JP2009199627A - Portable electronic medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow operators to rewrite restriction on authentication data of an IC card, and to allow each of the operators to perform management of original authentication data or to impart versatility to an authentication process by the IC card. <P>SOLUTION: Various kinds of restriction on the authentication data imparted from a server is stored in a rewritable nonvolatile memory. When the value of the inputted authentication data, or the difference between the inputted authentication data and the preceding inputted authentication data exceeds a limit, it is decided that authentication is impossible, and use of a portable terminal device provided with the IC card is inhibited. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a portable electronic medium such as an IC card that is attached to a terminal device such as a mobile phone and performs authentication processing based on authentication data input as a command from the outside.

  In recent years, some terminal devices such as mobile phones have a structure in which an IC card can be attached and detached by a user. For example, personal information of a user is stored in an IC card attached to a mobile phone. Further, in a mobile phone to which an IC card as described above is attached, authentication processing transmitted from a server or the like is supplied to the IC card to perform authentication processing in the IC card.

  Conventionally, authentication processing in an IC card is performed according to a procedure defined by the standard of a mobile phone. For example, in 3GPP TS33.102 as a cellular phone standard, the validity of a sequence number (SQN) is checked as one of authentication processes in an IC card for cellular phones. That is, in the SQN validity check in the conventional IC card, conditions, authentication procedures, etc. are uniquely determined by the standard. For this reason, the IC card used in the conventional mobile phone has no versatility in the SQN validity check as one of the authentication processes, and for example, the mobile phone operator cannot perform its own SQN management. There is a point.

  As described above, the portable electronic medium attached to the terminal device solves the problem that there is no versatility in the validity check for the authentication data given from the outside. As one of the authentication processes on the medium, portable electronic devices can be used for generality in the validity check of authentication data given from the outside, and the operator who provides the authentication data can manage the authentication data uniquely. The purpose is to provide a medium.

  The portable electronic medium according to the present invention is a device that is attached to a terminal device, and includes a first storage unit that stores a limit value for authentication data transmitted from a server that communicates with the terminal device, and the terminal Input means for inputting authentication data from the server received by the device from the terminal device; second storage means for storing authentication data from the server input via the terminal device by the input means; When authentication data from the server is input via the terminal device by the input means, a difference value between the authentication data and the authentication data supplied last time stored in the second storage means, and the first And determining means for determining whether or not the terminal device can be used by comparing with a limit value stored in the storage means.

  According to the present invention, the operator side that provides versatility in the validity check for the authentication data given from the outside as one of the authentication processes in the portable electronic medium attached to the terminal device, or gives the authentication data It is possible to provide a portable electronic medium that can manage unique authentication data.

The block diagram which shows the structural example of the mobile telephone as an example of the terminal device with which the IC card as a portable electronic medium which concerns on embodiment of this invention is mounted | worn. The block diagram which shows the structural example of the IC card as a portable electronic medium which concerns on embodiment of this invention. The figure which shows the structural example of the table provided in the non-volatile memory in an IC card. The flowchart for demonstrating the process procedure of the validity check of SQN in an IC card.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram showing a configuration example of a portable terminal device (terminal device) 1 to which an IC card C as a portable electronic medium according to the present invention is mounted. A mobile terminal device 1 shown in FIG. 1 is a device used as a mobile phone that operates based on a specific specification, for example. That is, in the present embodiment, an IC card C that is mounted on the mobile terminal device 1 such as a mobile phone that operates based on a specific specification will be described. The specific specification is, for example, a standard (3GPP TS33.102 or the like) standardized by 3GPP (Third Generation Partnership Project).

  As shown in FIG. 1, the mobile terminal device 1 includes a control unit 11, a communication control unit 12, a radio unit 13, a voice control unit 14, a power supply unit 15, an LCD module 16, and the like. The control unit 11 is connected to a RAM, a ROM, an IC card socket 21, a keyboard, and the like. An antenna is connected to the wireless unit 13. The voice control unit 14 is connected to a speaker, a receiver, a microphone, and the like.

  The wireless unit 13 is a module that transmits and receives radio waves via the antenna. The wireless unit 13 transmits and receives radio waves to and from a server (not shown) by, for example, direct spreading W-CDMA (Wideband-Code Division Multiple Access). The communication control unit 12 is a module that performs various communication controls. The communication control unit 12 has functions such as finger control, Viterbi decoding, channel codec, path search, secrecy, turbo encoding / decoding, and AMR speech codec.

