JP6287284B2 - IC chip and program encryption method - Google Patents

Description

  The present invention relates to a technology such as an IC chip including a non-volatile memory that stores a plurality of control programs that respectively perform a plurality of processing functions that can be used from an application via an API (Application Programming Interface).

  In recent years, an IC card equipped with a memory having a low cost and a large capacity as compared with past products has been increasing. Therefore, it is possible to store a large amount of programs for realizing the functions as compared with past products. The IC card vendor creates an application and stores it in the IC card in order to realize the function requested by the customer. Among such applications, there is an application having a credit function, for example, which places importance on security. In order to store such an application in an IC card and make it usable, it is necessary to obtain certification of the target brand or to have a security evaluation organization evaluate tamper resistance (security strength). Since such evaluation is often performed for each IC card product, there is a problem that the cost increases by the number of products. For this reason, it is desirable to create a general-purpose product as much as possible and to have a mechanism that can be deployed to various products after a single certification and evaluation. For this purpose, a mechanism for absorbing functional differences between various products is required.

  As a mechanism for absorbing such functional differences, in general, by creating a function for each product with an application described in Java (registered trademark), INSTALL and DELETE in the IC card specifications (Global Platform) There is a method of adding and deleting by the command. However, there is no problem as long as the functional difference can be absorbed by the application, but there is a problem when there is a functional difference in the OS (Operating System). For example, this is a case where an OS function such as a product-specific encryption function or authentication function is used. The encryption function and the authentication function often control a hardware coprocessor, and it is necessary to provide an API from the OS to an application described in Java (registered trademark). As a solution when there is a functional difference in the OS, for example, it is conceivable to install APIs of both the A product and the B product on the IC card. However, for example, the provider of the B product may not want to disclose the API of the B product to the application developer of the A product on the A product. The same can be said for the B product. In such a case, as disclosed in Patent Document 1, for example, it is conceivable to use APIs depending on authority.

Japanese Patent No. 3880384

  However, it is assumed that the authority disclosed in Patent Document 1 is illegally acquired by, for example, a security attack. Therefore, API authority management alone is not sufficient to solve the above-described problems.

  The present invention has been made in view of the above points, and an IC chip and a program capable of using an OS function unique to each of a plurality of products with one IC chip and improving security. It is an object to provide an encryption method.

In order to solve the above-described problem, the invention described in claim 1 includes a non-volatile memory that stores a plurality of control programs each responsible for a plurality of processing functions that can be used from an application via an API (Application Programming Interface). The non-volatile memory includes identification information of an area for storing the control program responsible for the processing function, area information indicating an area for storing the control program responsible for the processing function, and A table in which key data for encrypting a control program is associated with each of the plurality of control programs is stored, and the IC chip encrypts a predetermined control program in the plurality of control programs Receiving means for receiving an encrypted command from an external device, and an identification designated by the received encrypted command On the basis of the key data associated with the area information corresponding to the distribution, characterized in that it comprises an encryption means for encrypting the control program to which the area information is stored in the area indicated.

  According to a second aspect of the present invention, in the IC chip according to the first aspect, each of the area information in the table indicates whether or not the control program stored in each of the areas is encrypted. When the control program is encrypted by the encryption unit, the IC chip encrypts the flag corresponding to the encrypted control program by the control program. When the API is called from the application and the changing means for changing to indicate that the control program is associated, the information is associated with area information indicating an area for storing the control program corresponding to the API. A determination unit that refers to the flag and determines whether the flag indicates that the control program is encrypted. If it is determined that indicates that it is encrypted by the determination means, characterized in that it comprises, and error processing means for performing error processing.

  According to a third aspect of the present invention, in the IC chip according to the first aspect, each of the area information in the table indicates whether or not the control program stored in each of the areas is encrypted. When the control program is encrypted by the encryption unit, the IC chip encrypts the flag corresponding to the encrypted control program by the control program. When the API is called from the application and the changing means for changing to indicate that the control program is associated, the information is associated with area information indicating an area for storing the control program corresponding to the API. A determination unit that refers to the flag and determines whether the flag indicates that the control program is encrypted. The case where it is determined not to indicate that they are encrypted by the determination means, characterized in that it comprises a program executing means for executing the control program corresponding to the API.

  According to a fourth aspect of the present invention, in the IC chip according to any one of the first to third aspects, the receiving unit sends a decryption command for decrypting the encrypted predetermined control program from an external device. Receiving and decrypting the control program stored in the area indicated by the area information based on the key data associated with the area information corresponding to the identification information specified by the received decryption command And means.

