JP2003050973A - Ic card authentication server and mobil communication terminal - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an IC card authentication server as a system which uses a mobile communication terminal having an IC card mounted thereon and the mobile communication terminal while meeting antithetic conditions of the secrecy and versatility of the IC card. SOLUTION: A combination of characteristic information on the mobile communication terminal which is set when the mobile communication terminal is manufactured and the secret key of a contactless card module and an interface program controlling communications with a reader write are stored in a card issue server and downloaded to the contactless card module. The mobile communication terminal communicates with a reader writer device under the control of the interface program, the mobile communication terminal having the contactless IC card module computers a random number, and the card issue server compares and verifies the random number with a separately computed number sequence to guarantee the authenticity.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an IC card authentication server device and a mobile communication terminal, and more particularly to a mobile phone or PHS (Personal Handyphone Sy) as a non-contact IC card.
stem) or a PDA (Personal Digital Assistant) or other mobile communication terminal.

[0002]

2. Description of the Related Art Conventionally, as a non-contact IC card, an IC card interface function of a JR commuter pass (TRAMET:
A general-purpose electronic ticket technology research association) and an IC card interface with an IC card interface (ISO14443) of a public telephone have been put into practical use.

The characteristic of the IC card is security, and the security function of the IC card itself as well as the file structure, application structure, and
By constructing security for all system structure, data structure, and data itself, it is possible to provide dramatic security for global networks, increase in data storage amount, and convenience for users due to computing power.

In general, the system configuration of an IC card consists of chip * card * internal code * reader / writer * reader / writer internal code * application.

In order for an intruder to forge / alter the IC card, when all the conditions are satisfied in the above system configuration,
Unauthorized use becomes possible. In other words, multiple barriers can block intruders' access.

Generally, the core of the security of the IC card is a chip, and it is equipped with a defense means against forgery / alteration such as a cryptographic logic integrated in the chip, an unreadable cryptographic key, and a file structure inside the chip.

In addition to this, if the confidentiality of each element is high, it becomes more difficult to penetrate.

In addition, if there is an intrusion, it is possible to enhance security by immediately implementing a protective measure.

Forgery / alteration or information leakage at individual stages cannot be completely prevented. When information-bearing people are attacked by intruders who have no control, it is almost impossible to protect the information. Therefore, in the unlikely event of an attack being intruded, it is important to take measures including the system level to minimize the damage, so the information on each element and system should be kept under a high level of confidentiality control. Information is not disclosed to

From the above-mentioned point of view, the IC card is characterized in that it can provide dramatic safety, increase in data holding amount, and convenience for the user due to the computing power. However, the higher the safety, the more unique the IC card becomes. Since it is not versatile, the user needs to have a dedicated IC card for each application.

On the other hand, it is clear that the mobile communication terminal will play a central role as a personal information device more and more with the advance of the technology in the future, and it is necessary to incorporate the function of the IC card into the mobile communication terminal. If this is possible, the convenience for the user can be greatly increased. However, as described above, the IC card has high confidentiality, and the protocol centered on authentication with the chip and the reader / writer built into the IC card is confidential information that should be protected especially against forgery and modification, and the IC card itself. The only way to achieve this was to install a mobile communication terminal at the expense of space and to install a card insertion pocket.

In view of the above problems, the present invention is an IC card authentication server device which is a system using a mobile communication terminal in which an IC card is mounted, while satisfying the requirements of confidentiality and versatility of the IC card. An object is to provide a mobile communication terminal.

[0012]

In order to achieve the above object, an IC card authentication server device of the present invention includes a unique information storage means for storing unique information of a plurality of mobile communication terminals, and the mobile communication terminal. A random number generator for generating a random number to be supplied, an operation means for performing operation using the unique information read from the unique information storage means and the random number output from the random number generator, and a random number supplied from the random number generator. Receiving means for receiving the calculation result from the mobile communication terminal, and authentication for comparing the calculation result of the calculating means with the output of the receiving means to authenticate the mobile communication terminal as an IC card. And means.

Further, the IC card authentication server device of the present invention comprises a unique information storage means for storing the unique information of a plurality of mobile communication terminals and the secret key of the IC card module in each mobile communication terminal in association with each other. A random number generator for generating a random number to be supplied to the mobile communication terminal, and an arithmetic means for arithmetic operation using the unique information and secret key read from the unique information storage means and the random number output from the random number generator. Receiving means for receiving a calculation result from the mobile communication terminal supplied with a random number from the random number generator, and comparing the calculation result of the calculating means and the output of the receiving means with each other, the mobile communication terminal IC An authentication means for authenticating that the card is valid.

Thus, the IC card can be authenticated based on the secret key of the IC card module under the control of the IC card issuing entity.

The interface program for controlling the communication between the mobile communication terminal and the reader / writer device is further provided to the IC card module via the mobile communication terminal, so that the IC card module is further provided with a download means, so that different interfaces can be provided. It can correspond to a reader / writer device.

Further, by further comprising a charging means for charging the subscriber line of the mobile communication terminal when it is authenticated as valid by the authentication means, the IC card and the mobile communication terminal are also charged. be able to.

Further, the mobile communication terminal of the present invention comprises a unique information storage means for storing unique information of the mobile communication terminal,
A receiving means for receiving a random number from the IC card authentication server device, a computing means for computing using the unique information read from the unique information storage means and the random number output from the receiving means, and a computation result of the computing means. And a transmitting means for transmitting to the IC card authentication server device.

