JP2011248593A - Authentication processing device, authentication processing method, authentication processing program, processing system, and automated teller machine - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent malfunction of a peripheral device in case of camouflage of a central processing unit, an unauthorized change of a state of an input-output port of a SAM, and so on.SOLUTION: An authentication processing device executes authentication processing according to a command for authentication from a central control device and outputs an authentication result to the central control device, and includes a storage means for storing a key identifier and an encryption key data in association with each other. When the command for authentication including an authentication data and identification information of the command for authentication is inputted through an input-output port for authentication processing, the authentication processing device specifies the key identifier based on the identification information, acquires the encryption key data corresponding to the specified key identifier from the storage means, executes authentication processing by using the acquired encryption key data and the authentication data, and outputs an operation signal to operate a peripheral device through an input-output port for peripheral device related to the authentication processing when the authentication processing is successful.

Description

  The present invention relates to an authentication processing microcontroller mounted on an electronic device.

  This type of authentication processing microcontroller (hereinafter referred to as SAM (Secure Application Module)) is mounted on, for example, a payment processing terminal. When the payment processing terminal verifies, for example, information recorded in an IC (Integrated Circuit) card with a check code or the like, the SAM performs an authentication process for confirming the validity of the check code. (For example, refer to Patent Document 1).

  Also, for example, it authenticates an IC cash card, communicates with a host computer connected to the network, displays predetermined information on an LED (Light Emitting Diode), LCD (Liquid Crystal Display), printed matter, etc. A SAM is also installed in an automated teller machine (hereinafter referred to as ATM (Automated Teller Machine)). In addition to the SAM, the ATM includes various peripheral devices such as an LED, a monitoring camera, a cash payment mechanism, a printer, and an LCD, and a central control device that controls the operation of the peripheral device. The various peripheral devices are connected to the central controller by input / output ports. The central controller includes a control program for each peripheral device, and appropriately controls the operation of the peripheral device.

  In such an ATM, the peripheral device is operated according to the authentication result by the SAM (for example, the LED is turned on after “IC card validity check by ATM” is finished, and after “transaction approval by the host computer” is finished, “ In the case of “operating the motor of the cash payment mechanism”, conventionally, the SAM connected to the central control unit determines the authentication result, and the central control unit that has received the determination information from the SAM operates the peripheral device. It was.

JP-A-10-307899

  By the way, conventionally, a central processing unit is camouflaged by a malicious attacker (for example, the program of the central control unit is altered or the flash ROM storing the program is replaced), and the manipulation instruction is altered. Is transmitted to the peripheral device, there is a possibility that the peripheral device malfunctions due to a falsified operation command. In order to avoid this, it is conceivable that the peripheral device directly acquires the determination information of the authentication result output from the SAM.

  However, the conventional control program necessary for controlling the input / output port is configured by conditional branching (so-called if-then rules), and is not always an effective means when implemented in a storage area with a small number of SAMs.

  In addition, if the state of the input / output port controlled by the SAM is illegally changed by a malicious attacker, the peripheral device may malfunction.

  In addition, in the SAM, it is difficult to realize a process for controlling a single or a plurality of input / output ports by combining a plurality of authentication results.

  Therefore, the present invention has been made in view of the above points, and prevents malfunction of peripheral devices even when the central processing unit is camouflaged or the SAM input / output port state is illegally changed. An object is to provide an authentication processing device, an authentication processing method, an authentication processing program, a processing system, and an automatic teller machine that can be used.

  In order to solve the above-mentioned problem, the invention according to claim 1 is the authentication command input from the central controller, which is at least one of the plurality of authentication commands identified by the identification information. An authentication processing device that executes authentication processing according to a command and outputs the authentication result to the central control device, wherein the authentication processing input / output port and a plurality of peripheral devices connected to each of a plurality of peripheral devices An authentication command including identification information of an authentication data and an authentication command, a device input / output port; a plurality of key identifiers; encryption key data storage means for storing each encryption key data corresponding to each key identifier in advance; When input via the authentication processing input / output port, the key identifier is specified based on the identification information of the input authentication command, and the key identifier is identified. Using the acquisition means acquired from the encryption key data storage means, the acquired encryption key data, and the authentication data included in the input authentication command, according to the authentication command Authentication means for executing authentication processing; and control means for outputting an operation signal for operating the peripheral device from the peripheral device input / output port related to the authentication processing when the authentication processing is successful. It is characterized by that.

