JP2001052134A - Method and device for processing ic card system communication data protection and recording medium recording ic card system communication data protection processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a device for processing IC card system communication data protection and a recording medium recording IC card system communication data protection processing program with which revising or illegality of data transferred to an IC card in a distributed environment including the IC card is prevented and data can be safely distributed. SOLUTION: This device is provided with a data part transmitted from an IC card terminal 4-1, a signature using the secret key of a person to prove this data part, the identifier of the owner of a public key for proving the public key in respect to the secret key used for this signature, the public key of a data part signer, the identifier and signature of a verification institution for guaranteeing these identifier and the public key information at least, further, the public key is extracted from a certificate on the basis of the certificate containing the limit of the validity of this proof and signature verifying processing is executed on the basis of this extracted public key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a distributed IC card system for distributing an application program or arbitrary data in a distributed environment including a plurality of IC card servers, IC card terminals, and IC cards. An IC card system communication data protection processing method and apparatus and an IC card system communication data protection processing program for preventing falsification or tampering of data transmitted to an IC card via an IC card terminal or from an IC card terminal to an IC card. It relates to a recorded recording medium.

[0002]

2. Description of the Related Art In ISO / JICSAP, IC
An encryption method called secure messaging has been proposed as a method related to data protection when data is transmitted from a card terminal to an IC card. However, IC
There is no particular rule regarding falsification detection of data between the card terminal and the IC card. Therefore, there is no provision for preventing falsification or fraud of the application at the time of downloading the application.

[0003] In JavaCard, in order to prevent falsification of a program at the time of downloading a program or unauthorized intervention of a program, a signature is given to the program data using a secret key, and this signature is verified at a terminal before the IC card is verified. A method of transferring data within a network is disclosed.

[0004] In Multitos, JavaC
Unlike ard, signature verification for a program is performed inside the IC card. Next, the conventional I shown in FIG.
The procedure will be briefly described with reference to the module configuration diagram of the IC card system that implements the C card communication data protection processing method.

First, an Open MEL Application command is executed to secure an area. Next, downloading of program data by the LoadCode command (the program download processing unit 1-1 in FIG. 4) and LodeApplicationS
Download of signature data to the application using the ignature command (signature download processing unit 1- 1 in FIG. 4)
After performing 2), when generating an application using the CreateMELApplication command (the application generation processing unit 1-3 in FIG. 4), the certificate data unique to Multis called ALC is downloaded (the unique certificate download processing unit 1-in FIG. 4). 4) Then, the public key corresponding to the secret key of the signature data included therein is subjected to syntax analysis for the unique certificate format (unique syntax analysis processing unit 1-5 in FIG. 4) and extracted (FIG. 4). After the public key extraction processing unit 1-6), the signature is verified (the signature verification processing unit 1-7 in FIG. 4).

These commands are sent to the IC card terminal 1-8.
A command control unit 1-11 executes a command of a desired command such as a program download command, a signature download command, an application generation process command, etc., via a transfer processing unit 1-10 that performs transmission control from the PC to the IC card 1-9. This is performed by dispatching to the execution processing unit 1-12.

[0007]

In the above-mentioned conventional method, first, JavaCard has the following problems.

(1-a) In JavaCard,
In order to execute signature verification on the terminal, the program
When transferring to the card, there is a risk of tampering, and because verification is not performed on the device that executes the program,
If the terminal cannot be trusted, there is a security concern.

Also, Multitos solves this problem,
A method of executing an authentication process in a C card has been proposed.
That is, in the Multitos, the management organization of the IC card issuer sets the IC card program and IC
Threats to program tampering by restricting program download (distribution) to specific institutions, such as managing the card issuance period and restricting IC card downloads to IC card issuers and organizations authorized by the IC card issuer Protection and data assurance (program assurance)
are doing.

However, in the current distributed environment such as the Internet, in order to promote information distribution, application providers (program providers) are flexibly expanded to service providers that provide IC cards. An open environment in which programs can be freely exchanged between end users is desired.
It is also desirable to provide an environment in which not only programs but also general data can be distributed and distributed with signatures and certificates. Therefore, it is important to provide such an environment safely.

In the following, a problem in a case where the Multitos system is applied to such a distributed distribution environment will be described.

(1-b) In Multitos, since the certificate format is unique, when distributed in a distributed environment, interoperability with other than Multitos environment is not possible. That is, for example, X.D. 509 cannot be processed as it is in the IC card.

(1-c) In Multitos, since it is assumed that a program is downloaded between the management organization and the IC card download executor, a certificate is exchanged between the management organization and the IC card download executor (IC card issuing organization). Although it is possible to transmit data safely by cryptographic processing based on the public key of the IC card issuing organization, when providing an environment in which program data can be flexibly distributed between end users, both the signature and certificate must be used. It needs to be distributed. However, when the Multitos method is applied to such a distributed IC card system environment, there is a possibility that the certificate is falsified in the middle because there is no signature of the certificate authority for the certificate.

(1-d) In the Multitos, as described above, the IC card issuer (or an institution called an bureau authorized by the IC card issuer and capable of downloading applications) is managed by the management organization, and When downloading an application, the program is always downloaded to the management organization and the certificate is transferred. Therefore, there is no problem if the validity period for the certificate is not set. In a distributed IC card system environment in which a certificate is developed and distributed flexibly between the end users, the certificate is distributed between end users. You must be able to know the validity period for.

(2) In Multitos, the administrator of the application, signature, and certificate is a specific organization, and the application, signature, and certificate are distributed and downloaded because the application is always downloaded from this management organization when downloading the application. There is no problem, but when providing an environment in which program data can be flexibly distributed between end users, it is better to manage programs, signatures, and certificates as a unit to avoid loss due to distribution or processing. It is desirable to ensure easiness.

(3) As pointed out in the above (1-c),
In Multitos, there is no signature on the certificate by the accredited institution, and therefore no means for verifying this signature is provided, so that signature verification cannot be performed.

(4) Under the conditions of (1), (1)
To verify the validity period as mentioned in -d),
At present, it is difficult to manage time information inside an IC card, so that an IC card without a time information management function cannot know the time information. Even if they do, no means is provided for comparing and verifying the time information with the validity period.

(5) Under the conditions of (2), the above (1)
To verify the validity period as mentioned in -d),
It is necessary to send the time information by command with the integrated program, signature, and certificate.In this case, it is necessary to separate the time information from the transmitted data when verifying the validity period of the certificate. It is necessary to provide a means for comparing and verifying the time information and the validity period.

(6) For example, an X.509 having a conventional tag length / value structure. In general, when processing a certificate such as 509, binary data (ASN.1 transfer syntax: TLV structure data) having a tag length
SN. A method has been adopted in which, after conversion into a structure of C through one compiler, a member of a necessary structure is referred to. However, in an apparatus such as an IC card having a small memory resource, the ASM. It is difficult to perform processing with one compiler loaded, and a simple processing method is desired.

(7) Regarding Multitos, with respect to downloading to an application, a method for protecting data from tampering and unauthorized use is specified as a method using a signature / certificate, but is not specified for general data. . Therefore, a mechanism for extending this to general data and preventing tampering and improper operation of an arbitrary command including a write command is required.

(8) In Multitos, since an interface for processing a certificate is not open to the terminal, certificate processing using an IC card cannot be easily performed on the terminal side.

The present invention has been made in view of the above,
The purpose is to prevent data transferred to the IC card from being tampered or fraudulent in a distributed environment including the IC card and to safely distribute the data.
Card system communication data protection processing method and apparatus and I
An object of the present invention is to provide a recording medium in which a C card system communication data protection processing program is recorded.

