JPH0935012A - Issue support device for information recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To guarantee the security of an issuing process of data required to issue an IC card. SOLUTION: This device is equipped with a design data generating means 2 which generates design data as issue information, needed by an issuing device to record individual data on an information recording medium, except the individual data, a design data storage means 3 which stores the design data, a design data output means 5 which outputs design data protected by the password key of a master card to outside the device as invisible information, and a master card generating means 6 which generates the master card having the password key for design data protection. The master card is generated by an SAM, etc., for issue. Further, this device is equipped with a design data verifying means 4 which verifies whether or not the design data are correct, a test medium generating means 7 which generates a test card with the design data, and a test medium verifying means 8 which verifies whether or not the test card is correct.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention is a process for issuing an information recording medium typified by an IC card or the like, and when the issuing process extends from the issuer to the manufacturer and back to back The present invention relates to an issue support device used by an issuer, which can ensure the security of issue information necessary for issue processing.

[0002]

2. Description of the Related Art In recent years, IC cards have attracted attention for various purposes as information recording media capable of recording a large amount of information as compared with magnetic cards and the like. Moreover, since the IC card has a built-in CPU, it is possible to perform arithmetic processing such as encryption keys.
It has excellent security and is suitable for various applications such as cash cards that require confidentiality. However, since the IC card is capable of high-capacity and high-level data processing, when it is issued, various types of various data are written. Since a large amount of data can be handled, a method of storing various data in the memory of the IC card is not a position specification by the absolute address of the memory but a method of storing the data in the format of a logical address file, for example. Has been. Therefore, in such a case, the data read / write operation can be performed with the file name (specifically, the primitive file name called the file ID) without considering the absolute address. Also, these files are not a single type of file, but a data file that stores actual data, as well as various files that are hierarchically linked, such as master files, folder files, and key files. It is easy to use and secures security. Therefore, in the process of issuing the IC card, it is necessary to write the definitions of various files to the IC card without fail before writing the actual data such as individual data, and to ensure the security of the key file. It is necessary to perform a complicated process such as verifying whether or not the construction has been made without fail, by some method, and the issuing process requires complicated and sophisticated knowledge.

Ideally, the issuing process of such an IC card can be divided into several stages of issuing process depending on the contents of the information to be written. The first stage issuance process is a preliminary issuance process and is an initialization process to be performed by the card manufacturer. Then, the issuing process of the second stage is a practical issuing process, and the issuing information setting process (that is, the writing of the data storage format) to be performed by the card issuer is performed on the IC card for which the initialization process is completed. Processing and writing of actual data). That is, as shown in FIG. 5, in the original flow of the issuing process, the IC card is passed from the card manufacturer to the card issuer and from the card issuer to the card holder. The card manufacturer writes information for initializing the memory of the IC card, and the memory initialized IC card is passed to the card issuer. At this time, a secret code key such as an issuer password is provided so that the IC card cannot be used illegally even if it is passed to another third party, and the next issuing process cannot be performed unless the secret code key is known. Can be considered. Then, the card issuer constructs a file structure or the like in the memory of the card by writing the preprocessing information into the IC card which has been initialized using the received issuer password and using the issuing information. By writing individual data such as an ID number and a name, which are the contents of the file, the IC card is finally ready for use. Then, the IC card is given to the card holder. At this stage, the owner password (so-called card personal identification number) of each card serves as means for preventing unauthorized use of the IC card by a third party.

As described above, in the original flow of the issuing process, security can be secured by the issuer password separately provided in the process of moving the card from the card manufacturer to the card issuer, and from the card issuer to the card holder. In the process of moving the card, the possessor password ensures the security when the card is illegally passed to the third party. Moreover, by allowing the card manufacturer and the card issuer to share the IC card issuing process,
The card manufacturer does not have to disclose information about the OS (operating system) that defines the operation mode of the CPU built in the IC card, such as information to be written to initialize the IC card, and the card issuer does not have to disclose the information. Initialization information on the issuer side that needs to be written in the system area of the memory of the card, information of the issuer's own file structure that is expanded in the memory, and personal information such as personal information and PIN stored in the file. The information does not have to be disclosed to the card manufacturer. Therefore, confidential information can be handled within the minimum necessary range.

