JP2005311877A - Data communication system, data communication method and data communication unit - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable safely recording electric money or other value information read by an IC card via a secured non-contact interface. <P>SOLUTION: In order to read data stored in the IC card safely, the data in the IC card is enciphered and read, and the enciphered data is decrypted afterward. Since there are two steps of reading data, data is accumulated safely while a configuration of IC card reading device remains simple, and reading speed of IC card can be improved. The IC card is set up to an operation mode to encipher readout data in response to mode switching order. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data communication system, a data communication method, and a data communication apparatus for performing data communication between data communication apparatuses having a relatively large memory area, and more particularly to encrypted data using a non-contact IC card interface. The present invention relates to a data communication system, a data communication method, and a data communication apparatus for performing data communication between data communication apparatuses that perform transmission.

  More specifically, the present invention is applied to an electronic money system using an IC card, and is a data communication system that performs settlement processing by notifying an external device such as a POS (Point Of Sales) register of the amount paid by electronic money. And a data communication method, a data communication apparatus, a data communication system, a data communication method, and a data communication apparatus, which securely record electronic money and other value information read from an IC card via a secure non-contact interface .

  Non-contact / proximity communication systems represented by IC cards are widely used because of their ease of operation. For example, by storing PIN code, other personal authentication information, value information such as electronic tickets in an IC card, visitors and passengers at cash dispensers, entrances to concert venues, ticket gates at stations, etc. Authentication processing can be performed.

  This type of wireless communication is generally realized based on the principle of electromagnetic induction. That is, an IC card having a memory function and a card reader / writer that performs read / write access to the memory of the IC card, a loop coil on the IC card side as a primary coil and a card as a secondary coil The antenna on the reader / writer side forms one transformer as a system. Then, power and information are similarly transmitted from the card reader / writer side to the IC card by electromagnetic induction, and the IC card side is driven by the supplied power to generate an inquiry signal from the card reader / writer side. You can respond to it. Therefore, the IC card itself does not need to have a driving power source such as a battery (for example, see Non-Patent Document 1).

  As a general method of using an IC card, a user holds the IC card over a card reader / writer connected to a POS terminal. The card reader / writer side always polls the IC card, and when an external IC card is found, the communication operation between the two starts.

  At this time, the user inputs the personal identification number to the IC card reader side and collates the input personal identification number with the personal identification number stored on the IC card, so that the IC card and the IC card reader / writer can be compared. The identity verification or authentication process is performed. (The personal identification number used when accessing the IC card is particularly called PIN (Personal Identification Number).)

  When the identity verification or authentication process is successful, for example, settlement processing is performed using value information such as electronic money stored in the IC card. Data transmission operations such as data writing or data reading to the IC card are appropriately performed by encrypted communication according to the security level.

  As a typical application example of an IC card, use in an electronic money system can be cited (for example, see Patent Document 1). In this type of system, when electronic money is recorded on an IC card, which is a portable information terminal, and payment is made with this electronic money, the IC card record is updated by the terminal of the store. Reduce electronic money. In addition, directly or temporarily recorded from a point-of-sale (POS) terminal of the store, the payment by the IC card is notified to the management center, and the approval process is executed by the management center.

  That is, according to such an electronic money system, the processing can be terminated by notifying the amount of money paid by the electronic money to an external device such as a POS register, thereby reducing the burden on the operator. Malfunctions can be prevented.

  In recent years, IC cards having a relatively large capacity memory have appeared along with improvements in miniaturization technology. According to an IC card with a large-capacity memory, a file system can be expanded in the memory space and a plurality of applications can be stored simultaneously, so that one IC card can be used for a plurality of purposes. it can. For example, by storing multiple applications such as multiple types of electronic money issued by each service provider and multiple types of electronic tickets on a single IC card, various types of IC cards can be used. It can be applied to various uses. Note that the electronic money and electronic ticket referred to in this specification refers to a mechanism in which payment (electronic payment) is made through electronic data issued according to funds provided by the user, or such electronic data itself.

JP 2001-222765 A Klaus Finkenzeller "RFID Handbook Principles and Applications of Contactless IC Cards" (Nikkan Kogyo Shimbun, Inc. ISBN4-526-04701-5)

  Here, consider security in an electronic money system using an IC card and a POS terminal. Although value information such as electronic money and electronic tickets has cash-like value, the entity is digital data, and it is easy to tamper with or copy, so security is required at each stage of system operation. Need to be maintained.

  By adopting a tamper-resistant hardware configuration, the IC card itself can almost completely protect the value information stored therein from fraudulent acts such as tampering and leakage. Therefore, the IC card can be used as a safe storage place for highly cashable digital data having value equivalent to cash, that is, value information such as electronic money and electronic tickets.