[0023]

According to one aspect of the present invention, there is provided an IC card service server, an IC card terminal, and transfer processing means for performing communication between the IC card terminal and the IC card. A command control means for dispatching command data transmitted or requested from an IC card terminal to a desired command execution unit, and a plurality of command execution means for executing a command.
In an IC card system having a C card, an IC card system communication data protection processing method for preventing falsification or fraud of data transmitted from an IC card service server via an IC card terminal or from an IC card terminal to an IC card. And in IC cards,
A data part transmitted from the IC card terminal, a signature using a private key of a person who guarantees the data part, and a certification of a public key for the private key used for the signature. An identifier, a public key of the signer of the data part, at least an identifier of the certificate authority that guarantees the identifier and the public key information, and a signature. The gist is to perform a public key extraction process to be extracted and a data signature verification control process including at least a data signature verification process for executing a signature verification process based on the extracted public key.

According to the first aspect of the present invention, a public key is extracted from a certificate and a signature verification process is executed based on the extracted public key. And includes at least the identifier of the owner of the public key, the public key of the signer of the data division, at least these identifiers, and the identifier and signature of a certification authority that guarantees the public key information, and Since the certificate format including the expiration date is processed, it is possible to perform signature verification processing with high consistency with the existing distributed certificates. Also, since the signature of the certification authority and the certificate validity period are set, If information is used, there is no risk of tampering even if the certificate is distributed, and it is possible to avoid the danger of using the certificate when it is not valid.

Further, the present invention according to claim 2 provides the invention according to claim 1.
In the invention described in the claims, a data part, a signature part using a private key of a person who guarantees the data part, and certifying a public key for the private key used for the signature are provided. Authorized data comprising at least an identifier and a public key of the signer and at least an identifier and a signature of a certificate authority that guarantees the identifier and the public key information, and further comprising a certificate part including an expiration date of the certification. Is transmitted from the IC card terminal to the IC card, and in the data signature verification control process, a data portion transmitted from the IC card terminal, a signature portion using a private key of a person who guarantees the data portion, Certifying the public key for the private key used for the public key, the identifier of the owner of the public key, the public key of the signer of the data part, and at least the identifier and the public key information The data extraction process, the signature portion extraction process, and the certificate extraction process for analyzing at least certified data including at least the identifier of the certification authority to be assured and the signature, and at least the certificate portion including the expiration date of this certification The gist is to perform configured data analysis processing that has been certified.

According to the second aspect of the present invention, in the data signature verification control processing, the identifier of the owner of the public key, the public key of the signer of the data part, and a certificate authority that guarantees at least the identifier and the public key information. Data extraction processing for analyzing certified data, which includes at least an identifier and a signature and further includes a certificate part including the expiration date of the proof, a signature part extraction processing, and a certificate extraction processing. , Signatures, and certificates can be managed as a unified data (file). When data with signatures and certificates is distributed in a distributed environment, it can be lost compared to managing them individually. This makes it possible to avoid confusion in management, such as making it easier to avoid, and also to ensure ease of processing.

Further, the present invention according to claim 3 provides the invention according to claim 1.
In the invention according to the second aspect, in the public key extracting process, a certificate signature verifying process for verifying a signature of a certification authority in a certificate is performed in the certificate verifying process.

According to the third aspect of the present invention, in the public key extracting process, since the signature of the certificate authority in the certificate is verified in the certificate verification process, the certificate verification process of the certificate authority for the certificate is performed. Can be actually performed, and the validity of the certificate can be confirmed, and the use of unauthorized programs or data can be avoided.

According to a fourth aspect of the present invention, in the first or third aspect of the invention, in the data analysis processing, the certificate verification processing is performed based on a time transmitted as an additional element from the IC card terminal. An expiration date extraction process for extracting an expiration date from a certificate, and time information or time management IC transmitted from the IC card terminal
The gist of the present invention is to compare the time information managed in the card with the expiration date obtained in the expiration date extraction process and perform an expiration date verification process for verifying the certificate expiration date.

According to the present invention, the time information transmitted from the IC card terminal or the time information managed in the IC card capable of time management and the expiration date obtained by the expiration date extraction process In order to verify the validity period of the certificate by comparing with the validity period, the validity period of the certificate can be verified.

The present invention described in claim 5 is the same as that in claim 2
In the invention described in the third aspect, in the data analysis process, a time information extraction process of separating a time information portion that is a time transmitted as an additional element from the IC card terminal from other authorized data is performed. In the certificate verification process, a validity period extraction process for extracting a validity period from a certificate, the time information obtained in the time information extraction process or the time information managed in an IC card capable of time management and the validity information The gist of the present invention is to compare the expiration date obtained in the expiration date extraction process and perform the expiration date verification process for verifying the certificate expiration date.

According to the present invention, the time information portion, which is the time transmitted as an additional element from the IC card terminal, is separated from other authorized data, and the expiration date is extracted from the certificate. Then, by comparing the time information obtained in the time information extraction process or the time information managed in the IC card capable of time management with the expiration date obtained in the expiration date extraction process, verification of the certificate expiration date is performed. Therefore, the time information can be extracted from the data transmitted from the IC card terminal, and the validity period of the certificate can be verified based on the time information.

Further, the present invention described in claim 6 is the same as claim 3.
Alternatively, in the invention described in 4 or 5, the structure of the certificate part is binary data expressed by a hierarchical tag and a length and a value, and the IC card performs a certified data analysis process or an expiration date extraction. The gist is that a request is accepted from the processing or the certificate signature extraction processing, the binary data is processed with the tag / length / value as it is, and the tag / length / value binary parsing processing for extracting only the required tag value is performed. And

According to the sixth aspect of the present invention, the certificate part is binary data expressed by hierarchical tags and lengths and values, and the certified data analysis processing or the expiration date extraction processing is performed. Alternatively, accept the request from the certificate signature extraction process, process the binary data with tags, lengths, and values, and extract only the required tag values.
In order to perform a value binary parsing process, for example, an X.400 having a conventional tag, length, and value structure (hereinafter, referred to as a TLV structure). When the transfer syntax data 509 is processed in the IC card, the expiration date extracting process or the public key extracting process from the certificate can be performed at high speed in the IC card.

The present invention described in claim 7 provides the invention according to claims 1 to 6
In the invention according to any one of the above, in the command control process, a data signature verification control determination process for determining whether a signature and a certificate exist for a data portion of an arbitrary command transmitted from the IC card, and a command execution process. Before dispatching, if there is a signature / certificate based on the result of the data signature verification control determination processing, data for passing data for verifying the signature validity of the data to the data signature verification control processing The point is to perform a signature verification control process.

According to the present invention, in the command control processing, there is provided a data signature verification control determination processing for determining whether a data part of an arbitrary command transmitted from the IC card has a signature and a certificate, Before dispatching to the command execution processing, if there is a signature / certificate based on the result of the data signature verification control determination processing, data transfer for verifying the signature validity of the data to the data signature verification control processing In order to perform a data signature verification control process, a signature verification process is performed on data input to the command before execution of the command for any command other than the download command,
The validity of data can be verified.

Further, the present invention described in claim 8 is based on claim 1.
In the invention according to any one of the first to seventh aspects, in the data signature verification control process, a request from the IC card terminal is received, the authorized data and time information are additionally received from the command control process, and the validity of the signature is checked. Performs a data signature verification interface process for returning the verification result of the IC to the command control. In the public key extraction process,
A public key extraction interface that receives a request from a card terminal, receives a certificate and additionally time information from a command control process, and returns data in the certificate having at least a public key extracted from the certificate to the command control process. In the certificate verification process, a request is received from the IC card terminal, a certificate, a public key number of a signature for the certificate, and additionally time information are received from a command control process, and the validity of the certificate is verified. The point is to perform a certificate verification interface process that returns the verification result of the property to the command control process.