Further, the mobile communication terminal of the present invention comprises a unique information storage means for storing unique information of the mobile communication terminal and a secret key of an IC card module in the mobile communication terminal, and an IC card authentication server device. Receiving means for receiving a random number from the receiving means, computing means for computing using the unique information and secret key read from the unique information storage means, and the random number output from the receiving means, and a computation result of the computing means for the IC
And a transmitting means for transmitting to the card authentication server device.

Thus, the IC card can be authenticated based on the secret key of the IC card module under the control of the IC card issuing entity.

Further, the receiving means receives the interface program for controlling the communication between the mobile communication terminal and the reader / writer device from the IC card authentication server device, thereby corresponding to the reader / writer devices having different interfaces. be able to.

Further, a warning button operated by the user is further provided, and the transmitting means transmits information indicating that the warning button has been operated to the IC card authentication server device by operating the warning button. As a result, when the mobile communication terminal receives a service against the intention of the legitimate user due to extortion or the like, a warning notification can be given to the IC card authentication server device, so that the safety can be improved.

[0022]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below in detail with reference to the accompanying drawings.

FIG. 1 is a diagram showing a concept of a communication system including an IC card authentication server device and a mobile communication terminal according to an embodiment of the present invention. The card issuing server device and the service device are more specific embodiments of the IC card authenticating server device.

The non-contact IC card module 15 according to the present embodiment is built in the mobile communication terminal 10 having a subscriber ID, and the non-contact IC card module 15 is electrically connected to a circuit for realizing the function of the electronic device itself. Connected to
Alternatively, the mobile communication terminal 10 has a signal connector and a power supply connector and is integrated with the mobile communication terminal 10.

Further, the reader / writer device 12 is, for example, as shown in FIG. 1, a service device 16 for providing a service to a user and a card issuing machine 13 for storing a value corresponding to the service in an IC card for using the service. Embedded in the housing of the electronic device and electrically connected to a circuit that realizes the function of the electronic device itself, or a circuit and an electric circuit that realizes the function of the electronic device by an interface unit (not shown) such as a connector. Are integrated with the electronic device depending on whether they are connected electrically.

Further, the card issuing server device 14 controls the issuing process of the IC card and the billing process at the time of use, and the contactless I
An interface program for controlling the communication between the C card module 15 and the reader / writer device 12 is stored (not shown), and the terminal correspondence table 17 stores the unique information of the mobile communication terminal set at the time of manufacturing the mobile communication terminal and the non-specific information. Contact I
The combination with the private key of the C card module is stored.

The communication system shown in FIG. 1 is connected to a public network (not shown), and a card communication server device 14, a card issuing machine 13, a service device 16, and mobile communication that can be used as a contactless IC card. It is composed of an information communication network such as the terminal 10.

FIG. 2 is a diagram showing the concept of an IC card issuing system including an IC card authentication server device and a mobile communication terminal according to the embodiment of the present invention. The card issuing server device is a more specific embodiment of the IC card authentication server device.

The card issuing server device 14 stores a combination of the unique information of the mobile communication terminal 10 set by the manufacturer at the time of manufacturing the mobile communication terminal and the secret key (not shown) of the contactless IC card module 15 in the terminal correspondence table. Store in 17. The unique information is information for uniquely identifying the mobile communication terminal, such as a manufacturing number, and it is necessary that it cannot be read from the outside from the viewpoint of confidentiality.

The secret key of the non-contact IC card module 15 is information that uniquely identifies the non-contact IC card module and cannot be read from the outside.

The combination information is notified to the telephone company of the communication system corresponding to the mobile communication terminal 10 at the time of manufacturing the mobile communication terminal, and the mobile communication terminal 10 makes the subscriber I
When D (not shown) is acquired, the card issuer managing the card issuing server device 14 is notified, and the subscriber I is stored in the external storage device (not shown) of the card issuing server device 14.
Stored with D. Alternatively, when the telephone company is notified at the time of manufacturing the mobile communication terminal, the card issuer managing the card issuing server device 14 is notified, and the mobile communication terminal 10 is notified.
When the subscriber acquires the subscriber ID, the subscriber ID may be notified to the card issuer managing the card issuing server device 14.

The combination information is stored in the terminal correspondence table 17 of the external storage device (not shown) of the card issuing server device 14. The terminal correspondence table 17 should be managed with special attention. It is natural to limit the access authority to the relevant information, and it is necessary to prevent the external storage device from being mixed with other information and reduce the risk of information leakage.

The card issuing server device 14 also stores an interface program for controlling communication with the reader / writer device 12. An external storage device of the card issuing server device 14 stores an interface program corresponding to the communication system of the reader / writer device 12 used by the card issuer.

The user sets the mobile communication terminal to a specific contactless I
In order to use the card as a C card, a card issuing institution equipped with a card issuing machine 13 equipped with a reader / writer device 12 performs a predetermined card issuing procedure after confirming the identity of the person using an identification card or the like. In the card issuing procedure, the user uses the mobile communication terminal 10 and the card issuing machine 13 equipped with the reader / writer device 12.
Operation button 620 installed within the non-contact IC card communicable range and activating download of the mobile communication terminal 10
Press to make the mobile communication terminal 10 ready for download. Input key of the card issuing machine 13 (not shown)
The card issuing machine 13 is connected to the card issuing server device 14 by the subscriber ID of the mobile communication terminal 10 inputted from the card issuing server device 14, and the card issuing server device 14 is connected to the reader / writer device 1.
The interface program for controlling the communication with the mobile communication terminal 2 is read from the external storage device of the card issuing server device 14 and the subscriber ID of the mobile communication terminal 10 of the user is passed through a public network (not shown) to the mobile device. It is downloaded to the non-contact IC card module 15 via the communication terminal 10.

