope, or the like, encrypts data representing the stress detected by the sensor 30, and transmits the encrypted data to the R / W 50.
  • the R / W 50 can acquire the detection value of the sensor 30. Note that such an application is an example, and by using various types of sensors as the sensor 30, various detection values can be obtained by the R / W 50 via the RFID tag 100.
  • the R / W 50 includes a control device 60, an antenna 70, and a memory 80.
  • the control device 60 is realized by a computer including a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), an input / output interface, an internal bus, and the like.
  • a CPU Central Processing Unit
  • RAM Random Access Memory
  • ROM Read Only Memory
  • HDD Hard Disk Drive
  • the control device 60 includes a main control unit 61, an encryption unit 62, an authentication unit 64, a logical operation unit 65, and a communication unit 66.
  • the control unit 61, the encryption unit 62, the authentication unit 64, the logical operation unit 65, and the communication unit 66 show, as functional blocks, the functions of the programs executed by the control device 60.
  • the memory 80 functionally represents the memory of the control device 60.
  • the main control unit 61 is a control unit that controls the processing of the control device 60, and executes processing other than the processing performed by the encryption unit 62, the authentication unit 64, the logical operation unit 65, and the communication unit 66.
  • the main controller 61 has, for example, a counter function, and increments a count value indicating the number of times of communication each time the R / W 50 performs communication. Further, the main control unit 61 causes the communication unit 66 to perform a process of transmitting data such as a count value and encryption to the RFID tag 100. Further, the main control unit 61 causes the communication unit 66 to perform processing of receiving data such as a count value and encryption from the RFID tag 100, and transmits the received data to the encryption unit 62.
  • the count value counted by the main control unit 61 is an example of a first count value.
  • the encryption unit 62 encrypts data and the like transmitted to the RFID tag 100.
  • the encryption unit 62 performs, for example, data encryption processing using Present ⁇ 80 ⁇ Encryption ⁇ .
  • Present 80 Encryption is an encryption method using a common key.
  • the authentication unit 64 performs an authentication process of the RFID tag 100 based on the encryption, the count value, and the like received from the RFID tag 100. Details of the authentication processing will be described later with reference to FIG.
  • the logical operation unit 65 calculates an exclusive OR (EXOR) of the encryption value received from the RFID tag 100 and the encryption value generated by the encryption unit 62. Details of this processing will be described later with reference to FIG.
  • the communication unit 66 is connected to an antenna 70 for communication with the RFID tag 100.
  • the communication unit 66 performs a process of transmitting data to the RFID tag 100 and a process of receiving data from the RFID tag 100 according to a command from the main control unit 61.
  • the antenna 70 may be any antenna that can perform wireless communication with the RFID tag 100.
  • the antenna 70 is connected to the communication unit 66, radiates a signal including data and the like to be transmitted to the RFID tag 100, and receives a signal including data and the like returned from the RFID tag 100.
  • the memory 80 stores programs, data, and the like necessary for the R / W 50 to perform the authentication process. Further, the memory 80 temporarily holds the count value counted by the main control unit 61. The memory 80 stores a common key used by the R / W 50 and the RFID tag 100 for encryption, decryption, and the like.
  • the RFID tag 100 has a control device 110, an antenna 120, and a memory 130.
  • the RFID tag 100 operates with the received power, performs arithmetic processing, and transmits (replies) data to the R / W 50.
  • the control device 110 is realized by an IC (Integrated Circuit) chip.
  • the control device 110 includes a main control unit 111, an encryption unit 112, a decryption unit 113, an authentication unit 114, a logical operation unit 115, and a communication unit 116.
  • the main control unit 111, the encryption unit 112, the decryption unit 113, the authentication unit 114, the logical operation unit 115, and the communication unit 116 show, as functional blocks, the functions of the programs executed by the control device 110.
  • the memory 130 is a functional representation of the memory of the control device 110.
  • the main control unit 111 is a control unit that controls the processing of the control device 110, and executes processing other than the processing performed by the encryption unit 112, the decryption unit 113, the authentication unit 114, the logical operation unit 115, and the communication unit 116.
  • the main control unit 111 has, for example, a function of a counter, and increments a count value indicating the number of times of communication each time the RFID tag 100 performs communication.
  • the main control unit 111 also causes the communication unit 116 to perform a process of transmitting data such as a count value and encryption to the R / W 50.
  • the main control unit 111 causes the communication unit 116 to perform a process of receiving data such as a count value and encryption from the R / W 50, and transmits the received data to the encryption unit 112 and the decryption unit 113.
  • the count value counted by the main control unit 111 is an example of a first count value.
  • the encryption unit 112 encrypts data and the like to be transmitted to the R / W 50.
  • the encryption unit 112 performs, for example, data encryption processing using Present ⁇ 80 ⁇ Encryption ⁇ .
  • the decoding unit 113 decodes data and the like received from the R / W 50.
  • the decryption unit 113 performs data decryption processing using Present ⁇ 80 ⁇ Decryption ⁇ .
  • Present ⁇ 80 ⁇ Decryption is a decryption method using a common key.
  • the authentication unit 114 performs an authentication process on the R / W 50 based on the encryption, the count value, and the like received from the R / W 50. Details of the authentication processing will be described later with reference to FIG.
  • the logical operation unit 115 calculates an exclusive OR (EXOR) of the detection value of the sensor 30 and the encryption value generated by the encryption unit 112. Details of this processing will be described later with reference to FIG.
  • the communication unit 116 is connected to an antenna 120 for communication with the R / W 50.
  • the communication unit 116 performs a process of transmitting data to the R / W 50 and a process of receiving data from the R / W 50 in accordance with a command from the main control unit 111.
  • the antenna 120 may be any antenna that can perform wireless communication with the R / W 50.
  • the antenna 120 is connected to the communication unit 116, receives a signal including data transmitted from the R / W 50, and radiates a signal including data returned to the R / W 50.
  • the memory 130 stores programs, data, and the like necessary for the RFID tag 100 to perform the authentication process. Further, the memory 130 temporarily holds the count value counted by the main control unit 111. Further, the memory 130 stores a common key used by the R / W 50 and the RFID tag 100 for encryption and decryption.
  • the count value of the R / W 50 is equal to or greater than the count value of the RFID tag 100.
  • the R / W 50 and the RFID tag 100 increment the count value each time communication is performed between the R / W 50 and the RFID tag 100. Therefore, if there is no abnormality in the communication between the R / W 50 and the RFID tag 100 and the R / W 50 and the RFID tag 100 can perform transmission / reception normally each time, the counting of the R / W 50 and the RFID tag 100 is performed.
  • the values will be equal.
  • the abnormality is, for example, a state in which the RFID tag 100 cannot receive the signal due to noise or the like even if the R / W 50 transmits a signal.
  • the RFID tag 100 cannot recognize that the signal transmitted from the R / W 50 has been transmitted from the R / W 50.
  • the count value of the R / W 50 is incremented, but the count value of the RFID tag 100 is not incremented. Therefore, the count value of the R / W 50 may advance (increase) beyond the count value of the RFID tag 100.
  • the communication system 10 uses the count values of the R / W 50 and the RFID tag 100 for authentication.
  • the RFID tag 100 authenticates the R / W 50
  • one condition for establishing the authentication is that the count value of the R / W 50 is equal to or greater than the count value of the RFID tag 100.
  • the difference between the count value of the R / W 50 and the count value of the RFID tag 100 is equal to or smaller than a predetermined value.
  • the predetermined value is 50 as an example.
  • the RFID tag 100 When the RFID tag 100 receives a signal transmitted by a reader / writer (another similar reader / writer different from the R / W50) that is not a target of receiving a signal, the RFID tag 100 of the R / W50 that is a target of receiving the signal is received.
  • the count value of the RFID tag 100 may be higher than the count value. Therefore, if the count value of the RFID tag 100 is ahead of the count value of the R / W 50, the authentication is not established.
  • FIG. 2 is a task diagram showing an authentication process performed by the R / W 50 and the RFID tag 100.
  • the count value of the R / W 50 is M (64 bits) of 64 bits.
  • the control unit 61 of the R / W 50 increments the count value to M + 1 (64 bits).
  • the encryption unit 62 of the R / W 50 encrypts the incremented count value M + 1 (64 bits) using the common key to generate an encryption value 1 (64 bits).
  • the R / W 50 transmits the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits) which is the lower 16 bits of the count value M + 1 (64 bits) to the RFID tag 100.
  • the encryption value 1 (64 bits) is an example of a first encryption value
  • the count value M + 1 (lower 16 bits) is an example of a first numerical value. Also, by transmitting only the lower 16 bits (count value M + 1 (lower 16 bits)) of the count value M + 1 (64 bits) to the RFID tag 100, the communication data capacity can be reduced.
  • the decryption unit 113 decrypts the encryption value 1 (64 bits) with the common key, and the authentication unit 114 determines the count obtained by decryption.
  • the lower 16 bits of the value M + 1 (64 bits) are compared with the received count value M + 1 (lower 16 bits) to determine coincidence.
  • the count value M + 1 (64 bits) obtained by decoding is an example of a first decoded value.
  • the determination of the coincidence and the coincidence means that the coincidence is established.
  • the coincidence is established.
  • the matching may be determined for all bits. In this case, when all bits match, the matching is established.
  • the authentication unit 114 determines that the count value M + 1 (64 bits) obtained by decoding is equal to the 64-bit count value N of the RFID tag 100 or is smaller than the count value N. If the count has been advanced and the difference between the count values is equal to or smaller than a predetermined value, it is determined that the R / W50 authentication has been established.
  • the count value of R / W50 is equal to or greater than the count value of the RFID tag 100. Therefore, when the count value of the R / W 50 (the count value M + 1 (64 bits) obtained by decoding) and the count value N of the RFID tag 100 are equal, the count values of the R / W 50 and the RFID tag 100 are normal. It is assumed that R / W50 authentication has been established.
  • the count value of the R / W 50 (the count value M + 1 (64 bits) obtained by decoding) is larger than the count value N of the RFID tag 100, and when the difference is equal to or less than a predetermined value, the R / W 50 and It is assumed that the count value of the RFID tag 100 is normal and that the R / W50 authentication has been established.
  • the predetermined value is 50 as an example.
  • the main control unit 111 of the RFID tag 100 sets its own count value N to a count value M + 1 (64 bits) obtained by decryption.
  • the count value of the RFID tag 100 becomes a count value M + 1 (64 bits) obtained by decoding.
  • the main control unit 111 of the RFID tag 100 acquires the detection value of the sensor 30.
  • the detected value is 16-bit S (16 bits).
  • the main control unit 111 of the RFID tag 100 increments the count value (M + 1 (64 bits)) to M + 2 (64 bits).
  • the encryption unit 112 encrypts the count value M + 2 (64 bits) with a common key to generate an encryption value 2 (64 bits).
  • the encryption value 2 (64 bits) is an example of the second encryption value.
  • the logical operation unit 115 calculates the exclusive OR of the detection value S (16 bits) of the sensor 30 and the encryption value 2 (64 bits), and outputs the encryption value S (16 bits).
  • the encryption value S (16 bits) is an example of the encryption detection value.
  • the encryption unit 112 encrypts the encryption value S (16 bits) with the count value M + 2 (64 bits) to generate an encryption value 3 (64 bits).