According to the present invention, in the data signature verification control processing, a request from the IC card terminal is received, the authorized data and the time information are additionally received from the command control processing, and the validity of the signature is verified. Performs a data signature verification interface process for returning the verification result of the data to the command control, receives a request from the IC card terminal in the public key extraction process, receives a certificate and time information additionally from the command control process, Performs public key extraction interface processing for returning data in the certificate having at least the public key extracted from the command control processing, and receives a request from the IC card terminal in the certificate verification processing,
To perform a certificate verification interface process of receiving a certificate, a public key number of a signature for the certificate, and additionally time information from the command control process, and returning a verification result of the validity of the certificate to the command control process, for example, a terminal From the side, for example, X. Various certificate processes using an IC card for a certificate having the certificate format of 509 can be performed.

Further, according to the present invention, there is provided an IC card service server, an IC card terminal, transfer processing means for performing communication between the IC card terminal and the IC card, and a command transmitted or requested from the IC card terminal. In an IC card system having command control means for dispatching data to a desired command execution unit, and an IC card having a plurality of command execution means for executing a command, an IC card service server is provided via an IC card terminal or an IC card. An IC card system communication data protection processing device for preventing falsification or fraud of data transmitted from a card terminal to an IC card, wherein the IC card has a data portion transmitted from the IC card terminal and guarantees the data portion. Signature using the private key of the Certifying the public key, including at least the identifier of the owner of the public key, the public key of the signer of the data unit, and at least these identifiers and the identifier and signature of a certification authority that guarantees the public key information, Further, at least a public key extraction processing means for extracting a public key from the certificate based on the certificate including the expiration date of the certification, and a data signature verification processing means for executing signature verification processing based on the extracted public key are provided. It is essential to have a data signature verification control means.

According to the ninth aspect of the present invention, a public key is extracted from a certificate and a signature verification process is performed based on the extracted public key. And includes at least the identifier of the owner of the public key, the public key of the signer of the data division, at least these identifiers, and the identifier and signature of a certificate authority that guarantees the public key information, and furthermore, the validity of this certification. Since the certificate format including the expiration date is processed, it is possible to perform signature verification processing that is highly consistent with existing certificates, and since the certification authority's signature and certificate validity period are set, this information is used. If the certificate is used, there is no risk of falsification even if the certificate is distributed, and the danger of using the certificate when it is not valid can be avoided.

According to a tenth aspect of the present invention, in the ninth aspect, a data portion, a signature portion using a private key of a person who guarantees the data portion, and a public key corresponding to the private key used for the signature are provided. Which includes at least the identifier of the owner of the public key, the public key of the signer of the data part, the identifier of the certification authority that guarantees the identifier and the public key information, and the signature. Certified data including at least a certificate part including an expiration date is transmitted from the IC card terminal to the IC card, and the data signature verification control unit transmits the data part transmitted from the IC card terminal to the data part. A signature unit using the private key of the guarantor, and certifying the public key for the private key used for the signature. The identifier of the owner of the public key and the public key of the signer of the data unit A data extracting means for analyzing at least certified data comprising at least the above-mentioned identifier and an identifier of a certification authority which guarantees public key information and a signature, and further comprising a certificate part including an expiration date of this certification, a signature The gist of the present invention is to have a certified data analysis processing means composed of a copy extracting means and a certificate extracting means.

According to the tenth aspect of the present invention, in the data signature verification control process, the identifier of the owner of the public key, the public key of the signer of the data part, and a certification authority that guarantees at least the identifier and the public key information. Data extraction processing for analyzing certified data, which includes at least an identifier and a signature and further includes a certificate part including the expiration date of the proof, a signature part extraction processing, and a certificate extraction processing. , Signatures, and certificates can be managed as a unified data (file). When data with signatures and certificates is distributed in a distributed environment, it can be lost compared to managing them individually. This makes it possible to avoid confusion in management, such as making it easier to avoid, and also to ensure ease of processing.

According to a twelfth aspect of the present invention, in the ninth or tenth aspect, the public key extraction processing means verifies the signature of the certification authority in the certificate in the certificate verification processing means. The point is to have a certificate signature verification processing means.

According to the eleventh aspect of the present invention, in the public key extraction processing, since the signature of the certificate authority in the certificate is verified in the certificate verification processing, the certificate verification processing of the certificate authority for the certificate is performed. Can be actually performed, and the validity of the certificate can be confirmed, and the use of unauthorized programs or data can be avoided.

According to a twelfth aspect of the present invention, in the ninth or eleventh aspect of the present invention, the certificate verification processing means extracts a validity term from a certificate; The validity period for comparing the time information transmitted from the terminal or the time information managed in the time-manageable IC card with the validity period obtained by the validity period extracting means to verify the certificate validity period The gist of the present invention is to have verification processing means.

According to the twelfth aspect of the present invention, an IC
To compare the time information transmitted from the card terminal or the time information managed in the IC card capable of time management with the expiration date obtained in the expiration date extraction process, and verify the certificate expiration date, The validity period of the certificate can be verified.

According to a thirteenth aspect of the present invention, in the tenth or eleventh aspect, the data analysis means comprises:
Time information extraction processing means for separating a time information part, which is the time transmitted as an additional element from the IC card terminal, from other authorized data, wherein the certificate verification processing means Expiration date extraction means for extracting the time information obtained by the time information extraction means or the time information managed in the IC card capable of time management and the expiration date obtained by the expiration date extraction means. The gist of the present invention is to have an expiration date verification processing unit that performs comparison and verifies the certificate expiration date.

According to a thirteenth aspect of the present invention, an IC
The time information part, which is the time transmitted as an additional element from the card terminal, is separated from other certified data, the expiration date is extracted from the certificate, and the time information or time management obtained by the time information extraction processing is To compare the time information managed inside the possible IC card with the expiration date obtained by the expiration date extraction process and verify the certificate expiration date, the IC
Time information can be extracted from the data transmitted from the card terminal, and the validity period of the certificate can be verified based on the time information.

According to a fourteenth aspect of the present invention, in accordance with the eleventh, twelfth, or thirteenth aspect, the structure of the certificate part is a hierarchical tag and binary data expressed by a length and a value. The IC card receives a request from the authorized data analysis processing means, the expiration date extraction processing means, or the certificate signature extraction processing means, processes the binary data as it is with the tag, length, and value, and The point is to have a tag length / value binary parsing processing means for extracting only the value of.

According to the fourteenth aspect of the present invention, the certified data is binary data expressed by hierarchical tags and lengths and values, and the certified data analysis processing or the expiration date extraction processing is performed. Or, it accepts the request from the certificate signature extraction process, processes the binary data as it is with the tag, length, and value, and performs tag / length / value binary parsing to extract only the required tag value. , Length and value structure (hereinafter referred to as TLV structure). When the transfer syntax data 509 is processed in the IC card, the expiration date extracting process or the public key extracting process from the certificate can be performed at high speed in the IC card.

According to a fifteenth aspect of the present invention, in the first aspect of the present invention, the command control means includes a signature and a certificate for a data part of an arbitrary command transmitted from the IC card. A data signature verification control determining means for determining the presence / absence of a signature; and a data signature verification control means for dispatching to a command execution means if there is a signature / certificate based on the result of the data signature verification control determining means. The gist of the present invention is to have a data signature verification control means for transferring data for verifying the signature validity of the data.

