JP2006101213A - Information processing apparatus and method therefor, program, and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To tighten the information security of a device for performing communication. <P>SOLUTION: A device B having received a packet 1 comprising a random number RanA and a list of accessing objects, performs accessing object check processing based on the list of accessing objects, and judges whether or not the combination of data to be accessed coincides with preset combination setting information. When the combination is judged to coincide with the combination setting information, the device B encrypts predetermined information using a key described in a definition block caused to correspond to an area, or data described in the list of accessing objects, and performs common key formation processing for forming a common key for mutual authentication of a device A and the device B. The device B encrypts the random number RanA with the common key, generates authenticating data 1, and transmits the data to the device A along with a random number RanB. The device A performs authentication of the device B by decoding the authenticating data 1 with the common key. This method can be applied to non-contact type IC cards. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus and method, a program, and a recording medium, and more particularly, to an information processing apparatus and method, a program, and a recording medium that can improve information security of a communicating device.

  When performing various types of transaction processing using an IC card, in order to enhance security, it is common for the IC card and the reader / writer to perform mutual authentication (mutual authentication) prior to execution of transaction processing. .

  In the conventional mutual authentication, when the reader / writer authenticates the IC card, the reader / writer generates a random number A and transmits the random number A to the IC card. The IC card encrypts the random number A with a predetermined encryption algorithm using the key 1, and further encrypts the random number A with the same encryption algorithm using the key 2 to generate the authentication data 1, and the authentication data 1 is read / written. Send to. Here, the key 1 and the key 2 are shared in advance by the reader / writer and the IC card, and the same encryption algorithm is also implemented in advance by the reader / writer and the IC card.

  Next, the reader / writer receives the authentication data 1 and decrypts it using the key 2 according to the above-described encryption algorithm, and further uses the key 1 to decrypt it according to the same encryption algorithm. If random number A is obtained as a result of this processing, the reader / writer authenticates the IC card (as a valid IC card).

  On the other hand, when the IC card authenticates the reader / writer, the IC card generates a random number B and transmits the random number B to the reader / writer. The reader / writer encrypts the random number B with a predetermined encryption algorithm using the key 1 and further encrypts the random number B with the same encryption algorithm using the key 2 to generate the authentication data 2. Send to.

  Next, the IC card receives the authentication data 2 and decrypts it using the key 2 according to the above-described encryption algorithm, and further uses the key 1 to decrypt it according to the same encryption algorithm. If random number B is obtained as a result of this processing, the IC card authenticates the reader / writer (as a valid reader / writer).

  In order to enhance the information security of the IC card, a plurality of mutual authentication keys may be set according to the type of data accessed in the IC card. In such a case, instead of using the keys (key 1 and key 2) shared in advance by the reader / writer and the IC card, in order to increase the certainty of mutual authentication and perform quick authentication, access is made. There has also been proposed a method for generating a key for mutual authentication using a key determined according to the type of data to be obtained (see, for example, Patent Document 1).

  That is, for example, when the data accessed in the transaction is data D1 to D5, the reader / writer or the IC card uses the key associated with the data D1 as the key associated with the data D2. The data is encrypted using a key associated with the data D3 to D5, and the encryption key for mutual authentication is generated.

Japanese Patent Laid-Open No. 10-327142

  However, for example, it is considered that a third party who attempts unauthorized access to data in an IC card often concentrates on specific data in the IC card. For example, important data describing the balance of electronic money has a large profit obtained by falsifying or stealing the data, and is attacked by a third party who attempts unauthorized access to the data in the IC card. Probability is high. In the conventional technology, there has been a risk that the key may be decrypted if a persistently unauthorized access to specific data is attempted.

  The present invention has been made in view of such a situation, and is intended to improve information security of a communicating device.

  The information processing apparatus of the present invention is an information processing apparatus that communicates with another information processing apparatus by wire or wirelessly, and among the random numbers generated by the other information processing apparatus and a plurality of data stored by the information processing apparatus, Receiving means for receiving a first packet including an access target list that is a list of data accessed in communication with another information processing apparatus, and other information processing based on the access target list included in the first packet When it is determined by the continuation determination unit that determines whether or not to continue communication with the device and the continuation determination unit to continue communication with another information processing device, the communication is associated with the data described in the access target list. Based on the obtained information, the key generation means for generating the encryption key and the encryption key generated by the key generation means are used to encrypt the random number included in the first packet and Authentication data generation means for generating first authentication data, which is data for authenticating itself by the processing device, first authentication data generated by the authentication data generation means, and the occurrence of self And a transmission unit configured to transmit a second packet including a random number to another information processing apparatus.

  In communication with the other information processing apparatus, combination setting information indicating a combination of data permitted to be accessed can be further stored.

  The apparatus further includes combination determination means for determining whether a combination of data described in the access target list matches a combination of combination setting information, and the continuation determination means determines whether the combination is based on the determination result of the combination determination means. It can be determined whether or not to continue communication with the information processing apparatus.

  The stored data is added with overall control information that is control information relating to the entire data and individual control information that is control information relating to the respective data, and when the data is encrypted in the overall control information and the individual control information Information on the key to be used can be included.

  The key generation means encrypts a predetermined part of the overall control information based on key information included in the individual control information regarding each data described in the access target list, thereby Can be generated.

  The same encryption key as the encryption key generated by the key generation means can be generated by another information processing apparatus.

  The first authentication data generated by the authentication data generating means is decrypted by the other information processing apparatus using the encryption key, and the value of the decrypted first authentication data and other information processing By comparing with the value of the random number generated by the apparatus, it is possible to make it data for authenticating itself to another information processing apparatus.

  The other information processing apparatus may further include an acquisition unit configured to acquire second authentication data generated by encrypting a random number included in the second packet using an encryption key. it can.

  Decrypting the second authentication data using the encryption key, and comparing the decrypted value of the second authentication data with the value of the random number generated by itself The processing device can be authenticated.

  When the combination setting information is changed by another information processing apparatus, the other information processing apparatus can be authenticated prior to the change of the combination setting information.

  When authenticating another information processing apparatus prior to the change of the combination setting information, the key generation unit is configured to select a preset part of the overall control information based on the key information included in the overall control information. By encrypting, an encryption key can be generated.

  An information processing method of the present invention is an information processing method of an information processing apparatus that communicates with another information processing apparatus by wire or wireless, and includes a random number generated by the other information processing apparatus and a plurality of information stored by the information processing apparatus. Based on the reception step of receiving a first packet including an access target list that is a list of data to be accessed in communication with another information processing apparatus among the data, and the access target list included in the first packet, The continuation determination step for determining whether or not to continue communication with another information processing device, and the processing of the continuation determination step determines that communication with another information processing device is to be continued and is described in the access target list Using a key generation step for generating an encryption key based on information associated with the data to be generated, and an encryption key generated by the processing of the key generation step, Processing of authentication data generation step for encrypting random numbers included in one packet and generating first authentication data that is data for authenticating itself by another information processing apparatus, and processing for authentication data generation step And a transmission step of transmitting the second data including the first authentication data generated by the above and the random number generated by itself to another information processing apparatus.

  The program of the present invention is a program of an information processing apparatus that communicates with another information processing apparatus by wire or wireless, and among the random numbers generated by the other information processing apparatus and a plurality of data stored by itself A reception control step for controlling reception of a first packet including an access target list that is a list of data to be accessed in communication with another information processing apparatus, and the like based on the access target list included in the first packet; The continuation determination control step for controlling whether or not to continue communication with the other information processing device, and the processing of the continuation determination control step determines that the communication with another information processing device is to be continued. A key generation control step for controlling generation of an encryption key based on information associated with data described in the list, and a key generation control step The random number included in the first packet is encrypted using the encryption key generated by the process, and the generation of the first authentication data, which is data for authenticating itself by another information processing apparatus, is controlled. The transmission of the second packet including the authentication data generation control step, the first authentication data generated by the processing of the authentication data generation control step, and the random number generated by itself to another information processing apparatus. The transmission control step to be controlled is executed by a computer.

  The recording medium of the present invention is a recording medium in which a program of an information processing apparatus that communicates with another information processing apparatus by wire or wireless is recorded, and a random number generated by the other information processing apparatus and A reception control step for controlling reception of a first packet including an access target list that is a list of data to be accessed in communication with another information processing apparatus among a plurality of stored data, and included in the first packet Based on the access target list, continuation determination control step for controlling whether or not to continue communication with another information processing device and communication with other information processing device are continued by processing of the continuation determination control step. If it is determined, a key generation control step for controlling generation of an encryption key based on information associated with data described in the access target list; First authentication data, which is data for encrypting a random number included in the first packet by using the encryption key generated by the processing of the key generation control step and for authenticating itself by another information processing apparatus Authentication information generation control step for controlling generation of data, other information processing of the first authentication data generated by the processing of the authentication data generation control step, and the second packet including the random number generated by itself A program for causing a computer to execute a transmission control step for controlling transmission to the apparatus is recorded.