  In addition, since the IC card and the card reader / writer are coupled by a secure encrypted data transmission path using a non-contact IC card interface, the card reader / writer is accessing the IC card during the operation. Data tampering and leakage can be prevented as well.

  Then, electronic money and other value information read out from the IC card via the card reader / writer are temporarily stored in the POS terminal and then periodically taken out by the service operator.

  However, in such a service operation form, a POS terminal that accumulates value information also requires tamper resistance similar to or higher than that of an IC card, resulting in an increase in device cost. The increase in cost may eventually stop the spread of the electronic money service.

  The present invention has been made in view of the above-described technical problems, and its main object is to suitably perform data communication between data communication apparatuses that transmit encrypted data using a contactless IC card interface. It is an object of the present invention to provide an excellent data communication system, data communication method, and data communication apparatus.

  A further object of the present invention is an excellent data which is applied to an electronic money system using an IC card, and can suitably perform a settlement process by notifying an external device such as a POS register of the amount paid by the electronic money. A communication system, a data communication method, and a data communication apparatus are provided.

  A further object of the present invention is to provide an excellent data communication system, data communication method, and data communication apparatus capable of safely recording electronic money and other value information read from an IC card via a secure non-contact interface. Is to provide.

The present invention has been made in consideration of the above problems, and is a data communication system for moving data from a data movement source device to a data movement destination device,
In response to the data read command from the data destination device, the data source device encrypts and returns the read data.
This is a data communication system. More specifically, the data movement source device and data movement destination device referred to in the present invention correspond to an IC card or a portable information device mounted with an IC chip having a function as a data carrier, and are based on electromagnetic induction. Data communication can be performed by a contact IC card interface.

  However, “system” here refers to a logical collection of a plurality of devices (or functional modules that realize specific functions), and each device or functional module is in a single housing. It does not matter whether or not.

  The data communication system according to the present invention is a data communication system that transmits encrypted data through a non-contact interface used in, for example, an IC card. In this case, the data movement source device corresponds to an IC card, and the data movement destination device corresponds to an IC card reader.

  As described above, an IC card (or an IC chip mounting machine) adopts a tamper-resistant hardware configuration, so that value information such as electronic money and electronic tickets, that is, a cash-equivalent value can be obtained. Used as a safe storage place for high digital data. In addition, since the IC card and the card reader / writer are coupled by a secure encrypted data transmission path using a non-contact IC card interface, the card reader / writer is accessing the IC card during the operation. Data tampering and leakage can be prevented as well.

  And value information such as electronic money read from the IC card via the non-contact interface is stored in the IC card reader, but the security of the stored data becomes a problem.

  In the present invention, in order to safely read the data stored in the IC card, the data in the IC card is once encrypted and read, and the encrypted data is decrypted later. As described above, by reading data in two stages, it is possible to safely store read data while simplifying the configuration of the IC card reader. In addition, it is possible to realize a high-speed reading process from the IC card.

  That is, the data movement source device has an encryption mode in which read data from the data movement destination device is encrypted and sent back, and performs mode switching in response to a mode switching command from the data movement destination device.

  The data read command stores a key for encrypting read data. Then, the data movement source device encrypts the read data using the key stored in the data read command and sends it back.

  The data transfer destination device encrypts and transmits the data read command, and the mode switching command stores a key for decrypting the data read command.

  Further, the data source device has a predetermined service key, and the mode switching command is encrypted with the service key.

  According to the present invention, an excellent data communication system, data communication method, and data communication apparatus capable of suitably performing data communication between data communication apparatuses that perform transmission of encrypted data by a non-contact IC card interface are provided. Can be provided.

  In addition, according to the present invention, it is applied to an electronic money system using an IC card, and it is possible to suitably perform settlement processing by notifying an external device such as a POS register of the amount paid by electronic money. A data communication system, a data communication method, and a data communication apparatus can be provided.

  In addition, according to the present invention, an excellent data communication system and data communication method, and data communication capable of safely recording electronic money and other value information read from an IC card via a secure non-contact interface are provided. An apparatus can be provided.

  According to the present invention, in order to safely read data stored in the IC card, the data in the IC card is encrypted and read, and the encrypted data is decrypted later. By making data reading in two stages, it is possible to simplify the configuration of the IC card reader and to increase the speed of reading processing from the IC card.

  Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 schematically shows the configuration of a contactless IC card communication system to which the present invention can be applied.

  This contactless card system is composed of a card reader / writer 1, an IC card 2, and a controller 3. The card reader / writer 1 and the IC card 2 are contactless using electromagnetic waves, Data is transmitted and received. That is, the card reader / writer 1 transmits a predetermined command to the IC card 2, and the IC card 2 performs processing corresponding to the received command. Then, the IC card 2 transmits response data corresponding to the processing result to the card reader / writer 1.

