JP6800732B2 - Processing system and terminal - Google Patents

Description

Embodiments of the present invention relate to portable electronic devices, programs, processing systems, terminals and IC cards.

As one of the security attacks, an attack called a replay attack is known. A replay attack is mainly used for unauthorized intrusion into a network, and is an attack that impersonates the user by eavesdropping on a value such as a user's encryption key or password and reusing the eavesdropped value as it is.

Conventionally, replay attacks have been attacks aimed at unauthorized access to networks, but in recent years, the targets of replay attacks have expanded to IC (Integrated Circuit) cards. For example, when a holder of an IC card such as a credit card uses an ATM (Automatic Teller Machine) or a vending machine, the PIN of the IC card is illegally modified by peeping or illegally modifying the PIN (Personal Identification Number) pad. There is an example of stealing the IC card and then stealing the entire wallet or bag by flipping the IC card.

As a simple countermeasure against a replay attack, for example, a method of increasing the number of PINs that can be used for authentication to two and inputting two PINs alternately for each authentication can be considered. In this method, the user needs to memorize the PIN used last time. If the user mistakenly entered the PIN used last time, the attacker can steal the two PINs.

In addition, as an effective countermeasure against replay attacks targeting networks, a method using a time-synchronized one-time password is known. This method is one of the methods to prevent replay attacks by changing the password entered by the user for each authentication and not reusing the same password. In the method using a time-synchronized one-time password, a one-time password is generated based on the "seed" according to the current time. In this method, in general, a dedicated terminal is often distributed to the user in order to synchronize the time between the user and the authentication server.
However, the method using a time-synchronized one-time password is not always an effective countermeasure against a replay attack targeting an IC card. The reason for this is that, for example, by stealing a bag by snatching, it is possible to steal an IC card and a dedicated terminal for time synchronization at the same time.

Japanese Unexamined Patent Publication No. 2006-285649

An object to be solved by the present invention is to provide a portable electronic device, a program, a processing system, a terminal and an IC card capable of improving the security of a portable electronic device such as an IC card.

The processing system of the embodiment includes a portable electronic device and a portable device. The portable electronic device determines whether or not authentication is possible based on whether or not the information received from the terminal matches the second information generated based on the first information stored in the storage unit. To do. The portable device inputs the first information, and based on the input first information, generates a second information used for authentication of the portable electronic device, and the generated second information is generated. Output the information of 2.

The figure which shows the communication system of embodiment. The external view which shows an example of the IC card of embodiment. The figure which shows the portable device of an embodiment. The figure which shows the IC card of an embodiment. The figure which shows the outline of the conversion table of an embodiment. The flowchart which shows an example of the procedure of the process performed in the portable device of embodiment. The flowchart which shows an example of the procedure of the process performed in the IC card of an embodiment. The figure which shows an example of the operation of the portable device, the user, the terminal, and the IC card performed in the communication system of embodiment. The figure which shows the communication system of embodiment. The flowchart which shows an example of the procedure of the process performed in the terminal of embodiment.

Hereinafter, the portable electronic device, the program, the processing system, the terminal, and the IC card of the embodiment will be described with reference to the drawings.

(First Embodiment)
FIG. 1 is a diagram showing a communication system 1 of the embodiment.
The communication system 1 includes an IC card 11, a terminal 12, and a portable device 14 such as a smart phone. Communication system 1 includes a system (processing system) having an IC card 11 and a portable device 14.
The IC card 11 and the terminal 12 communicate with each other via a wired or wireless communication path 13. The IC card 11 interprets an instruction (command) from the external terminal 12, executes a process according to the instruction, and responds the result to the terminal 12.
As an example in which the IC card 11 includes one IC chip embedded inside the IC card 11, the IC card 11 is configured to respond to a command transmitted from the terminal 12. Alternatively, as another example, the IC card 11 is configured to perform an operation other than responding to a command transmitted from the terminal 12.

Here, as a method of communication between the IC card 11 and the terminal 12, either a contact method or a non-contact method may be used.
In the contact method, a metal contact point (contact portion) is provided on each of the terminal 12 and the IC card 11, and the contact point of the terminal 12 and the contact point of the IC card 11 are in contact with the terminal 12. Communicates with the IC card 11. In this case, the conductive path (wired path) connecting the terminal 12 and the IC card 11 connected by these contact points becomes the communication path 13.
In the non-contact method, an antenna such as a loop antenna is provided on each of the terminal 12 and the IC card 11, and the terminal 12 and the IC card 11 are subjected to electromagnetic induction between the antenna of the terminal 12 and the antenna of the IC card 11. Communicates. In this case, the path in the air (wireless path) where electromagnetic induction is performed becomes the communication path 13.

The terminal 12 transmits a UART (Universal Asynchronous Receiver Transmitter) command to the IC card 11 according to a specific protocol in order to read and rewrite the information stored inside the IC card 11. The IC card 11 holds a command received from the terminal 12 via, for example, the UART in the reception buffer, then interprets the command held in the reception buffer and executes processing according to the command.
Further, a configuration in which the IC card 11 is provided with a power supply may be used, or a configuration in which power is supplied from the terminal 12 to the IC card 11 by a contact method or a non-contact method without the IC card 11 being provided with a power supply is used. May be done.

As an example of the hardware configuration, the IC card 11 has a ROM (Read Only Memory) 31 for storing programs and the like, a RAM (Random Access Memory) 32 for temporarily holding data, and a non-volatile memory whose stored contents can be rewritten. EEPROM (Electrically Erasable Programmable ROM) 33 which is a sexual storage device (NVM: Non-Volatile Memory), UART 34 which communicates with terminal 12, CPU (Central Processing Unit) 35, and co-processor (Co-processor) 36. And a system bus 37 that connects them to each other.

As an example, when performing various operations, the RAM 32 has a reception buffer for holding information on commands transmitted from the terminal 12, a transmission buffer for holding information on commands to be transmitted to the terminal 12. A working buffer is provided to hold information in.
Here, in the present embodiment, the IC card 11 includes a coprocessor 36 that executes a specific process (for example, a process of encrypting data and a process of decrypting encrypted data) to assist the CPU 35. As another configuration example, the IC card 11 may not be provided with the coprocessor 36, and all the processing may be executed by the CPU 35.

FIG. 2 is an external view showing an example of the IC card 11 of the embodiment.
As shown in FIG. 2, the IC card 11 includes an IC module 51. The IC module 51 includes a contact portion 61 and an IC chip 62 inside. The IC card 11 is formed by mounting the IC module 51 on, for example, a plastic card base material 52 (an example of a card body). As described above, the IC card 11 includes the IC module 51 and the card base material 52 in which the IC module 51 is embedded. Further, the IC card 11 can communicate with the terminal 12 which is an external device via the contact unit 61.

For example, the IC card 11 receives a command (process request) transmitted by the terminal 12 via the contact unit 61, and executes processing (command processing) according to the received command. Then, the IC card 11 transmits a response (processing response), which is the execution result of the command processing, to the terminal 12 via the contact unit 61.
Here, the terminal 12 is a higher-level device that communicates with the IC card 11, and is, for example, a reader / writer terminal.

