JP6499367B1 - Online service provision system - Google Patents

Abstract

To provide a new security technology capable of realizing secure service use without impairing the convenience of mobile. When a user tries to perform a procedure such as a transfer from an application, user authentication using a PIN code or the like is first requested. If the user authentication is successful, the function restriction of the sub-SIM is released, and a mode in which the function provided by the sub-SIM is available is set. The application uses the function of the sub SIM to generate an electronic signature by encrypting a procedure message describing the procedure contents with a secret key. When the electronic signature and the procedure message are sent to the online service server, the server verifies the electronic signature by using the corresponding electronic certificate. As a result of the verification, if it is confirmed that the message is a procedure message sent from a legitimate user and the content has not been altered, the server executes a procedure such as transfer according to the content of the procedure message. [Selection] Figure 1

Description

  The present invention relates to a technique for improving security when using an online service from a mobile device.

  With the spread of the Internet, a wide variety of online services have appeared and are used by many people. On the other hand, since cyber security problems are increasing day by day, security measures are required to use online services safely and securely.

For example, in online banking services, damage caused by cyber attacks called man-in-the-middle (MITM) has been increasing rapidly. MITM attacks use malware and fake websites to take over communications between online banking users and financial institutions (modify the contents of communications), and illegal remittances without being noticed by both users and financial institutions It is an attack technique that performs processing. MITB (Man In The Browser) is also a kind of MITM. Although remittance processing using the ATM network has been performed for a long time, the risk of cyber attacks has been extremely low since a dedicated line has been used. On the other hand, online services using an open network such as the Internet are exposed to various threats such as MITM attacks.

  In the current online banking service, a method using a one-time password issuer is widely used as a security measure. This is done by distributing a one-time password issuer to service users in advance, and using the one-time password generated and displayed by the one-time password issuer when logging into the service or when performing remittance processing. This is a method of performing authentication (see Patent Document 1). However, this method is not effective against MITM attacks. In the MITB attack, which is a kind of MITM attack, authentication information such as login ID and one-time password is entered by the user by malware or fake sites, and the user is impersonated using the authentication information as it is. is there.

  Therefore, recently, an increasing number of financial institutions take a measure called “transaction authentication” as a measure against MITM attacks. Transaction authentication is generally realized by a combination of transaction encryption (electronic signature) between a user and a server, and confirmation of transaction contents using a session on a different path from the browser. For confirmation of transaction contents, a dedicated device called a token is often used (see Patent Document 2).

JP 2006-071538 A JP 2012-048728 A

Transaction authentication is an effective measure against MITM attacks because it performs electronic signatures on transactions between users and servers. However, several problems have been pointed out with the current mainstream method using hardware tokens. One is low convenience for the user. When it is assumed that an online service is used on a mobile device (mobile device) such as a smartphone or a tablet terminal, the user must always carry the token on the go, which is troublesome. Moreover, since the tokens are different for each service, the number of tokens to be carried increases as the number of services to be used increases, which is not practical. Furthermore, considering the risk of theft and loss, many people feel reluctant to carry tokens. The second is the cost of the service provider. Service providers need to distribute and manage tokens to all users of online services, and the cost is not negligible.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a new security technology capable of realizing secure service use without impairing the convenience of mobile. Further, a further object of the present invention is to provide a new online service provider that can easily confirm that the content received from the user has not been tampered with and ensure a secure environment for the user. To provide security technology.

The first aspect of the present invention is:
An online service providing system that provides a mechanism for safely using an online service from a mobile device,
A service providing server that provides online services to registered users via the Internet;
An IC chip provided in a user device which is a portable device possessed by the user;
An application program that is executed by a main processor included in the user device and causes the user device to function as a terminal for using the online service;
The IC chip is
At least identification information used for user authentication for confirming the validity of the person who uses the user device, the user's private key, the user's public key paired with the private key, and the public key A memory for non-temporarily storing the user's electronic certificate,
At least an authentication function for performing the user authentication by comparing information provided from the application program with the identity information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
Have
The application program allows the user equipment to
User authentication means for performing the user authentication using the authentication function of the IC chip based on information acquired from a person who uses the user device, and
When it is confirmed by the user authentication that the user using the user device is valid, using the electronic signature function of the IC chip, a message describing information necessary for the procedure of the online service is described. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with the electronic signature to the service providing server via the Internet;
Function as
The service providing server includes:
User information storage means for storing an electronic certificate of the user as information about the user;
When the procedure request is received from the user device, the validity of the procedure request is confirmed by verifying the electronically signed message included in the procedure request using the electronic certificate of the user, Procedure control means for executing a procedure based on information described in the electronically signed message included in the procedure request when the request is confirmed to be valid;
An online service providing system is provided.

The second aspect of the present invention is
An application program that is executed by a main processor of a user device that is a portable device possessed by a user and that causes the user device to function as a terminal for using an online service provided by a service providing server through the Internet,
The user equipment includes
At least identification information used for user authentication for confirming the validity of the person who uses the user device, the user's private key, the user's public key paired with the private key, and the public key A memory for non-temporarily storing the user's electronic certificate,
At least an authentication function for performing the user authentication by comparing information provided from the application program with the identity information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
An IC chip having
The application program allows the user equipment to
User authentication means for performing the user authentication using the authentication function of the IC chip based on information acquired from a person who uses the user device, and
When it is confirmed by the user authentication that the user using the user device is valid, using the electronic signature function of the IC chip, a message describing information necessary for the procedure of the online service is described. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with the electronic signature to the service providing server via the Internet;
Provided is an application program characterized by functioning as:

  The present invention is based on the service providing server, the mobile device including the IC card and the application program, the online service providing method including at least a part of the processing, or the IC card and the application program. It can also be understood as a portable device control method including at least a part of processing, or a computer-readable storage medium in which the application program is stored non-temporarily.

