JP2019185162A - Ic card issue system and ic card - Google Patents

Abstract

To provide an IC card issue system capable of issuing an IC card with high security using an IC card issuing machine which is not qualified.SOLUTION: A card contractor host computer writes card-characteristic data, IC card key data, and issuer open key data to a predetermined storage region of an IC card through preliminary issue processing, writes dummy data for user individual data in an individual file, and distributes it to a member merchant. The card contractor host computer generates input data for user individual data to an IC card, generates data ciphered using the IC card key data, and transmits it to the IC card through a store primary issue device of the member merchant to primarily issue the IC card by letting the IC card have writing the user individual data written in the individual file according to the input data obtained by deciphering the ciphered data using the IC card key data.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an IC card issuing system and an IC card.

  2. Description of the Related Art In recent years, in the financial and credit industries, services that immediately issue cash cards or magnetic cards used as credit cards, IC cards, and the like at stores have been actively performed. For example, in Patent Document 1, an examination terminal disposed in a store, an IC card issuing terminal, at least one IC card issuing machine installed in an IC card immediate issue booth, and a place remote from the store are provided. An IC card immediate issuance system including a server installed in a system center is disclosed.

JP 2003-203207 A

  However, when introducing an IC card issuing machine, it is necessary to store key data in the IC card issuing machine. Since key data should never be leaked to the outside, it must be issued under a high security environment. Therefore, it was necessary to use an IC card issuing machine that was certified by auditing whether there was a problem in security management.

  Since this IC card issuing machine has a high hurdle for obtaining certification, there is a problem that it is difficult to install the IC card issuing machine in a store such as a convenience store.

  The present invention has been made in view of such circumstances, and an object of the present invention is to obtain an IC card issuing system that can issue an IC card with high security by using an IC card issuing machine that has not been certified. For the purpose.

In order to solve the above problems, the present invention is an IC card issuing system having a card contractor host computer and a store book issuing device,
The card contractor host computer performs a preliminary issuance process,
The card unique data, the IC card key data, and the issuer public key data are written in a predetermined storage area of the IC card, the dummy data of the individual user data is written in an individual file, and the IC card is installed in the store book issuing device. Distribute to member stores,
The card contractor host computer is
Create input data of user individual data to the IC card and create data encrypted using the IC card key data and send it to the IC card via the store book issuing device, the IC card, The IC card issuance system is characterized in that the IC card is issued by writing the user individual data in the individual file in accordance with input data obtained by decrypting the encrypted data using the IC card key data.

  With this configuration, the present invention has an effect that it is not necessary to secure high security in the store book issuing device. The store book issuing device can be installed in a store such as a convenience store, and an IC card can be issued in many stores. There is an effect to become.

The present invention is the above IC card issuing system,
The IC card includes the card-specific data in a secondary issuance completion notice for notifying that the IC card has been issued by writing user-specific data into the individual file of the IC card, and using the issuer public key data The IC card issuing system is characterized in that the encrypted data is created and transmitted to the card contractor host computer via the store book issuing device.

Further, the present invention is an IC card issued by communicating with a card contractor host computer via a store book issuing device,
Storing card-specific data, IC card key data, and issuer public key data in a predetermined storage area; storing dummy data of individual data for users in an individual file;
The cipher communication book issuing means
Receiving input data of individual data for a user encrypted using the IC card key data from the card contractor host computer;
It is issued by decrypting the encrypted input data of the individual user data using the IC card key data and writing the individual user data into the individual file according to the decrypted input data. IC card.

The present invention is the above IC card,
The cipher communication book issuing means
Secondary issue completion notification data for notifying that the individual data for user has been written to the individual file is created including the card-specific data,
An IC card, wherein data obtained by encrypting the secondary issue completion notification data using the issuer public key data is generated and transmitted to the card contractor host computer.

  As described above, according to the present invention, by the preliminary issuing process, the card unique data and the IC card key data are written in the predetermined storage area of the IC card, and the dummy data of the user individual data is written in the individual file and reserved. The issued IC card is distributed to the member stores where the store main issuing device is installed.

