JP2001195551A - Ic card reader and ic card system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make preventable an illegal action to an IC card such as revising information preserved on an IC chip and to make preventable the illegal forgery of the IC card while utilizing a forged IC card reader. SOLUTION: When verifying the card, a device ID 2 and a random number R1 generated by a random number R1 generating part 19 are transmitted to an IC chip 7 as a verify command 14 by an IC card R/W 5. With the device ID 2 provided by removing the random number R1 by decoding the received verify command 14 as a retrieval key, original data 30 corresponding to that device ID 2 can be provided from an ID original table 4 by an IC chip 7. Besides, enciphered original data 3 read from an optical mark hologram 11 are deciphered by a measuring instrument 17 and the original data 3 and 30 are comparatively collated by a comparative collation algorithm 21.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an IC card reader and an IC card system.

[0002]

2. Description of the Related Art Conventionally, a magnetic card has been known as a magnetic recording medium which is one of information recording media. The magnetic card can write necessary information (magnetic information) on a magnetic stripe via a magnetic recording / reading / writing device or the like, and can read necessary magnetic information from magnetic information stored on the magnetic stripe. The magnetic information is stored in a secret state by encrypting the magnetic information.

[0003]

As described above, by simply encrypting and storing magnetic information in a magnetic card, "decryption" by a third party or the like can be prevented, but forgery of the magnetic card is prevented. And alterations may not be fundamentally prevented. In other words, a new counterfeit magnetic card may be created by stealing the magnetic information stored on the magnetic card and copying the magnetic information as it is onto the magnetic stripe of another magnetic card. Further, in some cases, it is possible to newly create a falsified magnetic card by, for example, copying the balance information and the like stored in an unused prepaid card constituted by a magnetic card to a magnetic stripe portion of the used prepaid card.

Therefore, as a means for preventing forgery or falsification of the card as described above, there has been proposed a method of using an IC card having an IC chip capable of freely writing and reading information instead of the magnetic card. I have. This method focuses on the tamper resistance of the IC chip (that is, the property that the contents of the information to be stored are not easily seen, falsified, or broken when the contents of the information to be stored are viewed). It is described that information can be recorded or stored in an IC chip safely to some extent depending on its nature. However, recently, technologies for forging or falsifying the IC chip itself are often disclosed on the Internet, so that information stored in the IC chip is falsified, Alternatively, there is a problem that fraud such as unnecessary decryption frequently occurs. As a result, the reliability of the security of the IC chip itself has been greatly reduced as compared with the past, and the fact is that the security of the IC card is even questioned. Moreover, it has become technically difficult to forge the IC card reader itself. For example, it is possible to eavesdrop legitimate information recorded in a legitimate reader and create a fake reader with that information. As a result, there is a concern that a valid IC card is set in the forged IC card reader and the information in the IC card is stolen.

[0005] Accordingly, it is an object of the present invention to prevent fraud on an IC card, such as falsification of information stored in an IC chip.

It is another object of the present invention to provide a forged I
An object of the present invention is to prevent forgery of an unauthorized IC card using a C card reader.

[0007]

An IC card reader according to a first aspect of the present invention holds an object of an authentication process for determining whether or not information for identifying an IC card reader is valid. With media.

In a preferred embodiment according to the first aspect of the present invention, the medium is any one of a write-once optical recording medium, a magnetic recording medium, and an electric recording medium.

An IC card system according to a second aspect of the present invention includes an IC card, and an IC card reader for recording necessary information and reading issued information of the IC card. A medium having information for identifying the card reader, the IC card reader holding an authentication processing target for determining whether the information for identifying the IC card reader is valid, The apparatus includes means for detecting a target held on a medium, and means for comparing and matching the detected target with the identification information.

[0010] In a preferred embodiment according to the second aspect of the present invention, the identification information is present in each of the specific IDs among a plurality of IDs existing in the same IC card system and in the same IC card system. It is a table in which correspondence with each of the targets of the authentication processing is recorded. In this embodiment,
For example, the ID corresponding to the target is recorded in the reading device, and the comparison / matching unit compares and matches the target corresponding to the ID, obtained from the table, with the target on the medium.

