JP2004288080A - IC card system and IC card issuing method - Google Patents

Abstract

A user who uses many applications needs to have a plurality of IC cards issued, and since each card operates independently, there is a problem that security is weakened at the time of issuance.
A first IC card and an IC card terminal comprising authentication information of a self or another person, a plurality of IC cards and a card terminal capable of mutual authentication with another person using the authentication information. A mutual authentication between the first IC card and the second IC card, a second session authentication between the first IC card and the second IC card, and a first session key generated based on the first mutual authentication. By using a first secure communication path established between the first IC card and the IC card terminal to transfer the second session key generated based on the second mutual authentication to the first IC card. And a means for establishing a secure communication path between the second card and the card terminal using the second session key transferred to the card terminal.
[Selection diagram] FIG.

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to an IC card and an IC card system using the IC card, and more particularly, to a multi-application compatible IC card equipped with a CPU (Central Processing Unit), and a card application program of the IC card system using the multi-application compatible IC card. It relates to a mounting method and an execution method.
[0002]
[Prior art]
Since an IC card can store a large amount of information and has high security, it is expected as a new information recording medium that replaces a conventional magnetic card. Furthermore, in recent years, a multi-application compatible IC card using a microcomputer chip as a chip mounted on the card (hereinafter sometimes simply referred to as a multi-application IC card or an IC card or a card) has begun to appear. The multi-application-compatible IC card can mount a plurality of card application programs (hereinafter, sometimes referred to as a card AP) on a single IC card, and at any time after the card issuance, an application (hereinafter, referred to as a card AP). AP) may be dynamically mounted / deleted. Examples of an operating system (OS) for realizing such a multi-application-compatible IC card include MULTOS of Mondex International and Open Platform Card of Visa International.
[0003]
Consider a case of constructing a system that provides a service using an IC card. As described above, an IC card can have high functions, but cannot provide a service by itself. The IC card is connected to a conventional host computer, and can realize a service by exchanging information with the outside. At this time, it is important to ensure security in communication between the card and the host. Specifically, the card and the host must be able to authenticate each other. Further, it is necessary to prevent communication data exchanged between the two parties from being leaked to a third party or falsified. Hereinafter, an example of an IC card business in which security is important will be described.
[0004]
First, in a business involving a card issuer, it is necessary to securely carry out a business of mounting a card AP when issuing and operating a card. Specifically, between the card AP mounting terminal AP on the host-side card AP mounting terminal and the card-side card OS, mutual validity is authenticated (hereinafter, sometimes referred to as mutual authentication). However, after successful authentication, security is ensured by establishing a secure communication path (hereinafter, sometimes referred to as a secure channel) in which a third party cannot perform eavesdropping or tampering.
[0005]
Next, in the business related to a service provider that provides a service using the card AP mounted on the card, mutual authentication is performed between the card terminal AP on the host-side card terminal and the card AP on the card, Security is ensured by realizing secure communication.
[0006]
In a conventional IC card, the above-described mutual authentication and secure communication are realized by an encryption technique (for details, see “Global Platform: Open Platform Card Specification Version 2.0.1 ′, April 2000”, and “W. Rankl: See "Smart Card Handbook" (John Wiley & Sons)).
[0007]
Hereinafter, a method of realizing mutual authentication and secure communication using symmetric encryption (common key encryption) will be described in detail. First, the configuration of an IC card system using a multifunctional IC card and the realization of mutual authentication and secure communication will be described with reference to FIG.
[0008]
As described above, the IC card system includes the card 110 and the card terminal 100. The card terminal 100 communicates with the card 110 to realize a business service using the IC card. A typical example of the business service is a card AP mounting business in which a card AP is dynamically mounted on an IC card. As other tasks, there is a service execution task of accessing a card AP mounted on an IC card and executing a general task AP service (for example, a credit card service or an electronic ticket service).
[0009]
In the card terminal 100, a card terminal OS 101 operates. The card terminal OS 101 accesses an application program (AP) stored in the data storage unit 102 via the data path 130 and executes the AP.
[0010]
The AP stored in the card terminal 100 of FIG. 1 will be described. The card AP mounting AP 103 is a host-side AP that performs a card AP mounting task. The card AP loading AP 103 sends the card AP loading format data 104 and the card AP loading permit 105 to the card 110 connected to the card terminal 100 via the data path 142, and installs the card AP. Realize.
[0011]
Another host AP that implements another business AP service is the service terminal AP106. Similarly, the service terminal AP 106 accesses the card 110 via the data path 142 to realize the business AP service.
