JPH1188318A - Method for changing cipher key for authentication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform change without matching with an existing cipher key. SOLUTION: In a card issuing machine, a card ID is generated (S1), a random number R is generated (S2) and whether or not it matches with respective existing keys inside a storage part 422 is checked (S3). When it matches, the random number R is generated again, and when it does not match for the card and when it is the first time, the R is written in a storage part 422 as a key K (S5), a step S2 is returned and the random number R is generated again. When non-matching is a second time, it is written in the storage part 422 as the key K' (S6) and secure data S are generated (S7). EK(S) is obtained by ciphering the secure data S by K (S8), F=0 and G=0 are defined, the card ID, K, K', F and S are sent to a card authentication center device 30 and ID, G and EK(S) are written in the card 10.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION There is a system for providing various services by authenticating data recorded on an information recording medium such as an IC card by a cryptographic technique.
In an authentication process in such a system, the present invention relates to a method of updating an encryption key used for the authentication process to a new authentication encryption key different from the encryption key in order to increase the strength against a cryptographic attack.

[0002]

2. Description of the Related Art Conventionally, a method of updating secret information on a terminal having a public key cryptographic processing function and on the IC card side on the premise of a user device such as an IC card is disclosed in Japanese Patent Application Laid-Open No. Hei 6-150082. Proposed.

[0003]

The public key cryptographic processing method has a larger processing load than the private key cryptographic processing method.
Since the amount of data of the encryption key and the secret information is also large, it is not suitable for a service system that needs to provide terminals and IC cards at low cost. On the other hand, in the secret key encryption processing method, it is necessary to deliver the same encryption key as the key used at the time of encryption to the decrypting device, and there is a risk of leakage at the time of delivery.

[0004] As a method of avoiding such a danger, I
The C card holds only encrypted secret information, sends the secret information to the card authentication center device via the terminal at the time of use, and decrypts the secret information at the card authentication center device.
It is a method to verify. That is, the card authentication center device holds the encryption key information for each card, and decrypts and verifies the information with the encryption key. In this way, the risk of leakage of the encryption key can be suppressed.

[0005] However, if the encryption key on the card authentication center device side is fixed, if it is leaked due to fraud or the like, the result of card data authentication cannot be trusted. SUMMARY OF THE INVENTION In order to solve this problem, an object of the present invention is to provide an authentication encryption key changing method for switching an authentication encryption key on a card authentication center device to a secure one.

[0006]

According to the first aspect of the present invention, in a card authentication data generation device, a random number is used as an authentication encryption key, an existing authentication encryption key is compared with a newly generated random number, and the comparison is performed. If does not match, the random number is used as a new authentication encryption key.

According to the second invention, in the card authentication data generation device, a value generated according to a certain rule with respect to the initial value is used as a new authentication encryption key. For example, an x-th key is a value obtained by counting up from the initial value by x. In this example, a value different from the initial value is added each time. According to the third invention, in the card authentication data generation device, a different value is generated each time from the initial value according to a certain rule, and the generated value is encrypted by a predetermined encryption method to generate a new authentication encryption key. And

According to the fourth invention, the authentication encryption key generation means is provided in the card authentication data generation apparatus and the card authentication center apparatus, and the two authentication encryption key generation means have the same initial value. The card authentication data generating device performs a different operation on the initial value each time according to a certain rule, and uses the value as an authentication encryption key. The card authentication center device determines that the calculation result is different from the authentication encryption key. According to a certain rule different from the certain rule that does not match, a different operation is performed each time on the initial value, and that value is used as an authentication encryption key.

For example, in the x-th card authentication data generating device, a value obtained by adding 2x-1 to the initial value is used as an authentication encryption key, and a value obtained by adding 2x to the initial value is used as a new value in the card authentication center device. It is an encryption key for authentication. According to the fifth invention, the authentication encryption key generation means is provided in the card authentication data generation device and the card authentication center device, and both of the authentication encryption key generation means have the same initial value. The authentication data generation device performs a different operation on the initial value every time according to a certain rule, and encrypts the obtained value as a new encryption key for authentication. Performing a different operation on its initial value each time according to a different fixed rule that does not match the value obtained by the operation of the card authentication data generation device,
A value obtained by encrypting the obtained value is used as a new authentication encryption key.

In the sixth invention, a plurality of keys generated by any of the first to fifth new authentication key generation methods are prepared in a card authentication center device for each card, and the card authentication center device Each time you give an update instruction to each card,
When a subsequent first authentication request is issued, the secure data of the card is encrypted by sequentially using another one of the authentication encryption keys prepared for the card, and the encrypted data is requested. Write the authentication secret information to the card and change the encryption key for authentication.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The method of the present invention can be applied to FIG. 1 shows an example of a functional configuration of a system. Card 1
0 is, for example, an IC card, and card identification information ID;
The generation number G identifying the authentication encryption key currently used by the card 10 and the authentication secret information EK (S) obtained by encrypting the authentication data (secure data) S with the encryption key K are stored in the card 10. ing.