[0011] In another preferred embodiment according to the second aspect of the present invention, the target is authentication processing target information encrypted using a predetermined encryption function and a predetermined key. The subject is I
This is the one written on the medium by the IC card issuing device when the C card is issued.

An IC card system according to a third aspect of the present invention includes an IC card and an IC card reader for recording necessary information and reading issued information of the IC card. An IC card reader having information for identifying the card reader, a target for authentication processing for determining whether the identification information is valid, and means for comparing and collating the identification information; Has means for detecting the object held in the medium, which is provided so as to enable at least comparison and collation with the medium holding the object.

An IC card system according to a fourth aspect of the present invention includes an IC card, and an IC card reader that records necessary information and reads issued information of the IC card. A medium holding an object of an authentication process for determining whether information for identifying an IC card reader is valid or not, and the IC card is
It has means for detecting the identification information of the C card reader, the object held in the medium, and means for comparing and collating the object with the identification information.

An IC card system according to a fifth aspect of the present invention includes an IC card and an IC card reader for recording necessary information and reading the issued information of the IC card. A medium holding an object of an authentication process for determining whether information for identifying an IC card reader is valid or not, and means for comparing and comparing the object with identification information; The card is I
There is provided means for detecting an object held on a medium, which is provided so as to be capable of at least comparison and collation with identification information of the C card reader.

[0015]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 is a block diagram showing a first embodiment of the present invention.
IC card issuing device (issuing device), IC card reading / writing device (IC card R /
W) and a block diagram showing an IC card.

In FIG. 1, the issuing device 1 is activated when an IC card is issued, and the ID of the issuing device (hereinafter referred to as device I).
D) 2, original data 3, ID / original table 4, encryption function (for example, common key encryption method) g,
It has a key Kg and a key Kf. IC card R / W5
Comprises a write once type optical recording medium (optical mark hologram) 11 such as a machine readable type hologram, and a memory 10. Note that the optical mark hologram 11 can be replaced with a small special substance, an ultrasonic vibrator, or the like. The IC card 6 includes an IC chip 7, and the IC chip 7 includes an ID / original table 4 provided from the issuing device 1 as described later,
The keys Kf and Kg are stored.

The above-mentioned original data 3 includes, for example, common data (referred to as “Single ID”) unified in the present IC card system. In addition, there is also data such as a unique number (unique number) of each IC card R / W, a serial number, and the like that do not exist in the same IC card system (this is referred to as “Exclusive ID”). Further, there is data such as hash information such as a serial number or the like in which the probability that the same one exists in the same IC card system is not 0 (this is referred to as “Partial-Exclusive ID”).

The above-mentioned ID / original table 4 records the correspondence between the device IDs of all the issuing devices provided in the present IC card system and the original data corresponding to each device ID. That is, if the table 4 is searched using the device ID as a search key, original data corresponding to the device ID can be obtained.

When the IC card 6 is issued, the issuing device 1 stores the device ID 2 in the memory 1 of the IC card R / W 5.
The process of writing to 0 is performed. The issuing device 1 encrypts the original data 3 using the encryption function g and the key Kg, and writes the encrypted original data 3 on the optical mark hologram 11 through the writing device 11 as authentication target information. Is executed. Further, in the issuing device 1, a process of recording the ID / original table 4, the key Kg, and the key Kf on the IC chip 7 is also executed.

FIG. 2 is a block diagram showing an I-mode according to the first embodiment of the present invention.
An information processing device (such as a host computer of a management center) equipped with an IC card R / W, an IC card, and an application program (AP) included in the C card system (hereinafter, an information processing device equipped with an AP is referred to as an “AP”). FIG.

