JP2010262447A - Ic chip, and data reading method or the like - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an IC chip and a data reading method, wherein secrecy of data stored in the IC chip is guaranteed and wherein an IC card issuer side can perform issuance processing without being conscious of contents of the issuance processing. <P>SOLUTION: When a prescribed command is input, this IC chip decrypts the input data by use of a previously stored in-IC chip issuing key 19, and confirms validity of the decrypted issuance data 20. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technical field such as an apparatus and method for ensuring confidentiality of data stored in an IC chip.

  The IC chip incorporated in the IC card stores extremely important information, and various businesses are developed using this information. For example, an IC chip incorporated in an IC card mounted on a portable terminal provided by a company (service provider) that develops a communication service business, for example, an IC chip incorporated in a FOMA (registered trademark) card includes a customer ( User-specific information, for example, telephone number information (telephone number or user certificate, etc.) is stored. Using this information, a customer is specified and various services suitable for the customer are provided. ing.

  In these IC card fields, the process of storing the unique information for each customer in the IC chip is called “issue process”.

  In such issuance processing, there are many cases where security-sensitive information such as customer personal information (secret data) or key information for encrypting the personal information is handled. The above issuance process is performed only at a specific safe place, and a means that does not permit issuance is adopted at other places.

  For example, in the communication service field, first, a company serving as a service provider represents a company that handles IC chip development and manufacturing (a company that handles the above-mentioned issuing processing and software development related to the IC chip in an integrated manner). The request is hereinafter referred to as “IC chip handling company”.

  Upon receiving the request, the IC chip handling company develops software (OS (Operating System), other applications, etc.) mounted on the IC chip according to the specifications desired by the service provider. Then, the IC chip handling company receives the supply of the IC chip storing the software and the like from the IC chip manufacturer, performs the issuing process, and finally delivers it to the service provider.

  Therefore, the person who issues the above (issuer) and the person who provides the IC chip to the customer (including the software developer related to the IC chip that handles the above information) are the same entity (the same company). During the issuance process, information unique to each customer is not handled by an external person (a person other than the same company).

  In this way, the confidentiality of the unique information for each customer is ensured.

  In addition, as a technique for ensuring the confidentiality of customer's personal information, Patent Document 1 obtains an unissued card by reading the IC card manufacturing number and using the manufacturing number as an encryption key. Thus, a technique for preventing illegally creating a card is disclosed.

  In Patent Document 2, based on data received from an IC card issuer, a data generation agency creates write data for the IC card, returns it to the IC card issuer, and based on the returned data, A technique for issuing a card issuer is disclosed.

JP 2000-36015 A JP 2004-21940 A

  In recent years, due to the diversification of IC chips and the like, cases in which an issuer differs from a person who provides IC chips to customers are increasing. In other words, cases in which IC chip handling companies do not perform issuance processing are increasing.

  For example, for an IC chip of a type that cannot be issued by the company (self) (for example, when the company does not have a line for performing issuance processing for the IC chip), for example, outside (service provider, etc.) Therefore, when a purchase request for the IC chip is made, it is necessary to entrust the issuing process to the outside, receive the IC chip on which the issuing process has been performed, and finally ship the IC chip.

  In such a case, the issuer, who is an external person who performs the issue process, is provided with the unique information for each customer that is the object of the issue process, and the issue process is requested. That is, the information unique to each customer is handled by an outsider, and the confidentiality of the customer's personal information is not secured. The above-described technology for ensuring the confidentiality of the customer's personal information cannot avoid such problems.

  In addition, as described above, since the issue process is performed at a place that is beyond the control of the IC chip handling company, it is difficult to grasp the implementation status of the issue process one after another. It was difficult to do.

  Therefore, the present invention has been made in view of the above problems, and an example of the purpose is to ensure the confidentiality of data stored in the IC chip, and the IC card issuer is conscious of the contents of the issuing process. The present invention also provides an IC chip and a data reading method capable of performing the issuance process without lowering the security strength even when the issuance process is executed in a remote place.

