JP3862609B2 - Issuing command generation method and system for issuing cards - Google Patents

Description

【００２７】
【発明の効果】
本発明によれば、ＩＣカードの種類によらずに、一度メタテンプレートを作成することにより、様々なバリエーションの発行コマンドの生成に対して対応することができる。
【００２８】
コマンドの自動生成時に、様々な発行用コマンドの確認を行うため、発行コマンドの記述ミスなどを事前に防ぐことができる。
【図面の簡単な説明】
【図１】 本発明による発行コマンド生成システムを適用するカード発行システムの概略構成図である。
【図２】 本発明による発行コマンド生成システムの骨子を示す構成図である。
【符号の説明】
１ 発行用データ格納データベース
２ 発行データ管理部
３ メタテンプレート
４ 発行コマンド生成システム
６ テンプレート解釈部
７ 発行用データ取得部
８ 変換規則
７ データ変換部
８ 発行用コマンド作成部[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an issuance command generation method and system for issuing a card to be given to a card issuing apparatus when an IC card is issued.
[0002]
[Prior art]
IC cards are widely used in recent years in the fields of public, finance, communication, transportation, medical care, electronic commerce on the Internet, etc. as new information recording media to replace magnetic cards because IC cards are safe and have a large storage capacity. . Recently, a multi-application IC card system in which a plurality of applications are mounted on an IC card and a plurality of services can be used has appeared. In the multi-application IC card system, it is necessary for a card issuer to issue an IC card by initially mounting an appropriate application among many applications in response to requests from the card issuer, service provider, and user. In addition, multi-card compatible IC card systems that manage various IC cards having different hardware and different card management systems have also appeared.
[0003]
Conventionally, when issuing a tamper-resistant IC card, an APDU (application protocol data unit) command specific to the IC card to be issued is created, and these APDU commands are applied to the IC card according to a sequence unique to the IC card. There was a need to send. Since the format and command sequence of these APDU commands are unique to the IC card, an issue command generation program for generating an appropriate APDU command in an appropriate sequence is required for each IC card.
[0004]
In the IC card issuance process, it is necessary to embed information that differs for each IC card, such as an IC card identification number and personal information, in an APDU command. Since personal information is stored as data in a file, DB (database), or the like, the issued command generation program reads these data and generates an APDU command embedded with the data. The data embedding method in this case depends on the format of each APDU, and the embedding method unique to each IC card is described in the issued command generation program.
[0005]
Thus, in the conventional method, an issue command generation program customized for each IC card is required. However, in a multi-card compatible IC card system that manages a plurality of types of IC cards, it is necessary to issue various types of IC cards. Therefore, an issue command generation program must be created for each IC card. It was troublesome and costly.
[0006]
In the conventional method, a predetermined application may be mounted on the IC card in the IC card issuing process. However, in this case as well, the number of applications to be installed and the APDU command sequence to be installed are all described in the issued command generation program, with the applications installed in advance being fixed.
[0007]
Furthermore, in a multi-application IC card system, the choice of which application is to be mounted on the IC card may be different for each IC card, such as personal information, but in the conventional method, There was no mechanism for selecting applications to be installed flexibly.
[0008]
[Problems to be solved by the invention]
SUMMARY OF THE INVENTION An object of the present invention is to provide an issuance command generation method and system for card issuance that can cope with generation of various variations of issuance commands regardless of the type of IC card.
[0009]
[Means for Solving the Problems]
The present invention relates to a meta template which is a file in which an APDU command necessary for issuing an IC card is described in a form including a reserved word, a database storing card issuing data, a meta template interpreter, and data conversion by issuing the command generating device having a part to generate an issuance command for issuing the IC card, in the case of outputting the issued command to the card issuing apparatus, a said issued command generation method, meta template interpreting unit, wherein it reads the APDU command from the meta template, said by interpreting the reserved word contained in the APDU command, hexadecimal, Kano format of embedding binary and card issuing data in any form of characters issued commands with the designation, designates the embedding location in issuing commands Wherein the step of performing a fit included locations discrimination embedded in to about words, the data conversion unit, the database reads the card issuance data from the format of the issued data converted according to the format specification, the data the conversion in issuing command generation method of card issuance, characterized by chromatic steps of embedding the embedding position determination.
[0010]
The present invention further includes a meta template which is a file in which an APDU command necessary for issuing an IC card is described in a form including a reserved word, a database storing card issuing data, a meta template interpreter, and data In an issue command generation system for generating an issue command for issuing an IC card by an issue command generation device having a conversion unit and outputting the issue command to the card issue device, the meta template interpretation unit is configured to execute an APDU command from the meta template. reading, by interpreting the reserved word included in the APDU command, hexadecimal, with the Kano format specification for embedding card issuing data in any form of binary and text issued commands, command issue For reserved words that specify the embedding location in It was performed because inclusive箇plants Determination embedding, the data conversion unit, the database reads the card issuance data from the format of the issued data converted according to the format specification, the embedded portions determine the data the conversion by embedding accordingly in issuing command generation system for card issuing, wherein the benzalkonium generates an issue command.
[0012]
In another preferred embodiment of the present invention, the reserved word directly specifies the length of the card issuing data to be embedded, the target card issuing data, and the data length of the card issuing data. An APDU description rule including a specification method, a target card issuing data, and a specification method for specifying a part of the data length of the card issuing data is described.
[0013]
In another preferred embodiment of the present invention, when the reserved word specifies card issuing data to be embedded, and the data length of the card issuing data exceeds a specified value, the APDU command is divided into a plurality of parts. The command division rule to be specified is described.
[0016]
[Embodiment of the Invention]
In order to describe the present invention in more detail, it will be described with reference to the accompanying drawings. In the drawings, the same reference numerals are assigned to the same functions.
[0017]