[0005]

However, under the present circumstances,
In many cases, the card issuer entrusts the card manufacturer with all of a series of card issuing processes or a part of the steps that the card issuer should normally perform. This is because if there is insufficient experience in handling high-level IC cards, or if only a small number of cards are issued to write personal data (individual data), an issuing device suitable for mass production should be used. This is because there are financial disadvantages, etc. of the card issuer's equipment.

This is shown in FIGS. 6 and 7 as the current flow of the issuing process and its problems. That is, of the issuance information necessary for the card issuance process, the card issuer should originally perform all the information necessary for the issuance process, and the initialization is performed (for the card manufacturer side). The information of the information excluding the information necessary for processing is passed and the IC of the information is passed.
Currently, we are requesting the setting (= writing) to the card. The information given to the card manufacturer is composed of individual data such as name and ID number and design data. In addition,
In the actual issuing process by the IC card issuing device performed within the card manufacturer, in order to improve security,
Common name, SAM (Secure Application)
Unless an IC card called Module) is set in the issuing device, the issuing process cannot be performed. Therefore, strictly speaking, the issuance information also includes information for creating the IC card of the SAM.

Then, the card manufacturer actually sets (= writes) the issuing information on the card based on the design data whose contents are disclosed and instructed, and the personal data. Therefore, from the above-mentioned original flow of the issuing process, the contents performed by the card manufacturer are the process that the card manufacturer should perform (initialization for the card manufacturer) and the process that the card issuer should perform ( The card manufacturer can also be said to be a "card manufacturing / issuing institution" because it is both setting of issuing information. It should be noted here that, in the process of transferring the information from the card issuer to the card manufacturer, sufficient security of the information is not ensured. In other words, the contents of the design data written on the paper can be understood if the paper is glanced even if the paper itself can be treated as confidential. Therefore, if the paper is glanced at, it is possible to understand the contents, and it cannot be said that it is difficult to secure a high degree of security.

On the other hand, in the use stage after the IC card issuance process is completed and the IC card is handed to the card holder, a high degree of security against various illegal acts is secured. However, as described above, when the issue processing process spans the card issuer and the card manufacturer, there is room for improvement in security in the issue processing process. For example, when the file design data to be written on the IC card is transmitted from the card issuer to the card manufacturer by a document written on a sheet, the security of important password information and the like is unavoidably deteriorated. Is.

[0009] Here, the SAM is an IC card relating to an encryption key. If the data recorded on the IC card is recorded as encrypted data, the security of the card itself is improved. In the issuing process, the encryption key required to create this encrypted data is received from the SAM, and the data is written in the IC card while being encrypted. Furthermore, instead of simply using a fixed single code as the encryption key, a different encryption key for each card generated by an encryption algorithm that is calculated in relation to unique information in each individual card such as ID number is used. If used, the security is further improved. in this case,
A predetermined encryption algorithm is required, so the SAM has a function of sending out an encryption key as an encryption algorithm. Further, in order to improve the security of the issuing process within the card manufacturer, it is possible to strictly manage the SAM so that only the operator having the SAM can perform the issuing process. On the other hand, even when the card holder uses the IC card in an application system provided by the card issuer, for example, a card using device such as ATM (Automatic Cash Deposit Machine), the card using device is protected from fraudulent acts. In that sense, if you set up a unique SAM for each card using device and make it work without SAM,
Security is improved even in the use process. In this case, for example, the SAM has a function of sending out a composite key for decrypting the previous encrypted data. Alternatively, the SAM also has a decryption algorithm corresponding to the encryption algorithm. As described above, the SAM plays an important role in improving the security of the IC card, but the SAM used in the issuing process may have a close relationship with the content of the SAM used for the application.

