JP4936819B2 - Portable terminal, passcode generation program, and passcode generation method - Google Patents

Description

  The present invention can incorporate a tamper resistant IC card, a portable terminal having a screen, a tamper resistant IC card that can be built in a portable terminal, a tamper resistant portable card Pass code generation program that can generate a pass code in an IC card that can be built into a terminal and a pass that generates a pass code on a portable terminal that has a tamper-resistant IC card that can be built in a terminal It relates to a code generation method.

It is important to ensure security when accessing a system through an open network to receive a service specific to an individual. For this purpose, authentication is required to confirm that the person can receive the service.
For authentication, a password that proves that the user is a regular user is generally used. There is a password called a one-time password (disposable password). This possesses a small device (one-time password generator, generally called a token) that can be carried by the user, and displays a six-digit password that switches, for example, every 60 seconds. A password is shared by the same program on the system side that logs in. Even if the password is stolen via the network, the password can be changed immediately (the password can be thrown away), so that high security can be ensured.
The password that is switched every certain number of seconds is generated by a certain algorithm based on the seed (SEED, seed, prime of random number).

  For example, Patent Document 1 discloses that a mobile terminal such as a mobile phone functions as a token instead of a token. The invention described in Patent Document 1 provides a one-time password generation module, a distribution system, and a distribution method capable of eliminating the complexity of hardware distribution and software installation management and improving security. As a matter of course, the distribution system for the one-time password generation module creates a portable terminal that requests the one-time password management server to create a one-time password generation module for generating a one-time password, and a one-time password generation module. The one-time password management server that outputs to the web server and the one-time password generation module that outputs the one-time password generation module from the one-time password management server and holds this one-time according to the request from the mobile terminal on the web page Seward generation module in binary code form is intended to include a web server to be output to the portable terminal.

  Further, for example, Patent Document 2 discloses a passcode setting using a mobile terminal. An object of the invention described in Patent Document 2 is to provide a terminal registration system in which a user of a mobile terminal can easily register the mobile terminal and prevent unauthorized registration. Receives the terminal identifier and communication identifier of the mobile terminal from the registration terminal, generates a passcode and transmits it to the registration terminal. The registration terminal displays the passcode and notifies the user of the mobile terminal. The user of the terminal inputs the passcode displayed on the registration terminal, the mobile terminal transmits the input passcode to the information server, and the information server matches the generated passcode with the generated passcode. The terminal identifier of the portable terminal is registered in association with the user only when it is done.

A service using a mobile terminal via the Internet is disclosed in Patent Document 3, for example. The invention described in Patent Document 3 provides a service providing method and system capable of providing a service having a different added value with respect to a procedure performed when a predetermined procedure is performed on the Internet. After logging in to the service providing server from the PC terminal, performing the original procedure, and transmitting the address of the mobile terminal, the password issuing unit issues a passcode for using the additional service, along with the content directory On the other hand, the data control unit records the URL of the service providing server to the mobile terminal and notifies the PC terminal of the passcode and provides the service from the mobile terminal using the received URL. When the server is accessed and the passcode is sent, the passcode authentication unit authenticates and authenticates correctly. When it is, in which the corresponding content is transmitted is extracted from the content storage unit in the portable terminal.
JP 2002-278929 A JP 2005-269571 A JP 2004-133855 A

However, in such a conventional technique, even when it is not necessary to display the passcode, the passcode is displayed and the passcode may be leaked to a third party. was there. In other words, since it is a one-time password, it will be changed to another passcode after a certain period of time, but it is not desirable for security to accidentally touch the passcode with a third party. Of course.
The present invention has been made paying attention to such problems of the prior art, and the pass code is displayed only when necessary, and the pass code is not displayed in other cases. Accordingly, an object of the present invention is to provide a portable terminal, an IC card, a passcode generation program, and a passcode generation method capable of minimizing the leakage of a passcode.

The gist of the present invention for achieving the object lies in the inventions of the following items.
[1] A portable terminal having a built-in IC card having tamper resistance and having a screen,
The portable terminal is
An IC card interface for performing input / output with the IC card;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. Control means for controlling to display in a manner indicating that it is within the second period ,
The IC card is
Seed acquisition means for acquiring a seed from the IC card interface of the mobile terminal;
Seed storage means for storing seeds acquired by the seed acquisition means;
A portable terminal comprising pass code generating means for generating a pass code using a seed stored in the seed storage means based on an instruction from an IC card interface of the portable terminal.

  [2] The portable terminal according to [1], wherein the IC card passcode generation means generates a passcode by a one-time password method.

[3] The portable terminal is:
PIN input means for inputting a PIN, which is a code for identifying the person, and providing the PIN to the IC card via the IC card interface,
The portable terminal according to [1] or [2], wherein the passcode generation means in the IC card generates a passcode also using the PIN provided by the PIN input means.

[4] The portable terminal according to [3], wherein the passcode generation means in the IC card deletes the PIN used after generating the passcode.

[5] The mobile terminal according to [1], [2], [3], or [4], wherein the other application is a Web browser, network connection, or system login.

[6] The mobile terminal according to [1], [2], [3], [4], or [5], wherein the mobile terminal is a mobile phone and the IC card is a USIM card.

[7] The passcode display control means performs an alternative display when the passcode is not displayed, [1], [2], [3], [4], [5] or [5] 6].

[8] There are a plurality of seeds stored in the seed storage means,
[1], [2], [3], [4], wherein when the passcode acquisition means instructs to generate a passcode, the seed stored in the seed storage means is designated. ], [5], [6] or [7].

[9] A portable terminal having a built-in IC card having tamper resistance and having a screen,
The portable terminal is
An IC card interface for input / output with the IC card;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. A portable terminal comprising control means for controlling to display in a mode indicating that it is within the second period .

