JPH0916740A - Portable information recording medium and method for writings/reading information to/from the same - Google Patents

Abstract

PURPOSE: To deal with the fraudulent alternation of data recorded in an optical information recording part formed on the surface of an IC card. CONSTITUTION: An IC card 100 in which an IC module part 10 is incorporated an optical recording part 20 is formed on the surface is accessed by terminal equipment 200. Inside a ROM 13, a routine for generating a certificate code MAC to be uniquely led out of data applied from the outside is prepared by using a cipher key K inside an EEPROM 15. When writing 'the data of one partition', the generated MAC is added by a CPU and this is written in the recording part 20 by an optical access means 29. When reading the data, after they are read by the optical access means 29, it is confirmed whether the MAC prepared again for the read 'data of one partition' is coincident with the read 'MAC' or not.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable information recording medium and an information writing / reading method therefor, and more particularly to C
The present invention relates to a method of writing / reading information suitable for use in a so-called hybrid type IC card having a built-in IC module having a PU and a memory and having a magnetic or optical information recording portion formed on its surface.

[0002]

2. Description of the Related Art At present, magnetic cards are widely used as portable information recording media, but optical cards which can secure a large storage capacity and ICs which can secure sufficient security.
Cards are also in practical use. It is expected that IC cards will be used in various systems in the real world in the future due to technological advances for miniaturization and cost reduction of semiconductor integrated circuits.

In particular, in an IC card having a built-in CPU,
Since not only a function as an information recording medium but also an information processing function is added, it is expected to be used for an information processing system requiring high security. A general IC card that is currently in widespread use is a CPU and this C card.
It has three types of memory accessed by the PU, namely, ROM, RAM, and EEPROM. RO
A program consisting of instruction codes directly executable by the CPU is stored in M.
The PU has a function of centrally controlling the IC card based on this program. The RAM is a memory used as a work area when the CPU performs such general control. On the other hand, the EEPROM is a non-volatile memory capable of reading and writing data via the CPU, and is used to store the original data to be recorded in this IC card.

An information recording unit is provided on the surface of a magnetic card or an optical card, and it is possible to read digital data recorded in the information recording unit by using a magnetic reading device or an optical reading device. is there. For this reason, reading by unauthorized means can be performed relatively easily. On the other hand, all access to the EEPROM contained in the IC card is performed via the CPU, and the E
The EPROM cannot be accessed directly. Therefore, the IC card can ensure a higher degree of security than a magnetic card or an optical card. However,
Although the price of IC memory is decreasing year by year,
The cost per unit recording capacity is still higher than that of magnetic recording or optical recording. Therefore, a so-called "hybrid type" information recording card has been proposed in which recording using an IC memory and recording using magnetic or light such as magnetic recording, optical recording, and magneto-optical recording are used together.

For example, in a hybrid IC card using optical recording, an IC module is embedded in a card-shaped medium and an optical recording section is formed on the surface. If such a hybrid IC card is used, information to be recorded can be recorded as digital data in EEPROM in the IC module, or can be recorded as digital pits in the optical recording unit. For information that requires high security, EEP
It is possible to use it by recording it in the ROM and recording a large amount of information in the optical recording section.

[0006]

In the hybrid IC card described above, it is possible to record a large amount of information in the optical recording section, but the security of the information recorded in this optical recording section must be lowered. I don't get it. Therefore, it is a general usage pattern to record information that is not required to be kept secret in the optical recording unit. In other words, if information that does not cause a serious situation even if the information is read by an unauthorized means is recorded in the optical recording unit, a large security problem due to the unauthorized reading can be solved. However, if writing is performed by an illegal means, a large problem will occur in use. That is, it is possible to falsify recorded data by performing illegal writing, and if such data falsification is performed, IC
This will cause a major obstacle to the entire operation system using the card. The information recorded in the optical recording section is information in which 1 bit is represented by the presence or absence of minute data pits, and can be tampered with relatively easily by generating new data pits. Information recorded in the magnetic recording unit or the magneto-optical recording unit may also be falsified.

Therefore, the present invention is a portable information recording medium capable of recording information in both the built-in IC module and the information recording section formed on the surface, and tampering with the information recorded in the information recording section. The purpose is to deal with.

