JP2011193490A - Ic card issuing system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent leakage of personal information of a user, such as use history of an IC card, by allowing the user to set a password of the IC card. <P>SOLUTION: In a system for recording key information of an issuing authority on an IC card and issuing the IC card, an IC card issuing authority 11 includes: a means for generating first key information on the basis of specific information; a means for recording the first key information and the specific information on a specific area of the IC card; and a first DB 3 for storing real information specifying a user who is provided with the IC card, and specific information of the IC card in association with each other, and issues the IC card 10 with the first key information and the specific information added thereto. A user-side system 12 includes: a means for inputting a password of the user; a means for generating second key information on the basis of the input password and the specific information recorded on the specific area of the IC card; a means for generating a public key certificate unique to the user on the basis of the second key information; and a write means for writing the public key certificate and the password into a memory of the iC card. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an IC card issuance system and method, and more particularly to IC card issuance management, IC card information processing method, and issuance thereof for preventing personal information of IC card users from leaking in the IC card issuance system. It is related to the IC card by format.

  IC cards are beginning to be used as cards with higher security than magnetic cards. Normally, when an IC card is issued, a pair of a public key and a secret key is generated, and these keys are embedded in the memory of the IC card. The key generation generally includes an encryption algorithm for connecting a smart card issuing device having means for writing key information to the smart card to a personal computer (PC) and creating a key by the CPU in the PC. The program is executed by executing the same program, or the same program is executed by the CPU provided in the IC card. With regard to the latter, as a technique for enabling a secure public key encryption key to be generated in an IC card within a practical time, for example, there is one disclosed in Japanese Patent Laid-Open No. 2000-56680 (Patent Document 1).

JP 2000-56680 A

    Normally, when an IC card issuing organization issues an IC card to a member of an organization, a public key certificate corresponding to the private key embedded in the IC card is generated under the IC card issuing organization. Issue. In this case, since the issuing institution can associate the IC card user's public key certificate with the real name of the user, the internal member of the issuing institution intentionally uses the IC card user's real name and its usage history, etc. Personal information may be obtained, and personal information may be leaked.

  An object of one aspect of the present invention is to suppress leakage of personal information of an IC card user.

  The present invention provides an IC card issuing system for issuing an IC card by giving key information generated based on unique information unique to the card to the IC card. Providing a first key generating means for generating first key information, a recording means for recording the first key information and unique information generated by the key generating means in a specific area of the IC card, and an IC card And a first DB that stores the actual information related to the user specifying the user to be associated with the unique information of the IC card, and the system on the user side of the IC card inputs the password of the user A second key generation unit that generates second key information based on the password input from the input unit and the unique information recorded in the specific area of the IC card, and the second key generation unit. Certificate generation means for generating a public key certificate unique to the user based on the generated second key information, public key certificate generated by the certificate generation means, and password in the memory of the IC card An IC card issuing system having writing means for writing.

  In a preferred example, the second key generation unit and the certificate generation unit are realized by executing a specific program in a CPU provided in the IC card.

  Preferably, the issuing institution has a second DB for registering and managing information related to a public key certificate unique to the user in association with information specifying an expired IC card.

  The IC card information processing method according to the present invention is an IC card information processing method for creating an IC card by recording key information on the IC card, and is specific to the IC card in the issuing organization that issues the IC card. A first key generation step of generating first key information based on a unique ID, and a step of recording the generated first key information and unique ID in a specific area of the IC card, In the card user system, a second key generation step of generating second key information based on the password unique to the user input from the input means and the unique ID recorded in the specific area of the IC card A certificate generation step for generating a public key certificate unique to the user based on the generated second key information, and the generated public key certificate and password in the memory of the IC card ; And a write step that burn them.

  In a preferred example, the first key information includes secret key information, the secret key information is recorded in a tamper-resistant area of the IC card, the second key information includes public key information, and the public key information is IC At least temporarily stored in the RAM area of the memory of the card, the public key certificate is stored in the RAM area of the memory of the IC card, and is read when the IC card is used.

  In one example, in the second key generation step, second key information is generated in consideration of information relating to the validity period of the IC card determined by the issuing organization and the contents of the service.

