KEY BLOCK BASED AUTHENTICATION METHOD AND SYSTEM

The present invention relates to a system (70, 80) and a method for a key block based authentication comprising a plurality of drive units (3) comprising a plurality of subsets, wherein a drive unit (3) has a set of node keys (KNd) and an identifier (IDd) indicating the subsets said drive unit (3) is part of and wherein an application unit (1) has a key block (AKB). In order to allow identification of a hacked drive unit (3) in order to revoke the hacked drive unit (3) from said key block based authentication, wherein said system is to a large extent compatible with existing systems and methods for a key block based authentication, a system is proposed comprising: -a plurality of drive units (3) comprising a plurality of subsets, wherein a drive unit (3) has a set of node keys (KNd) and an identifier (IDd) indicating the subsets said drive unit (3) is part of, -an application unit (1) having a key block (AKB) comprising a plurality of pairs of authorization and authentication keys (KAx, KRauthx), wherein each pair of keys is associated with one of said subsets, -a communication means (72) for submitting said identifier (IDd) from said drive unit (3) to said application unit (1) and for submitting an authorization key (KAx) from said application unit (1) to said drive unit (3), and-an authentication means (54) for authenticating said drive unit (3) and said application unit (1) by means of a pair of keys, wherein said application unit (1) comprises a selecting means (62) for selecting said pair of keys from said key block (AKB) corresponding to said identifier (IDd), wherein said drive unit (3) comprises a decoding means (52) for deriving said authentication key (KRauthx) of said pair of keys from said authorization key (KAx) of said pair of keys by means of said set of node keys (KNd).