JP2019134288A - Information processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing system capable of preventing leakage of device authentication information and easily constructing device authentication with higher security. A host device 2 includes an application 51, card reader control software 60, and an authentication key generation PLL 55. The card reader control software 60 includes a device / cryptographic control DLL61, a communication control DLL62, and an interface unit DLL63. The device / encryption control DLL 61 is a DLL that realizes the functions of the authentication processing unit 20 (random number generation unit, encryption unit, decryption unit, authentication determination unit) and control unit 25. The authentication key generation DLL 55 is a DLL that generates Km from the model-specific information of the card reader 3 based on a predetermined authentication information algorithm. [Selection diagram] Fig. 2

Description

  The present invention relates to an information processing system that transmits and receives information between a host device and an information processing device, and in particular, a function of authenticating that the information processing device is a legitimate device by using the common key cryptosystem. The present invention relates to an information processing system including

  In general, when a higher-level device (such as a host computer) sends valuable information to an information processing device (such as a card reader) that is a communication partner, confirm that the information processing device that is the communication partner is valid Device authentication is performed (see, for example, Patent Document 1). In such device authentication, a common key cryptosystem using the same key as a key for encryption and a key for decryption is used.

  In the device authentication shown in Patent Document 1, an algorithm is proposed in which an apparatus operation manager can set and operate a unique master key for each machine without knowledge or experience of encryption. In common key cryptography, the device and the device operation manager must hold a common key. When a device is shipped, a master key common to all models is held, but when one master key is leaked, all key information of the same model is leaked. In order to prevent this, it is desirable to set a master key unique to the aircraft. Also, from the viewpoint of security, it is desirable that the device manufacturer is not involved in the generation of the master key. This method requires 3DES knowledge and technology on the device operation manager side, and requires appropriate key management and operation, which takes time and money. By considering only the master key generation algorithm on the device operation manager side and performing all other controls by the device manufacturer, the proposed operation can be performed at a low cost.

JP 2013-73299 A

  In the technique disclosed in Patent Document 1, as described above, the manufacturer of the information processing apparatus (that is, the device manufacturer) performs control other than the master key generation algorithm, but the software development resources in the device manufacturer are insufficient. In some cases, there has been a demand for a technique that can be more easily introduced.

  In view of such circumstances, it is an object of the present invention to provide an information processing system that can prevent leakage of device authentication information and can easily construct device authentication with higher security.

  The present invention is an information processing system that transmits and receives information between a host device and an information processing device, and the host device uses a common key encryption method to confirm that the information processing device is a legitimate device. Based on model-specific information possessed by the information processing apparatus, having an authentication information algorithm for generating device authentication information shared by the host apparatus and the information processing apparatus that are commonly owned by the host apparatus side authentication processing unit An authentication information generation unit that generates the device authentication information and a communication unit that communicates with the information processing device, and the information processing device performs an authentication process with the host device. A non-volatile storage unit that stores the device authentication information and the model specific information, and the authentication information generation unit has a function of generating a master key from the model specific information of the information processing apparatus. The functions of the authentication information generation unit, the higher-level device side authentication processing unit, and the communication unit are configured as control software with each function as a module, and rewrites the master key of the information processing device, And a tool that can be rewritten into a temporary key held in advance as temporary device authentication information.

  According to the present invention, a device operation manager of an information processing system can construct an information processing system with sufficiently secured security even when know-how (knowledge and technology) of a common key cryptosystem is not sufficient, and information Since the manufacturer of the processing equipment does not know the device authentication information during actual operation, it is possible to prevent leakage of device authentication information from the manufacturer and to easily construct a device authentication with higher security. .

  Further, in the present invention, the authentication information algorithm is provided to the device operation manager of the information processing system by using the source code (authentication information algorithm for generating the device authentication information Km) as a module (component) by the information processing device manufacturer. By providing, the device operation manager of the information processing system creates a module for generating an authentication key by adding a unique algorithm and function for generating device authentication information Km to the provided source code Can do.

  Furthermore, since the functions of the authentication information generation unit, the higher-level device-side authentication processing unit, and the communication unit are provided to the device operation manager of the information processing system as control software with each function as a module, the device operation manager The function can be changed and adjusted on a module-by-module basis, development resources can be reduced, and actual implementation becomes easier. That is, the apparatus operation manager can construct an information processing system with sufficiently secured security even when the know-how (knowledge and technology) of the common key cryptosystem such as 3DES is not insufficient. On the other hand, the manufacturer of the information processing apparatus only sets temporary device authentication information at the time of manufacturing, but does not grasp the device authentication information Km during actual operation. Risks such as leakage from contractors can be avoided.

In the present invention, the module functioning as the authentication information generation unit of the control software is preferably configured as a DLL.
In the present invention, the device operation manager can create an authentication key generation DLL by adding a unique algorithm or function for generating the device authentication information Km to the source code provided as the DLL. As a result, the information processing device manufacturer can provide the source code as a DLL and provide an easy-to-use package (software) for parts that require knowledge and technology such as 3DES. In addition, an original authentication information algorithm for generating device authentication information Km (a DLL for generating authentication information) can be introduced more easily.

