JP7397720B2 - Authentication system, authentication device, authenticated device, and authentication method - Google Patents

Description

The present invention relates to an authentication system, an authentication device, an authenticated device, and an authentication method.

BACKGROUND ART Electronic devices such as image forming apparatuses can perform their original functions by replacing parts (consumables) that are due for replacement. However, if the consumables are not genuine products, electronic devices may malfunction. Therefore, it is recommended that electronic devices be equipped with consumables.

According to Patent Document 1, the cartridge is authenticated by comparing secret authentication data stored in an authenticated IC chip provided in the cartridge with secret authentication data stored in an authentication device disposed on the printer side. A method is proposed. According to Patent Document 2, it is proposed that an authentication device switch and use a large number of secret authentication data stored in a device to be authenticated.

Japanese Patent Application Publication No. 2009-163208 Japanese Patent Application Publication No. 2018-093372

The authentication device of Patent Document 2 reads the key ID of the private key from the public memory and calculates an authentication value using a derived key corresponding to the key ID. The authenticated device calculates an authentication value from the master key and derived value corresponding to the key ID. Finally, the authentication device compares the two authentication values. Although the authentication method of Patent Document 2 is very simple and excellent, there is room for improvement in security. Therefore, an object of the present invention is to improve the security of secret information used by an authentication device to authenticate a device to be authenticated.

According to the invention, for example:
An authentication system including an authenticated device and an authentication device that authenticates the authenticated device,
The authenticated device is
a first authentication key to which first key identification information is assigned; a second authentication key to which second key identification information is assigned; a first password associated with the first key identification information; a first storage means for storing a second password associated with the key identification information, identification information of the authenticated device, the first key identification information, and the second key identification information;
a first calculation means;
has
The authentication device includes:
a second storage means for storing an authentication key, third key identification information given to the authentication key, and a third password;
a second calculation means;
has
The second calculation means is
the first key identification information and the second key identification information stored in the first storage means of the authentication device; and the third key identification information stored in the second storage means of the authentication device. determining key identification information common to the authenticated device and the authenticating device based on the information;
Calculating password derived information based on the identification information of the authenticated device stored in the first storage means of the authenticated device and the third password stored in the second storage means of the authentication device. death,
transmitting the password derived information and key identification information common to the authenticated device and the authentication device to the authenticated device;
The first calculation means is
applying a predetermined function to the password derived information received from the authentication device to obtain a calculation result;
Password authentication is performed based on a password associated with key identification information common to the authenticated device and the authentication device among the first key identification information and the second key identification information, and the calculation result. ,
When the password authentication is successful, a predetermined calculation is performed on the authenticated key associated with the key identification information common to the authenticated device and the authenticated device among the first key identification information and the second key identification information. Find the first key derived information by executing
The second calculation means is
When the password authentication by the first calculation means is successful, a predetermined calculation is performed based on the identification information of the authentication target device and the authentication key, thereby obtaining key identification information common to the authentication target device and the authentication device. reproducing the associated authenticated key and performing the predetermined calculation on the reproduced authenticated key to obtain second key derived information;
An authentication system is characterized in that the authenticated device is authenticated based on the first key derivation information obtained by the first calculation means and the second key derivation information obtained by the second calculation means. provided.

According to the present invention, the security of secret information used by the authentication device to authenticate the device to be authenticated is further improved.

Diagram showing the authentication system Diagram showing authenticated IC and authentication IC Diagram showing private and public data Diagram explaining communication protocol Diagram showing the functions of the CPU Sequence diagram showing authentication method Flowchart showing the authentication method executed by the CPU Flowchart showing the authentication method executed by the authenticated IC Diagram showing private and public data Diagram showing private and public data Sequence diagram showing authentication method Flowchart showing the authentication method executed by the CPU Schematic diagram of color image forming device

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. Note that the following embodiments do not limit the claimed invention. Although a plurality of features are described in the embodiments, not all of these features are essential to the invention, and the plurality of features may be arbitrarily combined. Furthermore, in the accompanying drawings, the same or similar components are designated by the same reference numerals, and redundant description will be omitted.

[Example 1]
In the embodiment, a printer (image forming apparatus) is employed as an example of an electronic device. Further, a cartridge is employed as an example of a consumable item (replaceable part). A cartridge is a unit that is removably attached to a printer, such as a toner cartridge, a drum cartridge, an ink cartridge, a fixing unit, and an intermediate transfer unit. Here, a color image forming apparatus will be described as an example of a printer (image forming apparatus) with reference to FIG.

FIG. 13 is a configuration diagram of the color image forming apparatus 10. The pickup roller 13 feeds out the sheet 12 onto a conveyance path. After the registration sensor 111 detects the leading edge of the sheet 12, the transporting rollers 14 and 15 stop at the timing when the leading edge of the sheet 12 passes through the transporting rollers 14 and 15. As a result, conveyance of the sheet 12 is temporarily stopped. The charging rollers 23a to 23d charge the photosensitive drums 22a to 22d. The photosensitive drums 22a to 22d are photosensitive bodies that are rotationally driven. Scanner units 20a to 20d include reflective mirrors and light emitting elements. The scanner units 20a to 20d sequentially irradiate the photosensitive drums 22a to 22d with laser beams 21a to 21d. This forms an electrostatic latent image.

A negative high voltage of, for example, -1200V is applied to the charging rollers 23a to 23d. As a result, the surface potential of the photosensitive drums 22a to 22d becomes, for example, -700V. The potential of the surface on which the electrostatic latent image is formed by irradiation with the laser beams 21a to 21d is, for example, -100V. For example, a voltage of -350V is applied to the developing rollers 24a to 24d of the developing devices 25a to 25d. The developing rollers 24a to 24d supply toner to the electrostatic latent images on the photosensitive drums 22a to 22d. As a result, toner images are formed on each of the photosensitive drums 22a to 22d. For example, a positive voltage of +1000V is applied to the primary transfer rollers 26a to 26d. As a result, the toner images on the photosensitive drums 22a to 22d are transferred to the intermediate transfer belt 30, which is a transfer body. The intermediate transfer belt 30 is rotated by rollers 31, 32, and 33, and conveys the toner image to the secondary transfer roller 27 (secondary transfer position). The conveying rollers 14 and 15 resume conveying the sheet 12 so that the timing at which the toner image arrives at the secondary transfer position and the timing at which the sheet 12 arrives at the secondary transfer position match. The secondary transfer roller 27 transfers the toner image from the intermediate transfer belt 30 onto the sheet 12 . The fixing device 18 includes a pressure roller 16 and a fixing roller 17. The fixing device 18 applies heat and pressure to the toner image on the sheet 12 to fix the toner image on the sheet 12. Thereafter, the sheet 12 is discharged to the outside of the image forming apparatus 10. The cleaning blade 35 collects toner remaining on the intermediate transfer belt 30 into a waste toner container 36.

The toner cartridge is a cartridge that includes a container (developers 25a to 25d) containing toner used to form an image on the sheet 12. The drum cartridge is a cartridge that includes photosensitive drums 22a to 22d on which electrostatic latent images are formed. The fixing device 18 is a unit that includes a pair of rollers (a pressure roller 16 and a fixing roller 17) for fixing the image onto the sheet 12 onto which the image has been transferred. The intermediate transfer unit is a unit that includes an intermediate transfer belt 30 to which images formed on the photosensitive drums 22a to 22d are transferred.

