GB2227111A - Certification system - Google Patents

Certification system Download PDF

Info

Publication number
GB2227111A
GB2227111A GB8929239A GB8929239A GB2227111A GB 2227111 A GB2227111 A GB 2227111A GB 8929239 A GB8929239 A GB 8929239A GB 8929239 A GB8929239 A GB 8929239A GB 2227111 A GB2227111 A GB 2227111A
Authority
GB
United Kingdom
Prior art keywords
data
electronic device
key
card
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB8929239A
Other versions
GB8929239D0 (en
GB2227111B (en
Inventor
Yasuo Iijima
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP1008011A external-priority patent/JPH02187785A/en
Priority claimed from JP1008010A external-priority patent/JPH02187888A/en
Application filed by Toshiba Corp filed Critical Toshiba Corp
Publication of GB8929239D0 publication Critical patent/GB8929239D0/en
Publication of GB2227111A publication Critical patent/GB2227111A/en
Application granted granted Critical
Publication of GB2227111B publication Critical patent/GB2227111B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Abstract

A terminal 21 sends, to a card 1, a random number R1, an encryption algorithm selector number ALG and a key data selector number KID-M, to certify the card and the card sends numbers R2, KID-N to certify the terminal (Fig. 3A). Data from the terminal to be written into the card can be encrypted in the card using R1, ALG and KID-M. <IMAGE>

