JPH10200522A - Ic card use enciphering method, system therefor and ic card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a key of cryptograph from being stolen by the third person and also to allow only a person that meets a decoding condition to refer to data contents by storing a key of cryptograph that has each attribute information of a user in a storage area in a IC card and making the IC card perform enciphering and decoding of data internally. SOLUTION: A management center and a general user who is allowed to issue a management instruction maintain a key of cryptograph that has each user's attribute information in a storage area that cannot be accessed by a normal user in an IC card, and the IC card internally performs data enciphering and decoding. Also, a decoding permission condition that is designated by a user who enciphers is enciphered together with the data to be enciphered. For decoding of cipher data, an IC card is inputted to an IC card reader and writer 6, and it is checked whether the card meets the decoding conditions included in data that is decoded by the user. Only when it meets the decoding conditions, is the decoded data outputted to a computer 5.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and a system for encrypting data using an IC card and an IC card, and more particularly, to a method for encrypting data by a user who can decrypt the encrypted data. By including the condition, only the user who satisfies the condition can take out the data decrypted in the IC card to the outside of the IC card, and can also use the IC card-based encryption method and system that enables remote management of the IC card. It relates to an IC card.

[0002]

2. Description of the Related Art Conventionally, data created by a computer or the like has been stored in a storage device without being subjected to encryption processing, and has been transmitted over a communication network. For this reason, it has been possible for a third party to illegally eavesdrop on data stored in the storage device or data flowing on the communication network to know the contents.

Further, it is possible for a third party to change data stored in a storage device or flowing on a communication network, and it is also possible to illegally create or transmit data by falsifying another person's name. did it.

[0004] Recently, the above-mentioned problems have become particularly apparent, and in order to prevent such misconduct, at present,
A system using encryption technology has been proposed. For example, PEM (Private Enhanced Mai)
l) An encrypted email system known as l). By setting an electronic signature, this cryptographic e-mail system prevents anyone other than the designated recipient from seeing the contents of the e-mail, detects any tampering with the e-mail, and checks whether the sender of the e-mail is fake. can do.

[0005] PEM is an Internet standard RFC1421 (J. Linn, Privacy E.).
enhanced Mail: Part I: Messa
GeEncryption and Authentic
ation Procedures, February
1993).

[0006]

As described above, the PEM solves the problem of eavesdropping of data by encrypting data flowing on the network, but it is necessary to decompress the data after encryption. is there. In this case, it is necessary to transmit the data after specifying the name of the other party in order to provide the other party with an environment in which the encrypted data can be decompressed.

At present, in an organization such as a company, whether or not various information can be browsed is determined not only by the name of the individual but also by the department to which the person belongs and the position. Also, when sending documents, etc., the destination is often specified not by personal name but by attribute information such as department name, job title, work in charge, etc.
It has become common.

For this reason, when data is encrypted in an organization, an attribute is specified as a condition of a person who can perform decryption, and the attribute is added to the encrypted data. It is desirable that only persons who satisfy the possible conditions can decrypt the encrypted data.

However, many of the encryption methods and systems currently proposed, including PEM, designate a person who can decrypt the information by name, and in order to use these systems in an organization, a department name or the like is required. There are many problems due to the difference between specification by name and specification by name.

[0010] Further, programs for realizing these systems to which the cryptographic technology is applied, and encryption keys generated and used in the system are usually stored in a storage device such as a hard disk, and read on the memory when the system is used. Issued and executed.

Therefore, the program stored in the storage device is referred to as a “Trojan horse” (a program that appears to be operating correctly, but is actually rewritten to perform an illegal act such as stealing a user's encryption key). ), And there is a risk that the encryption key etc. will be stolen.

When the user's encryption key is stored in the storage device, the user encrypts the encryption key with the encryption key embedded in the program and saves the encrypted key. The user's encryption key is also known.

Therefore, the encryption key and the attribute information are stored in a storage medium that cannot be freely accessed from the outside such as an IC card, and all the processes of data encryption / decryption / signature are performed in the IC card. A method for eliminating the risk of the user key being stolen is considered. However, such information is usually made accessible only from the management center that issues the IC card so that the user cannot change the information without permission. Therefore, when it becomes necessary to change the attribute information such as the department to which the user belongs, the IC card must be brought to the management center to be changed, and there is a problem that it takes time to bring the IC card to the management center.

Further, when the management center is located at a remote place, the IC card is sent by an in-house service or the like, so that there is a disadvantage that the IC card cannot be used for a while. In this case, a method of preparing a spare IC card is conceivable, but there is a problem that an extra IC card is required and the cost is increased.

The present invention has been made to solve these problems, and an object of the present invention is to prevent theft of a user's encryption key by a third party, and to ensure that only a user who satisfies a decryption condition has data. I whose contents can be referenced
An object of the present invention is to provide an encryption method and system using a C card.

Another object of the present invention is to provide an IC card-based encryption storage medium used in this system.

