JP2020005240A - Online service provision system - Google Patents

Abstract

To provide a novel security technology capable of realizing secure service utilization, without compromising convenience of mobile.SOLUTION: When a user tries to perform transfer procedure from application, user authentication by PIN code, or the like, is requested at first. When user authentication is successful, function limitation of sub SIM is released, and a mode capable of using the function provided by the sub SIM is brought about. The application encrypts a procedure message describing the procedure content by secret key, by using the function of the sub SIM, thus generating an electronic signature. When this electronic signature and the procedure message are sent to the server of online service, the server verifies the electronic signature by using a corresponding electronic certificate. When a confirmation is made that the procedure message was sent from a propriety user, and the content is not tampered, as a result of verification, the server executes procedure such as transfer according to the content of the procedure message.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a technology for improving security when using an online service from a portable device.

  With the spread of the Internet, various online services have appeared and are being used by many people. On the other hand, cyber security issues are increasing day by day, and security measures are required to use online services safely and securely.

For example, in an online banking service, the damage caused by a cyber attack called a man-in-the-middle attack (MITM) has recently increased rapidly. MITM attacks use malware and fake sites to hijack communications between online banking users and financial institutions (falsify communications), and illegally transfer money without being noticed by both users and financial institutions. This is an attack method that performs processing and the like. MITB (Man In The Browser) is also a kind of MITM. Although remittance processing using the ATM network has been performed for a long time, the risk of cyber attacks has been extremely low because a dedicated line was conventionally used. On the other hand, online services using an open network such as the Internet are exposed to various threats such as an MITM attack.

  In the current online banking service, a method using a one-time password issuer is widely used as a security measure. This is done by distributing a one-time password issuer to service users in advance and using the one-time password generated and displayed by the one-time password issuer when logging in to the service or performing remittance processing. This is a method of performing authentication (see Patent Document 1). However, this method has no effect on MITM attacks. In a MITB attack, which is a type of MITM attack, a user inputs authentication information such as a login ID and a one-time password by malware or a fake site, and the user uses the authentication information as it is to impersonate the user. is there.

  Therefore, recently, financial institutions taking measures called “transaction authentication” as measures against MITM attacks are increasing. Transaction authentication is generally realized by a combination of encryption (electronic signature) of a transaction between a user and a server, and confirmation of transaction contents using a session on a path different from a browser. In order to confirm the transaction contents, a dedicated device called a token is often used (see Patent Document 2).

JP-A-2006-071538 JP 2012-048728 A

Transaction authentication is an effective countermeasure against MITM attacks because a transaction between a user and a server is electronically signed. However, some problems have been pointed out with the currently mainstream method using hardware tokens. One is low convenience for the user. When assuming that an online service is used with a mobile device (mobile device) such as a smartphone or a tablet terminal, the user must always carry the token on the go. In addition, since the token is different for each service, the number of tokens to be carried increases as the number of services to be used increases, which is not practical. Furthermore, given the risk of theft or loss, many people are reluctant to carry tokens around. The second is the cost of the service provider. Service providers need to distribute and manage tokens to all users of online services, and the cost cannot be ignored.

  The present invention has been made in view of the above circumstances, and has as its object to provide a new security technique capable of realizing secure service utilization without impairing the convenience of mobile. A further object of the present invention is to provide a new online service provider that can easily confirm that the content received from the user has not been tampered with and can guarantee a secure environment for the user. To provide security technology.

The first aspect of the present invention,
An online service providing system that provides a mechanism that allows safe use of online services from mobile devices,
A service providing server that provides online services to registered users through the Internet,
An IC chip provided on a user device which is a portable device possessed by the user;
An application program executed by a main processor included in the user device, the application program causing the user device to function as a terminal for using the online service,
The IC chip comprises:
At least, personal information used for user authentication to confirm the legitimacy of the person using the user device, a secret key of the user, a public key of the user paired with the secret key, and the public key A memory for temporarily storing an electronic certificate of the user, including:
At least, an authentication function for performing the user authentication by comparing information provided from the application program with the personal information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
Has,
The application program, the user device,
A user authentication unit that performs the user authentication by using the authentication function of the IC chip based on information obtained from a user using the user device; and
When the user who uses the user device is confirmed to be legitimate by the user authentication, the electronic signature function of the IC chip is used to send a message describing information necessary for the online service procedure. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with an electronic signature to the service providing server via the Internet;
Function as
The service providing server,
User information storage means for storing an electronic certificate of the user as information on the user,
Upon receiving the procedure request from the user equipment, verifying the validity of the procedure request by verifying the digitally signed message included in the procedure request using the user's electronic certificate, Procedure control means for executing a procedure based on information described in the electronically signed message included in the procedure request when the request is confirmed to be valid,
An online service providing system is provided.

A second aspect of the present invention provides
An application program that is executed by a main processor included in a user device that is a portable device possessed by a user and causes the user device to function as a terminal for using an online service provided by a service providing server through the Internet,
The user equipment includes:
At least, personal information used for user authentication to confirm the legitimacy of the person using the user device, a secret key of the user, a public key of the user paired with the secret key, and the public key A memory for temporarily storing an electronic certificate of the user, including:
At least, an authentication function for performing the user authentication by comparing information provided from the application program with the personal information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
An IC chip having
The application program, the user device,
A user authentication unit that performs the user authentication by using the authentication function of the IC chip based on information obtained from a user using the user device; and
When the user who uses the user device is confirmed to be legitimate by the user authentication, the electronic signature function of the IC chip is used to send a message describing information necessary for the online service procedure. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with an electronic signature to the service providing server via the Internet;
An application program characterized by functioning as an application program is provided.

