JP2022145432A - Remote issuance system and data generation server - Google Patents

Abstract

To provide a remote issuance system configured to implement convenient issuance procedures while ensuring high security, and a data generation server.SOLUTION: A remote issuance system includes a mobile electronic device and a data generation server. The mobile electronic device includes a biometric sensor, a memory, a communication interface, and a first processor. The first processor generates authentication data when biometric authentication is successful, outputs the authentication data and PUF data unique to the mobile electronic device to a reader-writer, and executes issuance processing based on issuance data corresponding to the authentication data supplied from the reader-writer. The data generation server includes an interface and a second processor. The second processor generates, when the PUF data included in an issuance request exists in a PUF storage, issuance data to cause the mobile electronic device to execute the issuance processing.SELECTED DRAWING: Figure 1

Description

Embodiments of the present invention relate to remote publishing systems and data generation servers.

Conventionally, an IC card, which is a portable electronic device, requires a procedure of secondary issuance in which information for operating as a credit card or the like is written by an operating organization so that the IC card can be used. Also, when adding a new function to the IC card, a predetermined procedure by the operating organization is required.

Conventionally, the secondary issuance of IC cards and the addition of functions are performed using a dedicated issuing machine after the user's identity has been verified by an operating institution or a staff member of a store handling the IC card using a public certificate or the like. In this kind of operation, the user himself/herself goes to a designated place such as an operating institution or a store, or a person in charge of the designated place goes to the designated place in order to carry out the procedures for issuance processing such as secondary issuance and addition of functions to the IC card. I need to check.

On the other hand, in recent years, even in portable electronic devices such as IC cards, there has been concern about illegal use of counterfeit products and illegally distributed products. Even for devices such as IC cards with biometric authentication that are expected to have a high degree of security, there is a possibility that counterfeits and counterfeit products can be easily obtained. Ability to perform various procedures is required.

JP 2016-167201 A

An object of the present invention is to provide a remote issuing system and a data generation server capable of realizing highly convenient issuing processing procedures while maintaining a high degree of security.

According to embodiments, a remote publishing system includes a portable electronic device and a data generation server. The portable electronic device has a biosensor, a memory, a communication interface and a first processor. A biosensor acquires biometric information. The memory includes a storage area for storing user's biometric information. The communication interface communicates with the reader/writer. The first processor generates authentication data for issuing processing in the portable electronic device when biometric authentication by matching biometric information acquired by the biosensor and biometric information stored in the memory is successful, and generates authentication data. and the PUF data specific to the portable electronic device are output to the reader/writer, and the issuing process is executed based on the issuance data corresponding to the authentication data supplied from the reader/writer. The data generation server has an interface and a second processor. The interface connects to a PUF storage that stores PUF data of a portable electronic device capable of publishing processing. When an issuance request including authentication data and PUF data generated by the portable electronic device is input, the second processor, if the PUF data included in the issuance request is registered in the PUF storage, Based on the application data and the authentication data relating to the issuing process, issuing data for causing the portable electronic device to execute the issuing process is generated.

FIG. 1 is a diagram schematically showing a configuration example of an IC card issuing system as a remote issuing system according to an embodiment. FIG. 2 is a block diagram showing a configuration example of an IC card issued by an IC card issuing system as a remote issuing system according to the embodiment. FIG. 3 is a block diagram showing a configuration example of a mobile terminal in an IC card issuing system as a remote issuing system according to the embodiment. FIG. 4 is a block diagram showing a configuration example of a contract management server in the IC card issuing system as the remote issuing system according to the embodiment. FIG. 5 is a block diagram showing a configuration example of a data generation server in the IC card issuing system as the remote issuing system according to the embodiment. FIG. 6 is a sequence for explaining an operation example of an application procedure in the IC card issuing system as the remote issuing system according to the embodiment. FIG. 7 is a sequence for explaining an operation example of the issuing procedure in the IC card issuing system as the remote issuing system according to the embodiment. FIG. 8 is a sequence for explaining an operation example of the issuing procedure in the IC card issuing system as the remote issuing system according to the embodiment.

Hereinafter, embodiments will be described with reference to the drawings.
First, an IC card issuing system 1 as a remote issuing system according to the embodiment will be described.

FIG. 1 is a diagram schematically showing a configuration example of an IC card issuing system 1 as a remote issuing system according to an embodiment.
In the configuration example shown in FIG. 1, an IC card issuing system 1 has an IC card 2, a user terminal 3, a data management system 4, and an issue control system 5. FIG.

The IC card 2 is an example of a portable electronic device having a function of performing biometric authentication. The IC card 2 according to the embodiment includes a biosensor 20 for acquiring biometric information as authentication information acquired from a person. For example, the biometric sensor 20 included in the IC card 2 is a fingerprint sensor that reads a fingerprint as an example of biometric information. The IC card 2 equipped with a fingerprint sensor 20 as a biosensor compares the fingerprint of a person read by the fingerprint sensor with the fingerprint of a registrant (user, card holder) pre-registered in the memory of the IC card 2 to Perform fingerprint authentication (biometric authentication) as identity verification.

Also, the IC card 2 as a portable electronic device according to this embodiment has a function of outputting PUF (Physically Unclonable Function) data as unique individual device information. A PUF indicates information (ID) unique to an object from variations in the physical characteristics of the object, such as variations in the silicon crystal pattern of a semiconductor chip. Assume that the PUF data is obtained from an electronic circuit included in the IC card 2, such as an IC chip. Since PUFs are caused by variations in individual devices that make up an electronic circuit, even if circuit patterns are illegally duplicated, PUFs themselves are difficult to duplicate. The PUF data is unique information for each individual IC card 2 .

In this embodiment, the IC card 2 is assumed to be a fingerprint sensor card having a function of performing biometric authentication using a fingerprint as biometric information. However, the IC card 2 as a portable electronic device according to the embodiment is not limited to performing fingerprint (biometric) authentication using a fingerprint as biometric information. For example, the portable electronic device exemplified by the IC card 2 may perform biometric authentication using biometric information other than fingerprints.