The IC module 51 is a module that includes a contact portion 61 and an IC chip 62, and is traded in the form of, for example, a COT (Chip On Tape) in which a plurality of IC modules 51 are arranged on a tape.
The contact unit 61 has terminals for various signals necessary for the IC card 11 to operate. Here, the terminals of various signals include, for example, a terminal that receives supply of a power supply voltage, a clock signal, a reset signal, and the like from the terminal 12, and a serial data input / output terminal (SIO terminal) for communicating with the terminal 12. The terminals supplied from the terminal 12 include a power supply terminal (VDD terminal, GND terminal), a clock signal terminal (CLK terminal), and a reset signal terminal (RST terminal).
The IC chip 62 is, for example, an LSI (Large Scale Integration) such as a one-chip microprocessor.

Note that FIG. 2 shows the appearance of the IC card 11 that communicates with the terminal 12 by the contact method using the contact portion 61. As another configuration example, in the IC card 11 having a contact type communication function and a non-contact type communication function, an antenna for performing non-contact type communication (and, if necessary, if necessary) is further added to the configuration of FIG. , Other necessary circuits). Further, as another configuration example, in the IC card 11 which does not have the contact type communication function and has the non-contact type communication function, instead of the contact portion 61, an antenna for performing the non-contact type communication ( And, if necessary, other necessary circuits).

A method of authentication performed when the IC card 11 is used in the communication system 1 of the present embodiment will be described.
In the communication system 1 of the present embodiment, the (k, n) threshold secret sharing method is applied to generate a pseudo one-time password, and the generated pseudo one-time password is used for authentication.

Here, the secret sharing method is a method of distributing secret information to a plurality of pieces, and when a predetermined number of the distributed information is collected, the original secret information can be restored. Compared to the method of simply encrypting information, the secret sharing method improves availability and confidentiality because the secret information itself does not leak even if the distributed information leaks if the number is less than the specified number. It is a technology that can be compatible.
In addition, the (k, n) threshold secret dispersion method proposed by Shamir is based on the mathematical basis that "the formula of the k-th order curve cannot be obtained without knowing the coordinates of k points passing through the curve". It is a method called. In this method, the equation f (x) of the k-th order curve is prepared as secret information s, and n coordinates on this curve are prepared as dispersion information. At this time, the secret information s cannot be restored unless k of the n distributed information are collected. It should be noted that k and n are numbers of 2 or more, respectively, and there is a relationship of k> n. Further, s represents information. Further, f (x) represents an expression (function) in which x is a variable.

Here, in the communication system 1 of the present embodiment, a PIN that is a master of authentication information (hereinafter, also referred to as “master PIN”) and a PIN that is authentication information generated based on the master PIN (hereinafter, also referred to as “master PIN”). Also referred to as a "temporary PIN") is used. In this embodiment, the temporary PIN is used as a pseudo one-time password.
In the present embodiment, one master PIN is shared between the user and the authentication system (in the present embodiment, the IC card 11) for each IC card 11.
Further, a method of converting the master PIN value and predetermined information into the equation f (x) of the k-th order curve is open to the public. As the predetermined information, for example, personal information not described in the IC card 11 is used. In the case of a credit card, the personal information is, for example, information such as a user's birthday.

If the value of the master PIN is used for input and no other information is used, the number of candidates in the equation f (x) is limited to the number that the master PIN can take. Therefore, for example, when a 4-digit master PIN is used, the number of candidates of the formula f (x) is 10,000.
As a method for converting the master PIN to the formula f (x), for example, a method using a conversion formula for converting the master PIN to the formula f (x) may be used, or the master PIN to the formula f (x) may be used. A technique of referencing a conversion table to convert to may be used.
Further, a method capable of reversibly converting a rational point on the equation f (x) into a pseudo one-time password (temporary PIN in the present embodiment) is open to the public.

In the communication system 1 of the present embodiment, a plurality of temporary PINs generated from one master PIN are used for authentication when the IC card 11 is used. In the present embodiment, the master PIN is also configured to be usable for the authentication, but as another configuration example, the master PIN may be configured not to be used for the authentication.
In the present embodiment, the temporary PIN that has been used once for the input for authentication cannot be used again until the normal authentication is completed a predetermined number of times thereafter. The predetermined number of times may be any number of times, and is, for example, at least the number of times set in the PIN Tri Counter. Here, the number of times set in the PIN tri-counter is the maximum number of times that the PIN input can be tried. The number of times set in the PIN tri-counter is, for example, a value smaller than k.

In the communication system 1 of the present embodiment, the user uses the application (program) of the portable device 14 to calculate and acquire a temporary PIN by the application. Then, the user inputs the acquired temporary PIN into the user terminal (terminal 12) of the IC card 11 to cause the IC card 11 to execute the authentication process (identity verification process) of the user.
Here, in the present embodiment, the application of the portable device 14 which is the local environment calculates the temporary PIN and manages the log of the temporary PIN used in the past. As another configuration example, the user may manually calculate the temporary PIN from the master PIN and manage the log of the temporary PIN used in the past.

As described above, in the communication system 1 of the present embodiment, the distribution information is calculated based on the information (secret information) of the master PIN by the method applying the secret sharing method, and the calculated distribution information is used as a pseudo one-time. It is possible to use it as a password (temporary PIN in this embodiment) instead of the master PIN. Then, in the communication system 1 of the present embodiment, when a pseudo one-time password is input to the terminal 12 by the user, the pseudo one-time password is calculated from the secret information on the IC card 11. Judge whether or not.
Here, there are a plurality of values allowed as a pseudo one-time password for one master PIN, but due to the nature of the secret sharing method, there are more than a preset number of pseudo one-time passwords. As long as it does not leak, the value of the master PIN will not leak. In the communication system 1 of the present embodiment, by utilizing this property, it is possible to set a pseudo one-time password once entered so that it cannot be reused a certain number of times. In this case, the pseudo one-time password has a mechanism that can withstand the theft of the password a certain number of times.
Further, in the communication system 1 of the present embodiment, a plurality of pseudo one-time passwords that can be used are presented to the user, and among them, the passwords to be used are targeted (candidates to be used in the future). Allows the user to select one or more pseudo one-time passwords. Further, in the communication system 1 of the present embodiment, it is possible for the user to specify one pseudo one-time password to be used from among one or more selected pseudo one-time password candidates. To do.

FIG. 3 is a diagram showing a portable device 14 of the embodiment.
In the present embodiment, the portable device 14 is a smart phone, but other portable devices may be used.
The portable device 14 includes an input unit 111, an output unit 112, a storage unit 113, and a processing unit 114. The processing unit 114 includes a master PIN information acquisition unit 131, a temporary PIN information generation unit 132, and a temporary PIN information output control unit 133.

The input unit 111 inputs information from the outside. In the present embodiment, the input unit 111 has an operation unit operated by the user, and inputs information representing the content operated by the operation unit.
The output unit 112 outputs information to the outside. In the present embodiment, the output unit 112 has a screen, and displays and outputs information on the screen.
The storage unit 113 stores information.

