[go: up one dir, main page]

HK1138087B - Information processing device, information processing method and communication system - Google Patents

Information processing device, information processing method and communication system Download PDF

Info

Publication number
HK1138087B
HK1138087B HK10103620.0A HK10103620A HK1138087B HK 1138087 B HK1138087 B HK 1138087B HK 10103620 A HK10103620 A HK 10103620A HK 1138087 B HK1138087 B HK 1138087B
Authority
HK
Hong Kong
Prior art keywords
information
section
card
encryption method
encryption
Prior art date
Application number
HK10103620.0A
Other languages
Chinese (zh)
Other versions
HK1138087A1 (en
Inventor
中津川泰正
栗田太郎
滨田宏昭
森田直
竹村俊治
朱莹琳
千叶美纪
中村光宏
金本俊范
东川寿充
Original Assignee
索尼公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2008149824A external-priority patent/JP4631935B2/en
Application filed by 索尼公司 filed Critical 索尼公司
Publication of HK1138087A1 publication Critical patent/HK1138087A1/en
Publication of HK1138087B publication Critical patent/HK1138087B/en

Links

Abstract

An information processing device comprises: a data storing portion,, which can store user data used for a certain non-contact communication service and managing information used for managing the user data in different storing region corresponding to different encryption manners, and comprises a first storing region for storing the managing information corresponding to a first encryption manner; an issued-information receptor, which receives the issued information from a issuing device which is encrypted by the first encryption manner, wherein the issuing device transfers the issued message so as to issue the managing information corresponding to a second encryption manner; an issued-information deciphering portion, which deciphers the received issued-information that is encrypted by the first encryption manner, based on the managing information stored in the first storing region and corresponding to the first encryption manner; a managing-information issuing portion, which issues, based on the deciphered issued-information, the managing information corresponding to the second encryption manner, and stores it in the second storing region.