  In order to solve the above-described problem, an IC chip according to claim 1 includes an input unit for inputting a predetermined command and encrypted data together, and a decryption key for decrypting the input data. Storage means for storing in advance, decryption means for decrypting the data input using the decryption key when the predetermined command is input, and confirmation means for confirming the validity of the decrypted data; It is characterized by providing.

  According to the present invention, when a predetermined command and encrypted data are input together, the data input using a decryption key stored in advance is decrypted inside the IC chip, and the decrypted The validity of the data can be confirmed.

  Therefore, by confirming the validity within the IC chip, a third party cannot know the mechanism of the validity confirmation. Further, even if the confidentiality of data stored in the IC chip is ensured and the issue processing is executed at a remote location without the IC card issuer being aware of the content of the issue processing, the security strength Issue processing can be performed without a decrease. Then, the execution status of the issuing process can be grasped sequentially, and the issuing process can be managed.

  The IC chip according to claim 2 is the IC chip according to claim 1, wherein when the validity is confirmed by the confirmation unit, a part or all of the decrypted data is converted by a predetermined algorithm. Conversion means for further comprising.

  Therefore, even if the confidentiality of the data stored in the IC chip is further secured, even if the issuing process is executed in a remote place without the IC card issuer being aware of the contents of the issuing process, The issuing process can be performed without a decrease in strength. Then, the execution status of the issuing process can be grasped sequentially, and the issuing process can be managed.

  The IC chip according to claim 3 is the IC chip according to claim 1, wherein the data further includes unique identification information indicating the IC chip, and the storage unit Further stores in advance unique identification information indicating the IC chip, and the confirming unit collates the unique identification information included in the decoded data with the unique identification information stored in advance. To verify the validity of the decrypted data.

  Therefore, it is possible to reliably identify an IC chip to be subjected to the issuing process and perform the issuing process.

  The IC chip according to claim 4 is the IC chip according to any one of claims 1 to 3, wherein the data further includes an error check code, and the confirmation unit further performs the decoding. The validity of the data including the decrypted unique identification information is confirmed using an error check code included in the data.

  Therefore, unauthorized data access (for example, password cracking) to the IC chip can be prevented.

  The IC chip according to claim 5 is the IC chip according to any one of claims 1 to 4, wherein the predetermined command is a single command.

  Therefore, the issue process can be executed only by providing the issuer with the minimum necessary information, and the issuer can execute the issue process without performing a complicated operation.

  The IC chip according to claim 6 is the IC chip according to any one of claims 1 to 5, wherein characters indicating the same contents as the unique identification information are displayed so as to be visible from the outside. It is characterized by that.

  Therefore, the issuer can surely identify the IC chip to be issued.

The data reading method according to claim 7, an input step in which a predetermined command and encrypted data are input together, a storage step in which a decryption key for decrypting the input data is stored in advance, When the predetermined command is input, a decryption step of decrypting the data input using the decryption key, a confirmation step of confirming validity of the decrypted data,
It is characterized by having.

  The data read program according to claim 8, wherein the computer included in the IC chip is provided with an input means for inputting both a predetermined command and encrypted data, and a decryption key for decrypting the input data. Storage means for storing in advance, functioning as decryption means for decrypting the data input using the decryption key and confirmation means for confirming the validity of the decrypted data when the predetermined command is input It is characterized by that.

  An IC card according to a ninth aspect includes the IC chip according to any one of the first to sixth aspects, and an IC card base.

  As described above, according to the present invention, when a predetermined command and encrypted data are input together, the input data is decrypted using a decryption key stored in advance, and the decrypted data Since the data stored in the IC chip is confidential, the IC card issuer is not aware of the contents of the issuance process and the issuance process is executed at a remote location. Even in such a case, the issuing process can be performed without lowering the security strength.

It is a sequence diagram which shows the business outline | summary regarding the issuing process of the IC card which concerns on this embodiment. It is a block diagram which shows the structure and function outline | summary of the IC card issue system which concerns on this embodiment. It is a conceptual diagram which shows the process by which the issue data which concern on this embodiment are processed. It is a flowchart which shows operation | movement of CPU9 based on the issue process program in the issue process (FIG. 1 step S33) based on this embodiment.

