JPH05324936A - Recording and reproducing system for optical ic card - Google Patents

Abstract

PURPOSE:To provide the recording and reproducing system which can limit the users of data recorded in a card or registered persons to record data in the card. CONSTITUTION:This system is provided with a cipher processing part 42 to cipher data to be recorded in a prescribed cipher sequence with an arbitrary cipher key, recording means to record the ciphered data in an optical memory part 3 of a card 1, reading means to read the data recorded in the optical memory part 3, and decipher processing part 43 to decipher the data read by the reading means according to a prescribed decipher sequence with an arbitrary decipher key, and the cipher key and decipher key are composed of keys in a pair of public cipher systems of which contents are different from each other.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION The present invention relates to optical recording / recording of information.
The present invention relates to an optical / IC card recording / reproducing system in which a reproducible optical memory unit and an integrated circuit unit including a central processing unit are integrated into a card shape.

[0002]

2. Description of the Related Art Conventionally, carded recording media such as cash cards, credit cards and telephone cards having a magnetic recording portion on a part of the surface of a card have been widely used. The card has an advantage over other recording media in terms of portability and convenience, and application development utilizing this feature is being actively conducted. Recently, in order to expand the field of use of the card, a card is required to have a larger recording capacity and more advanced functions, and optical cards and IC cards have been developed as cards for satisfying these requirements.

An optical card writes information with a laser beam by applying optical disk technology and reads the written information with a reading device having an optical sensor, and can record information of about 50 million characters. The IC card is a central processing unit (CPU) configured using semiconductor integrated circuit technology.
Integrated circuit section including (hereinafter referred to as IC module section)
This card has a built-in card and has intelligent functions such as advanced judgment, high-speed calculation, and data processing. Although the recording capacity is not as large as an optical card, it can record about 8,000 characters of information.

The optical card not only has a dramatically large information recording capacity, but also has the advantage that the manufacturing process is simple and can be mass-produced in a short period of time, so that the cost can be reduced. The information content can be read by simply enlarging the image using a simple optical system, and the confidentiality of the information is low. On the other hand, in the IC card, since the record information is recorded in the memory of the IC module unit and the input / output information can be electronically processed by the action of the CPU, a high degree of information confidentiality can be obtained, but The manufacturing cost is high, and the amount of information that can be recorded on one card is significantly lower than that of an optical card.

Therefore, recently, an optical / IC card in which an optical memory unit and an IC module unit are integrally provided on one card in consideration of the large-capacity recording property of the optical card and the information confidentiality and intelligentness of the IC card. Is proposed.
Using this characteristic of optical / IC cards, it is considered to use it for a wide range of purposes such as personal medical record management such as hospital charts, money management such as savings passbooks, equipment maintenance management including company secrets, and document management. Has been done.

[0006]

By the way, since the optical / IC card can be used in a wide range as described above, various usage modes are conceivable. For example, a system is conceivable in which data can be recorded on a card to some extent without specifying a user, and data recorded on the card can be reproduced only by a specific person. On the contrary, a system in which only a specific person can record the data on the card, and the data recorded on the card can be reproduced to some extent without specifying the user can be considered.

[0007] As an example of the former, when the card is used as a medical chart, each medical department records the test results and medical examination results on the card, and the reproduction of the recorded data is limited to a specific person, such as a person in charge. That is a system that only doctors can do. In the latter example, when using the card as a medical chart, only the doctor in charge can record the data related to the prescription, and the pharmacist can reproduce the data so that it can be reproduced by a pharmacist without being a specific person. That is the system that

However, in the conventional card system, the data can be recorded on the card or reproduced from the card only by the user inputting the correct password, so that the password is known to a third party. In that case, there is an inconvenience that data recording or reproduction is easily performed. Moreover, the password recorded on the card can be decrypted by a person having some technical knowledge, and even the current magnetic card is actually damaged. Since the IC card stores the password in the IC memory, the confidentiality is maintained as compared with the magnetic card and the optical card, but it is still possible to decipher the password with several digits.