As can be seen from the above description, it is desirable that the information for creating the SAM be confidential information only for the card issuer, and the SAM for issuing processing is related to it. It is desirable that the contents of the section be confidential information only for the card issuer. But,
As described above, in reality, the information for creating the SAM is also
It is handed from the card issuer to the card manufacturer in the form of instructions.

Next, the explanation will be returned to the original, and the relationship and contents of various information used for issuing processing of issuing information, design data, individual data, etc. will be organized.

The issuing information is all information required by the issuing device for issuing processing (although information such as control information for automatically transporting a card is of course excluded). The issuing information includes design data relating to the individual card to be issued, the name written on the individual card, and I.
There are individual data such as D number, and SAM creation data for creating SAM for issuance.

The design data includes initialization information of the card issuer, file creation information, data writing information, S
There is file specification information in AM. The card issuer initialization information is the issuer side of the initialization information written in the system area. Since the initialization information for the card manufacturer is common to all cards, it is not included in the design data in the present invention. Next, the file creation information is information for creating a file by writing a folder file, a key file, a data file, and the like, the name and type of the created file, the hierarchical structure, and the like. The contents of each file after writing by the file creation information are empty. The data write information includes a file to be written, a write position in the file, and data to be written when writing to a file of the IC card after the file is created and the file is created. It consists of information that is specified (hence not the data itself). In the data writing information for writing individual data to the data file, the information that specifies the data is
This is information that is not the data itself, but specifies the position, data length, etc. of the individual data in the file containing the individual data. The SAM file designation information is information for notifying the issuing device of the SAM file to be referred to in the encryption process.

The SAM creation data for creating the SAM for issuance is also an IC card, and is the same card as a normal IC card except that the recorded information is special as described above. . Therefore, it may be considered that the individual data is the SAM-dedicated individual data. The same applies to the creation data for creating the SAM for the application.

Next, the individual data is personal information such as a name and an ID number, which is information recorded individually for each card.

As described above, the purpose of the issuing process is to simply write the individual data to the IC card, but in reality, design data other than the individual data and SAM card creation data for issuing are required. It has a fairly complex and sophisticated processing.

Now that the SAM, issue information, design data, etc. have been described in full, let us consider the flow of the conventional issue process again with reference to FIGS. 6 and 7. Issuing an IC card requires not only individual data such as name and ID number to be written but also information such as design data. Although it is important to maintain the confidentiality of individual data, it can be understood from the above description that the design data is extremely important confidential information related to the basic internal specifications of a highly secure IC card. However, in the conventional issuing process, individual data is passed as a magnetic disk or magnetic tape, but such design data is passed from the card issuer to the card manufacturer as visible information such as a document such as an issuance instruction sheet. There are also many. Since a high degree of knowledge is required to create the design data, a card issuer with little experience entrusts the card manufacturer with the creation of the design data. Therefore, the contents of the design data will be known to the card manufacturer. Further, if the manufacturer is requested to create a SAM for issuing and a SAM for application, such information will be known.

Further, in the actual issuing process, a small amount of the same contents as the issuing IC card is created as a test card before manufacturing a large number of IC cards, and the issuing information such as design data and individual data is the original. It is also necessary to carry out the work of confirming whether or not the information is correct, whether or not the IC card performs a desired correct operation according to the set information, and whether or not the IC card operates satisfactorily. . This test card is created by the card manufacturer and given to the card issuer, and after the card issuer confirms the content and approves it, the main production of the IC card is started. Therefore, the test card must be moved between the card manufacturer and the card issuer, and it is necessary to pay attention to the theft.

As described above, the issuing process that is actually performed in the past has been examined. From the flow of the original issuing process shown in FIG. 5, the information of the issuing process to be performed by the issuer is external to the issuer. It did not have to be leaked to.