  Hereinafter, the best embodiment of the present application will be described with reference to the accompanying drawings. The embodiment described below is an embodiment in the case where the present application is applied to an IC card issuing system that performs an issuing process.

  First, an outline of a business related to an IC card issuance process according to the present embodiment will be described with reference to FIG.

  FIG. 1 is a sequence diagram showing a business overview regarding IC card issuance processing according to the present embodiment.

For example, a service provider can perform a task related to an IC card issuance process according to this embodiment.
The present invention relates to a task of providing an IC card that has been issued to an individual user and starting to provide a service.

  Here, the issuance process refers to a process for storing the unique information for each user in the IC chip. By the issuance process, the user authentication using the IC chip (a user permitted by the service provider to provide the service) To determine whether or not there is).

  The above business outline will be specifically described below.

  When the service provider requests an IC chip handling company to develop an IC chip (step S1), the software developer of the IC chip handling company develops software for the IC chip (step S11). The software indicates an IC chip application program, for example.

  Then, the software developer requests the IC chip manufacturer to manufacture an IC chip equipped with the software (step S12). Upon receiving the request, the IC chip manufacturer manufactures an IC chip loaded with the software received from the software developer, and builds a mass production system in preparation for a purchase request for the IC chip from an issuer described later (step S21). ).

  In addition to the application program, the IC chip stores a unique identification number, which will be described later, a decryption key for decrypting data, and the like, and is used for decrypting encrypted data, which will be described later. It becomes.

  An issuer means a person who actually performs (executes) an issuance process on an IC chip. In this embodiment, an outsider entrusted by an IC chip handling company (the same entity as the IC chip handling company). Who is not).

  Next, for example, when an issuer issues an IC chip issue process from an IC chip handling company (step S2), the issuer transmits an IC chip purchase request to the IC chip manufacturer to the IC manufacturer (step S31). . Upon receiving the purchase request, the IC chip manufacturer delivers the IC chip to the issuer (step S22).

  When the issuer receives the IC chip (step S32), the issuer requests the issue data generator to create issue data (step S33).

  Here, it is assumed that the issue data generator is the same entity as the software developer. That is, since these persons belong to an IC chip handling company, it is possible to ensure confidentiality with respect to the contents of issued data handled between them.

  Upon receipt of the request, the issue data generator generates the issue data, encrypts the data, prepares a predetermined command (step S41), and transmits it to the issuer (step S42).

  Here, the predetermined command is an instruction for executing an issue process described later. Specifically, when the command is input to the IC chip together with the encrypted issue data, the issue data is issued in the IC chip.

  When the issuer that has received the command and data inputs the predetermined command to the IC chip, an issue process is performed inside the IC chip (step S33). Details of the issuing process will be described later.

  Since the issuance process is performed inside the IC chip, the contents of the issuance data are not known to the issuer (the confidentiality of the issuance data is ensured).

  Then, the issuer ships the issued IC chip (IC chip for which issuance processing has been completed) to the user (a person who receives service provision from the service provider) (step S34). Next, the service provider starts providing the service to the user (step S3).

  Next, the configuration and functional overview of the IC card issuing system according to the present embodiment will be described with reference to FIG.

  FIG. 2 is a block diagram showing an outline of the configuration and functions of the IC card issuing system according to the present embodiment.

  As shown in FIG. 2, the IC card issuance system S according to the present embodiment includes an issuance data generation terminal 1 provided on the issuance data generator (FIG. 1) side and an issuance provided on the issuer (FIG. 1) side. Terminal 2 and reader / writer device 3, and an IC card 11 provided with an IC chip 4.

  The issue data generation terminal 1 and the issue terminal 2 can transmit and receive data to and from each other via the network NW. The network NW is constructed by, for example, the Internet.

  The issuance data generation terminal 1 is used by the issuance data generator for generation of the above-described issuance data, encryption, transmission of the above-described command and the issuance data, for example, a personal computer, a workstation A PDA (Personal Digital Assistant), an STB (Set Top Box), a mobile phone or the like can be applied.

  The issuing terminal 2 is used by an issuer for receiving the above-described command and encrypted issue data, inputting or issuing the command, etc. For example, a personal computer, a workstation PDA (Personal Digital Assistant), STB (Set Top Box), mobile phone, etc. can be applied.

