JP2020190868A - Semiconductor device, ic card, and data processing method - Google Patents

Abstract

To efficiently improve security in an IC card which manages accesses to files using a password, an encryption key for encrypting the file to be stored, and a decryption key for decrypting the file.SOLUTION: In a nonvolatile memory region, a number of times for permission to detect an attack or erroneous input is set according to classification of files which are encrypted using encryption keys and stored. A semiconductor device comprises a function which disables encryption and decryption of a file by deleting the encryption key data used to encrypt the file or the decryption key data used to decrypt the file from the nonvolatile memory region when the number of times of detected attacks or erroneous inputs exceeds the number of times for permission.SELECTED DRAWING: Figure 1

Description

The present invention relates to a semiconductor device typified by an IC card in which a module composed of an IC chip or the like is embedded, and a data processing method that performs predetermined processing based on data from the semiconductor device.

The IC card manages reading and writing of data stored in the storage means built in the IC card by using access rights that combine a plurality of passwords for each file, and maintains data security.

The above-mentioned access right is set for each file, and usually, a plurality of types can be set for each type of instruction to the file, such as an access right for reading data and an access right for rewriting data. A number of password data corresponding to the type of access right is stored in the IC card, and the access right is granted by collating the password corresponding to the access right specified for each file. There is.

As an example of countermeasures against unauthorized use of IC cards, in Patent Document 1, in order to protect user data with security, access authority is obtained by limiting the number of password verifications and forcibly deleting files. A method for preventing a file from being leaked to a third party who does not have the above is presented.

If the number of erroneous entries (continuous erroneous) in password verification exceeds the set allowable number, it is considered as unauthorized use by a malicious third party, not access by a user with legitimate authority, and "forced file deletion" In addition to "," measures such as "close the file" and "enable the read / write protect bit" have been taken.

Japanese Unexamined Patent Publication No. 2005-11151

A user with legitimate authority can wander around, misunderstand, mistype a password due to an operation error, or an attack by malicious unauthorized access from a user without legitimate authority (these are collectively called "attack"). If the amount is exceeded, the IC card cannot be used because the IC chip is blocked or the stored data is erased, so that the IC card must be reissued.

In addition, when the capacity of the file to be stored is large, some data constituting the file remains in the memory inside the IC card due to the time limit required for deletion, and there is a possibility that security information may be leaked. It has become. With incomplete file deletion, the occurrence of information leakage accidents cannot be denied for the remaining security of some data.

In the present invention, a complicated reissue procedure is not required for a password erroneous input by a user having a legitimate authority, and a security information leakage accident occurs while maintaining the confidentiality of the stored file. An object of the present invention is to reduce the possibility and improve a semiconductor device typified by an IC card effective for returning to a normal state and a data processing method thereof.

The semiconductor device according to the present invention
It is equipped with a module that mounts a program in the memory that detects unauthorized access to files stored in the non-volatile memory area.
When the number of attacks detected on the file stored after being encrypted using the encryption key exceeds the permissible number, the program uses the encryption key data or the encryption key data for encrypting the file. It is characterized by including a module having a function of making it impossible to encrypt or decrypt the file by deleting the decryption key data from the non-volatile memory area.

The file may be encrypted by the encryption key stored in the memory, the file encrypted by the decryption key stored in the memory may be plain-cultivated, and the file in the memory may be read / written. ..

A type may be used in which the file is stored in the non-volatile memory area as a table in a state where the encryption key and the allowable number of times of attack detection are set according to the file classification.

The IC card according to the present invention
In an IC card that stores files that make up security data and manages access to the files with a password.
It is equipped with a module in which a program for detecting an unauthorized access to the file stored in the non-volatile memory area is mounted in the memory.
When the number of detected attacks on the file stored after being encrypted using the encryption key exceeds the permissible number, the program uses the encryption key data or decryption key for encrypting the file. It is characterized by including a module having a function of making it impossible to decrypt the file by deleting the data from the non-volatile memory area.

The data processing method of a semiconductor device represented by an IC card according to the present invention is
A data processing method that reads and writes files stored in the non-volatile memory area of a semiconductor device.
The number of attempts to collate the PIN (Personal Identification Number), which is the authentication information stored in the memory, is stored as the number of attack detections by the collation attempt counter.
The number of times that the continuous error of collation with respect to the authentication information is allowed is stored in the memory as a preset allowable number of attacks.
When a collation command requesting collation with the authentication information for the purpose of releasing access restrictions to files stored in the non-volatile memory area is received from an external data processing device, the number of attack detections is the number of permissible attacks. Judging whether or not it has reached
When it is determined by this determination that the number of times the attack is detected has reached the permissible number of attacks, the encryption key used to store the file after being encrypted or the file is read in a plain culture. Delete the decryption key used from memory,
It is characterized by that.

