JP6020377B2 - IC card update device, IC card, IC card update system, and IC card update method - Google Patents

Description

  The present invention relates to updating an IC card, and more particularly to resuming processing when processing is interrupted in the middle of IC card updating.

  The conventional IC card update method determines whether or not there is existing data for the purpose that the IC card can be used in the state before or after the update even if the update process is interrupted, and there is no existing data. In this case, the update data is written in a predetermined area which is a data area in the IC card. If there is existing data, write the data in a free area different from the predetermined area in the IC card, delete the existing data, and write the data written in the free area to the predetermined area where the existing data was stored. The data copied and written in the empty area was deleted (for example, Patent Document 1).

JP 2012-38143 A

  In the conventional IC card update method, when there is existing data for each update data, the data is written in an empty area different from a predetermined area in the IC card, the existing data is deleted, and the empty data is deleted. Since the data written in the area was copied to the specified area where the existing data was stored and the data written in the empty area was deleted, the processing procedure increased in proportion to the number of update data, and the load on the computer and communication was increased. There was a problem that it took.

  The present invention was made to solve the above-described problems, and the effect of the prior art that the IC card can be used in the state before or after the update even if the update process is interrupted is maintained. It is an object of the present invention to obtain an IC card update device that reduces the load on the computer and communication than before by reducing the update processing procedure.

  In order to solve the above-described problems, an IC card update device according to the present invention includes a data generation unit that generates IC card update data, and the IC card update data generated by the data generation unit together with a command. A transmission / reception unit that transmits to the card and receives a response from the IC card, and refers to the response from the IC card received by the transmission / reception unit, and if there is existing data in the IC card, this A data determination unit that determines whether the existing data is an object file that refers to the authentication data, and the transmission / reception unit determines that the existing data is an object file by the data determination unit, A command for overwriting the IC card update data in a predetermined area where the existing data is stored In which it was decided to send toward the IC card.

  In addition, the IC card of the present invention is the existing data stored by the receiving unit that receives the IC card updating data and commands transmitted from the transmitting / receiving unit of the IC card updating device and the data determination unit of the IC card updating device. A storage unit in which the IC card update data received by the receiving unit is overwritten and written in a predetermined area in which the existing data is stored when it is determined that is an object file that refers to authentication data That's what it meant.

  Further, the IC card update system of the present invention transmits a data generator for generating IC card update data, and the IC card update data generated by the data generator to the IC card together with a command, A transmission / reception unit that receives a response from an IC card, and the response from the IC card that is received by the transmission / reception unit. If there is existing data in the IC card, the existing data refers to authentication data. A data determination unit that determines whether the file is an object file, and the transmission / reception unit, when the data determination unit determines that the existing data is an object file, the predetermined data in which the existing data is stored A command for overwriting the IC card update data in the area and writing to the IC card The IC card updating device to transmit, the receiving unit for receiving the IC card updating data and the command transmitted from the transmitting / receiving unit of the IC card updating device, and the data determining unit of the IC card updating device When it is determined that the existing data to be stored is an object file that refers to authentication data, the IC card update data received by the receiving unit is overwritten and written in a predetermined area in which the existing data is stored And an IC card provided with a unit.

  Further, in the IC card update method of the present invention, the data generation unit generates data for IC card update, and the transmission / reception unit transmits the IC card update data generated by the data generation step together with the command. A transmission / reception step for transmitting to the IC card and receiving a response from the IC card, and a data determination unit refer to the response from the IC card received by the transmission / reception step, and the existing data in the IC card A data determination step for determining whether or not the existing data is an object file that refers to authentication data, and the transmission / reception step includes determining that the existing data is an object file by the data determination step. If determined, the predetermined data in which the existing data is stored It is a command to write and overwrite the IC card update data to pass those and transmitting toward the IC card.

  According to the present invention, a data generation unit that generates IC card update data, and the IC card update data generated by the data generation unit are transmitted to the IC card together with a command, and a response from the IC card. When there is existing data in the IC card with reference to the response from the IC card received by the transmitter / receiver, whether the existing data is an object file that refers to authentication data A data determination unit for determining whether or not the IC card is located in a predetermined area in which the existing data is stored when the data determination unit determines that the existing data is an object file. By sending a command to overwrite the update data and writing it to the IC card, Since than the IC card renewal method it is possible to step 2 less per update data one, there is an effect that a load on the computer and communication can be reduced.