Description

"CERTIFICATION SYSTEM" The present invention relates to a certification system and method for verifying data to be written in, e.g., a memory in an IC card.
As a new portable data storage medium, a great deal of attention has recently been paid to a so-called IC card incorporating an IC chip having an erasable nonvolatile memory and a control element, such as a CPU, for controlling the respective components including the memory.
In a conventional IC card system using such IC cards, e.g., a shopping system or a credit system, when a data write operation is to be performed with respect to an IC card (a memory in the IC card), especially, transaction data is to be written, the transaction data sent to a center (host computer) cannot be verified on the center side.
For this reason, the following certification system and method are proposed.
When an IC card receives a data write instruction from a terminal, the write data is encrypted within the IC card by using predetermined key data and encryption algorithm. Part of the encrypted data is supplied to the terminal. The terminal then supplies the encrypted data and the write data to the center. The write data is verified in the center by using these data.
In such a certification method, however, if IC cards are used in a plurality of applications as they are increasingly used for various purposes, in order to ensure security between the respective applications, it is effective to use different key data for verification which are saved in the applications for verification.
In the above-described certification method, if identical write data, key data, and encryption algorithms are used, the same encrypted data is output from an IC card. Therefore, verification of transaction data becomes difficult.
Furthermore, in such a certification method, special instructions for designating key data and encryption algorithms which are used to encrypt write data within an IC card must be supported.
It is an object of the present invention to provide a certification system and method of a portable electronic device in which even if an IC card is used in a plurality of applications, key data and encryption algorithms for verification can be selectively used for each application so as to ensure security between the applications.
It is another object of the present invention to provide a certification system and method in which even if identical write data, key data, and encryption algorithms are used, different encrypted data are output as long as the time at which a write operation is performed varies, thereby facilitating verification.
It is still another object of the present invention to provide a certification system in which no special instructions for designating key data and encryption algorithms used for encrypting data are required, and hence the load of an IC card can be reduced.
According to a first aspect of the present invention, there is provided a certification system, comprising a first electronic device having at least one key data, a second electronic device capable of performing communication with the first electronic device, means for transmitting first data and designation data for designating key data for encrypting the first data from the second electronic device to the first electronic device, means for, when the first data and the designation data are received by the first electronic device, selecting one key data from the at least one key data in accordance with the received designation data, and encrypting the received first data by using the selected key data, and means for transmitting part of the encrypted data to the second electronic device after the first data is entirely received by the first electronic device.
According to a second aspect of the present invention, there is provided a certification system, comprising a first electronic device having at least one key data and at least one encryption algorithm, a second electronic device capable of performing communication with the first electronic device, means for transmitting first data, key data for encrypting the first data, and designation data for designating an encryption algorithm from the second electronic device to the first electronic device, means for, when the first data and the designation data are received by the first electronic device, selecting one key data and one encryption algorithm from the at least one key data and the at least one encryption algorithm in accordance with the received designation data, and encrypting the received first data by using the selected key data and encryption algorithm, and means for transmitting part of the encrypted data to the second electronic device after the first data is entirely received by the first electronic device.
According to a third aspect of the present invention, there is provided a certification system, comprising a first electronic device having key data and an encryption algorithm, a second electronic device capable of performing communication with the first electronic device, means for transmitting first data and second data whose contents vary in each operation from the second electronic device to the first electronic device, means for, when the first and second data are received by the first electronic device, encrypting the received first data by using the received second data, the key data, c.nd the encryption algorithm, and means for transmitting part of the encrypted data to the second electronic device after the first data is entirely received by the first electronic device.
According to a fourth aspect of the present invention, there is provided a certification system, comprising a first electronic device having at least one key data and at least one encryption algorithm, a second electronic device capable of performing communication with the first electronic device; means for transmitting first data, key data for encrypting the first data, and designation data for designating an encryption algorithm from the second electronic device to the first electronic device, means for, when the first data and the designation data are received by the first electronic device, selecting one key data and one encryption algorithm from the at least one key data and the at least one encryption algorithm in accordance with the received designation data, encrypting the received first data by using the selected key data and encryption algorithm, and transmitting the encrypted data to the second electronic device, means for, when the encrypted data is received by the second electronic device, verifying the first electronic device on the basis of contents of the received encrypted data, means for transmitting second data from the second electronic device to the first electronic device, means for, when the second data is received by the first electronic device, encrypting the received second data by using the key data and encryption algorithm selected on the basis of the designation data; and means for transmitting part of the encrypted data from the first electronic device to the second electronic device.
According to the present invention, one of a plurality of key data held in the IC card is designated by the terminal, and write data is encrypted by using the designated key data. Therefore, even if the IC card is used in a plurality of applications, verification key data can be selectively used for each application, and security between the applications can be ensured.
In addition, one key data and one encryption algorithm of a plurality of key data and encryption algorithms held in the IC card are designated by the terminal, and write data is encrypted by using the designated key data and encryption algorithm.
Therefore, even if the IC card is used in a plurality of applications, verification key data can be selectively used for each application, and security between the applications can be ensured.
Furthermore, by encrypting write data by using data which varies in content in each operation and is transmitted from the terminal to the IC card, different encrypted data are output as long as write operations are performed at different points of time, even if identical write data, key data, and encryption algorithms are used. Therefore, verification can be facilitated.
This invention can be more fully understood from the following detailed description when taken in conjunction with the accompanying drawings, in which: Fig. 1 is a block diagram showing a system arrangement of an IC card, a terminal, and a center, to which a certification system of the present invention is applied; Fig. 2 is a view showing an arrangement of a memory 3 within the IC card in Fig. 1; Figs. 3A through 3C are views showing a procedure for a mutual certification operation between the IC card and the terminal, and a procedure for writing data from the terminal to the IC card; Figs. 4A through 4G are flow charts for explaining an operation of the IC card; Fig. 5 is a view showing a format of a certificate preparation command; Fig. 6 is a view showing a format of a certificate command; Fig. 7 is a view showing a format of an encryption preparation command; and Fig. 8 is a view showing a format of a write command.