Further, although the optical memory unit can record a large amount of data, the recorded data can be read by using a simple optical system as described above, so that the confidentiality of information is low. is there.

An object of the present invention is to provide a recording / reproducing system capable of limiting users of data recorded on a card or registrants who can record data on the card.

[0011]

An optical / IC card recording / reproducing system according to the present invention includes an encryption processing unit for encrypting data to be recorded by a predetermined encryption procedure with an arbitrary encryption key. Recording means for recording data in the optical memory section in the card, reading means for reading the data recorded in the optical memory section, and decryption processing for decrypting the data read by the reading means by a predetermined decryption procedure with an arbitrary decryption key Section, and the encryption key and the decryption key are composed of a pair of public encryption system keys having different contents. In this case, the encryption key is recorded in the card in advance, and the decryption key is input by the card user from the terminal device.
Further, in this case, the encryption key is input by the card user from the terminal device, and the decryption key is recorded in the card in advance.

[0012]

The present invention uses a public key cryptosystem in which an encryption key and a decryption key are different from each other, and one of the keys is a private key and the other key is a public key. It is possible to limit the number of users or registrants who can record data on the card.

When limiting the users of the data recorded on the card, the encryption key is recorded in the card in advance as a public key, and the decryption key is input as a secret key by the user from the terminal device. To do so. When recording data on the card, the user inputs the recorded data from the terminal device, encrypts the input data with the encryption key recorded on the card using the encryption processing unit, and then encrypts the encrypted data. The data is recorded in the optical memory section by a typical recording means.

When the data recorded in the card is reproduced, the data is read from the optical memory section by the optical reading means, and the user inputs the decryption key from the terminal device to the decryption processing section. .. The decryption processing unit uses the input decryption key to decrypt and reproduce the data in a predetermined decryption procedure.

Therefore, the data can be recorded on the card without knowing the encryption key, and can be freely performed to some extent without limiting the user. On the other hand, since the data recorded on the card can be reproduced only by the person who knows the decryption key, the data can be used by only a specific person.

When limiting the number of registrants who can record data in the card, the user inputs the encryption key as a secret key from the terminal device, and the decryption key is recorded as a public key in the card in advance. .. When data is recorded on the card, the user inputs the encryption key from the terminal device to the encryption processing unit. The encryption processing unit uses this encryption key to encrypt the data to be recorded according to a predetermined encryption procedure, and the encrypted data is recorded in the optical memory unit in the card using the optical recording means.

When the data recorded in the card is reproduced, the data is read from the optical memory section by the optical reading means, and the predetermined processing is performed by the decryption processing section using the decryption key recorded in the card in advance. The data is decrypted and reproduced by the decryption procedure of.

Therefore, the recording of the data on the card can be performed only by a specific person who knows the encryption key, whereas the user can reproduce the data recorded on the card by the decryption key. Can be performed without knowing, and can be performed freely to some extent without limiting the user.

[0019]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 shows an optical / IC card 1 used in the present invention.
In the plan view of FIG. 3, the optical memory unit 3 and the integrated circuit unit (IC module unit) 4 are formed on the plastic card substrate 2.

The optical memory unit 3 is a large-capacity information recording unit in which information is written by irradiation of laser light and the recorded information is read by reflected light of weak laser light. As shown in the vertical cross-sectional view of FIG. 2, the optical memory unit 3 includes a non-silver salt pattern layer 30 with a low reflection portion 31 (reflectance of 5%).
%) Is formed on the lower surface of the aluminum reflection layer 32.
(Reflectance of 80%) is vapor-deposited to form an information recording layer. The information recording layer is a transparent protective layer 33 and a card base layer (substrate) 3
The surface of the protective layer 33 is sandwiched between the surface of the protective layer 33 and the protective layer 33, and a surface hardened layer 35 is provided on the surface of the protective layer 33 to prevent scratches.