The image forming apparatus 10 is an electrophotographic image forming apparatus that forms images using toner. However, for example, an inkjet image forming apparatus that forms an image by ejecting ink onto a sheet may be employed. In the case of an inkjet type image forming apparatus, an ink cartridge including a container containing ink is a consumable item of the image forming apparatus.

<Printer>
FIG. 1A shows the configuration of printer I, and FIG. 1B shows the configuration of printer II. The destination of Printer I and the destination of Printer II are different. The destination of Printer I is, for example, Japan, and the destination of Printer II is, for example, the United States. Note that the elements constituting Printer I and the elements constituting Printer II are the same and are therefore given the same reference numerals. When distinguishing between the two, "'" is added to the end of the reference symbol.

The authenticated device 100 is attached to a cartridge or the like. The authentication device 102 determines whether the cartridge is a genuine product by authenticating the device 100 to be authenticated. Authentication device 102 is installed in a printer.

The authenticated device 100 has an authenticated IC 101 . IC is an abbreviation for integrated circuit. The authenticated IC 101 may be implemented as a memory tag, for example. The authenticated IC 101 stores information necessary for password authentication processing and main authentication processing. The password authentication process is an authentication process using a password. The main authentication process is an authentication process using an authentication key. The password authentication process may be called a first authentication session, and the main authentication process may be called a second authentication session.

The authentication device 102 includes a communication IF 103, a CPU 104, and an authentication IC 105. Authentication IC 105 may be implemented as a memory tag, for example. The communication IF 103 is a communication circuit for communicating with the IC 101 to be authenticated. The CPU 104 controls authentication processing executed between the IC 101 to be authenticated and the authentication IC 105. The authentication IC 105 stores information necessary for password authentication processing and main authentication processing.

Note that the authentication information stored in the authentication device 102 for printer I is different from the authentication information stored in the authentication device 102' for printer II. In other words, the authentication information stored in the authentication IC 105 and the authentication information stored in the authentication IC 105' are different. On the other hand, the authentication information stored in the authenticated device 100 for Printer I and the authentication information stored in the authenticated device 100 for Printer II are the same. In other words, the authenticated IC 101 of the printer I and the authenticated IC 101 of the printer II are common. This means that the same cartridge and authenticated device 100 can be supplied to all destinations.

FIG. 2A shows the functions provided in the IC 101 to be authenticated. FIG. 2B shows the functions provided in the authentication IC 105. Since the functions provided in both are common or similar, the names of each function are shared. The alphabet added to the end of the reference sign is added to distinguish between the two, but is usually omitted.

The arithmetic unit 201a of the IC 101 to be authenticated includes an authentication section 206a that performs main authentication and a password section 207a that executes password authentication. Program memory 202a stores a program 208a executed by arithmetic unit 201a. The private memory 203a stores private data 210a that is not disclosed to the outside of the IC 101 to be authenticated. In other words, the private data 210a is secret information. The public memory 204a stores public data 211a that can be disclosed to the outside of the IC 101 to be authenticated. In other words, the public data 211a is public information. The communication unit 205a communicates with the authentication device 102 using, for example, a serial communication protocol.

The arithmetic unit 201a of the authentication IC 105 includes an authentication section 206a that performs main authentication and a password section 207a that executes password authentication. Program memory 202a stores a program 208a executed by arithmetic unit 201a. The private memory 203a stores private data 210a that is not disclosed to the outside of the IC 101 to be authenticated. The public memory 204a stores public data 211a that can be disclosed to the outside of the IC 101 to be authenticated. The communication unit 205a communicates with the authentication device 102 using, for example, a serial communication protocol.

The calculation unit 201b of the authentication IC 105 includes an authentication section 206b that performs main authentication and a password section 207b that executes password authentication. Program memory 202b stores a program 208b executed by arithmetic unit 201b. The private memory 203b stores private data 210b that is not disclosed to the outside of the authentication IC 105. In other words, the private data 210b is confidential information. The public memory 204b stores public data 211b that can be made public outside the authentication IC 105. In other words, the public data 211b is public information. The communication unit 205b communicates with the CPU 104 using, for example, a serial communication protocol. A serial communication protocol is generally a communication method consisting of sending a command and receiving a response. Serial communication is just one example, and other communication protocols and other connection forms may be employed as long as the authenticated IC 101, CPU 104, and authentication IC 105 can communicate with each other.

The private memory 203 and the public memory 204 may be physically different memories or may be the same memory. In the latter case, private memory 203 is secured within physical memory as a private storage area. Public memory 204 is reserved in physical memory as a public storage area.

<Private data and public data>
FIG. 3A shows private data 210a and public data 211a stored in the authenticated IC provided in the cartridge 300 of the printer. The private data 210a includes a plurality of keys to be authenticated, necessity information indicating whether password authentication is necessary, and password data used for password authentication. Authentication key Bk10 is a key used in main authentication. The identification information of the authenticated key Bk10 is the key ID10. Authentication key Bk11 is a key used in main authentication. The identification information of the authenticated key Bk11 is the key ID11. In this example, the keys to be authenticated Bk10 and Bk11 both require password authentication. The password data is data calculated from a derived password (eg, Bpwd10) derived from a password (eg, Mpwd10), which will be described later, and a one-way function (eg, h). The password data of the IC 101 to be authenticated is compared with the password data generated by the authentication IC 105. Thereby, it may be determined whether the authentication IC 105 is a genuine product.

The public data 211a includes a plurality of key IDs and cartridge identification information. In this example, a key ID10 corresponding to both the authentication key Bk10 and password data h (Bpwd10) and a key ID11 corresponding to both the authentication key Bk11 and password data h (Bpwd11) are stored. The cartridge identification information CRGID is used in the authentication IC 105 to reproduce the authenticated key Bk10 from the authentication key Mk10 or to generate a derived password (eg, Bpwd10) derived from the password (eg, Mpwd10).

FIG. 3B shows private data 210b and public data 211b of printer I. The private data 210b includes an authentication key Mk10 and a password Mpwd10. The public data 211b stores a key ID. Key ID10 is identification information given to both authentication key Mk10 and password Mpwd10.

FIG. 3C shows private data 210b' and public data 211b' of printer I. The private data 210b' includes an authentication key Mk11 and a password Mpwd11. Public data 211b' stores a key ID. The key ID11 is identification information given to both the authentication key Mk11 and the password Mpwd11.

<Arithmetic expression>
Authentication key Bki is a derived key derived from authentication key Mki. i is an integer of 1 or more.
Bki = f(Mki, CRGID)...(1)
Here, f is a one-way function. CRGID is cartridge identification information. At the manufacturing factory of the IC 101 to be authenticated, the key Bki to be authenticated is calculated based on equation (1) and stored in the IC 101 to be authenticated. Further, the authentication IC 105 uses equation (1) when reproducing the authenticated key Bki. The derived password Bpwdi is calculated by substituting the password Mpwdi and the cartridge identification information CRGID into the following equation.
Bpwdi = g(Mpwdi, CRGID) ... (2)
Here g is a one-way function.

Password data h (Bpwdi) is calculated from the following equation.
h(Bpwdi) = h(g(Mpwdi, CRGID))...(3)
Here h is a one-way function. At the manufacturing factory of the IC 101 to be authenticated, the key h (Bpwdi) to be authenticated is calculated based on equations (2) and (3) and stored in the IC 101 to be authenticated.