Fig. 1 shows an arrangement of a system constituted by an IC card (first electronic device), a terminal (second electronic device) as a host device, and a center (host computer) according to the present invention.
An IC card 1 comprises a memory 3 for storing various data, a random number generator 5 for generating random number data, an encrypter 7 for encrypting data, a contactor 9 for communicating with a terminal 21 (to be described later), and a control element 11 such as a CPU (Central Processing Unit) for controlling these components. The memory 3, the random number generator 5, and the control element 11 are integrated into, e.g., one IC chip (or a plurality of IC chips), and are embedded in an IC card body.
The memory 3 is constituted by a nonvolatile memory, such as an EEPROM (Electrically Erasable Programmable Read Only Memory), and is divided into an area definition table (area) 13 and a data file (area) 15, as shown in Fig. 2. The data file 15 is divided into a plurality of areas 17. The areas 17 are respectively defined by area definition data 19 in the area definition table 13.
The area definition data 19 is a data string in which an area number (AID) as identification data for designating an area, start address data of the memory at which an area is assigned, size data for defining the capacity of an area, and attribute data are arranged to correspond to each other. Each attribute data consists of, e.g., one byte. If the MSB of attribute data is "0", it represents an encrypted data write area. If the MSB is "1", it represents an input data write area.
The terminal (second electronic device) 21 has a function of handling the IC card 1. The terminal 21 comprises a memory 23 for storing various data, a random number generator 25 for generating random number data, an encrypter 27 for encrypting data, a keyboard 29 for inputting data, a display 31 for displaying data, a contactor 33 for communicating with the IC card 1, a communication controller 35 for performing on-line communication through a center (host computer) 39 and a communication line 41, and a control section 37, such as a CPU, for controlling these components.
A certification system and method of the present invention will be described in detail below with reference to Figs. 3A through 3C. Assume that a key data list and a key data number (KID) list shown in Fig. 3A are stored in the memory 23 of the terminal 21.
A key data list is a list in which key data numbers and key data are arranged in correspondence with each other.
A KID list lists only key data numbers for designating key data. The IC card 1 has its own key data list which is registered (stored) in the memory 3 in the IC card when the card is issued.
A process of mutual certification between the IC card 1 and the terminal 21 will be described below with reference to steps 43 through 57. In step 43, the terminal 21 generates random number data R1 by using the random number generator 25, and transmits it to the IC card 1 using a certificate preparation command EXCH. At this time, a key data number KID-M of key data which is used by the terminal 21 to certify the IC card, and data for designating an encryption algorithm ALG which is supported by the terminal 21 are also transmitted to the IC 1.
In step 45, when the IC card 1 receives the certificate preparation command EXCH, it generates random number data R2 by using the random number generator 5, and transmits it to the terminal 21 as a response exch to the certificate preparation command EXCH. At this time, the IC card 1 finds a key data number KID-N of key data used for certifying the terminal 21 from its own key data number list, checks whether it supports the designated encryption algorithm (ALG), and transmits this checking result as "alg" to the terminal 21 together with the random number data R2.
If the key data number KID-M designated by the terminal 21 or the key data number KID-N which is used by the IC card 1 to certify the terminal 21 is not present in the key data number list, or the designated encryption algorithm is not supported, the IC card 1 notifies this to the terminal 21.
In step 47, the terminal 21 finds a key data number KID-N of the encryption key data designated by the IC card 1 from its own key data number list, and extracts corresponding key data NNNNN. The encrypter 7 then encrypts the random number data R2 by using the key data NNNNN in accordance with the encryption algorithm ALG designated by the certificate preparation command EXCH, thus obtaining encrypted data C2X.
In step 51, the IC card 1 compares the encrypted data C2X obtained in step 47 with encrypted data C2X in a previously-received certificate command AUTH, and obtains a comparison result Y/N.
In step 53, the IC card 1 extracts a key data number MMMMM corresponding to the key data number KID-M of the encryption key data designated by the certificate preparation command EXCH from the terminal 21. The encrypter 7 then encrypts the random number data R1 by using the key data MMMMM in accordance with the encryption algorithm ALG, thus obtaining encrypted data C1.
The IC card 1 transmits the encrypted data C1 and the comparison result Y/N in step 51, as a response auth to the certificate command AUTH, to the terminal 21.
In step 55, when the terminal 21 receives the response auth, it extracts key data MMMMM corresponding to the key data number KID-M of the previouslytransmitted encryption key data. The encrypter 27 then encrypts the random number data R1 generated in step 43 by using the key data MMMMM in accordance with the encryption algorithm ALG, thus obtaining encrypted data C1X.
In step 57, the terminal 21 compares the encrypted data C1 received as the response auth with the encrypted data CiX generated in step 55, and determines the subsequent system processing on the basis of the comparison result and the comparison result which is received from the IC card 1 in step 51 using the response auth.
A process of writing data from the terminal 21 to the IC card 1 and verifying the write process will be described below with reference to steps 59 through 87.
In step 59, the terminal 21 transmits a data write request to the IC card using a write command WRITE, including an area number AID-A of a target area of the memory 3 in the IC card 1, a byte count L-1 of write data, and first data Ml-l of write data M1 which is divided into a plurality of data in units of bytes which can be received, as input data, by the IC card 1. In step 61, the IC card 1 finds an area to which the area number AID-A received using the write command WRITE is appended from the area definition table 13. If no corresponding area is found, the IC card 1 transmits a status representing that the area number is not defined to the terminal 21, using a response "write" to the write command WRITE.If such an area is found, the IC card 1 checks whether the previous certificate preparation command EXCH or an encryption preparation command SRND (to be described later) is properly completed.
If it is not properly completed, the IC card 1 transmits an execution condition incompletion error status to the terminal 21, using the response "write".
If it is determined that a corresponding command is properly completed, the IC card 1 generates initial data Rla on the basis of the random number data R1 previously notified by the certificate preparation command EXCH and the card unique value held in the IC card 1 by, e.g., an exclusive OR operation.
In step 63, the IC card 1 encrypts the write data Ml-1 using the initial data Rla and the key data MMMMM corresponding to the key data number KID-M previously notified by the certificate preparation command EXCH in accordance with the encryption algorithm ALG previously designated by the certificate preparation command EXCH, thus obtaining encrypted data Cl-1. In this embodiment, encryption is performed in CBC (Cypher Block Chaining) mode. In a normal encryption mode, encryption can be performed only in units of 8 bytes. Therefore, when data larger than 8 bytes is to be encrypted, the data is divided in units of 8 bytes, and the encryption result of the first divided data is fed back for encryption of the next divided data.Since no feedback value is available when the first divided data is encrypted, the initial data Rla is used as a feedback value.
By referring to the attribute data of the area, an access target, designated by the area number AID-A, it is determined whether the input data Ml-1 or the encrypted data Cl-i is written in the memory 3, and a write operation is performed. Thereafter, the IC card 1 transmits a response nb to the terminal 21 so as to request the next write data.