In the optical memory unit 3, a plurality of bands B are formed in the longitudinal direction of the card 1 so as to be parallel to each other in the lateral direction of the card 1, and are formatted to form an information area. Further, in each band B, a large number of tracks containing data of several bytes are formed side by side, and the information pits forming each track are provided with or without the low reflection part 31 or a low reflection part in each unit area called a pit cell. It is recorded as a binary signal at position 31.

The IC module part 4 is a device in which an IC chip such as a CPU and a memory formed by semiconductor integrated circuit technology is mounted on a printed circuit board and embedded in the card base material 2, and mounted on the surface of the card 1. Six terminals C1 to C6 for exposing connection to a card terminal device, which will be described later, are exposed at standard positions defined by ISO (International Organization for Standardization). The terminals C1 to C6 are used for supplying a power supply voltage from the terminal device and for transmitting data to and from the terminal device.

FIG. 3 is a block diagram showing an example of an optical / IC card recording / reproducing system according to the present invention. In the figure, the optical / IC card 1 has the optical memory unit 3 and the IC module unit 4 as described above, and in the IC module unit 4, the CPU 40, the IC memory 41, and the encryption processing unit 42 for encrypting plaintext, A decryption processing unit 43 for decrypting ciphertext and a contact unit 44 including terminals C1 to C6 are connected to each other via a bus 45.

The card terminal device 5 includes a CPU 5
0, a program memory 51, a working memory 52, and the like, a card reader / writer unit (hereinafter, referred to as R / W unit) 53 into which the card 1 is inserted, a keyboard for inputting a password, recording data, and the like. A data input section 54 such as an apparatus or a disk drive apparatus, and a data output section 55 such as a display apparatus or a printer apparatus for instructing an operation procedure to a user and outputting reproduction data are connected to each other via a bus 56.

The R / W section 53 is combined with the contact section 44 of the card 1 which is inserted or ejected manually or automatically to supply power to the IC module section 4 or supply control signals such as clock signals and reset signals. In addition to controlling the data transmission / reception between the IC module unit 4 and the terminal device 5, the built-in optical head device records / reproduces data to / from the optical memory unit 3.

Next, regarding the processing procedure when the card 1 is inserted into the terminal device 5 to record and reproduce data,
This will be described with reference to the sequence diagrams shown in FIGS. In any case, it is assumed that the password verification has already been completed. First, the encryption system used in the present invention will be described. The encryption system used in the present invention is a public key encryption system in which an encryption key and a decryption key are different, and one of the keys can be made public, and representative ones have the initials of three proposers. There is the RSA (Rivest, Shamir, Adleman) code taken. For details of the encrypted contents, see
"Cryptography and information security" (edited by Tsujii and Kasahara), this cryptography is based on the difficulty of factoring a large number for security and performs encryption / decryption processing by calculating the modular exponentiation. is there.

The encryption procedure E is "C = E (M) = M ^e mod
n ”, and the decoding procedure D is“ M = D (C) = C ^d mo
It is represented by dn ". M is plaintext and C is ciphertext. The encryption keys are e and n, the decryption keys are d and n, the encryption keys e and n are public, and the decryption key d is secret. The keys e, d, and n are determined by the following procedure. Two large prime numbers p and q are arbitrarily selected, and n = pq. The least common multiple L of (p-1) and (q-1) is calculated, and L
And an arbitrary integer e which is relatively prime to and smaller than L are obtained. Find d that satisfies ed = 1 (mod L). The values e, d, and n thus selected are for all plaintexts M.
“M ^ed mod n = M” is established.

The decryption person must know the decryption key d in order to decrypt the ciphertext C. For that purpose, the secret prime numbers p and q are known, and the minimum of (p-1) and (q-1) is obtained. It is necessary to calculate "d = e ^-1 (mod L)" from the public multiple L and the public key e to obtain the secret key d. Since the public key n is the product of the prime numbers p and q, the public key n cannot be encrypted with an integer that can be easily factored. Normally, p and q are 100 each
The number of digits (decimal number) is approximately, and the public key n is approximately 200 digits. In this way, even if a computer with 1,000 MIPS is used, the factorization will take millions of years, and it is practically impossible to decipher.

