Key information generation device and key information generation method

摘要

In initial generation (for example, shipping from the factory), a security device generates an identifier w specific to the security device, with the PUF technology, generates key information k (k=HF(k)) from the identifier w, generates encrypted confidential information x by encrypting (x=Enc(mk, k)) confidential information mk with the key information k, and stores the encrypted confidential information x and an authentication code h (h=HF′(k)) of the key information k, in a nonvolatile memory. In operation, the security device generates the identifier w with the PUF technology, generates the key information k from the identifier w, and decrypts the encrypted confidential information x with the key information k. At a timing where the identifier w is generated in the operation, the security device checks whether the current operating environment has largely changed from the initial generation (S311). If a change in operating environment is detected (S311→S312), the security device conducts a reset-up process (S312 to S315) of an authentication code h which is confidential information, and the encrypted confidential information x.

主权项

1. A key information generation device for generating key information, comprising:
processing circuitry configured to:
generate, based on physical properties of the key information generation device, an identifier specific to the key information generation device;generate, based on the identifier, the key information to be used for encrypting and decrypting confidential information;encrypt and decrypt the confidential information using the key information;generate a hash value based on the key information, after the key information is generated, and in accordance with a hash value generating scheme that uses at least the key information:store encrypted confidential information and the hash value in a nonvolatile manner, the encrypted confidential information being formed by encrypting the confidential information using the key information, the hash value being generated in accordance with the hash value generating scheme that uses at least the key information used for encrypting the confidential information;regenerate the identifier when the confidential information is decrypted;regenerate the key information based on the regenerated identifier for decrypting the encrypted confidential information;regenerate the hash value in accordance with the hash value generating scheme that uses at least the key information;compare the regenerated hash value and the stored hash value;decrypt the encrypted confidential information, when the regenerated hash value and the stored hash value are equal, using the regenerated key information;execute a series of processes including regenerating the identifier, regenerating the key information, and regenerating the hash value; andexecute a comparing process including repeatedly comparing the regenerated hash value and the stored hash value within a range where a repetition count does not exceed a threshold count U, until the regenerated hash value is equal to the stored hash value.