  • the encryption value 3 (64 bits) is an example of a third encryption value.
  • the main control unit 111 transmits the encryption value S (16 bits) and the encryption value 3 (upper 8 bits), which is the first (upper) 8 bits of the encryption value 3 (64 bits), to the R / W 50 via the communication unit 116. Send.
  • the R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2.
  • the encryption unit 62 encrypts the incremented count value M + 2 with a common key to generate a 64-bit encrypted value 4 (64 bits).
  • the encryption value 4 (64 bits) is an example of a fourth encryption value.
  • the encryption value 4 (64 bits) is equal to the encryption value 2 (64 bits) generated by encrypting the M + 2 obtained by the RFID tag 100 from the R / W 50 by incrementing the count value M + 1 with a common key.
  • the logical operation unit 65 sets the encryption value S (16 bits) received from the RFID tag 100 and the encryption value 4 (64 bits).
  • the detection value S (16 bits) is extracted from the encryption value S (16 bits) by taking the exclusive OR with
  • the encryption unit 62 encrypts the detection value S (16 bits) extracted by the logical operation unit 65 with the count value M + 2 to generate an encryption value 5 (64 bits).
  • the encryption value 5 (64 bits) is an example of a fifth encryption value.
  • the authentication unit 64 compares the encryption value 5 (64 bits) encrypted by the encryption unit 62 with the encryption value 3 (upper 8 bits) received from the RFID tag 100, and compares the upper 8 bits of the encryption value 5 (64 bits) with the encryption value 5 (64 bits). If they match (the match is established), it is determined that the authentication of the RFID tag 100 has been established.
  • the encryption value 3 (64 bits) is an encryption value generated by the encryption unit 112 of the RFID tag 100 encrypting the encryption value S (16 bits) with the count value M + 2 (64 bits), and the encryption value 5 (64 bits) is R (64 bits). Since the detection value S (16 bits) extracted by the logical operation unit 65 of / W50 is an encryption value obtained by encrypting the detection value S (16 bits) with the count value M + 2, if the upper 8 bits match, the common key and the counter value are This is because they match and are considered to be valid (regular) RFID tags 100. The legitimate (regular) refers to being assigned in the communication system 10 as its own communication partner.
  • the main control unit 61 adopts the detected value S (16 bits) as the detected value of the sensor 30, and transmits the detected value to the host machine.
  • the host device is a server or the like that collects the detection values of the sensor 30.
  • FIG. 3 is a flowchart showing a mutual authentication process executed by the R / W 50.
  • FIG. 4 is a flowchart illustrating a mutual authentication process performed by the RFID tag 100.
  • the processing of the R / W 50 and the RFID tag 100 will be described using both FIG. 3 and FIG.
  • the main controller 61 increments the count value (step S1). As a result, the count value of the R / W 50 becomes M + 1 (64 bits) of 64 bits.
  • the encryption unit 62 encrypts the count value M + 1 (64 bits) with the common key to generate an encryption value 1 (64 bits) (step S2).
  • the main control unit 61 transmits the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits), which is the lower 16 bits of the count value M + 1 (64 bits), to the RFID tag 100 (step S3).
  • the R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2 (step S4).
  • the encryption unit 62 encrypts the incremented count value M + 2 with the common key to generate a 64-bit encrypted value 4 (64 bits) (step S5).
  • the main control unit 111 of the RFID tag 100 receives the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits) (step S21).
  • the decryption unit 113 decrypts the encryption value 1 (64 bits) with the common key and generates the count value M + 1 (64 bits) (Step S22).
  • the authentication unit 114 compares the lower 16 bits of the count value M + 1 (64 bits) obtained by the decryption with the received count value M + 1 (lower 16 bits) and determines the coincidence (step S23).
  • the authentication unit 114 determines whether the R / W50 authentication has been established (step S24). The authentication unit 114 determines that the authentication has been established because the count value M + 1 (64 bits) obtained by the decryption is equal to or greater than the 64-bit count value N of the RFID tag 100. And the difference between the count values is equal to or less than a predetermined value.
  • the main control unit 111 sets the count value N to the count value M + 1 (64 bits) obtained by decoding, and further increments the count value. (Step S25). Thereby, the count value of the RFID tag 100 becomes the count value M + 2 (64 bits).
  • the encryption unit 112 encrypts the count value M + 2 (64 bits) with the common key to generate an encryption value 2 (64 bits) (step S26).
  • the main control unit 111 of the RFID tag 100 acquires the detection value S (16 bits) of the sensor 30 (Step S27).
  • the logical operation unit 115 calculates an exclusive OR of the detection value S (16 bits) of the sensor 30 and the encryption value 2 (64 bits), and outputs the encryption value S (16 bits) (step S28).
  • the encryption unit 112 encrypts the encryption value S (16 bits) with the count value M + 2 (64 bits) to generate an encryption value 3 (64 bits) (step S29).
  • the main control unit 111 transmits the encryption value S (16 bits) and the encryption value 3 (upper 8 bits), which is the first (upper) 8 bits of the encryption value 3 (64 bits), to the R / W 50 via the communication unit 116. It transmits (step S30).
  • the main control unit 61 of the R / W 50 receives the encryption value S (16 bits) and the encryption value 4 (upper 8 bits) via the communication unit 66 (step S6).
  • the logical operation unit 65 calculates the exclusive OR of the encryption value S (16 bits) received from the RFID tag 100 and the encryption value 4 (64 bits) to convert the detection value S (16 bits) from the encryption value S (16 bits). Take it out (step S7).
  • the encryption unit 62 encrypts the detection value S (16 bits) extracted by the logical operation unit 65 with the count value M + 2 to generate an encryption value 5 (64 bits) (step S8).
  • the authentication unit 64 compares the encryption value 5 (64 bits) encrypted by the encryption unit 62 with the encryption value 3 (upper 8 bits) received from the RFID tag 100, and determines the coincidence (step S9).
  • the authentication unit 64 matches the upper 8 bits of the encryption value 5 (64 bits) (if the matching is established), the authentication unit 64 determines that the authentication of the RFID tag 100 has been established, and the main control unit 61 determines the detection value S ( 16 bits) is transmitted to the host machine (step S10).
  • step S11 the main control unit 61 stops the operation (step S11). Then, the main controller 61 advances the flow to step S12.
  • step S12 the main control unit 61 determines whether a series of processing ends (step S12).
  • the series of processing ends when, for example, the power of the R / W 50 is turned off.
  • the main control unit 61 When determining that the series of processing is not to be ended (S12: NO), the main control unit 61 returns the flow to step S1, and ends the series of processing when determining to end the series of processing (S12: YES). (End).
  • the communication is performed based on one communication from the R / W 50 to the RFID tag 100.
  • the RFID tag 100 authenticates the R / W 50, and the R / W 50 can authenticate the RFID tag 100 based on one communication from the RFID tag 100 to the R / W 50.
  • the mode in which the R / W 50 is the lower 16 bits of the count value M + 1 (64 bits) is transmitted to the RFID tag 100.
  • the present invention is not limited to 16 bits, and is not limited to the lower bits. It is sufficient if a plurality of consecutive bits of. Alternatively, all 64 bits may be transmitted.
  • the detection value S is 16 bits.
  • the number of bits of the detection value is not limited to 16 bits, and may be, for example, 8 bits.
  • the mode in which the RFID tag 100 transmits the upper 8 bits of the encryption value 3 (64 bits) to the R / W 50 has been described.
  • the present invention is not limited to 8 bits and is not limited to the upper bits. What is necessary is just a plurality of continuous bits. Alternatively, all 64 bits may be transmitted.
  • the RFID tag 100 when the RFID tag 100 authenticates the R / W 50, the RFID tag 100 decrypts the encryption value 1 (64 bits) obtained by encrypting the count value M + 1 (64 bits) with the common key by the R / W 50. As shown in FIG. 5, the RFID tag 100 encrypts the encrypted value 1 (64 bits) obtained by decrypting the count value M + 1 (64 bits) with the common key by the R / W 50, as shown in FIG. It may be.
  • the process of the R / W 50 and the RFID tag 100 shown in FIG. 5 is the same as the process shown in FIG. 2 except that the process of authenticating the R / W 50 by the RFID tag 100 is switched between encryption and decryption as described above. The same is true.
  • the RFID tag 100 authenticates the R / W 50 based on one communication from the R / W 50 to the RFID tag 100, and performs the authentication based on one communication from the RFID tag 100 to the R / W 50.
  • the R / W 50 can authenticate the RFID tag 100, and can provide a mutual authentication method and the communication system 10 that can perform authentication in a short time.
  • the RFID tag 100 When performing the processing shown in FIG. 5, the RFID tag 100 performs encryption when the RFID tag 100 authenticates the R / W 50, and also encrypts when the R / W 50 authenticates the RFID tag 100. Will be done.
  • control device 110 of the RFID tag 100 does not need to include the decoding unit 113, so that the control device 110 of the RFID tag 100 can be simplified and the cost can be reduced. Since the control device 60 of the R / W 50 performs the decoding process, the control device 60 may further include a decoding unit.
  • the process of authenticating the R / W 50 by the RFID tag 100 is the same as in FIG. In the process in which the R / W 50 authenticates the RFID tag 100, since there is no detected value in the RFID tag 100, the process of calculating the exclusive OR as shown in FIG. 2 is unnecessary, and the following process is performed. Just do it.
  • the main control unit 111 of the RFID tag 100 increments the count value (M + 1 (64 bits)) to M + 2 (64 bits), and the encryption unit 112 encrypts the count value M + 2 (64 bits) with a common key. Then, an encryption value 2 (64 bits) is generated.
  • the R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2. If the count value M + 2 (64 bits) obtained by decrypting the encrypted value 2 (64 bits) received from the RFID tag 100 with the common key matches the own count value M + 2 (64 bits), the R / W 50 determines whether the RFID tag 100 It is determined that the authentication is established.
  • the control device 60 has a configuration including a decoding unit.
  • the R / W 50 decrypts the count value M + 1 (64 bits) with a common key.
  • This processing is a modification in which the value 1 (64 bits) is encrypted by the RFID tag 100 using the common key.
  • the relationship between the mutual authentication process shown in FIG. 7 and the mutual authentication process shown in FIG. 6 is the same as the relationship between the mutual authentication process shown in FIG. 5 and the mutual authentication process shown in FIG.
  • the processing of the R / W 50 and the RFID tag 100 shown is the same as the processing shown in FIG. 6 except that the encryption and decryption of the processing performed by the RFID tag 100 to authenticate the R / W 50 are switched.
  • control device 110 of the RFID tag 100 does not need to include the decoding unit 113, so that the control device 110 of the RFID tag 100 can be simplified and the cost can be reduced. Since the control device 60 of the R / W 50 performs the decoding process, the control device 60 may further include a decoding unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are a mutual authentication method and a communication system capable of performing authentication within a short time. This mutual authentication method is used for a communication system including a first communication device and a second communication device having a shared key, where the first communication device and the second communication device each hold a first count value and a second count value representing the number of communications. The first communication device generates a first encrypted value by encrypting the first count value with the shared key, and transmits the first encrypted value and a first numerical value including at least a portion of the first count value to the second communication device. When the second communication device receives the first encrypted value and the first numerical value, the second communication device decrypts the first encrypted value with the shared key, determines whether there is a match between a first decrypted value obtained through the decryption and the first numerical value, and, when there is a match, determines that the first communication device is authenticated if the first decrypted value is equal to the second count value or is more advanced than the second count value.