[0017]

In order to achieve the above object, according to the present invention, a management center and a general user who is authorized to issue a management instruction can individually access a storage area in an IC card which is not accessible to a normal user. Saves the encryption key having the user's attribute information, and encrypts the data inside the IC card.
The decoding is performed. In addition, when the decryption permission condition specified by the user who intends to perform encryption is encrypted together with the data to be encrypted, and when decrypting the encrypted data, the decryption condition included in the data decrypted by the user who decrypts the encrypted data. It checks whether or not the data is satisfied, and outputs the decrypted data to the outside of the IC card only when the data is satisfied. Further, a remote management command issued by a management center that issues the IC card is passed to a computer other than the management center to request a change of the storage area in the IC card.

Therefore, the above means can prevent the encryption key for encrypting the data from being stolen by a third party and prevent the contents of the encrypted data from being illegally known. Also, since only users who satisfy the decryption conditions can access the decrypted data, the data whose contents can be read only by limited users can be stored in a storage device that can be accessed by a plurality of users, or transmitted over a communication line. And can be transmitted.

[0019]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 is a system configuration diagram showing a first embodiment of the present invention. In FIG. 1, reference numeral 1 denotes a management computer for issuing and managing an IC card to be issued to a user, an IC card reader / writer 2 for accessing the IC card, and a code table for coding information to be input to the IC card. 3. An IC card database 4 for storing information input to each IC card is connected.

The computer 5 and the computer 8 are computers used by a user, and are connected to an IC card reader / writer 6, an IC card reader / writer 9, a code table 7, and a code table 10, respectively.

Reference numeral 11 denotes a network connecting the management computer 1, the computer 5, and the computer 8.

The code tables 3, 7, and 10 are code tables for coding information to be input to the IC card, such as departments, positions, assigned duties, and decryption conditions in the organization.

Since the code table of the department expresses a hierarchical structure as shown in FIG. 2, for example, the code of the personnel section has a structure in which the lower code "11", "12", etc. are added to the code "J" of the personnel department. Has become. That is, the code of a certain department is uniquely coded so as to include the department code immediately above the department, and is stored in the department code table 31 as shown in FIG. Also, the position code is configured so that the value increases from lower to higher as shown in FIG. 4 and is stored in the position code table 32. Further, the assigned task code is a unique code composed of several alphanumeric characters as shown in FIG. 5 and stored in the assigned task code table 33.

FIGS. 6, 7 and 8 show code tables used for describing decoding conditions and the like. In the code table 34 shown in FIG. 6, the owner name = “N” and the department / department =
"B", title = "Y", assigned job = "T", owner name,
It is defined to describe the department, post, and job in charge.

Further, in the code table 35 of FIG. 7, the above = “> =”, larger = “>”, smaller =
“<”, Following = “<=”, match = “==”, mismatch =
“! =” And affiliation = “＠” are defined so as to describe the size relationship.

In the code table 36 shown in FIG.
ND = “&”, OR = “|”, NOT = “!” Are defined to describe the logical relationship.

The code tables 31 to 36 are provided in the code tables 3, 7, and 10 of FIG.

FIG. 9 is a block diagram showing the internal structure of the IC card 90 used in this embodiment. In FIG. 9, reference numeral 901 denotes an interface unit for exchanging information when inserted into the IC card reader / writers 2, 6, and 9. Reference numeral 902 denotes an IC card identification number storage unit that stores the identification numbers of the individual IC cards 90.

Reference numeral 903 denotes a management key storage unit that stores a management key used for encrypting, decrypting, and signing a remote management command. 9
Reference numeral 04 denotes a common key storage unit that is common to all the IC cards 90 and stores a key used for encrypting, decrypting, and signing normal data.

Reference numeral 905 denotes an attribute information storage unit for storing user attributes such as the name of the IC card owner, the department to which the IC card belongs, the position, the job in charge, and the like.

Reference numeral 906 denotes a collation information storage unit that stores information used to confirm the use of the IC card 90 by a valid owner. Reference numeral 907 denotes a change count storage unit in which a value is automatically incremented each time data in each of the storage units 902 to 906 in the IC card 90 is changed, and “0” is set as an initial value.

Reference numeral 908 denotes a memory for temporarily storing data input / output through the interface unit 901 and data for encryption / decryption / signature. 909 is
CPU (Central Processo) for storing, outputting, encrypting, decrypting, signing, etc., data in accordance with an instruction input through IC card interface 901
r Unit).

The storage of data in the storage units 902 to 905 is performed only by a management command issued from the management computer 1 or a remote management command. At this time, the write command can write only to one storage unit at a time. Therefore, when writing to the storage units 902 to 905, at least four write instructions are required. Further, data stored in the storage units 902 to 907 cannot be read out or output from a personal computer or the like unless a dedicated reading device such as an IC reader / writer is provided.

FIG. 10 is a diagram showing the data structure of the IC card database 4, showing the contents stored for each IC card 90.

In FIG. 10, reference numeral 1001 denotes an IC card identification number, which is data stored in the storage unit 902 in FIG. A management key 1002 is data stored in the storage unit 903 in FIG. Reference numeral 1003 denotes a common key, which is the storage unit 9 in FIG.
04 is the data to be stored. 1004 is the number of changes,
It is synchronized with the value stored in the storage unit 907 in FIG.
Reference numeral 1005 denotes the owner name, 1006 denotes the department to which the owner belongs, 1007 denotes the position, and 1008 denotes the attribute information indicating the assigned work.
Is the same as the data stored in the attribute information storage unit 905. Note that there may be a plurality of assigned tasks 1008.

