JP2549675B2 - Portable electronic device and mutual authentication method - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION [Object of the Invention] (Field of Industrial Application) The present invention relates to a portable electronic device called a so-called IC card, which is used as, for example, a credit card and the like, and is particularly superior to this device. The present invention relates to a portable electronic device including a random number generation unit that generates random number information used for mutual authentication and the like with a terminal device as a device.

The present invention also relates to a mutual authentication method for performing mutual authentication between the portable electronic device and a terminal device as an external device.

(Prior Art) Recently, the use of bank cash cards and credit cards is rapidly increasing. Along with this, crimes that misuse cards have tended to increase, which is a big problem. As a result, IC cards with high security have received a great deal of attention.

IC cards store data in internal memory,
Access control to data can be easily provided. Moreover, since the IC card has a control element (CPU) built-in, it is possible to realize an active security function such as data encryption and internal confirmation of personal identification information.

However, in the system using the IC card,
No countermeasure is taken against forgery of an IC card or forgery of an IC card terminal device, and therefore there is a problem that the system safety is impaired against forgery of an IC card or forgery of a terminal device.

Therefore, recently, for the purpose of preventing such IC card forgery and terminal device forgery and improving the system safety,
A mutual authentication method has been considered in which the IC card and the terminal device confirm the other party with each other and can communicate only when it is judged to be valid.

Random number information (encryption information) is used for this mutual authentication. That is, for example, an IC card and a terminal device are provided with random number generating means for generating random number information, and the random number information generated by each is transmitted to the other party, and when this is received, the random number information received by each is decoded. It is returned to the other party, and the validity of the other party is judged based on the content of the decrypted information returned.

Now, as a random number generation means provided in the IC card, conventionally, a so-called M series is used, or a random number area is provided in the memory, data in the random number area is read, and its value is transposed or transposed. What to do, DES, FEAL (F
ast data Encipherment ALgorithm) was used.

FIG. 5 shows a circuit of a linear feedback shift register system (LFSR system) that generates an M sequence, R is a 3-bit shift register, and XOR is an exclusive OR circuit.
In this circuit, the initial value of the shift register R = R
The random number sequence when starting from (O) = (1,1,1) is “1110100
1 ”(1 ≦ t ≦ 8). This is the primitive polynomial H
This is the case where (x) = x ³ + x + 1 is used, and the cycle in this case is “7”.

When the M-sequence is used in this way, there is always a period and linearity, so the safety is poor. Therefore, when random number information is used for mutual authentication as described above, there is a problem in security.

(Problems to be Solved by the Invention) The present invention solves the problem that the random number generating means has a cycle as described above and is inferior in security when random number information is used for mutual authentication as described above. With the aim of providing a portable electronic device and a mutual authentication method, the random number generating means has no periodicity and the security is significantly improved when the random number information is used for mutual authentication as described above. To do.

[Structure of the Invention] (Means for Solving Problems) A portable electronic device of the present invention is a portable electronic device for authenticating an external device, and a clock circuit for generating time information and an output of this clock circuit. And a random number generation unit that generates random numbers by encrypting the time information stored in this storage unit with predetermined key information, and the random number information generated by this random number generation unit to the outside. Output means for outputting to the device, first receiving means for receiving the decryption information of the random number information output by the output means from the external device, decryption information received by the first receiving means, and the storage A confirmation means for confirming the legitimacy of the external device by comparing with the time information stored in the means, and a disturbance generated by encrypting the time information with predetermined key information in the external device. Second receiving means for receiving information, decrypting means for decrypting the random number information received by the second receiving means with the key information, and outputting the information decrypted by the decrypting means to the external device And means for allowing the external device to judge the legitimacy of the portable electronic device.

Further, the mutual authentication method of the present invention is a mutual authentication method in which a portable electronic device and an external device each equipped with a clock circuit for generating time information mutually authenticate, and the output of the clock circuit is output in the portable electronic device. A first random number is generated by temporarily storing the first time information as the first time information, and the temporarily stored first time information is encrypted with the first key information. The first random number information output from the portable electronic device is decrypted with the second key information and returned to the external device, and the portable electronic device returns the decrypted information and the temporary information. By collating with the stored first time information, the legitimacy of the external device is confirmed and the result is transmitted to the external device. In the external device, the collation result by the portable electronic device matches. When The output of the clock circuit is temporarily stored as the second time information, and the temporarily stored second time information is encrypted with the second key information to generate a second random number. Output to the portable electronic device, the portable electronic device decrypts the second random number information output from the external device with the first key information and returns the decrypted information, and the external device decrypts the returned decrypted information. It is characterized in that the validity of the portable electronic device is confirmed by collating the activation information with the temporarily stored second time information.