FIG. 1 is a schematic diagram showing the overall configuration of a card issuing system to which an issuing command generating system for issuing cards according to the present invention is applied. Here, 1 is a database that stores data for issuing cards, 2 is an issuance data management unit that stores issuance data in database 1, and takes out data necessary for card issuance from the database. An issuance command generation system according to the present invention that generates a card issuance command by appropriately performing data conversion according to a predetermined conversion rule together with interpretation of the metatemplate 3 and a meta template for card application data 4 Is a device that issues a card with an issue command created by the issue command generation system 4.
[0018]
The database 1 stores security data such as keys, names of users as personal information, card IDs, identification names of installed applications, and the like. In the meta template 3, a plurality of APDU commands necessary for card issuance are defined in a form including reserved words. The reserved words will be described in detail later.
[0019]
FIG. 2 is a block diagram showing the outline of the issuing command generation system 4 for issuing cards according to the present invention. This issuance command generation system 4 reads APDU commands from the metatemplate 3 and obtains data corresponding to the number of issued cards from the metatemplate interpretation unit 6 that analyzes reserved words embedded in these APDU commands. The data acquisition unit 7 that associates these data with the data item name for issuing the APDU command obtained by analyzing the meta template interpretation unit 6, and the predetermined conversion rule 8 defined by the reserved word described in the meta template 3 The data conversion unit 9 embeds data by appropriately converting the data specified by the reserved word into the location specified by the reserved word in accordance with the above, and embeds the data length in order to adjust the format of the APDU command, and Create a command to issue a card with the data after data conversion And it includes the issue for the command generating unit 10.
[0020]
In the present invention, when a tag is embedded in data to be converted by the data converter 9, the issuing data corresponding to the tag is written, and the maximum command that can be sent at one time is long because the issuing command is long. If the length is exceeded, the command is automatically divided to generate an issuance command, and the conversion method to the issuance data is changed according to the type of issuance data (numerical value, binary, character, etc.). By specifying the attribute to specify whether the issue data is embedded in the issue command in hexadecimal, binary, or character format using the reserved word, the same data can be in various formats according to the reserved word. Can be embedded in the issuing command, and if the data length of the issuing command is not uniform, specify padding. More, align the data length of data of different lengths, so as to fill the issuing commands, it is to define a reserved word corresponding to issuance data embedding rule.
[0021]
The premise of the present invention is to make the design so that the information to be written on the IC card can be changed so as to correspond to the generation of various variations of issue commands regardless of the type of IC card. Therefore, in the present invention, the reserved word (reserved symbol) in the APDU meta template is interpreted and data is acquired from the tag of the issuance information to generate an APDU command, or the processing operation result is set and the APDU command is set. In other words, the meta template 3 in FIG. 2 is a file in which a template for creating an APDU command to be executed at the time of issuing a card is described in the command execution order. The card conversion APDU reserved word described in the meta template 3 is interpreted by the meta template interpreting unit 6, and the issuing data acquired by the issuing data acquiring unit 7 is converted into a data converting unit 9 according to the format specified by the reserved word. The APDU command is generated by performing data conversion as needed.
[0022]
In the meta template 3, a plurality of APDU commands necessary for issuance are sequentially defined in a form including a reserved word, and the reserved word can be classified into the following three.
(1) Issuing data embedding rule This describes a rule for embedding issuing data in an APDU command.
(2) APDU command description rules There are various rules for describing APDU commands (for example, in the TLV format, the L part must describe the data length of the V part). Due to the data embedding, other parts of the APDU command may need to be changed. A rule for the other part of the APDU command that is changed under the influence of (1) is described.
{Circle around (3)} Command division rule This specifies a target data, and describes a rule for designating that an APDU command is divided into a plurality when the data length of the data exceeds a specified value.
[0023]
The reserved words corresponding to the issuance data embedding rule (1) are as follows.
A reserved word that specifies the issuance data item name and embeds the corresponding issuance data (for example, $ [],% []).
A reserved word that specifies the issue data item name, padding method, etc., and specifies that the corresponding issue data is padded and embedded (eg $ n).
A reserved word (for example, \ []) that specifies the issue data item name and embeds the data in the file indicated by the corresponding issue data.
A reserved word that specifies the name of the data item to be issued and the range of data to be used, and specifies that a part of the corresponding data to be issued is to be embedded (example: * SnBm. M bytes are embedded from the Nth byte)
A reserved word that specifies the variable name held by the data converter and embeds the corresponding variable (eg !! E = 0,1 is changed by the data converter).
[0024]
The reserved words corresponding to the APDU description rule of (2) are as follows. (In APDU, there are many L parts for substituting the data length such as TLV structure, Lc, and Le. According to the assignment of the data for issue, the L part representing the data length must be changed. Change rules).
• Reserved words that directly specify the data length (eg, #Le, (I)).
-Reserved words that specify the target data and the method to describe the data length of the data (L description methods such as simple TLV method, BerTLV method, ISO-defined Lc and Le description methods, etc.) There are several methods for describing data, such as little endian and big endian, so specify them. (Example: ^, @Len, @ILc, @BLen, #Len, #ILc, #BLen).
A reserved word that specifies the method of describing the target data and the data length of a part of the data (eg: #SignLen, the data length of only the data to be signed in the signed data, etc.).
[0025]
The reserved words corresponding to the command division rule of (3) are as follows.
A reserved word (for example, # 239c, #BlockNo) that specifies the target data and specifies that the APDU command is divided into a plurality of parts when the data length of the data exceeds the specified value.
[0026]
Examples of reserved words used in the meta template 3 are shown in Table 1 below.
[Table 1]