  ADVANTAGE OF THE INVENTION According to this invention, the new security technique which can implement | achieve secure service utilization can be provided, without impairing the convenience of mobile. In addition, according to the present invention, the online service provider can easily confirm that the content received from the user has not been tampered with, and can ensure a secure environment for the user. Technology can be provided.

FIG. 1 is a diagram showing one of the features of an online service providing system according to the present invention. FIG. 2 is a block diagram illustrating a configuration of a service providing server that provides an online service. FIG. 3 is a block diagram showing a configuration of user equipment used for using the online service. FIG. 4 is a diagram schematically showing the appearance and mounting form of the SIM card and the IC card. FIG. 5 is a block diagram schematically showing the hardware configuration of the SIM card and the IC card. FIG. 6 is a block diagram schematically showing a logical configuration of the user device and the IC card. FIG. 7 is a diagram for explaining an IC card issuance procedure. FIG. 8 is a diagram for explaining an IC card issuance procedure. FIG. 9 shows the data structure of the IC card management database. FIG. 10 is a diagram showing the flow of the registration procedure for the online service. FIG. 11 is an example of a screen displayed on the user device in the registration procedure for the online service. FIG. 12 is a diagram illustrating a flow of login authentication of the online service. FIG. 13 is an example of a screen displayed on the user device in the login authentication of the online service. FIG. 14 is a diagram illustrating a flow when the online service is used. FIG. 15 is an example of a screen displayed on the user device when using the online service.

<Overview of online service provision system>
FIG. 1 shows a flow of procedure content signature (transaction signature) by public key cryptography using an IC card called a sub SIM, which is one of the features of an online service providing system according to the present invention.

  An application program (hereinafter also referred to as “application”) for using an online service provided by a service provider such as a bank is installed in a user device (such as a smartphone) possessed by the user, and is also referred to as a sub SIM. IC card is installed. The sub SIM stores a secret key unique to the user. The public key that forms the private key pair must be obtained in advance from a certificate authority that has been certified under the Act on Electronic Signatures and Authentication Services (Act No. 102 of 2000; hereinafter referred to as the “Electronic Signature Act”). It is assumed that an electronic certificate has been issued by a certificate authority.

  In the above system, when a user tries to perform a procedure such as transfer from an application, first, user authentication (person authentication) is required by PIN code, password, biometric authentication, or the like. When the user authentication is successful (that is, when it is confirmed that the person who operates the application is the user), the function restriction of the sub SIM is released and the function (API) provided by the sub SIM can be used. It becomes a mode. The application uses the function of the sub SIM to generate a digital signature by encrypting a procedure message (transaction) in which the procedure contents are described with a secret key. When the electronic signature and the procedure message are sent to the online service server, the server verifies the electronic signature by using the corresponding electronic certificate. As a result of the verification, if it is confirmed that the message is a procedure message sent from a legitimate user and the content has not been altered, the server executes a procedure such as transfer according to the content of the procedure message.

  According to such a method, it is not necessary to carry a device (such as a conventional token) other than the user equipment, and the online service can be used by the user equipment alone, which is highly convenient. In addition, since a secure procedure using an electronic signature is possible only with personal authentication, smart and simple operability can be realized.

  Furthermore, since a secret key stored in an IC card called a sub SIM and an encryption function (API) provided by the IC card are used, secure data communication can be realized. This secret key has a low risk of leakage, and since the secret key and encryption function cannot be used without clearing the personal authentication by PIN code, password or biometric authentication, there is a risk of unauthorized use by a third party. It can be made as small as possible.

In addition, service providers do not need to distribute or manage devices such as tokens, which can reduce operating costs. In addition, it is presumed that data with an electronic signature attached using an electronic certificate issued by a certificate authority that has been accredited under the Electronic Signature Act was genuinely created by the user in accordance with Article 3 of the Electronic Signature Act. Therefore, there is an advantage that litigation risk can be reduced.

<Service providing server>
FIG. 2 is a block diagram illustrating a configuration of the service providing server. The service providing server 20 is a server that provides an online service provided by a service provider through the Internet. The service providing server 20 will be described below by taking an online financial transaction service (so-called online banking) by a financial institution such as a bank as an example. It is preferably applicable to online services.

  The service providing server 20 includes a user registration unit 200, a user information storage unit 201, a login control unit 202, and a procedure control unit 203 as main functions. The user registration unit 200 is a function for performing a new user registration process. The user information storage unit 201 is a database that stores and manages registered user information. The login control unit 202 is a function that controls whether or not the online service can be used in response to a login request from the user. The procedure control unit 203 is a function that controls execution of the corresponding procedure of the online service in response to a procedure request from the user. Details of these functions and processing will be described later.