After downloading an interface program for controlling communication with the reader / writer device 12 to the non-contact IC card module 15, the mobile communication terminal 10 is downloaded.
Communicates with the non-contact IC card module 15 and the reader / writer device 12 of the card issuing machine 13 under the control of the interface program.

The reader / writer device 12 of the card issuing machine 13
When the mobile communication terminal 10 is connected, the card issuing server device 14 notifies the card issuing server device 14 that the mobile communication terminal 10 has been connected.
The subscriber ID of the mobile communication terminal 10 as information, and the card issuing server device 14 having received the notification sends a random number 22
Mobile communication terminal 1 via the card issuing machine 13
The mobile communication terminal 10 which is given to 0 and receives the random number 22
Mobile communication terminal 10 Mobile communication terminal 1 set when manufacturing
The secret key table 18 storing the information obtained by combining the unique information of 0 and the secret key of the contactless IC card module 15 is read, and the read combined information is used as a key to perform an operation using the random number 22 to perform an operation. A card issuing machine 1 including the reader / writer device 12
The number string 30 is returned to the card issuing server device 14 via the number 3. The card issuing server device 14 reads and reads the terminal correspondence table 17 that stores the combination of the unique information of the mobile communication terminal 10 set at the time of manufacturing the mobile communication terminal and the secret key of the contactless IC card module 15. By using the combined information as a key, the random number 21 is compared with the number string 31 that can be separately calculated, and it is verified that they match, thereby ensuring the correctness. When they do not match, it is determined that the mobile communication terminal 10 is not valid, and the downloaded interface program is invalidated.

The above-mentioned calculation may be carried out by a dedicated computing machine or may be carried out by program processing. In addition, for example, a key is a combination of the unique information of the mobile communication terminal set at the time of manufacturing the mobile communication terminal and the secret key of the non-contact IC card module, and DES (Data Encryption Standard) is used.
A string of numbers is output by encrypting with. The calculation method is D
Of course, it is not limited to ES.

After the results of the judgment of validity are matched, the card issuing server device 14 does not pass the value and / or application corresponding to the service provided by the card issuer from the reader / writer device 12 via the card issuing device 13. Contact I
Non-contact I by storing in the C card module 15
The C card module 15 can be used like a non-contact IC card.

Since it is practically impossible to back-calculate the original unique information and the secret key from the calculation result, a malicious third party cannot read both the unique information and the secret key from the IC card. Despite being extremely difficult, the card issuing server device 14 uses the unique information and the secret key in the mobile communication terminal 10 to create the mobile communication terminal 1
It can be authenticated that 0 is a valid IC card.

FIG. 3 is a flow chart for explaining the operation of the IC card issuing system including the IC card authentication server device and the mobile communication terminal according to the embodiment of the present invention. FIG. 3 mainly shows the operation of the card issuing server device 14.

First, in step S21, the user installs the mobile communication terminal 10 within the non-contact IC card communicable range of the card issuing machine 13 including the reader / writer device 12, and downloads the mobile communication terminal 10. The operation button 620 to be activated is pressed to make the mobile communication terminal 10 in a downloadable state, and is downloaded to the card issuing server device 14 by the subscriber ID of the mobile communication terminal 10 input by the input key of the card issuing machine 13. Determine if you are sending a request. If the download request has not been received, the process returns to step S21. If the download request has been received, and if the subscriber ID has been received, the process proceeds to step S22.

In step S22, the card issuing server device 14 reads the interface program for controlling the communication with the reader / writer device 12 from the external storage device of the card issuing server device 14. And step S2
Proceed to the process of 3.

Next, in step S23, the transfer is performed by using the subscriber line that the user has the interface program for controlling the communication with the reader / writer device 12 read from the external storage device of the card issuing server device 14. Contactless IC card module 15 via body communication terminal 10
To download.

In step S31, a card issuing request from the mobile communication terminal 10 to the card issuing machine 13 is monitored.

After downloading the interface program for controlling the communication with the reader / writer device 12 to the non-contact IC card module 15, the mobile communication terminal 10 is downloaded.
Communicates with the non-contact IC card module 15 and the reader / writer device 12 of the card issuing machine 13 under the control of the interface program.

The reader / writer device 12 of the card issuing machine 13
When the communication with the mobile communication terminal 10 is performed, the card issuing machine 13 notifies the card issuing server device 14 that the mobile communication terminal 10 is connected together with the subscriber ID information of the mobile communication terminal 10.

When there is a notification from the card issuing machine 13 including the subscriber ID information, the process proceeds to step S32. If there is no notification from the card issuing machine 13, the process returns to step S31.

In step S31, for example, if there is no notification within a predetermined time, it is determined that there is an abnormality and the subsequent processing is not performed.

In step S32, the card issuing server device 14 generates a random number 22 and stores it in a temporary storage device (not shown) such as RAM.

In step S33, the random number 22 stored in the temporary storage device such as the RAM is read out and transmitted to the mobile communication terminal 10 via the card issuing machine 13.

