JP2005078165A - Ic card, authentication server, and password alteration method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the risk that a password of an IC card is stolen. <P>SOLUTION: An original password and an alteration rule for the password are stored in the IC card 100. The alteration rule is written to the IC card 100 from an IC card terminal such as a cellular phone 102 or the like. The IC card 100 receives data on dates and information on the accumulated number of times of the utilization, and alters the original password based on the alteration rule to generate a new password. When receiving an authentication password from an IC card terminal such as an IC card reader/writer 110, the IC card 100 checks the authentication password with the password thus generated to execute authentication processing. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a technique for changing a password of a contact IC card or a non-contact IC card.

  Conventionally, magnetic cards have been mainly used as cash cards and credit cards. However, in order to cope with the diversification of services in recent years, it is considered to convert these cards into IC cards.

  In general, the IC card stores a password and an authentication program in an internal memory. When using the card, the password entered from the IC card reader / writer such as a bank terminal is checked against the internal password. Since this verification process is executed in the IC card, the personal identification number stored in the IC card is not output to the outside, and it is said that it is excellent in terms of security.

  By the way, the password cannot be changed in principle after it is set when the IC card is issued. However, in order to further increase the security of the personal identification number, it is desirable to change the personal identification number frequently.

Conventionally, with respect to authentication processing for magnetic type cash cards and authentication processing for enjoying network services of personal computer communication, a technique for automatically creating a personal identification number periodically in a host computer on the network has been proposed. (For example, patent document 1).
JP-A-6-266671.

  In the above-described prior art, the personal identification number is created by substituting the date and time data into the password arithmetic expression in the host computer.

  Here, it is considered to apply the above-described conventional technology to an IC card. Of course, the technique considered here is not a known technique. In this examination technique, the new password created by the host computer is received by the IC card reader via the network, and the regular password is written on the IC card by the IC card reader / writer. This means that a regular password is transmitted over the network, and it cannot be said that the security is high. In other words, in order to further increase security, the IC card keeps the legitimate PIN number in the IC card and executes the verification process. However, in the study technology, the legitimate PIN number is also distributed outside the IC card. Security will be reduced in terms of

  Further, in the conventional technology and the study technology, a host computer is essential, but there is a problem that the password cannot be changed if the card reader / writer is in an offline state, such as when the communication line is down.

  Therefore, an object of the present invention is to solve at least one of these problems.

  An object of the present invention is to provide an IC card or the like that solves at least one of the problems described above. In the IC card, a password change program is stored in the card, and the password is changed in the card.

  The IC card of the present invention includes, for example, a password storage unit that stores an original password for restricting operations related to the card application of the IC card, and information on the year, information on the month, information on the day from the IC card terminal, A receiving unit that receives at least one of the time-related information, a change control unit that changes a part or all of the original password using the received information, an authentication password input from the IC card terminal, An authentication unit that compares the password after the change and executes an authentication process.

  According to the present invention, since the password is appropriately changed in the IC card, the possibility of the password being broken can be reduced. Further, even if the card reader / writer is in an offline state with respect to the host computer, there is an advantage that the password can be changed if the power can be supplied to the IC card.

  An embodiment of the present invention is shown below. Of course, the following embodiments are merely subordinate concepts of the present invention disclosed as a superordinate concept. That is, the following embodiments are only a part of the embodiments included in the technical scope of the present invention defined by the claims. Therefore, if the invention is a superordinate concept disclosed in the specification or drawings of the present application and has the same technical idea as the invention described in the claims, it is directly described in the present specification or drawings. Even embodiments that are not included are included in the technical scope of the present invention.

  In addition, about the invention of the low-order concept described in the following embodiment, all are not necessarily described in the claim. However, it should be understood that this is not intentionally excluded from the technical scope of the patented invention, but is not described in the scope of claims because it is equivalent to the patented invention.

  FIG. 1 is a diagram showing an example of an IC card system according to the present embodiment. IC card 100 is an original IC card, cash card function, electronic money function, credit card function, debit card function, airline mileage card function, commuter pass function such as railway / bus company, ETC (road toll) Automatic collection system) It has at least one of a card function, a point card function, and an identification card (employee card etc.) function. Note that data and application programs for realizing each function are stored in a nonvolatile storage device such as an EEPROM.

  The mobile phone 102 is a mobile terminal with an IC card reader / writer function. The PC 103 also includes an IC card reader / writer.

  The IC card reader / writer 110 is an IC card terminal for communicating with the IC card 100 to write or read data. The IC card reader / writer 110 may be disposed in each store as a single device, or may be incorporated in a store cash register, a ticket gate device, or the like.