  The invention related to the IC card according to the present invention is grasped as an IC card in which information generated as a result of the steps performed by the issuing organization is recorded, for example, in the above method.

  The IC card according to the present invention is an IC card having a CPU connected to an internal bus, a memory, and a tamper-resistant area. The tamper-resistant area is unique to the IC card and a program for generating key information. The information and the first key information generated by the IC card issuing organization are recorded, and the CPU executes the program in association with the password unique to the user and the unique information recorded in the tamper resistant area. A process for generating information and a certificate generation process for generating a public key certificate unique to the user based on the generated key information are performed. The RAM area of the memory stores the generated public key certificate. To do.

  According to one aspect of the present invention, leakage of personal information of an IC card user can be prevented.

The figure which shows the outline | summary of the card issuing system by one Example of this invention. The figure which shows the structure of the system of the membership card issuing organization 11 in one Example. The figure which shows the format of DB3 in the issuing organization system in one Example. The figure which shows the structure of the member side system 12 in one Example. The figure which shows the format of revocation DB5 in the issuing organization in one Example.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a diagram for explaining an outline of an IC card issuing system according to an embodiment of the present invention.

This example is an example of a system in which an organization such as a company, organization, product or service provider issues an IC card in which information as a membership card is recorded to a user such as an organization member or member.
The IC card issuing system includes a membership card issuing institution system (hereinafter simply referred to as an issuing institution) 11 and a member system 12. The issuing institution 11 and the member system 12 may be connected via a network, but may be offline systems independent of each other.
The details of the issuing agency 11 and member 12 systems are shown in FIGS. 2 and 4 and will be described later.

If you wish to issue a membership card, the applicant goes to the issuing organization, fills in the required information on the membership application, that is, discloses his / her personal information and applies. At the same time, a certificate of identity such as a driver's license is presented and the IC card 10 as a membership card provided by the issuing institution 11 is received.
When issuing the IC card 10 at the issuing organization, a unique ID and a key pair PX, SX of a public key cryptography for proving membership are recorded on the IC card. In addition, in order to manage the IC card 10 to be issued, the member's real name, card validity period, qualification content, etc. are registered in the management DB 3 of the issuing institution 11 in association with the unique ID of the IC card. . Further, the issuing institution 11 has a revocation DB 5 for managing revoked member cards, and responds to inquiries from the outside such as card use stores.

  When the member obtains the IC card 10 issued from the issuing institution 11, the member performs a predetermined operation to set the IC card in an effective state using his / her system such as a PC. In the member system 12, the user himself / herself registers a password in the IC card. In the IC card 10, key pair information is generated based on this password, and the public key, the validity period, and the qualification content in the generated key pair information are signed with the secret key SX of the issuing organization. A public key certificate (hereinafter referred to as a member ID) is generated. These key pair information and member ID are written in the memory of the IC card 10. By such an operation, the IC card is set in a useful state.

  As described above, in this embodiment, the IC card issuing organization obtains the actual information of the user himself and performs the minimum processing for issuing the IC card, while the user system uses the IC card when using the IC card. Processing related to the initial setting of the IC card for generating the necessary public key certificate is performed. That is, the processing for initial setting of the IC card is separately performed in both systems, thereby preventing anyone from accessing the actual information of the user from the member ID used when using the IC card. Yes.

Next, the system 11 of the membership card issuing organization will be described with reference to FIG.
The issuing institution system 11 includes a server 20, and necessary information is recorded on the IC card 10 in accordance with a command from the server 20. The server 20 may be a known PC and includes a CPU 201, an input device 202 such as a keyboard and a mouse, a display device 203, a memory 204, and a hard disk 205.

  The memory 204 stores a program for generating a public key / private key pair, and the CPU 201 executes the program to generate key pair information SX and PX.

  The IC card 10 is given a unique ID such as a number at the time of manufacture. This unique ID and the key pair information SX, PX generated by executing the above program are imprinted and fixed in the tamper area 104 of the IC card 10.

  The IC card 10 includes a CPU 101, a ROM 102, a RAM 103, and a tamper resistant area 104. The ROM 102 stores a program for generating key pair information PA and SA and a member ID, and this program is executed by the CPU 101 to generate key pair information PA and SA. Also, a member ID (public key certificate) for the public key information PA is generated. In this embodiment, the key pair information PA and SA and the member ID are generated in the member system 12.