The DLL file name that functions as the authentication information generation unit and the communication interface with the DLL cannot be changed.
As a result, the processing program is dynamically created based on the DLL prepared in advance, so that the processing of the application and the card reader control software, operation check, etc. can be appropriately operated while ensuring compatibility.

The model-specific information of the information processing device is stored in the memory of the higher-level device side authentication processing unit, and the higher-level device side authentication processing unit checks whether or not the information processing device has been replaced for each input. It is characterized by that.
Since replacement is confirmed for each input, the security of the authentication process can be further improved.

  According to the present invention, a device operation manager of an information processing system can construct an information processing system with sufficiently secured security even when know-how (knowledge and technology) of a common key cryptosystem is not sufficient, and information Since the manufacturer of the processing equipment does not know the device authentication information during actual operation, it is possible to prevent leakage of device authentication information from the manufacturer and to easily construct a device authentication with higher security. .

1 is a functional block diagram illustrating an information processing system according to a first embodiment. It is a figure which shows the main software which a high-order apparatus based on Embodiment 1 has. 3 is a flowchart illustrating an operation of setting device authentication information in the information processing system according to the first embodiment. It is a figure which shows the flowchart corresponding to the operation | movement which sets the apparatus authentication information of FIG. 4 is a flowchart showing device authentication operation in the information processing system according to the first embodiment. 3 is a flowchart illustrating an operation of generating device authentication information in the information processing system according to the first embodiment.

Embodiments of the present invention will be described below.
Embodiment 1 of the Invention

(Configuration of information processing system)
FIG. 1 is a functional block diagram showing an information processing system 1 according to an embodiment of the present invention.
As shown in the figure, the information processing system 1 is composed of a host device 2 such as a host computer and a card reader 3 as an information processing device connected to the host device 2 via communication means. In this embodiment, the communication means is a wired cable such as RS232C or USB. Note that the communication means is not limited to these wires, and may be connected via a LAN or wireless.

  As shown in FIG. 1, the host device 2 includes an authentication processing unit 20, a control unit 25, a communication unit 26, a storage unit 27, and an authentication information generation unit 28.

  The authentication processing unit 20 performs authentication processing with the card reader 3. Specifically, the authentication processing unit 20 includes a random number generation unit 21, an encryption unit 22, a decryption unit 23, and an authentication determination unit 24, and controls each unit necessary for device authentication. Further, the authentication processing unit 20 holds the temporary device authentication information Kt created and provided by the manufacturer of the card reader 3 in a safe manner at the initial time (when the card reader 3 is shipped from the factory).

  The provisional device authentication information Kt generates a communication exchange key Kex as a common key prior to cryptographic communication of data transmitted and received between the host device 2 and the card reader 3 using a common key cryptosystem. Is for. The process for generating the communication exchange key Kex will be described later. The host device 2 may include a nonvolatile memory and a hard disk device for storing various system control programs and parameters, and the temporary device authentication information Kt may be stored therein. Good.

  The random number generator 21 generates a communication exchange key Kex (n) (n is an integer; the same applies hereinafter) and a random number R (n) (n is an integer; the same applies hereinafter). The random number generator 21 stores in advance an algorithm for generating a communication exchange key Kex (n) and a random number R (n) (hereinafter referred to as a random number generation algorithm). The communication exchange key Kex (n) is an encryption key (in this embodiment, the decryption key is the same) used when the host device 2 and the card reader 3 encrypt and transmit data to each other. The random number R (n) is data transmitted together with device authentication information and the like when data is encrypted and transmitted.

  The communication exchange key Kex (n) and the random number R (n) are different for each device authentication process and device authentication information generation process executed between the higher-level device 2 and the card reader 3. In the present embodiment, the communication exchange key Kex (n) is generated differently for each device authentication process. The random number R (n) is generated so as to be different for each device authentication process and device authentication information generation process.

  Thus, even if the same device authentication information is transmitted, the communication exchange key Kex (n) and the random number R (n) are different each time the random number generation unit 21 generates them. The transmission data encrypted by using the same is also different. Therefore, even if a signal between the host device 2 and the card reader 3 is intercepted and a signal similar to that intercepted without using the card reader 3 is sent to another card reader, the communication exchange key Kex (n ), Since the random numbers R (n) are different, the signals do not match, and unauthorized operations can be prevented. For this reason, eavesdropping of communications and decryption by a third party are made more difficult, and security is increased.

The encryption unit 22 stores in advance an encryption algorithm E standardized by 3DES (Triple DES). The encryption unit 22 generates a random number R (n) e encrypted according to the encryption algorithm E to the random number R (n) generated by the random number generation unit 21. At this time, the communication exchange key Kex (n) is used as the key of the encryption algorithm E. The encrypted random number R (n) e can be expressed as shown in Equation 1 below.
[Equation 1] R (n) e = E (Kex (n), R (n))

(About 3DES)
The encryption method used in this embodiment is a common key encryption method characterized in that the key for encryption (encryption key) and the key for decryption (decryption key) are the same key. . Further, among these common key cryptosystems, DES (abbreviation of Data Encryption Standard) was defined as the US Information Processing Standards (FIPS-PUB) 46-3 in 1977 and is most widely used. This is one of the encryption methods. Further, in the present embodiment, the DES is changed to 3DES, which is harder to decode than the DES. 3DES is an encryption method that repeats the DES algorithm three times, can use the DES algorithm, and can obtain the same effect as extending the key length of the encryption key, relatively easily. The encryption strength can be increased.