The user terminal 3 is an information processing device owned by a user. The user terminal 3 is, for example, a smart phone, a tablet PC, a personal computer, or the like. The user terminal 3 is operated by the user himself/herself, and may include a card reader/writer that communicates with the IC card 2 and a communication unit that communicates with the servers 4A and 5A via a network such as the Internet. . Further, the user terminal 3 may be provided with an interface for connecting to a card reader/writer as an external device instead of being provided with a card reader/writer that communicates with the IC card 2 .

The data management system 4 is a system that remotely accepts applications for issue processing (secondary issue, function addition, etc.) in the IC card held by the user. The data management system 4 has a contract management server 4A and a data storage 4B. The contract management server 4A is composed of a server device. The data storage 4B is a device including a storage device accessible from the contract management server 4A. The contract management server 4A has a function of accessing the data storage 4B, a function of communicating with the user terminal 3 via the Internet, and a function of communicating with the data generation server 5A of the issuance control system 5. FIG.

The contract management server 4A communicates with the user terminal 3 owned by the user, and acquires application data related to the issuing process (contract) for the IC card held by the user from the user terminal 3 . Here, the issuance processing for the IC card includes secondary issuance or function addition. The secondary issuance of an IC card is a process including a process (personalization) of writing personal data or the like into an IC card given to a user (card holder) by an issuer. Function addition is a process of adding an application or the like to the IC card. For example, function addition includes a process of adding an applet to an IC card as a Java Card (registered trademark).

After acquiring the application data from the user terminal 3, the contract management server 4A issues a contract ID if a contract can be made with the application content based on the application data from the user terminal 3. FIG. When a contract ID is issued, the contract management server 4A notifies the user terminal 3 that issued the contract ID, and stores the application data associated with the contract ID and the PUF data of the IC card 2 possessed by the cardholder in the data storage 4B. . In addition, the contract management server 4A, in response to an inquiry about application data based on the contract ID from the data generation server 5A in the issuance control system 5, stores application data and PUF data corresponding to the contract ID stored in the data storage 4B. I will provide a.

The issuance control system 5 is a system for executing issuance processing (secondary issuance or function addition) for a remote IC card. The issue control system 5 has a data generation server 5A, an HSM (Hardware Security Module) 5B, and a PUF storage 5C.

The data generation server 5A is composed of a server device. The HSM 5B is a device that securely stores key information and performs cryptographic processing using the key information. The HSM 5B stores key information corresponding to the key information held by the IC card 2 that enables remote issuing processing in the IC card issuing system 1 . The PUF storage 5C is a storage device that holds PUF data of an IC card that enables remote issuing processing in the IC card issuing system 1 . In the PUF storage 5C, for example, the PUF data of the IC card 2 issued (manufactured) by the official manufacturer of the IC card to be executed in the issuing process in the IC card issuing system 1 is registered.

The data generation server 5A has a function of accessing the HSM 5B, a function of accessing the PUF storage 5C, a function of communicating with the user terminal 3 via the Internet, and a function of communicating with the contract management server 4A of the data management system 4.

The data generation server 5A performs secure communication with the IC card 2 via the user terminal 3 using the key stored in the HSM 5B and the encryption processing function. The data generation server 5A acquires from the user terminal 3 an issuance request including the card authentication data generated by the IC card 2 using the key information and the contract ID.

The data generation server 5A acquires application data and PUF data managed by the contract management server 4A of the data management system 4 in response to an issuance request from the user terminal 3. FIG. The data generation server 5A checks whether the PUF data included in the issuance request is registered in the PUF storage and whether the PUF data included in the issuance request matches the PUF data obtained together with the application data from the contract management server 4A. do.

After confirming that the PUF data included in the issuance request is registered in the PUF storage and matches the PUF data acquired at the time of application, the data generation server 5A performs the issuance process for the IC card based on the application data. generate the issuance data for The data generation server supplies the user terminal 3 after processing the issued data based on the application data using the key information stored in the HSM 5B.

Next, the configuration of the control system in the IC card 2 as the portable electronic device according to the embodiment will be described.
FIG. 2 is a block diagram showing a configuration example of the IC card 2 as a portable electronic device according to the embodiment.
The IC card 2 is an example of a portable electronic device that is activated (becomes operable) by power supplied from an external device. The IC card 2 is also called a smart card. As shown in FIG. 2, the IC card 2 has a main body C. As shown in FIG. The main body C is formed in a card shape from plastic or the like. A control module M is embedded in the main body C of the IC card 2 . The control module M is integrally formed with a communication interface connected to one or more IC chips.

In the configuration example shown in FIG. 2 , the control module M has a processor 21 , ROM 22 , RAM 23 , data memory 24 and communication interface 25 . In the body C of the IC card 2, the control module M is connected to a display 26 and a fingerprint sensor 27 as a biosensor.

Processor 21 includes circuitry that performs various processes. The processor 21 is, for example, a CPU (Central Processing Unit). The processor 21 controls the IC card 2 as a whole. Processor 21 implements various processing functions by executing programs stored in ROM 22 or data memory 24 . However, some or all of various functions executed by the processor 21, which will be described later, may be realized by hardware circuits.

The ROM 22 is a non-volatile memory that functions as a program memory. The ROM 22 stores control programs and control data in advance. The ROM 22 is incorporated in the IC card 2 in a state in which control programs, control data, etc. are stored in the manufacturing stage. Control programs and control data stored in the ROM 22 are incorporated in advance according to the specifications of the IC card 2 . For example, the ROM 22 stores a program for causing the processor 21 to execute a process according to a command received from an external device (card reader/writer).

A RAM 23 is a volatile memory that functions as a working memory. The RAM 23 also functions as a buffer that temporarily stores data being processed by the processor 21 . For example, the RAM 23 functions as a communication buffer that temporarily stores data transmitted/received to/from an external device via the communication interface 25 .

The data memory 24 is a non-volatile memory in which data can be written and rewritten. The data memory 24 is, for example, an EEPROM (registered trademark) (Electrically Erasable Programmable Read Only Memory). The data memory 24 is written with programs and various data according to the application of the IC card 2 . Program files, data files, etc. are defined in the data memory 24, and control programs and various data are written in these files. In addition, the data memory 24 has tamper resistance in part or all of its area, and can store data securely.