In step S34, the unique information of the mobile communication terminal 10 set at the time of manufacturing the mobile communication terminal and the non-contact I
The terminal correspondence table 17 storing the combination with the secret key of the C card module 15 is searched using the subscriber ID, and the combination information with the corresponding secret key is read out,
The data is stored in a temporary storage device (not shown) such as RAM.

In step S35, an operation is performed using the read random number 22 and the combination information of the secret key corresponding to the subscriber ID.

In step S36, the numerical string 31 resulting from the calculation is stored in a temporary storage device (not shown).

In step S37, the mobile communication terminal 10 receiving the random number 22 transmitted in step S33 causes the mobile communication terminal 10 to set the unique information of the mobile communication terminal 10 and the secret of the non-contact IC card module 15 when the mobile communication terminal 10 is manufactured. The secret key table 18 storing the information combined with the key is read out, the read combined information is used as a key to perform an arithmetic operation, and the numerical sequence 30 of the arithmetic result is obtained.
Is received by the card issuing server device 14 via the card issuing machine 13 including the reader / writer device 12. If received, the resulting numeral string 30 is stored in a temporary storage device (not shown), and the process proceeds to step S38. If there is no reception from the card issuing machine 13, the process returns to step S37.

In step S37, for example, if there is no reception within a predetermined time, it is determined that there is an abnormality and the subsequent processing is not performed.

In step S38, step S36
The number string 31 held in step S37 is read from the temporary storage device, and it is determined whether it matches the number string 30 received in step S37. If they match, it is determined that the mobile communication terminal 10 requesting card issuance is valid, and the mobile communication terminal 10 stores the value of the IC card and validates the downloaded interface program in step S39. .

If the determinations do not match in step S38, it is determined that the mobile communication terminal 10 is not valid, and the card issuing process is stopped. When the abnormality or the card issuing process is stopped, the mobile communication terminal 10 performs a process of invalidating the downloaded interface program.

The billing information generated in the process of steps S21 to S40 is transferred from the card issuer to a management server (not shown) or the like, which centrally performs the billing work, and the bill is sent to the card. It is presented to the customer at the time of issuance, or sent to the customer after a lapse of a predetermined period.

As described above, the mobile communication terminal 10 can be accurately authenticated by the IC card issuing system including the card issuing server device 14, the card issuing machine 13 and the mobile communication terminal 10 of the present invention.

FIG. 4 is a diagram showing a concept of an IC card verification system including an IC card authentication server device and a mobile communication terminal according to the embodiment of the present invention.

The card issuing server device 14 stores the combination of the unique information of the mobile communication terminal 10 set by the manufacturer at the time of manufacturing the mobile communication terminal and the secret key (not shown) of the contactless IC card module 15 in the terminal correspondence table. Store in 17. The unique information is information for uniquely identifying the mobile communication terminal, such as a manufacturing number, and it is necessary that it cannot be read from the outside from the viewpoint of confidentiality.

The secret key of the non-contact IC card module 15 is information that uniquely identifies the non-contact IC card module and cannot be read from the outside, which is essential from the viewpoint of maintaining confidentiality.

The above combination information is notified to the telephone company of the communication system corresponding to the mobile communication terminal 10 at the time of manufacturing the mobile communication terminal, and the mobile communication terminal 10 makes the subscriber I
When D (not shown) is acquired, the card issuer managing the card issuing server device 14 is notified, and the subscriber I is stored in the external storage device (not shown) of the card issuing server device 14.
Stored with D. Alternatively, when the telephone company is notified at the time of manufacturing the mobile communication terminal, the card issuer managing the card issuing server device 14 is notified, and the mobile communication terminal 10 is notified.
When the subscriber acquires the subscriber ID, the subscriber ID may be notified to the card issuer managing the card issuing server device 14.

The combination information is stored in the terminal correspondence table 17 of the external storage device (not shown) of the card issuing server device 14. The terminal correspondence table 17 should be managed with special attention. It is natural to limit the access authority to the relevant information, and it is necessary to prevent the external storage device from being mixed with other information and reduce the risk of information leakage.

Reader / writer device 12 of service device 16
When the communication with the mobile communication terminal 10 is performed, the service device 16 confirms that the mobile communication terminal 10 has been connected.
The subscriber ID of the mobile communication terminal 10 as information, and the card issuing server device 14 having received the notification sends a random number 23
Mobile communication terminal 1 via the card issuing machine 13
The mobile communication terminal 10 which is given to 0 and receives the random number 23,
Mobile communication terminal 10 Mobile communication terminal 1 set when manufacturing
The secret key table 18 storing the information obtained by combining the unique information of 0 and the secret key of the non-contact IC card module 15 is read, and the read combined information is used as a key for calculation using the random number 23, and calculation is performed. The resulting numerical string 32 is returned to the card issuing server device 14 via the service device 16. The card issuing server device 14 includes the non-contact IC card module 15 and the unique information of the mobile communication terminal 10 which is set when the mobile communication terminal is manufactured.
The terminal correspondence table 17 that stores the combination with the secret key is read, and the random number 23 is compared with the numerical string 33 that can be separately calculated using the read combination information as a key to verify that they match. That guarantees the legitimacy.
If they do not match, it is determined that the mobile communication terminal 10 is not valid, and the service provision is stopped.