According to the fifteenth aspect of the present invention, in the command control process, a data signature verification control determination process for determining whether a signature and a certificate exist for a data portion of an arbitrary command transmitted from the IC card, Before dispatching to the command execution processing, if there is a signature / certificate based on the result of the data signature verification control determination processing, data transfer for verifying the signature validity of the data to the data signature verification control processing In order to perform the data signature verification control process, the signature verification process is performed on the data entered for the command before executing the command for any command other than the download command, and the validity of the data is verified. Can be verified.

According to a sixteenth aspect of the present invention, in the invention according to any one of the ninth to fifteenth aspects, the data signature verification control means has received a request from the IC card terminal and has been authorized by the command control means. Data signature verification interface means for receiving the time information additionally to the data and returning a verification result of the validity of the signature to the command control means, wherein the public key extraction processing means receives a request from the IC card terminal A public key extraction interface processing means for receiving a certificate and time information additionally from the command control means, and returning data in the certificate having at least the public key extracted from the certificate to the command control means, The certificate verification processing means receives a request from the IC card terminal, and publishes a certificate and a signature for the certificate from the command control means. Receive number and additionally time information, and summarized in that a certificate validation interface means for returning a verification result of the authenticity of the certificate to the command control unit.

According to the present invention, in the data signature verification control process, a request from the IC card terminal is received, the authorized data and the time information are additionally received from the command control process, and the validity of the signature is verified. Performs a data signature verification interface process that returns the verification result of the command to the command control, receives a request from the IC card terminal in the public key extraction process, receives a certificate and time information additionally from the command control process, Performs a public key extraction interface process for returning data in the certificate having at least the extracted public key to the command control process, and receives a request from the IC card terminal in the certificate verification process,
To perform a certificate verification interface process of receiving a certificate, a public key number of a signature for the certificate, and additionally time information from the command control process, and returning a verification result of the validity of the certificate to the command control process, for example, a terminal From the side, for example, X. Various certificate processes using an IC card for a certificate having the certificate format of 509 can be performed.

Further, according to the present invention, there is provided an IC card service server, an IC card terminal, transfer processing means for performing communication between the IC card terminal and the IC card, and a command transmitted or requested from the IC card terminal. In an IC card system having command control means for dispatching data to a desired command execution unit, and an IC card having a plurality of command execution means for executing a command, an IC card service server is provided via an IC card terminal or an IC card. A recording medium storing an IC card system communication data protection processing program for preventing falsification or improper transmission of data transmitted from the card terminal to the IC card. Using the private key of the person who guarantees this data part A signature for certifying a public key with respect to a private key used for the signature. A public key extracting process for extracting a public key from a certificate based on a certificate including at least an institution identifier and a signature and further including a validity period of the certificate, and performing a signature verification process based on the extracted public key The gist of the present invention is to record, on a recording medium, an IC card system communication data protection processing program for performing a data signature verification control processing having at least a data signature verification processing.

According to the present invention, a public key is extracted from a certificate and a signature verification process is executed based on the extracted public key. And includes at least the identifier of the owner of the public key, the public key of the signer of the data division, at least these identifiers, and the identifier and signature of a certificate authority that guarantees the public key information, and furthermore, the validity of this certification. Since the certificate format including the expiration date is processed, it is possible to perform a signature verification process with high consistency with the certificate currently in circulation. Since the data protection processing program is recorded on the recording medium, the distribution of the program can be enhanced by using the recording medium.

The present invention according to claim 18 is the invention according to claim 17, wherein a data portion, a signature portion using a private key of a person who guarantees the data portion, and a secret key used for the signature are used. It certifies a public key, and includes at least the identifier of the owner of the public key, the public key of the signer of the data part, and at least the identifier and the identifier of the certification authority that guarantees the identifier and the public key information. Certified data including at least a certificate portion including a certificate expiration date is transmitted from the IC card terminal to the IC card. In the data signature verification control process, the data portion transmitted from the IC card terminal includes A signature part using the private key of the person who guarantees the data part, and certifying the public key for the private key used for the signature, wherein the identifier of the owner of the public key and the data part Analysis of authorized data including at least a public key of a name person, at least the identifier, an identifier of a certificate authority that guarantees the public key information and a signature, and further including at least a certificate part including an expiration date of the certification is performed. An IC that performs a certified data analysis process including a data extraction process, a signature portion extraction process, and a certificate extraction process
The gist is to record a card system communication data protection processing program on a recording medium.

According to the eighteenth aspect of the present invention, in the data signature verification control process, the identifier of the owner of the public key, the public key of the signer of the data part, and a certificate authority that guarantees at least the identifier and the public key information. IC card system communication that performs data extraction processing for analyzing certified data that includes at least a certificate part that includes at least an identifier and a signature of the certificate, and that includes a validity period of the certification, signature part extraction processing, and certificate extraction processing Since the data protection processing program is recorded on the recording medium, the distribution of the program can be enhanced by using the recording medium.

According to a nineteenth aspect of the present invention, in the invention of the seventeenth or eighteenth aspect, in the public key extracting process, a certificate signature for verifying a signature of a certification authority in the certificate is included in the certificate verifying process. The gist of the present invention is to record an IC card system communication data protection processing program for performing a verification process on a recording medium.

According to the present invention, in the public key extraction processing, the IC card system communication data protection processing program for verifying the signature of the certification authority in the certificate in the certificate verification processing is recorded on the recording medium. Since the recording is performed, the distribution property can be improved by using the recording medium.

According to a twentieth aspect of the present invention, in the invention according to the seventeenth or nineteenth aspect, in the data analysis processing, the certificate verification is performed based on a time transmitted as an additional element from the IC card terminal. In the processing, the expiration date extraction process for extracting the expiration date from the certificate, the time information transmitted from the IC card terminal or the time information managed in the IC card capable of time management and the expiration date extraction process are provided. IC that performs an expiration date verification process that compares the expiration date with the validity period and verifies the certificate expiration date
The gist is to record a card system communication data protection processing program on a recording medium.

According to a twentieth aspect of the present invention, an IC
IC card that compares the time information transmitted from the card terminal or the time information managed in the IC card capable of time management with the expiration date obtained by the expiration date extraction process to verify the certificate expiration date Since the system communication data protection processing program is recorded on the recording medium, the distribution can be enhanced by using the recording medium.

According to a twenty-first aspect of the present invention, in the eighteenth or nineteenth aspect of the present invention, in the data analysis processing, a time information part is a time transmitted as an additional element from the IC card terminal. Performs a time information extraction process of separating the time information from other certified data, and in the certificate verification process, an expiration date extraction process of extracting an expiration date from a certificate, and the time information or the time information obtained in the time information extraction process. IC card system communication for comparing the time information managed in the IC card capable of time management with the expiration date obtained in the expiration date extraction process and performing the expiration date verification process for verifying the certificate expiration date The gist is to record the data protection processing program on a recording medium.

According to a twenty-first aspect of the present invention, an IC
The time information part, which is the time transmitted as an additional element from the card terminal, is separated from other certified data, the expiration date is extracted from the certificate, and the time information or time management obtained by the time information extraction processing is An IC card system communication data protection processing program for comparing the time information managed inside the possible IC card with the expiration date obtained by the expiration date extraction process and verifying the certificate expiration date is recorded on a recording medium. Therefore, the distribution of the recording medium can be improved by using the recording medium.