  In the information processing apparatus and method, and the program of the present invention, a random number generated by another information processing apparatus and a list of data to be accessed in communication with the other information processing apparatus among a plurality of data stored by itself. A first packet including a certain access target list is received, and based on the access target list included in the first packet, it is determined whether or not to continue communication with another information processing apparatus. If it is determined that communication with the device is to be continued, an encryption key is generated based on information associated with data described in the access target list, and the first packet is generated using the generated encryption key. The included random number is encrypted, and first authentication data, which is data for authenticating itself by another information processing apparatus, is generated, and the first authentication data, and Second packet including a random number that he has occurred is transmitted to another information processing apparatus.

  ADVANTAGE OF THE INVENTION According to this invention, the information security of the apparatus which communicates can be improved.

  Embodiments of the present invention will be described below. The correspondence relationship between the invention described in this specification and the embodiments of the invention is exemplified as follows. This description is intended to confirm that the embodiments supporting the invention described in this specification are described in the specification. Therefore, even if there is an embodiment which is described in the specification but is not described here, this means that the embodiment does not correspond to the invention. It is not a thing. Conversely, even if an embodiment is described herein as corresponding to an invention, that means that the embodiment does not correspond to an invention other than the invention. Absent.

  Further, this description does not mean that all the inventions described in the specification are claimed. In other words, this description is for the invention described in the specification and not claimed in this application, i.e., for the invention that will be filed in division or applied or added in the future. It does not deny existence.

  The information processing apparatus according to claim 1 is an information processing apparatus (for example, apparatus B in FIG. 6) that communicates with another information processing apparatus (for example, apparatus A in FIG. 6) by wire or wirelessly. Includes a random number (for example, random number RanA) generated by the other information processing apparatus and an access target list that is a list of data to be accessed in communication with the other information processing apparatus among a plurality of data stored by the information processing apparatus. Receiving means for receiving the first packet (for example, packet 1 in FIG. 21) (for example, the data receiving unit 416 in FIG. 19 for executing the processing of step S133 in FIG. 20), and the first packet included in the first packet Based on the access target list (for example, the field 503 in FIG. 21), continuation determination means for determining whether or not to continue communication with the other information processing apparatus (for example, the step in FIG. 20). 19 is executed by the access target management unit 419) of FIG. 19 that executes the process of the step S135 and the continuation determination unit determines that the communication with the other information processing apparatus is to be continued, the data described in the access target list Key generation means (for example, the process of step S136 of FIG. 20) that generates an encryption key based on the information associated with (for example, the key of the area definition block of FIG. 12 or the key of the data definition block of FIG. 13) 19 is executed, and the random number included in the first packet is encrypted using the encryption key generated by the key generation means, and the other information processing apparatus Authentication data generating means (for example, the process of step S137 in FIG. 20) for generating first authentication data (for example, authentication data 1) which is data for authenticating 19 for executing authentication, a second packet including the first authentication data generated by the authentication data generation means and a random number generated by itself (for example, random number RanB) (For example, packet 2 in FIG. 25) includes a transmission unit (for example, the data transmission unit 417 in FIG. 19 that executes the process of step S139 in FIG. 20) that transmits the other information processing apparatus.

  The information processing apparatus according to claim 2, in communication with the other information processing apparatus, combination setting information (for example, area ID and data of the combination setting information definition block in FIG. 11) representing a combination of data permitted to be accessed. ID combinations) can be further stored.

  The information processing apparatus according to claim 3, wherein whether or not a combination of data described in the access target list matches a combination of the combination setting information (for example, the contents of the combination setting information definition block in FIG. 17). Is further provided with a combination determination means (for example, the access target management unit 419 in FIG. 19 that executes the process of step S134 in FIG. 20), and the continuation determination means is based on the determination result of the combination determination means. It can be determined whether or not to continue communication with another information processing apparatus.

  The information processing apparatus according to claim 4 includes, as data to be stored, overall control information (for example, a master definition block in FIG. 10) that is control information relating to the entire data, and control information relating to each of the data. Individual control information (for example, the area definition block in FIG. 12 or the data definition block in FIG. 13) is added, and the overall control information and the individual control information include key information used when data is encrypted. Can be.

  The information processing apparatus according to claim 5, wherein the key generation unit includes, based on key information included in the individual control information regarding each piece of data described in the access target list, out of the overall control information. The encryption key can be generated by encrypting a preset part (for example, a key for mutual authentication of the master definition block in FIG. 10).

  In the information processing apparatus according to claim 6, the same encryption key as the encryption key generated by the key generation unit is generated by the other information processing apparatus (for example, generated by the process of step S <b> 108 in FIG. 20). Can be).

  The information processing apparatus according to claim 7, wherein the first authentication data generated by the authentication data generation unit is decrypted and decrypted by the other information processing apparatus using the encryption key. By comparing the value of the first authentication data with the value of the random number generated by the other information processing apparatus, the other information processing apparatus authenticates itself (for example, step of FIG. 20). The data can be configured to be authenticated by the processing of S109.

  The information processing apparatus according to claim 8, wherein the other information processing apparatus generates second authentication data generated by encrypting a random number included in the second packet using the encryption key. Acquisition means (for example, the data receiving unit 416 in FIG. 19 that executes the process of step S141 in FIG. 20) may be further provided.

  The information processing apparatus according to claim 9, wherein the second authentication data is decrypted using the encryption key, the decrypted value of the second authentication data, and the value of the random number generated by itself. , The other information processing apparatus can be authenticated (for example, authenticated by the process of step S142 in FIG. 20).

  The information processing apparatus according to claim 10, when the combination setting information is changed by another information processing apparatus (for example, the device C), the other information processing apparatus is changed prior to the change of the combination setting information. Authentication can be performed (for example, authentication is performed by the process of step S440 in FIG. 30).

  When the information processing apparatus according to claim 11 authenticates the other information processing apparatus prior to the change of the combination setting information, the key generation unit includes key information included in the overall control information (for example, Based on the master definition block combination setting key in FIG. 10, a predetermined part of the overall control information (for example, the key for mutual authentication of the master definition block in FIG. 10) is encrypted. Thus, the encryption key can be generated (for example, generated by the process of step S434 in FIG. 30).

  The information processing method according to claim 12 is an information processing method of an information processing apparatus (for example, apparatus B in FIG. 6) that communicates with another information processing apparatus (for example, apparatus A in FIG. 6) by wire or wireless. An access that is a list of data to be accessed in communication with the other information processing device among a plurality of data stored in the random number (for example, random number RanA) generated by the other information processing device A receiving step (for example, the process of step S133 in FIG. 20) for receiving a first packet including the target list (for example, packet 1 in FIG. 21), and the access target list (for example, in the first packet) Based on the field 503 in FIG. 21, a continuation determination step for determining whether or not to continue communication with the other information processing apparatus (for example, in step S135 in FIG. 20) And the process of the continuation determination step, it is determined that the communication with the other information processing apparatus is to be continued, the information associated with the data described in the access target list (for example, FIG. A key generation step for generating an encryption key based on the area definition block key or the data definition block key in FIG. 13 (for example, the shared key generation unit 415 in FIG. 19 that executes the process of step S136 in FIG. 20). And data for authenticating itself by the other information processing apparatus by encrypting the random number included in the first packet using the encryption key generated by the processing of the key generation step. Authentication data generation step (for example, the process of step S137 in FIG. 20) for generating one authentication data (for example, authentication data 1), and the authentication data generation A second packet (for example, packet 2 in FIG. 25) containing the first authentication data generated by the processing of step and a random number (for example, random number RanB) generated by itself is used as the other information processing apparatus. Transmission step (for example, the process of step S139 in FIG. 20).

  The program according to claim 13 is a program of an information processing apparatus (for example, apparatus B in FIG. 6) that communicates with another information processing apparatus (for example, apparatus A in FIG. 6) by wire or wirelessly. Includes a random number (for example, random number RanA) generated by the other information processing apparatus and an access target list that is a list of data to be accessed in communication with the other information processing apparatus among a plurality of data stored by the information processing apparatus. A reception control step (for example, the process of step S133 in FIG. 20) for controlling reception of the first packet (for example, packet 1 in FIG. 21), and the access target list (for example, in FIG. 20) included in the first packet. 21, a continuation determination control step (for example, FIG. 20) for controlling determination as to whether or not to continue communication with the other information processing apparatus. When it is determined by the process of step S135) and the process of the continuation determination control step that communication with the other information processing apparatus is to be continued, information associated with the data described in the access target list (for example, , A key generation control step for controlling generation of an encryption key based on the area definition block key in FIG. 12 or the data definition block key in FIG. 13 (for example, the processing in step S136 in FIG. 20 is executed). The shared key generation unit 415) and the encryption key generated by the processing of the key generation control step, the random number included in the first packet is encrypted, and the other information processing apparatus authenticates itself. Authentication data generation control step (for example, FIG. 20) for controlling generation of first authentication data (for example, authentication data 1) that is data to be processed. Step S137), the first authentication data generated by the processing of the authentication data generation control step, and a second packet (for example, FIG. The computer executes a transmission control step (for example, the process of step S139 in FIG. 20) for controlling the transmission of 25 packets 2) to the other information processing apparatus.

