JP2001155075A - Ic card, card utilizing system using the same and card distribution system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain improvement in convenience by automatically performing a series of operations from the start of communication line connection application software to an authentication concerning an IC card on which an IC chip is packaged and with which prescribed arithmetic processing is performed, a card utilizing system and a card distribution system. SOLUTION: This system is provided with an EEPROM 16 for storing at least identification data for a communication line connection, the address of a home page to be connected through a communication line and a secret key required for requesting the authentication, a ROM 15 for storing a program for performing transmission processing of the identification data, the address and prescribed data and arithmetic processing for the authentication based on the secret key, and at least CPU 12 for performing an arithmetic operation for the start of a browser connected to the communication line on the basis of the address or the like the authentication of a computer accessed through the communication line on the basis of the secret key by using the program.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an IC card on which an IC chip is mounted to perform predetermined arithmetic processing, a card utilization system, and a card delivery system.

[0002]

2. Description of the Related Art In recent years, an IC card has been generally used for performing an arithmetic processing by mounting an IC chip instead of a simple memory function. For example, the IC card is used for electronic commerce and the like together with holding personal data. ing. on the other hand,
As the usage rate of the Internet increases, online business transactions and transmission and reception of various electronic documents are actively performed. Therefore, improvement in convenience when using an IC card online is desired.

Conventionally, as an example of using an IC card for electronic commerce, for example, a browser is first started using a personal computer or the like, an ID number or a password is transmitted to a contract provider, and the Internet is connected. It is used for browsing, making reservations, ordering, etc. by connecting to the homepage of a desired commercial company via the Internet, and personal authentication may be performed due to browsing restrictions, settlement in transactions, and the like. For example, authentication can be performed by storing an authentication key, a password, and the like of the user in an IC card in advance and mounting the card on a card device and reading it when necessary.

That is, the connection on the Internet by using an IC card is performed by sending data such as an authentication key to an authentication server of a provider or a connection destination company, and comparing the data with the authentication key read from the IC card. In this case, personal authentication is performed, and the IC card plays a large role in the authentication process.

[0005]

However, when trying to connect to a predetermined homepage as described above,
It is necessary to perform a series of operations from the start of the browser to the transmission of the password and the authentication key (authentication of the authentication server), and the operation is cumbersome because there are not many erroneous input of the password and the authentication key. There is. In particular, there is a problem that the use of the IC card is reduced due to the complexity of the operation when trying to use a computer at a place different from the computer that is normally used.

In view of the above, the present invention has been made in view of the above-mentioned problems, and an IC card for improving convenience by automatically performing a series of operations from start-up of communication line connection application software to authentication. It is an object to provide a system and a card delivery system.

[0007]

According to the first aspect of the present invention, a card device is connected to a computer connected to a communication line accessible to a predetermined number of computers. In an IC card on which arithmetic processing, data recording, and reproduction are performed via at least identification data for connection to the communication line, an address of a predetermined computer connected via the communication line, and a computer desired to be connected Individual data storage means for storing key data necessary for an authentication request from
Processing data storage means for performing processing for transmitting the identification data, address, and predetermined data, and storing processing data for performing an operation for authentication based on the key data; Based on the processing data stored in the storage means, to perform the transmission processing, arithmetic processing, the address, start up application software for connecting the predetermined computer to the communication line based on the identification data, Arithmetic processing means for performing an arithmetic operation for authentication with the computer accessed via the communication line based on the key data.

[0008] The invention according to claims 2 and 3 has a structure in which predetermined service data for use of the card is rewritably recorded in the individual data storage means.
The "key data stored in the individual data storage means is used to decrypt predetermined encrypted data sent to the computer to which the card device is connected".

According to the fourth aspect of the present invention, a predetermined number of computers are freely connectable, and one computer and another computer are freely accessible and connected to the communication line. A predetermined number of client computers accessible to another computer via the communication line; a card device connected to the client computer for communicating with an IC card; and the client computer A server provided with at least an authentication server that is accessed via the communication line based on key data for an accessor, and according to at least one of claims 1 to 3, The client computer is connected to the communication line for the client computer. Launch the application, to the server that the client computer is connected, the IC card for performing an authentication on the basis of the key data held, a configuration of the card utilization system having a.