Description

Information processing apparatus, information processing method, and communication system
Cross Reference to Related Applications
The subject matter of Japanese patent application JP 2008-.
Technical Field
The invention relates to an information processing apparatus, an information processing method, a program, and a communication system.
Background
Electronic money systems, security systems, and the like generally use a non-contact type IC card equipped with a reader/writer and an IC chip capable of non-contact communication. Also, in recent years, mobile terminals equipped with these non-contact type IC chips are being developed and are capable of communicating with a reader/writer.
The IC card is required to securely manage user data, which is necessary for using various services. In japanese patent application publication No. JP- cA-2000-36014, for example, cA method is disclosed in which, in order to prevent falsification or theft of management information stored on an IC card to manage user datcA, the management information is encrypted and transmitted to the IC card. In addition, in, for example, japanese patent application laid-open No. JP- cA-2000-36021, cA method is disclosed in which, in order to improve security such as datcA confidentiality, an arecA definition arecA for managing cA user datcA storage arecA and cA service definition arecA have cA hierarchical structure, and each definition arecA is locked using cA key. In addition, a method is disclosed in japanese patent No. 3890602 in which, in order to control access to data in an IC card, a plurality of user blocks are defined for use
The region definition block specifies access rights. In addition, cA method is disclosed in, for example, japanese patent application publication No. JP- cA-10-020780 and japanese patent application publication No. JP- cA-10-327142, in which mutual authentication between an IC card and cA reader/writer is performed using cA plurality of authentication keys and random numbers.
Disclosure of Invention
In recent years, many encryption methods have been proposed as encryption algorithms for securely transmitting data. In particular, in recent years, in order to replace the Data Encryption Standard (DES), which is a standard encryption method that has been generally used previously, a more reliable Advanced Encryption Standard (AES) is being more commonly used.
However, the techniques disclosed in the above 5 patent specifications do not assume a case where a single IC card is compatible with a plurality of encryption algorithms (encryption methods). If a single IC card is not compatible with multiple encryption algorithms, the following problems will arise.
For example, a service provider who provides a service using an IC card cannot select an encryption algorithm for use from among a plurality of encryption algorithms, nor can a plurality of encryption algorithms be used at the same time. Further, on a single IC card, services from a plurality of service providers that have selected different encryption algorithms cannot be provided.
In addition, a given service provider may sometimes wish to convert the encryption algorithm currently in use to a new encryption algorithm (e.g., from using DES to AES). In this case, using known techniques, it is necessary to recycle IC cards compatible with the previous encryption algorithm (DES) and distribute IC cards compatible with the new encryption Algorithm (AES). For this reason, it is impossible to smoothly convert the encryption algorithm used by such an IC card, resulting in a great deal of effort, time, and expense in converting the algorithm.
To solve this problem, the present invention allows a single information processing apparatus capable of non-contact communication to be flexibly compatible with a plurality of encryption algorithms.
According to an embodiment of the present invention, there is provided an information data processing apparatus including: a data storage section having at least a first storage area, storing first management information corresponding to a first encryption method, and capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; a distribution information receiver that receives distribution information encrypted using a first encryption method from a distribution apparatus that delivers the distribution information to distribute second management information corresponding to a second encryption method; an issued information decrypting section that decrypts the received issued information by the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storing section; and a management information issuing section that issues second management information corresponding to a second encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
The storage area of the data storage portion may have a hierarchical structure formed of a section definition area established for at least each of a plurality of encryption methods compatible with the information processing apparatus and at least one area definition area belonging to the section definition area. The management information may include at least section definition information stored in the section definition area, area definition information stored in the area definition area, and the first storage area of the data storage portion may include at least a first section definition area storing first section definition information corresponding to a first encryption method. The first management information may include at least the first section definition information, and the first section definition information may include a first key for authenticating access to the first section definition area and identification information for a first encryption algorithm. The issue information, as the second management information, may be section issue information used to issue second section definition information corresponding to a second encryption method, and the section issue information may include a second key used to authenticate access to the second section definition area, and identification information used for the second encryption method. The information processing apparatus may further include: and a mutual authentication unit that performs mutual authentication with the issuing apparatus using the first encryption method using the identification information of the first encryption method stored in the first section definition area. When the mutual authentication performed by the mutual authentication section is successful, the distribution information receiver receives section distribution information from the distribution apparatus, the section distribution information being encrypted using a first encryption method of the first key, the decryption section decrypting the received section distribution information in the first encryption method using the first key stored in the first section definition area, and the management information distribution section may distribute second section definition information including a second key and second encryption method identification information based on the decrypted section distribution information and store the second section definition information in a second section definition area that is a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided an information processing apparatus including: a data storage section having at least a first storage area storing first management information corresponding to a first encryption method, and capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; a distribution information receiver that receives distribution information encrypted by a first encryption method from a distribution apparatus that transfers the distribution information to distribute second management information corresponding to the first encryption method; an issued information decrypting section that decrypts the received issued information by the first encryption method based on the first management information corresponding to the first encryption method stored in the first storage area of the data storage section; and a management information issuing section that issues second management information corresponding to the first encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
The storage area of the data storage portion may have a hierarchical structure made up of at least one system-defining area established corresponding to each of the contactless communication systems compatible with the information processing apparatus, at least one zone-defining area for each of a plurality of encryption methods compatible with the information processing apparatus, and at least one area-defining area belonging to the zone-defining area, the zone-defining area belonging to the system-defining area. The management information may include at least system definition information stored in a system definition area, zone definition information stored in a zone definition area, and area definition information stored in an area definition area, and the first storage area of the data storage portion includes at least a first system definition area storing first system definition information corresponding to a first contactless communication system and a first zone definition area storing first zone definition information corresponding to a first encryption method, the first zone definition area belonging to the first system definition area. The first management information may include at least first system definition information including a first system code (system code) representing the first contactless communication system and first zone definition information including a first key for authenticating access to the first zone definition area and identification information for a first encryption method. The issue information, as the second management information, is system issue information that issues second system definition information corresponding to the second non-contact communication system and second section definition information belonging to the second system definition information and corresponding to the first encryption method, and the system issue information may include a second system code representing the second non-contact communication system and a second key for authenticating access to the second section definition area. The information processing apparatus further includes: a key storage unit that stores an authentication key for newly (newly) issuing system definition information; and a mutual authentication section performing mutual authentication with the issuing apparatus by the first encryption method using the first encryption method identification information stored in the first section definition area. The distribution information receiver may receive, from the distribution apparatus, system distribution information encrypted by a first encryption method of one of the first key and the authentication key when mutual authentication performed by the mutual authentication section is successful. The issued information decrypting section may decrypt the received system issued information using the first encryption method using one of the first key stored in the first section defining area and the authentication key stored in the key storing section, and the management information issuing section may issue, based on the decrypted system issued information, second system defined information including a second system code and second section defined information including the second key and the first encryption method identification information, and store the second system defined information and the second section defined information in the second system defined area and the second section defined area, respectively, which are second storage areas of the data storing section.
The first storage area and the second storage area of the data storage part may store first encryption method identification information and second encryption method identification information, respectively. The information processing apparatus may further include: a communication unit that performs non-contact communication with a service provider device that delivers a specific service; and a mutual authentication section that, when an authentication request from the service provider apparatus is received through the communication section, selects a storage area corresponding to an encryption method specified by the authentication section based on one of the first and second encryption method identification information stored in the first and second storage areas, and performs mutual authentication with the service provider apparatus in the encryption method specified in the authentication request using the management information stored in the selected storage area.
The information processing apparatus may further include: a communication unit that performs non-contact communication with an external device; and an encryption processing section compatible with the plurality of encryption methods, using one of the plurality of encryption methods to encrypt and decrypt data communicated by the communication section through the contactless communication. Using the encryption processing section, the distribution information decryption section may decrypt the distribution information received from the distribution apparatus using the first encryption method.
The first encryption method is a single typical encryption method selected from a plurality of encryption methods compatible with the encryption processing section, and the first encryption method may be more reliable than the second encryption method.
The information processing apparatus is one of an IC card and a mobile terminal equipped with an IC card section capable of contactless communication with an external apparatus.
According to another embodiment of the present invention, there is provided an information processing method including the steps of: storing, by an information processing apparatus, first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; receiving, by an information processing apparatus, distribution information encrypted using a first encryption method from a distribution apparatus that delivers the distribution information to distribute second management information corresponding to a second encryption method; decrypting, by the information processing apparatus, the received release information using the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and issuing, by the information processing apparatus, second management information corresponding to a second encryption method based on the decrypted issue information, and storing the second management information in a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided an information processing method including the steps of: storing, by an information processing apparatus, first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; receiving, by the information processing apparatus, distribution information encrypted using a first encryption method from a distribution apparatus that passes the distribution information to distribute second management information corresponding to the first encryption method; decrypting, by the information processing apparatus, the received release information using the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and issuing, by the information processing apparatus, second management information corresponding to the first encryption method based on the decrypted issue information, and storing the second management information in a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided a program including instructions that instruct a computer to perform the steps of: storing first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; receiving distribution information encrypted using a first encryption method from a distribution apparatus that passes the distribution information to distribute second management information corresponding to a second encryption method; decrypting the received distribution information using the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and issuing second management information corresponding to a second encryption method based on the decrypted issue information and storing the second management information in a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided a program including instructions that instruct a computer to perform the steps of: storing first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; receiving distribution information encrypted using a first encryption method from a distribution apparatus, the distribution apparatus transferring the distribution information to distribute second management information corresponding to the first encryption method; decrypting the received distribution information using the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and issuing second management information corresponding to the first encryption method based on the decrypted issue information and storing the second management information in a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided a communication system including: a distribution device; and an information processing device capable of communicating with the distribution device. The issuing device includes: a distribution information encryption section for encrypting distribution information for distributing second management information corresponding to a second encryption method in a first encryption method; and a distribution information transmitter for transmitting the distribution information encrypted with the first encryption method to the information processing apparatus. The information processing apparatus includes: a data storage section having at least a first storage area storing first management information corresponding to a first encryption method, and capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; a distribution information receiver for receiving distribution information encrypted by a first encryption method from the distribution apparatus; an issued information decrypting section that decrypts the received issued information using the first encryption method based on the first management information corresponding to the first encryption method stored in the first storage area of the data storage section; and a management information issuing section that issues second management information corresponding to a second encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
According to another embodiment of the present invention, there is provided a communication system including: a distribution device; and an information processing device capable of communicating with the distribution device. The issuing device includes: a distribution information encryption section for encrypting, in a first encryption method, distribution information for distributing second management information corresponding to the first encryption method; and a distribution information transmitter for transmitting the distribution information encrypted with the first encryption method to the information processing apparatus. The information processing apparatus includes: a data storage section having at least a first storage area storing first management information corresponding to a first encryption method, and capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods; a distribution information receiver for receiving distribution information encrypted by a first encryption method from the distribution apparatus; an issued information decrypting section that decrypts the received issued information using the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storing section; and a management information issuing section that issues second management information corresponding to the first encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
According to the embodiments of the present invention described above, a single information processing apparatus capable of non-contact communication can be flexibly compatible with a plurality of encryption algorithms.
Drawings
Fig. 1 is a schematic diagram showing a communication system according to a first embodiment of the present invention;
fig. 2 is an explanatory diagram showing an encryption algorithm compatible with the IC card according to the present embodiment;
fig. 3 is a schematic diagram showing the main components of the communication system according to the present embodiment;
fig. 4 is a block diagram showing a structural example of an IC card section that performs noncontact communication according to the present embodiment;
fig. 5 is a block diagram showing a configuration example of a control section and a memory of the IC card section according to the present embodiment;
fig. 6 is a block diagram showing functions of an issuing apparatus and an IC card for encryption and decryption of issuing information according to the present embodiment.
Fig. 7 is a schematic diagram showing a logical file structure section of the memory of the IC card according to the present embodiment;
fig. 8 is a schematic diagram showing a specific example of a logical file structure according to the present embodiment;
fig. 9 is a pattern diagram showing a specific example of the hierarchical structure of the area definition information and the service definition information according to the present embodiment;
fig. 10 is a schematic diagram showing a specific example of a logical file structure compatible with a single encryption method;
fig. 11 is a schematic diagram showing a specific example of a logical file structure compatible with a single encryption method;
fig. 12 is a program diagram showing an access sequence between the IC card according to the present embodiment and the reader/writer of the service provider apparatus when the IC card is used;
fig. 13 is a flowchart showing step S10 in fig. 12;
fig. 14 is a flowchart showing step S20 in fig. 12;
fig. 15 is a flowchart showing step S30 in fig. 12;
fig. 16 is a flowchart showing step S40 in fig. 12;
fig. 17 is a flowchart showing step S50 in fig. 12;
fig. 18 is a flowchart showing step S60 in fig. 12;
fig. 19 is a flowchart showing step S70 in fig. 12;
fig. 20 is an explanatory diagram showing a structure of system distribution information according to the present embodiment;
fig. 21 is a schematic diagram showing a procedure of encrypting and decrypting system distribution information by the IC card and the distribution apparatus according to the present embodiment;
fig. 22 is an explanatory diagram showing the structure of the section issuing information according to the present embodiment;
fig. 23 is a schematic diagram showing a procedure of encrypting and decrypting section issuing information by the IC card and the issuing apparatus according to the present embodiment;
fig. 24 is a pattern diagram showing a specific example of newly issued system definition information or section definition information in the logical file structure section of the IC card according to the present embodiment;
fig. 25 is a sequence chart showing the sequence of system issuing processing of the IC card and the reader/writer of the issuing apparatus according to the present embodiment;
fig. 26 is a flowchart showing a system issuing process of the IC card according to the present embodiment;
fig. 27 is a sequence chart showing the sequence of the section issuing process of the reader/writer of the IC card and issuing device according to the present embodiment; and
fig. 28 is a flowchart showing the section issuing process of the IC card according to the present embodiment.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that in the present specification and the drawings, structural components having substantially the same function and structure are denoted by the same reference numerals, and repeated explanation of these structural components is omitted.
First embodiment
The first embodiment of the present invention will be explained in the order shown below.
1. Overall structure and characteristics of the communication system: FIGS. 1 to 3
Structure of IC card (information processing apparatus): FIGS. 4 to 6
Logic file structure of IC card: FIGS. 7 to 11
Use of IC card: FIGS. 12 to 19
5. Structure and encryption of release information: FIGS. 20 to 23
6. Outline of definition information distribution processing: FIG. 24
7. And (3) system release processing: FIGS. 25 to 26
8. Section issuing processing: FIGS. 27 to 28
9. Effect
1. Overall structure and characteristics of the communication system: FIGS. 1 to 3
First, an outline of a communication system according to a first embodiment of the present invention is explained with reference to fig. 1. Fig. 1 is a schematic diagram showing a communication system according to the present embodiment.
As shown in fig. 1, the communication system according to the present embodiment includes: an information processing device (for example, a non-contact type IC card 1, a mobile terminal 2) capable of non-contact communication with an external device; a service provider apparatus 3; a reader/writer 4 connected to the service provider apparatus 3; a distribution device 5 that generates distribution information; and a reader/writer 6 connected to the issuing device 5.
This information processing apparatus is an apparatus equipped with a non-contact type IC chip (not shown in the drawings, hereinafter referred to as "IC chip") which is an electronic circuit for performing non-contact communication with an external apparatus. The external device is, for example, a device such as the service provider device 3 or the distribution device 5 equipped with the reader/writer 4 or the reader/writer 6 for non-contact communication. As shown in fig. 1, the information processing apparatus is an apparatus capable of non-contact communication, such as a non-contact type IC card 1 or a mobile terminal 2.
The non-contact type IC card 1 (hereinafter referred to as an IC card 1) includes, in a thin card case, an antenna (not shown in the figure) for non-contact communication with a reader/writer of the external device, which is a data reading device, and an IC chip (not shown in the figure) containing an IC that performs a predetermined process. The IC card 1 is capable of non-contact wireless communication with the reader/writer 4 of the service provider apparatus 3 and the reader/writer 6 of the distribution apparatus 5. Therefore, it is possible to read data in the IC card 1 and write data in the IC card 1 simply by placing the IC card 1 in the effective range of the electromagnetic wave generated by the reader/writer 4 or the reader/writer 6 (in other words, by sweeping the IC card 1 over the reader/writer 4 or the reader/writer 6). Therefore, the IC card 1 does not need to be inserted into the reader/writer 4 or the reader/writer 6 to be ejected again for use, allowing rapid data reception and transmission. It has high security because it is not easily modified or changed, and the card itself can be reused many times by rewriting data, thereby having high convenience.
Because of its convenience, the IC card 1 is applied to an IC card system that can provide a variety of services. For example, the IC card 1 is used in an electronic money system, a bus ticket checking system, a security system such as entering a building or a room or logging in a Personal Computer (PC), and the like, and an electronic settlement system. More specifically, the IC card 1 is used in various applications (1) to (6) such as the following. In addition, a multi-purpose type card is currently being developed in which a single IC card 1 can incorporate a plurality of the above-described functions, and the kinds of the IC cards 1 are also increasingly diversified.
(1) An electronic money card, such as electronic money, points, coupons, etc., stores electronic values (data having money or money values corresponding to money).
(2) For commuter tickets or seat reservation tickets, bus cards for public transport such as trains, cars or highways, prepaid ticket data is stored.
(3) Personal identification cards such as employee ID cards for authenticating identity or for managing working hours as a key, entering and leaving buildings, logging in to PCs, and the like, and student identity cards and the like are used as identity cards and the like.
(4) Membership cards, loyalty cards, coupon cards, etc. for various stores and organizations.
(5) An electronic ticket card stores electronic tickets for movie theaters, music halls, stadiums, amusement parks and the like.
(6) Electronic debit cards for electronic transactions, including online shopping, distribution of movie and music content, and trading of financial products such as securities/deposits.
Further, the mobile terminal 2 is a portable information processing device equipped with the above-described IC chip, and is a mobile device such as a mobile phone, a wristwatch, a Personal Digital Assistant (PDA), a mobile game console, or a portable audio-visual player. The mobile terminal 2, like the IC card 1 described above, is capable of non-contact communication with the reader/writer and can use the various services described above.
The service provider apparatus 3 is a host apparatus that provides a specific service using an IC card. The service provider apparatus 3 may be, for example, a public transportation automatic ticket gate, a cash register apparatus provided at a shop such as a convenience store, a mobile terminal (e.g., a PC or the like) for electronic transaction on the internet or the like, an automatic vending machine for various products, a bus card or the like, a point of sale (POS) terminal, a kiosk terminal, an Automatic Teller Machine (ATM) of a financial institution, or the like. The service provider apparatus 3 is equipped with a reader/writer 4 to perform non-contact communication with the IC card 1, the mobile terminal 2, and the like. The reader/writer 4 may be built-in or integrated into the service provider device 3, or may be a separate device connected to the service provider device 3 by a wired or wireless connection.
By positioning the information processing apparatus (such as the IC card 1 or the mobile terminal 2 described above) within the communication range of the reader/writer 4 of the service provider apparatus 3, information on a specific service can be transmitted between the IC card 1 and the service provider apparatus 3 through non-contact communication. By this means, the user of the IC card 1 or the mobile terminal 2 can enjoy the above-described various services.
In addition, the issuing device 5 generates issuing information for issuing management information stored in a storage area of the information processing device (such as the IC card 1 or the mobile terminal 2 described above), and transmits the issuing information to the information processing device. The management information is information for managing user data used in the above-described various services by an information processing apparatus such as the IC card 1, and the issue information is information for issuing the management information. The management information and the release information will be described in detail below. The distribution apparatus 5 encrypts the generated distribution information using a predetermined encryption method, and transmits the encrypted distribution information (hereinafter referred to as "encrypted distribution information") to an information processing apparatus such as the IC card 1 or the mobile terminal 2.
In order to realize the above function, the issuing apparatus 5 is provided with a reader/writer 6 to perform non-contact communication with the IC card 1 or the mobile terminal 2. The reader/writer 6 may be built-in or integrated into the issuing device 5, or may be a separate device, and may be connected to the issuing device 5 through a wired or wireless connection. In addition, the distribution apparatus 5 can communicate with the mobile terminal 2 through the network 7.
In the present embodiment, the IC card 1 acquires the encrypted distribution information from the distribution apparatus 5 by performing non-contact communication with the reader/writer 6 of the distribution apparatus 5. In this way, for example, when the IC card 1 is shipped from a card manufacturer, the encrypted issuing information is transmitted from the issuing device 5 to the IC card 1 by swiping the IC card 1 through the reader/writer 6 of the issuing device 5.
Meanwhile, the mobile terminal 2 is connected to the distribution apparatus 5 through the network 7 and communicates with the distribution apparatus 5 via the network 7, and the mobile terminal 2 obtains the encrypted distribution information from the distribution apparatus 5. In this case, the distribution apparatus 5 is a service apparatus capable of network communication, and transmits the generated distribution information to the mobile terminal 2 through the network 7. In this case, the encrypted distribution information can be transferred from the distribution apparatus 5 to the mobile terminal 2 by accessing the mobile terminal 2 of the distribution apparatus 5 via the network 7 at a selected timing. It should be noted that the network 7 is a communication network connecting the issuing device 5 and the mobile terminal 2 bidirectionally, which allows them to communicate with each other, and which may be a wired or wireless network. The network 7 may be, for example, the internet, a telephone network, a public circuit such as a satellite communication network, and any type of Local Area Network (LAN) including ethernet (registered trademark), or a leased private network such as a Wide Area Network (WAN), or an internet protocol-virtual private network (IP-VPN).
In this case, the issuing device 5 that generates the encrypted issuing information, and the reader/writer 6 that transmits the encrypted issuing information to the IC card 1 may be integrated as a single device, or may be formed of different devices. In order to generate the encrypted distribution information described above, the distribution information text that is not encrypted may be encrypted using a predetermined authentication key. Thus, for example, even a general-purpose computer apparatus such as a personal computer (hereinafter referred to as "PC") can perform processing to generate encrypted distribution information. Therefore, the PC as the distribution apparatus 5 can generate the encrypted distribution information, save the encrypted distribution information in the reader/writer 6, and transmit the encrypted distribution information to the IC card 1. In this case, the reader/writer 6 of the issuing apparatus 5 and the reader/writer 4 of the service provider apparatus 3 may be the same reader/writer. On the other hand, the issuing device 5 having the function of generating the encrypted issuing information may be integrated with the reader/writer 6 having the function of transmitting the encrypted issuing information to the IC card 1. In this case, the authentication key and the issue information securely stored in the reader/writer 6 are used to generate encrypted issue information inside the reader/writer 6, and the encrypted issue information is transmitted from the reader/writer 6 to the IC card 1.
The general structure of the communication system according to the present embodiment is briefly described above. Next, the features of the communication system according to the present embodiment will be briefly described. It should be noted that the following description mainly describes the information processing apparatus capable of non-contact communication as the IC card 1, but the present description is equally applicable to the case where the information processing apparatus is the mobile terminal 2.