  According to the present invention, there is provided the above-described service providing server, or a portable device having the above-mentioned IC card and application program, or an online service providing method including at least a part of the above-mentioned processing, or the above-mentioned IC card and application program It can also be considered as a method for controlling a mobile device including at least a part of the processing, or a computer-readable storage medium that temporarily stores the application program.

  ADVANTAGE OF THE INVENTION According to this invention, the new security technique which can implement | achieve a secure service utilization without impairing the convenience of mobile can be provided. Further, according to the present invention, a new security that enables an online service provider to easily confirm that the content received from a user has not been tampered with and to ensure a secure environment for the user. Technology can be provided.

FIG. 1 is a diagram showing one of the features of the online service providing system according to the present invention. FIG. 2 is a block diagram illustrating a configuration of a service providing server that provides an online service. FIG. 3 is a block diagram showing a configuration of a user device used to use an online service. FIG. 4 is a diagram schematically showing the appearance and mounting form of the SIM card and the IC card. FIG. 5 is a block diagram schematically showing a hardware configuration of the SIM card and the IC card. FIG. 6 is a block diagram schematically illustrating a logical configuration of the user device and the IC card. FIG. 7 is a diagram illustrating an IC card issuance procedure. FIG. 8 is a diagram illustrating an IC card issuance procedure. FIG. 9 is a diagram showing a data structure of the IC card management database. FIG. 10 is a diagram showing a flow of a registration procedure for an online service. FIG. 11 is an example of a screen displayed on the user device in the registration procedure for the online service. FIG. 12 is a diagram showing a flow of login authentication of an online service. FIG. 13 is an example of a screen displayed on the user device in the online service login authentication. FIG. 14 is a diagram showing a flow when using the online service. FIG. 15 is an example of a screen displayed on the user device when using the online service.

<Overview of Online Service Provision System>
FIG. 1 shows a flow of a procedure content signature (transaction signature) using public key cryptography using an IC card called a sub SIM, which is one of the features of the online service providing system according to the present invention.

  An application program (hereinafter, also referred to as “app”) for using an online service provided by a service provider such as a bank is installed in a user device (such as a smartphone) owned by the user, and is called a sub SIM. IC card is mounted. The sub SIM stores a secret key unique to the user. The public key that forms a pair with the private key must be provided to a certificate authority that has been certified under the Digital Signature and Authentication Business Law (Law No. 102 of 2000; hereinafter, referred to as the “Digital Signature Law”). And a digital certificate has been issued by a certificate authority.

  In the above system, when a user attempts to perform a procedure such as transfer from an application, first, user authentication (personal authentication) by a PIN code, a password, biometric authentication, or the like is required. When the user authentication is successful (that is, when the person operating the application is confirmed to be the user himself), the function restriction of the sub SIM is released, and the function (API) provided by the sub SIM can be used. Mode. Using the function of the sub SIM, the application encrypts a procedure message (transaction) in which the procedure contents are described with a secret key and generates an electronic signature. When the electronic signature and the procedure message are sent to the online service server, the server verifies the electronic signature using the corresponding electronic certificate. As a result of the verification, if it is confirmed that the message is a procedure message sent from a valid user and that the content is not falsified, the server executes a procedure such as transfer in accordance with the content of the procedure message.

  According to such a method, it is not necessary to carry a device other than the user device (such as a conventional token), and the online service can be used by the user device alone, which is highly convenient. In addition, since a secure procedure using an electronic signature can be performed only by personal authentication, smart and simple operability can be realized.

  Furthermore, since a secret key stored in an IC card called a sub SIM and an encryption function (API) provided by the IC card are used, secure data communication can be realized. This private key has a low risk of leakage, and cannot use the secret key or the encryption function without clearing the PIN code, password, or biometric authentication, thus reducing the risk of unauthorized use by a third party. It can be as small as possible.

Also, the service provider does not need to distribute and manage devices such as tokens, and can expect a reduction in operation costs. In addition, it is presumed that data signed with a digital certificate issued by a certification authority that has been certified under the Digital Signature Law was created by the user himself in accordance with Article 3 of the Digital Signature Law. Therefore, there is an advantage that litigation risk can be reduced.

<Service providing server>
FIG. 2 is a block diagram illustrating a configuration of the service providing server. The service providing server 20 is a server that provides an online service by a service provider through the Internet. Hereinafter, the service providing server 20 will be described by taking an example of an online financial transaction service (so-called online banking) by a financial institution such as a bank. However, this is merely one application example, and the present invention is applicable to all kinds of services. It is preferably applicable to online services.

  The service providing server 20 has a user registration unit 200, a user information storage unit 201, a login control unit 202, and a procedure control unit 203 as main functions. The user registration unit 200 has a function of performing a new user registration process. The user information storage unit 201 is a database that stores and manages information on registered users. The login control unit 202 has a function of controlling whether to use an online service in response to a login request from a user. The procedure control unit 203 has a function of controlling execution of a corresponding procedure of the online service in response to a procedure request from a user. Details of these functions and their processing will be described later.

