JP2021022839A - Communication system and method - Google Patents

Abstract

To provide a communication system and the like capable of updating a key held by an application even when the application is in communication with a communication terminal such as an SE utilization device.SOLUTION: A second application for updating a key is provided separately from a first application for holding the key to be updated, and a key updating device updates the key held by the first application via the second application.SELECTED DRAWING: Figure 2

Description

The present invention relates to a technical field of an electronic information storage medium such as a Secure Element (SE) having an application (sometimes referred to as "Application") for encrypting communication data between communication terminals.

For IC (Integrated Circuit) cards such as SEs equipped with Applications, products that comply with the Java (registered trademark) Card specifications and Global Platform (registered trademark) specifications have become the de facto standard. In the IC card, there is always one or more security domains (SD) that are applications for managing the IC card itself and the application in the IC card. SD includes ISD (Issuer Security Domain) and SSD (Supplementary Security Domains). Such SD mainly supports the following functions (1) to (9).

(1) IC card life cycle management
(2) Application program life cycle management
(3) Application instance life cycle management
(4) Loading the application program
(5) Application instance generation (installation)
(6) Deleting an application program or application instance
(7) Writing issued data for applications
(8) Reading data
(9) Securing a secure communication path according to the Secure Channel Protocol (SCP)

By supporting the functions (1) to (9) above, ISD realizes the management and security policy of the issuer of the IC card for the card content (application program, application instance, etc.) in the IC card. .. On the other hand, SSD supports the functions (1) to (9) above to realize the management and security policy of a third party who provides services on the IC card for the card content in the IC card. .. Here, the third party who provides the service on the IC card means a person who is in a position other than the issuer of the IC card and the holder of the IC card (the user who is the target of issuing the IC card). In addition, in the function (9) above, the SCP has the confidentiality of command data, the integrity of commands (and the command sequence) for the communication path between the SD in the IC card and the external entity (external device) of the IC card. Guarantee), provides additional integrity of sensitive data (eg, keys and PIN codes) in command data (plain text). According to the Global Platform specifications, when performing the above functions (1) to (7), it is mandatory to execute them on SCP. Therefore, the SD and the external device hold the key for the secure channel so that the IC card and the external device can communicate securely.

In Patent Document 1, the key version of the secure channel key used for secure processing to make the established communication path between the external device and the application a secure communication path (secure channel) is explicitly specified on the external device side. The technology that makes it possible to use multiple default key versions properly without specifying in is disclosed.

JP-A-2018-82246

As shown in FIG. 1, a secure channel is used when the SE utilization device (external device) and the Application in the SE communicate with each other. For the secure channel, the secure channel key KA held by the SSD corresponding to the Application and the SE utilization device is used. That is, secure communication is ensured by encrypting the communication data between the SE utilization device and the Application using the secure channel key KA. In addition, when the SE-using device communicates with a server (not shown), the SE-using device performs encryption / decryption processing of communication data between the SE-using device and the server (encryption / decryption processing using the encryption key KB) for Application. ) May be requested, and the secure channel is also used for sending and receiving plaintext and ciphertext (encrypted plaintext) at that time.

On the other hand, in order to ensure security, the encryption key KB held by Application has an upper limit of the number of times of use, and when the number of times of use reaches the upper limit, it is necessary to update the encryption key KB. Specifically, the SE key management device 3 updates the encryption key KB held by the Application. Here, when using / updating the encryption key KB, a secure channel is used, but according to the Global Platform specifications, one Application cannot use multiple secure channels at the same time, and one Multiple devices cannot use the secure channel established by Application. Therefore, the SE key management device 3 cannot update the encryption key KB held by the Application while the Application is communicating with the SE utilization device. Therefore, in order to update the encryption key KB, the communication between the Application and the SE user device is temporarily terminated, a secure channel is opened between the SE key management device 3 and the Application to update the encryption key KB, and then the SE key management is performed. It is necessary to take the procedure of terminating the communication between the device 3 and the Application and opening the secure channel again between the SE user device and the Application, which requires time to update the key. In particular, if the SE-using device needs to update the key while communicating with the server, it may be necessary to interrupt the communication with the server.