Next, a first operation example according to the present invention will be described with reference to sequence diagrams shown in FIGS. The present embodiment is an example in which the recording of the data on the card can be performed to some extent freely, but the reproduction of the data from the card can be performed only by a specific person. For this reason, the encryption keys e and n are stored in the card 1 in advance as public keys, and the decryption key d is input as a secret key by the card user from the terminal device 5 during reproduction.

First, the recording process is started by the user inputting the recording data Me from the data input unit 54 of the terminal device 5, as shown in the sequence diagram of FIG. The recording data Me may be input by the user directly from the keyboard device or by transferring the data previously recorded on the magnetic disk or the like from the drive device.

The input record data Me passes through the bus 56 and is transferred to the encryption processing section 42 via the R / W section 53 and the contact section 44 of the card 1 (step S1). Since the encryption keys e and n stored in advance in the IC memory unit 41 as public keys are supplied to the encryption processing unit 42 (step S2), the encryption processing unit 42 uses the encryption keys e and n.
To encrypt the record data Me by a predetermined encryption procedure E to generate encrypted data C (= Me ^e mod n).

The generated encrypted data C is transferred from the contact section 44 to the R / W section 53 of the terminal device 5 through the bus 45 (step S3), and is stored in the card 1 by the optical head device in the R / W section 53. Is recorded in the optical memory unit 3 (step S4).

Next, in order to reproduce the data recorded in the optical memory unit 3 of the card 1, the user inputs the decryption key d from the data input unit 54 of the terminal device 5 as shown in the sequence diagram of FIG. Start by typing. The input decryption key d passes through the bus 56, passes through the R / W unit 53 and the contact unit 44 of the card 1, and is temporarily stored in the IC memory 4
1 is stored (step S5).

Next, the encrypted data C recorded in the optical memory unit 3 is read by the optical head device in the R / W unit 53 (step S6), and the read encrypted data C is transferred to the IC module via the contact unit 44. The data is transferred to the decryption processing unit 43 in the unit 4 (step S7). Since the decryption keys d and n are supplied from the IC memory 41 to the decryption processing unit 43 (step S8), the decryption processing unit 43 uses the decryption keys d and n to perform a predetermined decryption procedure. and decoding the encrypted data C with D, the reproduced data Md (= C ^d mod
output as n).

The decrypted reproduction data Md is transferred from the contact section 44 to the data output section 55 via the R / W section 53 (step S9) and is output to the outside via the display device, the printer device or the like.

Next, a second operation example according to the present invention will be described with reference to the sequence diagrams shown in FIGS. 6 and 7. This embodiment is an example in which the data can be recorded on the card only by a specific person, but the data reproduction from the card can be freely performed to some extent without limiting the user. Therefore, the encryption key e is input as a secret key from the terminal device 5 by the card user when recording data, and the decryption keys d and n are stored in the card 1 as public keys in advance.

First, in the case of the recording process, as shown in the sequence diagram of FIG. 6, the user inputs the encryption key e from the data input section 54 of the terminal device 5. Input encryption key e
Is stored in the IC memory 41 once via the bus 56, the R / W section 53 and the contact section 44 of the card 1 (step S10). Next, the record data Me is input from the data input unit 54 of the terminal device 5. Recorded data M
The input of e includes direct input by a user from a keyboard device, transfer of data recorded in advance on a magnetic disk from a drive device, and the like.

The input record data Me passes through the bus 56 and is transferred to the encryption processing section 42 via the R / W section 53 and the contact section 44 of the card 1 (step S11).
Since the encryption keys e and n are supplied from the IC memory unit 41 to the encryption processing unit 42 (step S12), the encryption processing unit 42 uses the encryption keys e and n to encrypt the recording data Me to a predetermined encryption. The encrypted data is encrypted in step E, and the encrypted data C (= Me ^e
mod n) is generated.

