JP2018151695A - Ic card, start processing method of ic card, and start processing program of ic card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To complete start processing without making the start processing complicated.SOLUTION: An IC card performs an initial response within a prescribed time to a start request signal from a reader writer. The IC card comprises a start processing unit. The start processing unit executes start processing until the initial response starts after the start request signal is received. Moreover, the start processing unit executes incomplete start processing until next character is transmitted after the character is transmitted, when the start processing is not completed until a first character is transmitted in the initial response.SELECTED DRAWING: Figure 2

Description

  The present invention relates to an IC card, an IC card activation processing method, and an IC card activation processing program.

An IC (Integrated Circuit) card is classified into a contact type and a non-contact type according to a method of exchanging information with a reader / writer. In any of these types of IC cards, a time range (response time) until the IC card returns an initial response to an IC card activation request such as power-on from a reader / writer or a reset signal is defined. .
For example, in the case of a contact type IC card, when receiving a reset signal, the IC card performs communication-related parameter setting as an initial setting and responds with an ATR (Answer to reset) as an initial response. This ATR response needs to be made within a specified time in response to a reset signal from the reader / writer.

  Since this activation process is actually defined to have a very short response time, for example, from 400 clock cycles to 40,000 clock cycles, the IC card activation process must be completed within the specified response time. Only the startup process that can be performed in a short time is performed. That is, in the normal IC card activation process, only the minimum setting necessary for the operation of the IC card is performed, and a check that requires processing time cannot be performed within the above response time. For this reason, in the above conventional activation processing method, only the minimum necessary settings and checks can be performed to keep the initial response from the IC card within the specified time, so even if there is some abnormality in the IC card. It was difficult to detect the abnormality.

  The reader / writer transmits a command APDU (Application Protocol Data Unit) storing control contents in order to control the activated IC card. Upon receiving this command APDU, the IC card performs APDU processing according to the content of the received command APDU, and returns a response APDU as a response within a specified time. Then, the reader / writer confirms the response APDU to identify whether or not the control is successful. As described above, in the conventional activation processing method, since the APDU processing is started without detecting any abnormality that could not be detected at the time of activation, an error occurs during the operation of the APDU processing or an illegal operation is performed. There was a possibility.

There is a problem that an error or illegal operation during the operation of the APDU processing as described above can be a fatal defect for the IC card, such as a clue to a malicious attacker extracting the secret data in the IC card. . For example, when the memory check is not performed, if the unchecked memory is exposed to a malicious attack, the flash memory, the EEPROM, or the RAM is rewritten, and there is a problem that the IC card malfunctions.
Particularly in recent years, software security standards have become stricter, and a complete check must be made to prevent problems in terms of security.

  On the other hand, the IC card described in Patent Document 1 generates an error at a predetermined rate in each byte of the reset response until the card function unit for executing the function of the IC card is activated during the reset operation. By causing the reset response to be retransmitted, a delay is intentionally generated to maintain the transaction.

Japanese Patent Laid-Open No. 2006-91219

  However, as described above, the IC card described in Patent Document 1 performs a process of intentionally generating an error and retransmitting a reset response (initial response (ATR)), so that the reset operation (start-up process) is complicated. There is a problem of becoming. Along with this, for example, there arises a problem that the cost related to the design and manufacture of the IC card is increased.

  The present invention has been made in view of the above points, and provides an IC card, an IC card activation processing method, and an IC card activation processing program capable of completing the activation processing without complicating the activation processing. provide.

  The present invention has been made in order to solve the above-described problems. As one aspect of the present invention, an IC card that makes an initial response within a specified time to a start request signal from a reader / writer, The activation process is executed after the activation request signal is received until the initial response is started. If the activation process is not completed by the transmission of the first character in the initial response, the character is transmitted. And an activation processing unit that executes the activation process incomplete during a period from when the next character is transmitted.

  Further, according to one aspect of the present invention, in the IC card described above, the activation process includes a confirmation process for presence / absence of abnormality in the memory, a confirmation process for presence / absence of tampering in the program, It includes at least one of a confirmation process for the presence or absence of an abnormality in the operation and a confirmation process for the presence or absence of an abnormality in the operation of the random number generator.

  According to another aspect of the present invention, there is provided an IC card activation processing method for making an initial response to a activation request signal from a reader / writer within a specified time, wherein the activation processing unit receives the activation request signal. The start process is executed after the initial response is started, and when the start process is not completed by the transmission of the first character in the initial response, the character is transmitted and then the next An activation processing method for an IC card, comprising: an activation processing step for executing the incomplete activation processing in a period until a character is transmitted.