The data memory 24 has a first storage area 24a for storing key information, a second storage area 24b for storing biometric information, and a third storage area 24c for holding PUF data. The first storage area 24a is a tamper-resistant memory capable of securely storing data. In the first storage area 24a, key information is written in the processing (primary issuance) for making the IC card 2 usable. In this IC card issuing system 1, the key information corresponding to the key information written in the first storage area 24a of the IC card 2 that has been primarily issued is stored in the HSM 5B of the issuing control system 5. FIG.

Also, the second storage area 24b stores biometric information of the user who is the owner of the IC card 2. FIG. For example, it is assumed that the IC card 2 is a fingerprint sensor card that performs biometric information using a fingerprint as biometric information. If the IC card 2 is a fingerprint sensor card, the second storage area 24b of the IC card 2 is written with fingerprint information as biometric information of the user who is the owner. In the present embodiment described below, the IC card 2 has the fingerprint information as the user's biometric information written in the second storage area before executing the secondary issuance or function addition. Assuming you have it.

PUF data is stored in the third storage area 24c. The PUF data stored in the third storage area 24c is an example of identification information unique to the IC card 2. FIG. The PUF data stored in the third storage area 24c is information obtained from an electronic circuit (such as an IC chip) existing within the IC card 2. FIG. For example, it is assumed that the PUF data is stored in the third storage area when the IC card 2 is manufactured.

The PUF data is not limited to being stored in advance in the data memory 24, and may be acquired by the processor 21 in the application procedure and the issuing procedure. For example, instead of storing the PUF data in the data memory 24, the IC card 2 may be provided with a PUF circuit as hardware for outputting the PUF data. In this case, the processor 21 may acquire PUF data from the PUF circuit.

The communication interface 25 has a communication control section and an interface section, and constitutes a communication section. The communication interface 25 is an interface for communication connection with a card reader/writer (RW) provided in the user terminal 3 or a card reader/writer connected to the user terminal 3 via an interface. The communication interface 25 realizes a communication function by a communication method compatible with the interface of the card RW. Also, the communication interface 25 may be configured to support a plurality of communication methods (for example, contact communication and non-contact communication).

When the IC card 2 is implemented as a contactless IC card, the communication interface 25 communicates contactlessly (wirelessly) with the card RW provided in the user terminal 3 or with the card RW connected to the user terminal 3 via an interface. Configure a communication unit for communication. In this case, the communication interface 25 includes an antenna for transmitting and receiving radio waves, and includes a modulation circuit for generating radio waves to be transmitted from the antenna and a demodulation circuit for generating a signal from the radio waves received by the antenna.

Further, when the IC card 2 is implemented as a contact type IC card, the communication interface 25 contacts and communicates with the card RW provided in the user terminal 3 or the card RW connected to the user terminal 3 via an interface. Configure the communication part. In this case, the communication interface 25 includes a contact portion that physically and electrically contacts the contact portion provided on the card RW, and is configured by a communication control circuit or the like that controls transmission and reception of signals via the contact portion.

The biosensor 20 is an example of an authentication information acquisition unit that acquires authentication information. The biosensor 20 is a sensor that acquires biometric information of a person as authentication information used for authentication processing. In this embodiment, the biosensor 20 is assumed to be a fingerprint sensor that reads the fingerprint information (fingerprint image) of the user. A fingerprint sensor as the biosensor 20 is provided so that a sensor for reading a fingerprint is exposed on the surface of the card body C, and reads the fingerprint of a person's finger held over the exposed sensor portion. Fingerprint authentication is performed by comparing the fingerprint information read by the biosensor 20 with the fingerprint information stored in the second storage area 24b of the data memory 24. FIG.

The biometric sensor 20 is not limited to a fingerprint sensor, and may be a sensor that acquires biometric information other than fingerprints (eg, palm print, vein, iris, etc.). When equipped with a sensor that acquires biometric information other than fingerprints, the IC card 2 has a function of performing biometric authentication corresponding to the biometric information acquired by the sensor (for example, an IC chip that performs palmprint collation, vein collation, iris collation, etc.). should be prepared.

Next, the configuration of the user terminal 3 in the IC card issuing system 1 according to the embodiment will be described.
FIG. 3 is a block diagram showing a configuration example of the user terminal 3 in the IC card issuing system 1 according to the embodiment.
The user terminal 3 is an electronic device on which various application programs are executed on an operating system (OS). The user terminal 3 may be an electronic device used by a user as a card holder holding the IC card 2 . For example, the user terminal 3 is a mobile terminal including a card RW such as a smart phone, a tablet terminal, or a mobile phone, or a mobile terminal including an interface for connecting the card RW. Also, the user terminal 3 may be a personal computer (PC) provided with the card RW or a PC provided with an interface for connecting the card RW.

In the configuration example shown in FIG. 3, the user terminal 3 includes a processor 31, a ROM 32, a RAM 33, a data memory 34, a network (NW) communication unit 35, a card reader/writer (RW) 36, a display unit 37, an input unit 38, and the like. have

The processor 31 executes various processes by executing programs. The processor 31 is, for example, a CPU (Central Processing Unit). The processor 31 is connected to each section within the user terminal 3 via a system bus, and transmits and receives data to and from each section. The processor 31 cooperates with the ROM 32 and the RAM 33 to perform operations such as control and data processing in the user terminal 3 . For example, processor 31 implements various processing functions by executing application programs stored in ROM 32 or data memory 34 . However, some or all of various functions executed by the processor 31, which will be described later, may be realized by hardware circuits.

A ROM (Read Only Memory) 32 is a non-volatile memory that stores programs and control data for realizing basic operations of the user terminal 3 . For example, the ROM 32 stores programs that control basic operations such as an operating system (OS). In addition, the ROM 32 may store application programs and the like for realizing the functions of the user terminal 3 . The ROM 32 may be composed of a rewritable non-volatile memory. For example, the rewritable ROM 32 is implemented by an EEPROM (Electrically Erasable Programmable ROM), a flash ROM, or the like.

A RAM (Random Access Memory) 33 is a volatile memory that temporarily stores data. RAM 33 functions as a working memory when processor 31 executes a program.

