HK1111250B

HK1111250B - System, device, and method for communication, apparatus and method for processing information

Info

Publication number: HK1111250B
Application number: HK08105930.4A
Authority: HK
Inventors: 森田直; 金本俊范
Original assignee: 索尼株式会社
Priority date: 2006-05-12
Filing date: 2008-05-28
Publication date: 2013-01-18

Description

Communication system, communication apparatus, communication method, information processing apparatus, information processing method, and computer program

Cross Reference to Related Applications

This application contains subject matter relating to Japanese patent application JP2006-205702 filed by the Japanese patent office on 7/28 2006, which is hereby incorporated by reference in its entirety.

Technical Field

The present invention relates to a system, apparatus, and method for communication, and an apparatus and method for processing information, a computer program, and a recording medium. More particularly, the present invention relates to a system, apparatus and method for communication, an apparatus and method for processing information, and a computer program recording medium for performing secure and highly convenient communication with a simple arrangement (simple arrangement).

Background

Contactless IC cards (contactless IC cards) and Radio Frequency Identification (RFID) are now widely used. If a plurality of contactless IC cards or a plurality of readers/writers (readers/writers) transmit wireless waves in communication between known cards and readers/writers, each card or each reader/writer cannot distinguish the reader/writer or the card, respectively. This is called RF collision. To avoid RF collisions, a single card uses a unique card Identification (ID) unique to its single card.

When the card ID is used to avoid collision, any reader/writer can read the card ID. The holder of the card ID can be easily identified and the privacy of the holder may be violated.

RFID can be attached to products, especially when the products are rare (rare) to show their authenticity (authenticity). The RFID attached to the product is a unique ID. With any reader/writer that can communicate with the RFID, the activity of the user purchasing the product can be monitored.

A near field communication-interface and protocol (NFCIP) for identifying an IC card and an RFID within a communication coverage area of a reader/writer is standardized as ISO/IEC18092 (NFCIP-1). According to this standard, the use of a unique ID of an ID card or RFID that is not transmitted to the reader/writer avoids collisions.

Japanese unexamined patent publication No. 2005-348306 discloses a method of protecting privacy. According to the disclosure, secret shared information is established in each of the reader/writer and a digital tag (tag) in the RFID, and only the reader/writer having the secret shared information can decrypt the encrypted information. These techniques thus prevent unauthorized tracking, thereby protecting privacy.

Disclosure of Invention

However, in NECIP-1, a unique ID is not transmitted to the IC card and the RFID. The IC card and the RFID cannot be identified. When each IC card and RFID needs to be identified, a unique ID of the IC card or RFID may be stored in a data area of each chip and transmitted to a reader/writer as needed. In this technique, the unique ID is encrypted to ensure secure transmission, and an authentication sequence of exchanging session secret keys is required.

The technique disclosed in japanese unexamined patent publication No. 2005-348306 allows the unique ID of the digital mark to be kept secret, but can be applied only to one-way communication. Since it is necessary to keep the identification information secret in RFID performed in bidirectional communication, a communication partner cannot be identified.

Therefore, it is desirable to perform secure and convenient communication with a simple arrangement.

According to one embodiment of the present invention, a communication system uniquely identifying a communication partner within a predetermined coverage area and transmitting and receiving information in a predetermined protocol, comprises: an apparatus and an information processing device that perform wireless communication with one another within a predetermined coverage area. The apparatus includes a random number generation unit for generating a random number; a device encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit for storing a secret key, the device encryption unit for encrypting and decrypting using the secret key and pre-shared with the information processing apparatus; a communication ID transmitting unit for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and that is an ID encrypted with a secret key by the device encrypting unit from a random number generated by the random number generating unit in response to polling (poll) transmitted from the information processing apparatus; and a device transmitting and receiving unit for transmitting to or receiving from the information processing apparatus information encrypted or decrypted by the device encrypting unit using the random number generated by the random number generating unit as a key. The information processing apparatus includes an apparatus encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit for storing a secret key, which is used by the device encryption unit for encryption or decryption and is pre-shared with the apparatus; a communication ID storage unit for storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID serving as an identifier for uniquely identifying the apparatus as a communication partner; a random number obtaining unit that obtains a random number by decrypting the communication ID with the secret key of the device encryption unit; and a device transmitting and receiving unit for transmitting to or receiving from the apparatus information encrypted or decrypted by the device encrypting unit with the random number obtained by the random number obtaining unit as a key.

One embodiment of the present invention relates to a communication method of a communication system that uniquely identifies a communication partner and transmits and receives information in a predetermined communication protocol within a predetermined coverage area, the communication system including an apparatus and an information processing device, wherein one and the other perform wireless communication within the predetermined coverage area. The method comprises the following steps: generating a random number; transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and that is generated by encrypting a random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus; transmitting or receiving information to or from an information processing apparatus, the information being encrypted or decrypted according to an algorithm using the generated random number as a key; storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus as an identifier, the identifier being used to uniquely identify the apparatus as a communication partner; obtaining a random number by decrypting the communication ID according to a predetermined algorithm using a secret key pre-shared with the device; and transmits or receives information to or from the device, the information being encrypted or decrypted according to an algorithm using the obtained random number as a key.

According to an embodiment of the present invention, the apparatus generates a random number; transmitting a response containing the communication ID to the information processing apparatus; the communication ID uniquely identifies the information processing apparatus as a communication partner that is generated by encrypting a random number generated in response to polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared (pre-share) with the information processing apparatus; information is transmitted to or received from an information processing apparatus, the information being encrypted or decrypted according to an algorithm using a generated random number as a key. The information processing apparatus stores, as an identifier, a communication ID contained in a response that is transmitted in response to the polling and then received from the device, the identifier being used to uniquely identify the device as a communication partner; obtaining a random number by decrypting the communication ID according to a predetermined algorithm using a secret key pre-shared with the device; and transmits or receives information to or from the device, the information being encrypted or decrypted according to an algorithm using the obtained random number as a key.

One embodiment of the present invention relates to an apparatus in a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing device, wherein one performs wireless communication with the other within the predetermined coverage area. The apparatus includes a random number generating unit for generating a first random number; a device encryption unit that encrypts or decrypts information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit for storing a secret key used by the device encryption unit for encryption and decryption and pre-shared with the information processing apparatus; a communication ID transmitting unit for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and that is an ID encrypted by the device encrypting unit with a secret key from a first random number generated by the random number generating unit in response to the polling transmitted from the information processing apparatus; and a device transmitting and receiving unit for transmitting to or receiving from the information processing apparatus information encrypted or decrypted by the device encrypting unit using the first random number generated by the random number generating unit as a key.

The communication protocol of the communication system comprises a near field communication interface and a protocol-1 standardized as ISO/IEC18092 (NFCIP-1). According to NFCIP-1, the communication ID transmitting unit may embed an NFC identifier, which is used in RF collision avoidance and single device detection, as the communication ID.

The apparatus may further include an ID storage unit for storing a unique ID of the apparatus. When receiving a request to read the unique ID from the information processing apparatus, the device encrypting unit encrypts the unique ID stored on the ID storing unit using the first random number generated by the random number generating unit as a key, and transmits the encrypted unique ID to the information processing apparatus.

The apparatus may further include a determination unit that determines whether the unique ID has been encrypted and then transmitted to the information processing device. When the determination unit determines that the unique ID has been encrypted and transmitted to the information processing apparatus, the device transmission and reception unit encrypts or decrypts information to be communicated with the information processing apparatus.

The device transmission and reception unit controls the device encryption unit to encrypt and decrypt information to be communicated with the information processing apparatus using the first random number generated by the random number generation unit and the second random number encrypted with the secret key and transmitted from the information processing apparatus during polling or during the next transmission of polling.

One embodiment of the present invention relates to a communication method of an apparatus in a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing device, wherein one and the other perform wireless communication in the predetermined coverage area. The method comprises the following steps: generating a random number; transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and is generated by encrypting a random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus, and transmitting or receiving information encrypted or decrypted according to the algorithm using the generated random number as a key.

One embodiment of the present invention relates to a computer-readable program for causing an apparatus in a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing device, in which one and the other perform wireless communication within the predetermined coverage area, to execute a communication method of the apparatus. The computer program comprises the steps of: generating a random number; transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and that is generated by encrypting a random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus; and transmitting or receiving information encrypted or decrypted according to an algorithm using the generated random number as a key.

According to an embodiment of the present invention, a random number is generated. The response containing the communication ID is transmitted to the information processing apparatus. The communication ID uniquely identifies the information processing apparatus as a communication partner, and is generated by encrypting a random number generated in response to polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus, and transmits or receives information encrypted or decrypted according to the algorithm using the generated random number as a key.

One embodiment of the present invention relates to an information processing apparatus in a communication system that uniquely identifies communication partners within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the device and the information processing apparatus, wherein one and the other perform wireless communication within the predetermined coverage area. The information processing apparatus includes an apparatus encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit for storing a secret key, the device encryption unit for encrypting or decrypting using the secret key and pre-sharing the secret key with the apparatus; a communication ID storage unit for storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus as an identifier for uniquely identifying the apparatus as a communication partner; a random number acquisition unit that acquires a first random number by decrypting the communication ID with the secret key by the device encryption unit; and a device transmitting and receiving unit for transmitting or receiving information to or from the apparatus, the information being encrypted or decrypted by the device encrypting unit with the first random number obtained by the random number obtaining unit. The communication protocols of the communication system may include a near field communication interface and protocol-1 (NFCIP-1) standardized as ISO/IEC 18092. The communication ID storage unit stores, as the communication ID, an NFC identifier that is obtained in a response transmitted from the device in response to the polling and that is used for RF collision avoidance and single device detection in NFCIP-1.

The information processing apparatus may further include a random number generation unit for generating the second random number. The device transmission and reception unit encrypts the second random number with the secret key and transmits the encrypted second random number to the apparatus during the polling or the next transmission of the polling, and controls the device encryption unit to encrypt or decrypt information communicated with the apparatus using the first random number and the second random number obtained by the random number acquisition unit.