  The ATM terminal 112 is an IC card terminal having an IC card reader / writer function. Here, devices having an IC card reader function, an IC card writer function, or an IC card reader / writer function are collectively referred to as an IC card terminal.

  The IC card server 120 is, for example, a computer that creates a password instead of the IC card and executes authentication processing when an IC card having a magnetic stripe is used in a magnetic card reader.

  FIG. 2 is a block diagram of the IC card according to the present embodiment. The CPU 201 is a central processing unit that controls each unit in the IC card 100 according to a control program. For example, the control program includes programs such as a change rule setting process and a password generation process according to a flowchart described later. The RAM 202 is a storage device that stores a work area and various data necessary when executing the control program. The mask ROM 203 is a storage device for storing a control program and various data. The EEPROM 204 is a rewritable storage device that stores an original password 211 set when the IC card is issued, an original password change rule 212, and a change application program for performing password change processing. The EEPROM 204 may also store the number of uses for each card application within a predetermined period (for example, the past week, today 1 day, today's morning, today's afternoon, etc.). Note that the EEPROM 204 may be replaced with a flash memory or the like. The communication interface 207 is a communication (card) interface for communicating with the IC card terminal 110 or the like. The communication IF 207 is equipped with at least one of a non-contact type interface and a contact type interface.

  Although not shown in the figure, a magnetic stripe (magnetic medium) storing the card ID may be provided.

  FIG. 3 is a block diagram of the IC card reader / writer according to the present embodiment. The CPU 301 is a central processing unit that executes control based on a computer program stored in the ROM 303. For example, as a control program, date / time data is acquired from the real-time clock (RTC) 310 and transferred to the IC card 100, a change rule input from the operation unit 305 is transferred to the IC card, or the change rule is stored in the card. A program for transferring to the server 120 is provided. The RAM 302 is a volatile storage device that stores data and the like. The ROM 303 is a non-rewritable mask ROM. The EEPROM 309 is a rewritable storage device. The display device 304 is a display that displays a result of communication with the IC card 100, point occurrence reason information, and the like. The operation unit 305 is an input device such as a touch panel device or a numeric keypad. The communication interface 307 is a communication circuit for connecting to the server 120 or the like. The card (communication) interface 308 reads data from a magnetic stripe mounted on the IC card 100, reads data from a magnetic card device for writing data to the magnetic stripe, a connection IC card connection terminal, At least one of a contact-type reader / writer device for writing and a non-contact-type reader / writer device for performing wireless communication with a non-contact type IC card to read and write data is mounted. The RTC 310 is a so-called real time clock.

  The IC card terminal 110 may be integrated with an accounting apparatus such as a POS (store point-of-sale information management) system. The IC card terminal 110 may be a local IC card system including a plurality of card reader / writer devices and a host device, for example. In this case, communication with various settlement servers will be executed via the host device.

  FIG. 4 is an exemplary block diagram of the card server according to the present embodiment. The CPU 401 is a central processing unit that executes control based on a computer program (eg, password change application program 413) stored in the ROM 403 or the hard disk drive 408. The RAM 402 is a volatile storage device that stores data and the like. The ROM 403 is a storage device such as a non-rewritable mask ROM or a rewritable EEPROM. The display device 404 is a display that displays various types of information. The operation unit 405 is an input device such as a keyboard or a pointing device. The communication interface 407 is a communication circuit for connecting to the IC card terminal 110, the ATM terminal 112, and the like. The hard disk drive 408 includes a password database 411 in which original passwords for each IC card are registered, a rule database 412 in which password change rules for each IC card are registered, computer programs necessary for authentication processing, and original passwords and change rules. This is a storage device that stores a password generation (change) program 413 and the like for generating (changing) a password based on the password.

  FIG. 5 is an exemplary flowchart relating to a password change rule setting process in the IC card of this embodiment.

  In step S <b> 500, the CPU 201 of the IC card 100 controls the card interface 207 to establish a communication line with the IC card terminal 110. The communication line may be a wireless line by a contactless card interface or a wired line by a contact card interface connector.

  In step S <b> 502, the CPU 201 activates the password change application 213. For example, the CPU 301 of the IC card terminal 110 reads card application information included in the IC card 100 from the IC card 100 and displays the read information on the display device 304. The user visually recognizes that a plurality of card applications can be selected, and operates the operation unit 305 to select a card application to be actually executed from among the card applications. The CPU 301 transmits an activation command for the selected card application to the IC card 100 based on the selection information input from the operation unit 305. When receiving the activation command via the card interface 207, the CPU 201 of the IC card 100 activates the card application according to the activation command.

