JP2022017848A - Portable electronic device, ic card, and authentication management system - Google Patents

Abstract

To provide a portable electronic device, an IC card, and an authentication management system which can transfer information on the number of times of authentication in a state where legitimacy can be confirmed.SOLUTION: A portable electronic device Ca has a communication interface 25, a data memory 24, and a processor 21. The data memory 24 stores authentication number information including information on the number of times of authentication. The processor 21 transmits, in response to instructions of reading the authentication number information from a collecting device 3 communicating with the communication interface 25, information including the authentication number information protected by predetermined encryption processing to the collecting device 3.SELECTED DRAWING: Figure 3

Description

Embodiments of the present invention relate to portable electronic devices, IC cards and authentication management systems.

Conventionally, an IC card as a portable electronic device has an authentication function such as authentication of whether or not it is a legitimate card and authentication of whether or not the person who uses the card is the owner of a legitimate card. Some have a mechanism to stop the authentication function when authentication fails a predetermined number of times. Such an IC card holds the remaining number of authentication attempts or the number of authentication failures in the internal memory. The remaining number of authentication attempts that the IC card can perform is held in the internal memory of the IC card while maintaining integrity in order to prevent alteration by malicious intent.

However, it is not essential for the conventional IC card to ensure its integrity when transmitting the remaining number of authentication trials to the external device. In an authentication system using an IC card, the number of remaining authentication attempts may be sent to an external device to notify the user, etc., but the remaining number of authentication attempts is important data that should be protected outside the IC card. It was not thought that it was, so it is easy to tamper with. Therefore, there is a problem that the external device cannot acquire the information regarding the number of times of authentication executed by the IC card in a state where it is guaranteed that the information has not been tampered with.

Japanese Unexamined Patent Publication No. 2007-172431

In order to solve the above problems, the present invention provides a portable electronic device, an IC card and an authentication management system capable of transmitting information regarding the number of authentications in a state in which the validity can be confirmed.

According to embodiments, the portable electronic device has a communication interface, a memory, and a processor. The memory stores authentication count information including information about the number of authentications. The processor transmits information including the authentication count information protected by a predetermined encryption process to the tabulation device in response to an instruction to read the authentication count information from the tabulation device that communicates by the communication interface.

FIG. 1 is a diagram showing a configuration example of a billing system as an authentication management system according to an embodiment. FIG. 2 is a block diagram showing a configuration example of a service providing device in the authentication management system according to the embodiment. FIG. 3 is a block diagram showing a configuration example of an IC card as a portable electronic device according to an embodiment. FIG. 4 is a block diagram showing a configuration example of an aggregation device in the authentication management system according to the embodiment. FIG. 5 is a diagram showing an example of data stored in a data memory of an IC card as a portable electronic device according to an embodiment. FIG. 6 is a sequence for explaining an operation in which the IC card updates the authentication count information in the authentication management system according to the embodiment. FIG. 7 is a sequence for explaining an operation example in which the aggregation device aggregates the authentication count information from the IC card in the authentication management system according to the embodiment.

Hereinafter, embodiments will be described with reference to the drawings.
First, a billing system as an authentication management system according to an embodiment will be described.

FIG. 1 is a diagram schematically showing a configuration example of a billing system as an authentication management system according to an embodiment.
In the configuration example shown in FIG. 1, the billing system as an authentication management system includes a service providing device 1, an IC card 2, and an aggregation device 3.

As the authentication management system according to the present embodiment, the billing system responds to the number of authentications (number of implementations, number of successes, or number of failures) performed using the IC card 2 in order to receive the service provided by the service providing device 1. It is assumed that a business model of billing will be realized. This is because if there is a large difference in the number of authentications of the person who holds the IC card, it may be more reasonable to pay according to the number of times the authentication is performed, and such a business is also conceivable. In order to realize such a business model, the billing system according to the embodiment is a device that aggregates the number of authentications (number of implementations, number of successes, number of failures) executed by the IC card 2 in order to receive the service of the service providing device 1. 3 collects and sends billing information to the service provider by the service providing device 1 according to the number of authentications collected from the IC card 2 by the counting device.

When actually operating such a billing system, it is desired that the service providing device 1 can be realized even in an environment where the service providing device 1 is not connected to the network. In the billing system according to the present embodiment, the service providing device 1 obtains the authentication result of the IC card 2 as a portable electronic device having an authentication function such as biometric authentication even when the service providing device 1 is in an environment not connected to the network. Use to authenticate the user.