[ 10 ] A portable terminal having a built-in IC card having tamper resistance and having a screen,
The portable terminal is
An IC card interface for performing input / output with the IC card;
A communication means for communicating with the outside;
Seed acquisition means for acquiring a seed which is a source for passcode generation from the outside by the communication means;
Seed providing means for providing the seed obtained by the seed obtaining means to the IC card via the IC card interface;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. Control means for controlling to display in a manner indicating that it is within the second period ,
The IC card is
Seed acquisition means for acquiring a seed from the IC card interface of the mobile terminal;
Seed storage means for storing seeds acquired by the seed acquisition means;
A portable terminal comprising pass code generating means for generating a pass code using a seed stored in the seed storage means based on an instruction from an IC card interface of the portable terminal.

[ 11 ] A passcode generation program capable of generating a passcode in a portable terminal having a built-in IC card having tamper resistance and having a screen,
In the mobile terminal,
An IC card interface function for input / output with the IC card;
A passcode acquisition function for instructing the IC card to generate a passcode through the IC card interface function and acquiring the generated passcode;
When the passcode acquired by the passcode acquisition function is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. A passcode display control function for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. A passcode generation program that realizes a control function that controls to display in a mode indicating that it is within the second period .

[ 12 ] A passcode generation method for generating a passcode in a portable terminal having a built-in IC card having tamper resistance and having a screen,
The portable terminal is
Equipped with an IC card interface for input / output with the IC card,
The portable terminal is
Instructing the IC card to generate a passcode via the IC card interface, obtaining the generated passcode,
When the acquired passcode is handed over to another application, the passcode is not displayed on the screen of the mobile terminal, and in other cases, the passcode is displayed on the screen of the mobile terminal. And
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. The passcode generation method is characterized in that control is performed so as to display in a manner indicating that it is within the second period .

[ 13 ] A passcode generation method for generating a passcode in a portable terminal having a built-in IC card having tamper resistance and having a screen,
The portable terminal is
Equipped with an IC card interface for input / output with the IC card,
The portable terminal is
Instructing the IC card to generate a passcode via the IC card interface, obtaining the generated passcode,
When the acquired passcode is handed over to another application, the passcode is not displayed on the screen of the mobile terminal, and in other cases, the passcode is displayed on the screen of the mobile terminal. And
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. If it is within the period, the display is controlled so that it is within the second period,
The IC card is
Obtaining a seed from the IC card interface of the mobile terminal;
Storing the obtained seed;
A passcode generation method, wherein a passcode is generated using the stored seed based on an instruction from the IC card interface of the portable terminal.

The present invention operates as follows.
The portable terminal, IC card, passcode generation program, and passcode generation method according to the present invention generate a passcode.
When the portable terminal instructs the IC card to generate a passcode via the IC card interface, obtains the generated passcode, and passes the acquired passcode to another application, Control is performed so that the passcode is not displayed on the screen of the mobile terminal, and in other cases, the passcode is displayed on the screen of the mobile terminal.
Further, the IC card acquires a seed from the IC card interface of the mobile terminal, stores the acquired seed, and uses the stored seed based on an instruction from the IC card interface of the mobile terminal. Generate a passcode.
As a result, when it is not necessary to display the passcode, the passcode can be hidden, so that the security can be improved.

  According to the portable terminal, IC card, passcode generation program, and passcode generation method of the present invention, when it is not necessary to display the passcode, the passcode can be hidden, thereby improving security. To be able to.

Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.
Each figure shows an embodiment of the present invention. FIG. 1 is a conceptual module configuration diagram of an embodiment of the present invention.
The module generally refers to a component such as software or hardware that can be logically separated. Therefore, the module in the present embodiment indicates not only a module in a program but also a module in a hardware configuration. Therefore, the present embodiment also serves as an explanation of a program, a system, and a method. In addition, the modules correspond almost one-to-one with the functions. However, in mounting, one module may be composed of one program, or a plurality of modules may be composed of one program. A plurality of programs may be used. The plurality of modules may be executed by one computer, or one module may be executed by a plurality of computers in a distributed or parallel environment. Hereinafter, “connection” includes not only physical connection but also logical connection.
In addition, the system includes a configuration in which a plurality of computers, hardware, devices, and the like are connected via a network or the like, and includes a case where the system is realized by a single computer.

Hereinafter, a mobile phone will be mainly described as a mobile terminal, and a USIM card will be mainly described as an IC card having tamper resistance.
The cellular phone 10 according to the present embodiment has a built-in USIM card 20 and has a screen. As shown in FIG. 1, a communication module 110, a PIN input module 120, a seed attribute acquisition module 130 are provided. , A time information acquisition module 140, a seed provision module 115, a passcode acquisition module 125, a display control module 135, and a USIM card interface 150, exchange data between the modules, and call other modules Control and so on. On the other hand, the USIM card 20 includes a passcode generation module 210 and a seed DB 240. The mobile phone 10 including the USIM card 20 may also be called. The USIM card 20 has tamper resistance. In other words, techniques for preventing falsification such as forgery and alteration, prohibiting copying of electronic data, and the like have been implemented. The USIM card 20 is not only a memory, but also includes a CPU core, a DMAC that supports high-speed communication, and various coprocessors. The USIM card 20 has an OS and can execute various applications. . This makes it possible to serve as a token for generating a one-time password, and as a result, the entire mobile phone 10 can be used as a highly functional token.

The communication module 110 performs data communication with the outside, which is an original function of the mobile phone 10.
The PIN input module 120 inputs a PIN, which is a code (personal identification number) that can identify the person, by the operation of the operator. The entered PIN is passed to the USIM card 20 via the USIM card interface 150, and the PIN is used to generate a passcode by combining the token code generated by the passcode generation module 210 with the PIN. . PIN is an abbreviation for Personal Identification Number, which is a personal identification number (for example, four digits) set by the operator, and is used to identify the person who uses the service in the service using the mobile phone 10. Used for.

