JP4538909B2 - Data storage device and information processing device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
  The present invention relates to a data storage device.And information processing apparatusFor example, in the exchange of data between an IC card and a reader / writer, it is possible to exchange data related to a service that performs authentication using a common key and data related to a service that performs authentication using a public key with a single IC card. Data storage deviceAnd information processing apparatusAbout.
[0002]
[Prior art]
The use of IC (Integrated Circuit) cards is increasing in electronic money systems and security systems. The IC card has a CPU (Central Processing Unit) that performs various types of processing and a memory that stores data necessary for processing, etc., and uses electromagnetic waves while being in electrical contact with a predetermined reader / writer. Thus, data is transmitted and received without contact. In general, necessary power is supplied to an IC card that transmits and receives data without contact with a reader / writer using electromagnetic waves.
[0003]
A common key method or a public key method is used for authentication of the IC card and the reader / writer. In the common key method, the key used for encryption and the key used for decryption are the same. In order to use common key encryption, it is necessary to share the common key between the sender and the receiver in advance, so the key used for encryption must be secured using a secure means different from the communication path. (That is, the IC card and the reader / writer must share a common key in advance). The encryption is basically performed by combining “transposition (transliteration)” for changing the order of characters and “substitution” for replacing one character with another according to a certain rule. The encryption algorithm and key indicate in what order the characters are replaced and which characters are replaced. In encryption, substitution encryption for shifting characters and transposition encryption for changing the order of characters are basic encryption conversion, and the number of characters to be shifted is a key.
[0004]
The public key method uses a pair of “encryption key” and “decryption key” in an encryption system, and the encryption key is made public, and the decryption key is managed by the key issuer and kept secret. It is something to keep. When transmitting data, the communication text is encrypted using the encryption key, and the receiving side uses the decryption key to restore it. Since the two keys are determined based on a certain mathematical relationship, it is not impossible to obtain the decryption key from the encryption key, but it is not practical from the viewpoint of computational complexity.
[0005]
In the public key cryptosystem, the encryption key does not need to be concealed as compared with the conventional common key cryptosystem, so the distribution of the encryption key is easy, and each user can individually decrypt the ciphertext. Since it only needs to have the decryption key you have, there is no need to distribute the decryption key, and it has the advantage of having a message authentication function with a digital signature, but it requires authentication processing compared to a common key encryption system The time will be longer.
[0006]
The digital signature is a method for indicating that the message is transmitted from a legitimate sender and has not been altered in the middle of electronic mail or online transaction. In normal ciphertext communication, encryption is performed with a public key. For example, in the case of an RSA (Rivest, Shamir, Adleman) public key encryption system, conversely, “encryption with a decryption key (secret key)” is performed. "Will be a digital signature. In another encryption method, a hash value is obtained for data to be signed, and is encrypted with a secret key.
[0007]
To verify this signature, the public key is used (ie, the roles of encryption key and decryption key are interchanged). Since public keys are widely available, anyone can easily verify the validity of their signatures. If the ciphertext can be correctly restored with the public key and a meaningful sentence is obtained, it can be confirmed that it is the correct sender. This is because only a legitimate sender knows the private key (the one that signed it), and in order to create a digital signature that can be restored with the public key, you must know the paired private key. Because it should not. In addition, when the data has been tampered with, the data cannot be correctly decrypted, and thus can be used for prevention / detection of tampering. Signature verification is performed by comparing the value decrypted using the public key and a hash value separately calculated from the data, and if they match, it is determined that the data has not been tampered with, If they do not match, it is determined that the data has been tampered with.
[0008]
Further, a third party organization for the purpose of issuing a certificate for proving that the data issuance source is a reliable organization is called a certificate authority (CA).
[0009]
[Problems to be solved by the invention]
Conventionally, for example, when using a ticket gate of a station using an IC card or performing authentication of entry permission using an IC card, a service that performs authentication using a common key, for example, using an IC card When receiving a service that performs authentication using a public key, such as an electronic money service that pays for a product, the user needs to have a different IC card. That is, services with different authentication methods cannot be used with the same IC card.
[0010]
The present invention has been made in view of such a situation, and exchanges data related to a service for authentication using a common key and authentication using a public key with a single IC card with a predetermined reader / writer. It is possible to exchange data related to the services to be performed.
[0011]
[Means for Solving the Problems]
  The data storage device of the present invention is compatible with both contact-type and non-contact-type information processing devices, and controls modulation and demodulation of input / output data for the information processing device. First control means for controlling input of information for identifying a predetermined service from the first authentication unit, and first authentication that is data corresponding to the predetermined service and is an authentication key necessary for authentication of the predetermined service Authentication using at least one of the key and the second authentication key, the second control means for controlling storage of information for identifying a predetermined service, and the first authentication key among the authentication keys Input is controlled by the first authentication processing execution means for executing the processing, the second authentication processing execution means for executing the authentication processing using the second authentication key of the authentication keys, and the first control means. Identify a given service Based on the order information, and controls one of the first authentication process execution means and the second authentication processing executing means, and a third control means for executing authentication processing with the information processing apparatusSelection means for selecting the level of the first authentication key or the second authentication key for the predetermined service, and the data controlled for storage by the second control means is necessary for authentication of the predetermined service. The first authentication key or the second authentication key of a predetermined version is prepared at a plurality of levels, and the first control means has the first authentication key or the second authentication key at the level selected by the selection means. Controls the output of the first information related to the version of the authentication key, and controls the input of the second information indicating whether or not to permit the authentication processing based on the level determined based on the version from the information processing apparatus. When the authentication processing by that level is not permitted, the selection means newly selects a different level of the first authentication key or the second authentication key, and the first control means newly selects by the selection means The When the first authentication key or the second authentication key at the same level and the output of the first information regarding the version of the second authentication key are controlled, and the authentication processing according to the level is permitted, the third control means is the first control means. Based on the second information whose input is controlled by the control, either the first authentication processing execution means or the second authentication processing execution means is controlled to execute the authentication processing with the information processing apparatus.It is characterized by that.
[0018]
  The information processing apparatus according to the present invention is compatible with both a contact-type and a non-contact-type data storage apparatus, and controls the modulation and demodulation of input / output data for the data storage apparatus. First control means for controlling the output of information for identifying a predetermined service to the data, and data corresponding to the predetermined service, which is an authentication key necessary for authentication of the predetermined serviceMultiple versions of multiple levelsDisplay at least one of the first authentication key and the second authentication key, second control means for controlling storage of information for identifying a predetermined service, and information corresponding to the predetermined service Display means; input means for receiving a signal indicating selection of a predetermined service by a user; first authentication processing execution means for executing authentication processing using a first authentication key of authentication keys; Processing of second authentication processing execution means for executing authentication processing using second authentication key out of keys, first authentication processing execution means, second authentication processing execution means, and second control means Third control means for controllingAnd, based on the first information about the version of the first authentication key or the second authentication key at the predetermined level for the predetermined service from the data storage device, the input of which is controlled by the first control means, A determination means for determining whether or not to permit the authentication process;And when there are a plurality of predetermined services that can be authenticated by the first authentication processing execution means or the second authentication processing execution means, the display means displays information corresponding to the plurality of predetermined services that can be authenticated. The third control means controls either the first authentication processing execution means or the second authentication processing execution means based on the signal indicating the selection of the predetermined service input by the input means,The version of the first authentication key or the second authentication key of the level at which the authentication process is permitted by the judging meansAuthentication process with data storage deviceThe first control means controls the output to the data storage device of the second information indicating whether or not to permit the authentication processing according to the level according to the determination result by the determination means.It is characterized by that.
[0026]
  In the data storage device of the present invention,It is compatible with both information processing devices of contact and non-contact communication systems, and modulation and demodulation of input / output data for the information processing device is controlled to identify a predetermined service from the information processing device Input of information for the control, data corresponding to a predetermined service, at least one of a first authentication key and a second authentication key, which is an authentication key necessary for authentication of the predetermined service, and Storage of information for identifying a predetermined service is controlled, authentication processing using a first authentication key out of authentication keys is executed, and authentication processing using a second authentication key out of the authentication keys Is executed and one of the authentication process using the first authentication key and the authentication process using the second authentication key is controlled based on the information for identifying the predetermined service whose input is controlled. Authentication with information processing equipment Management is performed.Further, the level of the first authentication key or the second authentication key for the predetermined service is selected, and the data whose storage is controlled includes a predetermined version of the first authentication key or a predetermined version necessary for authentication of the predetermined service. The second authentication key is prepared at a plurality of levels, and the output of the first information related to the first authentication key or the second authentication key at the selected level is controlled, and the information processing apparatus When the input of the second information indicating whether or not to permit the authentication process based on the level determined based on the version is controlled and the authentication process based on the level is not permitted, the first authentication key or A different level of the second authentication key is newly selected, and the output of the first information relating to the first authentication key or the second authentication key version of the newly selected level is controlled, and the level is controlled. When the authentication process is permitted, either the authentication process using the first authentication key or the authentication process using the second authentication key is controlled based on the second information whose input is controlled. An authentication process with the information processing apparatus is executed.
[0027]
  In the information processing apparatus of the present invention,It can be used for data storage devices of both contact and non-contact communication systems, and modulation and demodulation of input / output data for the data storage device is controlled, and a predetermined service to the data storage device is identified. Data corresponding to a predetermined service is controlled, and is an authentication key necessary for authentication of the predetermined serviceMultiple versions of multiple levelsStorage of information for identifying at least one of the first authentication key and the second authentication key and a predetermined service is controlled, information corresponding to the predetermined service is displayed, and the predetermined service by the user is displayed. The signal indicating the selection of the authentication key is received, the authentication process using the first authentication key out of the authentication keys is executed, the authentication process using the second authentication key out of the authentication keys is executed, Authentication processing using one authentication key, authentication processing using a second authentication key, and data corresponding to a predetermined service, the first authentication key and the second data required for authentication of the predetermined service Control is performed to control storage of information for identifying at least one of the authentication keys and a predetermined service. In addition, when there are a plurality of predetermined services that can be authenticated by the authentication processing using the first authentication key or the authentication processing using the second authentication key, information corresponding to the plurality of predetermined services that can be authenticated is provided. Based on a signal indicating selection of a predetermined service to be displayed and input, either the authentication process using the first authentication key or the authentication process using the second authentication key is controlled, and the data storage device The authentication process is executed.Whether to allow the authentication process based on the first information from the data storage device whose input is controlled and the first authentication key or the second authentication key version of the predetermined level for the predetermined service. In accordance with the determination result, the output of the second information indicating whether or not to permit the authentication processing at that level to the data storage device is controlled.
[0028]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[0029]
FIG. 1 shows the relationship between an IC card and a reader / writer. The IC card 1 can support both authentication services using a common key method and authentication using a public key method (each authentication method will be described later). The non-contact type common key reader / writer 2-1 communicates with the IC card 1 in a non-contact manner and performs authentication by the common key method. The non-contact type public key compatible reader / writer 2-2 communicates with the IC card 1 in a non-contact manner and performs authentication by the public key method. The contact-type public key compatible reader / writer 2-3 makes contact and performs communication, and performs communication using the public key method.
[0030]
For example, the IC card 1 includes information providing services such as a commuter pass and a fare card that can be used for payment of a fare. When the IC card 1 is used to use a ticket gate of a station, the IC card 1 In a process that requires a short processing time, such as when an IC card 1 is used to authenticate entry permission, the reader / writer 2-1 for the non-contact type common key is included. Is used for contactless communication using a common key.
[0031]
For example, when the IC card 1 includes information for providing an electronic money service, and processing for clearing a product purchased by a user at a store or the like, authentication is performed using a public key method, and authentication processing is performed. Takes time. For this reason, when the processing time is not particularly concerned, the non-contact type public key reader / writer 2-2 may be used for non-contact communication, or in order to shorten the processing time, You may make it communicate by contacting using the type | formula public key corresponding | compatible reader-writer 2-3.
[0032]
In FIG. 1, the reader / writer 2-1 to the contactless common key to the reader / writer 2 to the contact public key are described as individual reader / writers. However, if necessary, one reader / writer can be used. A plurality of communication methods and a plurality of authentication methods may be used.