FIG. 11 is a diagram showing an IC card command format issued to the IC card 90 by the management computer 1 and the computers 5 and 8. In FIG. 11, reference numeral 1101 denotes an IC
This is an instruction section that describes an instruction to the card 90. 1102
Is a data part for describing data related to the instruction 1101, and may be divided into several items according to the type of the instruction.

The command to the IC card 90 includes a management command,
There are three types: remote management commands and general commands. The management command is sent from the management computer 1 to the IC card reader / writer 2
This is an instruction issued to the IC card 90 inserted in. IC
It is used for storing data in each of the storage units 902 to 905 in the card 90.

The remote management command is transmitted to the management computer 1
Is issued to the IC card 90 inserted in the IC card reader / writers 6 and 9 via the computers 5 and 8, and saves data in the storage units 902 to 905 in the IC card 90 by a computer other than the management computer 1. It is a consignment order to be executed via. Data 1102
Includes encrypted data and a signature using the management key 1002 according to the content of the instruction.

The general command is a command issued from the management computer 1 or the computers 5 and 8 to the IC card 90 inserted in the IC card reader / writers 2, 6 and 9 connected to the respective computers. This general instruction stores the data 1102 in the common key 9
04 for encrypting / decrypting / signing, the collation information storage unit 9
Used to change the content of 06. Here, the change in the content of the verification information storage unit 906 corresponds to a so-called password change.

FIG. 12 is a flowchart showing a procedure for issuing the IC card 90 by the management computer 1.

Here, it is assumed that the attribute information of the user A is that the department to which he / she belongs is "Development Department 1st Section", the title is "section manager", and the job in charge is "system development".

First, the IC card 90 to be issued is inserted into the IC card reader / writer 2 connected to the management computer 1 (step 1201).

Subsequently, the IC card identification number, the management key, the common key, the attribute information, and the collation information are stored in the inserted IC card 90 and the IC card database 4 (steps 1202 to 1206). These detailed procedures will be described with reference to FIGS.

After storing these pieces of information, the IC card 90 is taken out of the IC card reader / writer 2 and
The issuance of the C card 90 ends (step 1207).
If this IC card 90 is given to the user A and the collation information is provided, the user A can use the IC card 90.

FIG. 13 shows an IC card identification number, a management key,
9 is a flowchart illustrating a procedure for issuing a management command for storing a common key and attribute information. These procedures are performed by the management computer 1. The management key storage command, the common key storage command, and the attribute information storage command are issued according to the same flow.

First, an IC card identification number is uniquely generated, and an IC card identification number storage instruction of the format shown in FIG. 17 is created (step 1301). In FIG. 17, 17
Reference numeral 01 denotes an instruction unit representing an IC card identification number storage instruction, 17
Numeral 02 is a data part indicating an IC card identification number.

Subsequently, the created command is issued to the inserted IC card 90 through the IC card reader / writer 2 (step 1302).

Finally, in order to reflect the contents saved in the IC card 90 in the IC card database 4, the contents are also saved in the data area 1001 for the user A in the IC card database and the processing is ended (step 1303).

The management key storage command, the common key storage command, and the attribute information storage command are issued according to the same flow. Each time a management key storage instruction (FIG. 18) is issued, a management key may be generated or a management key common to all cards may be used. In FIG. 18, 18
Reference numeral 01 denotes an instruction unit indicating a management key storage instruction, and reference numeral 1802 denotes a data unit indicating a management key.

When issuing a common key storage command (FIG. 19), a key common to all IC cards 90 generated in advance is included in the data section. In FIG. 19, 1
Reference numeral 901 denotes an instruction unit representing a common key storage instruction, and 1902 denotes a data unit representing a common key.

Further, when issuing the attribute information storage instruction (FIG. 20), the data section includes attribute information such as the department to be assigned, the position, and the job in charge, which is coded with reference to the code table 3. In FIG. 20, reference numeral 2001 denotes an instruction unit indicating an attribute information storage instruction, and 2002 denotes a data unit indicating attribute information. For example, in the case of the user A, if the attribute information is coded as “owner name: A, affiliation department: development department first section, post: section manager, assigned work: system development”, FIG.
6, "N: A,
B: K1, Y: 4, T: D026 ". The IC
The data to be stored in the card database 4 may be coded data as it is, or may be stored without coding in order to make the data independent of the coding format.

FIG. 14 shows an IC card identification number, a management key,
9 is a flowchart illustrating a procedure for executing a management command for storing a common key and attribute information. These procedures are based on the IC card 90
Run within. Here, the execution procedure of the IC card identification number storage command (FIG. 17), which is one of the management commands, will be described as an example. The management key storage instruction (FIG. 18), the common key storage instruction (FIG. 19), and the attribute information storage instruction (FIG. 20) are executed in the same procedure.

