JP2003203207A - Ic card issuing device and ic card issuing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an IC card issuing device and method capable of immediately issuing an IC card such as credit card of one unit every user in a store or the like. <P>SOLUTION: A PC 10 set in a member store executes a data exchange with a card issuing company through a communication part 14 and an external communication line 40 while ensuring the security by use of a HSM 20. The PC 10 realizes the acquisition of the credit examination and prescribed input data necessary for the issuing of the IC card 100 by the data exchange. The PC 10 immediately issues the IC card 100 of one unit on the basis of the acquired input data. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention generally relates to an IC card issuing device and an IC card issuing apparatus which can be used for issuing IC cards.
The present invention relates to a C card issuing method, and more particularly to a technology capable of issuing IC cards requiring a security function in units of one.

[0002]

2. Description of the Related Art Conventionally, I such as a credit card is used.
C card (card-shaped recording medium incorporating an integrated circuit)
Since high security is required, an IC card issuing method issued by a large-scale card issuing system is general.

[0003] The card issuing company executes admission examination (credit examination) based on the application form (application form) of the credit card entered by the user, and if the examination result is acceptable, shifts to the following card issuing processing. To do.

First, the card issuing company creates personal data of the user (input data to be recorded on the card) and provides it to the card issuing system. The card issuing system is generally managed by a printing company other than the card issuing company, and has a large card issuing machine that can issue a large number of IC cards at one time. The card issuing system is
An IC card in which signature data for card authentication (card unique data) and personal data provided by a card issuing company are edited and written is issued. Since the issued IC card identifies each user, it is generally distributed to each user by registered mail.

[0005]

The conventional IC card issuing method requires large equipment and is unsuitable for issuing a small number of cards in terms of cost. Further, it takes a considerable time for the actually issued IC card to be delivered to each user.

From a business point of view, it is desirable to be able to immediately issue a single IC card in response to a user's request when paying for payment at a store or the like. However,
Issuing IC cards used as credit cards
Credit screening procedures and high-level security functions are required, so simply installing a small card issuing machine in a store cannot realize this.

Therefore, an object of the present invention is to provide an IC such as a credit card for each user in a store.
Cards can be issued immediately in a highly secure environment I
It is to provide a C card issuing device and a method thereof.

[0008]

SUMMARY OF THE INVENTION A viewpoint of the present invention is to provide a credit examination required for issuing an IC card according to a user's application.
Also, a series of procedures for converting specified input data into recording format data of the recording format of the IC card standard and recording it on the IC card can be executed with a high degree of security, and one IC card can be immediately issued. IC card issuing device and method thereof.

The invention according to claim 1 is an IC from a user.
During data transmission / reception between the means for accepting application data accompanying a card issuance application and the external system that executes the credit screening process required for IC card issuance, the application data is sent and the predetermined input created by the external system A security means for realizing a security function at the time of receiving data, a conversion means for converting input data received from an external system into recording format data of an IC card standard recording format, and a recording format obtained by the conversion means. The IC card issuing apparatus includes a recording unit that records data in an IC card to be issued.

With such a configuration, for example, a small IC card issuing device is installed in each member store that has a member contract with the card issuing company, and an external system managed by the card issuing company is installed. Various types of data exchange required for card issuance can be performed while ensuring security. Therefore, in the member store, it becomes possible to immediately issue an IC card corresponding to a credit card or the like in units of one in response to a user's application.

According to a second aspect of the present invention, in the IC card issuing device, the security means performs an encryption process at the time of transmitting the application data, and when receiving the input data encrypted and transmitted from an external system. This is a configuration having an encryption unit for executing a decryption process.

With such a configuration, by providing the encryption unit which is the encryption / decryption device, the security function of data exchange required for issuing the IC card can be realized.

According to a third aspect of the invention, in the IC card issuing device, there is provided communication means for transmitting the recording format data converted by the converting means, and the recording means has the recording format data transmitted by the communication means. Is received and is recorded in the IC card to be issued.

With such a configuration, the card writer unit issues a command format file of, for example, a command format of the IC card standard converted from input data provided by an external system managed by the card issuing company. It can be recorded on the target IC card.
Here, the command format means that the command group is one file per one card, that is, the file format.