Therefore, an object of the present invention is to provide a communication system or the like that can update the key held by the application even while the application is communicating with a communication terminal such as an SE utilization device.

In order to solve the above problems, the invention according to claim 1 has an electronic information storage having a storage means for storing a first security management application, a second security management application, a first application, and a second application. A communication terminal that communicates with the first application via a medium, a first secure channel that uses a first secure channel key held by the first security management application, and the second security management. A key updater that communicates with the second application via the second secure channel using the second secure channel key held by the application and updates the encryption key information held by the first application. The key updater includes an update key information transmitting means for transmitting update encryption key information for updating the encryption key information to the electronic information storage medium, and the electronic. The information storage medium includes a holding means for holding the update encryption key information in the second application when the update encryption key information is received from the key update device, and the update held by the second application. An update in which the delivery means for passing the encryption key information for use to the first application and the encryption key information held by the first application are updated by the update encryption key information transferred from the second application. It is characterized by providing means.

The invention according to claim 2 is the communication system according to claim 1, wherein the electronic information storage medium includes a key information using means for performing a predetermined process using the encryption key information, and the encryption key. The number of times the information is used is counted, and when the number of times the information is used reaches a predetermined number of times, the arrival information indicating that the number of times the encryption key information has been used has reached the predetermined number of times is transmitted to the communication terminal. The communication terminal includes information transmitting means, and when the communication terminal receives the arrival information from the electronic information storage medium, the communication terminal provides warning information indicating that the number of times the encryption key information has been used has reached the predetermined number of times. The key information transmitting means for updating the key updating device includes a warning information transmitting means for transmitting the warning information to the key updating device, and when the warning information is received from the communication terminal, the updating encryption key information is transmitted to the electronic information. It is characterized by transmitting to a storage medium.

The invention according to claim 3 is the communication system according to claim 2, wherein the predetermined number of times is less than the upper limit of the number of times the encryption key information is used.

The invention according to claim 4 is the communication system according to claim 2 or 3, wherein the second secure channel is opened after receiving the warning information from the communication terminal. ..

The invention according to claim 5 is the communication system according to any one of claims 2 to 4, wherein the execution unit of the electronic information storage medium executes the first application. It functions as a key information use means, a arrival information transmission means, and an update means, and by executing the second application, it functions as a holding means and a delivery means.

The invention according to claim 6 comprises an electronic information storage medium having a storage means for storing a first security management application, a second security management application, a first application, and a second application, and the first security. A communication terminal that communicates with the first application via the first secure channel that uses the first secure channel key held by the management application, and a second secure held by the second security management application. A communication method in a communication system including a key update device that communicates with the second application via a second secure channel that uses a channel key and updates the encryption key information held by the first application. The update key information transmission step in which the key update device transmits the update encryption key information for updating the encryption key information to the electronic information storage medium, and the electronic information storage medium is the key. A holding step of causing the second application to hold the update encryption key information when the update encryption key information is received from the update device, and the update held by the electronic information storage medium of the second application. The transfer step of passing the encryption key information for use to the first application, and the update of the encryption key information held by the electronic information storage medium by the first application from the second application. It is characterized by including an update process of updating with encryption key information.

According to the present invention, even if the first application is communicating with the communication terminal via the first secure channel, the second application can update the key information from the key updater via the second secure channel. Is received and passed to the first application, the key held by the first application can be updated.

It is a block diagram which shows the update example of the conventional encryption key KB. It is a block diagram which shows the update example of the encryption key KB1 by this embodiment. It is a block diagram which shows the outline structure example of SE utilization apparatus 1 and SE2 which concerns on this Embodiment. It is a figure which shows an example of the hierarchical structure formed between a plurality of SDs and a plurality of Applications. It is a block diagram which shows the outline structure example of the SE key management apparatus 3 which concerns on this embodiment. It is a sequence diagram which shows the flow of the encryption processing using the encryption key KB1 in this embodiment. It is a sequence diagram which shows the flow of the key update process of updating the encryption key KB1 with the encryption key KB2 in this embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings. The embodiment described below is an embodiment when the present invention is applied to a key renewal system having SE utilization device 1, SE 2 and SE key management device 3.