A terminal 20 is capable of attaching and detaching the card 10 and a reader / writer 21 capable of writing information obtained by reading the information on the attached card 11.
And a data transmitting means 22 for transmitting and receiving data to and from the card authentication center device 30, and a data receiving means 23. The card authentication center device 30 includes a data receiving means 31 for receiving data from the terminal 20, two authentication encryption keys K and K 'for each card ID, a flag F, secure data (authentication data) S, , An ID search unit 33 for searching the storage unit 32 by the card ID, and the encryption key K, K ′, the flag F, the secure data from the card ID received by the data reception unit 31. Decryption means 3 for extracting S and decrypting the secret information EK (S) with K or K 'according to the received G
4, the decrypted secure data S, and the storage unit 32
Secure data verifying means 35 for verifying by comparing with the S of the ID taken out from the server, and generation number verification for verifying the value of the generation number G in the data received by the data receiving means 31 The means 36, the generation number changing means 37 for performing a process of changing the generation number G when it is necessary to change the generation number G to be held in the card 10, and the storage unit 32 A flag changing means 38 for changing the flag F, and an encryption means 39 for encrypting the secure data 5 of the corresponding ID with the new key K (K ') when the authentication encryption key is changed and transmitting the encrypted data to the terminal 20.
And

A card authentication data generation device (usually a card issuing machine) 40 can insert and remove the card 10, and a reader / writer 41 for writing data to and reading data from the attached card 10 and an authentication device. Key K
(K ′), secure data generation means 43 for generating secure data S, and card I
D, and the generated secure data 5 is transferred to the generated authentication encryption key K (K ').
, A means 46 for generating a generation number G, a means 47 for generating a flag F, a generated encryption key for authentication K (K '), secure data S, card I
D and a data transmission means 48 for transmitting the flag F to the card authentication center device 30. Card ID, encrypted secure data, EK (S) or EK 'to card 10
(S) The generation number G is written by the reader / writer 41.

The update instruction terminal 50 is provided with an update instruction means 51, and generates an update instruction appropriately by an operator or at a predetermined cycle or whenever a predetermined state occurs, and performs card authentication. Input to the center device 30.
As shown in FIG. 2, when an update instruction is input from the update instruction terminal 50 to the card authentication center device 30 (S1), the card authentication center device 30 sets all the flags F in the storage unit 32 to "1" (S1). S2).

After that, the ID of the card 10 and G EK
When (S) is sent to the card authentication center device 30 via the terminal 20, the storage unit 32 is searched by its ID and the corresponding K, K ', F, and S are read out (S3). It is checked whether G received by the number verification means 36 is "0" (S
4) If "0", EK received with read K
(S) is decoded (S5), and if the received G is not "0", the received EK (S) is decoded using the read K '(S6), and any of the decoded results is read. It is checked whether or not the read F matches (S7). If they do not match, the verification is rejected. If they match, the verification has passed. It is checked whether the read F is "0" (S8). If so, the encryption key of the encryption means 45 of the issuing device 40 and the same encryption key as the encryption key used for decryption, in this case, S is encrypted with the key K, and the EK (S), ID, and G are transmitted to the terminal. It is sent to the card 10 via the server 20 (S9).

If F is not "0", S is encrypted with the encryption key of the encryption means 45 and an encryption key different from the encryption key used for decryption, in this case, the key K ', and S is encrypted (S10). Changed by generation number verification means 37, that is, "1" becomes "0",
If it is "0", it is changed to "1" (S11), and its FK '
(S), ID and G are sent to the card 10 via the terminal 20. Thereafter, F in the storage unit 32 of the ID is set to “0” (S12).

Next, the card issuing process when the method of the first invention is used will be described with reference to FIG. In the card authentication data generating device (hereinafter referred to as issuing machine) 40, a card ID is generated by the card ID generating means 44 (S1).
The random number generation means 421 of the key generation means 42 generates a random number R (S2).

The random number R is compared with the key in the storage unit 422 and the comparison unit 423 to check whether there is a match (S3). If they do not match, the mismatch is 1
It is checked whether it is the first time (S4), and if it is the first time, the R is registered as a key K in the storage unit 422 by the writing means 424 (S5). If they match in step S3, R is discarded, and the process returns to step S2 to generate a random number again.