[0033]
Next, a card issuer, a service provider, and a card holder will be described with reference to FIG.
[0034]
The card issuer 11 authorizes the service provider 12 to provide a service using the IC card 1 to the card holder 13 that holds the IC card 1, and wishes to issue the IC card 1. The IC card 1 is issued to the card holder 13.
[0035]
The service provider 12 that has received the service authorization from the card issuer 11 sends the data corresponding to the service that the card issuer 11 provides to the card holder 13 to the service registration reader / writer 2-11. Service Individual Info), which will be described later with reference to FIG. 6, is registered. This registration may be registered in the service registration reader / writer 2-11 via the Internet or the like from a personal computer (not shown) possessed by the service provider 12, or manually registered by the operator. You may do it.
[0036]
The card holder 13 can register the desired service in the IC card 1 issued from the card issuer 11 by using the service registration reader / writer 2-11. The service registration reader / writer 2-11 and the service registration process of the IC card 1 will be described later with reference to FIGS.
[0037]
When the card holder 13 wants to delete the service registered in his / her IC card 1, the card registration reader / writer 2-11 managed by the card issuer 11 or the service provider 12 The service can be deleted from its own IC card 1 using the general reader / writer 2-12 to be managed. The service deletion process of the IC card 1 and the service registration reader / writer 2-11 will be described with reference to FIGS. 31 and 32. The service deletion process of the IC card 1 and the general reader / writer 2-12 will be described with reference to FIGS. It will be described later.
[0038]
In addition, the card holder 13, for example, is in a situation where electronic money service and prepaid service are registered in the IC card 1, and each value information is recorded in information related to each service of the IC card 1. When it is desired to replace a part of the value of electronic money with the value of prepaid, the inter-module communication reader / writer 2-13 managed by the service provider 12 is used, and FIG. Inter-module communication can be executed between a public key module and a common key module described later. The inter-module communication reader / writer 2-13 is adapted to two systems, a common key system and a public key system. The processing of the IC card 1 and the inter-module communication reader / writer 2-13 will be described later with reference to FIGS.
[0039]
Further, when the card holder 13 wishes to update (upgrade) an expired authentication key, the general reader / writer 2-12 managed by the service provider 12 or the upgrade reader / writer 2-14. Can be used to upgrade the version of the authentication key registered in its own IC card 1. 43 and 44 for the key version upgrade process between the IC card 1 and the reader / writer 2-14 for upgrade, and FIG. 45 for the key version upgrade process between the IC card 1 and the general reader / writer 2-12. To 47 will be described later.
[0040]
FIG. 3 is a block diagram showing the configuration of the IC card 1.
[0041]
The IC card 1 is generally referred to as a reader / writer 2 when the reader / writer 2 (the reader / writers 2-1 to 2-3 or the reader / writers 2-11 to 2-14 need not be particularly distinguished from each other). And an IC card processing unit 22 that executes data processing.
[0042]
When the corresponding IC card 1 is the non-contact type common key compatible reader / writer 2-1 or the non-contact type public key compatible reader / writer 2-2 described with reference to FIG. A coil for communicating with the common key reader / writer 2-1 or the contactless public key reader / writer 2-2 using electromagnetic waves is provided. Further, the communication unit 21 is not limited to the IC card 1, which is not only the contactless common key compatible reader / writer 2-1 and the contactless public key compatible reader / writer 2-2 described with reference to FIG. When communication with the key reader / writer 2-3 is also supported, communication is performed with the non-contact type common key reader / writer 2-1 or the non-contact type public key reader / writer 2-2 using electromagnetic waves. And a contact terminal for communicating with the contact type public key reader / writer 2-3.
[0043]
The communication unit 21 receives data transmitted from the reader / writer 2, and when the received data is modulated using, for example, ASK (Amplitude Shift Keying) or BPSK (Binary Phase Shift Keying), a predetermined process is performed. The received data is demodulated and supplied to the control unit 31 of the IC card processing unit 22, and the data generated by the processing of the IC card processing unit 22 is supplied from the control unit 31, using ASK or BPSK. Modulate and transmit to the reader / writer 2.
[0044]
The IC card processing unit 22 includes a control unit 31, a memory 32, and an encryption processing unit 33. The control unit 31 controls the encryption processing unit 33 according to the data supplied from the communication unit 21 to execute encryption processing necessary for authentication processing with the reader / writer 2 or the like, and records it in the memory 32 as necessary. The read data is read and transmitted to the reader / writer 2 via the communication unit 21.
[0045]
The memory 32 includes a memory area 44 in which a card ID, an authentication key Kreg for service registration, CA_Pub, which is a public key of a certificate authority, are recorded, a service relation table (SRT) 45 described later with reference to FIG. 8, and FIG. The service registration area (SRA) 46, which will be described later, is used.
[0046]
The cryptographic processing unit 33 includes a public key processing unit 41, a common key processing unit 42, and other cryptographic processing units 43. Details regarding processing executed by the public key processing unit 41 to other cryptographic processing units 43 will be described later with reference to FIG.
[0047]
Next, FIG. 4 is a block diagram showing a configuration different from that of FIG. In the IC card 1 of FIG. 4, the same reference numerals are given to the portions corresponding to those in FIG. 3, and the description thereof will be omitted as appropriate (hereinafter the same).
[0048]
The IC card 1 includes a communication unit 51 that executes communication with the reader / writer 2 related to the common key service, a common key service processing unit 52 that executes processing of data obtained by the processing of the communication unit 51, and a reader / writer related to the public key service. 2, and a public key service processing unit 54 that executes processing of data obtained by processing of the communication unit 53.
[0049]
The communication unit 51 includes a coil for communicating with the non-contact type common key compatible reader / writer 2-1. Similarly to the communication unit 21, for example, data transmitted from the IC card 1 is ASK or BPSK. When the received data is modulated using the predetermined key, the received data is demodulated and supplied to the control unit 61 of the common key service processing unit 52, and the data generated by the processing of the common key service processing unit 52 is , Supplied from the control unit 61, modulated using ASK or BPSK, and transmitted to the reader / writer 2.
[0050]
The common key service processing unit 52 includes a control unit 61, a memory 62, and an encryption processing unit 63. The control unit 61 controls the encryption processing unit 63 according to the data supplied from the communication unit 51 to execute processing necessary for authentication processing with the IC card 1 or is recorded in the memory 62 as necessary. Data is read and transmitted to the reader / writer 2 via the communication unit 51.
[0051]
Similarly to the memory 32 described with reference to FIG. 3, the memory 62 includes a memory area 44, an SRT 45, and an SRA 46. In the memory area 44, a card ID, an authentication key Kreg for service registration, and a shared secret key K_common used for inter-module communication are recorded.
[0052]
The cryptographic processing unit 63 includes a common key processing unit 42 and other cryptographic processing units 43. That is, since the common key service processing unit 52 does not process a service related to the public key, the encryption processing unit 63 does not include the public key processing unit 41 described with reference to FIG.
[0053]
The communication unit 53 includes a coil or a contact terminal for communicating with the non-contact type public key reader / writer 2-2 or the contact type public key reader / writer 2-3. Similarly to the communication unit 21, for example, when the data transmitted from the IC card 1 is modulated using ASK or BPSK, the communication unit 53 demodulates the received data by a predetermined process, and the public key In addition to being supplied to the control unit 61 of the service processing unit 54, data generated by the processing of the public key service processing unit 54 is supplied from the control unit 61, modulated using ASK or BPSK, and transmitted to the reader / writer 2. .
[0054]
The public key service processing unit 54 includes a control unit 61, a memory 62, and an encryption processing unit 33. That is, the configuration is basically the same as that of the common key service processing unit except that the cryptographic processing unit 33 described with reference to FIG. 3 is provided instead of the cryptographic processing unit 63.
[0055]
Next, the public key processing unit 41 to the other cryptographic processing unit 43 will be described with reference to FIG.
[0056]
As shown in FIG. 5A, the public key processing unit 41 includes, for example, an RSA signature generation / verification unit that generates and verifies a signature using an RSA (Rivest, Shamir, Adleman) public key cryptosystem. 71 and a DSA signature generation / verification unit 72 that generates and verifies a signature using a DSA (Digital Signature Algorithm) method.
[0057]
The RSA signature generation / verification unit 71 performs encryption and decryption using two keys. In the RSA cryptosystem, two keys are determined as follows, for example.
[0058]
Choose two large primes p and q and find the product n = pq. Then, an integer e that is less than (p−1) × (q−1) and is relatively prime with (p−1) × (q−1) is selected, and an integer d that satisfies the following equation (1) is obtained.
e × d = 1 mod ((p−1) × (q−1)) (1)
Then, (e, n) is a public key and d is a secret key.
[0059]
When the encrypted data C is generated by encrypting the sentence M, the following equation (2) is used.
C = M^e mod n (2)
Further, when decrypting the encrypted data C, the following equation (3) is used.
M = C^d mod n (3)
[0060]
The DSA signature generation / verification unit 72 includes a random number generation unit (not shown). DSA improves ElGamal signature based on the difficulty of DLP (Discrete Logarithm Problem), shortens the signature length to 160bit x 2, and operates signature key generation etc. in a specific way Digital signature algorithm. In signature generation, it is assumed that SHA-1 (Secure Hash Algorithm-1) is used as a hash function (data compression function). The DSA method was developed as a digital signature standard by NIST (National Institute of Standards and Technology), a US government agency, and became a Federal Information Processing Standard FIPS PUB 186. It was decided.
[0061]
5B, the common key processing unit 42 includes, for example, a DES processing unit 73 that performs authentication processing using a DES (Data Encryption Standard) common key encryption system, and an RC5 (Rivest Cipher5) method. An RC5 processing unit 74 that performs authentication processing and an AES processing unit 75 that performs authentication processing by an AES (Advanced Encryption Standard) method are provided.
[0062]
The DES common key cryptosystem is a common key cryptosystem established by NIST in 1977 and standardized by the American National Standards Institute (ANSI) in 1981. The authentication algorithm for the key of the DES common key encryption system has been made public and widely used as a representative of the common key encryption system.
[0063]
The DES common key encryption system is an encryption system that performs encryption and decryption processing by dividing data into 64-bit units. In the DES algorithm, encryption and decryption are symmetrical, and the original text can be restored by converting the received cipher text again using the same key. In the DES common key encryption system, a simple combination of bit position transposition and XOR operation is repeated 16 times. Internally, there is no data feedback or condition judgment part, and the processing is sequential, so if it is pipelined, it can be processed at high speed. The algorithm was originally determined on the premise of LSI, and many DES chips were made.
[0064]
RC5 is an RC series common key cryptosystem developed by RSA Data Security and Massachusetts Institute of Technology, and was proposed in 1995. RC5 is a block having a round of variable length block size, variable length key size, and variable number of times (data-dependent-rotations (data dependent bit rotation) algorithm in which the amount of bit rotation varies depending on the original data and key). It is an encryption method. The block size can be 32, 64, or 128 bits, the number of rounds is variable from 0 to 255, and the key size is variable from 0 to 2048 bits. The RC5 algorithm is publicly available and is available as RFC2040.
[0065]
The AES scheme is a US government next-generation standard encryption scheme that is being selected by NIST. DES, which is currently used as a standard cipher, was established in 1977, and its reliability has been decreasing year by year as the performance of computers and the development of cryptographic theories have increased in recent years. Therefore, NIST has solicited an encryption method from all over the world as a candidate for AES as a next-generation encryption standard to replace DES. Fifteen methods from around the world have been reviewed and will be decided by the beginning of the 21st century.
[0066]
For example, when using a digital signature, the other cryptographic processing unit 43 creates a “message digest” by applying an irreversible hash function to the message, and encrypts the message digest with the signature key. By doing so, cryptographic processing other than processing by the public key processing unit 41 or the common key processing unit 42, such as creating a digital signature, is executed. As shown in FIG. 5C, the other cryptographic processing unit 43 includes, for example, a SHA-1 processing unit 76 that performs processing of a hash function SHA-1 used for signature generation and signature verification, and a mutual authentication protocol. Or a true random number generator 77 for generating a true random number used in or an MD5 processor for processing a hash function MD5 used for signature generation and signature verification as shown in FIG. 78 and a pseudo-random number generator 79 that generates a pseudo-random number (an artificial random number having a random number sequence within a limited number of digits) used in the mutual authentication protocol.