When the unique ID of the device is read, the apparatus transmitting and receiving unit may encrypt or decrypt information to be communicated with the device.

One embodiment of the present invention relates to an information processing method of an information processing apparatus in a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the device and the information processing apparatus, wherein one and the other perform wireless communication in the predetermined coverage area. The information processing method includes the steps of: storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner; the random number is obtained by decrypting the communication ID according to an algorithm that is predetermined using a secret key pre-shared with the device, and information that is encrypted or decrypted according to the algorithm using the obtained random number as a key is transmitted to or received from the device.

One embodiment of the present invention relates to a computer-readable program for causing an information processing apparatus to execute a communication processing method of a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including a device and the information processing apparatus, wherein one and the other perform wireless communication within the predetermined coverage area. The computer readable program includes the steps of: storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner; the random number is obtained by decrypting the communication ID according to an algorithm that is predetermined using a secret key pre-shared with the device, and information that is encrypted or decrypted according to the algorithm using the obtained random number as a key is transmitted to or received from the device.

The communication ID contained in the response transmitted in response to the polling and then received from the device is stored. The communication ID is an identifier that uniquely identifies the apparatus as a communication partner. The random number is obtained by decrypting the communication ID according to an algorithm predetermined using a secret key pre-shared with the device. Transmitting or receiving information encrypted or decrypted according to an algorithm using the obtained random number.

One embodiment of the present invention relates to a communication system that uniquely identifies communication partners within a predetermined coverage area and transmits and receives information in a predetermined protocol. A communication system includes an apparatus and an information processing device, wherein one and the other communicate wirelessly within a predetermined coverage area. The apparatus includes an apparatus random number generating unit for generating a first random number; a device encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined secret key; a device secret key storage unit for storing a secret key, the device encryption unit for encrypting and decrypting using the secret key and pre-sharing the secret key with the information processing apparatus; a communication ID transmission unit that transmits a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and that is an ID encrypted with a secret key by the device encryption unit from a first random number generated by the device random number generation unit in response to the polling transmitted from the information processing apparatus; and a device transmission and reception unit for controlling the device encryption unit to encrypt or decrypt information to be communicated with the information processing apparatus using the first random number generated by the random number generation unit and the second random number encrypted with the secret key and transmitted from the information processing apparatus during polling or next transmission of polling. The information processing apparatus includes an apparatus random number generation unit for generating a second random number; a device encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit for storing a secret key, the device encryption unit for encrypting or decrypting using the secret key and pre-sharing the secret key with the apparatus; a communication ID storage unit for storing a communication ID contained in a response transmitted in response to the polling and then received from the device, the communication ID uniquely identifying the information processing apparatus as a communication partner; a random number obtaining unit that obtains a first random number by the device encryption unit decrypting the communication ID with the secret key; and a device transmission and reception unit for encrypting the second random number with the secret key and transmitting the encrypted second random number to the apparatus at the time of polling or at the time of second transmission of polling, and controlling the apparatus encryption unit to encrypt or decrypt information to be communicated with the apparatus using the first random number and the second random number obtained by the random number acquisition unit.

One embodiment of the present invention relates to a communication method of a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including an apparatus and an information processing device, wherein one and the other perform wireless communication in the predetermined coverage area. The communication method comprises the following steps: generating a first random number; transmitting a response containing the communication ID to the information processing apparatus; the communication ID uniquely identifies the information processing apparatus as a communication partner, and is generated by encrypting a first random number according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus, the first random number being generated in response to a poll transmitted from the information processing apparatus; transmitting to or receiving from the information processing apparatus information encrypted or decrypted according to an algorithm using the generated first random number and a second random number encrypted with a secret key and transmitted from the information processing apparatus during polling or during the next transmission after polling as a key; generating a second random number, storing a communication ID contained in a response, the response being transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner; obtaining a first random number by decrypting the communication ID with a secret key pre-shared with the device according to a predetermined algorithm, and encrypting a second random number with the secret key and transmitting the encrypted secret key to the device during the polling or a next transmission of the polling; and transmitting or receiving information encrypted or decrypted according to an algorithm using the obtained first random number and second random number.

According to an embodiment of the present invention, the apparatus generates a first random number, transmits a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting the first random number generated in response to a poll transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus, and transmits or receives information to or from the information processing apparatus encrypted or decrypted according to the algorithm using the generated first random number and a second random number encrypted with the secret key and transmitted from the information processing apparatus during the poll or during the next transmission of the poll as keys. The information processing apparatus generates a second random number; storing an ID of a communication contained in a response transmitted in response to a poll and then received from the apparatus, the communication ID being an identifier uniquely identifying the apparatus as a communication partner, obtaining a first random number by decrypting the communication ID with a secret key pre-shared with the apparatus according to a predetermined algorithm, and during the poll or a next transmission of the poll, encrypting a second random number with the secret key and transmitting the encrypted secret key to the apparatus, and transmitting or receiving information encrypted or decrypted according to the algorithm using the obtained first random number and the second random number.

According to the embodiments of the present invention, it is possible to perform secure and convenient communication with a simple arrangement.

Drawings

FIG. 1 is a block diagram illustrating a communication system according to one embodiment of the present invention;

fig. 2 is a flowchart showing a communication process with the IC card of fig. 1;

FIG. 3 shows a response form format (response form format) defined by NFCIP-1;

fig. 4 is a flowchart showing communication performed between the reader/writer and the IC card shown in fig. 1;

fig. 5 shows a flowchart of the communication ID generation process;

fig. 6 is a flowchart showing a random number acquisition process;

fig. 7 is a flowchart showing the card ID transmission process;

fig. 8 is a flowchart showing the card ID decryption process;

fig. 9 is a flowchart showing read data transmission processing;

FIG. 10 is a flowchart showing a write request transmission process;

FIG. 11 is a flowchart showing a write data process;

fig. 12 is a flowchart showing in detail communication performed between the IC card of one embodiment of the present invention and a known reader/writer;

fig. 13 is a block diagram illustrating a communication system according to another embodiment of the present invention;

fig. 14 is a flowchart specifically showing communication performed between the reader/writer and the IC card of fig. 13;

fig. 15 is a flowchart showing a polling request generation process;

fig. 16 is a flowchart showing the random number B acquisition process;

fig. 17 is a flowchart specifically showing communication performed between the reader/writer of fig. 13 and an IC card;

fig. 18 is a flowchart showing a card ID read request generation process; and

fig. 19 is a flowchart showing the random number B acquisition process.

Detailed Description

Before describing embodiments of the present invention, the correspondence between the features of the present invention and the embodiments disclosed in the specification or drawings of the present invention is discussed below. The purpose of this statement is to ensure that embodiments supporting the claimed invention are described in this specification or the drawings. Therefore, even if the embodiment is described in the specification or the drawings, and not described herein as the feature relating to the present invention, it does not necessarily mean that the embodiment does not relate to the feature of the present invention. Conversely, even though an embodiment is described herein with respect to a particular feature of the invention, it does not necessarily mean that the embodiment does not relate to other features of the invention.

According to one embodiment of the present invention, a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol includes a device (e.g., IC card 200 of fig. 1) and an information processing apparatus (e.g., reader/writer 100 of fig. 1) that perform wireless communication with one another within the predetermined coverage area. The apparatus includes a random number generation unit (e.g., the random number generator 202 of fig. 1) for generating random numbers; a device encryption unit (e.g., encryption processor 208 of fig. 1) for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit (for example, a secret key storage unit 203 of fig. 1) for storing a secret key, which is used by the device encryption unit for encryption and decryption and pre-shared with the information processing apparatus; a communication ID transmitting unit (for example, the CPU207 of fig. 1 that performs step S103 of fig. 4) for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner communication and that is an ID encrypted with a secret key by the device encrypting unit from a random number generated by the random number generating unit in response to the polling transmitted from the information processing apparatus to the information processing apparatus; and a device transmission and reception unit (for example, the CPU207 of fig. 1 that executes one of steps S108 and S110 of fig. 4) for transmitting to or receiving from the information processing apparatus information encrypted or decrypted by the device encryption unit using the random number generated by the random number generation unit as a key. The information processing apparatus includes an apparatus encryption unit (for example, an encryption processor 208 of fig. 1) for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit (e.g., secret key storage unit 203 of fig. 1) for storing a secret key, which is used by the device encryption unit for encryption or decryption and pre-shared with the apparatus; a communication ID storage unit (for example, the CPU105 of fig. 1 that executes step S332 of fig. 6) for storing a communication ID, which is an identifier for uniquely identifying the apparatus as a communication partner, contained in a response transmitted in response to the polling and received from the apparatus; a random number acquisition unit (for example, the CPU105 of fig. 1 that executes step S334 of fig. 6) for acquiring a random number by the device encryption unit decrypting the communication ID with the secret key; and an apparatus transmitting and receiving unit (for example, the CPU105 of fig. 1 that performs one of steps S206, S209, and S210 of fig. 4) for transmitting to or receiving from the device information encrypted or decrypted by the random number obtaining unit with the random number obtained by the device encryption unit as a key.

One embodiment of the present invention relates to a communication method of a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined communication protocol, the communication system including an apparatus (e.g., IC card 200 of fig. 1) and an information processing device (e.g., reader/writer 100 of fig. 1), wherein one and the other communicate wirelessly within the predetermined coverage area. The method comprises the following steps: generating a random number (e.g., in step S301 of fig. 5); transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting a random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus (for example, in step S103 of fig. 4); transmitting or receiving information to or from the information processing apparatus, the information being encrypted or decrypted according to an algorithm using the generated random number as a key (for example, in one of steps S108 and S110 of fig. 4); storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus as an identifier, the identifier being used to uniquely identify the apparatus as a communication partner (for example, in step S332 of fig. 6); obtaining a random number by decrypting the communication ID according to a predetermined algorithm using a secret key pre-shared with the device (for example, in step S334 of fig. 6); and transmits or receives information to or from the device, the information being encrypted or decrypted according to an algorithm using the obtained random number as a key (e.g., one of steps S206, S209, and S210 of fig. 4).