Therefore, an object of the present invention is, in the issuing process of an information recording medium represented by an IC card or the like, that the issuing process is performed by a mass issuing device or the like in the same manner as in the past, from an issuer to a manufacturer. It is to provide an issue support device for an information recording medium used by the issuer, which can ensure the security of design data in the issue information flowing from the issuer to the manufacturer even when it flows across. .

[0021]

In order to solve the above-mentioned problems and to achieve the object, the issuing support device of the information recording medium of the present invention issues a card without design data being created by the card manufacturer as follows. It is a device that helps people to create their own. That is, the issuing support device for an information recording medium of the present invention creates design data that is information excluding the individual data from the issuing information required by the issuing device to record the individual data on a large number of information recording media. And a design data storage unit that stores the design data, and a design data output unit that outputs the design data to the outside of the apparatus as invisible information based on the design data.

Further, for the information recording medium issuance support device, there is further provided parent card creating means for creating a parent card storing a secret key for protecting the output design data, and the design data output means is provided. The device is also configured to output the design data protected by the secret key stored in the parent card to the outside of the device based on the design data, and generate the design data protected by the parent card. Further, in the issuance support device for each of the information recording media, the parent card creating means also records the personal identification key used by the issuing device for writing information in the parent card. Further, it is also an apparatus in which the parent card creating means further creates a parent card for application to the issuing support device for each information recording medium.

Further, a design data verifying means for verifying the correctness of the creation result of the design data, and an information recording medium for test are created for the issuing support device of each information recording medium, based on the design data. A test medium creation means,
It is also an apparatus having a configuration including a test medium verifying unit that verifies the correctness of the creation result of the test information recording medium. Further, for the issue support device of each information recording medium, a plurality of files having a hierarchical structure defined as a storage format of information such as individual data in the information recording medium are used,
It is also an apparatus configured such that the design data has information about the hierarchical structure of the file.

[0024]

BEST MODE FOR CARRYING OUT THE INVENTION As an embodiment of the information recording medium issuance support apparatus of the present invention, the case where the information recording medium is an IC card will be described in detail as a specific embodiment.

First, FIG. 1 is a block diagram of an embodiment of an issue support apparatus for an information recording medium of the present invention. As shown in FIG. 1, the information recording medium issuance support apparatus 1 is created by the design data creating means 2 for creating design data that defines the storage format of information on the information recording medium, and the design data creating means 2. A design data storage unit 3 for storing design data; a design data verification unit 4 for verifying whether the design data stored in the design data storage unit 3 is correct or incorrect;
Based on the design data stored in the design data storage means 3, the design data protected by the secret key stored in the parent card is written as invisible information on an information recording medium such as a magnetic disk or a magnetic tape, and the like. Design data output means 5 to be output to the outside, a parent card storing a personal identification key for protecting the design data output by the design data output means 5, and a parent card created by also storing the issuing personal identification key in the parent card Creating means 6 and test medium creating means 7 for creating a test card as an information recording medium for testing based on the design data stored in the design data storage means 3.
And a test medium verifying means 8 for verifying whether or not the test card created by the test medium creating means 7 is correctly created.

The design data creating means creates design data having various contents as described above according to the design contents of the IC card to be issued. The operator creates the card issuer initialization information, file creation information, data write information, and SAM internal file designation information by means of the design data creation means. Depending on the IC card to be issued, the simplest case may be only the initialization information.

With the configuration as described above, the issuing support device for an information recording medium of the present invention excludes the individual data from the issuing information required by the issuing device to record the individual data on a large number of information recording media. The design data, which is the generated information, is created by the design data creating means, and the created design data is stored in the design data storage means. Then, the design data for mass production is output as invisible information to the outside of the device by the design data output means based on the design data stored in the design data storage means.

The design data obtained by the design data output means is output to the outside of the apparatus as design data protected by the secret key stored in the parent card,
A parent card storing a secret key for protecting the output design data is created by the parent card creating means. Also,
When the secret card for issue (the encryption key or the encryption algorithm) is also stored in the parent card in which the secret key for protection of the output design data is stored by the parent card creating means, the parent card is It is created as a parent card (SAM) for issuance. In addition, a parent card (SAM) for an application is separately created by the parent card creating means.