In FIG. 2, the IC card R / W 5 is activated when the issued IC card 6 is authenticated.
1 generating unit 19, a cryptographic function f, and a key Kf.
It is communicably connected to P15. The AP 15 has a key Kg and a cryptographic function f, and executes a process according to the determination result in the authentication process in the IC card 6. The IC card 6 includes a comparison matching algorithm 21 on the IC chip 7,
A random number R2 generation unit 23, a cryptographic function f, and a cryptographic function g are incorporated. Also, as described with reference to FIG.
A measuring device 17 for reading the authentication target information written on the optical mark hologram 11 by being activated at the time of the authentication processing of the IC card 6 is attached to an appropriate place of the IC card 6. Of course,
As the IC card 6, it is also possible to use an IC card having a configuration provided with the measuring device 17 from the beginning. As the measuring device 17, for example, a small sensor, a small reader, or the like is used.

In this embodiment, the authentication processing of the IC card 6 is performed, as described later, by comparing and comparing the authentication target information written in the optical mark hologram 11 and the original data on the ID / original table 4 in the comparison / collation algorithm 21. The collation is performed, and the process is performed by the AP 15 executing a process according to the collation result. Hereinafter, the processing will be described in detail.

The IC card R / W5 includes a random number R1 generator 1
9 is combined with the device ID 2 by a predetermined method. Next, the combination is encrypted with the encryption function f and the key Kf and transmitted to the IC chip 7 as an authentication command 14.

The IC chip 7 decrypts the received authentication command 14 using the encryption function f and the key Kf (that is, in the same manner as when it was encrypted), thereby removing the random number R1 and removing the device ID2. (The extracted random number R
1 may be deleted or saved). Next, the device ID
Using the ID 2 as a search key, the ID / original table 4 is searched to obtain the original data 30 corresponding to the device ID 2. In parallel with the above processing, the decryption processing of the authentication target information (that is, the encrypted original data 3) read from the optical mark hologram 11 by the measuring device 17 is also performed by the encryption function g and the key Kg.

After these processes, the original data 30 and the decrypted original data 3 are collated by the comparison / collation algorithm 21, and the original data 3 and 30 are authenticated (authentication judgment). In the comparison and collation algorithm 21, if the comparison and collation show that the original data 3 and 30 match, the authentication is "OK", and if they do not match, the authentication is "NG".

After the comparison and collation, data 25 indicating the result of the comparison and collation is generated, and a random number R2 is generated by the random number R2 generation unit 23. Next, the random number R2 and the collation result data 25 are combined by a predetermined method, and are encrypted by the encryption function f and the key Kg.
7 is transmitted to the AP 15 via the IC card R / W5.

Upon receiving the authentication response 27, the AP 15 decrypts the authentication response 27 using the cryptographic function f and the key Kg, thereby removing the random number R2 and obtaining the collation result data 25. The processing corresponding to the indicated collation result is executed. For example, if the collation result is “OK”, a process of authorizing the user to use the card (for example, AP
15 is granted to the IC card 6 side), and if the collation result is "NG", the user is not permitted to use the card (for example, the data in the IC chip 7 Flag of fraud detection).

As described above, according to the first embodiment of the present invention, even if the IC chip 7 itself is forged, unless the authentication target information in the optical mark hologram 11 is forged, the original data described above can be used. The above-mentioned fraud can be detected by the collation processing of 3, 30. In other words, simply IC
Even if the information in the chip 7 is falsified, it is necessary to attack the information to be authenticated in the optical mark hologram 11 with information encrypted with the encryption function g and the key Kg. Decoding Kg is also required. Therefore,
Unless the authentication target information is tampered with, the counterfeit IC card is checked by the above-mentioned comparison and matching algorithm 21 for “O”.
K ”, and is not determined to be a valid IC card. Falsification of the information (data) in the optical mark hologram 11 is based on the information (data) in the IC chip 7.
Since it is more difficult than falsification, it is virtually impossible to conduct various transactions using a forged IC card.