  The card reader / writer 1 is connected to the controller 3 via a predetermined interface (for example, one that conforms to the RS-485A standard or the like). The controller 3 supplies a control signal to the card reader / writer 1 to perform a predetermined process.

  FIG. 2 shows a configuration example of the card reader / writer 1 shown in FIG.

  The IC chip module 21 includes a data processing unit (DPU) 31 that processes data, a signal processing unit (SPU) 32 that processes transmission signals to the IC card 2 and reception signals from the IC card 2, and a controller. A memory including an SCC (Serial Communication Controller) 33 that communicates with the CPU 3, a ROM unit 41 that stores information necessary for data processing in advance, and a RAM unit 42 that temporarily stores work data being processed These functional modules are interconnected via a bus. A flash memory 22 for storing predetermined data is also connected to this bus.

  The DPU 31 outputs a transmission command to the IC card 2 to the SPU 32, receives response data received from the IC card 2 from the SPU 32, and performs predetermined data processing.

  The SPU 32 performs a modulation process such as BPSK (BiPhase Shift Keying) on the transmission command to the IC card 2, and then outputs it to the modulation circuit 23 and receives response data from the IC card 2 from the demodulation circuit 25. Then, predetermined demodulation processing such as BPSK is performed on the data.

  The modulation circuit 23 performs ASK (Amplitude Shift Keying) modulation of a carrier wave having a predetermined frequency (for example, 13.56 MHz) supplied from the oscillator 26 with data supplied from the SPU 32, and generates a modulated wave from the antenna 27 as an electromagnetic wave. Is output to the IC card 2 as follows. At this time, the modulation circuit 23 performs ASK modulation with the degree of modulation less than 1. That is, the maximum amplitude of the modulated wave is prevented from becoming zero even when the data is at a low level.

  The demodulation circuit 25 demodulates the modulated wave (ASK modulated wave) received via the antenna 27 and outputs the demodulated data to the SPU 32.

  FIG. 3 shows a configuration example of the IC card 2 shown in FIG. This IC card includes an IC chip module 51 and an antenna 53 on a loop.

  The IC chip module 51 receives the modulated wave transmitted from the card reader / writer 1 via the antenna 53. The capacitor 52 constitutes an LC circuit together with the antenna 53, and is tuned (resonated) with an electromagnetic wave having a predetermined frequency (carrier frequency).

  The IC chip module 51 includes an RF interface unit 61, a calculation unit 64, and the like. The RF interface unit 61 includes an ASK demodulation unit 81, a voltage regulator 82, an oscillation circuit 83, and an ASK modulation unit 84. The ASK demodulator 81 detects and demodulates the modulated wave (ASK modulated wave) received via the antenna 53, and outputs the demodulated data to a BPSK demodulator circuit 62 and a PLL (Phase Locked Loop) 63. The voltage regulator 82 stabilizes the signal detected by the ASK demodulator 81 and supplies it to each circuit as DC power.

  Further, the RF interface unit 61 oscillates a signal having the same frequency as the data clock frequency by the oscillation circuit 83 and outputs the signal to the PLL unit 63. Then, the ASK modulation unit 84 changes the load of the antenna 53 as the power source of the IC card 2 corresponding to the data supplied from the calculation unit 64 (for example, turns on / off a predetermined switching element corresponding to the data) And a predetermined load is connected in parallel to the antenna 53 only when the switching element is in an ON state), whereby the modulated wave received through the antenna 53 is ASK-modulated, and the modulation component is transmitted through the antenna 53. To the card reader / writer 1. When transmitting data from the IC card 2, the card reader / writer 1 keeps the maximum amplitude of the modulated wave output from the card reader / writer 1, and this modulated wave is ASK-modulated by fluctuations in the load of the antenna 53. . Further, the terminal voltage of the antenna 27 of the card reader / writer 1 varies with the data transmission.

  The PLL unit 63 generates a clock signal synchronized with the data from the data supplied from the ASK demodulation unit 81 and outputs the clock signal to the BPSK demodulation circuit 62 and the BPSK modulation circuit 68.

  When the data demodulated by the ASK demodulator 81 is BPSK modulated, the BPSK demodulator circuit 62 demodulates the data in accordance with the clock signal supplied from the PLL unit 63 and outputs the demodulated data to the arithmetic unit 64. To do.

  When the data supplied from the BPSK demodulation circuit 62 is encrypted, the arithmetic unit 64 decrypts the data with the encryption / decryption unit 92 and then processes the data with the sequencer 91. If the data is not encrypted, the data supplied from the BPSK demodulation circuit 62 is directly supplied to the sequencer 91 without going through the encryption / decryption unit 92.