In this way, the authentication IC 105 has a single authentication key Mki and a single password Mpwdi. The authenticated IC 101 has multiple authenticated keys Bki and multiple password data h (Bpwdi). In other words, the IC 101 to be authenticated can be authenticated by a plurality of authentication ICs 105. Therefore, in order to duplicate the plurality of authentication keys Bki and the plurality of password data h (Bpwdi) stored in the authentication IC 101, obtain the printer I and the printer II, and copy the authentication keys Mki and password data stored in each of them. Password Mpwdi must be revealed. Furthermore, in order to make it difficult to duplicate the plurality of authenticated keys Bki and the plurality of password data h (Bpwdi), it would be advantageous to make it difficult to obtain the printers I and II. For example, if Printer I is sold in Europe and Printer II is sold in China, it may be difficult to obtain both Printer I and Printer II. Furthermore, by making the sales timings of Printer I and Printer II different, it will be difficult to obtain both Printer I and Printer II. By separating Printer I and Printer II in time and/or space in this way, the authentication system will be made more robust.

<Communication protocol>
4A and 4B show an example of a communication protocol for communication executed between the authenticating device 102 and the authenticated device 100. Command 01h is a command instructing to start authentication processing without a password. Option data of the command 01h includes a key ID used for authentication processing. Command 02h is a command instructing to start authentication processing with a password. Option data for command 02h includes a derived password used for authentication processing. Command 03h is a command instructing to start authenticated calculation (authentication session using authenticated key Bk). Option data for command 03h includes calculation conditions (eg, x, which is a one-way function) used in the authentication calculation. As the authenticated calculation, an authenticated calculation using a secret key such as HMAC or CMAC may be adopted. HMAC is an abbreviation for Hash-based Message Authentication Code. CMAC is an abbreviation for Cipher-based MAC. Command 04h is a command that instructs to execute an authentication check (eg, verification of session key x (Bk)). The optional data of command 04h includes calculation conditions (eg, one-way function x) used for authentication check and calculation results (eg, session key x (Bk)). Command 40h is a command for instructing password generation. Option data for the command 40h includes a password derivative (eg, CRGID). Command 7Eh is a command for reading public data 211 from authentication IC 105. Command 7Fh is a command for reading public data 211 from authenticated IC 101.

The response 80h is a response sent when the command is successfully executed. Option data sent along with response 80h is the execution result. Response FFh is a response sent when execution of a command fails.

<Flow of password authentication and main authentication>
FIG. 5 shows functions realized by the CPU 104 executing programs. FIG. 6 shows the sequence of password authentication and main authentication. FIG. 7 shows password authentication and main authentication executed by the CPU 104. FIG. 8 shows the processing executed by the IC 101 to be authenticated.

●S701: Acquisition of key ID from authentication IC The CPU 104 (acquisition unit 501) acquires a key ID (eg, ID10) from the authentication IC 105. As shown in sequence Sq1 in FIG. 6, the CPU 104 acquires public data 211 including the key ID from the authentication IC 105 by transmitting a command 7Eh to the authentication IC 105. When the arithmetic unit 201b of the authentication IC 105 receives the command 7Eh, it reads the public data 211b from the public memory 204b and creates option data. In sequence Sq2, the arithmetic unit 201b transmits option data to the CPU 104 along with a response 80h.

●S702: Acquisition of key ID from authenticated IC The CPU 104 (acquisition unit 502) acquires a key ID (eg, ID10, ID11, CRGID) from the authenticated IC 101. As shown in sequence Sq3 in FIG. 6, the CPU 104 acquires public data 211 including the key ID and cartridge identification information from the authenticated IC 101 by transmitting a command 7Eh to the authenticated IC 101. When the arithmetic unit 201a of the authenticated IC 101 receives the command 7Eh, it reads the public data 211a from the public memory 204a and creates option data. In sequence Sq4, the calculation unit 201a transmits option data (key ID10, ID11, and cartridge identification information CRGID) to the CPU 104 along with a response 80h.

-S703: Determination of key ID The CPU 104 (ID determination unit 503) determines the key ID used in the authentication process based on the key ID acquired from the authentication IC 105 and the key ID acquired from the authenticated IC 101. For example, if the key ID obtained from the authentication IC 105 is ID10, and the key IDs obtained from the authenticated IC 101 are ID10 and ID11, ID10 common to both is selected.

●S704: Generation of derived password The CPU 104 (request unit 504) requests the authentication IC 105 to generate a derived password. As shown in FIG. 6, a command 40h is sent to the authentication IC 105 in sequence Sq5. The option data of the command 40h includes cartridge identification information CRGID. The password unit 207b of the authentication IC 105 reads the password Mpwd10 from the private memory 203b. The password unit 207b calculates the derived password Bpwd10 by substituting the password Mpwd10 and the cartridge identification information CRGID into equation (2). In sequence Sq6, the password unit 207b transmits the response 80h and the derived password Bpwd10 to the CPU 104. CPU 104 receives these. Note that the CPU 104 may obtain the password Mpwd10 from the authentication IC 105, and calculate the derived password Bpwd10 by substituting the password Mpwd10 and the cartridge identification information CRGID into equation (2). In this case, the CPU 104 transmits a command to obtain the password Mpwd10 from the authentication IC 105, and the authentication IC 105 transmits a response including the password Mpwd10.

●S705: Transmission of derived password The CPU 104 (calculation instruction unit 505) transmits the derived password Bpwd10 to the IC 101 to be authenticated. As shown in sequence Sq7 in FIG. 6, the calculation instruction unit 505 transmits the command 02h to the authenticated IC 101. The option data of command 02h includes the key ID selected by ID determining section 503 and derived password Bpwd10.

In S801, the password unit 207a of the IC 101 to be authenticated receives the key ID and the derived password Bpwd10. In S802, the password unit 207a reads necessity information corresponding to key ID10 from the private memory 203a, and determines whether password authentication is necessary. If password authentication is required (TRUE), the password unit 207a proceeds to S803. If password authentication is not required (FALSE), the password unit 207a proceeds to S806.

In S803, the password unit 207a calculates password data h (Bpwd10). The password unit 207a calculates password data h (Bpwd10) by inputting Bpwd10 received from the CPU 104 to the one-way function h. The one-way function h may be, for example, a cryptographic hash function.

In S804, the password unit 207a determines whether the password data h (Bpwd10) obtained by the calculation matches the password data h (Bpwd10) corresponding to the key ID10 stored in the private memory 203a. If the two match, the password unit 207a proceeds to S805. If the two do not match, the password section 207a proceeds to S810. In S810, the password unit 207a transmits password authentication NG for password data h (Bpwd10) to the CPU 104. For example, the password section 207a transmits a response FFh.

In S805, the password unit 207a transmits password authentication OK to the CPU 104. As shown by sequence Sq8 in FIG. 6, the password unit 207a transmits a response 80h.

●S706: Determination of success of password authentication The CPU 104 (determination unit 506) determines whether the password authentication is successful based on the response received from the IC 101 to be authenticated. If the response 80h is received, the CPU 104 determines that the password authentication has been successful, and proceeds to S707 to start an authentication session using the authenticated key Bk. If the response FFh is received, the CPU 104 determines that the password authentication has failed, and proceeds to S711. In S711, the CPU 104 outputs authentication NG.