  Further, as one aspect of the present invention, an IC card computer that makes an initial response within a specified time with respect to an activation request signal from a reader / writer until the initial response is started after the activation request signal is received. If the activation process is not completed before the transmission of the first character in the initial response, the process is incomplete during the period from the transmission of the character to the transmission of the next character. An activation process program for an IC card for executing the activation process step of executing the activation process.

  According to the present invention, the startup process can be completed without complicating the startup process.

It is a block which shows the hardware constitutions of the IC card which concerns on embodiment of this invention. It is a block diagram which shows the function structure of the IC card which concerns on embodiment of this invention. It is the schematic which shows the timing which the IC card 1 which concerns on embodiment of this invention makes an initial response. It is the schematic which shows an example of a structure of the initial response (ATR) which the IC card 1 which concerns on embodiment of this invention performs. It is the schematic which shows the character structure of the initial response (ATR) which the IC card 1 which concerns on embodiment of this invention performs. It is a sequence diagram which shows an example of the communication performed between IC card 1 and reader / writer 10 which concern on embodiment of this invention.

<Embodiment>
According to the present invention, in an IC card that requires initial processing of hardware and software at the time of startup, the initial processing is performed in a divided manner without performing all processing within a specified time specified in the standard (ISO7816-3). It is about how to be able to. The specified time here refers to the time from when the IC card receives the reset signal (start-up request signal) transmitted from the reader / writer until the IC card starts transmitting the initial response (ATR) to the reader / writer. It is.

  Specifically, first, the IC card performs minimum necessary initial processing within a specified time specified in the standard (ISO7816-3). Then, the IC card performs the remaining (unfinished) initial processing in a period between characters (hereinafter referred to as “Pause”) when transmitting data to the reader / writer in units of characters (bytes) in the initial response (ATR). Period ").

  Hereinafter, the IC card 1 and the activation processing method of the IC card 1 according to the present embodiment will be described in detail.

[IC card hardware configuration]
Hereinafter, the hardware configuration of the IC card 1 will be described with reference to the drawings.
FIG. 1 is a block diagram showing a hardware configuration of an IC card 1 according to an embodiment of the present invention.

The IC card 1 is an IC card having a serial interface conforming to ISO7816-3. As shown in FIG. 1, the IC card 1 includes a CPU 11 (Central Processing Unit), a coprocessor 12, a random number generator 13, an I / O 14 (Input / Output; input / output unit), ROM 15 (Read Only Memory), RAM 16 (Random Access Memory; readable / writable memory), and EEPROM 17 (Electrically Erasable Programmable Read Only Memory).
In place of the ROM 15 and the EEPROM 17, another nonvolatile memory such as a flash memory may be used. The CPU 11, the coprocessor 12, the random number generator 13, the I / O 14, the ROM 15, the RAM 16, and the EEPROM 17 are connected to each other via a bus.

  The CPU 11 functions as a control unit that controls the entire IC card 1. The CPU 11 executes various processes based on control programs and control data stored in the ROM 15 and the EEPROM 17. For example, the CPU 11 executes various processes according to signals and commands received from the reader / writer 10 and generates data such as initial responses (ATR) and response APDUs as processing results.

  The coprocessor 12 functions as a processing device dedicated to cryptographic operations. The coprocessor 12 is controlled by the CPU 11 based on the command APDU transmitted from the reader / writer 10, performs necessary cryptographic operations such as encryption and decryption, and transmits the calculation result to the CPU 11.

  The random number generator 13 functions as a processing device dedicated to random number generation. The random number generator 13 is controlled by the CPU 11 based on a command APDU from a reader / writer and the like, and performs random number generation processing. For example, when the IC card 1 receives a mutual authentication command, the random number generator 13 generates a random number and transmits the generated random number to the CPU 11.

  The I / O 14 is a contact communication interface for communication connection with the reader / writer 10, and is a serial interface according to ISO7816-3.

The ROM 15 is a non-volatile memory that stores a control program, control data, and the like in advance. The ROM 15 is incorporated in the IC card 1 in a state where a control program, control data, and the like are stored at the manufacturing stage. That is, the control program and control data stored in the ROM 15 are incorporated in advance according to the specifications of the IC card 1.
As described above, another nonvolatile memory, for example, a flash memory may be used instead of the ROM 15.

  The RAM 16 is a volatile memory that functions as a working memory. The RAM 16 temporarily stores data being processed by the CPU 11 and the coprocessor 12.

The EEPROM 17 is a nonvolatile memory in which data can be written and rewritten. The EEPROM 17 can store, for example, control programs, control data, applications, personal information, security information such as encryption keys, data used for applications, and the like.
As described above, instead of the EEPROM 17, another nonvolatile memory, for example, a flash memory may be used.