The decoding unit 23 stores in advance a decoding algorithm D standardized by DES. The decryption unit 23 generates a random number R (n) obtained by decrypting the encrypted random number R (n) e according to the decryption algorithm D. At this time, the communication exchange key Kex (n) is used as the key of the decryption algorithm D. The generated random number R (n) can be expressed as shown in the following equation 2.
[Expression 2] R (n) = D (Kex (n), R (n) e)

  The authentication determination unit 24 determines whether the card reader 3 is a valid device or an unauthorized device based on the device authentication information returned from the card reader 3 and decrypted by the decryption unit 23. Specifically, the random number R ′ received from the decryption unit 23 is compared with the random number R generated by the random number generation unit 21 and stored in the storage unit 27. If the random number R ′ and the random number R match, The card reader 3 to which the host device 2 is connected is authenticated as a correct device. If the random number R ′ and the random number R do not match, the higher-level device 2 determines that the connected card reader 3 is an unauthorized device.

  The control unit 25 controls the entire host device 2, that is, the entire host device 2 including the authentication processing unit 20, the communication unit 26, the storage unit 27, and the authentication information generation unit 28. Specifically, although not shown in the figure, the control unit 25 performs various arithmetic processes using a control program and the like, and is necessary when the host device 2 and the host device 2 execute the processing. A rewritable memory to which work data is copied, and includes a ROM in which control data such as a program used by the CPU and calculation parameters are recorded, and a RAM that also functions as a work area of the CPU.

  The communication unit 26 communicates with the communication unit 35 of the card reader 3 via a cable (communication line) as a communication unit. The communication means is wired such as a cable in the present embodiment, but is not limited to this, and may be wireless.

  The storage unit 27 is a volatile memory, and stores the communication exchange key Kex (n) and the random number R (n) generated by the random number generation unit 21.

  The authentication information generation unit 28 stores an authentication information algorithm for generating device authentication information Km, and generates device authentication information Km for performing device authentication when the serial number of the card reader 3 is input. Here, the serial number is a production number assigned to each machine of the card reader 3 for each production, but is unique information (for example, ID number, device number, etc.) unique to the card reader 3 other than the serial number. Also good.

  The device authentication information Km generated by the authentication information generation unit 28 is erased as soon as the operation for setting the device authentication information Km on the card reader 3 side is completed. That is, each time the card reader 3 is newly connected or reconnected and the device authentication operation is started, the higher-level device 2 generates device authentication information Km based on the serial number of the connected card reader 3. cure.

  As a result, the host device 2 needs to hold the device authentication information Km for a long period of time in a manner corresponding to all the card readers 3 that may be connected even when the card reader 3 cannot be predicted. There is no.

  Further, since the host device 2 continues to hold the device authentication information Km, it is not necessary to output it to a file, a registry, or the like. That is, the risk that the device authentication information Km is leaked can be reduced, security can be ensured, and the memory area can be further reduced.

(Software configuration of the host device)
Next, with reference to FIG. 2, the host device 2 will be described from the viewpoint of software, corresponding to the functional blocks of FIG. FIG. 2 is a diagram illustrating main software included in the host device 2 according to the first embodiment. The host device 2 includes an application 51 and card reader control software 60 as main software.

  The host device 2 includes an application 51, card reader control software 60, and an authentication key generation DLL 55. The card reader control software 60 includes a device / encryption control DLL 61, a communication control DLL 62, and an interface unit DLL 63. The device / encryption control DLL 61 is a DLL that implements the functions of the authentication processing unit 20 (random number generation unit 21, encryption unit 22, decryption unit 23, authentication determination unit 24) and control unit 25. The authentication key generation DLL 55 is a DLL that generates device authentication information Km from the model-specific information of the card reader 3 based on a predetermined authentication information algorithm.

  The application 51 is software that uses an authentication function provided by the card reader control software 60, and is prepared and introduced by the user of the card reader 3.

  The card reader control software 60 is software that controls communication with the card reader 3 and performs authentication processing, and is provided by the manufacturer of the card reader 3. In this embodiment, the functions of the authentication processing unit 20, the control unit 25, and the communication unit 26 of FIG. 1 are realized. Note that the card reader control software 60 implements, in particular, the authentication processing function as software among the functions of the authentication processing unit 20, the control unit 25, and the communication unit 26, and other functions are implemented as software. You don't have to.

  The card reader control software 60 is configured as a unit. This unit is replaceable and packaged. Thus, even if a card reader other than the card reader 3 is used, it is not necessary to change the application by replacing the card reader with a unit compatible with the other card reader. Can be reduced.