  In step S504, the CPU 201 reads password change screen information (eg, information created by HTML, XML, etc.) from the EEPROM 204, and controls the card interface 207 to transmit it to the IC card terminal 110.

  The CPU 301 of the IC card terminal 110 receives the change screen information through the card interface 308 and causes the display device 304 to display the change screen using a display program (eg, a WEB browser program). The user operates the operation unit 305 to specify a change rule. An example of a change screen is shown on the display device of the mobile phone 102 in FIG. For example, a change rule is created in which the first digit of a four-digit password is changed with the first digit when the card is used. The CPU 301 transmits the change rule input from the operation unit 305 to the IC card 100.

Examples of change rules include the following:
a) Specify the digit to be changed in the password and replace the specified digit with the first digit of the year in the date / time data on the card usage date (for example, “1234” for the original password and the last three digits for the specified password) (If the card usage year is “2003”, it is “1” 3 ”34”.)
b) Specify the digit to be changed in the password, and replace the specified digit with the first digit of the month in the date / time data of the card usage date
c) Specify the digit to be changed in the password, and replace the specified digit with the first digit of the day in the date / time data of the card usage date
d) Specify the digit to be changed in the password, and replace the specified digit with the first digit calculated from the date / time data of the card usage date as a parameter (for example, year data X month data)
e) Specifying the digit to be changed in the password, replacing the specified digit with the cumulative number of times the card has been used on the same day. Note that these are just examples, and multiple digits may be replaced at one time or other replacements. It goes without saying that a method may be adopted, but a replacement method that is easy to understand and usable for a card user and is difficult to forget will be preferable.

  In step S506, the CPU 201 receives the change rule from the IC card terminal 110. This process can be thought of as a change rule input process.

  In step S <b> 508, the CPU 201 stores the received change rule in the EEPROM 204. The following steps are optional for the magnetic card reader and are not essential.

  In step S <b> 510, the CPU 201 determines whether or not communication with the card server 120 is possible via the IC card terminal 110. For example, the IC card terminal 110 is inquired whether it can communicate with the card server 120, and if the IC card terminal 110 succeeds in the communication attempt of the card server 120, information indicating that communication is possible is returned to the IC card 100. Thereby, the CPU 201 of the IC card 100 can determine whether or not the card server 120 is online connected to the IC card terminal 110. If communication is possible, the process proceeds to step S512, and if communication is not possible, the process proceeds to step S514.

  In step S <b> 512, the CPU 201 transmits a card ID, a change rule, and a transmission command for the change rule to the IC card terminal 110. When receiving the card ID, the change rule, and the transmission command, the CPU 301 of the IC card terminal 110 controls the communication interface 307 and transmits the change rule and the card ID to the card server 120. When receiving the card ID and the change rule via the communication interface 407, the CPU 401 of the card server 120 associates them with each other and registers them in the rule database 412.

  In step S <b> 514, the CPU 201 stores post-transmission reservation information in the EEPROM 204 to transmit the change rule via the IC card terminal 110 when connected to the IC card terminal 110 that can communicate with the card server 120. Thereafter, every time the CPU 201 is connected to another IC card terminal, the CPU 201 determines whether or not the post-transmission reservation information is stored in the EEPROM 204, and if it is stored, tries the post-transmission of the change rule. If the post-transmission is successful, the CPU 201 deletes the post-transmission reservation information.

  In this way, a password change rule (which can be considered as an automatic password creation rule) is created and registered in the IC card 100 or the card server 120.

  FIG. 6 is an exemplary flowchart regarding password authentication processing according to the present embodiment.

  In step S600, when power is supplied from the IC card terminal 110, the CPU 201 establishes a communication line with the IC card terminal 110.

  In step S602, the CPU 201 activates a card application. Which card application is activated follows the activation command from the IC card terminal 110 as described above.

  In step S <b> 604, the CPU 201 reads the change rule 212 from the EEPROM 204.

  In step S <b> 606, the CPU 201 transmits a date / time data transmission request to the IC card terminal 110 and receives date / time data from the IC card terminal 110. In addition, about step S604 and step S606, whichever is the execution order, there is no problem. The CPU 201 may determine whether or not the read change rule requires date and time data, and may execute step S606 only when determining that it is necessary. Further, when the cumulative use count information is necessary, it is read from the EEPROM 204.

  In step S608, the CPU 201 generates a password based on the read change rule and the received date / time data, usage count information, and the like.

  In step S <b> 610, the CPU 201 receives an authentication password from the IC card terminal 110. The authentication password is input from the operation unit 305 of the IC card terminal 110.