  The control unit 11 controls the entire mobile terminal device 1. The control unit 11 includes a CPU, an internal memory, various memory I / Fs (Interface), an IC card I / F, a keyboard I / F, and the like. Further, the control unit 11 includes, for example, a PLL (Phase Locked Loop) circuit, a data stream path switching, a DMA (Direct Memory Access) controller, an interrupt controller, a timer, a UART (Universal Asynchronous Receiver Transmitter), secrecy, HDLC (High- level Data Link Control procedure) Functions such as framing and USB device controller.

  The voice control unit 14 outputs sound from a speaker or a receiver, or inputs sound input from a microphone. The voice control unit 14 includes, for example, an analog front end unit and an audio unit. The LCD module 16 is a module that performs display control using, for example, a reflective color low-temperature polysilicon TFT liquid crystal. The LCD module 16 is an integrated module including, for example, an LCD panel, an LCD controller, a power supply IC, a front light, and the like.

  The IC card socket 23 is a socket into which the IC card C is mounted. The IC card C mounted in the IC card socket 23 is called, for example, a UIM (User Identity Module) card or a USIM (Universal Subscriber Identity Module) card corresponding to a mobile phone that operates based on a specific specification. . A command received from the outside by the mobile terminal device 1 is supplied to the IC card C mounted in the IC card socket 23 under the control of the control unit 11.

Next, the IC card C will be described.
FIG. 2 is a block diagram illustrating a configuration example of the IC card C.
The IC card C includes a control element 30, a ROM 31, a nonvolatile memory 32, and an input / output interface 33. The control element 30 performs an operation corresponding to a command input based on a control program stored in the ROM 31 or the nonvolatile memory 32. The control element 30 has a function of executing, for example, data reading / writing / rewriting processing, encryption / decryption processing, arithmetic processing, comparison processing, and the like for the nonvolatile memory.

The nonvolatile memory 32 is a rewritable nonvolatile memory. That is, the data in the nonvolatile memory 32 is rewritten by the control of the control element 30. The nonvolatile memory 32 is provided with a rewritable table 32a. The table 32a will be described later in detail. Further, when the SQN as authentication data from the server (not shown) is received via the portable terminal device 1, the nonvolatile memory 32 stores the SQN as the previous SQN (hereinafter, the previous SQN is referred to as the SQN _MS). It is supposed to be memorized as). That is, every time SQN is input to the IC card C, the input SQN is updated and recorded in the nonvolatile memory 32 as the previous SQN (SQN _MS ).

  The input / output interface 33 is an interface for inputting / outputting data to / from the portable terminal device 1. The input / output interface 33 inputs / outputs data to / from the mobile terminal device 1 while being attached to the IC card socket 23 of the mobile terminal device 1.

Next, a security mechanism (authentication system) in the mobile terminal device 1 will be described.
Generally, an authentication system applied to a mobile phone has various authentication conditions. For example, one of the authentication conditions applied to a 3GPP mobile phone is a sequence number (SQN) validity check. The SQN is composed of a single sequence number (SEQ) and a sequence number INDEX (IND).
SQN = SEQ conc IND (conc: binding)
It is.

  In the specification of 3GPP TS33.102, SEQ is composed of 43 bits, IND is composed of 5 bits, and SQN is composed of 48 bits. Further, in the specifications of the 3GPP TS33.102, the main conditions as the SQN validity check by the SQN configured as described above are described in the following (1) to (3).

(1) The SQN sent as a command is compared with the value of the SQN held in the IC card (same IND as the sent SQN).

(2) if the former is larger, if the difference is within 2 ^28, SQN is determined that there is justification, otherwise, it is determined that there is no justification for SQN.

(3) If the latter is large, the SQN is determined to be valid if the difference is within L, and otherwise, it is determined that the SQN is not valid.

  As described above, in a mobile phone or the like, the specification in the SQN validity check is uniquely determined, and there is no versatility. For this reason, in this embodiment, the SQN validity check applied to the mobile terminal device 1 such as a mobile phone is provided with versatility. Hereinafter, the operation of the IC card in the present embodiment will be described.

First, the limit value of data stored in the table 32a in the nonvolatile memory 32 will be described.
FIG. 3 is a diagram showing a configuration example of the table 32a. As shown in FIG. 3, the table 32a stores various limit values used for checking the validity of the SQN and data indicating the necessity of the check. In the example shown in FIG. 3, the table 32a records seven items including four items indicating whether or not there is a restriction on the size of the SQN and three items indicating three kinds of restriction values. It has become.