  The service providing server 20 can be configured by a general-purpose computer including a CPU (processor), a memory (RAM), a storage (HDD, SSD, etc.), a communication I / F, an input / output device, and the like. In that case, the functions and processes described above are realized by developing a program stored in the storage in the memory and executing the program by the CPU. The service providing server 20 may be configured by a single computer, or may be configured by distributed computing or cloud computing. In addition, a general-purpose computer may be used instead of a general-purpose computer, and the above-described functions or part of the processing may be configured using an ASIC or FPGA instead of software.

<User equipment>
FIG. 3 is a block diagram showing a configuration of a portable device (referred to as “user device”) used by the user to use the online service. In the present embodiment, a smartphone is illustrated as an example of the user device 30, but this is only one application example. The user equipment 30 has a processor and a memory for executing an application program for using an online service, is equipped with a SIM card (Subscriber Identity Module Card), and can be connected to the Internet. Any device may be used as long as it is an electronic device. In addition to smartphones, for example, tablet terminals, mobile PCs, wearable PCs, smart watches, smart glasses, smart wallets, portable game machines, and the like can be exemplified.

The user device 30 includes a CPU (processor) 300, a memory 301, a storage 302, a touch panel display 303, a communication module 304, a power supply 305, a SIM card 306, an IC card 307, and an NFC chip 320 as main hardware resources. The memory 301 is a RAM and provides a storage area that the CPU 300 uses as a working memory. The storage 302 is a non-volatile storage medium for storing application programs and various data, and includes, for example, a built-in EEPROM, a flash memory mounted in a card slot, and the like. The touch panel display 303 is a device that serves as both a display device and an input device. The communication module 304 is a device responsible for data communication and voice communication by the user device 30. The communication module 304 of this embodiment is assumed to support communication using a mobile phone network such as 3G or 4G / LTE, communication using Wi-Fi, short-range wireless communication, and the like. The power source 305 supplies power to the user device 30 and includes a lithium ion battery and a power circuit. The SIM card 306 is a contact type IC card in which subscriber information for communication using a mobile phone network is recorded. The IC card 307 is also a contact type IC card similar to the SIM card 306. The IC card 307 is a device additionally attached to the user device 30 in order to realize secure use of the online service. The NFC chip 320 is an IC chip that provides an NFC (Near Field Communication) standard near field communication function and an application using the function. In this embodiment, the SIM card 306, the IC card 307, and the NFC chip 320 are configured by different hardware, but the NFC function may be mounted on the SIM card 306 and / or the IC card 307.

<IC card>
FIG. 4 schematically shows the appearance and mounting form of the SIM card 306 and the IC card 307, and FIG. 5 is a block diagram schematically showing the hardware configuration of the SIM card 306 and the IC card 307.

  The SIM card 306 has a structure in which the IC chip 40 is mounted on a resin plate having a width of 15 mm, a height of 12 mm, and a thickness of 0.76 mm. As shown in FIG. 5, the IC chip 40 includes a processor 401, a RAM 402, a nonvolatile memory 403, and eight pins (electrodes) 404. The nonvolatile memory 403 stores data such as a unique serial number (ICCID) and subscriber identification information (IMSI) of the SIM card 306 and a program executed by the processor 401. The eight pins 404 include a power input terminal, a reset terminal, a clock terminal, a ground terminal, a program voltage input terminal, an I / O terminal, and a spare terminal.

  The SIM card 306 is provided from a carrier when the user subscribes to a mobile communication service provided by a mobile carrier (MNO) or a virtual mobile carrier (MVNO). Data and programs stored in the SIM card 306 are different for each business operator, but the basic structure of the SIM card 306 itself is the same as long as it conforms to international standards. In the present embodiment, a micro-SIM is taken as an example, but a mini-SIM or a nano-SIM can also be used as a SIM card.

  The IC card 307 has the same or substantially the same size as the SIM card 306 in width and height, and has a structure in which the IC chip 41 is embedded in a flexible film having a thickness of about 0.1 to 0.2 mm. The IC chip 41 also includes a processor 411, a RAM 412, a nonvolatile memory 413, and eight pins (electrodes) 414. The nonvolatile memory 413 of the IC card 307 stores data and programs for realizing secure use of the online service (details will be described later).

  The eight pins 414 of the IC card 307 are exposed on both the front surface and the back surface of the IC card 307 and have the same arrangement as the eight pins 404 of the SIM card 306. As shown in FIG. 4, the IC card 307 is attached to the SIM card 306 so that the corresponding pins (electrodes) of the IC card 307 and the SIM card 306 are physically and electrically connected to each other. Become. Since the IC card 307 is extremely thin, the SIM card 306 with the IC card 307 attached can be mounted in the SIM card slot 308 of the user device 30. FIG. 5 schematically shows a state in which the IC card 307 and the SIM card 306 are installed in the SIM card slot 308. The pin 414 on the surface of the IC card 307 is connected to the terminal 310 of the control board 309 of the user device 30, and the pin 404 of the SIM card 306 is connected to the terminal 310 of the control board 309 via the pin 414 of the IC card 307. It becomes.

  The CPU 300 of the user device 30 can selectively access both the IC card 307 and the SIM card 306. In other words, the application program operating on the CPU 300 of the user device 30 can selectively switch between a mode for communicating with the IC card 307 and a mode for communicating with the SIM card 306. In the former mode, the processor 411 of the IC card 307 processes the signal (command) received from the user device 30 by itself and does not transmit it to the SIM card 306. On the other hand, in the latter mode, the processor 411 of the IC card 307 performs an operation of mediating (through) a signal between the user device 30 and the SIM card 306. As in this embodiment, an IC card 307 of a type that is overlaid on a communication SIM card 306 is also referred to as a “sub-SIM”.