It is a figure which shows an example of a structure of the IC card update system which concerns on Embodiment 1 of this invention. It is a figure which shows the file structure of the data area of an IC card. It is a figure which shows the flowchart of an IC card update process of a server. It is a figure which shows the issuing process sequence of an IC card. It is a figure which shows the update procedure of an object.

Embodiment 1 FIG.
The configuration and operation of the IC card update system according to Embodiment 1 of the present invention will be described with reference to FIGS.
FIG. 1 is a diagram showing an example of the configuration of an IC card update system according to Embodiment 1 of the present invention.
In FIG. 1, an IC card update system 1 is wired to a server 2, that is, an IC card update device, a client 4 that is communicably connected to the server 2 via a network 3, that is, an IC card update data transfer device, and a client 4. The IC card reader / writer 5 is connected, and the IC card 6 is detachably provided on the IC card reader / writer 5.

  The server 2 generates and stores a request accepting unit 21 that accepts an IC card issuance request from the client 4 and authentication data such as a key and certificate for writing to the IC card 6 in response to the accepted IC card issuance request. From the key / certificate storage unit 22, an image generation unit 23 (data generation unit) that generates an image of a file that is actually stored in the IC card from the generated key or certificate, and an image of each configured file An APDU (Application Data Unit) transmission / reception unit that generates a command that can be transmitted to the IC card 6, transmits data including the command to the network 3, and receives a response issued to the command from the IC card 6; A data determination unit 25 for determining data in the response received from the IC card 6; It is equipped with. The key / certificate issuing unit 22 has tamper resistance and stores information such as a private key, a public key certificate, and a PIN (Personal Identification Number) that are necessary when issuing a certificate.

  The client 4 generates an input unit (not shown) for acquiring information such as the name of the user registered in the IC card 6 from the outside and an IC card issuance request to the server 2, and stores the name of the acquired user. A request issuance unit 41 that is transmitted to the network 3 together with information, IC card issuance data including a command transmitted from the server 2 to the IC card 6, and a response from the IC card 6 to the server 2 in response to the command. An APDU transfer unit 42 that transfers IC card issuing data. The IC card reader / writer 5 has a function of writing IC card issuance data including a command transferred from the client 4 to the IC card 6 and a function of reading a response to the command from the IC card 6. 6 holds authentication data such as a private key, public key certificate, and PIN written by the IC card reader / writer 5 by storage means such as printing or embossing provided on the surface. Although not shown, the IC card 6 includes a receiving unit that receives IC card issuing data including a command transferred from the APDU transfer unit 42, and the received IC card issuing data is stored in a memory in the IC card 6. It has a memory | storage means to memorize | store (not shown).

(IC card file structure)
FIG. 2 is a diagram showing an example of a file structure of a data area for storing IC card issuing data of the IC card 6 conforming to the standard of JIS X 6320-15.
The IC card 6 has a Dedicated File (hereinafter referred to as DF) as a file indicating a file group handled by the IC card issuing system 1, and a plurality of Elementary Files (areas for storing IC card issuing data under the DF). Hereinafter referred to as EF). In FIG. 2, CIA (Cryptographic Information Application) is DF, and all other files below CIA are EF. Note that the number and size of EFs are determined when the IC card is manufactured. Further, the IC card 6 does not have a management data dedicated area for managing progress information of the IC card issuing process.

  Of the EFs, the AOD that stores the authentication information object, the PrKD that stores the private key object, the PuKD that stores the public key object, and the CD that stores the certificate object are also called object files depending on the type of logical data.

  In the EF other than the object file, UserPIN that stores a general user's password as authentication information, SOPIN that stores the administrator's password as authentication information, PriKey1 and PriKey2 that store private keys, and PubKey1 and PubKey2 that store public keys. Public for storing a certificate having a public attribute, Private for storing a certificate having a private attribute, CIAInfo indicating information of the IC card 6 under the CIA, OD for storing a pointer to an object file, Public and Private space There is a Unused Space that manages the area. The UserPIN and SOPIN passwords are referenced from the authentication information object in the AOD, the private keys of PriKey1 and PriKey2 are referenced from the private key object in PrKD, and the public keys of PubKey1 and PubKey2 are referenced from the public key object in PuKD. It is what is done. A certificate having a public attribute of Public and a certificate having a private attribute of Private are respectively referred to from a certificate object in the CD.