  As the first item, the table 32a stores data indicating whether or not the SQN validity check is performed by comparing the SQN value with various limit values (comparison of the SQN magnitude relationship). (Do not compare SQN magnitude relationship). That is, if the SQN value is not checked by the SQN value, the first item stores data indicating that the SQN magnitude relationship is not compared, and the SQN value is checked by the SQN value. When performing the above, the first item stores data indicating that the SQN magnitude relationship is compared.

As a second item, in the table 32a, a value obtained by subtracting the value of SQN _MS (previous SQN) stored in the nonvolatile memory 32 from the value of input SQN (current SQN) (SQN and Data indicating whether or not a restriction is set on the difference value between the SQN _MS and the SQN _MS is stored (the difference between the SQN and the SQN _MS is set / not set).

As a third item, the table 32a stores a difference limit value Δ for a value obtained by subtracting SQN _MS from SQN (a difference value between SQN and SQN _MS ). The difference limit value Δ stored in the third item is normally applied when SQN> SQN _MS .

That is, in the table 32a, if the second item is set to be limited in the difference between SQN and SQN _MS , if SQN> SQN _MS , the difference value between SQN and SQN _MS and the third The difference limit value Δ between the SQN set in the item and the SQN _MS is compared. As a result of this comparison, if the difference value between the SQN and the SQN _MS is smaller than the difference limit value Δ, authentication is possible (use of the portable terminal device), and if it is larger, authentication is impossible (use of the portable terminal device is not allowed). Is set.

As a fourth item, a value obtained by subtracting the value of SQN (current SQN) input from the value of SQN _MS (previous SQN) recorded in the nonvolatile memory 32 in the table 32a ( Data indicating whether or not a restriction is provided on the difference between SQN _MS and SQN is stored (the difference between SQN _MS and SQN is / is not provided).
The fifth item, in the table 32a, the difference limit value L with respect to the value obtained by subtracting the SQN from _{SQN MS} (difference value between the _{SQN MS} and SQN) are stored. The difference limit value L stored in the fifth item is normally applied when SQM _MS > SQN.

In other words, if the fourth item is set to limit the difference between SQN _MS and SQN, if SQN _MS > SQN, the difference value between SQN _MS and SQN and the fifth item are set. The difference limit value L between the existing SQN _MS and SQN is compared. As a result of this comparison, if the difference value between the SQN _MS and SQN is smaller than the difference limit value L, authentication is possible (use of the mobile terminal device), and if it is larger, authentication is not possible (use of the mobile terminal device is not possible). Is set.

As the sixth item, the table 32a stores data indicating whether or not a limit is set for the value of the input SQN (current SQN) (SQN limit (maximum value or minimum value). Value) or not).
As a seventh item, the table 32a stores a maximum value (or minimum value) M as a limit value for the value of SQN. The maximum value (or minimum value) M as the limit value stored in the seventh item is set according to, for example, the number of use or the use period of the mobile terminal device 1 in which the IC card C is mounted.

  The limit value M stored in the seventh item is set in accordance with the SQN transmitted from the server. For example, the value of the SQN transmitted from the server increases with each transmission. Is set, the value of SQN input to the IC card C via the portable terminal device 1 increases for each input count. On the other hand, if the maximum value M is stored as a limit value for the SQN value in the table 32a, it is possible to set a limit on the number of times the mobile terminal device 1 in which the IC card C is mounted is used. Become.

  Similarly, when the SQN value transmitted from the server is set to increase every predetermined period, the SQN value input to the IC card C via the portable terminal device 1 has elapsed. Increase according to the period. On the other hand, if the maximum value M is stored as the limit value for the SQN value in the table 32a, it is possible to set a limit on the usage period of the mobile terminal device 1 in which the IC card C is mounted. Become.

  Even when the value of the SQN transmitted from the server is set to decrease every number of transmissions or every predetermined period, similarly to the above, if the minimum value M is stored as the limit value for the value of SQN, It is possible to set a limit on the number of times or the usage period of the mobile terminal device 1 in which the IC card C is mounted.

  That is, the restriction realized by the stored contents of the sixth and seventh items is set depending on the value of SQN transmitted from the server, and is transmitted from the server to the IC card C. It is set according to the change in the value of the SQN and the number of uses or the use period.

Next, a processing procedure of authentication processing (SQN validity check) in the IC card C according to the present embodiment will be described.
FIG. 4 is a flowchart for explaining the processing procedure of the SQN validity check according to the present embodiment.
First, when SQN is input from the server via the portable terminal device 1 by the input / output interface 33 (step S11), the control element 30 of the IC card C sets the value of SQN and various limit values. It is determined whether or not to compare (whether or not to check the validity of SQN) (step S12). This determination is made based on each data stored in the nonvolatile memory 32.