[0008]

[Means for Solving the Problems]

(1) According to a first aspect of the present invention, a CPU, a ROM that stores a program executed by the CPU, a RAM that is used as a work area of the CPU, and data can be read and written via the CPU. An IC module having a non-volatile memory is built in, and an information recording section for recording information using light or magnetism is formed on the surface, and information recording is performed both in the IC module and in the information recording section. In a portable information recording medium capable of performing, when predetermined data is given to the IC module from the outside, the encryption key recorded in the non-volatile memory is used to CP for the authentication code generation process for generating the authentication code uniquely derived
R so that U can execute it
It was prepared in the OM.

(2) The second aspect of the present invention is the above-mentioned first aspect.
In the portable information recording medium according to the above aspect, the given data is divided into n (n ≧ 2) blocks, and n
Performs mutual logic operation involving all (n + m) sets of data in which m encryption keys (m ≧ 1) are added to each block, and generates an authentication code shorter than the data length of given data. It was made possible.

(3) A third aspect of the present invention is the above-mentioned first aspect.
Alternatively, in the portable information recording medium according to the second aspect, the authentication code generated in the IC module is added to the data that is the basis of the authentication code and recorded in the information recording unit.

(4) The fourth aspect of the present invention is the above-mentioned first aspect.
To the portable information recording medium according to any one of 3 to 3,
The IC module has a function of determining whether the terminal device connected to the module is a legitimate one, and the authentication code generation process is executed only when the terminal device is a legitimate one. It is a thing.

(5) A fifth aspect of the present invention is a CPU,
Portable information having a memory accessed by the CPU and an information recording unit capable of recording information by using light or magnetism and capable of recording information in both the memory and the information recording unit In a method of writing information to a recording medium, authentication is prepared by preparing recording target data to be written in an information recording unit and using an encryption key recorded in a memory, which is uniquely derived from the prepared recording target data. An authentication code generation process for generating a code is executed by the CPU, and the generated authentication code is added to the prepared recording target data and written in the information recording section.

(6) The sixth aspect of the present invention is the above-mentioned fifth aspect.
In the method for writing information to a portable information recording medium according to the above aspect, the encryption key recorded in the information recording medium is also prepared in the host computer for the terminal device connected to this medium, and authentication is performed. The code generation process is executed by the host computer instead of the CPU in the medium.

(7) The seventh aspect of the present invention is the above-described fifth aspect.
Alternatively, in the method for reading the information written in the information recording unit by the method according to the sixth aspect, the recording target data and the authentication code written in the information recording unit are read,
Using the encryption key recorded in the memory of the medium,
The CPU in the medium executes an authentication code generation process for generating an authentication code uniquely derived from the read recording target data.
The authentication code read from the information recording unit is compared with the authentication code generated by the authentication code generation process, and only when the two match, the record read from the information recording unit The target data is handled as correct data.

(8) The eighth aspect of the present invention is the above-mentioned seventh aspect.
In the method for reading information from a portable information recording medium according to this aspect, the encryption key recorded in the information recording medium is also prepared in the host computer of the terminal device connected to this medium, and the authentication code Instead of causing the CPU in the medium to execute the generation processing, the generation processing is executed by the host computer.

[0016]

[Operation] In the portable information recording medium according to the present invention, an encryption key is prepared in the memory of the built-in IC module,
A built-in CPU is added with a function of executing an authentication code generation process using this encryption key. Therefore, if an authentication code is generated for the data to be recorded in the information recording unit and writing is performed with the generated authentication code added to the original data, the integrity of this authentication code is checked at the time of reading. Thus, it is possible to recognize whether or not the data has been tampered with.

For example, when writing data D in the optical recording section of a hybrid IC card,
Authentication code C is generated by executing an authentication code generation process using a predetermined encryption key in the IC module. Then, the data D is added with the authentication code C and written in the optical recording unit. On the other hand, at the time of reading, the code C may be read together with the data D, and it may be checked whether or not the authentication code generated based on the data D and the encryption key matches the read code C. If the optical recording unit has been tampered with, this check causes a mismatch, so that the tampering can be recognized. Since the encryption key used for the authentication code generation process is recorded in the IC module, it is very difficult to read this encryption key to the outside by unauthorized means, and the authentication code is generated by unauthorized means. It is extremely unlikely to be done.