  Then, the card contractor host computer decrypts the data obtained by encrypting the input data of the individual user data to the IC card using the IC card key data, and the pre-issued IC card decrypts the data using the IC card key data. Then, the IC card is issued by obtaining the individual user data and writing it in the individual file.

  By issuing an IC card, the IC card key data is not informed to the store book issuing device of the member store, so the store book issuing device does not require high security, and the store book issuance to stores such as convenience stores. An apparatus can be installed, and the effect that an IC card can be issued at many stores can be obtained.

It is a block diagram which shows the structure of the IC card issue system regarding the IC card in embodiment of this invention. It is a block diagram which shows the structure of the memory | storage area | region of the IC card preliminary issued in embodiment of this invention. It is a flowchart which shows the example of a process sequence which issues IC card secondary in embodiment of this invention. It is a block diagram which shows the structure of the memory area of this issued IC card in embodiment of this invention.

<First Embodiment>
Hereinafter, embodiments of the present invention will be described. The first embodiment of the present invention uses an IC card issuing system as shown in the block diagram of FIG. This IC card issuance system performs the issuance processing of the IC card 10 and is a communication line to the IC card primary issuance device 100 connected by the communication network NW, the card contractor host computer 200, and the card contractor host computer 200. The pre-issuance device 210 at shipping and the main store issuing device 300 are connected to each other.

(IC card 10)
2 and 4 show a block configuration of the IC card 10. The IC card 10 includes a communication unit 11 that communicates with an IC card reader / writer 20 of an external device such as a shipping preliminary issuing device 210 and a store book issuing device 300, a control unit 12, a volatile memory RAM, and a read-only memory. A storage unit 13 including a non-volatile memory such as a memory ROM or a flash memory is provided.

  The communication with the external device by the communication unit 11 may be a contact type, or may be a non-contact type short-range wireless communication in which power is supplied from the IC card reader / writer 20 of the external device for communication. .

(Storage means 13 of the IC card 10)
As shown in the block diagrams of FIGS. 2 and 4, the storage means 13 of the IC card 10 is configured by nonvolatile storage means such as a read-only memory ROM, an EEPROM (Electrically Erasable and Programmable ROM), or a flash memory.

  The storage area of the storage unit 13 includes a file management area AR1, a system area AR2, a user data area AR3, and other storage areas.

(File management area AR1)
The file management area AR1 stores file management information for managing data stored in the system area AR2, the user data area AR3, and other storage areas in units of files.

(System area AR2)
In the system area AR2, system information including various setting information including an OS (Operating System) and a file storage area creation means, card unique data AD different for each IC card such as an ID number of the IC card 10, and the like The program of the encryption communication book issuing means 14 is stored.

The card unique data AD is data unique to each card assigned to each card. For example, a card serial number or a CPLC (Card card defined by the EMV standard) is used.
Production Life Cycle History File Identifier).

(Cryptographic communication book issuing means 14)
The encryption communication main issue means 14 of the IC card 10 is the card contractor host computer 2
The data encrypted with the issuer public key data Pi for 00 is transmitted to the card contractor host computer 200 via the store book issuing device 300.

  The encrypted communication book issuing means 14 receives the input data of the individual user data encrypted using the IC card secret key data Ps from the card contractor host computer 200 via the store book issuing device 300, The encrypted data is decrypted using the IC card private key data Ss.

  Thus, the encrypted communication book issuing unit 14 performs encrypted communication with the card contractor host computer 200 via the store book issuing device 300 to exchange encrypted data that is not decrypted by the store book issuing device 300.

  The cipher communication main issue means 14 of the IC card 10 then stores the user stored in the individual file 15 of the work basic file WEF by the preliminary issue processing in accordance with the input data (Issuer script command) of the decrypted user individual data. The dummy data 15d for the individual data for use is replaced with the individual data for user 15t and stored. Then, the encrypted communication book issuing means 14 transmits the data obtained by encrypting the secondary issue completion notification data to the card contractor host computer 200 via the store book issuing device 300.