First, the instruction input through the interface unit 901 is temporarily stored in the memory 908 (step 1401).

Next, the CPU 909 analyzes the instruction section 1701. As a result of the analysis, it is found that “the data section 1702 is stored in the IC card identification number storage section 902”.
The value of the data section 1702 is stored in the IC card identification number storage section 90.
2 (step 1402).

Finally, "1" is added to the value of the number-of-times-of-change storage unit 907, and the process ends (step 1403).

The storage destination of the value of the data part is one of the storage parts 902 to 905 according to the type of the instruction part of the management instruction. Since a total of four management commands are executed in the IC card 90, the value of the change count storage unit 907 is "4".

FIG. 15 is a flowchart showing a procedure for issuing a collation information storage instruction for storing collation information. This procedure is performed by the management computer 1.

First, a collation information storage instruction as shown in FIG. 21 is created (step 1501). This instruction includes the current collation information 2 as a data section in addition to the instruction section 2101.
102 and the newly set collation information 2103 are included.

Subsequently, this command is input to the inserted IC card 90 via the IC card reader / writer 2 and the process ends (step 1502).

FIG. 16 is a flowchart showing a procedure for executing a collation information storage instruction for storing collation information. This procedure is performed in the IC card 90.

First, the instruction input through the interface unit 901 is temporarily stored in the memory 908 (step 1601).

Next, the CPU 909 analyzes the instruction unit 2101 and, if it is found that the instruction is a storage instruction for collation information, compares the collation information 2102 with a value stored in the collation information storage unit 906 (step 1602).

As a result of the comparison, if they match, new collation information 2103 is stored in collation information storage section 906 (step 1603). If they do not match, execution of the instruction is terminated without doing anything.

FIG. 22 shows data in the IC card 90A issued to the user A in the above procedure. As shown in FIG. 22, the IC card identification number storage unit 902 stores the IC card identification number = 75C126, and the management key storage unit 9
03, the management key = 463cKz0q is stored, the common key storage unit 904 stores the common key = GYy88pSw, and the attribute information storage unit 905 is the owner name = A, the affiliated department = K1, the post = 4, and the assigned job = D026 is stored. Further, the collation information storage unit 9
06 stores collation information = 3WnK, and the change count storage unit 907 stores the change count = 4.

Similarly, FIG. 23 shows data in the IC card 90B to be issued to the user B whose department is “HR section”, his post is “Manager”, and his job is “HR evaluation”.

FIG. 24 is a flowchart showing a procedure from when user A encrypts data and sends it to user B, and when user B decrypts and obtains the original data.

Here, it is assumed that the user A operates the computer 5 and the user B operates the computer 8. First, the user A inserts his IC card 90A (FIG. 22) into the IC card reader / writer 5 (step 240).
1).

Next, it is verified whether or not the user A is a valid owner of the IC card 90A (step 24).
02). For this purpose, the user A creates a user inspection command in the format shown in FIG. 28 and inputs it into the IC card 90A.
The procedure for executing the user inspection command in the IC card 90A will be described with reference to FIG.

User A proceeds to the next step if the test result message (FIG. 29) output from IC card 90A is successful (if the owners match), otherwise (if the owners do not match). )finish.

Subsequently, the user A designates the decryption condition of the person who can perform decryption, and creates an encryption instruction in the format shown in FIG. 30 together with the plaintext data 3003 to be encrypted.

In this case, the condition of the user who can be decrypted is, for example, “the affiliation is the first person in charge of the personnel section of the human resources department and the position is equal to or more than the chief.” The encoding format of the decoding condition is obtained by combining “attribute type: comparison condition: attribute value” with a logical expression.

Therefore, the decoding condition is stored in the code table 7
And "B @ J11 &Y> = 3". This is referred to as a decryption condition code 3002. When this encryption command is input to the IC card 90A (FIG. 22), the plaintext data 3003 is encrypted, and encrypted data (FIG. 32) is obtained as an output (step 2403).

User A sends the received encrypted data to user B via network 11 (step 240).
4).

When the user B receives the encrypted data (FIG. 32), the user B first inserts his IC card 90B (FIG. 23) into the IC.
Insert it into the card reader / writer 9 (step 240
5).

Next, it is checked whether the user B is a valid owner of the IC card (step 2406). For this purpose, the user B creates a user inspection command in the format shown in FIG. 28 and inputs it into the IC card 90B. IC card 90
The procedure for executing the user inspection command in B will be described with reference to FIG.

User B proceeds to the next step if the test result message (FIG. 29) output from IC card 90B succeeds (if the owners match), otherwise, user (the owners do not match). If it is). Note that “0” = failure in FIG. 29 indicates that the user is not valid as a result of determining whether the user of the IC card is valid. “1” = success indicates that the IC card is valid for the user.

Next, the user B generates a decryption command of the format shown in FIG. 33 using the encrypted data (FIG. 32) received via the network, and inputs it into the IC card 90B (FIG. 23). The IC card 90B decrypts the encrypted data according to the decryption procedure shown in FIG. 27 and outputs a decryption result as shown in FIG.

