JP2021092949A - Control method of IC card with biometric information authentication function and IC card - Google Patents

Abstract

To provide a control method of an IC card that can implement biometric information authentication means without modifying an existing applet by automatically authenticating the identity of a user using an IC card with a biometric information authentication function using biometric information authentication when the IC card is used, and using a result for selecting an applet, which is an application in the IC card.SOLUTION: A control method of an IC card that performs usage processing of the IC card based on a result of biometric information authentication performed using a biometric information acquisition function on the IC card with a biometric information authentication function includes the steps of: performing biometric information authentication at a time when the IC card is connected to an IC card connection terminal and reset, prior to the execution of an applet selection command from the connection terminal; and using the stored result of the biometric information authentication to perform execution processing of the selected applet.SELECTED DRAWING: Figure 5

Description

The present invention relates to an IC card with a biometric information authentication function and a control method thereof.

At present, IC cards having a fingerprint authentication function are becoming widespread in the market, and it has become possible to provide a means instead of personal identification number authentication by PIN (Personal Identification Number), which is a combination of numbers up to now. Identity verification using biometric information, including fingerprint authentication, is expected as a more robust and safe means because it is difficult to steal in addition to the convenience of not having to remember the number like PIN. (Patent Document 1 below)

However, in the technique of Patent Document 1, since the biometric information is acquired on the IC card connection terminal side, the conventional two means of PIN authentication and biometric information authentication stand side by side, so that a dedicated IC card having a biometric information acquisition function is provided. Not only is it necessary to newly introduce a connected terminal, but it is also necessary to modify the payment applet, which is an application in the IC card, which is an obstacle to its widespread use.

Further, since the risk of fraudulent biometric information due to unauthorized use of the IC card connection terminal cannot be eliminated, it is desired to provide a more robust system.

On the other hand, by equipping the IC card itself with a function of acquiring user-specific biometric information such as a fingerprint, the biometric information can be directly obtained on the IC card without using a dedicated IC card connection terminal having a biometric information acquisition function. The technology to acquire is also proposed. (Patent Document 2 below).

However, in the technique of Patent Document 2, for an authentication means consisting of two individual pieces of information, identification information obtained from an IC card terminal device and biometric information obtained from a biometric information acquisition unit provided on the IC card. Since non-uniform procedures occur, the IC card transaction procedure does not conform to the EMV standard, so that there is a problem that it does not conform to the conventional workflow and hinders its widespread use.

Further, as shown in FIG. 1, in a general IC card transaction flow, when the IC card is connected to the IC card connection terminal and activated, the first thing to be performed is the selection of the applet (FIG. 1 (2)). However, since identity verification authentication is a procedure within the applet after the applet is selected (Fig. 1 (7)), it is necessary to repair the applet itself when introducing biometric information authentication means. Become.

In this way, even if the IC card is equipped with a biometric information authentication means without updating the IC card connection terminal to one equipped with a biometric information acquisition function, biometric information authentication is introduced unless the applet is modified. There was a problem that the obstacles to widespread use could not be eliminated because it could not be done.

Even after the introduction of biometric information authentication, there are multiple authentication methods, biometric information authentication and conventional PIN authentication, in parallel, and the authentication method can be freely selected from these, so easy PIN authentication is used. There is also a problem that authentication by biometric information, which is more robust, tends not to be used.

Japanese Unexamined Patent Publication No. 2008-176435 JP-A-2018-151799

An object to be solved by the present invention is to provide an IC card control method capable of implementing a biometric information authentication means without modifying an applet which is an application in an existing IC card.

The invention according to claim 1 is a means for solving the above problems.
It is a control method of an IC card that performs a usage process of the IC card based on the result of the biometric information authentication performed by using the biometric information acquisition function on the IC card with the biometric information authentication function.
An acquisition method for acquiring biometric information by reading the biometric information of the user into an IC card,
An authentication means for performing biometric information authentication using the acquired biometric information, and
It has a storage means for storing the result of the biometric information authentication, and has a storage means.
When the IC card is connected to the IC card connection terminal and reset, biometric information authentication is executed prior to execution of the applet selection command from the IC card connection terminal, and the saved biometric information authentication result is used. This is an IC card control method, characterized in that the execution process of the selected applet is performed.