According to a fourth aspect of the present invention, in the IC card issuing device, an IC card in which signature data for card authentication is recorded in advance is used, and card authentication processing is performed based on the signature data read from the IC card. Is a configuration having means for executing.

With such a configuration, the IC card in which only the signature data is recorded is distributed from the card issuing company to each member store in which the IC card issuing device is installed, so that each member store has an IC. Using the card issuing device,
IC card authentication processing can be performed.

According to a fifth aspect of the present invention, there is provided a security function unit for executing encryption and decryption processing, a writer function for recording data in an IC card, and a reader function for reading recorded data from the IC card. A card recording / reproducing unit having a security function unit, a card recording / reproducing unit, and a communication means for executing data transmission / reception between an external system for executing a credit examination process necessary for issuing an IC card, and a user. Of I
Accept the application data accompanying the C card issuance application, and
A terminal for executing a predetermined data process for issuing a C card, the terminal using communication means to encrypt the received application data with the security function unit, and the encryption. A function of transmitting the applied application data to the external system, a function of receiving predetermined input data created by the external system using the communication means, and decrypting it by the security function unit,
A function of converting the decrypted input data into a command format file of a command format of the IC card standard, and a command format file converted by the conversion means using a communication means is transmitted to the card recording / reproducing unit, and is issued. I
The IC card issuing device is configured to realize a function of recording the command format file on a C card.

With such a configuration, for example, a personal computer having a communication means with an external system managed by a card issuing company is mainly used, a card reader / writer device as a card recording / reproducing unit, and a hardware as a security function unit. It is possible to provide a small IC card issuing device including an encryption / decryption device configured by hardware.

The invention according to claim 6 uses an IC card in which signature data for card authentication is recorded in advance, and performs the credit examination process and the IC required for issuing the IC card.
An IC card issuing method using an IC card issuing device having a communication function for executing data communication with an external system for creating input data to be recorded in a card, wherein an application for an IC card issuing application from a user is made. The step of receiving the data, the step of transmitting the application data to the external system and executing the credit examination process, the step of receiving the input data transmitted from the external system, and the step of receiving the input data by the receiving step of the IC card standard I comprising a step of converting the recording format data of a recording format into recording format data and a step of recording the recording format data obtained by the converting step in the IC card to be issued.
This is a C card issuing method.

With such an IC card issuing method,
For example, the card issuing company only distributes the IC card in which only the signature data is recorded and the small IC card issuing device to each member store that has signed the member contract, and the application of the user is made at the member store. Accordingly, it becomes possible to immediately issue an IC card equivalent to a credit card or the like in units of one.

According to a seventh aspect of the present invention, in the IC card issuing method, the IC card issuing device has a security function unit for executing encryption and decryption processing,
In the step of transmitting the application data to the external system and executing the credit examination process, the application data is encrypted by the security function unit and transmitted, and in the step of receiving the input data transmitted from the external system, encrypted by the external system. The security function unit decrypts the encrypted input data.

With such an IC card issuing method,
A security function for exchanging data required for issuing an IC card can be realized between an IC card issuing device installed in a member store and an external system managed by the card issuing company.

According to an eighth aspect of the present invention, in the public key system in which the public key data and the secret key data are a pair of combined key data, the signature data encrypted by the public key data and the source of the signature data. It is an IC card having a storage area in which only card authentication data including data is recorded, and a storage area in which various data set based on an application can be recorded.

I in which only such signature data is recorded
For example, when a card issuing company distributes a C card to each member store, a small IC card issuing device installed in each member store can immediately issue an IC card equivalent to a credit card or the like. It becomes possible to guarantee the card authentication function.

[0025]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a block diagram showing a main part of an IC card issuing device according to the embodiment, FIG. 2 is a diagram for explaining a software configuration of the device, and further, FIG.
FIG. 3 is a flowchart for explaining the outline of the IC card issuing method according to the same embodiment.

(Outline of IC Card Issuing Method) In the same embodiment, in each member store that has signed a member store contract with the card issuing company, a so-called simple or small IC card issuing device (hereinafter, may be referred to as issuing PC). In some cases, a mechanism for issuing an IC card that functions as a credit card in units of one sheet in response to a user's application is assumed.
Hereinafter, with reference to the flowchart of FIG. 3, a schematic procedure of issuing the IC card of the embodiment will be described.