However, in an environment where the security for the encryption key can be sufficiently ensured, it is possible to prepare the encryption key outside the medium and perform the authentication code generation processing outside. For example, if sufficient security can be obtained for a host computer connected to a terminal device for accessing a medium, an encryption key should be prepared in this host computer so that authentication code generation processing can be executed. For example, there is an advantage that the authentication code generation process can be executed in a shorter time.

Further, when executing the authentication code generation processing inside the medium, it is judged whether the terminal device connected to the IC module is a legitimate one, and only when it is a legitimate terminal device. If the authentication code generation process is executed, the security can be further improved.

[0020]

The present invention will be described below with reference to illustrated embodiments.

§1. General hybrid IC card
Configuration Introduction, general hybrid I currently being proposed
The configuration of the C card will be described. An IC card 100 whose appearance is shown in FIG. 1 is a hybrid IC card having an IC module unit 10 built-in and an optical recording unit 20 formed on the surface. Contact terminals 30 are provided on the surface of the IC module unit 10. The optical recording section 20 is an area for recording data as minute pits. Access to the IC card 100 is performed by a dedicated terminal device 200. When the IC card 100 is inserted into the terminal device 200,
The electrodes in the terminal device 200 and the contact terminals 30 electrically contact with each other, and the IC module unit 1 is connected through the contact terminals 30.
Power supply to 0, clock supply, and data transmission / reception are performed. Further, in the terminal device 200, minute pits are written in the optical recording unit 20, or the optical recording unit 20 is recorded.
The optical access means for reading the information of the minute pits recorded therein is incorporated.

FIG. 2 is a block diagram showing a state in which the IC card 100 is connected to the terminal device 200 for access. The IC card 100 and the terminal device 200 are mutually connected via the I / O line 19 and the contact terminal 30. In addition, the terminal device 200 and the IC card 1
A supply path for a power supply, a clock, a reset signal, and the like is formed between 00 and 00, but illustration of these supply paths is omitted here.

The IC module unit 10 built in the IC card 100 includes an I / O interface 11 and a CPU 1.
2, ROM 13, RAM 14, and EEPROM 15 are built-in. The I / O interface 11 is an input / output circuit for transmitting / receiving data via the I / O line 19, and the CPU 12 communicates with the terminal device 200 via the I / O interface 11. ROM13
A program executed by the CPU 12 is stored therein, and the CPU 12 is based on this program,
It has a function of integrally controlling the IC module unit 10. R
The AM 14 is a memory used as a work area when the CPU 12 performs such overall control. On the other hand, E
The EPROM 15 is a memory that stores original data to be recorded in the IC module unit 10. IC card 10
When 0 is disconnected from the terminal device 200, power supply and clock supply are stopped. At this time, all the data in the RAM 14 is lost due to the stop of the power supply.
Since the ROM 15 is a non-volatile memory, the recorded content is retained as it is even after the power supply is stopped.

The terminal device 200 includes the optical access means 2
It is also possible to access the optical recording unit 20 by means of 9. The optical access means 29 is generally configured by combining a semiconductor laser, an optical system, a scanning mechanism, etc.,
As described above, digital information is recorded in the optical recording section 20 in the form of minute pits. In the IC card 100 according to this embodiment, the EEPROM in the IC module unit 10 is
While 15 has a recording capacity of 8 KB, the optical recording unit 20 can record information of 3.4 MB. Therefore, I which is provided only with the IC module unit 10
Compared to the C card, this hybrid IC card 10
It is possible to record a large amount of information in 0.

However, as described above, there is a problem in that the information recorded in the optical recording section 20 is easily tampered with by an unauthorized means. That is, it is impossible to read the information recorded in the optical recording section 20 with the naked eye, but if an apparatus having the same function as the optical access means 29 is used, the minute pits recorded in the optical recording section 20 are used. Can be read, and it is also possible to write a minute pit here. Therefore, a person having some technical knowledge can tamper the recorded information in the optical recording section 20 with relative ease. The present invention proposes a method for dealing with such falsification.