  The sequencer 91 performs processing corresponding to data as a command supplied thereto. For example, the sequencer 91 performs processing such as writing and reading of data with respect to an EEPROM (Electrically Erasable & Programmable ROM) 66.

  The parity calculation unit 93 of the calculation unit 64 calculates a Reed-Solomon code as parity from the data stored in the EEPROM 66 or the data stored in the EEPROM 66. Further, the arithmetic unit 64 performs predetermined processing by the sequencer 91 and then outputs response data (data to be transmitted to the card reader / writer 1) corresponding to the processing to the BPSK modulation circuit 68.

  The BPSK modulation circuit 68 performs BPSK modulation on the data supplied from the calculation unit 64, and outputs the modulated data to the ASK modulation unit 84 of the RF interface unit 61.

  The ROM 65 permanently stores a processing program to be executed by the sequencer 91 and other necessary data. The RAM 67 temporarily stores work data when the sequencer 91 performs processing.

  The EEPROM 66 is a non-volatile memory for storing a large number of applications such as electronic money for making an electronic payment on the IC card 2 and an electronic ticket for entering a specific concert venue. Used. Since the IC card 2 itself does not basically have a driving power source such as a battery, the IC card 2 retains data even after the communication with the card reader / writer 1 is terminated and the power supply is stopped or no power is supplied. A non-volatile memory such as EEPROM 66 that can continue is used.

  Next, data transmission / reception processing between the card reader / writer 1 and the IC card 2 will be described.

  The card reader / writer 1 emits a predetermined electromagnetic wave from the antenna 27, monitors the load state of the antenna 27, and waits until a change in the load state due to the approach of the IC card 2 is detected. Note that the card reader / writer 1 emits an ASK-modulated electromagnetic wave with a predetermined short pattern of data, and repeats a call to the IC card 2 until a response from the IC card 2 is obtained within a predetermined time. (Polling) may be performed.

  When the approach of the IC card 2 is detected in the card reader / writer 1, the SPU 32 of the R / W 1 uses the rectangular wave of a predetermined frequency (for example, a frequency twice as high as the data clock frequency) as a carrier wave. BPSK modulation is performed using data to be transmitted to 2 (commands corresponding to processing to be executed by the IC card 2 or data to be written to the IC card 2), and the generated modulated wave (BPSK modulation signal) is output to the modulation circuit 23.

  In BPSK modulation, data can be made to correspond to a change in the phase of the modulated wave by using differential conversion. In this case, even if the BPSK modulation signal is inverted, it is demodulated to the original data, so that it is not necessary to consider the polarity of the modulated wave when demodulating.

  The modulation circuit 23 performs ASK modulation on a predetermined carrier wave with an input BPSK modulation signal with a modulation factor of less than 1 (for example, 0.1) (= maximum amplitude of data signal / maximum amplitude of carrier wave), and generated modulation A wave (ASK modulated wave) is transmitted to the IC card 2 via the antenna 27.

  When transmission is not performed, the modulation circuit 23 generates a modulated wave at a high level, for example, of two levels (high level and low level) of the digital signal.

  In the IC card 2, in the LC circuit composed of the antenna 53 and the capacitor 52, a part of the electromagnetic wave radiated by the antenna 27 of the card reader / writer 1 is converted into an electric signal, and the electric signal (modulated wave) is converted into an IC. It is output to the RF interface 61 of the chip module 51. Then, the ASK demodulator 81 of the RF interface 61 performs envelope detection by rectifying and smoothing the modulated wave, and supplies the generated signal to the voltage regulator 82 and suppresses the DC component of the signal. The data signal is extracted, and the data signal is output to the BPSK demodulation circuit 62 and the PLL unit 63.

  The voltage regulator 82 stabilizes the signal supplied from the ASK demodulator 81, generates DC power, and supplies it to each circuit.

At this time, the terminal voltage V ₀ of the antenna 53 is, for example, as follows.

V ₀ = V ₁₀ (1 + k × V _s (t)) cos (ωt)

However, V ₁₀ cos (ωt) represents a carrier wave, k represents a modulation degree, and V _s (t) represents data output from the SPU 32.

The low level value V _LR of the voltage V ₁ after rectification by the ASK demodulator 81 is, for example, as follows.

V _LR = V ₁₀ (1 + k × (−1)) − V _f

Here, V _f indicates a voltage drop in a diode constituting a rectifier circuit for performing rectification and smoothing in the ASK demodulator 81, and is generally about 0.7 volts.

  When the voltage regulator 82 receives the signal rectified and smoothed by the ASK demodulator 81, the voltage regulator 82 stabilizes the signal and supplies it as DC power to each circuit including the arithmetic unit 64. Since the modulation degree k of the modulated wave is less than 1, the voltage fluctuation after rectification (difference between high level and low level) is small. Therefore, DC power can be easily generated in the voltage regulator 82.