According to a fifth aspect of the present invention, there is provided a method for encrypting a program in an IC chip including a non-volatile memory storing a plurality of control programs each responsible for a plurality of processing functions usable from an application via an API (Application Programming Interface) The non-volatile memory includes identification information of an area for storing the control program responsible for the processing function, area information indicating an area for storing the control program responsible for the processing function, and the control program. A table in which key data for encryption is associated with each of the plurality of control programs is stored, and the program encryption method encrypts a predetermined control program in the plurality of control programs. A receiving step of receiving an encrypted command from an external device, and the received encrypted command An encryption step of encrypting the control program stored in the area indicated by the area information based on the key data associated with the area information corresponding to the specified identification information. And

  According to the present invention, an OS function unique to each of a plurality of products can be used with one IC chip, and security can be improved.

1 is a diagram illustrating a schematic configuration example of an IC card 1. FIG. FIG. 4A is a diagram illustrating an example of a program area provided in the nonvolatile memory 13. (B) is a figure which shows an example of a key data table. It is a flowchart which shows the process example of CPU10 when a code encryption command is received. (A) is a flowchart showing a processing example of the CPU 10 when a general command is received after the IC card 1 issuance processing. (B) is a flowchart showing a processing example of the CPU 10 when an API is called from an application in operation.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  First, with reference to FIG. 1, the configuration and functional overview of the IC card 1 according to the present embodiment will be described. FIG. 1 is a diagram illustrating a schematic configuration example of the IC card 1. The IC card 1 is used as a cash card, credit card, employee card or the like. Alternatively, the IC card 1 is incorporated into a communication device such as a smartphone or a mobile phone. The IC chip 1a may be configured by being directly incorporated on a circuit board of a communication device.

  An IC chip 1a is mounted on the IC card 1 as shown in FIG. The IC chip 1 a includes a CPU (Central Processing Unit) 10 as a computer, a RAM (Random Access Memory) 11, a ROM (Read Only Memory) 12, a nonvolatile memory 13, and an I / O circuit 14. The I / O circuit 14 serves as an interface with the external device 2. When the IC card 1 is a contact IC card, the I / O circuit 14 is provided with, for example, eight terminals C1 to C8 defined by ISO / IEC7816. For example, the C1 terminal is a power supply terminal, the C2 terminal is a reset terminal, the C3 terminal is a clock terminal, the C5 terminal is a ground terminal, and the C7 terminal is a terminal that performs data communication with the external device 2. Examples of the external device 2 include an IC card issuing machine, ATM, ticket gate, and authentication gate. Alternatively, when the IC card 1 is incorporated in a communication device, the external terminal 2 corresponds to a controller responsible for the function of the communication device. The IC card issuing machine is a device that performs the issuing process of the IC card 1. In this specification, “issue” means that when an IC card is provided as a product to a customer (for example, a credit card company), for example, the IC card issuing company provides predetermined information (program or program) on the IC chip of the IC card. Data). When the IC card 1 is a non-contact IC card, the I / O circuit 14 is provided with an antenna, a modulation / demodulation circuit, and the like.

  The CPU 10 is an arithmetic device that executes a program stored in the ROM 12 or the nonvolatile memory 13. The CPU 10 functions as a receiving unit, an encrypting unit, a changing unit, a determining unit, an error processing unit, a program executing unit, and a decrypting unit in the present invention. The ROM 12 may not be provided in the IC chip 1a. For example, a flash memory is applied to the nonvolatile memory 13. The nonvolatile memory 13 may be “Electrically Erasable Programmable Read-Only Memory”. The nonvolatile memory 13 is provided with a program area for storing a plurality (two or more types) of OS (Operating System) programs and a data area for storing various data such as security data. The OS program is an example of a control program. The non-volatile memory 13 stores an encryption program in advance.

  FIG. 2A is a diagram illustrating an example of a program area provided in the nonvolatile memory 13. The program area shown in FIG. 2A is divided into a plurality of (two or more types) sections holding a plurality of OS programs. As shown in FIG. 2A, each section includes an OS program common to the A to C products, an OS program having processing functions unique to the A product (hereinafter referred to as “A product OS program”), B Either an OS program responsible for product-specific processing functions (hereinafter referred to as “B product OS program”) or an OS program responsible for C product-specific processing functions (hereinafter referred to as “C product OS program”) is retained. Has been. Here, the processing function is a basic processing function (for example, an encryption function or an authentication function) provided by Java (registered trademark), for example. The section holding the A product OS program is called the A section, the section holding the B product OS program is called the B section, and the section holding the C product OS program is called the C section.

