JP2007158562A - Information processing system, information processing apparatus and method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology capable of easily realizing a system that is securer against information leakage without decreasing the convenience. <P>SOLUTION: When an IC card 22 approaches a reception terminal 31, the reception terminal 31 detects the IC card 22, acquires card information 51, and supplies the information to an electronic money server 32. The electronic money server 32 applies preliminary authentication processing to the IC card 22, particularizes a dedicated object key 62 corresponding to the IC card 22, and supplies preliminary authentication result information 52 to a settlement terminal 33 in a secure state. The settlement terminal 33 uses the dedicated object key 62 included in the approached IC card 22 and the preliminary authentication result information 52 to carry out mutual authentication processing. When the IC card 22 and the settlement terminal 33 carry out the mutual authentication, the IC card 22 and the settlement terminal 33 succeedingly execute payment processing and complete the settlement. The technology above can be applied to authentication processing systems. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information processing system, an information processing apparatus and method, and a program, and more particularly, to an information processing system, information processing apparatus and method, and program suitable for use in a system that performs authentication processing.

  Conventionally, in an electronic money system that can be used offline based on a symmetric key cryptography, a common key is generally defined for the entire system, and is stored in both the store terminal and the IC card, and this key is used for electronic Rewrite money balance (value). Alternatively, the value is rewritten by sharing the same key between the IC card and the store terminal in such a way that it can be calculated for each IC card as a separate value instead of being shared by the entire system, and calculated from the IC card number using a pre-defined calculation. You can also.

  However, in this method, when secret information such as a key is leaked by analyzing a store terminal, there is a risk that the influence may affect the entire system, such as improper use of the information to impersonate another card.

  Therefore, a common key based on the user's common key cryptosystem is held in the information holding medium, and based on the common key held in the user's information holding medium in response to a user authentication request given from the information processing apparatus. Only when the user is authenticated by the common key encryption method and the user can be authenticated, the information processing apparatus performs a predetermined process for authenticating the user by the public key encryption method. The method of doing is considered (for example, refer patent document 1).

  By using this method, the store terminal is always online, and the value can be rewritten between the server and the IC card via the store terminal. For example, the encryption key dedicated to each IC card is managed in the server. Can be made. That is, with this method, each IC card can hold an individual encryption key, and a user authentication process can be performed using the encryption key. Thereby, the risk of the encryption key leakage as described above can be reduced.

JP 2001-313636 A

  However, in this method, two encryption methods, a public key encryption method and a common key encryption method, are used, and the configuration of the system and each device becomes complicated, which may increase the cost and processing load. It was. Also, for user authentication, the IC card needs to communicate with the server (using a symmetric key) via the store terminal. Due to the communication time, the processing time of the authentication process increases, which may reduce convenience.

  The present invention has been made in view of such a situation, and makes it possible to easily realize a safer system against information leakage without reducing convenience.

  One aspect of the present invention is an information processing system that includes a first terminal, a server, and a second terminal, and performs authentication of a portable information processing device, wherein the first terminal includes the portable information processing device. A first acquisition unit that acquires identification information of the portable information processing apparatus from a device; and a first supply unit that supplies the identification information acquired by the first acquisition unit to the server; The server includes: a second acquisition unit that acquires the identification information supplied by the first supply unit; and the portable information processing apparatus that corresponds to the identification information acquired by the second acquisition unit. A dedicated target key specifying means for specifying a dedicated symmetric key, which is symmetric key information used for encryption processing and decryption processing dedicated to the portable information processing device, and specified by the dedicated symmetric key specifying means. Dedicated Second supply means for supplying a second key to the second terminal, wherein the second terminal acquires the dedicated symmetric key supplied by the second supply means And holding means for holding the dedicated symmetric key acquired by the acquisition means, fourth acquisition means for acquiring the identification information from the portable information processing apparatus, and holding by the holding means. Authentication means for authenticating the portable information processing apparatus using a dedicated symmetric key corresponding to the identification information acquired by the fourth acquisition means.

  The portable information processing apparatus may be a non-contact type IC card that performs short-range wireless communication.

  The server further includes storage means for storing registration information related to the portable information processing apparatus registered in advance, and the dedicated symmetric key specifying means refers to the registration information stored in the storage means, The dedicated symmetric key corresponding to the identification information acquired by the second acquisition means can be specified.

  The second terminal may further include payment processing means for performing payment processing for updating balance information received by the portable information processing apparatus authenticated by the authentication means.

  The second terminal may further include post-processing means for erasing the dedicated symmetric key held in the holding means at a predetermined timing.

  The second terminal may further include holding period setting means for setting the predetermined timing.

  The holding period setting unit may set the predetermined timing based on an instruction from the server, an instruction from a user of the second terminal, or an instruction from the portable information processing device. it can.

  Another aspect of the present invention is an information processing apparatus that performs authentication of a portable information processing apparatus, and a first acquisition unit that acquires identification information of the portable information processing apparatus from the portable information processing apparatus. A dedicated symmetric key, which is symmetric key information used for encryption processing and decryption processing, individually assigned to each portable information processing device, and the identification information acquired by the first acquisition means A holding unit that holds the dedicated symmetric key specified based on the second acquisition unit that acquires the identification information from the portable information processing device; and the second acquisition unit that is held in the holding unit. Authentication means for authenticating the portable information processing apparatus using a dedicated symmetric key corresponding to the identification information acquired by the means.

  The portable information processing apparatus is a non-contact type IC card that performs short-range wireless communication, and the first acquisition unit and the second acquisition unit include the non-contact type IC card and the short range that are close to each other. Wireless communication can be performed to obtain the identification information.

  The information processing apparatus may further include payment processing means for performing payment processing for updating balance information received by the portable information processing apparatus authenticated by the authentication means.

  A post-processing unit that erases the dedicated symmetric key held in the holding unit at a predetermined timing can be further provided.

  A holding period setting means for setting the predetermined timing can be further provided.

  The retention period setting means is based on an instruction from a server connected to the information processing apparatus and specifying the dedicated symmetric key, an instruction from a user of the information processing apparatus, or an instruction from the portable information processing apparatus Thus, the predetermined timing can be set.

  Another aspect of the present invention is an information processing method for an information processing apparatus that performs authentication of a portable information processing apparatus, and obtains identification information of the portable information processing apparatus from the portable information processing apparatus, A dedicated symmetric key, which is a symmetric key information that is individually assigned to the portable information processing device and is used for encryption processing and decryption processing, and that is specified based on the acquired identification information. Using the dedicated symmetric key corresponding to the re-acquired identification information held in the holding unit, re-obtaining the identification information from the portable information processing apparatus. Authenticating the type information processing apparatus.

  Another aspect of the present invention is a program that causes a computer to execute authentication processing of a portable information processing device, obtains identification information of the portable information processing device from the portable information processing device, and A dedicated symmetric key, which is a symmetric key information that is individually assigned to the information processing apparatus and is used for encryption processing and decryption processing, and that is specified based on the acquired identification information. And the portable information processing apparatus acquires the identification information again from the portable information processing apparatus, and uses the dedicated symmetric key corresponding to the identification information acquired again and held in the holding unit. Authenticating the processing device.

  In one aspect of the present invention, identification information of a portable information processing device is acquired from the portable information processing device and used for encryption processing and decryption processing individually assigned to each portable information processing device. A dedicated symmetric key that is symmetric key information, the dedicated symmetric key specified based on the acquired identification information is held in the holding unit, and the identification information is acquired again from the portable information processing apparatus, and the holding unit The portable information processing apparatus is authenticated using the dedicated symmetric key corresponding to the identification information acquired again.

  According to an aspect of the present invention, authentication processing can be performed. In particular, a safer system can be easily realized without reducing convenience.

  Embodiments of the present invention will be described below. Correspondences between the configuration requirements of the present invention and the embodiments described in the detailed description of the present invention are exemplified as follows. This description is to confirm that the embodiments supporting the present invention are described in the detailed description of the invention. Accordingly, although there are embodiments that are described in the detailed description of the invention but are not described here as embodiments corresponding to the constituent elements of the present invention, It does not mean that the embodiment does not correspond to the configuration requirements. Conversely, even if an embodiment is described here as corresponding to a configuration requirement, that means that the embodiment does not correspond to a configuration requirement other than the configuration requirement. It's not something to do.

  Further, this description does not mean all the inventions described in this specification. In other words, this description is an invention described in the present specification and is not claimed in this application, that is, an invention that will be filed in the future or added by amendment. Is not to deny.

  One aspect of the present invention includes a first terminal (for example, the reception terminal in FIG. 1), a server (for example, the electronic money server in FIG. 1), and a second terminal (for example, the payment terminal in FIG. 1). An information processing system (for example, the electronic money system of FIG. 1) for authenticating a portable information processing apparatus (for example, the IC card of FIG. 1), wherein the first terminal is First acquisition means (for example, card information acquisition unit in FIG. 2) for acquiring identification information (for example, card ID in FIG. 1) of the portable information processing apparatus, and the first acquisition means to acquire 1st supply means (for example, card information supply part of FIG. 2) which supplies identification information to the said server, The said server acquires the said identification information supplied by the said 1st supply means. Acquisition means (for example, the card information acquisition unit in FIG. 3) ) And a symmetric type dedicated to the portable information processing device assigned to the portable information processing device corresponding to the identification information acquired by the second acquisition means and used for encryption processing and decryption processing Dedicated target key specifying means (for example, a dedicated symmetric key specifying unit in FIG. 3) for specifying a dedicated symmetric key (for example, the dedicated symmetric key in FIG. 1) that is key information, and the dedicated symmetric key specifying means Second supply means for supplying a dedicated symmetric key to the second terminal (for example, the result supply unit in FIG. 3), wherein the second terminal is supplied by the second supply means. Third acquisition means for acquiring a dedicated symmetric key (for example, the communication unit of FIG. 5), holding means for holding the dedicated symmetric key acquired by the acquisition means (for example, the storage unit of FIG. 5), From the portable information processing device, the identification information And a dedicated symmetric key corresponding to the identification information acquired by the fourth acquisition means, which is held in the holding means, and a fourth acquisition means (for example, the card information acquisition unit in FIG. 5). And an authentication means (for example, a mutual authentication unit in FIG. 5) for authenticating the portable information processing apparatus.

  The portable information processing apparatus may be a non-contact type IC card (for example, the IC card in FIG. 1) that performs short-range wireless communication.

  The server further includes a storage unit (for example, the storage unit of FIG. 3) for storing registration information (for example, the registration information of FIG. 3) relating to the portable information processing apparatus registered in advance, and the dedicated symmetric key specifying unit May refer to the registration information stored in the storage means to identify the dedicated symmetric key corresponding to the identification information acquired by the second acquisition means.

  The second terminal includes a payment processing unit for performing a payment process for updating balance information (for example, balance information in FIG. 1) received by the portable information processing apparatus authenticated by the authentication unit (for example, FIG. 5 payment processing units) can be further provided.

  The second terminal may further include a post-processing unit (for example, a post-processing unit in FIG. 5) that deletes the dedicated symmetric key held in the holding unit at a predetermined timing.

  The second terminal may further include holding period setting means (for example, a holding period setting unit in FIG. 27) that sets the predetermined timing.

  The retention period setting means includes an instruction from the server (for example, retention period information in FIG. 27), an instruction from the user of the second terminal (for example, retention period information in FIG. 27), or the portable information The predetermined timing can be set based on an instruction from the processing device (for example, retention period information in FIG. 27).

  Another aspect of the present invention is an information processing apparatus (for example, an acceptance settlement common terminal in FIG. 24) that performs authentication of a portable information processing apparatus (for example, an IC card in FIG. 24), and the portable information processing apparatus Accordingly, first acquisition means for acquiring identification information (for example, the card ID of FIG. 24) of the portable information processing apparatus (for example, the card information acquisition unit of FIG. 25 that executes the process of step S301 of FIG. 26); A dedicated symmetric key (for example, the dedicated symmetric key in FIG. 24), which is symmetric key information assigned to each portable information processing apparatus and used for encryption processing and decryption processing, A holding unit (for example, a storage unit in FIG. 25) that holds a dedicated symmetric key specified based on the identification information acquired by the acquisition unit, and a second that acquires the identification information from the portable information processing device. Acquisition means (example For example, the card information acquisition unit in FIG. 25 that executes the process of step S304 in FIG. 26) and the dedicated symmetric key corresponding to the identification information that is held in the holding unit and that is acquired by the second acquisition unit And an authentication means (for example, a mutual authentication unit in FIG. 25) for authenticating the portable information processing apparatus.

  The portable information processing device is a non-contact type IC card (for example, the IC card in FIG. 24) that performs short-range wireless communication, and the first acquisition unit and the second acquisition unit are arranged close to each other. The identification information can be acquired by performing short-range wireless communication with a non-contact type IC card.

  A payment processing unit (for example, a payment processing unit in FIG. 25) for performing a payment process for updating balance information (for example, balance information in FIG. 24) received by the portable information processing apparatus authenticated by the authentication unit; Can be provided.

  Post-processing means (for example, a post-processing unit in FIG. 25) for erasing the dedicated symmetric key held in the holding means at a predetermined timing can be further provided.

  A holding period setting unit (for example, a holding period setting unit in FIG. 27) for setting the predetermined timing may be further provided.

  The retention period setting means is connected to the information processing apparatus and receives an instruction from the server for specifying the dedicated symmetric key (for example, retention period information in FIG. 27), and an instruction from the user of the information processing apparatus (for example, FIG. 27 holding period information) or an instruction from the portable information processing apparatus (for example, holding period information in FIG. 27), the predetermined timing can be set.

  Another aspect of the present invention is an information processing method or program for an information processing apparatus (for example, the acceptance settlement common terminal of FIG. 24) that performs authentication of a portable information processing apparatus (for example, an IC card of FIG. 24), Identification information (for example, card ID in FIG. 24) of the portable information processing device is acquired from the portable information processing device (for example, step S301 in FIG. 26), and is individually assigned to each portable information processing device. In addition, a dedicated symmetric key that is symmetric key information used in the encryption process and the decryption process, and is specified based on the acquired identification information (for example, the dedicated symmetric key in FIG. 24). It is held in a holding unit (for example, the storage unit in FIG. 25) (for example, step S303 in FIG. 26), and the identification information is acquired again from the portable information processing apparatus (for example, in step S304 in FIG. 26). ), And authenticating the portable information processing apparatus using a dedicated symmetric key corresponding to the re-acquired identification information held in the holding unit (for example, step S305 in FIG. 26).