Upon reception of the response nb, the terminal 21 transmits next write data M1-2 to the IC card 1 in step 65. In step 67, when the IC card 1 receives the next write data M1-2, it encrypts the write data M1-2 by using the last 8-byte data of the previously-generated encrypted data Cl-1 and the key data MMMMM corresponding to the key data number KID-M in accordance with the encryption algorithm ALG, thus obtaining encrypted data C1-2. The last 8-byte data is used in this case, because encryption is performed in the CBC mode, and the encryption result of the first 8-byte data is reflected in the last 8-byte data. Similar to step 63, it is determined whether the input data M1-2 or the encrypted data C1-2 is written in the memory 3, and corresponding data is selectively written in the area.Thereafter, the IC card 1 transmits a response "nb" to the terminal 21 so as to request the next write data.
Subsequently, the same operation as in steps 65 and 67 is repeated.
When the terminal 21 transmits the last data Ml-n of the divided data to the IC card 1 in step 69, the IC card 1 performs the same operation as described above in step 71. As described above, since the encryption result of the first 8-byte data is reflected in the last data, verification of all the data can be performed by transmitting the last data. The IC card 1 transmits the last 8-byte data of the last encrypted data Cl-n, as verification data AC1, to the terminal 21 through a response "write" to the write command WRITE.
That is, in the above-described operation, in order to certify the IC card 1 in accordance with the mutual certification procedure, the terminal 21 obtains the verification data AC1 with respect to the write data M1 in advance by using the key data MMMMM for designating the IC card 1, the encryption algorithm ALG, and the random number data R1.
A process of obtaining verification data using key data, an encryption algorithm, and random data which are different from those in the above embodiment will be described below with reference to steps 73 through 81.
In step 73, the terminal 21 generates new random data R3 by using the random number generator 25, and transmits it to the IC card 1 as an encryption preparation command SRND together with a key data number KID-A of key data which is used by the IC card 1 to generate verification data, and an encryption algorithm ALGa.
In step 75, when the IC card 1 receives the encryption preparation command SRND, it finds a key data number KID-A from its own key list so as to obtain corresponding key data AAAAA, and transmits a response srnd to the terminal 21.
In step 77, the terminal 21 transmits a data write request to the IC card 1 using a write command WRITE.
At this time, the terminal 21 transmits an area number AID-B of a target area of the memory 3 in the IC card 1, a byte count L-2 of write data, and write data M2. Note that in step 77, the byte count of the write data M2 is a byte count which can be received by the IC card 1 as input data.
In step 79, the IC card 1 finds an area to which the area number AID-B is appended from the area definition table 13 in'Fig. 2 in the same manner as in step 61. If the previous encryption preparation command SRND (or the certificate preparation command EXCH) is properly completed, the IC card 1 generates initial data R3a on the basis of the random data R3 notified by the encryption preparation command SRND and the card unique value held in the IC card 1. In step 81, the IC card 1 encrypts the write data M2 by using the initial data R3a and the key data AAAAA corresponding to the key data number KID-A previously notified by the encryption preparation command SRND in accordance with the encryption algorithm previously designated by the encryption preparation command SRND, thus obtaining encrypted data C2.By referring to the attribute data of the area, as an access target, designated by the area number AID-B, it is determined whether the input data M2 or the encrypted data C2 is written in the memory 3, and a write operation is performed. Thereafter, the IC card 1 transmits the last 8-byte data of the encrypted data C2, as verification data AC2, to the terminal 21 using a response "write" to the write command WRITE.
Note that IC card 1 recognizes the physical position of a target area in the memory 3 in accordance with start address data and size data in the area definition table 13 in Fig. 2. Start address data is the start address value of the corresponding area, and size data defines the capacity of the area from the start address value. In addition, attribute data consists of one byte. If the MSB of attribute data is "0", it represents an encrypted data write area. If it is "1", it represents an input data write area.
In step 83, when the data write operation in the IC card 1 is completed, the terminal 21 prepares a data write processing list on the basis of the random number data R1 and R3 corresponding to the write data M1 and M2, key data numbers KID-M and KID-A, verification data AC1 and AC2, and the algorithm designation values ALG and ALGa. The prepared list is then transmitted to the center 39.
In step 85, upon reception of the list from the terminal 21, the center 39 extracts the write data M1 from the list, finds key data MMMMM from its own key list by using the corresponding key data number KID-M, and generates verification data AC1X on the basis of corresponding random number data R1 and encryption algorithm ALG in its own transaction list.
In step 87, the center 39 compares corresponding verification data AC1 in its own list with the verification data AC1X generated in step 85. If they coincide with each other, the center 39 verifies the write operation for the write data M1.
Write operations for data after the write data M2 are verified in the same manner as in steps 85 and 87.
An operation of the IC card will be described with reference to Figs. 4A through 4G.
After the CPU 11 is electrically activated by a control signal from the terminal 21, it outputs initial response data called "answer to reset" to the terminal 21 in step 91. In step 93, the CPU 11 turns off a certificate preparation command completion flag and an encryption preparation command completion flag, and is set in a standby state in step 95.
If the CPU 11 receives instruction data in step 95, it checks in step 97 whether the instruction data is the certificate preparation command EXCH shown in Fig. 5.
If NO ill step 97, the flow advances to step 131.
If YES in step 97, the CPU 11 picks up the contents of a key data number (KID) field in the certificate preparation command and finds an identical key data number from the key list registered in the memory 3 in step 99.
If the key data number is not found in step 101, the CPU 11 outputs a key data designation error status in step 103, and returns to the standby state. If the key data number is found, the CPU 11 saves corresponding key data in a first key buffer in the internal RAM in step 105.
In step 107, the CPU 11 refers to an encryption algorithm designation data ALG field in the certificate preparation command so as to check the presence/absence of an encryption algorithm resistered in the memory. If the CPU determines in step 109 that no registered encryption algorithm is present, the CPU 11 outputs a designated algorithm error status in step 111 and returns to the standby state in step 95.
If YES in step 109, the CPU 11 saves the number of the encryption algorithm in step 113.
In step 115, the CPU 11 saves the random number R1 of the certificate preparation command, and subsequently finds a key data number KIDa of IC card certificate key data from the key list. If the key data number is not found in step 119, the CPU 11 outputs a key data unregistered error status in step 121 and returns to the standby status. If the key data number is found in step 119, the CPU 11 saves corresponding key data in a second key buffer in the internal RAM in step 123.
In step 125, the CPU 11 generates random number data R2 by using the random number generator 5 and saves it in a second random number buffer in the internal RAM.
In step 127, the CPU 11 turns on the certificate preparation command completion flag. In step 129, the CPU 11 outputs the random number data R2, as a response exch to the certificate preparation command, to the terminal 21 together with the key data number KIDa and the contents of the encryption algorithm designation data ALG field in the certificate preparation command. The CPU 11 then returns to the standby state in step 95.
If NO in step 97, the CPU 11 checks in step 131 whether the command is the certificate command AUTH shown in Fig. 6. If NO in step 131, the flow advances to step 151.
If YES in step 131, the CPU 11 checks in step 133 whether the certificate preparation command completion flag is turned on. If NO in step 133, the CPU 11 outputs an execution condition incompletion error status in step 135, and returns to the standby state in step 95.
If YES in step 133, the CPU 11 causes the encrypter 7 to encrypt the contents of the second random number buffer by using the contents of the second key buffer as encryption key data in step 137. In this case, an encryption algorithm corresponding to the saved encryption algorithm number is used.