The processing unit 114 executes various processes.
The master PIN information acquisition unit 131 acquires master PIN information (master PIN value) based on the information input by the operation unit of the input unit 111 being operated by the user. Further, the master PIN information acquisition unit 131 may be based on the information input by the operation unit of the input unit 111 operated by the user, based on the information stored in the storage unit 113, or by another method. , Acquire predetermined information (personal information, etc.).
The temporary PIN information generation unit 132 generates temporary PIN information (temporary PIN value) based on the master PIN information acquired by the master PIN information acquisition unit 131 and predetermined information.
The temporary PIN information output control unit 133 controls the output unit 112 to output the value of the temporary PIN generated by the temporary PIN information generation unit 132.

Here, the temporary PIN information generation unit 132 converts the information of the master PIN (and the predetermined information) into the information of the function f (x) by using, for example, a predetermined conversion formula or a predetermined conversion table. Then, the temporary PIN information generation unit 132 generates the temporary PIN information by calculating the temporary PIN from the rational points based on the obtained function f (x).
In this case, a configuration in which the information of the predetermined conversion formula or the predetermined conversion table is stored in the storage unit 113 may be used. Alternatively, a configuration may be used in which the information of the predetermined conversion formula or the predetermined conversion table is acquired by the temporary PIN information generation unit 132 based on the information publicly available via the Internet or the like.
Further, the temporary PIN information generation unit 132 manages the temporary PIN candidates selected by the user, and also manages the temporary PIN to be used specified by the user from the temporary PIN candidates. Then, the temporary PIN information generation unit 132 manages the log of the temporary PIN used in the past by the user. The temporary PIN information generation unit 132 stores and manages the log in the storage unit 113.

The correspondence between the master PIN information (and predetermined information) and the function f (x) may be determined for each brand of the IC card 11, for example. In this case, as the application of the portable device 14, for example, an application corresponding to one brand (application for each brand) may be used, or an application corresponding to each of two or more brands (common). Application) may be used. In the portable device 14, when an application corresponding to each of two or more brands is used, the temporary PIN information generation unit 132 switches the brand to be processed according to the operation by the user.

In the portable device 14 of the present embodiment, a configuration example in which a combination of master PIN information and predetermined information (personal information, etc.) and a function f (x) correspond to each other will be described, but as another configuration example, a master A configuration example in which the PIN information and the function f (x) correspond to each other may be used, and in this case, predetermined information (personal information or the like) may not be used. Alternatively, the predetermined information may be set in the storage unit 113 of the portable device 14 as fixed information, for example.

In the present embodiment, the functions of the master PIN information acquisition unit 131, the temporary PIN information generation unit 132, and the temporary PIN information output control unit 133 are configured by the functions realized by a predetermined application (program). The application (the program) is stored in the storage unit 113. The processing unit 114 is configured by using a CPU, and the CPU executes the application (the program).

FIG. 4 is a diagram showing the IC card 11 of the embodiment.
The IC card 11 includes a communication unit 211, a storage unit 212, and a processing unit 213. The processing unit 213 includes a temporary PIN information acquisition unit 231, a master PIN information acquisition unit 232, a determination unit 233, and a transaction processing unit 234.

The communication unit 211 communicates with the terminal 12. In this embodiment, contact-type communication may be used, or non-contact-type communication may be used.
The storage unit 212 stores information. In the present embodiment, the storage unit 212 stores the information (value of the master PIN) of one master PIN assigned to the self (IC card 11).

The processing unit 213 executes various processes.
The temporary PIN information acquisition unit 231 acquires the temporary PIN information received from the terminal 12 by the communication unit 211. The terminal 12 transmits the temporary PIN information received from the user to the IC card 11 in the authentication process when the IC card 11 is used.
The master PIN information acquisition unit 232 acquires the master PIN information. In the present embodiment, the master PIN information acquisition unit 232 acquires the master PIN information of the self (IC card 11) stored in the storage unit 212. Further, the master PIN information acquisition unit 232 may use the information stored in the storage unit 212, or the information input to the terminal 12 by the user and received from the terminal 12, or by another method. , Acquire predetermined information (personal information, etc.).

The determination unit 233 determines a match between the temporary PIN information acquired by the temporary PIN information acquisition unit 231 and the master PIN information acquired by the master PIN information acquisition unit 232. In the present embodiment, the determination unit 233 converts the information of the master PIN (and the predetermined information) into the information of the function f (x) by using, for example, a predetermined conversion formula or a predetermined conversion table. Then, the determination unit 233 has a rational point on the function f (x) corresponding to the information of the temporary PIN acquired by the temporary PIN information acquisition unit 231 with respect to the obtained function f (x). It is determined whether or not it exists, and if it exists, it is determined that the authentication was successful (normally authenticated), while if it does not exist, it is determined that the authentication failed (abnormal). That is, the determination unit 233 determines whether or not the coordinate value obtained by converting the value of the temporary PIN is on the curve obtained by converting the value of the master PIN, and the coordinate value is the curve. If it is above the curve, it is determined that the authentication was successful, while if the coordinate value is not above the curve, it is determined that the authentication has failed.
The IC card 11 may use, for example, a configuration in which information of a predetermined conversion formula or a predetermined conversion table is stored in the storage unit 212. Alternatively, the IC card 11 may use a configuration in which the information of the predetermined conversion formula or the predetermined conversion table is acquired by the determination unit 233 based on the information publicly available via the Internet or the like.

In the IC card 11 of the present embodiment, a configuration example in which a combination of master PIN information and predetermined information (personal information, etc.) and a function f (x) correspond to each other will be described, but as another configuration example, a master A configuration example in which the PIN information and the function f (x) correspond to each other may be used, and in this case, predetermined information (personal information or the like) may not be used. Alternatively, the predetermined information may be set in the storage unit 212 of the IC card 11 as fixed information, for example.

Here, as the function f (x) corresponding to the information (and predetermined information) of the master PIN, a common function is used between the portable device 14 and the IC card 11.
Further, the determination unit 233 may store the value of the temporary PIN that has already been used by the user and the authentication is successful in the storage unit 212. Then, the determination unit 233 cannot use the already used temporary PIN value for authentication until a predetermined number of authentications are successfully performed by another temporary PIN thereafter (that is, it is used for authentication). It may be a state in which it is prohibited to do so.
As described above, the temporary PIN value once input may be configured so that it cannot be reused at least a predetermined number of times thereafter. The predetermined number of times may be set in advance, or may be set by the user.

When the authentication unit 233 succeeds in authentication, the transaction processing unit 234 executes a process related to a predetermined transaction by communicating with the IC card 11 by the communication unit 211. The predetermined transaction may be an arbitrary transaction, for example, a financial transaction such as a credit card.
On the other hand, the transaction processing unit 234 prohibits the execution of a predetermined transaction process with the IC card 11 when the authentication unit 233 fails the authentication.