First, the card issuing company (corresponding to the card company in FIG. 3) distributes the IC card and the issuing PC required for the IC card issuing process to each member store (step S1). The IC card, as described below,
This is a card in which only signature data for card authentication is recorded in the IC. Specifically, only the signature data corresponding to the digital signature data according to the static data authentication (SDA) method is recorded on the IC card.

The issuing PC is roughly divided into a terminal device, which is the issuing device main body, and a kind of encryption / decryption device (encryption unit) called a hardware security module (HSM). The terminal device includes a personal computer (PC) equipped with software necessary for issuing an IC card, and a card reader / writer (hereinafter referred to as a card R /
W). The PC has a function of connecting to a system (server) managed by the card issuing company via a communication line and executing various data exchanges necessary for issuing the IC card.

The member store installs the distributed issuing PC in the store and normally stores a plurality of IC cards (step S11). The member store asks the user to fill out the required items on the card application form in response to the application from the user who came to the store. The PC can enter data on the card application form, for example, by OCR, and then the data in a predetermined format (application data)
To the system of the card issuing company (step S12).

The system on the card issuing company side executes a predetermined credit examination process based on the personal data of the user in the application data transmitted from the member store side to determine whether or not the issuance of the IC card is acceptable. Judge (steps S2, S
3). If the credit examination result is denial, the system on the card issuing company side notifies that to the PC on the member store side (NO in step S3). Upon receipt of this notice, the member store will receive an IC
The card issuance process is stopped and the user who applied is notified to that effect (YES in step S13).

On the other hand, if the result of the credit examination is acceptable, the system on the card issuing company side uses the personal data of the user in the application data, for example, in the EMV specification data format (TLV).
It is generated as input data (record data to be input to the IC card) of the structure) and transmitted to the PC of the member store (step S4). The PC of the member store converts the input data provided from the card issuing company side into a command format file in the command format of the IC card standard, and sends it to the card R / W. The card R / W is the I distributed by the card issuing company.
The received command format file is written to the C card 100 (only the signature data is recorded) (step S
14). When the issuing process is completed, the issuing PC of the member store
The serial number of the IC card 100 (set by the card issuing company) is transmitted to the system on the card issuing company side. The system on the card issuing company side manages the IC card (credit card) issued for each user at each member store along with the application data based on the provided serial number (step S5).

According to the above-described mechanism, in the member store, if the user's application is accepted and credit is accepted by the card issuing company, for example, an IC card functioning as a credit card is immediately issued. You can In short, it is possible to immediately issue a regular IC card, which has undergone the credit examination of the card issuing company, at the store for each user. Therefore, it is possible to realize a system that can issue an IC card in a highly secure environment at low cost and in a short time without requiring a large-scale card issuing machine or the like.

The IC card issuing mechanism of the embodiment will be described in detail below.

(Structure of IC Card Issuing Device) FIG. 1 is a block diagram showing the hardware structure of the issuing PC according to the embodiment.

The issuing PC is, as shown in FIG. 1, a PC 10 which is a terminal device main body, an HSM 20, and a card R / W3.
Has 0 and. The PC 10 includes a data input unit 11, a data processing unit 12, a storage unit 13, a communication unit 14, and a display unit 15.
Have.

The data input unit 11 has a function of inputting character data and the like input from an OCR (optical character reading device) in addition to the keyboard and mouse. The data processing unit 12 is a main element composed of a microprocessor (CPU) and software, and is for converting the input data of the IC card related to the embodiment into a command format file in the command format of the IC card standard. I
C card standard command conversion function (software) 12
Including 0.

The storage unit 13 is, for example, a file device such as a disk drive, and stores various data and files required for the IC card issuing process, particularly the command table 130 and the encryption table 131 required for the command conversion process of the IC card standard. To do. The communication unit 14 executes data transmission / reception between the PC 10 and an external device. As the external device, in addition to the HSM 20 and the card R / W 30, an external communication line 40 for connecting to the system of the card issuing company side
Also includes. The display unit 15 has a display screen that displays data input by the data input unit 11, data processed by the data processing unit 12, and the like.