  The recording medium according to claim 14 records a program of an information processing apparatus (for example, apparatus B in FIG. 6) that communicates with another information processing apparatus (for example, apparatus A in FIG. 6) by wire or wirelessly. A random number (for example, random number RanA) generated by the other information processing apparatus and a plurality of data stored by the other information processing apparatus and data accessed in communication with the other information processing apparatus. A reception control step (for example, the process of step S133 in FIG. 20) for controlling reception of a first packet (for example, packet 1 in FIG. 21) including an access target list that is a list, and included in the first packet On the basis of the access target list (for example, the field 503 in FIG. 21), a continuation determination control step for controlling determination of whether or not to continue communication with the other information processing apparatus. Data described in the access target list when it is determined that communication with the other information processing apparatus is to be continued by the process of the step (S135 in FIG. 20) and the process of the continuation determination control step. A key generation control step (for example, the step of FIG. 20) that controls the generation of the encryption key based on the information associated with the key (for example, the key of the area definition block of FIG. 12 or the key of the data definition block of FIG. 13). The shared key generation unit 415 in FIG. 19 that executes the process of S136 and the encryption key generated by the process of the key generation control step are used to encrypt a random number included in the first packet, and the other Authentication data generation control unit for controlling generation of first authentication data (for example, authentication data 1), which is data for authenticating itself by the information processing apparatus. (For example, the process of step S137 in FIG. 20), the first authentication data generated by the process of the authentication data generation control step, and the random number generated by the user (for example, the random number RanB). A program for causing a computer to execute a transmission control step (for example, the process of step S139 in FIG. 20) for controlling transmission of the second packet (for example, packet 2 in FIG. 25) to the other information processing apparatus is recorded. Has been.

  Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is an arrow chart for explaining the flow of processing in the information communication system according to the present invention. In this example, for example, the information processing apparatus A and the information processing apparatus B configured by a personal computer and a server communicate with each other, and the information processing apparatus A performs processing on data (such as files) of the information processing apparatus B. Shall be accessed.

  In this case, as shown in FIG. 1, in step S1, information processing apparatus A transmits a connection request to information processing apparatus B in step S1, and this is received by information processing apparatus B in step S21. The In step S22, the information processing apparatus B transmits a response to the connection request received in step S21 to the information processing apparatus A, and this is received by the information processing apparatus A in step S2.

  In step S3, the information processing apparatus A transmits an access target list that is data of the information processing apparatus B and is a list of data to be accessed together with the authentication challenge. The authentication challenge is, for example, data generated based on a random number generated by the information processing apparatus A to authenticate the information processing apparatus B.

  FIG. 2 is a diagram illustrating an example of data stored in the information processing apparatus B. In this example, the information processing apparatus B has a folder 1 and a folder 2. Files 11 to 13 are stored as data under the folder 1, and files 21 and 22 are stored as data under the folder 2. Has been.

  Further, as shown in FIG. 3, a key (an encryption key used in a predetermined encryption algorithm) necessary for accessing the folder or file is set for each folder and file. In this example, the key 1 is set for the folder 1, and the keys 11 to 13 are set for the files 11 to 13, respectively. Key 2 is set for folder 2, and key 21 and key 22 are set for file 21 and file 22, respectively. Information on the keys associated with each file and folder is shared between the information processing apparatus A and the information processing apparatus B. For example, when accessing the file 11 in the folder 1, the necessary key is: It is assumed that the information processing apparatus A recognizes that it becomes the key 1 and the key 11 as well as the information processing apparatus B.

  Further, in the information processing apparatus B, combination setting information in which an access condition for a folder or file stored in the information processing apparatus B is set is further stored. The combination setting information is information for determining whether to permit or prohibit access to, for example, a folder or file stored in the information processing apparatus B, and is not described in the combination setting information, for example. Access to folders or files is prohibited. The combination setting information is set by another information processing apparatus having the authority to edit (add / change) the combination setting information of the information processing apparatus B.

  FIG. 4 is a diagram illustrating an example of combination setting information. In this example, there are a folder 1 and a folder 2 inside the information processing apparatus B, and files 11 to 13 are stored as data under the folder 1, and data (files) are still under the folder 2. Is not remembered. At this time, the combination setting information is described as “(folder 2) (file 11 & file 12 & file 13)”, which allows generation of files under the folder 2 and permits the file 11 Or access to the combination of files 13 (access to the files 11 to 13 simultaneously) is permitted. As described above, since access to a folder or file not described in the combination setting information is prohibited, for example, access to the file 13 (single unit) is not permitted (prohibited).

  FIG. 5 is a diagram illustrating an example in which the file 21 and the file 22 are generated (stored) under the folder 2 from the state illustrated in FIG. At this time, the combination setting information is changed from the state shown in FIG. 4 and described as “(file 11 & file 12 & file 13) (file 21 & file 22 & file 13)”.

  Thereby, for example, when the information processing apparatus A requests access to the combination of the files 11 to 13 or requests access to the combination of the file 21, the file 22, and the file 13, the access request is permitted. Is done. On the other hand, requests such as access to the combination of the file 11 and the file 12, access to the file 13 (single unit), and generation of files under the folder 2 are not permitted.

  Returning to FIG. 1, in step S <b> 23, the access target list, which is information describing the combination of data to be accessed, transmitted by the information processing apparatus A is received by the information processing apparatus B together with the authentication challenge.

  In step S24, the information processing apparatus B performs an access target check process. Thereby, it is checked whether or not the combination of data accessed by the information processing apparatus A described in the access target list is permitted by the above-described combination setting information. In step S25, the check is performed. The result is determined.

  If it is determined in step S25 that the combination of data accessed by the information processing apparatus A is permitted by the above-described combination setting information, the process proceeds to step S26.

  On the other hand, if it is determined in step S25 that the combination of data accessed by the information processing apparatus A is not permitted by the above-described combination setting information, the information processing apparatus B An error is transmitted, and this is received by the information processing apparatus A in step S4. In this case, the process ends here.

  In step S26, the information processing apparatus B transmits a response to the authentication challenge received in step S23 to the information processing apparatus A, and this is received by the information processing apparatus A in step S5. The response is generated, for example, by sequentially encrypting an authentication challenge random number with a key associated with data accessed by the information processing apparatus A. For example, if the combination of data accessed by the information processing apparatus A is the file 11 to the file 13, the authentication challenge random number is encrypted with a predetermined encryption algorithm and the key 11, and the encrypted data is The data is further encrypted with a predetermined encryption algorithm and key 12, and the encrypted data is further encrypted with a predetermined encryption algorithm and key 13, thereby generating a response.

  In step S <b> 6, the information processing apparatus A authenticates the device B. At this time, the information processing apparatus A decrypts the response received in step S5 with the predetermined encryption algorithm and the key 13, further decrypts the data with the predetermined encryption algorithm and the key 12, and converts the data to the predetermined encryption algorithm and the key 12. Further decryption is performed with the encryption algorithm and the key 11. If the data obtained as a result matches the random number of the authentication challenge transmitted in step S3, the information processing apparatus B is authenticated as a valid communication partner.

  Note that after authentication of the device B in step S6, an authentication challenge is transmitted from the information processing device B to the information processing device A, and the information processing device B performs the information processing device A in the same manner as the processing in steps S26 and S6. May be authenticated.

  In this way, mutual authentication is performed by the information processing apparatus A and the information processing apparatus B. Since the access target check process is performed prior to mutual authentication, an attack by a third party who attempts unauthorized access can be avoided, and information security can be improved.

  Next, an example in which the present invention is applied to authentication of an IC card and a reader / writer will be described. In this example, as shown in FIG. 6, device A and device B communicate with each other, and after mutual authentication in which device A and device B authenticate each other, transaction processing is performed. Here, the device A is assumed to be a device such as a reader / writer for a non-contact IC card, and the device B is assumed to be a device such as a non-contact IC card. For example, the devices A and B perform wireless communication via an antenna or the like that each device A has.

  FIG. 7 is a block diagram illustrating an internal configuration example of the device A (reader / writer).

  The control unit 201 includes a CPU 211, a ROM 212, a RAM 213, an SCC (Serial Communication Controller) 214, an SPU (Signal Processing Unit) 216, and a bus 215 that interconnects these CPUs 211 to SPU 216.

  The CPU 211 expands the control program stored in the ROM 212 in the RAM 213 and, for example, based on response data transmitted from the non-contact IC card (device B) or a control signal supplied from an external processor or the like. Various processes are executed. For example, the CPU 211 generates a command to be transmitted to the non-contact IC card (device B) and outputs the command to the SPU 216 via the bus 215 or the data transmitted from the non-contact IC card (device B). Perform authentication processing.