One embodiment of the present invention relates to an apparatus (e.g., IC card 200 of fig. 1) in a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing device (e.g., reader/writer 100 of fig. 1), wherein one communicates wirelessly with the other within the predetermined coverage area. The apparatus includes a random number generation unit (e.g., the random number generator 202 of fig. 1) for generating a first random number; a device encryption unit (e.g., encryption processor 208 of fig. 1) for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit (for example, a secret key storage unit 203 of fig. 1) for storing a secret key that is used by the device encryption unit for encryption and decryption and is pre-shared with the information processing apparatus; a communication ID transmitting unit (for example, the CPU207 of fig. 1 that executes step S103 of fig. 4) for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, the communication ID being an ID encrypted with a secret key by the device encrypting unit from a first random number generated by the random number generating unit in response to the poll transmitted from the information processing apparatus; and a device transmitting and receiving unit (e.g., CPU207 of fig. 1 that performs one of steps S108 and S110 of fig. 4) for transmitting to or receiving from the information processing apparatus information encrypted or decrypted by the device encrypting unit using the random number generated by the random number generating unit as a key.

The communication protocols of the communication system may include a near field communication interface and protocol-1 (NFCIP-1) standardized as ISO/IEC 18092. According to NFCIP-1, the communication ID transmitting unit may be embedded as a communication ID and an NFC identifier (e.g., NFCID2 of fig. 3) which is used in RF collision avoidance and single device detection.

The apparatus may further include an ID storage unit (e.g., ID storage unit 204 of fig. 1) for storing a unique ID of the apparatus. When receiving a request to read the unique ID from the information processing apparatus, the device encrypting unit encrypts the unique ID stored in the ID storing unit using the first random number generated by the random number generating unit as a key, and transmits the encrypted unique ID to the information processing apparatus.

The apparatus may further include a determination unit (e.g., the CPU207 of fig. 1 that executes step S29 of fig. 2) for determining whether the unique ID has been encrypted and then transmitted to the information processing device. When the determination unit determines that the unique ID has been encrypted and transmitted to the information processing apparatus, the device transmission and reception unit encrypts or decrypts information to be communicated with the information processing apparatus.

One embodiment of the present invention relates to a communication method of a device (e.g., IC card 200 of fig. 1) in a communication system that uniquely identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the device and an information processing apparatus (e.g., reader/writer 100 of fig. 1), wherein one communicates wirelessly with the other within the predetermined coverage area. The method comprises the following steps: generating a random number (e.g., in step S301 of fig. 5); transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting a random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus (for example, in step S103 of fig. 1); and transmitting or receiving information encrypted or decrypted according to an algorithm using the generated random number as a key (e.g., in one of steps S108 and S110 of fig. 4).

One embodiment of the present invention relates to an information processing apparatus (e.g., reader/writer 100 of fig. 1) in a communication system that uniquely identifies communication partners and transmits and receives information in a predetermined protocol within a predetermined coverage area, the communication system including a device (e.g., IC card 200 of fig. 1) and the information processing apparatus, wherein one and the other communicate wirelessly within the predetermined coverage area. The information processing apparatus includes an apparatus encryption unit (for example, an encryption processor 208 of fig. 1) for encrypting or decrypting information according to a predetermined algorithm based on a predetermined key; a device secret key storage unit (e.g., secret key storage unit 203 of fig. 1) for storing a secret key, which is used by the device encryption unit for encryption or decryption and pre-shares the secret key with the apparatus; a communication ID storage unit (for example, the CPU105 of fig. 1 that executes step S332 of fig. 6) for storing a communication ID contained in a response that is transmitted in response to polling and then received from the apparatus, the communication ID being an identifier for uniquely identifying the apparatus as a communication partner; a random number acquisition unit (for example, CPU105 of fig. 1 that executes step S334 of fig. 6) for acquiring a first random number by the device encryption unit decrypting the communication ID with the secret key; and a device transmitting and receiving unit (for example, the CPU105 of fig. 1 for executing one of steps S206, S209, and S210 of fig. 4) for transmitting to or receiving from the apparatus information encrypted or decrypted by the device encrypting unit with the first random number obtained by the random number obtaining unit.

The communication protocols of the communication system may include a near field communication interface and protocol-1 (NFCIP-1) standardized as ISO/IEC 18092. The communication ID storage unit stores, as a communication ID, an NFC identifier (e.g., NFCID2 of fig. 3) that is obtained in a response transmitted from the device in response to polling and is used in RF collision avoidance and single device detection in NFCIP-1.

One embodiment of the present invention relates to an information processing method of an information processing apparatus (e.g., reader/writer 100 of fig. 1) in a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus (e.g., IC card 200 of fig. 1) and an information processing device, wherein one and the other perform wireless communication within the predetermined coverage area. The information processing method includes the steps of: storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner (e.g., in step S332 of fig. 6); the random number is obtained by decrypting the communication ID according to an algorithm that is predetermined using a secret key pre-shared with the device (e.g., in step S334 of fig. 6), and information that is encrypted or decrypted according to the algorithm using the obtained random number as a key is transmitted to or received from the device (e.g., in one of steps S206, S209, and S210 of fig. 4).

Embodiments of the present invention are described below with reference to the drawings.

Fig. 1 is a block diagram illustrating a communication system 50 according to one embodiment of the present invention. As shown in fig. 1, the communication system 50 includes a reader/writer 100 and an IC card 200. The reader/writer 100 and the IC card 200 communicate with each other in a wireless manner using their antennas.

The input-output unit 102 in the reader/writer 100 transmits a predetermined radio wave and detects a change in load on its antenna when the radio wave is transmitted. The input-output unit 102 thus detects the IC card 200 when the IC card 200 approaches thereto. The reader/writer 100 has an antenna that transmits and receives various data to and from the IC card 200 when the IC card 200 approaches the reader/writer 100. The input-output unit 102 Amplitude Shift Keying (ASK) modulates a carrier wave at a predetermined frequency supplied from an Oscillation (OSC) circuit according to data supplied from the CPU105, and outputs the modulated wave from an antenna as a radio wave. The input-output unit 102 also demodulates ASK modulated waves received through an antenna, and supplies the demodulated data to the CPU 105.

A Central Processing Unit (CPU)105 in the reader/writer 100 loads a program stored on a Read Only Memory (ROM)104 to a Random Access Memory (RAM)103, thereby executing various processes. The RAM103 stores data necessary for the CPU105 to execute various processes.

The CPU105 controls the encryption processor 106, thereby encrypting or decrypting data according to a predetermined encryption algorithm. The encryption algorithm of the encryption processor 106 is one of a secret key cryptosystem, such as Data Encryption Standard (DES), triple DES, or Advanced Encryption Standard (AES).

When the reader/writer 100 encrypts or decrypts data, the CPU105 supplies the secret key stored on the secret key storage unit 101 together with the encrypted or decrypted data to the encryption processor 106. The encryption processor 106 thus encrypts or decrypts the supplied data using the supplied secret key.

The secret key stored on the secret key storage unit 101 is the same as the secret key stored on the secret key storage unit 203 in the IC card 200. The secret key is prestored only on the reader/writer 100 corresponding to the IC card 200 and allows the reader/writer 100 to read a card Identification (ID) unique to the IC card 200.

The input-output unit 201 in the IC card 200 includes an inductor-capacitor (LC) circuit composed of a coil antenna (coiled antenna) and a capacitor. The LC circuit in the input-output unit 201 is designed to resonate with a radio wave of a predetermined frequency transmitted from the reader/writer 100 placed nearby. The input-output unit 201ASK demodulates an electric signal generated in response to the alternating electromagnetic field excited in the antenna, thereby rectifying the electric signal. The input-output unit 201 adjusts the rectified electrical signal, and supplies the adjusted electrical signal to each part in the IC card 200 as a direct-current power supply. The power of the radio wave transmitted from the reader/writer 100 is adjusted to generate an electromagnetic field sufficient to supply power to the IC card 200.

The input-output unit 201 thus envelope-detects the ASK modulated wave received through the antenna, Binary Phase Shift Keying (BPSK) demodulates the ASK demodulated signal, and supplies the BPSK demodulated signal to the CPU 207. The input-output unit 201 generates a clock signal having the same frequency as that of the received signal, and supplies the generated clock signal to the CPU 207.

In order to transmit predetermined information to the reader/writer 100, the input-output unit 201 ASK-modulates BPSK modulated data supplied from the CPU207 in response to a change in the load of the antenna, and then transmits the modulated component to the reader/writer 100 through the antenna.

The input-output unit 201 in the IC card 200 executes a plurality of programs stored on the ROM 206. The secret key storage unit 203, the ID storage unit 204, and the data storage unit 205 are arranged in respective portions in an Electrically Erasable Programmable Read Only Memory (EEPROM).

The CPU207 encrypts or decrypts data with a predetermined encryption algorithm by controlling the encryption processor 208. The encryption algorithm of the encryption processor 208 is one of secret key cryptosystems and is the same as the encryption algorithm of the encryption processor 106.

When the IC card 200 encrypts or decrypts data, the CPU207 supplies the secret key stored on the secret key storage unit 203 together with the encrypted or decrypted data to the encryption processor 208. The encryption processor 208 thus encrypts or decrypts the supplied data according to the supplied secret key.

The random number generator 202 generates random numbers of a predetermined number of bits as necessary. As will be described later, a random number is used in communication between the IC card 200 and the reader/writer 100 as a session ID for mutually identifying a communication partner and a session secret key for encrypting or decrypting data communicated in the session.

The ID storage unit 204 stores a card ID as unique identification information of the IC card 200.

The data storage unit 205 stores application data for providing various services of the IC card 200 as necessary.

Each of the encryption processor 106 and the encryption processor 208 may be implemented using software.