  Further, the issuing terminal 2 reads data from the IC chip 4 and writes data to the IC chip 4 in a non-contact manner (by non-contact communication) using radio waves of a predetermined frequency via the reader / writer device 3. It is possible.

  The reader / writer device 3 is, for example, an RFID reader / writer that employs a well-known FeliCa (registered trademark) technology that is a non-contact IC card technology, and reads data from an RFIC tag (RFIC chip) that employs the FeliCa technology. Data can be written to the RFIC tag in a non-contact manner (by non-contact communication) using radio waves of a predetermined frequency.

  The IC card 11 includes an IC chip 4 on an IC card base 10.

  The IC chip 4 includes an I / O (input / output) interface 5 as an input means, a ROM (Read Only Memory) 6, a RAM (Random Access Memory) 7, an EEPROM 8, a CPU (Central Processing Unit) 9, and the like. Has been.

  The I / O interface 5 is an input / output circuit for transmitting and receiving data, and the CPU 9 communicates with the reader / writer device 3 and the like via the I / O interface 5.

  Further, the I / O interface 5 functions as input means of the present application, and the above-described command or issued data received by the issuing terminal 2 is input via the I / O interface 5 under the control of the CPU 9. Is done.

  The ROM 6 stores an issuance processing program to be executed by the CPU 9, and the CPU 9 comprehensively controls the IC chip 4 based on the issuance processing program and executes an issuance process described later. The RAM 7 is a memory used as a work area for the CPU 9 to control the IC chip 4 in an integrated manner.

  The EEPROM 8 is a kind of nonvolatile semiconductor memory, and is a PROM (Programmable Rom) that can erase data stored in a storage area and re-store it any number of times.

  Further, the EEPROM 8 functions as a storage unit of the present application, and stores data to be recorded on the IC chip 4 such as a decryption key (issue key) and unique identification information for decrypting the input encrypted issue data. Store (memorize).

  Here, the unique identification information is information for identifying the IC chip itself from other IC chips, and is stored in advance at the time of manufacture by, for example, an IC chip manufacturer (see FIG. 1). The unique identification information is stored in the EEPROM 8 in a nonvolatile manner, and cannot be rewritten thereafter.

  As described above, the CPU 9 controls the overall operation of the IC chip 4 based on the issuance processing program, and functions as a decoding unit and a confirmation unit of the present application.

  Next, a process for processing issued data according to the present embodiment will be described with reference to FIG.

  FIG. 3 is a conceptual diagram showing a process in which issuance data according to the present embodiment is processed.

  In FIG. 3, the processes for processing the issue data are the issue data processing process 11 processed on the issue data generation terminal 1 side and the issue data processing process 12 (issue process) processed inside the IC chip 4. It is divided roughly into.

  In the issue data processing process 11 executed on the issue data generation terminal 1 side, issue data is first prepared (see FIG. 3A). Specifically, as the issue data 13, key information generation source data 14, a chip specific value 15 and an error check code 16 as an example of unique identification information are generated. That is, the issuance data 13 includes key information generation source data 14, a chip specific value 15, and an error check code 16.

  The key information generation source data 14 is an example of data converted by a predetermined algorithm when the validity of the issued data 13 is confirmed by the CPU 9. The chip unique value 15 indicates an example of the unique identification information described above.

  The error check code 16 is used to detect whether or not the issued data has been illegally tampered with data by a third party, and one example thereof is CRC.

  CRC is an abbreviation of Cyclic Redundancy Check, and is a mechanism for detecting data errors (verifying the validity of data). In error detection by CRC, first, a CRC code is generated as an example of the error check code 16 from the issued data.

  The CRC code is characterized in that the same CRC code is always generated from the same data. For example, if even one byte of data is different, a completely different CRC code is generated. This feature is used to verify the validity of data.

  In the above description, an example in which the CRC code is used as an example of the error check code 16 to confirm the validity of the issued data has been described. However, the present invention is not limited to this. Various methods can be applied. Details of the method for confirming the validity of the issued data will be described later. Further, since the CRC code is a known technique, a more detailed description is omitted.