According to a fifth aspect of the present invention, the IC card according to any one of the first to third aspects is provided to a corresponding customer based on a customer database storing predetermined data of the predetermined customer. IC card recording means for recording data to be stored, card reading means for reading predetermined data stored in the IC card, and the IC corresponding to the customer based on the customer database
Delivery body printing means for printing at least an identification code associated with predetermined data stored on the card on a delivery body, image reading means for reading the identification code printed on the delivery body, and image data read by the card reading means. Collating means for collating the predetermined data with the identification code read by the image reading means; and when the predetermined data and the identification code match by the collating means, the I.
And a sealing means for sealing the C card and sending it to the customer.

As described above, the IC card of the present invention is configured to transmit at least the identification data, the address, the key data and the predetermined data, and to perform the authentication processing and the arithmetic processing of the decryption of the encrypted data based on the key data. Arithmetic processing means. That is, the identification data, launching application software for connecting the computer to the communication line by transmitting the address, and connecting to the desired computer,
The operation request for authentication is performed based on the key data in response to the authentication request from the connected computer, and the convenience is improved by automatically performing a series of operations.

Further, in order to access the computers connected to a predetermined communication line using the above-mentioned IC card, a predetermined number of client computers connected to the card device and an authentication server are provided. A card utilization system for connecting a predetermined number of servers to a communication line is constructed. That is, when the predetermined client computer and the server are securely connected via the communication line, a series of operations can be automatically and smoothly performed by the IC card, and the use frequency of the predetermined server is improved. Things.

Further, by constructing a card delivery system for performing a series of steps from creation of an IC card to enclosing in a delivery body and shipping, a circulation model in the use of the IC card in the card utilization system from the card production can be constructed. It is possible.

[0014]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Preferred embodiments of the present invention will be described below with reference to the drawings. FIG. 1 shows a configuration diagram of the IC card of the present invention. FIG. 1A shows an internal configuration, and FIG. 1B shows a model of data recorded in an EEPROM. IC card 11 shown in FIG.
Is mounted on a card device connected to the computer in a communication system in which a predetermined number of computers are connected to a communication line such as the Internet, and is a CPU (central processing) which is an arithmetic processing means.
An ng unit 12 is connected to the bus 13, and the bus 13 has an I / O 14 as an input / output interface, and a read only memory (ROM) as processing data storage means.
ory) 15, EEPROM as individual data storage means
(Electrically erasable pr
an programmable ROM (RAM) 16, a RAM (random access) as a work area for processing
memory) 17 is connected at least. It should be noted that other components such as a power supply necessary for incorporating the CPU are omitted.

As shown in FIG. 1B, the EEPROM 16 stores at least ID (identification) data and password, which are identification data for connecting the computer connected to the card device to a communication line, and the communication line. URL (uniformre) which is the address of a predetermined computer connected via
source locators), a secret key which is key data necessary for an authentication request from the computer desiring the connection is stored, and rewritable point data which is service data for the number of accesses is stored, for example.

In the ROM 15, the above ID, password,
A program (card OS (operating system) which is processing data for performing processing for transmitting predetermined data such as a URL and a calculated value (described later) and performing calculation for authentication based on the secret key. ), A processing program) are stored.

The CPU 12 performs the transmission processing and the arithmetic processing based on a program stored in the ROM 15, and connects a computer connected to the card device to a communication line based on the URL, ID and password. Application software installed on the computer (www (world)
d wide web) Launch a browser, and access the UR accessed via the communication line based on the secret key.
The calculation for authentication with the computer having the L content is performed.

The IC card 11 has a ROM 15
EEPROM1 based on the program stored in the
I / O of the URL, ID and password stored in
14, performs an operation on the authentication request based on the secret key, and transmits the operation value via the I / O 14. In addition to rewriting the request for rewriting the points recorded in the EEPROM 16, the secret key is read in response to the request for decrypting the encrypted mail, and the I / O
14.

FIG. 2 shows a configuration diagram of a card utilization system using the IC card of the present invention. FIG.
In the card utilization system 21 shown in (A), a client PC (computer) 2 which is one computer
2 is connected to a card device 23 for performing communication with the IC card 11, and the client computer 2
2 is connected to the Internet 24, which is a communication line, to make it freely accessible to another computer (server). A predetermined number of the client computers 22 are connected to the Internet 24, and a predetermined number of servers (authentication server 25, web server 26) are connected to the Internet.