Since the reader/writer 100 and the IC card 200 perform wireless communication, a collision may occur. In the conflict, each of the IC card or the reader/writer cannot recognize which of the reader/writer or the IC card transmits the radio wave. However, in the communication system 50, each of the reader/writer 100 and the IC card 200 performs communication in accordance with a near field communication-interface and protocol (NFCIP) that can identify an IC card or RFID placed within a communication coverage of the reader/writer.

The NFCIP-1 standard incorporates RF detection and collision avoidance mechanisms to allow NFCIP-1 devices to communicate in a frequency band in which another device can also operate. NFCID (NFC identifier) and NFC device identifier are used in the NFCIP-1 standard. NFCIP is an NFC device identifier that uses random numbers for collision avoidance and single device detection processing. In a known typical communication system, an ID unique to an IC card is transmitted to a reader/writer, and the reader/writer identifies the IC card based on the ID for collision avoidance. The NFCIP-1 standard does not require the unique ID of the IC card to be transmitted to the reader/writer.

In the communication system 50, each of the reader/writer 100 and the IC card 200 identifies a communication partner to prevent collision without requiring the IC card 200 to transmit a unique card ID to the reader/writer 100.

The NFCIP-1 standard is described in detail in the ISO/IEC18092 specification.

In the following discussion, the reader/writer 100 functions as an initiator (initiator) defined in the NFCIP-1 standard and the IC card 200 functions as a target defined in the NFCIP-1 standard. In the passive communication mode of the NFCIP-1 standard, the initiator and target each follow a data transmission rate of 106kb/s or one of 212kb/s and 424 kb/s. Now assume that each of the initiator and target operate at one of 212kb/s and 424kb/s data transfer rates.

As described above, the communication system 50 performs wireless communication without transmitting the unique card ID from the IC card 200 to the reader/writer 100. The communication system 50 thus provides privacy protection. However, services using IC cards still require a mechanism for uniquely identifying individual IC cards. According to an embodiment of the present invention, the IC card 200 still incorporates a mechanism of transmitting a card ID unique to the IC card 200 to the reader/writer 100.

Fig. 2 shows a flowchart of a communication process of the IC card 200 of fig. 1. The communication process is started, for example, when power generated by an AC magnetic field excited in the antenna of the input-output unit 201 is fed to each part of the IC card 200 placed near the antenna of the reader/writer 100.

In step S21, the random number generator 202 generates a random number. The random numbers generated here are stored in a predetermined area on the data storage unit 205.

In step S22, the encryption processor 208 encrypts the random number generated in step S21 with the secret key stored on the secret key storage unit 203 to generate a communication ID.

In step S23, the CPU207 determines whether a polling request has been received from the reader/writer 100. The CPU207 waits on the standby state until a polling request has been received from the reader/writer 100. If it is determined in the step S23 that a polling request has been received, the process proceeds to step S24.

In step S24, the CPU207 transmits a polling response to the reader/writer 100 in reply to the polling request determined to be received in step S23. The response contains the communication ID generated in step S22.

Fig. 3 shows the format of a response frame, which is defined in the NFCIP-1 standard and stores data of a transmitted response. When each of the initiator and the target operates at one of the data transmission rates of 212kb/s and 424kb/s, a response frame is transmitted from the target in response to a polling request from the initiator.

The "preamble" field is shown to store data of which at least 48 bits are all logic "0". "synchronization pattern" stores 2 bytes (16 bits) of data used for communication synchronization between an initiator and a target. The "length" field stores 8-bit data representing a value of "12". The "payload" field stores data composed of a start byte "01", 8 bytes of NFCID2, and 8 bytes of Pad (Pad). A "Cyclic Redundancy Check (CRC)" field stores data for error checking, which is calculated in a predetermined method.

At step S24, the communication ID is stored as the NFCID2 in the payload field. Thereby transmitting a response frame.

As described above, the communication ID is an encrypted random number. The reader/writer 100, which corresponds to the IC card 200 and allows reading of the card ID of the IC card 200, stores a secret key, which is the same as the secret key stored on the secret key storage unit 203, on the secret key storage unit 101. The reader/writer 100 decrypts the NFCID2 (communication ID) value of the response frame transmitted in step S24, thereby acquiring the random number generated by the IC card 200 in step S21.

Returning to fig. 2, the CPU207 determines in step S25 subsequent to step S24 whether an instruction has been received from the reader/writer 100, and the CPU207 waits on standby until it is determined that an instruction has been received from the reader/writer 100. The reader/writer 100 transmits a predetermined instruction to the IC card 200. To read data stored on the IC card 200 or write data on the IC card 200. If it is determined at step S25 that an instruction has been received from the reader/writer 100, the process proceeds to step S26.

In step S26, the CPU207 determines whether the instruction received in step S25 is an instruction requesting transmission of the unique card ID of the IC card 200. If it is determined in step S26 that the instruction is an instruction requesting transmission of a card ID, the process proceeds to step S27.

In step S27, the CPU207 sets the encryption flag to ON. Thereby encrypting data to be transmitted in subsequent processing. The encryption flag is one bit in a predetermined area in the data storage unit 205. The default setting of the encryption flag is "0 (OFF)". Once the encryption flag is set ON, the encryption flag remains ON until the supply of power to the IC card 200 is stopped, that is, until the IC card 200 moves out of the communication coverage area of the reader/writer 100.

In step S28, the CPU207 reads the card ID stored on the ID storage unit 204, controls the encryption processor 208 to encrypt the card ID with the random number generated in step S21 as a key, and transmits the encrypted card ID to the reader/writer 100. In this way, when having received a transmission request requesting transmission of the card ID from the reader/writer 100, the IC card 200 encrypts the card ID with a random number as a key and transmits the encrypted card ID to the reader/writer 100.

With the random number acquired as described above, the reader/writer 100 can decrypt the data transmitted in step S28, thereby acquiring the card ID.

After step S28, the process returns to step S25 to execute steps S25 and S26. If it is determined at step S26 that the instruction is not an instruction requesting transmission of a card ID, the process proceeds to step S29. The instruction received from the reader/writer 100 may be a read request requesting to read predetermined data stored on the data storage unit 205.

In step S29, the CPU207 determines whether the encryption flag is ON. If it is determined in step S29 that the encryption flag is ON, the process proceeds to step S30.

In step S30, the CPU207 analyzes the instruction determined to have been received in step S25, executes predetermined processing, and encrypts the processing result. In this case, data stored on a predetermined area of the data storage unit 205 is read in response to an instruction from the reader/writer 100. The encryption processor 208 encrypts the read data. The encryption secret key used in the encryption process is the random number generated in step S21.

In step S31, the CPU207 transmits the data encrypted in step S30 to the reader/writer 100. Based on the decryption of the transmitted data, the reader/writer 100 reads the data stored on the IC card 200.

If it is determined in step S29 that the encryption flag is not ON, the process proceeds to step S32.

In step S32, the CPU207 analyzes the instruction determined to have been received in step S25, executes predetermined processing, and transmits the processed data. Data stored on a predetermined area of the data storage unit 205 is read in response to an instruction from the reader/writer 100. And then transmits the read data to the reader/writer 100.

In the process discussed above, an instruction to read data stored on the IC card 200 is received from the reader/writer 100. When receiving an instruction to store (write) data on the IC card 200 from the reader/writer 100, data to be written is transmitted from the reader/writer 100 and then written on the IC card 200.

Since the data to be transmitted is not encrypted in step S32, the reader/writer 100 does not need to decrypt the received data. If a request to transmit the card ID has not been received from the reader/writer 100, the encryption flag is not set to ON. Encryption is not performed on data to be communicated between the reader/writer 100 and the IC card 200.

After one of steps S31 and S32, the process returns to step S25. The above-described process is repeated until the IC card 200 moves out of the communication coverage area of the reader/writer 100.

Thereby performing communication processing of the IC card 200. If a mechanism that uniquely identifies a single IC card in the service provided by the reader/writer 100 is required, the card ID is encrypted and transmitted to the IC card 200. Any reader/writer other than the reader/writer 100 that allows reading of the card ID of the IC card cannot acquire the card ID. The communication system 50 becomes a secure and privacy-preserving communication system.

The reader/writer is not allowed to read the card ID of the IC card but the reader/writer complying with the NFCIP-1 standard can still exchange data with the IC card 200. When it is not necessary to uniquely identify a single IC card in the service provided by the reader/writer 100, each IC card can operate without any problem.

In the example of fig. 3, each of the initiator and target operates at a data transmission rate of one of 212kb/s and 424kb/s and uses the communication ID as the NFCID 2. If each of the initiator and target operate at a data transmission rate of 106kb/s, the communication ID is the NFCID1 defined in the NFCIP-1 standard.

The communication process performed between the reader/writer 100 and the IC card 200 is specifically described below with reference to the flowchart of fig. 4. The data reading operation and the data writing operation are then performed after the card ID reading process performed between the reader/writer 100 that allows reading of the card ID of the IC card 200 and the IC card 200.

For example, the IC card 200 is placed close to the antenna of the reader/writer 100, and electric power generated by an AC magnetic field excited in the antenna of the IC card 200 is fed to each part of the IC card 200. The IC card 200 executes step S101, thereby generating a random number.

The communication ID generation process performed in step S101 of fig. 4 is described below with reference to the flowchart of fig. 5.

In step S301, the random number generator 202 generates a random number a.

In step S302, the CPU207 stores the random number a generated in step S301 in a predetermined area of the data storage unit 205.

In step S303, the encryption processor 208 encrypts the random number a generated in step S301 using the key stored on the secret key storage unit 203.

In step S304, the CPU207 stores the processing result in step S303 (i.e., the encrypted random number a) as a communication ID on a predetermined area of the data storage unit 205.

The processing performed in steps S301 to S304 is equivalent to the processing performed in steps S21 and S22.

Returning to fig. 4, in step S201, the reader/writer 100 transmits a polling request to the IC card 200 with which the reader/writer 100 can communicate. In step S102, the IC card 200 receives a polling request.