  Next, an embodiment to which the present invention is applied will be described with reference to the drawings.

  FIG. 1 is a block diagram showing a configuration example of an electronic money system to which the present invention is applied.

  In FIG. 1, an electronic money system 1 is a system that uses an IC card 22 held by a customer 21 to make a payment related to the purchase of a product of the customer 21 at a store, such as a store 10, for example, using electronic money.

  The IC card 22 includes a communication unit that performs short-range wireless communication using a predetermined communication method and a storage unit that stores information (none of which is shown), and is stored in the storage unit by short-range wireless communication. Information is supplied to the adjacent device, or information is acquired from the adjacent device and stored in the storage unit.

In the storage area of the storage unit, a card ID 41 that is identification information of each IC card, a dedicated symmetric key 42 that is different key information assigned to each IC card, and the IC card 22 are charged (deposited). Balance information 43 indicating the current balance is stored. The dedicated symmetric key 42 is key information (symmetric key) for a secret key encryption method in which the same key information is used in both encryption and decryption processes, and is different from each other for each IC card. A key that cannot be calculated more). For example, private symmetric key 42 is constituted by two keys K _A and a key K _B. Of course, the dedicated symmetric key 42 may be composed of any number of keys as long as it is used as a set of keys as a whole.

  The electronic money system 1 acquires the card ID 41 and the balance information from the IC card 22 of the customer 21, specifies the dedicated symmetric key 62 (that is, the dedicated symmetric key 42) corresponding to the IC card 22, and the dedicated symmetric key 42 and Authentication processing is performed using the dedicated symmetric key 62.

  The electronic money system 1 includes a reception terminal 31, an electronic money server 32, and a payment terminal 33 that are connected to a network 30. In the store 10, a reception terminal 31 and a payment terminal 33 are installed. For example, the reception terminal 31 is installed near the entrance (not shown) of the store 10, and the payment terminal 33 is installed in a payment corner or the like where an electronic register (money register) for performing payment work is installed.

  The reception terminal 31 performs short-range wireless communication with a nearby IC card 22 by a predetermined communication method, acquires the card ID 41 and balance information 43 of the IC card 22, and uses them as card information 51 via the network 30. To the electronic money server 32.

  The network 30 is configured by an arbitrary network such as the Internet or a LAN, for example. The network 30 is configured by one or a plurality of wired or wireless networks, and the reception terminal 31, the electronic money server 32, and the payment process are connected to each other and information can be exchanged between them. It may be anything.

  The electronic money server 32 is a server that manages the balance information 43 and the dedicated symmetric key 42 of each IC card 22, and is installed in a place (for example, a central information management center) different from the store 10, for example. The electronic money server 32 uses the card information 51 supplied from the reception terminal 31 to perform the authentication process of the IC card 22 before the settlement process (in advance). Then, when the IC card 22 is authenticated, the electronic money server 32 specifies the dedicated symmetric key 62 assigned to the IC card 22, and the pre-authentication result information 52 together with the authentication determination result information 61. To the payment terminal 33.

  Although not shown in FIG. 1, the electronic money server 32 is connected to a plurality of reception terminals 31 and settlement terminals 32 installed in a plurality of sales stores, and is supplied from each reception terminal 31. The card information 51 is subjected to the authentication process as described above, and the pre-authentication result information 52 is supplied to the settlement terminal 33 corresponding to the receiving terminal 31.

  The settlement terminal 33 performs short-range wireless communication with the adjacent IC card 22 by a predetermined communication method, and based on the pre-authentication result information supplied from the electronic money server 32, the payment terminal 33 and the dedicated symmetric key 42. And after performing mutual authentication processing using the dedicated symmetric key 62 and confirming each other, settlement processing relating to product purchase is performed.

  The specific processing and the flow of work will be described. When the customer 21 carrying the IC card 22 enters the store 10, first, the IC card 22 is brought close to the reception terminal 31. For example, in order to urge the customer 21 who has entered the store to place the IC card 22 close to the reception terminal 31, the reception terminal 31 is arranged in a conspicuous part near the entrance, or guidance is displayed on the reception terminal 31 or in the vicinity thereof. You may make it do.

  When the IC card 22 comes close, the reception terminal 31 detects the IC card 22, acquires the card information 51 (card ID 31 and balance information 43) from the IC card 22, and makes it safe (secure). The electronic money server 32 is supplied in a state. At this time, for example, the reception terminal 31 may notify the customer 21 by an image or sound that these processes have been completed.

  When the card information 51 is supplied, the electronic money server 32 performs pre-authentication processing of the IC card 22 using the card ID 41 and the balance information 43, and when the authentication is successful, the dedicated symmetric key corresponding to the IC card 22 62 is specified, and the pre-authentication result information 52 is supplied to the settlement terminal 33 in a secure state. When the settlement terminal 33 acquires the pre-authentication result information 52, it stores it in a storage unit (not shown).

  By the way, when the acceptance process is completed (for example, after the completion of the process is notified from the acceptance terminal 31 or a predetermined time has passed), the customer 21 looks around the product sold at the store 10 and purchases it. Search for or decide on the product to be purchased (determined product purchase). When the product to be purchased is determined, the customer 21 brings the IC card 22 close to the payment terminal 33 in order to settle the product using the electronic money charged in the IC card 22.

  When the payment terminal 33 detects the IC card 22, it performs near field communication with the IC card 22, authenticates the IC card 22 using the dedicated symmetric key 62 included in the pre-authentication result information 52, and itself ( A mutual authentication process for authenticating the settlement terminal 33) to the IC card 22 is performed. On the other hand, the IC card 22 authenticates the settlement terminal 33 using the dedicated symmetric key 42 and performs a mutual authentication process for authenticating itself (the IC card 22) to the settlement terminal 33. And if it mutually authenticates, IC card 22 and payment terminal 33 will continue payment processing, update the balance information of IC card 22, and will complete payment. At this time, the payment terminal 33 supplies information related to the balance to the electronic money server 32 and updates the balance information managed in the electronic money server 32. Further, for example, the payment terminal 33 may notify the customer 21 of the completion of the payment process by an image or sound.

  When the payment process is completed (for example, after the end of the process is notified from the payment terminal 33 or a predetermined time elapses), the customer 21 leaves the store 10.

  As described above, the electronic money system 1 acquires the card information 51 of the IC card 22 when the customer 21 enters the store, and specifies the dedicated symmetric key 62 used for the authentication process at the time of settlement before the settlement process. Therefore, the electronic money system 1 prepares the dedicated symmetric key 62 by performing the above-described processing using the time when the customer 21 determines the product. By doing so, the electronic money system 1 suppresses an increase in processing time of settlement processing (including authentication processing) due to the time of communication processing and pre-authentication processing, and does not impair the convenience of the system. Authentication processing can be performed using a dedicated symmetric key (individual symmetric key). That is, the electronic money system 1 can prevent the influence from affecting the entire system such as other IC cards even when the symmetric key leaks from a certain IC card 22, for example. Further, the electronic money system 1 can easily realize the above processing without requiring complicated processing and configuration such as using a plurality of encryption method key information.

  In this way, the electronic money system 1 can easily realize a safer system against information leakage without reducing convenience.

  The configuration of the electronic money system 1 may include a configuration other than that shown in FIG. For example, the number of the store 10, the network 30, the reception terminal 31, the electronic money server 32, and the payment terminal 33 may be any number. Further, the number of reception terminals 31 and settlement terminals 33 installed in one store 10 may be any number. The number of reception terminals 31 and payment terminals 33 corresponding to one electronic money server 32 is also arbitrary, and a plurality of electronic money servers 32 may correspond to one reception terminal 31, or one payment terminal 33. A plurality of electronic money servers 32 may correspond. Further, a plurality of payment terminals 33 may correspond to one reception terminal 31, or a single payment terminal 33 may correspond to a plurality of reception terminals 31.

  Further, the card information 51 transferred to the electronic money server 32 may include information other than those described above, and the pre-authentication result information 52 transmitted from the electronic money server 32 may include other information than described above. Other information may be included.

  FIG. 2 is a block diagram illustrating an internal configuration example of the reception terminal 31 in FIG.

  In FIG. 2, the reception terminal 31 communicates with the electronic money server 32 via the control unit 71 that controls each unit of the reception terminal 31, the reader 72 that reads information from the IC card 22 that is adjacent, and the network 30. A portion 73 is provided.

  The control unit 71 includes a polling processing unit 81, a card information acquisition unit 82, and a card information supply unit 83. The polling processing unit 81 controls the reader 72 to perform polling processing, and detects the IC card 22 that is in close proximity. The card information acquisition unit 82 controls the reader 72 to acquire card information 51 (for example, card ID 41 and balance information 43) from the IC card 22. The card information supply unit 83 controls the communication unit 73 to supply the acquired card information 51 to the electronic money server 32.

  The reader 72 is controlled by the control unit 71 and performs short-range wireless communication with the IC card 22 that is in proximity by a predetermined method. For example, the reader 72 is controlled by the polling processing unit 81 of the control unit 71, transmits polling, and receives ACK, which is a response to polling, transmitted from the adjacent IC card 22. Thereby, the control part 71 detects the IC card 22 which adjoined, and confirms the presence. Further, for example, the reader 72 is controlled by the card information acquisition unit 82 of the control unit 71, transmits a card information request to the IC card 22 whose existence is confirmed, and receives the card information 51 supplied as a response thereto. To do. As a result, the control unit 71 acquires card information from the IC card 22. Note that the detailed configuration of the reader 72, the details of the communication method with the IC card 22, and the like are basically the same as those of the reader / writer 132 of the settlement terminal 33 described later, and are omitted here.

  The communication unit 73 communicates with the electronic money server 32 via the network 30 and supplies the card information 51 supplied from the card information supply unit 83 of the control unit 71 to the electronic money server 32. At this time, the communication unit 73 uses a network 30 constituted by a secure dedicated line with a low possibility of information leakage to a third party, or constructs a secure virtual private network (VPN (Virtual Private Network)). The card information 51 in a secure state (in a state in which leakage of information to a third party is suppressed) by using it or performing encryption or decryption processing on the information to be exchanged. The electronic money server 32 is supplied.

  That is, the reception terminal 31 detects the IC card 22 that is close as described above in order to cause the electronic money server 32 to perform the pre-authentication process before the settlement process and specify the dedicated symmetric key 62, Card information 51 is acquired from the IC card 22 and supplied to the electronic money server 32.

  FIG. 3 is a block diagram showing an internal configuration example of the electronic money server 32 of FIG.

  In FIG. 3, an electronic money server 32 includes a control unit 91 that controls each unit of the electronic money server 32, a communication unit 92 that communicates with the reception terminal 31 and the payment terminal 32 via the network 30, and a prepared in advance. A storage unit 93 that stores registration information 121 that is information about the IC card 22 is provided.

  The control unit 91 includes a card information acquisition unit 101, a pre-authentication unit 102, and a result supply unit 103. The card information acquisition unit 101 controls the communication unit 92 to acquire the card information 51 supplied from the reception terminal 31 and supplies it to the ID authentication unit 111 of the pre-authentication unit 102.

  The pre-authentication unit 102 performs authentication processing (in advance) on the IC card 22 of the supplied card information 51 before the payment processing, and specifies the dedicated symmetric key 62 used in the authentication processing at the time of payment. The pre-authentication unit 102 includes an ID authentication unit 111, a balance confirmation unit 112, a dedicated symmetric key specification unit 113, a determination result information creation unit 114, and a pre-authentication result information creation unit 115.

  The ID authentication unit 111 refers to the registration information 121 stored in the storage unit 93 and authenticates the card ID 41 included in the card information acquired by the card information acquisition unit 101.

  The registration information 121 is information regarding each IC card 22 registered in advance. For example, as illustrated in FIG. 4, the registration information 121 is configured as table information in which a plurality of types of information related to the IC card 22 are associated with each IC card. In FIG. 4, for each IC card 22, a card ID, balance information, and a dedicated symmetric key are registered in association with each other. As an example from the second line from the top, the balance of the IC card 22 with the card ID “AAAAA” is “1000” yen, and the dedicated symmetric key assigned to the IC card 22 is “KEY1”.

  That is, the ID authenticating unit 111 in FIG. 3 refers to such pre-registered registration information 121 and determines whether or not the acquired card ID is included in the registration information. Authenticate.

  The registration information 121 may have a configuration other than the example illustrated in FIG. 4, and may include items other than those described above, for example.

  The ID authenticating unit 111 that has performed authentication of the card ID, together with the card information 51 and the registration information 121, creates the balance confirmation unit 112, the dedicated symmetric key specifying unit 113, or the determination result information according to the authentication result. Supplied to the unit 114.

  The balance confirmation unit 112 refers to the registration information 121 and confirms whether or not the amount of the balance information 43 included in the card information 51 matches the registration information 121. And the balance confirmation part 112 supplies the confirmation result to the determination result information preparation part 113 or the determination result information preparation part 114 with the card information 51 and the registration information 121 according to the content.

  The dedicated symmetric key specifying unit 113 refers to the supplied registration information 121 and specifies the dedicated symmetric key 62 corresponding to the card ID authenticated by the ID authenticating unit 111. Then, the dedicated symmetric key specifying unit 113 supplies the dedicated symmetric key 62 to the determination result information creating unit 114.

  The determination result information creation unit 114 determines the determination result for the IC card 22 based on the supplied authentication result, confirmation result, or the like, such as whether the IC card 22 is correct or illegal. Result information 61 is created and supplied to the pre-authentication result information creation unit 115 together with other information such as the dedicated symmetric key 62 as necessary.

  The pre-authentication result information creation unit 115 creates pre-authentication result information 52 to be supplied to the payment terminal 33 using the supplied information, and supplies it to the result supply unit 103.

  The result supply unit 103 supplies the supplied pre-authentication result information 52 to the payment terminal 33 via the communication unit 92.

  The communication unit 92 has a predetermined communication interface, is connected to the network 30, communicates with the reception terminal 31 and the payment terminal 33 via the network 30, and exchanges various information. At this time, the communication unit 92 uses a network 30 constituted by a secure dedicated line with a low possibility of information leakage to a third party, or constructs a secure virtual private network (VPN (Virtual Private Network)). The card information 51 supplied from the receiving terminal 31 is kept in a secure state (the information to the third party is used). Or the pre-authentication result information 52 is supplied to the settlement terminal 33 in a secure state.