In step 139, the CPU 11 compares the encryption result with input data in the certificate command AUTH, and turns on or off a coincidence flag in accordance with the comparison result in step 141 or 145.
In step 147, the CPU 11 causes the encrypter 7 to encrypt the contents of the first random number buffer by using the contents of the first key buffer as encryption key data. In this case, the same encryption algorithm as in step 137 is used. In step 149, the CPU 11 outputs the encryption result, as a response auth to the certificate command AUTH, to the terminal 21 together with the contents of the coincidence flag, and returns to the standby state in step 95.
If NO in step 131, the CPU 11 checks in step 151 whether the command is the encryption preparation command SRND shown in Fig. 7. If NO in step 151, the flow advances to step 175.
If YES in step 151, the CPU 11 picks up the contents of a key data number (KID) field in the encryption preparation command and finds an identical key data number from the key list registered in the memory 3 in step 153.
If the key data number is not found in step 155, the CPU 11 outputs a key data resignation error status in step 157, and returns to the standby state. If the key data number is found in step 155, the CPU 11 saves corresponding key data in the first key buffer in the internal RAM in step 159.
In step 161, the CPU 11 refers to an encryption algorithm designation data (ALG) field in the encryption preparation command so as to check the presence/absence of an encryption algorithm registered in the memory. If the CPU determines in step 163 that no registered encryption algorithm is present, it outputs a designated algorithm error status in step 165, and returns to the standby state. If the CPU determines in step 163 that a registered encryption algorithm is present, it saves the number of the encryption algorithm in step 167.
In step 169, the CPU 11 saves the random number data R3 of the encryption preparation command in the first random number buffer in the internal RAM. In step 171, the CPU 11 turns on the encryption preparation command completion flag. In step 173, the CPU 11 outputs an encryption preparation command completion status to the terminal 21, and returns to the standby state in step 95.
If NO in step 151, the CPU 11 checks in step 175 whether the command is the write command WRITE shown in Fig. 8A or 8B. If NO in step 175, the CPU 11 checks whether the command is, e.g., a read command, and advances to a corresponding step. If SES in step 175, the CPU 11 checks in step 177 whether the write command has a format shown in Fig. 8A or 8B. If it has the format shown in Fig. 8A, the CPU 11 refers to the certificate preparation command completion flag or the encryption preparation command completion flag in step 179. The CPU 11 then checks in step 181 whether any one of the flags is turned on. If NO in step 181, the CPU 11 outputs a condition incompletion status in step 183, and returns to the standby state.If YES in step 181, the CPU 11 saves the contents of the data portion of the write command in a second write buffer of the RAM in step 185.
If it is determined in step 177 that the write command has the format shown in Fig. 8B, the CPU 11 checks in step 187 whether a write command continuation flag held therein is ON. If NO in step 187, the CPU 11 outputs a request error status in step 189, and returns to the standby state in step 95. If YES in step 187, the CPU 11 appends the contents (input data) of the data portion of the write command to the contents of a data save buffer in the internal RAM and saves it in the second write buffer in the internal RAM in step 191.
In step 193, the CPU 11 saves only the contents (input data) of the data portion of the write command in a first write buffer in the internal RAM.
In step 195, the CPU 11 checks whether succeeding data to be written is present in the input data sent using the write command shown in Fig. 8A or 8B. If YES in step 195, the CPU 11 turns on a continuation flag in step 197. If NO in step 195, the CPU 11 turns off the continuation flag in step 199.
In step 201, the CPU 11 checks whether the number of bytes in the second write buffer in the internal RAM is, e.g., a multiple of 8. If YES in step 201, the flow shifts to step 213. If NO in step 201, the CPU 11 performs padding processing for the data in the second write buffer in the internal RAM (for example, appending "20" Hex data to the end of the data) so as to generate data corresponding to a multiple of 8 in step 205, and the flow shifts to step 213.
If YES in step 203, the CPU 11 leaves data corresponding to a multiple of 8 and saves the rest of the data in the data save buffer in the internal RAM in step 209. That is, if 18-byte data is present in the second write buffer, only 16-byte data is left while the remaining 2-byte data is saved in the data save buffer.
If it is determined in step 209 that the second write buffer in the internal RAM is empty, the flow shifts to step 213.
If the second write buffer in the internal RAM is empty (for example, if 7-byte data is stored in the second write buffer, all the data in the buffer is transferred to the data save buffer. As result, the second write buffer becomes empty) in step 209, the CU 11 checks in step 211 whether the currently accessed area is to be encrypted during a write operation. If NO in step 211, the flow advances to step 215. If YES in step 211, the flow advances to step 213.
In step 213, the CPU 11 causes the encrypter 7 to encrypt the data in the second write buffer in the internal RAM in accordance with the CBC mode. If the continuation flag is OFF in this case, a value obtained by an exclusive OR of the contents of the first random number buffer in the internal RAM with the card unique value is used as an initial value for the encryption operation using the CBC mode. If the continuation flag is ON, the last 8-byte data of the data encrypted in the previous write operation is used as an initial value.
In addition, in this case, the contents of the first key buffer are used as key data, and an encryption algorithm is selectively used in accordance with a held encryption algorithm number. When this processing is completed, the flow advances to step 215.
In step 215, the CPU 11 checks whether the continuation flag is ON. If NO in step 215, the CPU 11 checks in step 217 whether the access target area is an area to be encrypted. If NO in step 217, the CPU 11 appends a byte count LX of the write data in the write command to the contents of the first write buffer in the internal RAM and writes it in the access target area in the memory 3 in step 219. If YES in step 217, the CPU 11 sets the minimum value of a multiple of 8 larger than the byte count LX of the write data as a value LXa, and writes it in the target area by appending it to the contents in the second write buffer in step 221.
If YES in step 215, the CPU 11 checks in step 223 whether the access target area is an area to be encrypted. If NO in step 223, the CPU 11 writes the contents of the first write buffer of the internal RAM in the target area by appending it to the previouslywritten data in step 225. If YES in step 223, the CPU 11 writes the contents of the second write buffer of the internal RAM in the access target area in the same manner as described above in step 227.
After the data is written, the CPU 11 checks in step 229 whether the continuation flag is ON. If YES in step 229, the CPU 11 turns on the continuation flag and outputs a response nb in step 231, and returns to the standby state. If NO in step 229, the CPU 11 outputs the last 8-byte of the contents of the second write buffer in the internal RAM and turns off the continuation flag in step 233, and returns to the standby state.
In this manner, one key data and one encryption algorithm of a plurality of key data and a plurality of encryption algorithms held in the IC card are designated by the terminal, and data to be written is encrypted by using the designated key data and encryption algorithm.
Therefore, even if the IC card is used in a plurality of applications, verification key data and encryption algorithms can be selectively used for the respective applications, and security between the applications can be ensured.
Note that the random number data R1 and R3 to be transmitted from the terminal 21 to the IC card 1 may have the same contents in each operation. However, if they are changed in each operation, different encrypted data are output as long as write operations are performed at different points of time, even if identical write data, key data, and encryption algorithms are used. Hence, verification of data is facilitated.
In this case, if, for example, a clock circuit is arranged in the terminal 21, and random number data R1 and R3 are generated by using time data generated by the clock circuit, different data can be easily obtained in each operation.