  The type of the object stored in each EF is the same as that shown in JIS X 6320-15. Within CIAInfo, CIAInfo type objects from the top area are ASN. 1 is stored in a DER encoded format. A plurality of CIOChoice type objects are stored in the OD in a DER-encoded format. In these objects, authorObjects indicating an authentication object of AOD, privateKeys indicating a private key object of PrKD, publicKeys indicating a public key object of PuKD, Certificates indicating the certificate object of the CD is included. The order in which these CIOChoice type objects are stored is not limited to the above, but may include other CIOChoice type elements. In addition, the area where the end of a certain CIOChoice type object is stored and the area where the head of the next CIOChoice type object is stored may not be continuous, and in this case, the area where no object data exists 0xFF or 0x00 data indicating that no data exists is stored. Note that this is not limited to OD, and the same applies when a plurality of objects are stored in other EFs.

  In Unused Space, a plurality of Unused Space type objects defined in PKCS # 15 are stored in a DER-encoded format. In these Unused Space type objects, there are information on EFs in which free space exists, and the number of bytes from the beginning. Information on the number of bytes indicating information and length is included as data. The AOD stores a plurality of objects of AuthenticationObjectChoice type in a DER encoded format, and as this object, pwd indicating a password is selected as data indicating UserPIN or SOPIN.

  In PrKD, a plurality of objects such as PrivateRSCKey of PrivateKeyChoice type including data indicating PriKey1 or PriKey2 are stored in a DER-encoded format, and in PuKD, a PublicCriR object such as PublicDeliK type including a PublicKey object such as PublicKeyType1 or PubKey2 is stored. Multiple encoded formats are stored. In the CD, a plurality of objects such as CertificateChoice type x509 Certificate indicating Public or Private are stored in a DER-encoded format together with information on the number of bytes from the head and information on the number of bytes indicating the length.

  The UserPIN stores data for authenticating a password in a format specific to the IC card. When the UserPIN is authenticated, the use of PriKey1 and PriKey2 and the reading of the Private can be performed. The SOPIN stores data for authenticating the password in the format specific to the IC card, as well as data for authenticating the default password at the time of manufacture. When the SOPIN is authenticated, all EFs can be changed. become. Private keys are stored in PriKey 1 and PriKey 2, respectively, and by using these keys, calculation inside the IC card 6, that is, generation of an electronic signature and decryption of encrypted data can be performed. The EFs such as PubKey1, PubKey2, Public, and Private have only basic functions for saving and reading specified data. PubKey1 and PubKey2 store only one public key from the top area, and Public and Private Multiple certificates are stored.

(IC card issuance procedure)
Here, a procedure for issuing an IC card using CIAInfo will be described.
When an IC card issuance request specifying the name of the IC card user is transmitted from the request issuing unit 41 of the client 4 to the server 2 via the network 3, the request receiving unit 21 of the server 2 receives the IC card issuing request. After confirming the validity, the key / certificate issuing unit 22 is instructed to issue a key and a certificate. At this time, the IC card issue request transmitted from the client 4 may include, in addition to the name of the IC card user, items that can be applied by the user, information indicating the transmission right of the issue request, and the like.

  When the key / certificate issuing unit 22 receives a key and certificate issuance instruction from the request receiving unit 21, the key / certificate issuing unit 22 generates an RSA key pair, that is, a private key and a public key, and is designated by the public key and IC card issue request. A public key certificate is generated using the user's name and the certificate profile set in the system. Then, the generated RSA key pair, public key certificate, and higher public key certificate of the generated public key certificate are transmitted to the image generation unit 23.

  The image generation unit 23 generates data to be stored in PrKD and PriKey1 from the generated RSA key pair, and data to be stored in CD and Public from the public key certificate. The image generation unit 23 generates data to be stored in the CIAInfo, OD, and AOD based on the profile of the IC card 6 set in the IC card issuing system 1, and sets a password corresponding to each generated data. It is generated as data to be stored in UserPIN and SOPIN. Data stored in each EF constructs a file structure similar to that of the IC card 6 and is recorded in a memory (not shown) in the server 2.

  When the image generation by the image generation unit 23 is completed, the APDU transmission / reception unit 24 configures a command sequence for the IC card 6 and a processing sequence performed with the IC card 6 from the file configuration of the IC card 6 recorded in the memory, A command for the IC card 6 is transmitted to the client 4. As a command for the IC card 6, for example, a command conforming to JIS X 6320-4 (ISO / IEC 7816-4) can be used.