[Functional structure of IC card]
Hereinafter, the functional configuration of the IC card 1 that communicates with the reader / writer 10 will be described with reference to the drawings.
FIG. 2 is a block diagram showing a functional configuration of the IC card 1 according to the embodiment of the present invention.

  As shown in the figure, the IC card 1 according to the embodiment includes a reset signal receiving unit 21, a start processing unit 22, a data receiving unit 23, a data transmitting unit 24, and a command processing unit 25. The command processing unit 25 includes an APDU processing unit 26 and a response processing unit 27.

The reset signal receiving unit 21 receives a reset signal (activation request signal) transmitted from the reader / writer 10.
The activation processing unit 22 executes activation processing of the IC card 1 using the reset signal receiving unit 21 as a trigger when receiving the reset signal (activation request signal).
The data receiving unit 23 receives a command APDU transmitted from the reader / writer 10.
The data transmission unit 24 transmits the response APDU generated by the response processing unit 27 described later to the reader / writer 10.

The command processing unit 25 executes command APDU processing based on the acquired command APDU, and generates a response APDU based on the execution result.
The APDU processing unit 26 executes command APDU processing based on the command APDU received by the data transmission unit 24.
The response processing unit 27 generates a response APDU for responding to the reader / writer 10 based on the execution result of the APDU processing executed by the APDU processing unit 26.

The activation processing of the IC card 1 executed by the activation processing unit 22 will be described in more detail below.
The activation processing unit 22 executes activation processing for activating the IC card 1 according to an activation request based on the reset signal (activation request signal) transmitted from the reader / writer 10 received by the reset signal receiving unit 21. As the startup process, for example, a process for restoring data is performed when the power is turned off during the writing process to the EEPROM 17 during the previous operation of the IC card 1, and the memory is not damaged. You can check things. Further, the activation processing unit 22 can check whether the program itself has been tampered with by checking the integrity of the ROM 15 and the EEPROM 17 and checking the program code.

  Furthermore, the activation processing unit 22 performs cryptographic operations on the sample data, and checks whether the cryptographic operation hardware such as the coprocessor 12 is operating normally by confirming whether or not a correct result is output. The activation processing unit 22 can check whether the random number generator 13 is operating normally by generating a plurality of random numbers using the random number generator 13 and checking the randomness.

In the contact type IC card such as the IC card 1 according to the present embodiment, the activation processing unit 22 is a communication that is an activation process, triggered by receiving a reset signal (activation request signal) from the reader / writer 10. Set parameters.
Generally, the startup process executed by the IC card during the period from the reception of the reset signal (startup request signal) to the start of the initial response (FIG. 3, period tc described later) In many cases, only limited (minimum necessary) processing is performed. This is activated between the reception of the reset signal received for at least 400 clock cycles after the clock signal supply is started in the cold reset waiting state and the initial response (ATR) started within 40000 clock cycles. This is because processing needs to be executed.

  The activation processing unit 22 according to the present embodiment executes the activation process from the reception of the reset signal (activation request signal) to the start of the initial response (ATR), and the first character of the initial response (ATR) If the activation process is not completed before transmission, each character (byte) of the initial response (ATR) transmitted in character (byte) units is transmitted until the next character (byte) is transmitted The remaining activation processing is executed during the period (Pause period). In this way, the activation processing unit 22 can complete the activation process by performing an incomplete initial process in each Pause period.

  Further, as described above, the command processing unit 25 generates an APDU processing unit 26 that executes the command APDU from the reader / writer 10 and a response APDU that is a result of the execution process of the command APDU as a response to the command APDU. Response processing unit 27. For example, when the APDU processing unit 26 obtains a select command as the command APDU and the data receiving unit 23 acquires the select command, the APDU processing unit 26 executes the select processing as the command APDU processing, and the response processing unit 27 responds to the execution of the select processing. As processing, a response APDU is generated. The generated response APDU is transmitted to the reader / writer 10 by the data transmission unit 24.

[Details of startup processing method]
Hereinafter, details of the activation processing method of the IC card 1 will be described with reference to the drawings.
FIG. 3 is a schematic diagram showing timing when the IC card 1 according to the embodiment of the present invention makes an initial response.

“VCC”, “CLK”, “RST”, and “I / O” shown in FIG. 3 represent terminals provided in the IC card 1, respectively. Specifically, the VCC terminal is a power supply terminal for supplying power to the IC card 1, the CLK terminal is a clock terminal for supplying a clock signal to the IC card 1, and the RST terminal supplies a reset signal to the IC card 1. The reset terminal (reset signal receiving unit 21) and the I / O terminal (data receiving unit 23 and data transmitting unit 24) are input / output terminals that enable input / output of various signals in a serial format.
Also, the horizontal axis in FIG. 3 represents time.