  The storage unit 93 is configured by a storage medium such as a hard disk or a semiconductor memory, for example, and stores the registration information 121 described above in advance.

  In other words, at the start of the payment process, the payment terminal 33 has acquired the dedicated symmetric key 62 necessary for the mutual authentication process, and can perform the mutual authentication process or the like without waiting (at least the payment process starts). As described above, the electronic money server 32 performs the pre-payment process based on the card information 51 supplied from the reception terminal 31 as described above. Then, the pre-authentication process is performed, the dedicated symmetric key 62 is specified, and it is supplied to the settlement terminal 33 as the pre-authentication process result information 52 together with the determination result information 61 of the IC card 22.

  FIG. 5 is a block diagram illustrating an internal configuration example of the payment terminal 33 in FIG.

  In FIG. 5, the payment terminal 33 includes a control unit 131 that controls each unit of the payment terminal 33, a reader / writer 132 that performs short-range wireless communication with the adjacent IC card 22 and reads / writes information from / to the IC card 22, A communication unit 133 connected to the network 30 for communicating with the electronic money server 32 to exchange information, a storage unit 134 for holding pre-authentication result information 52 supplied from the electronic money server 32, the customer 21 and the store 10 A display unit 135 that displays a message, an image, and the like for the store clerk (user), and an input unit 136 that receives an input from the store clerk (user).

  The control unit 131 controls processing related to product settlement in the store 10. The control unit 131 includes a polling processing unit 141, a card information acquisition unit 142, and a settlement processing unit 143.

  The polling processing unit 141 controls the reader / writer 132 to perform the polling process, and detects the IC card 22 that is in close proximity. The card information acquisition unit 142 controls the reader / writer 132 to acquire card information 51 (for example, card ID 41 and balance information 43) from the IC card 22.

  The settlement processing unit 143 controls the reader / writer 132, the storage unit 134, the display unit 135, the input unit 136, and the like, and uses the card information 51 acquired by the card information acquisition unit 142 to connect to the IC card 22 that is in close proximity. On the other hand, the payment process regarding the goods which the customer 21 purchases is performed. The settlement processing unit 143 includes a pre-authentication result handling unit 151, a mutual authentication unit 152, a payment processing unit 153, and a post-processing unit 154.

  When the pre-authentication result correspondence processing unit 151 acquires the card information 51 acquired by the card information acquisition unit 142, the pre-authentication result stored in the storage unit 134 corresponding to the card information 51 (the adjacent IC card 22). With reference to the information 52, for example, a message indicating the authentication result is displayed on the display unit 135 and a store clerk (user) is notified, and processing corresponding to the pre-authentication result is executed.

  The mutual authentication unit 152 controls the storage unit 134 and the reader / writer 132 to execute mutual authentication processing for mutually authenticating with the IC card 22. Although details of the mutual authentication processing will be described later, for example, the mutual authentication unit 152 controls the reader / writer 132 and uses the dedicated symmetric key 62 included in the pre-authentication result information 52 for information exchanged with the IC card 22. Encryption and decryption are performed to authenticate each other as being correct (not fraudulent) communication partners.

  When the IC card 22 and the payment terminal 33 authenticate each other by the processing of the mutual authentication unit 152, the payment processing unit 153 sets the storage unit 134 and the reader / writer 132 based on the information regarding the product purchase input from the input unit 136. To perform payment processing for correcting the balance information 43 of the IC card 22.

  The post-processing unit 154 terminates the display of the display unit 135 or deletes the unnecessary pre-authentication result information stored in the storage unit 134.

  The reader / writer 132 is controlled by the control unit 131 and performs short-distance wireless communication with the IC card 22 that is in proximity by a predetermined method. For example, the reader / writer 132 is controlled by the polling processing unit 141 of the control unit 131, transmits polling, and receives ACK, which is a response to polling, transmitted from the adjacent IC card 22. Thereby, the control part 131 detects the IC card 22 which adjoined, and confirms the presence. Further, for example, the reader / writer 132 is controlled by the card information acquisition unit 142 of the control unit 131 and transmits a card information request to the IC card 22 whose existence is confirmed, and the card information 51 supplied as a response to the card information 51 is sent. Receive. Thereby, the control unit 131 acquires card information from the IC card 22.

  Further, for example, the reader / writer 132 is controlled by the mutual authentication unit 152 of the control unit 131 and uses the dedicated symmetric key 62 included in the pre-authentication result information 52 while performing encryption and decryption, and information with the IC card 22. And authenticating the IC card 22 and causing the IC card 22 to authenticate. Further, the reader / writer 132 is controlled by the payment processing unit 153 of the control unit 131 and updates the balance information of the IC card 22. The detailed configuration of the reader 72 and the details of the communication method with the IC card 22 will be described later.

  The communication unit 133 communicates with the electronic money server 32 via the network 30 to acquire the pre-authentication result information 52 supplied from the electronic money server 32 and store it in the storage unit 134. At this time, the communication unit 133 uses a network 30 constituted by a secure dedicated line with a low possibility of information leakage to a third party, or constructs a secure virtual private network (VPN (Virtual Private Network)). The pre-authentication result information 52 supplied from the electronic money server 32 in a secure state (third party). (In a state that suppresses the leakage of information).

  The storage unit 134 is configured by a storage medium such as a hard disk or a semiconductor memory, stores pre-authentication result information supplied from the communication unit 133, and supplies it to the settlement processing unit 143 as necessary.

  The display unit 135 includes, for example, a monitor such as a CRT (Cathode Ray Tube) monitor or an LCD (Liquid Crystal Display), and displays image information such as a message or a symbol indicating a pre-authentication result.

  That is, the payment terminal 33 holds the dedicated symmetric key 62 specified (in advance) before the payment process in the electronic money server 32, and performs the payment process using it.

  FIG. 6 is a block diagram illustrating a detailed configuration example of the reader / writer 132 of FIG.

  6, the reader / writer 132 includes a control unit 161, an interface 162, a memory 163, an encryption unit 164, a transmission unit 165, an antenna unit 166, a reception unit 167, and a decryption unit 168.

The control unit 161 performs various processes according to a built-in program. For example, the control unit 161 outputs data to be transmitted to the IC card 22 to the encryption unit 164 and processes response data from the IC card 22 supplied from the decryption unit 168. The control unit 161 from the memory 163, reads the key K _A or the key K _B used for encryption or decryption (private symmetric key 62), the key K _A or the key K _B, the encryption unit 164 or the decryption To the unit 168. Further, the control unit 161 communicates with each unit of the control unit 131 via the interface 162 to acquire necessary information or supply information acquired from the IC card 22 to the control unit 131. For example, the control unit 161 acquires the dedicated symmetric key 62 (key K _A and key K _B ) supplied from the control unit 131 via the interface 162 and supplies it to the memory 163 for holding.

The memory 163 stores data used for processing in the control unit 161, and two keys K _A and K _B (dedicated symmetric keys supplied from the control unit 131) used in encryption or decryption. 62) is stored.

  The encryption unit 164 encrypts the data supplied from the control unit 161 with a predetermined key, and outputs the encrypted data (encryption) to the transmission unit 165. However, polling and card information request commands are transmitted without encryption. That is, if the supplied information is a polling or card information request command, the encryption unit 164 outputs the information to the transmission unit 165 without encryption.

  The transmission unit 165 modulates the data (encryption) supplied from the encryption unit 164 using a predetermined modulation method (for example, PSK (Phase Shift Keying) modulation method), and the generated modulated wave is transmitted via the antenna unit 166. To the IC card 22.

  The receiving unit 167 receives the modulated wave transmitted from the IC card 22 via the antenna unit 166, demodulates it with a demodulation method corresponding to the modulated wave, and outputs the demodulated data (encryption) to the decoding unit 168. .

  The decryption unit 168 decrypts the data (encryption) supplied from the reception unit 167 with a predetermined key, and outputs the decrypted data to the control unit 161.

  FIG. 7 is a block diagram illustrating a detailed configuration example of the encryption unit 164 of FIG.

  In FIG. 7, the encryption unit 164 includes a key storage unit 171 and a data randomization unit 172. The key storage unit 171 holds the key K supplied from the control unit 161. The data randomizing unit 172 reads the key K from the key storage unit 171, encrypts the data supplied from the control unit 161 with the key K, and outputs the generated encryption to the transmission unit 165. Here, only the configuration when the encryption unit 164 encrypts data is shown. When transmitting without encryption, the encryption unit 164 outputs the input data as it is.

  FIG. 8 is a block diagram illustrating a detailed configuration example of the data randomizing unit 172 of FIG.

The data randomizing unit 172 generates a cipher by a DES method that performs a plurality of involution processes (for example, “cipher and information security” written by Shigeo Sakurai, Masao Kasahara, 1990, Shoshodo). . In this data randomization section 172, the key data generation circuit 181, from the key K read from the key storing unit 171, calculates the 16 key data K ₁ to K _16, the key data K ₁ to K _16, The data is output to the arithmetic circuits 182-1 to 182-16, respectively.

  The register 183 holds the 64-bit (8-byte) data supplied from the control unit 161, outputs the upper 32 bits of the 64-bit data to the adder 184-1, and outputs the lower 32 bits to the arithmetic circuit. 182-1 and the adder 184-2.

  The arithmetic circuit 182-i (i = 1,..., 16) is the lower 32 bits of the register 183 (in the case of the arithmetic circuit 62-1) or the adder 184- (i-1) (the arithmetic circuits 182-2 through 182-2). 182-16), using the key data Ki supplied from the key data generation circuit 61, the 32 bit data supplied from the key data is subjected to predetermined conversion, and the converted 32-bit data is added. To the device 184-i.

  The adder 184-i (i = 1,..., 16) includes the upper 32 bits of the register 183 (in the case of the adder 184-1), the lower 32 bits of the register 183 (in the case of the adder 184-2), The 32-bit data supplied from any one of the adders 184- (i-2) (in the case of the adders 184-3 to 184-16) and the 32-bit data supplied from the arithmetic circuit 62-i And the exclusive OR (32 bits) is added to the adder 184- (i + 2) (in the case of the adders 184-1 to 184-14), Either the lower 32 bits of the register 185 (in the case of the adder 184-15), the upper 32 bits of the register 185 (in the case of the adder 184-16), and the arithmetic circuit 182- (i + 1) (adder 184) And outputs the first to the case of 184-15).

  The register 185 holds the 32-bit data supplied from the adder 184-15 in the lower 32 bits and holds the 32-bit data supplied from the adder 184-16 in the upper 32 bits. The 64-bit data composed of the two 32-bit data is output to the transmission unit 165 as a cipher.

  FIG. 9 is a block diagram illustrating a detailed configuration example of the decoding unit 168 in FIG.

  In FIG. 9, the decryption unit 168 has a key storage unit 191 and a conversion unit 192. The key storage unit 191 holds the key K supplied from the control unit 161. The conversion unit 192 has the same configuration as the data randomization unit 172 of FIG. 8, reads the key K from the key storage unit 191, and receives the data (encrypted by the DES method) supplied from the reception unit 167. After being supplied to the register 183, the same operation as that of the data randomizing unit 172 of FIG. 8 is performed, the data is decoded, and the decoded data is output from the register 185 to the control unit 161. Here, only the configuration for decoding data is shown. When plaintext is transmitted (for example, for a predetermined request such as polling or card information request), the decryption unit 168 outputs the information supplied from the reception unit 167 to the control unit 161 as it is without decryption.

  The reader 72 of the reception terminal 31 has the same detailed configuration as the reader / writer 132 of the settlement terminal 33 described above, and operates under the control of the control unit 71 in the reception terminal 31. Basically, the IC card 22 performs short-range wireless communication with the IC card 22 except that it is not required and data is not written to the IC card 22.

  FIG. 10 is a block diagram showing an internal configuration example of the IC card 22 of FIG.

  10, the IC card 22 includes a control unit 201, a storage unit 202, an encryption unit 203, a transmission unit 204, an antenna 205, a reception unit 206, and a decryption unit 207.

The control unit 201 performs various processes according to commands supplied from the reader 72 of the receiving terminal 31 and the reader / writer 132 of the settlement terminal 33. The control unit 201 receives a command supplied from the reader 72 or the reader / writer 132 from the decoding unit 207, performs a process corresponding to the command, and responds to the response data corresponding to the result of the process (to the reader 72 or the reader / writer 132). To be transmitted) to the encryption unit 203. The control unit 201 from the storage unit 202, reads the only target key 42 to be used for encryption or decryption (key K _A or the key K _B), the key K _A or the key K _B, the cryptographic unit It outputs to 203 or the decoding part 207, and sets.

  Furthermore, the control unit 201 includes a response processing unit 211, a card information supply unit 212, a mutual authentication processing unit 213, and a payment processing unit 214. In response to the polling supplied from the reader 72 or the reader / writer 132 acquired via the antenna unit 205, the receiving unit 206, and the decrypting unit 207, the response processing unit 211 performs the encryption unit 203, the transmission unit 204, and the antenna unit. A process of supplying ACK as a response signal is performed via 205. The card information supply unit 212 receives the requested card information 51 from the storage unit 202 in response to a request from the reader 72 or the reader / writer 132 acquired via the antenna unit 205, the reception unit 206, and the decoding unit 207. It is acquired and supplied to the reader 72 or the reader / writer 132 that is the request source via the encryption unit 203, the transmission unit 204, and the antenna unit 205.

  The mutual authentication processing unit 213 performs short-range wireless communication with the reader / writer 132 via the encryption unit 203 to the decryption unit 207, performs mutual authentication processing using the dedicated symmetric key 42, and authenticates the payment terminal 33. Then, the settlement terminal 33 authenticates itself (IC card 22).

  The payment processing unit 214 performs short-range wireless communication with the reader / writer 132 via the encryption unit 203 to the decryption unit 207, and updates the balance information stored in the storage unit 202 in response to a request from the payment terminal 33. I do.