An example of the correspondence between the configuration shown in FIG. 4 and the configuration shown in FIG. 1 is shown.
That is, in the IC card 11 of the present embodiment, the storage unit 212 having an area for storing the program and various data is configured by the functions of the ROM 31, the RAM 32, and the EEPROM 33. In addition, the communication unit 211 that performs communication is configured by the function of UART 34. Further, the processing unit 213 that executes various processes is configured by the function of the CPU 35 and the function of the coprocessor 36 (as another configuration example, the function of the CPU 35 when the function of the coprocessor 36 is unnecessary). ..

FIG. 5 is a diagram showing an outline of the conversion table 311 of the embodiment.
The conversion table 311 generally stores the information of the master PIN and the information of the function f (x) in association with each other. Although not shown in FIG. 5, the function f (x) may depend on, for example, predetermined information (personal information, etc.).
In the example of FIG. 5, when the information of the master PIN is "1234", it is stored that "function f (x) = ax ² + bx + c (a, b, c are real numbers, respectively)". In addition, when the information of the master PIN is "5678", it is stored that "function f (x) = dx ² + ex + f (d, e, f are real numbers, respectively)". In addition, other correspondences are also stored.
In the present embodiment, the conversion table 311 as shown in FIG. 5 may be used in one or both of the temporary PIN information generation unit 132 of the portable device 14 and the determination unit 233 of the IC card 11. ..

FIG. 6 is a flowchart showing an example of a processing procedure performed in the portable device 14 of the embodiment.

(Step S1)
First, the user activates a predetermined application for acquiring the temporary PIN information, operates the operation unit of the input unit 111 of the mobile device 14, and inputs the value of the master PIN. In the portable device 14, the input unit 111 inputs the value of the input master PIN, and the master PIN information acquisition unit 131 acquires the value of the master PIN. Further, in the portable device 14, predetermined information (personal information, etc.) is acquired by the master PIN information acquisition unit 131.

(Step S2)
In the portable device 14, the temporary PIN information generation unit 132 generates the temporary PIN value based on the master PIN value (and predetermined information) acquired by the master PIN information acquisition unit 131.

(Step S3)
In the portable device 14, the temporary PIN information output control unit 133 displays and outputs the value of the temporary PIN generated by the temporary PIN information generation unit 132 on the screen.
In the present embodiment, in the portable device 14, the temporary PIN information generation unit 132 generates two or more temporary PIN values, and the temporary PIN information output control unit 133 displays and outputs the two or more temporary PIN values. .. The user operates the operation unit included in the input unit 111 of the mobile device 14, and among the two or more temporary PIN values displayed and output, one or more temporary PIN values (for example, two or more temporary PIN values). It is a different temporary PIN value, and the same applies to the following.) Is selected as the target of use.

(Step S4)
In the portable device 14, the input unit 111 inputs information (selection information) in which one or more temporary PIN values are selected by the user. In the portable device 14, the temporary PIN information generation unit 132 acquires the selection information.

(Step S5)
In the portable device 14, the temporary PIN information generation unit 132 updates the value of the selected temporary PIN based on the acquired selection information. Specifically, in the portable device 14, the temporary PIN information generation unit 132 stores (updates as stored information) the value of the selected temporary PIN as a candidate for the temporary PIN.
At this time, in the portable device 14, the temporary PIN information output control unit 133 displays and outputs the value (candidate) of one or more temporary PINs selected by the user on the screen.

(Step S6)
The user operates the operation unit included in the input unit 111 of the mobile device 14, and uses one temporary PIN value from among the one or more temporary PIN values (candidates) displayed and output. specify.
In the portable device 14, the input unit 111 inputs information (designated information) in which one temporary PIN value is designated by the user. In the portable device 14, the designated information is acquired by the temporary PIN information generation unit 132.

(Step S7)
In the portable device 14, the temporary PIN information generation unit 132 deletes the designated temporary PIN value from the one or more temporary PIN values (candidates) selected by the user based on the specified information acquired. .. Then, the processing of this flow is completed.

Here, in the present embodiment, the value of one or more temporary PINs selected by the user in the processes of (step S4) to (step S5) is used as a candidate for the temporary PIN, and then (step S6) to (step S7). ), The value of the temporary PIN specified from the temporary PIN candidates is deleted from the candidates. After the temporary PIN candidate is first generated, the candidate can be used until the temporary PIN value included in the candidate disappears. That is, the processes of (step S6) to (step S7) may be repeated until the provisional PIN value included in the candidate disappears.

In this case, in the portable device 14, the processes of (step S6) to (step S7) may be performed after the process of (step S5), or the application once after the process of (step S5). May be terminated, and then the application may be started again to perform the processes of (step S6) to (step S7). Further, in the portable device 14, for example, after the processes of (step S6) to (step S7), the application is terminated once, and then the application is started again, and (step S6) to (step S7). ) May be performed.

In the portable device 14 of the present embodiment, a temporary PIN candidate is generated according to the selection by the user, but as another configuration example, the temporary PIN candidate is not the intention of the user but a predetermined rule or randomly. May be generated (automatically).
Further, as another configuration example, the value of the temporary PIN to be used may be specified by the user from the beginning without generating the candidate of the temporary PIN.
Further, as another configuration example, the portable device 14 (automatically) sets the value of the temporary PIN to be used by the temporary PIN information generation unit 132 according to a predetermined rule or randomly, instead of the intention of the user. It may be generated.

FIG. 7 is a flowchart showing an example of a processing procedure performed on the IC card 11 of the embodiment.
The user installs his / her IC card 11 at a position capable of communicating with the terminal 12, and inputs the value of the temporary PIN to be used (the value of the designated temporary PIN) displayed and output by the portable device 14 into the terminal 12. The terminal 12 transmits the temporary PIN value input by the user to the IC card 11.

(Step S21)
In the IC card 11, the communication unit 211 starts communication with the terminal 12. Then, in the initial authentication process, the IC card 11 receives the temporary PIN value transmitted from the terminal 12 by the communication unit 211, and acquires the temporary PIN value by the temporary PIN information acquisition unit 231.
(Step S22)
In the IC card 11, the master PIN information acquisition unit 232 acquires the value of the master PIN stored in the storage unit 212. Further, in the IC card 11, predetermined information (personal information, etc.) is acquired by the master PIN information acquisition unit 232.

(Step S23)
In the IC card 11, the coordinate value obtained by converting the value of the temporary PIN based on the acquired temporary PIN value and the acquired master PIN value (and predetermined information) by the determination unit 233 is the relevant coordinate value. It is determined whether or not it is on the curve obtained by converting the value of the master PIN, and if the coordinate value is on the curve, it is determined that the authentication is successful, while the coordinate value is the relevant coordinate value. If it is not on the curve, it is judged that the authentication has failed. As a result, when the determination unit 233 determines that the authentication is successful (normally authenticated) in the IC card 11 (step S23: normal authentication), the process proceeds to step S24. On the other hand, in the IC card 11, when the determination unit 233 determines that the authentication has failed (abnormal) (step S23: abnormal), the processing of this flow ends.