Server (authentication server 25, web server 2)
6) is to restrict access targets by the authentication server 25 in order to prevent unauthorized access. The authentication server 25 may have a different configuration from the web server 26, and may be provided in the web server 26. It may be. In such a card utilization system 21, when the IC card 11 is mounted on a card device 23 connected to a predetermined client PC 22, communication between the IC card 11 and the client PC 22 and the IC card 1
1 and the connection destination server (authentication server 25, web server 2
6), and communication between the client PC 22 and the server (authentication server 25, web server 26).

That is, as shown in FIG.
The URL is transmitted from the IC card 11 between the card 11 and the client PC 22, and the client PC 22
Sends an ID and password request, and the IC card 11 sends an ID and password. Also, I
Between the C card 11 and the server (authentication server 24), an authentication request is transmitted from the authentication server 25, an operation value is transmitted from the IC card 11, and points are added from the authentication server 25 as service data for each access, for example. Is transmitted.

Here, FIG. 3 shows a flowchart of authentication by the IC card and the authentication server in FIG. FIG. 3A shows the processing of the IC card 11. For example, an ID and a password for a predetermined provider for connecting to the Internet 24 are recorded and set in the EEPROM 16 of the IC card 11. A URL and a secret key for accessing a dedicated homepage (server (authentication server 25, web server 26)) are recorded and stored. For example, in a case where communication between a bank and a customer such as deposit and balance inquiry is performed on the bank's home page via the Internet, the customer holds the IC card 11 and the bank checks the access target person. Authentication is performed by the authentication server 25.

First, the IC card 11 is inserted into the card device 23
When the CPU 12 is mounted on the
RL is read (step (S) 1), and the client P
Send to C22. Upon receiving the URL, the client PC 22 starts up a www browser and requests an ID and a password for connecting to the Internet 24 (connecting to a provider) (S2). In response to this request,
The ID and the password are read from the EEPROM 16 and transmitted to the client PC 22 (S3). As a result, the client PC 22 is connected to the server having the URL content (the authentication server 25 of the homepage established by the target bank and the web server 26) via the Internet 24.

When there is an authentication request from the authentication server 25 (S4), the CPU 12 responds to the request by the EEPROM 12.
Then, a secret key is read from the key 16 (S5), a predetermined operation is performed based on the secret key (S6), and the operation value is transmitted to the authentication server 25 (S7). Note that if there is a request from the authentication server 25 to rewrite the above points on the EEPROM 16, rewriting is performed.

On the other hand, in the authentication server 25, when there is an access request from the client PC 22, as shown in FIG. 3B, the client PC 22 (IC card 11)
An authentication request is transmitted to (S11). When the calculated value calculated by the IC card 11 is received and captured in response to the authentication request (S12), based on the calculated value, whether or not the accessor is a legitimate customer is compared and authenticated (S1).
3). If the result of the comparison authentication does not match the regular customer (S
14), the access is denied (S15), and if they match (S14), the homepage (UR
L) (S16). If the service point system is adopted, the EEPROM of the IC card 11 is used.
16 is transmitted (S1).
7).

As described above, the holder of the IC card 11, which is a customer, uses the IC card 11 to start up the www browser of the client PC 22, authenticates the authentication server 25 on the bank side, Server 2
6 can automatically perform a series of operations up to the connection to the card holder 6, thereby improving the convenience for the card holder.
The use of cards is promoted. In addition, by using such an IC card 11, a series of operations from starting a web browser to connecting to the Internet 24 and authenticating can be automatically performed easily even in a computer system where the user is away from home. is there. This leads to an increase in the number of accesses to the server (such as a bank) to be connected, and has the advantage that the frequency of use can be increased.

In the above embodiment, the case where the Internet is used as the communication line has been described. However, a LAN (local area network) for constructing an intranet is used.
rk) and WAN (wide) using a public line or a dedicated line.
Away network) can also be applied. The application of the IC card 11 is not limited to a financial relationship such as a bank, but can be applied to any communication system that requires authentication, such as access to a database.