§2. Method of Generating Authentication Code Generally, there is known a method of determining whether or not there is any tampering based on the authentication code when there is a possibility that the data recorded in any medium is tampered with. That is, a secret encryption key is prepared in advance, and an authentication code uniquely derived from the original data is generated using the encryption key. Then, this authentication code is recorded on the medium together with the original data. If such a method is adopted, it is possible to determine the presence or absence of tampering by checking the authentication code at the time of reading.
That is, the data is read together with the authentication code, an authentication code uniquely derived from the read data is generated using the same encryption key as at the time of writing, and the generated authentication code matches the read authentication code. It is determined whether or not. Normally, the two should match,
In the unlikely event of a discrepancy, it can be judged that some kind of tampering has been performed.

Such an authentication code is generally a MAC (M
essage Authentication Code) is called. MAC
May use any data as long as it is uniquely determined from the original data, but in general, in order to suppress the redundancy of data recording to a certain extent, A fairly small MAC is used. MA
Since it is not necessary to generate the original data based on C, there is no problem even if the MAC information amount is small to some extent with respect to the original data information amount. However, MAC
Needs to be generated in a way that involves all of the original data. In other words, if any one bit of the original data changes, it is necessary to make sure that some change appears in the MAC itself. In this way, if any one bit is tampered with, the MAC collations do not match and it can be recognized that tampering has occurred.

Authentication code MAC satisfying such conditions
Is known as a method of generating original data. For example, the original data is divided into n (n ≧ 2) blocks, and m encryption keys (m ≧ 1) are added to the n blocks (n + m).
A mutual logical operation involving all of the data in the set is performed to generate an authentication code MAC shorter than the data length of the original data.

A specific example of this method will be described with reference to FIG. Now, as shown in the upper part of FIG. 3, an authentication code MA is assigned to “one-segment data” having a predetermined length.
Consider the case where C is generated. In this case, this “one-segment data” is divided into a plurality of n blocks. In this example, division is performed such that the data length of one block is 8 bytes. Then, using the predetermined encryption key K (for example, 8-byte data), the encryption means 31
The block 1 is encrypted according to the block 1, and a block 1'is obtained as a result. The encryption process performed by the encryption means 31 may be any logical operation using the block 1 and the encryption key K. In any case, the obtained block 1'becomes uniquely determined data if the block 1 and the encryption key K are specified. Next, the arithmetic unit 32 calculates the exclusive OR of the block 1 ′ and the block 2 to obtain the block 2 ′, and then the arithmetic unit 33 calculates the exclusive OR of the block 2 ′ and the block 3. Then, block 3'is obtained. Similarly, block i ′ and block (i + 1)
The process of obtaining the block (i + 1) ′ is repeatedly executed until i = n−1 by obtaining the block n ′, and the block n ′ becomes the authentication code MAC to be generated. . In this example, the original “data of 1 division” has a length of (8 × n) bytes, whereas the obtained authentication code MAC has a length of 8 bytes.

The authentication code M generated by such a method
AC is a code uniquely derived based on the original “one-segment data” and the encryption key K, and has a different value if any one bit in the original data is changed. Take. Note that the method of generating the authentication code MAC shown in FIG. 3 is an example, and the present invention is not limited to such a method of generating the authentication code MAC. For example, the block 3'may be obtained based on the block 2'and the encryption key K.
, And other logical operations may be performed, or the encryption keys K1, K2, ... And a plurality of keys may be used. In short, any code may be used as the authentication code MAC as long as it is uniquely determined based on the given data and the encryption key prepared in advance.

§3. Hybrid IC power according to the present invention
Following chromatography De, the configuration of a hybrid IC card according to the present invention, the writing process and reading process of data to the optical recording portion of the IC card will be described. FIG. 4 illustrates a hybrid IC card 100 according to an embodiment of the present invention as a terminal device 20.
FIG. 3 is a block diagram showing a state in which access is made by connecting to 0, and the hardware configuration thereof is similar to that of the conventional general hybrid IC card described in FIG. 2. However, the MAC generation routine is added in the ROM 13 and the encryption key K is recorded in the EEPROM 15, and it is recorded in the optical recording unit 20 as "1.
The difference is that the authentication code MAC is added to the “separation data”.