The storage unit 202 has a storage medium such as a hard disk or a semiconductor memory, and stores the card information 51 in the storage medium. For example, the storage unit 202 includes a RAM (Random Access Memory) (about 128 kilobytes) and a ROM (read only memory) (about 512 kilobytes), and the control unit includes, for example, the balance information 43 in the RAM. Data used for processing in 201 is temporarily stored, and a card ID 41 and dedicated target keys 42 (keys K _A and K _B ) are stored in advance in the ROM.

  The encryption unit 203 and the decryption unit 207 have the same configuration as the encryption unit 164 in FIG. 7 and the decryption unit 168 in FIG.

  The transmission unit 204 modulates the data (encryption) supplied from the encryption unit 203 with a predetermined modulation method (for example, PSK (Phase Shift Keying) modulation method), and transmits the generated modulated wave via the antenna unit 205. To the reader 72 or the reader / writer 132. However, responses to polling and card information request commands transmitted from the reader 72 and the reader / writer 132 are transmitted without being encrypted.

  The receiving unit 206 receives the modulated wave transmitted from the reader 72 or the reader / writer 132 via the antenna unit 205, demodulates it with a demodulation method corresponding to the modulated wave, and demodulates the demodulated data (encryption). Output to. However, polling and card information request commands transmitted from the reader 72 and the reader / writer 132 are transmitted without being encrypted.

  Next, a specific processing flow in the electronic money system 1 as described above will be described.

  First, an example of the flow of processing in the entire electronic money system 1 shown in FIG. 1 will be described with reference to the flowchart of FIG.

  In step S1, the polling processing unit 81 and the card information acquisition processing unit 82 of the reception terminal 31 control the reader 72 to perform the card information acquisition processing, and close the IC card 22 (the IC card of the customer 21 who entered the store). ) To obtain the card information 51. When the card information 51 is acquired, the card information supply unit 83 of the reception terminal 31 controls the communication unit 73 and transmits the card information 51 to the electronic money server 32 via the network 30 in step S2.

  The card information acquisition unit 101 of the electronic money server 32 acquires the card information 51 in step S21. When the card information 51 is acquired, the pre-authentication unit 102 performs pre-authentication processing on the card information 51 and identifies the dedicated symmetric key 62 in step S22. Then, the result supply unit 103 supplies the pre-authentication result information 52 including the dedicated symmetric key 62 to the payment terminal 33 via the network 30.

  In step S11, the communication unit 133 of the payment terminal 33 acquires the pre-authentication result information 52, and supplies it to the storage unit 134 to hold it. In step S <b> 12, the polling processing unit 141 and the card information acquisition processing unit 142 of the control unit 131 control the reader / writer 132 to perform card information acquisition processing, and close the IC card 22 (the customer 21 who purchases the product 21 The card information 51 is acquired from the IC card. When the card information 51 is acquired, the payment processing unit 143 of the payment terminal 33 performs a payment process using the dedicated symmetric key 62 included in the pre-authentication result information 52 in step S13.

  By performing the processing as described above, the electronic money system 1 uses the dedicated symmetric key without using a plurality of types of encryption keys separately or increasing the processing time of the settlement process for acquiring the dedicated symmetric key. Authentication processing can be performed. That is, the electronic money system 1 can easily realize a safer system against information leakage without reducing convenience.

  Next, an example of a detailed flow of the card information acquisition process executed in step S1 of FIG. 11 will be described with reference to the flowchart of FIG.

  When the card information acquisition process is started, the polling processing unit 81 of the receiving terminal 31 performs the polling process and transmits the polling in step S31. In step S41, the IC card 22 that is close to the reception terminal 31 receives the polling. When polling is received, the response processing unit 211 of the IC card 22 responds by transmitting ACK to the polling in step S42. The polling processing unit 81 of the receiving terminal 31 receives the ACK in step S32.

  When ACK is received and the presence of the IC card 22 is confirmed, the card information acquisition unit 82 requests the card information 51 from the IC card 22 in step S33. When the card information supply unit 212 of the IC card 22 acquires the request in step S43, the card information 51 including the card ID 41 and the balance information 43 is acquired from the storage unit 202 in response to the request in step S44. It is supplied to the reception terminal 31. In step S34, the card information acquisition unit 82 of the reception terminal 31 acquires the card information 51 (card ID 41 and balance information 43), and ends the card information acquisition process.

  Next, an example of a detailed flow of the pre-authentication process executed in step S22 of FIG. 11 will be described with reference to the flowchart of FIG.

  When the pre-authentication process is started, the ID authentication unit 111 of the pre-authentication unit 102 reads the registration information 121 from the storage unit 93 in step S61, and in step S62, based on the registration information 121, the card information acquisition unit. The card ID 41 included in the card information 51 acquired by 101 is authenticated. In step S63, the ID authentication unit 111 determines whether or not the card ID 41 exists in the registration information 121 (whether or not it is registered). If it is determined that the card ID 41 exists, the process proceeds to step S64.

  In step S64, the ID authentication unit 111 determines whether or not to perform balance confirmation for the balance information 43 included in the card information 51. If it is determined that the balance confirmation is performed, information such as an ID authentication result is displayed. The balance is supplied to the balance confirmation unit 112, and the process proceeds to step S65. In step S <b> 65, the balance confirmation unit 112 confirms whether the balance of the balance information 43 included in the card information 51 is correct based on the balance information included in the registration information 121.

  In step S66, the balance confirmation unit 112 confirms the balance registered in the registration information 121 (balance corresponding to the card ID 41) and the balance indicated by the balance information 43 of the card information 51 (stored in the IC card 22). And the information is sent to the dedicated symmetric key specifying unit 113, and the process proceeds to step S67.

  If it is determined in step S64 that the balance confirmation is not performed, the ID authentication unit 111 supplies information such as an ID authentication result to the dedicated symmetric key specifying unit 113, and the process proceeds to step S67.

  In step S 67, the dedicated symmetric key specifying unit 113 specifies the dedicated symmetric key 62 corresponding to the card ID 41 from the registration information 121 and supplies the information to the determination result information creating unit 114. In step S68, the determination result information creation unit 114 creates determination result information 61 indicating successful card ID authentication, supplies the determination result information 61 and the dedicated symmetric key 62 to the pre-authentication result information creation unit 115, and performs processing. Proceed to step S71.

  If it is determined in step S66 that the balance information does not match, the balance confirmation unit 112 supplies the information to the determination result information creation unit 114, and the process proceeds to step S69. In step S69, the determination result information creation unit 114 creates determination result information 61 indicating a balance mismatch, supplies it to the pre-authentication result information creation unit 115, and advances the process to step S71.

  Furthermore, if it is determined in step S63 that the card ID 41 does not exist (not registered) in the registration information 121, the ID authentication unit 111 supplies information to the determination result information creation unit 114, and the process proceeds to step S70. . In step S70, the determination result information creation unit 114 creates determination result information 61 indicating ID authentication failure, supplies it to the pre-authentication result information creation unit 115, and advances the process to step S71.

  In step S71, the pre-authentication result information creation unit 115 creates pre-authentication result information 52 including the determination result information 61 and the dedicated symmetric key 62 (the dedicated symmetric key 62 is specified only), and supplies the result. The pre-authentication process is terminated.

  Next, an example of the flow of the card information acquisition process executed in step S12 of FIG. 11 and the payment process executed in step S13 will be described with reference to the flowchart of FIG.

  The card information acquisition process executed in step S12 is basically the same as the card information acquisition process executed in step S1, and each process is executed as described with reference to the flowchart of FIG. That is, the settlement terminal 33 executes the processes of steps S91 to S94 in FIG. 14 in the same manner as the processes of steps S31 to S34 of FIG. 14 executes the processes in steps S101 to S104 in FIG. 14 in the same manner as the processes in steps S41 to S44 in FIG. That is, the payment terminal 33 performs a polling process in the same manner as the reception terminal 31, detects the IC card 22 that is in close proximity, and acquires card information 51 (including at least the card ID 41) from the IC card 22.

  When the card information 51 is acquired, the pre-authentication result handling processing unit 151 of the settlement processing unit 143 performs pre-authentication result handling processing in step S95. Details of the pre-authentication result handling process will be described later. When the pre-authentication result handling process ends, the mutual authentication unit 152 controls the reader / writer 132 to communicate with the IC card 22 and perform the mutual authentication process on the settlement terminal 33 side in step S96. In response to this, the mutual authentication processing unit 213 of the IC card 22 communicates with the payment terminal 33 via the antenna unit 205 in step S105 to perform mutual authentication processing on the IC card 22 side. Details of these mutual authentication processes will be described later.

  When the mutual authentication process in step S96 is completed, the payment processing unit 153 of the payment terminal 33 controls the reader / writer 132 in step S97, communicates with the IC card 22, and executes the payment process on the payment terminal 33 side. Based on the information regarding the product purchase input from the input unit 136, update information of the balance information of the IC card 22 is created and transmitted to the IC card 22. In response to this, the payment processing unit 214 of the IC card 22 communicates with the payment terminal 33 via the antenna unit 205 in step S106, executes the payment processing on the IC card 22 side, and updates the supplied update information. Based on this, the balance information 43 stored in the storage unit 202 is updated. The exchange of the update information in these payment processes is performed using a general communication process (communication process performed after mutual authentication) between the settlement terminal 33 and the IC card 22, which will be described later.

  When the payment process in step S97 ends, the post-processing unit 154 of the payment terminal 33 performs post-processing in step S98.

  Next, an example of a detailed flow of the pre-authentication result handling process executed in step S95 of FIG. 14 will be described with reference to the flowchart of FIG.

  When the pre-authentication result handling process is started, the pre-authentication result handling processing unit 151 acquires the pre-authentication result information 52 corresponding to the card information 51 acquired by the card information acquisition unit 142 from the storage unit 134 in step S121. For example, after a predetermined time has elapsed, it is determined in step S122 whether the acquisition has succeeded. If it is determined that the pre-authentication result information 52 has been acquired, the pre-authentication result correspondence processing unit 151 proceeds to step S123, refers to the determination result information 61 of the pre-authentication result information 52, and whether pre-authentication has been successful. Determine whether or not. If it is determined that the authentication is successful, the pre-authentication result handling unit 151 proceeds to step S124 to control the display unit 135 to display an authentication success message for notifying the user that the authentication has been successful. Then, the pre-authentication result handling process ends.

  In step S122, for example, when the pre-authentication result information 52 is not transmitted from the electronic money server 32 or the stored pre-authentication result information 52 is destroyed and the pre-authentication result information 52 cannot be acquired, The pre-authentication result handling unit 151 advances the process to step S125. If it is determined in step S123 that the pre-authentication has failed as a result of referring to the determination result information 61, the pre-authentication result handling processing unit 151 advances the process to step S125.

  In step S125, the pre-authentication result handling processing unit 151 controls the display unit 135 to display a warning message for notifying the user that the authentication has failed, and ends the pre-authentication result handling processing.

  In addition to the message, the display unit 135 may display a picture or a pattern indicating the authentication result. Further, the notification of the pre-authentication result may be performed by, for example, voice, vibration, or the like other than an image such as a message or a symbol.

  In this way, the payment terminal 33 notifies the user (clerk) of the pre-authentication process result, so that the user (clerk) can quickly grasp the pre-authentication process result (before the mutual authentication process) In particular, when an error occurs (when authentication cannot be performed), it is possible to quickly perform a corresponding operation such as checking the IC card 22 with respect to the customer 21.

  Next, with reference to the flowcharts of FIGS. 16 and 17 and FIG. 18, the operation when the mutual authentication between the payment terminal 33 and the IC card 22 is performed will be described. Note that the flowchart of FIG. 16 shows an example of a detailed flow of mutual authentication processing by the payment terminal 33, and the flowchart of FIG. 17 shows an example of the detailed flow of mutual authentication processing by the IC card 22, FIG. FIG. 6 is a schematic diagram illustrating an example of mutual authentication processing.

First, in step S141 in FIG. 16, the control unit 161 of the reader / writer 132 controlled by the mutual authentication unit 152 of the settlement terminal 33 generates a 64-bit random number _RA , and the random number _RA is stored in the data of the encryption unit 164. and outputs to the randomizer 172, a memory 163, reads the key K _B private symmetric key 62 held is supplied from the mutual authentication unit 152, and outputs the key storing unit 171 of the encryption unit 164.

Data randomization section 172 of the encryption unit 164 of FIG. 7 reads the key K _B from the key storage unit 171. Then, the key data generation circuit 181 of the data randomizing unit 172 in FIG. 8, 16 to generate the key data K ₁ to K ₁₆ from the key K _B, respectively output to the arithmetic circuit 182-1 182-16.

The register 183 of the data randomizing unit 172 outputs the upper 32 bits of the random number _RA supplied from the control unit 161 to the adder 184-1, and outputs the lower 32 bits of the random number _RA to the arithmetic circuit 182-1 and the adder. Output to 184-2. Calculation circuit 182-1, the 32-bit data is converted by using the key data K _1, and outputs the converted data to the adder 184-1. The adder 184-1 calculates an exclusive OR (exclusive OR for each bit) of the 32-bit data supplied from the register 183 and the 32-bit data supplied from the arithmetic circuit 182-1. The exclusive OR (32 bits) is output to the arithmetic circuit 182-2 and the adder 184-3.

Next, the arithmetic circuit 182-2, the 32-bit data is converted by using the key data K _2, and outputs the converted data (32 bits) to the adder 184-2. The adder 184-2 calculates an exclusive OR of the 32-bit data supplied from the register 183 and the 32-bit data supplied from the arithmetic circuit 182-2, and the exclusive OR is calculated as an arithmetic circuit. 182-2 and the adder 184-4.

The arithmetic circuits 182-3 to 182-14 and the adders 184-3 to 184-14 sequentially perform the same operations as the arithmetic circuit 182-2 and the adder 184-2. That is, the arithmetic circuit 182-j (j = 3,..., 14) converts the 32-bit data supplied from the adder 184- (j−1) using the key data K _j , The converted data is output to the adder 184-j. The adder 184-j (j = 3,..., 14) includes 32-bit data supplied from the adder 184- (j-2) and 32-bit data supplied from the arithmetic circuit 182-j. And outputs the exclusive OR to the arithmetic circuit 182- (j + 1) and the adder 184- (j + 2).