Next, FIG. 4 shows an explanatory diagram of another application example in the card utilization system using the IC card of the present invention. In the card utilization system 21 shown in FIGS. 4A and 4B, a client PC of a customer is taken as an example of a bank.
The client PC 22 obtains the encrypted mail by transmitting via the Internet 24 the encrypted mail of the encrypted data in which the account balance verification is described in the client 22 (S22).
21).

When the customer views the encrypted mail on the client PC 22, the client PC 22 attaches the IC card 11 to the card device 23 so that the client PC 22
The IC card 11 issues a secret key request to the card 11, and the IC card 11 reads the secret key stored in the EEPROM 16 and sends it to the client PC 22, whereby the client PC 22 acquires the secret key (S22). The encrypted mail is decrypted by performing a decryption operation in the client PC 22 based on the secret key (S2).
3).

As described above, since the sent encrypted mail is decrypted using the secret key stored in the IC card 11, the encrypted mail can be viewed only by the holder of the IC card 11. This makes it impossible to ensure the privacy of such confidential e-mail to the customer himself / herself securely and safely.

Next, FIG. 5 shows a configuration diagram of a card delivery system to which the IC card and card utilization system of the present invention is applied. The card delivery system 31 shown in FIG. 5 includes a customer database (DB) 32 in which predetermined data (including the unique data shown in FIG. 1B) of a customer who holds the IC card 11 is stored. An IC card recording means 33 for recording unique data as shown in FIG. 1B in the EEPROM 16 of the card is provided. Note that a program such as a card OS is installed in the IC card in advance as described with reference to FIG.

Further, based on the customer data in the customer DB 32, predetermined contents such as the address of the customer are printed on a delivery body such as an envelope, and identification codes (numbers, bar codes, etc.) for associating with the IC card. ) Is provided. That is, the delivery body printing means 3
The delivery body printed at 4 is transported, and the IC card 11 on which data is recorded by the IC card recording means 33 is transported.

A card reading means 35 for reading a part of the data (for example, customer ID) recorded on the IC card 11 is disposed on the transport system of the IC card 11, and is provided on the transport system of the delivery body. Image reading means 36 for reading the printed identification code is arranged. A matching unit 37 for comparing data read by the card reading unit 35 with an identification code read by the image reading unit 36.
Is provided. The enclosing means 38 for enclosing the corresponding IC card 11 in the delivery body according to the collation result of the collating means 37.
Are arranged, and a delivery body in which the IC card 11 is properly sealed is sent out.

FIG. 6 shows a flowchart of the card delivery system shown in FIG. In FIG. 6, first, customer D
The data of the customer to be delivered (ID, password, secret key, etc. shown in FIG. 1B) is read from B32 (S31).
A), this is recorded in the EEPROM 16 of the IC card by the IC card recording means 33, and the URL of the homepage on the Internet to be accessed is
Is recorded and transported (S32A). Then, for example, the customer ID is read by the card reading means 35 at the enclosing position on the transfer path of the IC card 11 to be transferred, and is sent to the collation means 37 (S33A).

On the other hand, the IC card 1
1 is read and the customer's address and ID to be held (S31).
B) The delivery body printing means 34 prints the address and the identification code associated with the ID on the delivery body (S32B).
Then, the identification code printed on the conveyed delivery body at the enclosing position on the conveyance path is read by the image reading means 36 and sent to the collation means 37 (S33B).

The collating means 37 collates the ID read by the card reading means 35 with the identification code read by the image reading means 36, and if the associations do not match (S
35), an error is displayed without enclosing (S36).
If they match (S35), the I
The C card 11 is sealed by the sealing means 38 (S3
7) This is to be sent to the customer.

As described above, the production of the IC card 11 and the encapsulation of the IC card 11 in the delivery body can be performed in a series of operations. Server 25
Of the IC card 11 by the client PC 2
In combination with the use of the card utilization system 21 such as decryption of the encrypted mail in 2, it is possible to construct a cyclic model for a series of card use.