  According to a second aspect of the present invention, in the authentication processing device according to the first aspect, each program that defines the content of the authentication process corresponding to each authentication command is associated with the identification information of each authentication command. Program storing means for storing the key identifier corresponding to the encryption key data used in each authentication process is described in each of the programs. The key identifier is specified from among the programs associated with the identification information.

  The invention according to claim 3 is the authentication processing device according to claim 1, further comprising identification information storage means for storing the identification information of the authentication command every time the authentication command is input. The acquisition unit specifies an input order of the plurality of authentication commands input based on the identification information stored in the identification information storage unit, and the key identifier corresponding to the specified input order It is characterized by specifying.

  According to a fourth aspect of the present invention, the authentication processing device according to the third aspect further comprises input order storage means for previously storing a plurality of combinations of candidate input orders in association with the key identifiers. The acquisition means specifies the key identifier corresponding to the specified input order from the input order storage means.

  According to a fifth aspect of the present invention, in the authentication processing device according to any one of the first to fourth aspects, the encryption key data storage means includes an input / output port identifier indicating each of the authentication processing input / output ports. Is stored, and the key identifier is associated with each input / output port identifier, and the control means, when the authentication process is successful, the key corresponding to the encryption key data used for the authentication process An operation signal for operating the peripheral device is output from the peripheral device input / output port indicated by the input / output port identifier associated with the identifier.

  According to a sixth aspect of the present invention, in the authentication processing device according to any one of the first to fourth aspects, the encryption key data storage means includes an input / output port identifier indicating each of the peripheral device input / output ports. Further, authentication state comparison condition information is stored in association with each input / output port identifier, the authentication unit executes the authentication process a plurality of times, and the control unit performs a plurality of times. An operation signal for operating the peripheral device is output from the peripheral device input / output port indicated by the input / output port identifier associated with the authentication state comparison condition information corresponding to the authentication result by the authentication processing. And

  According to a seventh aspect of the present invention, in the authentication processing device according to any one of the first to sixth aspects, the control means changes the status information of the register of the peripheral device input / output port. The operation signal is output from the peripheral device input / output port.

  According to an eighth aspect of the present invention, in the authentication processing device according to the seventh aspect, status information corresponding to each of the peripheral device input / output ports and error detection information generated based on each of the status information are stored. Further comprising status storage means, and when the authentication process is successful, the control means outputs the status information and the error detection information without changing the status information of the register of the peripheral device input / output port. When interrupt processing is started that is stored in the state storage means and executed at predetermined intervals, the state information stored in the state storage means is stored in the corresponding registers of the peripheral device input / output ports. It is characterized in that the state information of the register is changed by outputting.

  According to a ninth aspect of the present invention, in the authentication processing apparatus according to the eighth aspect, the control means stores each of the status storage means when interrupt processing executed at a predetermined interval is started. Error detection information is generated based on the status information, and when the generated error detection information matches the error detection information stored in the status storage means, each stored in the status storage means The status information is output to the corresponding register of each peripheral device input / output port to change the status information of the register.

  An invention of a processing system according to a tenth aspect includes the authentication processing device according to any one of the first to ninth aspects, and the peripheral device whose input / output port is opened and closed by a motor drive, and the peripheral device Is controlled by the authentication processing device.

  An invention of an automated teller machine according to claim 11 is an authentication processing device according to any one of claims 1 to 9, a central control device that outputs an authentication command to the authentication processing device, and And a plurality of peripheral devices whose operations are controlled by the authentication processing device or the central control device.

  The invention according to claim 12 is an input / output port for authentication processing, a plurality of input / output ports for peripheral devices connected to each of the plurality of peripheral devices, a plurality of key identifiers, and each corresponding to each of the key identifiers Encryption key data storage means for storing encryption key data in advance, and executing authentication processing in response to an authentication command from the central control unit and outputting the authentication result to the central control unit When an authentication command including authentication data and authentication command identification information is input via the authentication processing input / output port, the authentication processing method is based on the input authentication command identification information. Identifying the key identifier, obtaining encryption key data corresponding to the identified key identifier from the encryption key data storage means, the obtained encryption key data, A step of executing an authentication process using authentication data included in the input authentication command and, if the authentication process is successful, from the peripheral device input / output port related to the authentication process Outputting an operation signal for operating the apparatus.

  The invention of an authentication processing program according to claim 13 causes a computer to execute the authentication processing method according to claim 12.

  According to the present invention, the operation signal for operating the peripheral device is output from the peripheral device input / output port corresponding to the encryption key data used for the authentication processing. Even in such a case, it is possible to transmit an operation signal with high security to the peripheral device with a small storage area of the authentication processing device, and as a result, it is possible to prevent the peripheral device from malfunctioning.