Before outputting the design data for mass production, if necessary, it is possible to verify whether or not the design data is created correctly, that is, whether the stored design data is correct or incorrect by the design data verification means. When the process is completed and the design data creation result is correct, the test medium creating means can create a test card as an information recording medium for testing based on the design data. Then, the test medium verifying means verifies whether or not the created test card is correctly created. The test card was created correctly as originally intended,
Further, by verifying whether or not the initial intention is sufficient for the actual use, it can be confirmed that the design data for the mass-produced information recording medium is practical. The thus obtained design data protected by the parent card, the parent card, and individual data (for example, personal data) for each information recording medium (created by a device other than this issuing support device) Using the and, the information recording medium is issued by another device (issue device for mass production).

Further, when the information recording medium uses a plurality of files having a hierarchical structure defined as a storage format of information, the design data creating means has design data having design information having information on the hierarchical structure of the files. To create.

Here, for the sake of simplicity of description, the file creation information will be mainly described. All the data is stored in the information recording medium as a plurality of files, and the plurality of files will be conceptually described as an example having a hierarchical structure as shown in FIG. However, as can be understood from the above definition of the design data, it goes without saying that the present invention is not limited to the following example.

Referring to FIG. 8, the hierarchical structure of files to be set in the IC card is as follows. First, in the uppermost hierarchy, the master file MF and the data file 1 contained therein are stored.
To 3 and key files 1 and 2 belong. The mechanical file names such as the master file MF, the data file 1, and the data file 2 are used for convenience to indicate the file name that identifies the file itself, and actually have a meaning suitable for each application. May be. Also, the folder file 1 is included in the master file MF.
Is also included, and the concatenation of folder files creates a hierarchical structure of files. The master file is also a kind of folder file, and it can be said that only one master file can be defined in the top hierarchy. The data file contains the actual data to be used, and the key file contains the secret code required to access the file. The folder file does not contain the actual data or PIN, but the data file, key file,
And a subordinate folder file, which is a file having a different meaning from other files, for example, stores the name of the file to be stored. A folder file 1 and a key file 3 and a data file 4 contained in the folder file 1 belong to the first hierarchy, which is one level below the top hierarchy. The folder file 1 also contains the folder files 2 and 3, and the latter folder file belongs to the lower second hierarchy.
Then, the folder file 2 contains the data files 5 and 6, and the folder file 3 contains the data file 7 and the key files 4 and 5, all of which are stored in the second file.
Belong to a hierarchy.

In the above example, the design data relating to the file creation includes the file name for identifying the file itself, the file type, the file hierarchical structure, and the access control for defining the key file required to access the particular file. There are information (security information), file size, etc. Then, the procedure by the issuance support apparatus of the present invention will be specifically described below with reference to the flowchart of FIG. 2 and the block diagram of FIG. 1 by taking the design data having such information as an example.

First, in step 1 (see FIG. 2), design data is created by the design data creating means. The device operator, as shown in FIG. 9, creates a design data for setting each file of the file hierarchical structure shown in FIG. 8 in the IC card.
Information such as a hierarchical structure, capacity, and security information (access control information) is instructed to the design data creating means by a video display means such as a CRT and an input means such as a keyboard and a mouse. Then, the design data is stored in the design data storage means including a magnetic disk, a main memory, and the like. Referring to FIG. 9, file names D1 to D7 are data files 1 to 7, K1 to K4 are key files 1 to 4, and F1 to F3 are folder files 1 to 3.
Is shown. In the type column, D indicates a data file, K indicates a key file, and F indicates a folder file. In the column of the hierarchical structure, MF indicates a file contained in the master file, and F1 to F3 indicate files contained in the folder files 1 to 3, respectively. Then, in the capacity column, the capacity is designated by the number of bytes of the file, the record length, the number of records, and the like. In the security information column, specify the key file that contains the personal identification code to be matched when accessing the file. Also, the type of access,
For example, when reading and writing, the key file to be referred to is changed, and if a plurality of key files are referred to, a higher degree of security can be obtained.