Further, according to this embodiment, the optical mark hologram 11 is attached to the IC card R / W5, and information (device ID) linked to the authentication target information recorded on the optical mark hologram 11 is stored in the IC card R / W5. And the above collation is performed using the link relationship. For this reason, even if the IC card R / W5 is forged, it is necessary to perform difficult information tampering with the optical mark hologram 11, and it is virtually impossible to perform various transactions using the forged IC card R / W. It is.

According to this embodiment, if the original data 3 is a Single ID, this IC card R / W
5 is a legitimate I issued by a specific IC card system
C card R / W can be guaranteed. Also, the original data 3 is set to ExclusiveID or Partial-E
If xclusiveID is used, it is guaranteed that the IC card R / W5 is a valid IC card R / W issued as a specific (for example, a specific user) IC card R / W in a specific IC card system. can do.

Further, according to this embodiment, the data of the authentication response 27 transmitted from the IC card 6 to the IC card R / W5 changes each time it is transmitted due to the combination of the random number R2 and the encryption. Therefore, IC card 6
Out of the information transmitted as the authentication response 27 to the IC card R / W5 from the side,
It is possible to prevent fraudulent activities using a forged IC card (simulating information) in which the same information as the authentication response of the C card is used as the authentication response.

In this embodiment, the optical mark hologram 11 which is an example of the optical recording medium is used as a recording medium for writing the authentication data. A recording medium or an electric recording medium may be used.

In this embodiment, the random numbers R1,
Instead of R2, any information such as fluctuating information such as date and time or unique information unique to the system may be used.

FIG. 3 is a diagram showing an issuing device, I, provided in an IC card system according to a first modification of the first embodiment of the present invention.
FIG. 4 is a block diagram showing a C card R / W and an IC card, and FIG. 4 is a block diagram showing an I / O according to a first modification of the first embodiment of the present invention.
FIG. 2 is a block diagram illustrating an IC card R / W, an IC card, and an AP included in the C card system.

As shown in FIG. 3, the issuing device 31 according to the present modification transmits the device ID 32 and the original data 33 not only to the IC card R / W 5 but also to the IC chip 7 when the IC card 36 is issued. In terms of writing, Figure 1
Is different from the operation of the issuing device 1 described in (1). Other operations are the same as those of the issuing device 1 shown in FIG.

As shown in FIG. 4, the IC chip 37 according to the present modification matches the device ID 32 obtained by removing the random number R1 at the time of authentication of the IC card 36 with the device ID 32 written at the time of issuing the card. . Then, when they match, the original data 3 written when the card was issued
3 differs from the operation of the IC chip 7 shown in FIG. 2 in that the data 3 is compared with the original data 33 from the optical mark hologram 41. Other operations are the same as those of the IC chip 7 shown in FIG. In addition, I shown in FIG.
Regarding the operation of the C card R / W 35 and the AP 42,
The operation is the same as that of the IC card R / W5 and the AP 15 described in FIG.

According to this modification, substantially the same effects as those of the first embodiment can be obtained. In this modification, the original data 33 stored in the IC card 36 is
If ExclusiveID (that is, data in which the same thing does not exist in the same IC card system), each I
An exclusive IC card R / W is prepared for the C card. That is, the original data 33 written in the optical mark hologram 41 when the card is issued is the original data 33 stored in the IC card 36 at that time.
Only, so the IC card R / W3 at that time
Numeral 5 is dedicated to the IC card 36. Thus, for example, if the IC card R / W 53 is applied to an IC card R / W compatible with a notebook computer, each user will need to use his / her IC card R / W without using his / her IC card R / W.
C card cannot be used. Therefore, even if the IC card is lost or stolen, if the user has his / her own IC card R / W, his / her IC card is abused (for example, the information in the own IC card is stolen). Will be eliminated.

FIG. 5 shows an IC card R provided in an IC card system according to a second modification of the first embodiment of the present invention.
FIG. 3 is a block diagram showing a / W, an IC card, and an AP.
The issuing device (not shown), the IC card R / W, and the operation at the time of issuing a card in the IC card according to the second modification of the first embodiment are described in the issuing device 1 shown in FIG. The operation is the same as that of the card R / W 5 and the IC card 6.