The HSM 20 is a dedicated security device for executing encryption processing and decryption processing. As will be described later, the HSM 20 registers public key data (Pi) and secret key data (Sa) from the card issuing company. It will be distributed to each member store. The card R / W 30 stores the command format file transmitted from the PC 10 via the communication unit 14 in the IC card 10
It is a device for writing to 0 and reading data such as authentication signature data from the IC card 100.

(Software Configuration) FIG. 2 is a diagram showing the software configuration of the PC 10 shown in FIG. The data processing unit 12 executes the command conversion software 120 to input the input data (TLV structure of EMV specifications) 110.
Is converted into a command format file 150 (corresponding to a command file in FIG. 2) in the command format of the IC card standard. At this time, the data processing unit 12 uses the command table 130 and the encryption table 131 stored in the storage unit 13 to execute the command conversion process of the IC card standard. Further, the data processing unit 12 executes the communication software 140 and stores the command format file 150 created via the communication unit 14 in the card R / W 30.
Send to. Here, the communication software 140 is HS
The MSM 20 communicates with the M20, and for the data that needs to be encrypted in the command format file 150, the data encrypted by the HSM 20 is transmitted. In the embodiment, the command conversion software 12 originally developed by the inventors
Details of the command conversion algorithm regarding 0 and the TLV structure of the EMV specification of the input data 110 using a well-known technique will be omitted.

Next, with reference to FIGS. 4 to 8, the IC card issuing procedure of the embodiment will be specifically described.

(Processing of Card Issuing Company System) The system at the card issuing company side is a computer (server) that executes credit examination, input data generation, various data management, etc. necessary for IC card issuance work, and a security function. The hardware security module (HSM) for executing the encryption / decryption processing required for the above. Here, in order to distinguish the HSM included in the system from the HSM20 (referred to as HSMa) on the member store side,
For convenience, it is referred to as HSMi. The processing procedure of the card issuing company side system will be described below with reference to the flowchart of FIG.

First, as described above, the card issuing company distributes the issuing PC to the member stores. At this time, as shown in step S21 of FIG.
In, key data (Pa, Sa) that is a public key set for each member store is created. Also, in the HSMi on the card issuing company side, key data (P
i, Si) and key data (Ps, Ss). Here, the public key set is a set of public key data and secret key data.

The public key data (Pa) is registered in HSMi on the card issuing company side and used for encryption processing when transmitting input data to the member store side. Issuance P of member stores
C is the private key data (Sa) which is a pair with the public key data (Pa), and decrypts the received input data. This secret key data (Sa) is registered in HSMa on the member store side. The public key data (Pi) is H
It is registered in SMa and is used for encryption processing when transmitting the user's application data to the card issuing company side (step S22). The key data (Ps, Ss) is a pair used for card authentication processing. Public key data (P
s) is stored in the terminal device (PC 10) distributed to the member store (step S23). Here, in the system of the card issuing company, the private key data (Si) and the private key data (Ss) are naturally registered.

When the above is organized, as shown in FIGS. 5A to 5C, the key data created on the card issuing company side is HSMi on the card issuing company side, and HSMa is distributed to the member stores. (HSM20) and terminal (PC1
0) is registered.

The card issuing company side system of the card issuing company uses the created key data to execute a process of generating signature data necessary for the card authentication process of the IC card to be distributed to the member store side. This signature data corresponds to digital signature data based on the so-called static data authentication (SDA) method.

Specifically, signature data (SD (Si) obtained by encrypting card-specific data (AD) set for each IC card type (type for each credit card company) with secret key data (Si) is used. ) Is generated (step S24). Further, the public key data (Pi) paired with the secret key data (Si) is converted into the secret key data (S
The data encrypted in s) (denoted as Pi (Ss)) is generated (step S26). Then, these generated signature data (SD (Si)) and encrypted data (P
i (Ss)) and card unique data (AD) are stored in a predetermined storage area of the IC card (step S2).
5).

Through the above-mentioned processing, the card issuing company, as shown in FIGS.
M20), terminal (PC10), and usually a plurality of I
The C card 100 is distributed to each member store (see step S1 in FIG. 3). In addition, when issuing the IC card 100,
A so-called tamper resistant process is performed to protect the recorded signature data and the like from being illegally read and the data from being destroyed.