(User Data Area AR3) Hierarchical Structure of Dedicated File DF The user data area AR3 is an area for storing user data used by the application. As shown in FIG. 2, the IC card 10 stores a dedicated file DF (Dedicated File) in the user data area AR3 in a hierarchical structure below the main file MF (Master File), and a basic file under the dedicated file DF. EF (Elementary File) and other dedicated file DF are stored.

  Directory information is attached to each of the files (MF, DF, EF), and the files connected under the directory are recognized and managed based on the directory information. The directory information stores information such as a file number for identifying a file, a file position, key information such as verification or mutual authentication, access conditions, and attributes.

(Dedicated file DF)
The directory information of the dedicated file DF includes information such as the file position and attributes of the basic file EF configured under the dedicated file DF.

(Basic file EF)
The basic file EF configured under the dedicated file DF is a file for storing data, and is divided into two types, ie, IEF (Internal Elementary File) and WEF (Working Basic File).

(Internal basic file IEF)
The internal basic file IEF of the IC card 10 stores key information such as secure communication key information and authentication key information for authenticating the read / write access right of the IC card 10 with respect to the external device.

  In addition, the internal basic file IEF is stored in the IC card key data (Ps, Ss) and the preliminary issuance process of the secondary issuance process by the card contractor by the preliminary issuer 210 at the time of shipment of the card contractor host computer 200. Issuer public key data Pi is written.

  Also, in the basic basic file IEF, the signature data SD (Si) obtained by encrypting the card specific data AD with the issuer secret key data Si by the card contractor host computer 200 is stored by the preliminary issuing device 210 at the time of shipping in the preliminary issuing process. Written. Further, data Pi (Ss) obtained by encrypting the issuer public key data Pi with the IC card private key data Ss is also written.

  The IC card key data (Ps, Ss), the issuer public key data Pi, the signature data SD (Si), and the encrypted data Pi (Ss) are stored in the internal basic file IEF created in the system area AR2. It is also possible to create the IC card 10. Of these data, it is desirable to store different data for each individual application of the IC card 10 in the internal basic file IEF created in the user data area AR3.

(Work basic file WEF)
The work basic file WEF stores the individual file 15 of the IC card 10. In the present embodiment, dummy data 15 d of user individual data is written to the individual file 15 by the preliminary issue device 210 at the time of shipment of the card contractor host computer 200 in the preliminary issue processing.

  In this issuance process, the card contractor host computer 200 uses the store book issuance apparatus 300 to generate dummy data 15d of the individual data for the user, general data including the user's personal name, account number, and the like, Or individual data for users 15t such as user data which is a use area of a credit company or the like.

(Configuration of IC card issuing system)
Hereinafter, an IC card issuing system for issuing the IC card 10 will be described with reference to FIGS. 1 and 2.

(0th issue of IC card 10 by the manufacturer)
The IC card 10 manufactured at the manufacturer's production factory is shipped with the system data stored in the system area AR2. This state is also referred to as zero-order issue.

(Primary issuing process by the IC card primary issuing device 100)
A card issuer who has received the IC card 10 that has already been issued the 0th order from the production factory performs a primary issue process of the IC card 10 using the IC card primary issue device 100.

  The IC card primary issuing device 100 stores application software (application) common to all IC cards, for example, a financial card such as a cash card or credit card, in the user data area AR3 of the storage means 13 of the IC card 10. Write common data such as applications for transportation cards such as commuter passes and balance-type tickets, basic resident register cards, insurance card cards, and public card programs such as driver's licenses and passports.

  Then, the IC card primary issuing device 100 creates a dedicated file DF for the application under the main file MF in the user data area AR3 of the IC card 10, and the internal basic file IEF and A work basic file WEF is created.