  As shown in FIG. 3, first, after the power supply voltage is supplied from the reader / writer 10 to the VCC terminal of the IC card 1, a clock signal is supplied to the CLK terminal at time Ta. Then, during a period ta (within 200 clock cycles) after time Ta, the I / O signal line is set to a predetermined state, and during a period tb (within 400 clock cycles) after time Ta, the reset signal is low (low). ) And when the rising edge of the reset signal (Low → High (high)) is detected, the IC card is reset (time Tb). Then, after a period tc (400 to 40000 clock cycles) has elapsed, an initial response (ATR) is sent from the I / O terminal to the reader / writer 10.

  In the conventional IC card, only the minimum necessary initial processing (for example, communication-related parameter setting) is performed during this period tc.

FIG. 4 is a schematic diagram illustrating an example of a configuration of an initial response (ATR) performed by the IC card 1 according to the embodiment of the present invention.
In the example shown in FIG. 4, the initial response (ATR) includes a plurality of characters, that is, TS that is an initial byte, T0 that is a format byte, and i = 1, 2, 3, and so on. ,..., TA (i), TB (i), TC (i), TD (i), which are interface bytes, and maxk = 15, and historical bytes related to information management (historical bytes). This is data in which certain T1 to TK and a check parameter TCK are arranged side by side.
Accordingly, the initial response (ATR) has a Pause period equal to the number of characters constituting the initial response (ATR) minus one. Note that the maximum number of data bytes from T0 to TCK is 32 bytes.

FIG. 5 is a schematic diagram showing a character configuration of an initial response (ATR) performed by the IC card 1 according to the embodiment of the present invention.
As shown in the figure, all characters transmitted from the I / O terminal in the initial response (ATR) are composed of 10 bits. The first bit of the character is called the start bit and is always low. At a time prior to the start bit, the state is maintained High. The last bit of the character is a parity bit, and the parity bit is determined as High or Low so that the number of bits having a value of “1” included in the character is an even number.

  As shown in the figure, a Pause period is provided after the last bit (parity bit) of the character. Note that an upper limit value and a lower limit value are specified in advance for the length of the Pause period, and the IC card 1 can transmit the next character at an arbitrary timing as long as it is within the specified range. For data communication between the IC card 1 and the reader / writer 10, a half-duplex communication method is used in which data transmission is alternately performed between two communication devices. That is, when one transmits data, the other receives data, and both cannot transmit data simultaneously. Therefore, a guard time (Pause period) is required in which the elapsed time from the start of data reception or transmission is counted and the next data is not transmitted / received until the elapsed time has elapsed.

  As described above, according to the present invention, in the IC card 1 that requires initial processing of hardware and software at the time of start-up, the entire processing is not performed within the specified time specified in the standard (ISO7816-3). Thus, the initial processing can be performed. Specifically, the IC card 1 performs the minimum necessary initial processing within a specified time specified in the standard (ISO7816-3). Then, the IC card 1 performs the remaining (incomplete) initial processing in each Pause period included in the initial response (ATR).

  Note that, as described above, the minimum required initial processing includes, for example, communication-related parameter setting, and other initial processing includes, for example, confirmation processing for the presence or absence of abnormality in the memory, or Processing for confirming whether or not the program has been tampered with, processing for confirming whether or not there is an abnormality in the operation of the cryptographic calculation hardware, and processing for confirming whether or not there is an abnormality in the operation of the random number generator are included.

[Flow of startup processing]
Hereinafter, a flow of communication performed between the IC card 1 and the reader / writer 10 in the activation process will be described with reference to the drawings.
FIG. 6 is a sequence diagram illustrating an example of communication performed between the IC card 1 and the reader / writer 10 according to the embodiment of the present invention.

First, when the IC card 1 is inserted into the reader / writer 10 (when in contact with the reader / writer 10), the reader / writer 10 transmits a reset signal (activation request signal) to the IC card 1 (FIG. 6, S001).
When the IC card 1 receives the reset signal (start-up request signal), the minimum required initial processing (for example, communication-related parameter setting, etc.) is performed in the period tc (which can be completed during the period tc). This is executed (FIG. 6, S002). When the minimum necessary initial processing is completed, the reader / writer 10 transmits an initial byte (TS) to the reader / writer 10 (FIG. 6, S003).
The reader / writer 10 receives an initial byte (TS).