[1. Overview of key update system S]
First, the outline of the key update system S according to the present embodiment will be described with reference to FIG. 2 and the like. A secure channel is used when the SE utilization device 1 and Application-1 in the SE communicate with each other. For the secure channel, the secure channel key KA held by the SSD-1 corresponding to Application-1 and the SE utilization device 1 is used. That is, secure communication is ensured by encrypting the communication data between the SE utilization device 1 and Application-1 using the secure channel key KA (the secure channel between the SE utilization device 1 and Application-1 is "". Sometimes referred to as the "first secure channel"). Further, when the SE utilization device 1 communicates with a server (not shown), the SE utilization device 1 performs encryption processing (encryption key KB1) of communication data (plain text) between the SE utilization device 1 and the server for Application-1. (Cryptographic processing used) is requested. An upper limit of the number of times of use is set for the encryption key KB1 held by Application-1, and it is necessary to update the encryption key KB1 when the number of times of use reaches the upper limit. Specifically, the SE key management device 3 performs a process for updating the encryption key KB1 held by Application-1.

Here, as described above with reference to FIG. 1, when the encryption key KB1 is used / updated, the secure channel is used. However, according to the Global Platform specification, Application-1 uses a plurality of secure channels at the same time. Can't be done. That is, the SE key management device 3 cannot directly update the encryption key KB1 held by the Application-1 while the Application-1 is communicating with the SE utilization device 1.

Therefore, in the key update system S of the present embodiment, as a mechanism for updating the encryption key KB1 held by Application-1, Application-2 for key update and SSD-2 for managing the key are provided in SE2. To do. When the SE key management device 3 attempts to update the encryption key KB1, the SE key management device 3 may first refer to the application-2 and the secure channel (the secure channel between the SE key management device 3 and the Application-2 is referred to as the "second secure channel". There is) to open. That is, secure communication is ensured by encrypting the communication data between the SE key management device 3 and Application-2 using the secure channel key KC. Next, the SE key management device 3 transmits the encryption key KB2 for updating the encryption key KB1 to Application-2 via the second secure channel. Then, Application-2 passes the encryption key KB2 to Application-1, and Application-1 updates the encryption key KB1 with the received encryption key KB2.

[2. Configuration of SE utilization device 1 and SE2]
The configuration of the SE utilization device 1 and the SE 2 capable of communicating with the SE utilization device 1 will be described with reference to FIG. The SE utilization device 1 includes a control unit 11, a communication unit 12, an input unit 13, and an output unit 14.

The control unit 11 includes a CPU (Central Processing Unit) 111, a RAM (Random Access Memory) 112, a ROM (Read Only Memory) 113, an I / O circuit 114, and a non-volatile memory 115, and is composed of the entire SE utilization device 1. To control. For example, the control unit 11 performs processing based on the input data and input information input to the input unit 13, and outputs the output data and output information to the output unit 14. The communication unit 12 performs a process for communicating with an external device such as a server (not shown). The input unit 13 inputs input data and input information to the control unit 11. The output unit 14 outputs based on the output data and output information output from the control unit 11.

In the RAM 112, for example, data temporarily required for the functioning of an OS (Operating System) and various applications is stored. The OS, various applications, and the like are stored in the ROM 113. The I / O circuit 114 serves as a communication interface with the SE2. For example, a flash memory or an "Electrically Erasable Programmable Read-Only Memory" can be applied to the non-volatile memory 115. The non-volatile memory 115 stores a program or the like for executing a process described later.

The SE2 includes a CPU 21, a RAM 22, a non-volatile memory 23, and an I / O circuit 24. SE2 has high tamper resistance. High tamper resistance means that the processing mechanism of confidential information such as keys for encryption, decryption, and signature verification is illegally observed / modified from the outside, and the mechanism of processing confidential information is illegal. It means that it is extremely difficult to modify it. In this embodiment, SE2 has higher tamper resistance than the control unit 11 which is a non-secure element.

The RAM 22 stores, for example, data temporarily required for the OS and various applications to function.

For example, a flash memory or an "Electrically Erasable Programmable Read-Only Memory" can be applied to the non-volatile memory 23. The non-volatile memory 23 stores an OS, various applications, a program for executing a process described later, a key, and the like.