The features of the communication system according to the present embodiment include a logical file structure of the IC card 1 compatible with a plurality of encryption algorithms (encryption methods), and a constitution method of the logical file structure. In other words, according to the present embodiment, "user data" using a specific service to which contactless communication is applied and "management information" that manages the user data are stored in the storage area within the IC card 1. The "management information" includes, for example, various data such as "system definition information", "section definition information", "area 0 definition information", "area definition information", and "service definition information" which will be described later, and has a hierarchical logical file structure (see fig. 7 to 9). The IC card 1 is compatible with a plurality of different encryption methods (encryption algorithms), and the above-described management information is logically divided into different storage areas for each of the plurality of encryption methods in the IC card 1 and stored in the respective storage areas (a section definition area and its subordinate definition area, which will be described later). In order to issue the management information corresponding to each encryption method in the IC card 1, the "issue information" is transmitted from the issuing apparatus 5 to the IC card 1. For example, the "distribution information" is, for example, "system distribution information" and "section distribution information" which will be described later.
When new management information in the IC card 1 is issued (for example, when the system definition information or the section definition information is issued), the issuing device 5 encrypts the above-described issuing information using the "authentication key" securely stored in the IC card 1 and transmits it to the IC card 1. The "authentication key" is, for example, a "system key", an "area 0 key", a "system issuing authentication key", or a "partition authentication key", which will be described later. Encrypting the issuing information using the authentication key avoids tampering with or stealing the issuing information transmitted from the issuing device 5 to the IC card 1, and the integrity of the issuing information can be verified in the IC chip of the IC card 1.
In addition, the IC chip in the IC card 1 is equipped with a processing circuit (e.g., a processor) compatible with a plurality of different encryption algorithms (e.g., DES and AES). These encryption processing circuits are one example of the encryption processing section of the present invention. A typical encryption algorithm (the typical encryption algorithm is the first encryption method) is set from among a plurality of encryption algorithms matched with the encryption processing circuit. It is desirable that the set typical encryption algorithm (the first encryption method, e.g., AES) is more reliable than other encryption algorithms (the second encryption method, e.g., DES).
Subsequently, the issuing device 5 encrypts, using the typical encryption algorithm (e.g., AES), the issue information for issuing the management information (e.g., the section definition information and the area 0 definition information for DES) compatible with another encryption algorithm (e.g., DES), and stores the encrypted issue information in the memory. Subsequently, when the IC card 1 passes through the reader/writer 6 of the issuing apparatus 5, the issuing apparatus 5 transmits the encrypted issuing information to the IC card 1 by non-contact communication using a typical encryption Algorithm (AES). When the IC card 1 receives the issue information encrypted using the typical encryption Algorithm (AES) from the issuing apparatus 5, the IC card 1 decrypts the issue information received from the issuing apparatus 5 using the typical encryption algorithm (first encryption method, AES) using an encryption processing circuit compatible with the AES encryption algorithm described above. In the decryption process, the IC card 1 uses management information (section definition information for AES or area 0 definition information) compatible with the first encryption method and stored in a first storage area (AES section definition information area or the like) of the data storage section of the IC card 1. Further, the IC card 1 issues management information compatible with a second encryption method (for example, section definition information or area 0 definition information for another encryption algorithm such as DES) based on the decrypted issue information and stores it in a second storage area of the data storage section.
With this structure, by encrypting and transmitting the distribution information of another encryption algorithm (second encryption method, DES for example) using a typical encryption algorithm (first encryption method, AES for example) of high reliability, the IC card 1 can securely distribute the management information of another encryption algorithm. Therefore, it is possible to avoid tampering or stealing of the issuing information and to verify the integrity of the issuing information in the IC chip of the IC card 1.
Further, when using the IC card 1 to use a specific service, the IC card 1 will pass through the reader/writer 4 of the service provider apparatus 3. When this is done, the IC card 1 identifies the encryption method specified by the reader/writer 4 from among a typical encryption algorithm (first encryption method, AES) compatible with the IC card 1 or another encryption algorithm (second encryption method, DES). Then, the IC card 1 and the reader/writer 4 can perform mutual authentication using a specified encryption algorithm, and perform non-contact communication of user data, commands, and the like related to a specific service. In this way, a single IC card 1 can be flexibly compatible with a plurality of encryption algorithms. Also, when a specific service or contactless communication system switches between encryption algorithms, for example, from DES to AES, the encryption method can be smoothly and securely switched without recalling the existing IC card 1 and redistributing a new IC card 1. The structure of the communication system having the above-described features according to the present embodiment will be described in detail below.
Next, one hypothetical case for the communication system according to the present embodiment will be described with reference to fig. 2. Fig. 2 is an explanatory diagram showing an encryption algorithm compatible with the IC cards 1A to 1D according to the present embodiment.
As shown in the example in fig. 2, the IC card 1A is compatible with only the encryption algorithm a, the IC card 1B is compatible with only the encryption algorithm B, and the IC card 1C is compatible with only the encryption algorithm C. In contrast, the IC card 1D is compatible with all the encryption algorithms A, B and C. In the communication system according to the present embodiment, it is assumed that the hardware of the IC card 1 is configured to be compatible with a plurality of encryption algorithms.
In the above-mentioned Japanese patent application laid-open No. JP-A-2000-36014, the following techniques are disclosed: when management information that manages user data is stored on the IC card, in order to avoid the management information from being tampered or stolen, the management information is encrypted on the reader/writer side and transmitted to the IC card. However, this technique assumes that the IC card 1 is compatible with only a single specified encryption algorithm (IC cards 1A, 1B, and 1C in fig. 2).
Also in the present embodiment, when the reader/writer 6 of the issuing device 5 transmits the issuing information to the IC card 1, the issuing information is encrypted. However, in the present embodiment, it is assumed that the IC card 1 is compatible with a plurality of encryption algorithms, as with the IC card 1D shown in fig. 2. In this case, the manner in which the management information is set and stored in the IC card 1 has a specific feature. More specifically, one particular feature of the present embodiment is: when the IC card 1 compatible with the plurality of encryption algorithms A, B and C is equipped with hardware (encryption processing circuit, etc.), a storage area storing the management information (section definition information, etc., which will be described later) in the IC card 1 is provided separately for each encryption algorithm.
Here, the encryption algorithm (the encryption method) may be a selected encryption method, such as a general key encryption method, e.g., DES, AES, Camellia, CLEFIA, or the like, or may also be a public key encryption method, e.g., Rivest Shamir Adleman (RSA) algorithm, or the like. The reliability, encryption processing load, and the like of each of these encryption methods are excellent in terms of security.
Next, the main part of the communication system according to the present embodiment will be briefly explained with reference to fig. 3. Fig. 3 is a schematic diagram showing a main part of the communication system according to the present embodiment.
As shown in fig. 3, the main parts of the communication system include: an IC card section 8 mounted on an information processing apparatus (for example, the IC card 1 or the mobile terminal 2), a controller 9 of the service provider apparatus 3 or the distribution apparatus 5 (host apparatus), and a reader/writer 4 of the service provider apparatus 3 or a reader/writer 6 of the distribution apparatus 5.
The IC card section 8 is equipped with an antenna, an IC chip, and a memory (see fig. 4) that perform non-contact communication with the reader/writer 4 or the reader/writer 6. The IC card section 8 may have a selected form, and may be, for example, an IC card 1 having a card form, or may be built in a mobile terminal 2 as a wristwatch, a mobile phone, or the like. For example, the IC card section 8 and the reader/writer 4 or the reader/writer 6 perform wireless or wired communication using a predetermined communication method such as "ISO/IEC 18092" or the like. For example, the reader/writer 4 or the reader/writer 6 may be connected to the controller 9 through a wired or wireless connection.
With this configuration, the controller 9 transmits a specific command, such as a read command, to the IC card section 8 through the reader/writer 4 or the reader/writer 6. The IC card section 8 reads the user data stored in the memory and transmits the user data to the controller 9 through the reader/writer 4 or the reader/writer 6 in response to the read command.
By this means, the communication system according to the present embodiment is constituted by an IC card system in which non-contact communication is performed between the IC card section 8 of the IC card 1 or the mobile terminal 2 and the reader/writer 4 or the reader/writer 6 of the host device. The reader/writer 4 or the reader/writer 6 of the host device transmits electric power to the IC card section 8 of the IC card 1 by generating a Radio Frequency (RF) magnetic field, and modulates the RF magnetic field using commands and data and the like. By this method, data is transmitted between the reader/writer 4 or the reader/writer 6 and the IC card section 8 by non-contact communication. For example, such non-contact communication is "equalizing communication" using a bandwidth of 13.56MHz, performed at a communication speed of 212kbps, and does not use subcarriers. In addition, for example, Amplitude Shift Keying (ASK) may be used as a method of modulation and manchester encoding may be used as an encoding method. In addition, for example, the time slot method can be used as an anti-collision method to detect and avoid data collision. In the present IC card system, the reader/writer 4 or the reader/writer 6 of the host device issues various commands to the IC card section 8 of the IC card 1, and the IC card section 8 responds to these commands. Data communication related to a specific service is performed by repeating such processing.
Structure of IC card (information processing apparatus): FIGS. 4 to 6
Next, a structure of the IC card 1 (one specific example of the information processing apparatus of the present invention) constituting a part of the communication system will be described. First, the structure of the IC card portion 8 of the IC card 1 or the mobile terminal 2 according to the present embodiment will be described with reference to fig. 4. Fig. 4 is a block diagram showing an example of the structure of the IC card section 8 that performs non-contact communication according to the present embodiment.
As shown in fig. 4, the IC card section 8 includes an antenna 10 for performing non-contact communication with a reader/writer, a transmitter 11, a receiver 12, an encryption section 13, a decryption section 14, a control section 20, and a memory 30. It should be noted that the antenna 10, the transmitter 11, and the receiver 12 are one example of the communication section of the present invention. The encryption unit 13 and the decryption unit 14 are one example of an encryption processing unit of the present invention. The memory 30 is an example of a data storage section and a key storage section of the present invention. The control unit 20 and the receiver 12 are one example of the distribution information receiving unit of the present invention. The control unit 20 and the decryption unit 14 are one example of the distribution information decryption unit of the present invention. Similarly, the control unit 20 is an example of the mutual authentication unit and the management information distribution unit of the present invention.
The antenna 10 is an antenna for non-contact communication with a reader/writer. The receiver 12 demodulates data received from the reader/writer 4 or the reader/writer 6. The decryption section 14 decrypts the received data demodulated by the receiver 12. The encryption section 13 encrypts data to be transmitted to the reader/writer 4 or the reader/writer 6. The transmitter 11 modulates the transmission data encrypted by the encryption section 13. The control section 20 controls each section in the IC card section 8. The memory 30 is a memory for storing data (e.g., user data, management information, etc.).
For example, the transmitter 11, the receiver 12, the encryption unit 13, the decryption unit 14, the control unit 20, and the memory 30 are formed of specific circuits and mounted on a small IC chip. The antenna 10 is a coil antenna or the like, which is disposed along the outer edge of the IC card 1 and connected to the transmitter 11 and the receiver 12.
The transmitter 11 and the receiver 12 (communication section) are configured by, for example, a modulation/demodulation circuit, a front end circuit, a power supply recovery circuit, and the like (not shown in the figure). The modulation/demodulation circuit modulates and demodulates data using, for example, an ASK modulation format. The power supply recovery circuit generates an induced electromotive force from the RF magnetic field of the carrier wave received from the reader/writer 4 or the reader/writer 6 using the antenna 10, and captures the induced electromotive force as a power supply of the IC card section 8. In addition, the front-end circuit receives a carrier wave transmitted from the reader/writer 4 or the reader/writer 6 using the antenna 10, demodulates the carrier wave and obtains a command or data from the reader/writer 4 or the reader/writer 6, and then transmits the command or data to the control section 20. In addition, the front-end circuit divides the carrier wave and generates one clock to drive the IC card section 8. The front-end circuit modulates the carrier wave in accordance with a command or data relating to a specific service generated by the control section 20, and transmits the modulated carrier wave from the antenna 10 to the reader/writer 4 or the reader/writer 6.
The encryption unit 13 and the decryption unit 14 constitute an encryption processing unit and are constituted by dedicated hardware, such as a cryptographic coprocessor having an encryption processing function. The encryption section 13 and the decryption section 14 according to the present embodiment are processors compatible with a plurality of different encryption algorithms (e.g., DES and AES). With these processors, the IC card section 8 of the IC card 1 or the mobile terminal 2 can perform non-contact communication with the reader/writer 4 or the reader/writer 6 using a plurality of encryption algorithms. However, in order to perform communication using encryption algorithms compatible with the encryption section 13 and the decryption section 14, it is necessary to store management information compatible with those encryption algorithms (the section definition information and the area 0 definition information, which will be described later) in a predetermined storage area of the memory 30.
The control section 20 is constituted by an arithmetic processing unit such as a microprocessor, a ROM, a RAM, and the like, and controls each part in the IC card section 8 while performing a predetermined arithmetic processing. The control section 20 operates in accordance with a program stored in a storage medium such as a memory 30 and a ROM (not shown in the figure), performs predetermined arithmetic processing, generates a command, and controls transmission, reception, reading, and writing of all types of information. For example, when the control section 20 communicates with the reader/writer about a specific service, it reads and writes the user information about the service in the memory 30. The control section 20 controls processing to encrypt and decrypt the data by the above-described encryption section 13 and decryption section 14. At this time, the control section 20 also controls whether or not to perform encryption and decryption processing, and not all the received and transmitted data are encrypted and decrypted.
The memory 30 (the data storage section, the key storage section) is, for example, a semiconductor memory such as a flash memory, an electrically erasable programmable read-only memory (EEPROM), or a ferroelectric random access memory (FeRAM). As shown in fig. 5, the memory 30 functions as a data storage section 32, and stores user data required to use a specific service by non-contact communication, and management information for managing the user data. The memory 30 also functions as a key storage unit 34 and securely stores an authentication key necessary for decrypting the encrypted distribution information. It should be noted that the memory 30 may be a storage device other than a semiconductor memory, such as an HDD or the like.
Next, the structures of the control section 20 and the memory 30 of the IC card section 8 will be specifically described with reference to fig. 5. Fig. 5 is a block diagram showing an example of the structures of the control section 20 and the memory 30 of the IC card section 8 according to the present embodiment.
As shown in fig. 5, the memory 30 includes a data storage section 32 having a logical file structure section 33 in which management information and user data are stored in a hierarchical structure. The memory 30 further includes a key storage unit 34 that securely stores the authentication key. For example, the logical file structure section 33 of the memory 30 has cA logical file structure as disclosed in japanese patent application publication No. JP- cA-2000-36021 referred to above, in which definition areas (i.e., management information storage areas) are logically layered in cA hierarchical structure, and each type of definition information is stored in cA hierarchical format. The logical file structure will be described later (see fig. 7 and 9, etc.).
In addition, as shown in fig. 5, the control section 20 includes a single detection/response section 21 and a plurality of encryption units 22A, 22B, and the like (hereinafter sometimes collectively referred to as "encryption units 22"). The encryption unit 22 is separately established for each encryption method (encryption algorithm) compatible with the encryption unit 13 and the decryption unit 14 (the encryption processing unit) of the IC card unit 8 described above. For example, if the encryption processing section of the IC card section 8 is compatible with DES and AES, two encryption units 22, that is, a DES encryption section 22A and an AES encryption section 22B, will be provided.
Each encryption unit 22 includes an authentication key generation section 23, a mutual authentication section 24, a communication path encryption section 25, a read/write section 26, a distribution information decryption section 27, and a management information distribution section 28. In this way, the respective encryption units 22 are provided for each encryption method, respectively, and the plurality of functional sections 23 to 28 required for communication using each encryption method are provided as one combination. In this way, in the case where the IC card 1D is compatible with a plurality of encryption algorithms as shown in fig. 2, the authentication key generation section 23, the mutual authentication section 24, the communication path encryption section 25, the read/write section 26, the issued information decryption section 27, and the management information issuing section 28 are different for each encryption method.
It should be noted that a program for executing the function of each of the above-described sections 21 to 28 of the control section 20 is stored in an information processing apparatus such as the IC card 1 or the like, and a processor constituting the control section 20 executes the program, thereby realizing each of the sections 21 to 28. The program may be transmitted to the information processing apparatus via a storage medium or a communication medium. However, not limited to this example, each of the sections 21 to 28 may be implemented by including hardware (a dedicated processor, a circuit, or the like) having a function of each of the sections 21 to 28 in the information processing apparatus (e.g., the IC card 1 or the like). Each of the control sections 20 21 to 28 will be described later.
For example, the detection/response section 21 has a function compatible with a polling command or the like defined by "ISO/IEC 18092". When the detection/response section 21 receives a polling command related to a specified IC card system from the reader/writer 4 or the reader/writer 6, it generates a command response for the IC card system in response to the polling command, and returns the command response to the reader/writer 4 or the reader/writer 6. Generally, a detection/response section 21 common to a plurality of encryption algorithms is provided.
The authentication key generation unit 23 generates an authentication key necessary for mutual authentication between the IC card unit 8 and the reader/writer 4 or the reader/writer 6. For example, the authentication key may be generated using the method disclosed in the above-mentioned Japanese patent application laid-open No. JP-A-10-327142, which will be briefly described herein. The authentication key generation section 23 generates the authentication key generated by the service key of the access area used by the service to be used and a unique ID (hereinafter referred to as "card ID") assigned to each IC card section 8. When a plurality of services are used simultaneously, a degenerate key is generated from a plurality of service keys, and an authentication key is generated from the degenerate key and a card ID. The authentication key is used for bidirectional authentication, as described below.
The mutual authentication section 24 performs mutual authentication between the IC card section 8 and the reader/writer 4 or the reader/writer 6. For example, the mutual authentication may be performed using cA method disclosed in Japanese patent application laid-open No. JP-A-10-020780 or using cA method defined by "ISO/IEC 9798", as briefly described herein. The bidirectional authentication section 24 in the IC card 1 decrypts the random number received from the reader/writer 4 or the reader/writer 6 using the authentication key generated by the authentication key generation section 23 described above, and then re-encrypts and returns it. Also in the IC card section 8, the bidirectional authentication section 24 generates a random number, encrypts it using an authentication key, and transmits it to the reader/writer 4 or the reader/writer 6. The mutual authentication section 24 then receives a response from the reader/writer 4 or the reader/writer 6 and verifies whether the response matches the transmitted random number. In this way, the reader/writer 4 or the reader/writer 6 and the IC card section 8 can perform bidirectional authentication by both sides verifying whether the bidirectionally generated random numbers are correct. The bidirectional authentication processing is performed using an encryption algorithm specified by the reader/writer 4 or the reader/writer 6. Note that the mutual authentication process will be explained in more detail below.
The communication path encryption section 25 encrypts the communication path between the IC card 1 and the reader/writer 4 or the reader/writer 6 using a block encryption method described in, for example, "NIST SP 800-38". More specifically, after the above-described mutual authentication process, the communication-path encryption section 25 encrypts the communication path using the segment key, which is generated using the random number verified bidirectionally by the above-described mutual authentication, as a communication-path encryption key and transmits and receives all data.
The read/write section 26 writes all types of data to the accessor 30 or reads all types of data from the accessor 30. For example, when receiving a request from the reader/writer 4 or the reader/writer 6 to read user data for a specific service, the read/write section 26 reads the user data from a defined area for the specific service in the data storage section 32. For example, when receiving a request from the reader/writer 4 or the reader/writer 6 to write user data for a specific service, the read/write section 26 writes the user data to a defined area for the specific service in the data storage section 32. In addition, the read/write section 26 writes management information (system definition information, section definition information, and the like) issued based on issue information, which will be described later, into a predetermined storage area (system definition area, section definition area, and the like) of the data storage section 32.
The distribution information decryption section 27 decrypts the distribution information (encrypted distribution information) received from the distribution apparatus 5 by the IC card 1 by the authentication key stored in the memory 30 and obtains the distribution information. For example, the authentication key used in the decryption process is an authentication key (partition authentication key, system issuing authentication key, or the like) stored in the key storage section 34 of the memory 30, or an authentication key (system key, zone 0 key, or the like) stored in the logical file structure section 33 of the data storage section 32. Further, in the decryption process, the distributed information decryption section 27 controls the decryption section 14 and performs the distributed information decryption process using the above-described authentication key. At this time, the distribution information decryption section 27 uses an authentication key compatible with the typical encryption algorithm (first encryption method, e.g., AES), and decrypts the distribution information using the typical encryption algorithm. The system distribution information and the section distribution information can be securely obtained from the distribution apparatus 5 by the decryption process of the distribution information decryption section 27.
The management information delivery unit 28 delivers new management information (system definition information, section definition information, etc.) based on the delivery information (system delivery information, section delivery information) decrypted by the delivery information decryption unit 27. Then, the management information issuing section 28 stores the issued management information in a predetermined area (system definition area, section definition area) of the logical file structure section 33 in the data storage section 32.
Here, encryption and decryption of the distribution information according to the present embodiment will be described with reference to fig. 6. Fig. 6 is a block diagram showing functions of the distribution apparatus 5 and the IC card 1 according to the present embodiment for encrypting and decrypting distribution information.
As shown in fig. 6, the distribution device 5 includes a distribution information generating unit 50, a distribution information encrypting unit 52, an authentication key storing unit 54, and a distribution information transmitter 56. Meanwhile, the IC card 1 includes a distribution information receiver 29, the above-described distribution information decryption section 27, and the above-described management information distribution section 28.
The distribution information generating unit 50 of the distribution device 5 generates the distribution information 60, for example, system distribution information, section distribution information, and the like. The system issuing information is used to issue information of system definition information at the IC card 1 compatible with the new IC card system. The section issuing information is information for issuing section definition information in the IC card 1 compatible with a new encryption algorithm. The distribution information generating section 50 includes all types of definition information (key, key version, code, identifier, etc.) stored in the logical file structure section 33 of the IC card 1 as management information, and check code data for verifying integrity. The distribution information generating section 50 sets the above-described definition information based on a setting situation input by the user or already existing, and generates the distribution information 60.
The distribution information encryption section 52 encrypts the distribution information 60 using the authentication key 62 securely stored in the authentication key storage section 54 and generates encrypted distribution information 64. The encryption process is performed using a predetermined encryption algorithm, for example, a typical encryption algorithm (first encryption method, e.g., AES). The distribution information transmitter 56 transmits the encrypted distribution information 64 generated in the above-described method to an information processing apparatus (e.g., the IC card 1 or the mobile terminal 2) by non-contact communication via the reader/writer 6 in fig. 1 or via the network 7.
The distributed information receiver 29 of the IC card 1 receives the encrypted distributed information 64 transmitted by the distribution apparatus 5. When the IC card 1 receives the encrypted distribution information 64 from the reader/writer 6 of the distribution apparatus 5 through the non-contact communication, the distribution information receiver 29 is constituted by the antenna 10 and the receiver 12 of the IC card section 8, for example, as shown in fig. 3. When the mobile terminal 2 receives the encrypted distribution information 64 from the distribution apparatus 5 via the network 7, the distribution information receiver 29 is constituted by a network communication apparatus such as that with which the mobile terminal 2 is normally equipped.
The distribution information decryption section 27 decrypts the above-described encrypted distribution information 64 received from the distribution apparatus 5 using the authentication key 62 stored in advance in the memory 30, and thereby obtains the distribution information 60. The same authentication key 62 is stored in advance in the memory 30 of the IC card 1 and in the key storage section 54 of the issuing device 5. The management information distribution unit 28 of the IC card 1 generates management information such as the system definition information, the section definition information, and the area 0 definition information based on the decrypted distribution information 60. The management information issuing unit 28 uses the read/write unit 26 to register the generated definition information and user data in the relevant storage area in the logical file structure unit 33.
Here, the authentication key 62 shown in fig. 6 will be explained. The "authentication key 62" is a generic term for a key used to encrypt and decrypt the release information 60. The authentication key 62 is, for example, a "system key", an "area 0 key", a "system issuing authentication key", or a "partition authentication key".
The "system key" is a key required to access a defined area for each IC card system on the IC card 1. The system key is issued for each encryption algorithm of the IC card system, and is included in the section definition information 120 in the logical file structure section 33 (see fig. 7).
The "area 0 key" is a key required to access the area 0 definition area of each IC card system. The area 0 key is issued for each encryption algorithm of each IC card system, and is included in the area 0 definition information 130 in the logical file structure section 33 (see fig. 7).
The "partition authentication key" is a key indicating the authority to create a plurality of logical IC cards on a single IC card 1. For example, the authority to create the logical IC card is reserved by companies that provide the basic technology of each IC card system.
The "system issuing authentication key" is a key representing the authority retained by the issuer of the IC card 1, and is also, for example, a key representing the user block assignment authority relating to each type of IC card system on the IC card 1. More specifically, for example, when the IC card 1 is usable in a specific convenience store, the company that manages the specific convenience store is a system distribution authority. In the case of a mobile card, for example, a mobile phone including the IC card section 8, the holder of the mobile phone is the system issuing authority. If all of the user blocks (the number of allocated blocks) in the IC card 1 are owned by the issuer, the issuer has the authority to allocate the number of user blocks (the number of blocks allocated to the area 0) according to each type of IC card system.
The system key and the area 0 key are authentication keys necessary for issuing the extent definition area and the extent definition information of the logical file structure section 33. Meanwhile, the partition authentication key and the system release authentication key are authentication keys necessary for releasing the system definition area and the system definition information of the logical file structure section 33.
The authentication key 62 is securely stored in the IC card 1, and may be stored in a storage area separate from the logical file structure section 33 or may be stored in the logical file structure section 33. For example, in the present embodiment, the above-described "system key" and "area 0 key" are stored in the logical file structure section 33 of the data storage section 32 in the IC card 1, and the "system issuing authentication key" and "partition authentication key" are stored in the key storage section 34. In the case of the IC card 1, it is only necessary to have the partition authentication key, and it is not necessary for the system to issue the authentication key. In this case, the partition authentication key is stored in the key storage section 34 in the IC card 1, and is stored separately from the logical file structure section 33. On the other hand, in the case of the mobile terminal 2, both the partition authentication key and the system issuance authentication key are necessary, and both keys are stored in the logical file structure section 33.