  Signature and decryption are performed using the generated key pair information PA and SA and the member ID. The RAM 103 also stores information such as the generated public key PA, the generated member ID, the validity period of this membership card, and qualification contents. In the tamper resistant area 104, the unique ID of the IC card and the secret key SX of the issuing agency are imprinted and fixed, and such information cannot be taken out from the card.

  The issuing institution 11 has a management DB 3 for managing information related to the IC card 10 to be issued. This DB3 is formed in the bird disk 205 of the server 20, for example.

  FIG. 3 shows an example of the DB format. In the management DB 3, information such as a member's real name 32, an effective date 33, an expiration date 34, and qualification content 35 of the card is registered in correspondence with the unique ID (card ID) 31 of the card.

  Although the member's real name 32 is managed in the management DB 3, the member ID and password of the membership card of the IC card generated after issuance are not registered in the management DB 3. There will be no chance of leaking personal information. Even when an anonymous name is recorded on the membership card later and the membership card is used, there is no problem in managing DB3.

Here, the expiration date 34 is the expiration date of the membership card, such as “December 2005”. The qualification content 35 is a ranking of members in the case of a rental video store member, such as “Video Rental Premium Member”.
The issuing institution 11 also has a revocation DB 5 and manages information on revoked membership cards.

FIG. 5 shows an example of the revocation DB 5.
The revocation of a membership card is a loss of membership as a member when, for example, the member has committed fraud within the validity period. At that time, the following information is registered in the revocation DB 5 by contacting the issuing organization 11 with the member ID and applying for revocation.

  That is, information such as a revocation application date 52 is registered in the revocation DB 5 using the member ID 51 as a key. Here, since the member ID 51 is information generated by using the member's PC after the IC card is issued from the issuing institution 11, the information originally registered in the DB 3 of the issuing institution 11 and the member ID 51 are used. The relationship with the information is not attached.

  On the other hand, in the case of an inquiry about the expiration of a membership card from the outside such as a rental video shop where the membership card is used, the revocation DB 5 is searched for the inquired member ID, and whether there is a matching member ID We cope by introducing.

  The introduction to the issuing institution 11 from the outside or the access to the revocation DB 5 may be automatically performed via a network, or may be inquired using a telephone.

  In this way, the registration information in the revocation DB 5 is independent of the registration information in the management DB 3, so it is not possible to contact the user's actual information because the member has been revoked. Personal information is protected.

  Next, processing of related information for the IC card 10 in the member system 12 will be described with reference to FIG.

  The member system 12 has a PC 40, and necessary information is written into the IC card 10 in accordance with an operation from the PC 40. As is well known, the PC 40 includes a CPU 401, an input device 402 such as a keyboard and a mouse, a display 403, a memory 404, and a hard disk 405. The IC card 10 is connected to the PC 40 via an adapter such as a PCI bus slot.

  The IC card 10 to be processed is issued from the issuing institution 11, and as described above, the unique ID and the secret key SX are fixed in the tamper resistant area. The ROM 102 stores a public key / private key pair and a program for generating a member ID. When the CPU 101 executes this program, key pair information PA and SA and a member ID are generated.

  Next, the key pair information generation operation of the public key cryptosystem in the member side system 12 will be described.

  First, the member installs a program for guiding the initial setting operation of the IC card 10 in the PC 40 in advance. This program is initially stored on a CD (compact disc), and is distributed from an issuing organization at the same time that a user acquires an IC card as a member. Alternatively, when an initial setting of the IC card 10 is performed by a member, it can be obtained by accessing the website of the issuing institution via the Internet.

  When the installation of the above program on the PC 40 is completed, this program is executed by the CPU 401, and a confirmation message as to whether the IC card 10 is connected to the PC 40 is displayed on the display 403 of the member PC 40 according to the execution. Is done. When the IC card 10 is inserted into the slot of the PC 40, a guidance screen for password entry appears on the display 403 of the PC 40. The member inputs the password from the input device 402 while viewing the guidance screen.