In step S103, the IC card 200 transmits a response to the reader/writer 100 in response to the polling request received in step S102. As previously discussed with reference to fig. 3, the communication ID stored as the NFCID2 in the predetermined area of the response frame in step S304 is embedded in the response frame to be transmitted to the reader/writer 100. Steps S102 and S103 are equivalent to steps S23 and S24 of fig. 2, respectively. The reader/writer 100 receives the response frame in step S202.

In step S203, the reader/writer 100 decrypts the communication ID in the response frame transmitted from the IC card 200, thereby obtaining the random number a.

The random number generation process performed in step S203 of fig. 4 is described below with reference to the flowchart of fig. 6.

In step S331, the CPU105 obtains the communication ID (i.e., the encrypted random number a) contained in the response frame received from the IC card 200 in step S202.

In step S332, for example, the CPU105 stores the communication ID obtained in step S331 on a predetermined area of the RAM 103.

In step S333, the encryption processor 106 decrypts the random number a as the communication ID obtained in step S331 using the key stored on the secret key storage unit 101. As previously discussed, the encryption processor 106 performs an encryption process or a decryption process according to the same algorithm as that used for the encryption processor 208. The secret key storage unit 101 of the reader/writer 100 that allows reading of the card ID of the IC card 200 stores the same key as the key stored on the secret key storage unit 203. In step S333, the random number a generated by the IC card 200 in step S301 is thereby decrypted and obtained.

In step S334, the CPU105 stores the random number a obtained in step S333 on a predetermined area of the RAM 103.

The reader/writer 100 and the IC card 200 recognize each other based on the communication ID and encrypt or decrypt data using the random number a as a key as necessary. Thereby exchanging a session ID (communication ID in this case) and a session key (random number a) required for communication between the reader/writer 100 and the IC card 200.

Returning to fig. 4, in step S204, the reader/writer 100 transmits a frame containing an instruction to request reading of the card ID of the IC card 200 to the IC card 200. In this case, the communication ID stored in step S332 is embedded in the frame as an identifier of the IC card 200 to uniquely identify the frame transmitted from the reader/writer 100. According to the NFCIP-1 standard, a communication ID is embedded in a transmission data field of a transfer frame (transfer frame) defined in the NFCIP-1 standard. In step S104, the IC card 200 receives the frame.

In step S105, the IC card 200 executes processing in response to the instruction transmitted from the reader/writer 100. In this case, processing in response to an instruction to read the card ID is performed.

The card ID transmission process executed in step S105 of fig. 4 is described below with reference to the flowchart of fig. 7.

In step S361, the CPU207 reads the card ID stored on the ID storage unit 204.

In step S362, the encryption processor 208 encrypts the card ID read in step S361 using the random number a stored in step S302.

In step S363, the CPU207 acquires the processing result (encrypted card ID) in step S362.

Returning to fig. 4, in step S106 following step S105, the IC card 200 transmits a frame containing the data obtained in step S363 as a response to the instruction to read the card ID from the reader/writer 100 in step S104. The communication ID stored in step S304 is embedded as an identifier of the reader/writer 100 to uniquely identify the frame transmitted from the IC card 200. The processing in steps S104 to S106 is equivalent to the processing in steps S25 to S28. The reader/writer 100 reads the frame in step S205 of fig. 4.

Since the card ID is read in response to the instruction to read the card ID from the reader/writer 100, the encryption flag is set to ON in the IC card 200 (in step S27 of fig. 2). In the subsequent data reading and writing processes, data is transmitted or received in its encrypted form.

In step S206, the reader/writer 100 decrypts the encrypted card ID.

The card ID decryption process in step S206 of fig. 4 is described below with reference to the flowchart of fig. 8.

In step S391, the CPU105 obtains the encrypted data contained in the frame received in step S205.

In step S392, the encryption processor 106 decrypts the data obtained in step S391 using the random number stored in step S334 as a key.

In step S393, the CPU105 acquires the data resulting from step S392 as a card ID. In this way, the reader/writer 100 obtains the unique card ID of the IC card 200. The reader/writer 100 performs processing to provide a service using the card ID.

Returning to fig. 4, the reader/writer 100 transmits a frame to the IC card 200 in step S207 after step S206. The frame contains an instruction to read data (data required in the processing of the service provided by the reader/writer 100) stored on the IC card 200. The communication ID stored in step S332 is embedded in the frame as an identifier of the IC card 200 to uniquely identify the frame transmitted from the reader/writer 100. In step S107, the IC card 200 receives that frame.

In step S108, the IC card 200 performs processing in response to the instruction transmitted from the reader/writer 100, in which case processing in response to the instruction to read data is performed.

The read data transmission process executed in step S108 of fig. 4 is described below with reference to the flowchart of fig. 9.

In step S421, the CPU207 reads the requested data of the reader/writer 100 from the data stored on the data storage unit 205.

In step S422, the encryption processor 208 encrypts the data read in step S421 using the random number a stored in step S302.

In step S423, the CPU207 acquires the data (encrypted data) resulting from step S422.

Returning to fig. 4, the CPU207 transmits a frame containing the data obtained in step S423 in step S109 as a reply to the instruction to read data from the reader/writer 100 in step S107. In this case as well, the communication ID stored in step S304 is embedded in the frame as an identifier of the reader/writer 100 to uniquely identify the frame transmitted from the IC card 200. The processing in steps S107 and S108 is equivalent to the processing in steps S25, S26, and S29 to S31. In step S208 of fig. 4, the reader/writer 100 receives that frame.

In step S209, the reader/writer 100 demodulates the data received from the IC card 200. This process is equivalent to the process discussed with reference to fig. 8, and a detailed discussion thereof is not repeated here. In this process, the data required in the process of the service provided by the reader/writer 100 is decrypted using the random number a instead of the card ID.

In step S210, the reader/writer 100 performs processing to cause the IC card 200 to store data.

The write request transmission processing performed in step S210 of fig. 4 is described below with reference to the flowchart of fig. 10.

In step S451, the CPU105 acquires data obtained from the application program executed by the reader/writer 100 and stores the data on the IC card 200.

In step S452, the encryption processor 106 encrypts the data obtained in step S451 using the random number a stored in step S334.

In step S453, the CPU105 stores the data (encrypted data) resulting from step S452 in a frame together with the write request instruction.

Returning to fig. 4, the reader/writer 100 transmits a frame of a write request containing the data encrypted in step S453 to the IC card 200 in step S211 following step S210. The communication ID stored in step S332 is also embedded as an identifier of the IC card 200 to uniquely identify the frame transmitted from the reader/writer 100. In step S110, the IC card 200 receives that frame.

In step S111, the IC card 200 executes processing in response to the instruction transmitted from the reader/writer 100. Processing in response to the data write instruction is performed.

The data writing process performed in step S111 of fig. 4 is described below with reference to the flowchart of fig. 11.

In step S481, the CPU207 acquires encrypted data contained in the frame received in step S110.

In step S482, the encryption processor 208 encrypts the data obtained in step S481 with the random number a stored in step S302.

In step S483, the CPU207 stores the data (encrypted data) resulting from step S482 onto a predetermined area of the data storage unit 205, thereby executing write processing.

Returning to fig. 4, the IC card 200 transmits a frame containing the data resulting from step S483 to the reader/writer 100 in step S112 after step S111. The transmitted frame contains data indicating whether the data was successfully written. The communication ID stored in step S304 is also embedded in the frame as an identifier of the reader/writer 100 to uniquely identify the frame transmitted from the IC card 200. In step S212, the reader/writer 100 receives that frame.

After reading the card ID, data reading is performed and then data writing is performed. The data reading and data writing are not limited to this order. The order may be changed as necessary.

Thereby performing communication between the IC card 200 and the reader/writer 100 that allows reading of the card ID of the reader/writer 100. The encrypted card ID is transmitted to the reader/writer 100, and all data is encrypted in data reading and data writing performed after the card ID reading. The communication system 50 is thereby made secure and does not violate user privacy.

The communicated data may be encrypted with the keys stored on the secret key storage unit 101 and the secret key storage unit 203. In order to transmit and receive data in a secure manner, each IC card needs to have a different secret key. As a result, the reader/writer 100 is forced to memorize a large number of keys for the respective IC cards, and it is difficult to manage the keys.

According to one embodiment of the present invention, not only the communication ID as a session ID (identifier) is exchanged between the reader/writer 100 and the IC card 200, but also the random number a obtained by decrypting the communication ID is shared between the reader/writer 100 and the IC card 200 without any knowledge of a third party. The random number a is generated every time the IC card 200 communicates with the reader/writer 100. If an arrangement is made in advance such that the random number a is used as a key for encryption or decryption in subsequent communications, encrypted communications are performed using a different session key each time communications are performed. Whereby encryption with the session secret key is performed without storing a large amount of secret key data for a separate IC card on the reader/writer 100. The communication system 50 becomes a security system with a simple design.

The reader/writer that is not allowed to read the card ID of the IC card 200 does not store the same key as the key stored on the secret key storage unit 203. Even if the reader/writer makes a card ID transmission request, the random number is not decrypted from the communication ID, and the card ID cannot be obtained by decrypting the card ID transmitted in an encrypted form with the random number as a key.

According to one embodiment of the invention. The reader/writer 100 (initiator) and the IC card 200 (target) communicate only in compliance with the NFCIP-1 standard without performing any additional processing such as a handshake protocol for session key exchange.

The NFCIP-1 standard defines the use of an NFC identifier (e.g., NFCID2 of fig. 3) as an NFC device identifier, which uses collision avoidance and a random number for a single device detection process. The random number generator 202 (or equivalent element) is initially contained in an IC card 200 complying with the NFCIP-1 standard. The communication ID used in the embodiment of the present invention is only an encrypted random number generated in the object. The encryption process is rearranged, but it is not necessary to introduce an additional process in the communication ID exchange as the session ID.