Logic structure of IC card: FIGS. 7 to 11
Next, a logical file structure for management information and user data stored in the memory 30 of the IC card 1 according to the present embodiment will be explained with reference to fig. 7 to 11. Fig. 7 is a schematic diagram showing the logical file structure section 33 of the memory 30 of the IC card 1 according to the present embodiment. It should be noted that the notation in fig. 7 uses the "UML 2.0" class diagram. In addition, fig. 8 is a schematic diagram showing a specific example of the logical file structure section 33 according to the present embodiment, and fig. 9 is a schematic diagram showing a specific example of the hierarchical structure of the area definition information 130 and 140 and the service definition information 150 according to the present embodiment. It should be noted that in the following description, an example of an information processing apparatus equipped with the IC card section 8 is the IC card 1, but the description is equally applicable to the mobile terminal 2.
The data storage area 32 of the memory 30 has a logical file structure section 33 that stores user data and management information. When the usage data of the IC card section 8 having a plurality of encryption units 22 different from each encryption algorithm shown in fig. 5 is combined into one, it preferably has the data structure of the logical file structure section 33 shown in fig. 7.
As shown in fig. 7, in the logical file structure section 33, a storage area for storing user data and management information (definition information of all types) has a hierarchical structure. More specifically, the storage area of the data storage unit 32 is composed of a system definition area in which the system definition information 110 is stored, an area definition area in which the area definition information 120 is stored, an area 0 definition area in which the area 0 definition information 130 is stored, an area definition area (indicated as "area N definition information" in fig. 7) in which the area definition information 140 is stored, a service definition area in which the service definition information 150 is stored, and a user data area in which the user data 160 is stored, which are hierarchically organized in this order. In other words, the management information for managing the user data has a hierarchical structure in which the highest level is the system definition information 110, the zone definition information 120 is lower than and subordinate to the system definition information 110, the zone 0 definition information 130 is lower than and subordinate to the zone definition information 120, the zone definition information 140 is lower than and subordinate to the zone 0 definition information 130, and the service definition information 150 is the lowest level.
One, or two or more section definition information 120 are created subordinate to the system definition information 110 (system/section ratio 1/greater than 1) for each encryption algorithm. A single area 0 definition information 130 is created from the segment definition information 120 (segment/area 0 ratio 1/1). One, or two or more area definition information 140 are established from the area 0 definition information 130 (area 0/area ratio is 1/greater than 1). One, or two or more service definition information 150 are established from the region definition information 140 (region/service ratio is 1/greater than 1). One, or two or more user data are established subordinate to the service definition information 150 (service/user data ratio is 1/greater than 1). The definition information is management information required to define a definition area (storage area) of each layer in the hierarchical structure. The logical file structure section 33 according to the present embodiment is characterized in that: from the system definition information 110, a plurality of section definition information 120 and area 0 definition information 130 are created and assigned to each encryption algorithm. Each definition information will be explained below.
(a) System definition information
The system definition information 110 is information defining an IC card system compatible with the IC card 1. The IC card system corresponds to the contactless communication system of the present invention. The system definition information 110 includes a system code uniquely assigned to each IC card system, issue ID information which is a value that can be arbitrarily set by an IC card system administrator, and a system number assigned to the IC card system located in the IC card 1 in order.
The system definition information 110 is system-defined for each IC card located in the IC card 1, and is stored in a different area (i.e., system-defined area). The IC card 1 may have a plurality of system definition information 110, and this is relative to arranging a plurality of logic cards in the IC card 1. The system number is sequentially assigned to the system definition information 110 registered on the IC card 1. In other words, each time new system definition information 110 is newly issued in the IC card 1, a new system number is assigned to the system definition information 110. As shown in fig. 8, the IC card system assigned to the system definition information 110A of the system number "0" has a special authority to issue the system definition information 110B for the IC card system of the system number "1" or more. Using these system numbers, it is possible to distinguish between an IC card system having a specific authority (system number "0") and other IC card systems (system numbers "1" and above).
The system code is a code uniquely assigned to each IC card system, and indicates a service being provided by the IC card system. The reader/writer 4 or the reader/writer 6 acquires the IC card 1 using the system code. For example, the polling command described by "ISO/IEC 18092" may be used as the system code. If the reader/writer 4 or the reader/writer 6 transmits a polling command including a system code and performs polling, the IC card 1 responds when the IC card 1 having the system code passes through the reader/writer 4 or the reader/writer 6.
In this way, the following advantages will be obtained. For example, when a service provider who provides services using the IC card 1 changes an encryption algorithm from a to B and then to C, the reader/writer 4 of the service provider apparatus 3 must be compatible with all encryption algorithms from a to C. In this case, with the IC card 1 having the above data structure, the reader/writer 4 or the reader/writer 6 can acquire all the IC cards 1A to 1D compatible with the three encryption algorithms a to C using the same polling command.
(b) Section definition information
The section definition information 120 is definition information of the characteristics of the logical file structure section 33 according to the present embodiment. The section definition information 120 is information defining one or more encryption algorithms compatible with the IC card 1. The section definition information 120 stores identification information (an identifier indicating an encryption type) indicating an encryption method compatible with the IC card 1, a system key for accessing a storage area subordinate to the section definition information 120, and a system key version.
The encryption type identifier is a unique value previously assigned to each encryption algorithm, and for example, it may be a first encryption method (e.g., AES) identifier, a second encryption method (e.g., DES) identifier, or the like. By including the encryption type identifier in the section definition information 120, it is possible to determine with which encryption type the IC card 1 is compatible.
For the system key, a different value is used for each encryption algorithm. As shown in the example in fig. 8, one 128-bit key is used as the key for encryption algorithm a (e.g., AES), and one 64-bit key is used as the key for encryption algorithm B (e.g., DES). The system key version represents a version of the system key and is upgraded as necessary. By holding a system key and its version compatible with a given encryption algorithm, the IC card 1 can use the encryption algorithm for data communication with the reader/writer 4 or the reader/writer 6.
The section definition information 120 is lower than and subordinate to the system definition information 110, and is supplied to each encryption algorithm compatible with the IC card 1. In the known art, as shown in fig. 10 and 11, the area 0 definition information 130 is directly established under the system definition information 110, and the section definition information 120 is not provided. In contrast, in the present embodiment, as shown in fig. 8, a plurality of section definition information 120 may be established for each encryption algorithm (encryption method) each subordinate to a single one of the system definition information 110, and the area 0 definition information 130 may be established in a one-to-one ratio from each of the section definition information 120. Further, in the known art, as shown in fig. 10 and 11, the system definition information 110 stores a system key and a system key version. In contrast, in the present embodiment, as shown in fig. 8, in order to set a system key for each encryption type, the system key and a system key version are stored in the section definition information 120 established for each encryption algorithm.
Next, the above-described section definition information 120 will be described in more detail. As shown in fig. 8, a plurality of section definition information 120A, 120B (or 120C, 120D) respectively compatible with each encryption algorithm may be set so that they are subordinate to the system definition information 110A (or 110B) associated with a given single IC card system. For example, if the IC card 1 is compatible with both the DES and AES encryption algorithms, the DES section definition information 120A and the AES section definition information 120B can be located in a single system definition area. This is the same as storing multiple IC cards compatible with multiple encryption algorithms in a single logical IC card. With such a data structure having the section definition information 120, the reader/writer 4 or the reader/writer 6 can acquire the IC card 1 having a plurality of encryption algorithms with the same polling command. For example, if the same system code is stored in the system definition information 110 of the IC cards 1A, 1B, and 1C compatible with the encryption algorithms A, B and C, respectively, and the IC card 1D compatible with both the encryption algorithms A, B and C shown in fig. 2, the reader/writer 4 or the reader/writer 6 acquires all the IC cards 1A to 1D with the same polling command.
Further, among the plurality of encryption methods (encryption algorithms) compatible with the encryption processing section of the IC card 1, one specific individual encryption algorithm is used in the plurality of processes (system distribution process or section distribution process) to distribute the management information using the distribution information, which will be described below. In the following description, the specific encryption method is referred to as a "typical encryption method (or a typical encryption type, or a typical encryption algorithm)", and the section definition information 120 and the dependent definition information corresponding to the typical encryption method are referred to as a "typical section". Further, among the above-described various encryption methods, one, or two or more encryption methods other than the typical encryption method are collectively referred to as "atypical encryption method", and the section definition information 120 and the dependent definition information corresponding to the atypical encryption method are referred to as "atypical section". For example, in FIG. 8, encryption method A (< algo _ A:128bitkey >) is the typical encryption method and the other encryption methods B and C (< algo _ B:64bitkey >, < algo _ C:256bit key >) are the atypical encryption methods. The section definition information 120A, the section definition information 120C, the area 0 definition information 130A, and the area 0 definition information 130C corresponding to the encryption method a are the representative sections. The section definition information 120B, the section definition information 120D, the region 0 definition information 130B, and the region 0 definition information 130D corresponding to the encryption methods B and C are the atypical sections.
(c) Area 0 definition information, area definition information, service definition information
The individual area 0 definition information 130 is subordinate to the above-described section definition information 120. In other words, the area 0 definition information 130 corresponds to the section definition information 120 of the higher layer at a one-to-one ratio. In addition, one, or two or more area definition information 140 are subordinate to the area 0 definition information 130. The area 0 definition information 130 and the area definition information 140 are information defining the area of the storage area of the IC card 1. In addition, one, or two or more service definition information 150 belong to each area definition information 140. The service definition information 150 is information defining a storage area for a service within each area. For example, the datcA structures used by the arecA 0 definition information 130, the arecA definition information 140, and the service definition information 150 are the datcA structures disclosed in japanese patent application publication No. JP- cA-2000-36021.
The area 0 definition information 130 is a kind of area definition information, which is equivalent to the highest folder in terms of hierarchical structure. The area definition information 140 other than the area 0 definition information 130 is denoted as area N definition information in fig. 7. As indicated by reference numeral 132 in fig. 7, the area 0 definition information 130 and the area definition information 140 store a start identifier and an end identifier, which indicate the range of the relevant area definition area (storage area), as identification codes. The hierarchical structure is determined by the identification code. In addition, the area 0 definition information 130 and the area definition information 140 store a key, a key version, and the number of allocated blocks. The key stored in the area 0 definition information 130 and the area definition information 140 is a key required to access the area definition area defined by the area 0 definition information 130 and the area definition information 140. The number of allocated blocks is the number of blocks allocated to the storage area of the area definition area.
In this way, the service definition information 150 stores a start identifier and an end identifier (identification code) which indicate the range of the service definition area (storage area), the key version, and the number of allocated blocks. One, or two or more user data 160 used in the related service are stored as subordinate to the service definition area. The access method of the user data 160 is managed by the identification code of the service definition information 150. As can be seen from the user data 160, a plurality of service definition information 150 may be connected and thus may define a plurality of access methods with respect to a given one of the user data 160. For example, access management can be performed in such a manner that "user data can be read without performing mutual authentication, but user data cannot be written without performing mutual authentication". There are a variety of services using the IC card 1, some of which allow reading and writing of user data, and some of which are cyclic services, etc., which are a kind of history management. The service definition information 150 defines an access method and defines the number of user blocks or the like that can be used per service or the like when each service is used.
Fig. 9 shows specific examples of the area 0 definition information 130, the area definition information 140, and the service definition information 150. It should be noted that fig. 9 shows a hierarchical structure below the section definition information 120, the section definition information of encryption type < algo _ a:128bit key > shown in fig. 8 is subordinate to the system definition information 110 having the system code "0 x 0001".
As shown in fig. 9, two area definition information 140A and 140B belong to the area 0 definition information 130. Two pieces of service definition information 150A and 150B belong to the area definition information 140A, and one piece of service definition information 150N belongs to the area definition information 140B. The plurality of user data 160A to 160C belong to the service definition information 150A. In this way, the area 0 definition information 130, the area definition information 140, the service definition information 150, and the user data 160 have the above-described sequential hierarchical structure. With this structure, the area definition region can be set for each service provider and the service definition region can be set for each service provided by the service provider, thereby allowing effective management of user data for all types of service providers and services on the individual IC card 1.
The above definition information 110 to 150 matching the business type using the IC card 1 will be described here. As described above, the system definition information 110 is issued for each IC card system, and the section definition information 120 is issued for each encryption algorithm (encryption method). In addition, the area definition information 140 is issued for each service provider using the IC card 1, and the service definition information 150 is issued for each service provided by the service provider.
First type of business
The first business type is a case where a single service provider (e.g., a railway company) itself shares a storage area corresponding to the entire system-defined area of a single IC card system (transportation ticket IC card system). In this case, the storage areas (section, area 0, area, and service definition area) subordinate to the system definition area are all used by the service provided by the service provider. In this case, it is assumed that the reader/writer 4 (e.g., automatic ticket checker) of the service provider's service provider apparatus 3 is compatible with only the former encryption method a (e.g., DES), for example, and the IC card 1 shown in fig. 8 is compatible with both the former and new encryption algorithms (e.g., DES and AES). In this case, initially, the DES section definition information 120B subordinate to the system definition information 110A is used, and then the DES is used as before to continue using the area/service definition region. Next, at a specific timing, the DES section definition information 120B is deleted from the data storage area 32 of the IC card 1, and only the AES section definition information 120A is retained. Then, the AES section definition information 120A is used to continue using the service of the area/service definition area of AES. When the encryption method is converted in this manner, it will not be assumed that the two section definition information 120 exists in the separate IC card 1 at the same time as the two encryption methods a and B. The first business type is a case where one encryption method is selected from two options, and the encryption method thus completes conversion.
(2) Second type of business
The second business type is a case where the area definition region is divided in units of service providers in the same IC card system. In the second business type, a service provider α (issuer) issuing the IC card 1 can lend a plurality of area definition areas in the IC card 1 to other service providers β, γ, and θ, and share the IC card 1 with the plurality of service providers β, γ, and θ. In this case, it is assumed that a plurality of section definition information 120 corresponding to the encryption methods a and B exist simultaneously in a single IC card 1. For example, when the service providers β and γ use the new encryption method A (AES) and the service provider θ uses the old encryption method B (DES), the AES section definition information 120A and the DES section definition information 120B subordinate to the system definition information 110A coexist, as shown in fig. 8. With this structure, a single IC card 1 can be shared by services using different encryption types.
The logical file structure section 33 of the IC card 1D according to the present embodiment compatible with the plurality of encryption methods A, B and C has been described above. Here, an example of the logical file structure section of the IC card 1 compatible with only a single encryption algorithm will be described with reference to fig. 10 and 11. Fig. 10 is an example of a logical file structure section of a known IC card 1A that is compatible with only a single encryption algorithm a. Fig. 11 is an example of a logical file structure section of a known IC card 1B that is compatible with only a single encryption algorithm B.
As shown in fig. 10 and 11, the section definition information 120 shown in fig. 7 and 8 is not required for the IC card 1 compatible with only a single encryption algorithm a or B. The system key and the key version stored in the section definition information 120 shown in fig. 7 and 8 are stored in the system definition information 110 in the example shown in fig. 10 and 11, and the encryption type identifier is not stored.
Use of IC card: FIGS. 12 to 19
Next, a process of using the IC card 1 according to the present embodiment will be described with reference to fig. 12 to 19. Fig. 12 is a sequence diagram showing an access sequence between the IC card 1 according to the present embodiment and the reader/writer 4 of the service provider apparatus 3 when the IC card 1 is used. Fig. 13 to 19 are flowcharts respectively showing processes S10, S20, S30, S40, S50, S60, and S70 with respect to fig. 12.
The use of the IC card 1 refers to the following procedure: wherein the IC card 1 passes within the communication range of the reader/writer 4 of the service provider apparatus 3, the IC card 1 and the service provider apparatus 3 can transmit and receive predetermined data, and provide a specified service to the user using non-contact communication. When the IC card 1 is used, as described in more detail below, after the reader/writer 4 has captured the IC card 1 by polling (steps S1 to S10), the reader/writer 4 and the IC card 1 perform mutual authentication and encrypt a communication path (steps S20 to S50). Then, the reader/writer 4 and the IC card 1 exchange predetermined commands and data regarding the services (steps S60 to S70).
More specifically, as shown in fig. 12, first, the reader/writer 4 continuously transmits a polling request specifying the system code "0 x 0001" in order to capture the IC card 1, thereby polling the IC card 1 (step S1). By placing the IC card 1 compatible with the IC card system having the above system code within the communication range of the reader/writer 4, the IC card 1 receives the above polling request and transmits a polling response to the reader/writer 4 (step S10).
Next, after the reader/writer 4 receives the polling response from the IC card 1, it generates an authentication message 1 request and transmits the request to the IC card 1 (step S20). The authentication message 1 requests that an identifier and a service identification code "1008" be assigned to the encryption algorithm a to be used. After the IC card 1 receives the authentication message 1 request from the reader/writer 4, it generates an authentication message 1 response and sends the response to the reader/writer 4 (step S30).
In addition, the reader/writer 4, upon receiving the authentication message 1 response from the IC card 1, generates an authentication message 2 request using the encryption algorithm a and transmits the request to the IC card 1 (step S40). After the IC card 1 receives the authentication message 2 request from the reader/writer 4, it generates an authentication message 2 response and sends the response to the reader/writer 4 (step S50). Mutual authentication between the reader/writer 4 and the IC card 1 is thereby completed, and a segment key for encrypting the communication path between the reader/writer 4 and the IC card 1 is generated.
Then, the reader/writer 4 encrypts a predetermined command (e.g., a data read request) required to use the service using the above-described section key and transmits the request to the IC card 1 (step S60). Upon receiving the data read request from the reader/writer 4, the IC card 1 decrypts the encrypted data read request using the above-described sector key, and reads the data specified in the data read request from the memory 30. Then, the IC card 1 encrypts the read user data using the above-described section key and transmits the encrypted user data to the reader/writer 4 (step S70).
Next, the above-described processing steps S10 to S70 in fig. 12 will be described in more detail with reference to fig. 13 to 19.
First, the polling response process (the process of step S10 in fig. 12) of the IC card 1 will be described with reference to fig. 13.
As shown in fig. 13, when the IC card 1 passes through the reader/writer 4 of the service provider apparatus 3, the IC card 1 receives a polling request from the reader/writer 4 (step S11). Next, the IC card 1 determines whether or not the system definition information 110 storing the system code "0 x 0001" specified by the polling request exists in the logical file structure section 33 (step S12). The IC card 1 stores system definition information 110 for one, or two or more IC card systems compatible with the IC card 1 in the logical file structure section 33, and the system definition information 110 includes a system code representing the IC card system.
As a result of the above determination processing, if the system definition information 110 corresponding to the systematic code does not exist, the processing execution error terminates and does not respond to the reader/writer 4 (step S14). On the other hand, if the system definition information 110 corresponding to the system code exists, the IC card 1 is compatible with the IC card system having the specified system code. In this case, in order to respond to the polling request from the reader/writer 4, the IC card 1 returns the logical card identification information to the reader/writer 4 as a polling response (step S13). The logical card identification information is information including the system number contained in the system definition information 110 of the specified system code and the identification information (card ID) of the IC card 1. Further, in step S13, the IC card 1 returns identification information indicating the encryption type (hereinafter referred to as "encryption type ID") of the IC card system compatible with the IC card 1 as a polling response to the reader/writer 4. The IC card 1 thus notifies the reader/writer 4 of the encryption type of the IC card system compatible with the IC card 1 itself. The IC card 1 refers to the logical file structure section 33 and checks the encryption type identifier contained in the section definition information 120 belonging to the system definition information 110 of the above-specified system code, and can here determine the encryption type compatible with the IC card 1.
Next, the authentication message 1 request processing (the processing of step S20 in fig. 12) of the reader/writer 4 will be explained with reference to fig. 14.
As shown in fig. 14, first, the reader/writer 4 receives the above-described polling response (including the logical card identification information and the encryption type ID) from the IC card 1 (step S21). Next, the reader/writer 4 specifies the encryption type to be used for the next authentication process based on the encryption type ID contained in the polling response (step S22). For example, when the IC card 1 is compatible with only a single encryption algorithm (DES, for example), the reader/writer 4 specifies the DES encryption algorithm as an encryption type to be used in the next authentication process. When the IC card 1 is compatible with a plurality of encryption algorithms (for example, AES and DES), the reader/writer 4 selects the encryption type according to an appropriate selection condition, for example, selects the encryption type compatible with the reader/writer 4 itself, or selects the encryption type more reliable.
It should be noted here that this example describes a case where the reader/writer 4 determines the encryption type compatible with the IC card 1 by the encryption algorithm compatible with the reader/writer 4 returned by the IC card 1 as a polling response. However, the method of determining the encryption type by the reader/writer 4 is not limited to this example, and may be, for example, the method (1) or the method (2) described below.
(1) An IC code unique to the IC chip on the IC card 1 is contained in the polling response, and the reader/writer 4 can determine with which encryption algorithm the responding IC card 1 is compatible.
(2) Alternatively, when the reader/writer 4 has switched from the old encryption method (DES) to the new encryption method (AES), it is not necessary to determine the encryption type again when it can be determined that all the IC cards 1 have switched to the AES. However, it is not realistic to completely convert the encryption method of all the IC cards 1 related to the existing specific services. A selection request may be added to the polling request from the reader/writer 4 so that the selection request is not replied if the IC card 1 uses an old encryption algorithm, but a message is returned in response to the selection request if the IC card 1 uses a new encryption algorithm. In this way, the reader/writer 4 can determine the encryption type compatible with the IC card 1 based on whether a response to the selection request exists.
Returning to fig. 14, next, the reader/writer 4 generates an authentication message 1 request using the encryption algorithm specified at step S22 (step S23) and transmits the authentication message 1 request to the IC card 1 (step S24). The authentication message 1 request includes a first set of random numbers encrypted by the above-specified encryption algorithm using the authentication key. When generating the authentication message 1 request at step S23, the reader/writer 4 generates the first set of random numbers and also generates an authentication key for mutual authentication, and encrypts the first set of random numbers using the authentication key.
As described above, the authentication key is generated from the service key used in the service to be used and the card ID of the IC card 1. The authentication key may be utilized to identify the service and the card to be used. When a plurality of services are used simultaneously, a degenerate key is generated from a plurality of service keys, and an authentication key is generated from the degenerate key and a card ID. For example, sometimes the balance (amount) on the card for the transportation ticket service and the electronic money service is also reduced when the IC card 1 passes through the reader/writer 4, and the history management service is used to write the use history of the amount (when, where, how much money is used, and the like) on the IC card. When a plurality of services are used in this way, the degenerate key is generated as a key that combines a plurality of service keys.
In addition, the above-described authentication message 1 request specifies an encryption algorithm (an identifier indicating an encryption type of the specified encryption algorithm) to be used in the next authentication process, and also specifies a service (an identification code for a specific service) to be used. In the example shown in fig. 12, the authentication message 1 request includes an identifier < algo _ a > for identifying the specified encryption algorithm a, and an identification code "1008" for identifying the specified service. It should be noted that the authentication message 1 request can be utilized to specify a plurality of services to be used simultaneously. The IC card 1 can determine the encryption type to be used and the service to be used in the next process by receiving the authentication message 1 request.
Next, the authentication message 1 response process (the process of S30 in fig. 12) of the IC card 1 will be explained with reference to fig. 15.
As shown in fig. 15, first, the IC card 1 receives an authentication message 1 request from the reader/writer 4 (step S31). Upon receiving the authentication message 1 request, the IC card 1 extracts the identifier of the encryption type specified by the reader/writer 4 and the identification code of the service specified by the reader/writer 4 from the authentication message 1 request.
Next, the IC card 1 determines whether the IC card 1 itself is compatible with the specified encryption type by comparing the encryption algorithm identifier contained in the section definition information 120 in the logical file structure section 33 with the identifier of the specified encryption type (step S32). Further, the IC card 1 determines whether the logical file structure part 33 of the IC card 1 itself includes the service definition information 150 for specifying the identification code of the service (step S33). When the IC card 1 is compatible with the specified encryption type and the service definition information 150 for specifying the service code of the service is contained in the logical file structure section 33, the process proceeds to step S34. In either case, the process will perform an error termination (step S37).
Next, in step S34, the IC card 1 generates an authentication message 1 response with the encryption type specified by the reader/writer 4 (step S34). More specifically, the authentication key generation section 23 of the IC card 1 generates the authentication key in the same manner as the reader/writer 4, thereby performing mutual authentication by the service key (service definition information 150 key) for the service specified by the reader/writer 4 and the card ID of the IC card 1. When a plurality of services are used simultaneously, a degenerate key is generated from a plurality of service keys, and an authentication key is generated from the degenerate key and a card ID. Then, the mutual authentication unit 24 decrypts the first group of random numbers included in the authentication message 1 request received from the reader/writer 4 using the generated authentication key generated by the specified encryption algorithm, and then encrypts the first group of random numbers again using the authentication key. The mutual authentication unit 24 of the IC card 1 newly generates a second random number group, and encrypts the second random number group using the authentication key generated by the predetermined encryption algorithm. Then, the mutual authentication unit 24 generates an authentication message 1 response including the first group random number encrypted by the authentication key and the second group random number encrypted by the authentication key, and returns the authentication message 1 response to the reader/writer 4 (step S35).