  The command transmitted from the APDU transmission / reception unit 24 reaches the client 4 via the network 3 and is transferred toward the IC card 6 inserted into the IC card reader / writer 5 by the APDU transfer unit 42 in the client 4. A response to the received command is generated from the IC card 6, and IC card issuing data including this response is read by the IC card reader / writer 5 and transmitted to the client 4. The APDU transfer unit 42 of the client 4 transfers the IC card issuance data received from the IC card reader / writer 5 to the server 2 via the network 3. Thereafter, communication between the server 2 and the IC card 6 is repeated as many times as necessary by the same procedure.

(Server processing)
FIG. 3 is a flowchart of the IC card update process of the server 2.
The APDU transmission / reception unit 24 of the server 2 first selects a DF in S1, reads data in the IC card 6 in S2, checks the issuing process, and checks whether the password has been changed. If the password has not been changed, authentication is performed using the shipping password in S3, and if the password has been changed, authentication is performed using the changed operational password in S3. If the authentication of the IC card 6 is successful, the issuing process is confirmed in S4 using the data read from the IC card 6 in S2. Thereafter, predetermined data is written to the IC card 6 in S5, and the IC card issuing process is completed. The command to be used is, for example, SELECT for selecting DF, VERIFY for authentication of the IC card 6, CHANGE REFERENCE DATA for changing the password, READ BINARY for reading data in the IC card 6, and UPDATE BINARY for writing data to the IC card 6. , Etc.

(Object structure)
Here, the structure of an object including commands and responses transmitted / received between the server 2 and the IC card 6 will be described. The structure of the object transmitted to the IC card 6 is as follows.
"CLA INS P1 P2 Lc command data Le"
CLA is 1-byte data defining a communication condition called a class byte, and INS is 1-byte data indicating a command. P1 and P2 are 1-byte data indicating different command parameters, Lc is data indicating the length of command data, command data is data corresponding to the command, and Le is permission of response data transmitted from the IC card 6. It is data indicating the length to be performed.
On the other hand, the structure of the object transmitted by the IC card 6 is as follows.
"Response data SW1 SW2"
The response data is data indicating the execution result of the command, and SW1 and SW2 are 1-byte data indicating the status of the execution result.

Here, an object transmitted and received between the server 2 and the IC card 6 will be described using a specific example. For example, the UPDATE BINARY transmitted from the APDU transmission / reception unit 24 to the IC card 6 and writing 0x00 in the first byte of CIAInfo stores 0x00 in the portion corresponding to the command data as follows.
"00 D6 92 00 01 00"
The numbers are in hexadecimal notation, and Le is omitted.

When the object is transmitted to the IC card 6 and the UPDATE BINARY command is normally completed, the IC card 6 returns the following binary string to the server 2 as a response.
"900"
This response indicates that there is no response data and the command has been completed normally.

On the other hand, when the data stored in the first byte of CIAInfo of the IC card 6 is read, the READ BINARY transmitted from the APDU transmission / reception unit 24 is as follows.
"00 B0 92 00 01"
Since READ BINARY is a command for reading, command data does not exist, and Le is omitted.

When the object is transmitted to the IC card 6 and the READ BINARY command is normally completed, the IC card 6 returns the following binary string to the server 2 as a response.
"00 90 00"
The first 1 byte indicates that the response data is 0x00, and the subsequent 2 bytes indicate that the command has been normally completed.

(Object processing sequence)
Since the processing flow and object structure of the server 2 have been described, the processing sequence of objects transmitted and received between the server 2 and the IC card 6 when the IC card is issued will be described here. In issuing the IC card 6, the server 2 first selects a CIA for the IC card 6. When the selection of CIA is successful, READ BINARY is transmitted to read the data stored in the second byte from the head of CIAInfo, and the next processing sequence is determined. Here, since the last 3 bytes of CIAInfo are used as an area for progress management, data in this area indicating the length of CIAInfo data is read, but it is not updated for purposes other than progress management during IC card issuance processing. As long as it is an area, the position and size are not limited to this.

  If the response data for READ BINARY is 0xFF or 0x00, the server 2 determines that the IC card 6 that transmitted the response is new as in S42, and executes the issuing process of the IC cards 6 in order from the beginning. If the response data for READ BINARY is a value obtained by adding 3 to the original value as in S43, it is determined that the IC card issuance process is interrupted, and the IC cards 6 are issued in order immediately after the corresponding Step. Execute the process. If the response data for READ BINARY is an original value as in S44, the server 2 determines that the IC card issuance process is complete and does not perform the issuance process.