[0012]
Secure communication means that data exchanged with the data path 142 as described above is encrypted (Encode) or data integrity assurance (MAC: Message Authentication Code) to prevent data leakage to a third party or third data. This function prevents data tampering by the user. In FIG. 1, the secure communication of the data path 142 is indicated by a cylindrical description method 141.
[0013]
Another important process in realizing secure communication is mutual authentication. Mutual authentication is a process of authenticating each other as a valid communication partner during secure communication. In FIG. 1, a card authentication AP 107 is an AP that is called from the card AP mounting AP 103 or the service terminal AP 106 and performs mutual authentication with the card 110. Specifically, the card authentication AP 107 accesses the terminal authentication AP 117 on the card 110 via the data path 131 and performs mutual authentication using the card master keys Kcm 108 and 118. If the result of the mutual authentication is OK, the two authentication APs 107 and 117 derive the card session keys Kcs 109 and 119 from the card master keys Kcm 108 and 118. The derived session key is used for encrypting communication data on the data path 142 to secure the data path 142. Note that the data path 131 and the data path 142 are physically realized by the same data communication path. However, since data flowing through the paths is logically different, two different (logical ) Data path. That is, the double-line data path 131 is a data path through which mutual authentication information flows, and the data path 142 wrapped in the cylindrical sheath 141 is a data path through which a secure message flows. This is the end of the description of the card terminal 100.
[0014]
Next, the card 110 will be described. The card 110 includes a card OS 111 and a data storage unit 116. The communication processing unit 112 in the card OS 111 performs communication processing with the outside via the logical data paths 131 and 142. The command received from the outside is sent to the card OS command execution unit 113 via the data path 132. For example, if the received command is a card AP mounted command, the card OS command execution unit 113 sends the card AP load format data stored in the data part of the command to the data storage unit 116 via the data path 135. , Card AP load format data 120. Further, the card OS command execution unit 113 performs processing 138 such as decryption on the card AP load format data 120, converts the data into card AP execution format data 121, and stores the data. If the command is a card AP selection command, the card OS command execution unit accesses the card AP management unit 114 and selects the card AP execution format data 121. If a command not supported by the card OS is sent from outside after selecting the card AP,. The command is regarded as a command unique to the selected card AP, and is sent to the card AP execution unit 115 to be executed. If the received command is a mutual authentication command, the card OS command execution unit selects the terminal authentication AP 117. The selected card AP authentication AP holds the card master key Kcm118 and executes mutual authentication with the card terminal 100. Further, the terminal authentication AP 117 holds a card session key Kcs119 derived from the card master key 118. The card session key Kcs119 encrypts data exchanged via the data path 142 (this encryption is indicated by a broken line 140 in FIG. 1). By this encryption, the secure channel 141 of the data path 142 is realized. This concludes the description of the card.
[0015]
Next, a mutual authentication process and a secure message process in a conventional IC card system will be described with reference to FIGS.
Mutual authentication is realized by mutually verifying that two systems share some kind of secret information. Specifically, mutual authentication is performed by mutually verifying that the card terminals 100 and 200 and the cards 110 and 201 hold the common symmetric encryption keys Kcm 108 and 118 in FIGS. Is achieved. The mutual authentication includes card authentication in which the card terminals 100 and 200 authenticate the cards 110 and 201, and external authentication in which the cards 110 and 201 authenticate the card terminals 100 and 200.
[0016]
First, card authentication will be described. The card terminals 100 and 200 generate a random number called a host challenge (step (1)) and send it as a card authentication command to the cards 110 and 201 via the data path 131 (step 202). The card 201 generates a random number called a card challenge (step (2)), and derives a card session key Kcs119 from the card master key Kcm118 using the host challenge and the card challenge (step (3)). Further, the card 201 encrypts the host challenge and the card challenge with the card master key Kcm118 to create a card cipher text (step (4)). The cards 110 and 201 send the card challenge generated in step (2) and the card ciphertext generated in step (4) to the card terminals 100 and 200 via the data path 131 as a card authentication command response. (Step 203). The card terminals 100 and 200 derive the card session key Kcs109 from the card master key Kcm108 using the host challenge and the card challenge sent from the cards 110 and 201 (step (5)). Further, the IC cards 110 and 201 encrypt the host challenge and the card challenge with the card master key Kcm108 to create a card ciphertext, and compare and verify the encrypted card challenge with the card ciphertext sent from the cards 110 and 201 (step ( 6)). If the two match, the card terminals 100 and 200 have confirmed the validity of the cards 110 and 201.
