JP2001056798A - Card authentication system using unidirectional function - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a card authentication system to be hardly illegally utilized by a third person by enciphering secret information required for utilizing a card by using a unidirectional function. SOLUTION: In the system provided with a card preparing means for recording prescribed information containing information for identity authentication on the card and an authenticating means 10 for performing the identity authentication from the information recorded on the card and the secret information inputted by the user of the card, the card preparing means is provided with an arithmetic means for providing enciphered secret information by substituting the result of adding the other information recorded on the card to the secret information to the prescribed unidirectional function and a writing means for writing the enciphered secret information on the card together with the other information and the authenticating means 10 is provided with an arithmetic means 15 for providing information for authentication by substituting the result of adding the other information to the secret information inputted by the card user to the unidirectional function and a comparing means 16 for performing the identity authentication by comparing the enciphered secret information read from the card with the information for verification.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a card authentication system for authenticating a card when the card is used in a cash dispenser or the like of a financial institution.

[0002]

2. Description of the Related Art Conventionally, in an automatic teller machine (ATM) of a financial institution, operations such as withdrawal of cash are performed using a cash card. At this time, the ATM is provided with a card authentication system so as to be able to authenticate whether or not the card user is a valid owner of the card in order to prevent misuse by a person other than the valid owner of the card.

[0003] In order to realize card authentication, in advance,
Necessary information is prepared and recorded on a card (hereinafter, referred to as pre-processing), and when the card is used for withdrawing cash or the like, it is authenticated whether or not the user is a valid owner of the card ( Hereinafter, authentication processing).

FIG. 11 is a conceptual diagram of pre-processing in a conventional card authentication system, and FIG. 12 is a conceptual diagram of authentication processing in a conventional card authentication system. In the conventional pre-processing shown in FIG. 11, a password A such as a password as secret information arbitrarily set by a valid owner of a card is used.
1 and the additional data C such as the name and date of birth of the rightful owner
01 was recorded on the stripe-shaped magnetic storage unit 102 provided on one side.

In the authentication process shown in FIG. 12, when the user inserts the card 101 into the ATM 103, the password A1 is transmitted from the magnetic recording unit 102 of the card 101.
At the same time, the user inputs a password A2 on an input device such as a touch panel, and compares the read password A1 with the input password A2 with the comparing unit 1.
04 compared each other. If they match, it is determined that the user of the card 101 is a valid owner, and cash withdrawal and the like have been permitted.

[0006]

However, when a third party acquires the card 101, the password A1 becomes
Since it is recorded as it is on the magnetic recording unit 102,
By analyzing the magnetic data, there is a danger that the password will be known to a third party and misused.

The present invention has been made to solve such a problem in the conventional card authentication system.
An object of the present invention is to provide a card authentication system that makes unauthorized use by a third party difficult by encrypting the password using a one-way function that is difficult to perform an inverse operation.

[0008]

In order to achieve the above object, the present invention provides a card producing means for recording predetermined information including information for personal authentication on a card, and information recorded on the card and the card. A card authentication system comprising: authentication means for performing personal authentication from secret information input by a user of the present invention, wherein the card creation means adds at least other information to be recorded on the card to the secret information. To a predetermined one-way function to obtain encrypted secret information, and writing means for writing the encrypted secret information to the card together with other information. Calculating means for obtaining authentication information by substituting secret information input by a user and at least other information recorded on the card into the predetermined one-way function; Wherein by comparing the authentication information and the encrypted secret information read from configured and a comparison means for performing personal authentication.

The present invention is also a card authentication system for performing personal authentication based on information recorded on a card and secret information input by a user of the card, wherein the secret information is recorded at least on the card. A storage unit in which encrypted secret information obtained by substituting the information with other information into a predetermined one-way function is stored in advance, and at least secret information input by a user of the card is read from the card. The arithmetic unit that obtains the authentication information by substituting the information added with the other information into the predetermined one-way function is compared with the encrypted secret information stored in the storage unit and the authentication information. And comparison means for performing personal authentication.

In the present invention, the other information input to the predetermined one-way function may be a part of other information recorded on the card.

[0011] The encrypted secret information and the authentication information can be obtained by inputting, to the predetermined one-way function, information to which one of a plurality of pieces of information not recorded on the card is further added. May be something.