For example, when a modulated wave having a modulation degree k of 5% is received so that V ₁₀ is 3 volts or more, the low level voltage V _LR after rectification is 2.15 (= 3 × (1-0.05). ) −0.7) volts or more, and the voltage regulator 82 can supply each circuit with a voltage sufficient as a power source. In this case, the amplitude 2 × k × V ₁₀ (Peak-to-Peak value) of the AC component (data component) of the rectified voltage V ₁ becomes 0.3 (= 20.05 × 3) volts or more, and ASK The demodulator 81 can demodulate data with a sufficiently high S / N ratio.

  In this way, by using an ASK modulated wave having a modulation degree k of less than 1, communication is performed with a low error rate (in a high S / N ratio), and a sufficient DC voltage as a power source is applied to the IC card 2. Supplied.

  When receiving the data signal (BPSK modulated signal) from the ASK demodulator 81, the BPSK demodulator 62 demodulates the data signal in accordance with the clock signal supplied from the PLL unit 63, and outputs the demodulated data to the calculator 64. .

  When the data supplied from the BPSK demodulation circuit 62 is encrypted, the arithmetic unit 64 decrypts the data with the encryption / decryption unit 92 and then supplies the data (command) to the sequencer 91 for processing. It should be noted that the card reader / writer 1 is on standby while transmitting data having a value of 1 after the data is transmitted to the IC card 2 until a response is received. Therefore, during this period, the IC card 2 receives a modulated wave having a constant maximum amplitude.

  When the processing is completed, the sequencer 91 outputs data to be transmitted to the card reader / writer 1 to the BPSK modulation circuit 68. The BPSK modulation circuit 68 BPSK-modulates the data, like the SPU 32 on the card reader / writer 1 side, and then outputs the data to the ASK modulation unit 84 of the RF interface unit 61.

  The ASK modulation unit 84 can vary the load connected to both ends of the antenna 53 using a switching element. That is, by changing the load in accordance with the data from the BPSK modulation circuit 68, the received modulated wave is ASK modulated in accordance with the data to be transmitted, whereby the terminal voltage of the antenna 27 of the card reader / writer 1 is changed. The data is changed and transmitted to the card reader / writer 1.

  On the other hand, the modulation circuit 23 on the card reader / writer 1 side continues to transmit data having a value of 1 (high level) when receiving data from the IC card 2. Then, in the demodulation circuit 25, the data transmitted by the IC card 2 from the minute fluctuation (for example, several tens of microvolts) of the terminal voltage of the antenna 27 electromagnetically coupled to the antenna 53 of the IC card 2 is obtained. Detected.

  Further, in the demodulation circuit 25, the detected signal (ASK modulated wave) is amplified and demodulated by a high gain amplifier, and the resulting digital data is output to the SPU 32. The SPU 32 demodulates the data (BPSK modulation signal) and outputs it to the DPU 31. The DPU 31 processes the data from the SPU 32 and determines whether or not to end the communication according to the processing result.

  If it is determined that communication is to be performed again, communication is performed between the card reader / writer 1 and the IC card 2 in the same manner as described above. On the other hand, if it is determined that the communication is to be terminated, the card reader / writer 1 terminates the communication process with the IC card 2.

  As described above, the card reader / writer 1 transmits data to the IC card 2 by using the ASK modulation whose modulation degree k is less than 1. The IC card 2 receives the data, performs processing corresponding to the data, and returns data corresponding to the processing result to the card reader / writer 1.

  FIG. 4 schematically shows the control system configuration of the memory area in the IC card according to the present embodiment. As shown in the figure, this control system is basically implemented as a subsystem in the operating system, and is composed of a protocol interface part, an OS central part, and a file system.

  The protocol interface unit handles an access request to the file system from an external device via an external device interface such as UART 48, or an access request to the file system from a card read / write device via a non-contact IC card interface. To do.

  The central part of the OS performs decoding / encoding of data exchanged with the file system, error correction by CRC, etc., management of the number of rewrites for each block of the EEPROM 43, PIN verification, mutual authentication, and the like.

  Further, the OS central part includes several APIs (Application Programming Interfaces) to the file system such as PIN verification and mutual authentication at the time of file access, and file read / write.

  The file system has physical access to the EEPROM 43 as a file system entity. Since the physical access operation itself to a memory device such as an EEPROM is well known in the art, its description is omitted here.

  The memory area developed on the EEPROM 43 is composed of one or more file systems. In the initial state, the memory area is managed by a single file system managed by the original IC card issuer. When a service provider other than the IC card issuer divides a new file system from the memory area, both the authority to divide the memory area and authentication of the original IC card issuer are required. Once divided, access to the file system requires authentication not to the original IC card issuer but to the service provider of the file system itself. The division of the file system is the issue of a virtual IC card.