●S707: Authentication calculation in the authenticated IC The CPU 104 (authentication instruction unit 507) requests the authenticated IC 101 to execute the authenticated calculation. As a result, an authentication session using authenticated key Bk is started. As shown by sequence Sq9, the authentication instruction unit 507 transmits the response 03h to the IC 101 to be authenticated. The option data of response 03h includes calculation conditions. In S806, the authentication unit 206a of the IC 101 to be authenticated receives the calculation conditions. In S807, the authentication unit 206a executes authentication calculation according to the calculation conditions. This authentication calculation is performed, for example, by applying a one-way function x to the key to be authenticated Bk10. In S808, the authentication unit 206a transmits the authentication calculation result to the CPU 104. The authentication unit 206a loads the authentication calculation result (eg, x (Bk10)) into the option data and transmits a response 80h to the CPU 104. As shown by the sequence Sq10, the CPU 104 receives the authentication calculation result (eg, x(Bk10)) along with the response 80h.

●S708: Authentication calculation in authentication IC CPU 104 (authentication instruction unit 508) transfers the authentication calculation result to authentication IC 105. As shown by the sequence Sq11, the CPU 104 loads the authentication calculation result and the calculation condition (eg, CRGID) in the option data, and sends the command 04h to the authentication IC 105. The authentication unit 206b of the authentication IC 105 reproduces the authenticated key Bk10 according to the calculation conditions and the authentication key Mk10. For example, the authentication unit 206b substitutes the calculation condition CRGID and the authentication key Mk10 read from the private memory 203b into equation (1), and calculates the authenticated key Bk10. Further, the authentication unit 206b performs an authentication operation on the key to be authenticated Bk10, and obtains an authentication operation result (eg, x(Bk10)). This authentication calculation is performed, for example, by applying a one-way function x to the key to be authenticated Bk10. The authentication unit 206b determines whether the authentication calculation result received from the authenticated IC 101 via the CPU 104 matches the authentication calculation result obtained based on the authenticated key reproduced by the authentication unit 206b from the authentication key Mk10 and the cartridge identification information CRGID. Determine whether or not. If the two match, the authentication unit 206b transmits a response 80h in sequence Sq12. If the two do not match, the authentication unit 206b transmits a response FFh in sequence Sq12.

●S709: Authentication check The CPU 104 (determination unit 509) determines whether the main authentication was successful based on the response received from the authentication IC 105. If response 80h is received, the CPU 104 determines that the main authentication has been successful, and proceeds to S710. In S710, the CPU 104 outputs authentication OK to the printer controller or the like. If the response FFh is received, the CPU 104 determines that the main authentication has failed, and proceeds to S711. In S711, the CPU 104 outputs authentication NG to the printer controller or the like.

In this way, the authentication IC 105 holding the correct password (eg, Mpwd10) can pass the correct derived password (eg, Bpwd10) to the authenticated IC 101, and thus can proceed to main authentication. In other words, the authentication IC 105 with an incorrect password cannot proceed to main authentication. In other words, the authentication IC 105 having an incorrect password cannot obtain the authentication calculation result (eg, x(Bk10)) from the IC 101 to be authenticated. Furthermore, by separating the authentication IC 105 and the authentication IC 105' spatially or temporally, it becomes difficult to read the authenticated keys (eg, Bk10, Bk11) at an early stage. The characteristics of the first embodiment may be understood as follows.
●Feature 1: Authentication key Bki is protected by password data. Therefore, the authenticated key Bki is not easily used.
●Characteristic 2: Password Mpwdi is not sent as is, but a derived value (Bpwdi) of the password is sent. Therefore, it is difficult to reveal the password Mpwdi. Therefore, the confidentiality of the password Mpwdi is maintained.
●Feature 3: The derived value (Bpwdi) is not used as is, but the password data h (Bpwdi) is calculated from the derived value (Bpwdi) and used for password authentication. Therefore, the password Mpwdi and the password data h (Bpwdi) are not directly transmitted and received and are not exposed. In other words, the confidentiality of the password data h (Bpwdi) is maintained.
●Characteristic 4: The authenticated IC 101 stores multiple authenticated keys Bki and multiple password data, but the authenticated IC 105 stores only a single authentication key Mki and a single password Mpwdi. Therefore, the authentication key Mkj and password Mpwdj are unlikely to be exposed. j is an index different from i.
●Feature 5: The key ID differs depending on the destination of the printer. In other words, the authentication key Mki and password Mpwdi differ depending on the destination of the printer. This makes it possible to spatially separate the authentication key Mki and the authentication key Mkj. Furthermore, it is possible to spatially separate the password Mpwdi and the password Mpwdj.
●Feature 6: The key ID differs depending on the sales period of the printer. In other words, the authentication key Mki and password Mpwdi differ depending on the sales period of the printer. For example, the authentication key Mki and password Mpwdi of the printer sold at the first time are different from the authentication key Mkj and password Mpwdj of the printer sold at the second time. This achieves temporal separation between the authentication key Mki and the authentication key Mkj. Similarly, a temporal separation of password Mpwdi and password Mpwdj is achieved.
●Characteristic 7: Authentication key Bki can be calculated from authentication key Mki and cartridge identification information CRGID. Therefore, the authentication IC can reproduce the authenticated key Bki from the secret information and public information that it manages. This eliminates the need to transmit and receive the key to be authenticated Bki, and the disclosure of the key to be authenticated Bki is suppressed.
●Characteristic 8: The derived value Bpwdi of the password can be calculated from the password Mpwdi and the cartridge identification information CRGID. Therefore, the authentication IC can calculate the derived value Bpwdi of the password from the secret information and public information that it manages. Further, instead of the password Mpwdi, a derived value Bpwdi of the password is transmitted and received. This eliminates the need to send and receive the password Mpwdi, and the disclosure of the password Mpwdi is suppressed.
●Characteristic 9: Password Mpwdi, authentication key Mki, authenticated key Bki, and password data h (Bpwdi) are secret information. Since this secret information is not transmitted or received between the authentication IC 105 and the authenticated IC 101, the confidentiality of the secret information is maintained.
●Feature 10: The key ID and cartridge identification information CRGID are public information. Secret information is not calculated from the key ID and cartridge identification information CRGID.

[Example 2]
Since printer development is carried out continuously, model changes (product generation changes) are carried out almost at regular intervals. Since printers I and II described in the first embodiment are equipped with a password check and an authentication check, they have strong security. On the other hand, Printers I and II (conventional models), which were the basis for the development of Printers I and II (successors), have an authentication check, but may not have a password check. . Note that printers i and ii may be called first generation models, and printers I and II may be called second generation models. It is also assumed that printer i and printer I are each sold at destination I, and printer ii and printer II are each sold at destination II.

By sharing the consumables for printers i and ii with the consumables for printers I and II, management costs for consumables are reduced. For example, it would be troublesome for a retailer to store and manage both toner cartridges for printers i and ii and toner cartridges for printers I and II in a warehouse. Therefore, if the toner cartridges for printers I and II can also be used for printers i and ii, it is sufficient that one type of common toner cartridge is stored in the warehouse.

In this case, the authenticated device 100 mounted on the common toner cartridge is required to be authenticated by the first generation authentication device 102 and also authenticated by the second generation authentication device 102.

<Hardware>
The configurations of the second generation printers I and II and the configuration of the second generation cartridge 300 are as described in the first embodiment. On the other hand, the authentication IC 105 of the first generation printers i and ii does not have the password section 207b. Similarly, the authenticated IC 101 of the first generation cartridge 300 does not have the password section 207a.

<Private data and public data>
●First Generation Cartridge FIG. 9A shows private data 210a and public data 211a stored in the authenticated IC 101 installed in the first generation cartridge 900. The private data 210a includes a plurality of keys to be authenticated. Authentication keys Bk00 and Bk01 are keys used in main authentication. The identification information of the authenticated key Bk00 is the key ID00. The identification information of the authenticated key Bk01 is the key ID01.