[0012]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail based on the illustrated first embodiment of the present invention. In the present embodiment, a process of calculating information to be recorded on the card and recording the calculated information and the like on the card (hereinafter, a pre-process);
When this card is used for withdrawal of cash or the like, a process of authenticating whether or not the user of the card is a valid owner of the card (hereinafter, an authentication process) is performed.

FIG. 1 is a block diagram showing the overall configuration of a card making apparatus for performing pre-processing, FIG. 2 is a block diagram showing the main configuration of an ATM for performing authentication processing, and FIG. 3 is a concept showing pre-processing. FIG. 4 and FIG. 4 are conceptual diagrams showing the authentication processing. In FIG. 1, the card making device 1 includes a touch panel 2, a card writer 3, a storage unit 4, and a CPU 5. The touch panel 2 is an input unit for a card creator such as a bank employee to input predetermined information, and also serves as a display unit for displaying predetermined information to the card creator. Further, the card writer 3 magnetically writes various types of information to be described later on a magnetic recording unit 21 provided on one side of the card 20. The storage unit 4 is storage means for storing various information described below. The CPU 5 is control means for controlling the touch panel 2, the card writer 3, and the storage unit 4,
It is configured to include a calculation unit 6.

The operation section 6 performs an operation by substituting the input information into a one-way function, and obtains a function value as a result. Here, the one-way function refers to a function in which the forward operation F (x) is easy, while the backward operation F-1 (x) is difficult or impossible. As this one-way function, an arbitrary one-way function such as a well-known function utilizing a difficulty such as a discrete logarithm problem or a prime factorization can be used.

FIG. 2 shows an ATM as an authentication means.
Reference numeral 10 denotes only components necessary for the authentication process, and includes a touch panel 11, a storage unit 13, and a CPU 14, almost in the same manner as the above-described card creating apparatus 1. However, the ATM 10 includes a card reader 12 instead of the card writer 3, and the card reader 12
Thereby, information recorded in the magnetic recording unit 21 of the card 20 can be read. Further, the CPU 14 is provided with a comparison unit 16, which compares calculated values described later.

Next, the pre-processing using the card making device 1 will be described. In this preprocessing, as shown in FIG. 3, the card user arbitrarily creates the password A1 within a predetermined bit length range. Further, the card creator arbitrarily creates data B as input information within a predetermined bit length range. The password A1 and the data B are transmitted via the touch panel 2 to the card creating device 1
, The one-way function F
By (A1 + B), the encrypted password A1 'is calculated.
The encrypted password A1 ′ and the above-described data B are output to the card writer 3 and recorded on the magnetic recording unit 21 of the card 20. Note that the password A1 is not recorded on the card 20 but is stored by the authorized owner of the card 20. This ends the pre-processing.

Each time a card user uses the ATM 10, authentication processing is performed by the ATM 10. In this authentication process, first, the card user inserts the card 20 into the card reader 12, and the encrypted password A1 'and data B recorded in the magnetic recording unit 21 of the card 20 are read. Next, when a message prompting the input of a password is displayed on the touch panel 11, the card user responds to this and inputs the password A2 stored therein to the ATM 10 via the touch panel 11.

When the password A2 is input, the password A2 and the data B read earlier are used to
The calculation unit 15 calculates the authentication information A2 ′ by using the one-way function F (A2 + B).

The authentication information A2 'and the encrypted password A1' read earlier are compared with each other in the comparing section 16. Here, if the encrypted password A1 '= authentication information A2' holds, the password A1 =
Since it can be determined that the password is the password A2, it can be determined that the card user is a valid owner of the card 20. On the other hand, the encrypted password A1 '≠ the authentication information A2'
In this case, it can be determined that the password A1 ≠ the password A2, and it is determined that the card user is not a valid owner of the card 20. In this case, the user is required to input the password again, or a message that the password is invalid is displayed.

In such pre-processing and authentication processing, it is very difficult to estimate the password A1 from information stored in the card 20. For example, even if the card 20 is stolen and its magnetic information is analyzed, the password A1 'and the data B
It is almost impossible to find 1. The difficulty of the inverse operation in a one-way function depends on the bit length of data input to the function. In the present embodiment, as the input data, not only the password but also data to which other information is added is used to increase the bit length, thereby increasing the difficulty of decoding. Therefore, in the authentication process, it is virtually impossible for a third party who does not know the password to input the correct password A1.