Furthermore, the arithmetic circuit 182-15 is a 32-bit data supplied from the adder 184-14, converts by using the key data K _15, and outputs the converted data to the adder 184-15. The adder 184-15 calculates an exclusive OR of the 32-bit data supplied from the adder 184-13 and the 32-bit data supplied from the arithmetic circuit 182-15, and calculates the exclusive OR. , And output to the lower 32 bits of the arithmetic circuit 182-16 and the register 185.

The arithmetic circuit 182-16 is the 32-bit data is converted by using the key data K _16, and outputs the converted data to the adder 184-16. The adder 184-16 calculates an exclusive OR of the 32-bit data supplied from the adder 184-14 and the 32-bit data supplied from the arithmetic circuit 182-16, and calculates the exclusive OR. , Output to the upper 32 bits of the register 185.

The data randomizing unit 172 generates a cipher by performing a total of 16 operations as described above. Then, the register 185 of the data randomizing unit 172 outputs the generated cipher C ₁ ([R _A ] _{B in} FIG. 18) to the transmitting unit 165.

Next, in step S <b> 142, the transmission unit 165 modulates the cipher C ₁ supplied from the encryption unit 164 and transmits the generated modulated wave to the IC card 22 via the antenna unit 166.

  As described above, the IC card 22 stands by in step S161 in FIG. 17 until the reader / writer 132 performs the processing of step S141 and step S142 and transmits the modulated wave.

When the modulated wave is transmitted from the reader / writer 132, the receiving unit 206 of the IC card 22 receives the modulated wave transmitted from the transmitting unit 165 of the reader / writer 132 via the antenna unit 205, and the modulation is performed. The wave is demodulated and the demodulated data (encryption C ₁ ) is output to the decryption unit 207.

Next, in step S162, the conversion unit 192 of the decryption unit 207 of the IC card 22 uses the key K _B (dedicated symmetric key 42) supplied in advance from the storage unit 202 to the key storage unit 191 via the control unit 201. The cipher C ₁ supplied from the receiving unit 206 is decrypted, and the decrypted data (plain text M ₁ ) is output to the control unit 201.

In step S 163, the control unit 201 of the IC card 22 outputs the plaintext M ₁ supplied from the decryption unit 207 to the data randomization unit 172 of the encryption unit 203. The data randomizing unit 172 of the encryption unit 203 reads the key K _A (dedicated symmetric key 41) that is supplied from the storage unit 202 to the key storage unit 171 and stored in advance via the control unit 201, and the key K _A Then, similarly to the data randomizing unit 172 of the encryption unit 164 of the reader / writer 132 in step S141, the plaintext M ₁ is encrypted, and the generated cipher C ₂ (([R _A ] _{A in} FIG. 18) is transmitted to the transmission unit 204. Output to.

Further, the mutual authentication unit 213 of the control unit 201 generates a random number R _B, and outputs the random number R _B in the data randomization part 172 of the encryption unit 203. The data randomizing unit 172 of the encryption unit 203 reads the key K _A from the key storage unit 171, encrypts the random number R _B with the key K _A , and generates the generated cipher C ₃ ([R _B ] A in FIG. 18). Is output to the transmission unit 204.

In step S164, the transmission unit 204 of the IC card 22 modulates the ciphers C ₂ and C ₃ and transmits the generated modulated wave to the reader / writer 132 via the antenna unit 205.

In this way, while the IC card 22 is performing the processing of steps S161 to S164, the reader / writer 132 transmits the cipher C ₂ and the cipher C ₃ from the IC card 22 in steps S143 and S144 of FIG. In step S143, the elapsed time after transmitting the cipher C ₁ is monitored, and a predetermined time (usually for processing in the IC card 22) until C2 and C3 are transmitted from the IC card 22 is monitored. If longer) than the time required has elapsed, the process returns to step S142, it retransmits the cryptographic C _1.

When a modulated wave including cipher C ₂ and cipher C ₃ is transmitted from the IC card 22, the receiving unit 167 of the reader / writer 132 is transmitted by the transmitting unit 204 of the IC card 22 via the antenna unit 166. The modulated wave is received, and the modulated wave is demodulated. Then, the receiving unit 167 outputs the demodulated data (encrypted C ₂ and C ₃ ) to the decrypting unit 13.

Next, in step S145, the conversion unit 192 of the decoding unit 168 of the reader-writer 132 reads the key K _A which is previously supplied to the key storage unit 191, data supplied from the reception unit 167 (cipher C _2, C ₃₎ decodes, and outputs decrypted data (plain text M ₂ (encryption corresponding to C ₂₎ and the plain text M ₃ (corresponding to the encryption C ₃₎₎ to the control unit 161.

Then, in step S146, the control unit 161 of the reader-writer 132 determines whether the plain text M ₂ and the random number R _A are the same, if the plaintext M ₂ and the random number R _A is determined to be identical, step in S147, it determines that the IC card 22 has key K _a, K _B and the same key K _a interrogator 132, the K _B, authenticating the IC card 22.

On the other hand, in step S146, if the plaintext M ₂ and the random number R _A is determined not to be identical, the control unit 161 of the reader-writer 132 does not authenticate the IC card 22, and ends the authentication process.

After authenticating the IC card 22 in step S147, in step S148, the control unit 161 of the reader-writer 132 outputs the plaintext M ₃ generated in step S145 to the encryption unit 164. The encryption unit 164 then encrypts the plaintext M ₃ with the key K _B and outputs the generated cipher C ₄ ([R _B ] _{B in} FIG. 18) to the transmission unit 165 as in step S141.

In step S <b> 149, the transmission unit 165 of the reader / writer 132 modulates the cipher C ₄ supplied from the encryption unit 164 and transmits the generated modulated wave to the IC card 22 via the antenna unit 166.

Thus, the reader-writer 132, while performing the processes in step S144 through S149, IC card 22 in step S165 and step S166 in FIG. 17, and waits until cipher C ₄ is transmitted. At this time, the control unit 201 of the IC card 22 monitors the elapsed time since the transmission of the ciphers C ₂ and C ₃ , and a predetermined time has elapsed since the transmission of the ciphers C ₂ and C 3 in step S166. If it is determined that the reader / writer 132 (settlement terminal 33) is not authenticated, the authentication process is terminated.

On the other hand, when a modulated wave including the encryption C ₄ is transmitted, the receiving unit 206 of the IC card 22 receives the modulated wave transmitted by the reader / writer 132 via the antenna unit 205 and demodulates the modulated wave. To do. Then, the receiving unit 206 outputs the demodulated data (encrypted C ₄ ) to the decrypting unit 207.

In step S167, the conversion unit 192 of the decoding unit 207 of the IC card 22, the key K _B read out from the key storage unit 191, decodes the supplied from the reception section 206 data (cipher C _4), decoding The obtained data (plain text M ₄ ) is output to the mutual authentication processing unit 213 of the control unit 201.

Then, in step S168, the mutual authentication unit 213 of the control unit 201 of the IC card 22 determines whether the plain text M ₄ and the random number R _B are the same, it is the same plaintext M ₄ and the random number R _B If it is determined that, in step S169, determines that the reader-writer 132 (payment terminal 33) has a key K _a, K _B and the same key K _a of the IC card 22, the K _B, the reader-writer 132 ( The payment terminal 33) is authenticated.

On the other hand, in step S168, if the plaintext M ₄ and the random number R _B is determined not to be identical, IC card 22 does not authenticate the reader-writer 132 (payment terminal 33), and terminates the authentication process.

  As described above, the reader / writer 132 is controlled by the mutual authentication unit 152 to perform the authentication process for the IC card 22 as shown in FIG. 16, and the IC card 22 is read by the reader as shown in FIG. By performing authentication processing on the writer 132 (payment terminal 33), mutual authentication processing is performed.

  The data randomizing unit 172 of the encryption units 164 and 203 described above performs encryption by the DES method, but performs encryption by another method (for example, FEAL (Fast Encryption Algorithm) -8 method). It may be. In that case, the conversion unit 192 of the decryption units 168 and 207 performs decryption processing corresponding to the encryption method.

  For example, when the FEAL-8 method is used, mutual authentication can be performed in about 35 milliseconds (the processing time in the IC card 22 is about 28 milliseconds).

  Next, communication processing between the reader / writer 132 (settlement terminal 33) and the IC card 22 after the above-described authentication processing (after mutual authentication) will be described with reference to the flowcharts of FIGS. FIG. 19 is a flowchart for explaining an example of the flow of communication processing by the settlement terminal 33, and FIG. 20 is a flowchart for explaining an example of the flow of communication processing by the IC card 22.

In step S181 of FIG. 19, the control unit 161 of the reader / writer 132 controlled by the control unit 131 (for example, the payment processing unit 153) first holds the random number _RA in the authentication process described above as the identification number ID, The random number R _B (plain text M ₃ ) (because the IC card 22 has been authenticated, the reader / writer 132 uses the plain text M ₃ as the random number R _B ) as a new key K _ID , and this is stored in the key storage unit of the encryption unit 164. 171 and the key storage unit 191 of the decryption unit 168.

Then, the control unit 161 of the reader / writer 132 outputs a command (transmission command) corresponding to the process to be executed by the IC card 22 to the data randomizing unit 172 of the encryption unit 164. The data randomizing unit 172 of the encryption unit 164 reads the key K _ID from the key storage unit 171, encrypts the transmission command with the key K _ID , and outputs the generated encryption C _com to the transmission unit 165.

Further, the control unit 161 of the reader / writer 132 outputs the identification number ID to the data randomizing unit 172 of the encryption unit 164. The data randomizing unit 172 of the encryption unit 164 encrypts the identification number ID with the key K _ID and outputs the generated encryption C _ID to the transmission unit 165.

In step S <b> 182, the transmission unit 165 of the reader / writer 132 modulates the ciphers C _com and C _ID supplied from the encryption unit 164 and transmits the generated modulated wave to the IC card 22 via the antenna unit 166.

Thus, until the reader / writer 132 transmits the modulated wave including the ciphers C _com and C _ID , the IC card 22 stands by in step S211 in FIG.

The control unit 201 of the IC card 22, the random number R _B in the authentication process described above as the key K _ID, advance, and outputs the key storing unit 191 of the key storing unit 171 and the decoding unit 207 of the encryption unit 203, a random number R _A (plain text M ₁ ) (since the reader / writer 132 has been authenticated, the IC card 22 holds plain text M ₁ as a random number R _A ) as a recognition number ID.

When a modulated wave including ciphers C _com and C _ID is transmitted from the reader / writer 132, the receiving unit 206 of the IC card 22 transmits the modulated wave transmitted by the transmitting unit 165 of the reader / writer 132 to the antenna unit 205. And then the modulated wave is demodulated. Then, the receiving unit 206 outputs the demodulated data (encrypted C _com , C _ID ) to the decrypting unit 207.

In step S212, the conversion unit 192 of the decryption unit 207 decrypts the encrypted C _ID of the supplied data with the key K _ID stored in advance in the key storage unit 191, and decrypts the decrypted data (plaintext M _ID ) Is output to the control unit 201.

In step S213, the control unit 201 of the IC card 22 determines whether or not the value of the plaintext M _ID is equal to or greater than the recognition number ID, and determines that the value of the plaintext M _ID is smaller than the recognition number ID. The communication process is terminated. On the other hand, if the value of the plain text M _ID is equal to or identification number ID or greater, in step S214, the control unit 201 acknowledges the command sent (encrypted C _com), the decoding unit 207, the encryption C _com In step S215, processing corresponding to the decoded command is performed. In step S216, response data corresponding to the processing result (to be transmitted to the reader / writer 132) is created.

Next, in step S217, the control unit 201 of the IC card 22 increments the value of the identification number ID by 1, and then sequentially outputs the identification number ID and response data to the encryption unit 203. In step S218, the encryption unit 203, the identification number ID, as well as encrypted cipher C _ID in the key K _ID, after the response data encrypted in the encryption C _re the key K _ID, the encryption C _ID and the encryption C _re is output to the transmission unit 204.

Then, in step S219, the transmission unit 204 modulates the encrypted C _ID and the encryption C _re, and transmits the generated modulated waves to the reader-writer 132 via the antenna 205.

As described above, while the IC card 22 performs processing corresponding to the command transmitted in steps S211 to S219, the control unit 161 of the reader / writer 132 waits in steps S183 and S184, and performs encryption C _ID , C _In step S183, the elapsed time from when _com is transmitted is monitored.

  When a predetermined time set in advance elapses, the process proceeds to step S185, where the control unit 161 selects the same command as the command encrypted in step S181. In step S186, the value of the identification number ID is set to 1. Then, the process returns to step S181 to encrypt the transmission command and the identification number ID, and retransmits the generated cipher to the IC card 22 in step S182.

On the other hand, when a modulated wave including the cipher C _ID and the cipher C _re is transmitted from the IC card 22 in step S184, the receiving unit 167 of the reader / writer 132 converts the modulated wave into the cipher C _ID and the cipher C _re. demodulated, and outputs the encrypted C _ID and the encryption C _re to the decoding unit 168.

In step S187, the decryption unit 167 decrypts the encrypted C _ID with the key K _ID , and outputs the generated plaintext M _ID to the control unit 161.

In step S188, the control unit 161 determines whether or not the value of the plaintext M _ID is greater than the recognition number ID. If the control unit 161 determines that the value of the plaintext M _ID is equal to or less than the recognition number ID, the process proceeds to step S185. The same command as the command transmitted in step S181 is selected. In step S186, the value of the identification number ID is increased by 1. Then, the process returns to step S181, and the transmission command and the identification number ID are encrypted. In step S182, The generated encryption is retransmitted to the IC card 22.

On the other hand, in step S188, the value of the plain text M _ID is, if it is determined that the identification number ID is greater than, the control unit 161, in step S189, the decoding section 168, to decrypt the encrypted C _re, the response from the IC card 22 Receive data.

  In step S190, the control unit 161 of the reader / writer 132 determines whether to end communication. When continuing communication, it progresses to step S191 and the control part 161 of the reader / writer 132 selects the next transmission command.

  In step S186, the value of the identification number ID is increased by 1. Then, the process returns to step S181, and the next transmission command is transmitted after step S181.

As described above, the reader / writer 132 transmits a predetermined command to the IC card 22 by using the random numbers R _A and R _B transmitted at the time of mutual authentication as the recognition number ID and the new key K _ID , and the IC After performing processing corresponding to the command, the card 22 transmits response data corresponding to the processing result to the reader / writer 132. By doing so, it is possible to confirm that the communication partner is a legitimate person for each communication using the identification number and the new key. Further, since the value of the identification number ID is incremented by 1 for each communication, it is possible to know the number of times of communication up to now and grasp the progress of processing.