That is, when data indicating that the SQN value is not compared with the limit value is stored in the table 32a of the nonvolatile memory 32, that is, it is determined that the SQN validity check based on the SQN value is not performed. In this case (step S12, NO), the control element 30 unconditionally validates the SQN without comparing the SQN value with each limit value in the table 32a (checking the validity of the SQN based on the SQN value). It is determined that the property is OK (authentication is possible). At this time, the SQN may be stored as the SQN _MS in the nonvolatile memory 32 (step S18).

When data indicating that the SQN value is compared with the limit value is stored in the table 32a, that is, when it is determined that the SQN value is compared with various limit values (YES in step S12). The control element 30 compares the magnitude relationship between the input SQN (current SQN) and the SQN _MS (previous SQN) stored in the nonvolatile memory 32 (step S13).

If SQN> SQN _MS is determined by this comparison (step S13, NO), the control element 30 subtracts the value of SQN _MS from the value of SQN based on the stored contents of the table 32a (SQN and SQN _MS). It is determined whether or not a restriction on the difference value is set (step S14).

If it is determined by this determination that no limit is set on the difference between SQN and SQN _MS (step S14, NO), the control element 30 determines that the validity of SQN is OK (authentication possible), and SQN is stored as SQN _MS in the non-volatile memory 32 (step S18).

Further, when it is determined by the above determination that a limit is set on the difference between SQN and SQN _MS (step S14, YES), the control element 30 calculates a value obtained by subtracting the value of SQN _MS from the value of SQN. . When thus calculating the difference value of SQN and _{SQN MS,} the control device 30 compares the difference limit value Δ of SQN and _{SQN MS} stored in the difference value and the table 32a of the SQN and _{SQN MS} (step S15).

If it is determined by this comparison that the difference value between SQN and SQN _MS is equal to or greater than the difference limit value Δ (step S15, NO), the control element 30 has a legitimacy for the SQN being NG (authentication is not possible). Judge.

If it is determined by the comparison that the difference value between SQN and SQN _MS is smaller than the difference limit value Δ (step S15, YES), the control element 30 further sets the SQN value as a limit for the SQN value. It is determined whether a maximum value is set (step S16).

When it is determined by this determination that the maximum value of SQN is not set as a restriction on the value of SQN (step S16, NO), the control element 30 determines that the validity of the SQN is OK (authentication possible). Then, the SQN is stored as the SQN _MS in the nonvolatile memory 32 (step S18).

  If it is determined by the above determination that the maximum value of SQN is set as a restriction on the value of SQN (step S16, YES), the control element 30 stores the value of SQN in the table 32a. It is determined whether or not the limit value of SQN is smaller than the maximum value M of SQN (step S17).

When it is determined that the value of the SQN is smaller than the maximum value M of the SQN (step S17, YES), the control element 30 determines that the validity of the SQN is OK (authentication possible), The SQN is stored as SQN _MS in the nonvolatile memory 32 (step S18).

  If it is determined by the above determination that the value of the SQN is equal to or greater than the maximum value M of the SQN (step S17, NO), the control element 30 determines that the legitimacy of the SQN is NG (authentication is not possible). To do.

If it is determined in step S13 that SQN> SQN _MS is not satisfied (step S13, NO), the control element 30 subtracts the value of SQN from the value of SQN _MS based on the stored contents of the table 32a. It is determined whether or not a restriction on a value (difference value between SQN _MS and SQN) is set (step S19).

When it is determined by this determination that no limit is set on the difference between SQN and SQN _MS (step S19, NO), the control element 30 determines that the validity of SQN is OK (authentication possible), and SQN is stored as SQN _MS in the non-volatile memory 32 (step S18).

If it is determined by the above determination that a limit is set on the difference between SQN and SQN _MS (step S19, YES), the control element 30 calculates a value obtained by subtracting the value of SQN from the value of SQN _MS. . If thereby calculating a difference value between _{SQN MS} and SQN, the control element 30, compares the difference limit value L of the _{SQN MS} and SQN stored in the difference value and the table 32a of _{SQN MS} and SQN (Step S20).

As a result of this comparison, it is determined that the difference value between the SQN _MS and the SQN is equal to or greater than the difference limit value L (step S20, NO). to decide.

If it is determined by the above comparison that the difference value between the SQN _MS and SQN is smaller than the difference limit value L (step S20, YES), the control element 30 further sets the SQN value as a limit for the value of the SQN. It is determined whether or not a minimum value is set (step S21).