(Secondary issue processing of IC card 10 by card contractor)
The card issuer delivers the IC card 10 that has been primarily issued to the card contractor (often also served by the card issuer). For example, the IC card 10 primarily issued by the card issuer is transported to a card contractor such as a consumer electronics store. The card contractor performs secondary issue processing of the IC card 10. In the present invention, the secondary issue processing is divided into two of the preliminary issue processing and the main issue processing.
Do it in stages.

(Card Contractor Host Computer 200)
The card contractor host computer 200 creates different card unique data AD for each IC card 10 such as an ID number of the IC card 10 in the preliminary issue process, and encrypts the card unique data AD with the issuer secret key data Si. Signature data (denoted as SD (Si)) is generated and stored in the IC card 10 using the shipping preliminary issuing device 210.

(Issuer key data (Pi, Si))
The card contractor host computer 200 stores issuer key data (Pi, Si), which is a card contractor public key set. A public key set is a set of public key data and secret key data. The issuer secret key data Si is stored only by the card contractor host computer 200 and is not stored in an external device.

  The issuer public key data Pi is notified to the member store, and is used for encryption processing when the store main issuing device 300 of the member store transmits user application data to the card contractor side.

  Further, the issuer public key data Pi is stored in the IC card 10 by the card contractor host computer 200 using the shipping preliminary issuing device 210 in the preliminary issuing process.

(Member store key data (Pa, Sa))
The card contractor host computer 200 creates member store key data (Pa, Sa), which is a member store public key set, for each member store of the card contractor.

  The member store key data (Pa, Sa) is stored in the store book issuing device 300 of the member store.

(IC card key data (Ps, Ss))
In addition, the card contractor host computer 200 creates IC card key data (Ps, Ss), which is an IC card public key set, for each IC card 10. The IC card key data (Ps, Ss) is a key pair used for IC card authentication processing.

  Further, data (denoted as Pi (Ss)) obtained by encrypting the issuer public key data Pi paired with the issuer secret key data Si with the IC card secret key data Ss of the IC card 10 is generated.

(Preliminary issue processing by the preliminary issue device 210 at the time of shipment)
In the pre-issuance process, the card contractor host computer 200 uses the pre-issuance pre-issuance device 210 to store the card specific data AD, the issuer public key data Pi, the IC card key in a predetermined storage area of the IC card 10. Data (Ps, Ss) is stored, and signature data (SD (Si)) and encrypted data (Pi (Ss)) are stored.

  In this issuing process, the IC card 10 receives the input data of the individual data for the user encrypted with the IC card key data Ps from the card contractor host computer 200 via the store book issuing device 300. The cipher communication main issuing means 14 of the IC card 10 decrypts the encrypted input data of the individual user data using the IC card secret key data Ss.

  Further, as shown in FIG. 2, the shipping preliminary issuing device 210 writes the dummy data 15d of the individual user data to the individual file 15 of the work basic file WEF under the dedicated file DF of the storage means 13 of the IC card 10. .

  Further, the card contractor host computer 200 uses the preliminary issue device 210 at the time of shipment to the IC card 10, and the IC card 10 except for the store main issue device 300 of the member store to which the IC card 10 is distributed. A tamper resistant process is performed to prevent access and to protect the IC card 10 from illegally reading data and destroying data.

  The card contractor host computer 200 uses the pre-issuance device 210 at the time of shipment, and the card specific data AD, key data, and signature data (SD (Si)) are stored in a predetermined storage area of the IC card 10 as described above. ), Encrypted data (Pi (Ss)), and dummy data 15d of individual user data are written and distributed to each member store.

  The card contractor host computer 200 stores a list of card-specific data AD and IC card key data (Ps, Ss) of the distributed IC card 10 for each member store.

(Main issue processing by the store main issue device 300)
The card contractor installs a so-called simple or small store book issuing device 300 at each member store that has signed a member store contract. In addition, each member store distributes and stores a plurality of IC cards 10 pre-issued by the card contractor.