  If the authentication process is successful, the status information and the error detection information are stored in the status storage means without changing the status information of the peripheral device I / O port register, and the interrupt process is started. In addition, if each status information stored in the status storage means is output to a corresponding register of each peripheral device input / output port to change the status information of the register, the peripheral device of the authentication processing device Even when the status of the input / output port is illegally changed, it is possible to prevent malfunction of the peripheral device.

  Further, if the configuration is made so that an operation signal for operating the peripheral device is output from the input / output port for the peripheral device associated with the authentication state comparison condition information corresponding to the authentication result by the authentication processing of a plurality of times, a plurality of authentications are performed. Depending on the combination of results, a single or a plurality of peripheral device input / output ports can be controlled, and an operation signal with higher security can be transmitted in a storage area with a small number of authentication processing devices.

  Furthermore, since the key identifier corresponding to the encryption key data used for the authentication process is configured to be specified based on the command number of the input authentication command, the communication content at the time of authentication can be concealed, It is possible to prevent leakage of authentication-related information (key identifier) that becomes a clue to attack.

It is a figure which shows the outline | summary structural example of ATM which concerns on this embodiment. It is a block diagram which shows the example of an outline structure of SAM2. It is a figure which shows the structural example of the power supply terminal and input / output port of SAM2. FIG. 4A is a conceptual diagram illustrating an example of command numbers stored in the volatile memory 22. (B) is a conceptual diagram showing an example of a command table and an authentication processing program. (A) is a figure which shows an example of the storage format of an encryption key. (B) is a diagram showing an example of a message format of an authentication command. It is a flowchart which shows the command processing in CPU21 of SAM2 which concerns on 1st Embodiment. It is a figure which shows an example of the storage format of the status information and error detection information corresponding to each input / output port for peripheral devices. It is a flowchart which shows the interruption process in CPU21 of SAM2 which concerns on 2nd Embodiment. It is a figure which shows an example of the storage format of authentication status information. It is a figure which shows an example of the storage format of the encryption key in 3rd Embodiment. It is a figure which shows an example of the storage format of the authentication status comparison condition information in 3rd Embodiment. It is a flowchart which shows the command processing in CPU21 of SAM2 which concerns on 3rd Embodiment.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, embodiment described below is embodiment at the time of applying this invention with respect to ATM.

  First, the structure of ATM which concerns on one Embodiment of this invention is demonstrated using FIG.

  FIG. 1 is a diagram illustrating a schematic configuration example of an ATM according to the present embodiment.

  As shown in FIG. 1, the ATM includes a central control device 1, an SAM 2 as an example of an authentication processing device, an LED 3, a monitoring camera 4, a cash payment mechanism 5, a printer 6, an LCD 7, and an IC card reader 8. It is configured.

  Here, the LED 3, the monitoring camera 4, the cash payment mechanism 5, the printer 6, and the LCD 7 are examples of peripheral devices. For these peripheral devices (peripheral devices), a device that requires only an operation signal (trigger signal) from the SAM 2 and information from the central control device 1 in addition to the operation signal from the SAM 2 are required for operation. There are two types of devices, each connected as shown in FIG. For example, the LED 3, the monitoring camera 4, and the cash payment mechanism 5 are connected to the SAM 2 through respective controllers. On the other hand, the printer 6 and the LCD 7 are connected to the central control device 1 and the SAM 2 via respective controllers.

  Further, the central control device 1 is connected to the SAM 2 via the SAM controller, and to the IC card reading device 8 via the IC card controller. Further, a host computer is connected to the central controller 1 via a network controller and a network.

  The central controller 1 includes a CPU (Central Processing Unit), a working RAM (Random Access Memory), a flash ROM (Read Only Memory) in which programs and data are stored, and the like, and performs overall control of the entire ATM. For such control, the central control device 1 outputs various commands to the SAM 2. Each of these commands is given a unique command number (an example of identification information). Each command is identified (differentiated) from other commands by this command number.

  The details of the SAM 2 having a characteristic configuration and function in the ATM configured as described above will be described separately for the first to third embodiments.

(First embodiment)
First, details of the SAM 2 according to the first embodiment will be described.

  FIG. 2 is a block diagram illustrating a schematic configuration example of the SAM2. FIG. 3 is a diagram illustrating a configuration example of the power supply terminal and the input / output port of the SAM2.