[0067]
Since the digital signature uses a public key cryptosystem, the problem is that the processing speed is slow. However, by creating a message digest, the time taken to create the digital signature is reduced. Furthermore, since the hash function has a characteristic that reacts greatly to data tampering, when verifying a digital signature, it is sent with a message digest obtained by decrypting the digital signature with a verification key. By comparing the message digests created by applying a hash function to the message body, it can be easily confirmed whether the message body has been tampered with.
[0068]
SHA-1 is a one-way hash function that generates a 160-bit hash value from a message of arbitrary length. Like DSA, it was developed by NIST and was defined by FIST PUB 180 by NIST. The draft standard (N544) is basically compliant with FIPS PUB 180.
[0069]
MD5 is one of widely used message digest function algorithms, and is defined in RFC1321. The algorithm of MD5 is determined so that it can be efficiently calculated on a 32-bit computer. There are other similar algorithms, MD4 and MD2.
[0070]
Next, information stored in the SRA 46 of the IC card 1 described with reference to FIGS. 3 and 4 will be described with reference to FIG.
[0071]
In order to allow the user who has the IC card 1 to receive a plurality of services using the general reader / writer 2-12 described with reference to FIG. This is a memory area for recording information (information registered using the service registration reader / writer 2-11 described with reference to FIG. 2).
[0072]
That is, in the SRA 46, Service Individual Info 1 to N, which are information of services registered in the IC card 1, are registered, and each Service Individual Info includes a service ID for identifying the type of service, One or a plurality of authentication key information predetermined for each service (n pieces of authentication key information 1 to n in Service Individual Info k in FIG. 6) are used to receive the service. An authentication key Kake_vup for upgrading service data and key information, and a certificate for the authentication key, if necessary, are registered.
[0073]
The authentication key information includes, for example, an authentication key ID, a key level and version, an authentication method, and an identification authentication key Kake used to identify a plurality of authentication keys (if necessary, a certificate for the authentication key). Etc.). In addition, in the service data, in addition to the user ID, when Service Individual Info k is an electronic money service, for example, Service Individual Info k is an automatic ticket gate service such as balance information and accumulated points of electronic money. In this case, valid section information and the like are stored.
[0074]
Next, the authentication key information registered in Service Individual Info of FIG. 6 will be described with reference to FIG.
[0075]
In FIG. 7A, the region No. 1 and region No. Corresponding to each of 2, an authentication key ID, a key version, an authentication method, an identification authentication key Kake, and certificate data as necessary are registered. The authentication key identification process when the authentication key information is registered as shown in FIG. 7A will be described later with reference to FIGS.
[0076]
In FIG. 7B, the region No. 1 to region No. Corresponding to each of 7, authentication key ID, key level, key version, authentication method, identification authentication key Kake, and certificate data as necessary are registered. As shown in FIG. 7B, authentication key identification processing when authentication key information including the key level is registered will be described later with reference to FIGS. 27 and 28.
[0077]
Next, information stored in the SRT 45 of the IC card 1 described with reference to FIGS. 3 and 4 will be described with reference to FIG.
[0078]
In the SRT 45, when a plurality of services are registered in the ID card 1, data for permitting access to service data of another service while performing a certain service is registered. The SRT 45 includes a registered service ID field (indicated as service IDA to J in FIG. 8) in which a service ID registered in the IC card 1 is described, and permission information corresponding to each service ID. It consists of the described permission information field.
[0079]
In the registered service ID field of the permission information, all service IDs of registered services are listed. In the permission information field, when the corresponding service is executed, the service ID that can access the service described in the registered service ID field and what kind of processing is permitted The information which shows is described. For example, when reading and writing are permitted, “rw” is described as permission information, and when only reading is permitted, when “ro” is described as permission information and key version upgrade is permitted “Vup” is described as permission information. “Rw” and “ro” are not allowed for the same service ID, but “rw” and “vup” and “ro” and “vup” are allowed for the same service ID and are listed in the permission information field. It is possible.
[0080]
That is, when the permission information shown in FIG. 8 is registered in the SRT 45, during the execution of the service indicated by the service ID C, reading and writing are performed for the service indicated by the service ID B. In addition, even when the service whose service ID is indicated by D is being executed, reading of the service whose service ID is indicated by B is permitted, and during the execution of the service whose service ID is indicated by E, Reading, writing, and key version upgrade are permitted for the service whose ID is indicated by D. Hereinafter, the service whose service ID is indicated by E, the service whose service ID is indicated by F, and the service ID indicated by G. Or the corresponding permission Based on the information described in down information field, during the execution of the process corresponding to the other service ID, processing corresponding to the permission information is permitted.
[0081]
The permission information is registered when a corresponding service is registered in the IC card 1. That is, when a user registers a service whose service ID is indicated by F with respect to the IC card 1 held by the user using the service registration reader / writer 2-11, for example, the service ID is indicated by G. In the permission information field corresponding to F in the registered service ID field, the permission corresponding to the service indicated by service ID G is registered in the permission information field corresponding to F in the registered service ID field. Only information can be registered. Then, after the user registers the service indicated by service ID H in the ID card 1, the service ID indicated by F is updated by updating the service indicated by service ID F. The permission information of the service indicated by can be registered.
[0082]
Next, FIG. 9 is a block diagram showing a configuration of the reader / writer 2.
[0083]
The reader / writer 2 includes a communication unit 91 that performs communication with the IC card 1 and a reader / writer processing unit 92 that performs data processing.
[0084]
The communication unit 91 uses electromagnetic waves depending on a method of communication with the IC card 1 (that is, depending on whether the reader / writer 2 adopts the non-contact type or the contact type communication method described with reference to FIG. 1). Or a coil for communication using electromagnetic waves and a contact terminal for communication by a contact type.
[0085]
The communication unit 91 receives data transmitted from the IC card 1. When the received data is modulated using, for example, ASK or BPSK, the communication unit 91 demodulates the received data by a predetermined process, and the reader / writer In addition to being supplied to the control unit 101 of the processing unit 92, data generated by the processing of the reader / writer processing unit 92 is supplied from the control unit 101, modulated using ASK or BPSK, and transmitted to the IC card 1.
[0086]
The reader / writer processing unit 92 includes a control unit 101, an encryption processing unit 102, a memory 103, a communication unit 104, a display unit 105, and an input unit 106. The control unit 101 controls the cryptographic processing unit 102 according to the data supplied from the communication unit 91 to execute cryptographic processing necessary for authentication processing with the IC card 1 or the like, and records it in the memory 103 as necessary. The data read is transmitted to the IC card 1 via the communication unit 91, signals corresponding to various operations input by the user using the input unit 106, and the communication unit 104 via the network. In response to the input of the input control signals, processing is executed according to these signals, and the result is displayed on the display unit 105.
[0087]
A drive 114 is also connected to the communication unit 104, and data can be exchanged with the magnetic disk 115, the optical disk 116, the magneto-optical disk 117, the semiconductor memory 118, and the like mounted on the drive 114.
[0088]
Since the cryptographic processing unit 102 has the same configuration as the cryptographic processing unit 33 described with reference to FIG. 3, the description thereof is omitted.
[0089]
The memory 103 stores information for executing predetermined processing with the IC card 1. The information differs depending on which of the reader / writer 2-11 for service registration and the reader / writer 2-14 for upgrading described with reference to FIG. The data stored in the memory 103 of the service registration reader / writer 2-11 to the upgrade reader / writer 2-14 will be described with reference to FIGS.
[0090]
The memory 103 of the service registration reader / writer 2-11 shown in FIG. 10 stores an authentication key Kreg used when registering or deleting data in the SRA 46 of the memory 32 of the IC card 1 (if necessary). The certificate of the authentication key is also stored), and Service Individual Info 1 to n corresponding to various services for registration in the IC card 1 are stored.
[0091]
The memory 103 of the general reader / writer 2-12 shown in FIG. 11 has a service ID corresponding to a service that can be processed by the general reader / writer 2-12, an authentication key list corresponding to the service ID, and a key revocation. Information is stored. When the general reader / writer 2-12 is allowed to provide a key upgrade service, the memory 103 of the general reader / writer 2-12 also stores information such as a new version key.
[0092]
In the memory 103 of the inter-module communication reader / writer 2-13 shown in FIG. 12, the inter-module communication reader / writer 2-13 is similar to the information stored in the memory 103 of the general reader / writer 2-12. The service ID corresponding to the service that can be processed with the key, the authentication key list corresponding to the service ID, and the key revocation information are stored. As shown in FIG. 13, the inter-module communication means that the inter-module communication reader / writer 2-13 adapted to the two methods of the common key method and the public key method is connected to the public key module 121 (for example, The communication unit 53 and the public key service processing unit 54 of the IC card 1 described with reference to FIG. 4 and the common key module 122 (for example, the communication unit 51 of the IC card 1 described with reference to FIG. 4 and Is attached to the IC card 1 corresponding to the common key service processing unit 52, and data communication between the public key module 121 and the common key module 122 is performed via the inter-module communication reader / writer 2-13. is there. Details of processing related to inter-module communication will be described later with reference to FIGS.
[0093]
Then, in the memory 103 of the upgrade reader / writer 2-14 shown in FIG. 14, a service ID for upgrading the authentication key of the service registered in the attached IC card 1 and its service A version upgrade authentication key Kake_vup and a list of authentication keys Kake corresponding to the ID are stored.
[0094]
When the IC card 1 and the reader / writer 2 communicate with each other, the IC card 1 and the reader / writer 2 mutually identify the services to be communicated with each other, except for some exception processing. , It is necessary to mutually identify the authentication key of the service. A mutual authentication process between the IC card 1 and the reader / writer 2 will be described with reference to the flowchart of FIG.
[0095]
First, in step S1, the reader / writer 2 communicates with the IC card 1 as necessary to send and receive necessary data, whereby the reader / writer 2's service identification process described later with reference to FIGS. 16 and 18 is performed. Execute. In step S2, the IC card 1 communicates with the reader / writer 2 as necessary to send and receive necessary data, whereby service identification processing of the IC card 1 described later with reference to FIGS. 17 and 19 is performed. Execute.
[0096]
When the service identification processing of the reader / writer 2 in step S1 and the service identification processing of the IC card 1 in step S2 are normally completed, in step S3, the reader / writer 2 communicates with the IC card 1 as necessary. By exchanging necessary data, an authentication key identification process of the reader / writer 2 described later with reference to FIGS. 20, 22 and 27 is executed. In step S4, the IC card 1 communicates with the reader / writer 2 as necessary to send and receive necessary data, whereby the IC card 1 described later with reference to FIGS. 21, 23, and 28 is used. Execute authentication key identification processing.
[0097]
Next, referring to the flowchart of FIG. 16, in the IC card 1 that supports a plurality of services and the reader / writer 2 that supports a plurality of services, the user inputs a desired service, The service identification process of the reader / writer 2 executed in step S1 of FIG. 15 by determining whether or not it can be executed will be described.
[0098]
In step S11, the control unit 101 of the reader / writer 2 transmits an IC card detection command to the IC card 1 via the communication unit 91. In step S12, the control unit 101 transmits an ACK signal (described later in FIG. 17). In step S22, it is determined whether or not the signal transmitted by the IC card 1 has been received. If it is determined in step S12 that an ACK signal has not been received, the process of step S12 is repeated until it is determined that an ACK signal has been received.
[0099]
When it is determined in step S12 that an ACK signal has been received (that is, when the IC card 1 is attached to the reader / writer 2), in step S13, the control unit 101 uses the input unit 106 to input the control unit 101. The service ID corresponding to the service desired by the user is transmitted to the IC card 1 via the communication unit 91 in accordance with a signal indicating the operation performed or based on a predetermined service.
[0100]
In step S14, the control unit 101 receives a signal transmitted from the IC card 1 (a signal transmitted by the IC card 1 in step S25 or step S26 of FIG. 17 described later). In step S15, the control unit 101 determines whether the data received in step S14 is an ACK signal. If it is determined in step S15 that the received signal is not an ACK signal (that is, a NACK signal), in step S16, the control unit 101 outputs and displays data corresponding to the error message on the display unit 105. The process is terminated (that is, the process does not proceed to step S3 in FIG. 15). If it is determined in step S15 that the received signal is an ACK signal, the process proceeds to step S3 in FIG.
