The present invention relates to a communication system including, for example, a communication apparatus and various terminals represented by, for example, IC cards used in combination with the communication apparatus to specify the function of the communication apparatus, and a communication method.
There is proposed an attempt that a receiving apparatus capable of receiving a number of TV programs or radio programs is manufactured as a communication apparatus, and the receiving apparatus and an IC card for placing restrictions on the receiving apparatus in accordance with contents of a contract, are sold as a set.
Stored in the IC card are data defined in accordance with the contents of the contract which enable the receiving apparatus to receive only a specific program or to receive programs only during a predetermined term of the contract, for example.
Accordingly, when the IC card constituting a terminal is connected or loaded into the receiving apparatus combined with the IC card as the set, communication between the receiving apparatus and the IC card is performed. The receiving apparatus reads out the data for specifying the contract contents from the IC card by means of the communication, so that a predetermined function is selectively given to the receiving apparatus on the basis of the data.
In the communication between the receiving apparatus and the IC card, in order to prevent the inequity by forgery, the authentication for judging whether both of them have a genuine relation with each other based on the regular contract or not is performed and, after the authentication, transmission and reception of data for specifying the contract contents is made therebetween.
FIG. 6 is a schematic diagram illustrating an example of a communication method in a communication system including an IC card and a receiving apparatus in a prior art.
As shown in FIG. 6, the conventional communication system adopts the mutual authentication.
An IC card 1 and a receiving apparatus 2 include random number generators 3 and 4, respectively. The receiving apparatus 2 transmits a random number R1 generated by the random number generator 4 to an authentication code preparing unit 5a of the IC card 1 and prepares, at an authentication code preparing unit 6a thereof, an authentication code X' on the basis of a first secret key X1 held in common by the IC card 1 and the receiving apparatus 2 and the random number R1. The IC card 1 which has received the random number R1 prepares, at the authentication code preparing unit 5a thereof, an authentication code X on the basis of the first secret key X1 and the random number R1 and sends the authentication code X to the receiving apparatus 2.
The receiving apparatus 2 which has received the authentication code X from the IC card 1 compares, at a comparison unit 8 thereof, the authentication code X with the authentication code X' prepared by the authentication code preparing unit 6a to thereby perform a first authentication A.
Further, the IC card 1 transmits a random number R2 prepared by a random number generator 3 thereof to an authentication code preparing unit 6b of the receiving apparatus 2 and prepares, at an authentication code preparing unit 5b thereof, an authentication code Y on the basis of a second secret key X2 held in common by the IC card 1 and the receiving apparatus 2, and the random number R2. The receiving apparatus 2 which has received the random number R2 prepares at the authentication code preparing unit 6b an authentication code Y' on the basis of the second secret key X2 and the random number R2, and transmits the authentication code Y' to the IC card 1.
The IC card 1 which has received the authentication code Y' from the receiving apparatus 2 compares at its comparison unit 7 the authentication code Y with the authentication code Y' prepared by the unit 6b of the receiving apparatus 2 to thereby perform a second authentication B.
After it has been confirmed that both of them have genuine relation with each other based on the regular contract in accordance with the mutual authentication A and B, data specifying the contract contents are exchanged therebetween in plain text.
In the conventional system as described above, the secret keys X1 and X2 used in the first and second authentication A and B can be made identical, while different keys are used as the secret keys X1 and X2, respectively, so that cryptanalysis of the secret keys is made difficult.
In the conventional system, however, since the data specifying the contract contents are exchanged in plain text, the plain text data can be deciphered or understood relatively easily by monitoring the plain text data with technical knowledge of a certain degree.
Even if the plain text data are deciphered, alteration such as, for example, extension of a contract term, addition of contract, or the like is made to the IC card 1 or the receiving apparatus 2 is directly modified on the basis of the deciphered plain text data relatively easily.
Further, in the conventional system, the authentication codes X and Y' are prepared on the basis of the single random number R1 or R2 and the single secret key X1 or X2, respectively. Accordingly, it is relatively easy to cryptanalyze the secret key X1 or X2 by monitoring the communication between the communication apparatus and the terminal. The cryptanalysis of the secret key increases the possibility that the terminal, such as the IC card, is forged.