  In order to perform the issuing process of the IC card 6, it is necessary to first execute VERIFY on SOPIN to obtain authentication. When processing is started from the beginning, VERIFY is executed for SOPIN using a password at the time of shipment, and when processing is started halfway, VERIFY is executed for SOPIN using a password for operation. The password at the time of operation is obtained by CHANGE REFERENCE DATA that is executed after SOPIN authentication.

In the issuance process of the IC card 6 performed after the SOPIN authentication, the issuance process is performed according to a sequence of 15 steps when complying with the standard of JIS X 6320-15.
FIG. 4 is a diagram showing an issuance processing sequence of the IC card 6.
Hereinafter, the details of each step of the issuing process sequence will be described with reference to FIG.

Step 1: The password in the SOPIN storing the administrator password is changed to a password for operation. At this time, after executing CHANGE REFERENCE DATA, which is a password change command, data is written into CIAInfo that displays information on EFs under the CIA. Further, “8A 01 01” data is written immediately after the CIAInfo object, and a value obtained by adding 3 to the original value is written in the second byte from the top of the object. The progress management area uses the last 3 bytes added.
Step 2: Use the user password to change the password in the User PIN that stores the general user password. At this time, the command progress management area data is set to 0x02.
Step 3: Write data to the OD that stores a pointer to the object file. At this time, after executing UPDATE BINARY as a write command, the progress management area data is set to 0x03.
Step 4: Write data in Unused Space that manages the free space of Public and Private. At this time, the command progress management area data is set to 0x04.
Step 5: Write data to the AOD that stores the authentication information object. At this time, the command progress management area data is set to 0x05.
Step 6: Write data to the PrKD that stores the private key object. At this time, the command progress management area data is set to 0x06.
Step 7: Write data to PuKD that stores the public key object. At this time, the command progress management area data is set to 0x07.
Step 8: Write data to the CD that stores the certificate object. At this time, the command progress management area data is set to 0x08.
Step 9: Write data to PriKey1 that stores the private key. At this time, the command progress management area data is set to 0x09.
Step 10: Write data to PriKey2 that stores the private key. At this time, the command progress management area data is set to 0x0a.
Step 11: Write data to PubKey1 that stores the public key. At this time, the command progress management area data is set to 0x0b.
Step 12: Data is written to PubKey2 that stores the public key. At this time, the data in the command progress management area is set to 0x0c.
Step 13: Write data to the Public that stores the certificate having the public attribute. At this time, the command progress management area data is set to 0x0d.
Step 14: Write data to a private storing a certificate having a private attribute. At this time, the command progress management area data is set to 0x0e.
Step 15: The second byte from the beginning of the CIAInfo type object is returned to the original value, and all the three byte values immediately after the CIAInfo type object are changed to 0xFF.

As described above, the progress management of the IC card issuance process is written by writing the data indicating the progress status of the IC card issuance process, that is, the information of the IC card 6 issuance process, in the last three bytes immediately after the CIAInfo type object, which is the data used in operation. Even if the IC card 6 does not have a dedicated area, data indicating the progress can be stored inside, so when the issuance process is interrupted, the data indicating the progress is confirmed You can easily resume from processing.
Although detailed description of communication in the network and encryption of the IC card command is omitted, the TLS (Transport Layer Security) is used for the network as in the normal case of handling information that must be kept secret such as passwords and private keys. ) And IPSec (Security Architecture for the Internet Protocol) are applied, and the secure messaging (SM) is used for the IC card 6.

  On the other hand, if it is determined that the process is interrupted, the server 2 first determines the step in which the issuance process succeeded last from the IC card issuance process from the data stored in the third byte immediately after the CIAInfo object Specifically, if the SOPIN password is not changed, the SOPIN authentication is obtained using the factory password, and if the SOPIN password is changed, the SSOPIN authentication is obtained using the operation password. Thereafter, the IC card issuance process is restarted from Step immediately after the process is interrupted. Thereafter, the processes up to Step 14 are sequentially performed as in the case where the IC card 6 is new. If the process is interrupted, the CIAInfo type object can be interpreted as an object to which the element “issuing Status [10] OCTEET STRONG OPTIONAL” is added, so that the server 2 or the like will not be disturbed when the object is read. .