The IC card R / W 55 according to this modification is
It differs from the configuration and operation of the IC card R / W5 shown in FIG. 2 in that the IC card R / W5 shown in FIG. Other configurations and operations are the same as those of the IC card R / W5 shown in FIG.

The AP 58 according to this modification has a random number R1 generator 59 and a random number R2 generator 60, and combines the random numbers R1 and R2 generated by them with the device ID 52 to generate a cryptographic function f and a key Kf. 2 and transmits the authentication command 54 to the IC chip 7 as shown in FIG.
Is different from the configuration and operation of the AP 15 described in (1). Also,
The AP 58 transmits an authentication response 61 described later to the encryption function f.
And the key Kf to determine whether the random number selected as the collation result is R1 or R2.
FIG. 2 shows that filtering is performed on the decoded data using the random numbers R1 and R2 generated earlier, and that the matching result is determined from the random numbers extracted by the filtering.
Is different from AP15 described in (1). Other configurations and operations are the same as those of the AP 15 illustrated in FIG.

The IC chip 57 according to the present modified example is characterized in that the authentication command 54 is decrypted with the encryption function f and the key Kf to remove the random numbers R1 and R2, and that the comparison matching algorithm 67 The IC chip shown in FIG. 2 is different in that the removed random number R1 or R2 is selected and that the selected random number R1 or R2 is encrypted with the encryption function f and the encryption key Kf and transmitted as the authentication response 61 to the AP 58. 7 is different. Other operations are the same as those of the IC chip 7 shown in FIG. It should be noted that the comparison / collation algorithm 67 selects the random number R1 if the comparison result is “OK” and “N
G ", a random number R2 is selected. In this case, as described above, if the random number extracted by the filtering is R1, the AP 58 executes a process corresponding to the collation “OK”, and
If so, the processing corresponding to the collation “NG” is executed.

FIG. 6 shows an IC card R provided in an IC card system according to a third modification of the first embodiment of the present invention.
/ W, and a block diagram showing an IC card. In addition,
The issuing device (not shown), the IC card R / W, and the operation at the time of issuing the card of the IC card according to the third modification of the first embodiment are described in the issuing device 1 shown in FIG. / W5 and the operation of the IC card 6.

The IC card R / W 75 according to this modification is
The difference from the IC card R / W5 shown in FIG. 2 is that the AP has the comparison matching algorithm 71 and that the result of the comparison matching by the comparison matching algorithm 71 is transmitted to the AP (not shown). Execute processing according to the matching result). Other configurations and operations are the same as those of the IC card R / W5 shown in FIG.
The comparison / matching algorithm 71 compares and matches original data 73 and 74 obtained by decrypting an authentication response 78 described later.

The IC chip 77 according to this modification has no comparison and collation algorithm, and encrypts the two original data 73 and 74 using an encryption function f and a key Kf.
The difference from the IC chip 7 shown in FIG. 2 is that the authentication response 78 is transmitted to the IC card R / W5. For other configurations and operations, see the IC chip 7 shown in FIG.
Is the same as The IC chip 77 may generate a random number and include the random number in the authentication response 78.

FIG. 7 is a circuit diagram showing an I-mode according to a second embodiment of the present invention.
FIG. 2 is a block diagram illustrating an IC card R / W, an IC card, and an AP included in the C card system. Note that this second
The operation of the issuing device (not shown), the IC card R / W, and the IC card issuance according to the embodiment shown in FIG.
Issuer 1, IC card R / W5, and IC
It is substantially the same as the card 6.

The IC card R / W 85 according to the present embodiment
Is that it has no random number R1 generation unit, that the measuring device 81 is attached, that the measuring device 81 transmits the authentication target information 50 read from the optical mark hologram 11 to the AP 200, and that the device ID 82 is an IC card. It differs from the IC card R / W5 shown in FIG. 2 in that the transmission is made to the AP 200 side instead of to the 76 side. Other configurations and operations are the same as those of the IC card R / W5 shown in FIG.
Of course, it is also possible to use an IC card R / W 85 having a configuration provided with the measuring device 81 from the beginning.