  As shown in FIG. 2, the SAM 2 includes a CPU 21, a volatile memory 22 such as a RAM (an example of identification information storage means), and a nonvolatile memory 23 such as a flash ROM (an encryption key data storage means, a program storage means, an identification information storage). And an input order storage means), an input / output port 24, and the like, execute an authentication process according to an authentication command (including a command number) from the central controller 2, and centrally control the authentication result. The data is output to the device 2. That is, the SAM 2 executes an authentication process corresponding to the input authentication command (in other words, corresponding to the command number) among the plurality of authentication commands identified by the command number, and centrally controls the authentication result. Output to device 2.

  In the example of FIG. 3, a plurality of input / output ports 24 from I / O1 to I / O12 are provided. One of the plurality of input / output ports (for example, I / O 8) is used as an input / output port for authentication processing (for data exchange of authentication processing), and the other plurality of input / output ports (for example, I / O 1 to I / O 1). I / O 7) is used as a peripheral device input / output port connected to each of a plurality of peripheral devices (controllers).

  Each time an authentication command is input from the central controller 1 via the authentication processing input / output port, the command number of the authentication command is stored in the volatile memory 22.

  FIG. 4A is a conceptual diagram showing an example of command numbers stored in the volatile memory 22. In the example shown in FIG. 4A, the volatile memory 22 stores command numbers in chronological order from the lowest numbered address in the order in which the authentication commands are input. As a result, the CPU 21 can specify the input order of authentication commands.

  In the nonvolatile memory 23, each authentication processing program that prescribes the contents of the authentication processing corresponding to each authentication command is stored in advance. The nonvolatile memory 23 also stores a command table that associates the command number of each authentication command with the head address of the memory area in which each authentication processing program is stored. With this command table, the command number of each authentication command is associated with each authentication processing program.

  FIG. 4B is a conceptual diagram illustrating an example of a command table and an authentication processing program. In each authentication processing program, a key identifier for identifying encryption key data (hereinafter referred to as “encryption key”) used in each authentication process is described. For example, in the example of FIG. 4B, the authentication processing program stored in the memory area starting from the head address associated with the command number “0001” includes the key identifier of the encryption key a to be used for this authentication processing. ax is described.

  The non-volatile memory 23 may be configured to store in advance combinations of input orders of a plurality of authentication commands as candidates in association with each key identifier for each input order combination. For example, in the example of FIG. 4B, the authentication processing program stored in the memory area starting from the head address associated with the command number “0002” includes combinations of input orders of a plurality of authentication commands as candidates. And each key identifier is described in association with each other. According to this example, when authentication commands are input in the input order of command numbers “0001” → “0002”, the encryption key b (key identifier bx) is used in this authentication process, and the command number “0002” → When authentication commands are input in the input order “0001”, the encryption key c (key identifier cx) is used in this authentication process.

  The nonvolatile memory 23 stores (stores) a plurality of encryption keys used for authentication processing in advance.

  FIG. 5A is a diagram illustrating an example of an encryption key storage format. As shown in FIG. 5A, each encryption key includes a key of an encryption key that is a target of an authentication command (authentication process execution instruction) received (input) from the outside via the authentication process input / output port. An identifier and an input / output port identifier indicating a peripheral device input / output port whose state is to be changed upon successful authentication processing are stored in association with each other. That is, in this example, the encryption key and the peripheral device input / output port are associated one-to-one.

  Here, “changing the state” means changing the state information stored in the register of the peripheral device input / output port. As an example of the status information, “High (1)”, “Low (0)”, or a combination thereof (serial data including a plurality of bits) may be used.

  When the authentication command is received (input) via the authentication processing input / output port, the CPU 21 (an example of an acquisition unit) specifies the key identifier based on the command number of the input authentication command, and An encryption key corresponding to the identified key identifier is acquired from the nonvolatile memory 23.

  FIG. 5B is a diagram illustrating an example of a message format of the authentication command. As shown in FIG. 5B, the authentication command includes an instruction code indicating an authentication process execution instruction and authentication data. Here, the command code indicating the authentication processing execution command includes the command number of the authentication command.

  Next, the CPU 21 (an example of an authentication unit) uses the encryption key acquired from the nonvolatile memory 23 and the authentication data included in the input authentication command to decrypt the authentication data (for example, the authentication data with the encryption key). Execute). When the authentication process is successful, the CPU 21 (an example of a control unit) outputs an operation signal for operating the peripheral device from the peripheral device input / output port related to the authentication process. That is, the CPU 21 changes the state information of the register of the peripheral device input / output port (Low → High) to output an operation signal from the peripheral device input / output port. As a result, the peripheral device starts to operate according to the operation signal. In other words, the peripheral device uses a change in the input / output port for the peripheral device as an operation trigger.