The I / O circuit 24 serves as a communication interface with the control unit 11.

FIG. 4 is a diagram showing an example of the functional configuration of SE2. In the example of FIG. 4, ISD, SSD-1, SSD-2, Application-1, Application-2, and Application-3 operate on the OS of SE2. Under ISD, SSD-1, SSD-2, and Application-3 exist, and under SSD-1, Application-1 and Application-2 exist under SSD-2. SSD-1, SSD-2, and Application-3 that exist under ISD operate according to the security policy of ISD. SSD-1 holds the secure channel key KA used for the secure channel between Application-1 and the SE utilization device 1. Similarly, the SSD-2 holds the secure channel key KC used for the secure channel between the Application-2 and the SE key management device 3. Further, Application-1 holds an encryption key KB1 for encrypting / decrypting communication between the SE utilization device 1 and a server (not shown). The secure channel key KA, the secure channel key KC, and the encryption key KB1 are managed by the key storage. The key storage is provided, for example, in a secure storage area in the non-volatile memory 23.

[3. Configuration of SE key management device 3]
Next, the configuration of the SE key management device S will be described with reference to FIG. As shown in FIG. 5, the SE key management device S includes a control unit 31, a storage unit 32, a communication unit 33, a display unit 34, and an operation unit 35.

The storage unit 32 is composed of, for example, an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like, and is held by the OS, a program for executing a process described later, various other data, and Application-1. The encryption key KB1 key for updating the encryption key KB1 to be used is stored.

The communication unit 33 controls communication with SE2 (particularly Application-2).

The display unit 34 is composed of, for example, a liquid crystal display or the like, and is designed to display information such as characters and images.

The operation unit 35 is composed of, for example, a keyboard, a mouse, or the like, and receives an operation instruction from an operator and outputs the instruction content as an instruction signal to the control unit 31.

The control unit 31 is composed of a CPU that controls the entire control unit 31, a ROM that stores a control program that controls the control unit 31 in advance, and a RAM that temporarily stores various data. Then, the CPU realizes various functions by reading and executing various programs stored in the ROM and the storage unit 32.

[4. Encryption processing using encryption key KB1]
Next, the flow of encryption processing using the encryption key KB1 in the key update system S will be described with reference to FIG. Specifically, in the encryption process, the SE utilization device 1 sends the plaintext to Application-1, has Application-1 encrypt the plaintext using the encryption key KB1, and the encrypted text is encrypted. The process of receiving. Before starting the process of FIG. 6, the secure channel key for establishing the first secure channel between the SE utilization device 1 and the SSD-1 and between the SE utilization device 1 and Application-1. KA will be shared. Similarly, the SE key management device 3 and the SSD-2 share the secure channel key KC for opening a second secure channel between the SE key management device 3 and Application-2. To do. Further, in Application-1, the upper limit of the number of times the encryption key KB1 held by Application-1 can be used is set in advance.

First, the SE utilization device 1, Application-1 and SSD-1 use the secure channel key KA to open a first secure channel between the SE utilization device 1 and Application-1. Specifically, the control unit 11 of the SE utilization device 1 transmits an INITIALIZE UPDATE command to Application-1 (step S1). Communication between the SE utilization device 1 and Application-1 and between the SE key management device 3 and Application-2 is performed by an APDU (Application Protocol Data Unit).

Upon receiving the INITIALIZE UPDATE command from the SE utilization device 1, Application-1 (CPU 21 of SE2 that executes Application-1; the same applies hereinafter) transmits the INITIALIZE UPDATE command to SSD-1 (step S2). Specifically, the INITIALIZE UPDATE command is sent by processSecrutiy () of GPAPI (GlobalPlatform API).

When SSD-1 (CPU21 of SE2 that executes SSD-1. The same applies hereinafter) receives the INITIALIZE UPDATE command, it executes the process according to the command, and the response data and SW (Status Word) "9000h" (the same applies hereinafter). SW) indicating normal termination is returned to Application-1 (step S3).

When Application-1 receives the response data and SW "9000h" from SSD-1, it transmits this to the SE utilization device 1 (step S4).