Further, since the billing system according to the actual form calculates the billing amount according to the number of authentications executed by the IC card 2, the IC card 2 securely holds the authentication number information indicating the number of authentications in the internal memory. .. The IC card 2 supplies the authentication count information held in the internal memory to the aggregation device 3 with a signature so that the information cannot be tampered with. The totaling device 3 collects the legitimate authentication count information that has not been tampered with by confirming the validity of the authentication count information from the IC card 2 by signing. As a result, the aggregation device 3 calculates the billing amount according to the collected authentication number of times information, and provides the calculated billing amount and other information to the service provider.

Next, the service providing device 1 will be schematically described.
The service providing device 1 has a device (for example, a card reader / writer) capable of communicating with an IC card 2 as a portable electronic device that executes authentication, and provides a service according to the result of authentication in the IC card 2. Is. For example, the service providing device 1 may be a traffic control device (gate control device) that opens the gate when the authentication on the IC card 2 is successful and allows the user to pass. Further, the service providing device 1 may be a device control device that activates or makes the device usable when the authentication by the IC card 2 is successful.

Next, the IC card 2 will be schematically described.
The IC card 2 is an example of a portable electronic device having a function of executing authentication. Here, the portable electronic device may be any electronic device having a function of executing authentication in response to a request from the service providing device 1 and outputting the internally held information from the totaling device 3 in response to the request. For example, the IC card 2 may be replaced with a mobile terminal such as a smartphone as another example of the portable electronic device.

In the present embodiment, the IC card 2 is provided with a biosensor (authentication information acquisition unit) 20 for acquiring biometric information as authentication information acquired from a person. For example, the biosensor 20 included in the IC card 2 is a fingerprint sensor that reads a fingerprint as an example of biometric information. In this case, the IC card 2 performs authentication (fingerprint authentication) by collating the fingerprint of a person read by the fingerprint sensor as the biometric sensor 20 with the fingerprint of the registrant registered in advance in the internal memory.

However, the authentication processing function of the IC card 2 as the portable electronic device according to the embodiment is not limited to biometric authentication using fingerprints. For example, the portable electronic device exemplified by the IC card 2 may be one that authenticates biometrics by biometric information other than fingerprints, or may be one that authenticates a user by an element other than biometric information.

Further, the IC card 2 as a portable electronic device securely stores authentication count information indicating the number of authentications such as the number of authentications performed, the number of successes, or the number of failures in the internal memory each time the authentication process is executed. save. Further, the IC card 2 according to the present embodiment has a function of transmitting the authentication count information stored in the internal memory to the aggregation device 3 in a state where the integrity is guaranteed so that the information cannot be tampered with. For example, the IC card 2 signs the information including the authentication count information and supplies the aggregation device 3.

Next, the tabulation device 3 will be schematically described.
The totaling device 3 acquires the authentication count information held by the IC card 2. For example, the totaling device 3 acquires information including the authentication number information with the signature information from the IC card 2 by a card reader / writer or the like, and acquires the authentication number information confirmed that the signature information has not been tampered with. The totaling device 3 totals the authentication count information acquired from the IC card 2. The totaling device 3 calculates the amount to be charged (charged amount) based on the aggregated authentication count information. The billing information indicating the billing amount calculated by the totaling device 3 is transmitted to the service provider who provides the service using the service providing device 1.

Next, the configuration of the control system in the service providing device 1 according to the embodiment will be described.
FIG. 2 is a block diagram schematically showing a configuration example of the service providing device 1 according to the embodiment.
In the configuration example shown in FIG. 2, the service providing device 1 includes a processor 11, a ROM 12, a RAM 13, a storage unit 14, a service providing unit 15, an interface (I / F) 16, and the like. Further, a card reader / writer 17 is connected to the interface 16.

The processor 11 is, for example, a CPU. The processor 11 executes various processes by executing a program. The ROM 12 is a non-volatile memory for storing programs, control data, and the like. The RAM 13 functions as a working memory for temporarily holding data. The storage unit 14 is a rewritable non-volatile memory. With these configurations, the processor 11 realizes various processes by executing the program stored in the ROM 12 or the storage unit 14 using the RAM 13.