  Here, the above-mentioned “input / output port for peripheral device related to authentication processing” refers to the input / output port identifier associated with the key identifier corresponding to the encryption key used in the authentication processing in the first embodiment. (The input / output port identifier associated with the key identifier is specified from the nonvolatile memory 23).

  FIG. 6 is a flowchart showing command processing in the CPU 21 of the SAM 2 according to the first embodiment.

  When the processing shown in FIG. 6 is started, the CPU 21 waits for command reception (step S1). Next, when the CPU 21 receives a command from the central control device 1 via the authentication processing input / output port (step S2: YES), the CPU 21 determines whether or not the received command is an authentication command. It discriminate | determines by the instruction code contained in a command (step S3). If the received command is not an authentication command (step S3: NO), the CPU 21 proceeds to step S4. If the received command is an authentication command (step S3: YES), the CPU 21 is included in the authentication command. The command number is stored in the volatile memory 22, and the process proceeds to step S5.

  In step S4, the CPU 21 executes command processing according to the received command, and returns to step S1.

  In step S5, the CPU 21 specifies a key identifier based on the command number of the input authentication command, and stores an encryption key (encryption key specified by the key identifier) corresponding to the specified key identifier in the nonvolatile memory. The authentication process is executed using the encryption key and the authentication data included in the authentication command.

  Here, the identification of the key identifier based on the command number is performed as follows.

  As an example, the CPU 21 specifies a head address associated with a command number included in the input authentication command from the command table, and stores an authentication processing program stored in a memory area starting from the specified head address. The authentication process is read out and the key identifier is specified from the authentication process program.

  As another example, the CPU 21 first inputs the input order of a plurality of authentication commands (in other words, based on the command number stored in the volatile memory 22 as shown in FIG. 4A). And the order of execution of authentication commands). Next, the CPU 21 specifies a key identifier corresponding to the specified input order from the nonvolatile memory 23. More specifically, the CPU 21 identifies the head address associated with the command number included in the input authentication command from the command table, and stores the authentication processing program stored in the memory area starting from the identified head address. The authentication process is started, and the key identifier corresponding to the specified input order is specified from the authentication process program.

  Next, the CPU 21 determines whether or not the authentication process is successful (step S6). If the authentication process is not successful (step S6: NO), the authentication process input / output is performed as a response to the central controller 1. An error message is transmitted (output) through the port (step S7), and the process returns to step S1.

  On the other hand, if the authentication process is successful (step S6: YES), the CPU 21 obtains the status information of the register of the peripheral device input / output port specified by the key identifier corresponding to the encryption key used for the authentication process. Set to High (step S8). As a result, an operation signal is transmitted to the peripheral device connected to the peripheral device input / output port.

  Next, as a response to the central controller 1, the CPU 21 transmits (outputs) a normal end message via the authentication processing input / output port (step S9), and returns to step S1.

  As described above, according to the first embodiment, the encryption key and the peripheral device input / output port are associated with each other, and the peripheral device input / output port register corresponding to the encryption key used for the authentication process is registered. Since the operation information for operating the peripheral device is output from the peripheral device input / output port by changing the state information of the peripheral device, even if the central processing unit 1 is camouflaged, the SAM2 is small. An operation signal with high security can be transmitted to the peripheral device in the storage area, and as a result, malfunction of the peripheral device can be prevented. In particular, by setting the register status information to 1-bit information of “1” or “0”, the peripheral device input / output port can be efficiently controlled in a storage area with a small amount of SAM2.

  Also, a configuration in which an authentication command including a key identifier of an encryption key used in authentication processing is input via an authentication processing input / output port is conceivable, but in this embodiment, a key identifier is added to the authentication command. Since the key identifier corresponding to the encryption key used for authentication processing is specified based on the command number of the input authentication command without being included, the communication contents at the time of authentication can be concealed Thus, it is possible to prevent leakage of authentication-related information (key identifier) that becomes a clue to attack. Furthermore, since it is possible to reduce variations in communication contents during authentication, operation errors can be reduced.

(Second Embodiment)
Next, details of the SAM 2 according to the second embodiment will be described. Note that the SAM 2 according to the second embodiment includes a timer in addition to the configuration shown in FIG. Further, the power supply terminal and the input / output port of the SAM 2 according to the second embodiment are configured as shown in FIG. Also in the second embodiment, the command numbers are sequentially stored in the volatile memory 22 from the lowest numbered address in the order in which the authentication commands are input, as shown in FIG. Also in the second embodiment, the example of the command table and the authentication processing program shown in FIG. 4B can be applied. Also in the second embodiment, the encryption key storage format is as shown in FIG. Also in the second embodiment, the message format of the authentication command is as shown in FIG. Also in the second embodiment, command processing in the CPU 21 is as shown in FIG. 6 except for step S8. Note that a description of the same parts as those in the first embodiment is omitted.