(Operation) By providing a clock circuit for generating time information, the time information generated from this clock circuit is used as input information of the random number generation means, and the random number is generated by encrypting with the predetermined key information. It will be different every time and the periodicity will disappear. Therefore, for example, when the random number information is used for mutual authentication performed between the portable electronic device and the external device, the security is significantly improved, and for example, forgery such as forgery by the user of the device is surely prevented. You can
The security is very good.

(Example) Hereinafter, one example of the present invention will be described with reference to the drawings.

FIG. 3 shows the appearance of a multifunction IC card used as, for example, a credit card as an example of the portable electronic device according to the present invention. This IC card can be used both online and offline. Then, for example, a transaction function capable of performing transactions with a plurality of accounts (for example, usable as a plurality of types of credit cards and cash cards), a clock function for displaying time information including date information and time information, at least four arithmetic operations It has a computer function for performing, and an electronic memo pad function for registering and reading out addresses, names, telephone numbers and the like.

In FIG. 3, reference numeral 1 denotes a card body, which is made of, for example, a rectangular thin plastic plate. A contact part that is electrically connected to an integrated circuit (IC) 2 embedded in the card body 1 at a predetermined portion of the surface of the card body 1 and that electrically communicates with a terminal device (not shown) when used online. 3, a liquid crystal display unit 4 for displaying input / output data and time information, and a keyboard 5 are provided.
A battery 6 for power supply is embedded in the card body 1.

On the keyboard 5, account keys 7,8,9,1 for specifying an account
0, a ten key 11, an addition key 12 as a four arithmetic operation key, a subtraction key 13, a division key 14, a multiplication key 15, a decimal point key 16 and an equal key 17 are provided.

The account key 7 specifies the first operation (process) for the first account (eg, the first credit card), and the account key 8 is the second operation for the second account (eg, the second credit card). Specify the business, account key 9 is the third
Of the account (eg, the first cash card) is specified, and the account key 10 is designed to specify the fourth job of the fourth account (eg, the second cash card).

The addition key 12 is also used as a next key for advancing the display state of the liquid crystal display unit 4 to the next, and the subtraction key 13 is also used as a back key for returning the display state of the liquid crystal display unit 4 to the front and the decimal point key. 16 is also used as a no key or an end key, and the equal key 17 is also used as a yes key or an activation key (power-on key).

FIG. 2 shows a circuit configuration of the integrated circuit 2. That is, 21 is a communication control circuit, 22 is a reset control circuit, 23 is a power supply control circuit, 24 is a battery check circuit for checking whether the voltage of the battery 6 is a specified value or more, 25 is a clock control circuit, 26 For example, the frequency is 1MHz
, 27 is a CPU (Central Processing Unit) as a control unit that controls the overall control, 28 is a program memory including a mask ROM, 29 is a program working memory, and 30 is an EEPR.
A data memory (memory unit) composed of a non-volatile memory such as an OM, 31 is a timer circuit used for timekeeping during processing operation, and 32 is a clock circuit that generates time information including date information and time information. 33, an oscillator for generating a clock having a frequency of 32.768 KHz, 34 a display control circuit, 35 a display driver for driving the liquid crystal display unit 4, 36 a keyboard interface circuit as an input circuit of the keyboard 5, 37 Is a random number generation unit that generates random number information (encrypted information), and 38 is a decryption unit that decrypts random number information sent from a terminal device (not shown).

Communication control circuit 21, battery check circuit 24, CPU27,
Program memory 28, program working memory 2
The data memory 30, the timer circuit 31, the clock circuit section 32, the display control circuit 34, the keyboard interface circuit 36, the random number generation section 37, and the decoding section 38 are connected by a data bus 39.

The communication control circuit 21 operates when online,
The serial data supplied from the terminal device via the contact unit 3 is converted into parallel data and output to the data bus 39, or the parallel data supplied from the data bus 39 is converted into serial data and transmitted via the contact unit 3. Output to the terminal device.