The service providing unit 15 is a device for executing an operation (control) provided by the service providing device 1. For example, if the service providing device 1 is a traffic control device (gate control device), the service providing unit 15 may be configured by a gate drive mechanism that drives the gate in response to an instruction from the processor 11. Further, if the service providing device 1 is a device control device that controls the operation or use of a certain device, the service providing unit 15 activates or can use the device to be controlled in response to an instruction from the processor 11. It may be configured with a device for device control.

The interface 16 is connected to the card reader / writer 17. The processor 11 connects to the card reader / writer 17 via the interface 16. The interface 16 may be configured by a communication device that communicates with an external device including a card reader / writer 17.

The card reader / writer 17 is a device (communication device) for communicating with the IC card 2. The processor 11 communicates with the IC card 2 by using the card reader / writer 17 connected to the interface 16. The card reader / writer 17 is configured by an interface corresponding to the communication method of the IC card 2. For example, when the IC card 2 is a contact type IC card, the card reader / writer 17 is composed of a contact portion for physically and electrically connecting to the contact portion of the IC card 2. When the IC card 2 is a non-contact type IC card, the card reader / writer 17 is composed of an antenna for performing wireless communication with the IC card 2 and communication control.

The card reader / writer 17 performs power supply, clock supply, reset control, and data transmission / reception to the IC card 2. After activating (activating) the IC card 2, the card reader / writer 17 transmits various commands based on the control of the processor 11 and receives responses to the transmitted commands. That is, the processor 11 has a function of transmitting a command to the IC card 2 by the card reader / writer 17 via the interface 16 and performing various processes based on the data received from the IC card 2. For example, the processor 11 transmits an authentication execution command to the IC card 2 by the card reader / writer 17, and acquires the authentication result executed in the IC card from the IC card 2.

Next, the configuration of the control system in the IC card 2 as the portable electronic device according to the embodiment will be described.
FIG. 3 is a block diagram showing a configuration example of an IC card 2 as a portable electronic device according to an embodiment.
The IC card 2 is an example of a portable electronic device that is activated (becomes operable) by electric power supplied from an external device. The IC card 2 is also referred to as a smart card. As shown in FIG. 2, the IC card 2 has a main body C. The main body C is formed in a card shape by plastic or the like. The IC card 2 has a module M and a biosensor 20 in the main body C. For example, the module M is integrally formed with a communication interface connected to one or a plurality of IC chips, and is embedded in the main body C. In the configuration example shown in FIG. 2, the module M has a processor 21, a ROM 22, a RAM 23, a data memory 24, and a communication interface 25, and a biosensor 20 is connected to the module M.

The processor 21 includes a circuit that executes various processes. The processor 21 is, for example, a CPU (Central Processing Unit). The processor 21 controls the entire IC card 2. The processor 21 realizes various processing functions by executing a program stored in the ROM 22 or the data memory 24. However, some or all of the various functions executed by the processor 21, which will be described later, may be realized by a hardware circuit.

The ROM 22 is a non-volatile memory that functions as a program memory. The ROM 22 stores a control program, control data, and the like in advance. The ROM 22 is incorporated in the IC card 2 in a state where a control program, control data, and the like are stored in the manufacturing stage. The control program and control data stored in the ROM 22 are incorporated in advance according to the specifications of the IC card 2. For example, the ROM 22 stores a program for the processor 21 to execute a process corresponding to a command received from an external device (card reader / writer).

The RAM 23 is a volatile memory that functions as a working memory. The RAM 23 also functions as a buffer for temporarily storing data and the like being processed by the processor 21. For example, the RAM 23 functions as a communication buffer for temporarily storing data transmitted to and received from an external device via the communication interface 25.

The data memory 24 is a non-volatile memory capable of writing and rewriting data. The data memory 24 is composed of, for example, EEPROM (registered trademark) (Electrically Erasable Programmable Read Only Memory) or the like. A program and various data corresponding to the operational use of the IC card 2 are written in the data memory 24. A program file, a data file, or the like is defined in the data memory 24, and a control program and various data are written in these files. Further, in the data memory 24, a part or all of the area has tamper resistance, and data can be securely stored.

For example, the data memory 24 stores the authentication program for the processor 21 to execute the authentication process and the authentication data of the legitimate user (registrant) as the data for executing the authentication. When the IC card 2 executes biometric authentication using a fingerprint, the data memory 24 stores the fingerprint authentication program and the registrant's fingerprint data (registrant's biometric information). The registrant's fingerprint data is a fingerprint image or fingerprint feature data for collating with the fingerprint information acquired by the fingerprint sensor as the biological sensor 20. Further, fingerprint data may be registered in the data memory 24 for each of a plurality of fingers for one registrant. Further, when one IC card 2 is used by a plurality of users, the fingerprint data of a plurality of registrants who are legitimate users may be registered in the data memory 24.

