In data authentication of communicating devices, there is a general way to insert authenticators into authenticator storing fields such as IP option fields. To generate an authenticator, for example, HMAC, which uses a secret key pre-shared and a one-way function predefined with an opposite device for carrying out authentication, can be used.
However, in a case where a network is managed by end users or a provider (another company), such as a case where a smart grid is operated, because properties of network devices such as routers cannot be managed/operated, sometimes values of authenticator storing fields are discarded by properties of routers on the Internet and authentication cannot be performed.
To address such a case, there is a technique for writing an authenticator into an area that is small (compared with the size of the authenticator) and not to be discarded, such as a TCP header, and transmitting a plurality of packets to request authentication. For example, a method is known which writes a piece of information of an authenticator into a destination port number of a TCP header, and opens an actual communication port after authentication.
A method of performing authentication by transmitting a plurality of packets has an advantage that network passability is improved even if there are a variety of properties of communicating devices, and a high probability of communication is guaranteed. On the other hand, there is a problem that an increased number of packets may lead to lower communication performance and a problem that because a server receiving these packets cannot complete the authentication processing by receiving one packet, the management of communication sessions is complicated, resulting in an increased processing load. In a large number of cases, authentication can be performed without transmitting a plurality of packets, but in order to improve network passability, it is necessary to transmit a plurality of packets, which cause heavy-load processing, in all communications, so that efficiency is disadvantageously reduced.
On the other hand, in order to continuously select the best authenticating method to prevent this, it is necessary to know which of authenticators can pass through a network for each communication path. However, in operation of smart grids or the like, a large number of devices on networks are managed by end users or providers, so that the managing sides such as electric power companies that manage the smart grids cannot know in advance selections and settings of models/functions of the devices. Therefore, the management that selects a suitable authenticating method for each network property and changes a present method to the suitable one is unfeasible in operation, so that a data authenticating method that can be used commonly in different network environments without the trouble of the management is needed.