Description

相互認証方法及び通信システムMutual authentication method and communication system
 本発明は、相互認証方法及び通信システムに関する。 << The present invention relates to a mutual authentication method and a communication system.
 従来より、通信路で接続された第1機器と第2機器とからなる通信システムにおいて相手が正当な機器であることを認証するための機器認証システムであって、前記第1機器は、前記第2機器の正当性を検証するための複数の検証関数を予め記憶している検証関数記憶手段と、第1チャレンジデータを生成し第2機器に送信する第1チャレンジデータ送信手段と、前記第1チャレンジデータに対応する第1レスポンスデータを前記第2機器から受信する第1レスポンスデータ受信手段と、前記第1チャレンジデータと前記第1レスポンスデータとが前記複数の検証関数のいずれかによって関連づけられるか否かを検証する第1検証手段と、前記第1検証手段が肯定的に検証した場合に前記第2機器の正当性を認証する第1認証手段とを備え、第2機器は、前記複数の検証関数それぞれに対応する複数の証明関数であって、自己の正当性を証明するためのものを予め記憶している証明関数記憶手段と、前記第1機器が送信した第1チャレンジデータを受信する第1チャレンジデータ受信手段と、前記複数の証明関数から1つを選択する証明関数選択手段と、前記証明関数選択手段が選択した証明関数に基づいて、前記第1チャレンジデータから第1レスポンスデータを生成し第1機器に送信する第1レスポンスデータ送信手段とを備えることを特徴とする機器認証システムがある。第2機器が第2機器の正当性を検証するには、上述とは逆の動作を行う(例えば、特許文献1参照)。 2. Description of the Related Art Conventionally, in a communication system including a first device and a second device connected via a communication path, a device authentication system for authenticating that a partner is a legitimate device, wherein the first device includes the first device A verification function storage unit that stores a plurality of verification functions for verifying the validity of the two devices in advance; a first challenge data transmission unit that generates first challenge data and transmits the first challenge data to the second device; First response data receiving means for receiving first response data corresponding to challenge data from the second device, and whether the first challenge data and the first response data are associated by any of the plurality of verification functions A first verification unit that verifies whether or not the second device is valid if the first verification unit verifies positively; The second device is a proof function storage unit that stores in advance a plurality of proof functions corresponding to the plurality of verification functions, respectively, for proving its own validity. First challenge data receiving means for receiving the obtained first challenge data, proof function selecting means for selecting one from the plurality of proof functions, and the first challenge data based on the proof function selected by the proof function selecting means. There is provided a device authentication system comprising: first response data transmitting means for generating first response data from challenge data and transmitting the generated first response data to the first device. In order for the second device to verify the validity of the second device, the operation reverse to the above is performed (for example, see Patent Document 1).
特開平10-224343号公報JP-A-10-224343
 ところで、従来の機器認証システムにおける正当性の検証方法(認証方法)では、第1機器と第2機器が互いに認証するには二往復のデータ通信が必要であるため、認証にかかる通信時間が長いという課題がある。 By the way, in the method of verifying the validity (authentication method) in the conventional device authentication system, the first device and the second device need two round-trip data communication to authenticate each other, and thus the communication time required for authentication is long. There is a problem that.
 そこで、認証を短時間で行うことができる相互認証方法及び通信システムを提供することを目的とする。 Therefore, an object of the present invention is to provide a mutual authentication method and a communication system capable of performing authentication in a short time.
 本発明の実施の形態の相互認証方法は、共通鍵を有する第1通信機と第2通信機とを含み、前記第1通信機及び前記第2通信機が通信回数を表す第1カウント値及び第2カウント値をそれぞれ保持する通信システムにおける相互認証方法であって、前記第1通信機は、前記共通鍵で前記第1カウント値を暗号化して第1暗号値を生成し、前記第1暗号値と、前記第1カウント値の少なくとも一部分を含む第1数値とを前記第2通信機に送信し、前記第2通信機は、前記第1暗号値及び前記第1数値を受信すると、前記共通鍵で前記第1暗号値を復号化し、前記復号化で得る第1復号値と前記第1数値との一致性を判定し、前記一致性が成立する場合に、前記第1復号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいれば、第1通信機の認証が成立したと判定する。 A mutual authentication method according to an embodiment of the present invention includes a first communication device having a common key and a second communication device, wherein the first communication device and the second communication device have a first count value indicating the number of times of communication, and A mutual authentication method in a communication system holding a second count value, wherein the first communication device encrypts the first count value with the common key to generate a first encryption value, and generates the first encryption value. A value and a first numerical value including at least a part of the first count value to the second communication device, and the second communication device, upon receiving the first encrypted value and the first numerical value, Decrypting the first encrypted value with a key, determining consistency between the first decrypted value obtained by the decryption and the first numerical value, and determining that the first decrypted value is the first 2 is equal to or greater than the second count value. Put it in, it is determined that the authentication of the first communication device is established.
 認証を短時間で行うことができる相互認証方法及び通信システムを提供することができる。 (4) It is possible to provide a mutual authentication method and a communication system capable of performing authentication in a short time.
相互認証方法を実行する通信システム10を示す図である。FIG. 1 is a diagram illustrating a communication system 10 that executes a mutual authentication method. R/W50及びRFIDタグ100が行う認証処理を示すタスク図である。FIG. 4 is a task diagram showing an authentication process performed by the R / W 50 and the RFID tag 100. R/W50が実行する相互認証処理を表すフローチャートを示す図である。FIG. 5 is a diagram showing a flowchart illustrating a mutual authentication process executed by the R / W 50. RFIDタグ100が実行する相互認証処理を表すフローチャートを示す図である。FIG. 4 is a diagram illustrating a flowchart illustrating a mutual authentication process performed by the RFID tag 100. 変形例におけるR/W50及びRFIDタグ100が行う認証処理を示すタスク図である。FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification. 変形例におけるR/W50及びRFIDタグ100が行う認証処理を示すタスク図である。FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification. 変形例におけるR/W50及びRFIDタグ100が行う認証処理を示すタスク図である。FIG. 9 is a task diagram illustrating an authentication process performed by an R / W and an RFID tag according to a modification.
 以下、本発明の相互認証方法及び通信システムを適用した実施の形態について説明する。 Hereinafter, embodiments to which the mutual authentication method and the communication system of the present invention are applied will be described.
 <実施の形態>
 図1は、相互認証方法を実行する通信システム10を示す図である。通信システム10は、R/W(リーダライタ)50とRFIDタグ100を含む。R/W50は、第1通信機の一例であり、RFIDタグ100は、第2通信機の一例である。RFIDタグ100には、センサ30が接続されている。 <Embodiment>
FIG. 1 is a diagram illustrating a communication system 10 that performs a mutual authentication method. The communication system 10 includes an R / W (reader / writer) 50 and an RFID tag 100. The R / W 50 is an example of a first communication device, and the RFID tag 100 is an example of a second communication device. The sensor 30 is connected to the RFID tag 100.
 以下では、R/W50とRFIDタグ100が1個ずつ存在する形態について説明するが、1個のR/W50が複数のRFIDタグ100と通信を行う形態であってよい。 In the following, a mode in which one R / W 50 and one RFID tag 100 exist will be described, but a mode in which one R / W 50 communicates with a plurality of RFID tags 100 may be used.
 また、一例として、センサ30が応力センサである場合には、RFIDタグ100は、橋梁や斜面等に設置され、センサ30が検出する応力を表すデータを暗号化してR/W50に送信する。R/W50は、センサ30の検出値を取得することができる。なお、このような用途は一例であり、様々な種類のセンサをセンサ30として用いることにより、RFIDタグ100を介してR/W50で様々な検出値を取得することができる。 As an example, when the sensor 30 is a stress sensor, the RFID tag 100 is installed on a bridge, a slope, or the like, encrypts data representing the stress detected by the sensor 30, and transmits the encrypted data to the R / W 50. The R / W 50 can acquire the detection value of the sensor 30. Note that such an application is an example, and by using various types of sensors as the sensor 30, various detection values can be obtained by the R / W 50 via the RFID tag 100.
 R/W50は、制御装置60、アンテナ70、及びメモリ80を有する。 The R / W 50 includes a control device 60, an antenna 70, and a memory 80.
 制御装置60は、CPU(Central Processing Unit)、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、入出力インターフェース、及び内部バス等を含むコンピュータによって実現される。 The control device 60 is realized by a computer including a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), an input / output interface, an internal bus, and the like.
 制御装置60は、主制御部61、暗号部62、認証部64、論理演算部65、及び通信部66を有する。制御部61、暗号部62、認証部64、論理演算部65、及び通信部66は、制御装置60が実行するプログラムの機能(ファンクション)を機能ブロックとして示したものである。また、メモリ80は、制御装置60のメモリを機能的に表したものである。 The control device 60 includes a main control unit 61, an encryption unit 62, an authentication unit 64, a logical operation unit 65, and a communication unit 66. The control unit 61, the encryption unit 62, the authentication unit 64, the logical operation unit 65, and the communication unit 66 show, as functional blocks, the functions of the programs executed by the control device 60. The memory 80 functionally represents the memory of the control device 60.
 主制御部61は、制御装置60の処理を統括する制御部であり、暗号部62、認証部64、論理演算部65、及び通信部66が行う処理以外の処理を実行する。主制御部61は、例えば、カウンタの機能を有し、R/W50が通信を行う度に、通信回数を表すカウント値をインクリメントする。また、主制御部61は、RFIDタグ100にカウント値や暗号等のデータを送信する処理を通信部66に行わせる。また、主制御部61は、RFIDタグ100からカウント値や暗号等のデータを受信する処理を通信部66に行わせ、受信したデータを暗号部62に伝送する。主制御部61がカウントするカウント値は、第1カウント値の一例である。 The main control unit 61 is a control unit that controls the processing of the control device 60, and executes processing other than the processing performed by the encryption unit 62, the authentication unit 64, the logical operation unit 65, and the communication unit 66. The main controller 61 has, for example, a counter function, and increments a count value indicating the number of times of communication each time the R / W 50 performs communication. Further, the main control unit 61 causes the communication unit 66 to perform a process of transmitting data such as a count value and encryption to the RFID tag 100. Further, the main control unit 61 causes the communication unit 66 to perform processing of receiving data such as a count value and encryption from the RFID tag 100, and transmits the received data to the encryption unit 62. The count value counted by the main control unit 61 is an example of a first count value.
 暗号部62は、RFIDタグ100に送信するデータ等を暗号化する。暗号部62は、一例として、Present 80 Encryption によるデータの暗号化処理を行う。Present 80 Encryptionは、共通鍵を使った暗号化手法である。 The encryption unit 62 encrypts data and the like transmitted to the RFID tag 100. The encryption unit 62 performs, for example, data encryption processing using Present {80} Encryption}. Present 80 Encryption is an encryption method using a common key.
 認証部64は、RFIDタグ100から受信する暗号やカウント値等に基づいて、RFIDタグ100の認証処理を行う。認証処理の詳細については、図2を用いて後述する。 (4) The authentication unit 64 performs an authentication process of the RFID tag 100 based on the encryption, the count value, and the like received from the RFID tag 100. Details of the authentication processing will be described later with reference to FIG.
 論理演算部65は、RFIDタグ100から受信する暗号値と、暗号部62が生成する暗号値との排他的論理和(EXOR)を演算する。この処理の詳細については図2を用いて後述する。 The logical operation unit 65 calculates an exclusive OR (EXOR) of the encryption value received from the RFID tag 100 and the encryption value generated by the encryption unit 62. Details of this processing will be described later with reference to FIG.
 通信部66は、RFIDタグ100との通信用のアンテナ70が接続されている。通信部66は、主制御部61からの指令に従って、RFIDタグ100にデータを送信する処理と、RFIDタグ100からデータを受信する処理とを行う。 The communication unit 66 is connected to an antenna 70 for communication with the RFID tag 100. The communication unit 66 performs a process of transmitting data to the RFID tag 100 and a process of receiving data from the RFID tag 100 according to a command from the main control unit 61.
 アンテナ70は、RFIDタグ100と無線通信を行えるアンテナであればよい。アンテナ70は、通信部66に接続されており、RFIDタグ100に送信するデータ等を含む信号を放射し、RFIDタグ100から返信されるデータ等を含む信号を受信する。 The antenna 70 may be any antenna that can perform wireless communication with the RFID tag 100. The antenna 70 is connected to the communication unit 66, radiates a signal including data and the like to be transmitted to the RFID tag 100, and receives a signal including data and the like returned from the RFID tag 100.
