By using embedded appliances having an authentication function in order to make a distinction between a regular product and a counterfeit in fields of printer cartridges and medical equipment, customers can be protected from damages caused by inferior counterfeits. Namely, precluding counterfeits of embedded appliances having an authentication function directly links to protection of profits of customers who use products. Therefore, precluding counterfeits of embedded appliances having an authentication function is a highly significant challenge in industrial fields.
In authentication, cryptographies are used as a core function. Cryptographies are broadly classified into a public key cryptography and a common key cryptography. The public key cryptography is a scheme that uses different keys respectively for encryption and decryption, and maintains security by setting a key (secret key) for decrypting an encrypted text as secret information only for a receiver instead of making a key (public key) for performing encryption public. In contrast, the common key cryptography is a scheme that uses the same key (secret key) for encryption and decryption, and maintains security by setting the secret key as information unknown to a third party other than a transmitter and a receiver. In either case, it is the major premise in terms of security that the secret key is not leaked to an outside. As far as this premise is followed, also authentication using any of the public key cryptography and the common key cryptography becomes secure. However, a circuitry scale of the common key cryptography is smaller than that of the public key cryptography, and suited for cost reduction. Therefore, authentication using the common key cryptography is in widespread use, especially, in embedded appliances.
Properties demanded for embedded appliances having a security function include tamper resistance. Tamper resistance means prevention of peeping, and indicates a property that makes it difficult to illegally leak important information such as a secret key and the like stored within an embedded appliance from an outside. For implementation of tamper resistance, it is needed not only to naturally prevent information from being leaked out of a legal input/output terminal included in an embedded appliance but to prevent information from being leaked by an illegal access that directly peeps an internal circuit with a micro-probe. A normal hardware configuration of an IC chip is not resistant to the attack that directly peeps an internal circuit with a micro-probe. Accordingly, to implement tamper resistance, an IC chip having a hardware configuration dedicated to preventing physical and logical illegal accesses from an outside needs to be manufactured.
As a normal method for implementing secure authentication, a method for writing a secret key used for authentication to an inside of a tamper-resistant authentication appliance when being manufactured, and for not taking out the key to an outside after being manufactured is used. This can prevent an illegal third party from acquiring the secret key and counterfeiting the authentication appliance. An authentication protocol is executed between authentication appliances in a state where a secret key is written to the tamper-resistant authentication appliances and the key is not externally taken out, whereby secure authentication is implemented and customers can be protected from damages caused by inferior counterfeits.
For the authentication using common key cryptography, it is difficult to implement secure authentication under three constraints such that a secret key is not leaked to an outside, a manufacturing cost is reduced, and a communication topology is simplified as much as possible. Therefore, secure and compact authentication protocol and system, which prevent counterfeits even under these constraints, are demanded.