Note that, in step S213, the control unit 201 of the IC card 22, although it is determined whether a plaintext M _ID is the identification number ID or greater, predetermined range value of the plain text M _ID is corresponding to the identification number ID It may be determined whether or not the value is the same (for example, a range from ID to ID + 16). By doing so, for example, when a failure occurs in the transmission path and the electromagnetic wave (recognition number value ID) emitted by the reader / writer 132 does not reach the IC card 22, the IC card 22 It is possible to receive transmitted data (the value of the identification number is ID + 1, but the transmission command is the same as the previously transmitted command).

Alternatively, in step S213, the control unit 201 of the IC card 22 determines whether, for example, the value of the lower 8 bits of the plaintext M _ID (64 bits) is greater than or equal to the value of the lower 8 bits of the recognition number ID. It may be. Thus, by performing comparison only with a predetermined number of digits (number of bits) n, the amount of bit operations is reduced and processing can be performed faster than when comparison is performed with 64 bits. In this case, when the value of the identification number ID is larger than 2n-1 (n is the number of digits), a carry occurs (an error occurs in the comparison result), so communication between the reader / writer 132 and the IC card 22 is performed. The number of digits n is set so that the value of the identification number ID does not become larger than 2n-1 (n is the number of digits).

Similarly, in step S188, the control unit 161 of the reader / writer 132 determines whether or not the value of the plaintext M _ID is the same as a value within a predetermined range corresponding to the recognition number ID. Good. In step S188, the control unit 161 of the reader / writer 132 may determine whether, for example, the value of the lower 8 bits of the plaintext M _ID is larger than the value of the lower 8 bits of the recognition number ID.

In the above embodiment, the random number R _B is used as a new key K _ID , but as shown in FIG. 21, a new key K _ID is calculated from the random number R _A and the random number R _B, and the key K _ID is changed to the new key K _ID . You may make it communicate using.

Further, the information writer 132 sends, to the IC card 22, when simply stored, as shown in FIG. 22, the IC card 22 is encrypted by the received data (the key K _A or the key K _B Data) may be stored in the memory 202 without being decrypted, and when a read command is received from the reader / writer 132, the data may be read from the memory 202 and transmitted as it is.

  The payment processing unit 153 of the payment terminal 131 and the payment processing unit 214 of the IC card 22 update the balance information while exchanging information through the communication process as described above.

  Next, an example of a detailed flow of post-processing executed in step S98 of FIG. 14 will be described with reference to the flowchart of FIG.

  When the post-processing is started, the post-processing unit 154 of the payment terminal 33, in step S231, for example, a predetermined predetermined value such as the time when the message is displayed on the display unit 135 by the pre-authentication result handling process. It is determined whether or not a predetermined time (a time sufficient for completing the settlement process) has elapsed since the reference time. If it is determined that the predetermined time has not yet elapsed from the reference time, the post-processing unit 154 proceeds with the process to step S232, waits for a predetermined time, and returns the process to step S231. If it is determined in step S231 that the predetermined time has elapsed from the reference time, the post-processing unit 154 advances the process to step S233.

  The post-processing unit 154 controls the storage unit 134 in step S233, discards the pre-authentication result information corresponding to the processing target IC card 22 from the storage unit 134, and controls the display unit 135 in step S234 to perform processing. The display of the message corresponding to the target IC card 22 is terminated. When the process of step S234 ends, the post-processing unit 154 ends the post-processing.

  As described above, the post-processing unit 154 deletes (discards) the pre-authentication result information 52 (dedicated symmetric key 62) that is no longer necessary (has been processed) from the storage unit 134 or is displayed on the display unit 135. Since the unnecessary message is deleted, the settlement terminal 33 can reduce the risk of information leakage.

  In the flowchart of FIG. 14, it has been described that the post-processing is performed after the payment processing (step S <b> 97). However, in this post-processing, the payment terminal 33 acquires the pre-authentication result information 52. If the mutual authentication process and the payment process are not performed, the post-process may be performed. For example, even if the customer 21 enters the store, brings the IC card 22 close to the reception terminal 31 and executes pre-authentication processing, the customer 21 exits without purchasing the product (without performing mutual authentication processing or payment processing). Cases are also conceivable. Even in such a case, the post-processing unit 154 may perform post-processing. For example, the reference time described above is set as the time when the reception terminal 31 acquires the card information of the IC card 22 (the time when the process of step S94 in FIG. 14 is executed), and the predetermined time described above is usually set by the customer 21 at the store. It is assumed that the time is 10 (for example, several hours or one day) when it is assumed that the product is to be purchased. Then, by allowing the post-processing unit 154 to perform post-processing regularly or irregularly, the settlement terminal 33 has passed a predetermined time from the reference time even if mutual authentication processing and payment processing are not performed. In this case, the pre-authentication result information or the like can be deleted by subsequent processing.

  Note that the post-processing may be executed under any conditions, for example, may be executed at a predetermined time, other processing may be executed, or some flag may be set. It may be executed by the user, or may be started by a user instruction. Of course, the reference time and the predetermined time described above may be other than those described above.

  In the above description, it has been described that two kinds of terminals, that is, the reception terminal 31 and the payment terminal 33 are installed in the store 30. For example, the functions of the reception terminal 31 and the payment terminal 33 described above are realized by one terminal. You may make it do.

  FIG. 24 is a diagram showing another configuration example of the electronic money system to which the present invention is applied.

  In FIG. 24, an electronic money system 301 is a system that is basically equivalent to the electronic money system 1 shown in FIG. 1, has a configuration basically similar to that of the electronic money system 1, performs the same processing, Although the same payment processing (authentication processing) service is provided, in the case of the electronic money system 301, the reception payment common terminal 311 is installed in the store 10 instead of the reception terminal 31 and the payment terminal 33 in the electronic money system 1. .

  Although the details of the acceptance settlement common terminal 311 will be described later, basically, the acceptance settlement common terminal 311 has functions of both the acceptance terminal 31 and the settlement terminal 33, and performs processing executed by both the acceptance terminal 31 and the settlement terminal 33.

  That is, unlike the case of FIG. 1, after entering the store 10, the customer 21 brings the IC card 22 close to the acceptance settlement common terminal 311 and reads the card information 51. The accepted settlement common terminal 311 initially operates as the accepted terminal 31 of FIG. 1, reads the card information 51, and supplies it to the electronic money server 32 via the network 30. As in the case of FIG. 1, the electronic money server 32 performs pre-authentication processing, and supplies the result as pre-authentication result information 52 to the acceptance settlement common terminal 311 via the network 30. The accepted settlement common terminal 311 holds the pre-authentication result information 52 and acquires it and operates as the settlement terminal 33.

  After reading the card information 51, the customer 21 performs a work for determining a product to be purchased, and starts a settlement work for the determined product. At that time, the customer 21 brings the IC card 22 close to the acceptance settlement common terminal 311 again. When detecting the IC card 22 that is in close proximity, the accepted payment common terminal 311 performs mutual authentication processing and payment processing in the same manner as the payment terminal described above. When the settlement operation is completed, the customer 21 leaves the store 10.

  Thus, by combining the reception terminal 31 and the payment terminal 33 into one reception payment common terminal 311, there is no need to secure the installation location of the two terminals of the reception terminal 31 and the payment terminal 33 in the store 10. Is easy to install. In particular, when a store 10 has a very small store space, such as a tenant provided in a part of a general retail store, it is easy to secure a terminal installation location. It may be an important matter that greatly affects (the spread of the system). In addition, by sharing a terminal in this way, manufacturing cost, installation cost, operation cost, and the like can be reduced.

  FIG. 25 is a block diagram illustrating a configuration example of the accepted payment common terminal 311 in FIG.

  In FIG. 25, the accepted and settled common terminal 311 basically has the configuration and functions of both the accepting terminal 31 and the settlement terminal 33 in FIG. 1, and specifically, a reader / writer similar to the settlement terminal 32. In addition to the configuration of 132, the storage unit 134, and the display unit 135, a control unit 321 and a communication unit 323 are included.

  The control unit 321 corresponds to the control unit 131 of FIG. 5, but instead of the polling processing unit 141 and the card information acquisition unit 142 included in the control unit 131, a polling processing unit 331, a card information acquisition unit 332, and a card information supply Part 83 is provided.

  The polling processing unit 331 has both functions of the polling processing unit 81 (FIG. 2) and the polling processing unit 141 (FIG. 5). In other words, the polling processing unit 331 is the sum of the processing timing of step S1 and the processing timing of step S12 in FIG. 11 while one customer 21 enters the store 10 to purchase and exit the product. The polling process is performed by controlling the reader / writer 132 twice. In any polling process, the polling processing unit 331 supplies the card information acquisition unit 332 to that effect when detecting the IC card 22 that is in close proximity.

  The card information acquisition unit 332 has both functions of a card information acquisition unit 82 (FIG. 2) and a card information acquisition unit 142 (FIG. 5). That is, as with the polling processing unit 331, the card information acquisition unit 332 also has one reader 21 who enters the sales store 10, purchases a product, and exits, whereas the reader / writer 132 is twice in total. To obtain the card information 51 from the IC card 22 (step S1 and step S12 in FIG. 11). The card information acquisition unit 332 supplies the card information 51 to the card information supply unit 83 in the first acquisition, and supplies the card information 51 to the settlement processing unit 143 in the second acquisition.

  Similarly to the case of FIG. 2, the card information supply unit 83 supplies the card information 51 supplied from the card information acquisition unit 332 to the electronic money server 32 via the communication unit 323.

  The communication unit 323 has both functions of the communication unit 73 (FIG. 2) and the communication unit 133 (FIG. 5), and supplies the card information 51 to the electronic money server 32 via the network 30. The pre-authentication result information supplied from 32 is acquired and supplied to the storage unit 134 for storage.

  Next, an example of the processing flow of the entire electronic money system 301 of FIG. 24 will be described with reference to the flowchart of FIG. Basically, each processing is executed in the same manner as the processing flow shown in FIG. 11, but in the case of the electronic money system 301, the acceptance settlement common terminal 311 executes both the acceptance terminal 31 and the settlement terminal 33. .

  That is, the acceptance settlement common terminal 311 receives the card information from the adjacent IC card 22 by the processing of the polling processing unit 331 and the card information acquisition unit 332 in step S301 as in the case of step S1 and step S2 of FIG. 51 is acquired, and the acquired card information 51 is transmitted to the electronic money server 32 by the processing of the card information supply unit 83 in step S302.

  The electronic money server 32 performs the same processing as in steps S21 to S23 of FIG. 11, and in step S311, the card information acquisition unit 101 acquires the card information 51 supplied from the acceptance payment common terminal 311. In step S312, the pre-authentication unit 102 performs pre-authentication processing, and in step S313, the result supply unit 103 supplies the obtained pre-authentication result information 52 to the acceptance settlement common terminal 311.

  The communication unit 323 of the accepted payment common terminal 311 acquires the pre-authentication result information 52 in step 303 and stores it in the storage unit 134 as in step S11 of FIG. In step S304, the polling processing unit 331 and the card information acquisition unit 332 of the accepted payment common terminal 311 acquire the card information 51 supplied from the accepted payment common terminal 311 in the same manner as in step S12 of FIG. And the payment process part 143 performs a payment process in step S305 similarly to the case of step S13.

  As described above, the reception / payment common terminal 311 performs processing of both the reception terminal 31 and the payment terminal 33.

  In the above description, the common terminal 311 for accepting and settlement has been described so as to share the common parts of the configurations of the accepting terminal 31 and the settlement terminal 33. However, the present invention is not limited to this. You may make it provide both the structure of the reception terminal 31 and the structure of the payment terminal 33 in one housing | casing. That is, for example, the accepted payment common terminal 311 may include both the reader 72 and the reader / writer 132. With this configuration, the customer 21 can be prompted to bring the IC card 22 close to the acceptance settlement common terminal 311 twice by the configuration. Of course, a message or the like explaining the above-described series of work procedures to the customer in an easy-to-understand manner may be displayed on the housing of the acceptance settlement common terminal 311 or the periphery thereof.

  In the above description, the pre-authentication result information 52 is erased by the post-processing unit 154 after a predetermined time has elapsed from the reference time. However, the pre-authentication result information 52 has a retention period. For example, it may be set (changeable) by a user (store clerk) or may be set based on an instruction from the electronic money server 32 or the IC card 22.

  FIG. 27 is a block diagram showing another example of the configuration inside the payment terminal. In FIG. 27, only the configuration necessary for explaining the settlement terminal 333 is shown.

  The payment terminal 333 shown in FIG. 27 has basically the same configuration as the payment terminal 33 of FIG. 5 and performs the same processing. However, the post-processing unit 154 sets the retention period for the pre-authentication result information 52. The payment terminal 33 is different from the payment terminal 33 in that it has a retention period setting unit 341.

  For example, the retention period setting unit 341 is supplied as pre-authentication result information 52 from the electronic money server 32 via the communication unit 133, and the retention period information 342 </ b> A stored in the storage unit 134 is input to the input unit 136. Is stored in the storage period 202 of the IC card 22 and supplied via the reader / writer 132, and the pre-authentication result information is stored. Set the period.

  An example of the flow of post-processing executed by the post-processing unit 154 will be described with reference to the flowchart of FIG.

  When the post-processing is started, first, the retention period setting unit 341 of the post-processing unit 154 first determines the pre-authentication result information 52 based on one of the retention period information 342A to the retention period information 342C described above in step S331. Set the retention period. Any one of the holding period information 342A to the holding period information 342C may be adopted as the holding period. For example, a priority order may be set for each of the holding period information 342A to 342C. Then, a value calculated using each holding period, such as a total time or an average time of the holding period information 342A to 342C, may be set as the holding period.

  When the holding period is set, the post-processing unit 154 executes each processing from step S332 to step S335 in the same manner as in steps S231 to S234 in FIG.

  By doing in this way, the electronic money system 301 can change the setting of the retention period of the pre-authentication result information 52 according to various circumstances, and can perform a wider response.