Although the above description has explained the file creation information in the design data, the support apparatus of the present invention allows the operator to perform other initialization information, data write information, SAM file designation information, etc. It is created in the same manner by instructing the design data creating means with an input means such as a keyboard or a mouse while looking at a video display means such as a CRT.

When the design data as described above is stored in the design data storage means, the next step S2 is to verify whether or not the design data created by the design data verification means is created correctly as desired. To do. Such verification work is
It is not necessary to actually create an IC card, but it is performed on software in the issuing support device. Specifically, for example,
If the design data is correct or incorrect, whether or not the design data such as the file name, file type, hierarchical structure, capacity, and security information has been input without error is, for example, a list display of file name, file type, etc., hierarchy The structure is displayed graphically, and the security information is displayed graphically to show the correspondence between the target file and the key file. In addition, if the security of security information is sufficient to ensure that the above design data is correct, it is assumed that the security code is already stored in the key file. The unlocked / locked state is simulated by the software by simulating the status. Then, it is also simulated whether or not a specific access mode of a specific file is possible in any unlocked / locked state that the status means. Therefore, the operator of the issuing support device
If the status information including the unlocked state of the key required for a certain access mode of a certain file to be verified is arbitrarily input and set by the keyboard or mouse, the specific access of the specific file specified by the status is possible. It is possible to know the determination result of whether or not. In this way, it is possible to confirm whether it is possible to unlock the expected key for all access modes of all files. Also, it is possible to feel whether the required key has sufficient security.

As described above, when it is determined in the design data verification operation in step S2 that the design data is incorrect or the security is not sufficiently secured, the design data is not satisfactory. Then, the process returns to step S1 and the design data is created again. When it is determined that the design data should be satisfied, a test card, which is an information recording medium for testing in the next step S3, is created.

The test card is created in step S3 by the test medium creating means. The test medium creating means writes the necessary information in the IC card based on the design data created by the design data creating means and stored in the design data storing means to create a test cart as an information recording medium for testing. This test card is the one in which actual data is written in the same manner as the finally mass-produced IC card, and it is confirmed whether or not the desired expected operation is performed in the usage environment of the IC card and the satisfaction is satisfied. It is for. Therefore, when the IC card is set in the card reader / writer provided therein and the test medium creation is instructed, the test medium creation means creates a file having the contents as shown in the above example based on the design data. A command group to be executed is generated, and a write command group of data that can be actual data is also generated. The command group is executed to the reader / writer to create a test card.

Then, as the verification of the test card in the next step S4, using the created test card, various operations assuming the conditions actually used are applied to the IC card to operate without problems. , To see if you are satisfied. Then, in the issuing support device of the present invention,
This confirmation work is also performed by the test medium verification means. That is, when the test card is set and the verification execution is instructed, the test medium verification means confirms the consistency between the design data and the test card. In addition, when the SAM for the application is used at the stage of using the IC card, the SAM for the application can be created by this support device. Therefore, the consistency and the operation confirmation regarding the joint operation with the SAM can be confirmed. By doing, verify. The verification work may be further performed using a device such as a card reader / writer that is actually used. If there is a problem, the process returns to step S1 and the design data is created again. It is an indispensable task in the issuance processing process to confirm the operation under the actual use environment with a small number of test cards, because the IC card is used for a purpose having a large capacity and a high degree of security. .

If the verification result of the test card is satisfactory, the next step S5 is to send the design data stored in the design data storage means by the design data output means to the outside, for example, a floppy disk or a magnetic tape. It is output as protected design data to a portable information recording medium such as. The output design data is data required by the mass production issuing device of the card manufacturing / issuing organization. In particular, in the present embodiment, the design data output to the portable information recording medium is protected so that the output data cannot be used in order to prevent unauthorized use by a third party. It is output in the recorded format. Therefore, for example, the design data cannot be read, or the contents of the design data cannot be determined even if the design data is read. Then, the secret key that unlocks the protection and makes the design data usable is recorded in the parent card described below.