  In the second embodiment, status information corresponding to each peripheral device input / output port and error detection information generated based on each status information are stored in the volatile memory 22 (an example of status storage means). It has become.

  FIG. 7 is a diagram illustrating an example of a storage format of status information and error detection information corresponding to each peripheral device input / output port. In the example of FIG. 7, the volatile memory 22 has a storage area for storing status information corresponding to the I / O 1 to I / O 7 peripheral device input / output ports and a storage area for storing error detection information. Assigned. The storage area for storing the status information corresponding to the peripheral device input / output ports of I / O1 to I / O7 may be duplicated.

  Here, the error detection information is, for example, a value (check sum) obtained by adding status information (for example, 1 or 0) corresponding to all peripheral device input / output ports, and the like. Used to detect that the register status information has been altered (tampered).

  When the authentication process is successful, the CPU 21 according to the second embodiment does not change the state information of the peripheral device input / output port register (does not update immediately), and displays the state information and the generated error detection information. Store (update) in the volatile memory 22. That is, in step S8 shown in FIG. 6, the CPU 21 does not set the status information of the register of the peripheral device input / output port to High, but stores the storage area corresponding to the peripheral device input / output port (of the volatile memory 22). The status information indicating High is stored in the storage area), and the generated error detection information is stored in the corresponding storage area.

  Then, the CPU 21 generates error detection information based on each state information stored in the volatile memory 22 when an interrupt process executed at a predetermined interval is started.

  Here, the interrupt processing is generated at a constant cycle (for example, every 0.5 seconds) by a timer such as an interval timer or a watchdog timer.

  Then, when the generated error detection information matches the error detection information stored in the volatile memory 22, the CPU 21 converts each status information stored in the volatile memory 22 to the corresponding peripheral information. Output to the register of the device input / output port (that is, copy to the register) to change the status information of the register.

  FIG. 8 is a flowchart showing an interrupt process in the CPU 21 of the SAM 2 according to the second embodiment.

  When the processing shown in FIG. 8 is started, the CPU 21 generates error detection information based on state information corresponding to each peripheral device input / output port stored in the volatile memory 22 (step S11).

  Next, the CPU 21 determines whether or not the generated error detection information matches the error detection information stored in the volatile memory 22 (step S12). If they do not match (step S12: NO) ), The process proceeds to step S13. If they match (step S12: YES), the process proceeds to step S14.

  In step S13, the CPU 21 sets all the registers of all the peripheral device input / output ports to Low and shifts to an infinite loop.

  On the other hand, in step S14, the CPU 21 copies each status information stored in the volatile memory 22 to the register of each corresponding peripheral device input / output port, and ends the processing.

  As described above, according to the second embodiment, when the authentication process is successful, the status information of the peripheral device input / output port register is not immediately updated, but the status information and the generated error detection are detected. When information is stored in the volatile memory 22 and subsequent interrupt processing is started, each status information stored in the volatile memory 22 is reflected in the register of each corresponding peripheral device input / output port. Therefore, even if the state of the peripheral device I / O port of the SAM2 is illegally changed, it is possible to prevent the peripheral device from malfunctioning (the peripheral device may malfunction for a moment). Yes, it will be restored immediately by reflecting the status information).

(Third embodiment)
Next, details of the SAM 2 according to the third embodiment will be described. Note that the SAM 2 according to the third embodiment has the configuration shown in FIG. Further, the power supply terminal and the input / output port of the SAM 2 according to the third embodiment are configured as shown in FIG. Also in the second embodiment, the command numbers are sequentially stored in the volatile memory 22 from the lowest numbered address in the order in which the authentication commands are input, as shown in FIG. Also in the second embodiment, the example of the command table and the authentication processing program shown in FIG. 4B can be applied. Also in the third embodiment, the message format of the authentication command is as shown in FIG. Note that a description of the same parts as those in the first embodiment is omitted.

  In the third embodiment, authentication processing is executed a plurality of times, and authentication status information indicating an authentication result (success / failure or not executed) is stored in the volatile memory 22 for each encryption key to be authenticated. ing.