(Data Exchange Associated with IC Card Issuing Process) Next, referring to the flowchart of FIG. 6, regarding data exchange associated with the IC card issuing process between the member store and the card issuing company. explain.

First, on the side of the member store, when the user who visited the store fills in the necessary items on the card application form, the PC 10
The data input unit 11 of the above inputs the entry items of the card application form as application data from the OCR, for example (step S
31). The PC 10 uses the HSM 20 (HSMa) to encrypt the application data (including the user's personal data) with the public key data (Pi), and then issues the card via the communication unit 14 and the external communication line 40. It is transmitted to the company system (step S32).

Upon receiving the application data transmitted from the issuing PC of the member store, the card issuing company side system converts the received application data into secret key data (Si) which is a pair with the public key data (Pi). Decrypt (step S41). The card issuing company side system executes a predetermined credit examination process based on the user's personal data included in the application data (step S42). If the credit examination result is denial, as shown in FIG. 3, the IC card issuing process is stopped.

Here, assuming that the credit examination result is acceptable, the card issuing company side system inputs the user's personal data into, for example, the input data in the data format (TLV structure) of the EMV specification (record input to the IC card). Data). Further, the system of the card issuing company uses the input data as the public key data (P
It is encrypted in a) and transmitted to the issuing PC on the member store side (step S43).

When the PC 10 of the member store receives the input data provided by the system of the card issuing company, the HSM
20 (HSMa), the encrypted input data (including the user's personal data) is converted into secret key data (S
It is decrypted in a) (step S33).

Through the data exchange as described above, the member store side can obtain the input data in the data format (TLV structure) of the EMV specification including the user's personal data recognized by the credit examination.

(IC Card Issuing Process) Next, the actual IC card issuing process in the issuing PC of the member store will be described with reference to the flowchart of FIG.

The PC 10 sets the input data (TLV structure of the EMV specification) received and decrypted and the table files (command table 130 and encryption table 131) stored in advance in the main memory, and prepares for issuing processing. Is executed (step S51). The PC 10 determines the type of IC card to be issued (type of each credit card company) (step S52). Based on the determination result, the PC 10 determines that the command conversion software 120
Is started, and the input data is converted into a command format file of a command format set for each type of IC card (step S53).

When the command format file is generated by the conversion process, the PC 10 uses the encryption table 131 to extract the data required to be encrypted from the data included in the command format file (step S5).
5, S56 YES). The PC 10 transmits the data to the HSM 20 (HSMa) via the communication unit 14 to execute the encryption process (steps S59 and S60).

The PC 10 sends the command format file including the encrypted data to the card R via the communication unit 14.
/ W30 (step S57). Card R / W
Is the IC card 100 distributed by the card issuing company.
Write the command format file to (step S5
7). When the issuing process is completed, the PC 10 moves to a process of transmitting the serial number of the IC card (set by the card issuing company) to the system of the card issuing company (YES in step S58). As shown in FIG. 3, the card issuing company side system manages the IC card (credit card) issued for each user at each member store along with the application data based on the provided serial number.

As described above, in the member store, the data exchange necessary for the credit examination is executed with the card issuing company side in accordance with the application of the user who has come to the store, and when the credit examination is approved. , The IC that recorded the command format file that became the command format of the IC card standard on the spot
Cards can be issued. In this case, in the data exchange between the member store and the card issuing company side, since the encryption / decryption process is executed by using HSMa and HSMi provided in both sides, high security can be ensured. it can. Therefore, according to the embodiment, as a result, a small-sized and simple issuing PC installed in each member store is used for each user who has applied for a single card without requiring a large-scale IC card issuing device. An IC card can be issued immediately.

(Authentication process of IC card) Referring to the flowchart of FIG. 8 below, the issuing PC installed in each member store
The procedure for performing the authentication processing of the IC card will be described below.

First, the IC card given by the user is set in the card R / W 30, and the signature data SD (Si), the card unique data AD, and the encrypted data Pi (Ss) are read from the IC card ( Step S71).
From the IC card set in the card R / W 30 via the communication unit 14, the PC 10 receives the data from the IC card as shown in FIG.
The signature data SD (Si), the card unique data AD, and the encrypted data Pi (Ss) are read.