"Cryptographic key data" instead of "forced file deletion" in non-volatile memory, which takes time to erase and may leave some of the data that makes up the file against malicious attacks. By "erasing only", it becomes impossible to decrypt the encrypted file, and even if the file leaks, information leakage is prevented. In addition, by "erasing the encryption key", it is possible to prevent data tampering with the file, and security is maintained.
Furthermore, even when the IC card that has been attacked once is reused, it is possible to rewrite only the encryption key data while leaving the encrypted file as it is, so complicated reissuing work of the IC card becomes unnecessary. It is also effective in eliminating procedural and resource losses.

The block diagram which shows the structural example of the IC card processing apparatus schematicly. A block diagram schematically showing an example of an internal configuration of an IC card. The figure which shows the configuration example of the authentication data table. The flowchart which shows the detail of the attack detection processing about the operation of the IC card system in embodiment of this invention. A flowchart illustrating the operation of the IC card system (attack detection processing is omitted) after reading the file.

Hereinafter, embodiments will be described with reference to the drawings.

FIG. 1 is a block diagram schematically showing a configuration example of an IC card processing device 1 as an external device having a communication function with the IC card 2 according to the embodiment of the present invention.

As shown in FIG. 1, the IC card processing device 1 includes a terminal device 11, a display device 12, a keyboard 13, a card reader / writer 14, and the like.

The terminal device 11 is composed of a device having a CPU, various memories, various interfaces, and the like, and controls the operation of the entire IC card processing device 1. The terminal device 11 has a function of controlling a command transmitted to the IC card 2 by the card reader / writer 14, a function of performing various processes based on the data received from the IC card 2, and the like.

The terminal device 11 writes data to the memory in the IC card 2 by transmitting a data write command to the IC card 2 via the card reader / writer 14, or transmits a read command to the IC card 2 to transmit the IC card. Read data from 2.

The display device 12 is a display device that displays various information under the control of the terminal device 11. The keyboard 13 functions as an operation unit operated by an operator of the IC card processing device 1, and various operation instructions and data are input by the operator. The card reader / writer 14 is an interface device for communicating with the IC card 2. The card reader / writer 14 supplies power to the IC card 2, clocks, resets, and sends / receives data. With such a function, the card reader / writer 14 activates (activates) the IC card 2 based on the control by the terminal device 11, transmits various commands to the activated IC card 2, and responds to the transmitted commands. It is designed to receive responses.

The IC card 2 is activated (becomes operable) when it receives power or the like from a device such as the IC card processing device 1. When the IC card 2 is connected to the IC card processing device 1 by contact communication, that is, when the IC card 2 is composed of a contact IC card, the IC card 2 passes through the contact portion 21 as a communication interface. It is activated by receiving the supply of the operating power supply and the operating clock from the IC card processing device 1.

When the IC card 2 is connected to the IC card processing device 1 by a non-contact communication method, that is, when the IC card 2 is composed of a non-contact IC card, the contact portion 21 of the IC card 2 communicates. It is composed of an antenna as an interface, a communication control unit, and the like. In this case, the IC card 2 receives radio waves from the IC card processing device 1 via the antenna of the contact unit 21 as a communication interface, a communication control unit, and the like, and from the radio waves, an operating power supply and an operating clock are operated by a power supply unit (not shown). Is designed to be generated and activated.

Next, a configuration example of the IC card 2 will be described.

FIG. 2 is a block diagram schematically showing an example of the internal configuration of the IC card 2. As shown in FIG. 2, the IC card 2 has an external terminal 21, a control unit 22, a RAM 23, a ROM 24, a non-volatile memory 25, and the like. The control unit 22, the RAM 23, the ROM 24, and the non-volatile memory 25 are composed of, for example, an IC chip (not shown) and are embedded in the housing of the IC card 2.

The external terminal 21 functions as an interface for communication with the card reader / writer 14 of the IC card processing device 1. When the IC card 2 is realized as a contact-type IC card, the external terminal 21 is configured as an interface that contacts the card reader / writer 14 of the IC card processing device 1 to transmit and receive signals. When the IC card 2 is realized as a non-contact type IC card, the external terminal 21 is configured as an interface for transmitting and receiving radio waves to and from the card reader / writer 14 of the IC card processing device 1.

The control unit 22 controls the entire IC card 2. The control unit 22 functions as a determination means and various processing means by operating based on the control program stored in the ROM 24 or the non-volatile memory 25. The RAM 23 is a volatile memory that functions as a working memory. The RAM 23 functions as a buffer for temporarily storing data being processed by the control unit 22, and for example, temporarily stores data received from the IC card processing device 1 via the external terminal 21.