The OS manages a division authority key _Kd for permitting division. Also, for each file system, issuer and issuer key K _I of (original IC card issuer, or file divided carrier), and the system code, the area ID for identifying a file area is managed .

Access to the file system is performed through an area ID request by polling and a procedure of mutual authentication. The file system issuer (card issuer in the case of the original file system, service provider that uses the divided file system) first takes the system code that it knows as an argument. By polling the file system, the area ID on the memory area of the corresponding file system can be acquired. Then, perform mutual authentication using the issuer key K _I this area ID. When the mutual authentication is successful, access to the file system is permitted. Access to the file system, because performed by encrypted communication using the unique issuer key K _I to the file system and the appropriate issuer, other file systems or capture irrelevant data, issuer You cannot read or write to the file system without permission.

  Next, a data reading process using a non-contact interface in the IC card will be described.

  Here, a data communication system using a contactless IC card interface applied to an electronic money system is assumed.

  In this type of system, when electronic money is recorded on an IC card, which is a portable information terminal, and payment is made with this electronic money, the IC card record is updated by the terminal of the store. Reduce electronic money. In addition, directly or once recorded from the store terminal, the IC card payment is notified to the management center, and settlement processing is executed by the management center.

  Here, although value information such as electronic money and electronic tickets has a value equivalent to cash, its substance is digital data, and it is easy to tamper with or copy, so each time during system operation Security needs to be maintained at each stage.

  By adopting a tamper-resistant hardware configuration, the IC card itself can almost completely protect the value information stored therein from fraudulent acts such as tampering and leakage. In addition, since the IC card and the card reader / writer are coupled by a secure encrypted data transmission path using a non-contact IC card interface, the card reader / writer is accessing the IC card during the operation. Data tampering and leakage can be prevented as well.

  Then, electronic money and other value information read out from the IC card via the card reader / writer are temporarily stored in the POS terminal and then periodically taken out by the service operator. In such a service operation mode, a POS terminal that accumulates value information also requires tamper resistance similar to or higher than that of an IC card.

  On the other hand, in the data communication system according to the present invention, by introducing a mechanism capable of storing data read from the IC card in a safe state without performing special processing on the POS terminal, the apparatus cost is reduced. We decided to realize the secure use of electronic money without increasing the amount of money.

  FIG. 5 schematically shows the configuration of a data communication system according to an embodiment of the present invention. The illustrated system includes an IC card that can store user value information such as electronic money, an IC card reader that accesses the IC card via a non-contact IC card interface, and an IC card reader that stores the IC card. It comprises a data decoding device that decodes the read data.

  The IC card reader includes, for example, a POS terminal installed in a store and a card reader / writer connected to the POS terminal. The data decryption apparatus corresponds to a management center that directly or once records from a POS terminal in a store and processes payment by an IC card.

  The communication procedure between the IC card and the IC card reader is basically processed in real time by non-contact communication. In addition, the communication procedure between the IC card reader and the data decoder does not have to be real time, but is performed by non-real time processing.

  The IC card reading device uses a mode switching command and a data reading command for the IC card. The data read command includes a key for encrypting information as a result of reading data from the IC card. It also includes a key for decrypting the data read command.

  As a first operation procedure in the data communication system shown in FIG. 5, the IC card reader transmits a mode switching command for switching read data to the IC card.

The IC card has an encryption mode in which read data from the IC card reader is encrypted and returned. The IC card performs mode switching in response to a mode switching command from the IC card reader.

  The mode switching command is encrypted with the service key information stored in the IC card. The inside of this mode switching command includes key information for decrypting an encrypted data reading command transmitted to the subsequent IC card.

  The IC card can accept subsequent data reading commands by receiving the mode switching command.

  As a subsequent operation procedure, an encrypted data read command and a data read command are transmitted from the IC card reader to the IC card. The IC card returns the encrypted result as a response to the data read command, and the IC card reader receives this and temporarily holds it.

  Here, the key information for encryption of the return data is stored in the data read command. The result held in the IC card reader is data encrypted using the key stored in the data read command. For this reason, wiretapping to others can be prevented.

  Then, at the end of the series of operation procedures, the data held in the IC card reader is collected and transferred to the data decoder by non-real time processing. Then, the information of the IC card is obtained by decrypting the encrypted data in the data decrypting device.

  FIG. 6 shows an example of a data reading sequence in the data communication system according to the present embodiment. However, the IC card includes a memory that holds data to be read from the IC card reader and an encryption device that encrypts the data.

  First, in the operation procedure A- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card.