Then, as the internal state of the IC card 1, the mutual authentication section 24 of the IC card 1 stores the logical card identification information (system number and card ID) and the encryption type specified by the reader/writer 4 and the identification code of the service in the storage section (for example, the memory 30) (step S36). Hereinafter, the logical card identification information and the identification code of the encryption type and service are referred to as "current authentication information". The current authentication information is identification information indicating the decryption type and the service specified by the reader/writer 4.
It should be noted that the stored specified current authentication information is to be deleted, for example, when the power supply of the IC card 1 is interrupted, or when the IC card 1 receives a reset command from the reader/writer 4. When changing the service provided between the IC card 1 and the reader/writer 4, the IC card 1 receives a reset command from the reader/writer 4 to reset the already stored content.
Next, the authentication message 2 request processing (the processing of step S40 in fig. 12) of the reader/writer 4 will be explained with reference to fig. 16.
As shown in fig. 16, the reader/writer 4 first receives the above-described authentication message 1 response (the re-encrypted first set of random numbers and the encrypted second set of random numbers) from the IC card 1 (step S41). Next, the reader/writer 4 determines whether the received authentication message 1 response is normal (step S42). If normal, the process proceeds to step S43, and if not, the process execution error terminates (step S45). In the process of determining whether the data is normal, the reader/writer 4 decrypts the first set of random numbers re-encrypted by the IC card 1, and if the decrypted first set of random numbers matches the first set of random numbers originally generated by the reader/writer 4, the data is determined to be normal.
Next, in step S43, the reader/writer 4 generates data to be included in the authentication message 2 request based on the authentication message 1 response (step S43). More specifically, the reader/writer 4 decrypts the second group random number contained in the authentication message 1 response received from the IC card 1 using the above-mentioned authentication key generated at step S23 using the above-mentioned specified encryption algorithm, and then encrypts the second group random number again using the authentication key. The reader/writer 4 then generates a request for an authentication message 2 containing the re-encrypted second set of random numbers. Next, the reader/writer 4 transmits the generated authentication message 2 request and the above-specified logical card identification information and the encryption type to the IC card 1 (step S44).
Next, the authentication message 2 response of the IC card 1 (the process of S50 in fig. 12) will be explained with reference to fig. 17.
As shown in fig. 17, the IC card 1 first receives the above-described authentication message 2 request (including the re-encrypted second group random number) and the specified logical card identification information and the encryption type from the reader/writer 4 (step S51).
Next, the IC card 1 determines whether or not the above-specified logical card identification information and the encryption type coincide with the logical card identification information and the encryption type in the current authentication information stored in the above-described step S36 (step S52). In addition, the IC card 1 determines whether the received authentication message 2 request is normal (step S53). If the logical card identification information and the encryption type are consistent and the authentication message 2 request is normal as a result of these confirmations, the process proceeds to step S54, whereas if there is abnormality, the process execution error terminates (step S58). In the process of determining whether the authentication message 2 requests to be normal, the IC card 1 decrypts the second group of random numbers re-encrypted by the reader/writer 4, and if the decrypted second group of random numbers matches the second group of random numbers originally generated by the IC card 1, the data is determined to be normal.
Next, in step S54, the mutual authentication section 24 of the IC card 1 generates an authentication message 2 response with the encryption type specified by the reader/writer 4 (step S54). The authentication message 2 response is a message for notifying the reader/writer 4 that mutual authentication has been completed. Further, the mutual authentication section 24 stores, as the internal state of the IC card 1, information indicating that mutual authentication with the reader/writer 4 has been completed in the storage section (for example, the memory 30) (step S55).
Next, the communication-path encryption section 25 of the IC card 1 stores the key (the section key) generated in the above-described mutual authentication process of steps S20 to S53 as a communication-path encryption key, performs communication-path encryption according to the above-described specified encryption type, and performs data communication with the reader/writer 4 (step S56). Here, the section key is generated from the first and second sets of random numbers that are mutually verified between the reader/writer 4 and the IC card 1 by the above-described mutual authentication. Also, the communication path encryption key is a key for encrypting data transmitted and received between the reader/writer 4 and the IC card 1 through the non-contact communication (on the communication path). Then, the IC card 1 encrypts the authentication message 2 response generated at step S54 using the section key, and then transmits the response to the reader/writer 4 (step S57).
Next, the data read request processing (the processing of step S60 in fig. 12) of the reader/writer 4 will be explained with reference to fig. 18.
As shown in fig. 18, the reader/writer 4 first receives the above-described authentication message 2 response from the IC card 1 (step S61). Next, the reader/writer 4 determines whether the received authentication message 2 response can be decrypted using the above-described section key (step S62). As a result, if the response can be decrypted, the process proceeds to step S63. If the response cannot be decrypted, the reader/writer 4 generates error information as the read request (step S65).
Next, in step S63, the reader/writer 4 generates a data read request (step S63). The data read request is a command requesting reading of user data stored in the IC card 1 in relation to a specified service. In addition, the reader/writer 4 encrypts the data read request generated at step S63 with the above-described section key, and transmits the encrypted request to the IC card 1 (step S64). On the other hand, if it is determined at step S62 that the response cannot be decrypted, the reader/writer 4 transmits the error information generated at the above-described step S65 as the data read request (step S64).
Next, the data reading process (the process of S70 in fig. 12) of the IC card 1 will be explained with reference to fig. 19.
As shown in fig. 19, the IC card 1 first receives the above-described data read request from the reader/writer 4 (step S71). Next, the IC card 1 determines whether the received data read request can be decrypted by the above-described section key (step S72). As a result, if the data read request can be decrypted, the process proceeds to step S73, and if the data read request cannot be decrypted, the process execution error terminates (step S76).
Next, at step S73, the IC card 1 having the above-specified encryption algorithm decrypts the data read request received at step S71 using the above-described section key (step S73). Further, the IC card 1 reads the user data from the logical file structure section 33 based on the current authentication information stored in the above-described step S36 and generates a data read response containing the user data (step S74). The destination of the read user data is determined by a numerical value specified by a service identification code contained in the current authentication information. Then, the IC card 1 encrypts the generated data read response using the above-described segment key and transmits the data read response to the reader/writer 4 (step S75).
The access sequence between the IC card 1 and the reader/writer 4 when the IC card 1 is used is explained above with reference to fig. 12 to 19. The access to the IC card 1A compatible with only the encryption algorithm a shown in fig. 10, and the access to the IC card 1D compatible with both the encryption algorithms A, B and C shown in fig. 8 are performed using the same sequence as that described above and shown in fig. 12.
Further, when the service provider converts the encryption algorithm, for example, upgrades the encryption algorithm from B to a, the IC card 1 of the user is compatible with a plurality of encryption algorithms and the reader/writer 4 is already compatible with the encryption algorithms a and B. For example, it is assumed that some users use the IC card 1A compatible only with the encryption algorithm a, and some users use the IC card 1B compatible only with the encryption algorithm B. Meanwhile, some users use an IC card 1D that is compatible with both the encryption algorithm a and the encryption algorithm B shown in fig. 8. Even in this case, the reader/writer 4 can obtain the encryption type compatible with the IC card 1 (or the encryption type being used in the case where the IC card 1D is compatible with both the encryption algorithm a and the encryption algorithm B) from the polling response of the IC card 1 passing through the reader/writer 4 (step S13). In this way, from the above-described authentication process or the like of step S20, the reader/writer 4 can determine whether to transmit data using the encryption algorithm a or the encryption algorithm B.
By the above method, in the present embodiment, when the IC card 1 is used, the encryption type compatible with the IC card 1 is notified to the reader/writer 4 by the IC card 1, and the IC card 1 and the reader/writer 4 encrypt the mutual authentication processing, the communication path encryption processing, and the processing using the service according to the encryption method. Therefore, different encryption methods that are preferably used can be assigned to each IC card 1 and each service. For example, for the IC card 1 compatible with both the typical encryption algorithm A (AES) and the atypical encryption algorithm b (DES), either the AES or the DES encryption algorithm may be used for data communication. Therefore, the IC card 1 can use the DES encryption algorithm for data communication with the reader/writer 4 for the service B compatible only with the encryption algorithm B (DES). Meanwhile, the IC card 1 can also use the more reliable AES encryption algorithm for data communication with the reader/writer 4 for the service a compatible only with the encryption algorithm A (AES). The IC card 1 is thus flexibly compatible with a plurality of encryption algorithms, and also can perform smooth conversion of a plurality of encryption algorithms relating to the IC card system.
5. Structure and encryption of release information: FIGS. 20 to 23
Next, by referring to fig. 20 to 23, the distribution information 60 (see fig. 6) according to the present embodiment will be explained in more detail.
As described above, in order for the IC card 1 to issue the definition information, the issuing device 5 transmits the issuing information 60 to the IC card 1. For example, the distribution information 60 is system distribution information or section distribution information. The system issuing information is information used to issue new IC card system definition information in the IC card 1. For example, in the example of the logical file structure section 33 shown in fig. 8, the system distribution information is information for distributing the system definition information 110B, the section definition information 120C, and the area 0 definition information 130C corresponding to the new IC card system B. On the other hand, the section issuing information is information for issuing definition information corresponding to a new encryption algorithm in the IC card 1. For example, in the example of the logical file structure section 33 shown in fig. 8, the section issuing information is information for issuing the section definition information 120B and the area 0 definition information 130B corresponding to the new encryption algorithm B and subordinate to the existing system definition information 110A.
I. System publishing information
First, referring to fig. 20 and 21, the system distribution information 70 according to the present embodiment and the process of encrypting the system distribution information 70 and checking the integrity thereof will be explained. Fig. 20 is an explanatory diagram showing the structure of the system distribution information 70 according to the present embodiment. Fig. 21 is a schematic diagram showing encryption and decryption processing for the system distribution information 70 by the distribution apparatus 5 and the IC card 1 according to the present embodiment.
As shown in fig. 20, the system distribution information 70 includes the following setting items: system definition information 110 for an IC card system newly issued in the IC card 1; representative section definition information 120 belonging to the system definition information 110; and area 0 definition information 130 belonging to the section definition information 120. More specifically, the system release information 70 includes the system key version, the system key, the system password, the first pad, the first check code, the zone 0 key version, the zone 0 key, the number of zone 0 distribution blocks, the second pad, and the second check code. It should be noted that the area 0 key refers to a key contained in the area 0 definition information 130 shown in fig. 8. The number of area 0 allocation blocks refers to the number of blocks (the size of the storage area) allocated to the area 0 definition area.
Further, the system issue information 70 is encrypted in two stages using two types of authentication keys, a first authentication key 72 and a second authentication key 74 (these authentication keys correspond to the authentication key 62 shown in fig. 6). At this time, given the range of the encrypted information, there are a type a system distribution information 70A and a type B system distribution information 70B. First, in the type a system release information 70A, the system key version, the system key, the system code, the first padding, and the first check code are encrypted using the first authentication key 72. Further, the encrypted information, the area 0 key version, the area 0 key, the number of blocks allocated to the area 0, the second padding, and the second check code are then encrypted using the second authentication key 74. Meanwhile, in the type B system release information 70B, the system key version, the system key, the system code, the zone 0 key version, the zone 0 key, the first padding, and the first check code are encrypted using the first certification key 72. Further, the encrypted information, the number of blocks allocated to the area 0, the second padding, and the second check code are then encrypted using the second authentication key 74.
Here, the first authentication key 72 is a "partition authentication key" which is used to indicate partition authentication of the system in the IC card 1. The second authentication key 74 is a "key for the typical section 0 definition information 130 belonging to the system definition information 110 of the system number 0" (hereinafter, referred to as "the section 0 key of the typical section of the system number 0"), or a "system issuing authentication key". The "system 0 typical section area 0 key" is, for example, a key denoted by reference numeral 74 in fig. 24, which will be described later. Also, the representative section is section definition information 120 corresponding to the above-described representative encryption method (first encryption method, e.g., AES), and the definition information is subordinate to the section definition information 120. In the present embodiment, the "area 0 key of the typical section of the system number 0" is used as the second authentication key 74 in the system issuing information 70 for the IC card 1, and the "system issuing authentication key" is used as the second authentication key 74 in the system issuing information 70 for the mobile terminal 2. The reason for this is explained as follows.
In encrypting the system issuance information 70, the owner of the "partition authentication key" 72 sometimes differs from the owner of the "area 0 key of the typical section of the system number 0" or the "system issuance authentication key" 74. To this end, the transmission and reception of the system release information 70 occurs between the two owners. In such cases, it is necessary for each respective owner to possess authentication keys 72 and 74.
At this time, as shown in fig. 21, the issuing apparatus 5 is divided into the first issuing apparatus 5A as the "partition authentication key owner" and the second issuing apparatus 5B as the "system 0 typical partition area 0 key" or "system issuing authentication key" owner, and the system issuing information 70 is encrypted in two stages.
As shown in fig. 21, the distribution apparatus 5A and the distribution apparatus 5B encrypt the system distribution information 70 using the certification key 72 and the certification key 74, respectively. The encrypted system issuing information 75 is transmitted to the IC card 1. The IC card 1 decrypts the encrypted system issue information 75 using the authentication keys 72 and 74 securely stored in the IC card 1, and verifies the integrity of the system issue information 70 using the above-described first and second verification codes.
More specifically, first, the first issuing device 5A encrypts the system issuing information 70 using the first authentication password 72 (partition authentication key) and generates the temporarily encrypted system issuing information 73 (step S80). Next, the second issuing device 5B further encrypts the temporarily encrypted system issuing information 73 using the second authentication key 74 ("area 0 key of the representative section of the system number 0" or "system issuing authentication key"), and generates encrypted system issuing information 75 (step S81). It should be noted that in the two steps (step S80 and step S81) of the two-stage encryption, the system 0 typical encryption type encryption algorithm (i.e., the typical encryption method) is used. It should also be noted that the system 0 refers to the IC card system corresponding to the system definition information 120 assigned to the system number 0 in the IC card 1.
Further, according to the above, two-stage encryption processing is performed in the IC card 1. In other words, first, the issued information decryption section 27 of the IC card 1 decrypts the encrypted system issued information 75 using the second authentication key 74 ("area 0 key of the representative section of the system number 0" or "system issued authentication key") securely stored in the memory 30, and thus obtains the temporarily encrypted system issued information 73 (step S82). At this time, the distribution information decryption section 27 verifies the integrity of the temporarily encrypted system distribution information 73 using the second check code (which has been decrypted) contained in the temporarily encrypted system distribution information 73. Next, the distribution information decryption section 27 further decrypts the temporarily encrypted system distribution information 73 using the first authentication key 72 (partition authentication key) securely stored in the memory 30, and thus obtains the original system distribution information 70 (step S83). At this time, the distribution information decryption section 27 verifies the integrity of the system distribution information 70 using the first check code (which has been decrypted) contained in the decrypted system distribution information 70.
It should be noted that in the two steps (step S82 and step S83) of the two-stage decryption process, a typical encryption type encryption algorithm (i.e., a typical encryption method) is used. Also, integrity checking of the system release information 70 and the encrypted system release information 75 is accomplished, for example, by "CBC-MAC" using the first and second check codes described above.
As described above with reference to fig. 20 and 21, performing two-stage encryption and decryption of the system issuance information 70 using the two types of encrypted authentication keys 72 and 74 allows compatibility with various IC card system business types (e.g., when the owner of the authentication key 72 is different from the owner of the authentication key 74, etc.). Examples of business types will now be described.
For example, in a conventional business type, an IC card system owned by an IC card 1 issuer (a service providing company that issues the IC card 1) is an IC card system having a system number of 0 among the IC cards 1. In this case, the authority to determine the number of storage area blocks allocated to the newly issued system is one authority of the issuer, and therefore there is no problem with the above-described authentication key 74 becoming the "area 0 key of the typical section of system number 0". This is because the "system 0 administrator" is the same as the "zone 0 key owner". For example, when the traffic ticket card system of a given railway company is an IC card system having a system number of 0 (hereinafter, referred to as "system 0") and the railway company is the issuer of the IC card 1, "issuer", "system 0 administrator", and "area 0 key owner" are all the same entity (i.e., the railway company).
On the other hand, in the case where the above-described IC card section 8 is packaged in the mobile terminal 2, the mobile terminal 2 is commonly used by a plurality of service providers, and there is a case where the authority of the system 0 is held by an operator in a common area. In this case, each service provider can deliver each service separately by issuing an area definition area and a service definition area for each service providing company using the authority of the common area operator in the system 0. However, the authority of the latest distribution system in the mobile terminal 2 is held by, for example, the mobile terminal carrier. Therefore, the owner (public area operator) of the system 0 area 0 key is different from the owner (carrier) of the system issuing the authority. In such cases, the "area 0 key owner" and the "system 0 administrator" are different, and using the above-described second authentication key 74 as the "area 0 key of the typical section of the system number 0" is problematic. In this case, the second authentication key 74 needs to be a "system authentication key".
Section issuing information
Next, referring to fig. 22 and 23, the section issuing information 80 according to the present embodiment and the process of encrypting the section issuing information 80 and verifying the integrity thereof will be described. Fig. 22 is an explanatory diagram showing the structure of the section issuing information 80 according to the present embodiment. Fig. 23 is a schematic diagram showing encryption and decryption processing of the section issuing information 80 by the issuing apparatus 5 and the IC card 1 according to the present embodiment.
As shown in fig. 22, the section issuing information 80 includes the following setting items: section definition information 120 newly issued in the IC card 1 and area 0 definition information 130 belonging to the section definition information 120. More specifically, the section issuing information 80 includes an encryption type identifier, a system key version, a system key, an area 0 key version, an area 0 key, padding, a third check code, and a fourth check code. It should be noted that the encryption type identifier is identification information indicating an encryption method (encryption algorithm) compatible with the newly issued section definition information 120. The area 0 key and the number of blocks allocated to the area 0 are the same as described with reference to fig. 20.
Further, the section issuing information 80 is subjected to two-stage encryption using the third authentication key 82 and the fourth authentication key 84 (these authentication keys correspond to the authentication key 62 shown in fig. 6). More specifically, in the section issuing information 80, the encryption type identifier, the system key version, the system key, the area 0 key version, the area 0 key, the padding, and the third check code are encrypted using the third authentication key 82. In addition, the encrypted information and the fourth check code are then encrypted using the fourth authentication key 84.
At this time, the third authentication key 82 is a key for "typical section area 0 definition information 130 of the system definition information 110 belonging to the existing IC card system (hereinafter, referred to as" registration system ") that is specified as a registration target by the newly issued section definition information 120. "the area 0 key of a typical section of the registration target system" mentioned here is a key represented by reference symbols 82A and 82B shown in fig. 24, for example, and will be described below. Also, the fourth authentication key 84 is a "system key for the representative section definition information 120 of the system definition information 110 belonging to the above-described registration system" (hereinafter, referred to as "system key of the representative section of the section registration target system"). The "registration system representative section system key" mentioned here is a key represented by reference numerals 84A and 84B in fig. 24, for example.
As shown in fig. 23, the section issuing information 80 is subjected to two-stage encryption using two authentication keys 82 and 84 by the issuing apparatus 5, and the encrypted section issuing information 85 is then transferred to the IC card 1. The IC card 1 decrypts the encrypted section issuing information 85 using the authentication keys 82 and 84 securely stored in the IC card 1, and verifies the integrity of the section issuing information 80 using the above-described verification code.
More specifically, first, the distribution device 5 encrypts the section distribution information 80 using the third authentication key 82 (login system representative section area 0 key) (step S90). Further, the issuing device 5 further encrypts the section issuing information 80 encrypted using the third authentication key 82 using the fourth authentication key 84 (the system key of the typical section of the section login target system), and generates the encrypted section issuing information 85 (step S91). It should be noted that the two steps of the two-stage encryption process (step S90 and step S91) are performed using a typical encryption type encryption algorithm (i.e., a typical encryption method) for the login system.
Further, according to the above, the processing of two-stage decryption is performed in the IC card 1. In other words, first, the distribution information decryption section 27 of the IC card 1 decrypts the encrypted section distribution information 85 using the fourth authentication key 84 (the system key of the typical section of the section registration target system) securely stored in the memory 30 (step S92). At this time, the distribution information decryption section 27 verifies the integrity of the encrypted section distribution information 85 using the fourth check code (decrypted) contained in the encrypted section distribution information 85. Next, the distribution information decryption section 27 further decrypts the decrypted encrypted section distribution information 85 using the third authentication key 82 (the area 0 key of the typical section of the section registration target system) securely stored in the memory 30, and thus acquires the original section distribution information 80 (step S93). At this time, the distribution information decryption section 27 verifies the integrity of the section distribution information 80 using the third check code (which has been decrypted) contained in the decrypted section distribution information 80.
It should be noted that in the two steps (step S92 and step S93) of the two-stage decryption process, the system 0 typical encryption type encryption algorithm (i.e., the typical encryption method) is used. Also, the verification of the integrity of the section issuing information 80 and the decrypted encrypted section issuing information 85 is achieved by, for example, "CBC-MAC" using the above-described third and fourth check codes.
In this way, the system issuing information 70 or the section issuing information 80 is encrypted and decrypted using the authentication keys 72 and 73 or the authentication keys 82 and 83 in accordance with the login system representative section encryption algorithm (i.e., the representative encryption algorithm).
6. Outline of definition information distribution processing: FIG. 24
Next, referring to fig. 24, a key used to decrypt the distribution information 60 and verify the integrity thereof and the definition information distribution process by the IC card 1 according to the present embodiment will be described. Fig. 24 is a schematic diagram showing a specific example of the newly issued system definition information 110B or the section definition information 120B and 120D in the logical file structure section 33 of the IC card 1 according to the present embodiment.
I. Distribution of system definition information
First, an example in fig. 24 will be described, in which the IC card 1 issues new system definition information 110B based on the above-described system issuing information 70 and existing system definition information 110A shown in fig. 20.
The IC card 1 decrypts the encrypted system distribution information 75 acquired from the distribution apparatus 5, and acquires the system distribution information 70. At the same time, it verifies the integrity of the system release information 70. In the decryption and integrity check processing, the IC card 1 uses the partition authentication key 72 (first authentication key) and the "area 0 key of the typical section of the system number 0" or the "system issuing authentication key" 74 (second authentication key) shown in fig. 24. This system key 84A is a key "contained in the area 0 definition information 130A of the section definition information 120A belonging to a typical section for the existing system definition information 110A (system number 0). The "keys 82A and 84A are keys used for the encryption algorithm a, i.e., the encryption method (e.g., AES) typical of the system 0.
After the decryption and the integrity check processing, the system definition information 110B, the section definition information 120C, and the area 0 definition information 130C are newly generated by the IC card 1 management information issuing section 28 based on the system issuing information 70, and each of them is registered in the corresponding definition area. The value of each item of the definition information 110B, 120C, and 130C includes a value that is set as a value contained in the system issuing information 70 without change, and a value calculated by the management information issuing section 28 according to the internal state of the IC card 1.
For example, the system code for the system definition information 110B, the system key and the system key version for the section definition information 120C, and the area 0 key version for the area 0 definition information 130 are registered as values contained in the system release information 70 without change. On the other hand, the following items are calculated from the internal state of the IC card 1. The system number of the system definition information 110B is set to a value of "last established system number + 1". In the example shown in the drawing, the system number of the existing system definition information 110A is "0" and the system number of the system definition information 110B is thus set to "1". Also, the service definition information 120C encryption type identifier is set as a typical encryption type identifier. The number of blocks allocated to the area 0 definition information 130C must be not more than the number of blocks allocated to the area 0 for the system number 0, and therefore, from the number of blocks allocated to the area 0 for the system number 0, the number of blocks allocated is smaller than the number of blocks allocated to the area 0 specified in the system distribution information 70.
As described above, the system definition information 120B, the section definition information 120C, and the area 0 definition information 130C relating to the new IC card system having the system number 1 are issued based on the system representative section definition information 110A, 120A, and 130A of the system number 0 and the system distribution information 70 acquired from the distribution apparatus 5.
Issuing section definition information
Next, an example will be explained which is shown in fig. 24, in which the IC card 1 issues the section definition information 120B corresponding to the new atypical encryption type (encryption algorithm B) in the login system and the area 0 definition information 130B based on the above-described section issuing information 80 shown in fig. 22 and the section definition information 120A and the area 0 definition information 130A corresponding to the existing typical encryption type (encryption algorithm a).
The IC card 1 decrypts the encrypted section issuing information 85 acquired from the issuing device 5, and acquires the section issuing information 80. At the same time, it checks the integrity of the section issuing information 80. In this decryption and integrity check processing, the IC card 1 uses the "system 0 representative section system key 84A" and the "system 0 representative section area 0 key 82A" shown in fig. 24. The system 84A is "a system key included in the representative section definition information 120A belonging to the existing system definition information 110A". Likewise, the area 0 key 82A is an "area 0 key contained in the area 0 definition information 130A belonging to the section definition information 120A". Keys 82A and 84A are keys used for a typical encryption method encryption algorithm a (e.g., AES).
After the decryption and the integrity check processing, the IC card 1 management information issuing section 28 generates the section definition information 120B and the area 0 definition information 130B corresponding to the new atypical cryptographic algorithm from the section issuing information 80, and registers each of them in the corresponding definition area, respectively. The value of each of the items of definition information 120B and 130B includes a value set as a value contained in the section issuing information 80 without change, and also includes a value calculated by the management information issuing section 28 according to the internal state of the IC card 1.