The PC 10 uses the public key data (Ps) already set by the card issuing company and the encrypted data (Ps).
The public key data (Pi) is decrypted from i (Ss)) (step S72). Here, public key data (Ps)
Is key data paired with the secret key data (Ss) used by the system issuing the card. And PC10
Is the decrypted public key data (Pi), which is the signature data (S) before being encrypted from the signature data (SD (Si)).
It is decrypted into D) (step S73). The PC 10 executes the collation process between the decrypted signature data (SD) and the card unique data (AD) (step S74).

Here, the signature data (SD (Si)) is
As described above, in the card issuing company side system of the card issuing company, the card unique data (AD) is encrypted with the secret key data (Si). Therefore,
Decrypted signature data (SD) and card-specific data (A
If the collation result with D) is a match, the PC 10 determines that the authentication has succeeded (YES in step S74). On the other hand, if the verification results do not match, the PC 10 determines that the authentication has failed (NO in step S74).

As described above, if the IC card has the signature data SD (Si) recorded in the card issuing company side system of the card issuing company before being distributed to the member store, it is distributed to the member store. The card authentication process can be executed immediately using the issuing PC. In other words, if the card issuing company distributes the IC card recording only the signature data SD (Si) to each member store, the authentication function of the IC card issued by the member store can be surely guaranteed.

[0065]

As described in detail above, according to the present invention, it is possible to provide an IC card issuing apparatus and method capable of immediately issuing one IC card in a state where a high level of security is ensured. .

Specifically, in the case of the invention according to claim 1, for example, a small IC card issuing device is installed in each of the member stores that have signed a member contract with the card issuing company,
Various types of data exchange required for card issuance can be performed while maintaining a high security environment with an external system managed by the card issuer. Therefore, in the member store, it becomes possible to immediately issue an IC card corresponding to a credit card or the like in units of one in response to a user's application. According to the second aspect of the present invention, by providing the encryption unit which is the encryption / decryption device, the security function of data exchange necessary for issuing the IC card can be realized. According to the third aspect of the present invention, the card writer unit issues a command format file in a command format of, for example, an IC card standard converted from input data provided by an external system managed by a card issuing company, for example. Can be recorded on the IC card. According to the invention of claim 4, the IC card in which only the signature data is recorded is distributed from the card issuing company to each member store in which the IC card issuing device is installed, so that each member store has an IC card. The issuing device can be used to perform authentication processing of the IC card.

Further, in the invention according to claim 5, for example, a terminal such as a personal computer having a communication means with an external system managed by a card issuing company is mainly used, and a card reader / writer device as a card recording / reproducing unit. It is possible to provide a small IC card issuing device including an encryption / decryption device configured by hardware as a security function unit. In the invention according to claim 6, for example, the card issuing company only distributes the IC card in which only the signature data is recorded and the small IC card issuing device to each member store that has concluded the membership contract. Then, at the member store, it is possible to immediately issue an IC card corresponding to a credit card or the like in units of one sheet in response to a user's application. According to the invention of claim 7, an IC card issuing device installed in a member store,
ICs with external systems managed by the card issuer
A security function for exchanging data required for card issuance can be realized. Further, in the invention according to claim 8, for example, when the card issuing company distributes to each member store, a small IC card issuing device installed in each member store corresponds to one credit card or the like. IC
The card can be issued immediately and the card authentication function can be guaranteed.

[Brief description of drawings]

FIG. 1 is a block diagram showing a hardware configuration of an IC card issuing device according to an embodiment of the present invention.

FIG. 2 is an exemplary view for explaining a software configuration of the IC card issuing device according to the embodiment.

FIG. 3 is a flowchart for explaining an outline of an IC card issuing method according to the same embodiment.

FIG. 4 is an exemplary flowchart for explaining a processing procedure of the card issuing company system according to the embodiment.

FIG. 5 is an exemplary view for explaining a key data storage destination according to the embodiment;

FIG. 6 is a flowchart for explaining a procedure of data exchange between a member store and a card issuing company according to the same embodiment.