According to one embodiment of the present invention, a random number obtained by decrypting the communication ID is used as the session key. The session secret key and the communication ID are exchanged together when a polling request is sent from an initiator and a polling response is sent from a target in compliance with the NFCIP-1 standard. No additional processing is required.

According to the embodiment of the present invention, the IC card 200 can perform processing without knowing the type of reader/writer (i.e., as to whether the reader/writer is a special reader/writer or a general reader/writer). The special reader/writer is a data reader/writer that allows reading the card ID of the IC card and transmitting it in its encrypted form. The general reader/writer is a reader/writer that does not allow reading of the card ID of the IC card and transmission of data without encryption. The IC card of one embodiment of the present invention can communicate with a reader/writer without any problem if the reader/writer functions as an initiator in compliance with the NFCIP-1 standard. The IC card 200 thus provides device compatibility.

The communication process performed between the IC card 200 and the general reader/writer (not shown) of one embodiment of the present invention is described below with reference to the flowchart of fig. 12. The general reader/writer is not allowed to read the card ID of the IC card 200. In such a communication process, data is exchanged without encryption.

Steps S121 to S123 are respectively equivalent to steps S101 to S103 of fig. 4. Steps S221 and S222 are equivalent to steps S201 and S202 of fig. 4, respectively.

Unlike the sequence of fig. 4, in the process of fig. 12, the reader/writer does not decrypt the communication ID contained in the response received from the IC card 200 in step S222. A request to read the card ID is not sent from the reader/writer to the IC card 200, and no response is sent from the IC card 200. More specifically, the processes corresponding to steps S203 to S205 and steps S104 to S106 of fig. 4 are not performed in the order of fig. 12.

Since the reader/writer does not issue a request to read the card ID, the IC card 200 does not set the encryption flag to ON (step S27 of fig. 2 is not executed), and does not encrypt data in the subsequent data reading and data writing processes.

The processes corresponding to steps S108, S209, S210, and S111 of fig. 4 are not performed in the order of fig. 12. In steps S129 and S231, the read data and the write data are transmitted without being encrypted, and in steps S228 and S130, the data of the received frame is acquired or stored without being decrypted. The processing in steps S129 and S131 is equivalent to the processing in step S32 of fig. 2.

As shown in fig. 12, in the frame transmitted in each of steps S227, S129, S231, and S131, the communication ID generated in step S121 is also embedded as an identifier.

The IC card 200 of the embodiment of the present invention can be used with a general reader/writer and provides compatibility of devices, thereby maintaining low cost of a communication system.

According to the previous embodiment, the random number a generated in the IC card 200 is encrypted using the secret key stored in the IC card 200, and then the encrypted random number a is transmitted as the communication ID to the reader/writer 100. The reader/writer 100 and the IC card 200 mutually identify and perform data encryption communication using the random number a.

The communication ID is stored in an 8-byte field for NFCID2 in a response frame defined by the NFCIP-1 standard. Each of the communication ID and the random number a is limited to a maximum data length of 8 bytes (64 bits).

In the 2-Key Triple-DES as an encryption algorithm, the data length of the Key is 112 bits. In order to transmit information on the 112-bit key, a data length of at least 112 bits is required. In the Advanced Encryption Standard (AES) as an encryption algorithm, the data length of the secret key is 128 bits at the minimum. In order to transmit information on the key of 128 bits, a data length of at least 128 bits is required.

If 2-Key Triple-DES or AES is used as the encryption algorithm, a single response to the polling request cannot send all the information needed to generate the Key for encrypting communications. It is necessary that the reader/writer 100 transmits a frame containing an instruction to inquire about the absence of the relevant information to the IC card 200, and the IC card 200 replies a response. In addition to the process of fig. 4, an additional process of exchanging the remaining information between the reader/writer 100 and the IC card 200 is required.

In the communication system 500 of fig. 13, even when the data length of the key used in the predetermined encryption algorithm is 128 bits, communication for exchanging the remaining information for compensating for the missing key information between the reader/writer 100 and the IC card 200 is not required.

Fig. 13 is a block diagram illustrating a communication system 500 according to one embodiment of the invention. As shown in the drawings, elements equivalent to those described in the previous embodiments are denoted by the same reference numerals, and the discussion thereof is omitted as appropriate.

The communication system 500 includes a reader/writer 600 and an IC card 200. In the communication system 500, the same IC card 200 and reader/writer 600 as those used in the communication system 50 perform wireless communication.

The reader/writer 600 includes a secret key storage unit 601, an input/output unit 602, a RAM603, a ROM604, a CPU605, and an encryption processor 606, which are respectively identical to their counterpart (counter) parts of the reader/writer 100 of fig. 1. The reader/writer 600 further includes a random number generator 607 and a data storage unit 608.

The random number generator 607 generates a random number of a predetermined number as necessary, similarly to the random number generator 202 in the IC card 200. For example, the random number generator 607 generates a random number B of 8 bytes long. The data storage unit 608 stores data that needs to be stored in communication with the IC card 200. For example, the data storage unit 608 stores the random number B generated by the random number generator 607.

As in the communication system 50 described above, the IC card 200 generates the random number a of 8 bytes in the communication system 500. The IC card 200 transmits the random number a encrypted with the communication ID to the reader/writer 600. The reader/writer 600 also generates a random number B8 bytes long and transmits the random number B encrypted with the secret key to the IC card 200. As a result, each of the reader/writer 600 and the IC card 200 can share a 16-byte random number including an 8-byte random number originating from the own device and another 8-byte random number received from the communication partner device. Each of the reader/writer 600 and the IC card 200 employs a random number of 16 bytes (182 bits) as a session key.

As in the communication process of fig. 4, the reader/writer 600 performs data reading and data writing on the IC card 200. The encrypted random number B from the reader/writer 600 is transmitted to the IC card 200 in two ways as follows. In the first method, the encrypted random number B is transmitted as incidental information (inclemental information) of a polling request. In the second method, the encrypted random number B is transmitted as incidental information of a frame transmitted after the polling request. Each of the polling request frame and the frame (containing an instruction to request reading of the card ID) subsequent to the polling request frame contains an empty area (expandable) for storing at least 8-bit long data.

Fig. 14 is a flowchart of a communication process performed between the reader/writer 600 and the IC card 200. In the communication process, the encrypted random number B is transmitted from the reader/writer 600 to the IC card 200 as the incidental information of the polling request.

The IC card 200 may be placed near the antenna of the reader/writer 600 and power generated by the AC magnetic field excited in the antenna of the input-output unit 201 may be fed to each part of the IC card 200. The IC card 200 executes step S601, thereby generating a random number a of 8 bytes. Step S601 is equivalent to the communication ID generation process discussed with reference to fig. 5 and will not be discussed here.

The reader/writer 600 performs step S501, thereby generating a polling frame containing incidental information.

The polling request generation process performed in step S501 of fig. 14 is described below with reference to the flowchart of fig. 15.

In step S701, the random number generator 607 generates a random number B of 8 bytes.

In step S702, the CPU605 stores the random number B generated in step S701 on a predetermined area of the data storage unit 608.

In step S703, the encryption processor 606 encrypts the random number B generated in step S701 using the key stored on the secret key storage unit 601.

In step S704, the CPU605 stores the data (i.e., the encrypted random number B) obtained from step S703 as the incidental information of the polling request on a predetermined area of the data storage unit 608.

Returning to fig. 14, the reader/writer 600 transmits a polling request containing incidental information to the IC card 200 at step S502. In step S602, the IC card 200 receives a polling request.

In step S603, the IC card 200 decrypts the incidental information of the polling request received from the reader/writer 600, thereby obtaining the random number B.

The random number B acquisition process performed in step S603 of fig. 14 is described below with reference to the flowchart of fig. 16.

In step S731, the CPU207 acquires the incidental information (i.e., the encrypted random number B) contained in the polling request received from the reader/writer 600 in step S602.

In step S732, the CPU207 stores the incidental information obtained in step S731 on a predetermined area of the data storage unit 205.

In step S733, the encryption processor 208 decrypts the encrypted random number B, that is, the incidental information contained in the polling request obtained in step S731, using the key stored on the secret key storage unit 203. Thereby obtaining a random number B

In step S734, the CPU207 stores the random number B obtained in step S733 on a predetermined area of the data storage unit 205.

Returning to fig. 14, the IC card 200 transmits a response in response to the polling request received in step S602 to the reader/writer 600 in step S604. The communication ID generated in step S601 (i.e., the encrypted random number a) is stored as the NFCID2 (see fig. 3) contained in a predetermined area of the response frame. The reader/writer 600 receives the response frame at step S503.

In step S504, the reader/writer 600 obtains the random number a by decrypting the communication ID of the response frame received from the IC card 200. Step S504 is equivalent to the random number acquisition process discussed with reference to fig. 6 and will not be discussed here.

The reader/writer 600 and the IC card 200 have now exchanged a session ID (i.e., a communication ID) and a session key (i.e., an 8-byte random number a and an 8-byte random number B) required in the current communication (session).

After step S504, a communication ID that uniquely identifies each of the reader/writer 600 and the IC card 200 as a communication partner is embedded in each frame of communication between the reader/writer 600 and the IC card 200. The frame communicated between the reader/writer 600 and the IC card 200 contains data including data encrypted with a 16-byte session secret key having an 8-byte random number a and an 8-byte random number B.

The transmission of the frame containing the request instruction to read the card ID, the request instruction to read data, and the request instruction to write data by the reader/writer 600 after step S504 and the reply by the IC card 200 in response to the frame are respectively equivalent to the counterparts made between the reader/writer 100 and the IC card 200 discussed earlier with reference to fig. 4. More specifically, steps S505 to S513 of fig. 14 are respectively equivalent to steps S204 to S212 of fig. 4. Steps S605 to S613 of fig. 14 are equivalent to steps S104 to S112 of fig. 4, respectively. The difference between the process of fig. 4 and the process of fig. 14 is that data contained in a frame transmitted between the reader/writer 600 and the IC card 200 is encrypted with a combination of a random number a and a random number B (16-byte session key) instead of the random number a (8-byte session key).