  The service providing server 20 can be configured by, for example, a general-purpose computer including a CPU (processor), a memory (RAM), a storage (HDD, SSD, etc.), a communication I / F, an input / output device, and the like. In this case, the above-described functions and the processing thereof are realized by expanding a program stored in a storage into a memory and executing the program by a CPU. The service providing server 20 may be configured by one computer, or may be configured by distributed computing or cloud computing. Further, a dedicated computer may be used instead of a general-purpose computer, or the above-described functions or a part of the processing may be constituted by an ASIC or an FPGA instead of software.

<User equipment>
FIG. 3 is a block diagram illustrating a configuration of a portable device (referred to as “user device”) used by a user to use an online service. In the present embodiment, a smartphone is exemplified as an example of the user device 30, but this is only one application example. The user device 30 has a processor and a memory for executing an application program for using an online service, is equipped with a SIM card (Subscriber Identity Module Card), and can be connected to the Internet. Any device may be used as long as it is an electronic device of. In addition to a smartphone, for example, a tablet terminal, a mobile PC, a wearable PC, a smart watch, a smart glass, a smart wallet, a portable game machine, and the like can be exemplified.

The user device 30 includes a CPU (processor) 300, a memory 301, a storage 302, a touch panel display 303, a communication module 304, a power supply 305, a SIM card 306, an IC card 307, and an NFC chip 320 as main hardware resources. The memory 301 is a RAM, and provides a storage area used by the CPU 300 as a working memory. The storage 302 is a non-volatile storage medium for storing application programs and various data, and includes, for example, a built-in EEPROM, a flash memory mounted in a card slot, and the like. The touch panel display 303 is a device that doubles as a display device and an input device. The communication module 304 is a device that performs data communication and voice communication by the user device 30. The communication module 304 according to the present embodiment is assumed to support communication using a mobile phone network such as 3G or 4G / LTE, Wi-Fi communication, short-range wireless communication, and the like. The power supply 305 supplies power to the user device 30, and includes a lithium ion battery and a power supply circuit. The SIM card 306 is a contact-type IC card in which subscriber information of communication using a mobile phone network is recorded. The IC card 307 is also a contact-type IC card like the SIM card 306. The IC card 307 is a device additionally mounted on the user device 30 to realize secure use of the online service. The NFC chip 320 is an IC chip that provides a near field communication function of NFC (Near Field Communication) standard and an application using the function. In the present embodiment, the SIM card 306, the IC card 307, and the NFC chip 320 are configured by different hardware. However, the SIM card 306 and / or the IC card 307 may have an NFC function.

<IC card>
FIG. 4 is a block diagram schematically illustrating the appearance and mounting of the SIM card 306 and the IC card 307, and FIG. 5 is a block diagram schematically illustrating the hardware configuration of the SIM card 306 and the IC card 307.

  The SIM card 306 has a structure in which the IC chip 40 is mounted on a resin plate having a width of 15 mm × a height of 12 mm × a thickness of 0.76 mm. As shown in FIG. 5, the IC chip 40 has a processor 401, a RAM 402, a nonvolatile memory 403, and eight pins (electrodes) 404. The non-volatile memory 403 stores data such as a unique serial number (ICCID) of the SIM card 306, subscriber identification information (IMSI), and a program executed by the processor 401. The eight pins 404 include a power input terminal, a reset terminal, a clock terminal, a ground terminal, a program voltage input terminal, an I / O terminal, and a spare terminal.

  The SIM card 306 is provided from a mobile communication service provider (MNO) or a virtual mobile communication service provider (MVNO) when the user subscribes to the mobile communication service. The data and programs stored in the SIM card 306 differ for each business operator, but the basic structure of the SIM card 306 itself is the same as long as it conforms to international standards. In the present embodiment, a micro-SIM is described as an example, but a mini-SIM or a nano-SIM can be used as a SIM card.

  The IC card 307 has the same or substantially the same width and height as the SIM card 306, and has a structure in which the IC chip 41 is embedded in a flexible film having a thickness of about 0.1 to 0.2 mm. The IC chip 41 also has a processor 411, a RAM 412, a nonvolatile memory 413, and eight pins (electrodes) 414. The non-volatile memory 413 of the IC card 307 stores data and programs for realizing secure use of the online service (details will be described later).

  The eight pins 414 of the IC card 307 are exposed on both the front surface and the back surface of the IC card 307, and have the same arrangement as the eight pins 404 of the SIM card 306. As shown in FIG. 4, by sticking this IC card 307 on the SIM card 306 so that the corresponding pins (electrodes) of the IC card 307 and the SIM card 306 are physically and electrically connected to each other. Become. Since the IC card 307 is extremely thin, the SIM card 306 to which the IC card 307 is attached can be inserted into the SIM card slot 308 of the user device 30. FIG. 5 schematically shows a state in which the IC card 307 and the SIM card 306 are mounted in the SIM card slot 308. The pins 414 on the surface of the IC card 307 are connected to the terminals 310 of the control board 309 of the user device 30, and the pins 404 of the SIM card 306 are connected to the terminals 310 of the control board 309 via the pins 414 of the IC card 307. It becomes.

  The CPU 300 of the user device 30 can selectively access either the IC card 307 or the SIM card 306. In other words, the application program operated by the CPU 300 of the user device 30 can selectively switch between a mode for communicating with the IC card 307 and a mode for communicating with the SIM card 306. In the former mode, the processor 411 of the IC card 307 processes a signal (command) received from the user device 30 by itself and does not transmit the signal (command) to the SIM card 306. On the other hand, in the latter mode, the processor 411 of the IC card 307 performs an operation of mediating (through) a signal between the user device 30 and the SIM card 306. As in the present embodiment, the IC card 307 of the type that is overlaid on the communication SIM card 306 is also called a “sub SIM”.