  The use of the sub SIM type IC card 307 has the following advantages. If the mobile device has a SIM card slot, the IC card 307 can be mounted (that is, no special structure or work is required on the mobile device side, and the IC card 307 can be mounted on almost all mobile devices. Is possible). The IC card 307 can be attached to a portable device having only one SIM card slot (in other words, even when the SIM card slot is not empty). In addition, since the communication SIM card 306 and the IC card 307 are completely independent of each other and do not affect each other, voice communication and data communication have been carried out even after the IC card 307 is installed. The same can be used. Moreover, since it can be added to any company's SIM card, it is easy to introduce and disseminate.

<Function of IC card>
FIG. 6 is a block diagram schematically showing a logical configuration of the user device 30 and the IC card 307.

  An application program 60 (hereinafter simply referred to as “main application 60”) for using an online service provided by the service providing server 20 is installed in the user device 30. The main body application 60 is a program distributed by a service provider of an online service (in this embodiment, a bank or the like), and the user downloads the main body application 60 through an application distributor on the Internet before using the online service. install.

  The main body application 60 includes a main processing unit 600, a user authentication unit 601, and a security processing unit 602 as main functions. The main processing unit 600 is a function responsible for display of the online service use screen, control of input, data transmission / reception with the service providing server 20, and the like. The user authentication unit 601 is a function that performs processing for confirming the legitimacy of the person who uses the user device 30. The purpose of the user authentication here is to confirm whether the person who is actually operating the user device 30 is a valid person (the user himself or a person who is authorized by a valid user). The security processing unit 602 is a function for executing security processing such as data encryption and electronic signature using the function of the IC card 307.

The non-volatile memory 413 (hereinafter simply referred to as “memory 413”) of the IC card 307 stores the personal information 610 used for the above-described user authentication, the user's private key 611 and public key 612 pair, and the user's electronic certificate 613. , A hash function 614, a program 615, and the like are stored. The address space of the memory 413 includes an area 4130 that can be accessed (read / written) from the outside and an area that cannot be accessed from the outside (that is, an area that can only be accessed by the processor 411 of the IC card 307) 4131. . Data used in security processing (personal information 610, private key 611, public key 612, electronic certificate 613, hash function 614, program 615, etc.) are all stored in area 4131 and externally (for example, main body application 60). Can not read or write directly. Data such as the serial number 616 and the manufacturing number 617 of the IC card 307 is stored in the area 4130 and can be read from the outside.

The processor 411 of the IC card 307 provides some APIs (Application Programming Interfaces) related to security functions to external applications. In FIG. 6, as an example, an authentication function 620, an encryption function 621, an electronic signature function 622, a personal information change function 623, a key generation function 624, a public key reading function 625, an electronic certificate writing function 626, an electronic certificate reading Function 627 is shown. These functions are realized by the processor 411 executing the program 615.

  The authentication function 620 is a function for performing user authentication by collating information given from the outside with the personal information 610 stored in the memory 413. The functions 621 to 627 other than the authentication function 620 cannot be used unless user authentication is successful. Any user authentication method may be used. For example, in the case of PIN code authentication, the authentication function 620 receives a code (for example, a 4-digit number) input by the user from the user authentication unit 601 of the main body application 60, and the input code is registered as the personal information 610. It is checked whether the code matches, and if it matches, the result “OK” is returned, and if it does not match, the result “NG” is returned. In the case of password authentication, the authentication function 620 receives a password (for example, a 6 to 16 character password) input by the user from the user authentication unit 601 of the main body application 60, and the input password is registered as the personal information 610. If it matches, “OK” is returned, and if it does not match, “NG” is returned. In the case of biometric authentication, the authentication function 620 receives the user's biometric information (face image, voiceprint, iris, fingerprint, vein, etc.) from the user authentication unit 601 of the main body application 60, and is extracted from the biometric information. And the identity characteristic registered as the identity information 610, it is determined whether or not the subject is the identity. If the identity is determined, the result is “OK”, otherwise the result is “NG”. Higher security may be realized by combining two or more of PIN code authentication, password authentication, and biometric authentication, or by combining other authentication methods.

  The encryption function 621 is a function for performing encryption using the secret key 611 on data given from the outside. For example, the encryption function 621 receives data from the security processing unit 602 of the main body application 60, encrypts the data using the secret key 611, and returns the encrypted data (ciphertext). The encryption algorithm is preferably RSA, DSA, ECDSA, or the like, but other algorithms may be used.

  The electronic signature function 622 is a function for performing an electronic signature using a secret key 611 on data given from the outside. The difference from the encryption function 621 is that the hash value of the given data is encrypted instead of encrypting the given data itself. For example, the electronic signature function 622 receives data from the security processing unit 602 of the main body application 60, calculates a hash value by the hash function 614, encrypts the hash value using the secret key 611, and converts the encrypted hash value to return. Any hash function may be used (in this embodiment, SHA-1 and SHA-256 are used). If the size of the data to be subjected to the electronic signature is small, the data itself encrypted instead of the hash value may be used as the electronic signature.

  The principal information change function 623 is a function for writing the principal information 610 in the memory 413 and updating or deleting the principal information 610 stored in the memory 413. This function is used when the main body application 60 newly registers or changes user information in the IC card 307.