Further, the invention according to claim 2 is
An IC card used in the control method according to claim 1.
A processing unit that executes multiple applets including the authentication process,
A storage unit that stores multiple applets and the execution results of applets,
A communication unit that performs data communication with an IC card connection terminal,
The acquisition department that acquires the biometric information of the user,
A display showing the status of the card or authentication process,
It consists of a power supply that supplies the power needed to perform these processes.
In addition to these, the IC card is characterized by having a function of executing an applet execution process selected by the IC card connecting terminal according to the result of the biometric information authentication stored in advance.

Further, the invention according to claim 3 is
The IC card according to claim 2, wherein the storage unit stores at least the result of biometric information authentication executed prior to the execution of the applet selection command from the IC card connection terminal.

When authenticating with biometric information, the biometric information can be collated only on the IC card side, so that the IC card connection terminal that has been used conventionally can be used as it is, so that no new capital investment is required.

At the stage of selecting a payment applet, the result of biometric information authentication that has already been completed immediately after connecting the IC card to the IC card connection terminal is referred to, so the existing applet can be used without modifying the payment applet. More versatile.

Since biometric information authentication is executed prior to the execution of any applet, the opportunity for unauthorized access by an unauthorized terminal can be eliminated, and the security becomes higher.

Since the biometric information confirmation process can be completed on the IC card side, it does not violate the EMV transaction and can be operated realistically.

Example of general IC card connection transaction flow. (No biometric information authentication) Comparison of conventional transaction flow and transaction flow according to the present invention. The schematic block diagram of the IC card used in this Example. The image figure of the IC card use scene in this Example. The sequence diagram of the transaction flow in this Example.

An embodiment of the present invention is shown below.

This embodiment is a technique capable of implementing a biometric information authentication function regardless of the payment applet used in the transaction flow of an IC card. In this embodiment, fingerprints are assumed as biological information.

First, the whole concept of the present invention will be described with reference to FIG. FIG. 2 shows the transaction flow of the present embodiment on the right side and the transaction flow of the prior art on the left side.

First, in the transaction flow of the present embodiment shown on the right side of FIG. 2, the IC card is connected to the IC card connection terminal, and the IC card fingerprint authentication process is executed at the moment when the power is supplied (reset) to the IC card, and the result of the fingerprint authentication is performed. Is stored in the storage unit of the IC card as a result flag of either success or failure. Next, when an applet select command is issued from the IC card connection terminal side, the fingerprint authentication result stored earlier is referred to. If the success flag is set, a normal response is returned, and if the failure flag is set, an error response is returned to the IC card connection terminal. As a result, if the fingerprint authentication is successful, the applet operation in the normal payment flow can be started.

On the other hand, in the transaction flow by the conventional technology shown on the left side of FIG. 2, since the payment applet processing proceeds without going through the fingerprint authentication process, the fingerprint authentication process must be performed in the payment applet processing. The applet needs to be modified.

That is, the existing IC card with fingerprint authentication function uses fingerprint authentication as an alternative to identity verification such as signature and PIN input in the payment applet, but since the fingerprint authentication result is not yet retained when the applet is selected, it is included in the payment applet. It is necessary to establish a new procedure for fingerprint authentication. On the other hand, in this embodiment, since the fingerprint authentication result can already be used when the applet is selected, there is no need to newly establish a fingerprint authentication procedure in the payment applet. Therefore, in this embodiment, it is not necessary to modify the existing payment applet, and the fingerprint authentication function can be easily implemented. This is a feature that differs greatly between the two technologies.

Then, a specific embodiment of this embodiment will be described below.

The IC card 100 used in the present invention may have the same configuration as a conventionally known IC card. For example, as shown in FIG. 3, a processing unit 110 that executes execution processing of various applets including an operating system (hereinafter referred to as OS) and an authentication process, various applets including an apple that executes a biometric information authentication process, and the execution processing results thereof are stored. The storage unit 120, the communication unit 130 that performs data communication with a higher-level host such as an IC card connection terminal, the acquisition unit 140 that acquires the biometric information of the user, and the display unit 150 that indicates the status of the card or the authentication process. , Consists of a power supply unit 160 that supplies the power required to carry out these processes.