[0017]
Next, external authentication will be described. The card terminals 100 and 200 encrypt the host challenge and the card challenge with the card master key Kcm118 to create a host cipher text (step (7)). The card terminals 100 and 200 send the host challenge generated in step (6) to the cards 110 and 201 as an external authentication command via the data path 131 (step 204). The cards 110 and 201 encrypt the host challenge and the card challenge with the card master key Kcm118 to create a host ciphertext, and verify the host challenge with the host ciphertext sent from the card terminals 100 and 200 (step (8) )). If they match, the cards 110 and 201 have confirmed the validity of the card terminals 100 and 200. The IC cards 110 and 201 send the external authentication command response to the card terminals 100 and 200 via the data path 131 (step 205).
[0018]
This concludes the description of the mutual authentication, and then describes the secure message processing. The card terminals 100 and 200 generate command data to be subjected to secure message processing (step (9)), encrypt the data with the card session key Kcs109 generated in step (5) (139 and 141), A command 206 is sent to the cards 110 and 201 via the data path 142. The cards 110 and 201 receive the command, execute the command processing (step (10)), encrypt the execution result with the card session key Kcs119 generated in step (3) (140, 141), and generate a secure message. It is sent to the cards 110 and 201 via the data path 142 as the target command response 207. This is the end of the description of the secure message processing.
[0019]
As described above, the conventional IC card system includes the card 110 and the card terminal 100, mutually realizes a secure communication path by mutually authenticating each other, and performs data exchange through the communication path. Providing services. In order to provide services safely with such an IC card system, it is necessary to set a different authentication encryption key for each card when issuing the card. Further, a business that issues and operates cards needs to manage these encryption keys and perform authentication processing corresponding to the cards when providing services. That is, it is understood that the cost of issuing, operating, and managing cards increases in proportion to the number of cards. This concludes the description of the related art.
[0020]
[Problems to be solved by the invention]
In an IC card, the number of card APs that can be mounted on one card is limited because the nonvolatile memory area of the card is limited. Therefore, when using a large number of card APs, the card user has to carry a plurality of cards. For example, in a card having a nonvolatile memory capacity of 32 KB (kilobytes), assuming that the size per card AP is 8 KB, only four card APs can be mounted per card. Therefore, if the card user desires to use ten card APs, the card user has to carry at least three cards.
[0021]
At this time, in the conventional IC card, since each card operates independently of each other, the card issuer must set and manage card and personal authentication data for each card. If the card issuer is different for each card, it is natural to think that each card is managed independently. However, if one card issuer issues multiple cards to one card user, the card security is reduced for the user and the card operation cost is increased for the card issuer. There was a point. Hereinafter, these two problems will be described.
[0022]
First, a problem concerning safety will be described. Generally, the possibility that a card user loses a card is considered to be proportional to the number of cards possessed by the card user. At this time, as described above, in the conventional card, since each card has the same personal information, the possibility of losing the information or informing the personal information to a malicious third party is proportional to the number of cards. It is thought that it becomes bigger.
[0023]
Next, problems relating to operation costs will be described. The card issuer must set card and personal authentication information (usually, often an encryption key) for each card, and manage the authentication information, card state information, and the like. In the conventional card, since each card operates independently, it is necessary to set and manage card and personal authentication data for each card. Therefore, the cost of card management increases in proportion to the number of cards. For example, taking the card authentication information set for a card as an example, it is necessary to set and manage different authentication information for each card to authenticate the validity of the card. The number increases in proportion to the number of cards. Also, taking a password (PIN: Personal Identification Number) as an example, assuming that PINs stored in each card are different values for a plurality of cards held by a certain card user, the PIN number to be managed by the card issuer Increases in proportion to the number of cards. Even if the PIN stored in each card is assumed to be the same value, if the card user changes the PIN, it is necessary to change the PIN for all the cards held by the user. There is a problem that the management cost increases in proportion to the number of cards.
[0024]
[Means for Solving the Problems]
In order to solve the above problems,
Means for holding first authentication information and second authentication information for enabling authentication of the validity of self or another person, mutual authentication means for authenticating mutual validity with another person, and a result of the mutual authentication A first IC card having a secure communication means for generating a session key for establishing a secure communication path with another based on
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A second IC card having a secure communication means for generating a session key for establishing a communication path and using the generated session key;
Means for holding fourth authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure means for securing the other based on the result of the mutual authentication. An IC card terminal having a secure communication means for generating a session key for establishing a communication path and using the generated session key;
Performing a first mutual authentication process between the first IC card and the IC card terminal;
Performing a second mutual authentication process between the first IC card and the second IC card,
Using a first session key generated based on the result of the first mutual authentication process, via a first secure communication path established between the first IC card and the IC card terminal. Transferring a second session key generated based on the result of the second mutual authentication process from the first card to the card terminal;
A first IC card system, wherein a secure communication path is established between the second card and the card terminal using the second session key transferred to the card terminal.
