The present application relates to an information processing device, a computer program, and an information processing system, and, more particularly to an information processing device, a computer program, and an information processing system that enable a user to prevent illegal access.
Recently, IC cards are widely spread and used for, for example, payment for shopping in stores by a large number of users. To prevent use of illegal IC cards, authentication processing is necessary between an IC card and a reader writer when the IC card is used. A unidirectional authentication method between such two devices is specified as Two pass authentication in ISO/IEC 9789-2 5.1.2. FIG. 1 is a simplified flowchart of the authentication method.
Steps S21 to S24 represent processing by a device A and steps S1 to S8 represent processing by a device B that authenticates the device A.
In step S1, the device B generates a random number rb. In step S2, the device B transmits the random number rb to the device A.
In step S21, the device A receives the random number rb transmitted from the device B. In step S22, the device A generates a key Kab. In step S23, the device A encrypts, with the key Kab, the random number rb received from the device B. Specifically, the device A calculates the following formula to generate information Token ab. In the formula, eKab(rb) indicates that the random number rb is encrypted by the key Kab.Token ab=eKab(rb)  Formula 1
In step S24, the device A transmits the information Token ab generated in step S23 to the device B.
In step S3, the device B receives the information Token ab transmitted from the device A. In step S4, the device B generates a key Kab. In step S5, the device B decrypts the received information Token ab with the key Kab. Consequently, a random number rb is obtained.
In step S6, the device B determines whether a decryption result and the random number rb coincide with each other. Specifically, the device B determines whether the random number rb generated in step S1 and the random number rb obtained by decrypting the information Token ab received from the device A in step S5 coincide with each other. The key Kab kept by the device A is a secret key allocated to only a regular device. Since the device A keeps the key Kab, the device A is a regular device.
When the decryption result and the random number rb do not coincide with each other, in step S7, the device B executes authentication failure processing for the device A. On the other hand, when the decryption result and the random number rb coincide with each other, in step S8, the device B executes authentication success processing for the device A.
A bidirectional authentication method between two devices is specified as Three pass authentication in ISO/IEC 9798-2.5.2.2. FIG. 2 is a simplified flowchart of the authentication method.
In step S31, the device B generates the random number rb. In step S32, the device B transmits the random number rb to the device A.
In step S51, the device A receives the random number rb transmitted from the device B. In step S52, the device A generates a random number ra and the key Kab. In step S53, the device A encrypts the random number ra and the random number rb with the key Kab. Specifically, the device A encrypts, according to the following formula, a combination of the random number ra generated in step S52 and the random number rb received from the device B. In the formula, (ra∥rb) represents the combination of the random number ra and the random number rb.Token ab=eKab(ra∥rb)  Formula 2
In step S54, the device A transmits information Token ab calculated by Formula 2 to the device B.
In step S33, the device B receives the information Token ab transmitted from the device A. In step S34, the device B generates the key Kab.
In step S35, the device B decrypts the information Token ab with the key Kab. As explained above, the information Token ab is information obtained by the device A encrypting the combination (ra∥rb) of the random number ra and the random number rb with the key Kab in step S53. Therefore, the combination (ra∥rb) is obtained by this decryption processing.
In step S36, the device B determines whether a decryption result and the random number rb coincide with each other. Specifically, in this case, the device B extracts only the random number rb of the combination (ra∥rb) obtained as the decryption result, sets the random number rb as a comparison target, and compares the random number rb with the random number rb generated in step S31.
When the device A is a regular information processing device, since the device A keeps a correct fixed secret key Kab, the two random numbers rb coincide with each other.
However, when the device A is an illegal device, the device A does not keep the correct key Kab. As a result, the two random numbers rb do not coincide with each other. Therefore, in this case, in step S37, the device B executes authentication failure processing for the device A.
When the two random numbers rb coincide with each other, in step S38, the device B executes authentication success processing for the device A.
Further, in order to cause the device A to authenticate the device B, in step S39, the device B encrypts the random number rb and the random number ra with the key Kab. Specifically, the device B encrypts, according to the following formula, the combination of the random number rb generated in step S31 and the random number ra received from the device A to generate information Token ba.Token ba=eKab(rb∥ra)  Formula 3
In step S40, the device B transmits the information Token ba to the device A.
In step S55, the device A receives the information Token ba transmitted from the device B. In step S56, the device A decrypts the information Token ba with the key Kab. The information Token ba is information obtained by the device B encrypting the combination (rb∥ra) of the random number rb and the random number ra with the key Kab in step S39. Therefore, the combination (rb∥ra) is obtained by this decryption processing.
In step S57, the device A determines whether the random numbers rb and ra as the decryption result and the random number rb received from the device A in step S51 and the random number ra generated in step S52 coincide with each other.
When the device B is a regular device, the device B keeps a secret key Kab same as that of the device A. Therefore, the two random numbers ra coincide with each other and the two random numbers rb also coincide with each other.
However, when the device B is an illegal device, the device B does not keep a secret key Kab same as that of the device A. As a result, in this case, in step S58, the device A executes authentication failure processing for the device B.
When the random numbers ra and rb coincide with each other, in step S59, the device A executes authentication success processing for the device B.
In the example shown in FIG. 2, in steps S36 and S37, the random numbers ra and rb are set as the comparison targets. An example of processing performed when the comparison targets are random numbers as encrypted is shown in FIG. 3.