  The store book issuing device 300 of each member store includes a personal computer (PC) loaded with software necessary for book issuing of an IC card and an IC card reader / writer. The store book issuing device 300 stores member store key data (Pa, Sa) for authenticating itself to others. The store book issuing device 300 is connected to the card contractor host computer 200 via a communication line, exchanges various data necessary for the main issue of the IC card 10 with the card contractor host computer 200, and transmits the data to the IC card 10. To do.

  The card contractor host computer 200 uses the store book issuing device 300 and the encrypted communication book issuing means 14 of the IC card 10 to perform personalization processing for storing data necessary for individual users to operate the IC card. Perform this issuance process.

  In this issuance processing, the card contractor host computer 200 uses the store book issuance apparatus 300 for the user stored in the individual file 15 of the work basic file WEF of the storage means 13 of the IC card 10 in a pre-issued state. The dummy data 15d of the individual data is rewritten to the user individual data 15t as shown in FIG.

  Specifically, when a member who has entered a card application form fills in the card application form at the member store, the user enters the card application form entry data as application data from the OCR, for example.

  The store book issuing device 300 encrypts the application data (including the user's personal data) with the issuer public key data Pi, and transmits the encrypted application data to the card contractor host computer 200.

  Upon receiving the application data from the store book issuing device 300, the card contractor host computer 200 decrypts the application data with the issuer private key data Si paired with the issuer public key data Pi.

  The card contractor host computer 200 executes a predetermined credit examination process based on the user's personal data included in the application data. If the credit examination result is denied, the IC card issuance process is stopped.

  If the credit examination result is acceptable, the card contractor host computer 200 inputs the user's personal data, for example, input data of individual data for the user in the EMV specification data format (record data to be input to the IC card: issuer script command) ). Further, the card contractor host computer 200 transmits the input data of the individual user data obtained by encrypting the input data with the IC card public key data Ps to the store book issuing device 300.

  The store book issuing device 300 transmits the input data of the encrypted individual user data to the pre-issued IC card 10 distributed to the store.

  The cipher communication main issuing means 14 of the IC card 10 decrypts the encrypted input data of the individual user data with the IC card secret key data Ss.

  Then, the cipher communication main issuing unit 14 of the IC card 10 performs the user individual storage stored in the individual file 15 of the work basic file WEF of the storage unit 13 in accordance with the input data (Issuer script command) of the decrypted individual user data. The data dummy data 15d is rewritten to the individual user data 15t.

  Thereby, personalization processing for storing data necessary for the individual user to operate the IC card in the IC card 10 is completed.

  The IC card 10 that has been subjected to such personalization processing allows the user to use various applications of the IC card, for example, can actually perform money transfer as a cash card or a credit card.

  In this way, the store book issuing device 300 leaves the encryption processing to the encryption communication book issuing means 14 of the IC card 10 and performs the book issuing process of the IC card 10 so that the IC card 10 issuing process can be performed in a short time from the user application. The IC card 10 can be efficiently issued.

(Secondary issue procedure of IC card)
Hereinafter, with reference to the flowchart of FIG. 3, the operation procedure of the secondary issue process by the IC card issue system of this embodiment will be described.

(Step S1) Preliminary Issuance Processing The card contractor host computer 200 of the card contractor creates card-specific data AD such as an ID number that differs for each IC card 10, and uses the card-specific data AD as issuer secret key data. Signature data encrypted with Si (denoted as SD (Si)) is generated.

  The card contractor host computer 200 creates IC card key data (Ps, Ss), which is an IC card public key set, for each IC card 10, and encrypts the issuer public key data Pi with the IC card private key data Ss. Data (denoted as Pi (Ss)) is generated.

  Then, the card contractor host computer 200 preliminarily issues the IC card 10 in which data is written as shown in FIG.

That is, the shipping preliminary issuing device 210 writes the card specific data AD in the system area AR2 of the IC card 10, and the issuer public key data Pi is stored in the internal basic file IEF under the dedicated file DF for the card contractor application. IC card key data (Ps, Ss) is stored, signature data (SD (Si)) and encrypted data (Pi (Ss)) are stored, and the individual file 15 of the work basic file WEF is stored in the individual file 15. The dummy data 15d for the individual data is written.