The seed attribute acquisition module 130 uses the communication module 110 to acquire, from the outside, seed information that is a source for passcode generation or attribute information related to the seed.
The time information acquisition module 140 acquires time information from the clock of the mobile phone 10. The time information is used to generate a token code by a one-time password method. Necessary to generate the same token code as the authenticating system.
The seed provision module 115 provides the USIM card 20 with the seed information acquired by the seed attribute acquisition module 130 or attribute information about the seed via the USIM card interface 150.
The passcode acquisition module 125 instructs the USIM card 20 to generate a passcode via the USIM card interface 150, and acquires the generated passcode.
The display control module 135 uses the passcode acquired by the passcode acquisition module 125 as another application (Web browser, network connection (wireless LAN, dial-up connection, VPN (Virtual Private Network) connection, etc.)), or When handing over to a system login or the like, the pass code is not displayed on the screen of the mobile phone 10, and in other cases, the pass code is controlled to be displayed on the screen of the mobile phone 10. When the passcode is not displayed, an alternative display such as “*******” indicating that the passcode is input is displayed to indicate that “passcode is being processed”.

The USIM card interface 150 connects the mobile phone 10 and the USIM card 20 and performs input / output with the USIM card 20.
The passcode generation module 210 has (1) functions related to seed acquisition and storage, (2) functions related to PIN acquisition and synthesis, and (3) functions related to token code generation. Further, the passcode generation module 210 may be composed of a plurality of modules.
The passcode generation module 210 has a function of receiving seed or seed-related attribute information from the seed providing module 115 via the USIM card interface 150 of the mobile phone 10 and storing it in the seed DB 240. In addition, it has a function of providing attribute information regarding seeds to the module in the mobile phone 10. And it has a function which can manage a plurality of seeds and attribute information about seeds.
The passcode generation module 210 also has a function of acquiring and synthesizing a PIN. The PIN input by the user is acquired from the PIN input module 120 of the mobile phone 10. Next, using the PIN, a passcode is generated by combining with the token code generated in the passcode generation module 210. The passcode is provided to the passcode acquisition module 125 of the mobile phone 10. Also, the PIN used to generate the passcode is deleted from the USIM card 20.
The passcode generation module 210 generates a token code using the seed stored in the seed DB 240 and the time information acquired from the time information acquisition module 140 via the USIM card interface 150 of the mobile phone 10 to generate a passcode. It has a function required in the module 210 or a function of providing a token code to the module of the mobile phone 10.

The seed DB 240 stores a plurality of seed information acquired by the passcode generation module 210 or attribute information related to the seed. If there are multiple seeds, the operator selects which seed to select. For this purpose, the passcode generation module 210 provides the attribute information of the plurality of seeds to the passcode acquisition module 125 via the USIM card interface 150, and the passcode acquisition module 125 operates the attribute information of the plurality of seeds. Display to the user and prompt selection. The attribute information of the selected seed is passed to the USIM card 20 via the USIM card interface 150. Here, the seed itself is not provided to the passcode acquisition module 125. That is, for security reasons, the seed itself is not provided to the mobile phone 10 and is processed only in the USIM card 20.
The attribute information related to the seed stored in the seed DB 240 includes, for example, seed name, skin identification information, display order on the seed selection screen, seed update page URL, seed expiration date, language file, initial value of each attribute information, and the like. Yes, it may contain the seed itself.
Further, although depending on the storage capacity of the seed DB 240, the attribute information related to the seed (other than the seed) may be stored in a memory other than the USIM card 20, and only the seed may be stored in the seed DB 240. At that time, the seed information in the seed DB 240 and the attribute information (other than the seed) related to the seed in the external memory are related to each other, and an integrated search or the like is possible.

A system configuration example including a system that performs authentication will be described with reference to FIG. The mobile phone 10 incorporating the USIM card 20 is connected to the remote access server 50 or the Web server 60 via the Internet or a public line 80. The remote access server 50 or the Web server 60 and the authentication management server 70 constitute one system and are connected to each other via a communication line. The remote access server 50 and the Web server 60 are servers that serve as entrances for user access, and perform authentication proxy. The authentication management server 70 is a user authentication verification server and a management server, and performs authentication management.
User authentication is performed as follows.
(1) The remote access server 50 or the Web server 60 requests a pass code from the mobile phone 10 by an access using the mobile phone 10 by an operator.
(2) The remote access server 50 or the Web server 60 transmits the passcode transmitted from the mobile phone 10 by the operator to the authentication management server 70.
(3) The authentication management server 70 performs user authentication.
(4) Permit or disallow user access according to the result of user authentication.

As shown in FIG. 3, the mobile phone 10 is a character input device for inputting characters such as a telephone number or PIN, and a microphone 1250 that can input voice so as to have a function as a telephone, a speaker 1240 that can output voice. A key 1220, an antenna 1230 for transmitting and receiving radio waves, and a display 1210 for displaying a result of character input by the key 1220, a result of reception, and the like. In addition, a camera or the like may be provided.
The pass code is displayed on the display 1210 under the control of the display control module 135.
Further, the mobile phone 10 can incorporate a USIM card 20. There is a slot for the USIM card 20 near the location where the battery of the mobile phone 10 is stored, and it is stored there when the mobile phone 10 is used. The battery must be removed before it can be inserted or removed. This is because the power must be turned off at the time of insertion / removal to prevent destruction of data in the USIM card 20.
Note that the hardware configuration example of the mobile phone 10 described here shows one example of the device, and is not limited to this configuration, and any configuration that can execute the processing according to the present embodiment may be used. For example, the slot of the USIM card 20 may not be near the location where the battery is stored.

The software configuration inside the mobile phone 10 will be exemplified and described with reference to FIG. The software in the mobile phone 10 has two layers, the upper layer has an application 160 and a GUI 170, and the lower layer has a middleware 180.
The application 160 includes various applications using the mobile phone 10, but here requires high security that requires a passcode. For example, there are applications such as bank account management.
The GUI 170 controls input / output to the display 1210 and the like in accordance with an instruction from the application 160. It is independent of the middleware 180 and has a function of changing the skin of the user interface in accordance with a skin information file that is seed attribute information.
The middleware 180 mainly has a function of an interface with the USIM card 20. The application 160 and the GUI 170 are independent. The middleware 180 can be used from the application 160 in the mobile phone 10. The module in the USIM card 20 is accessible only from the middleware 180 to the mobile phone 10, and conversely, the application 160 in the mobile phone 10 is restricted from calling the module in the USIM card 20 directly. Further, it has a function of acquiring time information from a secure clock in the mobile phone 10 and providing time information to a module in the USIM card 20.
The module configuration in the USIM card 20 is as described in FIG. 1, but the seed DB 240 is written and read by the passcode generation module 210.