When the writing to the storage unit 422 is performed once, that is, at step S4, the process returns to step S2, and the generation of the random number R and the comparison with the key in the storage unit 422 are repeated. 'In the storage unit 422 (S
6). When the secure data generation unit 43 determines that the secure data S
Is generated (S7). The encryption unit 45 encrypts S using the key K to generate EK (S) (S8).

The flag generation means 47 sets the flag F = 0,
The generation number G is set to 0 by the key generation means 46 (S9).
The issuing machine 40 transfers the card ID, K, K ', F, and S to the card authentication center device 30. The issuing machine 40 stores the card ID, G, and EK (S) on the card 10.

Next, the card issuing process in the case of using the method of the second invention will be described with reference to FIG. The issuing machine 40 generates a card ID (S1). The key generation unit 42 increments the key value KV of the register 425 by the operation unit 426, that is, the value obtained by KV + 1 = K (2 is decremented, that is, KV-1 = K) is set as the key K, and the writing unit 424 sets K to K.
A key K ′ is written in the register 425 as V and advanced (or lowered). Also, the key K 'at this time
Is newly set as the key value KV (S2).

The secure data S is generated by the issuing machine (S
3). The issuing machine encrypts S using the encryption means 45 and the key K to generate EK (S) (S4). As in the first invention, the flag F = 0 and the generation number G = 0 (S5).
The issuing machine 40 transfers the card ID, K, K ', F, and S to the card authentication center device 30.

The issuing machine 40 determines that the card ID, G, EK
(S) is stored in the card 10. Next, a case where a card issuance process is performed using the method of the third invention will be described with reference to FIG. The issuing machine 40 generates a card ID (S1).
The value generated by raising (or lowering) the key value KV of the register 425 by the key generating means 42 by the calculating means 426 is encrypted by the encrypting means 45 with the encryption key HK for the issuing device, and is used as the key K. Similarly, a value obtained by further raising (lowering) the key value KV and encrypting it is referred to as a key K '. Further, the value at this time (the initial value of the key K ') is newly written into the register 425 as a key value KV (S2). The key HK is generated by the issuing device encryption key generation unit 427.

Thereafter, as in the previous case, the secure data S is generated by the issuing machine (S3). In the issuing device, the encryption unit 45 encrypts S using the key K to generate EK (S) (S4). The flag F = 0 and the generation number G = 0 are set (S5). The issuing machine transfers the card ID, K, K ', F, and S to the card authentication center device 30.

The issuing machine causes the card 10 to store the card ID, G, and EK (S). The case where the card issuance processing is performed using the method of the fourth invention will be described with reference to FIG. In this case, the issuing machine 40 and the card authentication center device 30
The key value KV is shared, and a key generation means 32 'is provided in the card authentication center device 40' in FIG. 1 as shown by a solid line.

The issuing machine generates a card ID (S1).
A key K is a value obtained by advancing (or decrementing) the key value KV of the register 425 by 2 × −1 by the calculating means 426 by the key generating means 42 of the issuing machine. Further, the key K at this time is newly stored in the register 425 by the writing means 424 as a key value KV (S2).

The issuing machine 40 generates the secure data S (S3). The issuing device 40 encrypts S using the encryption means 452 and the key K to generate EK (S) (S4).
The flag F = 0 and the generation number G = 0 are set (S5). The issuing machine 40 transfers the card ID, K, F, and S to the card authentication center device 30.

In the card authentication center device 30 itself, the key value KV of the register 425 'is increased by 2 × (or decremented) by the calculating means 426 by the key generating means 32', and the value is used as the key K '. The writing means 474 'stores the key K' at this time as a new key value KV in the register 425 '(S6). The issuing machine 40 receives the card ID, G, EK
(S) is stored in the card 10.

Further, a card issuing process using the method of the fifth invention will be described with reference to FIGS. In this case as well, the key value K is determined in advance by the issuing device 40 and the card authentication center device 30.
V is shared, and a key generation unit 32 ′ is provided in the card authentication center device 30. Generate a card ID at the issuing machine (S
1). The key value KV in the register 425 is incremented by 2 × −1 (or decremented) by the arithmetic unit 426 by the key generation unit 42 of the issuing machine, and the encryption key HK for the issuing device is encoded by the encryption unit 45.
The value encrypted in the step is a key K. Further, the key value KV is 2x-
The writing unit 424 stores the value that has been moved up (downward) by one as a new key value KV in the register 425 (S
2).

The secure data S is generated by the issuing machine (S
3). In the issuing machine, the encryption unit 42 encrypts S using the key K to generate EK (S) (S4). Flag F =
0 and generation number G = 0 (S5). The issuing machine 40 transfers the card ID, K, F, and S to the card authentication center device 30.