For example, the encryption type identifier, the system key and the system key version for the section definition information 120B, and the area 0 key version for the area 0 definition information 130B are registered as the values included in the section release information 80 without change. On the other hand, the number of blocks assigned to the area 0 definition information 130B is calculated from the internal state of the IC card 1. The number of newly created blocks allocated to the extent area 0 is set to a value calculated by subtracting the number of allocation blocks used by the newly created extent definition information 120B and the area 0 definition information 130B from the number of blocks allocated to the representative extent area 0. The number of blocks allocated to the representative sector area 0 is also reset to the same value. An example is shown in the above description, in which normally allocated blocks are held between extents, but allocated block entries may be added within the extent issue information 80, and the system may be set so that the number of allocated blocks is not shared between these extents.
In the above-described manner, the section definition information 120B and the area 0 definition information 130B corresponding to the new encryption algorithm B are distributed based on the log-in system representative section definition information 120A and 130A and the section distribution information 80 acquired from the distribution apparatus 5. Further, even when the system having the system number 1 is a login system, by performing the processing in the above-described manner, the section definition information 120D corresponding to the new encryption algorithm C and the area 0 definition information 130D are issued in accordance with the definition information 120C and 130C for the representative section and the section issuing information 80.
Issuing area/service definition information
Next, a method for issuing new area definition information 140 and service definition information 150 is explained. When issuing a new area, the issuing apparatus 5 encrypts area issuing information including a plurality of setting values of the definition information 140 for the login area using the new area key of the login area, and transmits the area issuing information to the IC card 1. By encrypting the area distribution information using the same new area key, the IC card 1 verifies the integrity of the area distribution information. Also, when issuing a new service, the issuing apparatus 5 encrypts the service issuing information including the set value of the service definition information 150 for the login service using the new area key of the login service, and transmits the service issuing information to the IC card 1. The IC card 1 verifies the integrity of the service distribution information by decrypting the service distribution information using the new area key of the same login service.
As described above, when the system definition information 110 and the section definition information 120 are issued, the issue information 70 and the issue information 80 are encrypted using a typical section encryption method (e.g., AES) using an authentication key held by the owner having the issue authority. In contrast, when the area definition information 140 or the service definition information 150 is issued, the area distribution information or the service distribution information is encrypted using a new area key for registering a service area or a service. At this time, regardless of the typical encryption type (e.g., AES) set for the typical section, a selective encryption type (e.g., AES or DES) defined by the section definition information 120 to which the new area belongs may be used.
7. And (3) system release processing: FIGS. 25 and 26
Next, a system distribution process of the most-republished system definition information 110 will be described with reference to fig. 25. Fig. 25 is a sequence diagram showing the sequence of system issuing processing by the reader/writer 6 of the issuing apparatus 5 according to the present embodiment with the IC card 1. It should be noted that fig. 25 is an example of a system release process for a system having the system code "0 xEE 02" in fig. 24.
As shown in fig. 25, in the system issuing process, first, after the reader/writer 6 of the issuing device 5 has captured the IC card 1 by polling (step S101 to step S110), the reader/writer 6 mutually authenticates with the IC card 1 and encrypts the communication path (step S120 to step S150). Then, the reader/writer 6 transmits the encrypted system issuing information 75 to the IC card 1 (step S160). When completed, the IC card 1 decrypts the encrypted system distribution information 75 and acquires the system distribution information 70. Based on the acquired system issuance information 70, the IC card 1 executes the system issuance process and transmits a system issuance response (issuance completion or error notification) to the reader/writer 6 (step S170). Based on the response, the reader/writer 6 executes the process after completion of the system issuance or executes the error response process (step S190).
Note that each of steps S101 to S160 shown in the system issuing sequence of fig. 25 is substantially the same as steps S1 to S60 in the above-described access sequence executed when the IC card 1 is used as shown in fig. 12 to 19, and thus a detailed description is omitted here. However, in steps S101 to S160 shown in fig. 25, the point at which the IC card 1 communicates with the reader/writer 6 of the issuing device 5, the point at which the system code "0 xFFFF" is also added to the authentication message 1 request and transmitted in step S120, and the point at which the encrypted system issuing information 75 is transmitted in step S160 are different from steps S1 to S60 of the access sequence shown in fig. 12 to 19.
Using the sequence shown in fig. 25, the mutual authentication process between the IC card 1 and the reader/writer 6, the communication path encryption process, and the integrity check process of the system issuance information 70 can be securely performed using the typical segment encryption method. As a result, according to the system issuing information 70 acquired securely, the IC card 1 can issue definition information (system definition information 110B, section definition information 120B, and area 0 definition information 130C) about the new IC card system and register the definition information into the logical file structure section 33.
The system issuing process by the IC card 1 according to the present embodiment (step S170 in fig. 25) will be described next in more detail with reference to fig. 26. Fig. 26 is a flowchart showing the system issuing process by the IC card 1 according to the present embodiment.
As shown in fig. 26, the distributed information receiver 29 of the IC card 1 receives the encryption system distributed information 75 from the reader/writer 6 of the distribution apparatus 5 (step S171). Then, the IC card 1 confirms whether the encrypted system distribution information 75 received in step S171 can be decrypted using the above section key (step S172). The section key is a communication path encryption key generated from a random array used in the mutual authentication and communication path encryption process from step S120 to step S160 of fig. 25.
Further, the IC card 1 determines whether the logical card identification information indicates that the system is a 0 system. In other words, it confirms whether the system number included in the logical card identification information is "0" (step S173). The logical card identification information is information including a system number contained in the system definition information 110 for the system code specified by the reader/writer 6 at step S101, and IC card identification information (card ID) and the like. In step S110, the logical card identification information is transmitted from the IC card 1 to the reader/writer 6 as a polling response. The confirmation process performed at step S173 prevents the system issuance process from being performed using the definition information of the IC card system other than the system 0.
In addition, the IC card 1 confirms whether the current section of the IC card 1 is a section storing a typical encryption type (typical section) (step S174). The current zone is zone definition information 120 corresponding to the encryption method currently being used by the IC card 1 and the reader/writer 6 to communicate. The section storing the typical encryption type is section definition information 120A which stores an identifier indicating the typical encryption type (first encryption method, such as AES). The confirmation process performed at step S174 prevents the system issuance process from being performed using an atypical encryption type encryption algorithm (second encryption method, such as DES).
Further, the IC card 1 confirms whether or not mutual authentication between the reader/writer 6 and the IC card 1 using the representative zone system key and the area 0 key is completed (step S175). In this way, the authenticity of the encryption method keys (system key and area 0 key) stored in the section definition information 120A and the area 0 definition information 130A for the typical section can be checked, and the integrity of the system distribution information 70 can be checked using these keys and the typical encryption method.
If all of the confirmation conditions of the above-described steps S172 to S175 are satisfied, the process proceeds to step S176. On the other hand, if at least one of these confirmation conditions is not satisfied, the process proceeds to step S181, and the IC card 1 creates error information as a system issuance response (step S181).
Next, the distributed information decrypting section 27 of the IC card 1 decrypts the system distributed information 75 encrypted using the encryption algorithm a of the representative encryption type using the authentication keys 72 to 74 stored in the memory 30 in the order shown in fig. 21, and then verifies the integrity of the system distributed information 70 thus obtained (step S176). In this decryption and integrity check process, an "area 0 key of a typical section of the system number 0" or a "system issuing authentication key" 74 corresponding to a typical encryption type is used as the second authentication key 74, and a "partition authentication key" corresponding to a typical encryption type is used as the first authentication key 72 (refer to fig. 24). In step S176, the decryption and integrity check of the system issuance information 70 prevents tampering or theft of the system issuance information 70, and restricts issuance of invalid systems.
Thereafter, the management information distribution section 28 of the IC card 1 confirms whether or not the system definition information 110 having the same system code as the system code specified in the system distribution information 70 exists in the logical file structure section 33 (step S177). Further, the management information distribution unit 28 of the IC card 1 confirms whether or not the number of distribution blocks defined by the system 0 area 0 definition information 130 has a sufficient value to distribute the number of area 0 distribution blocks specified in the system distribution information 70 (step S178).
If both of the confirmation conditions of step S177 and step S178 described above are satisfied, the process proceeds to step S179. On the other hand, if at least one of the conditions is not satisfied, the process proceeds to step S181, and the IC card 1 generates error information as a system issuance response (step S181).
Then, based on the values of the items specified in the system distribution information 70 and the internal state of the IC card 1, the management information distribution unit 28 of the IC card 1 generates the system definition information 110B, the section definition information 120C, and the area 0 definition information 130C for registering the IC card system (step S179). Then, the management information issuing section 28 registers the generated definition information 110B, 120C, and 130C in the relevant storage areas (system definition area, section definition area, area 0 definition area) in the logical file structure section 33. For example, the system number is set to the last issued system number plus one. In this manner, new system definition information and the like are issued in accordance with the system issuance information 70.
When the system issuance process is executed in step S179, the IC card 1 generates a system issuance response indicating that the system issuance process is completed, and after encrypting the system issuance response using the above-described section key, transmits the encrypted response to the reader/writer 6 (step S180). On the other hand, when error information is generated in step S181, the IC card 1 encrypts the error information into a system issuance response using the above-described section key, and transmits the encrypted response to the reader/writer (step S180).
The system distribution process according to the present embodiment (for example, the system distribution process of the system code "0 xEE 02" shown in fig. 24) is explained above. In the system issuing process, mutual authentication and communication path encryption between the reader/writer 6 and the IC card 1 are performed using a typical encryption type encryption algorithm (first encryption method), and in addition, decryption and integrity check of the system issuing information 70 are also performed using the typical encryption type encryption algorithm. Therefore, by setting the encryption algorithm of the typical encryption type to the AES encryption algorithm or the like of high reliability, it is possible to securely issue new IC card system definition information in the IC card 1 compatible with a plurality of encryption methods.
8. Section issuing processing: FIGS. 27 and 28
Next, a section issuing process for newly issuing the section definition information 120 and the like corresponding to an encryption method different from the typical encryption method will be described with reference to fig. 27. Fig. 27 is a program diagram showing the sequence of the section issuing process performed by the reader/writer 6 of the issuing device 5 according to the present embodiment and the IC card 1. Note that fig. 27 is an example of adding and registering an encryption algorithm < algo _ C > section to the IC card system (system definition information 110B) having the system code "0 xEE 02" of fig. 24 described above.
As shown in fig. 27, in the section issuing process, first, after the reader/writer 6 of the issuing device 5 has acquired the IC card 1 by polling (step S201 to step S210), the reader/writer 6 mutually authenticates with the IC card 1 and encrypts the communication path (step S220 to step S250). Then, the reader/writer 6 transmits the encrypted section issuing information 85 to the IC card 1 (step S260). After completion, the IC card 1 decrypts the encrypted section issuing information 85 and acquires the section issuing information 80. According to the acquired section issuing information 80, the IC card 1 performs section issuing processing and transmits a section issuing response (issuing completion or error notification) to the reader/writer 6 (step S280). In accordance with the response, the reader/writer 6 executes the processing after the completion of the section issuance or executes the error response processing (step S290).
Note that each of steps S201 to S260 shown in the section issuing sequence in fig. 27 is substantially the same as steps S1 to S60 in the above-described access sequence shown in fig. 12 to 19 performed when the IC card 1 is used, and thus detailed description is omitted here. However, the point at which the IC card 1 communicates with the reader/writer 6 of the issuing apparatus 5 in steps S201 to S160 of the session issuing sequence shown in fig. 27, the point at which the system code "0 xFFFF" is also added to the authentication message 1 request and transmitted in step S220, and the point at which the encrypted system issuing information 85 is transmitted in step S260 differ from steps S1 to S60 of the access sequence shown in fig. 12 to 19.
Using the sequence shown in fig. 27, the mutual authentication process between the IC card 1 and the reader/writer 6, the communication path encryption process, and the integrity check process of the section issuing information 80 can be securely performed using a typical section encryption method (first encryption method, such as AES). As a result, according to the securely acquired section issuing information 80, the IC card 1 can issue definition information (the section definition information 120 and the area 0 definition information 130D) relating to a new atypical encryption method (the second encryption method, such as DES) and register the definition information in the logical file structure section 33.
The section issuing process (step S270 in fig. 27) performed by the IC card 1 according to the present embodiment will be described next in more detail with reference to fig. 28. Fig. 28 is a flowchart showing the section issuing process of the IC card 1 according to the present embodiment.
As shown in fig. 28, the distribution information receiver 29 of the IC card 1 receives the encrypted section distribution information 85 from the reader/writer 6 of the distribution apparatus 5 (step S271). Then, the IC card 1 confirms whether the encrypted section issuing information 85 received at step S271 can be decrypted using the above-described section key (step S172). The segment key is a communication path encryption key generated from a random array used in the mutual authentication and communication path encryption process from step S220 to step S260 of fig. 27.
In addition, the IC card 1 confirms whether the current section of the IC card 1 is a section storing a typical encryption type (typical section) (step S273). The current zone is zone definition information 120 corresponding to the encryption method currently being used by the IC card 1 and the reader/writer 6 to communicate. The section storing the typical encryption type is section definition information 120A which stores an identifier indicating the typical encryption type (first encryption method, such as AES). The confirmation process performed at step S273 prevents the section issuing process from being performed using an atypical encryption type encryption algorithm (second encryption method, such as DES).
Further, the IC card 1 confirms whether or not mutual authentication between the reader/writer 6 and the IC card 1 using the representative zone system key and the zone 0 key is completed (step S274). As a result, the authenticity of the typical encryption method keys (system key and zone 0 key) stored in the zone definition information 120A and the zone 0 definition information 130A for the typical zone can be verified, and the integrity of the zone allocation information 80 can be verified using these keys and typical encryption methods.
If all of the three confirmation conditions of the above-described steps S272 to S274 are satisfied, the process proceeds to step S275. On the other hand, if at least one of these confirmation conditions is not satisfied, the process proceeds to step S281, and the IC card 1 generates error information as a section issuance response (step S281).
Next, in the order shown in fig. 23, the distribution information decrypting section 27 of the IC card 1 decrypts the section distribution information 85 encrypted using the encryption algorithm a of the typical encryption type using the authentication keys 82 to 84 stored in the memory 30, and then verifies the integrity of the section distribution information 80 thus obtained (step S275). In this decryption and integrity check process, the "registered system representative sector system key 84B" specified by the reader/writer 6 is used as the fourth authentication key 84, and the "area 0 key 82B for a representative sector of the sector login target system" specified by the reader/writer 6 is used as the third authentication key 82 (see fig. 24). In step S275, the decryption and integrity check of the section issuing information 80 prevents tampering or theft of the section issuing information 80, and restricts the issuance of invalid sections.
Thereafter, the management information issuing section 28 of the IC card 1 verifies the correctness of the system code (step S276). More specifically, when the system code stored in the system definition information 110B for the current session is "0 xFFFF" specified by the reader/writer 6 in step S220, the management information issuing section 28 checks whether or not there is system definition information 110 having the same system code as the system code specified in the session issuing information 80 among the logical file structure section 33. On the other hand, when the system code stored in the system definition information 110B for the current session is not "0 xFFFF", the management information issuing section 28 checks whether the system code stored in the system definition information 110B is the same as the system code specified in the session issuing information 80.
Then, the management information issuing section 28 of the IC card 1 determines whether the IC card 1 is compatible with the encryption method of the encryption type specified in the section issuing information 80 (step S277). To this end, for example, the specified encryption type identifier is compared with a plurality of encryption type identifiers compatible with the IC card 1 stored in the IC card 1. Determining compatibility in this manner prevents the section definition information 120 for the encryption method incompatible with the IC card 1 from being meaningfully issued.
Further, the management information issuing section 28 of the IC card 1 determines whether the free space of the number of blocks to be consumed by the section registration is sufficient for registering the number of allocated blocks defined in the system representative section area 0 definition information 130 (step S278). If there is no free space in the block allocated to the representative block area 0, the block cannot be added and registered.
When the three confirmation conditions of steps S276 to S278 described above are satisfied, the process proceeds to step S279. On the other hand, when at least one of these confirmation conditions is not satisfied, the process proceeds to step S281 and the IC card 1 generates error information as a section issuing response (step S281).
Then, based on the values of the items specified in the section issuing information 80 and the internal state of the IC card 1, the management information issuing part 28 of the IC card 1 generates the section definition information 120D and the section 0 definition information 130D belonging to the registration section (step S279). The management information issuing section 28 then registers the generated definition information 120D and 130D in the relevant storage areas (section definition area, area 0 definition area) subordinate to the system definition area in the logical file structure section 33. For example, the section definition information 120D encryption type identifier and the system key are registered as values specified in the section issuing information 80 without change. In this way, according to the section issuing information 80, section defining information for a new encryption type and the like are issued from the existing system defining information 110B.
When the block is distributed, if only the number of blocks to be consumed by the block registration is deleted from the number of blocks allocated before the block registration is performed, the number of all blocks allocated to the area 0 in the registration system is the number of remaining blocks. The number of blocks allocated to region 0 in the system is the same in all region 0 definition information 130 because any remaining blocks that are not allocated are shared by all sections within the system.
When the section issuing process is executed at the above-described step S279, the IC card 1 generates a section issuing response indicating that the section issuing process is completed, and after encrypting the section issuing response using the above-described section key, transmits the encrypted response to the reader/writer 6 (step S280). On the other hand, when the error information is generated in step S281, the IC card 1 encrypts the error information into a section issuing response using the above-described section key, and transmits the encrypted response to the reader/writer 6 (step S280).
The section issuing process according to the present embodiment (for example, the section issuing process of the encryption algorithm C for the system code "0 xEE 02" shown in fig. 24) is explained above. In the section issuing process, mutual authentication and communication path encryption between the reader/writer 6 and the IC card 1 are performed using a typical encryption type encryption algorithm (first encryption method), and further, decryption and integrity check of the section issuing information 80 are also performed using a typical encryption type encryption algorithm. Therefore, by setting the encryption algorithm of the typical encryption type to the AES encryption algorithm or the like of high reliability, definition information for a new encryption method (e.g., DES) can be securely issued in the IC card 1 compatible with a plurality of encryption methods.
Note that, in the above-described issuing process sequence shown in fig. 25 to 28, the IC card 1 acquires the system issuing information 70 or the section issuing information 80 by performing the non-contact communication with the reader/writer 6 of the issuing device 5, and then issues the system or the section. For example, when the IC card 1 is shipped from the manufacturer, the order of the issuing process may be performed by passing the IC card 1 through the reader/writer 6 of the issuing device 5. Alternatively, after the IC card 1 has been distributed, the above-described sequence of issuing processing may be performed by passing the IC card 1 through the reader/writer 6 of the issuing apparatus 5 or the reader/writer 4 of the service provider apparatus 3 located at a specific place.
When the mobile terminal 2 is used, the issue processing sequence may be executed by passing the mobile terminal 2 through the reader/writer 6 or the reader/writer 4. Alternatively, the distribution processing sequence may be executed by using a distribution application installed in the mobile terminal 2 for the mobile terminal 2 to access a remote distribution server as the distribution apparatus 5 via the network 7.
For example, when the user downloads the distribution application from the server to the mobile terminal 2 and activates the application, the inquiry "is the initialization card? "appears on the screen of the mobile terminal 2. If the user selects "yes" in response to this inquiry, the mobile terminal 2 is connected to the remote issuing server through the network 7, and a server administrator (public area operator) authentication key is used to issue a plurality of areas of the area/service or the like. At this time, the server transmits the encrypted distribution information to the IC card unit 8 of the mobile terminal 2, and the distribution application automatically distributes a plurality of areas for new systems and areas in the mobile terminal 2.
Even when the mobile terminal 2 communicates with the issuing device 5 via the network 7 in this manner, the issuing process can be performed in the same manner as the above-described sequence by replacing the reader/writer 6 shown in fig. 25 or fig. 26 with a remote issuing server serving as the issuing device 5.
In both cases, the above-described authentication keys 72, 74, 82, and 84 are securely stored in advance in the IC chip before shipment from the manufacturer, for example, when the above-described IC card 1 or mobile terminal 2 is used. With this, even after the IC card 1 or the mobile terminal 2 has been distributed, a plurality of systems and sections can be additionally issued using the internally stored authentication key 72, 74, 82, or 84.
9. Effect
The communication system formed by the IC card 1 (or the mobile terminal 2), the service provider apparatus 3, and the distribution apparatus 5, the use of the IC card 1 in the system, and the method of distributing the management information according to the present invention have been specifically described above.
In the present invention, the IC card 1 is provided with hardware (an encryption processing circuit and the like) compatible with a plurality of encryption methods. Then, by establishing a hierarchical structure for the definition information in the logical file structure section 33 of the IC card 1, the section definition information 120 group for each encryption method is newly added, subordinate to the highest level system definition information 110. Each section definition information 120 stores a system key corresponding to each encryption method, and an identification for the encryption method. Then, a single typical encryption method is specified from among a plurality of encryption methods compatible with the IC card.
Further, the distribution device 5 transmits the system distribution information 70 or the section distribution information 80 encrypted by the typical encryption method to the IC card 1. The IC card 1 decrypts the system issuing information 70 or the section issuing information 80 using a typical encryption method and verifies the integrity of the issuing information. Then, based on the system issuing information 70 or the section issuing information 80, the IC card 1 issues system definition information 110 for a new IC card system or section definition information 120 for a new encryption method, and registers the definition information in the IC card 1.
With this structure, in the IC card 1 compatible with a plurality of encryption methods, definition information corresponding to a selected encryption method can be added, changed, and deleted as appropriate. For example, in the IC card 1 compatible with both DES and AES encryption algorithms, if only the section definition information 120 for the AES encryption algorithm is issued, the IC card 1 becomes a dedicated AES encryption algorithm card. If the section definition information 120 for both the DES and AES encryption algorithms is issued, the IC card 1 is compatible with both the DES and AES encryption algorithms.
Then, when the section definition information 120 is issued, mutual authentication with the reader/writer 6, communication path encryption, and packetization of DES issue information are performed using a typical encryption method (e.g., AES) until initialization of definition information, such as a key. However, if the section definition information 120 for another encryption method (such as DES) is issued, then the issue of the area definition information 140 and the service definition information 150, or the use of the IC card 1 may be performed using the DES encryption algorithm.
In this way, in the present embodiment, the encryption method employed when the system definition information 110 or the section definition information 120 is issued may be different from the encryption method employed when the IC card 1 is used. Further, as long as the IC card 1 is compatible with the selected method or methods, these encryption methods can be freely selected.
In addition, if an encryption method (e.g., AES) that is more reliable than another encryption method (e.g., DES) is selected as the typical encryption method, the DES section definition information 120 issuing process can be performed more securely using the AES encryption algorithm. In this way, the AES encryption algorithm may compensate for the weak reliability of the DES encryption algorithm if the AES encryption algorithm is of the typical encryption type.
In other words, with the present embodiment, an area corresponding to a new IC card system (hereinafter referred to as "system") or an area corresponding to a new encryption type (hereinafter referred to as "zone") can be created in the logical file structure section 33 using a typical zone key (typical encryption method key). The section and the system can only be created using the typical encryption method (AES). In order to create an atypical section (DES) less reliable than AES, it is necessary to perform mutual authentication using the AES encryption algorithm and encapsulate DES definition information using the AES key (in other words, it is necessary to generate section release information 80). Therefore, until the DES section is issued, processing can be securely performed using the AES key. The key included in the encapsulation section issuing information 80 is a DES key, but the encryption method used to encrypt the section issuing information 80 is an AES encryption algorithm.
Also, when a new system is issued in order to make the IC card 1 compatible with the new IC card system, the new system cannot be issued without using a typical encryption method (AES) key. Also, if a system has been newly issued, first, a typical section corresponding to the AES encryption algorithm is generated, and therefore, when a section subordinate to the system is issued later, AES must be used. As a result, the system can only be released using the AES encryption algorithm, and in this way, the AES encryption algorithm can compensate for the low reliability of the DES encryption algorithm.
For the reason described above, since the single IC card 1 is compatible with a plurality of encryption methods, a service provider who uses the IC card 1 to deliver a service can select an encryption method to be used from among a plurality of encryption algorithms compatible with the IC card 1. Further, even if the service provider selects different encryption methods, a plurality of services having different encryption methods can be provided using a single IC card 1.
Moreover, if a known service provider changes the encryption method currently used, if the IC card 1 compatible with a plurality of encryption methods is being used, the encryption method can be changed without recalling the IC card 1. Therefore, the encryption method used by the IC card 1 can be smoothly changed, and the effort, time, and cost required for the changing operation can be reduced.
Further, by deciding on a typical encryption method, it is possible to reduce the type of authentication key used in the issuing process, clarify authentication, and simplify the operation. After the system definition information 110 is newly generated, the encryption method used under the system definition information 110 may be added as appropriate by the rights holder. In addition, since the distribution information is encrypted by the distribution apparatus 5 and the IC card 1 decrypts and checks the integrity of the distribution information, it is possible to prevent tampering and theft of the distribution information.
It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and improvements may be made in accordance with design requirements and other factors, and are intended to be included within the scope of the claims or equivalents of the present invention.