 メモリ80は、R/W50が認証処理を行うために必要なプログラムやデータ等を格納する。また、メモリ80は、主制御部61がカウントするカウント値を一時的に保持する。また、メモリ80は、R/W50及びRFIDタグ100が暗号化や複合化等に用いる共通鍵を格納する。 The memory 80 stores programs, data, and the like necessary for the R / W 50 to perform the authentication process. Further, the memory 80 temporarily holds the count value counted by the main control unit 61. The memory 80 stores a common key used by the R / W 50 and the RFID tag 100 for encryption, decryption, and the like.
 RFIDタグ100は、制御装置110、アンテナ120、及びメモリ130を有する。RFIDタグ100は、一例として、R/W50から送信される信号をアンテナ120で受信すると、受信した電力で作動し、演算処理等を行って、R/W50にデータを送信(返信)する。 The RFID tag 100 has a control device 110, an antenna 120, and a memory 130. As an example, when a signal transmitted from the R / W 50 is received by the antenna 120, the RFID tag 100 operates with the received power, performs arithmetic processing, and transmits (replies) data to the R / W 50.
 制御装置110は、IC(Integrated Circuit)チップによって実現される。 The control device 110 is realized by an IC (Integrated Circuit) chip.
 制御装置110は、主制御部111、暗号部112、復号部113、認証部114、論理演算部115、及び通信部116を有する。主制御部111、暗号部112、復号部113、認証部114、論理演算部115、及び通信部116は、制御装置110が実行するプログラムの機能(ファンクション)を機能ブロックとして示したものである。また、メモリ130は、制御装置110のメモリを機能的に表したものである。 The control device 110 includes a main control unit 111, an encryption unit 112, a decryption unit 113, an authentication unit 114, a logical operation unit 115, and a communication unit 116. The main control unit 111, the encryption unit 112, the decryption unit 113, the authentication unit 114, the logical operation unit 115, and the communication unit 116 show, as functional blocks, the functions of the programs executed by the control device 110. The memory 130 is a functional representation of the memory of the control device 110.
 主制御部111は、制御装置110の処理を統括する制御部であり、暗号部112、復号部113、認証部114、論理演算部115、及び通信部116が行う処理以外の処理を実行する。主制御部111は、例えば、カウンタの機能を有し、RFIDタグ100が通信を行う度に、通信回数を表すカウント値をインクリメントする。また、主制御部111は、R/W50にカウント値や暗号等のデータを送信する処理を通信部116に行わせる。また、主制御部111は、R/W50からカウント値や暗号等のデータを受信する処理を通信部116に行わせ、受信したデータを暗号部112、復号部113に伝送する。主制御部111がカウントするカウント値は、第1カウント値の一例である。 The main control unit 111 is a control unit that controls the processing of the control device 110, and executes processing other than the processing performed by the encryption unit 112, the decryption unit 113, the authentication unit 114, the logical operation unit 115, and the communication unit 116. The main control unit 111 has, for example, a function of a counter, and increments a count value indicating the number of times of communication each time the RFID tag 100 performs communication. The main control unit 111 also causes the communication unit 116 to perform a process of transmitting data such as a count value and encryption to the R / W 50. Further, the main control unit 111 causes the communication unit 116 to perform a process of receiving data such as a count value and encryption from the R / W 50, and transmits the received data to the encryption unit 112 and the decryption unit 113. The count value counted by the main control unit 111 is an example of a first count value.
 暗号部112は、R/W50に送信するデータ等を暗号化する。暗号部112は、一例として、Present 80 Encryption によるデータの暗号化処理を行う。 (4) The encryption unit 112 encrypts data and the like to be transmitted to the R / W 50. The encryption unit 112 performs, for example, data encryption processing using Present {80} Encryption}.
 復号部113は、R/W50から受信するデータ等を復号化する。復号部113は、一例として、Present 80 Decryption によるデータの復号化処理を行う。Present 80 Decryptionは、共通鍵を使った復号化手法である。 The decoding unit 113 decodes data and the like received from the R / W 50. As an example, the decryption unit 113 performs data decryption processing using Present {80} Decryption}. Present \ 80 \ Decryption is a decryption method using a common key.
 認証部114は、R/W50から受信する暗号やカウント値等に基づいて、R/W50の認証処理を行う。認証処理の詳細については、図2を用いて後述する。 (4) The authentication unit 114 performs an authentication process on the R / W 50 based on the encryption, the count value, and the like received from the R / W 50. Details of the authentication processing will be described later with reference to FIG.
 論理演算部115は、センサ30の検出値と、暗号部112が生成する暗号値との排他的論理和(EXOR)を演算する。この処理の詳細については図2を用いて後述する。 The logical operation unit 115 calculates an exclusive OR (EXOR) of the detection value of the sensor 30 and the encryption value generated by the encryption unit 112. Details of this processing will be described later with reference to FIG.
 通信部116は、R/W50との通信用のアンテナ120が接続されている。通信部116は、主制御部111からの指令に従って、R/W50にデータを送信する処理と、R/W50からデータを受信する処理とを行う。 The communication unit 116 is connected to an antenna 120 for communication with the R / W 50. The communication unit 116 performs a process of transmitting data to the R / W 50 and a process of receiving data from the R / W 50 in accordance with a command from the main control unit 111.
 アンテナ120は、R/W50と無線通信を行えるアンテナであればよい。アンテナ120は、通信部116に接続されており、R/W50から送信されるデータ等を含む信号を受信し、R/W50に返信するデータ等を含む信号を放射する。 The antenna 120 may be any antenna that can perform wireless communication with the R / W 50. The antenna 120 is connected to the communication unit 116, receives a signal including data transmitted from the R / W 50, and radiates a signal including data returned to the R / W 50.
 メモリ130は、RFIDタグ100が認証処理を行うために必要なプログラムやデータ等を格納する。また、メモリ130は、主制御部111がカウントするカウント値を一時的に保持する。また、メモリ130は、R/W50及びRFIDタグ100が暗号化や複合化等に用いる共通鍵を格納する。 The memory 130 stores programs, data, and the like necessary for the RFID tag 100 to perform the authentication process. Further, the memory 130 temporarily holds the count value counted by the main control unit 111. Further, the memory 130 stores a common key used by the R / W 50 and the RFID tag 100 for encryption and decryption.
 ここで、R/W50のカウント値は、RFIDタグ100のカウント値以上である。R/W50及びRFIDタグ100は、R/W50及びRFIDタグ100の間で通信を行う度に、カウント値をインクリメントする。このため、R/W50及びRFIDタグ100の間の通信が異常がなく、R/W50及びRFIDタグ100が送信/受信を毎回正常に行えている場合には、R/W50及びRFIDタグ100のカウント値は等しくなる。異常とは、例えば、R/W50が信号を送信しても、ノイズ等によってRFIDタグ100が受信できないような状態である。 Here, the count value of the R / W 50 is equal to or greater than the count value of the RFID tag 100. The R / W 50 and the RFID tag 100 increment the count value each time communication is performed between the R / W 50 and the RFID tag 100. Therefore, if there is no abnormality in the communication between the R / W 50 and the RFID tag 100 and the R / W 50 and the RFID tag 100 can perform transmission / reception normally each time, the counting of the R / W 50 and the RFID tag 100 is performed. The values will be equal. The abnormality is, for example, a state in which the RFID tag 100 cannot receive the signal due to noise or the like even if the R / W 50 transmits a signal.
 ところで、通信に異常が生じると、RFIDタグ100はR/W50から送信された信号がR/W50から送信されたことを認識できない状況が生じる。 By the way, if an error occurs in the communication, the RFID tag 100 cannot recognize that the signal transmitted from the R / W 50 has been transmitted from the R / W 50.
 この場合には、R/W50のカウント値はインクリメントされるが、RFIDタグ100のカウント値はインクリメントされない。このため、R/W50のカウント値は、RFIDタグ100のカウント値よりも進む(多くなる)ことが有り得る。 In this case, the count value of the R / W 50 is incremented, but the count value of the RFID tag 100 is not incremented. Therefore, the count value of the R / W 50 may advance (increase) beyond the count value of the RFID tag 100.
 通信システム10では、R/W50及びRFIDタグ100のカウント値を認証に利用する。RFIDタグ100がR/W50を認証する際に、R/W50のカウント値がRFIDタグ100のカウント値以上であることが認証成立の1つの条件である。 The communication system 10 uses the count values of the R / W 50 and the RFID tag 100 for authentication. When the RFID tag 100 authenticates the R / W 50, one condition for establishing the authentication is that the count value of the R / W 50 is equal to or greater than the count value of the RFID tag 100.
 ただし、R/W50のカウント値がRFIDタグ100のカウント値よりもあまりにも多い場合には、正常に完了しなかった通信の回数が多いことになる。 However, if the count value of the R / W 50 is much larger than the count value of the RFID tag 100, the number of communications that have not been completed normally is large.
 このため、R/W50のカウント値がRFIDタグ100のカウント値よりも進んでいる場合には、R/W50のカウント値と、RFIDタグ100のカウント値との差が所定値以下である場合に、認証を成立させることとする。なお、所定値は、一例として50である。 Therefore, when the count value of the R / W 50 is ahead of the count value of the RFID tag 100, the difference between the count value of the R / W 50 and the count value of the RFID tag 100 is equal to or smaller than a predetermined value. In this case, authentication is established. The predetermined value is 50 as an example.
 なお、RFIDタグ100が、本来信号を受信する対象ではないリーダライタ(R/W50とは別の同様のリーダライタ)が送信した信号を受信すると、本来信号を受信する対象であるR/W50のカウント値よりもRFIDタグ100のカウント値が進む場合が有り得る。このため、RFIDタグ100のカウント値がR/W50のカウント値よりも進んでいる場合には、認証は不成立となる。 When the RFID tag 100 receives a signal transmitted by a reader / writer (another similar reader / writer different from the R / W50) that is not a target of receiving a signal, the RFID tag 100 of the R / W50 that is a target of receiving the signal is received. The count value of the RFID tag 100 may be higher than the count value. Therefore, if the count value of the RFID tag 100 is ahead of the count value of the R / W 50, the authentication is not established.
 図2は、R/W50及びRFIDタグ100が行う認証処理を示すタスク図である。 FIG. 2 is a task diagram showing an authentication process performed by the R / W 50 and the RFID tag 100.
 まず、初期状態において、R/W50のカウント値が64ビットのM(64bit)であることとする。R/W50の制御部61はカウント値をインクリメントしM+1(64bit)とする。R/W50の暗号部62は、共通鍵を用いてインクリメントしたカウント値M+1(64bit)を暗号化して、暗号値1(64bit)を生成する。 First, in the initial state, it is assumed that the count value of the R / W 50 is M (64 bits) of 64 bits. The control unit 61 of the R / W 50 increments the count value to M + 1 (64 bits). The encryption unit 62 of the R / W 50 encrypts the incremented count value M + 1 (64 bits) using the common key to generate an encryption value 1 (64 bits).
 そして、R/W50は、暗号値1(64bit)と、カウント値M+1(64bit)のうちの下位16ビットであるカウント値M+1(下位16bit)とをRFIDタグ100に送信する。 Then, the R / W 50 transmits the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits) which is the lower 16 bits of the count value M + 1 (64 bits) to the RFID tag 100.
 なお、暗号値1(64bit)は、第1暗号値の一例であり、カウント値M+1(下位16bit)は、第1数値の一例である。また、カウント値M+1(64bit)のうちの下位16ビット(カウント値M+1(下位16bit))のみをRFIDタグ100に送信することにより、通信データ容量を小さくすることができる。 {Note that the encryption value 1 (64 bits) is an example of a first encryption value, and the count value M + 1 (lower 16 bits) is an example of a first numerical value. Also, by transmitting only the lower 16 bits (count value M + 1 (lower 16 bits)) of the count value M + 1 (64 bits) to the RFID tag 100, the communication data capacity can be reduced.
 RFIDタグ100が暗号値1(64bit)及びカウント値M+1(下位16bit)を受信すると、復号部113は、共通鍵で暗号値1(64bit)を復号化し、認証部114は、復号化で得るカウント値M+1(64bit)の下位16ビットと、受信したカウント値M+1(下位16bit)とを比較し、一致性を判定する。ここで、復号化で得るカウント値M+1(64bit)は、第1復号値の一例である。 When the RFID tag 100 receives the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits), the decryption unit 113 decrypts the encryption value 1 (64 bits) with the common key, and the authentication unit 114 determines the count obtained by decryption. The lower 16 bits of the value M + 1 (64 bits) are compared with the received count value M + 1 (lower 16 bits) to determine coincidence. Here, the count value M + 1 (64 bits) obtained by decoding is an example of a first decoded value.
 復号化で得るカウント値M+1(64bit)のすべてのビット(64ビット)を比較しなくても、下位16ビット同士の比較で十分であるため、下位16ビット同士のみを比較するようにしている。また、これにより、通信データ容量を小さくすることができる。 (4) Even if all bits (64 bits) of the count value M + 1 (64 bits) obtained by decoding are not compared, it is sufficient to compare lower 16 bits. Therefore, only lower 16 bits are compared. In addition, this makes it possible to reduce the communication data capacity.
 ここで、一致性を判定し、一致することは、一致性が成立することである。ここでは、下位16ビット同士のように一部の連続するビット同士が一致する場合に、一致性が成立することになる。なお、一致性の判定は、全ビット同士で行ってもよく、この場合には、全ビット同士が一致する場合に、一致性が成立することになる。 Here, the determination of the coincidence and the coincidence means that the coincidence is established. Here, when a part of consecutive bits coincide with each other, such as the lower 16 bits, the coincidence is established. It should be noted that the matching may be determined for all bits. In this case, when all bits match, the matching is established.