  The OS program for the A product, the OS program for the B product, and the OS program for the C product each have a processing function that can be used from an application via an API (Application Programming Interface). The application is an application program created in a specific programming language such as Java (registered trademark). This application is stored in the non-volatile memory 13 at the time of issuing the IC card 1 or after being provided to the customer. APIs corresponding to the OS program for A product, the OS program for B product, and the OS program for C product are interfaces to the respective processing functions, and are called by applications.

  A key data table is stored in the data area provided in the nonvolatile memory 13. FIG. 2B is a diagram illustrating an example of the key data table. As shown in FIG. 2B, the key data table holds a section identifier (identification information), a section address, key data, and a flag in association with each section. The section identifier may be an index of a record (table column). The section address indicates an area for storing the corresponding OS program. The key data is data for encrypting a corresponding OS program (in other words, a section holding the OS program) and decrypting the encrypted OS program. The flag indicates whether or not the corresponding OS program is encrypted. As shown in FIG. 2B, a CRC (Cyclic Redundancy Check) of the key data table is stored at the end of the key data table stored in the data area.

  In the above-described configuration of the IC chip 1a, the CPU 10 receives an encryption command for encrypting a predetermined OS program among a plurality of OS programs (hereinafter referred to as “code encryption command”) from the IC card issuer. Based on the key data associated with the address of the section corresponding to the identifier specified by the code encryption command, the encryption process for encrypting the OS program stored in the area indicated by the address is performed. Yes.

  Here, with reference to FIG. 3, the process of the CPU 10 when the code encryption command is received will be described. FIG. 3 is a flowchart showing a processing example of the CPU 10 when a code encryption command is received. In the present embodiment, it is assumed that the code encryption command is used when the IC card 1 is issued. Therefore, the non-volatile memory 13 of the IC card 1 holds state variables for managing at least two types of life cycles of the IC card 1 in the issued state or other states.

  In FIG. 3, when the CPU 10 receives a code encryption command (for example, a code encryption command for the B product OS program) transmitted from the IC card issuer to the IC chip 1a, the CPU 10 issues the IC card 1 with reference to the state variable. It is determined whether it is a phase (step S1). That is, it is determined whether or not the life cycle of the IC card 1 is in the issue phase. If it is determined that the IC card 1 is not issued (step S1: NO), the process proceeds to step S2. In step S2, the CPU 10 performs error processing. In this error processing, an error signal is returned to the IC card issuing machine.

  On the other hand, when it is determined that it is the issue phase of the IC card 1 (step S1: YES), the process proceeds to step S3. In step S3, the CPU 10 acquires an identifier from the code encryption command received in step S1. Next, based on the identifier acquired in step S3 (that is, the identifier specified by the code encryption command), the CPU 10 performs key data (key data for the target section) associated with the address of the section corresponding to the identifier. ) Is acquired from the key data table (step S4).

  Next, the CPU 10 encrypts the OS program (for example, the B product OS program) stored in the section indicated by the address corresponding to the identifier based on the key data obtained in step S4 ( In other words, the target section is encrypted) (step S5). Next, the CPU 10 changes the flag (flag held in the key data table) associated with the address indicating the area where the encrypted OS program is stored from “0” to “1” (for the target section). The flag is set valid) (step S6). That is, when the OS program is encrypted, the CPU 10 changes the flag corresponding to the encrypted OS program so as to indicate that the OS program is encrypted. Next, the CPU 10 updates the CRC (CRC of the entire table) stored at the end of the key data table (step S7), and ends the process shown in FIG. For example, when the C product OS program is encrypted after the B product OS program is encrypted by the above processing, the IC chip 1a sends a code encryption command for the C product OS program from the IC card issuing machine. To send.