In this way, the user B can use the IC card 9
0B (FIG. 23), the original plaintext data 3003 can be obtained.

FIG. 25 is a flowchart showing a procedure for executing a user inspection command.

First, the user inspection command (FIG. 28) input through the interface unit 901 is stored in the memory 90.
8 (step 2501).

Next, when the CPU 909 analyzes the command portion 2801 of the command stored in the memory 908 and finds that the command is a user verification command, it checks the data portion 2802 and the verification information stored in the verification information storage portion 906. Are compared with each other (step 2502).

Finally, the CPU 909 generates an inspection result message (FIG. 29) according to the result of the comparison, and outputs it to the outside of the IC card through the interface unit 901 (step 2503).

FIG. 26 is a flowchart showing a procedure for executing an encryption command in IC card 90A.

First, the encryption command (FIG. 30) input through the interface unit 901 is stored in the memory 908 (step 2601).

Next, when the CPU 909 analyzes the command section 3001 of the command stored in the memory 908 and finds that the command is an encryption command, it forms encryption target data (FIG. 31) (step 2602).

That is, the information stored in the attribute information storage unit 905, the decryption condition code 3002, the plaintext data 30
From 03, a signature 3104 is generated using the common key stored in the common key storage unit 904.

Finally, the CPU 909 sets the common key storage unit 90
4 using the common key stored in FIG.
1) is encrypted (step 2603). The obtained encrypted data (FIG. 32) is output to the outside of the IC card 90A through the interface unit 901 (step 2).
604).

FIG. 27 is a flowchart showing a procedure for executing a decryption command in IC card 90B.

First, the decoding command (FIG. 33) input through the interface unit 901 is stored in the memory 908 (step 2701).

Next, when the CPU 909 analyzes the command section 3301 of the command stored in the memory 908 and finds that the command is a decryption command, the CPU 909 uses the common key stored in the common key storage section 904 to store the data section 3302. To obtain the encryption target data (FIG. 31) (step 2702).

Subsequently, the signature is verified. That is,
The hash values of 3101 to 3103 and the common key storage unit 90
It is checked whether the values obtained by decrypting the signature 3104 using the common key stored in No. 4 match (step 2703). If they do not match, it means that the encrypted data has been tampered with somewhere and the process ends. If they match, proceed to the next step.

In the next procedure, it is verified whether the decryption condition 3002 is satisfied by the user B. That is, the CPU 909 analyzes the decoding condition 3002 and compares it with the attribute information of the user B stored in the attribute information storage unit 905 (step 2).
704).

At the time of comparison, the attribute type symbol of the decoding condition is replaced with the corresponding attribute information in the attribute information storage unit 905. For example, the decoding condition 3002 is obtained from the attribute information of the user B stored in the attribute information storage unit 905 by “B: J
1 "and" Y: 4 "are obtained, so" J1 @ J11 & 4 "
> = 3 ″.

In the case of belonging comparison (＠), it is true if the left side value is included in the right side value. For example, "J1 @ J1
"1" is true, but "J11 @ J1" is false.

The comparison of job titles is the same as the comparison of coded numbers. Therefore, "4> = 3" is true.

Further, the comparison of the owner name and the assigned work can be made only by checking the match “==” or the mismatch “! =” And checking the match / mismatch between the codes on the left and right sides.

When all the comparisons have been completed, the logical expression is evaluated to obtain the truth of the expression.

From the above comparison method, it can be seen that the user B satisfies the decoding condition 3002.

If it is found that the decoding condition is satisfied, the attribute information 3101 of the user A and the original plaintext data 3
A decryption result (FIG. 34) is constructed from 103 and output to the outside of the IC card 90B through the interface unit 901 (step 2705).

According to the above procedure, the electronic data created by the user A is transmitted via the network 11 without anyone knowing the contents, and the contents can be notified to the user B who satisfies the decoding condition.

The plaintext data to be encrypted may be an encryption key used to encrypt data on a computer, that is, a so-called session key. Since an IC card generally has a lower computing capacity than a computer operated by a user, when encrypting a large amount of data, a session key is generated on the computer, and after encrypting the large amount of data (data body) with the session key. Then, a session key encrypted by an IC card is added to the encrypted data body and sent to the receiving side. The receiving side decrypts the encrypted session key and decrypts a large amount of data with the decrypted session key.

Thus, even if the IC card has a low computing capacity, a large amount of data can be transferred only to the receiving side that satisfies the decoding condition.

Further, there may be a plurality of common keys for encrypting the plaintext data. That is, a plurality of common keys are stored in the IC card, and an identification number is assigned to each of them. When the plaintext data is encrypted in the IC card, the identification number of the common key used for the encryption is included in the encrypted data.
When decrypting the encrypted data in the IC card, the decryption is performed using the common key corresponding to the identification number of the common key included therein.
By doing so, it is possible to give the system the flexibility of distributing a common key only to users in a group that crosses departments and exchanging data secretly.

Similarly, a plurality of management keys may be provided by assigning an identification number.

Further, the attribute information and the decryption condition may be inputted to the IC card without encoding the character string such as "personnel section of personnel department". In this case, the amount of data to be input to the IC card is increased, and a load is imposed on the storage area and the arithmetic performance in the IC card.