[0101]
Next, the service identification process of the IC card 1 executed in parallel with the service identification process of the reader / writer 2 described using FIG. 16 in step S2 of FIG. 15 will be described with reference to the flowchart of FIG. To do. Here, the description will be made on the assumption that the processing is performed in the IC card 1 described with reference to FIG. 3, but basically the same applies to the case where the processing is executed by the IC card 1 described with reference to FIG. The process is executed.
[0102]
In step S21, the control unit 31 of the IC card 1 receives the IC card detection command transmitted from the reader / writer 2 in step S11 of FIG. 16 via the communication unit 21, and in step S22, the control unit 31 ACKs the reader / writer 2. Send a signal.
[0103]
In step S23, the control unit 31 receives the service ID transmitted by the reader / writer 2 in step S13 of FIG. 16 via the communication unit 21, and in step S24, the received service ID is the correspondence of the IC card 1. The module (in this case, the processing in the IC card 1 described with reference to FIG. 3 is described, and thus corresponds to the memory 32 of the IC card processing unit 22. For example, the IC card 1 described with reference to FIG. 4 is used. In this case, whether or not the ID is registered in the memory 62 of the common key service processing unit 52 or the memory 62 of the public key service processing unit) according to the method supported by the reader / writer 2. That is, whether or not the service ID received in step S23 is registered in the SRA 46 described with reference to FIG. To cross.
[0104]
If it is determined in step S24 that the received service ID is registered in the module, in step S25, the control unit 31 transmits an ACK signal to the reader / writer 2 via the communication unit 21, and processing is performed. Advances to step S4 in FIG. If it is determined in step S24 that the received service ID is not registered in the module, in step S26, the control unit 31 transmits a NACK signal to the reader / writer 2 via the communication unit 21, and performs processing. Is completed (that is, the process does not proceed to step S4 in FIG. 15).
[0105]
Next, referring to the flowchart of FIG. 18, the corresponding IC card 1 and reader / writer 2 can be executed in the IC card 1 corresponding to a plurality of services and the reader / writer 2 corresponding to the plurality of services. 15 is executed in step S1 of FIG. 15 in the case where service identification is performed by extracting a desired service, displaying it on the display unit 105 of the reader / writer 2, and selecting a service desired by the user from those services. The reader / writer 2 service identification process will be described.
[0106]
In step S31, the control unit 101 of the reader / writer 2 transmits a service ID list transmission command to the IC card 1 via the communication unit 91. In step S32, the IC card 1 is transmitted in step S52 of FIG. It is determined whether the service ID list transmitted by is received. If it is determined in step S32 that the service ID list has not been received, the process of step S32 is repeated until it is determined that the service ID list has been received.
[0107]
When it is determined in step S32 that the service ID list has been received, in step S33, the control unit 101 includes the service corresponding to the reader / writer 2 in the service ID described in the received service ID list. (That is, whether or not the service ID stored in the memory 103 of the reader / writer 2 is included).
[0108]
If it is determined in step S33 that the received service ID list includes a reader / writer compatible service, in step S34, the control unit 101 determines whether there are a plurality of compatible services included in the service ID list. Judge whether or not. If it is determined in step S34 that there are not a plurality of corresponding services (that is, only one), the process proceeds to step S37.
[0109]
If it is determined in step S34 that there are a plurality of corresponding services, the control unit 101 generates data for displaying the plurality of corresponding services on the display unit 105 in step S35 and outputs the data to the display unit 105. In step S36, the input of the service desired by the user is received from the input unit 106. Alternatively, priority information may be included in each service, and a service with the highest priority may be automatically selected from a plurality of corresponding services.
[0110]
If it is determined in step S37 that there is only one corresponding service in step S34, the control unit 101 determines that the service ID corresponding to that service is plural, and that there are a plurality of corresponding services in step S34. In step S36, the service ID corresponding to the desired service input by the user using the input unit 106 is transmitted to the IC card 1 via the communication unit 91, and the process is performed in step S3 of FIG. Proceed to
[0111]
If it is determined in step S33 that the received service ID list does not include a reader / writer compatible service, the control unit 101 transmits a NACK signal to the IC card 1 via the communication unit 91 in step S38. In step S39, the same processing as in step S16 in FIG. 16 is performed, and the processing is terminated (that is, the processing does not proceed to step S3 in FIG. 15).
[0112]
Next, the service identification process of the IC card 1 executed in parallel with the service identification process of the reader / writer 2 described using FIG. 18 in step S2 of FIG. 15 will be described with reference to the flowchart of FIG. To do. Here, the description will be made on the assumption that the processing is performed in the IC card 1 described with reference to FIG. 3, but basically the same applies to the case where the processing is executed by the IC card 1 described with reference to FIG. The process is executed.
[0113]
In step S51, the control unit 31 of the IC card 1 receives the service ID transmission command transmitted by the reader / writer 2 in step S31 of FIG. 18 via the communication unit 21. In step S52, the control unit 31 responds to itself. The service ID list (that is, the list of service IDs registered in the SRA 46 of the memory 32) is generated and transmitted to the reader / writer 2 via the communication unit 21.
[0114]
In step S53, the control unit 31 receives the data transmitted from the reader / writer 2 to the IC card 1 in step S37 or S38 of FIG. 18 via the communication unit 21, and in step S54, the data is transmitted from the reader / writer 2. It is determined whether the received data is a NACK signal. If it is determined in step S54 that the received signal is a NACK signal (that is, the received data is a signal transmitted from the reader / writer 2 to the IC card 1 in step S38 in FIG. 18), the process is performed. The process ends (that is, the process does not proceed to step S4 in FIG. 15).
[0115]
If it is determined in step S54 that the data received from the reader / writer 2 is not a NACK signal (that is, the received data is the service ID transmitted from the reader / writer 2 to the IC card 1 in step S37 of FIG. 18). In step S55, the control unit 31 determines whether the service ID received from the reader / writer 2 is registered in the SRA 46 of its own memory 32.
[0116]
If it is determined in step S55 that the service ID is not registered, the process ends (that is, the process does not proceed to step S4 in FIG. 15). If it is determined in step S55 that the service ID is registered, the process proceeds to step S4 in FIG.
[0117]
Next, with reference to the flowchart of FIG. 20, when authentication key identification is performed using the authentication key information described with reference to FIG. 7A, the reader / writer 2 executed in step S3 of FIG. The authentication key identification process will be described.
[0118]
In step S61, the control unit 101 of the reader / writer 2 sets the service ID corresponding to the service identified by the service identification process in steps S1 and S2 in FIG. 15 (here, the corresponding service ID is ID_S). An authentication key ID corresponding to one of the belonging authentication keys is read from the memory 103 and transmitted to the IC card 1 via the communication unit 91. In step S62, in step S73 or step S75 of FIG. The data transmitted by the IC card 1 is received.
[0119]
In step S63, the control unit 101 determines whether the data received from the IC card 1 in step S62 is an ACK signal. If it is determined in step S63 that an ACK signal has been received, in step S64, the control unit 101 controls the encryption processing unit 33. In step S61, the public key processing unit 111 or the common key of the encryption processing unit 102 is controlled. By selecting and controlling a processing unit that performs authentication processing using an authentication key corresponding to the authentication key ID transmitted to the IC card 1 from the processing unit 112, mutual authentication processing and key sharing processing with the IC card 1 are performed. Is started, the session key Kses is shared with the IC card 1, the mutual authentication process is completed, and then the process is terminated.
[0120]
If it is determined in step S63 that no ACK signal has been received (that is, if it is determined that a NACK signal has been received), the same processing as step S16 in FIG. 16 is performed in step S65, and the processing ends. Is done.
[0121]
Next, the authentication key identification process of the IC card 1 that is executed in parallel with the authentication key identification process of the reader / writer 2 of FIG. 20 in step S4 of FIG. 15 will be described with reference to the flowchart of FIG. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0122]
In step S71, the control unit 31 of the IC card 1 receives the authentication key ID transmitted by the reader / writer 2 in step S61 of FIG. 20 via the communication unit 21, and in step S72, the authentication received in step S71. It is determined whether or not the key ID is registered in an area where data related to ID_S of the SRA 46 in the memory 32 is stored.
[0123]
When it is determined in step S72 that the authentication key ID is registered, the control unit 31 transmits an ACK signal to the reader / writer 2 via the communication unit 21 in step S73, and in step S74, the encryption process is performed. The mutual key processing is executed by selecting and controlling the public key processing unit 41 or the common key processing unit 42 of the unit 33 which performs the authentication process using the authentication key specified for the reader / writer 2, and the reader / writer 2 and the session key Kses are shared, and after the mutual authentication process is completed, the process is terminated. If it is determined in step S72 that the authentication key ID is not registered, in step S75, the control unit 31 transmits a NACK signal to the reader / writer 2 via the communication unit 21, and the process is terminated.
[0124]
In the processing described with reference to FIGS. 20 and 21, the IC card 1 and the reader / writer 2 are designated by the reader / writer 2 corresponding to the service ID of the service identified by the processing in steps S1 and S2 in FIG. Mutual authentication is executed using the authentication key.
[0125]
For example, when two types of authentication keys, a common key and a public key, are prepared for a service, the default is to perform high-speed processing by authentication processing based on the common key, and the version of the common key is old May perform the authentication process based on the public key.
[0126]
Next, with reference to the flowchart of FIG. 22, the common key for the service corresponding to the service ID of the service identified by the processing of step S1 and step S2 of FIG. 15 executed in step S3 of FIG. An authentication key identification process of the reader / writer 2 when two types of authentication keys, that is, a public key, are prepared will be described.
[0127]
In step S81, the control unit 101 of the reader / writer 2 sends a common key version information request command for the authentication key corresponding to the service ID of the service identified by the processing in steps S1 and S2 in FIG. In step S82, the common key version information transmitted by the IC card 1 in step S92 of FIG. 23 described later is received via the communication unit 91.
[0128]
In step S83, the control unit 101 determines whether the common key version is valid based on the common key version information received in step S82. When it is determined in step S83 that the common key version is valid, in step S84, the control unit 101 transmits a mutual authentication start command using the common key to the IC card 1, and the common key process of the encryption processing unit 102 is performed. The unit 112 is controlled to start mutual authentication using a common key, share the IC card 1 with the session key Kses, and after the mutual authentication is completed, the process is ended.
[0129]
If it is determined in step S83 that the common key version is not valid, in step S85, the control unit 101 transmits a mutual authentication start command using a public key to the IC card 1, and the public key process of the encryption processing unit 102 is performed. The unit 111 is controlled to start mutual authentication with the public key, share the IC card 1 and the session key Kses, and after the mutual authentication is completed, the process is ended.
[0130]
Next, referring to the flowchart of FIG. 23, in step S4 of FIG. 15, the authentication key identification process of the IC card 1 that is executed in parallel with the authentication key identification process of the reader / writer 2 described using FIG. Will be described. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0131]
In step S91, the control unit 31 of the IC card 1 receives the common key version information request command transmitted by the reader / writer 2 in step S81 of FIG. 22. In step S92, the control unit 31 sends the common key version information to the communication unit 21. To the reader / writer 2.
[0132]
In step S93, the control unit 31 receives the mutual authentication start command transmitted by the reader / writer 2 in step S84 or step S85 of FIG. 22, and in step S94, the mutual authentication start command received in step S93 is common. It is determined whether or not the key is a mutual authentication start command.
[0133]
If it is determined in step S94 that the command is a mutual authentication start command using a common key, in step S95, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to start mutual authentication using the common key. Then, after sharing the session key Kses with the reader / writer 2 and completing the mutual authentication, the process is terminated.
[0134]
If it is determined in step S94 that it is not a mutual authentication start command using a common key (that is, a mutual authentication start command using a public key), in step S96, the control unit 31 performs a public key processing unit of the encryption processing unit 33. 41, the mutual authentication using the public key is started, the reader / writer 2 and the session key Kses are shared, and after the mutual authentication is completed, the process is ended.