(Step S24)
When the IC card 11 determines that the authentication unit 233 has normally authenticated, the transaction processing unit 234 executes a predetermined transaction process. Then, the processing of this flow is completed.

FIG. 8 is a diagram showing an example of operations of the portable device 14, the user 411, the terminal 12, and the IC card 11 performed in the communication system 1 of the embodiment.

(Processing T1)
The portable device 14 launches a predetermined application. The application may be started at all times, or may be started when necessary, for example.
The user 411 inputs to the portable device 14 an instruction of the value of the master PIN, predetermined information (personal information, etc.), and the number of temporary PINs. In the portable device 14, these information are acquired by the master PIN information acquisition unit 131.

(Processing T2)
In the portable device 14, the temporary PIN information generation unit 132 acquires the function f (x) based on the acquired master PIN value (and predetermined information).

(Processing T3)
In the portable device 14, the temporary PIN information generation unit 132 randomly selects (extracts) rational points on the function f (x) for the number of temporary PINs specified by the acquired information, and selects (extracts) the selected rational points. A temporary PIN value (candidate in this case) is generated for each.
As another configuration example, it is not necessary to input the instruction of the number of temporary PINs. In this case, in the portable device 14, the temporary PIN information generation unit 132 generates a predetermined number of temporary PIN values. To do.

(Processing T4)
In the portable device 14, immediately after the function f (x) is acquired and the temporary PIN value is generated, the temporary PIN information generation unit 132 acquires the acquired master PIN value (and predetermined information). The information of the function f (x) is discarded (erased) from the storage unit 113.
Here, discarding the information of the function f (x) is particularly effective when the value of the master PIN and the function f (x) can be reversibly converted.
In the portable device 14, it is considered that the risk of information leakage is reduced if the value of the master PIN or the information of the function f (x) is immediately discarded. However, as another configuration example, in the portable device 14, A configuration may be used in which one or more of the value of the master PIN or the information of the function f (x) is stored in the storage unit 113 for an arbitrary period (may be indefinite).

(Processing T5)
In the portable device 14, the temporary PIN information output control unit 133 displays and outputs the generated temporary PIN value candidates on the screen.

(Processing T6)
The user 411 selects the temporary PIN value from the display and output temporary PIN value candidates by the number of the temporary PIN value to be used by the user (the user 411) (the number to be used in the future).
In the portable device 14, the temporary PIN information generation unit 132 inputs the selection (selection information) of the temporary PIN value by the user 411.

(Processing T7)
In the portable device 14, the temporary PIN information generation unit 132 stores a list of temporary PINs selected by the user 411 as information on the temporary PIN candidates. The information is stored in, for example, the storage unit 113.

(Processing T8)
At this time, in the portable device 14, the temporary PIN information generation unit 132 updates the log of the selected temporary PIN. The log is retained, for example, as internal data of the portable device 14. The maximum number of logs is, for example, the number of times set in the PIN tri-counter.

Here, as an example, the user 411 may terminate the application once when the IC card 11 is not used immediately. As another example, the application may remain running.
Further, the process of causing the user 411 to calculate the temporary PIN value from the master PIN value using the portable device 14 may be performed anywhere, but for example, the process is performed at a place away from the terminal 12 of the IC card 11. Is preferable. The reason for this is to reduce the likelihood that the master PIN will be snooped by an attacker.

(Processing T9)
The user 411 uses the application of the portable device 14, for example, before using the IC card 11. If the application is not started, the user 411 starts the application.
The user 411 refers to the list of temporary PINs (candidates for temporary PINs) displayed on the screen of the portable device 14, and specifies the value of one temporary PIN to be used. Here, in the portable device 14, the list of temporary PINs may be displayed by, for example, the temporary PIN information output control unit 133 in response to an instruction by the user 411, or the temporary PIN information output control may be automatically performed by the application. It may be displayed by unit 133.

(Processing T10)
In the portable device 14, the temporary PIN information generation unit 132 deletes the temporary PIN value specified by the user 411 from the temporary PIN list (provisional PIN candidate).

(Processing T11)
When the user 411 uses the IC card 11, the user 411 installs the IC card 11 at a predetermined position with respect to the terminal 12 by inserting the IC card 11 into the terminal 12.
Then, the user 411 operates the terminal 12 and inputs a temporary PIN value (and, if necessary, predetermined information such as personal information) to the terminal 12. Here, the user 411 uses the value of the temporary PIN specified as the value to be used by the user 411 at the end (that is, in the nearest past) of the portable device 14 as the value of the temporary PIN.

(Processing T12)
The terminal 12 transmits the temporary PIN value (and other information, if necessary) input by the user 411 to the IC card 11.

(Processing T13)
In the IC card 11, the communication unit 211 receives the temporary PIN value (and other information if necessary) from the terminal 12. Then, in the IC card 11, the determination unit 233 determines whether or not there is a rational point corresponding to the received temporary PIN value on the function f (x) based on the master PIN. As a result, in the IC card 11, the determination unit 233 determines whether the authentication is normal or abnormal.

Here, in the IC card 11, the determination unit 233 may store the value of the temporary PIN that has already been used by the user and the authentication is successful in the storage unit 212 as a log. Then, the determination unit 233 holds the value of the temporary PIN that has already been used until the authentication succeeds a predetermined number of times thereafter, and another temporary PIN since the value of the temporary PIN was used last time. It may be in a state where it cannot be used for authentication (that is, a state where it is prohibited to use it for authentication) until the predetermined number of authentications are successful. As another configuration example, the predetermined number of times may be the number of times both success and failure of authentication are counted.
As a result, when the temporary PIN value remaining in the log is transmitted from the terminal 12, the IC card 11 can notify the information indicating that fact. The information may be notified via, for example, the terminal 12.

(Processing T14)
In the IC card 11, the communication unit 211 transmits information on the result of authenticity (personal authentication result) to the terminal 12.
When the IC card 11 notifies that the terminal 12 has been successfully authenticated (successful authentication), the terminal 12 executes transaction processing such as settlement. On the other hand, when the IC card 11 notifies that the terminal 12 is abnormal (authentication failed), the terminal 12 cannot process the transaction.

As described above, in the communication system 1 of the present embodiment, it is possible to prevent a replay attack due to unauthorized acquisition of the PIN for the IC card 11.
Further, in the communication system 1 of the present embodiment, for example, when improving an existing system, it can be realized by changing the PIN authentication process in the IC card 11, and the existing infrastructure can be used.

Here, the risk of information leakage in the communication system 1 of the present embodiment will be examined.
First, the information leakage of the master PIN will be examined.
The user inputs the value of the master PIN into the mobile device 14 when generating a pseudo one-time password (temporary PIN in this embodiment). In the portable device 14, for example, a pseudo one-time password can be calculated without communicating the master PIN information to the outside, and the input master PIN information is calculated after the pseudo one-time password is calculated. Immediately delete it from the memory (in this embodiment, the storage unit 113). Therefore, the causes of leakage are the following two scenarios. The first scenario is that another person has peeked at the scene where the user inputs the value of the master PIN into the portable device 14. The second scenario is that the mobile device 14 is infected with a virus and the information of the master PIN is stolen before the information of the master PIN is deleted from the memory. However, these two scenarios can be avoided by appropriately operating the portable device 14.