  The card contractor distributes the IC card 10 preliminarily issued by using the pre-issuance device 210 at the time of shipment to each member store.

  The card contractor host computer 200 stores a list of card-specific data AD and IC card key data (Ps, Ss) of the distributed IC card 10 for each member store.

(Step S2) Application Processing The user visits the member store, and the user fills in the card application form at the member store. Then, an operator of the store book issuing device 300 of the member store inputs the entry items of the card application form as application data from the OCR, for example, and encrypts the application data (including the user's personal data) with the issuer public key data Pi. Then, it is transmitted to the card contractor host computer 200.

  Alternatively, the user can input the application data by operating the store book issuing device 300 of the member store. Further, the user application data can be transmitted to the card contractor host computer 200 in advance by using a user information processing terminal device such as a mobile phone or a personal computer possessed by the user.

(Step S3)
When receiving the application data transmitted from the store book issuing device 300 or the user information processing terminal device, the card contractor host computer 200 decrypts the received application data with the issuer secret key data Si.

(Step S4)
The card contractor host computer 200 executes a predetermined credit examination process based on the user's personal data included in the application data. If the credit examination result is acceptable, the process proceeds to step S5.

(NO in step S4)
On the other hand, if the credit examination result is denied, the card contractor host computer 200 notifies the store main issuing device 300 and the user of the member store to that effect.

(Step S5) IC Card Delivery Request Next, the user requests the member store to deliver the IC card 10. After the member store confirms the user himself / herself, the operator of the member store operates the store book issuing device 300 to cause the store book issuing device 300 to generate issuance request data for the user's IC card 10.

(Step S6)
The store book issuing device 300 selects the pre-issued IC card 10 that is stored for book issuing, and transmits a command for requesting the card-specific data AD to the IC card 10.

(Step S7)
The IC card 10 that has received the command from the store book issuing device 300 creates data obtained by encrypting the card specific data AD with the issuer public key data Pi, and transmits the data to the store book issuing device 300.

(Step S7 ')
Since the encrypted data is encrypted with the issuer public key data Pi, the store book issuing device 300 cannot read the contents and cannot know the card-specific data AD of the IC card 10. The store book issuing device 300 transmits 10 issue request data of the IC card including the encrypted data to the card contractor host computer 200.

  At that time, the store book issuing device 300 generates signature data created by encrypting data obtained by encrypting predetermined data with the member store private key data Sa with the issuer public key data Pi as signature data. It is possible to notify the card contractor host computer 200 of the requesting merchant by attaching it to the issuance request data.

(Step S8)
When the card contractor host computer 200 receives the issue request data of the user's IC card 10 from the store book issuing device 300 of the member store, the card contractor host computer 200 converts the card unique data AD encrypted with the issuer public key data Pi into the issuer secret key. Decoding is performed using data Si, and card-specific data AD is read.

  The card contractor host computer 200 sends a list of card-specific data AD of the IC card 10 distributed to each member store of the store book issuing device 300 that has transmitted the issuance request data of the IC card 10 and received card-specific data. Verify AD.

  If the card contractor host computer 200 can confirm from the list that the IC card 10 of the card-specific data AD is distributed to the member store, the card contractor host computer 200 recognizes the store book issuing device 300 as a legitimate device. If the card-specific data AD of the IC card 10 is not recorded in the IC card distribution list to the member store, the store book issuing device 300 is regarded as an unauthorized device and the card issuance processing is stopped. .

(Modification 1)
As a first modification, as a means for authenticating the store book issuing device 300 by the card contractor host computer 200, an e-mail for confirming the issue request of the IC card 10 is sent to the user information processing terminal device of the user who has undergone the credit examination And the store book issuing device 300 can be authenticated and the card book issuing process can proceed.

(Step S9)
If the card contractor host computer 200 recognizes that the store book issuing device 300 is a legitimate device, the card contractor host computer 200 generates input data (issuer script command) for the individual user data from the user application data.