  By encrypting only a part of the OS program by the above processing, the OS program can be made private after the IC card 1 issuance processing. In addition, since the encrypted OS program can be decrypted with the encrypted key data, for example, even in the case where the OS product for the B product is used later, Can respond. In this case, when the CPU 10 receives a decryption command (hereinafter referred to as “code decryption command”) for decrypting a predetermined OS program encrypted as shown in FIG. Based on the key data associated with the address of the section corresponding to the specified identifier, a decryption process for decrypting the OS program stored in the area indicated by the address is performed. More specifically, when receiving a code decoding command, the CPU 10 acquires an identifier from the received code decoding command. Next, based on the acquired identifier, the CPU 10 acquires key data associated with the address of the section corresponding to the identifier from the key data table. Next, the CPU 10 decrypts the OS program stored in the section indicated by the address corresponding to the identifier based on the acquired key data (in other words, decrypts the target section). Next, the CPU 10 changes the flag associated with the address indicating the area where the decrypted OS program is stored (the flag held in the key data table) from “1” to “0” (the flag for the target section). To disable). That is, when the OS program is decrypted, the CPU 10 changes the flag corresponding to the decrypted OS program so as to indicate that the OS program is decrypted. Note that the code encryption command and the code decryption command may be divided into one function and one command, or the processing may be changed depending on identification information for separating encryption and decryption by the same command.

  Next, with reference to FIG. 4A, the processing of the CPU 10 when a general command is received after the issuing processing of the IC card 1 will be described. FIG. 4A is a flowchart showing a processing example of the CPU 10 when a general command is received after the IC card 1 issuance processing. This command is transmitted as an APDU (Application Protocol Data Unit). The header of the command transmitted as an APDU is formed with information of a total of 4 bytes, CLA, INS, P1, and P2. CLA and INS are mainly used for command types. In the present embodiment, for example, the section identifier is held in P1. When encryption and decryption are executed with the same command, identification information for separating encryption and decryption is held in P2.

  4A, when the CPU 10 receives a command transmitted from the external device 2 to the IC chip 1a, is the command directed to a predetermined application (for example, Java Application) provided with the API? Then, it is determined whether it is directed to other (for example, Native Application) (step S10). Here, the Java Application is an application described in Java (registered trademark) code and having a mechanism for converting the Java code into native code by a Java VM (virtual machine) or the like and executing it. On the other hand, the Native Application is an application directly written in native code. For example, when it is determined that the command is not directed to Java Application (step S10: NO), the CPU 10 delivers the command to, for example, Native Application (step S11). On the other hand, if it is determined that the command is directed to, for example, Java Application (step S10: YES), the process proceeds to step S12.

  In step S12, for example, the CPU 10 determines whether or not Java Application is the first activation immediately after reset. When it is determined that it is the first activation immediately after reset (step S12: YES), the process proceeds to step S13. On the other hand, when it is determined that it is not the first activation immediately after reset (step S12: NO), the process proceeds to step S14. In step S13, the CPU 10 determines whether or not the CRC of the key data table stored in the nonvolatile memory 13 is normal. That is, if the CRC stored in the nonvolatile memory 13 matches the CRC calculated at this time, the CPU 10 determines that the CRC is normal (step S13: YES), and proceeds to step S14. In step S14, the CPU 10 executes a common OS program (for example, Java OS) to operate Java Application. On the other hand, when it is determined that the CRC is not normal (step S13: NO), the process proceeds to step S15. In step S15, the CPU 10 performs error processing. In this error processing, an error signal is returned to the external device 2.

  Next, with reference to FIG. 4B, processing of the CPU 10 when an API is called from an application in operation will be described. FIG. 4B is a flowchart illustrating an example of processing performed by the CPU 10 when an API is called from an operating application.

  In FIG. 4B, when an API is called from an operating application, the CPU 10 sets a flag (target section of the target section) associated with an address indicating an area (section) that stores an OS program corresponding to the API. Get flag) is obtained from the key data table (step S20). Next, the CPU 10 refers to the flag acquired in step S20 and determines whether or not the flag is valid (step S21). When it is determined that the flag is not valid (0) (that is, it is determined that the flag is not encrypted) (step S21: NO), the CPU 10 determines the OS program corresponding to the API (for example, A Jump to and execute the product OS program (step S22). On the other hand, when it is determined that the flag is valid (1) (that is, it is determined that the flag is encrypted) (step S21: YES), the CPU 10 performs error processing (step S23). . In this error processing, an error signal is returned to the external device 2.