 認証部114は、下位16ビット同士の値が一致する場合に、復号化で得るカウント値M+1(64bit)が、RFIDタグ100の64ビットのカウント値Nと等しいか、又は、カウント値Nよりも進んでおり、かつ、カウント値の差が所定値以下であれば、R/W50の認証が成立したと判定する。 If the values of the lower 16 bits match, the authentication unit 114 determines that the count value M + 1 (64 bits) obtained by decoding is equal to the 64-bit count value N of the RFID tag 100 or is smaller than the count value N. If the count has been advanced and the difference between the count values is equal to or smaller than a predetermined value, it is determined that the R / W50 authentication has been established.
 R/W50のカウント値は、RFIDタグ100のカウント値以上である。このため、R/W50のカウント値(復号化で得るカウント値M+1(64bit))と、RFIDタグ100のカウント値Nとが等しい場合には、R/W50及びRFIDタグ100のカウント値は正常であり、R/W50の認証が成立したこととする。 The count value of R / W50 is equal to or greater than the count value of the RFID tag 100. Therefore, when the count value of the R / W 50 (the count value M + 1 (64 bits) obtained by decoding) and the count value N of the RFID tag 100 are equal, the count values of the R / W 50 and the RFID tag 100 are normal. It is assumed that R / W50 authentication has been established.
 また、R/W50のカウント値(復号化で得るカウント値M+1(64bit))がRFIDタグ100のカウント値Nよりも多い場合に、その差が所定値以下である場合にも、R/W50及びRFIDタグ100のカウント値は正常であり、R/W50の認証が成立したこととする。なお、所定値は、一例として50である。 Further, when the count value of the R / W 50 (the count value M + 1 (64 bits) obtained by decoding) is larger than the count value N of the RFID tag 100, and when the difference is equal to or less than a predetermined value, the R / W 50 and It is assumed that the count value of the RFID tag 100 is normal and that the R / W50 authentication has been established. The predetermined value is 50 as an example.
 RFIDタグ100の主制御部111は、認証が成立すると、自己のカウント値Nを、復号化で得るカウント値M+1(64bit)に設定する。これにより、RFIDタグ100のカウント値は、復号化で得るカウント値M+1(64bit)になる。 When the authentication is established, the main control unit 111 of the RFID tag 100 sets its own count value N to a count value M + 1 (64 bits) obtained by decryption. Thus, the count value of the RFID tag 100 becomes a count value M + 1 (64 bits) obtained by decoding.
 次に、RFIDタグ100の主制御部111は、センサ30の検出値を取得する。検出値は、16ビットのS(16bit)である。 Next, the main control unit 111 of the RFID tag 100 acquires the detection value of the sensor 30. The detected value is 16-bit S (16 bits).
 また、RFIDタグ100の主制御部111は、カウント値(M+1(64bit))をインクリメントし、M+2(64bit)にする。暗号部112は、カウント値M+2(64bit)を共通鍵で暗号化して、暗号値2(64bit)を生成する。暗号値2(64bit)は、第2暗号値の一例である。 (5) The main control unit 111 of the RFID tag 100 increments the count value (M + 1 (64 bits)) to M + 2 (64 bits). The encryption unit 112 encrypts the count value M + 2 (64 bits) with a common key to generate an encryption value 2 (64 bits). The encryption value 2 (64 bits) is an example of the second encryption value.
 次に、論理演算部115は、センサ30の検出値S(16bit)と、暗号値2(64bit)との排他的論理和を演算し、暗号値S(16bit)を出力する。暗号値S(16bit)は、暗号検出値の一例である。 Next, the logical operation unit 115 calculates the exclusive OR of the detection value S (16 bits) of the sensor 30 and the encryption value 2 (64 bits), and outputs the encryption value S (16 bits). The encryption value S (16 bits) is an example of the encryption detection value.
 暗号部112は、暗号値S(16bit)をカウント値M+2(64bit)で暗号化して、暗号値3(64bit)を生成する。暗号値3(64bit)は、第3暗号値の一例である。 The encryption unit 112 encrypts the encryption value S (16 bits) with the count value M + 2 (64 bits) to generate an encryption value 3 (64 bits). The encryption value 3 (64 bits) is an example of a third encryption value.
 そして、主制御部111は、暗号値S(16bit)と、暗号値3(64bit)の先頭(上位)8ビットである暗号値3(上位8bit)とを通信部116を介してR/W50に送信する。 Then, the main control unit 111 transmits the encryption value S (16 bits) and the encryption value 3 (upper 8 bits), which is the first (upper) 8 bits of the encryption value 3 (64 bits), to the R / W 50 via the communication unit 116. Send.
 R/W50は、受信モードになり、カウント値(M+1)をインクリメントしてM+2にする。 The R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2.
 暗号部62は、インクリメントしたカウント値M+2を共通鍵で暗号化し、64ビットの暗号値4(64bit)を生成する。暗号値4(64bit)は、第4暗号値の一例である。暗号値4(64bit)は、RFIDタグ100がR/W50から貰ったカウント値M+1をインクリメントしたM+2を共通鍵で暗号化して生成した暗号値2(64bit)と等しい。 The encryption unit 62 encrypts the incremented count value M + 2 with a common key to generate a 64-bit encrypted value 4 (64 bits). The encryption value 4 (64 bits) is an example of a fourth encryption value. The encryption value 4 (64 bits) is equal to the encryption value 2 (64 bits) generated by encrypting the M + 2 obtained by the RFID tag 100 from the R / W 50 by incrementing the count value M + 1 with a common key.
 R/W50が暗号値S(16bit)と、暗号値3(上位8bit)とを受信すると、論理演算部65は、RFIDタグ100から受信した暗号値S(16bit)と、暗号値4(64bit)との排他的論理和を取ることによって暗号値S(16bit)から検出値S(16bit)を取り出す。 When the R / W 50 receives the encryption value S (16 bits) and the encryption value 3 (upper 8 bits), the logical operation unit 65 sets the encryption value S (16 bits) received from the RFID tag 100 and the encryption value 4 (64 bits). The detection value S (16 bits) is extracted from the encryption value S (16 bits) by taking the exclusive OR with
 暗号部62は、論理演算部65によって取り出された検出値S(16bit)をカウント値M+2で暗号化して暗号値5(64bit)を生成する。暗号値5(64bit)は、第5暗号値の一例である。 The encryption unit 62 encrypts the detection value S (16 bits) extracted by the logical operation unit 65 with the count value M + 2 to generate an encryption value 5 (64 bits). The encryption value 5 (64 bits) is an example of a fifth encryption value.
 認証部64は、暗号部62によって暗号化された暗号値5(64bit)と、RFIDタグ100から受信した暗号値3(上位8bit)とを比較し、暗号値5(64bit)の上位8ビットと一致すれば(一致性が成立すれば)、RFIDタグ100の認証が成立したと判定する。 The authentication unit 64 compares the encryption value 5 (64 bits) encrypted by the encryption unit 62 with the encryption value 3 (upper 8 bits) received from the RFID tag 100, and compares the upper 8 bits of the encryption value 5 (64 bits) with the encryption value 5 (64 bits). If they match (the match is established), it is determined that the authentication of the RFID tag 100 has been established.
 暗号値3(64bit)は、RFIDタグ100の暗号部112が、暗号値S(16bit)をカウント値M+2(64bit)で暗号化して生成した暗号値であり、暗号値5(64bit)は、R/W50の論理演算部65によって取り出された検出値S(16bit)を暗号部62がカウント値M+2で暗号化した暗号値であるため、上位8ビット同士が一致すれば、共通鍵とカウンタ値が一致するので正当な(正規の)RFIDタグ100であると考えられるからである。正当な(正規の)とは、自己の通信相手として通信システム10において割り当てられていることをいう。 The encryption value 3 (64 bits) is an encryption value generated by the encryption unit 112 of the RFID tag 100 encrypting the encryption value S (16 bits) with the count value M + 2 (64 bits), and the encryption value 5 (64 bits) is R (64 bits). Since the detection value S (16 bits) extracted by the logical operation unit 65 of / W50 is an encryption value obtained by encrypting the detection value S (16 bits) with the count value M + 2, if the upper 8 bits match, the common key and the counter value are This is because they match and are considered to be valid (regular) RFID tags 100. The legitimate (regular) refers to being assigned in the communication system 10 as its own communication partner.
 主制御部61は、検出値S(16bit)をセンサ30の検出値として採用し、上位機に伝送する。上位機は、センサ30の検出値を収集するサーバ等である。 (4) The main control unit 61 adopts the detected value S (16 bits) as the detected value of the sensor 30, and transmits the detected value to the host machine. The host device is a server or the like that collects the detection values of the sensor 30.
 図3は、R/W50が実行する相互認証処理を表すフローチャートを示す図である。図4は、RFIDタグ100が実行する相互認証処理を表すフローチャートを示す図である。ここでは、図3及び図4をともに用いてR/W50とRFIDタグ100の処理を示す。 FIG. 3 is a flowchart showing a mutual authentication process executed by the R / W 50. FIG. 4 is a flowchart illustrating a mutual authentication process performed by the RFID tag 100. Here, the processing of the R / W 50 and the RFID tag 100 will be described using both FIG. 3 and FIG.
 処理がスタートすると、主制御部61は、カウント値をインクリメントする(ステップS1)。これにより、R/W50のカウント値は、64ビットのM+1(64bit)になる。 When the process starts, the main controller 61 increments the count value (step S1). As a result, the count value of the R / W 50 becomes M + 1 (64 bits) of 64 bits.
 暗号部62は、共通鍵でカウント値M+1(64bit)を暗号化して、暗号値1(64bit)を生成する(ステップS2)。 The encryption unit 62 encrypts the count value M + 1 (64 bits) with the common key to generate an encryption value 1 (64 bits) (step S2).
 主制御部61は、暗号値1(64bit)と、カウント値M+1(64bit)のうちの下位16ビットであるカウント値M+1(下位16bit)とをRFIDタグ100に送信する(ステップS3)。 (4) The main control unit 61 transmits the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits), which is the lower 16 bits of the count value M + 1 (64 bits), to the RFID tag 100 (step S3).
 R/W50は、受信モードになり、カウント値(M+1)をインクリメントしてM+2にする(ステップS4)。 The R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2 (step S4).
 暗号部62は、インクリメントしたカウント値M+2を共通鍵で暗号化し、64ビットの暗号値4(64bit)を生成する(ステップS5)。 The encryption unit 62 encrypts the incremented count value M + 2 with the common key to generate a 64-bit encrypted value 4 (64 bits) (step S5).
 RFIDタグ100の主制御部111は、暗号値1(64bit)及びカウント値M+1(下位16bit)を受信する(ステップS21)。 (4) The main control unit 111 of the RFID tag 100 receives the encryption value 1 (64 bits) and the count value M + 1 (lower 16 bits) (step S21).
 復号部113は、共通鍵で暗号値1(64bit)を復号化し、カウント値M+1(64bit)を生成する(ステップS22)。 The decryption unit 113 decrypts the encryption value 1 (64 bits) with the common key and generates the count value M + 1 (64 bits) (Step S22).
 認証部114は、復号化で得るカウント値M+1(64bit)の下位16ビットと、受信したカウント値M+1(下位16bit)とを比較し、一致性を判定する(ステップS23)。 The authentication unit 114 compares the lower 16 bits of the count value M + 1 (64 bits) obtained by the decryption with the received count value M + 1 (lower 16 bits) and determines the coincidence (step S23).
 認証部114は、下位16ビット同士の値が一致する(一致性が成立する)(S23:YES)場合に、R/W50の認証が成立したかどうかを判定する(ステップS24)。認証部114が認証が成立したと判定するのは、復号化で得るカウント値M+1(64bit)が、RFIDタグ100の64ビットのカウント値Nと等しいか、又は、カウント値Nよりも進んでおり、かつ、カウント値の差が所定値以下である場合である。 (4) If the values of the lower 16 bits match (matching is established) (S23: YES), the authentication unit 114 determines whether the R / W50 authentication has been established (step S24). The authentication unit 114 determines that the authentication has been established because the count value M + 1 (64 bits) obtained by the decryption is equal to or greater than the 64-bit count value N of the RFID tag 100. And the difference between the count values is equal to or less than a predetermined value.
 認証部114によってR/W50の認証が成立した(S24:YES)と判定されると、主制御部111は、カウント値Nを復号化で得るカウント値M+1(64bit)に設定し、さらにインクリメントする(ステップS25)。これにより、RFIDタグ100のカウント値は、カウント値M+2(64bit)になる。 When the authentication unit 114 determines that the authentication of the R / W 50 has been established (S24: YES), the main control unit 111 sets the count value N to the count value M + 1 (64 bits) obtained by decoding, and further increments the count value. (Step S25). Thereby, the count value of the RFID tag 100 becomes the count value M + 2 (64 bits).
 暗号部112は、カウント値M+2(64bit)を共通鍵で暗号化して、暗号値2(64bit)を生成する(ステップS26)。 The encryption unit 112 encrypts the count value M + 2 (64 bits) with the common key to generate an encryption value 2 (64 bits) (step S26).
 次に、RFIDタグ100の主制御部111は、センサ30の検出値S(16bit)を取得する(ステップS27)。 Next, the main control unit 111 of the RFID tag 100 acquires the detection value S (16 bits) of the sensor 30 (Step S27).
 次に、論理演算部115は、センサ30の検出値S(16bit)と、暗号値2(64bit)との排他的論理和を演算し、暗号値S(16bit)を出力する(ステップS28)。 Next, the logical operation unit 115 calculates an exclusive OR of the detection value S (16 bits) of the sensor 30 and the encryption value 2 (64 bits), and outputs the encryption value S (16 bits) (step S28).
 暗号部112は、暗号値S(16bit)をカウント値M+2(64bit)で暗号化して、暗号値3(64bit)を生成する(ステップS29)。 The encryption unit 112 encrypts the encryption value S (16 bits) with the count value M + 2 (64 bits) to generate an encryption value 3 (64 bits) (step S29).
 そして、主制御部111は、暗号値S(16bit)と、暗号値3(64bit)の先頭(上位)8ビットである暗号値3(上位8bit)とを通信部116を介してR/W50に送信する(ステップS30)。 Then, the main control unit 111 transmits the encryption value S (16 bits) and the encryption value 3 (upper 8 bits), which is the first (upper) 8 bits of the encryption value 3 (64 bits), to the R / W 50 via the communication unit 116. It transmits (step S30).
 R/W50の主制御部61は、通信部66を介して暗号値S(16bit)と、暗号値4(上位8bit)とを受信する(ステップS6)。 The main control unit 61 of the R / W 50 receives the encryption value S (16 bits) and the encryption value 4 (upper 8 bits) via the communication unit 66 (step S6).