The generated encrypted data C is transferred from the contact unit 44 to the R / W unit 53 of the terminal device 5 through the bus 45 (step S13), and the optical head device in the R / W unit 53 stores the data in the card 1. Is recorded in the optical memory unit 3 (step S14).

Next, in order to reproduce the data recorded in the optical memory unit 3 of the card 1 in this way, as shown in the sequence diagram of FIG. 7, the encrypted data C recorded in the optical memory unit 3 is read by the R / W unit 53. It is read by the internal optical head device (step S15). The read encrypted data C is the contact part 4
The data is transferred to the decryption processing unit 43 in the IC module unit 4 via 4 (step S16).

Since the decryption keys d and n are supplied from the IC memory 41 to the decryption processing unit 43 (step S1).
7) In the decryption processing unit 43, the decryption keys d and n are used to decrypt the encrypted data C in a predetermined decryption procedure D, and reproduced data Md (= C ^d mod n) is output.

The reproduction data Md is transferred from the contact portion 44 to R.
The data is transferred to the data output unit 55 via the / W unit 53 (step S18) and output to the outside via an output device such as a display device or a printer device.

In the above embodiment, the encryption processing unit and the decryption processing unit are installed in the card.
Since these logic units are generalized, they may be installed in the card, the terminal device, or both. Further, the encryption system to be used is not limited to the above-mentioned RSA encryption system, and may be another public key encryption system in which the encryption algorithm is open.

[0044]

According to the present invention, one of the encryption key and the decryption key is a secret key and the other key is a public key, so that the user of the data recorded on the card, or It is possible to limit the registrants who can record data on the card. Therefore, if the encryption key is the public key and the decryption key is the private key, the data can be recorded on the card to some extent without limiting the user, and the decryption key can be used to reproduce the data from the card. Only certain people who know it can do it. Also, if the encryption key is the private key and the decryption key is the public key, data recording on the card can be performed only by a specific person who knows the encryption key, and the data reproduction from the card is performed by the user. Can be done to a certain extent without limiting.

[Brief description of drawings]

FIG. 1 is a plan view of an optical / IC card used in the present invention.

FIG. 2 is a partial cross-sectional view of an optical memory unit of the optical / IC card shown in FIG.

FIG. 3 is a block diagram showing an embodiment of the present invention.

FIG. 4 is a sequence diagram showing a recording process in the first operation example of the present invention.

FIG. 5 is a sequence diagram showing a reproduction process in the first operation example of the present invention.

FIG. 6 is a sequence diagram showing a recording process in the second operation example of the present invention.

FIG. 7 is a sequence diagram showing a reproduction process in the second operation example of the present invention.

[Simple explanation of symbols]

 1 Optical / IC Card 2 Card Base Material 3 Optical Memory Section 4 IC Module Section 5 Card Terminal Device 40 CPU 41 IC Memory 42 Encryption Processing Section 43 Decryption Processing Section 44 Contact Section 45 Bus 50 CPU 51 Program Memory 52 Working Memory 53 Card reader / writer unit (R / W unit) 54 Data input unit 55 Data output unit 56 Bus

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁵ Identification code Internal reference number FI technical display location G09C 1/00 9194-5L // G11B 13/00 9075-5D

Claims (3)

[Claims] 1. An encryption processing unit for encrypting data to be recorded by an arbitrary encryption key in a predetermined encryption procedure, a recording unit for recording the encrypted data in an optical memory unit in a card, and the optical memory. And a decryption processing unit for decrypting the data read by the reading unit by a predetermined decryption procedure with an arbitrary decryption key, the encryption key and the decryption key Is composed of a pair of public encryption system keys whose contents are different from each other.
IC card recording / playback system. 2. The optical key according to claim 1, wherein the encryption key is recorded in advance in the card, and the decryption key is input by a user of the card from a terminal device.
IC card recording / playback system. 3. The optical / I-mode according to claim 1, wherein the encryption key is input by the card user from a terminal device, and the decryption key is recorded in the card in advance.
C card recording / playback system.