(Step S10)
Then, the card contractor host computer 200 encrypts the input data (Issuer script command) of the individual user data with the IC card public key data Ps of the IC card 10 having the card specific data AD, and stores the data of the member store. It transmits to the store book issuing device 300.

(Step S10 ')
The store book issuing device 300 can read the contents of the encrypted individual user data input received from the card contractor host computer 200 with the IC card public key data Ps. The input data of the individual user data cannot be decrypted. The store book issuing device 300 transmits the encrypted input data of the individual user data to the predetermined IC card 10 stored in the store book issuing device 300.

(Step S11)
The IC card 10 that has received the input data of the individual user data encrypted from the store book issuing device 300 is sent to the IC card private key by the encrypted communication main issue means 14. Decoding is performed using the data Ss.

(Step S12)
Then, the cipher communication main issuing means 14 of the IC card 10 converts the individual user data 15t into the individual file 15 of the IC card 10 in accordance with the input data (Issuer script command) of the decrypted user individual data as shown in FIG. Is stored in place of the dummy data 15d of the individual user data stored in (1). Thereby, the personalization process for storing data necessary for individual users to operate the IC card is completed.

(Step S13) Creation of Secondary Issue Completion Notification Data When the personalization process of the IC card 10 is completed, the IC card 10 creates secondary issue completion notification data.

  The transmission data creates secondary issuance completion notification data including card-specific data AD of the IC card 10 for which the secondary issuance has been completed, creates data obtained by encrypting the data using the issuer public key data Pi, It transmits to the store book issuing device 300.

(Modification 2)
As a second modification, when the secondary issue completion notification data is created, the secondary issue notification is used to prove that the secondary issue notification data was created by the IC card 10 of the card-specific data AD. The signature data obtained by encrypting the data using the IC card secret key data Ss can also be transmitted.

(Step S13 ′)
The store book issuing device 300 cannot read the content obtained by encrypting the secondary issue completion notification data received from the IC card 10 with the issuer public key data Pi. The store book issuing device 300 transmits the encrypted data to the card contractor host computer 200. Then, the IC card 10 is handed over to the user.

  At that time, the store main issuing device 300 has completed the second issue of signature data created by encrypting the data obtained by encrypting the predetermined data with the member store private key data Sa with the issuer public key data Pi as the signature data. It is possible to notify the card contractor host computer 200 of the member store of the secondary issue completion notification source by attaching it to the notification data.

(Step S14)
The card contractor host computer 200 decrypts the encrypted secondary issue completion notification data using the issuer secret key data Si to obtain secondary issue completion notification data. Then, the card-specific data AD of the IC card 10 and the user application data are linked and stored in a database for management.

With the above system, an IC that functions as, for example, a credit card at a member store if it is approved by a credit card operator's credit review upon user application.
Cards can be issued immediately. In short, the regular IC card 10 that has undergone credit examination by the card contractor can be issued immediately at the store.

  Here, the contents of the encrypted communication performed by the IC card 10 and the card contractor host computer 200 using the IC card key data (Ps, Ss) and the issuer public key data Pi are as follows: Only the host computer 200 can read, and the store book issuing device 300 of the member store cannot decrypt and read. Therefore, the store book issuing device 300 has an effect that it is not necessary to ensure high security.

  The store book issuing device 300 needs only the security of data communication for acquiring personal data from the user and transmitting the personal data to the card contractor host computer 200.

  Input data of individual user data to be written to the IC card 10 is encrypted from the card contractor host computer 200 and sent to the store book issuing device 300, and the store book issuing device 300 receives the encrypted user data. It is only necessary to transmit the input data of the individual data to the IC card 10 as it is. The encrypted individual user data input data is decrypted by the encrypted communication main issuing means 14 of the IC card 10.

  The store book issuing device 300 does not know or store the card-specific data AD of the IC card 10 nor the IC card key data (Ps, Ss), so the store book issuing device 300 is authorized for the security of the data. There is no need to do.