  In this embodiment, the card reader control software 60 is a modularized card reader control software DLL group. More specifically, the card reader control software DLL group includes a device / encryption control DLL 61, a communication control DLL 62, an interface unit DLL 63, and an authentication key generation DLL 55. That is, a program having functions of the authentication processing unit 20, the control unit 25, and the communication unit 26 is modularized for each function. And when adding a function or changing an operation, it is possible to cope by replacing the corresponding DLL. Processing by the card reader control software 60 is performed by these DLL files. Thereby, the modularization makes it possible to perform maintenance on each module and improve the maintainability.

  The device / encryption control DLL 61 is a DLL that implements the authentication processing unit 20 (random number generation unit 21, encryption unit 22, decryption unit 23, authentication determination unit 24), control unit 25 authentication processing function, and communication unit 26 function. is there.

  The communication control DLL 62 is a DLL used for communication with the card reader, and realizes the function of the communication unit 26 of the authentication processing unit 20.

  The interface unit DLL 63 is a DLL that serves as an interface with the application 51.

  The authentication key generation DLL 55 is a DLL that generates Km from the model-specific information of the card reader 3 based on a predetermined authentication information algorithm. In this embodiment, the authentication information algorithm is generated by the manufacturer of the host device 2 by creating a source code (authentication information algorithm (source program) for generating device authentication information Km) as a DLL (Dynamic Link Library). It is provided to the user (device operation manager) of the system 1 (card reader 3).

  The apparatus operation manager of the information processing system 1 creates an authentication key generation DLL 55 by adding a unique algorithm or function for generating the device authentication information Km to the source code provided as the DLL. As a result, the part that requires 3DES knowledge and technology is easily provided by the manufacturer of the upper level device 2 using the source code as a DLL, so that the device operation manager can provide his / her own device authentication information Km. An authentication information algorithm to be generated (a DLL for generating authentication information) can be easily introduced. In general, there is a possibility that compatibility will be lost due to the change and the system cannot be called from the manufacturer's system. To avoid this, the DLL name and the interface unit DLL 63 cannot be changed.

(Configuration of card reader)
As shown in FIG. 1, the card reader 3 communicates with an authentication processing unit 30 that performs authentication processing and 3DES encryption / decryption, a control unit 34 that controls the entire card reader 3, and communication with the host device 2 side. The communication unit 35 to perform, a volatile storage unit 36, and an EEPROM 37 as a nonvolatile storage unit are provided. Further, the authentication processing unit 30 includes an encryption unit 31, a decryption unit 32, and an authentication determination unit 33.

  Here, the control unit 34 and the communication unit 35 have the same functions as the control unit 25 and the communication unit 26 of the host device 2, respectively, and detailed description thereof is omitted. Similarly, the encryption unit 31 and the decryption unit 32 constituting the authentication processing unit 30 have the same functions as the encryption unit E and the decryption algorithm D similar to the encryption unit 22 and the decryption unit 23 of the higher-level device 2. Therefore, detailed description here is omitted.

  The authentication determination unit 33 is generated by the random number generation unit 21 (device / encryption control DLL 61) of the host device 2 and then transmitted from the decryption unit 32 that decrypts the device authentication information Km that is encrypted and transmitted to the card reader 3. The validity of the data of the communication exchange key Kex (n) is checked (and whether or not the data received from the host device 2 is valid).

  Specifically, a parity check or a weak key is checked. Parity check is one method for detecting data errors. The weak key is a key (4 weak keys and 12 quasi-weak keys) that are considered to be unfavorable in terms of security in DES as a common key encryption technology. Yes. In addition, since 4 weak keys and 12 quasi-weak keys are publicized, explanation here is omitted.

  The storage unit 36 is volatile, and is generated by the random number generation unit 21 (device / encryption control DLL 61) of the higher-level device 2, and then the authentication determination unit 33 among the device authentication information Km decrypted by the transmitted decryption unit 32. The communication exchange key Kex (n) determined to be valid at is stored.

  The EEPROM 37 is non-volatile, and stores temporary device authentication information Kt, device authentication information Km, and the serial number of the card reader 3. That is, the card reader 3 holds the device authentication information Km without erasing it even when the power is turned on or reset.

(Device authentication information setting operation)
Hereinafter, an operation for setting the device authentication information Km will be described.
FIG. 3 is a flowchart illustrating an operation of setting the device authentication information Km (common key) in the information processing system 1 according to the first embodiment. FIG. 4 is a diagram illustrating a flowchart corresponding to the operation of setting the device authentication information Km (common key) in FIG.

  In the information processing system 1, when the card reader 3 is connected to the host device 2 via a cable (communication line), an operation for setting the device authentication information Km based on the serial number of the card reader 3 is executed. . The operation for setting the device authentication information Km will be described in detail below with reference to FIGS.

  At the initial stage (at the time of factory shipment), the card reader 3 and the host device 2 hold temporary device authentication information Kt as a common encryption key. For example, the temporary device authentication information Kt is a model number indicating the model of the card reader 3. The model number is a number or symbol common to the same model, unlike the serial number unique to the machine.

  First, the control unit 25 (device / encryption control DLL 61) of the higher-level device 2 starts processing for setting the device authentication information Km. Specifically, a request command for device authentication is transmitted from the higher-level device 2 to the card reader 3 via the communication unit 26 (communication control DLL 62) and the communication unit 35. The card reader 3 replies to the host device 2 via the communication unit 35 and the communication unit 26 (communication control DLL 62) that the request command has been received.