With reference to FIG. 5, the software configuration inside the mobile phone 10 and the PC 30 will be exemplified and described. The function as a token of the mobile phone 10 can also be provided to an information processing apparatus such as the PC 30. That is, since the mobile phone 10 has a standard interface such as USB or Bluetooth so that it can be connected to the PC 30, the PC 30 uses the token function, that is, the USIM card 20 via the mobile phone 10. can do. The software in the PC 30 has two layers, the upper layer has a PC GUI 31, and the lower layer has a PC middleware 32.
The PC GUI 31 is the same as the GUI 170 described with reference to FIG. That is, input / output to the screen or the like of the PC 30 is controlled in accordance with an instruction from another application. It is independent of the PC middleware 32 and has a function of changing the skin of the user interface in accordance with a skin information file that is seed attribute information.
The PC middleware 32 receives a token code and a pass code generated in the USIM card 20 in cooperation with the middleware 180 in the mobile phone 10. It is independent of the PC GUI 31.
The software configurations in the mobile phone 10 and the USIM card 20 are the same as those in FIG. Note that the application 160 and the GUI 170 in the mobile phone 10 are not shown in FIG. 5, but may be mounted, and may not function when the PC 30 is connected.

Next, the function and operation (operation) will be described.
An example of passcode generation using the cellular phone 10 will be described with reference to FIGS. 6 to 12 mainly showing a display screen. FIGS. 6 and 7 show a case where a plurality of seeds are stored in the seed DB 240. In this case, the attribute information of the seed is displayed and the operator selects the seed, and the generated passcode is displayed. is there.
A case where a seed is selected by the mobile phone 10 will be described with reference to FIG.
FIG. 6A is a display example of the display 1210 of the mobile phone 10 and is a case where the mobile phone token application is activated. The sub display 211 monitors the radio wave state, battery state, etc. of the mobile phone 10. The main screen 212 displays the first activated screen. When a passcode generation button 213 and an end button 214 are displayed in the main display 212 and the passcode generation button 213 is selected, the state shown in FIG. If the end button 214 is selected, the application ends.

FIG. 6B shows a scene where an operator selects a seed to be used. On the main display 212, a seed selection field 215 is displayed, and a plurality of seeds are displayed so that the operator can select them. The selection is performed by selecting the passcode generation button 213.
For this purpose, first, the passcode acquisition module 125 instructs the USIM card 20 to generate a passcode via the USIM card interface 150. In response to the instruction, the passcode generation module 210 in the USIM card 20 searches the seed DB 240 and detects that there are a plurality of seeds. The passcode generation module 210 asks the passcode acquisition module 125 via the USIM card interface 150 which seed to use. At that time, a plurality of seed attribute information is passed to the passcode acquisition module 125. The passcode acquisition module 125 displays the seed selection field 215 in order to allow the operator to select which of the plurality of seed attribute information passed should be used. The passcode acquisition module 125 passes the selected seed attribute information to the passcode generation module 210. The passcode generation module 210 acquires the current time information from the time information acquisition module 140, and generates a token code from the seed corresponding to the selected seed attribute information and the current time information. Next, the passcode generation module 210 combines the token code and the PIN to generate a passcode.

FIG. 6C shows a scene in which the operator inputs a PIN using the key 1220 of the mobile phone 10. That is, the operator inputs, for example, a 4-digit number (PIN) using the key 1220 of the mobile phone 10. The PIN input module 120 passes the input PIN to the USIM card 20 via the USIM card interface 150. The passcode generation module 210 in the USIM card 20 generates a passcode using the passed PIN and the generated token code. The combination of the PIN and the token code is a process of converting the token code using the PIN by a certain algorithm.
FIG. 6D shows a scene in which a token code (pass code) is displayed on the screen of the mobile phone 10. That is, the passcode generation module 210 passes the generated passcode to the passcode acquisition module 125 via the USIM card interface 150. The passcode acquisition module 125 passes the passcode to the display control module 135. The display control module 135 displays the passcode in the passcode display field 216 in the display 1210 of the mobile phone 10. The operator uses the displayed passcode to access a system that requires the passcode.

A case where a seed is selected by the PC 30 will be described with reference to FIG. Here, the pass code is generated using the USIM card 20 in the mobile phone 10, but is passed to the PC 30. In addition to the mobile phone 10, a data communication card 40 may be used. The USIM card 20 is also built in the data communication card 40.
FIG. 7A shows a state where the mobile phone 10 or the data communication card 40 is connected to the PC 30. Here, an application for generating a passcode is started.
FIG. 7B displays a display 310 that is a screen on which the application is activated. It is almost the same state as FIG.
FIG. 7C is almost the same state as FIG. It is a screen for selecting a seed for generating a passcode. 6B is performed by the USIM card 20 in the PC 30 and the mobile phone 10 (or in the data communication card 40). FIG. 7D shows a scene where a PIN is input. In FIG. 7E, the passcode generated by the USIM card 20 is displayed in the passcode display field 316 in the display 310 of the PC 30. At this time, the pass code is not displayed on the display 1210 of the mobile phone 10.

The case where cooperation with the browser of the mobile phone 10 is performed will be described with reference to FIG. The mobile phone 10 can be connected to a Web server via the Internet or a public line 80. Some Web sites perform authentication that requires a passcode. FIG. 8 explains the cooperation in that case.
FIG. 8A shows a state in which the browser of the mobile phone 10 is activated and connected to a website for authentication. On the display 1210 of the mobile phone 10, a user name column 217, a passcode column 218, a transmission button 219, a reset button 2191, and a cancel button 221 are displayed. Then, the user name is input to the user name column 217 by the operator.
FIG. 8B shows a state in which a PIN is input by the operator using the key 1220 of the mobile phone 10. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically passed to the browser.
FIG. 8C shows that the passcode is automatically input in the passcode column 218 in the display 1210 of the mobile phone 10. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10, and “*******”, which is an alternative display, is displayed. Here, when the operator selects the send button 219, authentication is performed on the corresponding Web site.