The ROM 24 is a non-volatile memory in which control programs, control data, and the like are stored in advance. The ROM 24 is incorporated in the IC card 2 at the manufacturing stage, and the control program stored in the ROM 24 is incorporated in advance according to the specifications of the IC card 2.

The ROM 24 includes an attack detection processing program 24g for detecting an unauthorized access act to a file stored in the non-volatile memory area, and the program 24g is stored after being encrypted using an encryption key. When the number of attacks detected for the file exceeds the permissible number, the encryption key data or decryption key data used for encrypting the file is deleted from the non-volatile memory area. Demonstrates a function that makes it impossible to decrypt files. (The procedure will be described later)
The non-volatile memory 25 is composed of, for example, a non-volatile memory such as an EEPROM or a flash ROM capable of writing and rewriting data. A program file, a data file, or the like is defined in the non-volatile memory 25 according to the operational use of the IC card 2, and data is written in these files. Further, in the non-volatile memory 25, an authentication data table 25a for storing authentication information and information related to collation processing for the authentication information is provided. Further, when a plurality of authentication information is set, the non-volatile memory 25 is provided with an authentication data table 25a for each authentication information, and stores each authentication information and information related to the collation processing by each authentication information.

Next, the authentication data table 25a provided in the non-volatile memory 25 will be described.
FIG. 3A is a diagram showing a configuration example of the authentication data table 25a. In the configuration example shown in FIG. 3A, the authentication data table 25a has a storage area 251 for authentication information (PIN data), a storage area 252 for the number of collations, and a storage area 253 for the permissible number of collations.

The storage area 251 functions as a first storage means. Authentication information (PIN data) is stored in the storage area 251. The authentication information stored in the storage area 251 is information that only a legitimate user can know, and is information that is stored in advance. When using an IC card, whether or not the user is a legitimate owner of the IC card is authenticated by collating the authentication information stored in the storage area 251 with the information specified by the user.

For example, when a cash card or a credit card is used at an ATM, the matching with the PIN data in the IC chip built in the card is performed through the ATM terminal. As a result of collation of the PIN (Personal Identification Number) input by the user, if they match, the digital authentication information in the IC card is taken out, only that information is transmitted to the server through the network, and the authentication is performed again on the server.

The collation count storage area 252 functions as a second storage means, and functions as a counter for storing the cumulative number of collation processes. The collation trial counter 252 stores the allowable number of collations (with this value as the initial value) stored in the storage area 253 in the initial state (reset state), and is immediately before executing the collation process or or When the collation by the collation process fails, the counter value is counted as a value indicating the number of times the collation process is tried. Further, the collation trial counter 252 is rewritten (reset) to an initial value (allowable number of collations) when the collation process is successful.

The storage area 253 for the number of allowable collations functions as a third storage means, and stores a value indicating the number of permissible times with respect to the number of collation processes executed continuously. The value stored in the storage area 253 indicates an allowable value (hereinafter, referred to as an allowable collation number) of the number of collation processes continuously executed as the number of retries due to a collation failure. An allowable value for the value counted by the collation trial counter 252 is shown. Further, the allowable number of collations stored in the storage area 253 is preset information.

A key for encrypting data (in the IC card, the concept of "file" is applied. Hereinafter, a set of data is intentionally referred to as a file) to the non-volatile memory 25 in the IC card 2. Each file is stored in a state of being encrypted using (hereinafter referred to as an encryption key). When reading the data in the encrypted and stored file, the key for decrypting the file (hereinafter referred to as the decryption key) is used to read the data in a plain culture. Further, the non-volatile memory 25 stores a number of password data corresponding to the type of access right to the file, and the permission of the access right collates the password corresponding to the access right specified for each file. I am doing it. As shown in Table 1, the permissible number of times to detect an attack (wrong password input) is set for each file, and access restrictions are stipulated.

Next, the operation of the IC card system having the above configuration will be described. FIG. 3B is a diagram showing a configuration example of an attack detection program 24g provided in the ROM 24, and FIG. 4 is a flowchart showing details of an attack detection process regarding the operation of the IC card system in the present embodiment. .. In FIG. 4, a collation procedure with PIN data will be described as an example of the attack detection method.
A PIN verification command corresponding to the PIN input for releasing the access restriction corresponding to the read instruction set in the file is transmitted to the IC card. (S101). Then, the IC card compares and collates whether or not the received PIN data is the same as that stored in the IC card (S102).

Here, if the received PIN data is the same as that stored in the IC card (YES in S103), the number of attack detections is reset (S109) in order to give the access right to the read instruction, and then The matching state of the PIN is set to the matching successful state (S110), and a status word indicating that the matching is successful is returned to the terminal side (S111).

On the other hand, in S103, if the received PIN data is not the same as the one stored in the IC card, it is recognized that the PIN is collated unsuccessfully, and 1 is added to the number of consecutive mistakes, which is a variable in the attack detection count counter. (S104).