  Returning to the description of FIG. 3, in the issuance data processing process 11 executed on the issuance data generation terminal 1 side, the issuance data 13 is then encrypted with the issuance key 17 to generate encrypted issuance data 18. (Refer to Fig. 3B). Then, the encrypted issue data 18 is transmitted to the issuing terminal 2 together with the predetermined command described above.

  Here, the predetermined command (issue command) can be arbitrarily set, but a single command can also be adopted. For example, from a simple and short character string such as one character string (for example, “A” which is a single alphabetic character) or a character string indicating a single meaning (for example, “RUN” which is a character string indicating execution) Can be adopted as a single command.

  Thereby, since the issuer can execute the issuing process without memorizing a complicated command, the issuing process can be realized reliably and promptly. Further, since a single command has a small amount of data indicated by the command, the command can be quickly transmitted without burdening the network even when the command is transmitted via the network.

  When a predetermined command and encrypted issuance data 18 are input to the IC chip 4, the process for processing the issuance data according to the present embodiment shifts to the issuance data processing process 12 that is processed inside the IC chip. Here, the issuance data processing process 12 processed inside the IC chip represents the issuance processing according to the present embodiment described above. In the EEPROM 8, an IC chip issue key 19 as a decryption key (issue key) for decrypting the encrypted issue data 18 and an IC chip internal value 25 as unique identification information are stored in advance. Yes.

  Hereinafter, the process (FIG. 3) in which the issuance data according to the present embodiment is processed and the flowchart showing the operation of the CPU 9 based on the issuance processing program in the issuance process will be described with reference to FIG. 4.

  In the issuing process according to the present embodiment, when a predetermined command and encrypted data are input, the CPU 9 decrypts the input data using a decryption key stored in advance. The validity of the data is checked.

  FIG. 4 is a flowchart showing the operation of the CPU 9 based on the issue process program in the issue process (step S33 in FIG. 1) according to the present embodiment.

  The issuer (see FIG. 1) who has obtained (sent) the predetermined command and the encrypted issue data 18 has encrypted the predetermined command with respect to the IC chip (issue target IC chip) that performs the issue process. Data is input using the issuing terminal 2, for example. In response to the input of the predetermined command, the CPU 9 receives the encrypted issue data 18 (step S51), and decrypts (encrypts) the received encrypted issue data 18 with the IC chip issue key 19 (step S52); (Fig. 3 d).

  In the present embodiment, the CPU 9 performs decoding, but the present invention is not limited to this. For example, a coprocessor (eg, FPU (Floating point number Processing Unit)) or the like may perform the decoding.

  Here, the issue target IC chip may be specified by an issue data generator (FIG. 1) or the like. In other words, the issuer may need to specify the designated IC chip from among the IC chips owned by the issuer and perform the issue process.

  In order to perform the above specification, it is possible to employ a method of displaying characters having the same contents as the chip specific value 15 so as to be visible from the outside of the IC chip. When the issue data generator notifies the issuer of the chip specific value 15 indicating the issue target IC chip to designate the issue target IC chip, the issuer confirms the chip specific value 15 displayed on the IC chip by visual recognition. The IC chip to be issued can be specified.

  As for the method of displaying the above-mentioned so as to be visible from the outside, for example, it is assumed that the chip specific value 15 is displayed on the external appearance surface of the IC chip by silk printing or engraving or a sticker in which the chip specific value 15 is specified is attached. However, it can be arbitrarily selected without being limited thereto.

  Returning to the description of FIG. 4, the CPU 9 first calculates an error check code for the decrypted encrypted data in the IC chip in order to confirm the validity of the decrypted encrypted data. (Step S53) and (FIG. 3E).

  Specifically, in FIG. 3, the CPU 9 generates an error check code 24 based on the key information generation source data 21 and the chip specific value 22 included in the decrypted issue data 20.

  Then, the CPU 9 determines whether or not the calculated error check code 24 matches the error check code 23 included in the decrypted issue data 20 (step S54) and (FIG. 3E).