  As the next operation procedure A- (2), the IC card reader transfers a write command and plaintext write data to the IC card via the non-contact interface. On the IC card side, in response to the write command, the write data is encrypted and stored in the internal memory.

  Subsequently, in the operation procedure B- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card. To do. Then, the IC card reader issues a mode switching command to activate the read data encryption function according to the present invention for the IC card.

  As the next operation procedure B- (2), the IC card reader transfers the data read command to the IC card via the non-contact interface. On the IC card side, in response to the data reading command, the data stored in the memory in an encrypted state is read and returned to the IC card reading device via the non-contact interface.

  The IC card reader stores data read from the IC card safely as encrypted data. The read data from the IC card is valuable information such as electronic money and consists of highly cashable data, but since it is encrypted, there is no risk of unauthorized use such as tampering. Therefore, the IC card reader does not require a special hardware configuration such as tamper resistance.

  Thereafter, the encrypted data stored in the IC card reading device is transferred to the data decrypting device by non-real-time, off-line processing, and decrypted for data processing. The data decryption apparatus corresponds to, for example, a management center that processes payment by an IC card, and processes electronic money and other value information read from the IC card.

  As described above, according to the data reading sequence shown in FIG. 6, in order to safely read the data stored in the IC card, the data in the IC card is read after being encrypted and later encrypted by the data decryption device. The data reading operation of decoding the converted data is configured in two stages. As a result, the configuration of the IC card reader can be simplified, and the speed of reading processing from the IC card can be increased.

  FIG. 7 shows another example of the data reading sequence in the data communication system according to the present embodiment. However, the IC card includes a memory that holds data to be read from the IC card reader and an encryption device that encrypts the data.

  First, in the operation procedure A- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card.

  As the next operation procedure A- (2), the IC card reader transfers a write command and plaintext write data to the IC card via the non-contact interface. On the IC card side, in response to the write command, the write data is stored in the internal memory in plain text.

  Subsequently, in the operation procedure B- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card. To do. Then, the IC card reader issues a mode switching command to activate the read data encryption function according to the present invention for the IC card.

  As the next operation procedure B- (2), the IC card reader transfers the data read command to the IC card via the non-contact interface. On the IC card side, in response to the data reading command, the data stored in the memory in plain text is read, encrypted by the encryption device, and then returned to the IC card reading device via the non-contact interface.

  The IC card reader stores data read from the IC card safely as encrypted data. The read data from the IC card is valuable information such as electronic money and consists of highly cashable data, but since it is encrypted, there is no risk of unauthorized use such as tampering. Therefore, the IC card reader does not require a special hardware configuration such as tamper resistance.

  Thereafter, the encrypted data stored in the IC card reading device is transferred to the data decrypting device by non-real-time, off-line processing, and decrypted for data processing. The data decryption apparatus corresponds to, for example, a management center that processes payment by an IC card, and processes electronic money and other value information read from the IC card.

  As described above, according to the data reading sequence shown in FIG. 7, in order to safely read the data stored in the IC card, the data in the IC card is read after being encrypted and later encrypted by the data decryption device. The data reading operation of decoding the converted data is configured in two stages. As a result, the configuration of the IC card reader can be simplified, and the speed of reading processing from the IC card can be increased.

  FIG. 8 shows another example of the data reading sequence in the data communication system according to the present embodiment. However, the IC card includes a memory that holds data to be read from the IC card reader and an encryption device that encrypts the data.

  First, in the operation procedure A- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card.

  As the next operation procedure A- (2), the IC card reader encrypts the plain text write data, and then transfers the write command and the encrypted data to the IC card via the non-contact interface. On the IC card side, in response to the write command, the write data is stored as it is in the internal memory.

  Subsequently, in the operation procedure B- (1), the IC card reader performs a predetermined authentication process with the IC card. When the authentication is successful, a data transmission path via the non-contact interface is established with the IC card. To do. Then, the IC card reader issues a mode switching command to activate the read data encryption function according to the present invention for the IC card.

  As the next operation procedure B- (2), the IC card reader transfers the data read command to the IC card via the non-contact interface. On the IC card side, in response to the data reading command, the encrypted data stored in the memory is read and returned to the IC card reading device via the non-contact interface.

  The IC card reader stores data read from the IC card safely as encrypted data. The read data from the IC card is valuable information such as electronic money and consists of highly cashable data, but since it is encrypted, there is no risk of unauthorized use such as tampering. Therefore, the IC card reader does not require a special hardware configuration such as tamper resistance.

  Thereafter, the encrypted data stored in the IC card reading device is transferred to the data decrypting device by non-real-time, off-line processing, and decrypted for data processing. The data decryption apparatus corresponds to, for example, a management center that processes payment by an IC card, and processes electronic money and other value information read from the IC card.