(Embodiment 2) Next, a second embodiment will be described.

This embodiment shows an example in which the data stored in the IC card 90 is changed on a computer other than the management computer 1 which is the issuer of the IC card 90.

Here, in particular, the attribute information contained in the IC card 90A of the user A is changed from “affiliation department: development section 1st section, post: section manager, assigned work: system development” to “affiliation department: development department”. , Post: department manager, charge: system development ", and the description will be made with reference to FIG. 1 using a system configuration diagram.

FIG. 35 is a flowchart showing the execution procedure of this embodiment.

First, in order to allow a computer (5 or 8) other than the management computer 1 to change data in the IC card 90A, a remote management command is generated on the management computer 1 (step 3501).

Next, the remote management command is passed to the user A via the network 11.

Subsequently, the user A operates the IC card 90 owned by the user A.
A (FIG. 22) is inserted into the IC card reader / writer 6, and the user A is confirmed according to the IC card user validity confirmation means of FIG.

When the validity is confirmed, a remote management command is input to the IC card 90A. The remote management command execution procedure in the IC card 90A will be described with reference to FIG.

FIG. 36 is a flowchart showing a procedure for generating a remote management command.

First, the information of the user A is extracted from the IC card database 4. Next, the extracted information is changed. In the case of this embodiment, the attribute information of the user A is changed to “affiliation department: development department, post: manager, assigned work: system development”.

Subsequently, an attribute remote change command of the format shown in FIG. 38 is created. In FIG. 38, reference numeral 3801 denotes an instruction unit indicating the contents of execution. Reference numeral 3802 denotes an identification number of the IC card 90A issued to the user A, which is extracted from the IC card database 4. Reference numeral 3803 denotes the number of times information in the IC card 90A of the user A has been changed by a management command or a remote management command. By including this value, a replay attack of the remote management command can be prevented. Reference numeral 3804 denotes a new attribute coded with reference to the code table 3. Reference numeral 3805 denotes a signature of 3801 to 3804 using the management key of the user A. This management key is extracted from the IC card database 4.

Finally, the new attribute and the value (“5”) obtained by adding “1” to the number of changes read from the IC card database are stored in the IC card database 4 and the processing is terminated.

FIG. 37 is a flowchart showing a procedure for executing a remote management command in IC card 90A. Hereinafter, each procedure will be described.

First, the attribute remote change command (FIG. 38) input through the interface unit 901 is
It is stored in the memory 908 in the card 90A. Where C
The PU 909 stores the instruction part 3 of the instruction stored in the memory 908.
By analyzing 801, it is found that the input command is an attribute remote change command.

Subsequently, an IC card identification number storage unit 902
Is compared with the input identification number 3802 to confirm that the attribute remote change instruction has been issued to the user A's IC card 90A. If the two numbers do not match, this procedure ends because the input command is not for this IC card. If they match, proceed to the next signature confirmation procedure.

The CPU 909 calculates the value obtained by decrypting the signature 3805 with the management key stored in the management key
The values obtained by calculating the hash values of 01 to 3804 are compared. If the two do not match, it means that the remote management command has been falsified, and this procedure ends. If they match, the procedure proceeds to the next change number confirmation procedure.

The CPU 909 compares the change count 3803 with the value stored in the change count storage unit 907. If they do not match, there is a possibility of a replay attack, so this procedure will be described. If they match, proceed to the next step.

By the above procedure, the correctness of the input attribute remote change command can be verified, and the new attribute 38
04 in the attribute storage unit 905 and ends.

According to the above procedure, information stored in the IC card can be changed by a computer other than the management computer 1.

When changing the common key or the management key in the IC card 90A, a new key is embedded instead of the attribute 3804. These pieces of information are encrypted with a management key corresponding to the IC card in order to prevent eavesdropping. Then, in the IC card, decryption is performed using the management key, and the transmitted new key may be stored in a predetermined position.

As an example of applying the present invention, the section manager belonging to the personnel section, the area for storing the owner attribute in the IC card,
If an IC card storing information such as “affiliation: HR section” and “post: section manager” is given by the management center, the HR section manager decrypts the encrypted data whose decryption condition is “post: section manager or higher”. You can read the contents.

Therefore, a user having a position lower than the section manager cannot decrypt the encrypted data whose decryption condition is “post: section manager or higher” and read the contents, and must know the contents of the encrypted data. Can be limited.

Further, since the information contained in the IC card can be changed at a place other than the management center, the labor and cost for bringing the IC card to the management center can be reduced.

The following methods are available for changing the contents of the IC card by passing a remote management command from the management center.

The information is sent to the IC card owner by e-mail or file transfer, and the owner individually inputs the information into the IC card and changes it.

The owner uses a predetermined terminal to input a command sent from the management center to the terminal into the IC card and change the command.

The manager of each department collects the IC card from the owner, inputs the command sent from the management center to the IC card, changes the command, and returns it to each owner.