  The use of the sub SIM type IC card 307 has the following advantages. If the mobile device has a SIM card slot, the IC card 307 can be mounted (that is, no special structure or work is required on the mobile device side, and the IC card 307 can be mounted on almost all mobile devices). Is possible). The IC card 307 can be attached to a portable device having only one SIM card slot (in other words, even if there is no available SIM card slot). Further, since the communication SIM card 306 and the IC card 307 are completely independent in function and do not affect each other, the voice communication and the data communication can be performed even after the IC card 307 is attached. It can be used as well. Moreover, since it can be added to the SIM card of any business, introduction and dissemination are easy.

<Functions of IC card>
FIG. 6 is a block diagram schematically illustrating a logical configuration of the user device 30 and the IC card 307.

  An application program 60 (hereinafter, simply referred to as “main application 60”) for using the online service provided by the service providing server 20 is installed in the user device 30. The main body application 60 is a program distributed by a service provider of an online service (such as a bank in the present embodiment), and a user downloads the main body application 60 through an application distributor on the Internet before using the online service. install.

  The main body application 60 has a main processing unit 600, a user authentication unit 601, and a security processing unit 602 as main functions. The main processing unit 600 has a function of controlling display and input of a use screen of the online service, transmitting and receiving data with the service providing server 20, and the like. The user authentication unit 601 has a function of confirming the validity of a person who uses the user device 30. The user authentication here is intended to confirm whether the person who is actually operating the user device 30 is a valid person (the user himself or a person who has been authorized by a valid user). The security processing unit 602 is a function that executes security processing such as data encryption and electronic signature using the function of the IC card 307.

The non-volatile memory 413 (hereinafter, simply referred to as “memory 413”) of the IC card 307 stores personal information 610 used for the above-described user authentication, a pair of the user's private key 611 and public key 612, and the user's digital certificate 613. , A hash function 614, a program 615, and the like. The address space of the memory 413 has an area 4130 that can be accessed (read and written) from outside, and an area 4131 that cannot be accessed from outside (that is, an area that can be accessed only by the processor 411 of the IC card 307) 4131. . Data (identity information 610, secret key 611, public key 612, digital certificate 613, hash function 614, program 615, etc.) used in the security processing are all stored in the area 4131, and are externally (for example, the main body application 60). Is not directly readable and writable. Data such as the serial number 616 and the serial number 617 of the IC card 307 are stored in the area 4130 and can be read from the outside.

The processor 411 of the IC card 307 provides some APIs (Application Programming Interfaces) related to security functions to an external application. In FIG. 6, as an example, an authentication function 620, an encryption function 621, an electronic signature function 622, a personal information change function 623, a key generation function 624, a public key read function 625, an electronic certificate write function 626, and an electronic certificate read Function 627 is shown. These functions are realized by the processor 411 executing the program 615.

  The authentication function 620 is a function for performing user authentication by comparing information provided from the outside with personal information 610 stored in the memory 413. Functions 621 to 627 other than the authentication function 620 cannot be used unless the user authentication is successful. Any method of user authentication may be used. For example, in the case of PIN code authentication, the authentication function 620 receives a code (for example, a four-digit number) input by the user from the user authentication unit 601 of the main application 60, and the input code is registered as the personal information 610 in the PIN. It checks whether the codes match, and returns a result of "OK" if they match, and "NG" if they do not match. In the case of password authentication, the authentication function 620 receives a password (for example, a password of 6 to 16 characters) input by the user from the user authentication unit 601 of the main application 60, and the input password is registered as the personal information 610. The result is "OK" if they match, and "NG" if they do not match. In the case of biometric authentication, the authentication function 620 receives the user's biometric information (face image, voiceprint, iris, fingerprint, vein, etc.) from the user authentication unit 601 of the main application 60, and extracts features from the biometric information. Then, it is determined whether or not the user is the principal by comparing the personal characteristic registered as the principal information 610. If the person is determined to be the principal, a result of "OK" is returned, and if not, a result of "NG" is returned. Higher security may be realized by combining two or more of PIN code authentication, password authentication, and biometric authentication, or by combining another authentication method.

  The encryption function 621 is a function for encrypting externally provided data using the secret key 611. For example, the encryption function 621 receives data from the security processing unit 602 of the main application 60, encrypts the data using the secret key 611, and returns encrypted data (cipher text). The encryption algorithm is preferably RSA, DSA, ECDSA or the like, but other algorithms may be used.

  The electronic signature function 622 is a function for performing an electronic signature using secret key 611 on externally provided data. The difference from the encryption function 621 is that the given data itself is not encrypted but the hash value of the given data is encrypted. For example, the electronic signature function 622 receives data from the security processing unit 602 of the main application 60, calculates a hash value using the hash function 614, encrypts the hash value using the secret key 611, and outputs the encrypted hash value. return. Any hash function may be used (in the present embodiment, SHA-1 and SHA-256 are used). When the size of the data to be subjected to the electronic signature is small, an encrypted version of the data itself may be used as the electronic signature instead of the hash value.