The AP 200 according to this embodiment has a random number R1
The point having the generation unit 84, the received authentication target information 50,
That is, the encrypted original data is converted to the encryption function g.
AP1 shown in FIG.
5 is different. Further, the AP 200 transmits the decrypted original data 83, the received device ID 82, and the random number R1.
The random number R1 generated by the generation unit 84 is encrypted with the encryption function f and the key Kf,
It differs from the AP 15 shown in FIG. 2 in that it transmits to the chip 87. Other configurations and operations are the same as those of the AP 15 illustrated in FIG.

The IC chip 87 according to the present embodiment compares the original data 83 obtained by removing the random number R 1 by decoding the received authentication command 88 with the original data 90 obtained from the ID / original table 89. 2 is different from the IC chip 7 shown in FIG.
Other configurations and operations are the same as those of the IC chip 7 shown in FIG.
Is the same as

FIG. 8 shows an IC card R provided in an IC card system according to a first modification of the second embodiment of the present invention.
FIG. 3 is a block diagram showing a / W, an IC card, and an AP.
The configurations and operations of the issuing device (not shown), the IC card R / W, and the IC card according to the first modified example of the second embodiment are the same as those of the issuing device 1, the IC card R shown in FIG. / W5 and IC card 6.

The configuration and operation of the IC card R / W 95 according to this modification are the same as those of the IC card R / W 85 shown in FIG.

The AP 91 according to this modification has a random number R2 generation unit 94 and a random number R2
And the generated random number R1, the received device ID 92,
The combination of the decrypted original data 98 with the encryption function f and the key Kf for encryption and transmission to the IC chip 97 as an authentication command 99 is similar to the AP described in FIG.
200 is different from the configuration and operation of FIG. In addition, AP91
An authentication response 101, which will be described later, is decrypted with the encryption function f and the key Kf, and the random number selected as the collation result is R1
And R2 in order to check which one is the above, using the previously generated random numbers R1 and R2 to filter the decoded data, and determine the collation result from the random numbers extracted by the filtering. , AP200 shown in FIG. Other configurations and operations are the same as those of the AP 200 illustrated in FIG.

The IC chip 97 according to the present modification decodes the received authentication command 99 to generate the random numbers R 1, R 2
And the comparison / matching algorithm 103 is performed by the comparison / matching algorithm 103 as a result of the comparison / matching.
Is selected, and the selected random number R1 or R2 is encrypted with the encryption function f and the encryption key Kf, and the authentication response 101
The IC chip 87 shown in FIG. 7 is different from the IC chip 87 shown in FIG. Other operations are the same as those of the IC chip 87 shown in FIG. It should be noted that the comparison / matching algorithm 103 selects the random number R1 if the matching result is “OK”, and selects the random number R2 if the matching result is “NG”, as shown in FIG.

FIG. 9 shows an IC card R provided in an IC card system according to a second modification of the second embodiment of the present invention.
FIG. 3 is a block diagram showing a / W, an IC card, and an AP.
The issuing device (not shown), the IC card R / W, and the configuration and operation of the IC card at the time of issuing the card according to the second modified example of the second embodiment are the issuing device 31 shown in FIG. , The IC card R / W 35, and the IC card 36 (that is, the IC chip according to the present modification includes a pair of a device ID and original data instead of the ID / original table).

The AP 105 according to the present modification encrypts the received device ID 102 and the generated random number R1 using the encryption function f and the key Kf,
The point to be transmitted to the chip 7 and the received authentication target information 100
Is encrypted with the encryption function f using the random number R1 as a key, and IC
In transmitting to the card R / W 115, A shown in FIG.
This is different from P200 (the encrypted data is referred to as data “Y” in the drawings and the description below). Other configurations and operations are the same as those of the AP 200 illustrated in FIG.