The IC card 1 performs the remaining initial processing (for example, memory) in the Pause period, which is a period from the completion of the transmission of the initial byte (TS) to the transmission of the next character (that is, the format byte (T0)). Etc.) is executed (FIG. 6, S004). When the remaining initial processing is completed, or when the upper limit of the Pause period is reached, the reader / writer 10 transmits a format byte (T0) to the reader / writer 10 (FIG. 6, S005).
The reader / writer 10 receives the format byte (T0).

When the initial processing is not completed, the IC card 1 is a period from the completion of the transmission of the format byte (T0) to the transmission of the next character (that is, the interface byte (TA (1))). During the Pause period, the remaining initial processing is executed (FIG. 6, S006). When the remaining initial processing is completed, or when the upper limit of the Pause period is reached, the reader / writer 10 transmits an interface byte (TA (1)) to the reader / writer 10 (FIG. 6, S007).
The reader / writer 10 receives the interface byte (TA (1)).

  Similarly, thereafter, when the initial processing is not completed, the IC card 1 sequentially transmits each character constituting the initial response (ATR) to the reader / writer 10 while executing the remaining initial processing during the pause period.

When the IC card 1 transmits the last character (that is, the check parameter (TCK)) to the reader / writer 10 (FIG. 6, S009), the transmission of the initial response (ATR) is completed.
Upon receiving the check parameter (TCK), the reader / writer 10 receives the command APDU.
Is transmitted to the IC card 1 (FIG. 6, S010).
The IC card 1 receives the command APDU.

As described above, according to the present invention, in the IC card 1 that requires hardware and software initial processing at the time of activation, the entire processing is not performed within the time specified in the standard (ISO7816-3). Thus, the initial processing can be performed. Specifically, the IC card 1 performs the minimum necessary initial processing within a specified time specified in the standard (ISO7816-3). Then, the IC card 1 performs the remaining (incomplete) initial processing in each Pause period included in the initial response (ATR).
Thereby, the IC card 1 according to the embodiment of the present invention can complete the activation process without complicating the activation process.

  The embodiment of the present invention has been described in detail above, but the specific configuration is not limited to the above-described one, and various design changes can be made without departing from the scope of the present invention. It is.

Note that a part or all of the IC card 1 in the above-described embodiment may be realized by a computer of the IC card 1. In that case, the program for realizing the control function may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read by the computer system and executed.
Here, the “computer system” is a computer system built in the IC card 1 and includes an OS and the like. The “computer-readable recording medium” refers to a storage device such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a hard disk built in the computer system.

  Furthermore, “computer-readable recording medium” means a program that dynamically holds a program for a short time, such as a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line, In this case, a volatile memory inside a computer system that serves as a server or a client may be included that holds a program for a certain period of time. The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.

  DESCRIPTION OF SYMBOLS 1 ... IC card, 10 ... Reader / writer, 11 ... CPU, 12 ... Coprocessor, 13 ... Random number generator, 14 ... I / O, 15 ... ROM, 16 ... RAM, 17 ... EEPROM, 21 ... Reset signal receiver, 22 ... Startup processor, 23 ... Data receiver, 24 ... Data transmitter, 25 ... Command processing Part 26... APDU processing part 27 27 response processing part

Claims (4)

An IC card that makes an initial response within a specified time in response to an activation request signal from a reader / writer,
When the activation process is performed after the activation request signal is received and before the initial response is started, and the activation process is not completed by the transmission of the first character in the initial response, the character is An activation processing unit that executes the activation process incomplete during a period from transmission to transmission of the next character;
An IC card characterized by comprising: The activation process includes a confirmation process for the presence or absence of abnormality in the memory, a confirmation process for the presence or absence of falsification in the program, a confirmation process for the presence or absence of abnormality in the operation of the cryptographic operation hardware, and an abnormality in the operation of the random number generator. The IC card according to claim 1, comprising at least one of confirmation processes for the presence or absence of the card. An IC card activation processing method for making an initial response within a specified time to an activation request signal from a reader / writer,
When the activation processing unit executes the activation process after receiving the activation request signal until starting the initial response, and the activation process is not completed by the transmission of the first character in the initial response Is an activation process step for executing the incomplete activation process in a period from when the character is transmitted until the next character is transmitted;
An IC card activation processing method characterized by comprising: To the computer of the IC card that makes an initial response within a specified time to the activation request signal from the reader / writer,
When the activation process is performed after the activation request signal is received and before the initial response is started, and the activation process is not completed by the transmission of the first character in the initial response, the character is An activation process step for executing the incomplete activation process in a period from transmission to transmission of the next character;
IC card activation processing program for executing.

Images