  The personal information change function 623 is a function of writing the personal information 610 to the memory 413 and updating or deleting the personal information 610 stored in the memory 413. This function is used when the main body application 60 newly registers or changes user information in the IC card 307.

The key generation function 624 is a function for generating a key pair of the secret key 611 and the public key 612. In the initial state of the IC card 307, the personal information 610, the secret key 611, the public key 612,
Information associated with the user, such as the electronic certificate 613, is not stored in the memory 413, but is registered in the memory 413 during an IC card issuance procedure described later (this operation is called activation of the IC card). At this time, since the secret key 611 is generated and stored in the memory 413 in a closed space in the IC card 307, the risk of the secret key 611 being leaked can be reduced. In the present embodiment, since an API for reading the secret key 611 from the memory 413 is not prepared, the risk that the secret key 611 leaks to the outside is almost zero.

  The public key read function 625 is a function for reading the public key 612 from the memory 413. The electronic certificate writing function 626 is a function of writing the electronic certificate 613 in the memory 413, and the electronic certificate reading function 627 is a function of reading the electronic certificate 613 from the memory 413. Since the public key 612 and the electronic certificate 613 are for distribution to the communication partner, they can be read outside. Note that writing of the electronic certificate 613 is required at the time of the IC card issuance procedure.

  According to the configuration described above, the main body application 60 of the user device 30 can easily realize data encryption and electronic signature using public key encryption by using the IC card 307. In addition, user authentication is required to use the encryption and digital signature functions of the IC card 307, and the risk of leaking a secret key is almost zero, so that extremely robust security is ensured.

<IC card issuance procedure>
The issuing procedure of the IC card 307 (activation of the IC card) will be described with reference to FIGS. FIG. 7 is a diagram showing an IC card issuing terminal, and FIG. 8 is a diagram showing a flow of an IC card issuing procedure.

  The IC card issuing terminal 70 is a terminal that issues a new IC card 307, and is installed in, for example, a mobile phone shop, a store of a service provider (such as a bank), a convenience store, or an agent window. The IC card issuing terminal 70 is configured by a computer including an IC card reader / writer. A general-purpose personal computer or tablet terminal may be used if operated by a store clerk, or a kiosk terminal may be used if operated by a user (applicant of an IC card).

  The flow of the issuing procedure will be described with reference to FIG. Here, the "user" is a person who newly applies for the IC card 307 to use the online service (referred to as "user" or "applicant" in the description of FIG. 8). The “contact” is a person who performs an IC card 307 issuing operation using the IC card issuing terminal 70. The “communication service manager” is a person responsible for managing issuance and operation of the IC card 307. For example, the communication service administrator provides the IC card 307, applies for an electronic certificate to a certificate authority, manages the issued IC card, manages the association between the IC card 307 and the SIM card 306, and invalidates the IC card 307 ( For example, when the user device 30 is lost, stolen, or disposed of). Since the security function of the IC card 307 can be used for various online services, the communication service manager may be configured by a business entity different from the online service provider. The “certificate authority” is a person who issues and revokes electronic certificates of public keys.

The applicant of the IC card first makes an application for using the IC card at the counter (step S800). At the time of application for use, convey the applicant's identity verification information and submit identification documents (driver's license etc.). The personal identification information may include, for example, name, gender, date of birth, and address. The applicant specifies a PIN code to be registered in the IC card. The counter staff confirms the identity by comparing the information transmitted from the applicant with the identity verification document, and then inputs the information to the IC card issuing terminal 70 (step S801). In addition, only the input of the PIN code may be performed by the applicant in order to prevent the contact staff from knowing the PIN code.

Next, the counter staff sets a new IC card 307 in the IC card issuing terminal 70 and instructs the start of activation processing. At this stage, in the memory 413 of the IC card 307, only the “hash function 614, the program 615” of the information shown in FIG. 6 is stored, and the “secret key 611, public key 612” which is information associated with the user. , Electronic certificate 613 ”has not been stored yet, and the PIN code of the personal information 610 is an initial value (for example,“ 0000 ”). First, the IC card issuing terminal 70 uses the authentication function 620 to perform authentication using the initial PIN code, and then uses the principal information change function 623 to register the PIN code specified by the applicant, and The generation function 624 is instructed to generate a key pair, and the secret key 611 and the public key 612 are generated (step S802). The PIN code and the key pair are written in a predetermined area 4131 of the memory 413. Subsequently, the IC card issuing terminal 70 reads the public key 612 from the memory 413 using the public key reading function 625, and uses the public key 612 and the personal identification information input in step S801 to perform a CSR (Certificate Signing Request). Is created and transmitted to the management server of the communication service administrator (step S80).
3).

  Upon receiving the CSR from the IC card issuing terminal 70, the management server transmits the CSR to a predetermined certificate authority (Step S804). At this time, the management server may carry out a credit check of the applicant based on the identification information.

  The certificate authority issues an electronic certificate of the applicant's public key according to the received CSR and sends it to the management server (step S805). An electronic certificate certifies a public key and its owner. X. Established by ITU-T. In the case of 509, the electronic certificate is data including a public key, owner information (corresponding to personal identification information), an electronic signature of a certificate authority, an expiration date of the electronic certificate, and information on the issuer. Note that the digital signature of the certificate authority is obtained by encrypting a hash value generated from the public key and owner information included in the digital certificate with the secret key of the certificate authority.