  FIG. 9 is a diagram illustrating an example of a storage format of authentication status information. In the example of FIG. 9, a storage area for storing authentication state information corresponding to the encryption keys a to h is allocated to the volatile memory 22.

  Also in the third embodiment, the nonvolatile memory 23 stores a plurality of encryption keys used for authentication processing.

  FIG. 10 is a diagram illustrating an example of an encryption key storage format in the third embodiment. As shown in FIG. 10, a key identifier for identifying the encryption key is stored in association with each encryption key, but an input / output port identifier is not associated with each encryption key. Instead, in the third embodiment, authentication state comparison condition information is associated with each input / output port identifier and stored in the nonvolatile memory 23. That is, in this example, a combination of authentication results using a plurality of encryption keys is associated with the peripheral device input / output port.

  FIG. 11 is a diagram illustrating an example of a storage format of authentication state comparison condition information in the third embodiment. As shown in FIG. 11, authentication state comparison information and authentication state comparison condition information are stored in association with the input / output port identifiers indicating the peripheral device input / output ports.

  Here, the authentication state comparison information defines, for example, what state the authentication state information should be. For example, the authentication status comparison information defines that the authentication result is successful. Also, the authentication condition comparison condition information defines a comparison condition indicating whether all the encryption keys must satisfy the state indicated in the authentication condition comparison information or some of the encryption keys must be satisfied. Is done. For example, in the authentication state comparison condition information, an AND condition of the encryption key a and the encryption key b is defined.

  The CPU 21 according to the third embodiment specifies an input / output port identifier associated with authentication state comparison condition information corresponding to an authentication result obtained by a plurality of authentication processes. For example, in the case where the authentication result of a plurality of authentication processes indicates that the encryption key a and the encryption key b are successful, the corresponding authentication state comparison condition information is identified from the nonvolatile memory 23 and is identified. The input / output port identifier associated with the authentication state comparison condition information is identified. Then, the CPU 21 outputs an operation signal for operating the peripheral device from the peripheral device input / output port indicated by the specified input / output port identifier, as in the first embodiment.

  FIG. 12 is a flowchart showing command processing in the CPU 21 of the SAM 2 according to the third embodiment. Note that the processing of steps S21 to S27 shown in FIG. 12 is the same as the processing of steps S1 to S7 shown in FIG.

  In step S28 shown in FIG. 12, the CPU 21 stores authentication state information indicating that the authentication process using the encryption key is successful in the storage area corresponding to the encryption key used for the successful authentication process.

  Next, the CPU 21 determines whether or not there is authentication state comparison information and authentication state comparison condition information that matches (corresponds) the authentication state information (including updated authentication state information) corresponding to each encryption key (step). S29) If there is (step S29: YES), the process proceeds to step S30. If not (step S29: NO), the process proceeds to step S31.

  In step S30, the CPU 21 sets the status information of the peripheral device input / output port register indicated by the input / output port identifier associated with the authentication status comparison information and the authentication status comparison condition information that matches the authentication status information to High. Then, the process proceeds to step S31. As a result, an operation signal is transmitted to the peripheral device connected to the peripheral device input / output port.

  In step S31, the CPU 21 transmits (outputs) a normal end message via the authentication processing input / output port as a response to the central control device 1, and returns to step S21.

  As described above, according to the third embodiment, a combination of authentication results using a plurality of encryption keys is associated with an input / output port for a peripheral device, and an authentication corresponding to an authentication result by a plurality of authentication processes. Since the operation signal for operating the peripheral device is output from the peripheral device input / output port associated with the state comparison condition information, depending on the combination of a plurality of authentication results, the peripheral device can be used. The input / output port can be controlled, and an operation signal with higher security can be transmitted in a storage area with a small amount of SAM2.

  In addition, although the case where this invention was applied with respect to ATM was demonstrated in the said embodiment, it is not limited to this, It is applicable with respect to another processing system.

1 Central controller 2 SAM
21 CPU
22 Volatile memory 23 Nonvolatile memory 24 I / O port

Claims (13)