  The SCC 214 supplies data supplied from an external processor or the like connected via the bus 200 to the CPU 211 via the bus 215, or data supplied from the CPU 211 via the bus 215 to the bus 211. Or output to an external processor or the like connected via 200.

  When the response data from the contactless IC card (device B) is supplied from the demodulation unit 204, the SPU 216 performs, for example, BPSK demodulation (Manchester code decoding) on the data, and obtains the acquired data. It supplies to CPU211. Further, when a command to be transmitted to the contactless IC card (device B) is supplied via the bus 215, the SPU 216 performs BPSK (Binary Phase Shift Keying) modulation (coding to Manchester code) on the command, The acquired data is output to the modulation unit 202.

  The modulation unit 202 performs ASK (Amplitude Shift Keying) modulation on a carrier wave of a predetermined frequency supplied from the oscillation circuit (OSC) 203 based on data supplied from the SPU 216, and uses the generated modulated wave as an electromagnetic wave. Output from the antenna 205. On the other hand, the demodulation unit 204 demodulates the modulated wave (ASK modulated wave) acquired via the antenna 205 and outputs the demodulated data to the SPU 206.

  The antenna 205 radiates a predetermined electromagnetic wave, and detects whether or not the non-contact IC card (device B) is approached based on a change in load with respect to the electromagnetic wave. For example, when the non-contact IC card (device B) comes close, the antenna 205 transmits / receives various data to / from the non-contact IC card (device B).

  FIG. 8 is a block diagram illustrating an internal configuration example of the device B (non-contact IC card).

  The non-contact IC card (device B) is composed of, for example, an antenna (loop antenna) 230 and a capacitor 231 shown in the figure, and an IC in which other configurations are stored in one chip, and uses electromagnetic induction. Various data is communicated with a reader / writer (device A) or the like in half duplex, and is not necessarily configured as a card.

  The CPU 221 expands the control program stored in the ROM 222 in the RAM 223 and controls the overall operation of the non-contact IC card. For example, when the electromagnetic wave radiated from the reader / writer (device A) is received by the antenna 230, the CPU 221 correspondingly includes an IC including a card identification number set in the non-contact IC card (device B). Card information is notified to the reader / writer (device A), and information required for transaction processing is supplied to the reader / writer (device A) in response to a request from the reader / writer (device A).

  The LC circuit including the antenna 230 and the capacitor 231 resonates with an electromagnetic wave having a predetermined frequency radiated from a reader / writer (device A) disposed in the vicinity. In the ASK demodulator 243, the interface unit 229 demodulates the modulated wave (ASK modulated wave) received via the antenna 230 by detecting the envelope and demodulates the demodulated data to the BPSK (Binary Phase Shift Keying) demodulator 232. Output.

  The interface unit 229 rectifies the AC magnetic field excited in the antenna 230 by the ASK demodulator 243, stabilizes it in the voltage regulator 241, and supplies each unit as a DC power source. The power of electromagnetic waves radiated from the reader / writer (device A) is adjusted so as to generate a magnetic field that covers the power required for the non-contact IC card (device B), as will be described later.

  The oscillation circuit 244 of the interface unit 229 includes a PLL (Phase Locked Loop) circuit, and generates a clock signal having the same frequency as the clock frequency of the received signal.

  Further, when transmitting predetermined information to the reader / writer (device A), the interface unit 229 turns on / off a predetermined switching element (not shown), for example, corresponding to the data supplied from the BPSK modulation unit 228. Only when the switching element is turned off and the switching element is in the on state, the load of the antenna 230 is changed by connecting a predetermined load to the antenna 230 in parallel.

  The ASK modulation unit 242 performs ASK modulation on the BPSK modulated wave supplied from the BPSK modulation unit 228 according to a change in the load of the antenna 230, and transmits the modulation component to the reader / writer (device A) via the antenna 230.

  When the data demodulated by the ASK demodulator 243 is BPSK modulated, the BPSK demodulator 232 demodulates the data (decodes Manchester code) based on a clock signal supplied from a PLL circuit (not shown). The demodulated data is output to the data receiving unit 233. The data receiving unit 233 appropriately outputs the supplied data to the CPU 221. The CPU 221 stores this data in the RAM 223 or the EEPROM 224.

  The data stored in the EEPROM 224 is read by the CPU 221 and supplied to the data transmission unit 227. The BPSK modulation unit 228 performs BPSK modulation (coding into Manchester code) on the data supplied from the data transmission unit 227, and outputs it to the ASK modulation unit 242.

  In the EEPROM 224, for example, information necessary for mutual authentication, information necessary for transaction processing, and the like are appropriately stored.

  Here, an example has been described in which the device A is configured by a reader / writer for a non-contact IC card, the device B is configured by a non-contact IC card, and the device A and the device B communicate wirelessly. Of course, the reader / writer and the device B can be configured by a contact type IC card to perform wired communication.

  FIG. 9 is a diagram showing a configuration example of data stored in the EEPROM 224 of FIG. In this example, the data stored in the EEPROM 224 includes a master definition block, a combination information definition block, an area 01 definition block, and an area 02 definition block.

  The area 01 definition block and the area 02 definition block are definition blocks set for the area area 01 and the area area 02 in the data stored in the EEPROM 224, respectively. The area area 01 includes a data 11 definition block and its actual data block to data 13 definition block and its actual data block, and the area area 02 includes a data 21 definition block and its actual data block, and a data 21 definition block and The actual data block is included. In the area area 01 or the area area 02, areas where data is not yet stored are described as an area 01 remaining block or an area 02 remaining block, respectively.

  FIG. 10 is a diagram illustrating a configuration example of the master definition block. As shown in the figure, the master definition block includes a unique ID, size, combination setting information block size, key version, mutual authentication key, combination setting key, and attribute information. The definition block is configured as a fixed length.

  The unique ID is, for example, a unique identification number assigned to the IC chip. The size is information representing the size of the entire data shown in FIG. The key version is information representing a version of a mutual authentication key and a combination setting key described later.

  The key for mutual authentication is a key used for encrypting or decrypting data with a predetermined encryption algorithm, which is necessary when performing mutual authentication with a reader / writer, for example. Used for encryption or decryption of data using a predetermined encryption algorithm, which is necessary when communicating with another device (for example, device C) having the authority to add / change the contents of the combination setting information block Key.

  In the attribute information, in addition to the information described above, information related to the master definition block is appropriately described.

  FIG. 11 is a block diagram illustrating a configuration example of the combination setting information block. As shown in the figure, the combination setting information block includes a permission / prohibition flag, area ID and data ID combination information 1 to 3, a delimiter code, and an end code. Configured as variable length.

  The permission / prohibition flag is a flag for distinguishing whether the information described in the combination setting information block indicates access permission or access prohibition.

  The area ID and data ID combination information 1 to 3 are information representing combinations of areas or data to be accessed. A specific description example of the combination information of the area ID and the data ID will be described later with reference to FIG. 16 or FIG.

  The delimiter code is added to each of the combination information 1 to 3 of the area ID and the data ID to be a predetermined code (for example, “%”, space code, etc.) indicating the delimiter, and the end code is the end of the combination setting information block Is a predetermined code.

  FIG. 12 is a diagram illustrating a configuration example of the area definition block. As shown in the figure, the area definition block includes an area ID, an area size, a key version, a key, and attribute information, and the area definition block is configured as a fixed length.

  The area ID is an ID for specifying an area in which the area definition block is set. For example, the area ID of the area definition block set for the area area 01 is “01”. The area size is information indicating the size of the area in which the area definition block is set.

  The key version is information indicating the version of the key described later. The key is, for example, a key used for encrypting or decrypting data with a predetermined encryption algorithm, which is necessary when the reader / writer accesses an area in which the area definition block is set.

  In the attribute information, in addition to the information described above, information related to the area definition block is appropriately described.

  FIG. 13 is a diagram illustrating a configuration example of a data definition block. As shown in the figure, the data definition block includes a data ID, a data size, a key version, a key, and attribute information, and the data definition block is configured as a fixed length.

  The data ID is an ID that identifies an actual data block corresponding to the data definition block. For example, the data ID of the data definition block corresponding to the data 11 actual data block is “11”. The data size is information indicating the size of an actual data block corresponding to the data definition block.

  The key version is information indicating the version of the key described later. The key is, for example, a key used for encrypting or decrypting data with a predetermined encryption algorithm, which is necessary when the reader / writer accesses an actual data block corresponding to the data definition block.

  In the attribute information, in addition to the information described above, information related to the data definition block is appropriately described.

  It is a figure which shows the structural example of the actual data block of FIG. As shown in the figure, the actual data block is composed of variable-length data required for transaction processing, for example.