Further, in the first IC card system, the first authentication information held by the first IC card and the third authentication information held by the IC card terminal are the same symmetric encryption key. A second IC card system characterized by the above-mentioned.
Further, in the second IC card system, the first session key generated based on the result of the first mutual authentication process is a symmetric type key obtained by encrypting a random number with the symmetric encryption key. A third IC card system, which is an encryption key.
Further, in the first IC card system, the second authentication information held by the first IC card and the second authentication information held by the second IC card are the same symmetric encryption key. A fourth IC card system, characterized in that:
Further, in the fourth IC card system, the second session key generated based on the result of the second mutual authentication process is a symmetric type key obtained by encrypting a random number with the symmetric encryption key. A fifth IC card system, which is an encryption key.
Alternatively, a means for holding first authentication information enabling the authenticity of self or another person to be authenticated, a mutual authentication means for authenticating mutual validity with another person, and a method for communicating with another person based on the result of the mutual authentication. Other card for generating a session key for establishing a secure communication path, using secure communication means using the generated session key, and creating authentication information of the other card using card identification information of the other card input from outside A first IC card comprising: authentication information creating means; and other card authentication information management means for managing the card identification information of the other card and the generated other card authentication information in pairs,
Means for holding own card identification information, means for holding second authentication information enabling authenticity of self or another person, mutual authentication means for authenticating mutual validity with another person, A second IC card comprising: a session key for establishing a secure communication path with another based on the result of the mutual authentication; and a secure communication means using the generated session key.
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A session key for establishing a communication path is generated, secure communication means using the generated session key, and card identification information are obtained from the second IC card, and the obtained card identification information is stored in the first IC card. And a card issuing means for requesting generation of authentication information based on the sent card identification information, and storing the generated authentication information in the second IC card.
The IC card issuer reads card identification information from the second IC card, performs a first mutual authentication process with the first IC card, and outputs a result of the first mutual authentication process. Using the first session key generated based on the first IC card, the first IC card is read from the second IC card via the first secure communication path established between the first IC card and the IC card issuing machine. The issued card identifier is sent to the other card authentication information creating means of the first IC card to request creation of authentication information of the second IC card. A fifth IC card system, wherein authentication information is read from the first IC card, and the read authentication information is sent to the second IC card, stored, and issued.
Alternatively, a means for holding first authentication information enabling the authenticity of self or another person to be authenticated, a mutual authentication means for authenticating mutual validity with another person, and a method for communicating with another person based on the result of the mutual authentication. Other card authentication information management for generating a session key for establishing a secure communication path and managing the secure communication means using the generated session key and the card identification information and authentication information of another card input from outside A first IC card comprising:
A means for holding the card identification information of the self, a means for holding the second authentication information that can authenticate the validity of the self or another person, the authentication information stored in the means for holding the authentication report, Mutual authentication means for authenticating mutual validity with another person, and a secure communication means for generating a session key for establishing a secure communication path with another person based on the result of the mutual authentication, and using the generated session key. A second IC card,
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A session key for establishing a communication path is generated, secure communication means using the generated session key, and card identification information and authentication information are obtained from the second IC card, and the obtained card identification information and authentication information are An IC card issuing machine having card issuing means for requesting sending and storing to the first IC card,
The IC card issuing machine reads out card identification information and authentication information from the second IC card, performs a first mutual authentication process with the first IC card, and performs the first mutual authentication. Using the first session key generated based on the result of the processing, the first session key is transmitted via the first secure communication path established between the first IC card and the IC card issuing machine. A sixth IC card system, wherein the card identifier and the authentication information read from the IC card are sent, stored, and issued.
[0025]
BEST MODE FOR CARRYING OUT THE INVENTION
A first embodiment of the present invention will be described with reference to FIG. FIG. 3 shows the configuration of an IC card system that realizes the provision of an IC card service using two IC cards. Prior to the description of the embodiments of the present invention, the purpose of the present invention will be briefly described. An object of the present invention is to provide a method for securing a card terminal 300 with a card AP 326 on a sub-card 320 having no authentication information in advance via a main card 310 in which the card terminal has authentication information in advance. It is to realize communication. That is, the card terminal is responsible for realizing card authentication for the main card 310, which is the first IC card, and for the sub card 320, which is the second IC card, for performing service AP business using the card AP. On the contrary, it is a feature of the present invention that both can cooperate to enable secure provision of services.