  As described above, according to the data reading sequence shown in FIG. 8, in order to safely read the data stored in the IC card, the data in the IC card is read after being encrypted and later encrypted by the data decryption device. The data reading operation of decoding the converted data is configured in two stages. As a result, the configuration of the IC card reader can be simplified, and the speed of reading processing from the IC card can be increased.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention. That is, the present invention has been disclosed in the form of exemplification, and the contents described in the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.

FIG. 1 is a diagram schematically showing a configuration of a contactless IC card communication system to which the present invention can be applied. FIG. 2 is a diagram showing a configuration example of the card reader / writer 1. FIG. 3 is a diagram illustrating a configuration example of the IC card 2. FIG. 4 is a diagram schematically showing the control system configuration of the memory area in the IC card according to the present invention. FIG. 5 is a diagram schematically showing a configuration of a data communication system according to an embodiment of the present invention. FIG. 6 is a diagram showing an example of a data reading sequence in the data communication system according to the present invention. FIG. 7 is a diagram showing another example of the data reading sequence in the data communication system according to the present invention. FIG. 8 is a diagram showing another example of the data reading sequence in the data communication system according to the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Card reader / writer 2 ... IC card 3 ... Controller 21 ... IC chip module 23 ... Modulation circuit 25 ... Demodulation circuit 27 ... Antenna 51 ... IC chip module 52 ... Capacitor 53 ... Antenna 61 ... RF interface part 62 ... BPSK demodulating circuit 63 ... PLL section 64 ... computing section 65 ... ROM
66… EEPROM
67 ... RAM
68 ... BPSK modulation circuit 81 ... ASK demodulation unit 82 ... Voltage regulator 83 ... oscillation circuit 84 ... ASK modulation unit 91 ... sequencer 92 ... encryption / decryption unit 93 ... parity calculation unit

Claims (18)

A data communication system for moving data from a data source device to a data destination device,
In response to the data read command from the data destination device, the data source device encrypts and returns the read data.
A data communication system. Between the data source device and the data destination device, data communication is performed using an encrypted data transmission path using a non-contact interface.
The data communication system according to claim 1. The data movement source device has an encryption mode for encrypting and returning read data from the data movement destination device, and performs mode switching in response to a mode switching command from the data movement destination device.
The data communication system according to claim 1. The data read instruction stores a key for encrypting read data;
The data source device encrypts read data using a key stored in the data read command and sends it back.
The data communication system according to claim 3. The data transfer destination device encrypts and transmits the data read command,
The mode switching instruction stores a key for decrypting the data reading instruction.
The data communication system according to claim 4. The data source device has a predetermined service key,
The mode switching command is encrypted with the service key,
The data communication system according to claim 5. A data communication method for moving data from a data source device to a data destination device,
In response to the data read command from the data destination device, the data source device encrypts and returns the read data.
A data communication method characterized by the above. Between the data source device and the data destination device, data communication is performed using an encrypted data transmission path using a non-contact interface.
The data communication method according to claim 7. The data source device includes an encryption mode for encrypting and returning read data from the data destination device,
In response to a mode switching command from the data movement destination device, the data movement source device includes a step of performing mode switching,
The data communication method according to claim 7. The data source device transmits a data read command storing a key for encrypting read data; and
In response to a data read command from the data destination device, the data source device encrypts and returns the read data;
The data communication method according to claim 7, further comprising: The data movement destination device transmits a mode switching command storing a key for decrypting the data reading command, and encrypts and transmits the data reading command using the key.
The data communication method according to claim 9. The data source device has a predetermined service key,
The data movement destination device transmits the mode switching command encrypted with the service key,
The data communication method according to claim 11. A data communication device for moving data,
Data communication means for communicating data;
Communication control means for controlling data communication operation;
Data holding means for holding data;
And encryption means for encrypting data,
The communication control unit encrypts the data received by the data communication unit and holds the data in the data holding unit, or encrypts the data held in the data holding unit and then transmits the data by the data communication unit.
A data communication device. The data communication means performs data communication using an encrypted data transmission path using a contactless interface.
The data communication apparatus according to claim 13. The communication control unit includes an encryption mode for encrypting and transmitting data read from the data holding unit, and performs mode switching in response to a mode switching command from a data movement destination device.
The data communication apparatus according to claim 13. In response to receiving a data read command storing a key for encrypting read data, the communication control means encrypts and returns read data.
The data communication apparatus according to claim 13. The communication control means receives a mode switching command storing a key for decrypting the data read command, and decrypts the data read command using the key;
The data communication apparatus according to claim 15. Have a predetermined service key,
The communication control means receives and decrypts the mode switching command encrypted by the service key;
The data communication apparatus according to claim 17.

Images