The data memory 34 is a storage unit that stores various data. The data memory 34 is composed of a rewritable non-volatile memory. For example, the data memory 34 may be a flash ROM, a semiconductor device memory such as an SSD (Solid State Drive), or a storage device such as an HDD (Hard Disc Drive). The data memory 34 stores application programs, operation setting values, personal information, and the like. Also, the data memory 34 may store an OS program.

The NW communication unit 35 is a communication interface for communicating with external devices. The NW communication unit 35 may perform wireless communication, or may perform wired communication. In the IC card issuing system 1, the NW communication section 35 may communicate with the contract management server 4A and the data generation server 5A via an interface.

The card reader/writer 36 has a function of communicating with the IC card 2 . The card reader/writer 36 performs power supply, clock supply, reset control, and data transmission/reception to/from the IC card 2 . After activating (activating) the IC card 2, the card reader/writer 36 transmits various commands and receives responses to the transmitted commands under the control of the processor 31. FIG. The user terminal 3 may be configured to include an interface for connecting to a card reader/writer as an external device.

The card reader/writer 36 has a configuration corresponding to the communication system that the IC card 2 has. For example, when the IC card 2 is implemented as a contactless IC card, the card reader/writer 36 communicates with the IC card 2 in a contactless (wireless) manner using a communication protocol conforming to the communication system of the contactless IC card. connect. When the IC card 2 is realized as a contact type IC card, the card reader/writer 36 has a contact portion that is in physical and electrical contact with the contact portion (interface) of the IC card 2. Send and receive data via

The display unit 37 is a display device such as a liquid crystal panel. The input unit 38 is an operation device for inputting operation instructions to the user terminal 3 . The input unit 38 includes, for example, a touch panel. The display unit 37 and the input unit 38 may be configured by a display device with a touch panel (hereinafter referred to as a touch screen). Further, the input unit 38 may include an operation key configured by a button switch, a touch sensor that detects touch by an operator's finger based on a change in capacitance, or the like.

Next, the configuration of the contract management server 4A in the IC card issuing system 1 according to the embodiment will be described.
FIG. 4 is a block diagram showing a configuration example of the contract management server 4A in the IC card issuing system 1 according to the embodiment.
As shown in FIG. 4 , the contract management server 4A has a processor 41 , ROM 42 , RAM 43 , data memory 44 , interface 45 , network (NW) communication section 46 and communication section 47 .

The processor 41 executes various processes by executing programs. The processor 41 is, for example, a CPU (Central Processing Unit). The processor 41 is connected to each section within the server 4A via a system bus, and transmits and receives data to and from each section. Processor 41 cooperates with ROM 42 and RAM 43 to perform operations such as control and data processing in contract management server 4A.

A ROM (Read Only Memory) 42 is a non-volatile memory that stores programs and control data for realizing basic operations of the contract management server 4A.
A RAM (Random Access Memory) 43 is a volatile memory that temporarily stores data. RAM 43 functions as a working memory when processor 41 executes a program.
The data memory 44 is a storage unit that stores various data. The data memory 44 is composed of a rewritable non-volatile memory. For example, the data memory 44 stores an OS program, application programs, operation setting information, and the like.

The interface 45 is an interface for accessing the data storage 4B. If the data storage 4B is a storage device as an external device, the interface 45 may be compatible with the interface standard of the storage device as the data storage 4B. Further, when the data storage 4B is a data server or the like, the interface may be configured with a communication interface for communicating with the server as the data storage 4B.

A network (NW) communication unit 46 is a communication interface for communicating with an external device. The NW communication unit 46 may perform wireless communication, or may perform wired communication. In the IC card issuing system 1 according to this embodiment, the NW communication unit 46 may be any device that communicates with the user terminal 3 used by the user via a wide area network such as the Internet.

The communication unit 47 is a communication interface for communicating with the data generation server 5A. The communication unit 47 may perform wireless communication, or may perform wired communication. In the IC card issuing system 1 according to this embodiment, the communication unit 47 may be any device that can securely communicate with the data generation server 5A.
Note that the NW communication unit 46 and the communication unit 47 may be configured to be realized by one communication interface. Further, the interface 45 may also be configured as a common communication interface with the NW communication unit 46 or the communication unit 47 .

Next, the configuration of the data generation server 5A in the IC card issuing system 1 according to the embodiment will be described.
FIG. 5 is a block diagram showing a configuration example of the data generation server 5A in the IC card issuing system 1 according to the embodiment.
As shown in FIG. 5, the data generation server 5A has a processor 51, a ROM 52, a RAM 53, a data memory 54, an interface 55, a network (NW) communication section 56, a communication section 57, and an interface 58.

The processor 51 executes various processes by executing programs. The processor 51 is, for example, a CPU (Central Processing Unit). The processor 51 is connected to each section in the server 5A via a system bus, and transmits and receives data to and from each section. Processor 51 cooperates with ROM 52 and RAM 53 to perform operations such as control and data processing in data generation server 5A.

A ROM (Read Only Memory) 52 is a non-volatile memory that stores programs and control data for realizing basic operations of the data generation server 5A.
A RAM (Random Access Memory) 53 is a volatile memory that temporarily stores data. RAM 53 functions as a working memory when processor 51 executes a program.
The data memory 54 is a storage unit that stores various data. The data memory 54 is composed of a rewritable non-volatile memory. For example, the data memory 54 stores an OS program, application programs, operation setting information, and the like.

Interface 55 is an interface for accessing HSM5B. The interface 55 should just correspond to the interface standard with which HSM5B is provided.
A network (NW) communication unit 56 is a communication interface for communicating with an external device. The NW communication unit 56 may perform wireless communication, or may perform wired communication. In the IC card issuing system 1 according to the present embodiment, the NW communication unit 56 may communicate with the user terminal 3 used by the user via a wide area network such as the Internet.

The communication unit 57 is a communication interface for communicating with the contract management server 4A. The communication unit 57 may perform wireless communication, or may perform wired communication. In the IC card issuing system 1 according to this embodiment, the communication unit 57 may be any device that can securely communicate with the contract management server 4A.
Note that the NW communication unit 56 and the communication unit 57 may be configured to be realized by one communication interface.

The interface 58 is an interface for accessing the PUF storage 5C. The interface 58 should just correspond to the interface standard with which the PUF storage 5C is provided. Processor 51 checks PUF data registered in PUF storage 5C via interface 58 .