Further, in the data memory 24, a program for transmitting the authentication result to the service providing device 1, a program for storing the authentication count information, a program for transmitting the saved authentication count information to the aggregation device 3, and a predetermined program. It also stores programs for digitally signing using encryption methods.

The communication interface 25 has a communication control unit and an interface unit, and constitutes a communication unit. The communication interface 25 is an interface for communicating and connecting to the service providing device 1 and the totaling device 3 as external devices. The communication interface 25 realizes a communication function by a communication method corresponding to the interface of the external device. Further, the communication interface 25 may be configured to support a plurality of communication methods (for example, contact communication and non-contact communication).

When the IC card 2 is realized as a contact type IC card, the communication interface 25 constitutes a communication unit that contacts and communicates with an external device. In this case, the communication interface 25 includes a contact portion that physically and electrically contacts the contact portion provided in the card reader / writer of the external device, and is provided with a communication control circuit that controls transmission / reception of a signal via the contact portion. It is composed.

When the IC card 2 is realized as a non-contact type IC card, the communication interface 25 constitutes a communication unit that communicates non-contact (wirelessly) with a card reader / writer of an external device. In this case, the communication interface 25 includes an antenna for transmitting and receiving radio waves, and is composed of a modulation circuit for generating radio waves transmitted from the antenna, a demodulation circuit for generating signals from the radio waves received by the antenna, and the like.

The biosensor 20 is an example of an authentication information acquisition unit that acquires authentication information. The biosensor 20 is a sensor that acquires biometric information of a person as authentication information used in the authentication process. For example, the biosensor 20 is a fingerprint sensor that reads a user's fingerprint information (fingerprint image). The fingerprint sensor as the biological sensor 20 is provided so that a sensor for reading the fingerprint is exposed on the surface of the card body C, and reads the fingerprint of a person's finger held over the exposed sensor portion. Further, the biosensor 20 is not limited to the fingerprint sensor, and may acquire biometric information other than the fingerprint. Further, the IC card 2 as a portable electronic device according to the present embodiment may have a configuration for acquiring authentication information from a person, and may include authentication information other than the biometric information instead of the biosensor 20. It may be a thing.

The processor 21 executes biometric authentication using the biometric information acquired by the biometric sensor 20 by executing a program for authentication processing. For example, the processor 21 extracts a fingerprint image from the image read by the fingerprint sensor as the biometric sensor 20, the fingerprint image extracted from the image read by the fingerprint sensor, and the fingerprint image of the registrant registered in the data memory 24 ( Alternatively, fingerprint authentication is performed by collating with the fingerprint feature data).

Next, the configuration of the control system in the tabulation device 3 according to the embodiment will be described.
FIG. 4 is a block diagram schematically showing a configuration example of the aggregation device 3 according to the embodiment.
In the configuration example shown in FIG. 4, the aggregation device 3 includes a processor 31, a ROM 32, a RAM 33, a storage unit 34, a communication unit 35, an interface (I / F) 36, and the like. A card reader / writer 37 is connected to the interface 36.

The processor 31 is, for example, a CPU. The processor 31 executes various processes by executing a program. The ROM 32 is a non-volatile memory for storing programs, control data, and the like. The RAM 33 functions as a working memory for temporarily holding data. The storage unit 34 is a rewritable non-volatile memory. With these configurations, the processor 31 realizes various processes by executing a program stored in the ROM 32 or the storage unit 34 using the RAM 33. Further, the communication unit 35 is a communication interface for communicating with an external device.

The interface 36 is connected to the card reader / writer 37. The processor 31 connects to the card reader / writer 37 via the interface 36. The interface 36 may be configured by a communication device that communicates with an external device including a card reader / writer 37. Further, the interface 36 may be configured to connect a plurality of card reader / writers 37.

The card reader / writer 37 is a device for communicating with the IC card 2. The processor 31 communicates with the IC card 2 by using the card reader / writer 37 connected to the interface 36. The card reader / writer 37 is configured by an interface corresponding to the communication method of the IC card 2. For example, when the IC card 2 is a contact type IC card, the card reader / writer 37 is composed of a contact portion for physically and electrically connecting to the contact portion of the IC card 2. When the IC card 2 is a non-contact type IC card, the card reader / writer 37 is composed of an antenna for performing wireless communication with the IC card 2 and communication control.