  Next, the random number generation unit 21 (device / encryption control DLL 61) of the host device 2 generates a communication exchange key Kex (n) and a random number R (n) (step S1). Note that n is 1 because it is the first generation. That is, the random number generator 21 (device / encryption control DLL 61) generates a communication exchange key Kex (1) and a random number R (1) according to a random number generation algorithm. The generated communication exchange key Kex (1) and random number R (1) are stored in the storage unit 27.

  Thereafter, the encryption unit 22 (device / encryption control DLL 61) encrypts the communication exchange key Kex (1) and the random number R (1) according to the 3DES encryption algorithm E using the temporary device authentication information Kt, Encrypted data C1 = E (Kt, Kex (1) + R (1)) is generated (step S2). Here, the temporary device authentication information Kt is used as the key of the encryption algorithm E. In Kex (1) + R (1), the data of the communication exchange key Kex (1) and the data of the random number R (1) are nested.

  Further, the authentication processing unit 20 (card reader control software 60) of the host device 2 transmits the encrypted data C1 to the card reader 3 via the communication unit 26 (communication control DLL 62).

  Next, the card reader 3 receives this via the communication unit 35 (step S3). The authentication processing unit 30 decrypts the received encrypted data C1 according to the 3DES decryption algorithm D using the temporary device authentication information Kt held in advance by the card reader 2, and (Kex (1) + R (1)) = D (Kt, C1), the communication exchange key Kex (1) and the random number R (1) are decrypted. Here, temporary device authentication information Kt held in advance by the card reader 2 is used as a key of the encryption algorithm E.

  Further, the authentication determination unit 33 of the authentication processing unit 30 of the card reader 3 confirms whether or not the decrypted communication exchange key Kex held by the higher-level device 2 is correct (step S4). Here, it is confirmed whether the parity check (code) of the data of the communication exchange key Kex (1) is correct. Further, it is checked whether or not the data of the communication exchange key Kex (1) matches a key (4 weak keys and 12 quasi-vulnerable keys) that is unfavorable in terms of security as 3DES.

  As a result, if the authentication determination unit 33 determines that the communication exchange key Kex is not correct, the card reader 3 returns an error to the higher-level device 2 and ends the operation for setting the device authentication information Km (step S20). .

  Returning to step S4, if it is determined that the communication exchange key Kex (1) is correct, the authentication processing unit 30 of the card reader 3 stores the decrypted communication exchange key Kex (1) and the random number R (1). Stored in the unit 36. Subsequently, the encryption unit 31 of the authentication processing unit 30 encrypts the decrypted random number R (1) using the decrypted communication exchange key Kex (1) in accordance with the 3DES encryption algorithm E, and the encrypted data C2 = E (Kex (1), R (1)) are generated. The card reader 3 transmits the generated encrypted data C2 to the higher-level device 2 via the communication unit 35 according to a command from the control unit 34 (step S5). Note that after transmission, the random number R (1) is deleted in order to improve security including leakage.

  Next, the host device 2 receives the encrypted data C2 via the communication unit 26 (communication control DLL 62). Subsequently, the decryption unit 23 (device / encryption control DLL 61) decrypts the received encrypted data C2 according to the 3DES decryption algorithm D using the communication exchange key Kex (1) held in the storage unit 27, The random number R (1) is decrypted by R (1) = D (Kex (1), C2) (step S6).

  Then, the authentication determination unit 24 (device / encryption control DLL 61) checks whether or not the decrypted random number R (1) matches the original random number R (1) (step S7). That is, in step S1, the random number R (1) generated by the random number generation unit 21 (device / encryption control DLL 61) of the host device 2 is compared with the random number R (1) transmitted from the card reader 3, and both To see if they match. After confirmation, the random number R (1) is deleted in order to improve security including leakage.

  As a result, if the random number R (1) does not match, the authentication processing unit 20 (device / encryption control DLL 61) of the higher-level device 2 cannot authenticate (confirm) the validity of the connected card reader 3, and an error occurs. Then, the operation for setting the device authentication information Km is terminated (step S20).

  Returning to step S7, if the random number R (1) matches, the authentication processing unit 20 (card reader control software 60) determines that the validity of the card reader 3 has been confirmed (authenticated), and continues to authenticate the device. An operation for setting the information Km is executed. Specifically, the control unit 25 (device / encryption control DLL 61) requests the card reader 3 to transmit a serial number as model-specific information of the card reader 3 to the host device 2 (step S8).

  When the control unit 34 of the card reader 3 receives the serial number transmission request via the communication unit 35, the control unit 34 reads the serial number of the card reader 3 from the EEPROM 37 and transmits it to the host device 2 via the communication unit 35 (step S9). ).

  Next, the control unit 25 (device / encryption control DLL 61) outputs the serial number of the card reader 3 (via the communication unit 26) to the authentication information generation unit 28 (authentication key generation DLL 55), and sends it to the authentication information generation unit 28. On the other hand, this serial number is input to instruct generation of new (official) device authentication information Km (step S10).