Next, as a modification of the first embodiment, the second
The fourth to fourth embodiments will be sequentially described. First, a second embodiment will be described. The configuration and method that are not particularly described here are the same as in the first embodiment. FIG. 5 is a conceptual diagram showing a pre-process in the present embodiment, and FIG. 6 is a conceptual diagram showing an authentication process in the present embodiment.

In this embodiment, a plurality of data B1 to B3 are prepared in place of the data B in the first embodiment, and an encrypted password and authentication information are used by using a part of the data B1 to B3. Is what you want. In the present embodiment, data B1 and B3 of data B1 to B3 are included.
Is shown, but other combinations may be used.

Specifically, in the pre-processing shown in FIG.
A password A1 and a plurality of data B1 to B3 are input to the card making device 1. Then, the password A1 and the data B1 and B3 are substituted into the one-way function F (A1 + B1 + B3) to obtain an encrypted password A1 '. Then, the encrypted password A1 ′ and all data B1 to B3 are recorded on the card 20.

In the authentication process shown in FIG.
0 to the encrypted password A1 'and all data B1 to
Read B3. Then, the password A2 input by the user and the data B1 and B3 read from the card 20 are substituted into the one-way function to obtain authentication information A2 '. Then, the authentication is performed by comparing the authentication information A2 'with the encrypted password A1' read from the card 20.

Here, which of the plurality of data B1 to B3 is used to calculate the encrypted password and the authentication information is set in advance in the card making apparatus 1 and the ATM 10. As described above, by using a part of the information recorded on the card, it becomes more difficult to specify the information input to the one-way function.

Next, a third embodiment will be described. However, configurations and methods that are not particularly described are the same as in the second embodiment. FIG. 7 is a conceptual diagram illustrating the pre-processing according to the present embodiment, and FIG. 8 is a conceptual diagram illustrating the authentication processing according to the present embodiment.

In this embodiment, the encrypted passwords for all the users obtained in the preprocessing are stored in the storage unit 13 of the ATM 10 as a password table, and the authentication processing uses the encrypted passwords in this table. Make a comparison. That is, in the preprocessing of FIG. 7, after obtaining the encrypted password A1 ', only the data B1 to B3 are recorded on the card 20. On the other hand, the obtained encrypted password A1 ′ is stored in the storage unit 4 of the card making device 1. Similarly, the storage unit 4 stores a plurality of encrypted passwords calculated using different passwords and data for other users.

The password table of the storage unit 4 is copied to the storage unit 13 of the ATM 10 at least at a predetermined timing before the authentication processing is performed. The table may be transmitted to and stored only in the recording unit 13 of the ATM 10 without being recorded in the recording unit 4 of the card making device 1.

In the authentication process shown in FIG. 8, after obtaining the authentication information A2 ', the comparing unit 16 determines whether the authentication information A2' matches the corresponding encrypted password in the table in the storage unit 13. It is determined whether or not. If they match, it is determined that the card user is a valid owner of the card 20; According to the authentication system of the present embodiment, since the encrypted password is not recorded on the card 20, even if a third party analyzes the information of the card 20, it is completely impossible to know the password from the information. .

Finally, a fourth embodiment will be described. The configuration and method not particularly described are the same as those of the third embodiment. FIG. 9 is a conceptual diagram showing a pre-process in the present embodiment, and FIG. 10 is a conceptual diagram showing an authentication process in the present embodiment.

In this embodiment, an encrypted password is created by adding additional information that can be arbitrarily changed by the authenticator, and this is stored in the ATM 10 as a password table. In the authentication process, the comparison is performed using the encrypted password in this table.

In the preprocessing shown in FIG. 9, the storage unit 4 stores a plurality of data E1 to E4 as additional information in advance. It is assumed that this additional information is created as a result of some calculation by the user of the card 20, the authenticator, or both. The data E1 to E4 are also stored in the storage unit 13 of the ATM 10 as shown in FIG.

Then, a password A1, data B1, B3
In addition, the data E1 selected by the authenticator from the plurality of data E1 to E4 is input to the one-way function to obtain the encrypted password A11 '. Similarly, data E2 to E4
Is input to the password A1, the data B1 and B3, and an operation is performed by a one-way function to obtain encrypted passwords A12 ', A13' and A14 ', respectively. Then, these encrypted passwords are stored in the storage unit 13 of the ATM 10 in FIG. 10 as a password table.