[0135]
22 and 23, the IC card 1 and the reader / writer 2 first attempt to perform mutual authentication using a common key with a high authentication speed and cannot perform mutual authentication using the common key (for example, If the corresponding common key version is old), mutual authentication is performed using the public key.
[0136]
In the processing of step S85 in FIG. 22 and step S96 in FIG. 23, mutual authentication using a public key is performed. The SRA 46 in the memory 103 of the reader / writer 2 stores the certificate of the reader / writer 2 shown in FIG. Further, the certificate of the IC card 1 shown in FIG. 24B is stored in the SRA 46 of the memory 32 of the IC card 1.
[0137]
As shown in FIGS. 24A and 24B, each certificate has a certificate version number, a certificate serial number assigned by the certificate authority, an algorithm and parameters used for the signature, The name, certificate expiration date, reader / writer 2 or IC card 1 name (ID), reader / writer 2 public key Kpsp or IC card 1 public key Kpu, and the entire message will be described with reference to FIG. It is composed of a digital signature created by creating a message digest by applying an irreversible hash function (data compression function), and encrypting the message digest with the private key Ksca of the certificate authority. The
[0138]
Next, the signature generation process will be described with reference to the flowchart of FIG. Here, a case where a digital signature is generated using an elliptic curve cryptosystem (elliptical DSA signature) will be described. Here, the processing executed by the control unit 31 of the IC card 1 by controlling the DSA signature generation / verification unit 72 of the public key processing unit 41 will be described, but the same processing is executed also in the reader / writer 2. Therefore, description of the processing of the reader / writer 2 is omitted.
[0139]
In step S101, the control unit 31 recognizes parameters necessary for the signature generation process. That is, p is characteristic, a and b are elliptic curve coefficients, and elliptic curve is y²= X^Three+ Ax + b, G is the base point on the elliptic curve, r is the order of G, M is the message, Ks is the secret key, and G and KsG are the public keys.
[0140]
In step S102, the DSA signature generation / verification unit 72 of the public key processing unit 41 generates u that satisfies 0 <u <r by a random number generation unit (not shown), and in step S103, the random number u generated in step S102. The public key G is multiplied by u to calculate V that satisfies V = uG = (Xv, Yv).
[0141]
The DSA signature generation / verification unit 72 calculates c = Xv mod r in step S104, and determines in step S105 whether c = 0 based on the calculation result in S104. If it is determined in step S105 that c = 0, the process returns to step S102, and the subsequent processes are repeated.
[0142]
If it is determined in step S105 that c = 0 is not satisfied, the DSA signature generation / verification unit 72 determines that the hash value of the message M is f = SHA-1 (M) (here, as a hash function) in step S106. , SHA-1 is used), and d = [(f + cKs) / u] mod r is calculated in step S107.
[0143]
In step S108, the DSA signature generation / verification unit 72 determines whether d = 0 based on the calculation result of step S107. If it is determined in step S108 that d = 0, the process returns to step S102, and the subsequent processes are repeated. If it is determined in step S108 that d = 0 is not satisfied, in step S109, the DSA signature generation / verification unit 72 sets the signature data to (c, d), and the process ends.
[0144]
The reader / writer 2 that has received the digital signature generated in the IC card 1 in this way performs processing for verifying the received digital signature. The signature verification process will be described with reference to the flowchart of FIG. Here, processing executed by the control unit 101 of the reader / writer 2 by controlling the DSA signature generation / verification unit 72 of the public key processing unit 41 will be described, but the same processing is executed also in the IC card 1. Therefore, the description of the processing of the IC card 1 is omitted.
[0145]
In step S111, the control unit 101 recognizes parameters necessary for signature generation processing. That is, p is characteristic, a and b are elliptic curve coefficients, and elliptic curve is y²= X^Three+ Ax + b, G is the base point on the elliptic curve, r is the order of G, M is the message, Ks is the secret key, and G and KsG are the public keys.
[0146]
In step S112, the DSA signature generation / verification unit 72 of the public key processing unit 41 determines whether 0 <c <r and 0 <d <r based on the values of c and d of the received signature data. to decide.
[0147]
If it is determined in step S112 that 0 <c <r and 0 <d <r, the process proceeds to step S120. If it is determined in step S112 that 0 <c <r and 0 <d <r, the DSA signature generation / verification unit 72 determines in step S113 that f = SHA-1 (M ) And h = 1 / d mod r is calculated in step S114.
[0148]
The DSA signature generation / verification unit 72 calculates h1 = fh and h2 = ch mod r in step S115 using the value of h calculated in step S114, and P = (Xp, Yp) in step S116. = H1G + h2KsG is calculated.
[0149]
In step S117, the DSA signature generation / verification unit 72 determines whether the value of P is an infinite point from the calculation result of step S116. Here, when the value of P is the infinity point, it is possible to determine whether or not the value of P is the infinity point based on the fact that the solution of h1G + h2KsG cannot be obtained in step S116. is there. If it is determined in step S117 that P is an infinite point, the process proceeds to step S120.
[0150]
If it is determined in step S117 that the value of P is not the infinity point, in step S118, the DSA signature generation / verification unit 72 determines whether c = Xp mod r holds. If it is determined in step S118 that c = Xp mod r does not hold, the process proceeds to step S120.
[0151]
If it is determined in step S118 that c = Xp mod r holds, in step S119, the DSA signature generation / verification unit 72 determines that the received signature is correct, and the process ends.
[0152]
If it is determined in step S112 that 0 <c <r and 0 <d <r are not satisfied, if it is determined in step S117 that p is an infinite point, or in step S118, c = Xp mod If it is determined that r does not hold, the DSA signature generation / verification unit 72 determines in step S120 that the received signature is not correct, and the process ends.
[0153]
In addition, when authentication key identification is performed using the authentication key information described with reference to FIG. 7B and a plurality of authentication keys classified into levels for a certain service are stored, the level is low. The authentication process may be preferentially started from the key, and the key version may be determined, and when the key version is old, the authentication process may be performed using a higher level authentication key.
[0154]
Next, referring to the flowchart of FIG. 27, the authentication key identification process of the reader / writer 2 in the case where a plurality of authentication keys classified into levels for a certain service are stored, which is executed in step S3 of FIG. Will be described.
[0155]
In step S131, the control unit 101 of the reader / writer 2 transmits a key level negotiation command to the IC card 1 via the communication unit 91. In step S132, in step S143 of FIG. The key version information V at level N to be transmitted is received via the communication unit 91.
[0156]
In step S133, the control unit 101 determines whether or not the level N of the key version information V received in step S132 is N> 0. If it is determined in step S133 that N> 0 is not satisfied, the process proceeds to step S137.
[0157]
If it is determined in step S133 that N> 0, in step S134, the control unit 101 determines whether or not the key version information at level N is valid based on the key version information V received in step S132. To do.
[0158]
If it is determined in step S134 that the key version at level N is not valid (that is, if the key version is determined to be old), in step S135, the control unit 101 performs IC communication via the communication unit 91. A NACK signal is transmitted to the card 1, the process returns to step S132, and the subsequent processes are repeated.
[0159]
When it is determined in step S134 that the key version at level N is valid, in step S136, the control unit 101 transmits an ACK signal to the IC card 1 via the communication unit 91, and the process is terminated. .
[0160]
If it is determined in step S133 that N> 0 is not satisfied, in step S137, processing similar to that in step S16 in FIG. 16 is performed, and the processing is terminated.
[0161]
Next, the authentication key identification process of the IC card 1 executed in parallel with the authentication key identification process of the reader / writer 2 described with reference to FIG. 27 will be described with reference to the flowchart of FIG. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0162]
In step S141, the control unit 31 of the IC card 1 receives the key level negotiation command transmitted by the reader / writer 2 in step S131 of FIG. 27. In step S142, the current key level N is set to N = 1. To do.
[0163]
In step S143, the control unit 31 transmits the current key level N and the key version information V at that level to the reader / writer 2 via the communication unit 21, and in step S144, either step S135 of FIG. In S136, the data transmitted by the reader / writer 2 is received.
[0164]
In step S145, the control unit 31 determines whether or not the signal received from the reader / writer 2 in step S144 is an ACK signal. If it is determined in step S145 that the signal received from the reader / writer 2 is not an ACK signal, the control unit 31 sets N = N + 1 in step S146, and the value of N exceeds a predetermined maximum level in step S147. Judge whether or not.
[0165]
If it is determined in step S147 that N does not exceed the maximum level, the process returns to step S143, and the subsequent processes are repeated. When it is determined in step S147 that N exceeds the maximum level, in step S148, the control unit 31 sets the current level to N = 0 (N = 0 indicates an exceptional state), and The processing returns to step S143, and the subsequent processing is repeated.
[0166]
If it is determined in step S145 that the signal received from the reader / writer 2 is an ACK signal, the process ends.
[0167]
The processing related to the service identification and authentication key identification of the IC card 1 and the reader / writer 2 has been described with reference to FIGS. 15 to 28. For example, the service registration reader / writer 2-11 described with reference to FIG. When the IC card 1 is mounted and new service registration is executed and when service deletion is executed, the memory 103 of the service registration reader / writer 2-11 is used as described with reference to FIG. Since the authentication process is performed using the stored authentication key Kreg for service registration, the mutual authentication process described with reference to FIGS. 15 to 28 may not be used.
[0168]
Next, the service registration process of the service registration reader / writer 2-11 will be described with reference to the flowchart of FIG.
[0169]
In step S151, the control unit 101 of the service registration reader / writer 2-11 transmits a service registration command to the IC card 1 via the communication unit 91, and in step S152, the IC card 1 and the service registration key are transmitted. Perform mutual authentication with Kreg and share the session key Kses.
[0170]
In step S153, the control unit 101 transmits a free space confirmation command to the IC card 1 via the communication unit 91. In step S154, the control unit 101 transmits the empty area confirmation command from the IC card 1 in step S175 or step S176 of FIG. Receive data.
[0171]
In step S155, the control unit 101 determines whether or not the signal received from the IC card 1 in step S154 is an ACK signal. If it is determined in step S155 that the signal received from the IC card 1 is an ACK signal, the control unit 101 controls the common key processing unit 112 of the encryption processing unit 102 in step S156 to Registration data newly registered in the memory 32 is encrypted with the session key Kses, and the encrypted data is transmitted to the IC card 1 via the communication unit 91 in step S157.
[0172]
In step S158, the control unit 101 receives the data registration completion notification transmitted from the IC card 1 in step S180 of FIG. 30 to be described later via the communication unit 91. In step S159, the service deletion permission flag based on service authentication is received. Is transmitted and the process is terminated.
[0173]
If it is determined in step S155 that the signal received from the IC card 1 is not an ACK signal, the same processing as step S16 in FIG. 16 is performed in step S160, and the processing ends.
[0174]
Next, the service registration process of the IC card 1 that is executed in parallel with the service registration process of the reader / writer 2-11 for service registration described with reference to FIG. 29 will be described with reference to the flowchart of FIG. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0175]
In step S171, the control unit 31 of the IC card 1 receives the service registration command transmitted by the service registration reader / writer 2-11 in step S151 of FIG.
[0176]
In step S172, the control unit 31 performs mutual authentication with the IC card 1 and the service registration key Kreg, and shares the session key Kses. In step S173, in step S153 of FIG. The free space confirmation command transmitted by the service registration reader / writer 2-11 is received.
[0177]
In step S <b> 174, the control unit 31 determines whether or not there is a free area for registration data in the SRA 46 of the memory 32. If it is determined in step S174 that there is no free space, in step S175, the control unit 31 transmits a NACK signal to the service registration reader / writer 2-11 via the communication unit 21, and the processing is terminated. The
[0178]
If it is determined in step S174 that there is a free area, the control unit 31 transmits an ACK signal to the service registration reader / writer 2-11 via the communication unit 21 in step S176.
[0179]
In step S177, the control unit 31 receives the encrypted data transmitted by the service registration reader / writer 2-11 in step S157 of FIG. 29 via the communication unit 21, and in step S178, the encryption processing unit 33 The common key processing unit 42 is controlled to decrypt the encrypted data received in step S177 using the session key Kses.