[0026]
Hereinafter, the present invention will be described in detail with reference to FIG. First, the configuration of the IC card system of the present invention will be described. The card terminal 300 includes a card terminal OS 301 and a data storage unit 302. The card terminal OS 301 accesses and executes an application (AP) on the data storage unit 302 via the data path 350. The main card 310 similarly includes a card OS 311 and a data storage unit 312. The card OS 311 accesses and executes an application (AP) on the data storage unit 312 via the data path 359. Similarly, the sub card 320 includes a card OS 321 and a data storage unit 322. The card OS 321 accesses and executes an application (AP) on the data storage unit 322 via the data path 360.
[0027]
Hereinafter, the operation of the IC card system according to the present invention will be described in chronological order with reference to FIG. The main card 310 and the sub card 320 are connected to the card terminal 300. In this initial state, the card terminal 300 stores only the main card master key Kc1m304, the main card 310 stores only the main card master key Kc1m314 and the sub card master key Kc2m317, and the sub card 320 stores Stores only the sub card master key Kc2m. In other words, it should be noted that the card terminal 300 does not have the authentication information on the sub card 320, and that the main card 310 has the authentication information on the sub card 320.
[0028]
First, the card terminal 300 executes the main card authentication AP 303. The main card authentication AP 303 accesses the terminal authentication AP 313 on the main card 310 via the logical data path 351. The main card authentication AP 303 has a main card master key Kc1m 304 set therein, and performs mutual authentication with the terminal authentication AP 313 of the main card 310. When the mutual authentication is successful, the main card authentication AP 303 and the terminal authentication AP 313 generate session keys Kc1s (305, 315), respectively.
[0029]
Next, the card terminal 300 executes the card cooperation AP 306 which is a characteristic AP of the present invention. The card cooperation AP 306 accesses the sub card authentication AP 316 on the main card 310 via the data path 354, and accesses the main card authentication AP 323 on the sub card 320 via the data path 355. By accessing these two, the card cooperation AP 306 fulfills the function of mediating the two to execute mutual authentication using the sub-card master keys Kc2m317, 324.
[0030]
Here, the sub card authentication AP 316 on the main card 310, which is another feature of the present invention, will be described. The sub-card authentication AP 316 holds a list of sub-cards that the main card 310 can substitute for the authentication process, and performs a function of authenticating a sub-card that the card terminal 300 intends to cooperate with. Specifically, by managing a pair of a card identifier and a master key of a sub card as a list of sub cards, mutual authentication with a sub card of a cooperating partner is enabled.
[0031]
If the mutual authentication succeeds, the sub card authentication AP 316 on the main card 310 derives the sub card session key Kc2s318 from the sub card master key Kc2m 317, and the main card authentication AP 323 on the sub card 320 sends the sub card session key Kc2m 324 from the sub card master key Kc2m 324. The key Kc2s325 is derived.
[0032]
Next, the sub card authentication AP 307 uses the main card session key Kc1s305 generated by the main card authentication AP 303 on the card terminal 300 and the main card session key Kc1s 315 generated by the terminal authentication AP 313 on the main card 310 to perform logical operation. A data path 356 protected by a secure communication path 357 is realized. The sub card authentication AP 307 reads the sub card session key Kc2s 318 generated in the sub card authentication AP 316 on the main card 310 via the same data path 356, and stores it as the sub card session key Kc2s 308 in its own AP. By reading the session key, the card terminal 300 can safely obtain, through the main card, a session key capable of realizing secure communication with the sub card 320 having no information at the beginning. Become. In other words, it is understood that the card terminal, that is, the host side, does not need to manage the authentication information of the sub card.
[0033]
Finally, the card terminal 300 executes the service terminal AP309. The service terminal AP 309 realizes the data path 362 protected by the card AP 326 on the sub card 320 and the logical secure communication path 363 by using the sub card session key Kc2s 308 obtained by the sub card authentication AP 307 (358). It is possible to do. On the other hand, the card AP 326 on the sub card 320 is protected by the logical secure communication channel 363 with the service terminal AP 309 on the main card 300 using the sub card session key Kc2s 325 generated by the main card authentication AP 323 (361). Data path 362 can be realized.
[0034]
This concludes the description of the first embodiment of the present invention. In this embodiment, the authentication key of each card is a key corresponding to the card manager key of the Open Platform Card specification of Global Platform, but it is also considered that the authentication key of each card is a key corresponding to the security domain key of the same specification. It is clear that the implementation according to the embodiment is likewise possible. Further, in the present embodiment, the explanation has been given assuming that the authentication key of each card is a symmetric encryption key (common encryption key). it is obvious.