The public data 211a includes a plurality of key IDs and cartridge identification information. In this example, a key ID10 corresponding to the key to be authenticated Bk00 and a key ID01 corresponding to the key to be authenticated Bk01 are stored. The cartridge identification information CRGID is used when the authentication IC 105 reproduces the authenticated key Bk00 from the authentication key Mk00. Similarly, the cartridge identification information CRGID is used when the authentication IC 105 reproduces the authenticated key Bk01 from the authentication key Mk01.

●First Generation Printer FIG. 9B shows private data 210b and public data 211b stored in the authentication IC 105 installed in the first generation printer i sold at destination I. The private data 210b has an authentication key Mk00 corresponding to the key ID00. The public data 211b stores a key ID00.

FIG. 9C shows private data 210b and public data 211b stored in the authentication IC 105 installed in the first generation printer ii sold at destination II. The private data 210b has an authentication key Mk01 corresponding to the key ID01. The public data 211b stores a key ID01.

●Second generation cartridge (common cartridge)
FIG. 10 shows private data 210a and public data 211a stored in the authenticated IC 101 installed in the second generation cartridge 300. The private data 210a includes a plurality of keys to be authenticated, a plurality of necessity information, and a plurality of password data.

Authentication key Bk00 is a key used for main authentication in first generation printer i. The authentication key Bk01 is a key used for main authentication in the first generation printer ii. The authentication key Bk10 is a key used for main authentication in the second generation printer I. The authentication key Bk11 is a key used for main authentication in the second generation printer II. Authentication keys Bk00, Bk01, Bk10, and Bk11 correspond to keys ID00, ID01, ID10, and ID11, respectively.

The necessity information corresponding to key ID00 is set to FALSE. The necessity information corresponding to key ID01 is also set to FALSE. This is because password authentication is not performed in first generation printers i and ii. The necessity information corresponding to key ID10 is set to TRUE. The necessity information corresponding to key ID11 is also set to TRUE. This is because password authentication is performed in second generation printers I and II.

Password data corresponding to keys ID00 and ID01 is not stored. This is because password authentication is not performed in first generation printers i and ii. Password data corresponding to keys ID10 and ID11 is stored. This is because password authentication is performed in second generation printers I and II.

-Second Generation Printer The private data 210b and public data 211b for the second generation printers I and II are as shown in FIGS. 3B and 3C. Therefore, a description of these will be omitted here.

<Arithmetic expression>
The arithmetic expression for determining the key to be authenticated Bki is equation (1). That is, the authentication key Bk00 is obtained by inputting the authentication key Mk00 and the cartridge identification information CRGID into the one-way function f. Similarly, the authentication key Bk01 is obtained by inputting the authentication key Mk01 and the cartridge identification information CRGID into the one-way function f.

<Communication protocol>
The communication protocol in the second embodiment is the same as the communication protocol in the first embodiment. However, in the first generation printers i and ii, commands 40h and the like related to password authentication are omitted.

<Flow of password authentication and main authentication>
The password authentication and main authentication performed when the common cartridge 300 is connected to the second generation printers I and II are as described in the first embodiment. Therefore, the flow when the common cartridge 300 or the first generation cartridge 900 is connected to the first generation printers i and ii will be described below.

FIG. 11 shows the main authentication sequence according to the second embodiment. The difference between FIG. 11 and FIG. 6 is that there is no processing related to password authentication.

●Case where a first generation cartridge 900 is connected to a first generation printer i In sequence Sq1, the CPU 104 (acquisition unit 501) sends command 7Eh to the authentication IC 105. When the arithmetic unit 201b of the authentication IC 105 receives the command 7Eh, it reads the public data 211b from the public memory 204b and creates option data.

In sequence Sq2, the arithmetic unit 201b transmits option data to the CPU 104 along with a response 80h. The authentication IC 105 of the first generation printer i transmits the key ID00.

In sequence Sq3, the CPU 104 acquires public data 211a including the key ID and cartridge identification information from the authenticated IC 101 by transmitting a command 7Eh to the authenticated IC 101. When the arithmetic unit 201a of the authenticated IC 101 receives the command 7Eh, it reads the public data 211a from the public memory 204a and creates option data.

In sequence Sq4, the arithmetic unit 201a transmits option data (keys ID00, ID01, and cartridge identification information CRGID) to the CPU 104 along with a response 80h.

The CPU 104 (ID determining unit 503) selects a common key ID00 based on the key ID00 received from the authentication IC and the keys ID00 and ID01 received from the authenticated IC. Sequences Sq5 and Sq6 are not executed.

In sequence Sq7, the CPU 104 (calculation instruction unit 505) transmits the command 01h and option data (key ID 00) to the authenticated IC 101. The authentication unit 206a of the IC 101 to be authenticated receives the command 01h and the option data (key ID 00). The authentication unit 206a recognizes that password authentication is unnecessary based on command 01h or key ID00. The authentication unit 206a reads the necessity information of the private data 210a based on the key ID00, and finds that the necessity information is FALSE. In other words, since the necessity information is FALSE, the authentication unit 206a may determine that password authentication is not necessary.

In sequence Sq8, the authentication unit 206a transmits a response 80h. When the CPU 104 receives the response 80h, it recognizes that the authentication process has started in the IC 101 to be authenticated.

In sequence Sq9, the CPU 104 (authentication instruction unit 507) requests the authenticated IC 101 to execute the authenticated calculation. The authentication instruction unit 507 transmits the response 03h to the IC 101 to be authenticated. The option data of response 03h includes calculation conditions. The authentication unit 206a of the IC 101 to be authenticated receives the calculation conditions. The authentication unit 206a executes authentication calculation according to calculation conditions. This authentication calculation is performed, for example, by applying a one-way function x to the key to be authenticated Bk00.

In sequence Sq10, the authentication unit 206a transmits the authentication calculation result to the CPU 104. The authentication unit 206a loads the authentication calculation result (eg, x (Bk00)) into the option data, and transmits a response 80h to the CPU 104. The CPU 104 receives the authentication calculation result (eg, x (Bk00)) along with the response 80h.

In sequence Sq11, the CPU 104 (authentication instruction unit 508) transfers the authentication calculation result to the authentication IC 105. The CPU 104 loads the authentication calculation result and the calculation condition (eg, CRGID) in the option data, and sends the command 04h to the authentication IC 105. The authentication unit 206b of the authentication IC 105 reproduces the authenticated key Bk00 according to the calculation conditions and the authentication key Mk00. For example, the authentication unit 206b substitutes the calculation condition CRGID and the authentication key Mk00 read from the private memory 203b into equation (1), and calculates the authenticated key Bk00. Further, the authentication unit 206b performs an authentication calculation on the key to be authenticated Bk00, and obtains an authentication calculation result (eg, x(Bk00)). This authentication calculation is performed, for example, by applying a one-way function x to the key to be authenticated Bk00. The authentication unit 206b determines whether the authentication calculation result received from the authenticated IC 101 via the CPU 104 matches the authentication calculation result obtained based on the authenticated key reproduced by the authentication unit 206b from the authentication key Mk00 and the cartridge identification information CRGID. Determine whether or not.

In sequence Sq12, the authentication unit 206b transmits a response 80h or a response FFh. If the authentication calculation result received from the authentication IC 101 matches the authentication calculation result obtained based on the authentication key reproduced by the authentication unit 206b from the authentication key Mk00 and the cartridge identification information CRGID, a response 80h is transmitted. Ru. If the two do not match, a response FFh is transmitted.