Next, information leakage due to decoding of the master PIN from the temporary PIN will be examined.
Depending on the application of the portable device 14, for example, the temporary PIN value is stored as a log up to the number of times set in the PIN tri-counter. However, by setting the number of times set in the PIN tri-counter to a value smaller than k, even if the log is leaked to another person, it can be insufficient for the other person to decrypt the master PIN.
Further, regarding the temporary PIN value (the value of the temporary PIN that has already been used) stored in the predetermined log in the IC card 11, for example, the authentication of the predetermined number of times is successful after the value of the temporary PIN is used. Until then, it is possible to set the state so that it cannot be used for authentication (that is, the state where it is prohibited to use it for authentication).

Next, the information leakage of an unused temporary PIN will be examined.
In the present embodiment, as shown in FIG. 8 (process T3), in consideration of the convenience of the user, assuming a case of shopping at a plurality of stores, a plurality of provisional provisions are made by the application of the mobile device 14. The configuration is such that PIN candidates can be stored. Therefore, if the portable device 14 is stolen by another person while the unused temporary PIN candidates are stored by the application of the portable device 14, the other person performs normal authentication for the number of unused temporary PINs. Can be considered.

As an example of a method of avoiding such a scenario, it is possible to configure a configuration in which a plurality of temporary PIN candidates are not stored by the application of the portable device 14. In this case, in the portable device 14, the temporary PIN information generation unit 132 stores, for example, the value of one temporary PIN at the same time. Alternatively, in the portable device 14, the temporary PIN information generation unit 132 may be configured not to store the temporary PIN value (except for the minimum time during processing), for example.
In the portable device 14, when a plurality of temporary PINs are generated by inputting one master PIN and can be used one by one, the master PIN does not have to be input by the user each time, and the user's work. It is possible to reduce the load.

In addition, as an example of a method of reducing the risk of such a scenario, when the authentication is successful using the temporary PIN, it is used by the user as compared with the case where the authentication is successful using the master PIN. It is possible to lower the authority of the processing that is possible. In this case, in the IC card 11, the master PIN information acquisition unit 232 acquires the master PIN information when the communication unit 211 receives the master PIN information transmitted from the terminal 12. Further, in the IC card 11, the determination unit 233 has a function of determining whether or not authentication is possible based on the information of the master PIN and a function of determining whether or not authentication is possible based on the provisional PIN. Further, in the IC card 11, the transaction processing unit 234 executes the transaction processing according to the authority of the master PIN when the authentication unit 233 succeeds in the authentication by the master PIN (authentication in which the temporary PIN is not used). When the authentication unit 233 succeeds in the authentication by the temporary PIN, the transaction processing according to the authority of the temporary PIN is executed. Here, the authority of the master PIN is higher than the authority of the temporary PIN. For example, the processing of transactions according to the authority of the master PIN includes more processing than the processing of transactions according to the authority of the provisional PIN. As a specific example, the processing of the transaction according to the authority of the master PIN may include the processing in which the upper limit amount is higher than the processing of the transaction according to the authority of the provisional PIN. When the user uses the IC card 11, the user inputs the master PIN value or the temporary PIN value to the terminal 12, and the terminal 12 inputs the information (master PIN value or temporary PIN value) input from the user. Is transmitted to the IC card 11. In the IC card 11, the determination unit 233 authenticates based on the information (master PIN value or temporary PIN value) transmitted from the terminal 12.

Here, in the communication system 1 of the present embodiment, it is possible to adjust the method applied to the authentication according to the performance or security requirements required for the authentication system.
As an example, in the communication system 1 of the present embodiment, it is possible to adjust an algorithm based on the secret sharing method. In the communication system 1 of the present embodiment, as an algorithm based on the secret sharing method, an algorithm for calculating the information of the pseudo one-time password (temporary PIN in the present embodiment) from the information of the master PIN is used. For example, the algorithm related to such a secret sharing method may be changed depending on the performance of the authentication system. In this embodiment, a configuration using a (k, n) threshold secret sharing method that can be implemented by a lightweight algorithm even when an IC card 11 with abundant resources is assumed is described.

As another example, in the communication system 1 of the present embodiment, it is possible to adjust the number of times that the password can be stolen.
In the present embodiment, it is possible to increase or decrease the number of temporary PIN information (distributed information) required for restoring the master PIN information (secret information).
By increasing the number, the number of times the password can be stolen can be increased, but the calculation becomes complicated and may be set as appropriate.

As another example, in the communication system 1 of the present embodiment, it is possible to select whether or not to disclose the method of generating the temporary PIN information (distributed information) from the master PIN information (secret information).
For example, when such a generation method is open to the public, the master PIN information (secret information) is changed to the temporary PIN information (secret information) by an application such as a smartphone (portable device 14) based on the open information. Distributed information) can be generated. In this case, the convenience of the user is improved, but since the candidates for the secret information can be narrowed down from the distributed information, it is considered that the probability of successful brute force attack increases.
On the other hand, if such a generation method is not open to the public, it is not possible to narrow down confidential information from distributed information. In this case, when the user cannot properly manage the information (confidential information) of the master PIN, it may pose a security risk. Therefore, it is preferable to strengthen the management of the information (confidential information) of the master PIN.

Further, in the communication system 1 of the present embodiment, it is possible to adjust the success probability of a simple brute force attack.
For example, in the present embodiment, the number of trials of brute force attack can be reduced by setting the number of PIN tri-counters of the pseudo one-time password (temporary PIN in the present embodiment) low. As an example, the number of PIN tri-counters of the pseudo one-time password (temporary PIN in this embodiment) may be set lower than the number of PIN tri-counters of the master PIN.

Further, in the communication system 1 of the present embodiment, it is possible to adjust the degree of risk avoidance in the case where authentication is accidentally successful due to a brute force attack.
For example, in the communication system 1 of the present embodiment, when the authentication using the temporary PIN is successful, the functions that can be used by the user are limited as compared with the case where the authentication using the master PIN is successful. It is possible. As a result, it is possible to reduce the risk in the case where the authentication is accidentally successful due to the brute force attack of the temporary PIN.

According to the above embodiment, in the IC card 11, the communication unit 211 that communicates with the terminal 12, the storage unit 212 that stores the first information (in this embodiment, the value of the master PIN), and the communication unit 211 use the terminal. Based on whether or not the information received from 12 matches the second information (in this embodiment, the value of the provisional PIN) generated based on the first information stored in the storage unit 212. A determination unit 233 for determining whether or not authentication is possible is provided.
As a result, the security of the IC card 11 can be improved.

Further, according to the above embodiment, the IC card 11 can generate a plurality of second information based on the first information. Then, the determination unit 233 prohibits the same information as the information used for the authentication among the plurality of second information from being used for the authentication a predetermined number of times.
As a result, the security of the IC card 11 can be further improved.