An authentication process is executed according to the authentication command input from the central control device, and the authentication result is the central authentication command, the authentication command being at least one of a plurality of authentication commands identified by the identification information An authentication processing device that outputs to a control device,
I / O port for authentication processing,
A plurality of peripheral device input / output ports connected to each of the plurality of peripheral devices;
A plurality of key identifiers, and encryption key data storage means for storing in advance each encryption key data corresponding to each key identifier;
When an authentication command including authentication data and authentication command identification information is input via the authentication processing input / output port, the key identifier is specified based on the input authentication command identification information. Obtaining means for obtaining encryption key data corresponding to the identified key identifier from the encryption key data storage means;
Using the acquired encryption key data and authentication data included in the input authentication command, an authentication means for executing an authentication process according to the authentication command;
When the authentication process is successful, control means for outputting an operation signal for operating the peripheral device from the peripheral device input / output port related to the authentication processing;
An authentication processing device comprising: The authentication processing device according to claim 1,
Each of the programs for defining the contents of the authentication process according to each of the authentication commands, further comprising a program storage means for storing in association with the identification information of each of the authentication commands,
In each program, a key identifier corresponding to encryption key data used in each authentication process is described.
The authentication processing apparatus characterized in that the acquisition means specifies the key identifier from the program associated with the identification information of the input authentication command. The authentication processing device according to claim 1,
An identification information storage means for storing the identification information of the authentication command every time the authentication command is input;
The acquisition unit specifies an input order of the plurality of authentication commands input based on the identification information stored in the identification information storage unit, and the key identifier corresponding to the specified input order An authentication processing device characterized by specifying The authentication processing device according to claim 3,
An input order storage means for storing a plurality of combinations of candidate input orders in advance in association with the key identifiers;
The authentication processing apparatus characterized in that the acquisition means specifies the key identifier corresponding to the specified input order from the input order storage means. In the authentication processing device according to any one of claims 1 to 4,
In the encryption key data storage means, an input / output port identifier indicating each authentication processing input / output port is stored, and the key identifier is associated with each input / output port identifier,
When the authentication process is successful, the control means uses the peripheral device input / output port indicated by the input / output port identifier associated with the key identifier corresponding to the encryption key data used for the authentication process. An authentication processing device that outputs an operation signal for operating the peripheral device. In the authentication processing device according to any one of claims 1 to 4,
The encryption key data storage means stores input / output port identifiers indicating the peripheral device input / output ports, and further stores authentication state comparison condition information associated with each input / output port identifier. ,
The authentication unit executes the authentication process a plurality of times,
The control means operates the peripheral device from the peripheral device input / output port indicated by the input / output port identifier associated with the authentication state comparison condition information corresponding to the authentication result by the authentication processing a plurality of times. An authentication processing apparatus characterized by outputting an operation signal. In the authentication processing device according to any one of claims 1 to 6,
The authentication processing apparatus, wherein the control means outputs the operation signal from the peripheral device input / output port by changing state information of a register of the peripheral device input / output port. The authentication processing device according to claim 7,
It further comprises status storage means for storing status information corresponding to each of the peripheral device input / output ports and error detection information generated based on each status information,
The control means includes
If the authentication process is successful, the status information and the error detection information are stored in the status storage means without changing the status information of the register of the peripheral device input / output port,
When the interrupt process executed at a predetermined interval is started, the status information stored in the status storage means is output to the corresponding register of each peripheral device input / output port to output the status of the register An authentication processing apparatus characterized by changing information. The authentication processing device according to claim 8,
The control means includes
When an interrupt process executed at a predetermined interval is started, error detection information is generated based on each state information stored in the state storage unit,
When the generated error detection information matches the error detection information stored in the state storage unit, the state information stored in the state storage unit is used for each corresponding peripheral device. An authentication processing apparatus characterized in that the status information of the register is changed by outputting to the register of the input / output port. An authentication processing device according to any one of claims 1 to 9, and the peripheral device whose input / output port is opened and closed by driving a motor,
The processing system is characterized in that the peripheral device is controlled by the authentication processing device.   An authentication processing device according to any one of claims 1 to 9, a central control device that outputs an authentication command to the authentication processing device, and a plurality of operations controlled by the authentication processing device or the central control device And an automatic teller machine comprising a peripheral device. An authentication processing input / output port, a plurality of peripheral device input / output ports connected to each of the plurality of peripheral devices, a plurality of key identifiers, and an encryption key for storing each encryption key data corresponding to each key identifier An authentication processing method that is executed by a computer that includes data storage means, executes authentication processing in response to an authentication command from the central control device, and outputs the authentication result to the central control device,
When an authentication command including authentication data and authentication command identification information is input via the authentication processing input / output port, the key identifier is specified based on the input authentication command identification information. Obtaining the encryption key data corresponding to the identified key identifier from the encryption key data storage means;
Performing authentication processing using the acquired encryption key data and authentication data included in the input authentication command;
If the authentication processing is successful, outputting an operation signal for operating the peripheral device from the peripheral device input / output port related to the authentication processing;
An authentication processing method comprising:   An authentication processing program for causing a computer to execute the authentication processing method according to claim 12.