A value obtained by increasing (or decreasing) the key value KV of the register 423 'by 2 × by the reception generation means 42 of the card authentication center device 40 using the encryption means 45' and the encryption key HK for the issuing device. Is a key K ′. The value obtained by moving up (downward) the key value KV at this time by 2x is newly written as a key value KV in the register 425 '.
24 '(S6).

The issuing machine stores the card ID, G, and EK (S) on the card. In FIG. 6, every time the key value is moved up (downward), the calculation result K is set to the initial value KV, but the initial value set first may be used as it is, that is, KV = K, KV = K ′. The calculation may be omitted.
In FIG. 7, KV = KV + (2 × −1), KV = KV +
The KV set first may be used every time without updating the initial value by 2x. Also, in the above, card 1
0 is a memory and a communication function that can be read and written by a reader / writer with respect to the memory. That is, the memory is not limited to an IC card, and an example is a combination of a personal computer and a PC card. Good.

[0033]

As described above, according to the present invention, the uniqueness of the key is guaranteed, that is, the encryption key is changed to an encryption key that does not match the existing encryption key. Can be invalidated. It is possible to update the key as much as possible in the database (storage unit 32) of the card authentication center device. That is, in the above example, two keys K and K 'are used alternately for each card. However, it is sufficient to repeat the steps of preparing more keys and sequentially using them for each update instruction.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an example of a functional configuration of a system to which the present invention method is applied.

FIG. 2 is a flowchart showing an example of a processing procedure in the card authentication center device 30 in FIG. 1;

FIG. 3A is a flowchart showing an example of a card issuing procedure using the method of the first invention, and FIG. 3B is a block diagram showing a functional configuration of an authentication encryption key generation unit.

FIG. 4A is a flowchart illustrating an example of a card issuing unit using the method of the second invention, and FIG. 4B is a block diagram illustrating a functional configuration of the authentication encryption key generating unit;

FIG. 5A is a flowchart showing an example of a card issuing procedure using the method of the third invention, and FIG. 5B is a block diagram showing a functional configuration of the authentication encryption key generation means.

FIG. 6A is a flowchart showing a card issuing procedure and a key generation procedure of the card authentication center device using the method of the fourth invention, and FIG. 6B is a block diagram showing a functional configuration of the authentication encryption key generation means.

FIG. 7 is a flowchart showing a card issuing procedure using the method of the fifth invention and a key generation procedure of the card authentication center device.

FIG. 8 is a block diagram showing a functional configuration of the authentication encryption key generation unit.

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁶ Identification code FI H04L 9/32 H04L 9/00 601E 673C 673E

Claims (6)

[Claims] In a card authentication data generation device, a random number is used as an authentication encryption key, an existing authentication encryption key is compared with a newly generated random number, and if the comparisons do not match, the random number is newly authenticated. A method for changing an encryption key for authentication, wherein the method is used as an encryption key for authentication. 2. The card authentication data generating device performs a different operation each time on an initial value according to a certain rule,
A method for changing an encryption key for authentication, characterized in that a value obtained thereby is newly used as an encryption key for authentication. 3. The card authentication data generating device performs a different operation on an initial value every time according to a certain rule, and encrypts the obtained value by a predetermined encryption method to obtain a new authentication encryption key. A method for changing an encryption key for authentication. 4. An authentication encryption key generation means is provided in a card authentication data generation device and a card authentication center device, and the two authentication encryption key generation means have the same initial value. The generating device performs a different operation on the initial value each time according to a certain rule, and uses that value as an encryption key for authentication. The card authentication center device is configured so that the calculation result does not match the encryption key for authentication. An authentication encryption key changing method, wherein a different operation is performed on an initial value each time according to a certain rule different from a certain rule, and the value is used as an authentication encryption key. 5. An authentication encryption key generation means is provided in a card authentication data generation device and a card authentication center device, and both authentication encryption key generation means have the same initial value. The generating device performs a different operation each time on the initial value according to a certain rule, and uses a value obtained by encrypting the obtained value as a new encryption key for authentication. Each time, a different operation is performed on the initial value according to a different fixed rule that does not match the value obtained by the operation of the card authentication data generation device, and the value obtained by encrypting the obtained value is used as a new value. A method for changing an encryption key for authentication, comprising using the encryption key for authentication. 6. A plurality of keys generated by the new authentication key generation method according to claim 1 are prepared in a card authentication center device for each card, and an update instruction is given to the card authentication center device. When there is a first authentication request thereafter for each card, the secure data of the card is encrypted by sequentially using another one of the authentication encryption keys prepared for the card, and the encryption is performed. 6. The authentication encryption key changing method according to claim 1, wherein data is written to the card for which the authentication request is made as authentication secret information, and the authentication encryption key is changed.