In the IC card, identification information for confirming use by a valid owner is stored in advance by the management center. In order to decrypt the encrypted data using the IC card, the user must input identification information that matches the identification information stored in the IC card. It is impossible to decrypt the encrypted data using an IC card and know the contents.

As identification information, PIN (Person)
al Identification Number),
Or use a password.

[0136]

As described above, according to the present invention, a user's encryption key is stored in a storage area in an IC card that can be accessed only by a specific method, and data is encrypted and decrypted inside the IC card. By doing so, theft of the user's encryption key by a third party can be prevented.

In addition, when the decryption condition specified by the user who intends to perform encryption is encrypted together with the data to be encrypted, and when the encrypted data is decrypted, the decryption data is included in the decrypted data. By checking whether the decoding condition is satisfied, and outputting the decrypted electronic data to the outside of the IC card only when the condition is satisfied, only the user who satisfies the decoding condition can see the content of the data.

Further, even when it is necessary to change the information stored in the IC card, it can be changed only by inputting a special IC card management command from the computer used by the user to the IC card. The trouble of bringing an IC card can be saved.

[Brief description of the drawings]

FIG. 1 is a system configuration diagram showing a first embodiment of the present invention.

FIG. 2 is a hierarchy diagram of an organization.

FIG. 3 is a configuration diagram of a department code table.

FIG. 4 is a configuration diagram of a post code table.

FIG. 5 is a configuration diagram of an assigned task code table.

FIG. 6 is a configuration diagram of an attribute type code table.

FIG. 7 is a configuration diagram of a comparison condition code table.

FIG. 8 is a configuration diagram of a logical symbol code table.

FIG. 9 is a configuration diagram of the inside of an IC card.

FIG. 10 is a data configuration diagram of an IC card database.

FIG. 11 is a configuration diagram showing an IC card instruction format.

FIG. 12 is a flowchart showing an IC card issuing procedure.

FIG. 13 is a flowchart showing a management command issuing procedure.

FIG. 14 is a flowchart showing a management command execution procedure.

FIG. 15 is a flowchart illustrating a procedure for issuing a collation information storage instruction.

FIG. 16 is a flowchart showing a procedure for executing a collation information storage instruction.

FIG. 17 is a configuration diagram showing a format of an IC card identification number storage instruction.

FIG. 18 is a configuration diagram showing a format of a management key storage instruction.

FIG. 19 is a configuration diagram showing a format of a common key storage instruction.

FIG. 20 is a configuration diagram showing a format of an attribute information storage instruction.

FIG. 21 is a configuration diagram showing a format of a collation information storage instruction.

FIG. 22 is an explanatory diagram showing an example of data stored in a user A IC card.

FIG. 23 is an explanatory diagram showing an example of data stored in a user B IC card.

FIG. 24 is a flowchart showing a procedure for exchanging encrypted data.

FIG. 25 is a flowchart showing a procedure for verifying the validity of an IC card user.

FIG. 26 is a flowchart showing an encryption procedure.

FIG. 27 is a flowchart showing a decoding procedure.

FIG. 28 is a configuration diagram showing a format of a user inspection command.

FIG. 29 is a configuration diagram showing a format of an inspection result message.

FIG. 30 is a configuration diagram showing a format of a cryptographic instruction.

FIG. 31 is a configuration diagram showing a format of encryption target data.

FIG. 32 is an explanatory diagram illustrating an example of encrypted data.

FIG. 33 is a configuration diagram showing a format of a decryption instruction.

FIG. 34 is a configuration diagram showing a format of a decryption result message.

FIG. 35 is a flowchart showing an execution procedure of remote management of an IC card.

FIG. 36 is a flowchart showing a remote management command generation procedure.

FIG. 37 is a flowchart showing a remote management command execution procedure.

FIG. 38 is a configuration diagram showing a format of an attribute remote change instruction.

[Explanation of symbols]

1. Management computer, 2. IC card reader / writer,
3 code table, 4 IC card database, 5
... Computer, 6 ... IC card reader / writer, 7 ... Code table, 8 ... Computer, 9 ... IC card reader / writer, 10 ... Code table, 11 ... Network, 90 ... IC card.

 ────────────────────────────────────────────────── ─── Continuing on the front page (72) Inventor Junichi Toda 6-81 Onoecho, Naka-ku, Yokohama-shi, Kanagawa Prefecture Hitachi Software Engineering Co., Ltd.

Claims (6)