According to a twenty-second aspect of the present invention, in the nineteenth, twentieth or twenty-first aspect of the present invention, the structure of the certificate part is binary data in which a hierarchical tag and a length and a value are represented, The IC card accepts a request from the approved data analysis process or the expiration date extraction process or the certificate signature extraction process, processes the binary data as it is with the tag, length, and value, and obtains the necessary tag value. The gist is to record, on a recording medium, an IC card system communication data protection processing program for performing a tag / length / value binary parsing processing for extracting only a tag.

According to the twenty-second aspect of the present invention, the certified data structure is binary data expressed by hierarchical tags and lengths and values, and the certified data analysis processing or the expiration date extraction processing Or IC card system communication data that accepts requests from certificate signature extraction processing, processes binary data as tags, lengths, and values, and performs tag-length-value binary parsing processing that extracts only the required tag values Since the protection processing program is recorded on the recording medium, it is possible to use the recording medium and improve the circulation.

According to a twenty-third aspect of the present invention, in the invention according to any one of the seventeenth to twenty-second aspects, in the command control processing, a signature for a data part of an arbitrary command transmitted from the IC card is added. Before dispatching to a data signature verification control determination process for determining the presence or absence of a certificate, and before dispatching to a command execution process, if there is a signature / certificate based on the result of the data signature verification control determination process, Therefore, the gist of the present invention is to record, in a recording medium, an IC card system communication data protection processing program for performing data signature verification control processing for transferring data for verifying the signature validity of the data.

According to the twenty-third aspect of the present invention, in the command control processing, there is provided a data signature verification control determination processing for determining the presence or absence of a signature and a certificate for a data portion of an arbitrary command transmitted from the IC card. Before dispatching to the command execution processing, if there is a signature / certificate based on the result of the data signature verification control determination processing, data transfer for verifying the signature validity of the data to the data signature verification control processing Since the IC card system communication data protection processing program for performing the data signature verification control processing for performing the above is recorded on the recording medium, it is possible to increase the circulation using the recording medium.

According to a twenty-fourth aspect of the present invention, in the invention according to any one of the seventeenth to twenty-third aspects, in the data signature verification control processing, a command control processing is performed upon receiving a request from the IC card terminal. And performs timestamp information in addition to the certified data from the IC card terminal, and performs a data signature verification interface process of returning a verification result of the signature to the command control process. In the public key extraction process, a request from the IC card terminal Receiving the certificate and the time information additionally from the command control process, and performing a public key extraction interface process for returning data in the certificate having at least the public key extracted from the certificate to the command control process, In the certificate verification process,
A certificate that receives a request from the IC card terminal, receives a certificate, a public key number of a signature for the certificate, and additionally time information from the command control process, and returns a verification result of the validity of the certificate to the command control process. The gist of the present invention is to record a communication data protection processing program for an IC card system for performing a document verification interface process on a recording medium.

According to the present invention, in the data signature verification control processing, a request from the IC card terminal is received, the authorized data and the time information are additionally received from the command control processing, and the validity of the signature is verified. Performs a data signature verification interface process that returns the verification result of the command to the command control, receives a request from the IC card terminal in the public key extraction process, receives a certificate and time information additionally from the command control process, Performs a public key extraction interface process for returning data in the certificate having at least the extracted public key to the command control process, and receives a request from the IC card terminal in the certificate verification process,
IC card system communication that performs a certificate verification interface process that receives a certificate, a public key number of a signature for the certificate, and additionally time information from the command control process, and returns a verification result of the validity of the certificate to the command control process. Since the data protection processing program is recorded on the recording medium,
By using the recording medium, its distribution can be improved.

[0071]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a configuration of an IC card system that implements a communication data protection processing method according to an embodiment of the present invention. The IC card system shown in FIG.
And an IC card 4-2.
Reference numeral 2 denotes a transfer processing unit 4-3, a command control unit 4-4, a data signature verification control unit 4-7, a command execution processing unit 4-8, a public key extraction processing unit 4-9, and a certificate verification processing unit 4-22. Public key format conversion processing unit 4-11, certificate signer public key 4-
It comprises 33 connected signature verification processing units 4-12 and TLV syntax analysis processing units 4-18.

The command control section 4-4 includes a data signature verification control determination section 4-5 and a data signature verification control request section 4-5.
-6, the data signature verification control unit 4-7 includes a data signature verification interface unit 4-31, a certified data analysis processing unit 4-13, a public key extraction control unit 4-19, and a public key format conversion control unit. 4-29, Data Signature Verification Processing Unit 4
-30, a certified data analysis processing unit 4-1
Reference numeral 3 denotes a data part extraction unit 4-14 and a signature part extraction unit 4-1.
5. Certificate extracting unit 4-16, time information unit extracting unit 4-17
It is composed of Further, a public key extraction processing unit 4-9
Is composed of a public key extraction interface processing unit 4-20, a certificate verification control unit 4-21, and a public key extraction processing execution unit 4-28. The certificate verification processing unit 4-22 includes a certificate verification interface processing unit 4-23, an expiration date extraction processing unit 4-24, an expiration date verification processing unit 4-25, a certificate signature extraction processing unit 4-26, a certificate Signature verification processing execution unit 4-
27.

Next, the operation of the embodiment configured as described above will be described with reference to the flowchart shown in FIG. 2 and the IC card communication data structure shown in FIG.

First, a pair of data / signature / certificate having a TLV structure is transmitted as authorized data from the IC card terminal 4-1, and time information is attached in a TLV structure after the authorized data. (CASE in FIG. 3)
2). At this time, the transfer processing unit 4- in the IC card 4-2.
3 transmits this information from the IC card terminal 4-1 to the IC card 4
And transfer the command data to the command control unit 4-4. In the command control unit 4-4, when the setting for performing the data signature verification control determination is made in the IC card, in the specified area of the command in the IC card, or in command units, the data signature verification control is performed. When the judging unit 4-5 finds the tag of the certified data, it judges that the signature verification is necessary, and transfers the certified data + time information to the data signature verification control requesting unit 4-6. The data signature verification control request unit 4-6 transfers this information to the data signature verification control unit 4-7.

If there is no tag of the certified data, the command is passed to the command execution processing unit 4-8 for the designated command in the same manner as usual (this command execution processing unit 4-8 transmits the data signature). Verification control unit 4-7, public key extraction processing unit 4-9, certificate verification processing unit 4-22, public key format conversion processing unit 4-11, signature verification processing unit 4-12
including. At this time, each interface processing unit takes charge of an interface with the command control unit 4-4.
The individual description will be described later). Note that this data signature verification control determination method can be set in various ways (for example, in a simple TLV (column of TLV data having no hierarchy) structure,
If there is a signature + certificate + time information (optional) at the end, data from the protocol header to the signature is regarded as data, or data from the protocol header to the signature is regarded as data, and data signature verification control is performed. Also, the command control unit 4-4 includes a data signature verification control determination unit 4-5.
, All commands are dispatched to the command execution processing unit, and the command execution processing unit notifies the data signature verification control unit 4-7 of the data in the form of certified data + time information (data + signature + certificate in the command execution unit). If the data is passed in a format such as + time information, the data is reassembled into the format of certified data + time information and transmitted. Control may be performed.