[0035]
As a second embodiment of the present invention, a method of issuing a sub card that can be linked with a main card will be described. First, the configuration of the IC card (= sub card) issuing machine of the present invention will be described with reference to FIG.
The external operation of the card issuing machine 400 will be described. The card issuing machine 400 receives a sub card issuing instruction 420 from the card user 410. Next, the card issuing machine 400 requests the presentation of the main card 406 of the card user (426), and stores the sub-card authentication information of the issuance symmetric with respect to the sub-card authentication AP of the same card. Finally, the card issuing machine 400 issues the sub card 408 to the card user (428).
[0036]
The internal operation of the card issuing machine 400 will be described. The card issuance control unit 401 in the card issuance machine 400 receives a sub card issuance instruction via the card issuance instruction input unit 402 (421). The card issuance control unit 401 instructs, via the data path 422, the unissued sub card storage unit 403 to send the unissued card to the sub card master key setting unit 404. The unissued sub-card sent to the sub-card master key setting unit 404 via the transport path 423 stores the master key information sent by the card issuance control unit 401 via the data path 424, and is transmitted via the transport path 425. It is sent to the card carry-out unit 407 and issued to the card user 410 as a sub card 408 (428). In parallel with this, the card issuance control unit 401 receives the main card 407 of the card user 410 (426), and sends the issuance-symmetric sub-card authentication key sent to the main card registration information setting unit 405 via the data path 427. Stores information. This is the end of the brief description of the operation of the sub card issuing machine.
[0037]
Two embodiments will be described in detail regarding a method of generating a master key stored in a sub card by the card issuing machine 400. First, the first embodiment will be described with reference to FIG. The card issuing machine 500 includes a card issuing machine OS 501 and a data storage unit 502. The card issuer OS 501 accesses and executes an application (AP) on the data storage unit 502 via the data path 550. The main card 510 similarly includes a card OS 511 and a data storage unit 512. The card OS 511 accesses and executes an application (AP) on the data storage unit 512 via the data path 560. Similarly, the sub card 520 includes a card OS 521 and a data storage unit 522. The card OS 521 accesses and executes an application (AP) on the data storage unit 522 via the data path 561.
[0038]
Hereinafter, the operation of the sub card issuing method 1 in the IC card system according to the present invention will be described with reference to FIG. In the card issuing machine 500, the main card 510 is connected, and the sub card 520 is prepared. In this initial state, the card issuing machine 500 stores only the main card master key Kc1m 504, the main card 510 stores only the main card master key Kc1m 514, and the sub card 520 stores only the sub card identifier Id2. Is stored.
[0039]
First, the card issuing machine 500 executes the main card authentication AP 503. The main card authentication AP 503 accesses the terminal authentication AP 513 on the main card 510 via the logical data path 551. The main card authentication AP 503 has a main card master key Kc1m 504 set therein, and performs mutual authentication with the terminal authentication AP 513 of the main card 510. When the mutual authentication is successful, the main card authentication AP 503 and the terminal authentication AP 513 respectively generate a main card session key Kc1s (505, 515).
[0040]
Next, the card issuing machine 500 executes the sub card issuing AP 506. The sub card issuing AP 506 accesses the sub card 520, reads out the sub card identifier Id2 (523) unique to the sub card 520 via the data path 554, and stores the sub card identifier Id2 (507) in itself. Further, the sub card issuing AP 506 realizes the secure communication path 559 by using the generated main card session key Kc1s (505, 515), and transmits the sub card master key generating AP 516 on the main card 510 to the sub card master key generating AP 516 via the data path 555. , And store it as the sub card identifier Id2 (517). The sub-card master key generation AP 516 on the main card 510 uses the sub-card identifier Id2 (517) and the sub-card authentication key generation master key Kcm 518 stored therein, and uses the sub-card master key Kc2m 519 unique to the sub-card 520. Is generated as a derived key. The sub card issuing AP 506 on the card issuing machine 500 realizes the secure communication path 557 using the generated main card session key Kc1s (505, 515), and transmits the sub card master key Kc2m 519 via the data path 556. Read it out and store it in itself as the subcard master key Kc2m508. Further, the sub card issuing AP 506 accesses the sub card 520 via the data path 558 and stores the sub card master key Kc2m 525. This concludes the description of the operation of the sub card issuing method 1.