  The management server transmits the issued electronic certificate to the IC card issuing terminal 70 (Step S806). The IC card issuing terminal 70 writes the electronic certificate in the memory 413 using the electronic certificate writing function 626 of the IC card 307 (step S807). At this stage, the personal information 610 (PIN code in this embodiment), the private key 611, the public key 612, and the electronic certificate 613, which are data necessary for security processing, are provided in the memory 413 of the IC card 307. become.

  Next, the IC card 307 is attached to the user device 30 of the applicant (step S808). Specifically, the SIM card 306 for communication is taken out from the user device 30, the IC card 307 is pasted on the SIM card 306, and then the SIM card 306 is inserted into the user device 30 again. Further, the setup program is installed in the user device 30, and the setup process of the IC card 307 is executed by the setup program. Attachment and setup of the IC card 307 may be performed by the counter staff or by the applicant himself.

In the setup process, the user device 30 (a setup program that operates) reads the “serial number” and “serial number” from the IC card 307 and the “telephone number” and “serial number” from the SIM card 306. In addition, the setup program uses “IMEI (International Mobile Equipment Identity)” as information of the user device 30 itself.
) ". Then, the setup program sends an IC card registration request to the management server of the communication service manager together with the information (step S809). Upon receiving the IC card registration request from the user device 30, the management server registers the information of the IC card 307, the SIM card 306, and the user device 30 included therein in the IC card management database (step S810).

  FIG. 9 shows an example of the data structure of IC card management information stored in the IC card management database. The “telephone number” and “serial number” of the SIM card 306 and the “IMEI” of the user device 30 are managed in association with the “serial number” and “serial number” of the IC card 307. Although not shown, user identification information (name, gender, address, date of birth), public key, electronic certificate information, and the like may be managed as IC card management information.

  When the registration of the IC card management information is completed, the management server notifies the user device 30 of the completion of the registration (step S811). As a result, the setup of the user device 30 is completed, and the IC card 307 can be used (activated).

  The issuing procedure shown in FIG. 8 is merely an example, and the issuing procedure may be performed in a different procedure. For example, an IC card 307 in which a secret key, a public key, an electronic certificate, and a PIN code are registered in advance may be prepared at the counter. In this case, since writing to the IC card 307 is not necessary, the IC card issuing terminal 70 does not need to be used, and only the setup process in the user device 30 is sufficient, and the IC card issuing procedure is simplified. When biometric authentication is used instead of PIN code authentication, biometric information (face image, voiceprint, iris, fingerprint, etc.) to be registered as personal information in the IC card 307 is input using the IC card issuing terminal 70 or the like. do it.

<First time registration to online service>
The initial registration procedure for the online service will be described with reference to FIGS. FIG. 10 is a diagram showing a flow of a registration procedure for an online service, and FIG. 11 is an example of a screen displayed on the user device 30.

  First, the user operates the user device 30 to download and install the main body application 60 (step S1001). Then, the user activates the main body application 60 and opens a login screen of the online service (step S1002). As shown in FIG. 11, when logging in for the first time, the user inputs a user ID and a password on the login screen 110 and logs in to the online service (step S1003). At this time, the main body application 60 stores the user ID in the nonvolatile memory (Step S1004). It is better not to store the password in the user device 30 from the viewpoint of security. Note that the user ID and the password are information given by the service provider when a new application for the online service, which is a separate procedure, is made.

  When the login is completed, the service providing server 20 transmits a predetermined electronic message (contents may be arbitrary) to the user device 30, and requests an electronic signature and an electronic certificate (step S1005).

The user authentication unit 601 of the main body application 60 displays a PIN code input screen 111 as shown in FIG. When the PIN code is input by the user, the user authentication unit 601 uses the authentication function 620 of the IC card 307 to check whether the input PIN code is correct (step S1006). When the PIN code is correct (that is, when the user authentication is successful), other functions 621 to 627 of the IC card 307 can be used from the main body application 60. The security processing unit 602 of the main body application 60 uses the electronic signature function 622 of the IC card 307 to digitally sign the message received from the service providing server 20, and uses the electronic certificate reading function 627 to store The digital certificate 613 is read from the 413. Then, the main processing unit 600 of the main application 60 transmits the electronic signature-attached electronic message and the electronic certificate 613 to the service providing server 20 (Step S1007).

  The service providing server 20 verifies the electronic signature-added message using the electronic certificate 613 received from the user device 30 (step S1008). “Verification” means that the electronic signature is performed by the user himself / herself by decrypting the electronic signature-attached electronic message using the public key included in the electronic certificate 613 and checking whether the decrypted result matches the original electronic message (ie, , An electronic signature has been created using the user's private key). When the electronic signature is data obtained by encrypting the message itself, the decryption result may be compared with the original message. When the electronic signature is data obtained by encrypting the hash value of the message, the decryption result and the original message may be compared. What is necessary is just to compare with the hash value of a telegram.

  If the verification is successful, the service providing server 20 associates the user ID / password of the user with the electronic certificate and registers it in the user information storage unit 201 (step S1009). Then, the service providing server 20 notifies the main application 60 that registration of the electronic certificate has been completed (step S1010). After the association between the user ID and the electronic certificate is completed, the user can log in with a simpler operation as described below.

<Login to online service>
The login authentication of the online service will be described with reference to FIGS. FIG. 12 is a diagram showing a flow of login authentication of an online service, and FIG. 13 is an example of a screen displayed on the user device 30.