  In step S612, the CPU 201 determines whether or not the received authentication password matches the generated password. If they match, the process proceeds to step S616, and if they do not match, the process proceeds to step S614.

  In step S614, the CPU 201 transmits information indicating an authentication failure to the IC card terminal 110.

  In step S616, the CPU 201 transmits information indicating a successful authentication to the IC card terminal 110.

  In step S618, the CPU 201 determines whether the processing by the card application has been completed. For example, when a process end command is received from the IC card terminal 110, it is determined that the process by the card application has ended.

  According to the present embodiment, by setting a password change rule in the IC card 100, a password is generated every time the card application is used, so that the risk associated with using a fixed password can be reduced. .

  Further, if date and time data is used as a password change rule, there is an advantage that a change rule that is relatively easy for a user to remember can be created.

  In the present embodiment, since a regular password is not generated in the IC card and transmitted to the outside, the risk of leakage on the network can be reduced.

  Further, in the present embodiment, the regular password cannot be specified only by the change rule (that is, the regular password cannot be specified unless both the original password and the change rule are prepared). Even if it is transferred to the card server 120, there is little risk that the password will be broken immediately. This means that there is very little security risk compared to sending the legitimate password itself over the network.

  By the way, when the IC card 100 according to the present embodiment is used in a magnetic card reader, password change / creation processing cannot be executed in the IC card 100, and naturally authentication processing cannot be executed.

  Therefore, in this embodiment, by registering the change rule in the card server 120, the card server 120 executes the authentication process in the magnetic card reader on behalf of the card server 120.

  FIG. 7 is an exemplary sequence diagram and flowchart of authentication processing using the card server according to the present embodiment. The magnetic card reader is substantially the same as the configuration of FIG. 3 except that only a magnetic reader is provided as a card interface.

  In step S700, the CPU 301 of the magnetic card reader reads the magnetic stripe of the IC card 100 with the magnetic head. Since the card ID is recorded in the magnetic stripe, at least the card ID can be acquired.

  In step S <b> 702, the CPU 301 of the magnetic card reader controls the communication interface 307 to transmit the card ID to the card server 120. The CPU 401 of the card server 120 controls the communication interface 407 and receives the card ID.

  In step S <b> 704, the CPU 401 searches and extracts the change rule corresponding to the received card ID from the rule database 412.

  In step S <b> 706, the CPU 301 of the magnetic card reader acquires date / time data from the RTC 310.

  In step S <b> 708, the CPU 301 transmits the acquired date / time data to the card server 120. Note that the CPU 401 of the card server 120 may use date / time data acquired from a real-time clock in the card server.

  In step S710, the CPU 401 reads the original password corresponding to the card ID from the password database 411, applies it to the change rule together with the date / time data, and creates a password. The change rule reading process, the date / time data reading process, and the original password reading process may be performed in any order as long as they are executed before the password generation process.

  In step S <b> 712, the CPU 301 inputs an authentication password from the operation unit 305.

  In step S <b> 714, the CPU 301 controls the communication interface 307 to transmit the input authentication password to the card server 120. The CPU 401 of the card server 120 receives the authentication password via the communication interface 407 and stores it in the RAM 402.

  In step S716, the CPU 401 executes an authentication process based on the received authentication password and the generated password. Specifically, processing substantially similar to steps S612 to S618 is executed.

  In step S718, the CPU 401 transmits the authentication result to the magnetic card reader.

  According to this embodiment, by registering the change rule set in the IC card 100 in the card server 120 in advance, when the IC card 100 is used in a magnetic card reader or magnetic card reader / writer, There is an advantage that the card server 120 can execute processing relating to password generation and authentication instead of the card 100.

  In addition, since only the change rule is transmitted on the network and the generated password is not transmitted, it is considered that the security of the password can be enhanced as compared with the conventional case.

  The card server 120 may store in the hard disk drive 408 a database of the cumulative number of uses of each card within a predetermined period. Each time each card is used, each card terminal transmits a card ID to the card server 120, and the CPU 401 of the card server 120 increments the number of uses of the card ID and registers it in the use count database. In this way, there is an advantage that a change rule using the number of uses can be handled.

