Authentication is often performed on data to be communicated (the term “communicate” or “communication” in this specification includes, in addition to data exchange between different devices, data exchange between chips or other components within the same device, and data exchange between a recording medium and a device) in order to, for example, check validity of data, and prevent data alteration or spoofing.
A common way to perform authentication is as follows.
That is, when authentication is necessary, data to be communicated has a data structure including a header area, a data area that contains digital information as a substantial object of the communication, and an authentication data area that contains authentication data used for authentication of the data area.
Authentication data contained in the authentication data area of this data structure is generated by performing a given algorithm operation on digital information contained in the data area. The header area of this data structure contains information for identifying an algorithm used for creating authentication data or data needed to create the authentication data (in some cases, the algorithm itself). Information about data length and sequence number may also be contained if necessary.
A device which has received data having this data structure performs an algorithm operation on digital information contained in the data area by way of an algorithm that is identified from information contained in the header area of the received data. The result of the operation is compared with authentication data contained in the authentication data area. When the two are found to be a match as a result of the comparison, the device judges that the received data is valid or complete, whereas the device judges that the received data is invalid or incomplete when the two do not match.
This and similar authentication methods have come into wide use and been effective to a certain degree. However, there is room for improvement to those authentication methods.
In the above-mentioned authentication method, the following conditions have to be met for successful authentication in which the received data is judged to be valid or complete.
(1) No alteration or the like has been made to information contained in the header area of the received data, i.e., data length information or information for identifying what algorithm is used to create authentication data.
(2) No alteration or the like has been made to the data area.
(3) No error is made in an algorithm operation performed on digital information in the data area by an algorithm that is identified from the information contained in the header area of the received data.
Accordingly, authentication fails if even one of the conditions (1) to (3) is not fulfilled and, when authentication fails, there is no way of specifying which one of (1) to (3) is the cause.
If the cause of an authentication failure can be identified, for example, if it can be specified that the unfulfilment of (3) has caused an authentication failure, there is no need to obtain the data again and a reattempt at authentication can be processed efficiently. If the cause of an authentication failure cannot be identified, on the other hand, every processing step that is necessary for authentication has to be performed all over again for a reattempt at authentication.
An object of the present invention is to provide a technique for making it possible to identify the cause of an authentication failure.