The key generation function 624 is a function that generates a key pair of the secret key 611 and the public key 612. In the initial state of the IC card 307, the personal information 610, the secret key 611, the public key 612,
Information associated with the user, such as the electronic certificate 613, is not stored in the memory 413, but is registered in the memory 413 during an IC card issuance procedure described later (this operation is called IC card activation). At this time, since the secret key 611 is generated and stored in the memory 413 in the closed space in the IC card 307, the risk of leakage of the secret key 611 can be reduced. In the present embodiment, since an API for reading the secret key 611 from the memory 413 is not prepared, the risk that the secret key 611 is leaked to the outside is close to zero.

  The public key reading function 625 is a function for reading the public key 612 from the memory 413. The electronic certificate writing function 626 is a function for writing the electronic certificate 613 in the memory 413, and the electronic certificate reading function 627 is a function for reading the electronic certificate 613 from the memory 413. Since the public key 612 and the electronic certificate 613 are for distribution to a communication partner, they can be read out to the outside. Note that writing of the electronic certificate 613 is necessary during the IC card issuing procedure.

  According to the configuration described above, the main body application 60 of the user device 30 can easily realize data encryption and electronic signature using public key encryption by using the IC card 307. Furthermore, user authentication is required to use the encryption and electronic signature functions of the IC card 307, and the risk of leakage of the private key is close to zero, so extremely robust security is ensured.

<IC card issuance procedure>
With reference to FIG. 7 and FIG. 8, the issuing procedure (IC card activation) of the IC card 307 will be described. FIG. 7 is a diagram showing an IC card issuing terminal, and FIG. 8 is a diagram showing a flow of IC card issuing procedures.

  The IC card issuing terminal 70 is a terminal that issues a new IC card 307, and is installed in, for example, a mobile phone shop, a service provider store (bank, etc.), a convenience store, an agency window, and the like. The IC card issuing terminal 70 is constituted by a computer having an IC card reader / writer. If the store clerk operates, a general-purpose personal computer or a tablet terminal may be used. If the user (IC card applicant) himself / herself operates, a kiosk terminal may be used.

  The flow of the issuing procedure will be described with reference to FIG. Here, the “user” is a person who newly applies for the IC card 307 in order to use the online service (referred to as “user” or “applicant” in the description of FIG. 8). The “window” is a person who uses the IC card issuing terminal 70 to issue the IC card 307. The “communication service manager” is a person in charge of issuing and managing the operation of the IC card 307. The communication service manager, for example, provides the IC card 307, applies an electronic certificate to the certificate authority, manages the issued IC card, manages the association between the IC card 307 and the SIM card 306, and invalidates the IC card 307 ( For example, when the user device 30 is lost, stolen, or discarded). Since the security function of the IC card 307 can be used for various online services, the communication service manager may be configured by a different business entity from the online service provider. A “certificate authority” is a person who issues and revokes a public key electronic certificate.

The IC card applicant first applies for the use of the IC card at the window (step S800). When applying for use, the applicant's identification information will be communicated, and identification documents (driver's license, etc.) will be submitted. The identity verification information may include, for example, a name, sex, date of birth, and address. The applicant also specifies a PIN code to be registered in the IC card. The window staff confirms the identity by comparing the information transmitted from the applicant with the identity confirmation document, and then inputs the information to the IC card issuing terminal 70 (step S801). Note that only the PIN code may be entered by the applicant so that the PIN code is not known to the staff at the counter.

Next, the window staff sets a new IC card 307 in the IC card issuing terminal 70 and instructs the start of activation processing. In the memory 413 of the IC card 307 at this stage, only the “hash function 614 and program 615” among the information shown in FIG. 6 is stored, and the “secret key 611 and public key 612” are information associated with the user. , ”The electronic certificate 613” is not yet stored, and the PIN code of the principal information 610 is an initial value (for example, “0000”). First, the IC card issuing terminal 70 uses the authentication function 620 to authenticate with the initial PIN code, and then uses the personal information change function 623 to register the PIN code designated by the applicant, The generation function 624 is instructed to generate a key pair to generate a secret key 611 and a public key 612 (step S802). The PIN code and key pair are written in a predetermined area 4131 of the memory 413. Subsequently, the IC card issuing terminal 70 reads the public key 612 from the memory 413 using the public key reading function 625, and uses the public key 612 and the personal identification information input in step S801 to perform a CSR (Certificate Signing Request). Is created and transmitted to the management server of the communication service manager (step S80).
3).

  When receiving the CSR from the IC card issuing terminal 70, the management server transmits the CSR to a predetermined certificate authority (step S804). At this time, the management server may perform a credit investigation of the applicant based on the identity confirmation information.

  The certificate authority issues an electronic certificate of the applicant's public key in accordance with the received CSR, and sends it to the management server (step S805). An electronic certificate is a certificate that certifies the public key and its owner. X. developed by ITU-T. In the case of 509, the electronic certificate is data including a public key, owner information (identification information is applicable), an electronic signature of a certificate authority, an expiration date of the electronic certificate, and issuer information. The certificate authority's electronic signature is obtained by encrypting the hash value generated from the public key and owner information included in the electronic certificate with the certificate authority's private key.