The card reader / writer 37 performs power supply, clock supply, reset control, and data transmission / reception to the IC card 2. After activating (activating) the IC card 2, the card reader / writer 37 transmits various commands and receives responses to the transmitted commands based on the control of the processor 31. That is, the processor 31 has a function of transmitting a command to the IC card 2 by the card reader / writer 37 and performing various processes based on the data received from the IC card 2. For example, the processor 31 transmits an instruction to read the authentication count information to the IC card 2 via the card reader / writer 37. In response to this, the IC card 2 reads the authentication count information held in the internal data memory 24, signs the information including the read authentication count information, and transmits (responds) to the card reader / writer 37. As a result, the processor 31 acquires information including the signed authentication count information received from the IC card 2 by the card reader / writer 37.

In the present embodiment, the totaling device 3 will be described as a device having a reading function for reading the authentication count information from the IC card 2 and a totaling function for totaling the authentication count information read by the reading function. , May be realized as an aggregation system composed of a plurality of devices. For example, the totaling device 3 is realized as a totaling system including one or a plurality of reading devices including a card reader / writer 37 that reads authentication count information from the IC card 2 and a totaling server that acquires data from each reading device. Is also good.

Next, the information held in the data memory 24 by the IC card 2 according to the embodiment will be described.
FIG. 5 is a diagram showing key information and authentication count information stored in the secure storage area of the data memory 24 of the IC card 2.
As shown in FIG. 5, the data memory 24 of the IC card 2 stores the key information and the authentication count information in a secure storage area.
The key information is a key for generating signature information. The key information may be a private key used in the public key cryptosystem or a secret key used in the common key system. In the present embodiment, when the processor 21 transmits the authentication count information to the aggregation device 3, the processor 21 generates the signature information by signing using the key information.

The authentication count information is information indicating the number of authentications performed by the IC card 2 in response to a request from the service providing device 1. The authentication count information may include the number of times of authentication (number of times of execution) as the number of times of authentication, or may include the number of times of successful authentication (number of successful times), and the authentication may be performed. It may include the number of failures (number of failures).

The authentication count information is updated each time authentication is executed. For example, in the authentication count information, the number of times of authentication is accumulated every time the authentication is executed, or the number of times of successful authentication is accumulated every time the authentication is successful. Further, the authentication count information may include information obtained by accumulating the number of authentications for each predetermined period. Further, in the case where a plurality of service providing devices 1 exist in the entire billing system, the authentication count information is information obtained by accumulating the number of authentications for each service providing device 1 (information indicating the number of authentications for each device). It may be included. The authentication count information may be reset when it is transmitted to the aggregation device 3.

Next, an operation of updating the authentication count information according to the result of the authentication executed by the IC card 2 according to the present embodiment in response to the request from the service providing device 1 will be described.
FIG. 6 is a sequence for explaining an operation example in which the authentication count information is updated according to the result of the authentication executed by the IC card 2 in response to the authentication execution command from the service providing device 1.
The service providing device 1 provides a service to the user when the authentication on the IC card 2 presented by the user is successful. As shown in the configuration example described above, the service providing device 1 is connected to a card reader / writer 17 for communicating with the IC card 2 as a portable electronic device.

When the processor 11 of the service providing device 1 detects the user or the IC card 2 as a portable electronic device possessed by the user, the processor 11 starts communication with the IC card 2 by the card reader / writer 17 via the interface 16. S11). When the processor 11 of the service providing device 1 starts communication with the IC card 2 by the card reader / writer 17, an authentication execution command is transmitted to the IC card 2 (S12).

The IC card 2 receives an authentication execution command from the card reader / writer 17 connected to the service providing device 1 by the communication interface 25. When the processor 21 of the IC card 2 receives the authentication execution command by the communication interface 25, the processor 21 acquires the user's biometric information (fingerprint information) as the authentication information by the biosensor 20 (S13). When the biometric information as the user's authentication information is acquired, the processor 21 executes biometric authentication using the acquired biometric information and the registrant's biometric information as the registrant's authentication data stored in the data memory 24.