The processing unit 110 is a central processing unit (CPU), has an OS on the hardware layer of the IC chip, and stores various applets stored in the storage unit 120 in the storage unit 120, the communication unit 130, and the acquisition unit 140. , The display unit 150 and the power supply unit 160 have a function of integrated control and execution.

The storage unit 120 has a function of storing data or results required for codes and arithmetic processing of various applets, and mainly supports Random Access Memory (RAM) corresponding to high-speed and frequent rewriting, and data can be stored even in a non-powered state. It consists of a storage device such as an Electrically Erasable Programmable Read-Only Memory (EEPROM) that holds and is rewritable, and a Read Only Memory (ROM) that holds data that does not need to be permanently rewritten.

For example, with regard to fingerprint authentication, since the user's fingerprint information registered before the present embodiment needs to be retained in the IC card even during non-power supply, the storage device must be stored in the EEPROM. However, since the fingerprint authentication result in this embodiment is immediately referred to while connected to the IC card connection terminal, it can be stored in the RAM.

The communication unit 130 has a function of directly performing data communication of an IC card with an external device such as an IC card connection terminal. In the case of the contact type, the connection electrode for contacting and energizing the corresponding electrode of the IC card connection terminal, and in the case of the non-contact type, the antenna for wireless communication, for example, Near Field Communication (NFC) for short-range wireless communication. , Each equipped.

The acquisition unit 140 extracts biometric information, for example, a fingerprint sensor device, by contact scanning the user's finger in the case of a one-dimensional sensor and contact holding in the case of a two-dimensional sensor to extract the pattern characteristics of the fingerprint. It has the function of Further, the biological information is not limited to this, and any user-specific information such as a vein pattern and an iris pattern, which can be acquired by the sensor provided on the card, may be used.

The display unit 150 gives visual information to the user by a single-color or a plurality of-color light emitting device, for example, an LED. It has a function of notifying the user of the state of the IC card and its change by the transition of a combination of display color, display time, display variation, and other visually identifiable information.

The power supply unit 160 supplies electric power for performing the execution processing process of the IC card. When the IC card itself is equipped with a battery, it has a function of receiving power from the IC card connection terminal through a connection electrode or a wireless antenna, respectively, as in the case of the communication unit 130.

FIG. 4 shows an example of an image of using the IC card, in which a contact-type IC card 100 having a display unit 150 by a lamp and an acquisition unit 140 by a fingerprint sensor is inserted into a card slot of an IC card connection terminal 200 by an arrow. It shows the scene where the payment process is proceeded by inserting it in the direction of. The IC card 100 does not necessarily have to be a contact type as shown in this figure, and may be a non-contact type IC card and an IC card connection terminal.

The transaction flow sequence of the payment process by the payment applet on the IC card will be described below with reference to FIG.

The card user first sets the IC card 100 on the IC card connection terminal 200 while touching the fingerprint sensor of the acquisition unit 140 with his / her finger.

Step S1001: When the IC card connection terminal 200 detects that the IC card 100 is set, it starts supplying power to the IC card 100 via the power supply unit 160, transmits a reset command to the communication unit 130, and ICs. Activate the card 100.

Step S1002: The processing unit 110 of the IC card 100 activated by the above step 1001 activates OS01, and the activated OS01 immediately selects the fingerprint applet A001 that performs fingerprint authentication on the IC card, and uses the user's fingerprint. Initiate the identity verification authentication process. At this time, it is desirable to make a transition from the extinguished state of the display unit 150, for example, by blinking the light emitting state, to notify that the fingerprint authentication process has started.

Step S1003: The selected fingerprint applet A001 acquires the fingerprint information of the user by using the acquisition unit 140, and collates it with the fingerprint information of the user himself / herself stored in the storage unit 120 in advance.

At this time, if the verification matches and the authentication is successful, the display state of the display unit 150 may be changed from the blinking state started in step S1002 to the constantly lit state, so that the finger may be released. It is desirable to inform the user.