 論理演算部65は、RFIDタグ100から受信した暗号値S(16bit)と、暗号値4(64bit)との排他的論理和を取ることによって暗号値S(16bit)から検出値S(16bit)を取り出す(ステップS7)。 The logical operation unit 65 calculates the exclusive OR of the encryption value S (16 bits) received from the RFID tag 100 and the encryption value 4 (64 bits) to convert the detection value S (16 bits) from the encryption value S (16 bits). Take it out (step S7).
 暗号部62は、論理演算部65によって取り出された検出値S(16bit)をカウント値M+2で暗号化して暗号値5(64bit)を生成する(ステップS8)。 The encryption unit 62 encrypts the detection value S (16 bits) extracted by the logical operation unit 65 with the count value M + 2 to generate an encryption value 5 (64 bits) (step S8).
 認証部64は、暗号部62によって暗号化された暗号値5(64bit)と、RFIDタグ100から受信した暗号値3(上位8bit)とを比較し、一致性を判定する(ステップS9)。 The authentication unit 64 compares the encryption value 5 (64 bits) encrypted by the encryption unit 62 with the encryption value 3 (upper 8 bits) received from the RFID tag 100, and determines the coincidence (step S9).
 認証部64は、暗号値5(64bit)の上位8ビットと一致すれば(一致性が成立すれば)、RFIDタグ100の認証が成立したと判定し、主制御部61は、検出値S(16bit)を上位機に伝送する(ステップS10)。 If the authentication unit 64 matches the upper 8 bits of the encryption value 5 (64 bits) (if the matching is established), the authentication unit 64 determines that the authentication of the RFID tag 100 has been established, and the main control unit 61 determines the detection value S ( 16 bits) is transmitted to the host machine (step S10).
 一方、認証部64によって認証が不成立と判定されると、主制御部61は、動作を停止させる(ステップS11)。そして、主制御部61は、フローをステップS12に進行させる。 On the other hand, when the authentication unit 64 determines that the authentication is not established, the main control unit 61 stops the operation (step S11). Then, the main controller 61 advances the flow to step S12.
 主制御部61は、ステップS10又はS11の処理が終了すると、一連の処理を終了するかどうかを判定する(ステップS12)。一連の処理を終了するのは、例えばR/W50の電源がオフにされたときである。 (4) When the processing in step S10 or S11 ends, the main control unit 61 determines whether a series of processing ends (step S12). The series of processing ends when, for example, the power of the R / W 50 is turned off.
 主制御部61は、一連の処理を終了しない(S12:NO)と判定すると、フローをステップS1にリターンし、一連の処理を終了する(S12:YES)と判定すると、一連の処理を終了する(エンド)。 When determining that the series of processing is not to be ended (S12: NO), the main control unit 61 returns the flow to step S1, and ends the series of processing when determining to end the series of processing (S12: YES). (End).
 以上のように、実施の形態の通信システム10及び相互認証方法では、R/W50及びRFIDタグ100で共通のカウント値を用いることにより、R/W50からRFIDタグ100への1回の通信に基づいてRFIDタグ100がR/W50の認証を行い、RFIDタグ100からR/W50への1回の通信に基づいてR/W50がRFIDタグ100の認証を行うことができる。 As described above, in the communication system 10 and the mutual authentication method according to the embodiment, by using a common count value in the R / W 50 and the RFID tag 100, the communication is performed based on one communication from the R / W 50 to the RFID tag 100. The RFID tag 100 authenticates the R / W 50, and the R / W 50 can authenticate the RFID tag 100 based on one communication from the RFID tag 100 to the R / W 50.
 したがって、認証を短時間で行うことができる相互認証方法及び通信システム10を提供することができる。 Therefore, it is possible to provide the mutual authentication method and the communication system 10 that can perform authentication in a short time.
 また、認証処理に必要な通信回数が少ないので、R/W50の消費電力を低減することができる。 (4) Since the number of communications required for the authentication process is small, the power consumption of the R / W 50 can be reduced.
 なお、以上では、R/W50がカウント値M+1(64bit)のうちの下位16ビットであるとをRFIDタグ100に送信する形態について説明したが、16ビットに限られず、下位に限られず、64ビットのうちの連続する複数のビットであればよい。また、64ビットすべてを送信してもよい。 In the above description, the mode in which the R / W 50 is the lower 16 bits of the count value M + 1 (64 bits) is transmitted to the RFID tag 100. However, the present invention is not limited to 16 bits, and is not limited to the lower bits. It is sufficient if a plurality of consecutive bits of. Alternatively, all 64 bits may be transmitted.
 また、以上では、検出値Sが16ビットである形態について説明したが、検出値のビット数は16ビットに限られず、例えば8ビットでもよい。 In the above description, the case where the detection value S is 16 bits has been described. However, the number of bits of the detection value is not limited to 16 bits, and may be, for example, 8 bits.
 また、以上では、RFIDタグ100が暗号値3(64bit)のうちの上位8ビットをR/W50に送信する形態について説明したが、8ビットに限られず、上位に限られず、64ビットのうちの連続する複数のビットであればよい。また、64ビットすべてを送信してもよい。 In the above description, the mode in which the RFID tag 100 transmits the upper 8 bits of the encryption value 3 (64 bits) to the R / W 50 has been described. However, the present invention is not limited to 8 bits and is not limited to the upper bits. What is necessary is just a plurality of continuous bits. Alternatively, all 64 bits may be transmitted.
 また、以上では、RFIDタグ100がR/W50を認証する処理に際して、R/W50が共通鍵でカウント値M+1(64bit)を暗号化した暗号値1(64bit)をRFIDタグ100が共通鍵で復号化する形態について説明したが、図5に示すように、R/W50が共通鍵でカウント値M+1(64bit)を復号化した暗号値1(64bit)をRFIDタグ100が共通鍵で暗号化するようにしてもよい。 In the above description, when the RFID tag 100 authenticates the R / W 50, the RFID tag 100 decrypts the encryption value 1 (64 bits) obtained by encrypting the count value M + 1 (64 bits) with the common key by the R / W 50. As shown in FIG. 5, the RFID tag 100 encrypts the encrypted value 1 (64 bits) obtained by decrypting the count value M + 1 (64 bits) with the common key by the R / W 50, as shown in FIG. It may be.
 図5に示すR/W50とRFIDタグ100の処理は、上述のようにRFIDタグ100がR/W50を認証する処理について、暗号化と複合化を入れ替えたこと以外は、図2に示す処理と同様である。 The process of the R / W 50 and the RFID tag 100 shown in FIG. 5 is the same as the process shown in FIG. 2 except that the process of authenticating the R / W 50 by the RFID tag 100 is switched between encryption and decryption as described above. The same is true.
 このような構成でも、R/W50からRFIDタグ100への1回の通信に基づいてRFIDタグ100がR/W50の認証を行い、RFIDタグ100からR/W50への1回の通信に基づいてR/W50がRFIDタグ100の認証を行うことができ、認証を短時間で行うことができる相互認証方法及び通信システム10を提供することができる。 Even in such a configuration, the RFID tag 100 authenticates the R / W 50 based on one communication from the R / W 50 to the RFID tag 100, and performs the authentication based on one communication from the RFID tag 100 to the R / W 50. The R / W 50 can authenticate the RFID tag 100, and can provide a mutual authentication method and the communication system 10 that can perform authentication in a short time.
 図5に示すような処理を行う場合には、RFIDタグ100は、RFIDタグ100がR/W50を認証する処理に際して暗号化を行い、R/W50がRFIDタグ100を認証する処理に際しても暗号化を行うことになる。 When performing the processing shown in FIG. 5, the RFID tag 100 performs encryption when the RFID tag 100 authenticates the R / W 50, and also encrypts when the R / W 50 authenticates the RFID tag 100. Will be done.
 このため、RFIDタグ100の制御装置110は、復号部113を含まなくてよくなり、RFIDタグ100の制御装置110の簡易化を図ることができ、コストダウンを図ることができる。なお、R/W50の制御装置60は、復号処理を行うことになるため、復号部をさらに含む構成にすればよい。 Therefore, the control device 110 of the RFID tag 100 does not need to include the decoding unit 113, so that the control device 110 of the RFID tag 100 can be simplified and the cost can be reduced. Since the control device 60 of the R / W 50 performs the decoding process, the control device 60 may further include a decoding unit.
 また、RFIDタグ100にセンサ30が接続されていない場合には、図6及び図7に示すように相互認証処理を簡易化することができる。 (6) When the sensor 30 is not connected to the RFID tag 100, the mutual authentication process can be simplified as shown in FIGS.
 図6では、RFIDタグ100がR/W50を認証する処理は、図2と同様である。R/W50がRFIDタグ100を認証する処理では、RFIDタグ100に検出値が存在しないため、図2に示すような排他的論理和を演算する処理が不要になり、次のような処理を行えばよい。 In FIG. 6, the process of authenticating the R / W 50 by the RFID tag 100 is the same as in FIG. In the process in which the R / W 50 authenticates the RFID tag 100, since there is no detected value in the RFID tag 100, the process of calculating the exclusive OR as shown in FIG. 2 is unnecessary, and the following process is performed. Just do it.
 RFIDタグ100は、RFIDタグ100の主制御部111は、カウント値(M+1(64bit))をインクリメントし、M+2(64bit)にし、暗号部112は、カウント値M+2(64bit)を共通鍵で暗号化して、暗号値2(64bit)を生成する。 In the RFID tag 100, the main control unit 111 of the RFID tag 100 increments the count value (M + 1 (64 bits)) to M + 2 (64 bits), and the encryption unit 112 encrypts the count value M + 2 (64 bits) with a common key. Then, an encryption value 2 (64 bits) is generated.
 R/W50は、受信モードになり、カウント値(M+1)をインクリメントしてM+2にする。R/W50は、RFIDタグ100から受信する暗号値2(64bit)を共通鍵で復号化して得るカウント値M+2(64bit)が、自己のカウント値M+2(64bit)と一致すれば、RFIDタグ100の認証成立と判定する。 The R / W 50 enters the reception mode, and increments the count value (M + 1) to M + 2. If the count value M + 2 (64 bits) obtained by decrypting the encrypted value 2 (64 bits) received from the RFID tag 100 with the common key matches the own count value M + 2 (64 bits), the R / W 50 determines whether the RFID tag 100 It is determined that the authentication is established.
 このようにセンサ30がRFIDタグ100に接続されていない場合には、論理演算部65、論理演算部115が不要になるため、システムの簡略化を図りつつ、認証を短時間で行うことができる相互認証方法及び通信システム10を提供することができる。なお、R/W50は、復号化処理を行うため、制御装置60は、復号部を含む構成になる。 As described above, when the sensor 30 is not connected to the RFID tag 100, the logical operation unit 65 and the logical operation unit 115 become unnecessary, so that authentication can be performed in a short time while simplifying the system. A mutual authentication method and the communication system 10 can be provided. Since the R / W 50 performs the decoding process, the control device 60 has a configuration including a decoding unit.
 また、図7に示す相互認証処理は、図6に示す相互認証処理におけるRFIDタグ100がR/W50を認証する処理において、R/W50が共通鍵でカウント値M+1(64bit)を復号化した暗号値1(64bit)をRFIDタグ100が共通鍵で暗号化するように変形した処理である。 Also, in the mutual authentication process shown in FIG. 7, in the process in which the RFID tag 100 authenticates the R / W 50 in the mutual authentication process shown in FIG. 6, the R / W 50 decrypts the count value M + 1 (64 bits) with a common key. This processing is a modification in which the value 1 (64 bits) is encrypted by the RFID tag 100 using the common key.
 すなわち、図7に示す相互認証処理と、図6に示す相互認証処理との関係は、図5に示す相互認証処理と、図2に示す相互認証処理との関係と同様であり、図7に示すR/W50とRFIDタグ100の処理は、RFIDタグ100がR/W50を認証する処理について、暗号化と複合化を入れ替えたこと以外は、図6に示す処理と同様である。 That is, the relationship between the mutual authentication process shown in FIG. 7 and the mutual authentication process shown in FIG. 6 is the same as the relationship between the mutual authentication process shown in FIG. 5 and the mutual authentication process shown in FIG. The processing of the R / W 50 and the RFID tag 100 shown is the same as the processing shown in FIG. 6 except that the encryption and decryption of the processing performed by the RFID tag 100 to authenticate the R / W 50 are switched.
 このため、RFIDタグ100の制御装置110は、復号部113を含まなくてよくなり、RFIDタグ100の制御装置110の簡易化を図ることができ、コストダウンを図ることができる。なお、R/W50の制御装置60は、復号処理を行うことになるため、復号部をさらに含む構成にすればよい。 Therefore, the control device 110 of the RFID tag 100 does not need to include the decoding unit 113, so that the control device 110 of the RFID tag 100 can be simplified and the cost can be reduced. Since the control device 60 of the R / W 50 performs the decoding process, the control device 60 may further include a decoding unit.
 以上、本発明の例示的な実施の形態の相互認証方法及び通信システムについて説明したが、本発明は、具体的に開示された実施の形態に限定されるものではなく、特許請求の範囲から逸脱することなく、種々の変形や変更が可能である。 The mutual authentication method and the communication system according to the exemplary embodiments of the present invention have been described above. However, the present invention is not limited to the specifically disclosed embodiments, and departs from the scope of the claims. Various modifications and changes can be made without doing so.
 なお、本国際出願は、2018年8月28日に出願した日本国特許出願2018-159771に基づく優先権を主張するものであり、その全内容は本国際出願にここでの参照により援用されるものとする。 This international application claims priority based on Japanese Patent Application No. 2018-159771 filed on Aug. 28, 2018, the entire contents of which are incorporated herein by reference. Shall be.
 10 通信システム
 30 センサ
 50 R/W
 60 制御装置
 62 暗号部
 64 認証部
 65 論理演算部
 66 通信部
 100 RFIDタグ
 110 制御装置
 112 暗号部
 113 復号部
 114 認証部
 115 論理演算部
 116 通信部 10 communication system 30 sensor 50 R / W
Reference Signs List 60 control device 62 encryption unit 64 authentication unit 65 logical operation unit 66 communication unit 100 RFID tag 110 control device 112 encryption unit 113 decryption unit 114 authentication unit 115 logical operation unit 116 communication unit