Then, the added number of consecutive mistakes (described as "attack detection number" in the flowchart) and the number of consecutive mistakes allowed in advance (described as "attack allowable number" or "allowable number" in the flowchart). When the number of consecutive mistakes exceeds the permissible number of consecutive mistakes (YES in S106), the encryption used to encrypt the file stored in the non-volatile memory is used. The key data, or the decryption key data used to decrypt the encrypted file, is erased. (S107) When deleting the key data, the "common key" is deleted when the key used for encryption / decryption is the same encryption method according to the handling of the file, and the encryption / decryption is performed. If the keys used are different encryption methods, the "public key" will be canceled.

Then, the fact that the collation has failed is transmitted to the terminal side as a status word (S108).

When the forcible deletion of the encryption key is executed, it is considered that the IC card has been illegally accessed, and it is determined as "abnormal termination".

FIG. 5 is a flow for explaining the operation of the IC card system (attack detection processing is omitted) after reading the file according to the result of the comparison and collation of PIN data (S102). If the PIN collation is unsuccessful (NO in S203), a status word indicating that you do not have file access authority is transmitted to the data processing device (S207). If the PIN verification is successful (YES in S203), read the encrypted file (YES in S204) or write data to the file (NO in S204). Processing is selected. Here, the authentication process of the next step is performed.

In file reading, decryption of the file encrypted with the decryption key is attempted (S205), and if successful, the plain-cultivated data is transmitted to the operator through the data processing device. In data writing, encryption of data is attempted using an encryption key (S208), and if successful, the fact that the encrypted data has been added to the file is transmitted through the processing device.

In both the file read and data write processes, if nonconformity in the authentication process is confirmed and the attack is considered to be more than the allowable number of attacks (S212), it is considered that unauthorized access has been performed, and the encryption key or decryption is performed. The key is deleted and it is determined to be "abnormal termination". By deleting the encryption key or decryption key, the file is protected from unauthorized reading and writing without erasing the stored file, and information leakage and falsification can be prevented.

According to this embodiment, the number of times the password verification is verified is limited. Therefore, when the password is retransmitted, the encryption key is forcibly erased regardless of the user's intention when the upper limit is exceeded. Therefore, the encrypted file is left in the non-volatile memory, and only the IC card in which the file in the undecryptable state is stored remains, so that the file leakage can be prevented.

1 IC card processing device 2 IC card 21 External terminal 22 Control unit 23 RAM
24 ROM
24g, 241 Attack detection processing program 25 Non-volatile memory 25a Authentication data table 251 Storage area for authentication information (PIN data) 252 Storage area for collation count 253 Storage area for permissible collation count 254 Storage area for collation interruption count 255 Permissible interruption count Storage area 11 Terminal device 12 Display device 13 Keyboard 14 Card reader / writer

Claims (5)

It is equipped with a module that mounts a program in the memory that detects unauthorized access to files stored in the non-volatile memory area.
When the number of attacks detected on the file stored after being encrypted using the encryption key exceeds the permissible number, the program uses the encryption key data or the encryption key data for encrypting the file. A semiconductor device comprising a module having a function of making it impossible to encrypt or decrypt the file by deleting the decryption key data from the non-volatile memory area. The file is encrypted by the encryption key stored in the memory, the file encrypted by the decryption key stored in the memory is flattened, and the file in the memory is read / written. The semiconductor device according to claim 1. The semiconductor device according to claim 1, wherein the file is stored in a non-volatile memory area as a table in a state where an encryption key and an allowable number of attack detections are set according to the file classification. .. In an IC card that stores files that make up security data and manages access to the files with a password.
It is equipped with a module in which a program for detecting an unauthorized access to the file stored in the non-volatile memory area is mounted in the memory.
When the number of detected attacks on the file stored after being encrypted using the encryption key exceeds the permissible number, the program uses the encryption key data or decryption key for encrypting the file. An IC card comprising a module having a function of making it impossible to decrypt the file by deleting data from the non-volatile memory area. A data processing method that reads and writes files stored in the non-volatile memory area of a semiconductor device.
The number of attempts to collate the PIN (Personal Identification Number), which is the authentication information stored in the memory, is stored as the number of attack detections by the collation attempt counter.
The number of times that the continuous error of collation with respect to the authentication information is allowed is stored in the memory as a preset allowable number of attacks.
When a collation command requesting collation with the authentication information for the purpose of releasing access restrictions to files stored in the non-volatile memory area is received from an external data processing device, the number of attack detections is the number of permissible attacks. Judging whether or not it has reached
When it is determined by this determination that the number of times the attack is detected has reached the permissible number of attacks, the encryption key used to store the file after being encrypted or the file is read in a plain culture. Delete the decryption key used from memory,
A data processing method characterized by that.

Images