●A case where a common cartridge 300 is connected to the first generation printer i Sequence Sq1, sequence Sq2, sequence Sq7 to sequence Sq12 are as already explained.

In sequence Sq3, the CPU 104 transmits command 7Eh to the authenticated IC 101. When the arithmetic unit 201a of the authenticated IC 101 receives the command 7Eh, it reads the public data 211a from the public memory 204a and creates option data. As shown in FIG. 10, the public data 211a includes keys ID00, ID01, ID10, ID11 and cartridge identification information CRGID.

In sequence Sq4, the calculation unit 201a transmits option data (keys ID00, ID01, ID10, ID11 and cartridge identification information CRGID) to the CPU 104 along with a response 80h.

The CPU 104 (ID determining unit 503) selects a common key ID00 based on the key ID00 received from the authentication IC and the keys ID00, ID01, ID10, and ID11 received from the authenticated IC. Sequences Sq5 and Sq6 are not executed. After that, sequences Sq7 to Sq12 are executed.

●A case where a common cartridge 300 is connected to a second generation printer I This is the same as the first embodiment. However, the difference is that the IC 101 to be authenticated has private data 210a and public data 211a shown in FIG. The public data 211a received from the authenticated IC 101 includes the key ID10 or the key ID11, and the public data 211a received from the authentication IC 105 includes the key ID10 or the key ID11. From this, the CPU 104 (ID determining unit 503) may determine that password authentication is executable.

- There is no case where the first generation cartridge 900 is connected to the second generation printer I. This is because the second generation printer I and the first generation cartridge 900 are not compatible.

<Flowchart>
FIG. 12 is a flowchart showing the processing executed by the CPU 104 of the first generation printers i and ii. When compared with FIG. 7, it can be seen that S704 to S706 are omitted in FIG. 12. The other steps are as described in connection with FIG. The processes executed by the authenticated IC 101 in the first generation cartridge 900 are S806 to S808 shown in FIG.

The processing executed by the CPU 104 of the second generation printers I and II is as shown in FIG. The process executed by the authenticated IC 101 in the common cartridge 300 is as shown in FIG.

<Technical ideas derived from Examples 1 and 2>
[Aspect 1]
As shown in FIGS. 1A and 1B, printers I and II are an example of an authentication system that includes an authenticated device 100 and an authentication device 102 that authenticates the authenticated device 100. The authenticated device 100 has a first storage unit (eg, private memory 203a, public memory 204a) and a first calculation unit (eg, calculation unit 201a). The first storage unit stores a first authenticated key (e.g., Bk10) assigned with first key identification information (e.g., ID10), and a second authenticated key (e.g., Bk10) assigned with second key identification information (e.g., ID11). key (e.g. Bk11). Further, the first storage unit stores a first password (e.g., h(Bpwd10)) associated with the first key identification information, and a second password (e.g., h(Bpwd11)) associated with the second key identification information. to remember. Further, the first storage unit stores identification information (eg, CRGID) of the authenticated device 100, first key identification information (eg, ID10), and second key identification information (eg, ID11).

The authentication device 102 has a second storage unit that stores an authentication key (eg, Mk10), third key identification information (eg, ID10) given to the authentication key, and a third password (eg, Mpwd10). Furthermore, the authentication device 102 includes a second calculation unit (eg, CPU 104, authentication IC 105).

The second calculation unit determines key identification information (e.g. ID10) common to the authenticated device 100 and the authentication device 102 based on the first key identification information, the second key identification information, and the third key identification information. do. The second calculation unit derives a password based on the identification information of the authenticated device 100 stored in the first storage unit of the authenticated device 100 and the third password stored in the second storage unit of the authentication device 102. Calculate information (eg: Bpwd10). The second arithmetic unit transmits password derivation information and key identification information common to the authenticated device 100 and the authentication device 102 to the authenticated device 100.

The first calculation unit applies a predetermined function (eg, one-way function h) to the password derived information received from the authentication device 102 to obtain a calculation result (eg, h(Bpwd10)). The first processing unit is configured to input a password (e.g. h(Bpwd10)) associated with the key identification information common to the authenticated device 100 and the authentication device 102 out of the first key identification information and the second key identification information. , and the calculation result (eg, h(Bpwd10)). When the password authentication is successful, the first calculation unit derives the first key by performing a predetermined calculation (e.g., one-way function x) on the authenticated key (e.g., Bk10) associated with the common key identification information. Find information (eg x (Bk10)). The first key derived information may be called a first authentication value. The common key identification information is identification information common to the authenticated device 100 and the authentication device 102 out of the first key identification information and the second key identification information.