When the control unit 11 of the SE utilization device 1 receives the response data and the SW “9000h” from Application-1, then sends an EXTERNAL AUTHENTICATE command to Application-1 (step S5).

When Application-1 receives the EXTERNAL AUTHENTICATE command from the SE utilization device 1, it transmits the EXTERNAL AUTHENTICATE command to SSD-1 (step S6). Specifically, the EXTERNAL AUTHENTICATE command is sent by processSecrutiy () of GPAPI (GlobalPlatform API).

When the SSD-1 receives the EXTERNAL AUTHENTICATE command, it executes the process corresponding to the command and returns SW "9000h" to Application-1 (step S7).

When Application-1 receives SW "9000h" from SSD-1, it transmits this to SE utilization device 1 (step S8). As described above, the secure channel between the SE utilization device 1 and Application-1 is established by the processes of steps S1 to S8, and thereafter, communication is performed via the secure channel.

When the secure channel is opened, the SE utilization device 1 requests the processing of encrypting the plaintext to Application-1, and Application-1 encrypts the plaintext using the encryption key KC1.

Specifically, the control unit 11 of the SE utilization device 1 applies a command APDU including data in which the plaintext to be encrypted is encrypted with the secure channel key KA and a MAC (Message Authentication Code) by PSO ENCIPHER. Send to -1 (step S9). The command APDU is composed of, for example, CLA, INS, P1, P2, Lc, a data field, MAC, and Le, and the data field stores data in which plain text is encrypted with the secure channel key KA. In addition, SM (Secure Messaging) is performed between Application-1 and SSD-1, and before the SM process (step S11) described later, the SM bit of CLA in the command APDU (the command defined in Global Platform and ISO7816). The bit indicating the presence or absence of SM in the APDU) is set to "ON", and if the SM processing is performed, the SM bit is set to "OFF" in the command APDU (hereinafter, the command APDU in which the SM bit is "ON") A command APDU whose SM bit is "OFF" may be referred to as a "SM post-processing command APDU"). There are three types of SM, and which one to use is specified by the EXTERNAL AUTHENTICATE command.

When Application-1 receives the SM processing pre-command APDU from the SE utilization device 1, it first transmits a SM processing request to SSD-1 (step S10). Specifically, the SM pre-processing command APDU is transmitted by unwrap () of GPAPI.

When the SSD-1 receives a request for SM processing (command APDU before SM processing), it executes SM processing (step S11). Specifically, the MAC authentication process and the process of decrypting the data stored in the data field by the secure channel key KA are performed. If there is no problem in these processes, SSD-1 applies the SM post-processing command APDU, which is the following (1) and (2) edited for the SM pre-processing command APDU received from Application-1. Send to -1 (step S12).
(1) Turn the SM bit "OFF"
(2) Store the plaintext decrypted with the secure channel key KA in the data field.

When Application-1 receives the command APDU after SM processing, the plaintext stored in the data field is encrypted using the encryption key KB1 (step S13). Next, Application-1 counts up the number of times the encryption key KB1 is used (step S14). Next, Application-1 transmits a response APDU including a ciphertext (encrypted plaintext) and SW "9000h" to the SE utilization device 1 (step S15).

After that, the SE utilization device 1, Application-1 and SSD-1 repeat the processes of steps S9 to S15 until a predetermined condition is satisfied. The predetermined conditions are, for example, (1) the SE utilization device 1 does not need to encrypt the plaintext, and (2) the number of times the encryption key KB1 is used reaches the upper limit.

[5. Key update process for updating encryption key KB1 with encryption key KB2]
Next, the flow of the key update process for updating the encryption key KB1 with the encryption key KB2 in the key update system S will be described with reference to FIG. 7. Specifically, the key update process refers to a process in which the SE key management device 3 updates the encryption key KB1 to the encryption key KB2 when the number of times the encryption key KB1 of Application-1 is used reaches the upper limit. A secure channel key for establishing a first secure channel between the SE-using device 1 and the SSD-1 and between the SE-using device 1 and Application-1 before starting the process of FIG. 7. KA will be shared. Similarly, the SE key management device 3 and the SSD-2 share the secure channel key KC for opening a second secure channel between the SE key management device 3 and Application-2. To do. Further, in Application-1, the upper limit of the number of times the encryption key KB1 held by Application-1 can be used is set in advance.