Claims (14)

  1.  共通鍵を有する第1通信機と第2通信機とを含み、前記第1通信機及び前記第2通信機が通信回数を表す第1カウント値及び第2カウント値をそれぞれ保持する通信システムにおける相互認証方法であって、
     前記第1通信機は、
     前記共通鍵で前記第1カウント値を暗号化して第1暗号値を生成し、
     前記第1暗号値と、前記第1カウント値の少なくとも一部分を含む第1数値とを前記第2通信機に送信し、
     前記第2通信機は、
     前記第1暗号値及び前記第1数値を受信すると、前記共通鍵で前記第1暗号値を復号化し、
     前記復号化で得る第1復号値と前記第1数値との一致性を判定し、
     前記一致性が成立する場合に、前記第1復号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいれば、第1通信機の認証が成立したと判定する、相互認証方法。     A mutual communication in a communication system including a first communication device and a second communication device having a common key, wherein the first communication device and the second communication device respectively hold a first count value and a second count value representing the number of times of communication. An authentication method,
    The first communication device includes:
    Encrypting the first count value with the common key to generate a first encrypted value;
    Transmitting the first encryption value and a first numerical value including at least a part of the first count value to the second communication device;
    The second communication device includes:
    Upon receiving the first encryption value and the first numerical value, decrypts the first encryption value with the common key,
    Determining a match between a first decoded value obtained by the decoding and the first numerical value;
    When the coincidence is established, if the first decryption value is equal to or greater than the second count value, it is determined that the authentication of the first communication device has been established. , Mutual authentication method.
  2.  前記第2通信機は、前記第1復号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいて前記第2カウント値との差が所定数以下であれば、第1通信機の認証が成立したと判定する、請求項1記載の相互認証方法。 The second communicator is configured such that the first decoded value is equal to the second count value, or if the difference from the second count value is less than or equal to a predetermined number, 2. The mutual authentication method according to claim 1, wherein it is determined that the authentication of the first communication device is established.
  3.  前記第2通信機は、前記認証が成立すると、前記第1復号値を前記第2カウント値として設定する、請求項1又は2記載の相互認証方法。 3. The mutual authentication method according to claim 1, wherein the second communication device sets the first decrypted value as the second count value when the authentication is established.
  4.  前記第2通信機は、
     前記第2カウント値をインクリメントし、
     前記インクリメントした第2カウント値を前記共通鍵で暗号化して第2暗号値を生成し、
     前記第2暗号値を前記第1通信機に送信する、請求項3記載の相互認証方法。     The second communication device includes:
    Incrementing the second count value,
    Encrypting the incremented second count value with the common key to generate a second encrypted value;
    The mutual authentication method according to claim 3, wherein the second encryption value is transmitted to the first communication device.
  5.  前記第1通信機は、
     前記第2通信機から前記第2暗号値を受信すると前記第1カウント値をインクリメントし、
     前記第1通信機から受信した第2暗号値を前記共通鍵で復号して得る復号値が前記インクリメントした第1カウント値と一致するか判定し、
     一致する場合に、前記第2通信機の認証が成立したと判定する、請求項4記載の相互認証方法。     The first communication device includes:
    Upon receiving the second encryption value from the second communication device, increments the first count value,
    Determining whether a decrypted value obtained by decrypting the second encrypted value received from the first communication device with the common key matches the incremented first count value;
    The mutual authentication method according to claim 4, wherein when the passwords match, it is determined that the authentication of the second communication device has been established.
  6.  共通鍵を有する第1通信機と第2通信機とを含み、前記第1通信機及び前記第2通信機が通信回数を表す第1カウント値及び第2カウント値をそれぞれ保持する通信システムにおける相互認証方法であって、
     前記第1通信機は、
     前記共通鍵で前記第1カウント値を復号化して第1復号値を生成し、
     前記第1復号値と、前記第1カウント値の少なくとも一部分を含む第1数値とを前記第2通信機に送信し、
     前記第2通信機は、
     前記第1復号値及び前記第1数値を受信すると、前記共通鍵で前記第1復号値を暗号化し、
     前記暗号化で得る第1暗号値と前記第1数値との一致性を判定し、
     前記一致性が成立する場合に、前記第1暗号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいれば、第1通信機の認証が成立したと判定する、相互認証方法。     A mutual communication in a communication system including a first communication device and a second communication device having a common key, wherein the first communication device and the second communication device respectively hold a first count value and a second count value representing the number of times of communication. An authentication method,
    The first communication device includes:
    Decrypting the first count value with the common key to generate a first decrypted value;
    Transmitting the first decoded value and a first numerical value including at least a part of the first count value to the second communication device;
    The second communication device includes:
    Upon receiving the first decryption value and the first numerical value, encrypts the first decryption value with the common key,
    Determining a match between a first encryption value obtained by the encryption and the first numerical value;
    When the coincidence is established, it is determined that the authentication of the first communication device has been established if the first encryption value is equal to or greater than the second count value. , Mutual authentication method.
  7.  前記第2通信機は、前記第1暗号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいて前記第2カウント値との差が所定数以下であれば、第1通信機の認証が成立したと判定する、請求項6記載の相互認証方法。 The second communication device, if the first encryption value is equal to the second count value, or if the difference between the second count value and the second count value is equal to or less than a predetermined number, 7. The mutual authentication method according to claim 6, wherein it is determined that the authentication of the first communication device is established.
  8.  前記第2通信機は、前記認証が成立すると、前記第1暗号値を前記第2カウント値として設定する、請求項6又は7記載の相互認証方法。 8. The mutual authentication method according to claim 6, wherein the second communication device sets the first encryption value as the second count value when the authentication is established.
  9.  前記第2通信機は、
     前記第2カウント値をインクリメントし、
     前記インクリメントした第2カウント値を前記共通鍵で暗号化して第2暗号値を生成し、
     前記第2暗号値を前記第1通信機に送信する、請求項8記載の相互認証方法。     The second communication device includes:
    Incrementing the second count value,
    Encrypting the incremented second count value with the common key to generate a second encrypted value;
    The mutual authentication method according to claim 8, wherein the second encryption value is transmitted to the first communication device.
  10.  前記第1通信機は、
     前記第2通信機から前記第2暗号値を受信すると前記第1カウント値をインクリメントし、
     前記第1通信機から受信した第2暗号値を前記共通鍵で復号して得る復号値が前記インクリメントした第1カウント値と一致するか判定し、
     一致する場合に、前記第2通信機の認証が成立したと判定する、請求項9記載の相互認証方法。     The first communication device includes:
    Upon receiving the second encryption value from the second communication device, increments the first count value,
    Determining whether a decrypted value obtained by decrypting the second encrypted value received from the first communication device with the common key matches the incremented first count value;
    The mutual authentication method according to claim 9, wherein when they match, it is determined that the authentication of the second communication device has been established.
  11.  前記第2通信機は、
     センサをさらに有し、
     前記第2カウント値をインクリメントし、
     前記インクリメントした第2カウント値を前記共通鍵で暗号化して第2暗号値を生成し、
     前記センサの検出値と前記第2暗号値との排他的論理和を表す暗号検出値を生成し、
     前記暗号検出値を前記インクリメントした第2カウント値で暗号化して第3暗号値を生成し、
     前記暗号検出値と、前記第3暗号値の少なくとも一部分を含む第3数値とを前記第1通信機に送信する、請求項3又は9記載の相互認証方法。     The second communication device includes:
    Further comprising a sensor,
    Incrementing the second count value,
    Encrypting the incremented second count value with the common key to generate a second encrypted value;
    Generating an encryption detection value representing an exclusive OR of the detection value of the sensor and the second encryption value;
    Encrypting the encryption detection value with the incremented second count value to generate a third encryption value;
    The mutual authentication method according to claim 3 or 9, wherein the cipher detection value and a third numerical value including at least a part of the third cipher value are transmitted to the first communication device.
  12.  前記第1通信機は、
     前記第2通信機から前記暗号検出値と第3数値とを受信すると前記第1カウント値をインクリメントし、
     前記第2通信機から受信した暗号検出値と、前記インクリメントした第1カウント値を前記共通鍵で暗号化した第4暗号値との排他的論理和を取ることによって前記暗号検出値から検出値を取り出し、
     前記取り出した検出値を前記インクリメントした第1カウント値で暗号化して第5暗号値を生成し、
     前記第2通信機から受信した第3数値と前記第5暗号値とが一致するか判定し、
     一致する場合に、前記第2通信機の認証が成立したと判定する、請求項11記載の相互認証方法。     The first communication device includes:
    Upon receiving the cipher detection value and the third numerical value from the second communication device, increments the first count value,
    The detection value is obtained from the encryption detection value by taking an exclusive OR of the encryption detection value received from the second communication device and a fourth encryption value obtained by encrypting the incremented first count value with the common key. take out,
    Encrypting the detected value with the incremented first count value to generate a fifth encrypted value;
    Determining whether the third numerical value received from the second communication device matches the fifth encryption value,
    The mutual authentication method according to claim 11, wherein when it matches, it is determined that the authentication of the second communication device has been established.
  13.  第1通信機と第2通信機とを含み、前記第1通信機及び前記第2通信機が共通鍵を有する通信システムであって、
     前記第1通信機は、
     通信回数を表す第1カウント値をカウントする第1カウンタと、
     前記共通鍵で前記第1カウント値を暗号化して第1暗号値を生成する暗号部と、
     前記第1暗号値と、前記第1カウント値の少なくとも一部分を含む第1数値とを前記第2通信機に送信する第1通信部と
     を有し、
     前記第2通信機は、
     通信回数を表す第2カウント値をカウントする第2カウンタと、
     前記第1暗号値及び前記第1数値を前記第1通信機から受信する第2通信部と、
     前記第2通信部が前記第1暗号値及び前記第1数値を受信すると、前記共通鍵で前記第1暗号値を復号化する復号部と、
     前記復号化で得る第1復号値と前記第1数値との一致性を判定し、前記一致性が成立する場合に、前記第1復号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいれば、第1通信機の認証が成立したと判定する認証部と
    を有する、通信システム。     A communication system including a first communication device and a second communication device, wherein the first communication device and the second communication device have a common key,
    The first communication device includes:
    A first counter for counting a first count value representing the number of times of communication;
    An encryption unit that encrypts the first count value with the common key to generate a first encryption value;
    A first communication unit that transmits the first encryption value and a first numerical value including at least a part of the first count value to the second communication device,
    The second communication device includes:
    A second counter for counting a second count value representing the number of times of communication,
    A second communication unit that receives the first encryption value and the first numerical value from the first communication device;
    When the second communication unit receives the first encryption value and the first numerical value, a decryption unit that decrypts the first encryption value with the common key;
    Determining a match between the first decoded value obtained by the decoding and the first numerical value, and when the match is established, the first decoded value is equal to the second count value, or An authentication unit that determines that authentication of the first communication device has been established if the count value has exceeded the second count value.
  14.  第1通信機と第2通信機とを含み、前記第1通信機及び前記第2通信機が共通鍵を有する通信システムであって、
     前記第1通信機は、
     通信回数を表す第1カウント値をカウントする第1カウンタと、
     前記共通鍵で前記第1カウント値を復号化して第1復号値を生成する復号部と、
     前記第1復号値と、前記第1カウント値の少なくとも一部分を含む第1数値とを前記第2通信機に送信する第1通信部と
     を有し、
     前記第2通信機は、
     通信回数を表す第2カウント値をカウントする第2カウンタと、
     前記第1復号値及び前記第1数値を前記第1通信機から受信する第2通信部と、
     前記第2通信部が前記第1復号値及び前記第1数値を受信すると、前記共通鍵で前記第1復号値を暗号化する暗号部と、
     前記暗号化で得る第1暗号値と前記第1数値との一致性を判定し、前記一致性が成立する場合に、前記第1暗号値が前記第2カウント値と等しいか、又は、前記第2カウント値よりも進んでいれば、第1通信機の認証が成立したと判定する認証部と
     を有する、通信システム。     A communication system including a first communication device and a second communication device, wherein the first communication device and the second communication device have a common key,
    The first communication device includes:
    A first counter for counting a first count value representing the number of times of communication;
    A decryption unit that decrypts the first count value with the common key to generate a first decryption value;
    A first communication unit that transmits the first decoded value and a first numerical value including at least a part of the first count value to the second communication device,
    The second communication device includes:
    A second counter for counting a second count value representing the number of times of communication,
    A second communication unit that receives the first decoded value and the first numerical value from the first communication device;
    An encryption unit configured to encrypt the first decryption value with the common key when the second communication unit receives the first decryption value and the first numerical value;
    Determining a match between a first encryption value obtained by the encryption and the first numerical value, and when the match is established, the first encryption value is equal to the second count value, or An authentication unit that determines that the authentication of the first communication device has been established if the count value is greater than 2 count values.
PCT/JP2019/009533 2018-08-28 2019-03-08 Mutual authentication method and communication system WO2020044624A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2020540033A JP7105894B2 (en) 2018-08-28 2019-03-08 Mutual authentication method and communication system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018159771 2018-08-28
JP2018-159771 2018-08-28