  Thereby, the IC card can be issued with high security by using the store book issuing device 300 that does not require authorization for security such as key data of the IC card 10. The store main issuing device 300 that does not require the authorization can be installed in a store such as a convenience store, and the IC card 10 can be easily issued.

  The above-described IC card 10 records a program for realizing the function on a computer-readable recording medium (storage medium), and reads the program recorded on the recording medium into a computer system so that the IC card can be read. You may perform the process which provided the function as the above-mentioned IC card 10 by comprising a medium and running the program.

  Here, “loading and executing a program recorded on a recording medium into a computer system” includes installing the program in the computer system. The “computer system” here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” may include a plurality of computer devices connected via a network including a communication line such as the Internet, WAN, LAN, and dedicated line.

  The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. As described above, the recording medium storing the program may be a non-transitory recording medium such as a CD-ROM. The recording medium also includes an internal or external recording medium that can be accessed from a distribution server in order to distribute the program.

The code of the program stored in the recording medium of the distribution server may be different from the code of the program that can be executed by the terminal device. That is, the format stored in the distribution server is not limited as long as it can be downloaded from the distribution server and installed in a form that can be executed by the terminal device.

  Note that the program may be divided into a plurality of parts, downloaded at different timings, and combined in the terminal device, or the distribution server that distributes each of the divided programs may be different.

  Furthermore, the “computer-readable recording medium” holds a program for a certain period of time, such as a volatile memory (RAM) inside a computer system that becomes a server or a client when the program is transmitted via a network. Including things.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 10 ... IC card 11 ... Communication part 12 ... Control means 13 ... Storage means 14 ... Cryptographic communication main issue means 15 ... Individual file 15d ... Dummy data of individual data for users 15t ... Individual data for user 20 ... IC card reader / writer 100 ... IC card primary issuing device 200 ... Card contractor host computer 210 ... Preliminary issuing device 300 at shipment Store book issuing device AD: card-specific data AR1, file management area AR2, system area AR3, user data area DF, dedicated file EF, basic file IEF, internal basic file MF ... Main file NW ... Communication network Pa ... Member's public key data Pi ... Issuer public key data Ps ... IC De public key data RAM ··· volatile memory Sa ··· for merchant secret key data Si ··· issuer secret key data Ss ··· IC card secret key data WEF ··· work underlying file

Claims (4)

An IC card issuing system having a card contractor host computer and a store book issuing device,
The card contractor host computer performs a preliminary issuance process,
The card unique data, the IC card key data, and the issuer public key data are written in a predetermined storage area of the IC card, the dummy data of the individual user data is written in an individual file, and the IC card is installed in the store book issuing device. Distribute to member stores,
The card contractor host computer is
Create input data of user individual data to the IC card and create data encrypted using the IC card key data and send it to the IC card via the store book issuing device, the IC card, An IC card issuing system for issuing an IC card by writing user individual data in the individual file in accordance with input data obtained by decrypting the encrypted data using the IC card key data. An IC card issuing system according to claim 1,
The IC card includes the card-specific data in a secondary issuance completion notice for notifying that the IC card has been issued by writing user-specific data into the individual file of the IC card, and using the issuer public key data The IC card issuing system is characterized in that the encrypted data is created and transmitted to the card contractor host computer via the store book issuing device. An IC card issued by communicating with a card contractor host computer through a store book issuing device,
Storing card-specific data, IC card key data, and issuer public key data in a predetermined storage area; storing dummy data of individual data for users in an individual file;
The cipher communication book issuing means
Receiving input data of individual data for a user encrypted using the IC card key data from the card contractor host computer;
It is issued by decrypting the encrypted input data of the individual user data using the IC card key data and writing the individual user data into the individual file according to the decrypted input data. IC card. An IC card according to claim 3,
The cipher communication book issuing means
Secondary issue completion notification data for notifying that the individual data for user has been written to the individual file is created including the card-specific data,
An IC card, wherein data obtained by encrypting the secondary issue completion notification data using the issuer public key data is generated and transmitted to the card contractor host computer.

Images