Next, application procedures and issuing procedures for the issuing process for the IC card 2 in the IC card issuing system 1 according to this embodiment will be described.
As a prerequisite for the operation described below, the IC card 2 is to be handed over to the user (card holder) after the processing of primary issuance (card manufacturing and initialization). It is also assumed that a key (key information) relating to generation of card authentication data is written in the IC card 2 handed over to the user in the primary issuance. The key information written in the IC card 2 is stored in the HSM 5B in the issuing control system 5. FIG. Further, it is assumed that the IC card 2 possessed by the user (card holder) is written with the fingerprint information of the user (the person himself/herself) after the user has been authenticated.

First, an application procedure for issuing an IC card 2 in the IC card issuing system 1 according to the present embodiment will be described.
FIG. 6 is a sequence for explaining an operation example of an application procedure for issue processing for the IC card 2 in the IC card issuing system 1 .
As for the cardholder, the processor 31 of the user terminal 3 receives the input of the application data through the input unit 38 according to the operation of the user as the cardholder (ST21). The application data includes, for example, information necessary for issuance processing (secondary issuance or function addition), personal information of the user who is the cardholder, and information about the IC card 2 possessed by the cardholder (user). It is assumed that

In addition, the user terminal 3 may input application data using an application program, or input application data on a website for inputting application data provided on the Internet. good. In the former case, the user terminal 3 has an application program installed in the data memory 34 . The processor 31 of the user terminal 3 starts the application program according to the user's operation, and inputs the application data according to the application data input format presented by the application program. In the latter case, the processor 31 of the user terminal 3 accesses the application data input side provided on the Internet by the NW communication unit 35, and adapts the input format of the application data presented on the input site. Enter the application data according to

Further, the processor 31 of the user terminal 3 reads information about the IC card 2 possessed by the card holder (user) from the IC card 2 in addition to the information of the application data input by the input unit 38 . Here, the information about the IC card 2 includes PUF data as unique identification information (ID) for identifying the IC card 2 .

Further, when the personal information of the user who is the cardholder is stored in the IC card 2 , the processor 31 of the user terminal 3 may read the personal information of the user from the IC card 2 .

In the operation example shown in FIG. 6, it is assumed that the IC card 2 outputs information about the IC card including PUF data in response to a request from the card RW 36 of the user terminal 3 after the person has been successfully authenticated by biometric authentication.

In this case, the processor 31 of the user terminal 3 sends a request for fingerprint authentication as biometric authentication and an output request for PUF data to the IC card 2 using the card RW 36 (ST22). Processor 21 of IC card 2 executes fingerprint authentication using fingerprint data stored in data memory 24 in response to a request from user terminal 3 (ST11). The processor 21 of the IC card 2 outputs the card data including the 0PUF data of the IC card 2 to the user terminal 3 after the personal identification by fingerprint authentication is successful (ST12).

When the input of the application data and the acquisition of the PUF data are completed, the processor 31 of the user terminal 3 creates an examination request requesting examination of the issuing process (contract) based on the input application data (ST23). The examination request examines whether it is possible (contract) to execute the issuing process (secondary issue or function addition) for the IC card 2 possessed by the card holder according to the application contents input as the application data. It is a request. The examination request also includes the PUF data acquired from the IC card 2 .

After creating the examination request including the application data and the PUF data, the processor 31 of the user terminal 3 transmits the examination request to the contract management server 4A of the data management system 4 (ST24). The processor 31 accesses the contract management server 4A via the Internet through the NW communication unit 35, and transmits an examination request to the contract management server 4A.

The contract management server 4A receives an examination request from the user terminal 3 through the NW communication section 46 (ST31). Upon receiving the examination request from the user terminal 3, the processor 41 of the contract management server 4A examines whether or not to permit the issuing process requested in response to the received examination request.

For example, the contract management server 4A examines whether there are any problems with the application contents indicated by the application data, and whether there are any problems with the contract for issuing the cardholder who is the applicant. The contents and procedures of the examination are not limited to a specific form as long as they conform to the operational form. In other words, the examination procedure may be any procedure in which the examination result for the examination request is input to the contract management server 4A.

If the examination result for the examination request is that the contract is not possible (issuance processing is not possible), the processor 41 of the contract management server 4A notifies the user terminal 3, which is the transmission source of the examination request, that the contract is not possible as the examination result. (ST34). Also, the processor 41 may notify the contact specified by the cardholder in the application data of the examination result.

When the processor 31 of the user terminal 3 receives the notice from the contract management server 4A that the examination result for the examination request indicates that the contract cannot be made, the processor 31 displays the fact that the examination result indicates that the contract cannot be made on the display unit 37, thereby enabling the cardholder to proceed. (ST25).

If the examination result for the examination request indicates that the contract is acceptable (issuance processing is acceptable), the processor 41 of the contract management server 4A issues a contract ID (ST32). After issuing the contract ID, the processor 41 registers the application data and PUF data included in the examination request for which the examination result indicates that the contract is acceptable in the data storage 4B in association with the issued contract ID (ST33). As a result, the data storage 4B stores information in which the application data from the contract management server 4A, the PUF data, and the contract ID are associated with each other (ST41).

When the application data, the PUF data and the contract ID are registered in the data storage 4B, the processor 41 of the contract management server 4A notifies the examination result and the contract ID to the user terminal 3 that sent the examination request (ST34).

When the processor 31 of the user terminal 3 receives a notice from the contract management server 4A that the examination result for the examination request indicates that the contract is acceptable, the processor 31 of the user terminal 3 displays the contract ID on the display unit 37 along with the notification that the examination result indicates that the contract is acceptable. Display (ST25). Here, if the examination result is acceptable, the processor 31 of the user terminal 3 may display guidance on the issuing process procedure on the display unit 37 . It should be noted that the contract ID may be any ID that is notified to the user who will be the cardholder when the examination result indicates that the contract is acceptable. For example, the contract management server 4A may notify the contact information (e.g., e-mail address) of the cardholder included in the application data of the contract ID.