The reset control circuit 22 operates online and receives a reset signal supplied from the terminal device via the contact portion 3 to activate the CPU 27.

The power supply control circuit 23 switches from the drive by the battery 6 to the drive by the external power supply (supplied from the terminal device through the contact portion 3) after a lapse of a predetermined time when it goes online, and when it goes offline, that is, the external When the voltage of the power source drops, control is performed to switch from driving by the external power source to driving by the battery 6.

The clock control circuit 25 stops the operation of the oscillator 26 that generates a 1 MHz clock in the key input standby state (standby) when offline, and also stops the supply of the clock to the CPU 27, resulting in a completely stopped state. To do. Then, in this state, when the activation key 17 is turned on, the oscillator 26 is operated and 32.768 KH output from the clock circuit unit 32.
The clock clock for z is supplied to the CPU 27, and when the next key operation is performed after the activation key 17 is turned on, the 1 MHz clock output from the oscillator 26 is supplied to the CPU 27. Further, when online, a reset signal is supplied from the reset control circuit 22, so that the clock supplied from the terminal device via the contact portion 3 is supplied to the CPU 27.

The program memory 28 stores a transaction function program, a clock function program, a computer function program, an electronic memo pad function program, other programs, and the like. The CPU 27 is adapted to selectively operate a transaction function, a clock function, a computer function, an electronic memo pad function, etc. by selectively executing a program in the program memory 28 and performing a process.

The data memory 30 stores the account information corresponding to each of the above-mentioned first to fourth accounts, and the corresponding account information is selected by pressing the account keys 7 to 10, and the corresponding account information is dealt with based on the account information. The work that you want to do is executed. Further, the data memory 30 has an area for an electronic memo pad, and data such as an address, a name and a telephone number are stored in the area.

The clock circuit section 32 outputs 32.768 KHz from the oscillator 33.
A frequency divider circuit 321 that generates a clock of 1 sec by dividing the clock of 1 is generated, and time information that includes date information and time information is generated by counting the clocks generated from the frequency divider circuit 321. First and second clock circuits
It is composed of 322,323. The first clock circuit 322 is a clock circuit for display in which the cardholder can freely set and change the time information by operating the keyboard 5. Second clock circuit
Reference numeral 323 is a clock circuit in which, for example, arbitrary time information is set when the card is issued, and thereafter the time information cannot be changed unless the correctness of the operation is proved by a specific procedure. In this embodiment, the design of the time information of the second clock circuit 323 can be changed by, for example, a command that the card issuer can use only.

The display control circuit 34 converts the display data supplied from the CPU 27 into a character pattern using a character generator (not shown) composed of an internal ROM, and displays it on the liquid crystal display unit 4 via the display driver 35. It has become.

The random number generator 37, as shown in FIG.
Using the time information generated from 323 as input information, random number information (encryption information) is generated using key information K. That is,
The random number generation unit 37 uses a block cipher, and uses DES as the block cipher (even if it is a block cipher other than DES, there is no problem). Since the input block of DES is 8 bytes, the time information “year” is 4 digits, “month” is 2 digits, “day” is 2 digits, and “hour” is input information.
Is 2 digits, “minute” is 2 digits, and “second” is 4 digits, making a total of 16 digits. There is no problem even if "second" is set to 2 digits and total 14 digits. In this way, by using the time information as the input information, the same plaintext input will not appear twice after at least 1 second. Therefore, the random number information is different every time.

Next, an example of mutual authentication performed between the present IC card and a terminal device as a higher-level device in such a configuration will be described with reference to FIG. For example, when using this IC card for cashless shopping and credits, this IC card is set in a terminal device. Then, the terminal device transmits a start signal to the CPU 27 of the IC card. Upon receiving the start signal, the CPU 27 reads the time information from the second clock circuit 323, temporarily stores the time information in the data memory 30, and supplies it to the random number generator 37. The random number generation unit 37 uses the supplied time information as input information and uses the key information K to generate random number information. The generated random number information is transmitted to the terminal device by the CPU 27. The terminal device receiving this decrypts the random number information into the original time information using the key information K similar to the key information K used in the random number generator 37, and decrypts the decrypted information (that is, the time information) into the IC. Send to the CPU 27 of the card. CPU that received this
27 compares and compares the decrypted information (that is, time information) and the time information temporarily stored in the data memory 30 to see if they match, and sends the verification result to the terminal device. By the first step up to this point, it is determined whether or not the legitimate IC card is a terminal device that can communicate, and if a match is obtained as a result of the above collation, communication is enabled.