First, referring to the flow chart of FIG.
The procedure of the data writing process to the optical recording section 20 of the hybrid IC card 100 shown in FIG. 4 will be described.
In this flowchart, steps S11, S12,
S16 is a process performed in the terminal device 200,
Steps S13 to S15 and S17 are processes performed in the IC card 100. First, in step S11, recording target data to be recorded in the optical recording unit 20 is prepared on the terminal device 200 side. This recording target data corresponds to the “one-segment data” in FIG. If the length of the “separated data” is longer than the length of the authentication code MAC, the accuracy of the authentication is reduced accordingly. Therefore, the length of the “separated data” takes the necessary authentication accuracy into consideration. And set it appropriately.

In the following step S12, step S11
The data prepared in step 1 is transferred to the IC module unit 10 together with the MAC generation command. In this way, the terminal device 200 to the IC module unit 1 in the "command" format is used.
The reason why the data is transferred to 0 is that the communication between the terminal device 200 and the IC module unit 10 is performed in the form of “command” and “response” thereto. That is, when a predetermined “command” is given from the terminal device 200 to the CPU 12, the CPU 12 interprets the “command”, executes a routine corresponding to the command prepared in the ROM 13, and This is returned to the terminal device 200 as a “response”. For example, when writing to a predetermined file in the EEPROM 15, the data to be written is given to the CPU 12 together with the “write command”, and the CPU 12
The writing process is performed in the form of executing the "write command" by. On the contrary, when data is read from a predetermined file in the EEPROM 15, a predetermined "read command" is given to the CPU 12, and the read process is performed by the CPU 12 executing the "read command". In this way, when the execution of the “command” is completed in the IC card 10, the “response” to the executed “command” is returned to the outside. For example, when a "write command" is given, a "response" indicating whether or not the writing process has been executed without any trouble is returned, and when a "read command" is given, the data to be read is read. Will be returned in the form of a response. Therefore, in step S12, the data to be recorded (data corresponding to “separated data” in FIG. 3) prepared in step S11 is added to the IC module unit 10 together with the “MAC generation command” that gives an instruction to generate the authentication code MAC. Giving to.

The IC module section 10 interprets such a command and utilizes the MAC generation routine prepared in the ROM 13 to execute the following processing. First,
In this embodiment, before entering the substantial processing of the MAC generation routine, in step S13, it is checked whether the currently connected terminal device 200 has been authenticated as an authorized terminal device. Normally, when the IC card 100 is inserted into the terminal device 200 and both are electrically connected,
Mutual authentication processing is performed to confirm whether or not the other party is correct. Since a specific method of such a mutual authentication process is a well-known technique, its description is omitted here. However, as a result of this mutual authentication, the IC card 100 authenticates the other party (terminal device 200) as being correct. Then, normally, a process of setting a “flag indicating that the other party is a legitimate terminal device” in the RAM 14 is performed. In this embodiment, after confirming that this flag is set in step S13, the MAC
The generation routine is executed. This is a consideration for further improving security, and its merit will be described later.

If it is confirmed in step S13 that the currently connected terminal device 200 is a legitimate terminal device, a process of generating an authentication code MAC is performed in subsequent step S14. That is, the recording target data (“separated data” in FIG. 3) given together with the command from the terminal device 200 and the EEPROM 1
Some code that is uniquely derived based on the encryption key K prepared in 5 is generated. In this embodiment, the authentication code MAC is generated by the method shown in FIG. When the authentication code MAC is generated in this way,
This is returned to the terminal device 200 side as a response in step S15.

After all, looking at the above-mentioned processing from the terminal device 200 side, in step S12, if the recording target data is transferred together with the command via the I / O line 19,
In step S15, a response is also obtained via the I / O line 19, and this response includes the authentication code M for the transferred recording target data.
AC will be included. Therefore, the terminal device 20
In step S16, 0 adds the authentication code MAC returned as a response to the prepared recording target data (“separated data”), and stores this in the optical recording unit 20 via the optical access means 29. Perform the writing process.
Thus, as shown in FIG.
The “separated data” will be written together with the authentication code MAC.