[0180]
In step S179, the control unit 31 supplies the data decrypted with the session key Kses in step S178 to the memory 32, and registers the data in the Service Individual Info area of the SRA 46 and the SRT 45.
[0181]
In step S180, the control unit 31 notifies the registration completion of data to the service registration reader / writer 2-11 via the communication unit 21, and in step S181, in step S159 of FIG. 29, the service registration reader / writer is notified. The service deletion permission flag by service authentication transmitted by 2-11 is received, the service deletion permission flag is set in the Service Individual Info area of the SRA 46 in the memory 32, and the process is terminated.
[0182]
Next, the service deletion process of the service registration reader / writer 2-11 will be described with reference to the flowchart of FIG.
[0183]
In step S191, the control unit 101 of the service registration reader / writer 2-11 receives the input of the service ID corresponding to the service to be deleted, which is input by the user using the input unit 106 (here, the corresponding service ID). However, it is assumed that the service with ID_S is deleted).
[0184]
In step S192, the same processing as in step S152 of FIG. 29 is performed. In step S193, the control unit 101 transmits an ID_S area deletion command to the IC card 1 via the communication unit 91. In step S194, the error message transmitted by the IC card 1 in step S205 of FIG. Is received.
[0185]
If it is determined in step S194 that an error message has been received, processing similar to that in step S16 in FIG. 16 is performed in step S195, and the processing is terminated. If it is determined in step S194 that no error message has been received, the process ends.
[0186]
Next, with reference to the flowchart of FIG. 32, the service deletion process of the IC card 1 executed in parallel with the service deletion process of the service registration reader / writer 2-11 described with reference to FIG. 31 will be described. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0187]
In step S201, processing similar to that in step S172 in FIG. 30 is executed. In step S202, the control unit 31 of the IC card 1 receives the ID_S area deletion command transmitted by the service registration reader / writer 2-11 in step S193 in FIG. 31, and in step S203, data corresponding to the ID_S area. It is determined whether or not the validity of the ID_S area deletion command received in step S202 has been verified by confirming whether or not there is any.
[0188]
If it is determined in step S203 that the validity of the ID_S area deletion command has been verified, in step S204, the control unit 31 deletes the area corresponding to ID_S from the SRT 45 and SRA 46 of the memory 32, and the process is terminated. The
[0189]
If it is determined in step S203 that the validity of the ID_S area deletion command has not been verified, the control unit 31 sends an error message to the service registration reader / writer 2-11 via the communication unit 21 in step S205. The process is completed.
[0190]
The service deletion process described with reference to FIGS. 31 and 32 can also be executed by the general reader / writer 2-12 and the IC card 1. The service deletion process of the general reader / writer 2-12 will be described with reference to the flowchart of FIG.
[0191]
In step S211, the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed, and in step S212, the authentication of the reader / writer 2 described with reference to FIG. 20, FIG. Key identification processing is executed, and in step S213, processing similar to that in step S193 in FIG. 31 is executed.
[0192]
In step S214, the control unit 101 of the general reader / writer 2-12 receives a signal transmitted from the IC card 1 in step S226 or step S227 of FIG. Then, in steps S215 and S216, the same processing as in steps S15 and S16 in FIG. 16 is executed, and the processing is terminated.
[0193]
Next, the service deletion process of the IC card 1 executed in parallel with the service deletion process of the general reader / writer 2-12 described with reference to FIG. 33 will be described with reference to the flowchart of FIG. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0194]
In step S221, the service identification process for the IC card 1 described with reference to FIG. 17 or 19 is executed. In step S232, the authentication for the IC card 1 described with reference to FIG. 21, FIG. 23, or FIG. A key identification process is executed.
[0195]
In step S223, the control unit 31 receives, via the communication unit 21, the ID_S area deletion command transmitted by the general reader / writer 2-12 in step S213 of FIG. In step S224, the same processing as in step S203 of FIG. 32 is executed. If it is determined in step S224 that the validity of the command has been verified, the same processing as in step S204 in FIG. 32 is performed in step S225. In step S226, the control unit 31 performs general communication via the communication unit 21. An ACK signal is transmitted to the reader / writer 2-12, and the process is terminated.
[0196]
If it is determined in step S224 that the validity of the command has not been verified, in step S227, the control unit 31 transmits a NACK signal to the general reader / writer 2-12 via the communication unit 21, and the processing is completed. Is done.
[0197]
Next, referring to the flowchart of FIG. 35, the service acquisition process of the general reader / writer 2-12 executed when the user receives the service registered in the IC card 1 by the general reader / writer 2-12. Will be described.
[0198]
In step S231, the reader / writer 2 service identification process described with reference to FIG. 16 or FIG. 18 is executed. In step S232, the reader / writer 2 authentication described with reference to FIG. 20, FIG. 22, or FIG. A key identification process is executed.
[0199]
In step S233, the control unit 101 of the general reader / writer 2-12 transmits a data request command for the ID_S area to the IC card 1 via the communication unit 91.
[0200]
In step S234, the control unit 101 receives data transmitted from the IC card 1 in step S245 of FIG. 36 described later. In step S235, the control unit 101 controls the common key processing unit 112 of the encryption processing unit 102 to perform step. The encrypted data received in S234 is decrypted using the session key Kses. The control unit 101 performs predetermined data processing such as subtraction or addition of electronic money, for example, using the decrypted data, and the processing ends.
[0201]
Next, the service data acquisition process of the IC card 1 executed in parallel with the service data acquisition process of the general reader / writer 2-12 described with reference to FIG. 35 will be described with reference to the flowchart of FIG. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0202]
In step S241, the service identification process of the IC card 1 described with reference to FIG. 17 or 19 is executed, and in step S232, the authentication of the IC card 1 described with reference to FIG. 21, FIG. 23, or FIG. A key identification process is executed.
[0203]
In step S243, the control unit 31 of the IC card 1 receives the data request command for the ID_S area transmitted by the general reader / writer 2-12 in step S233 of FIG. 35 via the communication unit 21. In step S244, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to encrypt the data registered in the area corresponding to ID_S of the memory 32 using the session key Kses, In step S245, the encrypted data is transmitted to the general reader / writer 2-12 via the communication unit 21, and the process ends.
[0204]
Further, even when information related to a certain service is exchanged between the IC card 1 and the general reader / writer 2-12, if the corresponding permission information is recorded in the SRT 45 described with reference to FIG. It is possible to exchange information related to services other than the exchange of information. With reference to the flowchart of FIG. 37, the service data acquisition process of the general reader / writer 2-12 performed during the execution of the service corresponding to the service ID other than ID_S will be described.
[0205]
In steps S251 through S254, the same processing as in steps S231 through S234 of FIG. 35 is executed. In step S255, the control unit 101 of the general reader / writer 2-12 determines whether the data received from the IC card 1 in step S254 is a NACK signal.
[0206]
If it is determined in step S255 that the received data is not a NACK signal, in step S256, the same process as in step S235 of FIG. 35 is executed, and the process ends. If it is determined in step S255 that the received data is a NACK signal, the same processing as step S16 in FIG. 16 is performed, and the processing is terminated.
[0207]
Next, the service data acquisition process of the IC card 1 that is executed in parallel with the service data acquisition process of the general reader / writer 2-12 described with reference to FIG. 37 will be described with reference to the flowchart of FIG. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0208]
In steps S261 through S263, the same processing as in steps S241 through S243 in FIG. 34 is executed. In step S261, authentication of service ID_T, which is different from service ID_S, is performed. In step S264, the control unit 31 of the IC card 1 determines whether the ID_S area corresponding to the data request command received in step S263 is registered in the SRT 45 and SRA 46 of the memory 32. If it is determined in step S264 that the ID_S area is not registered, the process proceeds to step S269.
[0209]
If it is determined in step S264 that the ID_S area is registered, the control unit 31 acquires permission information of ID_S from the permission information field corresponding to ID_S in the SRT 45 of the memory 32 in step S265. In S266, it is determined whether reading of ID_S data is permitted at the time of ID_T authentication (that is, the permission information field corresponding to ID_S of SRT45 is read permission of data at the time of authentication by ID_T, ie, ro or It is determined whether or not rw is described). If it is determined in step S266 that data reading is not permitted, the process proceeds to step S269.
[0210]
If it is determined in step S266 that data reading is permitted, in steps S267 and S268, processing similar to that in steps S244 and S245 in FIG. 36 is executed, and the processing ends.
[0211]
If it is determined in step S264 that the ID_S area is not registered, or if it is determined in step S266 that data reading is not permitted, in step S269, the control unit 31 causes the communication unit 21 to Then, a NACK signal is transmitted to the general reader / writer 2-12, and the process is terminated.
[0212]
The data is acquired from the IC card 1 to the general reader / writer 2-12 by the service data acquisition processing described with reference to FIGS. 35 to 48, and after the predetermined processing is performed, the general reader / writer 2-12 needs to In response, a process of writing data to a predetermined area of the SRT 45 or SRA 46 of the memory 32 of the IC card 1 is executed.
[0213]
Next, the service data writing process of the general reader / writer 2-12 will be described with reference to the flowchart of FIG.
[0214]
In step S281, the reader / writer 2 service identification process described with reference to FIG. 16 or FIG. 18 is executed. In step S282, the reader / writer 2 authentication described with reference to FIG. 20, FIG. A key identification process is executed.
[0215]
In step S283, the control unit 101 of the general reader / writer 2-12 controls the common key processing unit 112 of the encryption processing unit 102 to transmit the data to be transmitted to the IC card 1 for writing to the memory 32 of the IC card 1. In step S284, the data write command and the data encrypted in step S284 are transmitted to the IC card 1 via the communication unit 91, and the process ends.
[0216]
Next, the service data writing process of the IC card 1 executed in parallel with the service data writing process of the general reader / writer 2-12 described with reference to FIG. 39 will be described with reference to the flowchart of FIG. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0217]
In step S291, the service identification process of the IC card 1 described with reference to FIG. 17 or 19 is executed, and in step S232, the authentication of the IC card 1 described with reference to FIG. 21, FIG. 23, or FIG. A key identification process is executed.
[0218]
In step S293, the control unit 31 receives the data write command and the encrypted data transmitted by the general reader / writer 2-12 in step S284 of FIG. 39 via the communication unit 21. In step S294, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to decrypt the received data using the session key Kses. In step S295, the control unit 31 stores the decrypted data in the memory 32. Writing to the service storage area corresponding to ID_S of SRT 45 and SRA 46 is completed.
[0219]
Further, even when information related to a certain service is exchanged between the IC card 1 and the general reader / writer 2-12, the corresponding permission information is recorded in the SRT 45 described with reference to FIG. Similar to the service data acquisition process described with reference to FIG. 37 and FIG. 38, it is possible to execute a service data write process related to a service other than the information currently being exchanged. With reference to the flowchart of FIG. 41, the service data writing process of the general reader / writer 2-12 performed during the execution of the service corresponding to the service ID other than ID_S will be described.
[0220]
In steps S301 to S304, processing similar to that in steps S281 to S284 in FIG. 39 is executed. In steps S305 and S306, the same processing as in steps S15 and S16 in FIG. 16 is performed, and the processing is terminated.
[0221]
Next, the service data writing process of the IC card 1 executed in parallel with the service data writing process of the general reader / writer 2-12 described with reference to FIG. 41 will be described with reference to the flowchart of FIG. . Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0222]
In steps S311 to S313, processing similar to that in steps S291 to S293 in FIG. 40 is executed. Note that in step S311, authentication of service ID_T, which is different from service ID_S, is performed. In steps S314 and S315, the same processing as in steps S264 and S265 of FIG. 38 is performed. If it is determined in step S314 that the ID_S area is not registered, the processing proceeds to step S320.
[0223]
In step S316, at the time of ID_T authentication, the control unit 31 determines whether or not data writing is permitted for the ID_S service (that is, in the permission information field corresponding to ID_S of the SRT 45, at the time of ID_T authentication). (Whether or not rw is described is determined). If it is determined in step S316 that data writing is not permitted, the process proceeds to step S320.