Fig. 17 is a flowchart of a communication process performed between the reader/writer 600 and the IC card 200. In the communication process, the encrypted random number B is transmitted from the reader/writer 600 to the IC card 200 as the incidental information transmitted to the frame after the polling request.

As shown in fig. 17, the IC card 200 generates an 8-byte random number a and transmits the encrypted random number a as a communication ID to the reader/writer 600 in response to a polling request from the reader/writer 600. The reader/writer 600 receives and decrypts the communication ID, thereby obtaining the 8-byte random number a. The processing performed so far is equivalent to the processing performed between the reader/writer 100 and the IC card 200 discussed with reference to fig. 4. More specifically, steps S531 to S533 of fig. 17 performed by the reader/writer 600 are respectively equivalent to steps S201 to S203 of fig. 4. Steps S641 to S643 of fig. 17 performed by the IC card 200 are respectively equivalent to steps S101 to S103 of fig. 4.

As an identifier that uniquely identifies each of the reader/writer 600 and the IC card 200 as a communication partner, a communication ID is embedded in each frame of communication between the reader/writer 600 and the IC card 200 hereinafter.

In step S533, the reader/writer 600 stores the communication ID on a predetermined area of the RAM103 and decrypts the communication ID to obtain the random number a. In step S534, the reader/writer 600 generates a request to read the card ID having the incidental information attached thereto.

The card ID read request generation process performed in step S534 of fig. 17 is described below with reference to the flowchart of fig. 18.

In step S761, the random number generator 607 generates a random number B.

In step S762, the CPU605 stores the random number B generated in step S761 on a predetermined area of the data storage unit 608.

In step S763, the encryption processor 606 encrypts the random number B generated in step S761 using the key stored on the secret key storage unit 601.

In step S764, the CPU605 stores the data (i.e., the encrypted random number B) obtained in step S763 as incidental information of the ID reading request on a predetermined area of the data storage unit 608.

Returning to fig. 17, the reader/writer 600 transmits a frame containing an instruction requesting reading of the card ID having the incidental information attached thereto to the IC card 200 in step S535. In step S644, the IC card 200 receives that frame.

In step S645, the IC card 200 decrypts the incidental information of the IC card reading request received from the reader/writer 600, thereby obtaining the random number B.

The random number B acquisition process performed in step S645 of fig. 17 is described below with reference to the flowchart of fig. 19.

In step S791, the CPU207 acquires the incidental information (i.e., the random number B) contained in the card ID read request received from the reader/writer 600 in step S644.

In step S792, the CPU207 stores the incidental information obtained in step S791 on a predetermined area of the data storage unit 205.

In step S793, the encryption processor 208 decrypts the encrypted random number B, that is, the incidental information containing the card ID read request obtained in step S791, using the key stored on the secret key storage unit 203. Thereby obtaining a random number B.

In step S794, the CPU207 stores the random number B obtained in step S793 on a predetermined area of the data storage unit 205.

Through the above-described processing, the reader/writer 600 and the IC card 200 have exchanged the session ID (communication ID) and the session key (8-byte random number a and 8-byte random number B) required to perform the current communication.

Steps S646 to S653 performed by the IC card 200 and steps S536 to S542 performed by the reader/writer 600 shown in fig. 17 are equivalent to steps S105 to S112 and steps S205 to S212 of fig. 4, respectively, except that data contained in a frame transmitted between the reader/writer 600 and the IC card 200 is encrypted with a combination of the random number a and the random number B (16-byte session key) instead of the random number a (8-byte session key).

In the communication system 500 as described above, the reader/writer 600 encrypts the 8-byte random number B generated by the random number generator 607 with the secret key, and then transmits the encrypted random number B as incidental information in the polling frame or the encrypted random number B in the next frame after the polling frame to the IC card 200. The IC card 200 encrypts the random number a generated by the random number generator 202 with the secret key and transmits the encrypted random number a as a communication ID to the reader/writer 600.

Each of the reader/writer 600 and the IC card 200 shares a 16-byte (128-bit) long key containing a combination of an 8-byte long random number a (random number B) generated by the own device and an 8-byte long random number B (random number a) generated by a communication partner.

The communication system of embodiments of the present invention may operate with an encryption algorithm, such as 2-Key Triple-DES or AES requiring a Key data length of 112 bits or 128 bits. As can be seen from a comparison of the flowchart of fig. 4 and the flowchart of fig. 17, the number of communication frames (the number of communication sessions) performed between the reader/writer 600 and the IC card 200 is equivalent to the number of communication frames performed in the communication system 50. More specifically, in order to share the 16-byte long key, the communication system 50 needs to ask for additional communication regarding insufficient information, and the communication system 500 may not have such additional communication steps.

With the minimum number of communication frames, the communication system 500 is compatible with an encryption system using a key having a data length longer than that of the communication ID.

In the above discussion, the data length of the random number B generated by the reader/writer 600 is 8 bytes long. The data length of the random number B may be set to be greater than 8 bytes depending on an empty area of the frame storing the side information. The session key used in each of the reader/writer 600 and the IC card 200 may be set to be larger than 128 bits.

As described above with reference to fig. 2, when the card ID transmission request is issued, the encryption flag is set to ON in the previous embodiment. To communicate data in its encrypted form, the reader/writer 600 transmits a card ID transmission request to the IC card 200.

The card ID may not be needed even if the transmitted data needs to be kept secret. In this case, an instruction to set the encryption flag to ON may be independently arranged and transmitted from the reader/writer 600 to the IC card 200. More specifically, referring to the processes of fig. 14 and 17, instead of the card ID read request instruction, a frame containing an instruction to set the encryption flag to ON is transmitted from the reader/writer 600 to the IC card 200. In order to always encrypt data, data transmitted between the reader/writer 600 and the IC card 200 is always decrypted after the session key is exchanged (the encryption flag is kept ON). In this case, the encryption flag may be eliminated.

A communication system including an IC card and a reader/writer has been discussed. The invention is also applicable to systems containing NFCIP-1 initiators and NFCIP-1 targets, such as RFID and RFID readers.

A series of the above-described processes may be performed using hardware or software. If the series of processing steps is executed using software, a program forming the software is executed by one of the CPU105 and the CPU207 of fig. 1. One of the reader/writer 100 and the IC card 200 reads a program from a readable recording medium.

The series of processes described above may be performed in the time-series order described above. Alternatively, the series of processing steps may be performed in parallel or separately.

It should be understood by those skilled in the art that various changes, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims

1. A communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including an apparatus and an information processing apparatus, wherein one of the apparatus and the information processing apparatus performs wireless communication with the other of the apparatus and the information processing apparatus within the predetermined coverage area,

the device includes:

a random number generation section for generating a random number;

device encryption means for encrypting or decrypting information according to a predetermined algorithm based on the secret key;

device secret key storage means for storing a secret key, the secret key being used by the device encryption means for encrypting and decrypting and being pre-shared with the information processing apparatus;

communication ID transmission means for transmitting to the information processing apparatus a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner, and the communication ID being an ID encrypted with a secret key by the device encryption means based on a random number generated by the random number generation means in response to the polling transmitted from the information processing apparatus; and

device transmitting and receiving means for transmitting or receiving information to or from the information processing apparatus, the information being encrypted or decrypted by the device encrypting means using the random number generated by the random number generating means as a key; and

the information processing apparatus includes:

a device encryption section that encrypts or decrypts information according to a predetermined algorithm based on the secret key;

device secret key storage means for storing a secret key which is used by the device encryption means for encryption or decryption and is pre-shared with the apparatus;

communication ID storage means for storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus as an identifier for uniquely identifying the apparatus as a communication partner;

a random number acquisition section that obtains a random number by the device encryption section decrypting the communication ID with the secret key; and

and a device transmitting and receiving section for transmitting to or receiving from the apparatus information encrypted or decrypted by the random number obtaining section with the random number obtained by the device encrypting section as a key.

2. A communication method of a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined communication protocol, the communication system including a device and an information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area, the method comprising the steps of:

generating a random number in response to a poll transmitted from the information processing apparatus;

transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting the random number generated in response to the polling transmitted by the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus;

transmitting or receiving information to or from an information processing apparatus, the information being encrypted or decrypted according to an algorithm using the generated random number as a key;

storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus as an identifier, the identifier being used to uniquely identify the apparatus as a communication partner;

obtaining a random number by decrypting the communication ID according to a predetermined algorithm using a secret key pre-shared with the device; and

information encrypted or decrypted according to an algorithm using the obtained random number as a key is transmitted to or received from the device.

3. An apparatus in a communication system that uniquely identifies a communication partner in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing apparatus, wherein one of the apparatus and the information processing apparatus performs wireless communication with the other of the apparatus and the information processing apparatus in the predetermined coverage area, the apparatus comprising:

a random number generating section for generating a first random number;

device secret key storage means for storing a secret key which is used by the device encryption means for encryption and decryption and is pre-shared with the information processing apparatus;

communication ID transmission means for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and the communication ID being an ID encrypted with a secret key by the device encryption means based on a first random number generated by the random number generation means in response to the polling transmitted from the information processing apparatus; and

device transmitting and receiving means for transmitting or receiving information to or from the information processing apparatus, the information being encrypted or decrypted by the device encrypting means using the first random number generated by the random number generating means as a key.

4. The apparatus according to claim 3, wherein the communication protocols of the communication system comprise a near field communication interface and protocol-1 standardized to ISO/IEC18092 (NFCIP1), and

wherein the communication ID sending part embeds an NFC identifier, which is used in RF collision avoidance and single device detection, as the communication ID according to NFCIP-1.

5. The apparatus according to claim 3, further comprising ID storage means for storing a unique ID of the apparatus, wherein when receiving a request to read the unique ID from the information processing device, the apparatus encryption means encrypts the unique ID stored on the ID storage means using the first random number generated by the random number generation means as a key, and transmits the encrypted unique ID to the information processing device.