The case where cooperation with the browser of PC30 is performed is demonstrated using FIG. Here, the pass code is generated using the USIM card 20 in the mobile phone 10, but is passed to the PC 30. In addition to the mobile phone 10, a data communication card 40 may be used. The USIM card 20 is also built in the data communication card 40.
FIG. 9A shows a state where the mobile phone 10 or the data communication card 40 is connected to the PC 30. Here, the PC 30 starts a browser and connects to the Web server via the Internet or the public line 80.
FIG. 9B displays a display 310 that is a screen when a browser is activated and a Web site requiring authentication is accessed.
FIG. 9C is almost the same state as FIG. A state in which a PIN is input by the operator using the keyboard of the PC 30 is shown. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically passed to the browser.
FIG. 9D is substantially the same state as FIG. This shows that the passcode is automatically entered in the passcode entry field in the display 310 of the PC 30. In this case, the pass code is not displayed on the display 310 of the PC 30, and “*******”, which is an alternative display, is displayed. Here, when the operator selects the send button, authentication is performed on the corresponding Web site. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10.

The case where cooperation with system logon of the PC 30 is performed will be described with reference to FIG. Some high-security PCs 30 require a passcode when starting the OS of the PC 30 or using an application. A case using this embodiment in such a case will be described. Here, the pass code is generated using the USIM card 20 in the mobile phone 10, but is passed to the PC 30. In addition to the mobile phone 10, a data communication card 40 may be used. The USIM card 20 is also built in the data communication card 40. Then, authentication is performed by the PC 30.
FIG. 10A shows a state where the mobile phone 10 or the data communication card 40 is connected to the PC 30. Here, the PC 30 activates an OS or application that requires authentication.
FIG. 10B shows a state where a user authentication screen is displayed on the display 310 of the PC 30.
FIG. 10C is substantially the same state as FIG. A state in which a PIN is input by the operator using the keyboard of the PC 30 is shown. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically delivered to the user authentication application.
FIG. 10D is substantially the same state as FIG. This shows that the passcode is automatically input to the passcode input field 318 in the display 310 of the PC 30. In this case, the pass code is not displayed on the display 310 of the PC 30, and “*******” is displayed as an alternative display (see FIG. 10C). Here, when the operator selects the OK button, authentication is performed by the PC 30. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10.

A case of performing network connection (wireless LAN, dial-up connection, VPN connection, etc.) using the PC 30 will be described with reference to FIG. When connecting to a network, authentication requiring a passcode may be performed. A case using this embodiment in such a case will be described. Here, the pass code is generated using the USIM card 20 in the mobile phone 10, but is passed to the PC 30. In addition to the mobile phone 10, a data communication card 40 may be used. The USIM card 20 is also built in the data communication card 40.
FIG. 11A shows a state where the mobile phone 10 or the data communication card 40 is connected to the PC 30. Here, the operator activates a network connection client application that requires authentication.
FIG. 11B shows a state where the user authentication screen of the network connection client application is displayed on the display 310 of the PC 30.
FIG. 11C is substantially the same state as FIG. A state in which a PIN is input by the operator using the keyboard of the PC 30 is shown. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically delivered to the user authentication application. In other words, “****” is displayed in the pass code column 318 as an alternative display of the pass code.
FIG. 11D is substantially the same state as FIG. This shows that the passcode is automatically input to the passcode column 318 in the display 310 of the PC 30. Here, when the operator selects the OK button, authentication is performed at the connection destination. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10.

A case of performing network connection such as wireless LAN connection using the mobile phone 10 will be described with reference to FIG.
FIG. 12A is a screen display of the display 1210 of the mobile phone 10 when the wireless LAN connection client application is activated. Similarly to FIG. 8A, the display 1210 of the mobile phone 10 displays a user name field 217, a passcode field 218, a send button 219, a reset button 2191, and a cancel button 221. Then, the user name is input to the user name column 217 by the operator.
FIG. 12B shows a state in which the PIN is input by the operator using the key 1220 of the mobile phone 10 as in FIG. 8B. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically delivered to the wireless LAN connection client application.
FIG. 12C shows that the passcode is automatically input to the passcode column 218 in the display 1210 of the mobile phone 10 as in FIG. 8C. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10, and “*******”, which is an alternative display, is displayed. Here, when the operator selects the transmission button 219, authentication is performed at the access point of the corresponding wireless LAN.

Here, the presence / absence of passcode display for each usage scene will be described with reference to FIG. When the passcode must be generated, the mobile phone 10 is used alone as described above, or the mobile phone 10 or the data communication card 40 containing the USIM card 20 is connected. This is the case.
Further, when the mobile phone 10 is used alone, it is divided into a case of simply referring to a passcode and a case of using in cooperation with other applications. In the case of simply referring to the passcode, the token for displaying the conventional passcode is replaced with the mobile phone 10, and it is necessary to refer to the passcode on the display 1210 of the mobile phone 10, and the passcode is displayed. . This is the usage scene described with reference to FIG. 6, and the second row in FIG. 17 corresponds to this.

Next, when the mobile phone 10 is used alone in cooperation with other applications, it is further divided into a case where a Web browser of the mobile phone 10 is used and a case where a wireless LAN is used.
When the mobile phone 10 alone uses the Web browser of the mobile phone 10, the passcode is automatically delivered to the Web browser of the mobile phone 10. That is, the pass code is not displayed on the display 1210 of the mobile phone 10. This is the usage scene described with reference to FIG. 8, and the third line in FIG. 17 corresponds to this.