Next, the processing flow of the data signature verification control unit 4-7 will be described. In the data signature verification control unit 4-7,
The data signature verification interface unit 4-31 receives the certified data + time information, and requests the certified data analysis processing unit 4-13 for processing. In the certified data analysis processing unit 4-13, the certified data (as described above, the format passed to the data signature verification control main unit only needs to have a common understanding of both sides. For example, data + signature + certificate + (It may be like time information). The TLV structure is determined, data is extracted in the data part extraction unit 4-14, the signature is extracted in the signature part extraction unit 4-15, and the certificate is extracted in the certificate extraction unit 4-16. The information section extraction section 4-17 extracts time information. In analyzing the structure and extracting the values,
An analysis routine of the TLV syntax analysis processing unit 4-18 (for example, a plurality of specific analysis routines are prepared and used from a common routine such as returning a value in response to a tag number input). The processing may be performed using the information. The analyzed data is stored in a memory or written in a file by using a write process (particularly, since the data is large, only the data is written to a file) and erased after the end.

Next, the process of extracting a public key from a certificate will be described. The public key extraction process starts when the public key extraction control unit 4-19 of the data signature verification control unit 4-7 sends a certificate as a processing request to the public key extraction processing unit 4-9 in the IC card. Be started. The public key extraction processing unit 4-9 receives a processing request from the public key extraction processing control unit 4-19 via the public key extraction interface processing unit 4-20, and passes it to the certificate verification control unit 4-21. . In the certificate verification control unit 4-21, in the certificate verification processing unit 4-22 in the IC card, first, the certificate verification interface processing unit 4-23 receives the certificate and the time information, Pass to 24. The expiration date extraction processing unit 4-24 extracts only the expiration date from the certificate, and passes this value to the expiration date verification processing unit 4-25. The expiration date extraction processing unit 4-25 may perform the analysis of the TLV structure in this module when extracting this value. However, as described above, the TLV syntax The analysis processing section 4-18 may be used. The expiration date verification processing unit 4-25 stores time information on a memory or in a file (or passed from the public key extraction control unit 4-19 to the public key extraction processing unit 4-9), or an IC having a time information management function. The card uses the obtained time information to determine whether or not the time information satisfies the passed expiration date. If the time information is not satisfied, an error is returned to the public key extraction control unit 4-9. If so, the certificate is passed to the certificate signature extraction processing unit 4-26. The certificate signature extraction processing unit 4-26 extracts the signature of the authentication period in which the certificate was signed.
4, the signature may be extracted using the TLV syntax analysis unit 4-18. After the extraction of the signature is completed, the certificate signature verification processing execution unit 4-27 verifies the signature of the certificate. At this time, for example, the public key data for the authentication period is stored in advance as key data in the IC card, and the identification of this key data is designated as one of the parameters of the command. The certificate signature verification processing execution unit 4-27 includes a signature verification processing unit 4-27 in the IC card.
12, the signature verification processing unit 4-12 verifies the signature using the certificate data and the signature data, and the key identifier of the public key data. If the signature is incorrect, an error is returned to the public key extraction control unit 4-19. If it is correct, the public key extraction processing execution unit 4-28
Hand over the certificate and extract the public key from the certificate.
The method of analyzing the TLV syntax by the public key extraction processing execution unit 4-28 is as described above. If the extraction is successful, the extracted public key is returned to the public key extraction control unit 4-19.

Next, if the public key received by the public key extraction control unit 4-19 is not in a format that can be processed by the signature verification processing unit 4-12, the public key is passed to the public key format conversion control unit 4-29. The public key format conversion control unit 4-29 passes the public key to the public key format conversion processing unit 4-11 and converts the public key into a desired format.

Based on the finally converted public key, the data signature verification processing unit 4-30 requests the signature verification processing unit 4-12 to verify the signature of the data transmitted from the IC card. End the data verification work.

Note that, except for the data signature verification control unit 4-7, the public key extraction processing unit 4-9, and the certificate verification processing unit 4-22, a public key format conversion processing unit 4-11 and a signature verification processing unit 4
All of the command execution processing units 4-8 including the -12 and the like have an interface processing unit, and provide an interface for executing a process requested by the command execution processing unit 4-8 in the IC card terminal or the IC card. provide.

The public key extraction processing unit optionally outputs information such as the identifier of the owner of the public key as an option in addition to the public key.

In FIG. 3, when data, a signature, and a certificate are separately transmitted as in CASE1, that is, Multitos, for example, information to be set in the data portion for an arbitrary command is transmitted in advance. Finally, the command is executed. At this time, the data, signature, and certificate must be held as temporary data in a command common memory area or file.

By recording the processing of the above-described embodiment as a program on a recording medium, it is possible to use the recording medium to increase its circulation.

[0084]

As described above, according to the present invention,
(1) IC card service server, IC card terminal, I
In a distributed environment including a C card, end users (including arbitrary service providers) can easily guarantee data using an existing signature / certificate management environment, and distribute this data between end users. It becomes possible.

Further, according to the present invention, (2) it is possible to perform a signature verification process that is highly consistent with a certificate currently in circulation, and the signature of the certification authority and the certificate validity period are set. However, if this information is used, there is no risk of falsification even if the certificate is distributed, and it is possible to avoid the danger of using the certificate when it is not valid.

Further, according to the present invention, (3) it is possible to verify the signature of the certification authority on the certificate,
It is possible to safely distribute data (including programs) with a signature and a certificate in a distributed environment, thereby providing an environment for mutually exchanging data and programs between end users in a distributed IC card system environment.

According to the present invention, (4) arbitrary data can be managed as data (file) in which data, signature, and certificate are integrated, so that data with signature and certificate can be distributed in a distributed environment. In this case, management confusion such as loss can be avoided, and easiness of individual processing can be ensured, as compared with a method of individual management.

Further, according to the present invention, (5) the validity period of the certificate can be verified, so that the certificate is managed by a plurality of management organizations and issued by the existing certificate management organization. X. It is possible to use a certificate like 509, and as a mechanism for guaranteeing the data of the IC card, more flexible management of the public key while ensuring the security,
That is, the user can be managed. In addition, it is possible to securely distribute data with a signature and certificate in a distributed environment.

Further, according to the present invention, (6) even in the data / signature / certificate-integrated data distribution environment as described in (3) above, the validity period of the certificate as described in (5) above is obtained. Since verification becomes possible, it is possible to achieve secure distributed distribution while ensuring ease of data management.

According to the present invention, (7) For example, X.264 having a conventional tag length / value structure (hereinafter, TLV structure).
When the transfer syntax data 509 is processed in the IC card, the expiration date extracting process or the public key extracting process from the certificate can be performed in the IC card at high speed.

Further, according to the present invention, (8) before executing a command for an arbitrary command other than the download command, a signature verification process is performed on the data input to the command, and Can be verified. Thereby, for example, ISO781
A signature and a certificate are given to the command header information + command parameter + command data part as defined in 6-4, and the validity can always be checked, and a mechanism for guaranteeing the command sender is provided. Can be. The same applies to commands other than ISO.

Further, according to the present invention, (9) by providing each certificate processing interface for command control, the IC card terminal (and the IC card service server via the IC card terminal) or the IC card Can use the certificate processing interface from any other command.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an IC card system that implements an IC card system communication data protection processing method according to an embodiment of the present invention.

FIG. 2 is a flowchart showing the operation of the embodiment shown in FIG.

FIG. 3 is a diagram showing an IC card communication data structure in the embodiment shown in FIG. 1;

FIG. 4 is a block diagram showing an apparatus configuration for implementing a conventional IC card system communication data protection processing method.

FIG. 5 is a flowchart showing a procedure of the conventional IC card system communication data protection processing shown in FIG.

FIG. 6 is a diagram showing a conventional IC card communication data structure.