(Object update processing sequence)
Hereinafter, the object update processing sequence will be described in detail with reference to FIG. 3 again.
The server 2 first selects DF in S1, reads data in the IC card 6 in S2, confirms the issuing process, and confirms whether or not the password has been changed. If the password has not been changed, authentication is performed using the shipping password in S3, and if the password has been changed, authentication is performed using the changed operational password in S3. If the authentication of the IC card 6 is successful, the issuing process is confirmed in S4 using the data read from the IC card 6 in S2. Thereafter, predetermined data is written to the IC card 6 in S5, and the IC card issuing process is completed.

  When writing to the IC card 6 in S5, first, in S51, the data determination unit 25 determines whether or not there is existing data for issuing processing in the IC card 6. If there is no existing data, the process proceeds to S52, and data for issuing process is written in a predetermined area which is a data area in the IC card 6.

  On the other hand, if there is existing data, the data determination unit 25 determines whether or not the data is to be written to the object file in S53. If it is an object file, the process proceeds to S52, and data for issuance processing is overwritten and written in a predetermined area which is a data area in the IC card 6.

  If it is not an object file, the data is written in a free area different from the predetermined area in the IC card 6 in S54, the existing data is deleted in S55, and the data written in the free area in S56. Is copied to a predetermined area where the existing data is stored, and the data written in the empty area is deleted in S57.

  The commands used in the object update process are, for example, SELECT for selecting DF, VERIFY for authentication of the IC card 6, CHANGE REFERENCE DATA for changing the password, READ BINARY for reading data in the IC card 6, IC card 6 There are UPDATE BINARY, etc. for writing data to the.

  The public key certificate stored in the IC card 6 has a validity period of about several years for the purpose of preventing leakage due to compromise of the private key and enlargement of the revocation list. Therefore, for example, when the IC card 6 is updated, it is necessary to change PrKD, PuKD, CD, PriKey1, PriKey2, PubKey1, PubKey2, and Public. Moreover, it is also necessary to change UnusedSpace along with the change of Public.

Hereinafter, the relationship between CD, Public, and Unused Space will be described with reference to FIG.
FIG. 5 is a diagram showing an object update procedure.
In FIG. 5, the CertificateChoice type object stored in the CD is indicated by “old template” or “new template”, and the public key certificate data stored in the public is “old data” or “new data”. The Unused Space type object stored in Unused Space is represented as “free space”.

FIG. 5A shows a state before update, in which the old template is stored at the top of the CD, the old data is stored at the top of the public, and an object indicating the public free space is also stored at the top of the Unused Space.
FIG. 5B shows a state in which the new data is stored in the area after the public old data by the update procedure 1. Note that the new data is stored from the beginning of the public behind the size of the new data.
FIG. 5C shows a state in which an object indicating an empty area changed by storing new data in Public by the update procedure 2 is stored in Unused Space. In this example, since there is a gap between the old data and the new data, two free areas are added.
FIG. 5D shows a state in which the object indicating the empty area stored in the Unused Space from the beginning has been deleted by the update procedure 3.

  FIG. 5E shows a state in which a new template referring to the new public data is stored on the CD by the update procedure 4. Here, unlike the new data stored in the public free area, the new template is not over the CD free area but overwritten on a predetermined area in which the old template is stored.

FIG. 5F shows a state in which an object indicating a free area that changes due to deletion of old data is stored at the head of Unused Space according to the update procedure 5.
FIG. 5G shows a state where an object indicating a free area existing between the old data and the new data is deleted from the Unused Space by the update procedure 6. If there is no free area between the old data and the new data, this object does not exist, so this update procedure 6 is omitted.
FIG. 5H shows a state in which the old data is deleted from the public by the update procedure 7.

FIG. 5I shows a state in which new data is copied and stored at the top of the Public by the update procedure 8.
In FIG. 5 (j), an object indicating an empty area between the new data stored in FIG. 5 (b) and the new data stored in FIG. 5 (i) is stored in Unused Space by the update procedure 9. Shows the state. If there is no free area, this update procedure 9 is omitted.
FIG. 5 (k) shows a state in which the object indicating the empty area stored at the top of Unused Space in FIG. 5 (f) has been deleted by the update procedure 10.

  FIG. 5 (l) shows a state in which a new template that refers to new data stored at the top of the public is overwritten and stored at the top of the CD by the update procedure 11.