  Thereafter, the authentication information generation unit 28 (authentication key generation DLL 55) generates device authentication information Km based on the input serial number in accordance with an authentication information algorithm for generating device authentication information Km, and performs authentication processing on the device authentication information Km. The data is output to the unit 20 (device / encryption control DLL 61) (step S11). The device authentication information Km generation process will be described later with reference to the flowchart of FIG.

  Next, the authentication processing unit 20 (card reader control software 60) checks whether or not the device authentication information Km has been successfully acquired (step S12).

  As a result, if acquisition of the generated device authentication information Km fails, the control unit 25 (device / encryption control DLL 61) of the higher-level device 2 cannot acquire the device authentication information Km and sets the device authentication information Km as an error. The operation to be finished is terminated (step S20).

  Returning to step S12, if the device authentication information Km is successfully acquired, the control unit 25 (device / encryption control DLL 61) of the higher-level device 2 sends a new random number to the random number generation unit 21 (device / encryption control DLL 61). Request generation of R (n). Here, since the second random number, n = 2. The random number generation unit 21 (device / encryption control DLL 61) generates a random number R (2) based on a random number generation algorithm (step S13). The generated random number R (2) is stored in the storage unit 27.

  Thereafter, the encryption unit 21 (device / encryption control DLL 61) encrypts the acquired device authentication information Km and the newly generated random number R (2) according to the 3DES encryption algorithm E using the communication exchange key Kex (1). To generate encrypted data C3 = E (Kex (1), Km + R (2)). Note that the device authentication information Km data and the random number R (2) data are nested in Km + R (2). Further, the control unit 25 (device / encryption control DLL 61) transmits the encrypted data C3 to the card reader 3 via the communication unit 26 (communication control DLL 62) (step S14).

  Then, the control unit 34 of the card reader 3 receives the encrypted data C3 via the communication unit 35. The authentication processing unit 30 of the card reader 3 decrypts the received encrypted data C3 according to the 3DES decryption algorithm D using the held communication exchange key Kex (1), and Km + R (2) = D (Kex ( The device authentication information Km and the random number R (2) are decrypted by 1) and C3) (step S15).

  Further, the authentication determination unit 33 of the authentication processing unit 30 of the card reader 3 checks whether or not the decrypted device authentication information Km held by the higher-level device 2 is correct (step S16). Here, it is confirmed whether the parity check (code) of the data of the device authentication information Km is correct. Further, it is checked whether or not the data of the device authentication information Km matches a key (4 weak keys and 12 quasi-weak keys) that is unfavorable in terms of security as 3DES.

  As a result, when the authentication determination unit 33 determines that the device authentication information Km is not correct, the authentication processing unit 30 returns an error to the higher-level device 2 and ends the operation of setting the device authentication information Km (step S20). .

  Returning to step S16, if it is determined that the device authentication information Km is correct, the authentication processing unit 30 of the card reader 3 acquires the decrypted device authentication information Km and stores the provisional device authentication information Kt stored in the EEPROM 37. Overwrite to. The decrypted random number R (2) is stored in the storage unit 36. Subsequently, the encryption unit 31 of the authentication processing unit 30 encrypts the decrypted random number R (2) according to the 3DES encryption algorithm E using the decrypted device authentication information Km, and encrypts data C4 = E (Km, R (2 )). The control unit 34 of the card reader 3 transmits the generated encrypted data C4 to the host device 2 via the communication unit 35 (step S17). Note that after transmission, the random number R (2) is deleted in order to improve security including leakage.

  Thereafter, the authentication control unit 20 (card reader control software 60) of the host device 2 receives the encrypted data C4 via the communication unit 26 (communication control DLL 62). Subsequently, the decryption unit 23 (device / encryption control DLL 61) of the upper level apparatus 2 decrypts the received encrypted data C4 according to the 3DES decryption algorithm D using the device authentication information Km held therein, and R (2) The random number R (2) is decrypted by = D (Km, C4) (step S18).

  Further, the authentication determination unit 24 (device / encryption control DLL 61) checks whether or not the decrypted random number R (2) matches the original random number R (2) (step S19). That is, in step S13, the random number R (2) generated by the host device 2 is compared with the random number R (2) transmitted from the card reader 3, and it is confirmed whether or not they match. After confirmation, the random number R (2) is deleted in order to improve security including leakage.

  As a result, when the random numbers R (2) match, the control unit 25 (device / encryption control DLL 61) of the higher-level device 2 determines that the device authentication information Km has been normally set in the card reader 3, and the device authentication information Km The operation to set is completed successfully.

  Note that when this operation is completed, the device authentication information Km held by the host device 2 is deleted in order to improve security. In other words, when the operation for setting the device authentication information Km is completed, the higher-level device 2 holds the temporary device authentication information Kt in the storage unit 27, and the card reader 3 uses the device generated in step S11. The authentication information Km is held in the EEPROM 37.

  On the other hand, if the random number R (2) does not match in step S19, the control unit 25 (device / encryption control DLL 61) of the authentication processing unit 20 of the higher-level device 2 confirms the validity of the connected card reader 3. The operation for setting the device authentication information Km is terminated when the authentication (confirmation) cannot be performed and an error occurs (step S20).