[0224]
If it is determined in step S316 that data writing is permitted, the same processing as in steps S294 and S295 of FIG. 40 is executed in steps S317 and S318. In step S319, the control unit 31 transmits an ACK signal to the general reader / writer 2-12 via the communication unit 21, and the process is terminated.
[0225]
If it is determined in step S314 that the ID_S area is not registered, or if it is determined in step S316 that data writing is not permitted, in step S320, the control unit 31 causes the communication unit 21 to Then, a NACK signal is transmitted to the general reader / writer 2-12, and the process is terminated.
[0226]
As described above, in order to attach the IC card 1 to the general reader / writer 2-12 and receive various services, authentication processing must be performed using a common key or public key determined for each service. Don't be. These authentication keys are often upgraded (ie, the keys are changed) in order to maintain security. The user attaches the IC card 1 to the reader / writer 2-14 for upgrading described with reference to FIG. 2 or the general reader / writer 2-12, and performs a key upgrade process described later with reference to FIGS. By executing, it is necessary to upgrade the authentication key registered in the IC card 1 managed by itself to an authentication key having a version as close to the latest as possible.
[0227]
Next, referring to FIG. 43, the upgrade reader / writer 2 is executed using the upgrade key (version upgrade key Kake_vup described with reference to FIGS. 6 and 14) determined for each service. The key version upgrade process of -14 will be described.
[0228]
In step S331, the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed. In step S332, the authentication of the reader / writer 2 described with reference to FIG. A key identification process is executed.
[0229]
In step S333, the control unit 101 of the version upgrade reader / writer 2-14 controls the common key processing unit 112 of the encryption processing unit 102 to set the authentication key ID corresponding to the authentication key to be upgraded to the session key Kses. And is transmitted to the IC card 1. In step S334, the control unit 101 receives a signal transmitted from the IC card 1 in step S355 or step S360 of FIG.
[0230]
In step S335, the control unit 101 determines whether or not the signal received from the IC card 1 in step S334 is an ACK signal. If it is determined in step S335 that the received signal is not an ACK signal, the process proceeds to step S339. If it is determined in step S335 that the received signal is an ACK signal, in step S336, the control unit 101 reads out the latest version information corresponding to the authentication key to be upgraded and the authentication key Kake from the memory 103, The common key processing unit 112 of the encryption processing unit 102 is controlled, encrypted using the session key Kses, and transmitted to the IC card 1 via the communication unit 91.
[0231]
In step S337, the IC card 1 receives the signal transmitted in 44 step S359 or S360 described later. In step S338, the same process as in step S335 is performed. If it is determined in step S338 that the received signal is an ACK signal, the process ends. If it is determined in steps S335 and S338 that the received signal is not an ACK signal, the same processing as step S16 in FIG. 16 is performed in step S339, and the processing is terminated.
[0232]
Next, with reference to the flowchart of FIG. 44, the key version upgrade process of the IC card 1 executed in parallel with the key version upgrade process of the version upgrade reader / writer 2-14 described with reference to FIG. explain. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0233]
In step S351, the service identification process of the IC card 1 described with reference to FIG. 17 or 19 is executed, and in step S352, the authentication of the IC card 1 described with reference to FIG. 21, FIG. 23, or FIG. A key identification process is executed.
[0234]
In step S353, the control unit 31 receives the encrypted authentication key ID transmitted from the upgrade reader / writer 2-14 in step S333 of FIG. The common key processing unit 42 is controlled to decrypt the received data using the session key Kses. In step S354, based on the decrypted data, the control unit 31 determines whether a corresponding authentication key ID exists in the ID_S of the SRT 45 and the SRA 46 of the memory 32. If it is determined in step S354 that the authentication key ID does not exist, the process proceeds to step S360.
[0235]
When it is determined in step S354 that the authentication key ID exists, the control unit 31 transmits an ACK signal to the version upgrade reader / writer 2-14 via the communication unit 21 in step S355, and in step S356. 43, the encrypted latest version information and the authentication key Kake transmitted by the version upgrade reader / writer 2-14 are received via the communication unit 21, and the common key process of the encryption processing unit 33 is performed. The unit 42 is controlled to decrypt the received version information using the session key Kses.
[0236]
In step S357, the control unit 31 determines whether the received version information is correct based on the decrypted data (that is, whether the version information is newer than the version information of the authentication key already owned by itself). Judging. If it is determined in step S357 that the version information is not correct, the process proceeds to step S360.
[0237]
If it is determined in step S357 that the version information is correct, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to decrypt the authentication key Kake using the session key Kses, and the memory 32 In the SRA 46, an ACK signal is transmitted to the version upgrade reader / writer 2-14 via the communication unit 21 in step S359, and the process ends.
[0238]
If it is determined in step S354 that the authentication key ID does not exist, or if it is determined in step S357 that the version information is not correct, in step S360, the control unit 31 sends an update reader / writer 2-14. Then, a NACK signal is transmitted via the communication unit 21, and the process is terminated.
[0239]
In addition, when the IC card 1 and the general reader / writer 2-12 exchange information about a certain service, when the corresponding permission information is recorded in the SRT 45 described with reference to FIG. As in the service data acquisition process described with reference to FIG. 38 and the service data write process described with reference to FIGS. 41 and 42, key version upgrade processing for services other than those currently being exchanged is executed. Is possible. A key version upgrade process of the general reader / writer 2-12, which is performed during execution of a service corresponding to a service ID other than ID_S, will be described with reference to the flowchart of FIG.
[0240]
In step S371 and step S372, processing similar to that in step S331 and step S332 in FIG. 44 is executed. In step S373, the control unit 101 of the general reader / writer 2-12 transmits an authentication key upgrade command for the service corresponding to ID_S to the IC card 1 via the communication unit 91. In step S397 in FIG. 46 or step S405 in FIG. 47, the data transmitted by the IC card 1 is received. In step S375, it is determined whether the signal received from the IC card 1 is an ACK signal.
[0241]
If it is determined in step S375 that the received signal is not an ACK signal, the process proceeds to step S382. If it is determined in step S375 that the received signal is an ACK signal, the same processing as in steps S333 to S339 in FIG. 43 is performed in steps S376 to S382, and the processing is terminated.
[0242]
Next, with reference to the flowcharts of FIGS. 46 and 47, the key version of the IC card 1 that is executed in parallel with the key version upgrade process of the version upgrade reader / writer 2-14 described with reference to FIG. The up process will be described. Here, the case where the process is executed by the IC card 1 described with reference to FIG. 3 will also be described. However, even when the process is executed by the IC card 1 described with reference to FIG. A similar process is executed.
[0243]
In step S391 and step S392, processing similar to that in step S351 and step S352 of FIG. 44 is executed. In step S391, authentication of service ID_T, which is different from service ID_S, is performed. In step S393, the control unit 31 receives the ID_S authentication key upgrade command transmitted by the upgrade reader / writer 2-14 in step S373 of FIG.
[0244]
In steps S394 and S395, the same processing as in steps S264 and S265 of FIG. 38 is performed. If it is determined in step S394 that the ID_S area is not registered, the processing proceeds to step S405.
[0245]
In step S396, the control unit 31 determines whether or not version upgrade of the ID_S authentication key is permitted at the time of ID_T authentication (that is, the permission information field corresponding to ID_S of the SRT 45 indicates the vup at the time of ID_T authentication). Determine if permission is listed). If it is determined in step S396 that the authentication key version upgrade is not permitted, the process proceeds to step S405.
[0246]
If it is determined in step S396 that the authentication key is allowed to be upgraded, the control unit 31 transmits an ACK signal to the upgrade reader / writer 2-14 via the communication unit 21 in step S397. To do.
[0247]
Then, in steps S398 to S405, processing similar to that in steps S353 to S360 in FIG. 44 is executed, and the processing is terminated.
[0248]
Next, the inter-module communication described with reference to FIG. 13 will be described with reference to the flowcharts of FIGS. The inter-module communication is executed by the IC card 1 described with reference to FIG. 4 and the inter-module communication reader / writer 2-13. Here, the communication unit 51 and the common key service processing unit 52 of the IC card 1 described using FIG. 4 are the common key module 122 described using FIG. 13, and the communication unit 53 and the common key service processing unit 52 described using FIG. The public key service processing unit 54 will be described as the public key module 121 described with reference to FIG.
[0249]
48, the common key module 122 shares the session key shared with the inter-module communication reader / writer 2-13, and the public key module 121 shares the inter-module communication reader / writer 2-13. Inter-module communication when the session key to be used is different will be described.
[0250]
In step S411, the inter-module communication reader / writer 2-13 executes the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18, and in step S412, the public key module 121 of the IC card 1. Executes the service identification process of the IC card 1 described with reference to FIG. 17 or 19, and shares the session key Kses 1 between the inter-module reader / writer 2-13 and the public key module 121.
[0251]
In step S413, the inter-module communication reader / writer 2-13 executes the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18, and in step S414, the common key module 122 of the IC card 1 is processed. Executes the service identification processing of the IC card 1 described with reference to FIG. 17 or FIG. 19, and shares the session key Kses 2 between the inter-module reader / writer 2-13 and the common key module 122.
[0252]
In step S415, the control unit 101 of the inter-module communication reader / writer 2-13 discloses based on the card ID of the IC card 1 obtained in the service identification process of the reader / writer 2 executed in steps S411 and S413. It is determined whether or not the two card IDs of the key module 121 and the common key module 122 match. If it is determined in step S415 that the card IDs do not match, the same processing as in step S16 in FIG. 16 is executed in step S416.
[0253]
If it is determined in step S415 that the two card IDs match, the control unit 101 of the inter-module communication reader / writer 2-13 transmits a module data movement command to the public key module 121 in step S417.
[0254]
In step S418, the control unit 61 of the public key module 121 receives the module data movement start command from the inter-module communication reader / writer 2-13, and controls the common key processing unit 42 of the encryption processing unit 33 to move the module data movement start command. The data to be encrypted is encrypted with the session key Kses1, and in step S419, the encrypted data is transmitted to the inter-module communication reader / writer 2-13.
[0255]
In step S420, the control unit 101 of the inter-module communication reader / writer 2-13 controls the common key processing unit 112 of the encryption processing unit 102 to decrypt the received data with the session key Kses1, and in step S421, The data is encrypted with the session key Kses 2 and transmitted to the common key module 122. In step S422, the control unit 61 of the common key module 122 controls the common key processing unit 42 of the encryption processing unit 63 to decrypt the received data with the session key Kses2, and in step S423, the decrypted data is stored in the memory. It is stored and used in 62 corresponding areas.
[0256]
Next, referring to the flowchart of FIG. 49, the common key module 122 shares the session key shared with the inter-module communication reader / writer 2-13, and the public key module 121 communicates with the inter-module communication reader / writer 2-13. The inter-module communication when the shared session key is the same will be described.
[0257]
In step S431, the inter-module communication reader / writer 2-13 executes the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18, and in step S432, the public key module 121 of the IC card 1. Executes the service identification process of the IC card 1 described with reference to FIG. 17 or 19, and shares the session key Kses 1 between the inter-module reader / writer 2-13 and the public key module 121.
[0258]
In step S433, the inter-module communication reader / writer 2-13 executes the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18, and in step S434, the common key module 122 of the IC card 1 is processed. Executes the service identification process of the IC card 1 described with reference to FIG. 17 or 19, and shares the session key Kses 1 between the inter-module reader / writer 2-13 and the common key module 122.
[0259]
In steps S435 to S439, processing similar to that in steps S415 to S419 in FIG. 48 is executed. In step S440, the control unit 101 of the inter-module communication reader / writer 2-13 transmits the received data to the common key module 122. In step S420 and step S421 in FIG. 48, the received data is decrypted with the session key Kses1, and the decrypted data is encrypted with the session key Kses2, and then transmitted to the common key module 122. Here, the common key module 122 is used. However, since the session key Kses1 is provided, these processes are not necessary.
[0260]
The control unit 61 of the common key module 122 controls the encryption processing unit 63 in step S411 to decrypt the received data with the session key Kses1, and stores the decrypted data in a corresponding area of the memory 62 in step S422. And use it.