  The management server transmits the issued electronic certificate to the IC card issuing terminal 70 (step S806). The IC card issuing terminal 70 writes the electronic certificate in the memory 413 using the electronic certificate writing function 626 of the IC card 307 (step S807). At this stage, the personal information 610 (PIN code in this embodiment), the private key 611, the public key 612, and the electronic certificate 613, which are data necessary for the security processing, are prepared in the memory 413 of the IC card 307. become.

  Next, the IC card 307 is attached to the user device 30 of the applicant (step S808). Specifically, the communication SIM card 306 is taken out from the user device 30, the IC card 307 is pasted on the SIM card 306, and the SIM card 306 is inserted into the user device 30 again. Further, the setup program is installed in the user device 30 and the setup process of the IC card 307 by the setup program is executed. The installation and setup of the IC card 307 may be performed by the window staff or by the applicant himself.

In the setup process, the user device 30 (a setup program that runs on the user device) reads the “serial number” and the “manufacturing number” from the IC card 307 and also reads the “telephone number” and “manufacturing number” from the SIM card 306. In addition, the setup program uses “IMEI (International Mobile Equipment Identity) as information on the user equipment 30 itself.
) ”. Then, the setup program transmits an IC card registration request together with such information to the management server of the communication service manager (step S809). When receiving the IC card registration request from the user device 30, the management server registers the information of the IC card 307, the SIM card 306, and the user device 30 included therein in the IC card management database (step S810).

  FIG. 9 shows an example of the data structure of IC card management information stored in the IC card management database. The “telephone number” and “manufacturing number” of the SIM card 306 and the “IMEI” of the user device 30 are managed in association with the “serial number” and “manufacturing number” of the IC card 307. Although not shown, user identification information (name, gender, address, date of birth), public key, electronic certificate information, etc. may be managed as IC card management information.

  When the registration of the IC card management information is completed, the management server notifies the user device 30 of the completion of registration (step S811). Thereby, the setup of the user device 30 is completed, and the IC card 307 can be used (activated state).

  Note that the issuing procedure shown in FIG. 8 is merely an example, and the issuing procedure may be performed in a different procedure. For example, an IC card 307 in which a secret key, a public key, an electronic certificate, and a PIN code are registered in advance may be prepared at the window. In this case, since the writing process to the IC card 307 is unnecessary, it is not necessary to use the IC card issuing terminal 70, and only the setup process in the user device 30 is required, and the IC card issuing procedure is simplified. When biometric authentication is used instead of PIN code authentication, biometric information (face image, voice print, iris, fingerprint, etc.) registered as personal information in the IC card 307 is input using the IC card issuing terminal 70 or the like. do it.

<First registration to online service>
With reference to FIG. 10 and FIG. 11, the initial registration procedure for the online service will be described. FIG. 10 is a diagram illustrating a flow of a registration procedure for the online service, and FIG. 11 is an example of a screen displayed on the user device 30.

  First, the user operates the user device 30 to download and install the main body application 60 (step S1001). Then, the user activates the main body application 60 and opens an online service login screen (step S1002). As shown in FIG. 11, at the first login, the user ID and password are input on the login screen 110 to log in to the online service (step S1003). At this time, the main body application 60 stores the user ID in the nonvolatile memory (step S1004). The password should not be stored in the user device 30 from the viewpoint of security. The user ID and password are information given by the service provider when a new application for online service, which is a separate procedure, is made.

  When the login is completed, the service providing server 20 transmits a predetermined electronic message (which may be any content) to the user device 30 and requests an electronic signature and an electronic certificate (step S1005).

The user authentication unit 601 of the main body application 60 displays a PIN code input screen 111 as shown in FIG. When the PIN code is input by the user, the user authentication unit 601 uses the authentication function 620 of the IC card 307 to check whether or not the input PIN code is correct (step S1006). When the PIN code is correct (that is, when the user authentication is successful), other functions 621 to 627 of the IC card 307 can be used from the main body application 60. The security processing unit 602 of the main body application 60 uses the electronic signature function 622 of the IC card 307 to perform an electronic signature on the message received from the service providing server 20 and uses the electronic certificate reading function 627 to store the memory. The electronic certificate 613 is read from 413. Then, the main processing unit 600 of the main body application 60 transmits the electronic signature-added message and the electronic certificate 613 to the service providing server 20 (step S1007).

  The service providing server 20 verifies the electronic signature-added message using the electronic certificate 613 received from the user device 30 (step S1008). “Verification” means that the electronic signature is performed by the user himself / herself by decrypting the electronic signature-added message with the public key included in the electronic certificate 613 and checking the decryption result and the original message. , Confirming that an electronic signature has been created with the user's private key. If the electronic signature is data obtained by encrypting the message itself, the decryption result may be compared with the original message. If the electronic signature is data obtained by encrypting the hash value of the message, the decryption result and the original message are compared. What is necessary is just to compare with the hash value of a message.

  If the verification is successful, the service providing server 20 associates the user ID / password of the user with an electronic certificate and registers the user ID in the user information storage unit 201 (step S1009). Then, the service providing server 20 notifies the main body application 60 that registration of the electronic certificate has been completed (step S1010). After the association between the user ID and the electronic certificate is completed, the login can be performed with a simpler operation as described below.

<Login to online service>
The login authentication of the online service will be described with reference to FIGS. FIG. 12 is a diagram illustrating a flow of login authentication of the online service, and FIG. 13 is an example of a screen displayed on the user device 30.