  Next, a process of generating the data shown in FIG. 9 will be described with reference to FIGS.

  For example, when the non-contact IC card (device B) is shipped from the factory, the data stored in the EEPROM 224 is configured as shown in FIG. That is, in the data stored in the EEPROM 224, only the master definition block and the combination setting information block are set.

  Now, the contactless IC card shipped from the factory is delivered to the operator A, and the operator A stores information necessary for the service A, which is a service provided by the operator A, in the contactless IC card. .

  At this time, as shown in FIG. 16, the operator A designates the area area 01 as an area for storing data used in the service A, and sets an area 01 definition block. Then, as the data stored under the area area 01, the data 11 definition block and its actual data block to the data 13 definition block and its actual data block are stored. In the following, the data 11 definition block and its actual data block are simply referred to as data 11.

  Then, the business operator A sets the contents of the combination setting information block. In this example, “permission 01, 11, 12, 13, partition 01, 11, 13, partition END” is described as the content of the combination setting information block. This is because the above-described permission / prohibition flag is set to “permitted”, and the combination of the area area 01 and the data 11 to data 13 is the above-described combination information of the area ID and the data ID. It is set that it is set as combination information of the area ID and data ID. Subsequently to the above-described delimiter code (“delimiter”), the combination of the area area 01 and the data 11 and data 13 is set as the second area ID / data ID combination information, and the delimiter code (“delimiter”) is set. ) And an end code (“END”) are set.

  For example, it is assumed that the data 11 is transaction history data in the service A, the data 12 is data on a transaction store in the service A, and the data 13 is data on the usage balance of electronic money in the service A. The reader / writer (device A) used in service A always requests access to the contactless IC card (device B) with data 11 to data 13 or a combination of data 11 and data 13. The person A sets the contents of the combination setting information block so as not to permit an access request other than the combination. For example, even if there is an access request for only the data 13 for the purpose of falsifying the data of the electronic money usage balance, the access request is rejected.

  Next, the contactless IC card storing data as shown in FIG. 16 is delivered together with the operator A to the operator B providing another service using the same contactless IC card. The information necessary for the service B, which is a service provided by itself, is stored in the contactless IC card.

  At this time, as shown in FIG. 17, the operator B designates an area area 02 as an area for storing data used in the service B, and sets an area 02 definition block. Then, data 21 and data 22 (data 21 definition block and its actual data block and data 22 definition block and its actual data block) are stored as data stored under the area area 02.

  Then, the business operator B sets the content of the combination setting information block. In this case, a new one is added from the state shown in FIG. In this example, “02, 21, 22, delimiter 02, 21, 22, 01, 13, delimiter” is added as a description of the new contents of the combination setting information block. This indicates that the area area 02 and the combination of the data 21 and the data 22 are added as the combination information of the third area ID and the data ID. Subsequently to the delimiter code (“delimiter”), the combination of the area area 02, the data 21 and the data 22, the area area 01, and the data 13 is added as the fourth area ID / data ID combination information. Represents.

  The reader / writer (device A) used in service B always requests access to the non-contact IC card with data 21 and data 22 or a combination of data 21, data 22 and data 13, so that the business The person B sets the contents of the combination setting information block so as not to permit an access request other than the combination. The business operator B can set the content of the combination setting information block including the data of the service A (data 13).

  In this way, the contents of the combination setting information block are set.

  FIG. 18 is a block diagram illustrating a functional configuration example of software executed by the CPU 211 of FIG.

  The random number generation unit 311 generates a random number necessary for mutual authentication with a communication partner (in this case, the device B), supplies the generated random number to the data transmission unit 317, and a storage unit configured by the RAM 213 or the like To remember.

  The encryption execution unit 312 uses predetermined keys such as DES (Data Encryption Standard), Triple DES, and AES (Advanced Encryption Standard), for example, with a key specified based on the information supplied from the shared key generation unit 315. Encrypt with the encryption algorithm. The decryption execution unit 313 decrypts the data with a decryption method corresponding to a predetermined encryption algorithm implemented by the encryption execution unit 312 using the key specified based on the information supplied from the shared key generation unit 315.

  The authentication unit 314 compares the data output from the decryption execution unit 313 and the random number stored in the storage unit, authenticates the communication partner (device B in this case) based on the comparison result, and the authentication result Is output to the data transmission unit 317.

  The shared key generation unit 315 supplies a plurality or a single key to the encryption execution unit 312 based on the access target list supplied from the access target management unit 319, and when the devices A and B perform mutual authentication. Control the generation of required shared keys.

  The authentication data generation unit 318 generates authentication data to be described later based on data output from the encryption execution unit 312 or the decryption execution unit 313.

  The access target management unit 319 generates an access target list that is a list of areas and areas that the communication partner itself accesses, and receives the access target list from the communication partner via the data reception unit 316. In this case, it is determined whether the combination of the area (area) described in the access target list and the data matches the information described in the combination setting information block, and the determination result is output to the data transmission unit 317. . Further, the access target management unit 319 notifies the shared key generation unit 315 of the combination of the area (area) and data described in the access target list.

  The data transmission unit 316 and the data reception unit 317 respectively control data transmission / reception with the communication partner (in this case, the device B).

  FIG. 19 is a block diagram illustrating a functional configuration example of software executed by the CPU 221 of FIG.

  In the figure, a random number generation unit 411 to an access target management unit 419 are functional blocks corresponding to the random number generation unit 311 to the access target management unit 319 in FIG. 18 and have similar functions, respectively. Omitted.

  Next, the flow of the mutual authentication process performed in the devices A and B will be described with reference to the arrow chart of FIG. This process is executed prior to execution of transaction processing between the device B configured as a non-contact IC card and the device A configured as a reader / writer for the non-contact IC card, for example.

  In step S101, the antenna 205 of the device A radiates a predetermined electromagnetic wave (call), which is received by the device B in step S131.

  In step S132, the device B transmits a response to the call received in step S131 to the device A, which is received by the device A in step S102. Thereby, the reader / writer (device A) detects that the non-contact IC card (device B) is approached.

  In step S103, the random number generation unit 311 of the device A generates a random number RanA that is a random number for authenticating the device B. In step S104, the access target management unit 319 displays an access area (area) in the device B. ) And an access target list that is a list of data.

  In step S105, the data transmission unit 317 of the device A generates and transmits packet 1 based on the random number generated in step S103 and the access target list generated in step S104.

  FIG. 21 is a diagram illustrating a configuration example of the packet 1. In the figure, a field 501 is a portion that becomes a header of the packet 1. For example, a packet type (identifier indicating that this packet type is the packet 1), a chip unique ID (the control unit 201 of the device A is specified) ID) and the like.

  The field 502 stores the random number RanA generated in step S103. The field 503 stores the access target list generated in step S104.

  In this example, the field 503 is composed of four blocks 503-1 to 503-4. A block 503-2 stores a list describing all area IDs of areas (areas) holding data to be accessed, and the block 503-1 contains the number of area IDs described in the block 503-2. Stored. A block 503-4 stores a list describing all data IDs of data to be accessed, and a block 503-3 stores the number of data IDs described in the block 503-4.

  Returning to FIG. 20, in step S133, the device B receives the packet 1 described above, and in step S134, based on the packet 1 received in step S133, the access target check process described later with reference to FIG. Execute.

  Here, the details of the access target check process in step S134 in FIG. 20 will be described with reference to the flowchart in FIG.

  In step S201, the access target management unit 419 of the device B extracts an access target list from the packet 1, and in step S202, compares the access target list extracted in step S201 with the combination setting information.

  At this time, the access target list in the field 503 described above with reference to FIG. 21 is compared with the contents of the combination setting information block described above with reference to FIGS. 11 and 17. For example, when the device A (reader / writer) accesses the data 11 to 13 of the device B (non-contact IC card), the access target list extracted in step S201 includes the area ID list of the block 503-2. “01” is described, and “11”, “12”, and “13” are described in the data ID list of the block 503-4. This description matches the combination information of the first area ID and data ID in the content of the combination setting information definition block of FIG.

  In step S203, the access target management unit 419 determines whether the access target list extracted in step S201 is a combination of the area ID and the data ID permitted by the combination setting information as a result of the comparison in step S202. In this case, it is determined that the combination is a permitted area ID and data ID, the process proceeds to step S204, and the access target management unit 419 sets the permission flag indicating permission for access from the device A to ON. .

  On the other hand, for example, when the device A (reader / writer) accesses the data 13 of the device B (non-contact IC card), the access target list extracted in step S201 is included in the area ID list of the block 503-2. “01” is described, and “13” is described in the data ID list of the block 503-4. This description does not match any area ID and data ID combination information in the contents of the combination setting information definition block of FIG.

  In this case, it is determined in step S203 that the combination is not a permitted area ID and data ID, the process proceeds to step S205, and the access target management unit 419 sets the above-described permission flag to OFF.

  In this way, access permission (or disapproval) is determined based on the access target list transmitted from the communication partner.