[0261]
Next, referring to the flowchart of FIG. 50, the common key module 122 shares the session key shared with the inter-module communication reader / writer 2-13, and the public key module 121 communicates with the inter-module communication reader / writer 2-13. Although the session key to be shared is different, the inter-module communication reader / writer 2-13 encrypts the session key included in the common key module 122 with the other session key included in the public key module 121, and stores it in the public key module 121. The inter-module communication in the case where supply is performed will be described.
[0262]
In steps S451 to S456, processing similar to that in steps S411 to S416 in FIG. 48 is executed. That is, the session key Kses1 is shared between the inter-module reader / writer 2-13 and the public key module 121, and the session key Kses2 is shared between the inter-module reader / writer 2-13 and the common key module 122. .
[0263]
In step S457, the control unit 101 of the inter-module communication reader / writer 2-13 controls the encryption processing unit 102 to encrypt the session key Kses2 with the session key Kses1 and transmit it to the public key module 121. The control unit 61 of the public key module 121 takes out the session key Kses2 by controlling the common key processing unit 42 of the encryption processing unit 33 and decrypting the received data with the session key Kses1.
[0264]
In step S459, processing similar to that in step S417 in FIG. 48 is executed. In step S460, the control unit 61 of the public key module 121 encrypts the moving data with the session key Kses2, and transmits the encrypted data to the inter-module communication reader / writer 2-13.
[0265]
In step S461, processing similar to that in step S440 in FIG. 49 is executed. Then, in steps S462 and S463, processing similar to that in steps S422 and S423 in FIG. 48 is executed.
[0266]
That is, in step S420 and step S421 in FIG. 48, the received data is decrypted with the session key Kses1, and the decrypted data is encrypted with the session key Kses2, and then transmitted to the common key module 122. Similarly to the processing described with reference to, since the common key module 122 and the public key module 121 can obtain the same session key Kses2, it is not necessary to perform these processing.
[0267]
51, the public key module 121 and the common key module 122 share the common secret key K_common, perform mutual authentication using the common secret key K_common, and further share the common session key Kses. The inter-module communication will be described.
[0268]
In steps S471 and S472, the public key module 121 and the common key module 122 perform mutual authentication using the common secret key K_common and share the session key Kses. In step S473, the inter-module communication reader / writer 2-13 provides only the communication path for mutual authentication in steps S471 and S472 (that is, the session key is shared by both the public key module 121 and the common key module 122). Absent).
[0269]
In step S474, processing similar to that in step S417 in FIG. 48 is executed. In step S475, the control unit 61 of the public key module 121 controls the common key processing unit 42 of the encryption processing unit 33 to encrypt the moving data with the session key Kses, and to transfer the encrypted data to the inter-module communication reader. Transmit to writer 2-13. In steps S476 to S478, processing similar to that in steps S421 to S423 in FIG. 49 is executed.
[0270]
That is, in the inter-module communication described with reference to FIG. 51, the inter-module communication reader / writer 2-13 only provides a data communication path, and encrypts or decrypts data communicated between the modules. There is no.
[0271]
The series of processes described above can also be executed by software. The software is a computer in which the program constituting the software is incorporated in dedicated hardware, or various functions can be executed by installing various programs, for example, a general-purpose personal computer For example, it is installed from a recording medium.
[0272]
As shown in FIG. 9, this recording medium is distributed to provide a program to the user separately from the computer, and includes a magnetic disk 115 (including a floppy disk) on which the program is recorded, an optical disk 116 (CD- It is composed of a ROM (Compact Disk-Read Only Memory), DVD (including Digital Versatile Disk), a magneto-optical disk 117 (including MD (Mini-Disk)), or a package medium such as a semiconductor memory 118.
[0273]
Further, in the present specification, the step of describing the program recorded on the recording medium is not limited to the processing performed in chronological order according to the described order, but may be performed in parallel or It also includes processes that are executed individually.
[0274]
【The invention's effect】
  According to the data storage device of the present invention,With a predetermined reader / writer and one IC card, it is possible to exchange data related to a service that performs authentication using a common key and to exchange data related to a service that performs authentication using a public key.
[0275]
  According to the information processing apparatus of the present invention,With a predetermined reader / writer and one IC card, it is possible to exchange data related to a service that performs authentication using a common key and to exchange data related to a service that performs authentication using a public key.
[Brief description of the drawings]
FIG. 1 is a diagram for explaining a communication method and an authentication method between an IC card and a reader / writer.
FIG. 2 is a diagram for explaining a relationship between a card issuer, a service provider, and a card holder.
FIG. 3 is a block diagram showing a configuration of an IC card.
FIG. 4 is a block diagram showing a configuration of an IC card.
FIG. 5 is a diagram for explaining an encryption processing unit in FIGS. 3 and 4;
6 is a diagram for explaining the SRA of FIGS. 3 and 4. FIG.
7 is a diagram for explaining authentication key information stored in the SRA of FIG. 6; FIG.
FIG. 8 is a diagram for explaining the SRT of FIGS. 3 and 4;
FIG. 9 is a block diagram illustrating a configuration of a reader / writer.
FIG. 10 is a diagram for explaining memory information of a service registration reader / writer;
FIG. 11 is a diagram for explaining memory information of a general reader / writer.
FIG. 12 is a diagram for explaining memory information of an inter-module communication reader / writer.
FIG. 13 is a diagram for explaining inter-module communication.
FIG. 14 is a diagram for explaining memory information of a reader / writer for version upgrade.
FIG. 15 is a flowchart for explaining authentication processing of an IC card and a reader / writer.
FIG. 16 is a flowchart for explaining a service identification process of a reader / writer.
FIG. 17 is a flowchart for explaining service identification processing of an IC card.
FIG. 18 is a flowchart for explaining a service identification process of a reader / writer.
FIG. 19 is a flowchart for explaining service identification processing of an IC card.
FIG. 20 is a flowchart for explaining an authentication key identification process of a reader / writer.
FIG. 21 is a flowchart for explaining an IC card authentication key identification process;
FIG. 22 is a flowchart for explaining an authentication key identification process of a reader / writer.
FIG. 23 is a flowchart for explaining an IC card authentication key identification process;
FIG. 24 is a diagram for explaining a certificate;
FIG. 25 is a flowchart for explaining signature generation processing;
FIG. 26 is a flowchart for explaining signature verification processing;
FIG. 27 is a flowchart for explaining an authentication key identification process of a reader / writer.
FIG. 28 is a flowchart for explaining authentication key identification processing of an IC card.
FIG. 29 is a flowchart for explaining service registration processing of a service registration reader / writer;
FIG. 30 is a flowchart for explaining IC card service registration processing;
FIG. 31 is a flowchart for explaining service deletion processing of a service registration reader / writer;
FIG. 32 is a flowchart for explaining service deletion processing of an IC card.
FIG. 33 is a flowchart for explaining service deletion processing of a general reader / writer;
FIG. 34 is a flowchart for explaining service deletion processing of an IC card.
FIG. 35 is a flowchart for explaining service data acquisition processing of a general reader / writer.
FIG. 36 is a flowchart for explaining service data transmission processing of an IC card.
FIG. 37 is a flowchart for explaining service data acquisition processing of a general reader / writer;
FIG. 38 is a flowchart for explaining service data transmission processing of an IC card.
FIG. 39 is a flowchart for explaining service data write processing of a general reader / writer;
FIG. 40 is a flowchart for explaining service data write processing of an IC card.
FIG. 41 is a flowchart for explaining service data write processing of a general reader / writer;
FIG. 42 is a flowchart for explaining service data write processing of an IC card.
FIG. 43 is a flowchart for explaining key version upgrade processing of the version upgrade reader / writer;
FIG. 44 is a flowchart for explaining key version upgrade processing of an IC card.
FIG. 45 is a flowchart for explaining key version upgrade processing of a general reader / writer;
FIG. 46 is a flowchart for explaining key version upgrade processing of an IC card.
FIG. 47 is a flowchart for explaining IC card key upgrade processing;
FIG. 48 is a flowchart for explaining inter-module communication processing;
FIG. 49 is a flowchart for explaining inter-module communication processing;
FIG. 50 is a flowchart for explaining inter-module communication processing;
FIG. 51 is a flowchart for explaining inter-module communication processing;
[Explanation of symbols]
1 IC card 1 reader / writer, 21 communication unit, 31 control unit, 32 memory, 33 cryptographic processing unit, 41 public key processing unit, 42 common key processing unit, 43 other cryptographic processing unit, 45 SRT, 46 SRA, 51 communication Unit, 52 common key service processing unit, 53 communication unit, 54 public key service processing unit, 61 control unit, 62 memory, 63 cryptographic processing unit, 91 communication unit, 101 control unit, 102 cryptographic processing unit, 103 memory, 111 disclosure Key processing unit, 112 common key processing unit, 113 other cryptographic processing unit, 105 display unit, 106 input unit, 121 public key module, 122 common key module

Claims (2)

In a data storage device that is attached to an information processing device and exchanges data with the information processing device,
The information processing apparatus of any of the contact type and non-contact type can be used, and the modulation and demodulation of input / output data for the information processing apparatus is controlled, and a predetermined service from the information processing apparatus First control means for controlling input of information for identifying
Data corresponding to the predetermined service, wherein at least one of a first authentication key and a second authentication key, which is an authentication key necessary for authentication of the predetermined service, and the predetermined service are identified Second control means for controlling storage of information for
A first authentication process executing means for executing an authentication process using the first authentication key of the authentication keys;
A second authentication process executing means for executing an authentication process using the second authentication key of the authentication keys;
Based on information for identifying the predetermined service whose input is controlled by the first control unit, either the first authentication process execution unit or the second authentication process execution unit is controlled. A third control means for executing an authentication process with the information processing apparatus ;
Selection means for selecting a level of the first authentication key or the second authentication key for the predetermined service;
With
In the data whose storage is controlled by the second control means, a predetermined version of the first authentication key or the second authentication key required for authentication of the predetermined service is prepared at a plurality of levels. Has been
The first control unit controls the output of the first information related to the version of the first authentication key or the second authentication key at the level selected by the selection unit, and from the information processing apparatus. Controlling the input of the second information indicating whether or not to permit the authentication processing based on the level determined based on the version,
When the authentication processing by the level is not permitted, the selection unit newly selects a different level of the first authentication key or the second authentication key, and the first control unit is configured to select the selection unit. Controlling the output of first information relating to the version of the first authentication key or the second authentication key of the level newly selected by
When the authentication process by the level is permitted, the third control unit, based on the second information whose input is controlled by the first control unit, Control any of the second authentication processing execution means to execute the authentication processing with the information processing apparatus
Data storage device, characterized in that. In an information processing apparatus that is equipped with a data storage device and exchanges data with the data storage device,
It is possible to correspond to the data storage device of any of the contact type and the non-contact type communication method, and controls modulation and demodulation of input / output data with respect to the data storage device, and the predetermined storage to the data storage device First control means for controlling output of information for identifying a service;
Data corresponding to the predetermined service, at least one of a plurality of versions of a first authentication key and a second authentication key of a plurality of levels which are authentication keys necessary for authentication of the predetermined service; And second control means for controlling storage of information for identifying the predetermined service;
Display means for displaying information corresponding to the predetermined service;
Input means for receiving a signal indicating the selection of the predetermined service by the user;
A first authentication process executing means for executing an authentication process using the first authentication key of the authentication keys;
A second authentication process executing means for executing an authentication process using the second authentication key of the authentication keys;
Third control means for controlling processing of the first authentication processing execution means, the second authentication processing execution means, and the second control means ;
First information relating to a version of the first authentication key or the second authentication key at a predetermined level for the predetermined service from the data storage device, the input of which is controlled by the first control means. And determining means for determining whether or not to permit the authentication process based on
When there are a plurality of the predetermined services that can be authenticated by the first authentication processing execution means or the second authentication processing execution means,
The display means displays information corresponding to a plurality of the predetermined services that can be authenticated,
The third control means controls either the first authentication processing execution means or the second authentication processing execution means based on a signal indicating selection of the predetermined service input by the input means. Then, the authentication processing with the data storage device is executed with the first authentication key or the second authentication key of the version of the version at which the authentication processing is permitted by the determination means ,
The first control unit controls the output of the second information indicating whether or not to permit the authentication processing based on the level to the data storage device according to the determination result by the determination unit. Information processing device.

Images