In step S13, if it is determined that the currently connected terminal device 200 is not an authorized terminal device, that is, a flag indicating that the mutual authentication process has been normally completed is set in the RAM 14. If not, an error response is returned in step S17. Therefore, for example, even if the unauthorized terminal device communicates with the IC card 100 and gives the MAC generation command from the unauthorized terminal device,
An error response is returned from the C card 100, and the authentication code MAC cannot be obtained. Therefore, an unauthorized act of acquiring an authentication code MAC for specific data using an unauthorized terminal device is rejected, and sufficient security can be ensured.
Of course, the determination process in step S13 is not an indispensable process for implementing the present invention, but it is preferable to execute this process in order to secure sufficient security in practical use.

Next, the procedure of the data reading process from the optical recording section 20 for the hybrid IC card 100 shown in FIG. 4 will be described with reference to the flowchart of FIG. In addition, in this flowchart, steps S21 and S22 are processes performed in the terminal device 200.
23 to S27 are processes performed in the IC card 100. First, in step S21, the optical recording unit 20
The data with MAC is read from the optical access unit 29 via the optical access unit 29. That is, the “separated data” and the authentication code MAC shown in the optical recording unit 20 of FIG. 4 are read by the terminal device 200 side as one set of data.

In the following step S22, step S21
The data read in step 1 is transferred to the IC module unit 10 together with the MAC collation command. IC module section 10
Interprets such a command and uses the MAC generation routine prepared in the ROM 13 to execute the following processing. First, in this embodiment, before starting the substantial processing of the MAC generation routine, it is checked in step S23 whether the currently connected terminal device 200 has been authenticated as a legitimate terminal device. This is the same as the processing in step S13 described above. If it can be confirmed that the currently connected terminal device 200 is a legitimate terminal device, a process of collating the authentication code MAC is performed in the subsequent step S24. That is,
The data given together with the command from the terminal device 200 is divided into an original data part and an authentication code MAC part, and the original data part (“separated data” in FIG. 3) is divided.
(Corresponding to the above) and the encryption key K prepared in the EEPROM 15, the authentication code MAC is generated. In this embodiment, the authentication code M is calculated by the method shown in FIG.
AC is generated. When the authentication code MAC is generated in this manner, it is determined whether the generated authentication code MAC and the authentication code MAC given from the terminal device 200 match.

The information recorded in the optical recording section 20 is
If it is as it is at the time of writing, the collation result in step S25 should indicate a match, but if some sort of tampering has been performed, it indicates a mismatch. Therefore, if the collation results match, a normal response is returned in step S26, and if they do not match, an error response is returned in step S27. Based on this response, the terminal device 200 side can recognize whether or not the data read from the optical recording unit 20 has been tampered with. That is, if a normal response is obtained, the read data can be treated as correct data, and if an error response is obtained, it is recognized that the read data has been tampered with illegally. Appropriate handling can be performed based on.

If it is determined in step S23 that the terminal device is not an authorized terminal device, that is, if the flag indicating that the mutual authentication process has been normally completed is not set in the RAM 14, the process proceeds to step S27. , The error response is returned. Therefore, for example, even if the unauthorized terminal device communicates with the IC card 100 and gives a MAC collation command from the unauthorized terminal device, an error response is returned from the IC card 100, and the collation result cannot be obtained. Can not.
Therefore, an unauthorized act of obtaining a check result of a combination of specific data and the authentication code MAC using an unauthorized terminal device is rejected, and sufficient security can be ensured. Of course, step S
The determination process of 23 is not an essential process for carrying out the present invention, but it is preferable to carry out this process for practically ensuring sufficient security.

§4. Modification of the Present Invention Finally, a modification of the present invention will be described. FIG. 7 is a block diagram showing an example of the transaction system using the IC card 100 of the present invention described above. Here, two terminal devices 201 and 202 and four IC cards 101 to 104
Although a very simple model using and is shown, in practice more terminal devices and IC cards are used. In such a system, four IC cards 101
To 104 can be connected to both the terminal devices 201 and 202. For example, when predetermined data is written in the optical recording unit of the first IC card 101 by using the first terminal device 201, this data can be read by the second terminal device 202 without any trouble. it can. Because the encryption key K1 used to generate the authentication code MAC is prepared in the IC card 101,
Moreover, since the MAC generation routine is also prepared in the IC card 101, the same result can be obtained regardless of which terminal device is used. Therefore, the present invention can be applied to the transaction system as shown in FIG. 7 without any trouble.