  When the mobile phone 10 alone uses a wireless LAN, the pass code is automatically delivered to the wireless LAN client application of the mobile phone 10. That is, the pass code is not displayed on the display 1210 of the mobile phone 10. This is the usage scene described with reference to FIG. 12, and the fourth line in FIG. 17 corresponds to this.

  Similarly, when the mobile phone 10 or the data communication card 40 containing the PC 30 and the USIM card 20 is connected and used, the user simply refers to the passcode or uses it in cooperation with other applications. Divided into In the case of simply referring to the passcode, the token for displaying the conventional passcode is replaced with the PC 30 and the mobile phone 10, and it is necessary to refer to the passcode on the display screen of the PC30, and the passcode is displayed. . This is the usage scene described with reference to FIG. 7, and the fifth line in FIG. 17 corresponds to this. However, even in this case, the pass code is not displayed on the display 1210 of the mobile phone 10. As a result, the display of the passcode can be minimized.

When the mobile phone 10 is connected to the PC 30 and used in cooperation with other applications, and when using a Web browser, network connection (dial-up connection, VPN connection, wireless LAN connection, etc.) To be divided into the case of system logon.
When the mobile phone 10 is connected to the PC 30 and a Web browser is used, the passcode is automatically delivered to the Web browser of the PC 30. That is, the pass code is not displayed on the screen of the PC 30. This is the usage scene described with reference to FIG. 9, and the sixth line in FIG. 17 corresponds to this. Further, the pass code is not displayed on the display 1210 of the mobile phone 10.

When the mobile phone 10 is connected to the PC 30 and is connected to the network (dial-up connection, VPN connection, wireless LAN connection, etc.), the pass code is used for the dial-up connection client application of the PC 30, the VPN connection client application, It is automatically delivered to the wireless LAN connection client application. That is, the pass code is not displayed on the screen of the PC 30. This is the usage scene described with reference to FIG. 11, and the seventh to ninth lines in FIG. 17 correspond to this.
In the case of system logon when the cellular phone 10 and the PC 30 are connected, the pass code is automatically delivered to the system logon client application. That is, the pass code is not displayed on the screen of the PC 30. This is the usage scene described with reference to FIG. 10, and the 10th line in FIG. 17 corresponds to this.
Since it is possible to control whether or not to display the passcode in this way, when it is unnecessary to display the passcode, the passcode can be hidden, so that the security can be improved. It becomes like this.

  Next, a case where a new seed is installed will be described. The token application has a function of installing a new seed into the USIM card 20 in the mobile phone 10. The new seed is stored in a free area of the seed area in the seed DB 240 of the USIM card 20. At the time of new seed installation, if there is no free space in the seed area in the seed DB 240 of the USIM card 20, an alert is displayed to the operator and the seed installation is forcibly stopped. Also, at the time of new seed installation, the seed name can be changed to an arbitrary value by the user. The seed name is stored in the seed DB 240 as a seed attribute.

The seed update alert will be described with reference to FIG. In order to improve security, the seed is updated to a new one.
If at least one seed stored in the USIM card 20 is about to expire, an alert to that effect is displayed when the token application is activated. The alert display is as shown in FIG. In other words, the expiration date message display 224 is displayed on the display 1210 of the mobile phone 10, and for example, a message that “the expiration date of the seed 01 is 30 days later” is displayed therein. In this display, there is a toggle switch 225 that can be specified not to display a message from the next time for an operator who feels it is troublesome to display such a message every time. When performing the update process, the operator selects an OK button 226. When the end button 222 is selected, the token application is ended, and when the menu button 223 is selected, a list of menus that can be selected in the scene is displayed.
The number of days before the expiration date can be displayed can be changed to any value by the user. A fixed number of days (for example, 30 days ago) can be set as the default value. Further, the operator can select whether or not to display the alert itself.
The seed update alert processing can notify the operator that the seed update is near, making this embodiment easier to use.

Next, seed update management will be described with reference to FIG.
The token application has a function of performing seed update when the seed stored in the USIM card 20 expires.
If the seed has expired, an alert to that effect is displayed. That is, the display as shown in FIG. An expiration message display 227 is displayed on the display 1210 of the mobile phone 10 to indicate that it has expired. Then, an OK button 228 and a cancel button 229 that allow the operator to select whether or not to apply for an update are displayed. When the OK button 228 is selected, a screen display as shown in FIG. A seed update page connection message display 2291 is displayed, and a message prompting connection to a Web page where a new seed can be obtained is displayed. Then, an OK button 231 and a cancel button 232 are displayed that allow the operator to select whether or not to connect. When the OK button 231 is selected, the Web page is connected and displayed as shown in FIG. The URL of the seed update Web page is stored as seed attribute information in the seed DB 240 and is used.
Accordingly, the seed update process can be performed even in the USIM card 20 having tamper resistance, and the security can be further improved.
Note that the seed can be updated not only after the expiration date but also before the expiration date (for example, 30 days before). When performing the display of FIG. 14A, for example, the operator knows that there is a seed that is about to expire, such as “The expiration date of seed 01 is 30 days later. Do you want to apply for a seed update?” Inform. Then, as in FIG. 14A, an OK button 228 and a cancel button 229 are displayed that allow the operator to select whether or not to apply for an update. After that, it is the same as the case where the above-mentioned seed has expired (see FIGS. 14B and 14C). In addition, the number of days in which the message is displayed before the expiration date can be changed to an arbitrary value by the operator.

The seed selection will be described with reference to FIG. In the above description, what is displayed by selecting the seed is the seed 01 or the like, which is difficult for the operator to understand. The seed includes attribute information, and a seed name that can be easily distinguished by humans can be used as the seed name. The operator can use the name of the system that uses the passcode, such as a bank name.
If a plurality of seeds are held in the USIM card 20, a screen for selecting seeds is displayed, and the operator selects the seeds to be used. That is, the seed name 2151 is displayed in the seed selection field 215 as shown in FIG. Also, a seed expiration date alert notification icon 2152 is displayed around the seed name 2151. This is displayed when the expiration date of the seed is approaching. Then, for example, it may be displayed in blue if it is 30 days before the seed expiration date, displayed in yellow if it is 15 days before the seed expiration date, and red if it is 7 days before the seed expiration date. This makes it possible to know the expiration date of the seed also on the seed selection screen. In addition, since the seed expiration date alert notification icon 2152 is changed in stages according to the number of remaining days until the expiration date, the operator can grasp the remaining days until the seed expiration date by using the seed expiration date alert notification icon 2152. It becomes like this.
If there are not a plurality of seeds stored in the USIM card 20, the seed selection screen can be skipped and the passcode display screen can be displayed after the token application is activated.