Next, the operation of the sub card issuing method 2 in the IC card system of the present invention will be described in the order of time with reference to FIG. In the card issuing machine 600, the main card 610 is connected, and the sub card 620 is prepared. In this initial state, the card issuing machine 600 stores only the main card master key Kc1m 604, the main card 610 stores only the main card master key Kc1m 614, and the sub card 520 stores the sub card identifier Id2. Only the sub card master key Kc2m625 is stored.
[0041]
First, the card issuing machine 600 executes the main card authentication AP 603. The main card authentication AP 603 accesses the terminal authentication AP 613 on the main card 610 via the logical data path 651. The main card authentication AP 603 has a main card master key Kc1m 604 set therein and executes mutual authentication with the terminal authentication AP 613 of the main card 610. If the mutual authentication succeeds, the main card authentication AP 603 and the terminal authentication AP 613 respectively generate a main card session key Kc1s (605, 615).
[0042]
Next, the card issuing machine 600 executes the sub card issuing AP 606. The sub card issuing AP 606 accesses the sub card 620, reads out the sub card identifier Id2 (623) unique to the sub card 620 via the data path 654, and stores the sub card identifier Id2 (607) in itself. Further, the sub-card issuing AP 606 realizes the secure communication path 656 using the generated main card session key Kc1s (605, 615), and connects to the sub-card master key registration AP 616 on the main card 610 via the data path 655. , And store it as the sub card identifier Id2 (617).
[0043]
Further, the sub card issuing AP 606 accesses the sub card 620, reads out the sub card master key Kc2m (625) unique to the sub card 620 via the data path 657, and stores the sub card master key Kc2m (609) in itself. Further, the sub card issuing AP 606 realizes a secure communication path 659 by using the generated main card session key Kc1s (605, 615), and connects to the sub card master key registration AP 616 on the main card 610 via the data path 658. , And store it as the sub card master key Kc2m619. This concludes the description of the operation of the sub card issuing method 2.
[0044]
【The invention's effect】
According to the present invention, the user of the main card receives the issuance of the sub card as necessary, so that the number of IC cards usable by the user can be easily increased. The sub card does not require any special treatment other than being used in combination with the main card, thereby improving convenience. Further, even if the sub card is lost, the sub card alone does not operate, so that it is considered that the security is safer than the case where a plurality of main cards are used.
[0045]
Further, for the card issuer, the management of the sub-card is simpler than that of the main card, and the operation management cost can be reduced as compared with the case where a plurality of main cards are issued.
[Brief description of the drawings]
FIG. 1 is a configuration of a conventional IC card system.
FIG. 2 is a sequence diagram of a mutual authentication process and a secure communication process in a conventional IC card system.
FIG. 3 is a configuration of an IC card system of the present invention.
FIG. 4 is a configuration of a sub card issuing machine in the IC card system of the present invention.
FIG. 5 shows a sub card issuing method 1 in the IC card system of the present invention.
FIG. 6 shows a sub card issuing method 2 in the IC card system of the present invention.
[Explanation of symbols]
100: Card terminal
101: Card terminal OS
102: Data storage unit
107: Card authentication AP
108: Card master key
109: Card session key
110: Card
111: Card OS
116 data storage unit
117: Terminal authentication AP
118: Card master key
119: Card session key
200: Card terminal
201: Card
300: Card terminal
303: Main Card Authentication AP
304: Main card master key
305: Main card session key
306: AP for card cooperation
307: Sub card authentication AP
308: Subcard session key
309: Service terminal AP
310: Main card
313: Terminal authentication AP
314: Main card master key
315: Main card session key
316: Sub card authentication AP
317: Sub card master key
318: Subcard session key
320: Sub card
323: Main card authentication AP
324: Main card master key
325: Main card session key
400: card issuing machine
410: Card user
406: Main card
408: Sub card
500: Card terminal
503: Main card authentication AP
504: Main card master key
505: Main card session key
506: AP for sub card issuance
507: Sub card identifier
508: Sub card master key
510: Main card
513: Terminal authentication AP
514: Main card master key
515: Main card session key
516: Sub card master key generation AP
517: Sub card identifier
518: Master key for generating a sub card authentication key
519: Sub card master key
520: Sub card
523: Sub card identifier
525: Sub card master key
600: Card terminal
603: Main card authentication AP
604: Main card master key
605: Main card session key
606: AP for issuing sub card
607: Sub card identifier
609: Sub card master key
610: Main card
613: Terminal authentication AP
614: Main card master key
615: Main card session key
616: Sub card master key registration AP
517: Sub card identifier
619: Sub card master key
620: Sub card
623: Sub card identifier
625: Sub card master key.