By the above application procedure, when the examination request from the user terminal is approved, the contract management server receives the application data from the cardholder who made the examination request and the PUF of the IC card to be issued. The data and contract ID can be saved in data storage. As a result, the IC card 2 possessed by the card holder becomes ready for remote issuing processing by the operation described later. That is, after the card holder becomes ready for the issuing process, the user terminal 3 is used to remotely perform the issuing procedure for the IC card 2, which will be described later.

Next, the issuing procedure for issuing the IC card 2 in the IC card issuing system 1 according to this embodiment will be described.
7 and 8 are sequences for explaining an operation example of an issuing procedure for performing issuing processing for the IC card 2 in the IC card issuing system 1. FIG.
A user as a card holder activates an application program (hereinafter referred to as an issue application) for issue processing for the IC card 2 on the user terminal 3 . The issuing application may be stored in the data memory 24 in advance, or may be downloaded from the contract management server 4A or the data generation server 5A.

The processor 31 of the user terminal 3 activates the issuing application according to the issuing application activation instruction input by the cardholder to the input unit 38 (ST120). When the issuing application is activated, processor 31 requests the card holder to enter the contract ID (ST121). The card holder inputs the acquired contract ID together with the examination result of the application data through the input unit 38 . When the contract ID is input to the input unit 38, the processor 31 accesses the IC card 2 using the card RW 36 and requests the IC card 2 to perform fingerprint authentication as biometric authentication for personal identification (ST122).

The IC card 2 is activated by power supplied from the card RW36. When the IC card 2 is activated, the processor 21 executes fingerprint authentication processing in response to a request for biometric (fingerprint) authentication supplied from the card RW36 (ST111). When performing fingerprint authentication, the processor 21 acquires the fingerprint of the user (card holder) using the fingerprint sensor 20 . The processor 21 performs fingerprint authentication by comparing the fingerprint information acquired by the fingerprint sensor 20 with the fingerprint data stored in the second storage area 24b of the data memory 24. FIG.

When it is determined that the fingerprint information acquired by the fingerprint sensor 20 and the fingerprint data stored in the second storage area 24b of the data memory 24 are the fingerprints of the same person, the processor 21 determines that the fingerprint authentication is successful. and If it cannot be determined that the fingerprint information acquired by the fingerprint sensor 20 and the fingerprint data stored in the second storage area 24b are of the same person, the processor 21 determines that fingerprint authentication has failed.

If the fingerprint authentication on the IC card 2 fails, the processor 21 notifies the card RW 36 that the fingerprint authentication has failed. When the card RW 36 receives notification from the IC card 2 that the fingerprint authentication has failed, the processor 31 of the user terminal 3 stops the issuing procedure for executing the issuing process for the IC card 2 . In this case, the processor 31 notifies the user of the cancellation of the issuing procedure by displaying on the display unit 37 that the issuing process for the IC card 2 has failed due to the failure of the personal identification.

When the fingerprint authentication on the IC card 2 is successful, the processor 21 notifies the card RW36 of the success of the fingerprint authentication. When the card RW 36 receives notification from the IC card 2 that the fingerprint authentication has been successful, the processor 31 of the user terminal 3 sends card authentication data and PUF data for issuing to the IC card 2 via the card RW 36 . and In response to this, the processor 21 of the IC card 2 generates card authentication data, acquires PUF data, and supplies the generated card authentication data and PUF data to the card RW36.

That is, when the fingerprint authentication is successful, the processor 21 of the IC card 2 generates card authentication data (authentication data) (ST112). The card authentication data is authentication data generated when the biometric authentication of the IC card 2 is successful, and the IC card 2 is added with a function (for example, an applet is added) or issuance processing such as secondary issuance is performed. Contains information for

The card authentication data is generated using key information stored in the storage area 24a of the data memory 24, which is a secure memory. Further, the card authentication data includes, for example, CPLC (information indicating the product cycle of the IC card), INITIALIZE UPDATE command and response data as information for executing the issuing process.

Also, the processor 21 of the IC card 2 acquires PUF data, which is information specific to the IC card 2, when the fingerprint authentication is successful. When PUF data is held in the third storage area 24c of the data memory 24 as shown in FIG. However, if the IC card 2 has a configuration including a PUF circuit as a device for outputting PUF data, the processor 21 may acquire PUF data from the PUF circuit.

When card authentication data is generated and PUF data is acquired after fingerprint authentication is successful, the processor 21 of the IC card 2 outputs the generated card authentication data and PUF data to the card RW 36 of the user terminal 3 (ST113). After outputting the card authentication data and the PUF data, the processor 21 of the IC card 2 enables execution of the issuing process based on the issuing data generated by the data generation server 5A corresponding to the card authentication data.

When the processor 31 of the user terminal 3 acquires the card authentication data and the PUF data from the IC card 2 for which fingerprint authentication has been successfully performed by the card RW 36, the processor 31 generates an issue request requesting an issue process for the IC card 2, and generates the generated issue request. to the data generation server 5A (ST124).

For example, the processor 31 generates an issuance request including the contract ID input by the input unit 38 in addition to the card authentication data and PUF data acquired from the IC card 2 . After generating the issuance request including the card authentication data, the PUF data and the contract ID, the processor 31 accesses the data generation server 5A in the issuance control system 5 via the Internet by the NW communication section 35. FIG. Upon accessing data generation server 5A, processor 31 transmits an issuance request including card authentication data, PUF data and contract ID to data generation server 5A.

The data generation server 5A receives the issue request from the user terminal 3 through the NW communication unit 56. FIG. When receiving the issue request, the processor 51 of the data generation server 5A extracts the contract ID included in the issue request. After extracting the contract ID included in the issuance request, the processor 51 accesses the contract management server 4A via the communication unit 57. FIG. Upon accessing contract management server 4A, processor 51 transmits a request for application data corresponding to the contract ID included in the issuance request to contract management server 4A (ST131).

The contract management server 4A communicates with the data generation server 5A via the communication unit 47. FIG. When the processor 41 of the contract management server 4A receives a request for application data corresponding to the contract ID from the data generation server 5A, it searches the data storage 4B for application data corresponding to the contract ID (ST141). When the application data corresponding to the contract ID requested by the data generation server 5A is detected, the processor 41 transmits the application data corresponding to the contract ID and the PUF data to the data generation server 5A via the communication unit 47 ( ST142).