The terminal device that has received the verification result from the IC card ejects the IC card that has been set if the verification results do not match. If the matching result is a match, the time information generated from the built-in clock circuit is read by the same means as the IC card (or different means may be used), the time information is temporarily stored, and the time information is input. Random number information is generated from the key information K as information, and the IC card CPU2
Send to 7. Upon receiving this, the CPU 27 supplies the random number information to the decoding unit 38. The decryption 38 decrypts the supplied random number information into the original time information by using the key information K, and the decrypted information is transmitted by the CPU 27 to the terminal device. Upon receiving this, the terminal device compares and verifies the decrypted information and the temporarily stored time information as to whether or not they match.
As a result of this collation, if they do not match, the set IC card is ejected, and if they match, communication is enabled from the terminal device to the center computer (not shown). In this way, in the second step after the verification result of the verification match is transmitted from the IC card, the valid terminal device determines whether or not the IC card can communicate.

In this way, the IC card confirms the terminal device in the first process, and the terminal device confirms the IC card in the second process. As a result, communication is possible only when both parties recognize each other as legitimate, that is, data can be exchanged or data can be read and written.

[Effects of the Invention] As described in detail above, according to the present invention, a clock circuit for generating time information is provided, and the time information generated from this clock circuit is used as the input information of the random number generation means and encrypted with predetermined key information. By generating random numbers by converting the input information, the input information will be different each time, thus eliminating the periodicity, and when using random number information for mutual authentication as described above, the security will be significantly improved, and forgery, etc. It is possible to provide a portable electronic device and a mutual authentication method that can reliably prevent fraud and have excellent security.

[Brief description of drawings]

1 to 4 are for explaining one embodiment of the present invention. FIG. 1 is a diagram for explaining a random number generator, FIG. 2 is a block diagram showing a circuit configuration of an integrated circuit, and FIG. FIG. 4 is a plan view showing the configuration of an IC card, FIG. 4 is a view for explaining an example of mutual authentication, and FIG. 5 is a view for explaining a conventional random number generation means. 2 ... Integrated circuit, 3 ... Contact part, 6 ... Battery, 27 ... CPU (control part), 28 ... Program memory, 3
0 …… Data memory (memory section), 32 …… Clock circuit section, 3
21 ... Divider circuit, 323 ... Second clock circuit, 33 ... Oscillator, 37 ... Random number generator.

Claims (2)

(57) [Claims] 1. In a portable electronic device for authenticating an external device, a clock circuit for generating time information, storage means for temporarily storing the output of this clock circuit, and time information stored in this storage means. Random number generation means for generating a random number by encrypting with predetermined key information, output means for outputting the random number information generated by this random number generation means to an external device, and decryption of the random number information output by this output means The first receiving means for receiving the encrypted information from the external device, and the decryption information received by the first receiving means and the time information stored in the storage means are compared to determine the validity of the external device. And a second receiving means for receiving random number information generated by encrypting time information with predetermined key information in an external device, and a second receiving means. Decryption means for decrypting the received random number information with the key information, and means for outputting the information decrypted by the decryption means to the external device so that the external device determines the validity of the portable electronic device. A portable electronic device comprising: 2. A mutual authentication method in which a portable electronic device and an external device each equipped with a clock circuit for generating time information mutually authenticate each other. In the portable electronic device, the output of the clock circuit is the first time information. Is temporarily stored as, and the first random number is generated by encrypting the temporarily stored first time information with the first key information, and the generated first random number information is output to an external device, The external device decrypts the first random number information output from the portable electronic device with the second key information and returns the decrypted information. The portable electronic device returns the decrypted information and the temporarily stored first information. By checking the time information of No. 1, the validity of the external device is confirmed and the result is transmitted to the external device. In the external device, when the result of the matching by the portable electronic device is the same, Out of the circuit Is temporarily stored as second time information, and the second random number information is generated by encrypting the temporarily stored second time information with the second key information, and the generated second random number information is generated. Output to the portable electronic device, the portable electronic device decrypts the second random number information output from the external device with the first key information, and returns the decrypted information. A mutual authentication method characterized by confirming the legitimacy of a portable electronic device by comparing it with second time information that is temporarily stored.