When the password authentication by the first processing unit is successful, the second processing unit performs a predetermined calculation (e.g., one-way function f ). As a result, the authenticated key (eg, Bk10) associated with the key identification information common to the authenticated device 100 and the authenticated device 102 is reproduced. The second calculation unit obtains second key derivation information (for example, x (Bk10)) by performing a predetermined calculation (for example, one-way function x) on the reproduced key to be authenticated. The second key derived information may be referred to as a second authentication value. The second arithmetic unit authenticates the authenticated device 100 based on the first key derivation information obtained by the first arithmetic unit and the second key derivation information obtained by the second arithmetic unit. As described above, according to the embodiment, if the password authentication is not successful, the authenticated key (e.g. Bk10) held in the authenticated device 100 is not used, so the confidentiality (security) of the authenticated key is improves.
[Aspect 2]
The first storage unit may have a first storage area (eg, private memory 203a) that stores secret information and a second storage area (eg, public memory 204a) that stores public information. The first storage area stores a first authenticated key, a second authenticated key, a first password, and a second password so as not to be disclosed to the outside of the authenticated device 100. The second storage area stores first key identification information and second key identification information. This will prevent the first authenticated key, the second authenticated key, the first password, and the second password from being exposed.
[Aspect 3]
The second storage unit includes a third storage area (e.g. private memory 203b) that stores the authentication key and the third password so as not to be disclosed to the outside of the authentication device 102, and a third storage area that stores the third key identification information. It may have four storage areas (eg, public memory 204b). This will prevent disclosure of the authentication key and third password.
[Aspect 4]
The predetermined function may be a one-way function (eg, one-way function h). This makes it difficult to derive the password derived information (eg, Bpwd10) from the calculation result (eg, h(Bpwd10)).
[Aspect 5]
The predetermined operation may be an operation using a one-way function (eg, one-way function f). As a result, the identification information (eg, CRGID), the authentication key (eg, Mk10), and the authenticated key (eg, Bk10) of the authenticated device 100 can be reproduced. Furthermore, it is difficult to restore the authentication key (eg, Mk10) from the reproduced key to be authenticated (eg, Bk10).
[Aspect 6]
The second arithmetic unit may include a first control section (eg, CPU 104) and a second control section (eg, arithmetic unit 201b). The second control unit and the second storage unit may be implemented in an integrated circuit (eg, authentication IC 105). The first control unit transmits a third key identification information acquisition command (eg, command 7Eh) to the second control unit. Thereby, the third key identification information may be acquired from the second storage unit via the second control unit. The first control unit may be configured to determine common key identification information (eg, ID10) between the authenticated device 100 and the authentication device 102 based on the third key identification information.
[Aspect 7]
The first control unit (eg, CPU 104) passes the identification information (eg, CRGID) of the authenticated device 100 stored in the first storage unit of the authenticated device 100 to the second control unit. The second control unit calculates password derived information (e.g., Bpwd10) based on the identification information of the authenticated device 100 and the third password stored in the second storage unit, and passes it to the first control unit. may be configured.
[Aspect 8]
When the password authentication by the first processing unit is successful, the first control section passes the identification information (eg, CRGID) of the authenticated device 100 to the second control section. The second control unit executes a predetermined calculation (eg, one-way function f) based on the identification information (eg, CRGID) of the authenticated device 100 and the authentication key (eg, Mk10). As a result, the key to be authenticated (Bk10) is reproduced. The second control unit is configured to obtain second key derivation information (e.g. x (Bk10)) by performing a predetermined calculation (e.g. one-way function x) on the reproduced authenticated key. It's okay.
[Aspect 9]
As shown in FIG. 3A, the first storage unit may further store necessity information indicating whether password authentication is necessary. The necessity information may indicate that password authentication is not performed. In this case, the first processing unit may transmit a response indicating failure as a response to the command related to password authentication sent from the second processing unit.
[Aspect 10]
As described in the second embodiment, the necessity information may indicate that password authentication is not performed. In this case, the first computing unit skips the password authentication and performs authentication on the authenticated device based on the first key derived information obtained by the first computing unit and the second key derived information obtained by the second computing unit. 100 authentication processes may be performed.
[Aspect 11]
The authentication system may include a first authentication device (authentication device 102 installed in printer I) and a second authentication device (authentication device 102 installed in printer II) as authentication devices 102.
The authentication key (e.g. Mk10) stored in the second storage unit of the first authentication device and the authentication key (e.g. Mk11) stored in the second storage unit of the second authentication device are different. . Third key identification information (e.g. ID10) stored in the second storage unit of the first authentication device and third key identification information (e.g. ID11) stored in the second storage unit of the second authentication device It is different from The third password (e.g. Mpwd10) stored in the second storage unit of the first authentication device is different from the third password (e.g. Mpwd11) stored in the second storage unit of the second authentication device. There is. This prevents multiple pieces of secret information from being exposed at the same time.
[Aspect 12]
The destination country of the first authentication device and the destination country of the second authentication device may be different. This makes it possible to spatially separate the first authentication device and the second authentication device, making it difficult to expose all secret information at the same time.
[Aspect 13]
The shipping time of the first authentication device and the shipping time of the second authentication device may be different. Thereby, temporal separation between the first authentication device and the second authentication device may be realized. As a result, it becomes difficult to reveal all secret information at the same time.
[Aspects 14 and 15]
Authentication device 102 may be an electronic device. The authenticated device 100 may be a consumable item used in electronic equipment. The electronic device may be an image forming device (printer I, II, i, ii). The consumable item may be a cartridge used in an image forming apparatus.
[Aspects 16, 19, 22]
An authenticated device 100 in an authentication system including an authenticated device 100 and an authentication device 102 that authenticates the authenticated device 100 is provided. Further, an authentication device 102 in an authentication system including a device 100 to be authenticated and an authentication device 102 that authenticates the device 100 to be authenticated is provided. As shown in FIG. 6 and the like, an authentication method is provided in which the authentication device 102 authenticates the device 100 to be authenticated.

[Aspects 17, 18, 20, 21]
The authentication device may be an electronic device. The authenticated device may be a consumable item used in electronic equipment. For example, the electronic device may be an image forming device. The consumables may include any one of a toner cartridge, a drum cartridge, an ink cartridge, a fixing unit, and an intermediate transfer belt unit used in an image forming apparatus.

The invention is not limited to the embodiments described above, and various changes and modifications can be made without departing from the spirit and scope of the invention. Therefore, the claims are appended hereto to disclose the scope of the invention.

100: Authenticated device, 102: Authenticated device, 201: Arithmetic unit, 203: Private memory, 204: Public memory, 104: CPU
Authentication IC105

Claims (22)