6. The apparatus according to claim 5, further comprising determination means for determining whether the unique ID has been encrypted and then transmitted to the information processing device,

wherein the device transmitting and receiving section encrypts or decrypts information to be communicated with the information processing apparatus when the determining section determines that the unique ID has been encrypted and transmitted to the information processing apparatus.

7. The apparatus according to claim 3, wherein the apparatus transmission and reception section controls the apparatus encryption section to encrypt and decrypt information to be communicated with the information processing device, using the first random number generated by the random number generation section and the second random number encrypted with the secret key and transmitted from the information processing device during the polling or the next transmission of the polling.

8. A communication method of an apparatus in a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing apparatus, wherein one of the apparatus and the information processing apparatus performs wireless communication with the other of the apparatus and the information processing apparatus within the predetermined coverage area, the method comprising the steps of:

transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting the random number generated in response to the polling transmitted from the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus; and

transmitting or receiving information encrypted or decrypted according to an algorithm using the generated random number as a key.

9. An information processing apparatus in a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including a device and the information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area, the information processing apparatus comprising:

device secret key storage means for storing a secret key, the device encryption means for encrypting or decrypting using the secret key and pre-sharing the secret key with the apparatus;

communication ID storage means for storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner;

random number acquisition means for acquiring a first random number by the device encryption means decrypting the communication ID with the secret key; and

and a device transmitting and receiving section for transmitting to or receiving from the apparatus information encrypted or decrypted by the device encrypting section using the first random number obtained by the random number obtaining section.

10. The information processing apparatus according to claim 9, wherein the communication protocol of the communication system includes a near field communication interface and a protocol-1 standardized as ISO/IEC18092 (NFCIP-1), and

wherein the communication ID storing means stores, as the communication ID, an NFC identifier which is obtained in a response transmitted from the apparatus in response to the polling and which is used for RF collision avoidance and single apparatus detection in NFCIP-1.

11. The information processing apparatus according to claim 9, wherein the apparatus transmitting and receiving section encrypts or decrypts information to be communicated with the device when reading the unique ID of the device.

12. The information processing apparatus according to claim 9, further comprising a random number generation section for generating a second random number,

wherein the device transmitting and receiving section encrypts the second random number with the secret key and transmits the encrypted second random number to the apparatus during the polling or the next transmission of the polling, and controls the device encrypting section to encrypt or decrypt information to be communicated with the apparatus using the first random number and the second random number obtained by the random number obtaining section.

13. An information processing method of an information processing apparatus in a communication system that uniquely identifies a communication partner and transmits and receives information in a predetermined protocol within a predetermined coverage area, the communication system including a device and the information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area, the information processing method comprising the steps of:

storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner;

acquiring a random number by decrypting the communication ID according to an algorithm predetermined using a secret key pre-shared with the device; and

information is transmitted to and received from the device, the information being encrypted or decrypted according to an algorithm using the obtained random number as a key.

14. A communication system that identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including a device and an information processing apparatus, one of the device and the information processing apparatus performing wireless communication with the other of the device and the information processing apparatus in the predetermined coverage area,

the device includes:

a device random number generation section for generating a first random number;

device secret key storage means for storing a secret key, the device encryption means for encrypting and decrypting using the secret key and pre-sharing the secret key with the information processing apparatus;

communication ID transmission means for transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus, and the communication ID being an ID encrypted with a secret key by the device encryption means according to a first random number generated by the device random number generation means in response to the polling transmitted from the information processing apparatus; and

device transmission and reception means for controlling the device encryption means to encrypt or decrypt information to be communicated with the information processing apparatus using the first random number generated by the device random number generation means and a second random number encrypted with a secret key and transmitted from the information processing apparatus during polling or next transmission of polling; and

the information processing apparatus includes:

a device random number generation section for generating a second random number;

a device encryption section for encrypting or decrypting information according to a predetermined algorithm based on the secret key;

a communication ID storage section that stores a communication ID contained in a response transmitted in response to the polling and then received from the device, the communication ID uniquely identifying the information processing apparatus as a communication partner;

random number acquisition means for acquiring a first random number by the device encryption means decrypting the communication ID with the secret key;

and a device transmitting and receiving section for encrypting the second random number with the secret key and transmitting the encrypted second random number to the apparatus during polling or the next transmission of polling, and nulling the apparatus encrypting section to encrypt or decrypt information to be communicated with the apparatus using the first random number and the second random number obtained by the random number obtaining section.

15. A communication method of a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined communication protocol, the communication system including a device and an information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area, the method comprising the steps of:

generating a random number;

transmitting a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner to the information processing apparatus and that is generated by encrypting a first random number generated in response to the polling transmitted by the information processing apparatus according to a predetermined algorithm with a secret key pre-shared with the information processing apparatus;

transmitting to or receiving from the information processing apparatus information encrypted or decrypted using the generated first random number and a second random number encrypted with the secret key and transmitted from the information processing apparatus during polling or next transmission of polling as a key according to an algorithm;

generating a second random number;

obtaining a first random number by decrypting the communication ID with a secret key pre-shared with the device according to a predetermined algorithm; and

the second random number is encrypted with the secret key, and the encrypted secret key is transmitted to the device during the polling or the next transmission of the polling, and information encrypted or decrypted according to an algorithm using the obtained first random number and second random number is transmitted or received.

16. A communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including a device and an information processing apparatus, one of the device and the information processing apparatus performing wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area,

the device includes:

a random number generation unit for generating a random number;

a device encryption unit for encrypting or decrypting information according to a predetermined algorithm based on the secret key;

a device secret key storage unit for storing a secret key which is used by the device encryption unit for encryption and decryption and pre-shared with the information processing apparatus;

a communication ID transmitting unit that transmits to the information processing apparatus a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner and that is an ID encrypted with a secret key by the device encrypting unit according to a random number generated by the random number generating unit in response to the polling transmitted from the information processing apparatus; and

a device transmitting and receiving unit for transmitting or receiving information to or from the information processing apparatus, the information being encrypted or decrypted by the device encrypting unit using the random number generated by the random number generating unit as a key; and

the information processing apparatus includes:

a device secret key storage unit that stores a secret key that is used by the device encryption unit for encryption or decryption and is pre-shared with the apparatus;

a communication ID storage unit that stores a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier for uniquely identifying the apparatus as a communication partner;

a random number acquisition unit that obtains a random number by the device encryption unit decrypting the communication ID with the secret key; and

a device transmitting and receiving unit for transmitting or receiving information encrypted or decrypted by the device encrypting unit with the random number obtained by the random number obtaining unit as the secret key to or from the apparatus.

17. An apparatus in a communication system that uniquely identifies a communication partner in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including the apparatus and an information processing apparatus, wherein one of the apparatus and the information processing apparatus performs wireless communication with the other of the apparatus and the information processing apparatus in the predetermined coverage area, the apparatus comprising:

a random number generation unit for generating a first random number;

a device secret key storage unit that stores a secret key that is used by the device encryption unit for encryption and decryption and is pre-shared with the information processing apparatus;

a communication ID transmitting unit that transmits, to the information processing apparatus, a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner, and that is an ID encrypted with a secret key by the device encrypting unit according to a first random number generated by the random number generating unit in response to the polling transmitted from the information processing apparatus; and

a device transmitting and receiving unit for transmitting or receiving information to or from the information processing apparatus, the information being encrypted or decrypted by the device encrypting unit using the first random number generated by the random number generating unit as a key.

18. An information processing apparatus in a communication system that uniquely identifies a communication partner within a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system including a device and the information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus within the predetermined coverage area, the information processing apparatus comprising:

a device secret key storage unit for storing a secret key, which is used by the device encryption unit for encryption or decryption and pre-shared with the apparatus;

a communication ID storage unit for storing a communication ID contained in a response transmitted in response to the polling and then received from the apparatus, the communication ID being an identifier that uniquely identifies the apparatus as a communication partner;

a random number acquisition unit that decrypts the communication ID with the secret key by the device encryption unit to acquire a first random number; and

and a device transmitting and receiving unit for transmitting or receiving information to or from the apparatus, the information being encrypted or decrypted by the device encrypting unit using the first random number obtained by the random number obtaining unit.

19. A communication system that identifies communication partners in a predetermined coverage area and transmits and receives information in a predetermined protocol, the communication system comprising a device and an information processing apparatus, wherein one of the device and the information processing apparatus performs wireless communication with the other of the device and the information processing apparatus in the predetermined coverage area,

the device includes:

a device random number generation unit for generating a first random number;

a device encryption unit for encrypting or decrypting information according to a predetermined algorithm based on a predetermined secret key;

a communication ID transmitting unit that transmits to the information processing apparatus a response containing a communication ID that uniquely identifies the information processing apparatus as a communication partner and that is an ID encrypted with a secret key by the device encrypting unit according to a first random number generated by the device random number generating unit in response to the polling transmitted from the information processing apparatus; and

a device transmission and reception unit for controlling the device encryption unit to encrypt or decrypt information to be communicated with the information processing apparatus using the first random number generated by the device random number generation unit and a second random number encrypted with the secret key and transmitted from the information processing apparatus during polling or next transmission of polling; and

the information processing apparatus includes:

a device random number generation unit for generating a second random number;

a device secret key storage unit for storing a secret key which is used by the device encryption unit for encryption or decryption and pre-shared with the apparatus;

a communication ID storage unit for storing a communication ID contained in a response transmitted in response to the polling and then received from the device, the communication ID uniquely identifying the information processing apparatus as a communication partner;

a random number acquisition unit that obtains a first random number by the device encryption unit decrypting the communication ID with the secret key;

an apparatus transmitting and receiving unit encrypts the second random number with the secret key and transmits the encrypted second random number to the device during the polling or the next transmission of the polling, and controls the device encrypting unit to encrypt or decrypt information to be communicated with the device using the first random number and the second random number obtained by the random number obtaining unit.