The passcode display will be described with reference to FIG.
If time has elapsed while the pass code is displayed on the display 1210 of the mobile phone 10 and the time information that is the basis for generating the token code has been changed (minute information has been updated), the PIN entered by the operator, A passcode is generated based on the new time information, and the passcode on the screen is updated. This passcode is updated only once. When the time has passed again and the time information has been changed, the screen returns to the PIN input screen. Thereby, it is possible to improve convenience and improve the security of the passcode.
Specifically, as shown in FIG. 16A, a PIN is input, and as a result, a passcode is displayed as shown in FIG. Thereafter, when the time elapses as it is (that is, when the minute information is updated), more specifically, when the time when the PIN is input is 12:00:45 (FIG. 16B), the time When the time elapses and it becomes 12:01:00 (FIG. 16D), the passcode is also changed on the system side where the passcode is input. Therefore, the passcode generation module 210 in the USIM card 20 generates a new token code based on the new time information, and generates a new passcode by synthesizing the tokencode and the PIN entered immediately before. (FIG. 16E). However, this is only one time, and when the next time has passed and it becomes 12:02:00 (FIG. 16 (F)), the passcode is not regenerated and FIG. As in (G), the PIN input is prompted again.

In the above embodiment, the USIM card 20 is shown as an example. However, a GUSIM card, UIM card, SIM card, or the like may be used.
In the embodiment, the pass code is generated by combining the token code and the PIN. However, the pass code may be the token code as it is, and in this case, the token code can be authenticated.
In the above-described embodiment, the communication service using the mobile phone 10 and the data communication card 40 has been shown. However, other than these, data communication terminals such as PHS, notebook PCs and PDAs, game terminals, navigation systems, automobiles, etc. A communication portable terminal such as a telephone or a pager (registered trademark) may be used.
In the above-described embodiment, the time synchronization type in which a valid password is updated every fixed time has been described as a one-time password. However, the counter synchronization type in which a valid password is updated each time a client performs authentication. Can also be adopted. Also, other irregular one-time password generation methods can be adopted. For example, a one-time password generation method (generally called “transaction-linked authentication”) that generates a password for the requested transaction when the service user sends the transaction content to the service provider. May be).
In the above-described embodiment, the seed DB 240 stores and manages the seed and attribute information corresponding to the seed. However, the seed DB 240 may be realized as a storage unit such as a database, a file system, or a table.

In addition, about the program demonstrated, it is also possible to store in a recording medium, and it can also be grasped | ascertained also as the following invention in that case.
A portable terminal-readable recording medium recording a passcode generation program capable of generating a passcode in a portable terminal having a screen that can incorporate an IC card having tamper resistance,
In the mobile terminal,
An IC card interface function for input / output with the IC card;
A passcode acquisition function for instructing the IC card to generate a passcode through the IC card interface function and acquiring the generated passcode;
When the passcode acquired by the passcode acquisition function is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. A portable terminal readable recording medium having a passcode generation program recorded thereon, which realizes a passcode display control function for controlling display.

An IC card readable recording medium having a tamper resistance and a passcode generation program capable of generating a passcode on an IC card that can be built in a portable terminal,
To the IC card,
A seed acquisition function for acquiring a seed from the IC card interface of the mobile terminal;
A seed storage function for storing a seed acquired by the seed acquisition function;
Recording a passcode generation program that realizes a passcode generation function that generates a passcode using a seed stored in the seed storage function based on an instruction from an IC card interface of the portable terminal IC card readable recording medium.
“A portable terminal or IC card-readable recording medium on which a program is recorded” means a portable terminal or an IC card-readable recording medium on which a program is recorded, which is used for program installation, execution, program distribution, etc. Say.

The recording medium is, for example, a digital versatile disc (DVD), which is a standard established by the DVD Forum, such as “DVD-R, DVD-RW, DVD-RAM,” and DVD + RW. Standards such as “DVD + R, DVD + RW, etc.”, compact discs (CDs), read-only memory (CD-ROM), CD recordable (CD-R), CD rewritable (CD-RW), etc. MO), flexible disk (FD), magnetic tape, hard disk, read only memory (ROM), electrically erasable and rewritable read only memory (EEPROM), flash memory, random access memory (RAM), etc. It is.
The program or a part of the program can be recorded on the recording medium and stored or distributed. Also, by communication, for example, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a wired network used for the Internet, an intranet, an extranet, etc., or wireless communication It can be transmitted using a transmission medium such as a network or a combination of these, and can also be carried on a carrier wave.
Furthermore, the above program may be a part of another program, or may be recorded on a recording medium together with a separate program.

It is a block diagram which shows the example of the whole module structure which concerns on one embodiment of this invention. It is a figure which shows the system configuration example including the system which performs authentication. It is explanatory drawing which shows the structural example of a mobile telephone. It is a block diagram which shows the software structural example inside a mobile telephone. It is a block diagram which shows the software structural example of a mobile telephone and PC. It is explanatory drawing which shows the display screen in the case of selecting a seed with a mobile phone. It is explanatory drawing which shows the display screen in the case of selecting a seed with PC. It is explanatory drawing which shows the display screen in the case of performing cooperation with the browser of a mobile phone. It is explanatory drawing which shows the display screen in the case of performing cooperation with the browser of PC. It is explanatory drawing which shows the display screen in the case of performing cooperation with system logon of PC. It is explanatory drawing which shows the display screen in the case of performing network connection using PC. It is explanatory drawing which shows the display screen in the case of performing wireless LAN connection using a mobile telephone. It is explanatory drawing which shows the display screen of a seed update alert. It is explanatory drawing which shows the display screen of seed update management. It is explanatory drawing which shows the display screen of seed selection. It is explanatory drawing which shows a passcode display screen. It is a figure which shows the list about the presence or absence of the passcode display according to use scene.