  When the user activates the main body application 60 in the user device 30, the user authentication unit 601 displays a PIN code input screen 130 as shown in FIG. 13 (step S1200). When the PIN code is input by the user, the user authentication unit 601 uses the authentication function 620 of the IC card 307 to check whether or not the input PIN code is correct (step S1201). When the PIN code is correct (that is, when the user authentication is successful), the security processing unit 602 of the main body application 60 uses the electronic signature function 622 of the IC card 307 to perform an electronic signature on the online service user ID. (Step S1202). Since the data size of the user ID is about several bytes to several tens of bytes, the user ID itself encrypted with the secret key 611 may be used as the electronic signature. Then, the main processing unit 600 of the main body application 60 transmits a login request to the service providing server 20 (step S1203). A user ID with an electronic signature (that is, an electronic signature of the user ID and a plain text user ID) is added to the login request.

  When receiving the login request, the login control unit 202 of the service providing server 20 reads the corresponding electronic certificate from the user information storage unit 201 based on the user ID included in the login request (step S1204). The login control unit 202 verifies the user ID with an electronic signature included in the login request using the electronic certificate (step S1205). Further, if necessary, the login control unit 202 may inquire the validity of the electronic certificate to the certificate authority (steps S1206 and S1207). If the verification of the user ID with the electronic signature is successful and the validity of the electronic certificate is confirmed, the login control unit 202 determines that the login request is from a valid user, and the user device 30 Is allowed to use the online service (step S1208). Thereafter, as shown in FIG. 13, a menu screen 131 of the online service is displayed on the user device 30, and the user can perform a desired procedure.

According to the above-described login authentication, the user only has to enter a PIN code, so it is possible to access the online service with a very simple operation compared to the conventional method of inputting ID / password each time and the method of using a token. Login is possible. In addition, since the security function provided by the IC card 307 is used, a high level of security is ensured.

<Use of online services>
With reference to FIG. 14 and FIG. 15, a procedure when using the online service will be described. FIG. 14 is a diagram illustrating a flow when the online service is used, and FIG. 15 is an example of a screen displayed on the user device 30. It is assumed that login to the online service has already been completed and the menu screen 150 is displayed on the user device 30.

  When the user selects a procedure to be used from the menu screen 150, the screen transitions to the details screen 151 (step S1400). FIG. 15 shows a screen example when the user selects “transfer”. When the user inputs necessary information (for example, transfer destination, transfer amount, etc.) on this detailed screen 151 and presses the execution button (step S1401), the main processing unit 600 of the main body application 60 displays information necessary for the transfer procedure. The described procedure message is created (step S1402).

  Subsequently, the user authentication unit 601 of the main body application 60 displays the PIN code input screen 152 and performs PIN code authentication (step S1403). Since the PIN code authentication procedure is the same as described above, the description thereof is omitted. If the PIN code authentication is successful, the security processing unit 602 of the main body application 60 uses the electronic signature function 622 of the IC card 307 to perform an electronic signature on the procedure message (step S1404). At this time, the electronic signature function 622 may generate a digital signature by calculating a hash value of the procedure message and encrypting the hash value with the secret key 611 or encrypting the procedure message itself with the secret key 611. An electronic signature may be generated. Then, the main processing unit 600 of the main body application 60 transmits a procedure request to the service providing server 20 (step S1405). A procedure message with an electronic signature and a user ID are added to the procedure request.

  When receiving the procedure request, the procedure control unit 203 of the service providing server 20 reads out the corresponding electronic certificate from the user information storage unit 201 based on the user ID included in the procedure request (step S1406). Then, the procedure control unit 203 verifies the procedure message with the electronic signature included in the procedure request using the electronic certificate (step S1407). If necessary, the procedure control unit 203 may inquire the validity of the electronic certificate from the certificate authority (steps S1408 and S1409). If the verification of the electronically signed procedure message is successful and the validity of the electronic certificate is confirmed, the procedure control unit 203 determines that the procedure request is from a valid user. That is, it is determined that there is no spoofing by a third party and that the content of the procedure message has not been altered.

  Only when it is confirmed that the procedure request is from a legitimate user, the procedure control unit 203 executes a procedure (transfer or the like) based on information described in the procedure message (step S1410). When the procedure is completed, the procedure control unit 203 transmits a procedure completion notification to the main body application 60 (step S1411). Then, a procedure completion screen 153 is displayed as shown in FIG.

  According to the processing described above, since the user only has to enter the PIN code, it is possible to use the online service with a very simple operation compared to the conventional method of inputting the ID / password each time and the method of using the token. Is possible. Moreover, since the security function provided by the IC card 307 is used, a high level of security is ensured, and it is possible to prevent spoofing and tampering with procedure messages due to so-called man-in-the-middle attacks.

<Invalidation of IC card>
According to the user device 30 of the present embodiment, the online service cannot be used unless user authentication using a PIN code or biometric information is successful. Therefore, even if the user device 30 is lost or stolen, the risk of unauthorized use of the user device 30 by a third party is small. However, since the possibility that PIN code authentication or biometric authentication is broken is not zero, it is preferable to implement an IC card invalidation function as described below.

(1) IC Card Self-Destruction Function Self-destruction is an operation in which the processor 411 itself of the IC card 307 invalidates the function of the IC card 307. Specific operations include locking the IC card 307 so that the function of the IC card 307 cannot be used from the outside (main body application 60), or erasing data (key pair, electronic certificate, etc.) stored in the memory 413. There are ways to do it. For example, the processor 411 may execute self-destruction when an incorrect PIN code is continuously input a predetermined number of times or when the memory 413 is accessed by a method other than the API.