Claims (11)

1. An information processing apparatus comprising:
a data storage section capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas corresponding to each of a plurality of different encryption methods, the data storage section having at least a first storage area for storing first management information corresponding to a first encryption method;
a distribution information receiver that receives distribution information encrypted using the first encryption method from a distribution apparatus that delivers the distribution information to distribute second management information corresponding to a second encryption method;
an issued information decrypting section that decrypts the received issued information by the first encryption method based on the first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and
a management information issuing section that issues the second management information corresponding to the second encryption method based on the decrypted issuing information, and stores the second management information in a second storage area of the data storage section.
2. The information processing apparatus according to claim 1, wherein
The storage area of the data storage portion has a hierarchical structure composed of a section definition area established for at least each of a plurality of encryption methods compatible with the information processing apparatus and at least one area definition area belonging to the section definition area,
the management information includes at least section definition information stored in the section definition area and area definition information stored in the area definition area,
the first storage area of the data storage portion includes at least a first section definition area storing first section definition information corresponding to the first encryption method,
the first management information includes at least first section definition information,
the first section definition information includes a first key for authenticating access to the first section definition area and identification information for the first encryption method,
the distribution information is section distribution information for distributing second section definition information corresponding to the second encryption method as the second management information,
the section issuing information includes a second key for authenticating access to a second section defining area and identification information for the second encryption method, and
the information processing apparatus further includes:
a mutual authentication section for performing mutual authentication with the issuing apparatus by using a first encryption method identification information stored in the first section definition area, wherein
The issue information receiver receives the section issue information from the issue apparatus when the mutual authentication performed by the mutual authentication section is successful, the section issue information being encrypted in the first encryption method using the first key,
the decryption section decrypts the received section issuing information in the first encryption method using the first key stored in the first section defining area, and
the management information issuing section issues second section definition information including the second key and the second encryption method identification information based on the decrypted section issuing information, and stores the second section definition information in a second section definition area that is the second storage area of the data storage section.
3. The information processing apparatus according to claim 2, wherein
The first storage area and the second storage area of the data storage part store the first encryption method identification information and the second encryption method identification information, respectively, an
The information processing apparatus further includes:
a communication section for performing non-contact communication with a service provider apparatus that provides a specific service; and
a mutual authentication section for, when an authentication request is received from the service provider apparatus through the communication section, selecting a storage area corresponding to the encryption method specified by the authentication section based on one of the first encryption method identification information and the second encryption method identification information stored in one of the first storage area and the second storage area, and performing mutual authentication with the service provider apparatus in the encryption method specified in the authentication request using the management information stored in the selected storage area.
4. The information processing apparatus according to claim 3, further comprising:
a communication section for performing non-contact communication with an external device; and
an encryption processing section compatible with the plurality of encryption methods, encrypting and decrypting data communicated by the communication section through the contactless communication using one of the plurality of encryption methods; wherein
The distribution information decryption unit decrypts, by using the encryption processing unit, the distribution information received from the distribution apparatus by using the first encryption method.
5. The information processing apparatus according to claim 4, wherein
The first encryption method is a typical encryption method selected from among encryption methods compatible with the encryption processing section, and the first encryption method is more reliable than the second encryption method.
6. The information processing apparatus according to claim 5, wherein
The information processing apparatus is one of an IC card capable of non-contact communication with an external device and a mobile terminal equipped with an IC card section.
7. An information processing apparatus comprising:
a data storage section capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods, the data storage section having at least a first storage area for storing first management information corresponding to a first encryption method;
a distribution information receiver that receives distribution information encrypted using the first encryption method from a distribution apparatus that delivers the distribution information to distribute second management information corresponding to the first encryption method;
an issued information decrypting section that decrypts the received issued information by the first encryption method based on the first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and
a management information issuing section that issues the second management information corresponding to the first encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
8. The information processing apparatus according to claim 7, wherein
The storage area of the data storage portion has a hierarchical structure made up of at least one system definition area established corresponding to each of the contactless communication systems compatible with the information processing apparatus, at least one section definition area for each of a plurality of encryption methods compatible with the information processing apparatus, and at least one area definition area belonging to the section definition area, the section definition area belonging to the system definition area,
the management information includes at least system definition information stored in the system definition area, section definition information stored in the section definition area, and area definition information stored in the area definition area,
the first storage area of the data storage portion includes at least a first system definition area storing first system definition information corresponding to a first contactless communication system and a first zone definition area storing first zone definition information corresponding to the first encryption method, the first zone definition area belonging to the first system definition area,
the first management information includes at least the first system definition information and the first section definition information,
the first system definition information includes a first system code representing a first contactless communication system, the first section definition information includes a first key for authenticating access to the first section definition area and identification information for the first encryption method,
the issue information, as the second management information, is system issue information that issues second system definition information corresponding to a second contactless communication system and second section definition information belonging to the second system definition information and corresponding to the first encryption method,
the system release information includes a second system code representing the second non-contact communication system and a second key for authenticating access to a second zone definition area, and
the information processing apparatus further includes:
a key storage unit that stores an authentication key that newly issues the system definition information; and
a mutual authentication section performing mutual authentication with the issuing apparatus by the first encryption method using the first encryption method identification information stored in the first section definition area, wherein
The issue information receiver receives system issue information encrypted in the first encryption method using one of the first key and the authentication key from the issue apparatus when mutual authentication performed by the mutual authentication section succeeds,
the distribution information decryption section decrypts the received system distribution information in the first encryption method using one of the first key stored in the first section definition area and the authentication key stored in the key storage section, and
the management information issuing section issues the second system definition information including the second system code and the second section definition information including the second key and the first encryption method identification information based on the decrypted system issuing information, and stores the second system definition information and the second section definition information in the second system definition area and the second section definition area, which are the second storage area of the data storage section, respectively.
9. An information processing method comprising the steps of:
storing, by an information processing apparatus, first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods;
receiving, by the information processing apparatus, issue information encrypted using the first encryption method from an issue apparatus that passes the issue information to issue second management information corresponding to a second encryption method;
decrypting, by the information processing apparatus, the received release information with the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and
issuing, by the information processing apparatus, the second management information corresponding to the second encryption method based on the decrypted issuing information, and storing the second management information in a second storage area of the data storage section.
10. An information processing method comprising the steps of:
storing, by an information processing apparatus, first management information corresponding to a first encryption method in a first storage area of a data storage section capable of storing user data used in a specific service using contactless communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods;
receiving, by the information processing apparatus, issue information encrypted using the first encryption method from an issue apparatus that passes the issue information to issue second management information corresponding to the first encryption method;
decrypting, by the information processing apparatus, the received release information with the first encryption method based on first management information corresponding to the first encryption method stored in a first storage area of the data storage section; and
issuing, by the information processing apparatus, the second management information corresponding to the first encryption method based on the decrypted issuing information, and storing the second management information in a second storage area of the data storage section.
11. A communication system, comprising:
a distribution device; and
an information processing device capable of communicating with the distribution device; wherein
The issuing device includes:
a distribution information encryption section for encrypting, in a first encryption method, distribution information used for distributing second management information corresponding to a second encryption method, and
a distribution information transmitter for transmitting distribution information encrypted by the first encryption method to the information processing apparatus, an
The information processing apparatus includes:
a data storage section having at least a first storage area for storing first management information corresponding to the first encryption method, the data storage section being capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods,
a distribution information receiver for receiving distribution information encrypted in the first encryption method from the distribution apparatus,
an issued information decrypting section that decrypts the received issued information using the first encryption method based on the first management information corresponding to the first encryption method stored in a first storage area of the data storage section, and
a management information issuing section that issues the second management information corresponding to the second encryption method based on the decrypted issuing information, and stores the second management information in a second storage area of the data storage section.
12. A communication system, comprising:
a distribution device; and
an information processing device capable of communicating with the distribution device; wherein the issuing device includes:
a distribution information encryption section for encrypting, in a first encryption method, distribution information used for distributing second management information corresponding to the first encryption method, and
a distribution information transmitter for transmitting distribution information encrypted by the first encryption method to the information processing apparatus, an
The information processing apparatus includes:
a data storage section having at least a first storage area for storing first management information corresponding to the first encryption method, the data storage section being capable of storing user data used in a specific service using non-contact communication and management information for managing the user data in different storage areas for each of a plurality of different encryption methods,
a distribution information receiver for receiving distribution information encrypted in the first encryption method from the distribution apparatus,
an issued information decrypting section that decrypts the received issued information using the first encryption method based on the first management information corresponding to the first encryption method stored in a first storage area of the data storage section, and
a management information issuing section that issues the second management information corresponding to the first encryption method based on the decrypted issuing information and stores the second management information in a second storage area of the data storage section.
HK10103620.0A 2008-06-06 2010-04-14 Information processing device, information processing method and communication system HK1138087B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008149824A JP4631935B2 (en) 2008-06-06 2008-06-06 Information processing apparatus, information processing method, program, and communication system
JP2008-149824 2008-06-06