  Specifically, when a CRC code is used as an example of an error check code, first, a CRC code is generated from the data when the issued data is generated, and is stored together with the data in a storage device or the like. In the issuing process, the CPU 9 generates a CRC code from the decrypted encrypted issuance data, and compares (collates) the CRC code of the issuance data generated previously with the CRC code generated by the CPU 9. .

  Then, when these two CRC codes are compared and the mutual CRC codes match, the previously generated issue data and the decrypted encrypted issue data are the same due to the characteristics of the CRC code described above. It is shown that. Accordingly, it is possible to confirm that the data is valid because the content of the data is not changed by an unauthorized tampering or the like not intended by the user during storage.

  In this embodiment, the case where the CRC codes match each other means that the key information generation source data 14 included in the issue data 13 and the key information generation source data 21 included in the decrypted issue data 20 are the issue data. 13 indicates that the chip specific value 15 included in 13 and the chip specific value 22 included in the decrypted issued data 20 match each other.

  On the other hand, if the mutual CRC codes do not match, it indicates that the previously generated issue data is different from the decrypted encrypted issue data. Therefore, it is possible that the content of the data has been changed due to unauthorized tampering or the like not intended by the user during storage, and it can be confirmed that the data is not valid.

  In this embodiment, when the mutual CRC codes do not match, the key information generation source data 14 included in the issue data 13 and the key information generation data 21 included in the decrypted issue data 20 do not match, or In this example, the chip unique value 15 included in the issued data 13 and the chip unique value 22 included in the decrypted issued data 20 do not match or do not match each other.

  If the calculated error check code 24 and the error check code 23 included in the decrypted issue data 20 do not match (step S54: NO), the process ends as error processing (step S61).

  On the other hand, if the calculated error check code 24 and the error check code 23 included in the decrypted issue data 20 match (step S54: YES), the CPU 9 confirms the validity of the decrypted issue data 20 Therefore, it is determined whether or not the chip specific value 22 and the IC chip internal specific value 25 match (step S55) and (to FIG. 4).

  Here, the chip unique value 15 and the chip unique value 21 in the IC chip may be held as respective immediate values (values without any data conversion), but may be a hash function or XOR (exclusive logic). It may be a value converted by an operation using an algorithm such as (sum operation). The above algorithm can be arbitrarily selected.

  Further, instead of holding the converted value, the chip eigenvalue is held as the immediate value, and the validity is confirmed after the calculation using the algorithm is performed in the IC chip 4. Good. In other words, when the validity is confirmed, an operation using the algorithm may be performed in the IC chip 4 each time.

  Returning to the description of FIG. 4, if the chip specific value 22 and the chip specific value 25 in the IC chip do not match (step S55: NO), the process ends as error processing (step S62).

  In this case, the chip unique value 15 included in the issued data 13 is different from the chip unique value 25 included in the decrypted issued data 20. Accordingly, it is assumed that, for example, unauthorized tampering or the like has been made to the encryption issue data 18 before the encryption issue data 18 is input to the IC chip 4.

  On the other hand, when the chip specific value 15 and the IC chip internal unique value 25 match (step S55: YES), the CPU 9 generates key data 26 from the key information generation source data 21 (step S56) and (FIG. 3). ).

  Specifically, the CPU 9 generates key data 26 by applying an operation using an algorithm such as a hash function or XOR to the key information generation source data 21.

  Further, the type of algorithm to be applied may be specified using the issue data 13.

  Specifically, an instruction indicating the type of the algorithm to be executed by the CPU 9 is stored in the issued data 13 in advance, and the CPU 9 refers to the instruction when generating the key data 26 and applies it to the calculation. The type of algorithm to be performed may be determined.

  Returning to the description of FIG. 4, the CPU 9 sets the generated key data 26 (for example, stores it in the key information storage area in the IC chip) and ends the process. Here, the key information storage area is an area that is provided in, for example, the EEPROM 8 and is protected such that access from the outside is restricted. The key data 26 is stored in the protected area.

  As described above, in the present embodiment, the CPU 9 receives both the predetermined command and the encrypted issue data 19 and when the predetermined command is input, the IC chip issuance key stored in advance is stored. The data input using 19 is decrypted, and the validity of the decrypted issued data 20 is confirmed.