Publications (1)

Publication Number Publication Date
WO2020044624A1 true WO2020044624A1 (en) 2020-03-05

Family

ID=69644052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/009533 WO2020044624A1 (en) 2018-08-28 2019-03-08 Mutual authentication method and communication system

Country Status (2)

Country Link
JP (1) JP7105894B2 (en)
WO (1) WO2020044624A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10304333A (en) * 1997-02-28 1998-11-13 Matsushita Electric Ind Co Ltd Information device to selectively use technology-based protocol among a plurality of protocols for protecting copyright of digital work
US20090019282A1 (en) * 2004-08-03 2009-01-15 David Arditti Anonymous authentication method based on an asymmetic cryptographic algorithm
US20090153290A1 (en) * 2007-12-14 2009-06-18 Farpointe Data, Inc., A California Corporation Secure interface for access control systems
JP2011523264A (en) * 2008-05-07 2011-08-04 アルカテル−ルーセント ユーエスエー インコーポレーテッド Traffic encryption key generation in wireless communication networks
JP2014168216A (en) * 2013-02-28 2014-09-11 Mitsubishi Heavy Ind Ltd Cryptographic system, cryptographic information authentication method and program
WO2014147934A1 (en) * 2013-03-21 2014-09-25 パナソニック株式会社 Communication device, communication system and communication method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10304333A (en) * 1997-02-28 1998-11-13 Matsushita Electric Ind Co Ltd Information device to selectively use technology-based protocol among a plurality of protocols for protecting copyright of digital work
US20090019282A1 (en) * 2004-08-03 2009-01-15 David Arditti Anonymous authentication method based on an asymmetic cryptographic algorithm
US20090153290A1 (en) * 2007-12-14 2009-06-18 Farpointe Data, Inc., A California Corporation Secure interface for access control systems
JP2011523264A (en) * 2008-05-07 2011-08-04 アルカテル−ルーセント ユーエスエー インコーポレーテッド Traffic encryption key generation in wireless communication networks
JP2014168216A (en) * 2013-02-28 2014-09-11 Mitsubishi Heavy Ind Ltd Cryptographic system, cryptographic information authentication method and program
WO2014147934A1 (en) * 2013-03-21 2014-09-25 パナソニック株式会社 Communication device, communication system and communication method

Also Published As

Publication number Publication date
JP7105894B2 (en) 2022-07-25
JPWO2020044624A1 (en) 2021-08-12

Similar Documents

Publication Publication Date Title
CN110493197B (en) Login processing method and related equipment
CA2554300C (en) System and method for encrypted smart card pin entry
CN103218571B (en) System and method for authenticating data between processors
TWI391864B (en) Critical security parameter generation and exchange system and method for smart-card memory modules
EP2852090B1 (en) Data authentication method and apparatus thereof
EP1983466B1 (en) Method and apparatus of secure authentication for system-on-chip (SoC)
US10841087B2 (en) Security device, system, and security method
JP2022527757A (en) Generating the ID of a computing device using a physical duplication difficulty function
US8422672B2 (en) Authenticated device, authenticating device and authenticating method
US8918844B1 (en) Device presence validation
WO2019142307A1 (en) Semiconductor device, update data-providing method, update data-receiving method, and program
US20150012968A1 (en) Information processing system
JP5264182B2 (en) Method for fast pre-authentication by distance recognition
EP2701101B1 (en) Information processing devices and information processing methods
KR20180113688A (en) Encryption method and system using authorization key of device
US20110081016A1 (en) Secure data communication using elliptic curve cryptology
JP2017076854A (en) Electronic device and data verification method
WO2020044624A1 (en) Mutual authentication method and communication system
CN115915131B (en) Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card
JP4550438B2 (en) Authentication device, authentication system, authentication method, and authentication integrated circuit
JP6203556B2 (en) Information processing system
JP6069120B2 (en) Information processing system
JP6124338B2 (en) Information processing system
WO2018043498A1 (en) Ic card for one-time authentication
JP2015014839A (en) Information processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19853829

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020540033

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19853829

Country of ref document: EP

Kind code of ref document: A1