Upon receiving the application data and the PUF data corresponding to the contract ID from the contract management server 4A, the processor 51 of the data generation server 5A registers the PUF data included in the issuance request from the user terminal 3 in the PUF storage 5C, In addition, it is confirmed whether or not the PUF data corresponding to the application data matches (ST132).

For example, the processor 51 confirms whether the PUF data included in the issuance request is registered in the PUF storage 5C. That is, the processor 51 confirms whether the PUF data included in the issuance request (the PUF data of the IC card requesting the issuance process) is registered in the PUF storage 5C or is the PUF data of a genuine IC card (true/false). judge. Thereby, the processor 51 can confirm that the IC card requesting the issuing process is a genuine product.

If the PUF data included in the issue request is registered in PUF storage 5C, processor 51 further checks whether the PUF data included in the issue request matches the PUF data acquired from contract management server 4A. That is, the processor 51 confirms whether the PUF data included in the issue request (the PUF data of the IC card requesting the issue process) matches the PUF data of the IC card that applied for the issue process. Thereby, the processor 51 can confirm that the IC card requesting the issuing process is the same as the IC card that applied for the issuing process.
Note that the processor 51 of the data generation server 5A may check whether the PUF data included in the issuance request is registered in the PUF storage when receiving the issuance request from the user terminal 3 . That is, the processor 51 may acquire the application data and the PUF data from the contract management server 4A after confirming that the PUF data included in the issuance request is registered in the PUF storage.

When it is confirmed by checking the PUF data that the IC card 2 to be issued is genuine and matches the IC card for which the application was made, the processor 51 of the data generation server 5A makes the application in the IC card 2. Issue data for executing issue processing based on the data is generated (ST133). The issuing data includes commands to be executed by the IC card 2 in a series of issuing processes based on the application data and data to be written to the IC card 2 in a series of issuing processes.

For example, when an applet is added to the IC card 2 as issuing processing, the issuing data includes an INSTALL command as a command to be executed by the IC card 2 . When an applet is added according to a certain credit card standard, the issued data includes an external authentication (EXTERNAL AUTHENTICATE) command and a store data (STORE DATA) command as commands to be executed by the IC card 2 .

Processor 51 also processes the issued data using the key information stored by HSM 5B in order to securely supply the issued data to IC card 2 (ST134). Here, key information corresponding to the key information held in the IC card 2 is stored in the HSM 5B. As a result, the issue data can be safely supplied to the IC card 2 by encryption using the HSM 5B. For example, the processor 51 encrypts the data included in the issued data using the key information shared with the key information stored in the IC card 2 in the HSM 5B.

After encrypting the issue data with the key information stored in the HSM 5B, the processor 51 transmits the issue data encrypted by the HSM 5B to the user terminal 3, which is the sender of the issue request (ST135).

After transmitting the issuance request to the data generation server 5A, the user terminal 3 waits to receive the issuance data as a response to the issuance request. In this state, the user terminal 3 receives the issued data transmitted from the data generation server 5A by the NW communication section 354 (ST125). When the issued data is received, the processor 31 of the user terminal 3 outputs the issued data to the IC card 2 through the card RW 36 (ST126).

As a result, the processor 21 of the IC card 2 acquires from the card RW 36 of the user terminal 3 the issue data corresponding to the card authentication data generated after the biometric authentication is successful. After obtaining the issuance data, processor 21 executes the issuance process according to the obtained issuance data (ST114).

For example, the processor 21 writes data to be written in the data memory 24 as issuing processing by executing a command included in the issuing data. Also, the processor 21 decrypts the encrypted data included in the issue data supplied in the issue process using the key information stored in the first storage area 24a which is the secure memory in the data memory 24 .

When the issuing process based on the supplied issuing data is completed, the processor 21 of the IC card 2 notifies the completion of the issuing process to the card RW 36 of the user terminal 3 (ST115).
After outputting the issue data to the IC card 2 from the card RW 36, the user terminal 3 receives a notification from the IC card 2 indicating that the issuing process has been completed. When the processor 31 of the user terminal 3 receives the issuance process completion notification from the IC card 2 through the card RW 36, the display unit 37 displays a guide to the effect that the issuance process (function addition or secondary issuance) in the IC card 2 has been completed. (ST127).

Further, when receiving a notification that the IC card 2 has completed the issuing process based on the issuing data, the processor 31 notifies the completion of the issuing process to the data generation server 5A, which is the source of the issuing data, through the NW communication unit 35. (ST128).
When the processor 51 of the data generation server 5A receives the notification of the completion of the issuing process in the IC card 2 from the user terminal 3 through the NW communication unit 56, the communication unit 57 transmits the completion notification of the issuing process in the IC card 2 to the contract management server 4A. forward (send) to

The contract management server 4A receives the completion notification of the issuing process in the IC card 2 by the communication unit 47 via the data generation server 5A. When the processor 41 of the contract management server 4A receives the notice of completion of the issuing process in the IC card 2 via the data generation server 5A, it records the completion of the issuing process corresponding to the application data in the data storage 4B (ST143). .

According to the above-described issuance procedure, the IC card issuing system according to the embodiment, after the IC card having a fingerprint sensor as a biosensor has successfully authenticated the person by biometric authentication, confirms that the IC card is genuine and that the application It can be confirmed using the PUF data whether it matches the IC card at the time. As a result, the IC card issuing system according to the embodiment can perform issuing processing such as remote function addition or secondary issuing for an IC card that is genuine and matches the time of application.

Although the IC card issuing system according to the embodiment uses PUF data, this artificially generates unique data for each LSI when generating an IC card as in the conventional art, and writes it to the LSI. work becomes unnecessary. This is because the PUF can be automatically generated by a specific algorithm using physical variations inherent in electronic circuits, semiconductor crystal patterns, and the like.

Moreover, when unique data such as an identification code individually attached to an IC card is required, it is necessary that the data be different from the data issued in the past. In that respect, the PUF is always unique data and does not overlap, so it is suitable as an ID for the invention according to this embodiment.

Furthermore, when creating data specific to an LSI, it is common for different LSI vendors to create different styles or formats. In this respect, according to the invention of this embodiment, the use of PUF makes it possible to unify the generation and format of unique data.