[Explanation of symbols]

 4-1 IC card terminal 4-2 IC card 4-3 Transfer processing unit 4-4 Command control unit 4-5 Data signature verification control determination unit 4-6 Data signature verification control request unit 4-7 Data signature verification control unit 4 -8 Command execution processing unit 4-9 Public key extraction processing unit 4-11 Public key format conversion processing unit 4-12 Signature verification processing unit 4-13 Authorized data analysis processing unit 4-14 Data part extraction unit 4-15 Signature Part extraction unit 4-16 Certificate extraction unit 4-17 Time information part extraction unit 4-18 TLV syntax analysis processing unit 4-19 Public key extraction control unit 4-20 Public key extraction interface processing unit 4-21 Certificate verification control Section 4-22 Certificate Verification Processing Section 4-23 Certificate Verification Interface Processing Section 4-24 Expiration Date Extraction Processing Section 4-25 Expiration Date Verification Processing Section 4-26 Certificate Signature Extraction Processing Section 4- 7 certificate signature verification processing execution unit 4-28 public key extraction process executing section 4-29 public key format conversion control unit 4-30 data signature verification processing unit 4-31 data signature verification interface unit

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Nobuhiro Chiba 2-3-1 Otemachi, Chiyoda-ku, Tokyo Within Nippon Telegraph and Telephone Corporation (72) Inventor Yasuhiro Hosoda 2-3-1 Otemachi, Chiyoda-ku, Tokyo No. 1 F-term in Nippon Telegraph and Telephone Corporation (reference) 5B035 AA13 BB09 CA38 5B058 CA28 KA31 KA35 5J104 AA09 AA11 LA03 LA06 NA02 NA05 NA27 NA35 PA07

Claims (24)