Claims (10)

Claims:
1. A certification system including a first electronic device having at least one key data, and a second electronic device capable of performing communication with said first electronic device, characterized by comprising: means for transmitting first data and designation data for designating key data for encrypting the first data from said second electronic device to said first electronic device; means for, when the first data and the designation data are received by said first electronic device, selecting one key data from the at least one key data in accordance with the received designation data, and encrypting the received first data by using the selected key data; and means for transmitting part of the encrypted data to said second electronic device after the first data is entirely received by said first electronic device.
2. A system according to claim 1, further comprising: at least one buffer memory; and means for storing the first data received by said buffer memory.
3. A system according to claim 1, wherein said first electronic device further comprises at least one encryption algorithm, said means for transmitting the designation data transmits first data, key data for encrypting the first data, and designation data for designating an encryption algorithm from said second electronic device to said first electronic device, and said means for encrypting the first data selects one key data and one encryption algorithm from the at least one key data and the at least one encryption algorithm in accordance with the received designation data, and encrypts the received first data by using the selected key data and encryption algorithm.
4. A system according to claim 3, further comprising means for transmitting first data and second data whose contents vary in each operation from said second electronic device to said first electronic device, said means for encrypting the first data encrypting the first data by using the second data, the key data, and the encryption algorithm.
5. A system according to claim 3, further comprising: means for transmitting data encrypted by said means for encrypting the first data to said second electronic device; means for verifying said first electronic device on the basis of contents of the encrypted data when the encrypted data is received by said second electronic device; means for transmitting the second data from said second electronic device to said first electronic device; means for transmitting the second data from said second electronic device to said first electronic device; means for, when the second data is received by said first electronic device, encrypting the received second data by using the key data and encryption algorithm selected on the basis of the designation data; and means for transmitting part of the encrypted second data from said first electronic device to said second electronic device.
6. A system according to any one of claims 1 to 5, wherein the key data is selected in accordance with an application.
7. A system according to any one of claims 1 to 6, wherein said second electronic device comprises random number generating means for generating the first data.
8. A system according to any one of claims 1 to 7, wherein said second electronic device having at least one key data and at least one encryption algorithm.
9. A system according to any one of claims 1 to 8, characterized by further comprising, means for encrypting the first data by using the key data and encryption algorithm included in the second electronic device; and means for comparing the data encrypted by said first device with the data encrypted by said second device.
10. A certification system, substantially as hereinbefore described with reference to the accompanying drawings.
GB8929239A 1989-01-17 1989-12-28 Certification system Expired - Lifetime GB2227111B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP1008011A JPH02187785A (en) 1989-01-17 1989-01-17 Authenticating system
JP1008010A JPH02187888A (en) 1989-01-17 1989-01-17 Certification system