(Device authentication operation procedure)
In the information processing system 1 in which the card reader 3 for which the operation for setting the device authentication information Km has been successfully completed is incorporated, for example, an ATM device (automatic teller machine), cash deposit / withdrawal or transfer using a card, Each time transaction processing such as transfer is performed, the device authentication operation of the card reader 3 is executed using the device authentication information Km stored in the EEPROM 37.

Hereinafter, the device authentication operation will be described in detail with reference to FIG.
First, the start of authentication is notified to the control unit 25 (card reader control software 60) in response to an instruction from the application 51, which is the host device, or when the host device 2 or the card reader 3 is turned on or reset (see FIG. S30).

  The control unit 25 (device / encryption control DLL 61) of the host device 2 sends the model-specific information (for example, serial number) of the card reader 3 to the control unit 34 of the card reader 3 via the communication unit 26 (communication control DLL 62). 2 is requested to the card reader 3 (step S31).

  When the control unit 34 of the card reader 3 receives the serial number transmission request via the communication unit 35, it reads out the model-specific information (for example, serial number) of the card reader 3 from the EEPROM 37, as in step S9 described above. The data is transmitted to the host device 2 via the communication unit 35 (step S32).

  Next, the control unit 25 (device / encryption control DLL 61) sends the serial number of the card reader 3 to the authentication information generation unit 28 (authentication key generation DLL 55) via the communication unit 26 (communication control DLL 62) as in step S10 described above. ) And the machine-specific information is input to the authentication information generation unit 28 (authentication key generation DLL 55) to instruct generation of new (official) device authentication information Km (step S33).

  Thereafter, the authentication information generation unit 28 (authentication key generation DLL 55) generates device authentication information Km based on the obtained serial number, as in step S11 described above, and this device authentication information Km is used as the authentication processing unit 20 (card The data is output to the reader control software 60) (step S34).

  Here, when the device authentication information Km is generated, the device authentication is performed based on the input model-specific information (for example, serial number) according to the authentication information algorithm (program) for generating the device authentication information Km, as in step S11 described above. Information Km is generated. The generation process of the device authentication information Km will be described later with reference to the flowchart of FIG.

  Since the generated device authentication information Km is generated by the same model specific information, it is the same key as the device authentication information Km generated in step S11 described above. That is, the device authentication information Km is reproduced, and the device authentication information Km held by the higher-level device 2 is the same as the device authentication information Km held by the card reader 3.

  Next, the authentication processing unit 20 (card reader control software 60) confirms whether or not the device authentication information Km has been successfully acquired, similarly to step S12 described above (step S35). If acquisition of the device authentication information Km is successful, the control unit 25 (device / encryption control DLL 61) sends a new communication request to the random number generation unit 21 (device / encryption control DLL 61) as in step S13 described above. Requests generation of exchange key Kex (n) and random number R (n).

  Then, the random number generator 21 (device / encryption control DLL 61) generates a communication exchange key Kex (2) and a random number R (3) based on a random number generation algorithm. The generated communication exchange key Kex (2) and random number R (3) are stored in the storage unit 27. Note that the communication exchange key Kex (2) is data different from the communication exchange key Kex (1) generated in step S1 described above. The random number R (3) is data different from the random number R (2) generated in step S13 described above.

  In step S35, although not particularly illustrated, if the authentication processing unit 20 (card reader control software 60) confirms that the acquisition of the generated device authentication information Km fails, the control unit 25 ( The device / encryption control DLL 61) terminates the operation of setting the device authentication information Km when the device authentication information Km cannot be acquired and an error occurs. Using the device authentication information Km generated (reproduced) in this way as a common key, the authentication processing unit 20 (card reader control software 60) of the host device 2 performs device authentication of the card reader 3.

  Next, the encryption unit 21 (device / encryption control DLL 61) encrypts the generated communication exchange key Kex (2) and the random number R (3) in accordance with the 3DES encryption algorithm E using the device authentication information Km. Data C5 = E (Km, Kex (2) + R (3)) is generated (step S36). In Kex (2) + R (3), the data of the communication exchange key Kex (2) and the data of the random number R (3) are nested. Here, the device authentication information Km generated in step S34 is used as the key of the encryption algorithm E. The control unit 25 (device / encryption control DLL 61) transmits the encrypted data C5 to the card reader 3 via the communication unit 26 (communication control DLL 62).

  Thereafter, the control unit 34 of the card reader 3 receives the encrypted data C5 via the communication unit 35. The authentication processing unit 30 of the card reader 3 decrypts the received encrypted data C5 according to the 3DES decryption algorithm D using the stored device authentication information Km, and Kex (2) + R (3) = D (Km, C5) decrypts communication exchange key Kex (2) and random number R (3) (step S37).

  At this time, the authentication determination unit 33 of the authentication processing unit 30 of the card reader 3 checks whether or not the received communication exchange key Kex (2) held by the higher-level device 2 is correct. Here, it is confirmed whether the parity check (code) of the data of the communication exchange key Kex (2) is correct. Further, it is checked whether or not the data of the communication exchange key Kex (2) matches a key (4 weak keys and 12 quasi-weak keys) deemed unfavorable in terms of security as 3DES. As a result, when the authentication determination unit 33 determines that the received communication exchange key Kex (2) (of the higher-level device 2) is not correct, the authentication processing unit 30 returns an error to the higher-level device 2 to return the device authentication information. The operation of setting Km is terminated.