In the authentication process of FIG. 10, in addition to the password A2 input by the card user and the data B1 and B3 read from the card, the data E1 called from the storage unit 13 is input to the one-way function. Authentication information A21 'is required. The comparing unit 16 determines whether the authentication information A21 ′ matches the encrypted password A11 ′ stored for the data E1 in the storage unit 13.

In such processing, a plurality of data E
Regarding which data among 1 to E4 is used,
The data can be updated irregularly or periodically by a certifier such as a bank and set in the data creation device and the ATM 10 in advance.
Therefore, even if the magnetic information of the card 20 is analyzed by a third party, part of the input data of the one-way function changes, making it virtually impossible to know the password.

The embodiment of the present invention has been described with reference to the drawings. However, it is apparent that the present invention is not limited to the matters described in the above embodiments, and that changes, improvements, and the like can be made based on the description in the claims.

[0037]

As described above, according to the present invention, even if the information stored in the card is analyzed by a third party, it is possible to estimate the secret information required for using the card from the third party. And the security against unauthorized use of the card can be enhanced.

In the card authentication system according to the present invention, the length of the information bit input to the one-way function can be increased by adding other information to the secret information. Even in such a case, it is guaranteed that the inverse operation is more than a certain degree.

In particular, by using a part of the information input to the one-way function as a part of the card information, other than the card information, or changing the information regularly or irregularly, the security can be further improved. Is improved.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an overall configuration of a card making apparatus for performing pre-processing in each embodiment of the present invention.

FIG. 2 is a block diagram showing a main configuration of an ATM for performing an authentication process in each embodiment of the present invention.

FIG. 3 is a conceptual diagram illustrating pre-processing according to the first embodiment.

FIG. 4 is a conceptual diagram illustrating an authentication process according to the first embodiment.

FIG. 5 is a conceptual diagram illustrating pre-processing in a second embodiment.

FIG. 6 is a conceptual diagram illustrating an authentication process according to the second embodiment.

FIG. 7 is a conceptual diagram illustrating pre-processing according to a third embodiment.

FIG. 8 is a conceptual diagram illustrating an authentication process according to a third embodiment.

FIG. 9 is a conceptual diagram illustrating pre-processing according to a fourth embodiment.

FIG. 10 is a conceptual diagram illustrating an authentication process according to a fourth embodiment.

FIG. 11 is a conceptual diagram showing pre-processing in a conventional authentication system.

FIG. 12 is a conceptual diagram showing an authentication process in a conventional authentication system.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Card making apparatus 2, 11 Touch panel 3 Card writer 4, 13 Storage unit 5, 14 CPU 6, 15 Operation unit 10 ATM 12 Card reader 16 Comparison unit 20 Card 21 Magnetic recording unit

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (reference) H04L 9/32 G07F 7/08 B H04L 9/00 675A

Claims (4)

[Claims] 1. A card creating means for recording predetermined information including information for personal authentication on a card, and for performing personal authentication based on information recorded on the card and secret information input by a user of the card. A card authentication system comprising: an authentication unit, wherein the card creation unit substitutes at least another information to be recorded on the card into the secret information into a predetermined one-way function, and Computing means for obtaining information;
Writing means for writing the encrypted secret information to the card together with other information, wherein the authentication means adds at least other information recorded on the card to secret information input by a user of the card Calculating means for obtaining the authentication information by substituting the information into the predetermined one-way function, and comparing means for comparing the encrypted secret information read from the card with the authentication information to perform personal authentication. And a card authentication system using a one-way function. 2. A card authentication system for performing personal authentication from information recorded on a card and secret information input by a user of the card, wherein at least other information recorded on the card is included in the secret information. A storage unit in which encrypted secret information obtained by substituting the added one for a predetermined one-way function is stored in advance, and at least other information read from the card into secret information input by a user of the card Is added to the predetermined one-way function to obtain authentication information, and the encrypted secret information stored in the storage means is compared with the authentication information to perform personal authentication. A card authentication system using a one-way function. 3. The one-way function according to claim 1, wherein the other information input to the predetermined one-way function is a part of other information recorded on the card. Card authentication system using. 4. The encrypted secret information and the authentication information are obtained by inputting, to the predetermined one-way function, information further added with one of a plurality of pieces of information not recorded on the card. A card authentication system using a one-way function according to claim 1, 2 or 3.