The specific process of the key update process is performed when the number of times the encryption key is used reaches the upper limit. That is, Application-1 (CPU21 of SE2 that executes Application-1; the same applies hereinafter) increases the number of times the encryption key is used while repeating steps S9 to S15 of FIG. When it is determined that the value has been reached, the ciphertext encrypted in the process of step S13 and the SW “62XXh” (or “63XXh”) are transmitted to the SE utilization device 1. The SW "62XXh" (or "63XXh") is a SW indicating that the number of times the encryption key has been used has reached the upper limit.

When the control unit 11 of the SE utilization device 1 receives the ciphertext and SW "62XXh" (or "63XXh") from Application-1, the SE key provides warning information indicating that the number of times the encryption key KB1 has been used has reached the upper limit. It is transmitted to the management device 3 (step S17). Then, the control unit 11 of the SE utilization device 1 interrupts the encryption process (steps S9 to S15 in FIG. 6).

When the control unit 31 of the SE key management device 3 receives the warning information from the SE utilization device 1, the SE key management device 3, Application-2 and SSD-2 manage the SE key using the secure channel key KC. Establish a second secure channel between device 3 and Application-2. Since the specific processing is the same as the processing of steps S1 to S8 of FIG. 6, the description thereof will be omitted.

When the second secure channel is opened, the control unit 31 of the SE key management device 3 includes data and a MAC in which the encryption key KB2 for updating the encryption key KB1 is encrypted with the secure channel key KC. The SM pre-processing command APDU is transmitted to Application-2 by CHANGE REFERENCE DATA (step S18).

When Application-2 receives the SM pre-processing command APDU from the SE key management device 3, it first transmits a SM processing request to SSD-2 (step S19). Specifically, the SM pre-processing command APDU is transmitted by unwrap () of GPAPI.

When the SSD-2 receives the SM processing request (SM processing pre-command APDU), it executes the SM processing (step S20). Specifically, the MAC authentication process and the process of decrypting the data stored in the data field with the secure channel key KC are performed. If there is no problem with these processes, the SSD-2 will apply the SM post-process command APDU that has been edited in (1) and (2) below to the SM pre-process command APDU received from Application-1. Send to -2 (step S21).
(1) Turn the SM bit "OFF"
(2) Store the encryption key KB2 decrypted with the secure channel key KC in the data field.

When Application-2 receives the SM processed command APDU, it transmits the encryption key KB2 stored in the data field to Application-1 (step S22). For example, when Application-1 and Application-2 comply with the Java (registered trademark) specifications, they are transmitted using Java's inter-application data transfer method.

When Application-1 receives the encryption key KB2 from Application-2, the Application-1 updates the encryption key held by itself from the encryption key KB1 to the encryption key KB2 (step S23). Next, Application-1 initializes the number of times the encryption key has been used so far (step S24). Next, Application-1 notifies Application-2 that the key update process has been completed normally (step S25).

Upon receiving the notification, Application-2 transmits a response EPADU including SW "9000h" to the SE key management device 3 (step S26).

When the control unit 31 of the SE key management device 3 receives the SW “9000h” from Application-2, the control unit 31 notifies the SE utilization device 1 that the key update has been completed (step S27).

Upon receiving the notification, the control unit 11 of the SE utilization device 1 restarts the interrupted encryption process (steps S9 to S15 in FIG. 6) and repeats the process until a predetermined condition is satisfied. However, in the process of step S13, encryption is performed by the updated encryption key KB2.

Although the case of encrypting the plaintext has been described with reference to FIGS. 6 and 7, the same processing can be performed in the case of decrypting the ciphertext into the plaintext.

