SYSTEM AND METHOD FOR A KEY BLOCK BASED AUTHENTICATION

摘要

The present invention relates to a system (70, 80) and a method for a key block based authentication comprising a plurality of drive units (3) comprising a plurality of subsets, wherein a drive unit (3) has a set of node keys (KN_d) and an identifier (ID_d) indicating the subsets said drive unit (3) is part of and wherein an application unit (1) has a key block (AKB). In order to allow identification of a hacked drive unit (3) in order to revoke the hacked drive unit (3) from said key block based authentication, wherein said system is to a large extent compatible with existing systems and methods for a key block based authentication, a system is proposed comprising: - a plurality of drive units (3) comprising a plurality of subsets, wherein a drive unit (3) has a set of node keys (KN_d) and an identifier (ID_d) indicating the subsets said drive unit (3) is part of, - an application unit (1) having a key block (AKB) comprising a plurality of pairs of authorization and authentication keys (KA_x, KR_authx), wherein each pair of keys is associated with one of said subsets, - a communication means (72) for submitting said identifier (ID_d) from said drive unit (3) to said application unit (1) and for submitting an authorization key (KA_x) from said application unit (1) to said drive unit (3), and - an authentication means (54) for authenticating said drive unit (3) and said application unit (1) by means of a pair of keys, wherein said application unit (1) comprises a selecting means (62) for selecting said pair of keys from said key block (AKB) corresponding to said identifier (ID_d), wherein said drive unit (3) comprises a decoding means (52) for deriving said authentication key (KR_authx) of said pair of keys from said authorization key (KA_x) of said pair of keys by means of said set of node keys (KN_d).