[Claims] An IC card service server, an IC card terminal, transfer processing means for performing communication between the IC card terminal and the IC card, and dispatching command data transmitted or requested from the IC card terminal to a desired command execution unit. And an IC card having a plurality of command execution means for executing a command, the IC card system having a command control means for executing the command and a plurality of command execution means for executing the command. An IC card system communication data protection processing method for preventing falsification or fraud of data, wherein an IC card uses a data portion transmitted from an IC card terminal and a secret key of a person who guarantees the data portion. Signing, certifying the public key to the private key used for this signature And at least the identifier of the owner of the public key, the public key of the signer of the data division, and at least the identifier and the identifier of the certification authority that guarantees the public key information and the signature. Performing a public key extraction process of extracting a public key from a certificate based on the included certificate; and a data signature verification control process including at least a data signature verification process of executing a signature verification process based on the extracted public key. A communication data protection processing method for an IC card system. 2. A data part, a signature part using a private key of a person who guarantees the data part, and a public key certifying the private key used for the signature, wherein the public key is certified by the owner of the public key. Authorized data comprising at least an identifier and a public key of the signer and at least an identifier and a signature of a certificate authority that guarantees the identifier and the public key information, and further comprising a certificate part including an expiration date of the certification. Is I
In the data signature verification control process, which is transmitted from the C card terminal to the IC card, the data part transmitted from the IC card terminal, a signature part using a private key of a person who guarantees the data part, Certifying the public key for the private key that has been issued, and identifying at least the identifier of the owner of the public key, the public key of the signer of the data part, and at least the identifier and the identifier of the certification authority that guarantees the public key information and the signature. In addition, perform a data extraction process for analyzing certified data including at least a certificate portion including the expiration date of the certification, a signature portion extraction process, and a certified data analysis process including a certificate extraction process. 2. The communication data protection processing method according to claim 1, wherein: 3. The IC according to claim 1, wherein, in the public key extracting process, a certificate signature verifying process for verifying a signature of a certification authority in the certificate is performed in the certificate verifying process. Card system communication data protection processing method. 4. An expiration date extracting process for extracting an expiration date from a certificate in the certificate verification process based on a time transmitted as an additional element from the IC card terminal in the data analysis process; The validity period for comparing the time information transmitted from the terminal or the time information managed in the time-manageable IC card with the validity period obtained in the validity period extraction processing to verify the certificate validity period 4. The method according to claim 1, further comprising performing a verification process. 5. The data analysis process according to claim 1, wherein
A time information extraction process for separating a time information portion, which is a time transmitted as an additional element from the C card terminal, from other authorized data is performed. In the certificate verification process, an expiration date is extracted from the certificate. Expiration date extraction processing, comparing the time information obtained in the time information extraction processing or the time information managed in the IC card capable of time management with the expiration date obtained in the expiration date extraction processing, 3. An expiration date verification process for verifying a certificate expiration date is performed.
Or the IC card system communication data protection processing method according to 3. 6. The IC card includes binary data in which the structure of the certificate part is represented by a hierarchical tag, a length, and a value. A request is received from a signature extraction process, the binary data is processed as it is with a tag, length, and value, and a tag / length / value binary parsing process for extracting only a necessary tag value is performed. 6. The method for protecting communication data of an IC card system according to the item 3 or 4 or 5. 7. In the command control processing, an IC
Before dispatching to a data signature verification control determination process for determining the presence or absence of a signature and a certificate for a data portion of an arbitrary command transmitted from the card and a command execution process,
A signature based on the result of the data signature verification control determination process;
7. The data signature verification control process according to claim 1, further comprising: performing a data signature verification control process of transferring data for verifying a signature validity of the data to the data signature verification control process when the certificate is present. An IC card system communication data protection processing method according to any one of the above. 8. In the data signature verification control processing, a request from the IC card terminal is received, the authorized data and time information are additionally received from the command control processing, and the verification result of the signature is verified by the command. Performs a data signature verification interface process to be returned to the control. In the public key extraction process, a request from the IC card terminal is received, and a certificate and time information are additionally received from a command control process. A public key extraction interface process for returning data in the certificate having at least the public key to the command control process. In the certificate verification process, a request from the IC card terminal is received. And the public key number of the signature on the certificate and the time information are additionally received. IC card system communication data protection processing method according to any one of claims 1 to 7, characterized in that the certificate validation interface processing to be returned to command control process. 9. An IC card service server, an IC card terminal, transfer processing means for performing communication between the IC card terminal and the IC card, and dispatching command data transmitted or requested from the IC card terminal to a desired command execution unit. And an IC card having a plurality of command execution means for executing a command, the IC card system having a command control means for executing the command and a plurality of command execution means for executing the command transmitted from the IC card service server via the IC card terminal or from the IC card terminal to the IC card. An IC card system communication data protection processing device for preventing data tampering or fraud, wherein an IC card is a data part transmitted from an IC card terminal and a signature using a secret key of a person who guarantees the data part. ,
This is to certify the public key for the private key used for this signature, and the identifier of the owner of the public key, the public key of the signer of the data part, and at least these identifiers and the certification authority that guarantees the public key information. At least an identifier and a signature,
Further, at least a public key extraction processing means for extracting a public key from the certificate based on the certificate including the expiration date of the certification, and a data signature verification processing means for executing signature verification processing based on the extracted public key are provided. An IC card system communication data protection processing device comprising: data signature verification control means. 10. A data part, a signature part using a private key of a person who guarantees the data part, and a public key certifying the private key used for the signature, wherein a signature of the owner of the public key is provided. Authorized data comprising at least an identifier and a public key of the signer and at least an identifier and a signature of a certificate authority that guarantees the identifier and the public key information, and further comprising a certificate part including an expiration date of the certification. Is transmitted from the IC card terminal to the IC card. The data signature verification control means includes a data part transmitted from the IC card terminal, a signature part using a private key of a person who guarantees the data part, and A certification of a public key for a used private key. The certification includes a public key owner identifier, a data part signer's public key, and at least these identifiers and public key information. It comprises at least an institution identifier and a signature, and further comprises a data extracting means for analyzing certified data which is at least composed of a certificate part including the expiration date of this certification, a signature part extracting means, and a certificate extracting means. The IC card system communication data protection processing device according to claim 9, further comprising a certified data analysis processing means. 11. The certificate processing apparatus according to claim 9, wherein said public key extraction processing means includes certificate signature verification processing means for verifying a signature of a certification authority in a certificate in said certificate verification processing means. IC card system communication data protection processing device. 12. The certificate verification processing means, comprising: a validity term extraction processing means for extracting a validity term from a certificate;
The time information transmitted from the C card terminal or the time information managed in the IC card capable of time management is compared with the expiration date obtained by the expiration date extracting means to verify the certificate expiration date. 12. The IC card system communication data protection processing device according to claim 9, further comprising an expiration date verification processing means. 13. The data analysis means includes time information extraction processing means for separating a time information part, which is a time transmitted as an additional element from the IC card terminal, from other authorized data, The certificate verification processing means includes a validity term extraction processing means for extracting a validity term from the certificate, the time information obtained by the time information extracting means, or the time information managed in the IC card capable of time management, and the validity information. 12. The IC card system communication data protection processing device according to claim 10, further comprising an expiration date verification processing unit that compares the expiration date obtained by the expiration date extraction unit and verifies the certificate expiration date. . 14. The certificate data is binary data in which the structure of the certificate part is expressed by a hierarchical tag, a length and a value, and the IC card is a certified data analysis processing means, an expiration date extraction processing means, or a certificate. A request for receiving a request from the signature extraction processing means, processing the binary data with the tag, length, and value unchanged, and extracting only the necessary tag value.
14. The IC according to claim 11, further comprising length / value binary parsing processing means.
Card system communication data protection processor. 15. The command control unit includes: a data signature verification control determination unit that determines whether a data portion of an arbitrary command transmitted from an IC card and a certificate are present; A data signature verification control means for transferring data for verifying the signature validity of the data to the data signature verification control means when there is a signature / certificate based on the result of the data signature verification control determination means; 15. The IC card system communication data protection processing device according to claim 9, further comprising: 16. The data signature verification control means receives a request from the IC card terminal, receives authorized data and additional time information from a command control means, and executes command control on the result of verification of the validity of the signature. The public key extraction processing means receives a request from the IC card terminal, receives a certificate and time information additionally from a command control means, and extracts the time information from the certificate. Public key extraction interface processing means for returning data in a certificate having at least the obtained public key to a command control means, wherein the certificate verification processing means receives a request from the IC card terminal, From the certificate and the public key number of the signature on the certificate and additionally time information,
16. The IC card system communication data protection processing device according to claim 9, further comprising a certificate verification interface unit for returning a verification result of the validity of the certificate to the command control unit. 17. An IC card service server, an IC card terminal, transfer processing means for performing communication between the IC card terminal and the IC card, and dispatching command data transmitted or requested from the IC card terminal to a desired command execution unit. And an IC card having a plurality of command execution means for executing a command, the IC card system having a command control means for executing the command and a plurality of command execution means for executing the command. An IC card system for preventing data tampering or tampering is a recording medium on which a communication data protection processing program is recorded. In an IC card, a data portion transmitted from an IC card terminal and a data portion of a person who guarantees the data portion are stored. Signature using private key, secret used for this signature It is to certify the public key to, including at least the identifier of the owner of the public key, the public key of the signer of the data part, and at least these identifiers and the identifier and signature of the certification authority that guarantees the public key information, Further, a data signature including at least a public key extraction process for extracting a public key from a certificate based on a certificate including an expiration date of the certificate, and a data signature verification process for executing a signature verification process based on the extracted public key A recording medium on which an IC card system communication data protection processing program for performing a verification control process is recorded. 18. A data part, a signature part using a private key of a person who guarantees the data part, and a public key certifying the private key used for the signature, wherein the public key is certified by a public key owner. Authorized data comprising at least an identifier and a public key of the signer and at least an identifier and a signature of a certificate authority that guarantees the identifier and the public key information, and further comprising a certificate part including an expiration date of the certification. Is transmitted from the IC card terminal to the IC card. In the data signature verification control process, a data portion transmitted from the IC card terminal, a signature portion using a secret key of a person who guarantees the data portion, and a signature Certifies the public key of the private key used for the public key, and stores the identifier of the owner of the public key, the public key of the signer of the data part, and at least the identifier and the public key information. A data extraction process for analyzing certified data which includes at least a certificate part including an identifier and a signature of a certification authority to be performed and further includes a certificate expiration date, a signature part extraction process, and a certificate extraction process 18. A recording medium storing an IC card system communication data protection processing program according to claim 17, wherein said authorized data analysis processing is performed. 19. The IC according to claim 17, wherein in the public key extracting process, a certificate signature verifying process for verifying a signature of a certificate authority in the certificate is performed in the certificate verifying process. A recording medium on which a card system communication data protection processing program is recorded. 20. An expiration date extracting process for extracting an expiration date from a certificate in the certificate verification process based on a time transmitted as an additional element from the IC card terminal in the data analysis process; The validity period for comparing the time information transmitted from the terminal or the time information managed in the time-manageable IC card with the validity period obtained in the validity period extraction processing to verify the certificate validity period 20. A recording medium on which an IC card system communication data protection processing program according to claim 17 or 19, which performs verification processing. 21. In the data analysis process, a time information extracting process for separating a time information portion, which is a time transmitted as an additional element from the IC card terminal, from other authorized data is performed. In the verification processing, the expiration date extraction processing for extracting the expiration date from the certificate, the time information obtained in the time information extraction processing or the time information managed in the IC card capable of time management and the expiration date extraction 2. An expiration date verification process for comparing the expiration date obtained by the process and verifying the certificate expiration date is performed.
20. A recording medium on which the IC card system communication data protection processing program according to 8 or 19 is recorded. 22. Binary data in which the structure of the certificate part is expressed by hierarchical tags and lengths and values, and in the IC card, the certified data analysis processing or the expiration date extraction processing or A request is received from a certificate signature extraction process, the binary data is processed as it is with a tag, a length, and a value, and a tag-length-value binary parsing process for extracting only a necessary tag value is performed. 22. A recording medium on which the IC card system communication data protection processing program according to claim 19, 20 or 21 is recorded. 23. In the command control processing, I
A data signature verification control determining process for determining the presence or absence of a signature and a certificate for a data portion of an arbitrary command transmitted from the C card; and a process for dispatching the command to a command execution process based on the result of the data signature verification control determining process. 18. A data signature verification control process for transferring data for verifying the signature validity of the data to the data signature verification control process when there is a signature / certificate. 22. A recording medium recorded with the IC card system communication data protection processing program according to any one of 22. 24. In the data signature verification control process, a request from the IC card terminal is received, the authorized data and time information are additionally received from the command control process, and the verification result of the signature validity is transmitted to the command. Performs a data signature verification interface process to be returned to the control process. In the public key extraction process, receives a request from the IC card terminal, receives a certificate and additional time information from a command control process, and extracts from the certificate. And performing public key extraction interface processing for returning data in the certificate having at least the obtained public key to the command control processing. In the certificate verification processing, a request from the IC card terminal is received, and a certificate is issued from the command control processing. Receives the public key number of the signature on the certificate and certificate and additionally time information, and verifies the validity of the certificate Recording medium recording the IC card system communication data protection program according to any one of claims 17 to 23, characterized in that the certificate validation interface processing to return the result to the command control processing.