When the biometric authentication is completed, the processor 21 updates the authentication count information held in the data memory 24 according to the authentication result (S15). For example, when biometric authentication is successful, the processor 21 updates the authentication number information by adding the number of times of authentication stored in the data memory 24 and the number of times of successful authentication.

Further, the processor 21 generates transmission data including information indicating the authentication result as response data to the authentication execution instruction. When the response data including the authentication result is generated, the processor 21 transmits the generated response data to the card reader / writer 17 connected to the service providing device 1 by the communication interface 25 (S16).

The processor 11 of the service providing device 1 acquires the response data from the IC card 2 received by the card reader / writer 17 via the interface 16 and executes an operation according to the authentication result included in the response data (S17). When the information indicating the success of the authentication is acquired as the authentication result, the processor 11 of the service providing device 1 executes an operation of providing the service to the user by using the service providing unit 15. Further, when the information indicating the success of the authentication is acquired as the authentication result, the service providing device 1 notifies the alarm indicating that the authentication has failed and prevents the service from being provided to the user.

For example, if the service providing device 1 is a traffic control device (gate control device), when the processor 11 acquires information indicating authentication success, the gate drive mechanism as the service providing unit 15 opens the gate and the user. If the information indicating authentication failure is obtained, the gate is closed and the user is prohibited from passing. Further, if the service providing device 1 is a device control device, the service providing unit 15 activates the device to be controlled or puts it in a usable state when the information indicating the authentication success is acquired, and indicates the authentication failure. When the information is acquired, the device to be controlled is disabled.

According to the above operation, the IC card 2 executes authentication by fingerprint (biological information) from the service providing device 1 in response to an authentication execution command. The IC card 2 updates the authentication count information indicating the number of times of authentication, the number of successes, the number of failures, and the like based on the result of the authentication executed from the service providing device 1 in response to the authentication execution command. As a result, even when the service providing device 1 is not connected to a network or the like, the authentication number information indicating the number of times of authentication by the authentication execution command from the service providing device 1 can be securely stored in the IC card 2.

Next, an operation in which the aggregation device 3 according to the present embodiment collects authentication count information from the IC card 2 will be described.
FIG. 7 is a sequence for explaining an operation example in which the aggregation device 3 acquires authentication count information from the IC card 2 and calculates the billing amount based on the certification count information.
The totaling device 3 uses the card reader / writer 37 to acquire authentication count information from the IC card 2 possessed by the user. When the IC card 2 is presented at a predetermined position, the card reader / writer 37 starts communication with the IC card 2 (S31). When the card reader / writer 37 connected via the interface 36 starts communication with the IC card 2, the processor 31 of the totaling device 3 transmits an instruction to read the authentication count information to the IC card 2 (S32).

The IC card 2 receives an instruction to read authentication count information from the card reader / writer 37 by the communication interface 25. When the processor 21 of the IC card 2 receives the instruction to read the authentication count information by the communication interface 25, the processor 21 reads the authentication count information stored in the data memory 24 (S33). When the processor 21 reads the authentication count information, the processor 21 signs the read authentication count information with the private key held in the data memory 24, and obtains the signature information (S34). When the signature information is generated, the processor 21 generates transmission data (response data to the read instruction) including the authentication count information and the signature information as a response to the read instruction (S35). When the response data (transmission data) is generated, the processor 21 transmits the response data to the card reader / writer 37 connected to the aggregation device 3 by the communication interface 25 (S36).

The processor 31 of the totaling device 3 acquires the response data to the read command from the IC card 2 received by the card reader / writer 37 via the interface 36. When the response data to the read command is acquired, the processor 31 confirms that the response data has not been tampered with by using the signature information and the public key included in the response data from the IC card 2 (S37).

After confirming that the response data has not been tampered with, the processor 31 acquires the authentication count information included in the transmission data from the IC card 2. When the authentication count information is acquired, the processor 31 calculates the billing amount based on the acquired authentication count information, and generates billing information including the calculated billing amount (S38). For example, the processor 31 calculates the billing amount according to the billing table for determining the billing amount according to the number of authentications (the number of executions, the number of successes, the number of failures) stored in the storage unit 34, and the IC card 1 Generates billing information including information indicating the billing amount associated with the information indicating the user (registrant) of.

When the billing information is generated, the processor 31 transmits the generated billing information to the service provider (S39). For example, it is assumed that the destination of the service provider is set in advance and is stored in the storage unit 34 or the like. The processor 31 transmits the generated billing information to the destination of the set service provider. Further, the processor 31 may store the billing information in the storage unit 34 and supply it to the service provider at a predetermined timing.