Publications (3)

Publication Number Publication Date
GB8929239D0 GB8929239D0 (en) 1990-02-28
GB2227111A true GB2227111A (en) 1990-07-18
GB2227111B GB2227111B (en) 1993-05-19

Family

ID=26342425

Family Applications (1)

Application Number Title Priority Date Filing Date
GB8929239A Expired - Lifetime GB2227111B (en) 1989-01-17 1989-12-28 Certification system

Country Status (4)

Country Link
KR (1) KR900012179A (en)
FR (1) FR2641885A1 (en)
GB (1) GB2227111B (en)
HK (1) HK1003129A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2253291A (en) * 1991-02-26 1992-09-02 Kevin Bell Signalling apparatus
EP0548967A2 (en) * 1991-12-24 1993-06-30 GAO Gesellschaft für Automation und Organisation mbH Data exchange system with authentification status check
EP0552392A1 (en) * 1992-01-22 1993-07-28 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method for mutual authentification of an IC-card and a terminal
EP0670646A1 (en) * 1994-03-01 1995-09-06 Deutsche Bundespost Telekom Mutual authentication method
US5679984A (en) * 1994-02-17 1997-10-21 Rover Group Limited Vehicle security system
WO1998039745A3 (en) * 1997-03-06 1999-01-14 Deutsche Telekom Ag Portable data carrier and method for cryptographically secure use thereof with interchangeable keys
FR2780797A1 (en) * 1998-07-03 2000-01-07 Gerard Bonnet Method of user authentication for banking, payment or access control
WO2001045056A1 (en) * 1999-12-17 2001-06-21 Chantilley Corporation Limited Secure transaction systems
EP1172776A2 (en) * 2000-07-15 2002-01-16 ED Vision (Holdings) Limited Interactive authentication process
WO2002021469A2 (en) * 2000-09-05 2002-03-14 Ed Vision (Holdings) Limited Interactive authentication process
GB2368948A (en) * 2000-06-16 2002-05-15 Canon Kk Smart card authentication
EP1223565A1 (en) * 2001-01-12 2002-07-17 Motorola, Inc. Transaction system, portable device, terminal and methods of transaction
EP1898370A2 (en) * 2006-09-11 2008-03-12 Matsushita Electric Industrial Co., Ltd. IC card, and access control method
US7353211B2 (en) * 1999-12-07 2008-04-01 Robert Bosch Gmbh Method for encrypting data and a telecommunications terminal and access authorization card

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2841021B1 (en) * 2002-06-13 2004-12-24 Systemig Sa MONITORING AND / OR MONITORING DEVICE USING AN ELECTRONIC LABEL, A READER AND A STATUS ENCODER
KR100821080B1 (en) * 2006-09-21 2008-04-08 에스케이 텔레콤주식회사 Securities, and Methods for Manufacturing and Examining the Same
KR100833507B1 (en) * 2006-12-06 2008-05-29 한국전자통신연구원 Method for setting and changing key in rfid tag using communication media

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0119707A1 (en) * 1983-02-22 1984-09-26 BRITISH TELECOMMUNICATIONS public limited company Automatic verification

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2497617B1 (en) * 1981-01-07 1989-08-18 Transac Develop Transactions A SECURITY METHOD AND DEVICE FOR TRIPARTITY COMMUNICATION OF CONFIDENTIAL DATA
EP0246823A3 (en) * 1986-05-22 1989-10-04 Racal-Guardata Limited Data communication systems and methods
FR2600189B1 (en) * 1986-06-16 1991-02-01 Bull Cp8 PROCESS FOR AUTHENTICATING BY AN EXTERNAL ENVIRONMENT A PORTABLE OBJECT SUCH AS A MEMORY CARD COUPLED TO THIS ENVIRONMENT
ES2046222T3 (en) * 1987-03-04 1994-02-01 Siemens Nixdorf Informationssysteme Ag DATA EXCHANGE SYSTEM WITH SEVERAL USER TERMINALS THAT CONTAIN, RESPECTIVELY, A CHIP CARD READING FACILITY.