If the collations do not match, the step S1003 can be repeated up to a predetermined upper limit of the number of trials. Also in this case, it is desirable to change the display state of the display unit 150, for example, by accelerating the blinking cycle, to prompt the user to re-input the fingerprint information.

Step S1004: The fingerprint applet A001 returns the fingerprint information collation result executed in step S1003, that is, a success flag if the collation was successful, a failure flag if the collation was unsuccessful, and any of these is returned to OS01. , End the fingerprint authentication process.

Step S1005: OS01 stores the information of either the success flag or the failure flag, which is the fingerprint information collation result obtained from the fingerprint applet A001, in the storage unit 120.

Step S2001: Subsequently, the IC card connection terminal 200 transmits a command for selecting the payment applet A002 to the IC card 100.

However, if the fingerprint verification process is still in progress at this time and the fingerprint verification result is not ready, the IC card processing unit 110 waits for the command reception until the completion of step S1005.

Step S2002: OS01 of the IC card 100 calls up the fingerprint information collation result stored in the storage unit 120.

Step S2003: OS01 returns a normal response when the fingerprint information collation result is successful and an error response when it is unsuccessful, respectively, to the IC card connection terminal 200 via the communication unit 130.

Step S2004: The IC card connection terminal 200 executes the payment transaction process using the payment applet A002 only when a normal response is returned from the IC card 100.

However, if the fingerprint information collation result is unsuccessful, the settlement applet A002 cannot be started due to the obtained error answer, and the settlement transaction process cannot be executed.

As described above, when making a payment with an IC card that has a user-specific biometric information acquisition function, the IC card connection terminal that has been used conventionally can be used as it is without new capital investment, and the biometric information as an identity verification process. It is a control method that can automatically perform authentication on the IC card side, does not violate the EMV transaction, and can operate the IC card without modifying the existing payment system including the payment applet.

In this embodiment, an example of selecting a payment applet as a transaction flow is shown, but the type of applet is not limited to this, and a living body that is executed immediately after connecting to an IC card connection terminal for all applet selections. It is a feature of the present invention to use the result of information authentication.

Further, it is a feature of the present invention that the transaction flow after the bioinformation authentication is successful and the applet is normally selected can be operated as before, which is the same as the flow without the conventional biometric information authentication.

In this embodiment, an IC card connection terminal is illustrated as a connection destination in a situation where identity verification authentication of an IC card is required, but it does not necessarily have to be a dedicated IC card connection terminal, and has an NFC function including a smartphone, for example. It can also be implemented by equipping the terminal with an application that executes communication between the host host and the IC card.

100 IC card with biometric information acquisition function 110 Processing unit 120 Storage unit 130 Communication unit 140 Acquisition unit 150 Display unit 160 Power supply unit OS01 IC card operating system A001 Fingerprint applet A002 Payment applet 200 IC card connection terminal

Claims (3)

It is a control method of an IC card that performs a usage process of the IC card based on the result of biometric information authentication performed by using the biometric information acquisition function on the IC card with a biometric information authentication function.
An acquisition method for acquiring biometric information by reading the biometric information of the user into an IC card,
An authentication means for performing biometric information authentication using the acquired biometric information, and
It has a storage means for storing the result of the biometric information authentication, and has a storage means.
When the IC card is connected to the IC card connection terminal and reset, biometric information authentication is executed prior to execution of the applet selection command from the IC card connection terminal, and the saved biometric information authentication result is used. A method for controlling an IC card, which comprises performing an execution process of the selected applet. An IC card used in the control method according to claim 1.
A processing unit that executes multiple applets including the authentication process,
A storage unit that stores multiple applets and the execution results of applets,
A communication unit that performs data communication with an IC card connection terminal,
The acquisition department that acquires the biometric information of the user,
A display showing the status of the card or authentication process,
It consists of a power supply that supplies the power needed to perform these processes.
In addition to these, the IC card is characterized by having a function of executing an applet execution process selected by the IC card connecting terminal according to the result of the biometric information authentication stored in advance. The IC card according to claim 2, wherein the storage unit stores at least the result of biometric information authentication executed prior to the execution of the applet selection command from the IC card connection terminal.

Images