According to the operation example as described above, the aggregation device can request the authentication count information from the IC card at any time, and even if it is not connected online to the service providing device, it responds to the request from the service providing device. It is possible to acquire authentication count information indicating the number of authentications performed by the IC card. In addition, the IC card securely holds the authentication count information indicating the number of authentications performed by the IC card in response to the request from the service providing device in the internal memory, and the authentication count information in response to the request from the aggregation device. Is sent with a signature.
As a result, the IC card can supply the authentication count information to be held to the aggregation device so as not to be tampered with. In addition, the totaling device can correctly grasp the authentication count information held by the IC card without being tampered with, and can legitimately charge according to the number of authentications and the like.

The functions described in each of the above-described embodiments are not limited to being configured using hardware, and can also be realized by loading a program describing each function using software into a computer. Further, each function may be configured by appropriately selecting either software or hardware.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and variations thereof are included in the scope and gist of the invention, and are also included in the scope of the invention described in the claims and the equivalent scope thereof.

1 ... Service providing device, 2 ... IC card (portable electronic device), C ... Main body, M ... Module, 3 ... Aggregating device, 20 ... Biosensor (authentication information acquisition unit, fingerprint sensor), 21 ... Processor, 22 ... ROM, 23 ... RAM, 24 ... data memory (memory), 25 ... communication interface, 31 ... processor, 35 ... communication unit (communication interface), 36 ... interface, 40 ... card reader / writer (communication device).

Claims (11)

Communication interface and
A memory that stores authentication count information, including information about the number of authentications,
A processor that transmits information including the authentication count information protected by a predetermined encryption process to the tabulation device in response to a command to read the authentication count information from the tabulation device that communicates by the communication interface.
Portable electronic device with. In addition, it has an authentication information acquisition unit that acquires authentication information.
The processor updates the authentication count information stored in the memory every time the authentication information acquisition unit performs authentication in response to an authentication execution command from a service providing device that communicates with the communication interface. ,
The portable electronic device according to claim 1. The authentication information acquisition unit is a biosensor that acquires biometric information.
The portable electronic device according to claim 2. The biosensor is a fingerprint sensor that acquires fingerprint information.
The portable electronic device according to claim 3. The memory stores key information and
The processor generates signature information in which the authentication count information is signed with the key information as the predetermined encryption process, and transmits information including the authentication count information and the signature information to the aggregation device.
The portable electronic device according to any one of claims 1 to 4. The authentication count information is information including the number of times of authentication.
The portable electronic device according to any one of claims 1 to 5. The authentication count information is information including the number of successful authentications.
The portable electronic device according to any one of claims 1 to 6. The authentication count information is information including the number of authentication failures.
The portable electronic device according to any one of claims 1 to 7. Communication interface and
A memory that stores authentication count information, including information about the number of authentications,
It has an authentication information acquisition unit that acquires authentication information, and has an authentication information acquisition unit.
The authentication count information stored in the memory is updated every time the authentication by the authentication information acquired by the authentication information acquisition unit is executed in response to the authentication execution command from the service providing device communicating by the communication interface, and the communication interface is used. A processor that transmits information including the authentication count information protected by a predetermined encryption process to the tabulation device in response to a command to read the authentication count information from the tabulation device communicated by
A module having the communication interface, the memory, the authentication information acquisition unit, and the processor.
The main body having the module and
IC card with. An authentication management system that has a portable electronic device and an aggregation device.
The portable electronic device is
Communication interface and
A memory that stores authentication count information, including information about the number of authentications,
It has a first processor that transmits information including the authentication count information protected by a predetermined encryption process to the tabulation device in response to a read command of the authentication count information from the tabulation device that communicates by the communication interface. ,
The totaling device is
An interface for connecting a communication device to the portable electronic device,
An instruction to read authentication count information is output to the portable electronic device via a communication device connected to the interface, and information including the authentication count information protected by a predetermined encryption process for the read command is carried. It has a second processor, which is obtained from a possible electronic device.
Authentication management system. The second processor of the aggregation device responds to the number of authentications indicated by the authentication number information after confirming the validity of the authentication number information protected by the predetermined encryption process acquired from the portable electronic device. To calculate the billing amount,
The authentication management system according to claim 10.

Images