  Returning to FIG. 20, in step S <b> 135, device B determines the check result obtained by the process of step S <b> 134. The determination of the check result is performed based on the permission flag described above.

  If the permission flag is set to ON, it is determined in step S135 that access from the device A is permitted, the process proceeds to step S136, and then mutual authentication between the device A and the device B is performed. Become.

  On the other hand, when the permission flag is set to OFF, it is determined in step S135 that access from the device A is not permitted (rejected), and the device B transmits error information to the device A, This is received by the device A in step S106. In this case, the communication process between device A and device B ends here.

  In step S136, the device B executes a shared key generation process which will be described later with reference to FIG. Thereby, an encryption key (shared key) used for mutual authentication is generated.

  Here, the details of the shared key generation processing in step S136 in FIG. 20 will be described with reference to the flowchart in FIG. Here, it is assumed that the device A accesses the data 11 to 13 of the device B. In the access target list (field 503) of the packet 1 received in step S133, the area ID list of the block 503-2 includes “ “01” is described, and “11”, “12”, and “13” are described in the data ID list of the block 503-4.

  In step S221, the shared key generation unit 415 of the device B extracts the mutual authentication key of the master definition block, the area to be accessed, and the data key. At this time, the key for mutual authentication of the master definition block described above with reference to FIG. 10 and the key of the area definition block described above with reference to FIG. 12 (in this case, the area definition block whose area ID is “01”) The keys of the data definition blocks described above with reference to FIG. 13 (in this case, the data definition blocks whose data IDs are “11” to “13”) are extracted.

  In step S222, the encryption execution unit 412 encrypts the mutual authentication key extracted in step S221 with the key of the area 01. At this time, the shared key generation unit 415 supplies the key of the area definition block whose area ID is “01” to the encryption execution unit 412 based on the access target list, and executes encryption using the key The unit 412 encrypts the mutual authentication key of the master definition block with a predetermined encryption algorithm.

  In step S223, the encryption execution unit 412 encrypts the data encrypted in step S222 with the key of the data 11. At this time, the shared key generation unit 415 supplies the key of the data definition block whose data ID is “11” to the encryption execution unit 412 based on the access target list, and executes encryption using the key. The unit 412 further encrypts the data encrypted in step S222 with a predetermined encryption algorithm.

  In step S224, the encryption execution unit 412 encrypts the data encrypted in step S223 with the key of the data 12. At this time, the shared key generation unit 415 supplies the key of the data definition block with the data ID “12” to the encryption execution unit 412 based on the access target list, and executes encryption using the key. The unit 412 further encrypts the data encrypted in step S223 with a predetermined encryption algorithm.

  In step S225, the encryption execution unit 412 encrypts the data encrypted in step S223 with the key of the data 13. At this time, the shared key generation unit 415 supplies the key of the data definition block with the data ID “13” to the encryption execution unit 412 based on the access target list, and executes encryption using the key. The unit 412 further encrypts the data encrypted in step S224 with a predetermined encryption algorithm.

  In step S226, the shared key generation unit 415 stores the data encrypted by the process in step S225 as a shared key in a storage unit configured by the RAM 223 or the like.

  In this way, a shared key necessary for mutual authentication between the devices A and B is generated. This shared key is also generated by the device A in step S108 of FIG. 20 to be described later, so that the device A and the device B are shared.

  After the process of step S136 in FIG. 20, the process proceeds to step S137, and the device B executes an authentication data 1 generation process to be described later with reference to FIG.

  Here, the details of the authentication data 1 generation processing in step S136 of FIG. 20 will be described with reference to the flowchart of FIG.

  In step S241, the authentication data generation unit 418 of the device B extracts the random number RanA (field 502 in FIG. 21) included in the packet 1 received in step S133.

  In step S242, the encryption execution unit 242 encrypts the random number RanA extracted in step S241 with a predetermined encryption algorithm, using the shared key generated by the process of FIG.

  In step S243, the authentication data generation unit 418 generates the data encrypted in step S242 as the authentication data 1.

  In this way, the random number RanA transmitted from the device A is encrypted and the authentication data 1 is generated.

  Returning to FIG. 20, after the process of step S <b> 137, in step S <b> 138, device B (random number generation unit 411) generates (generates) a random number RanB for authenticating device A.

  In step S139, the device B (data transmission unit 417) generates and transmits a packet 2 based on the random number generated in step S138 and the authentication data 1 generated in step S137.

  FIG. 25 is a diagram illustrating a configuration example of the packet 2. In the figure, a field 521 is a portion that becomes a header of the packet 2, for example, a packet type (an identifier indicating that this packet type is the packet 2), a chip unique ID (an ID that identifies the CPU 221 of the device B). ) Etc. are included. The field 522 stores the random number RanB generated in step S138. The field 523 stores the authentication data 1 generated in step S137.

  Returning to FIG. 20, in step S107, the device A receives the packet 2 described above.

  In step S108, device A executes a shared key generation process. Since this process is the same as the process described above with reference to FIG. 23, detailed description is omitted, but the same shared key as the shared key generated by apparatus B is generated in apparatus A. Held (stored).

  In step S109, the device A executes an authentication process for the device B, which will be described later with reference to FIG. As a result, it is authenticated by the device A whether the device B is a valid communication partner.

  Here, the details of the authentication process of the device B in step S109 of FIG. 20 will be described with reference to the flowchart of FIG.

  In step S261, the decryption execution unit 313 decrypts the authentication data 1 (field 523) included in the packet 2 received in step S107 with a decryption method corresponding to the encryption algorithm of the encryption execution unit 412 using the shared key. Decrypt. As a result, the authentication data 1 is decrypted, and the decrypted authentication data 1 (that is, the random number RanA) is acquired by the authentication unit 314 as data of the processing result.

  In step S262, the authentication unit 314 compares the processing result data (authentication data 2 decrypted by the process of step S261) with the random number RanA generated by the process of step S103 of FIG.

  Here, the random number RanA generated by the process of step S103 of FIG. 20 is a random number generated for the device A to authenticate the device B, and devices other than the device A acquire the value in advance. I can't.

  The processing result data is data acquired from the communication partner (in this case, the device B). If the device A does not know that it is decrypted using the shared key, the communication partner is decrypted. It is impossible to encrypt data assuming that Furthermore, since the shared key is generated by being encrypted based on the area to be accessed and the data key, it is generated if the access target list transmitted from the device A is analyzed and those keys are not extracted. I can't.

  If the authentication data 1 decrypted by the process of step S261 and the random number RanA generated by the process of step S103 in FIG. 20 match, the communication partner uses the same shared key as the device A to generate the random number RanA. It is thought that it was encrypted.

  If the third party impersonates the device B, the third party encrypts the random number RanA output from the device A based on the area and data key described in the access target list. As a result, it was determined that the encrypted key was encrypted with the generated shared key, and the key for area 01 and data 11 to data 13 were obtained (stolen) and random number RanA was encrypted. It's virtually impossible to do this.

  Therefore, as a result of comparing the data of the processing result obtained in step S262 with the random number RanA generated in step S103 in FIG. 20, if the two values match, device B is regarded as a valid communication partner. It is authenticated.

  In step S263, the authentication unit 314 determines whether the two values match as a result of the comparison in the process of step S262.

  If it is determined in step S263 that the values match, the process proceeds to step S264, and the authentication unit 314 sets an authentication flag indicating that the device B has been authenticated to ON.

  On the other hand, if it is determined in step S263 that the values do not match, the process proceeds to step S265, and the authentication unit 314 sets the authentication flag described above to OFF.

  In this way, the device B is authenticated.

  Returning to FIG. 20, after the process of step S109, in step S110, the device A determines the authentication result by the process of step S109.

  When the above-described authentication flag is set to ON, it is determined in step S110 in FIG. 20 that the device B has been authenticated, and the process proceeds to step S111. When the above-described authentication flag is set to OFF, it is determined in step S110 that device B has not been authenticated, an error is transmitted from device A to device B, and this is received by device B in step 140. . In this case, the communication process between the devices A and B ends here.

  In step S111, the device A executes an authentication data 2 generation process which will be described later with reference to FIG.

  Here, the details of the authentication data 2 generation process in step S111 of FIG. 20 will be described with reference to the flowchart of FIG.

  In step S281, the authentication data generation unit 318 of the device A extracts the random number RanB (field 522 in FIG. 25) included in the packet 1 received in step S107.

  In step S282, the encryption executing unit 312 encrypts the random number RanB extracted in step S281 with a predetermined encryption algorithm using the shared key generated by the process in step S108.

  In step S283, the authentication data generation unit 318 generates the data encrypted in step S282 as the authentication data 2.

  In this way, the random number RanB transmitted from the device B is encrypted and the authentication data 2 is generated.

  Returning to FIG. 20, after the process of step S <b> 111, in step S <b> 112, the device A (data transmission unit 317) generates and transmits a packet 3 based on the authentication data 2 generated in step S <b> 111.