FIG. 8 shows the transaction system shown in FIG. 7 with the addition of a third terminal device 203 and a fourth terminal device 204. Here, the third terminal device 203 and the fourth terminal device 204 are both connected to the host computer 300. Each of the first terminal device 201 and the second terminal device 202 shown in FIG. 7 is a so-called “stand-alone type”, and is not connected to the host computer 300. On the other hand, the third terminal device 203 and the fourth terminal device 204 shown in FIG.
Are of a so-called “network type”, and are connected online to the host computer 300.

In the transaction system in the real world, it is often seen that the "stand-alone" terminal device and the "network type" terminal device are mixed.
For example, in the case of a bank transaction system, a “network type” terminal device should be installed in a relatively large-scale office such as each branch, and a “stand-alone” terminal device should be installed in a station or in a corner of a department store. It can be used in various ways. The term "terminal device" in the present invention is used in a broad concept including "stand-alone type" devices and "network type" devices, and the present invention applies to the transaction system of FIG. It can be applied to both trading systems.

However, when applied to a system including a "network type" terminal device as shown in FIG.
The generation process and the MAC verification process are performed by the host computer 300.
It is also possible to do it on the side. That is, each IC card 1
The MAC generation routine prepared in the ROM of 01 to 104 and the encryption key K1, prepared in the EEPROM
If K2, K3, and K4 are also prepared in the host computer 300, the IC in the above-described embodiment
MAC generation processing performed in the card (step S1
3) and the MAC matching process (step S24) can be executed on the host computer 300 side.

The above processing is performed by the host computer 30.
If it is performed on the 0 side, there is an advantage that the processing time can be shortened. That is, the C built in each IC card
When the PU and the CPU in the host computer 300 are compared with each other, as is apparent from the comparison of the costs of the two, the former's computing power is very inferior to the latter's computing power. Therefore, for example, when the CPU on the IC card side executes the arithmetic processing as shown in FIG. 3, a considerable amount of time is required. To do. Also,
In order for the CPU on the IC card side to execute these processes, it is necessary to transfer data in the form of a command from the terminal device via the I / O line 19, and this transfer operation also requires some time. This is a factor that further slows down the processing on the IC card side. Therefore, when the IC card 100 is accessed using a terminal device that is online connected to the host computer 300 like the terminal devices 203 and 204 shown in FIG. 8, the MAC generation process and the MAC verification process are performed. If the process is performed on the host computer 300 side instead of on the IC card side, the entire processing time is shortened. However, the encryption keys K1 to MAC generation routines and individual IC cards
Since K4 is prepared in the host computer 300, it is necessary to ensure sufficient security so that unauthorized reading of the host computer 300 is not performed. In addition, before executing the MAC generation process or the MAC collation process in the host computer 300, mutual authentication is performed between the host computer, the terminal device, and the IC card to confirm that the other parties are legitimate. By confirming that the security is checked, sufficient security can be ensured even against unauthorized access.

The present invention has been described above based on the illustrated embodiments, but the present invention is not limited to these embodiments and can be implemented in various modes other than this. For example, in the above-mentioned embodiments, the hybrid IC card having the optical recording unit 20 is taken as an example, but the present invention is also applicable to a hybrid IC card having a magnetic recording unit or a magneto-optical recording unit instead of the optical recording unit 20. Is possible and also
The present invention can be applied not only to the IC card but also to any portable information recording medium.

[0048]

As described above, according to the present invention, a portable information recording medium capable of recording information in both the built-in IC module and the information recording section formed on the surface is provided in the IC module. Since the generated authentication code is recorded in the information recording part together with the data,
Effective countermeasures against falsification of information recorded in the information recording unit can be realized.

[Brief description of the drawings]

FIG. 1 is an external view of a hybrid IC card having a built-in IC module unit 10 and an optical recording unit 20 formed on the surface.