Processing by the device B in steps S61 to S70 in the example shown in FIG. 3 is basically the same as the processing by the device B in steps S31 to S40 in FIG. 2. However, processing in steps S63, S65, and S66 in FIG. 3 is different from the processing in steps S33, S35, and S36 in FIG. 2.
Processing by the device A in steps S81 to S89 in FIG. 3 is basically the same as the processing by the device A in steps S51 to S59 in FIG. 2. However, processing in steps S84, S86, and S87 in FIG. 3 is different from the processing in steps S54, S56, and S57 in FIG. 2.
In the case of the example shown in FIG. 3, in step S84, the device A transmits not only the information Token ab but also the random number ra.
In step S63, the device B receives not only the information Token ab but also the random number ra. In step S64, the device B generates a key Kab. In step S65, the device B encrypts a combination of the random number ra and the random number rb with the key Kab to generate information Token ab. The following formula is calculated:Token ab=eKab(ra∥rb)  Formula 4
In step S66, the device B determines whether an encryption result obtained in step S65 and the information Token ab received from the device A in step S63 coincide with each other. When the information Token ab calculated by Formula 4 and the information Token ab received from the device A do not coincide with each other, in step S67, the device B executes authentication failure processing for the device A. On the other hand, when the information Token ab calculated by Formula 4 and the information Token ab received from the device A coincide with each other, in step S68, the device B executes authentication success processing for the device A.
Further, in order to cause the device A to authenticate the device B, in step S69, the device B encrypts a combination of the random number rb and the random number ra with the key Kab. Specifically, the device B encrypts, according to the following formula, a combination of the random number generated in step S61 and the random number ra received from the device A.Token ba=eKab)(rb∥ra)  Formula 5
In step S70, the device B transmits information Token ba calculated by Formula 5 to the device A.
In step S85, the device A receives the information Token ba transmitted from the device B. In step S86, the device A performs processing for encrypting, with the key Kab, a combination of the random number rb received from the device B in step S81 and the random number ra transmitted to the device B in step S84. Specifically, the device A calculates the following formula:Token ba=eKab(rb∥ra)  Formula 6
In step S87, the device A determines whether an encryption result in step S86 (i.e., information Token ba calculated in step S86) and the information Token ba received in step S85 coincide with each other. When the two kinds of information Token ba do not coincide with each other, in step S88, the device A executes authentication failure processing for the device B.
When the two kinds of information Token ba coincide with each other, in step S89, the device A executes authentication success processing for the device B.
Other processing is the same as the processing shown in FIG. 2.
The applicant also makes a proposal concerning a bidirectional authentication method (e.g., Japanese Patent No. 3897177). FIGS. 4 and 5 are simplified flowcharts of the authentication method.
In step S141, the device B generates a random number P. In step S142, the device B generates a key Ka. In step S143, the device B encrypts the random number P with the key Ka to generate information i1. In step S144, the device B transmits the information i1 to the device A.
In step S171, the device A receives the information i1 from the device B. In step S172, the device A generates a key Ka. In step S173, the device A decrypts the information i1 with the key Ka. Consequently, in step S174, the device A acquires a random number P.
In step S175, the device A generates a key Kb. In step S176, the device A encrypts the random number P with the key Kb to generate information i2. In step S177, the device A transmits the information i2 to the device B.
In step S145, the device B receives the information i2 transmitted from the device A. In step S146, the device B generates a key Kb. In step S147, the device B decrypts the information i2 with the key Kb. Consequently, in step S148, the device B acquires a random number P.
In step S149, the device B checks consistency of the random numbers P. Specifically, the device B determines whether the random number P generated in step S141, encrypted, and transmitted to the device A in step S144 and the random number P obtained by decrypting the information i2, which is received from the device A, in step S147 coincide with each other. The key Ka and the key Kb are allocated to only the regular device A. Therefore, when the two random numbers P coincide with each other, the device B authenticates the device A as a regular device.
Similarly, the device A performs processing for authenticating the device B.
In step S178, the device A generates a random number Q. In step S179, the device A encrypts the random number Q with the key Kb to generate information i3. The key Kb is generated in step S175. In step S180, the device A transmits the information i3 to the device B.
In step S150, the device B receives the information i3 transmitted from the device A. In step S151, the device decrypts the information i3 with the key Kb. The key Kb is generated in step S146. Consequently, in step S152, the device B acquires a random number Q.
In step S153, the device B encrypts the random number Q with the key Ka to generate information i4. The key Ka is generated in step S142. In step S154, the device B transmits the information i4 to the device A.
In step S181, the device A receives the information i4 transmitted from the device B. In step S182, the device A decrypts the information i4 with the key Ka. The key Ka is generated in step S172. Consequently, in step S183, the device A acquires a random number Q.
In step S184, the device A checks consistency of the random numbers Q. Specifically, the device A determines whether the random number Q generated in step S178, encrypted, and transmitted to the device B in step S180 and the random number Q obtained by decrypting the information i4, which is received from the device B, in step S182 coincide with each other. The key Ka and the key kb are allocated to only the regular device B. Therefore, when the two random numbers Q coincide with each other, the device A authenticates the device B as a regular device. The device A transmits an authentication result to the device B.