Explanation of symbols

10 ... Mobile phone 20 ... USIM card 30 ... PC
31 ... GUI for PC
32 ... PC middleware 40 ... Data communication card 50 ... Remote access server 60 ... Web server 70 ... Authentication management server 80 ... Internet or public line 110 ... Communication module 115 ... Seed providing module 120 ... PIN input module 125 ... Passcode acquisition module DESCRIPTION OF SYMBOLS 130 ... Seed attribute acquisition module 135 ... Display control module 140 ... Time information acquisition module 150 ... USIM card interface 160 ... Application 170 ... GUI
180 ... middleware 210 ... passcode generation module 240 ... seed DB
310 ... Display 1210 ... Display 1220 ... Key 1230 ... Antenna 1240 ... Speaker 1250 ... Microphone

Claims (13)

A portable terminal that can incorporate an IC card having tamper resistance and has a screen,
The portable terminal is
An IC card interface for performing input / output with the IC card;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. Control means for controlling to display in a manner indicating that it is within the second period ,
The IC card is
Seed acquisition means for acquiring a seed from the IC card interface of the mobile terminal;
Seed storage means for storing seeds acquired by the seed acquisition means;
A portable terminal comprising pass code generating means for generating a pass code using a seed stored in the seed storage means based on an instruction from an IC card interface of the portable terminal.   The portable terminal according to claim 1, wherein the IC card passcode generating means generates a passcode by a one-time password method. The portable terminal is
PIN input means for inputting a PIN, which is a code for identifying the person, and providing the PIN to the IC card via the IC card interface,
The portable terminal according to claim 1 or 2, wherein the passcode generation means in the IC card also generates a passcode using the PIN provided by the PIN input means. The portable terminal according to claim 3, wherein the passcode generation means in the IC card deletes the PIN used after generating the passcode. The mobile terminal according to claim 1, 2, 3, or 4, wherein the other application is a Web browser, a network connection, or a system login. The mobile terminal according to claim 1, 2, 3, 4, or 5, wherein the mobile terminal is a mobile phone, and the IC card is a USIM card. The portable terminal according to claim 1, 2, 3, 4, 5 or 6, wherein the passcode display control means performs an alternative display when the passcode is not displayed. There are a plurality of seeds stored in the seed storage means,
The seed stored in the seed storage means is designated when the passcode acquisition means instructs to generate a passcode. The claim 1, 2, 3, 4, 5, 6 or 7. The mobile terminal according to 7. A portable terminal that can incorporate an IC card having tamper resistance and has a screen,
The portable terminal is
An IC card interface for input / output with the IC card;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. A portable terminal comprising control means for controlling to display in a mode indicating that it is within the second period . A portable terminal that can incorporate an IC card having tamper resistance and has a screen,
The portable terminal is
An IC card interface for performing input / output with the IC card;
A communication means for communicating with the outside;
Seed acquisition means for acquiring a seed which is a source for passcode generation from the outside by the communication means;
Seed providing means for providing the seed obtained by the seed obtaining means to the IC card via the IC card interface;
Pass code acquisition means for instructing the IC card to generate a pass code via the IC card interface and acquiring the generated pass code;
When the passcode acquired by the passcode acquisition means is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. Pass code display control means for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. Control means for controlling to display in a manner indicating that it is within the second period ,
The IC card is
Seed acquisition means for acquiring a seed from the IC card interface of the mobile terminal;
Seed storage means for storing seeds acquired by the seed acquisition means;
A portable terminal comprising pass code generating means for generating a pass code using a seed stored in the seed storage means based on an instruction from an IC card interface of the portable terminal. A passcode generating program capable of generating a passcode in a portable terminal having a screen that can incorporate an IC card having tamper resistance,
In the mobile terminal,
An IC card interface function for input / output with the IC card;
A passcode acquisition function for instructing the IC card to generate a passcode through the IC card interface function and acquiring the generated passcode;
When the passcode acquired by the passcode acquisition function is handed over to another application, the passcode is not displayed on the screen of the mobile terminal. In other cases, the passcode is displayed on the screen of the mobile terminal. A passcode display control function for controlling to display ,
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. A passcode generation program that realizes a control function that controls to display in a mode indicating that it is within the second period . A passcode generation method for generating a passcode in a portable terminal having a screen that can incorporate an IC card having tamper resistance,
The portable terminal is
Equipped with an IC card interface for input / output with the IC card,
The portable terminal is
Instructing the IC card to generate a passcode via the IC card interface, obtaining the generated passcode,
When the acquired passcode is handed over to another application, the passcode is not displayed on the screen of the mobile terminal, and in other cases, the passcode is displayed on the screen of the mobile terminal. And
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. The passcode generation method is characterized in that control is performed so as to display in a manner indicating that it is within the second period . A passcode generation method for generating a passcode in a portable terminal having a screen that can incorporate an IC card having tamper resistance,
The portable terminal is
Equipped with an IC card interface for input / output with the IC card,
The portable terminal is
Instructing the IC card to generate a passcode via the IC card interface, obtaining the generated passcode,
When the acquired passcode is handed over to another application, the passcode is not displayed on the screen of the mobile terminal, and in other cases, the passcode is displayed on the screen of the mobile terminal. And
In the seed selection screen, if it is within the first predetermined period of the seed expiration date, it is displayed in a manner indicating that it is within the first period, and a second predetermined period of the seed expiration date is displayed. If it is within the period, the display is controlled so that it is within the second period,
The IC card is
Obtaining a seed from the IC card interface of the mobile terminal;
Storing the obtained seed;
A passcode generation method, wherein a passcode is generated using the stored seed based on an instruction from the IC card interface of the portable terminal.

Images