The above calculation may be performed by a dedicated arithmetic unit or may be performed by program processing. In addition, for example, a key is a combination of the unique information of the mobile communication terminal set at the time of manufacturing the mobile communication terminal and the secret key of the non-contact IC card module, and DES (Data Encryption Standard) is used.
A string of numbers is output by encrypting with. Further, the calculation method may be changed to a method different from that used for the authentication at the time of issuing the card.

After the results match in the judgment of validity, the card issuing server device 14 does not contact the reader / writer device 12 via the service device 16 with the value and / or application corresponding to the service provided by the card issuer. I
By updating the C card module 15, the service provided by the card issuer can be received through the service device 16, and the contactless IC card module 15 can be used in the same manner as a contactless IC card.

FIG. 5 is a flow chart for explaining the operation of the IC card verification system including the IC card authentication server device and the mobile communication terminal according to the embodiment of the present invention. FIG. 5 mainly shows the operation of the card issuing server device 14.

First, in step S51, the service request of the mobile communication terminal 10 to the service device 16 is monitored.

The mobile communication terminal 10 controls the non-contact IC card module 15 and the service device 16 under the control of the downloaded interface program.
Communicate with 2.

The reader / writer device 12 of the service device 16
When the communication with the mobile communication terminal 10 is performed, the service device 16 confirms that the mobile communication terminal 10 has been connected.
The subscriber ID of the mobile communication terminal 10 is notified as information.

Service device 1 using subscriber ID as information
When there is a request from 6, the process proceeds to step S52. If the subscriber ID is not received as information from the service device 16, the process returns to step S51.

In step S51, if there is no reception within a predetermined time, for example, it is determined that there is an abnormality and the subsequent processing is not performed.

In step S52, the card issuing server device 14 generates a random number 23 and stores it in a temporary storage device (not shown) such as a RAM.

In step S53, the random number 23 stored in the temporary storage device such as the RAM is read out and transmitted to the mobile communication terminal 10 via the service device 16.

In step S54, a terminal correspondence table storing a combination of the unique information of the mobile communication terminal 10 set at the time of manufacturing the mobile communication terminal using the subscriber ID and the secret key of the contactless IC card module 15. 17 and read the combination information with the corresponding private key,
The data is stored in a temporary storage device (not shown) such as RAM.

In step S55, an operation is performed based on the read random number 23 and the combination information of the secret key corresponding to the subscriber ID.

In step S56, the numerical string 33 resulting from the calculation is stored in a temporary storage device (not shown).

In step S57, the mobile communication terminal 10 receiving the random number 23 transmitted in step S53 causes the mobile communication terminal 10 to set the unique information of the mobile communication terminal 10 when manufacturing the mobile communication terminal 10 and the secret of the non-contact IC card module 15. The secret key table 18 storing the information combined with the key is read out, the read combined information is used as a key to perform an operation using the random number 23, and a numerical string 32 of the operation result is obtained.
Is received by the card issuing server device 14 via the service device 16. If received, the resulting numeral string 32 is stored in a temporary storage device (not shown), and the process proceeds to step S58. If there is no reception from the service device 16, the process returns to step S57.

In step S57, for example, if there is no reception within a predetermined time, it is determined that there is an abnormality and the subsequent processing is not performed.

In step S58, step S56
The number string 33 held in step S57 is read out from the temporary storage device, and it is determined whether it matches the number string 32 received in step S57. If they match, it is determined that the mobile communication terminal 10 requesting the service provision is valid, and the mobile communication terminal 10 is subjected to a value reduction as an IC card and a process of validating a service corresponding to the value reduction. This is done in S59.

Further, it is also possible to charge the subscriber line when the value subtraction result is less than the value of the IC card held in step S59.

If the determinations do not match in step S58, it is determined that the mobile communication terminal 10 is not valid, and in step S60, processing for invalidating the service is performed.

When the result of subtraction of the value, which can be performed in step S59 described above, is less than the value as the IC card held, and the charging information generated in the process of step S60 is charged by the card issuer. The invoice is sent to the customer after a lapse of a predetermined period by transferring the work to a management server (not shown) or the like that centralizes the work.

As described above, the mobile communication terminal 10 can be accurately authenticated by the IC card verification system including the card issuing server device 14, the service device 16 and the mobile communication terminal 10 of the present invention.

FIG. 6 is a block diagram for explaining the mobile communication terminal according to this embodiment, and FIG. 7 is a block diagram for explaining the non-contact IC card module according to this embodiment.

The mobile communication terminal 10 according to this embodiment incorporates the non-contact IC card module 15 in the mobile communication terminal 10 having a subscriber ID, and the non-contact IC card module 15 has the function of the electronic device itself. It is electrically connected to a circuit to be realized, or has a signal and power supply connector, and is constructed integrally with the mobile communication terminal 10 so as not to be detachable. Furthermore, when the exterior of the mobile communication terminal 10 is removed and the non-contact IC card module part is removed, it is necessary to have a structure that cannot be reattached.

The operation button 620 for starting the download of the mobile communication terminal 10 owned by the user is pressed to make the mobile communication terminal 10 ready for download. Next, the contactless IC card module 15 is transferred from the card issuing machine 13 that has entered the subscriber ID to the card issuing server device 14.
The card issuing server device 14 notifies the mobile communication terminal 10 owned by the user via the public network by using the subscriber ID.