  For example, when the electronic money server 32 includes the retention period information 342A in the pre-authentication result information 52 and transmits it, for example, the retention period of the pre-authentication result information 52 in each terminal is set according to the use of the system, the load on the server, and the like. Can be managed collectively. In addition, for example, when a store clerk (user) operates the input unit 136 and inputs the retention period information 342B, an optimal retention period can be set for each store according to the number of customers. Further, for example, by providing the retention period information 342C from the IC card 22, the retention period of the pre-authentication result information regarding the IC card 22 that the customer 21 can also become his / her own personal information (that is, increase / decrease in risk of information leakage) Etc.) can be set freely.

  Of course, the post-processing in this case may be executed by the post-processing unit 154 regardless of the execution of the mutual authentication processing and the payment processing.

  In the above, the electronic money server 32 supplies the dedicated symmetric key 62 to the payment terminal 33 as the pre-authentication result information 52, and the payment terminal 33 performs payment (settlement) using the dedicated symmetric key 62. Although the mutual authentication process with the IC card 22 has been described, the present invention is not limited to this. For example, the electronic money server 32 may transmit only the determination result information 61 of the card ID 41.

  FIG. 29 is a block diagram showing still another configuration example of the electronic money system to which the present invention is applied.

  In the case of the electronic money system 401 shown in FIG. 29, unlike the case of the electronic money system 1 shown in FIG. 1, the electronic money server 32 registers the card ID 41 in the registration information 121 based on the supplied card information 51. It is determined only whether or not the dedicated symmetric key 62 is specified.

  In addition to the reception terminal 31, the store 10 is provided with a result handling terminal 411 and a conventional payment terminal 412 instead of the payment terminal 33. The result correspondence processing terminal 411 is installed in the vicinity of the settlement terminal 412.

  The result correspondence processing terminal 411 is connected to the network 30 and acquires the pre-authentication result information 52 supplied from the electronic money server 32 in the same manner as the payment terminal 33. Based on the pre-authentication result information 52, for example, Only the result handling process such as displaying the contents of the determination result information 61 on the monitor is performed, and the settlement process (mutual authentication process or payment process) is not executed. The result correspondence processing terminal 411 notifies the clerk in the vicinity of the settlement terminal 412 of the pre-authentication result indicating whether or not the IC card 22 is a correct card registered in advance by image information or the like.

  The payment terminal 412 is a conventional payment terminal, and is a symmetric key common to all IC cards 22 and performs mutual authentication processing, payment processing, etc. using the common symmetric key. That is, all the IC cards 22 and all the payment terminals 412 have the same common symmetric key 413.

  That is, the electronic money system 401 shown in FIG. 29 is a system using a conventional system including the IC card 22 and the payment terminal 412. Before the payment processing performed in the conventional system (in advance), the card The information 51 is acquired, it is confirmed whether it is an unauthorized IC card, and the confirmation result is notified to a clerk in the vicinity of the payment terminal 412.

  FIG. 30 is a block diagram illustrating an internal configuration example of the result handling terminal 411 of FIG.

  In FIG. 30, the result correspondence processing terminal 411 includes a control unit 421, a communication unit 422, and a display unit 423. The pre-authentication result information 52 supplied from the electronic money server 32 is received by the communication unit 422 controlled by the control unit 421. When acquiring the pre-authentication result information 52 from the communication unit 422, the control unit 421 controls the display unit 423 to display a message corresponding to the pre-authentication result on a monitor or the like.

  An example of the processing flow of the entire electronic money system 401 shown in FIG. 29 will be described with reference to the flowchart of FIG.

  In this case as well, processing is basically performed in the same manner as in the electronic money system 1 described with reference to FIG. 11, but the result handling processing terminal 411 performs processing instead of the payment terminal 33. Accordingly, the reception terminal 31 performs the processes in steps S401 and S402 in the same manner as in steps S1 and S2, and the electronic money server 32 performs steps S421 through S23 in the same manner as in steps S21 through S23. Each process of S423 is performed. However, in this case, the electronic money server 32 does not specify the dedicated symmetric key 62 in the pre-authentication process in step S422, and creates the pre-authentication result information 52 using only the determination result information 61.

  When the result correspondence processing terminal 411 acquires the pre-authentication result information 52 supplied from the electronic money server 32 in step S411, the result correspondence processing terminal 411 executes pre-authentication result correspondence processing in step S412.

  An example of the detailed flow of this pre-authentication result handling process will be described with reference to the flowchart of FIG.

  In step S441, the control unit 421 of the result handling terminal 411 refers to the pre-authentication result information 52 in step S441, and determines in step S442 whether or not the authentication is successful. If it is determined that the authentication is successful, the control unit 421 advances the process to step S443, controls the display unit 423, displays an authentication success message for notifying the store clerk of the authentication success, and performs the pre-authentication result handling process. finish.

  If it is determined in step S442 that the authentication has failed, the control unit 421 advances the process to step S444, controls the display unit 423, and displays a warning message for notifying the store clerk of the authentication failure. The authentication result handling process ends.

  By doing so, the electronic money system can be used together with the conventional system. That is, for example, in the store 10 where the conventional system is installed, like the electronic money system 401, the reception terminal 31 and the result processing terminal 411 are installed, and then the result processing terminal 411 and the settlement terminal 412 are installed. The electronic money system can be introduced step by step, for example, by switching to the payment processing terminal 33, and the system can be easily spread. Note that both the dedicated symmetric key 42 and the common symmetric key 413 may be stored so that one IC card 22 corresponds to both the electronic money system 1 and the electronic money system 401.

  In the electronic money system 401 shown in FIG. 29, an error has occurred in the electronic money server 32 in the pre-authentication process in order to reduce the amount of communication data between devices (not registered in the registration information 121). Only in this case, information indicating that may be supplied to the result processing terminal 411 as determination result information 61 (pre-authentication result information 52).

  Further, after the pre-authentication result handling process, the result handling terminal may perform post-processing in the same manner as the settlement terminal 33 described above to delete the pre-authentication result information and the like. In that case, the post-processing may be executed regardless of the presence or absence of authentication processing or payment processing by the payment terminal 412.

  In the above description, the case where the present invention is applied to an electronic money system has been described. However, the present invention is not limited thereto, and may be applied to any system as long as the system performs an authentication process.

  FIG. 33 is a block diagram showing a configuration example of a gate system to which the present invention is applied.

  A gate system 501 shown in FIG. 33 is a system that controls whether or not the user 521 is permitted to pass through the passage 510 using, for example, the gate 534, and the server 532 instead of the electronic money server 32 of the electronic money system 1. In addition to the payment terminal 33, a gate terminal 533 is provided.

  In the gate system 501, the reception terminal 31 is in the vicinity of a position (a distance indicated by a double arrow 541) away from the gate 534 of the passage 510 (direction of the user 521 indicated by an arrow 542, an arrow 543, and an arrow 545). It is installed on the near side. The gate terminal 533 that controls the opening and closing of the gate 534 is installed in the vicinity of the gate 534 in the passage 510 (on the front side with respect to the direction of travel of the user 521 indicated by the arrows 542, 543, and 545).

  The reception terminal 31 and the gate terminal 533 are connected to the network 30 and are connected to the server 532 via the network 30.

  As in the case of the electronic money system 1, the user 521 passing through the passage 510 carries the IC card 22. As in the case of the electronic money system 1, the IC card 22 holds a card ID 41 and a dedicated symmetric key 42. In this case, balance information is not necessary.

  As shown by the arrow 542, the user 521 traveling from the left to the right in the drawing 510 reaches the position of the reception terminal 31, and brings the IC card 22 that is carried close to the reception terminal 31. As in the case of the electronic money system 1 described above, the reception terminal 31 acquires the card information 51 from the IC card 22 and supplies it to the server 532 via the network 30.

  When the card information 51 is read, the user 521 further proceeds from the left to the right in the drawing as indicated by an arrow 543 and moves to the position before the gate 534 (gate terminal 533). The server 532 uses the travel time to perform pre-authentication processing using the supplied card information 51, determines whether the card ID is a registered correct ID, and further uses the dedicated symmetric key 62. The determination result and the key information are supplied to the gate terminal 533 as the pre-authentication result information 52.

  When the user 521 comes to the front of the gate terminal 533, the user 521 brings the portable IC card 22 close to the gate terminal 533 this time. The gate terminal 533 performs short-range wireless communication, acquires the card information 51, performs mutual authentication processing using the dedicated symmetric key 62 corresponding to the card information 51, and opens and closes the gate 534 according to the authentication result. The gate opening / closing control to be controlled is performed. For example, if the IC card 22 is determined to be a correct card by the above processing, the gate 534 opens the gate as indicated by the arrow 544, and the user 521 indicates in the figure as indicated by the arrow 545. Passing through the passage 510 from left to right.

  In this way, the gate system 501 can assign an individual dedicated symmetric key 62 to each IC card 22, and prepare the dedicated symmetric key 62 for authentication processing. Therefore, it is possible to perform an after-authentication process for gate opening / closing control without increasing waiting time and processing load. That is, the gate system 501 can easily realize a safer system against information leakage without reducing convenience.

  FIG. 34 is a block diagram illustrating an internal configuration example of the server 532 of FIG.

  34, the server 532 has basically the same configuration as the electronic money server 32 of FIG. 3, but does not handle balance information unlike the case of the electronic money system 1. That is, the server 532 has a configuration equivalent to that obtained by deleting the balance confirmation unit 112 from the configuration of the electronic money server 32 of FIG. Therefore, detailed description of each part of the server 532 is omitted.

  In the case of the registration information 121 stored in the storage unit 93 of the server 532, the balance information item does not need to be included as shown in FIG.

  FIG. 35 is a block diagram showing an example of the internal configuration of the gate terminal 533 shown in FIG.

  35, the gate terminal 533 basically has the same configuration as the payment terminal 33 in FIG. 5, but includes a gate control processing unit 562 instead of the payment processing unit 143 of the payment terminal 33.

  Similarly to the payment processing unit 143, the gate control processing unit 562 includes a pre-authentication result correspondence processing unit 151, a mutual authentication unit 152, and a post-processing unit 154. Instead of the payment processing unit 153, a gate opening / closing unit 563 is provided. Have.

  The gate opening / closing unit 563 controls the opening / closing operation of the gate 534 based on the result of the mutual authentication processing in the mutual authentication unit 152. More specifically, the gate opening / closing unit 563 opens the gate 534 when the mutual authentication is successful, and closes the gate 534 when the mutual authentication fails.

  As shown in FIG. 35, in the case of the gate terminal 533, since it is not necessary to input information related to the purchase of the product, the gate terminal 533 may not have the input unit 136.

  An example of the processing flow of the entire gate system 501 as described above will be described with reference to the flowchart of FIG.

  Also in this case, the processing flow is basically the same as that of the electronic money system 1 described with reference to the flowchart of FIG. That is, the reception terminal 31 performs the processing of step S 501 and step S 502 in the same manner as in the case of step S 1 and step S 2 in FIG. 11, acquires the card information 51 from the IC card 22, and supplies it to the server 532.

  Similarly to the case of steps S21 to S23 of FIG. 11 executed by the electronic money server 32, the server 532 also executes the processes of steps S521 to S523, receives the card information 51, performs the pre-authentication process, The pre-authentication processing result information 52 is transmitted to the gate terminal 533. In this case, the process related to the balance is not performed.

  When the gate terminal 533 acquires the pre-authentication result information 52 in step S511 as in the case of step S11 and step S12 in FIG. 11, the gate terminal 533 detects the adjacent IC card 22 in step S512, and from the IC card 22 The card information 51 is acquired.

  When the car information 51 is acquired, the mutual authentication unit 152 of the gate terminal 533 performs the dedicated symmetric key authentication which is a mutual authentication process using the dedicated symmetric key in step S513 instead of the payment process in step S13 of FIG. In step S514, the gate opening / closing unit 563 of the gate terminal 533 performs gate opening / closing control processing based on the processing result.

  An example of a detailed flow of the pre-authentication process executed by the server 532 in step S522 in FIG. 36 will be described with reference to the flowchart in FIG.

  The server 532 executes the pre-authentication process basically similar to the pre-authentication process executed by the electronic money server 32 described with reference to the flowchart of FIG. However, as described above, the server 532 does not perform processing related to the balance. That is, the ID authenticating unit 111 of the server 532 executes the processing from step S541 to step S543 in the same manner as in steps S61 to S63. The process proceeds to S544.

  In step S544, the dedicated symmetric key specifying unit 113 performs the same process as in step S67, and specifies the dedicated symmetric key corresponding to the card ID 41. In step S545, the determination result information creation unit 114 creates determination result information 61 indicating successful authentication of the card ID 41 in the same manner as in step S68. When the determination result information 61 is created, the determination result information creation unit 114 proceeds with the process to step S547.

  If it is determined in step S543 that the card ID 41 does not exist in the registration information, the ID authentication unit 111 advances the process to step S546. The determination result information creation unit 114 creates determination result information indicating an ID authentication failure in the same manner as in step S70, and the process proceeds to step S547.

  In step S547, the pre-authentication result information creation unit 115 creates the pre-authentication result information 52 so as to include the determination result information, as in step S71, and ends the pre-authentication process.

  By performing the processing as described above, the gate system 501 can easily realize a safer system against information leakage without reducing convenience.

  In the case of the gate system 501, the post-processing unit 154 of the gate terminal 533 executes post-processing as in the case of the payment terminal 33. As in the case of the payment terminal 33 described above, the post-processing unit 154 may perform post-processing regardless of the presence / absence of mutual authentication processing or gate opening / closing control processing, and delete pre-authentication result information and the like.

  In the gate system 501 shown in FIG. 33, the gate opening / closing control process may also be performed at the receiving terminal 31.

  FIG. 38 is a block diagram showing another configuration example of the gate system to which the present invention is applied.

  In the gate system 601 of FIG. 38, a gate 612 controlled by the reception terminal 611 is added to the configuration of the gate system 501, and gate opening / closing control processing is also performed at a position near the reception terminal 611. That is, when the user 521 passes through the passage 510, the user 521 must pass through the gate twice, so that a safer passage confirmation system that suppresses unauthorized passage can be realized.

  In FIG. 38, the IC card 22 stores a dedicated symmetric key 42 and a common symmetric key 621 in addition to the card ID 41. The receiving terminal 611 authenticates the common symmetric key 621, controls the gate 612 using the result, acquires the card information 51, and supplies it to the server 532. The server 532 performs pre-authentication processing based on the acquired card information 51 and supplies the pre-authentication processing result information 52 to the gate terminal 533.