The IC chip 107 according to the present modification compares the device ID 102 obtained by decrypting the received authentication command 114 with the built-in device ID 104. This is different from the IC chip 87 shown in FIG. 7 in that the built-in original data 108 is encrypted using the encryption function g and the key Kg. Further, the IC chip 107 converts the encrypted original data into a random number R1 obtained by the decryption.
Is encrypted by the encryption function f using
17 is different from the IC chip 87 shown in FIG. 7 in that the data is transmitted to the IC card R / W 115 (the encrypted data is referred to as data “X” in the drawings and the description below). Other configurations and operations are the same as those of the IC chip 87 shown in FIG.

An IC card R / W 115 according to the present modified example
Describes that the comparison matching algorithm 109 and the result of the comparison matching by the comparison matching algorithm 109
The IC card R / W85 shown in FIG.
Is different from Other configurations and operations are the same as those of the IC card R / W85 shown in FIG. Note that the comparison / matching algorithm 109 determines whether the received data “X”
(That is, the original data 3 embedded in the IC chip 7 is doubly encrypted) and the data “Y” (that is, the encrypted original data 3 recorded on the optical mark hologram 11 is (Encrypted). As a result, if X = Y, the collation is “OK”, and if X ≠ Y, the collation is “NG”.

FIG. 10 shows a third embodiment according to the second embodiment of the present invention.
It is a block diagram which shows IC card R / W, IC card, and AP with which the IC card system which concerns on the modification of 1 is provided. The issuing device (not shown), the IC card R / W, and the configuration and operation of the IC card at the time of issuing the card according to the third modified example of the second embodiment are described in the issuing device 31 shown in FIG. , IC card R / W35, and IC card 3
6 (that is, the IC chip according to the present modification has a device ID instead of the ID / original table).
And a pair of original data is built in).

The AP 125 according to the present modification is described in FIG. 9 in that the generated random number R1 is encrypted by the encryption function f using the received authentication target information 120 as a key and transmitted to the IC card R / W 135. This is different from the AP 105 (the encrypted random number is data “P” in the drawings and the description below). Other configurations and operations are the same as those of the AP 105 illustrated in FIG.

The IC chip 127 according to this modification uses the built-in original data 123 as the encryption function g and the key K.
g and the authentication command 124
Is different from the IC chip 107 shown in FIG. 9 in that the random number R1 obtained by decrypting the IC chip 107 is encrypted by the encryption function f and transmitted to the IC card R / W 135. (In the drawings and the description below, the encrypted random number is represented as data “Q”).
For other configurations and operations, see the IC shown in FIG.
It is similar to the chip 107.

The configuration and operation of the IC card R / W 135 according to this modification are the same as those of the IC card R / W 11 shown in FIG.
Same as 5. Note that the comparison / collation algorithm 121 according to the present modification uses the received data “Q” (that is,
Using the encrypted original data contained in the C chip 127 as a key, the encrypted random number R1) and the data “P” (that is, the encrypted random number R1 recorded on the optical mark hologram 129). Using the original data as a key, the encrypted data is compared with the encrypted random number R1). As a result, if P = Q, the collation is “OK”, and if P ≠ Q, the collation is “NG”.

Although some preferred embodiments and modified examples of the present invention have been described above, these are exemplifications for explaining the present invention, and the scope of the present invention is limited only to these examples. It is not the purpose. The present invention can be implemented in other various forms. For example, the authentication target information written in the optical mark hologram 11 may be a hash value of the original data. Further, the comparison / collation algorithm 67 may selectively generate the random numbers R1 and R2 according to the result of the comparison / collation.

[0063]

As described above, according to the present invention,
It is possible to prevent improper operations performed on the IC card, such as falsification of information stored in the IC chip. Further, according to the present invention, it is possible to prevent an unauthorized IC card from being forged using a forged IC card reader.

[Brief description of the drawings]

FIG. 1 is an IC card issuing device, an IC card R / W, and an IC card system provided in an IC card system according to a first embodiment of the present invention;
And a block diagram showing an IC card.