After the connection from the card issuing server device 14 is established, the card issuing server device 14 reads the interface program from the external storage device and downloads the interface program to the connected mobile communication terminal 10 via the public network. This download is performed by the communication function of the mobile communication terminal 10, that is, the transmitter 727, the transmission signal processing circuit 725, the transmitter 723, and the receiver 722.
The reception signal processing circuit 724 and the receiver 726 are used. The mobile communication terminal 10 is in a state where the mobile communication terminal 10 can be downloaded by pressing the operation button 620, and the interface program downloaded via the receiving unit 722 of the wireless device 7 via the public network is temporarily stored in the volatile storage element. It is stored in the RAM 615. The stored interface program is transferred to the IC card module connection unit 610 and the mobile communication terminal connection unit 4 of the non-contact IC card module.
The data is stored in the non-volatile storage element EEPROM 43 via the data storage device 7. In order to operate correctly in non-contact transmission, it is important to define timing and the like. For example, ISO / ICE
Initial response and reset recovery time (T
0), reset signal rise time (T1), data transmission preparation time (T2), stable logic time (T3) and ATR (Answer to Reset) sending time (T4), etc. are controlled by the stored interface program. To do.

When the interface program is downloaded, the frequency and the modulation / demodulation method for communicating with the corresponding reader / writer are simultaneously designated. The frequency and the modulation / demodulation method are stored in the nonvolatile storage element EEPROM 43 of the non-contact IC card module.

When the interface program is stored in the nonvolatile storage element EEPROM 43 of the non-contact IC card module, the non-contact IC card module functions as a non-contact IC card by sequentially reading the stored interface program by the main CPU 42. be able to.

The operation button 620 for starting the download of the mobile communication terminal 10 is reset by the card issuing machine 13 via the instruction from the card issuing server device 14. When the card issuance is completed, the non-contact IC card module stores an indicator for activating the stored interface program in the nonvolatile memory element EEPROM 43 of the non-contact IC card module and resets the operation button 620.

When the card issuing process is stopped due to some abnormality, the operation button 620 is reset. In this case, the stored interface program becomes invalid and the contactless I
The C card module cannot function as a contactless IC card.

The antenna 51 of the non-contact IC card module is inserted into the magnetic field created by the transmission circuit of the reader / writer, and the antenna 5 is inserted on the non-contact IC card module side.
The change in the magnetic field obtained in 1 is demodulated by the demodulation circuit (n) 522 via the reception magnetic field processing circuit 521 to obtain a signal. For transmission, the output data is modulated by the modulation circuit (n) 532, and the modulated signal is transmitted to the antenna via the transmission magnetic field processing circuit 531.

The reader / writer demodulates the change in the magnetic field obtained by the antenna and receives the data from the IC card side.

The non-contact IC card converts electric power into electric power by using the magnetic field supplied by the reader / writer as energy, but the non-contact IC card module receives electric power from the mobile communication terminal 10. Therefore, even if the distance from the reader / writer increases, the power does not decrease and the communication distance can be extended.

Although the operation button 620 of the present invention is an independent button, it can be replaced by operating the input key 618.

A combination of the unique information of the mobile communication terminal 10 set by the manufacturer at the time of manufacturing the mobile communication terminal and the secret key (not shown) of the non-contact IC card module 15 is stored in the non-volatile memory of the mobile communication terminal 10. Element ROM 614 or E
It is stored in the EPROM 613. The unique information is information that uniquely identifies the mobile communication terminal, such as the manufacturing number,
Moreover, it is more desirable that it cannot be read from the outside from the viewpoint of confidentiality. When storing in EEPROM,
Write-once (write once only) is required.

The secret key of the non-contact IC card module 15 is information that uniquely identifies the non-contact IC card module and cannot be read from the outside in order to maintain confidentiality. It is a non-volatile storage element of the non-contact IC card module. It is stored in the ROM 44 or the EEPROM 43. The unique information is information that uniquely identifies the non-contact IC card module, such as a manufacturing number. EE again
When stored in the PROM, it is necessary to write-once (writable only once). This information is stored in the mobile communication terminal 10 by combining the unique information of the mobile communication terminal 10 and the secret key (not shown) of the non-contact IC card module 15 into the nonvolatile storage element R of the mobile communication terminal 10.
Necessary for storage in OM 614 or EEPROM 613.

The mobile communication terminal 10 receiving the random number 22 from the reader / writer device 12 combines the unique information of the mobile communication terminal 10 set at the time of manufacturing the mobile communication terminal 10 with the secret key of the non-contact IC card module 15. Information
Private key table 1 stored in the nonvolatile storage element ROM 614 or the EEPROM 613 of the mobile communication terminal 10.
8 is operated by the cryptographic operation unit 611 of the mobile communication terminal 10 by using the random number 22 with the combined information read out from the device 8, and the resulting number string 30 is the IC card module connection unit 610 and the non-contact IC card module 15 The data is transmitted to the reader / writer device 12 via the mobile communication terminal connecting unit 47 and the transmitting unit 53.

The switching button 62 of the mobile communication terminal 10
By pressing 1, the nonvolatile memory element EEPROM 613
The area indicated by a pointer (not shown) to be stored in can be switched, and the interface program downloaded when the card is issued can be stored in another storage part.

By using the switching button 621, the nonvolatile memory element E can display the plurality of interface programs already downloaded and the value of the held IC card as an IC card.
EPROM 613 and non-volatile storage element EEPROM 4
Switching can be performed by switching the area indicated by the pointer (not shown) stored in 3.