According to the above embodiment, in the application (program) of the portable device 14, the step of inputting the first information set for the IC card 11 (in the present embodiment, the process of step S1) and the input first. A step of generating a second information used for authentication of the IC card 11 based on the information of (the process of step S2 in the present embodiment) and a step of outputting the generated second information (the present embodiment). In the embodiment, the process of step S3) and the computer (computer constituting the portable device 14) are made to execute.
Thereby, in the application, it is useful to improve the security of the IC card 11, and the security of the IC card 11 can be improved.

Further, according to the above embodiment, in the application (program) of the portable device 14, a plurality of second information can be generated based on the first information, and the generated second information can be generated from among the generated second information. A step of inputting the selection of one or more second information to be used (selection by the user in the present embodiment) (processing of step S4 in the present embodiment) and the selected second information. From the step of inputting one second information designation (designation by the user in this embodiment) (processing of steps S5 to S6 in this embodiment) and the selected second information. Further, the computer is made to execute the step of deleting the designated second information (in the present embodiment, the process of step S7).
As a result, in the application, the security of the IC card 11 can be further improved, and the security of the IC card 11 can be improved.

According to the above embodiment, the processing system includes an IC card 11 and a portable device 14. The IC card 11 determines whether or not authentication is possible based on whether or not the information received from the terminal 12 matches the second information generated based on the first information stored in the storage unit 212. To do. The portable device 14 inputs the first information, generates the second information used for the authentication of the IC card 11 based on the input first information, and outputs the generated second information. To do.
As a result, the security of the IC card 11 can be improved in the processing system.

According to the above embodiment, in the IC card 11, the communication unit 211 that communicates with the terminal 12, the storage unit 212 that stores the first information, and the information received from the terminal 12 by the communication unit 211 are stored in the storage unit 212. The IC module 51 and the IC module 51 including a determination unit 233 for determining whether or not authentication is possible based on whether or not the second information is matched with the second information generated based on the first information stored in It includes an embedded card body (in this embodiment, a card base material 52).
As a result, the security of the IC card 11 can be improved.

(Second Embodiment)
FIG. 9 is a diagram showing a communication system 501 of the embodiment.
Communication system 501 includes an IC card 511, a terminal 512, and a portable device 514. The IC card 511 and the terminal 512 communicate with each other via the communication path 513.
Here, the communication system 501 of the present embodiment is different from the communication system 1 shown in FIG. 1 in that the terminal 512 performs the temporary PIN authentication process instead of the IC card 511, and other points. Is similar.
Hereinafter, the communication system 501 of the present embodiment will be described in detail in detail different from the communication system 1 shown in FIG.

The terminal 512 includes an input unit 611, an output unit 612, a storage unit 613, a communication unit 614, and a processing unit 615. The processing unit 615 includes a temporary PIN information acquisition unit 631, a master PIN information acquisition unit 632, a determination unit 633, and a master PIN information transmission control unit 634.

The input unit 611 inputs information from the outside. In the present embodiment, the input unit 611 has an operation unit operated by the user, and inputs information representing the content operated by the operation unit.
The output unit 612 outputs information to the outside. In the present embodiment, the output unit 612 has a screen, and displays and outputs information on the screen.
The storage unit 613 stores information.
The communication unit 614 communicates with the IC card 511. In this embodiment, contact-type communication may be used, or non-contact-type communication may be used.

The processing unit 615 executes various processes.
The temporary PIN information acquisition unit 631 acquires the temporary PIN value input by the operation by the user.
The master PIN information acquisition unit 632 receives and acquires the value of the master PIN stored in the IC card 511 installed for itself (terminal 512) from the IC card 511 by the communication unit 614. The IC card 511 transmits the value of the master PIN to the terminal 512.

In addition, the master PIN information acquisition unit 632 acquires predetermined information (personal information, etc.).
As an example, the master PIN information acquisition unit 632 may receive and acquire the predetermined information from the IC card 511 by the communication unit 614. In this case, the IC card 511 transmits the predetermined information to the terminal 512.
As another example, the master PIN information acquisition unit 632 may acquire the predetermined information based on an operation by the user. In this case, the user operates the terminal 512 and inputs the predetermined information to the terminal 512.

Here, the value of the master PIN (and other information if necessary) may be transmitted to the terminal 512 by the IC card 511 in response to a request from the terminal 512 to the IC card 511, for example. Well, or may be spontaneously transmitted to the terminal 512 by the IC card 511 installed in the terminal 512.

The determination unit 633 determines the value of the temporary PIN acquired by the temporary PIN information acquisition unit 631 and the value of the master PIN (and predetermined information) acquired by the master PIN information acquisition unit 632. It is determined whether or not the coordinate value obtained by converting the value is on the curve obtained by converting the value of the master PIN, and if the coordinate value is on the curve, the authentication is successful. On the other hand, if the coordinate value is not on the curve, it is determined that the authentication has failed. Here, as such a determination method, for example, a method similar to the determination method performed by the IC card 511 shown in FIG. 4 may be used.
In the present embodiment, the IC card 511 stores the value of one master PIN, and transmits the value of the master PIN to the terminal 512. In the present embodiment, the IC card 511 does not have to have a function of performing an authentication process based on the temporary PIN value.

When the authentication is successful by the determination unit 633, the master PIN information transmission control unit 634 controls the communication unit 614 to transmit the master PIN value received from the IC card 511 to the IC card 511. On the other hand, when the determination unit 633 fails the authentication, the master PIN information transmission control unit 634 controls the communication unit 614 to transmit a signal to that effect to the IC card 511 or does not return the signal to the IC card 511. I do.

Here, when the value of the master PIN of the self (terminal 512) is input from the terminal 512, the IC card 511 executes a predetermined transaction process on the assumption that the authentication is successful. On the other hand, when the value of the master PIN of the self (terminal 512) is not input from the terminal 512, the IC card 511 prohibits the execution of a predetermined transaction process on the assumption that the authentication has failed.

In the IC card 511, for example, based on whether the temporary PIN value is input to the terminal 512 and the authentication is successful, or the master PIN value is input to the terminal 512 and the authentication is successful. The authority of the process that can be executed may be different. Whether the temporary PIN value is input to the terminal 512 and the authentication is successful, or whether the master PIN value is input to the terminal 512 and the authentication is successful may be identified by, for example, the IC card 511, or , It may be identified by the terminal 512, and the result of the identification may be notified to the IC card 511.

As an example, in the terminal 512, when the value of the master PIN is input by the user, the input master PIN value is transmitted to the IC card 511. Then, in the IC card 511, when the master PIN value is received from the terminal 512, the authentication process is performed by itself (the IC card 511), and the master PIN value is input to the terminal 512 to perform authentication. You may judge that.
As another example, in the terminal 512, the determination unit 633 may have a function of determining authentication based on the information of the temporary PIN and a function of determining authentication based on the information of the master PIN. In this case, the terminal 512 may notify (transmit) to the IC card 511 the information indicating that the value of the master PIN is input to the terminal 512 and the authentication is performed by the determination unit 633 or the like.
In the terminal 512, for example, a mode in which the authentication is determined based on the temporary PIN information and a mode in which the authentication is determined based on the master PIN information can be selected by an operation by the user or the like. May be good.