The functions described in each of the above-described embodiments can be implemented not only by using hardware, but also by making a computer read a program describing each function using software. Also, each function may be configured by selecting either software or hardware as appropriate.

While several embodiments of the invention have been described, these embodiments have been presented by way of example and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the scope of the invention described in the claims and equivalents thereof.

1 IC card issuing system 2 IC card (portable electronic device) 3 user terminal 4 data management system 4A contract management server 4B data storage 5 issuance control system 5A data generation Server 5B HSM (hardware security module) 5C PUF storage 20 Biometric sensor (fingerprint sensor) 21 Processor (first processor) 24 Data memory (memory) 25 Communication interface 31 Processor 34 Data memory 35 NW communication unit 36 Card reader/writer 37 Display unit 38 Input unit 41 Processor (first processor) 44 Data memory 45 Interface 46 NW Communication unit 47 Communication unit 51 Processor (second processor) 54 Data memory 55 Interface (second interface) 56 NW communication unit 57 Communication unit 58 Interface (second interface) .

Claims (10)

A remote publishing system having a portable electronic device and a data generation server, comprising:
The portable electronic device comprises:
a biosensor for acquiring biometric information;
a memory including a storage area for storing user's biometric information;
a communication interface that communicates with the reader/writer;
generating authentication data for issuing processing in the portable electronic device when biometric authentication by matching biometric information acquired by the biosensor with biometric information stored in the memory is successful; a first processor that outputs PUF data unique to the portable electronic device to the reader/writer, and executes an issuance process based on issuance data corresponding to the authentication data supplied from the reader/writer;
The data generation server is
an interface that connects to a PUF storage that stores PUF data for a portable electronic device capable of publishing;
When an issuance request including authentication data and PUF data generated by the portable electronic device is input, and if the PUF data included in the issuance request is registered in the PUF storage, issuance to the portable electronic device a second processor that generates issuance data that causes the portable electronic device to execute an issuance process based on the application data related to the process and the authentication data;
Remote issuing system. the memory of the portable electronic device further stores PUF data specific to the portable electronic device;
wherein the first processor of the portable electronic device obtains the PUF data stored in the memory if biometric authentication is successful;
The remote publishing system of claim 1. The portable electronic device further comprises a PUF circuit that outputs unique PUF data,
The first processor of the portable electronic device acquires PUF data output by the PUF circuit when biometric authentication is successful.
The remote publishing system of claim 1. The portable electronic device is an IC card comprising a module having the biosensor, the memory, the first processor, and the communication interface, and a body storing the module.
4. The remote issuing system according to any one of claims 1-3. The biometric sensor is a fingerprint sensor that acquires fingerprint information,
5. The remote issuing system according to any one of claims 1-4. the communication interface of the portable electronic device communicates with a reader/writer connected to a user terminal;
The data generation server is
Furthermore, having a communication unit that communicates with the user terminal,
When the second processor of the data generation server receives an issuance request including authentication data and PUF data generated by the portable electronic device from the user terminal, the second processor of the data generation server stores the PUF data included in the issuance request in the PUF storage. is registered in the mobile electronic device, generation of issuance data for causing the portable electronic device to execute the issuance processing based on application data relating to the issuance processing for the portable electronic device and the authentication data, and sending the generated issuance data to the user send to the terminal
6. The remote issuing system according to any one of claims 1-5. said memory of said portable electronic device further comprising a secure memory for storing key information;
the first processor of the portable electronic device generates the authentication data using key information stored in the secure memory;
The data generation server is
a second interface that connects to a hardware security module that stores key information corresponding to key information stored in the secure memory of the portable electronic device;
The second processor of the data generation server transmits to the user terminal the authentication data processed using the key information stored in the hardware security module and the issued data based on the application data.
7. The remote publishing system of claim 6. A remote issuing system having a contract management server and a data generation server,
The contract management server is
a first communication unit that communicates with the user terminal;
An examination request including application data for applying for issuance processing for a portable electronic device is received from the user terminal by the first communication unit, and the issuance processing requested by the application data is permitted in examination according to the examination request. a first processor that issues a contract ID when
a first interface for accessing a data storage that stores the contract ID and the application data in association with each other;
The data generation server is
a second communication unit that communicates with the user terminal;
a second interface that connects to a PUF storage that stores PUF data of a portable electronic device capable of publishing;
When an issuance request including authentication data generated by a portable electronic device for which biometric authentication has succeeded, the PUF data of the portable electronic device, and a contract ID is received from the user terminal, the PUF data included in the issuance request is if registered in the PUF storage, obtain application data corresponding to the contract ID included in the issuance request from the contract management server;
generating issuance data for causing the portable electronic device to execute issuance processing based on the authentication data included in the issuance request and the application data obtained from the contract management server, and sending the generated issuance data to the portable electronic device; a second processor for transmitting to said user terminal comprising a reader/writer for communication;
Remote issuing system. The contract management server is
The first processor receives an examination request including application data for applying for issuance processing for the portable electronic device and PUF data from the user terminal through the first communication unit,
storing the contract ID, the application data, and the PUF data in association with each other in the data storage;
The second processor
obtaining application data and PUF data corresponding to a contract ID included in the issuance request from the contract management server if the PUF data included in the issuance request is registered in the PUF storage;
If the authentication data included in the issuance request matches the PUF data obtained from the contract management server, the portable electronic device is based on the authentication data included in the issuance request and the application data obtained from the contract management server. to generate the issue data that causes the to execute the issue process,
9. The remote publishing system of claim 8. a communication unit that communicates with a user terminal that connects a reader/writer that communicates with a portable electronic device having a function of performing biometric authentication;
an interface that connects to a PUF storage that stores PUF data for a portable electronic device capable of publishing;
When an issuance request including authentication data, PUF data, and a contract ID generated by a portable electronic device for which biometric authentication has succeeded is received from the user terminal, the PUF data included in the issuance request is registered in the PUF storage. issuance data for causing the portable electronic device to execute issuance processing based on the authentication data included in the issuance request and the application data corresponding to the contract ID, and the generated issuance data is transmitted to the user terminal. a processor sending to
A data generation server with

Images