As described above, the key update system S according to the present embodiment includes SSD-1 (an example of the "first security management application"), SSD-2 (an example of the "second security management application"), and Application. SE2 (“electronic information storage medium”) having a non-volatile memory 23 (an example of a “storage means”) that stores -1 (an example of a “first application”) and Application-2 (an example of a “second application”). ”) And SE use that communicates with Application-1 via the first secure channel that uses the secure channel key KA held by SSD-1 (an example of“ first secure channel key ”). Application-2 via a second secure channel using device 1 (an example of a "communication terminal") and a secure channel key KC (an example of a "second secure channel key") held by SSD-2. It has an SE key management device 3 (an example of a "key update device") that communicates with and updates an encryption key KB1 (an example of "encryption key information") held by Application-1. The control unit 31 of the SE key management device 3 (an example of the “update key information transmitting means”) transmits the encryption key KB2 (an example of the “updated encryption key information”) for updating the encryption key KB1 to the SE2. .. The SE2 CPU 21 (an example of "holding means", "delivery means", and "update means") causes Application-2 to hold the encryption key KB2 when the encryption key KB2 is received from the SE key management device 3, and Application- The encryption key KB2 held by 2 is passed to Application-1, and the encryption key KB1 held by Application-1 is updated by the encryption key KB2 passed from Application-2.

Therefore, according to the key update system S of the present embodiment, even if Application-1 is communicating with the SE utilization device 1 via the first secure channel, Application-2 is via the second secure channel. By receiving the encryption key KB2 from the SE key management device 3 and passing it to Application-1, the encryption key KB1 held by Application-1 can be updated.

Further, when the first secure channel between Application-1 and the SE utilization device 1 is temporarily terminated for key update and the secure channel is opened again after the key update, the non-volatile memory 23 is used to open the secure channel. Although writing is required a large number of times, according to the present embodiment, the life of the non-volatile memory 23 can be extended because it is not necessary.

Further, conventionally, since the SE utilization device 1 holds the secure channel key KA, there is a problem that a malicious person can update the encryption key KB1 by using the SE utilization device 1. According to the key update system S of the form, since the encryption key KB1 can be updated only via Application-2, it is possible to prevent such a problem from occurring.

Further, in the key update system S according to the present embodiment, the CPU 21 of SE2 (an example of "key information using means" and "arrival information transmitting means") encrypts plaintext using the encryption key KB1 (encryption processing (example). An example of "predetermined processing") is performed, the number of times the encryption key KB1 is used is counted, and when the number of times reaches the predetermined number of times, the number of times the encryption key KB1 has been used reaches the predetermined number of times. The indicated SW "62XXh" (or "63XXh") (an example of "arrival information") is transmitted to the SE utilization device 1. When the control unit 11 (an example of the "warning information transmitting means") of the SE utilization device 1 receives the SW "62XXh" (or "63XXh") from the SE2, the number of times the encryption key KB1 is used reaches a predetermined number of times. Warning information indicating that this has been done is transmitted to the SE key management device 3. When the control unit 31 of the SE key management device 3 receives the warning information from the SE utilization device 1, the control unit 31 transmits the encryption key KB2 to the SE2. Therefore, according to the key update system S according to the present embodiment, when the number of times the encryption key KB1 has been used reaches a predetermined number of times, the encryption key KB2 can be updated, and the security by not updating the encryption key KB2. The decrease can be prevented.

In the present embodiment, the number of times the encryption key KB1 is used is counted, and when the upper limit value as a predetermined number of times is reached, the SE key management device 3 is notified via Application-1 and the SE utilization device 1. Was notified and it was decided to execute the process for key update, but in this case, it takes time from the time when the number of times the encryption key KB1 is used reaches the upper limit until the key is updated. There are cases where the process has to be interrupted. Therefore, a modified example of the present embodiment described below may be adopted.

First, Application-1 counts the number of times the encryption key KB1 is used, and when it reaches a value less than the upper limit value (an example of the "predetermined number of times" of the present invention), Application-1 and SE utilization device 1 are used. The SE key management device 3 is notified to that effect via the SE key management device 3 (step S16, step S17 in FIG. 7), and the encryption key KB2 is transmitted from the SE key management device 3 to Application-1 through steps S18 to S22. And. When Application-1 receives the encryption key KB2, it holds the encryption key KB2 once, and when the number of times the encryption key KB1 is used reaches the upper limit, the application-1 updates the encryption key KB1 with the encryption key KB2 once held. As a result, it is possible to significantly reduce the time from when the number of times the encryption key KB1 is used reaches the upper limit until the key is updated. The value less than the upper limit value is a value obtained by subtracting a value larger than the number of processing times of the encryption processing (step S9 to step S15) executed within the time required for the processing of steps S16 to S22. For example, if it takes s seconds to process steps S16 to S22 and the encryption process can be processed n times in s seconds, the value is obtained by subtracting the number of times larger than n (even if the number of times is larger by taking a margin). Good).