FIG. 10 is a flowchart showing an example of a processing procedure performed in the terminal 512 of the embodiment.
The user installs his / her IC card 511 at a position capable of communicating with the terminal 512, and inputs the value of the temporary PIN to be used displayed and output by the portable device 514 into the terminal 512.

(Step S41)
At the terminal 512, the communication unit 614 starts communication with the IC card 511.
In the terminal 512, in the initial authentication process, the temporary PIN information acquisition unit 631 acquires the temporary PIN value input from the user.

(Step S42)
At the terminal 512, the master PIN information acquisition unit 632 acquires the value of the master PIN stored in the IC card 511. Further, in the terminal 512, predetermined information (personal information, etc.) is acquired by the master PIN information acquisition unit 632.

(Step S43)
In the terminal 512, the coordinate value obtained by converting the value of the temporary PIN based on the acquired temporary PIN value and the acquired master PIN value (and predetermined information) by the determination unit 633 is the master. It is determined whether or not it is on the curve obtained by converting the PIN value, and if the coordinate value is on the curve, it is determined that the authentication is successful, while the coordinate value is on the curve. If it is not above, it is judged that the authentication has failed. As a result, when the terminal 512 determines that the authentication is successful (normally authenticated) by the determination unit 633 (step S43: normal authentication), the process proceeds to step S44. On the other hand, in the terminal 512, when the determination unit 633 determines that the authentication has failed (abnormal) (step S43: abnormal), the processing of this flow ends.

(Step S44)
When the terminal 512 determines that the authentication is normally performed by the determination unit 633, the master PIN information transmission control unit 634 transmits the value of the master PIN acquired from the IC card 511 to the IC card 511 by the communication unit 614. Control to do. Then, the processing of this flow is completed.

Here, in the terminal 512, for example, the value of the master PIN is stored at least from the time when the value of the master PIN is acquired by the master PIN information acquisition unit 632 until the value of the master PIN is transmitted to the IC card 511. It is stored in the part 613. In the terminal 512, for example, after transmitting the value of the master PIN to the IC card 511, immediately discarding (erasing) the value of the master PIN from the storage unit 613 reduces the risk of information leakage. , Considered preferable.

According to the above embodiment, in the terminal 512, the input unit 611 for inputting information, the communication unit 614 communicating with the IC card 511, and the information input by the input unit 611 are received from the IC card 511 by the communication unit 614. Authentication is performed based on whether or not the second information (temporary PIN value in this embodiment) generated based on the first information (master PIN value in this embodiment) is matched. Transmission control for transmitting the first information to the IC card 511 by the communication unit 614 when the determination unit 633 and the determination unit 633 determine that the authentication is possible (that is, the authentication is successful). A unit (in this embodiment, a master PIN information transmission control unit 634) is provided.
As a result, in the terminal 512, it is useful to improve the security of the IC card 511, and the security of the IC card 511 can be improved.

According to at least one embodiment described above, the IC is determined by determining whether or not the IC card can be authenticated by using the second information generated based on the first information set for the IC card. The security of the card can be improved.

Here, in the above embodiments, an IC card is used as an example of a portable electronic device. In this regard, as another configuration example, instead of an IC card, various portable electronic devices such as an IC tag, a passport with a built-in IC, and a driver's license with a built-in IC are portable electronic devices. It may be used as a device.
Further, as a configuration example, the portable electronic device and the portable device may be a common device.

Regarding the above embodiment, the configuration can be expressed as follows.
A communication unit that communicates with the terminal via a contact unit or an antenna,
A storage unit that stores the first information,
Authentication is possible when the first information stored in the storage unit is converted into a function and the information received from the terminal by the communication unit matches the second information satisfying the function. If the information received from the terminal by the communication unit does not match the second information satisfying the function, the determination unit determines that authentication is not possible.
A portable electronic device equipped with.

A program for realizing the functions of each device (for example, IC card 11, 511, terminal 12, 512, portable device 14, 514) according to the above-described embodiment is recorded on a computer-readable recording medium. The processing can be performed by loading the program recorded on the recording medium into the computer system and executing the program.
The term "computer system" as used herein may include hardware such as an operating system (OS) or peripheral devices.
The "computer-readable recording medium" is a flexible disk, a magneto-optical disk, a ROM, a writable non-volatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Further, the "computer-readable recording medium" is a volatile memory (for example, DRAM (for example, DRAM) inside a computer system that serves as a server or client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. It shall include those that hold the program for a certain period of time, such as Dynamic Random Access Memory)).
Further, the above program may be transmitted from a computer system in which this program is stored in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
Further, the above program may be for realizing a part of the above-mentioned functions. Further, the above program may be a so-called difference file (difference program) that can realize the above-mentioned functions in combination with a program already recorded in the computer system.
As described above, each functional unit may be a software functional unit or a hardware functional unit such as an LSI.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, as well as in the scope of the invention described in the claims and the equivalent scope thereof.

1,501 ... Communication system, 11,511 ... IC card, 12,512 ... Terminal, 13,513 ... Communication path, 14,514 ... Portable device, 31 ... ROM, 32 ... RAM, 33 ... EEPROM, 34 ... UART, 35 ... CPU, 36 ... Coprocessor, 37 ... System bus, 51 ... IC module, 52 ... Card base material, 61 ... Contact section, 62 ... IC chip, 111, 611 ... Input section, 112, 612 ... Output section, 113 , 212, 613 ... Storage unit, 114, 213, 615 ... Processing unit, 131, 232, 632 ... Master PIN information acquisition unit, 132 ... Temporary PIN information generation unit, 133 ... Temporary PIN information output control unit, 211, 614 ... Communication unit, 231 and 631 ... Temporary PIN information acquisition unit, 233, 633 ... Judgment unit, 234 ... Transaction processing unit, 311 ... Conversion table, 634 ... Master PIN information transmission control unit

Claims (3)

It has a portable electronic device and a portable device,
The portable electronic device determines whether or not authentication is possible based on whether or not the information received from the terminal matches the second information generated based on the first information stored in the storage unit. And
The portable device inputs the first information, and based on the input first information, generates a second information used for authentication of the portable electronic device, and the generated second information is generated. Output the information of 2,
Processing system. The portable apparatus can generate a plurality of the second information based on the first information,
The portable electronic device prohibits the same information as the information used for the authentication among the plurality of the second information from being used for the authentication a predetermined number of times.
The processing system according to claim 1. Input section for entering information and
A communication unit that communicates with portable electronic devices,
Authentication is performed based on whether or not the information input by the input unit matches the second information generated based on the first information received from the portable electronic device by the communication unit. A judgment unit that determines whether or not it is possible,
When the determination unit determines that authentication is possible, the communication unit transmits the first information to the portable electronic device, and a transmission control unit.
A terminal equipped with.

Images