  When the user starts the main body application 60 on the user device 30, the user authentication unit 601 displays the PIN code input screen 130 as shown in FIG. 13 (step S1200). When the PIN code is input by the user, the user authentication unit 601 uses the authentication function 620 of the IC card 307 to check whether the input PIN code is correct (step S1201). If the PIN code is correct (that is, if the user authentication is successful), the security processing unit 602 of the main application 60 performs an electronic signature on the user ID of the online service using the electronic signature function 622 of the IC card 307. (Step S1202). Since the data size of the user ID is from several bytes to about several tens of bytes, what is obtained by encrypting the user ID itself with the secret key 611 may be used as the electronic signature. Then, the main processing unit 600 of the main body application 60 transmits a login request to the service providing server 20 (Step S1203). A user ID with an electronic signature (that is, an electronic signature of the user ID and a plaintext user ID) is added to the login request.

  Upon receiving the login request, the login control unit 202 of the service providing server 20 reads the corresponding electronic certificate from the user information storage unit 201 based on the user ID included in the login request (Step S1204). Then, the login control unit 202 verifies the user ID with the electronic signature included in the login request using the electronic certificate (step S1205). If necessary, the login control unit 202 may inquire of the certificate authority about the validity of the electronic certificate (steps S1206 and S1207). If the verification of the user ID with the electronic signature is successful and the validity of the electronic certificate is confirmed, the login control unit 202 determines that the login request is from a valid user, and Is permitted to use the online service (step S1208). Thereafter, as shown in FIG. 13, a menu screen 131 of the online service is displayed on the user device 30, and the user can perform a desired procedure.

According to the above-described login authentication, the user only needs to input the PIN code. Therefore, compared to the conventional method of inputting the ID and password each time and the method of using the token, the user can access the online service with a very simple operation. Login is possible. Moreover, since the security function provided by the IC card 307 is used, a high level of security is ensured.

<Use of online services>
Referring to FIG. 14 and FIG. 15, a procedure when using the online service will be described. FIG. 14 is a diagram showing a flow when using the online service, and FIG. 15 is an example of a screen displayed on the user device 30. It is assumed that the login to the online service has already been completed and the menu screen 150 is displayed on the user device 30.

  When the user selects a procedure to be used from the menu screen 150, the screen transits to the detail screen 151 (step S1400). FIG. 15 shows an example of a screen when the user selects “transfer”. When the user inputs necessary information (for example, a transfer destination, a transfer amount, etc.) on this detailed screen 151 and presses an execution button (step S1401), the main processing unit 600 of the main body application 60 transmits information necessary for the transfer procedure. The described procedure message is created (step S1402).

  Next, the user authentication unit 601 of the main body application 60 displays the PIN code input screen 152 and performs PIN code authentication (step S1403). Since the procedure of PIN code authentication is the same as that described above, the description is omitted. If the PIN code authentication is successful, the security processing unit 602 of the main application 60 performs an electronic signature on the procedure message using the electronic signature function 622 of the IC card 307 (step S1404). At this time, the digital signature function 622 may calculate a hash value of the procedure message and generate an electronic signature by encrypting the hash value with the secret key 611, or encrypt the procedure message itself with the secret key 611. The digital signature may be generated by the conversion. Then, the main processing unit 600 of the main body application 60 transmits a procedure request to the service providing server 20 (Step S1405). A procedure message with a digital signature and a user ID are added to the procedure request.

  Upon receiving the procedure request, the procedure control unit 203 of the service providing server 20 reads the corresponding electronic certificate from the user information storage unit 201 based on the user ID included in the procedure request (Step S1406). Then, the procedure control unit 203 verifies the procedure message with the digital signature included in the procedure request using the digital certificate (step S1407). Further, if necessary, the procedure control unit 203 may inquire of the certificate authority about the validity of the digital certificate (steps S1408 and S1409). If the verification of the procedure message with the electronic signature is successful and the validity of the digital certificate is confirmed, the procedure control unit 203 determines that the procedure request is from a valid user. That is, it is determined that there is no impersonation by a third party and that the contents of the procedure message have not been falsified.

  Only when it is confirmed that the procedure request is from a valid user, the procedure control unit 203 executes a procedure (such as a transfer) based on the information described in the procedure message (step S1410). When the procedure is completed, the procedure control unit 203 transmits a procedure completion notification to the main application 60 (step S1411). Then, a procedure completion screen 153 is displayed as shown in FIG.

  According to the processing described above, since the user only needs to input the PIN code, the user can use the online service with a very simple operation compared to the conventional method of inputting the ID / password each time or the method of using the token. Becomes possible. Moreover, since the security function provided by the IC card 307 is used, a high level of security is ensured, and it is possible to prevent impersonation due to a so-called man-in-the-middle attack and falsification of the procedure message.

<Disable IC card>
According to the user device 30 of the present embodiment, the online service cannot be used unless the user authentication using the PIN code or the biometric information is successful. Therefore, even if the user device 30 is lost or stolen, the risk of unauthorized use of the user device 30 by a third party is small. However, since the possibility that PIN code authentication or biometric authentication can be broken is not zero, it is preferable to implement an IC card invalidation function as described below.