FIG. 2 is an IC card R / W, an IC card, and an AP included in the IC card system according to the first embodiment of the present invention.
FIG.

FIG. 3 is an IC card issuing device and an IC included in an IC card system according to a first modification of the first embodiment of the present invention;
FIG. 2 is a block diagram showing a card R / W and an IC card.

FIG. 4 is a block diagram showing an IC card R / W, an IC card, and an AP included in an IC card system according to a first modification of the first embodiment of the present invention.

FIG. 5 is a block diagram showing an IC card R / W, an IC card, and an AP included in an IC card system according to a second modification of the first embodiment of the present invention.

FIG. 6 is an IC card R / W and I included in an IC card system according to a third modification of the first embodiment of the present invention.
FIG. 3 is a block diagram showing a C card.

FIG. 7 is an IC card R / W, an IC card, and an AP included in an IC card system according to a second embodiment of the present invention.
FIG.

FIG. 8 is a block diagram showing an IC card R / W, an IC card, and an AP provided in an IC card system according to a first modification of the second embodiment of the present invention.

FIG. 9 is a block diagram showing an IC card R / W, an IC card, and an AP included in an IC card system according to a second modification of the second embodiment of the present invention.

FIG. 10 is an IC card R / W, IC included in an IC card system according to a third modification of the second embodiment of the present invention;
FIG. 2 is a block diagram showing a card and an AP.

[Explanation of symbols]

Reference Signs List 1 IC card issuing device 2 Device ID 3, 30 Original data 4 ID / original table 5 IC card reading / writing device (IC card R / W) 6 IC card 7 IC chip 11 Machine readable hologram (optical mark hologram) 15) Application program (AP) 17 Measuring device 19 Random number R1 generator 21 Comparison / matching algorithm 23 Random number R2 generator

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/00 673E F-term (Reference) 5B035 AA13 BB05 BB09 CA38 5B058 CA27 KA11 KA13 KA33 KA35 5J104 AA07 KA02 KA04 NA02 NA35 NA38 NA41

Claims (7)

[Claims] 1. An IC card reading device including a medium holding an object of an authentication process for determining whether information for identifying the IC card reading device is valid. 2. The IC card reader according to claim 1, wherein the medium is one of a write-once optical recording medium, a magnetic recording medium, and an electric recording medium. 3. An IC card, comprising: an IC card; and an IC card reader for reading necessary information stored in the IC card after recording the necessary information, wherein the IC card has information for identifying the IC card reader. A medium for holding an object of an authentication process for determining whether or not the identification information of the IC card reader is valid; and means for detecting the object held on the medium. An IC card system comprising: means for comparing and comparing the detected object with the identification information. 4. The IC card system according to claim 3, wherein the object is written on the medium by an IC card issuing device when the IC card is issued. 5. An IC card, comprising: an IC card; and an IC card reader for reading necessary information recorded on the IC card after recording necessary information, wherein the IC card includes information for identifying the IC card reader, A target for authentication processing for determining whether or not the identification information is valid, and means for comparing and collating the identification information, wherein the IC card reader includes: a medium holding the target; and An IC card system having means for detecting an object held on the medium, the IC card system being provided so as to enable the comparison and collation. 6. An IC card, comprising: an IC card; and an IC card reader for reading necessary information stored in the IC card after recording necessary information, wherein the IC card reader has information for identifying the IC card reader. Has a medium holding a target of an authentication process for determining whether or not is valid, wherein the IC card has identification information of an IC card reader, and means for detecting the target held in the medium; An IC card system comprising: means for comparing and collating the object with the identification information. 7. An IC card, comprising: an IC card; and an IC card reader for reading necessary information recorded on the IC card after recording necessary information, wherein the IC card reader has information for identifying the IC card reader. A medium for holding a target of an authentication process for determining whether or not the ID is valid; and means for comparing and collating the target with the identification information. An IC card system having means for detecting an object held in the medium, provided at least so as to enable the comparison and collation.