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0119707A1 (en) * 1983-02-22 1984-09-26 BRITISH TELECOMMUNICATIONS public limited company Automatic verification

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2253291A (en) * 1991-02-26 1992-09-02 Kevin Bell Signalling apparatus
GB2253291B (en) * 1991-02-26 1994-08-17 Kevin Bell Signalling apparatus
EP0548967A2 (en) * 1991-12-24 1993-06-30 GAO Gesellschaft für Automation und Organisation mbH Data exchange system with authentification status check
EP0548967A3 (en) * 1991-12-24 1996-01-31 Gao Ges Automation Org Data exchange system with authentification status check
EP0552392A1 (en) * 1992-01-22 1993-07-28 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method for mutual authentification of an IC-card and a terminal
US5679984A (en) * 1994-02-17 1997-10-21 Rover Group Limited Vehicle security system
EP0670646A1 (en) * 1994-03-01 1995-09-06 Deutsche Bundespost Telekom Mutual authentication method
WO1998039745A3 (en) * 1997-03-06 1999-01-14 Deutsche Telekom Ag Portable data carrier and method for cryptographically secure use thereof with interchangeable keys
FR2780797A1 (en) * 1998-07-03 2000-01-07 Gerard Bonnet Method of user authentication for banking, payment or access control
US7353211B2 (en) * 1999-12-07 2008-04-01 Robert Bosch Gmbh Method for encrypting data and a telecommunications terminal and access authorization card
WO2001045056A1 (en) * 1999-12-17 2001-06-21 Chantilley Corporation Limited Secure transaction systems
GB2368948A (en) * 2000-06-16 2002-05-15 Canon Kk Smart card authentication
EP1172776A2 (en) * 2000-07-15 2002-01-16 ED Vision (Holdings) Limited Interactive authentication process
EP1172776A3 (en) * 2000-07-15 2002-10-16 ED Vision (Holdings) Limited Interactive authentication process
WO2002021469A2 (en) * 2000-09-05 2002-03-14 Ed Vision (Holdings) Limited Interactive authentication process
WO2002021469A3 (en) * 2000-09-05 2002-11-28 Ed Vision Holdings Ltd Interactive authentication process
EP1223565A1 (en) * 2001-01-12 2002-07-17 Motorola, Inc. Transaction system, portable device, terminal and methods of transaction
EP1898370A2 (en) * 2006-09-11 2008-03-12 Matsushita Electric Industrial Co., Ltd. IC card, and access control method
EP1898370A3 (en) * 2006-09-11 2009-09-02 Panasonic Corporation IC card, and access control method

Also Published As

Publication number Publication date
GB8929239D0 (en) 1990-02-28
FR2641885A1 (en) 1990-07-20
HK1003129A1 (en) 1998-10-09
GB2227111B (en) 1993-05-19
FR2641885B1 (en) 1995-01-27
KR900012179A (en) 1990-08-03

Similar Documents

Publication Publication Date Title
US5293029A (en) System for mutually certifying an IC card and an IC card terminal
GB2227111A (en) Certification system
US7469339B2 (en) Secure multiple application card system and process
US6659354B2 (en) Secure multi-application IC card system having selective loading and deleting capability
US7469837B2 (en) Storage device
JPH04143881A (en) Mutual authenticating system
US6182205B1 (en) Microcomputer PC-cards
JPH0259940A (en) Portable electronic device
JPH08212066A (en) Loading method to protection memory area of information processor and apparatus related to it
EP0985203A1 (en) Key transformation unit for an ic card
EP0981807A2 (en) Integrated circuit card with application history list
JPS63201748A (en) Portable electronic equipment
EP1053536B1 (en) System and method for controlling access to computer code in an ic card
JP2003123032A (en) Ic card terminal and individual authentication method
JPH02187888A (en) Certification system
US7296289B2 (en) Setting or changing an access condition for an access management apparatus and method of a portable electronic device
JPS60160492A (en) Ic card
JP2856415B2 (en) Portable electronic devices
JPH09179949A (en) Portable information recording medium and its reader/ writer device
JPS63184853A (en) Portable electronic apparatus
JP4899499B2 (en) IC card issuing method, IC card issuing system, and IC card
JP4397437B2 (en) IC card
JPH02187785A (en) Authenticating system
JPS63211046A (en) Portable electronic equipment
JPH03224083A (en) Portable electronic device

Legal Events

Date Code Title Description
PE20 Patent expired after termination of 20 years

Expiry date: 20091227