In this modification, when Application-1 receives the encryption key KB2, the encryption key KB1 may be updated immediately even if the number of times the encryption key KB1 has been used has not reached the upper limit. In this case, Application-1 does not use the encryption key KB2 up to the upper limit, but whether or not the number of uses reaches the upper limit each time the encryption key KB1 is used while the encryption key KB2 is once held. Since it is not necessary to determine the value, the processing load can be reduced.

1 SE utilization device 11 Control unit 111 CPU
112 RAM
113 ROM
114 I / O circuit 115 Non-volatile memory 12 Communication unit 13 Input unit 14 Output unit 2 SE
21 CPU
22 RAM
23 Non-volatile memory 24 I / O circuit 3 SE Key management device 31 Control unit 32 Storage unit 33 Communication unit 34 Display unit 35 Operation unit KA, KC Secure channel key KB, KB1, KB2 Encryption key

Claims (6)

An electronic information storage medium having a storage means for storing a first security management application, a second security management application, a first application, and a second application.
A communication terminal that communicates with the first application via the first secure channel that uses the key for the first secure channel held by the first security management application.
The encryption key information held by the first application is transmitted by communicating with the second application via the second secure channel using the key for the second secure channel held by the second security management application. The key updater to update and
Is a communication system that has
The key update device is
An update key information transmitting means for transmitting update encryption key information for updating the encryption key information to the electronic information storage medium,
With
The electronic information storage medium is
A holding means for causing the second application to hold the update encryption key information when the update encryption key information is received from the key update device.
A delivery means for passing the update encryption key information held by the second application to the first application, and
An update means for updating the encryption key information held by the first application with the update encryption key information passed from the second application.
A communication system characterized by comprising. The communication system according to claim 1.
The electronic information storage medium is
A key information usage means that performs predetermined processing using the encryption key information, and
The number of times the encryption key information is used is counted, and when the number of times the encryption key information is used reaches a predetermined number of times, the communication terminal is provided with arrival information indicating that the number of times the encryption key information has been used has reached the predetermined number of times. Reach information transmission means to be transmitted and
With
The communication terminal is
A warning information transmitting means for transmitting warning information indicating that the number of times the encryption key information has been used has reached the predetermined number of times to the key update device when the arrival information is received from the electronic information storage medium.
With
The key information transmitting means for updating the key updating device is
A communication system characterized in that when the warning information is received from the communication terminal, the update encryption key information is transmitted to the electronic information storage medium. The communication system according to claim 2.
A communication system characterized in that the predetermined number of times is less than the upper limit of the number of times the encryption key information is used. The communication system according to claim 2 or 3.
The second secure channel is a communication system that is opened after receiving the warning information from the communication terminal. The communication system according to any one of claims 2 to 4.
The execution unit of the electronic information storage medium is
By executing the first application, it functions as the key information using means, the arrival information transmitting means, and the updating means.
A communication system characterized in that it functions as the holding means and the delivery means by executing the second application. An electronic information storage medium having a storage means for storing a first security management application, a second security management application, a first application, and a second application.
A communication terminal that communicates with the first application via the first secure channel that uses the key for the first secure channel held by the first security management application.
The encryption key information held by the first application is transmitted by communicating with the second application via the second secure channel using the key for the second secure channel held by the second security management application. The key updater to update and
It is a communication method in a communication system having
An update key information transmission step in which the key update device transmits update encryption key information for updating the encryption key information to the electronic information storage medium, and
A holding step of causing the second application to hold the update encryption key information when the electronic information storage medium receives the update encryption key information from the key update device.
A delivery step in which the electronic information storage medium delivers the update encryption key information held by the second application to the first application.
An update step in which the electronic information storage medium updates the encryption key information held by the first application with the update encryption key information passed from the second application.
A communication method characterized by including.

Images