[Claims] 1. A method of encrypting data using an IC card having an encryption means, wherein an IC card distributed to a user in advance includes an encryption key common to all IC cards and an individual key attached to an IC card owner. When the user encrypts data using the IC card, the user inputs data from the terminal through the IC card dedicated read / write device, and decrypts the data to be encrypted and the encrypted data. After encrypting the attribute conditions that must be satisfied by the user using the encryption key stored in the IC card in advance, the encrypted data is output to the terminal through the IC card dedicated read / write device. When a user decrypts encrypted data using an IC card, the user uses an encryption key stored in the IC card in advance. After decrypting and confirming that the attribute information of the user stored in the IC card in advance satisfies the decryption condition included in the decrypted data, the data included in the decrypted data is passed through the IC card dedicated read / write device. An encryption method using an IC card, wherein original data is obtained by outputting to a user terminal. 2. The data to be encrypted is an encryption key for encrypting the data body. When encrypting the data body, the user generates the encryption key generated on the terminal by the user. The encrypted data is encrypted by an IC card owned by the user, and the encrypted data is added to the encrypted data body obtained by encrypting the electronic data body with the encryption key. When the encrypted data body is decrypted, the encrypted data is I own the encrypted data attached to the main unit
2. The encryption method using an IC card according to claim 1, wherein the encryption key is obtained by decrypting with a C card, and the original data body is obtained by decrypting the encrypted data body using the encryption key. . 3. An I / O device using an IC card dedicated read / write device.
A management center for issuing a C card, a read / write device dedicated to an IC card are connected, and a transmission terminal and a reception terminal for encrypting and decrypting data using the IC card issued by the management center are provided. An encryption system using an IC card, wherein the management center uses an IC card-dedicated read / write device connected to the management center to encrypt a common encryption key for all IC cards distributed to users of a transmitting terminal and a receiving terminal. The key and the attribute information attached to the IC card owner are input into the IC card and the IC
Means for issuing a card, the transmitting terminal comprising: means for allowing a user to specify conditions for decrypting the encrypted data; and attributes that must be satisfied by the user who decrypts the data to be encrypted and the encrypted data. Means for inputting the condition (1) to the IC card owned by the user of the transmitting terminal through the IC card dedicated read / write device connected to the transmitting terminal, and encrypting data output from the IC card through the IC card dedicated reading / writing device. Receiving means, and means for transmitting the encrypted data to a receiving terminal, wherein the receiving terminal receives the encrypted data transmitted from the transmitting terminal, and receives the encrypted data. Means for inputting to an IC card owned by the user of the consultation side terminal through an IC card dedicated read / write device connected to the side terminal, Means for receiving data output from the IC card through a dedicated read / write device, wherein the IC card has a common key storage unit for storing an encryption key common to all IC cards, and an attribute associated with the IC card owner. An attribute information storage unit for storing information, and a data processing unit for encrypting / decrypting data, and further, when inserted into an IC card dedicated read / write device connected to the management center,
Means for receiving an encryption key and attribute information input through the read / write device dedicated to the IC card and storing it in the corresponding storage unit, and further inserted into the read / write device dedicated to the IC card connected to the transmitting terminal; Means for receiving the data to be encrypted and the decryption condition input through the dedicated read / write device for IC card, and means for encrypting the data to be encrypted and the decryption condition using the encryption key stored in the common key storage unit. And means for outputting the encrypted data, and further, when inserted into an IC card dedicated read / write device connected to the receiving side terminal,
Means for receiving encrypted data input through the IC card dedicated read / write device, means for decrypting the encrypted data with the encryption key stored in the common key storage, and storage in the attribute information storage An encryption system using an IC card, comprising: means for confirming that attribute information satisfies a decryption condition included in the decrypted data; and means for outputting data included in the decrypted data after confirmation. 4. The data to be encrypted is an encryption key for encrypting the data body, and the transmitting terminal encrypts the data body with the means for generating the encryption key and the encryption key. Means for transmitting the encrypted data body and the encrypted data obtained by encrypting the encryption key in the IC card to a receiving terminal, the receiving terminal comprising: an encrypted data body, the encrypted data; 4. An encryption system using an IC card according to claim 3, further comprising: means for receiving the encrypted data; and means for decrypting the encrypted data body with an encryption key obtained by decrypting the encrypted data in the IC card. 5. A common key storage unit for storing an encryption key common to each user, an attribute storage unit for storing attribute information associated with each user, and a data processing unit for encrypting and decrypting data, Means for encrypting the input data to be encrypted and the attribute conditions that must be satisfied by the user who decrypts the encrypted data with the encryption key stored in the common key storage unit and outputting the encrypted data; Means for decrypting the encrypted data with the encryption key stored in the common key storage unit, means for confirming whether the attribute stored in the attribute storage unit satisfies a decryption condition included in the decrypted data, Means for outputting encryption target data included in the decrypted data when the decryption condition is satisfied by the confirmation means. 6. A management center for issuing an IC card and an IC
IC with terminal connected to card read / write device
An encryption system using a card, wherein the management center inputs a unique identification number and a unique management key to issue an IC card, and data comprising the identification number and a change content input to the IC card. Means for digitally signing the data with a management key corresponding to the IC card, and means for issuing the data and the digital signature as remote management instructions capable of executing data change in the IC card on the terminal. Comprises means for inputting the remote management command to the IC card through a dedicated IC card read / write device, wherein the IC card comprises: an identification number storage unit for storing an identification number unique to the IC card; A management key storage unit that stores a unique management key, and a unit that includes a data processing unit and receives a remote management command input from the terminal. Means for comparing the identification number included in the remote management instruction with the identification number stored in the identification number storage unit, and means for verifying a digital signature included in the remote management instruction when both numbers match. An encryption system using an IC card, further comprising means for saving the change content included in the remote management command in the IC card only when the digital signature is correct.