(1) IC Card Self-Destruction Function Self-destruction is an operation in which the processor 411 of the IC card 307 invalidates the function of the IC card 307. Specific operations include locking the function of the IC card 307 so that the function of the IC card 307 cannot be used from outside (the main body application 60), or deleting data (key pair, digital certificate, etc.) stored in the memory 413. There are ways to do that. For example, the processor 411 may execute self-destruction when an incorrect PIN code is continuously input a predetermined number of times or when the memory 413 is accessed by a method other than the API.

(2) Invalidation of IC card When the communication service manager receives a report from the user that the user device 30 or the IC card 307 is lost or stolen, the management server invalidates the user device 30 or the IC card 307. The IC card 307 may be invalidated by transmitting an activation signal. Alternatively, when the management server monitors the use status of the IC card 307 and detects an abnormality (for example, when the non-use state continues for a long time, when the frequency of use suddenly increases, or when an attempt is made to remit large sums of money) Etc.), the IC card 307 may be invalidated. Alternatively, when the management server monitors a combination of the IC card 307, the SIM card 306, and the user device 30, and detects a discrepancy with the information managed by the IC card management information (for example, the IC card alone or the SIM card The IC card 307 may be invalidated when such an inconsistency occurs when the IC card 307 is removed together with the portable device and is attached to another portable device. The invalidation method also locks the function of the IC card 307 so that the function of the IC card 307 cannot be used from outside (the main body application 60), or erases data (key pair, digital certificate, etc.) stored in the memory 413. There are methods.

(3) Invalidation of the electronic certificate When the communication service administrator receives a report from the user that the user device 30 or the IC card 307 has been lost or stolen, the management server sends the electronic certificate of the user to the certificate authority. May be requested to invalidate the certificate. Alternatively, the management server may monitor the use status of the IC card 307 and the combination of the IC card, the SIM card, and the user device, and may request the certificate authority to invalidate the electronic certificate when an abnormality is detected.

<Others>
The above-described embodiment merely describes one specific example of the present invention, and the technical scope of the present invention is not limited to the contents of the above-described embodiment, and the present invention is not limited to the scope of the technical idea. It can take various concrete forms. For example, the present invention can be applied to various types of online services other than the online banking service. In the above-described embodiment, the sub SIM type IC card is exemplified. However, if the mobile device includes a plurality of SIM card slots, an IC card having the same specification as a general micro-SIM or nano-SIM (for communication) is used. It may be installed in a separate slot from the SIM card). Alternatively, an IC card of a type mounted in a slot other than the SIM card slot may be used, or an IC chip (for example, a Secure Element or the like) built in the portable device may be used. In the above-described embodiment, only the user ID with the electronic signature is included in the login request. However, an electronic certificate may be sent together. Further, in the above-described embodiment, the electronic signature is performed only on the data transmitted from the user device to the service providing server. However, it is preferable that the data supplied from the service providing server to the user device be subjected to an electronic signature or encryption. In that case, the service providing server may perform an electronic signature or encryption using its own encryption key, or may perform encryption using a user's public key.

20: service providing server 30: user equipment 60: application program 70: IC card issuing terminal 306: SIM card 307: IC card (sub SIM)
308: SIM card slot

Claims (9)

An online service providing system that provides a mechanism that allows safe use of online services from mobile devices,
A service providing server that provides online services to registered users through the Internet,
An IC chip provided on a user device which is a portable device possessed by the user;
An application program executed by a main processor included in the user device, the application program causing the user device to function as a terminal for using the online service,
The IC chip comprises:
At least, personal information used for user authentication to confirm the legitimacy of the person using the user device, a secret key of the user, a public key of the user paired with the secret key, and the public key A memory for temporarily storing an electronic certificate of the user, including:
At least, an authentication function for performing the user authentication by comparing information provided from the application program with the personal information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
Which is attached to the SIM card slot in a state of being superimposed and pasted on a communication SIM card,
The application program, the user device,
A user authentication unit that performs the user authentication by using the authentication function of the IC chip based on information obtained from a user using the user device; and
When the user who uses the user device is confirmed to be legitimate by the user authentication, the electronic signature function of the IC chip is used to send a message describing information necessary for the online service procedure. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with an electronic signature to the service providing server via the Internet;
Function as
The service providing server,
User information storage means for storing an electronic certificate of the user as information on the user,
Upon receiving the procedure request from the user equipment, verifying the validity of the procedure request by verifying the digitally signed message included in the procedure request using the user's electronic certificate, Procedure control means for executing a procedure based on information described in the electronically signed message included in the procedure request when the request is confirmed to be valid,
An online service providing system comprising: The memory of the IC chip has an area that cannot be accessed from outside,
The online service providing system according to claim 1, wherein at least the personal information and the secret key are stored in the area that cannot be accessed from outside. The online service providing system according to claim 1, wherein the processor of the IC chip has a key generation function of generating the secret key and the public key. The online service providing system according to any one of claims 1 to 3, further comprising a server having a database that manages the information of the IC chip and the information of the SIM card for communication in a linked manner. The online service providing system according to claim 4, wherein the database further manages the information of the user device in association with the information of the IC chip. 6. The online service providing system according to claim 4, wherein the database further manages the information of the IC chip in association with the identification information of the user. The online service providing system according to any one of claims 4 to 6, wherein the database further manages the information of the IC chip in association with a public key or an electronic certificate of the user. The online service providing system according to any one of claims 1 to 7, wherein the processor of the IC chip has a function of invalidating the IC chip. 9. The online service providing system according to claim 1, further comprising a server for requesting a certificate authority to invalidate the user's electronic certificate.

Images