When there are a plurality of downloaded interface programs, the nonvolatile memory element EEPROM4
In order to properly operate the plurality of interface programs stored in No. 3 in non-contact transmission, it is important to define timing and the like. For example, initial response defined by ISO / ICE 10536-3, reset recovery time (T0), reset signal rise time (T1), data transmission preparation time (T2), stable logic time (T3) and ATR (An
swer to Reset) Control is performed by an interface program that also stores a value corresponding to the sending time (T4) and the like.

When the interface program is downloaded, the frequency and the modulation / demodulation method for communicating with the corresponding reader / writer are simultaneously designated. The frequency and the modulation / demodulation method are stored in the nonvolatile memory element EEPROM 43 of the non-contact IC card module, and the corresponding demodulation circuit (n) 522 or demodulation circuit (n + 1) 523 is selected.

Although the operation button 620 of the present invention is an independent button, it can be replaced by operating the input key 618.

Also, the warning button 62 of the mobile communication terminal 10
By operating 2, the warning mode can be set.

The subscriber line number for notifying the card issuing server device 14 of the warning via the subscriber line is used as the nonvolatile memory element EEPRO of the mobile communication terminal 10 when the card is issued.
It is stored in M613.

When in the warning mode, the service device 16
Card service server 14 via the subscriber line corresponding to the mobile communication terminal 10 when receiving a service via
To send a warning notification.

Although the warning button 622 of the present invention is an independent button, it can be replaced by operating the input key 618.

In order to notify the card issuing server device 14 of a warning, it is possible to notify the card issuing server device 14 of the warning mode during the authentication process without using the subscriber line.

Also, the input key 618 of the mobile communication terminal 10
You can also enter your IC card PIN to authenticate yourself.

As described above, the mobile communication terminal 10 of the present invention is provided.
According to the recognition system of the present invention, even if the non-contact IC card module is connected to another mobile communication terminal 10,
Can be recognized as a modification and cannot be used illegally.

Further, it is possible to provide the same function as having all the IC cards of different systems collectively, and to reduce the number of stored sheets by integrating it with the mobile communication terminal 10 which will be increasingly indispensable as a personal communication tool in the future. realizable.

By integrating the non-contact IC card module with the mobile communication terminal 10, it becomes possible to issue a warning against unauthorized use by anyone other than the legitimate user of the mobile communication terminal 10.

FIG. 8 is a block diagram showing the configuration of the reader / writer device of this embodiment, and FIG. 9 is a flowchart for explaining the operation of the reader / writer device.

The transmission signal processing circuit 138 of the reader / writer device 12 creates a signal and the modulation circuit (n) 1 of the transmission unit 136 is generated.
The signal is modulated by 44 and sent to the antenna 134 via the transmission magnetic field processing circuit 143, and the non-contact IC is generated in the magnetic field generated there.
The card module is inserted and the change in the magnetic field is demodulated on the non-contact IC card module side to obtain a signal.

In the reception of the reader / writer device 12, a signal obtained by modulating the output data on the non-contact IC card module side is received by the antenna 134, and the change of the obtained magnetic field is received via the receiving magnetic field processing circuit 141 of the receiving section 135. The demodulation circuit (n) 142 demodulates it and the reception signal processing circuit 137 demodulates it to receive the data from the IC card side. This data is sent to the card issuing server device 14 via the host device connection unit 139.

The non-contact IC card converts electric power into electric power by using the magnetic field supplied by the reader / writer as energy, but the non-contact IC card module 15 converts the electric power into the mobile communication terminal 10.
Power is supplied from.

As a means for notifying the non-contact IC card module, the information including the subscriber ID is transmitted to the reader / writer device 12 at the timing of the beginning of connection.

Details of control of the reader / writer device 12 and the non-contact IC card module 15 are confidential information determined by the card issuer.

When communicating with the mobile communication terminal 10, when reaching a signal level at which communication is possible, the reader / writer device 12 is notified of information that the contactless IC card module communicates. In the reader / writer device 12, during the timing of the reset process in the non-contact IC card prior to the information notified by the initial response ATR (Answer to Reset) specified by, for example, ISO / ICE 10536-3, which is created by the normal IC card. Based on the notified information, a combination of unique information set at the time of manufacturing the mobile communication terminal stored in the card issuing server device 14 and a non-contact IC card module secret key, and a non-rewritable non-volatile storage element of the mobile communication terminal 10. The control procedure is switched to a control procedure different from the normal IC card authentication for verification using the combination of the unique information of the mobile communication terminal 10 set to the above and the information related to the non-contact IC card module secret key.

The above procedure is controlled by the control program of the reader / writer device 12 stored in the nonvolatile memory element ROM 133 of the reader / writer device 12 or the EPROM 132.

FIG. 9 shows the operation of the reader / writer device 12.

First, in step S91, the mobile communication terminal 10 exists within the non-contact IC card communicable range of the reader / writer device 12, and a connection request is issued to the reader / writer device 12 by the subscriber ID of the mobile communication terminal 10. Is being transmitted. When the connection request based on the subscriber ID has not been received, the process proceeds to step S92, and then to the process for connection and authentication with a normal contactless IC card (steps S93 and S94).

When the connection request by the subscriber ID is received in step S91, the process proceeds to step S95.

In step S95, the authentication processing corresponding to the contactless IC card module is performed by the card issuing server device 14 via the card issuing machine 13 or the service device 16 which is a higher-level device, and data communication is executed in step S96.