Claims (7)

Means for holding first authentication information and second authentication information for enabling authentication of the validity of self or another person, mutual authentication means for authenticating mutual validity with another person, and a result of the mutual authentication A first IC card having a secure communication means for generating a session key for establishing a secure communication path with another based on
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A second IC card having a secure communication means for generating a session key for establishing a communication path and using the generated session key;
Means for holding fourth authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure means for securing the other based on the result of the mutual authentication. An IC card terminal having a secure communication means for generating a session key for establishing a communication path and using the generated session key;
Performing a first mutual authentication process between the first IC card and the IC card terminal;
Performing a second mutual authentication process between the first IC card and the second IC card,
Using a first session key generated based on the result of the first mutual authentication process, via a first secure communication path established between the first IC card and the IC card terminal. Transferring a second session key generated based on the result of the second mutual authentication process from the first card to the card terminal;
An IC card system, wherein a secure communication path is established between the second card and the card terminal using the second session key transferred to the card terminal. 2. The method according to claim 1, wherein the first authentication information held by the first IC card and the third authentication information held by the IC card terminal are the same symmetric encryption key. IC card system. 3. The method according to claim 2, wherein the first session key generated based on a result of the first mutual authentication process is a symmetric encryption key obtained by encrypting a random number with the symmetric encryption key. An IC card system characterized by the above-mentioned. 2. The method according to claim 1, wherein the second authentication information held by the first IC card and the second authentication information held by the second IC card are the same symmetric encryption key. IC card system. 5. The symmetric encryption key according to claim 4, wherein the second session key generated based on a result of the second mutual authentication process is a symmetric encryption key obtained by encrypting a random number with the symmetric encryption key. An IC card system characterized by the above-mentioned. Means for holding first authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure means for securing the other based on the result of the mutual authentication Other card authentication information for generating a session key for establishing a communication path, using the secure communication means using the generated session key, and generating authentication information of the other card using card identification information of the other card input from outside A first IC card comprising: a creation unit; and another card authentication information management unit that manages the card identification information of the other card and the generated other card authentication information in pairs,
Means for holding own card identification information, means for holding second authentication information enabling authenticity of self or another person, mutual authentication means for authenticating mutual validity with another person, A second IC card comprising: a session key for establishing a secure communication path with another based on the result of the mutual authentication; and a secure communication means using the generated session key.
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A session key for establishing a communication path is generated, secure communication means using the generated session key, and card identification information are obtained from the second IC card, and the obtained card identification information is stored in the first IC card. And a card issuing means for requesting generation of authentication information based on the sent card identification information, and storing the generated authentication information in the second IC card.
The IC card issuer reads card identification information from the second IC card, performs a first mutual authentication process with the first IC card, and outputs a result of the first mutual authentication process. Using the first session key generated based on the first IC card, the first IC card is read from the second IC card via the first secure communication path established between the first IC card and the IC card issuing machine. The issued card identifier is sent to the other card authentication information creating means of the first IC card to request creation of authentication information of the second IC card. An IC card system, wherein authentication information is read from the first IC card, and the read authentication information is sent to the second IC card, stored, and issued. Means for holding first authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure means for securing the other based on the result of the mutual authentication A secure communication unit that generates a session key for establishing a communication path and uses the generated session key; and another card authentication information management unit that manages the card identification information and the authentication information of the other card input from outside as a pair. A first IC card having
A means for holding the card identification information of the self, a means for holding the second authentication information that can authenticate the validity of the self or another person, the authentication information stored in the means for holding the authentication report, Mutual authentication means for authenticating mutual validity with another person, and a secure communication means for generating a session key for establishing a secure communication path with another person based on the result of the mutual authentication, and using the generated session key. A second IC card,
Means for holding third authentication information enabling the authenticity of the self or the other to be authenticated, mutual authentication means for authenticating the mutual authenticity with the other, and secure communication with the other based on the result of the mutual authentication A session key for establishing a communication path is generated, secure communication means using the generated session key, and card identification information and authentication information are obtained from the second IC card, and the obtained card identification information and authentication information are An IC card issuing machine having card issuing means for requesting sending and storing to the first IC card,
The IC card issuing machine reads out card identification information and authentication information from the second IC card, performs a first mutual authentication process with the first IC card, and performs the first mutual authentication. Using the first session key generated based on the result of the processing, the first session key is transmitted via the first secure communication path established between the first IC card and the IC card issuing machine. An IC card system for sending, storing, and issuing a card identifier and authentication information read from an IC card.

Images