FIG. 7 is an IC of an IC card issuing device according to the embodiment.
The flowchart for demonstrating the procedure of a card issuing process.

FIG. 8 is an exemplary flowchart for explaining an IC card authentication processing procedure according to the embodiment.

[Explanation of symbols]

10 ... Terminal (personal computer) 11 ... Data input section 12 ... Data processing unit 13 ... storage unit 14 ... communication section 15 ... Display 20 ... Encryption / Decryption Device (HSM) 30 ... Card reader / writer (card R / W) 40 ... External communication line

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06K 19/10 G06K 19/00 N H04L 9/32 H04L 9/00 675B (72) Inventor Sanraku Gaku Tokyo 1-5-1 Taito, Taito-ku, Tokyo F-term in Toppan Printing Co., Ltd. (reference) 5B035 AA15 BB09 BB11 CA29 5B058 CA01 KA02 KA11 KA33 KA35 YA20 5B085 AA08 AE12 AE29 BA07 5J104 AA08 LA03 LA06 PA10

Claims (8)

[Claims] 1. When transmitting the application data in the data transmission / reception between the means for accepting the application data accompanying the IC card issuance application from the user and the external system for executing the credit examination processing required for the IC card issuance. And a security means for realizing a security function at the time of receiving the predetermined input data created by the external system, and the input data received from the external system by an IC
An IC card issuing device comprising: a conversion unit for converting into a recording format data of a recording format of a card standard; and a recording unit for recording the recording format data obtained by the conversion unit into an IC card to be issued. 2. The encryption means for executing encryption processing at the time of transmitting the application data and decryption processing at the time of receiving the transmitted input data encrypted from the external system. The IC card issuing apparatus according to claim 1, further comprising a unit for use. 3. A communication means for transmitting the recording format data converted by the converting means, wherein the recording means receives the recording format data transmitted by the communication means, and stores the data in the IC card to be issued. The IC card issuing device according to claim 1, further comprising a card writer unit for recording. 4. The IC card in which signature data for card authentication is recorded in advance is used, and means for executing a card authentication process based on the signature data read from the IC card is provided. The IC card issuing device according to claim 1. 5. A card recording / reproducing unit having a security function unit for executing encryption and decryption processing, a writer function for recording data in an IC card, and a reader function for reading recorded data from the IC card. And a communication means for executing data transmission / reception among the security function unit, the card recording / reproducing unit, and an external system for executing a credit examination process necessary for issuing an IC card, and issuing an IC card from a user. A terminal that receives application data accompanying an application and executes predetermined data processing for issuing an IC card, wherein the terminal uses the communication unit to transmit the received application data to the security. It is encrypted by the functional unit and the encrypted application data is sent to the external system. Function, a function of receiving predetermined input data created by the external system using the communication unit, and decrypting the input data by the security function unit, and the decrypted input data of an IC card standard. A function for converting a command format into a command format file, and using the communication means, the command format file created by the conversion means is transmitted to the card recording / reproducing unit, and the command format file is issued to the IC card to be issued. An IC card issuing device, which is configured to realize a function of recording the. 6. An external system that uses an IC card in which signature data for card authentication is recorded in advance, and performs a credit examination process necessary for issuing the IC card and creates input data to be recorded in the IC card. Using an IC card issuing device having a communication function for executing the data communication of I
A method of issuing a C card, the step of accepting application data accompanying an IC card issuance application from a user, the step of transmitting the application data to the external system and executing the credit examination process, the external system Receiving the input data transmitted from the IC, the input data received in the receiving step
An IC card issuing method comprising a step of converting into recording format data of a recording format of a card standard, and a step of recording into the IC card to be issued the recording format data obtained by the converting step. . 7. The IC card issuing device has a security function unit that executes encryption and decryption processing, and in the step of transmitting the application data to the external system and executing the credit examination processing, In the step of encrypting and transmitting the application data by the security function unit and receiving the input data transmitted from the external system, the security function unit decrypts the input data encrypted by the external system. 7. The IC card issuing method according to claim 6, wherein. 8. In a public key system using public key data and secret key data as a pair of combined key data, card authentication having signature data encrypted with the public key data and original data of the signature data. An IC card having a storage area in which only data for use is recorded and a storage area in which various data set based on the application can be recorded.