The form of the design data output here may be the same as the command group for instructing the card reader / writer at the time of creating the test card, but is not limited to this. The point is that the form of information that can be used by the issuing device for mass production used in the card manufacturing / issuing organization in the subsequent process can be used, and information in a form that the issuing device can directly accept, or once, translation, etc. The information and the like in a form that can be accepted by performing the above conversion is arbitrary, and such a form may be determined in consideration of the issuing device actually used in the subsequent process. FIG.
9 is a diagram showing an example of the contents of design data of a portion for creating the file shown in FIG. Further, FIG. 10 shows only the command portion for the reader / writer (the response returned from the IC card is omitted).
If the figure is outlined, the first command is a selection command for selecting the master file MF as the uppermost layer (assuming that the master file MF is created by the card manufacturing / issuing organization in the initialization process of the IC memory). The second command is a command for creating the key file 1 in the uppermost layer, and hereinafter, similarly, a creation command for a data file, a folder file, etc., a file selection command, etc. are arranged in the order of execution by the reader / writer.

Next, in step S6, a parent card is created by the parent card creating means. The parent card is an IC card in which a password for unlocking the protected design data output by the design data output means is recorded. Write the PIN for issuing process (PIN code or decryption algorithm for encryption) on the parent card, and record the PIN used for unlocking the file access right during the issuing process.
If you record the ciphertext generation key for recording the data to be recorded on the issuing IC card as encrypted data,
Such parent card can also be used as a SAM for issuing. The parent card creating step and the previous design data creating step may be reversed. Further, in addition to the issuing SAM, an application SAM may be similarly created separately.

As described above, the card issuer uses the issuance support apparatus of the present invention, and finally, the parent card having the personal identification key and the like, and the design recorded in the state protected by the parent card. It is possible to create a portable information storage medium such as a floppy disk or magnetic tape having data.

Then, the card issuer hands the parent card, the floppy disk on which the design data is recorded, and the magnetic tape on which the personal data to be written on each IC card is recorded to the card manufacturer or the like, and mass production of the IC card is issued. Will be instructed. Then, the card manufacturer sets a parent card, a floppy disk, a magnetic tape, etc. in a mass production issuing device and mass-issues the IC card. Since the mass production issuing device performs card issuing processing while decrypting the protected design data with the PIN code recorded on the parent card,
The card manufacturer cannot know the contents of the design data. Or, by the encryption key or encryption algorithm that is further recorded on the parent card (in this case, it becomes SAM),
Since the individual data is recorded in the IC card as encrypted data from the decrypted design data and individual data, an IC card having high security can be manufactured even by a third party other than the card issuer and the card manufacturer.

Next, based on the above description of the embodiment of the issuing support apparatus of the present invention, the flow of the issuing processing according to the present invention will be described with reference to FIGS. 3 and 4. As shown in FIG. 3, according to the present invention, the card issuer designs the issuing information to be set in the IC memory by the issuing support device. At that time, a test card is created and self-confirmed whether the design data constituting the issue information is created correctly and is satisfactory (FIG. 4). The design data is stored in a floppy disk or the like while being protected by the password of the parent card, and is handed over to the card manufacturing / issuing organization together with the parent card. In addition, personal data as cardholder information is also passed. The card manufacturing / issuing organization initializes the IC memory and writes the issuing information passed from the card issuer in the IC memory with a dedicated device for mass production. And the obtained IC card is
Handed over to the cardholder. As described above, when the issuing support device of the present invention is used, the writing of the issuing information, which should be performed by the card issuer, is performed by the card manufacturing / issuing organization.
As will be described below, it is possible to share the issue processing that is closer to ideal in terms of security measures.