  At this time, a program for generating a public key cryptosystem key pair stored in the ROM 102 is executed by the CPU 101 in parallel. The password input from the input device 402 is transferred to the IC card 10. In the IC card 10, the unique ID fixed to the tamper resistant area 104 is read out. Then, based on the password and the unique ID, a public key / private key pair PA, SA is generated. The generated public key PA is temporarily stored in the RAM 103. On the other hand, the password and secret key SA are recorded in the tamper resistant area 104.

Next, the expiration date and qualification contents stored in the RAM 103 are read out, and the public key PA generated earlier and the expiration date and qualification contents are used to obtain the secret key SX of the issuing organization recorded in the tamper resistant area. The member ID (public key certificate) is generated by signing. The generated member ID is stored in the RAM 103. The member ID includes a public key PA, a validity period, and qualification contents. The generated member ID can be read from the IC card 10 via the IC card issuing device 41, and the member can use it by a program operating on the PC 40.
The public key cryptosystem key pair can be generated by using a well-known method such as Diffie-Hellman algorithm.

Next, a signature process when using an IC card will be described.
The operation when using the IC card is not directly related to the gist of the present invention, but will be explained for the time being by taking the client authentication and the member's signature when using the Web site as examples. I want to go.

  When a member electronically trades with a Web site via the Internet, login processing may be performed. After performing the IC card owner authentication by inputting the password into the IC card and collating it with the password recorded in the tamper-resistant area 104, the IC card uses the IC card to obtain the member ID stored in the RAM 103. Send to website. The Web site generates a random number and returns information encrypted with the public key PA in the received member ID to the IC card. The IC card is decrypted by SA and the result is transmitted to the website. The Web site confirms the valid member ID of the IC card by comparing the original random number and the random number returned after being decrypted by the SA.

  The signature of the member is processed using the secret key SA recorded in the tamper resistant area 104. A signature is like an electronic seal and serves as an approval stamp for a document. Can be used anonymously. For example, it is used when an audit committee of a third-party organization is operated anonymously and electronically presses an approval mark on audit documents. If you are a member of a rental video store, an electronic seal on the video borrowing will be your signature.

  As mentioned above, although one Example of this invention was described, this invention is not limited to the said Example, It can implement in various deformation | transformation.

  For example, the definition and terminology of the terms in the above embodiment are merely examples and are not limited thereto. For example, the configuration and name related to the management DB 3 or the revocation DB 5 are examples, and the present invention is not limited to this. For example, you may comprise as a management table and a revocation table.

  Further, for information registered in these DBs or tables, information further related to that shown in FIG. 3 or 5 may be added. For example, the name of the member may be registered in the revocation DB 5 shown in FIG. The name may be a name designated by the member himself / herself, avoiding the use of the real name in order to prevent leakage of personal information of the member.

  Further, the server 20 and the member PC 40 in the embodiments of FIGS. 2 and 4 are not limited to these, and may be information processing apparatuses that are generally used.

10: IC card 11: Member issuing organization 12: Member system 20: Server 3: Management DB
5: Revocation DB
101: CPU
102: ROM
103: RAM
104: Tamper resistant area

Claims (5)

Storage means for storing unique information that is managed in association with personal information by another device and is uniquely assigned to the device;
Generation means for generating a public key as identification information of the own device provided to the access destination by executing a predetermined algorithm for generating a key pair of a public key cryptosystem based on the unique information stored in the storage means When,
An identification information generating device comprising: The storage means further comprises:
Storing a secret key generated by the other device;
Transmitting means for encrypting and transmitting the public key using the secret key stored in the storage means when the access device identifies the device itself;
The identification information generating apparatus according to claim 1, further comprising: A receiving means for receiving the entered password,
The public key is
Based on the received password and the unique information stored in the storage means, it is generated by executing a predetermined algorithm for generating a key pair of a public key cryptosystem,
The identification information management apparatus according to claim 1 or 2, characterized by the above. The storage means has tamper resistance;
The identification information generating apparatus according to claim 1, wherein On the writing device,
Manage personal information and computer-specific unique information in association with each other,
Writing the unique information in a storage means provided in a computer;
To do that,
In the computer,
Generating a public key as identification information of the own device provided to the access destination by executing a predetermined algorithm for generating a key pair of a public key cryptosystem based on the unique information stored in the storage means;
The identification information generation method characterized by performing this.

Images