Publications (2)

Publication Number Publication Date
HK1138087A1 HK1138087A1 (en) 2010-08-13
HK1138087B true HK1138087B (en) 2013-03-15

Family

ID=

Similar Documents

Publication Publication Date Title
TWI395448B (en) Information processing device, information processing method, program and communication system
US12021863B2 (en) Self-authenticating chips
JP4428055B2 (en) Data communication apparatus and memory management method for data communication apparatus
CN104380652B (en) Many publisher&#39;s safety element subregion frameworks for NFC enabled devices
US6185307B1 (en) Cryptography security for remote dispenser transactions
KR100668996B1 (en) Data storage device and data storage method
US9916576B2 (en) In-market personalization of payment devices
CN101727603B (en) Information processing apparatus, method for switching cipher and program
WO2020191454A1 (en) Transaction application with a tokenized identifier
CN104412285A (en) Systems, methods, and computer program products for securing and managing applications on secure elements
US7516479B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
KR100437513B1 (en) Smart card for containing plural Issuer Security Domain and Method for installing plural Issuer Security Domain in a smart card
CN101138242A (en) An interactive television system
CN102222243A (en) Information processing device, information processing method, and program
HK1138087B (en) Information processing device, information processing method and communication system
KR101912254B1 (en) A method of processing transaction information for preventing re-use of transaction information based on a shared encryption key, an appratus thereof
CN107925579A (en) Communication equipment, communication means and communication system
CN119515377A (en) A smart card supply chain hierarchical management method and system
KR20130128296A (en) Method and system for providing a prepaid voucher service based on nfc tag