[0027]
【The invention's effect】
According to the present invention, it is possible to cope with generation of various variations of issuing commands by creating a meta template once regardless of the type of IC card.
[0028]
Since various commands for issuing are checked at the time of automatic command generation, it is possible to prevent a description error of the issued command in advance.
[Brief description of the drawings]
FIG. 1 is a schematic configuration diagram of a card issuing system to which an issuing command generation system according to the present invention is applied.
FIG. 2 is a block diagram showing the essence of the issued command generation system according to the present invention.
[Explanation of symbols]
1 issuance data storage database 2 issuance data management section 3 meta template 4 issuance command generation system 6 template interpretation section 7 issuance data acquisition section 8 conversion rule 7 data conversion section 8 issuance command creation section

Claims (6)

A meta template which is a file in which an APDU command necessary for issuing an IC card is described in a form including a reserved word, a database storing card issuing data, a meta template interpreting unit, and a data converting unit When the issuance command generation device generates an issuance command for issuing an IC card and outputs the issuance command to the card issuance device, the issuance command generation method includes:
Issued meta template interpreting unit, it reads the APDU command from the meta template, by interpreting the reserved word included in the APDU command, hexadecimal, data for issuing cards with any form of binary and text with the Kano format specification embedded in use command, performing a fit included locations determined embedding in respect reserved word that specifies the embedded positions in issuing commands,
Data conversion section, the database reads the card issuance data from the format of the issued data converted according to the format specification, characterized by chromatic and a step of embedding in accordance with the embedded portion determine the data the conversion Issuing command generation method for issuing cards.   The reserved word directly specifies the length of the card issuing data to be embedded, specifies the target card issuing data, and the method for describing the data length of the card issuing data, and is the target An APDU description rule including a card issuing data and a specification method for specifying a method for describing a part of the data length of the card issuing data is described, and an issuing command is generated by interpreting the reserved word. The issuance command generation method for card issuance according to claim 1.   The reserved word specifies the card issuing data to be embedded, and describes a command division rule that specifies that the APDU command is divided into a plurality when the data length of the card issuing data exceeds a specified value. The issuance command generation method for card issuance according to claim 1, wherein the issuance command is generated by interpreting the reserved word. A meta template which is a file in which an APDU command necessary for issuing an IC card is described in a form including a reserved word, a database storing card issuing data, a meta template interpreting unit, and a data converting unit In the issue command generation system for generating an issue command for issuing an IC card by an issue command generation device and outputting the issue command to the card issue device,
Meta template interpreting unit reads the APDU command from the meta template, the APDU by interpreting the reserved word contained in the command, hexadecimal, command for issuing the card issuing data in any form of binary and text embedded along with the Kano format specified, performs the order included箇plants Determination horse for the reserved word to specify the embedded point in issuing commands to,
Data conversion section, the database reads the card issuance data from the format of the issued data converted according to the format specified by embedding according to the embedding location determination the data the conversion, that generates an issue command issue the command generating system for the card-issuing characterized a call. The reserved word directly specifies the length of the card issuing data to be embedded, specifies the target card issuing data, and the method for describing the data length of the card issuing data, and is the target The card issuing card according to claim 4 , wherein the card issuing data includes an APDU description rule including a card specifying data and a method for specifying a method for describing a data length of a part of the card issuing data. Command generation system. The reserved word specifies the card issuing data to be embedded, and describes a command division rule that specifies that the APDU command is divided into a plurality when the data length of the card issuing data exceeds a specified value. The issuance command generation system for card issuance according to claim 4 , wherein:

Images