FIG. 1 is a diagram showing an example of an IC card system according to the present embodiment. FIG. 2 is an exemplary block diagram of the IC card according to the present embodiment. FIG. 3 is an exemplary block diagram of the IC card terminal according to the present embodiment. FIG. 4 is an exemplary block diagram of the card server according to the present embodiment. FIG. 5 is an exemplary flowchart of change rule setting processing according to the present embodiment. FIG. 6 is an exemplary flowchart of password generation processing according to the present embodiment. FIG. 7 is an exemplary flowchart of another password generation process according to the present embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... IC card 102 ... Mobile phone with IC card reader / writer function 103 ... PC with IC card reader / writer function
110: IC card reader / writer 112 ... ATM terminal 120 ... Card server

Claims (11)

An IC card that operates upon receiving power from an IC card terminal,
A password storage unit for storing an original password for restricting operations related to the card application of the IC card;
A receiving unit that receives at least one of information about the year, information about the month, information about the day, and information about the time from the IC card terminal;
A change control unit for changing part or all of the original password using the received information;
An IC card including an authentication unit that performs an authentication process by comparing an authentication password input from the IC card terminal with the changed password. An input unit for inputting a change rule used when changing the original password via the IC card terminal;
A change rule storage unit that stores the input change rule, wherein the change control unit reads the change rule, and changes the original password according to the read change rule. Item 1. The IC card according to Item 1. A usage count storage unit for storing the usage count of the IC card within a predetermined period;
The said change control unit changes the said original password using the frequency | count of use in the said predetermined period instead of the information received from the said IC card terminal, or together with this information. IC card. An authentication server that executes authentication processing instead of the IC card when the authentication processing cannot be executed in the IC card,
A password database for storing the original password of the IC card and the card ID of the IC card in association with each other;
A card ID receiving unit that receives a card ID of the IC card from a magnetic card reader that magnetically reads the IC card having a magnetic stripe in which the card ID is recorded;
A date / time information receiving unit that receives at least one of information about the year, information about the month, information about the day, and information about the time from the magnetic card reader or the internal real-time clock;
A change control unit that reads an original password corresponding to the received card ID, and changes a part or all of the read original password using information received by the date and time information receiving unit;
A password receiving unit for receiving an authentication password input in the magnetic card reader;
A determination unit for determining whether the changed password and the received authentication password match;
An authentication server including a transmission unit that transmits the determination result to the magnetic card reader. A usage count database for storing the usage count within a predetermined period for the IC card;
The change control unit of the authentication server changes the original password by using the number of uses in the predetermined period instead of the information received from the magnetic card reader or the real time clock or together with the information. The authentication server according to claim 4.   The IC card further includes a change rule transmission unit that transmits the change rule to the authentication server via the IC card terminal so that the change rule is used in the authentication server. IC card of description. The authentication server further includes a change rule receiving unit that receives a change rule of the IC card via an IC card terminal,
The authentication server according to claim 4 or 5, wherein the change control unit of the authentication server changes the original password using the received change rule. A password changing method for changing a password of an IC card that operates by receiving power supply from an IC card terminal,
Receiving at least one of information related to the year, information related to the month, information related to the day, and information related to the time from the IC card terminal, and reading an original password for restricting operations related to the card application of the IC card; ,
Changing part or all of the original password using the received information;
A password changing method comprising a step of executing an authentication process by comparing the authentication password input from the IC card terminal with the changed password. A proxy authentication method for executing authentication processing instead of the IC card when the authentication processing cannot be executed in the IC card,
From a magnetic card reader that magnetically reads an IC card having a magnetic stripe in which a card ID is recorded, from the card ID, information about the year, information about the month, information about the day, information about the time, Receiving at least one of the information and an authentication password input in the magnetic card reader;
Reading an original password corresponding to the received card ID from a password database storing the original password of the IC card and the card ID of the IC card in association with each other;
Changing part or all of the read original password using information such as the received date and time;
Determining whether the changed password and the received authentication password match; and
Transmitting the determination result to the magnetic card reader. A card application program for changing a password of an IC card that operates upon receiving power from an IC card terminal,
Receiving at least one of information related to the year, information related to the month, information related to the day, and information related to the time from the IC card terminal, and reading an original password for restricting operations related to the card application of the IC card; ,
Changing part or all of the original password using the received information;
A card application program for causing a computer in an IC card to execute an authentication process by comparing the authentication password input from the IC card terminal with the changed password. A computer program for executing authentication processing instead of the IC card when the authentication processing cannot be executed in the IC card,
From a magnetic card reader that magnetically reads an IC card having a magnetic stripe in which a card ID is recorded, from the card ID, information about the year, information about the month, information about the day, information about the time, Receiving at least one of the information and an authentication password input in the magnetic card reader;
Reading an original password corresponding to the received card ID from a password database storing the original password of the IC card and the card ID of the IC card in association with each other;
Changing part or all of the read original password using information such as the received date and time;
Determining whether the changed password and the received authentication password match; and
A computer program for causing a computer to execute the step of transmitting the determination result to the magnetic card reader.

Images