FIG. 5 (m) shows a state where an object indicating an area after the new data stored in FIG. 5 (b) as an empty area is stored at the head of Unused Space by the update procedure 12.
FIG. 5 (n) shows a state in which, except for the object indicating the free area stored in the Unused Space, objects other than the object stored at the head are deleted by the update procedure 13.
FIG. 5 (o) shows a state where the new data stored in the area after the area where the old public data is stored in FIG. 5 (b) is deleted and the IC card update process is completed. Yes.

  To summarize the above update processing procedure, when data is stored, that is, when data is written, processing is performed in the order of data, free space, and template, and when data is deleted, processing is performed in the order of free space and data. It will be.

  In the relationship between PrKD, PriKey1, and PriKey2, use PrKey1 and PriKey2 instead of CD instead of CD, use PriKey1 and PriKey2 in the processing procedure between CD and Public, and store the other data in PriKey1. As described above, the IC card 6 can be updated while maintaining the consistency between the old and new data.

  In addition, in the relationship between PuKD, PubKey1, and PubKey2, using PubKey1 and PubKey2 instead of CD instead of CD maintains the consistency of the old and new data as in the relationship between PrKD, PriKey1, and PriKey2. The update process of the IC card 6 can be performed.

  As a whole of the IC card update process, the update process is not executed for CD and Public, PrKD and PriKey1 and PriKey2, and PuKD and PubKey1 and PubKey2, respectively. Store and update in the procedure of storing the new template in PrKD, PuKD, CD.

  The procedure for moving the new data from the update procedure 8 in FIG. 5 (i) to the update procedure 14 in FIG. 5 (o) to the head may be omitted.

  As described above, the first embodiment of the present invention overwrites the IC card update data (new template) over the predetermined area in which the existing data (old template) is stored, not the empty area of the IC card. By storing the data, it is possible to reduce two steps per update data as compared with the conventional IC card update method, and the load on the computer and communication can be reduced.

  In addition, since the update process can be performed while maintaining the consistency of the old and new data, even if the update process is interrupted, it can be used as an old IC card before update or in the state of being interrupted. There is an effect that it can be used continuously as a new IC card later. Specifically, when the update process is interrupted by the update procedure 3 in FIG. 5D, it can be used as an IC card storing an old key or certificate, and the update in FIG. If the update process is interrupted from the procedure 5 to the update procedure 13 in FIG. 5 (o), it can be used as an IC card in which a new key or certificate is stored.

Also, in the updating procedure 4 in FIG. 5E, if the correspondence between the key and the certificate cannot be obtained, the IC card 6 is changed by directly referring to the new data or the old data stored in the public. Can be used correctly. Whether to refer to new data or old data depends on the operation policy of the system. As a specific example, a case will be described in which the key of priKey referred to by PrKD is new (state of update procedure 4), and the certificate of Public referred to by CD is old (state of update procedure 3). When referring to the new data, since the CD refers to the old data, the new data stored in the Public is specified using the information of the unused space in the Unused Space. For example, data stored in a non-old data area referred to by the CD is identified and referred to as new data among data stored in a non-public area of the public. On the other hand, when referring to the old data, since PrKD refers to the new data, the priKey on the side not referred to by PrKD may be specified and referred to as the old data. Such processing for specifying the reference destination data can be performed by the data determination unit 25 of the IC card update device. In addition, a reference destination data specifying unit for specifying the above reference destination data is provided inside the IC card 6, and a CD or PrKD stored in the storage unit in response to the reference destination request received from the user terminal. The reference destination data may be specified by the old and new information of the data referred to by the object file, and the reference destination data information may be output to the user terminal.
In this way, by updating the IC card 6 while maintaining the consistency of the old and new data, the new IC card 6 is issued to the user through a transportation means such as registered mail by issuing a new IC card 6 at a secured facility. This eliminates the need for sending, saving transportation costs and reducing the environmental impact of discarding the old IC card 6.

  Furthermore, even if the update process is interrupted, the interrupted process can be easily identified by checking the data indicating the progress of the update process, and the update process can be resumed from the intermediate process. There is an effect that can be done.

  Further, since the server 2 corresponds to the IC card 6, the progress status of the update process can be managed even for the IC card 6 that does not have a dedicated area for progress management.

1 IC card update system, 2 server, 21 request accepting unit, 22 key / certificate issuing unit, 23 image generating unit, 24 APDU transmitting / receiving unit, 25 data determining unit, 3 network, 4 client, 41 request issuing unit, 42 APDU Transfer unit, 5 IC card reader / writer, 6 IC card.