  FIG. 28 is a diagram illustrating a configuration example of the packet 3. In the figure, a field 541 is a portion that becomes a header of the packet 2, for example, a packet type (identifier indicating that this packet type is the packet 3), a chip unique ID (the control unit 201 of the device A is specified) ID) and the like. The field 542 stores the authentication data 2 generated in step S111.

  Returning to FIG. 20, in step S <b> 141, the device 3 receives the packet 3 described above.

  In step S142, the device B executes an authentication process for the device A, which will be described later with reference to FIG. 29, based on the packet 3 received in step S141. Accordingly, the device A is authenticated by the device B.

  Here, the details of the authentication processing of the device A in step S142 in FIG. 20 will be described with reference to the flowchart in FIG.

  In step S301, the decryption execution unit 413 decrypts the authentication data 2 (field 542) included in the packet 3 received in step S141 with a decryption method corresponding to the encryption algorithm of the encryption execution unit 312 using the shared key. Decrypt. As a result, the authentication data 2 is decrypted, and the decrypted authentication data 2 (that is, the random number RanB) is acquired by the authentication unit 414 as data of the processing result.

  In step S302, the authentication unit 414 compares the processing result data (authentication data 2 decrypted by the process of step S301) with the random number RanB generated by the process of step S138 of FIG.

  Here, the random number RanB generated by the process of step S138 in FIG. 20 is a random number generated for the device B to authenticate the device A, and devices other than the device B acquire the value in advance. I can't.

  The processing result data is data acquired from the communication partner (in this case, the device A). If the device B does not know that it is decrypted using the shared key, the communication partner is decrypted. It is impossible to encrypt data assuming that Furthermore, since the shared key is generated by being encrypted based on the area to be accessed and the data key, it is generated if the access target list transmitted from the device A is analyzed and those keys are not extracted. I can't.

  If the authentication data 2 decrypted by the process of step S301 and the random number RanB generated by the process of step S138 in FIG. 20 match, the communication partner uses the same shared key as the device B to generate the random number RanB. It is thought that it was encrypted.

  If the third party impersonates the device A, the third party encrypts the random number RanB output from the device B based on the area and data key described in the access target list. As a result, it was determined that the encrypted key was encrypted with the generated shared key, and the key for area 01 and data 11 to data 13 were obtained (stolen) and the random number RanB was encrypted. It's virtually impossible to do this.

  Therefore, if the data of the processing result obtained by the process of step S302 and the random number RanB generated by the process of step S138 in FIG. It is authenticated.

  In step S303, the authentication unit 314 determines whether or not the two values match as a result of the comparison in step S302.

  If it is determined in step S303 that the values match, the process proceeds to step S304, and the authentication unit 414 sets an authentication flag indicating that the device A has been authenticated to ON.

  On the other hand, if it is determined in step S303 that the values do not match, the process proceeds to step S305, and the authentication unit 414 sets the authentication flag described above to OFF.

  In this way, the device A is authenticated.

  Returning to FIG. 20, after the process of step S142, in step S143, device B determines the authentication result by the process of step S142.

  When the above-described authentication flag is set to ON, in step S143 in FIG. 20, it is determined that the device A has been authenticated, and then processing such as transaction processing is executed. When the above-described authentication flag is set to OFF, it is determined in step S143 that device A has not been authenticated, and an error is transmitted from device B to device A, which is received by device A in step S113. . In this case, the communication process between the devices A and B ends here.

  In this way, mutual authentication is performed between the device A and the device B prior to execution of transaction processing or the like. In device A and device B, the shared key used for mutual authentication is generated by being encrypted with a plurality of different keys corresponding to the area and data described in the access target list. Can be prevented and the reliability of mutual authentication can be improved.

  In addition, since the access target check process is executed before mutual authentication is performed, even if the key is stolen, data leakage and tampering can be prevented. For example, even if a third party who attempts unauthorized access analyzes the specific data persistently and the key of the data is stolen, the area and data permitted in advance by the combination setting information Access that does not match this combination is rejected before mutual authentication, so that stronger security can be realized.

  By the way, the contents (combination information of area ID and data ID) of the combination setting information definition block described above with reference to FIG. 10 and FIG. 17 are possessed by a provider who provides services using this non-contact IC card. Registration is performed by a setting information registration device. At this time, the non-contact IC card (device B) also needs to authenticate the setting information registration device (for example, device C).

  With reference to the arrow chart of FIG. 30, the flow of the mutual authentication process performed in the device C, which is a setting information registration device, and the device B configured as a non-contact IC card will be described. The device C is one of reader / writers corresponding to the non-contact IC card of the device B, and is configured similarly to the device A in FIG.

  In step S401, the antenna 205 of the device C radiates a predetermined electromagnetic wave (call), which is received by the device B in step S431.

  In step S432, device B transmits a response to the call received in step S431 to device C, which is received by device C in step S402. Thereby, the reader / writer (device C) detects that the non-contact IC card (device B) is approached.

  In step S403, the random number generation unit 311 of the device C generates a random number RanA that is a random number for authenticating the device B. In step S404, the data transmission unit 317 of the device C uses the random number RanA generated in step S403. Then, a setting information registration request, which is data described in a preset format, is transmitted to the device B.

  In step S433, the device B receives the above-described random number RanA and the setting information registration request. In step S434, the device B executes setting information registration shared key generation processing described later with reference to FIG. As a result, a shared key used for mutual authentication between devices C and B is generated.

  Here, the details of the setting information registration shared key generation processing in step S434 in FIG. 30 will be described with reference to the flowchart in FIG.

  In step S501, the shared key generation unit 415 of the device B extracts the key for mutual authentication of the master definition block and the key for setting the combination of the master definition block. At this time, the mutual authentication key and the combination setting key of the master definition block described above with reference to FIG. 10 are extracted.

  In step S502, the encryption execution unit 412 encrypts the mutual authentication key extracted in step S501 with the combination setting key. At this time, the shared key generation unit 415 supplies a combination setting key to the encryption execution unit 412, and the encryption execution unit 412 uses the key to specify a key for mutual authentication of the master definition block. Encrypt with the encryption algorithm.

  In step S503, the shared key generation unit 415 stores the data encrypted by the processing in step S502 as a shared key in a storage unit configured by the RAM 223 or the like.

  In this way, a shared key necessary for mutual authentication between the devices C and B is generated.

  This shared key is also generated by the device C in step S405 of FIG. 30 to be described later, so that the device C and the device B are shared. The setting information registration shared key generation process in step S405 is the same as the process described above with reference to FIG.

  After the process of step S435 in FIG. 30, the process proceeds to step S436, and the device B executes the authentication data 1 generation process. Since this process is the same as the process described above with reference to FIG. 24, detailed description thereof is omitted, but the random number RanA is encrypted and the authentication data 1 is generated.

  In step S436, the device B (random number generation unit 411) generates (generates) a random number RanB for authenticating the device C.

  In step S437, the device B (data transmission unit 417) transmits the random number generated in step S436 and the authentication data 1 generated in step S435 to the device C, which is received by the device C in step S406. .

  In step S <b> 407, the device C executes an authentication process for the device B. Since this process is the same as the process described above with reference to FIG. 26, a detailed description thereof will be omitted, but with this, it is authenticated by the device C whether the device B is a valid communication partner.

  After the process of step S407, in step S408, the device C determines the authentication result by the process of step S407.

  If it is determined in step S408 that the device B has been authenticated, the process proceeds to step S409. If it is determined in step S408 that the device B has not been authenticated, an error is transmitted from the device C to the device B, and this is received by the device B in step S438. In this case, the communication process between device C and device B ends here.

  In step S409, the device C executes an authentication data 2 generation process. Since this process is the same as the process described above with reference to FIG. 27, detailed description thereof is omitted, but the random number RanB is encrypted and the authentication data 2 is generated.

  After the process of step S409, in step S410, the device C (data transmission unit 317) transmits the authentication data 2 generated in step S409 to the device B, which is received by the device B in step S439.

  In step S440, the device B executes the authentication process for the device C based on the authentication data 2 received in step S439. This process replaces the authentication process of the device A described above with reference to FIG. 29 with the device C, and is the same as the case of FIG. 29. The authentication of the device C is performed by the device B.

  After the process of step S440, in step S441, the device B determines the authentication result by the process of step S440.

  If it is determined in step S441 that the device C has been authenticated, then processing such as registration (including addition / change) of combination setting information is executed.

  If it is determined in step S441 that the device C has not been authenticated, an error is transmitted from the device B to the device C, and this is received by the device C in step S411. In this case, the communication process between device C and device B ends here.

  In this way, mutual authentication is performed between the device C and the device B prior to registration of the combination setting information. In the devices C and B, the shared key used for mutual authentication is generated by being encrypted with a plurality of different keys described in the master definition block, so that impersonation by a third party is prevented and mutual authentication is performed. The certainty can be increased.