If it is determined by this determination that the minimum value of SQN is not set as a restriction on the value of SQN (step S21, NO), the control element 30 determines that the validity of the SQN is OK (authentication possible). Then, the SNQ is stored in the nonvolatile memory 32 as an SQN _MS (step S18).

  Further, when it is determined by the above determination that the minimum value of SQN is set as a restriction on the value of SQN (step S21, YES), the control element 30 stores the value of SQN in the table 32a. It is determined whether or not the limit value of SQN is equal to or less than the maximum value M of SQN (step S22).

When it is determined that the value of the SQN is larger than the minimum value M of the SQN (NO in step S22), the control element 30 determines that the validity of the SQN is OK (authentication is possible) The SNQ is stored as SQN _MS in the nonvolatile memory 32 (step S18).

  Further, when it is determined by the above determination that the value of the SQN is equal to or less than the maximum value of SQN (step S22, YES), the control element 30 determines that the legitimacy for the SQN is NG (unauthenticated). .

As described above, according to the present embodiment, various restrictions on the authentication data given from the server are stored in the rewritable nonvolatile memory, and the value of the input authentication data or the input authentication data and the previous time When the difference with the input authentication data exceeds the limit, it is determined that the authentication is impossible, and the use of the mobile terminal device with the IC card is disabled.
As a result, according to the present embodiment, the operator can rewrite restrictions on authentication data, each operator can manage their own authentication data, and the authentication processing on the IC card can be made versatile. Can be.

  In addition, by setting that the SQN limit is not provided in the rewritable table in the nonvolatile memory or by setting a large limit value of the SQN, the validity check of the SQN is invalidated, and the IC You can easily check the operation of the card.

  In addition, the number of uses and the period of use can be set by limiting the value of the SQN itself according to the change in the value of the SQN transmitted from the server, that is, the operation method of the SQN. Is possible.

  The portable electronic medium (IC card) according to the present embodiment is a portable electronic medium having an erasable nonvolatile memory and a control element for reading and writing the contents, and can receive a command from the outside. When it is input, a process corresponding to the command is executed and the result is output to the outside, and when authentication data encrypted as a command input from the outside is input from the outside Means for decrypting the authentication data, and comparing the difference value between the authentication data from the outside and the previous authentication data stored in the nonvolatile memory with a difference allowance value stored in advance in the nonvolatile memory; Alternatively, it includes means for comparing the value of authentication data from the outside with the allowable value for the authentication data, and means for determining whether or not authentication is possible based on the comparison result. That.

  As described above, according to the present embodiment, by storing the allowable value of the authentication data and the allowable value of the difference value from the previous authentication data in the nonvolatile memory, the range of the value of the authentication data that is determined to be authenticated. Alternatively, the range of the difference value can be arbitrarily set, so that the authentication data can be operated freely. In addition, by maximizing the allowable value as a value for determining that authentication is possible, it is possible to determine that all authentication data can be authenticated, so that an effect of facilitating test work and the like can be expected.

  C: IC card (portable electronic medium), 1 ... mobile terminal device (mobile phone, terminal device), 30 ... control element, 32 ... non-volatile memory (first storage means, second storage means), 32a ... Table (first storage means), 33... I / O interface (input means)

Claims (4)

In a portable electronic medium attached to a terminal device,
First storage means for storing limit values for authentication data transmitted from a server that communicates with the terminal device;
Input means for inputting authentication data from the server received by the terminal device from the terminal device;
Second storage means for storing authentication data from the server input by the input means via the terminal device;
When authentication data from the server is input via the terminal device by the input means, the difference value between the authentication data and the authentication data supplied last time stored in the second storage means, and the first A determination unit that determines whether or not the terminal device can be used by comparing the limit value stored in one storage unit;
A portable electronic medium comprising: 2. The portable electronic medium according to claim 1, wherein the first storage unit is a rewritable nonvolatile memory, and the limit value stored in the first storage unit is rewritable. . The first storage means stores a limit value set in accordance with the number of use times or the use period of the terminal device on which the portable electronic medium is mounted,
The determination means determines whether or not a limit value set in accordance with the number of use times or the use period of the terminal device stored in the authentication data and the first storage means is exceeded. The portable electronic medium according to claim 2. Furthermore, when the authentication data transmitted from the server is encrypted, the authentication device has a decrypting unit that decrypts the encrypted authentication data input via the terminal device by the input unit. The portable electronic medium according to claim 2.

Images