  Accordingly, by confirming the validity within the IC chip, a third party (for example, the issuer) can know the validity confirmation mechanism (issue processing mechanism, FIG. 3 and FIG. 4). Absent. In addition, the confidentiality of the data stored in the IC chip is ensured, and the IC card issuer side is not aware of the contents of the issue process (for example, the issuer side), and the validity confirmation mechanism ( Even if the issuing process mechanism (FIGS. 3 and 4) is not known) and the issuing process is executed at a remote place, the issuing process can be performed without lowering the security strength. .

  Further, when the validity is confirmed, the CPU 9 converts the key information generation source data 21 with a predetermined algorithm.

  Therefore, even if the confidentiality of the data stored in the IC chip is further secured, even if the issuing process is executed in a remote place without the IC card issuer being aware of the contents of the issuing process, The issuing process can be performed without a decrease in strength.

  Further, the CPU 9 confirms the validity of the decrypted issue data 20 by comparing the chip intrinsic value 25 in the IC chip and the chip intrinsic value 22.

  Therefore, it is possible to reliably identify an IC chip to be subjected to the issuing process and perform the issuing process.

  Further, the CPU 9 further confirms the validity of the decrypted issue data 20 using the calculated error check code 24 and the error check code 23 generated as included in the decrypted issue data 20. Yes.

  Therefore, unauthorized data access (for example, password cracking) to the IC chip can be prevented.

  Further, when a single command is inputted, the CPU 9 confirms the validity of the decrypted issue data 20.

  Therefore, the issue process can be executed only by providing the issuer with the minimum necessary information, and the issuer can execute the issue process without performing a complicated operation.

  In addition, characters indicating the same content as the chip intrinsic value 25 in the IC chip are displayed so as to be visible from the outside.

  Therefore, the issuer can surely identify the IC chip to be issued.

  In the above-described embodiment, an example in which the present application is applied to an IC chip has been described. However, the present invention can also be applied to, for example, a semiconductor device that requires issuing processing, other information processing devices, and the like It is.

1 Issuing data generation terminal 2 Issuing terminal 3 Reader / writer device 4 IC chip 5 I / O interface 6 ROM
7 RAM
8 EEPROM
9 CPU
10 Card Base 11 IC Card S IC Card Issuing System

Claims (9)

An input means for inputting a predetermined command and encrypted data together;
Storage means for storing in advance a decryption key for decrypting the input data;
When the predetermined command is input,
Decryption means for decrypting the data input using the decryption key;
Confirmation means for confirming the validity of the decrypted data;
An IC chip comprising: The IC chip according to claim 1,
When the validity is confirmed by the confirmation means, a conversion means for converting a part or all of the decrypted data by a predetermined algorithm,
An IC chip, further comprising: In the IC chip according to any one of claims 1 and 2,
The data further includes unique identification information indicating the IC chip,
The storage means further stores in advance unique identification information indicating the IC chip,
The confirmation means confirms the validity of the decoded data by comparing the unique identification information included in the decoded data with the unique identification information stored in advance. Chip. In the IC chip according to any one of claims 1 to 3,
The data further includes an error check code,
The IC chip is further characterized in that the validity of the data including the decrypted unique identification information is confirmed using an error check code included in the decrypted data. In the IC chip according to any one of claims 1 to 4,
The IC chip, wherein the predetermined command is a single command. The IC chip according to any one of claims 1 to 5,
An IC chip, wherein characters showing the same content as the unique identification information are displayed so as to be visible from the outside. An input process in which a predetermined command and encrypted data are input together;
A storage step of previously storing a decryption key for decrypting the input data;
When the predetermined command is input,
A decryption step of decrypting the data input using the decryption key;
A confirmation step of confirming the validity of the decrypted data;
A method of reading data in an IC chip, comprising: The computer included in the IC chip
An input means for inputting a predetermined command and encrypted data together;
Storage means for previously storing a decryption key for decrypting the input data;
When the predetermined command is input,
Decryption means for decrypting the data input using the decryption key;
Confirmation means for confirming the validity of the decrypted data;
A data reading program characterized in that it functions as: An IC chip according to any one of claims 1 to 6, an IC card substrate,
An IC card comprising:

Images