  The series of processes described above can be executed by hardware, or can be executed by software. When the above-described series of processing is executed by software, for example, a program constituting the software is installed from a network such as the Internet or a recording medium such as a removable medium via the bus 200.

  This recording medium is distributed to distribute the program to the user, and includes a magnetic disk (including a floppy disk (registered trademark)) on which the program is recorded, an optical disk (CD-ROM (Compact Disk-Read Only Memory). ), DVD (including Digital Versatile Disk)), magneto-optical disk (including MD (Mini-Disk) (registered trademark)), or removable media consisting of semiconductor memory, etc. It also includes, for example, a ROM 212 or 222 that is distributed to the user in a pre-installed state and stores a program.

  Note that the steps of executing the series of processes described above in this specification are performed in parallel or individually even if they are not necessarily processed in time series, as well as processes performed in time series in the order described. The processing to be performed is also included.

It is an arrow chart explaining the flow of a mutual authentication process between the information processing apparatus A and the information processing apparatus B. 4 is a diagram illustrating an example of data stored in the information processing apparatus B. FIG. It is a figure which shows the example of the key set to a folder and a file. It is a figure which shows the example of combination setting information. It is a figure which shows the example of combination setting information. It is a figure which shows one Embodiment of the information processing system which concerns on this invention. 3 is a block diagram showing an example of the internal configuration of device A. FIG. 4 is a block diagram showing an example of the internal configuration of device B. FIG. 4 is a diagram illustrating an example of data stored in a device B. FIG. It is a figure which shows the structural example of the master definition block of FIG. It is a figure which shows the structural example of the combination setting information block of FIG. It is a figure which shows the structural example of the area definition block of FIG. It is a figure which shows the structural example of the data definition block of FIG. It is a figure which shows the structural example of the actual data block of FIG. It is a figure explaining the process in which the data of FIG. 9 are produced | generated. It is a figure explaining the process in which the data of FIG. 9 are produced | generated. It is a figure explaining the process in which the data of FIG. 9 are produced | generated. It is a block diagram which shows the functional structural example of the software performed by CPU of FIG. It is a block diagram which shows the functional structural example of the software performed by CPU of FIG. 10 is an arrow chart for explaining a flow of mutual authentication processing performed in device A and device B. 3 is a diagram illustrating a configuration example of a packet 1. FIG. It is a flowchart explaining an access object check process. It is a flowchart explaining a shared key generation process. It is a flowchart explaining the authentication data 1 production | generation process. 3 is a diagram illustrating a configuration example of a packet 2. FIG. 10 is a flowchart for explaining an authentication process of the device B. It is a flowchart explaining the authentication data 2 production | generation process. 3 is a diagram illustrating a configuration example of a packet 3. FIG. 10 is a flowchart for explaining an authentication process of the device A. 6 is an arrow chart for explaining a flow of mutual authentication processing performed in devices C and B. It is a flowchart explaining a setting information registration shared key generation process.

Explanation of symbols

  211 CPU, 212 ROM, 213 RAM, 221 CPU, 222 ROM, 223 RAM, 224 EEPROM, 311 random number generator, 312 encryption execution unit, 313 decryption execution unit, 314 authentication unit, 315 shared key generation unit, 319 access target Management unit, 411 random number generation unit, 412 encryption execution unit, 413 decryption execution unit, 414 authentication unit, 415 shared key generation unit, 419 access target management unit

Claims (14)

An information processing apparatus that communicates with another information processing apparatus by wire or wirelessly,
Received a first packet including an access target list that is a list of data to be accessed in communication with the other information processing device among a plurality of data stored by the random number generated by the other information processing device and oneself Receiving means for
Continuation determining means for determining whether to continue communication with the other information processing device based on the access target list included in the first packet;
Key generation means for generating an encryption key based on information associated with data described in the access target list when the continuation determination means determines that communication with the other information processing apparatus is to be continued When,
Using the encryption key generated by the key generation means, a random number included in the first packet is encrypted, and the first authentication is data for authenticating itself by the other information processing apparatus Authentication data generating means for generating data;
Transmission means for transmitting the first authentication data generated by the authentication data generation means and a second packet including a random number generated by the authentication data generation means to the other information processing apparatus. Information processing apparatus. The information processing apparatus according to claim 1, further comprising: combination setting information representing a combination of data permitted to be accessed in communication with the other information processing apparatus. A combination determination unit that determines whether a combination of data described in the access target list matches a combination of the combination setting information;
The information processing apparatus according to claim 2, wherein the continuation determination unit determines whether to continue communication with the other information processing apparatus based on a determination result of the combination determination unit. The data to be stored includes
Overall control information which is control information relating to the whole of the data;
Individual control information that is control information related to each of the data is added,
The information processing apparatus according to claim 1, wherein the overall control information and the individual control information include key information used when data is encrypted. The key generation means encrypts a preset portion of the overall control information based on key information included in the individual control information related to each piece of data described in the access target list. The information processing apparatus according to claim 4, wherein the encryption key is generated. The information processing apparatus according to claim 1, wherein the same encryption key as the encryption key generated by the key generation unit is generated by the other information processing apparatus. The first authentication data generated by the authentication data generation means is
By comparing the value of the first authentication data decrypted by the other information processing apparatus using the encryption key and the value of the random number generated by the other information processing apparatus The information processing apparatus according to claim 6, wherein the data is data for authenticating itself to the other information processing apparatus. The other information processing apparatus further comprises acquisition means for acquiring second authentication data generated by encrypting a random number included in the second packet using the encryption key. The information processing apparatus according to claim 6. Decrypting the second authentication data using the encryption key, and comparing the decrypted value of the second authentication data with the value of the random number generated by itself The information processing apparatus according to claim 8, wherein the processing apparatus is authenticated. When the combination setting information is changed by another information processing apparatus,
The information processing apparatus according to claim 9, wherein the other information processing apparatus is authenticated prior to the change of the combination setting information. When authenticating the other information processing apparatus prior to the change of the combination setting information,
The key generation means generates the encryption key by encrypting a preset portion of the overall control information based on key information included in the overall control information. The information processing apparatus according to claim 10. An information processing method of an information processing apparatus that communicates with another information processing apparatus by wire or wireless,
Received a first packet including an access target list that is a list of data to be accessed in communication with the other information processing device among a plurality of data stored by the random number generated by the other information processing device and oneself Receiving step to
A continuation determination step for determining whether to continue communication with the other information processing device based on the access target list included in the first packet;
A key for generating an encryption key based on information associated with data described in the access target list when it is determined by the processing of the continuation determination step that communication with the other information processing apparatus is to be continued Generation step;
First data that is used to encrypt a random number included in the first packet using the encryption key generated by the processing of the key generation step, and to authenticate itself by the other information processing apparatus An authentication data generation step for generating authentication data;
A transmission step of transmitting the first authentication data generated by the processing of the authentication data generation step and a second packet including a random number generated by itself to the other information processing apparatus. A characteristic information processing method. A program of an information processing apparatus that communicates with another information processing apparatus by wired or wireless,
Reception of a first packet including an access target list that is a list of data to be accessed in communication with the other information processing device among a plurality of data stored by the random number generated by the other information processing device and itself A reception control step for controlling
A continuation determination control step for controlling whether to continue communication with the other information processing device based on the access target list included in the first packet;
If it is determined by the process of the continuation determination control step that communication with the other information processing apparatus is to be continued, generation of an encryption key is performed based on information associated with data described in the access target list. A key generation control step to control;
First data that is used to encrypt a random number included in the first packet by using the encryption key generated by the processing of the key generation control step, and to authenticate itself by the other information processing apparatus. Authentication data generation control step for controlling generation of authentication data of
A transmission control step for controlling transmission of the first authentication data generated by the processing of the authentication data generation control step and the second packet including the random number generated by itself to the other information processing apparatus. A program characterized by causing a computer to execute. A recording medium in which a program of an information processing apparatus that communicates with another information processing apparatus by wire or wireless is recorded,
Reception of a first packet including an access target list that is a list of data to be accessed in communication with the other information processing device among a plurality of data stored by the random number generated by the other information processing device and itself A reception control step for controlling
A continuation determination control step for controlling whether to continue communication with the other information processing device based on the access target list included in the first packet;
If it is determined by the process of the continuation determination control step that communication with the other information processing apparatus is to be continued, generation of an encryption key is performed based on information associated with data described in the access target list. A key generation control step to control;
First data that is used to encrypt a random number included in the first packet by using the encryption key generated by the processing of the key generation control step, and to authenticate itself by the other information processing apparatus. Authentication data generation control step for controlling generation of authentication data of
A transmission control step for controlling transmission of the first authentication data generated by the processing of the authentication data generation control step and the second packet including the random number generated by itself to the other information processing apparatus. A recording medium on which a program for causing a computer to execute and is recorded.

Images