FIG. 2 is a block diagram showing a state in which the IC card 100 shown in FIG.

FIG. 3 is a diagram illustrating an example of a method for generating an authentication code MAC.

FIG. 4 is a block diagram showing a state in which the hybrid IC card 100 according to the embodiment of the present invention is connected to the terminal device 200 to perform access.

5 is a flowchart illustrating a procedure of a data writing process to the optical recording unit 20 of the hybrid IC card 100 shown in FIG.

6 is a flowchart illustrating a procedure of a data reading process from the optical recording unit 20 of the hybrid IC card 100 shown in FIG.

FIG. 7 is a block diagram showing an example of a transaction system using an IC card and a stand-alone terminal device according to the present invention.

FIG. 8 is a block diagram showing an example of a transaction system using an IC card and a network type terminal device according to the present invention.

[Explanation of symbols]

 10 ... IC module part 11 ... I / O interface 12 ... CPU 13 ... ROM 14 ... RAM 15 ... EEPROM 19 ... I / O line 20 ... Optical recording part 29 ... Optical access means 30 ... Contact terminal 31 ... Encryption means 32 , 33, 3n ... Arithmetic unit 100-104 ... IC card 200-204 ... Terminal device 300 ... Host computer

Claims (8)

[Claims] 1. A CPU, a ROM storing a program executed by the CPU, a RAM used as a work area of the CPU, and a non-volatile memory capable of reading and writing data via the CPU. An information recording section for recording information using light or magnetism is formed on the surface of the IC module, and information is recorded in both the IC module and the information recording section. In the portable information recording medium capable of performing the following, when predetermined data is given to the IC module from the outside, the encryption key recorded in the non-volatile memory is used to uniquely extract the data from the data. The authentication code generation process for generating the derived authentication code is performed in the above C
A portable information recording medium, characterized in that an authentication code generation program is prepared in the ROM so that the PU can execute the program. 2. The medium according to claim 1, wherein the given data is divided into n (n ≧ 2) blocks, and m encryption keys (m ≧ 1) are divided into the n blocks.
And an authentication code generation program that can generate an authentication code shorter than the data length of the given data by performing a mutual logical operation involving all of the (n + m) sets of data added with Portable information recording medium. 3. The medium according to claim 1 or 2, wherein the authentication code generated in the IC module is added to the data which is the basis of the authentication code and recorded in the information recording section. Characteristic portable information recording medium. 4. The medium according to claim 1, wherein the IC module has a function of determining whether or not the terminal device connected to the IC module is a legitimate one. A portable information recording medium, wherein an authentication code generation process is executed only when the device is a terminal device. 5. A CPU, a memory accessed by the CPU, and an information recording unit capable of recording information by using light or magnetism, and both the memory and the information recording unit. A method of writing information to a portable information recording medium capable of recording information, comprising preparing recording target data to be written in the information recording section,
Using the encryption key recorded in the memory, the CPU executes an authentication code generation process for generating an authentication code uniquely derived from the data to be recorded, and the generated authentication code is recorded in the memory. An information writing method for a portable information recording medium, characterized in that it is added to target data and written in the information recording section. 6. The information writing method according to claim 5, wherein the encryption key recorded in the information recording medium is also prepared in the host computer of the terminal device connected to this medium, An information writing method to a portable information recording medium, characterized in that the host computer is caused to execute the authentication code generation process instead of the CPU in the medium. 7. A method for reading information written in an information recording section by the method according to claim 5 or 6, wherein the recording target data and the authentication code written in the information recording section are read out, and The CPU executes an authentication code generation process for generating an authentication code uniquely derived from the data to be recorded by using the encryption key recorded in the memory, and is read from the information recording unit. The authentication code and the authentication code generated by the authentication code generation process are compared, and the recording target data read from the information recording unit is treated as correct data only when both match. Method for reading information from a portable information recording medium. 8. The information reading method according to claim 7, wherein an encryption key recorded in an information recording medium is also prepared in a host computer for a terminal device connected to this medium, and authentication is performed. An information reading method for a portable information recording medium, characterized in that the host computer is caused to execute the code generation process instead of the CPU in the medium.