[0127]

According to the recognition system of the present invention, even if the non-contact IC card module is connected to another mobile communication terminal, it can be recognized as a modification and cannot be illegally used. These are the mobile communication which sets the card issuing server device and the mobile communication terminal with the unique information of the mobile communication terminal set at the time of manufacturing the mobile communication terminal and sets the verification of the mobile communication terminal at the time of manufacturing the mobile communication terminal. This is because by carrying out without exchanging the unique information of the terminal, information leakage is prevented, and forgery and alteration cannot be performed.

According to the non-contact IC card module of the present invention, it is possible to provide the same function as having a batch of IC cards of different systems, and to integrate it with a mobile communication terminal which will be indispensable as a personal communication tool in the future. By doing so, the number of stored sheets can be reduced. These are because a plurality of interface programs can be stored in the mobile communication terminal and the interface programs can be selected.

Although the IC card has high confidentiality and security,
If the IC card is stolen or lost, there is a risk of suffering a great loss. Moreover, if the number of IC cards is large, the risk of loss increases. According to the present invention, it suffices to manage a mobile communication terminal, which is essential as a personal communication tool, and the risk of loss is greatly reduced.

Further, by integrating the non-contact IC card module with the mobile communication terminal, it becomes possible to issue a warning against unauthorized use by anyone other than the legitimate user of the mobile communication terminal. Stop the service or give a warning to the service equipment, take appropriate measures against unauthorized users, such as personal authentication by taking pictures,
It becomes possible to take such measures as evidence when requesting a payment against an unauthorized user at a later date.

[Brief description of drawings]

FIG. 1 is a diagram showing a concept of a communication system including an IC card authentication server device and a mobile communication terminal according to an embodiment of the present invention.

FIG. 2 is a diagram showing a concept of an IC card issuing system including an IC card authentication server device and a mobile communication terminal according to the embodiment of the present invention.

FIG. 3 is a flowchart illustrating an operation of the IC card issuing system including the IC card authentication server device and the mobile communication terminal according to the embodiment of the present invention.

FIG. 4 is a diagram showing a concept of an IC card verification system including an IC card authentication server device and a mobile communication terminal according to the embodiment of the present invention.

FIG. 5 is a flowchart illustrating an operation of the IC card verification system including the IC card authentication server device and the mobile communication terminal according to the embodiment of the present invention.

FIG. 6 is a block diagram illustrating a mobile communication terminal according to the present embodiment.

FIG. 7 is a block diagram illustrating a non-contact IC card module according to this embodiment.

FIG. 8 is a block diagram showing a configuration of a reader / writer device of the present embodiment.

FIG. 9 is a flowchart illustrating an operation of the reader / writer device according to the present embodiment.

[Explanation of symbols]

49, 140, 619 buses 720 antenna

Claims (8)

[Claims] 1. A unique information storage means for storing unique information of a plurality of mobile communication terminals, a random number generator for generating a random number to be supplied to the mobile communication terminal, and a unique information read from the unique information storage means. Arithmetic means for arithmetic operation using information and a random number output from the random number generator; receiving means for receiving an arithmetic result from the mobile communication terminal supplied with a random number from the random number generator; arithmetic operation of the arithmetic means An IC, comprising: an authentication unit that compares the result with the output of the receiving unit to authenticate that the mobile communication terminal is an IC card.
Card authentication server device. 2. Unique information storage means for storing unique information of a plurality of mobile communication terminals and secret keys of IC card modules in the respective mobile communication terminals in association with each other, and a random number supplied to the mobile communication terminals. A random number generator that generates a random number, an operation unit that performs an operation using the unique information and the secret key read from the unique information storage unit, and the random number output from the random number generator; and a random number is supplied from the random number generator. Receiving means for receiving the calculation result from the mobile communication terminal, and authentication for comparing the calculation result of the calculating means with the output of the receiving means to authenticate that the mobile communication terminal is valid as an IC card. And an IC
Card authentication server device. 3. A download means for downloading an interface program for controlling communication between the mobile communication terminal and a reader / writer device to the IC card module via the mobile communication terminal. 2. The IC card authentication server device described in 2. 4. A charging means for charging a subscriber line of the mobile communication terminal when it is authenticated as valid by the authenticating means.
3. The IC card authentication server device according to any one of 3 to 3. 5. A unique information storage means for storing unique information of the mobile communication terminal, a receiving means for receiving a random number from an IC card authentication server device, a unique information read from the unique information storage means and the reception. A mobile communication terminal comprising: an arithmetic means for arithmetic operation using a random number output from the means; and a transmission means for transmitting the arithmetic result of the arithmetic means to the IC card authentication server device. 6. A unique information storage means for storing unique information of the mobile communication terminal and a secret key of an IC card module in the mobile communication terminal, and a receiving means for receiving a random number from the IC card authentication server device. Arithmetic means for arithmetic operation using the inherent information and secret key read from the inherent information storage means and the random number output from the receiving means, and a transmitting means for transmitting the arithmetic result of the arithmetic means to the IC card authentication server device. A mobile communication terminal comprising: 7. The mobile device according to claim 5, wherein the receiving means receives an interface program for controlling communication between the mobile communication terminal and the reader / writer device from the IC card authentication server device. Body communication terminal. 8. A warning button operated by a user is further provided, and the transmission means transmits information indicating that the warning button has been operated to the IC card authentication server device by operating the warning button. 6. The method according to claim 5, wherein
7. The mobile communication terminal according to any one of 7 to 7.