  As described above, according to the embodiment, when the IC chip 1a receives a code encryption command for encrypting a predetermined OS program among a plurality of OS programs, the identifier specified by the code encryption command is used. Since the OS program stored in the area indicated by the address is encrypted based on the key data associated with the address of the section corresponding to, a unique OS function is provided for each of a plurality of products. It can be used in an IC chip, and security can be improved. In addition, since the key data table is stored in the nonvolatile memory 13 and managed in the IC chip 1a, for example, how the key data is received between companies compared to the case where the key data table is managed externally. It is possible to avoid the problem of passing. Also, if it is an IC card such as UIM inserted in a mobile terminal (mobile device) etc., by using the OTA (Over-The-Air) function, by sending a command to the IC card by wireless communication, Even a card that has been put on the market can encrypt or decrypt a predetermined OS program. That is, the contract status between companies can be reflected in the market UIM without collecting the market IC card. Note that OTA is a mechanism in which a command sent from the OTA server is transmitted to the IC card inserted into the portable terminal via the portable terminal when the OTA server and the portable terminal use wireless communication. For example, it is used to rewrite specific information of IC cards already on the market using OTA.

  Further, according to the above-described embodiment, when the OS program is encrypted, the IC chip 1a changes (enables setting) the flag corresponding to the encrypted OS program, and thereafter, the API from the application Is called, it is determined whether or not the flag indicates that the OS program is encrypted by referring to the flag associated with the section storing the OS program corresponding to the API. Since it is configured as described above, for example, even when an API is illegally called by a security attack, it is possible to avoid jumping to an OS program corresponding to the API. Further, even when the flag is falsified by a security attack, for example, the OS program is encrypted and cannot be used. Therefore, security can be further improved.

1 IC Card 2 External Device 1a IC Chip 10 CPU
11 RAM
12 ROM
13 Non-volatile memory 14 I / O circuit

Claims (5)

An IC chip comprising a non-volatile memory for storing a plurality of control programs each responsible for a plurality of processing functions available from an application via an API (Application Programming Interface),
The nonvolatile memory includes identification information of an area for storing the control program responsible for the processing function, area information indicating an area for storing the control program, and key data for encrypting the control program. A table associated with each of the plurality of control programs is stored;
The IC chip is
Receiving means for receiving, from an external device, an encryption command for encrypting a predetermined control program among the plurality of control programs;
Encryption means for encrypting the control program stored in the area indicated by the area information based on the key data associated with the area information corresponding to the identification information designated by the received encryption command When,
An IC chip comprising: Each of the area information in the table is associated with a flag indicating whether or not the control program stored in each of the areas is encrypted,
The IC chip is
Changing means for changing the flag corresponding to the encrypted control program to indicate that the control program is encrypted when the control program is encrypted by the encryption means; ,
When the API is called from the application, the flag associated with the area information indicating the area for storing the control program corresponding to the API is referred to, and the flag is encrypted by the control program. Determining means for determining whether or not to indicate
An error processing means for performing an error process when it is determined by the determination means to indicate encryption;
The IC chip according to claim 1, further comprising: Each of the area information in the table is associated with a flag indicating whether or not the control program stored in each of the areas is encrypted,
The IC chip is
Changing means for changing the flag corresponding to the encrypted control program to indicate that the control program is encrypted when the control program is encrypted by the encryption means; ,
When the API is called from the application, the flag associated with the area information indicating the area for storing the control program corresponding to the API is referred to, and the flag is encrypted by the control program. Determining means for determining whether or not to indicate
A program execution unit that executes the control program corresponding to the API when it is determined by the determination unit that it is not indicated to be encrypted;
The IC chip according to claim 1, further comprising: The receiving means receives a decryption command for decrypting the encrypted predetermined control program from an external device;
Decryption means for decrypting the control program stored in the area indicated by the area information, based on the key data associated with the area information corresponding to the identification information specified by the received decryption command;
The IC chip according to any one of claims 1 to 3, further comprising: A program encryption method in an IC chip including a nonvolatile memory storing a plurality of control programs each responsible for a plurality of processing functions available from an application via an API (Application Programming Interface),
In the nonvolatile memory, for identifying the area for storing the control program responsible for the processing function, area information indicating the area for storing the control program responsible for the processing function, and for encrypting the control program And a table in which the key data is associated with each of the plurality of control programs,
The program encryption method includes:
A receiving step of receiving, from an external device, an encryption command for encrypting a predetermined control program among the plurality of control programs;
An encryption step for encrypting the control program stored in the area indicated by the area information based on the key data associated with the area information corresponding to the identification information specified by the received encryption command. When,
A program encryption method comprising:

Images