  Upon obtaining the pre-authentication result information 52, the gate terminal 533 newly obtains the card information 41 from the IC card 22, performs a mutual authentication process using the dedicated symmetric key 62, and opens and closes the gate according to the process result. Control.

  FIG. 39 is a block diagram showing an example of the internal configuration of the reception terminal shown in FIG.

  In FIG. 39, the reception terminal 611 has a control unit 641 instead of the control unit 71 of the reception terminal 31 shown in FIG. The control unit 641 includes a polling processing unit 651 similar to the polling processing unit 81 included in the control unit 71, a card information acquisition unit 652 similar to the card information acquisition unit 82 included in the control unit 71, and a card included in the control unit 71. A card information supply unit 655 similar to the information supply unit 83 is included. Further, the control unit 641 includes a mutual authentication unit 653 and a gate opening / closing unit 654.

  The mutual authentication unit 653 internally holds a common symmetric key 621 (not shown), communicates with the IC card 22 via the reader 72, and performs a mutual authentication process using the common symmetric key 621. The method of mutual authentication processing is basically the same as that performed using the dedicated symmetric key 42 described above.

  The gate opening / closing unit 654 controls the opening / closing of the gate 612 based on the authentication result by the mutual authentication unit 653. More specifically, the gate opening / closing unit 654 opens the gate 612 when the mutual authentication unit 653 authenticates each other, and closes the gate 612 when the mutual authentication fails.

  An example of the processing flow of the entire gate system 601 will be described with reference to the flowchart of FIG.

  In this case, the polling processing unit 651 and the card information acquisition unit 652 of the reception terminal 611 acquire card information in step S601 as in the case of step S501 of FIG. In step S602, the mutual authentication unit 653 performs a common symmetric key authentication process that is a mutual authentication process using the common symmetric key 621. In step S603, the gate opening / closing unit 654 uses the authentication processing result to perform gate opening / closing control. Process. When the gate opening / closing control process ends, the card information supply unit 655 transmits the card information 51 to the server 532 in step S604, as in step S502 of FIG.

  The server 532 executes each process of step S621 to step S623 as in the case of step S521 to step S523 of FIG. The gate terminal 533 executes each process of step S611 to step S614 as in the case of step S511 to step S514 of FIG.

  That is, the server 532 and the gate terminal 533 other than the reception terminal 611 execute the same processing as in the case of the gate system 501 in FIG. In other words, the gate system 501 can be transferred to the gate system 601 by exchanging the reception terminal.

  The above-described configuration of the gate system is an example, and the number and arrangement of each terminal, server, network, etc. are arbitrary as in the case of the electronic money server. Of course, also in the case of this gate system 601, similarly to the case of the gate system 501, the gate terminal 533 can execute post-processing and delete pre-authentication result information and the like.

  As mentioned above, for example, using the fact that there is a time lag between product selection at the store and actual payment, even in an environment that is not always online, security close to authenticating with the server online is realized And a processing speed equivalent to that of offline processing can be obtained.

  In other words, for example, in a conventional electronic money system using symmetric key cryptography, it is not possible to set a key for each IC card, or only a method of calculating a key with a reader / writer after pseudo individualization. However, with the method of the present invention, complete individualization for each IC card can be realized, and the processing speed at the time of payment does not decrease. Even if an IC card is analyzed by the individualization, the key is decrypted, and unauthorized use is made, it is easy to make the IC card unusable in the electronic money system. Since it is not easy to add to the IC card, the entire electronic money system can be kept safe.

  If a conventional electronic money system that uses symmetric key cryptography is analyzed and many illegal uses such as value rewriting occur, applying the method of the present invention minimizes the impact on the system. Can be recovered.

  Although the case where the non-contact type IC card 22 is used has been described above, the present invention is not limited to this, and the IC card 22 may be a contact type IC card. A portable telephone or a portable information processing apparatus having an equivalent function may be used. However, in that case, each terminal such as a reception terminal and a payment terminal needs to correspond to their communication function.

  The series of processes described above can be executed by hardware or can be executed by software. In this case, for example, each device described above may be configured as a personal computer as shown in FIG.

  In FIG. 41, a CPU (Central Processing Unit) 701 of the personal computer 700 performs various processes according to a program stored in a ROM (Read Only Memory) 702 or a program loaded from a storage unit 713 into a RAM (Random Access Memory) 703. Execute the process. The RAM 703 also appropriately stores data necessary for the CPU 701 to execute various processes.

  The CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704. An input / output interface 710 is also connected to the bus 704.

  The input / output interface 710 includes an input unit 711 including a keyboard and a mouse, a display including a CRT (Cathode Ray Tube) and an LCD (Liquid Crystal Display), an output unit 712 including a speaker, and a hard disk. A communication unit 714 including a storage unit 713 and a modem is connected. The communication unit 714 performs communication processing via a network including the Internet.

  A drive 715 is connected to the input / output interface 710 as necessary, and a removable medium 721 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is appropriately mounted, and a computer program read from them is It is installed in the storage unit 713 as necessary.

  When the above-described series of processing is executed by software, a program constituting the software is installed from a network or a recording medium.

  For example, as shown in FIG. 41, the recording medium is distributed in order to distribute the program to the user separately from the apparatus main body, and includes a magnetic disk (including a flexible disk) on which the program is recorded, an optical disk ( Removable media 721 composed of CD-ROM (compact disk-read only memory), DVD (digital versatile disk), magneto-optical disk (including MD (mini-disk) (registered trademark)), or semiconductor memory In addition to being configured, it is configured by a ROM 702 in which a program is recorded, a hard disk included in the storage unit 713, and the like distributed to the user in a state of being incorporated in the apparatus main body in advance.

  In the present specification, the step of describing the program recorded on the recording medium is not limited to the processing performed in chronological order according to the described order, but is not necessarily performed in chronological order. It also includes processes that are executed individually.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

  In the above description, the configuration described as one device may be divided and configured as a plurality of devices. Conversely, the configurations described above as a plurality of devices may be combined into a single device. Of course, configurations other than those described above may be added to the configuration of each device. Furthermore, if the configuration and operation of the entire system are substantially the same, a part of the configuration of a certain device may be included in the configuration of another device. That is, the embodiment of the present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the gist of the present invention.

  The present invention can be applied to an authentication processing system.

It is a block diagram which shows the structural example of the electronic money system to which this invention is applied. It is a block diagram which shows the example of an internal structure of the reception terminal of FIG. It is a block diagram which shows the example of an internal structure of the electronic money server of FIG. It is a schematic diagram which shows the structural example of the registration information of FIG. It is a block diagram which shows the example of an internal structure of the payment terminal of FIG. FIG. 6 is a block diagram illustrating a detailed configuration example of the reader / writer in FIG. 5. It is a block diagram which shows the detailed structural example of the encryption part of FIG. It is a block diagram which shows the detailed structural example of the data randomization part of FIG. It is a block diagram which shows the detailed structural example of the decoding part of FIG. It is a block diagram which shows the example of an internal structure of the IC card of FIG. It is a flowchart explaining the example of the flow of a process in the whole electronic money system. It is a flowchart explaining the example of the detailed flow of a card information acquisition process. It is a flowchart explaining the example of the detailed flow of a pre-authentication process. It is a flowchart explaining the example of the flow of a payment process. It is a flowchart explaining the example of the detailed flow of a pre-authentication result corresponding | compatible process. It is a flowchart explaining the example of the detailed flow of the mutual authentication process by a payment terminal. It is a flowchart explaining the example of the detailed flow of the mutual authentication process by an IC card. It is a schematic diagram explaining the example of a mutual authentication process. It is a flowchart explaining the example of the flow of the communication process by a payment terminal. It is a flowchart explaining the example of the flow of the communication process by an IC card. It is a schematic diagram explaining the other example of a communication process. It is a schematic diagram explaining the further another example of communication processing. It is a flowchart explaining the example of the detailed flow of post-processing. It is a figure which shows the other structural example of the electronic money system to which this invention is applied. It is a block diagram which shows the structural example of the acceptance payment common terminal of FIG. It is a flowchart explaining the other example of the flow of the process in the whole electronic money system. It is a block diagram which shows the other structural example inside a payment terminal. It is a flowchart explaining the other example of the flow of post-processing. It is a block diagram which shows the further another structural example of the electronic money system to which this invention is applied. FIG. 30 is a block diagram illustrating an internal configuration example of a result handling processing terminal of FIG. 29. It is a flowchart explaining the further another example of the flow of the process in the whole electronic money system. It is a flowchart explaining the example of the detailed flow of a pre-authentication result corresponding | compatible process. It is a block diagram which shows the structural example of the gate system to which this invention is applied. FIG. 34 is a block diagram illustrating an internal configuration example of a server illustrated in FIG. 33. It is a block diagram which shows the example of an internal structure of the gate terminal shown by FIG. It is a flowchart explaining the example of the flow of a process in the whole gate system. An example of a detailed flow of the pre-authentication process will be described with reference to the flowchart of FIG. It is a block diagram which shows the other structural example of the gate system to which this invention is applied. It is a block diagram which shows the example of an internal structure of the reception terminal of FIG. It is a flowchart explaining the other example of the flow of a process in the whole gate system. It is a figure explaining the structural example of the personal computer to which this invention is applied.

Explanation of symbols

  1 Electronic Money System, 10 Dealer, 22 IC Card, 30 Network, 31 Acceptance Terminal, 32 Electronic Money Server, 33 Payment Terminal, 42 Dedicated Symmetric Key, 62 Dedicated Symmetric Key, 311 Accepted Payment Common Terminal, 341 Retention Period Setting Unit , 411 result processing terminal, 501 gate system, 532 server, 533 gate terminal, 534 gate, 611 reception terminal, 612 gate

Claims (15)

In an information processing system that has a first terminal, a server, and a second terminal and authenticates a portable information processing device,
The first terminal is
First acquisition means for acquiring identification information of the portable information processing device from the portable information processing device;
First supply means for supplying the server with the identification information acquired by the first acquisition means;
The server
Second acquisition means for acquiring the identification information supplied by the first supply means;
Symmetric key information used for encryption processing and decryption processing dedicated to the portable information processing device assigned to the portable information processing device corresponding to the identification information acquired by the second acquisition means. A dedicated target key specifying means for specifying a dedicated symmetric key;
Second supply means for supplying the dedicated symmetric key specified by the dedicated symmetric key specifying means to the second terminal;
The second terminal is
Third acquisition means for acquiring the dedicated symmetric key supplied by the second supply means;
Holding means for holding the dedicated symmetric key acquired by the acquiring means;
A fourth acquisition means for acquiring the identification information from the portable information processing apparatus;
An information processing system comprising: authentication means for authenticating the portable information processing device using a dedicated symmetric key corresponding to the identification information acquired by the fourth acquisition means and held by the holding means. The information processing system according to claim 1, wherein the portable information processing device is a contactless IC card that performs short-range wireless communication. The server further includes storage means for storing registration information related to the portable information processing apparatus registered in advance,
2. The dedicated symmetric key specifying unit specifies the dedicated symmetric key corresponding to the identification information acquired by the second acquiring unit with reference to the registration information stored in the storage unit. Information processing system described in 1. The information processing system according to claim 1, wherein the second terminal further includes a payment processing unit that performs a payment process for updating balance information received by the portable information processing apparatus authenticated by the authentication unit. The information processing system according to claim 1, wherein the second terminal further includes post-processing means for erasing the dedicated symmetric key held in the holding means at a predetermined timing. The information processing system according to claim 5, wherein the second terminal further includes a retention period setting unit that sets the predetermined timing. The said holding | maintenance period setting means sets the said predetermined timing based on the instruction | indication from the said server, the instruction | indication from the user of the said 2nd terminal, or the instruction | indication from the said portable information processing apparatus. Information processing system. An information processing apparatus for authenticating a portable information processing apparatus,
First acquisition means for acquiring identification information of the portable information processing device from the portable information processing device;
A dedicated symmetric key, which is symmetric key information used for encryption processing and decryption processing, individually assigned to each portable information processing device, based on the identification information acquired by the first acquisition means Holding means for holding a dedicated symmetric key identified by
A second acquisition means for acquiring the identification information from the portable information processing apparatus;
An information processing apparatus comprising: authentication means for authenticating the portable information processing apparatus using a dedicated symmetric key corresponding to the identification information acquired by the second acquisition means and held by the holding means. The portable information processing apparatus is a non-contact type IC card that performs short-range wireless communication,
The information processing apparatus according to claim 8, wherein the first acquisition unit and the second acquisition unit acquire the identification information by performing the short-range wireless communication with the contactless IC card that is in proximity. The information processing apparatus according to claim 8, further comprising payment processing means for performing payment processing for updating balance information received by the portable information processing apparatus authenticated by the authentication means. The information processing apparatus according to claim 8, further comprising post-processing means for erasing the dedicated symmetric key held in the holding means at a predetermined timing. The information processing apparatus according to claim 11, further comprising holding period setting means for setting the predetermined timing. The retention period setting means is based on an instruction from a server connected to the information processing apparatus and specifying the dedicated symmetric key, an instruction from a user of the information processing apparatus, or an instruction from the portable information processing apparatus The information processing apparatus according to claim 12, wherein the predetermined timing is set. An information processing method for an information processing apparatus for authenticating a portable information processing apparatus,
Obtaining identification information of the portable information processing device from the portable information processing device;
A dedicated symmetric key that is assigned to each portable information processing device and is a symmetric key information that is symmetric key information used for encryption and decryption processing, and that is specified based on the acquired identification information To the holding part,
Obtain the identification information again from the portable information processing device,
An information processing method including a step of authenticating the portable information processing device using a dedicated symmetric key corresponding to the identification information acquired again and held in the holding unit. A program for causing a computer to execute authentication processing of a portable information processing apparatus,
Obtaining identification information of the portable information processing device from the portable information processing device;
A dedicated symmetric key that is assigned to each portable information processing device and is a symmetric key information that is symmetric key information used for encryption and decryption processing, and that is specified based on the acquired identification information To the holding part,
Obtain the identification information again from the portable information processing device,
A program including the step of authenticating the portable information processing apparatus using a dedicated symmetric key corresponding to the identification information acquired again and held in the holding unit.

Images