[0038]

As described above, according to the first to third aspects of the present invention, at least identification data, an address,
By retaining key data and arithmetic processing means for performing processing of transmitting predetermined data and performing authentication processing and decryption of encrypted data based on the key data, the predetermined service data can be freely rewritten as appropriate. By recording and decrypting the transmitted encrypted data based on the key data, a series of operations from the start-up of the application software to connect to the communication line regardless of the installation location of the computer to the authentication are automatically performed. By doing so, the convenience can be improved, and the use of cards can be promoted.

According to the fourth aspect of the present invention, a card utilization system for connecting a predetermined number of client computers connected to a card device and a predetermined number of servers having an authentication server to a communication line is constructed, and the above-mentioned IC card is constructed. The above-mentioned IC card enables a series of operations to be performed automatically and smoothly when connecting a predetermined client computer and a server safely via a communication line, thereby improving the frequency of using the predetermined server. That can be done.

According to the fifth aspect of the present invention, by constructing a card delivery system that performs a series of steps from production of an IC card, encapsulation to a delivery body, and delivery, startup of the communication line connection application software from creation of the card to connection. Authentication, the rewriting of service data as needed, and the circulation model for using the IC card up to the decryption of the encrypted data can be constructed.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of an IC card of the present invention.

FIG. 2 is a configuration diagram of a card utilization system using the IC card of the present invention.

FIG. 3 is a flowchart of authentication by an IC card and an authentication server in FIG. 2;

FIG. 4 is an explanatory diagram of another application example in the card utilization system using the IC card of the present invention.

FIG. 5 is a configuration diagram of a card delivery system applied to the IC card and card utilization system of the present invention.

FIG. 6 is a flowchart of the card delivery system of FIG. 5;

[Explanation of symbols]

 11 IC card 12 CPU 15 ROM 16 EEPROM 21 Card utilization system 22 Client PC 23 Card device 24 Internet 25 Authentication server 26 Web server 31 Delivery system 32 Customer DB 33 IC card recording means 34 Card reading means 35 Delivery body printing means 36 Image reading Means 37 Enclosure means

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (reference) G06K 19/00 G06K 19/00 T

Claims (5)

[Claims] 1. A card device is connected to a computer connected to a communication line accessible to a predetermined number of computers, and arithmetic processing, data recording, and the like are performed via the card device.
In an IC card to be reproduced, at least identification data for connecting to the communication line, an address of a predetermined computer connected via the communication line, and key data required for an authentication request from the computer desired to connect. And individual data storage means for storing processing data for transmitting the identification data, the address and the predetermined data, and processing data for performing an operation for authentication based on the key data. Processing data storage means for performing the transmission processing and the arithmetic processing based on the processing data stored in the processing data storage means, and connecting the predetermined computer to the communication line based on the address and the identification data. Launch the application software for connection and establish the communication line based on the key data. IC card and having a arithmetic processing unit that performs the authentication calculation and accessed the computer to. 2. The IC card according to claim 1, wherein predetermined service data for use of said card is rewritably recorded in said individual data storage means. 3. The IC card according to claim 1, wherein the key data stored in the individual data storage means is a predetermined cipher data transmitted to the computer to which the card device is connected. An IC card for use in decrypting an IC card. 4. A predetermined number of computers are freely connectable,
A communication line constructed so that one computer and another computer can be freely accessed; and a predetermined number connected to the communication line and accessible to another computer via the communication line. A client computer connected to the client computer;
A card device for performing communication with a C card, a server which is accessed by the client computer via the communication line, and includes at least an authentication server which authenticates an accessor based on key data. 4. The server to which at least one of the first to third aspects is mounted, wherein an application for connecting the communication line to the client computer is installed in the card device, and the client computer is connected to the server. A card utilization system comprising: an IC card for performing authentication based on key data held by the IC card. 5. The IC according to claim 1, wherein said customer is stored in a customer database in which predetermined data of the predetermined customer is stored.
IC card recording means for recording data stored in the card; card reading means for reading predetermined data stored in the IC card; and, based on the customer database, stored in the IC card corresponding to the customer. Delivery body printing means for printing at least a delivery code with an identification code related to the given data; image reading means for reading the identification code printed on the delivery body; and predetermined data read by the card reading means. A collating means for collating the identification code read by the image reading means; and, when the predetermined data and the identification code match by the collating means, enclosing the IC card in the corresponding delivery body. A card delivery system comprising: an enclosing means for sending to a customer.