An authentication system including an authenticated device and an authentication device that authenticates the authenticated device,
The authenticated device is
a first authentication key to which first key identification information is assigned; a second authentication key to which second key identification information is assigned; a first password associated with the first key identification information; a first storage means for storing a second password associated with the key identification information, identification information of the authenticated device, the first key identification information, and the second key identification information;
a first calculation means;
has
The authentication device includes:
a second storage means for storing an authentication key, third key identification information given to the authentication key, and a third password;
a second calculation means;
has
The second calculation means is
the first key identification information and the second key identification information stored in the first storage means of the authentication device; and the third key identification information stored in the second storage means of the authentication device. determining key identification information common to the authenticated device and the authenticating device based on the information;
Calculating password derived information based on the identification information of the authenticated device stored in the first storage means of the authenticated device and the third password stored in the second storage means of the authentication device. death,
transmitting the password derived information and key identification information common to the authenticated device and the authentication device to the authenticated device;
The first calculation means is
applying a predetermined function to the password derived information received from the authentication device to obtain a calculation result;
Password authentication is performed based on a password associated with key identification information common to the authenticated device and the authentication device among the first key identification information and the second key identification information, and the calculation result. ,
When the password authentication is successful, a predetermined calculation is performed on the authenticated key associated with the key identification information common to the authenticated device and the authenticated device among the first key identification information and the second key identification information. Find the first key derived information by executing
The second calculation means is
When the password authentication by the first calculation means is successful, a predetermined calculation is performed based on the identification information of the authentication target device and the authentication key, thereby obtaining key identification information common to the authentication target device and the authentication device. reproducing the associated authenticated key and performing the predetermined calculation on the reproduced authenticated key to obtain second key derived information;
An authentication system characterized in that the authentication target device is authenticated based on the first key derivation information obtained by the first calculation means and the second key derivation information obtained by the second calculation means. The first storage means is
a first storage area that stores the first authenticated key, the second authenticated key, the first password, and the second password so as not to be disclosed to the outside of the authenticated device;
The authentication system according to claim 1, further comprising a second storage area that stores the first key identification information and the second key identification information. The second storage means is
a third storage area in which the authentication key and the third password are stored so as not to be disclosed to the outside of the authentication device;
The authentication system according to claim 1 or 2, further comprising a fourth storage area that stores the third key identification information. The authentication system according to any one of claims 1 to 3, wherein the predetermined function is a one-way function. 5. The authentication system according to claim 1, wherein the predetermined calculation is a calculation using a one-way function. The second calculation means has a first control section and a second control section,
The second control unit and the second storage means are implemented in an integrated circuit,
The first control unit retrieves the third key identification information from the second storage means via the second control unit by transmitting a command to obtain the third key identification information to the second control unit. 5. The third key identification information is obtained, and key identification information common to the authenticated device and the authentication device is determined based on the third key identification information. Authentication system as described in Section. The first control unit passes identification information of the authenticated device stored in the first storage means of the authenticated device to the second control unit,
The second control unit calculates the password derived information based on the identification information of the authenticated device and the third password stored in the second storage means and passes it to the first control unit. The authentication system according to claim 6, characterized in that: When the password authentication by the first calculation means is successful, the first control unit passes identification information of the authenticated device to the second control unit,
The second control unit reproduces the authenticated key by performing a predetermined calculation based on the identification information of the authenticated device and the authentication key, and executes the predetermined calculation on the reproduced authenticated key. 7. The authentication system according to claim 6, wherein the authentication system is configured to obtain the second key derivation information. The first storage means further stores necessity information indicating whether password authentication is necessary;
When the necessity information indicates that the password authentication is not executed, the first calculation means generates a response indicating failure as a response to the command related to the password authentication transmitted from the second calculation means. The authentication system according to any one of claims 1 to 8, wherein the authentication system transmits the information. When the necessity information indicates that the password authentication is not to be performed, the first calculation means skips the password authentication and calculates the first key derived information obtained by the first calculation means and the 10. The authentication system according to claim 9, wherein the authentication process of the authentication target device is executed based on the second key derivation information obtained by the second calculation means. The authentication system includes a first authentication device and a second authentication device as the authentication devices,
The authentication key, the third key identification information, and the third password stored in the second storage means of the first authentication device are stored in the second storage means of the second authentication device. 9. The authentication system according to claim 1, wherein the authentication key, the third key identification information, and the third password are different from each other. The authentication system according to claim 11, wherein the destination country of the first authentication device and the destination country of the second authentication device are different. The authentication system according to claim 11 or 12, wherein the shipping time of the first authentication device and the shipping time of the second authentication device are different. The authentication device is an electronic device,
14. The authentication system according to claim 1, wherein the authenticated device is a consumable item used in the electronic device. The electronic device is an image forming device,
15. The authentication system according to claim 14, wherein the consumables include any one of a toner cartridge, a drum cartridge, an ink cartridge, a fixing unit, and an intermediate transfer belt unit used in the image forming apparatus. An authenticated device in an authentication system including an authenticated device and an authentication device that authenticates the authenticated device,
a first authentication key to which first key identification information is assigned; a second authentication key to which second key identification information is assigned; a first password associated with the first key identification information; a first storage means for storing a second password associated with the key identification information, identification information of the authenticated device, the first key identification information, and the second key identification information;
a first calculation means;
has
The authentication device has a second storage means for storing an authentication key, third key identification information given to the authentication key, and a third password, and the third password is stored in the first storage means of the authenticated device. Based on the first key identification information and the second key identification information stored in the authentication device, and the third key identification information stored in the second storage means of the authentication device, the authenticated device and the authentication device common key identification information is determined, and the identification information of the authenticated device stored in the first storage means of the authenticated device and the second identification information stored in the second storage means of the authenticated device are determined. (3) calculating password derived information based on the password, and transmitting the password derived information and key identification information common to the authenticated device and the authentication device to the authenticated device;
The first calculation means is
applying a predetermined function to the password derived information received from the authentication device to obtain a calculation result;
Password authentication is performed based on a password associated with key identification information common to the authenticated device and the authentication device among the first key identification information and the second key identification information, and the calculation result. ,
When the password authentication is successful, a predetermined calculation is performed on the authenticated key associated with the key identification information common to the authenticated device and the authenticated device among the first key identification information and the second key identification information. Find the first key derived information by executing
When the password authentication by the first calculation means is successful, the authentication device executes a predetermined calculation based on the identification information of the authentication device and the authentication key, thereby providing a common password between the authentication device and the authentication device. The second key derived information is obtained by reproducing the authenticated key associated with the key identification information to be authenticated, and performing the predetermined calculation on the reproduced authenticated key, and An authenticated device characterized in that the authenticated device is configured to authenticate the authenticated device based on first key derived information and the second key derived information obtained by the authentication device. The authentication device is an electronic device,
The authenticated device according to claim 16, wherein the authenticated device is a consumable item used in the electronic device. The electronic device is an image forming device,
18. The device to be authenticated according to claim 17, wherein the consumables include any one of a toner cartridge, a drum cartridge, an ink cartridge, a fixing unit, and an intermediate transfer belt unit used in the image forming apparatus. An authentication device in an authentication system including a device to be authenticated and an authentication device that authenticates the device to be authenticated, the authentication device comprising:
The authenticated device includes a first authenticated key to which first key identification information is assigned, a second authenticated key to which second key identification information is assigned, and a first authenticated key associated with the first key identification information. a first storage means for storing a password, a second password associated with the second key identification information, identification information of the authenticated device, the first key identification information, and the second key identification information; death,
The authentication device includes:
a second storage means for storing an authentication key, third key identification information given to the authentication key, and a third password;
a second calculation means;
has
The second calculation means is
the first key identification information and the second key identification information stored in the first storage means of the authentication device; and the third key identification information stored in the second storage means of the authentication device. determining key identification information common to the authenticated device and the authenticating device based on the information;
Calculating password derived information based on the identification information of the authenticated device stored in the first storage means of the authenticated device and the third password stored in the second storage means of the authentication device. death,
transmitting the password derived information and key identification information common to the authenticated device and the authentication device to the authenticated device;
The authenticated device applies a predetermined function to the password derived information received from the authenticated device to obtain a calculation result, and determines which of the first key identification information and the second key identification information corresponds to the authenticated device. Password authentication is performed based on the password associated with the key identification information common to the authentication device and the calculation result, and if the password authentication is successful, the first key identification information and the second key identification information The first key derivation information is obtained by performing a predetermined calculation on the authenticated key associated with key identification information common to the authenticated device and the authenticated device,
The second calculation means is
When the password authentication by the authenticated device is successful, a predetermined operation is performed based on the identification information of the authenticated device and the authentication key, so that the authenticated device and the authenticated device are associated with common key identification information. reproducing the authenticated key that has been authenticated and performing the predetermined calculation on the reproduced authenticated key to obtain second key derived information;
An authentication device that authenticates the device to be authenticated based on the first key derivation information obtained by the device to be authenticated and the second key derivation information obtained by the second calculation means. The authentication device is an electronic device,
The authentication device according to claim 19, wherein the device to be authenticated is a consumable item used in the electronic device. The electronic device is an image forming device,
21. The authentication device according to claim 20, wherein the consumables include any one of a toner cartridge, a drum cartridge, an ink cartridge, a fixing unit, and an intermediate transfer belt unit used in the image forming apparatus. An authentication method in which an authentication device authenticates an authenticated device, the authentication method comprising:
The authenticated device includes a first authenticated key to which first key identification information is assigned, a second authenticated key to which second key identification information is assigned, and a first authenticated key associated with the first key identification information. a first storage means for storing a password, a second password associated with the second key identification information, identification information of the authenticated device, the first key identification information, and the second key identification information; death,
The authentication device has a second storage means for storing an authentication key, third key identification information given to the authentication key, and a third password,
The authentication method is
The authentication device
the first key identification information and the second key identification information stored in the first storage means of the authentication device; and the third key identification information stored in the second storage means of the authentication device. determining key identification information common to the authenticated device and the authenticating device based on the information;
Calculating password derived information based on the identification information of the authenticated device stored in the first storage means of the authenticated device and the third password stored in the second storage means of the authentication device. death,
transmitting the password derived information and key identification information common to the authenticated device and the authentication device to the authenticated device;
The authenticated device is
applying a predetermined function to the password derived information received from the authentication device to obtain a calculation result;
Password authentication is performed based on a password associated with key identification information common to the authenticated device and the authentication device among the first key identification information and the second key identification information, and the calculation result. ,
When the password authentication is successful, a predetermined calculation is performed on the authenticated key associated with the key identification information common to the authenticated device and the authenticated device among the first key identification information and the second key identification information. Find the first key derived information by executing
The authentication device
When the password authentication by the authenticated device is successful, a predetermined operation is performed based on the identification information of the authenticated device and the authentication key, so that the authenticated device and the authenticated device are associated with common key identification information. reproducing the authenticated key that has been authenticated and performing the predetermined calculation on the reproduced authenticated key to obtain second key derived information;
An authentication method characterized in that the authenticated device is authenticated based on the first key derived information obtained by the authenticated device and the second key derived information obtained by the authentication device.

Images