[0046]

According to the issuance support apparatus for an information recording medium of the present invention, even when the issuance process extends between the card issuer and the card manufacturer, the card issuer should originally perform it and should not leak it to the outside. You can design your own design data,
Moreover, since the design data is passed as invisible information, for example, as information recorded on an information recording medium such as a floppy disk or magnetic tape, it is difficult to decipher the contents unless the recording format is known, unlike information on paper. Since there is no need to disclose the information to the card manufacturer and the contents of the design data will not be leaked to a third party illegally, security can be secured in the issuing process. Further, if the design data is protected by the parent card in which the personal identification key for protecting the design data is recorded, the security becomes more reliable.

If the parent card can be provided with information on the SAM used for issuing, the card issuer can also create the SAM for issuing, and the card issuer does not disclose the SAM information to the card manufacturer. It's enough. Further, when the SAM for the application is also created, it is not necessary to disclose the information of the SAM. Especially for the IC card issuing process that also uses the issuing SAM and also uses the application SAM, it is highly reliable to check the compatibility with these SAMs in advance. It is important to get a card, and the value of this device, which can be done by the card issuer side, is also high. In addition, after verifying the correctness of the design data to be created, and also by verifying with the specifically created test card, after confirming whether the design data should be satisfied,
Since the IC card can be fully manufactured, it is possible to issue a highly reliable IC card with no problems. As described above, it is possible to reliably prevent the leakage of information from the card issuer to the card manufacturer and the leakage of information from the card issuer and the card manufacturer to a third party.

[Brief description of drawings]

FIG. 1 is a block diagram of an embodiment of an issue support device for an information recording medium of the present invention.

FIG. 2 is a flowchart showing a processing flow of an embodiment of the issuing support device.

FIG. 3 is a diagram showing a flow of issuing processing provided by the issuing support apparatus.

FIG. 4 is a diagram showing a flow of information in an issuing process provided by the issuing support device.

FIG. 5 is a diagram showing an original flow of issuing processing.

FIG. 6 is a diagram showing a flow of information in a conventional issuing process.

FIG. 7 is a diagram showing a problem in the flow of a conventional issuing process.

FIG. 8 is a diagram showing an example of a hierarchical structure of files.

FIG. 9 is a file content as an example of information instructing a design data creating unit.

FIG. 10 is a diagram showing an example of the contents of design data obtained.

[Explanation of Codes] 1 issuing support device for information recording medium 2 design data creating means 3 design data storing means 4 design data verifying means 5 design data outputting means 6 parent card creating means 7 test medium creating means 8 test medium verifying means MC parent Card TC Test Card D Design data

Claims (6)

[Claims] 1. A design data creating means for creating design data, which is information excluding the individual data from the issuing information required by the issuing device to record the individual data on a large number of information recording media, and the above design. An issue supporting apparatus for an information recording medium, comprising: a design data storage unit for storing data; and a design data output unit for outputting the design data as invisible information to the outside of the device based on the design data. 2. A parent card creating means for creating a parent card storing a secret key for protecting the output design data, wherein the design data output means adds the parent card to the parent card based on the design data. 2. The issue support device for an information recording medium according to claim 1, wherein the design data protected by the stored secret key can be output to the outside of the device to generate the design data protected by the parent card. 3. The issuance support device for an information recording medium according to claim 1, wherein the parent card creating means also records the personal identification key used by the issuing device for writing information on the parent card. 4. The information recording medium issuance support device according to claim 1, wherein the parent card creating means further creates a parent card for application. 5. A design data verification means for verifying whether the design data creation result is correct or incorrect, a test medium creation means for creating a test information recording medium based on the design data, and the test information recording medium. 5. The information recording medium issuance support device according to claim 1, further comprising a test medium verification unit that verifies whether the creation result of [1] is correct. 6. A plurality of files having a hierarchical structure defined as a storage format of information such as individual data in the information recording medium are used, and the design data has information on a hierarchical structure of the files. An information recording medium issuance support device according to any one of claims 1 to 5.