(2) Invalidation of IC card When the communication service administrator receives a report from the user about the loss or theft of the user device 30 or the IC card 307, the management server invalidates the user device 30 or the IC card 307. The IC card 307 may be invalidated by transmitting an activation signal. Alternatively, when the management server monitors the usage status of the IC card 307 and detects an abnormality (for example, when the unused status has continued for a long period of time, when the usage frequency has suddenly increased, or when attempting to send a large sum of money) The IC card 307 may be invalidated. Alternatively, when the management server monitors the combination of the IC card 307, the SIM card 306, and the user device 30 and detects a conflict with the information managed by the IC card management information (for example, the IC card is a single card or a SIM card) The IC card 307 may be invalidated when such a wrinkle may occur when the card is removed together with the card and attached to another portable device. The invalidation method also locks the IC card 307 so that the function of the IC card 307 cannot be used from the outside (main application 60), or erases data (key pair, electronic certificate, etc.) stored in the memory 413. There are methods.

(3) Invalidation of electronic certificate When the communication service administrator receives a report from the user about the loss or theft of the user device 30 or the IC card 307, the electronic certificate of the user is sent from the management server to the certificate authority. You may request invalidation of the certificate. Alternatively, the management server may monitor the usage status of the IC card 307 and the combination of the IC card / SIM card / user device, and may request the certificate authority to invalidate the electronic certificate when an abnormality is detected.

<Others>
The above-described embodiments are merely illustrative of one specific example of the present invention, and the technical scope of the present invention is not limited to the contents of the above-described embodiments, and the present invention is within the scope of its technical idea. It can take various concrete forms. For example, the present invention can be applied to various types of online services other than the online banking service. In the above-described embodiment, the sub SIM type IC card is exemplified. However, if the mobile device has a plurality of SIM card slots, an IC card having the same specifications as a general micro-SIM or nano-SIM (for communication) is used. It may be mounted in a slot separate from the SIM card. Alternatively, an IC card of a type that is installed in a slot other than the SIM card slot may be used, or an IC chip (for example, Secure Element) built in the portable device may be used. In the above-described embodiment, only the user ID with an electronic signature is included in the login request, but an electronic certificate may be sent together. In the above-described embodiment, the electronic signature is applied only to the data sent from the user device to the service providing server. However, it is also preferable to perform the electronic signature or encryption on the data sent from the service providing server to the user device. In this case, the service providing server may perform an electronic signature or encryption using its own encryption key, or may perform encryption using the user's public key.

20: Service providing server 30: User device 60: Application program 70: IC card issuing terminal 306: SIM card 307: IC card (sub SIM)
308: SIM card slot

Claims (9)

An online service providing system that provides a mechanism for safely using an online service from a mobile device,
A service providing server that provides online services to registered users via the Internet;
An IC chip provided in a user device which is a portable device possessed by the user;
An application program that is executed by a main processor included in the user device and causes the user device to function as a terminal for using the online service;
The IC chip is
At least identification information used for user authentication for confirming the validity of the person who uses the user device, the user's private key, the user's public key paired with the private key, and the public key A memory for non-temporarily storing the user's electronic certificate,
At least an authentication function for performing the user authentication by comparing information provided from the application program with the identity information, and an electronic signature function for performing an electronic signature using the secret key on data provided from the application program A processor having
And is attached to the SIM card slot in a state of being overlaid on the communication SIM card,
The application program allows the user equipment to
User authentication means for performing the user authentication using the authentication function of the IC chip based on information acquired from a person who uses the user device, and
When it is confirmed by the user authentication that the user using the user device is valid, using the electronic signature function of the IC chip, a message describing information necessary for the procedure of the online service is described. Transmitting means for performing an electronic signature and transmitting a procedure request including a message with the electronic signature to the service providing server via the Internet;
Function as
The service providing server includes:
User information storage means for storing an electronic certificate of the user as information about the user;
When the procedure request is received from the user device, the validity of the procedure request is confirmed by verifying the electronically signed message included in the procedure request using the electronic certificate of the user, Procedure control means for executing a procedure based on information described in the electronically signed message included in the procedure request when the request is confirmed to be valid;
An online service providing system characterized by comprising: The memory of the IC chip has an area that cannot be accessed from the outside,
The online service providing system according to claim 1, wherein at least the principal information and the secret key are stored in the area that cannot be accessed from the outside. 3. The online service providing system according to claim 1, wherein the processor of the IC chip has a key generation function for generating the secret key and the public key. 4. The online service providing system according to any one of claims 1 to 3, further comprising a server having a database that manages the information of the IC chip and the information of the SIM card for communication in association with each other. 5. The online service providing system according to claim 4, wherein the database manages the information of the user device in association with the information of the IC chip. 6. The online service providing system according to claim 4, wherein the database manages the identity information of the user in association with the information of the IC chip. 7. The online service providing system according to any one of claims 4 to 6, wherein the database manages the information of the IC chip by further associating the public key or electronic certificate of the user. The online service providing system according to claim 1, wherein the processor of the IC chip has a function of invalidating the IC chip. The online service providing system according to claim 1, further comprising a server that requests a certificate authority to invalidate the user's electronic certificate.

Images