Claims (10)

A data generation unit for generating IC card update data;
A transmission / reception unit that transmits the IC card update data generated by the data generation unit together with a command to the IC card, and receives a response from the IC card;
Data determination that refers to the response from the IC card received by the transmission / reception unit, and determines whether the existing data is an object file that refers to authentication data if there is existing data in the IC card With
When the data determination unit determines that the existing data is an object file, the transmission / reception unit writes a command for overwriting the IC card update data in a predetermined area in which the existing data is stored. An IC card update device that transmits to a card. The data generation unit generates IC card update data including information on the update process of the IC card,
When the IC card update process is interrupted, the transmission / reception unit transmits a command for restarting the IC card update process to the IC card by using the information on the update process included in the IC card update data. The IC card updating apparatus according to claim 1.   When the update process of the IC card is interrupted, the data determination unit should refer to the object file by using the information on the empty area in the IC card and the old and new information of the data referred to by the object file. The IC card updating apparatus according to claim 2, wherein the authentication data is specified.   When the data determination unit determines that the existing data is not an object file, the transmission / reception unit writes the IC card update data in a free area different from the predetermined area in the IC card, and the existing data A command to copy the IC card update data written in the empty area to the predetermined area where the existing data is stored, and to delete the IC card update data written in the empty area The IC card update device according to claim 1, wherein the IC card update device transmits the information to the IC card. A receiving unit for receiving IC card updating data and commands transmitted from the transmitting / receiving unit of the IC card updating device;
When the data determination unit of the IC card update device determines that the existing data stored by itself is an object file that refers to authentication data, the reception unit receives the received data in a predetermined area in which the existing data is stored. An IC card comprising a storage unit in which IC card update data is overwritten and written.   When the data determination unit of the IC card update device determines that the existing data stored by itself is not the object file, the storage unit stores a free area different from the predetermined area in which the existing data is stored. 6. The IC card according to claim 5, wherein the IC card update data is stored.   When the IC card update processing by the IC card update device is interrupted, the authentication to be referred to by the object file using the information on the free area of the storage unit and the old and new information of the data referred to by the object file 6. The IC card according to claim 5, further comprising a reference data specifying unit for specifying data. A data generation unit for generating IC card update data;
A transmission / reception unit that transmits the IC card update data generated by the data generation unit together with a command to the IC card, and receives a response from the IC card;
Data determination that refers to the response from the IC card received by the transmission / reception unit, and determines whether the existing data is an object file that refers to authentication data if there is existing data in the IC card With
When the data determination unit determines that the existing data is an object file, the transmission / reception unit writes a command for overwriting the IC card update data in a predetermined area in which the existing data is stored. An IC card update device for sending to the card;
A receiver that receives the IC card update data and the command transmitted from the transceiver of the IC card update device;
When the data determining unit of the IC card updating apparatus determines that the existing data stored by itself is an object file that refers to authentication data, the data is received by the receiving unit in a predetermined area in which the existing data is stored An IC card update system comprising: an IC card provided with a storage unit in which the IC card update data is overwritten and written. A data generation step in which the data generation unit generates IC card update data;
A transmission / reception unit that transmits the IC card update data generated in the data generation step together with a command to the IC card, and receives a response from the IC card;
The data determination unit refers to the response from the IC card received in the transmission / reception step, and if there is existing data in the IC card, whether or not the existing data is an object file that refers to authentication data And a data determination step for determining
In the transmission / reception step, when it is determined in the data determination step that the existing data is an object file, a command for overwriting the IC card update data in the predetermined area in which the existing data is stored is written to the IC IC card update method to send to the card. A data generation step in which the data generation unit generates IC card update data;
A transmission / reception unit that transmits the IC card update data generated in the data generation step together with a command to the IC card, and receives a response from the IC card;
The data determination unit refers to the response from the IC card received in the transmission / reception step, and if there is existing data in the IC card, whether or not the existing data is an object file that refers to authentication data And a data determination step for determining
In the transmission / reception step, when it is determined in the data determination step that the existing data is an object file, a command for overwriting the IC card update data in the predetermined area in which the existing data is stored is written to the IC Send it to the card,
The IC card receives the IC card update data and the command transmitted from the transmission / reception step;
When the IC card determines that the existing data stored by itself is an object file that refers to authentication data in the data determination step, the IC card is received by the reception step in a predetermined area in which the existing data is stored. An IC card update method comprising: a storage step in which the IC card update data is overwritten and written.