  Next, when the authentication determination unit 33 determines that the received communication exchange key Kex (2) of the higher-level device 2 is correct, the encryption unit 31 of the authentication processing unit 30 continues to use the decrypted random number R (3). Using the decrypted communication exchange key Kex (2), encryption is performed according to the 3DES encryption algorithm E to generate encrypted data C6 = E (Kex (2), R (3)) (step S38). The control unit 34 of the card reader 3 transmits the generated encrypted data C6 to the host device 2 via the communication unit 35.

  Thereafter, the authentication processing unit 20 (card reader control software 60) of the host device 2 receives the encrypted data C6 via the communication unit 26 (communication control DLL 62). Subsequently, the decryption unit 23 (device / encryption control DLL 61) decrypts the received encrypted data C6 according to the 3DES decryption algorithm D using the held communication exchange key Kex (2), and R (3) = D (Kex (2), C6) generates a random number R (3) (step S39).

  Then, the authentication determination unit 24 (device / encryption control DLL 61) checks whether or not the decrypted random number R (3) matches. That is, the random number R (3) generated and held by the host device 2 is compared with the random number R (3) transmitted from the card reader 3 and decrypted, and it is confirmed whether or not they match. After confirmation, the random number R (3) is deleted in order to improve security including leakage.

  As a result, if the random numbers R (3) match, the control unit 25 (device / encryption control DLL 61) determines that the validity of the card reader 3 has been authenticated (confirmed), and the validity of the card reader 3 is affirmed. Therefore, the authentication processing unit 20 notifies the application 51, which is higher-level software, to that effect, and ends the device authentication operation safely. As a result, the host device 2 and the card reader 3 each hold the communication exchange key Kex (2).

  Here, the device authentication operation ends (S40).

  Note that when this operation is completed, the device authentication information Km held by the host device 2 is deleted in order to improve security. In other words, when the operation for setting the device authentication information Km is completed, the higher-level device 2 holds the temporary device authentication information Kt in the storage unit 27, and the card reader 3 uses the device generated in step S11. The authentication information Km is held in the EEPROM 37.

  If the random number R (3) does not match in step S19, the authentication processing unit 20 of the higher-level device 2 outputs an error to the control unit 25. Since the validity of the connected card reader 3 could not be authenticated (confirmed), the control unit 25 ends the operation of setting the communication exchange key Kex.

(Generation operation of device authentication information Km)
Next, the operation for setting the device authentication information Km (common key) by the authentication information generation unit 28 (authentication key generation DLL 55) will be specifically described with reference to the flowchart of FIG.

  When the authentication information generation unit 28 (authentication key generation DLL 55) inputs model-specific information (such as a serial number) from the card reader 3 by the processes of S10 and S33 described above (S100), a new authentication information algorithm is generated according to a predetermined authentication information algorithm. N (formal) device authentication information Km generation processing is started (S102 to S110), and the generated device authentication information Km is returned to the authentication processing unit 20 (card reader control software 60) (S110, S28 in FIG. 5).

  That is, the authentication information generation unit 28 (authentication key generation DLL 55) extends the model-specific information to key length data (S102), and performs exclusive OR with the extension data and arbitrary data (S104). Further, the authentication information generation unit 28 (authentication key generation DLL 55) generates encrypted data obtained by encrypting the data generated by taking the exclusive OR with the extension data (S106).

  Next, the authentication information generation unit 28 (authentication key generation DLL 55) calculates and assigns parity to be used for the parity check in the authentication determination unit 33 of the card reader 3 with respect to the encrypted data (S108), and the authentication processing unit 20 (card The device authentication information Km is returned to the reader control software 60) (S110).

(Main effects of this embodiment)
The characteristics of this embodiment are summarized as follows.
The information processing system 1 is a system that transmits and receives information between a host device (host device 2) and an information processing device (card reader 3).

The host device (host device 2) includes a host device side authentication processing unit (authentication processing unit 20) that authenticates that the information processing device (card reader 3) is a legitimate device using a common key encryption method, A model having an authentication information algorithm for generating device authentication information commonly held by a host device (host device 2) and the information processing device (card reader 3), and possessed by the information processing device (card reader 3) An authentication information generation unit (authentication information generation unit 28) that generates the device authentication information based on the unique information, and a communication unit (communication unit 26) that communicates with the information processing apparatus (card reader 3).
The information processing device (card reader 3) stores an information processing device side authentication processing unit (authentication processing unit 30) that performs authentication processing with the host device (host device 2), the device authentication information, and the model-specific information. A non-volatile storage unit (EEPROM 37).
The authentication information generation unit (authentication information generation unit 28) has a function of generating a master key (Km) from model-specific information of the information processing apparatus (card reader 3), and the authentication information generation unit (authentication information generation) Unit 28), the higher-level device side authentication processing unit (authentication processing unit 20), and the communication unit (communication unit 26) are configured as control software (card reader control software 60) having each function as a module. And a tool (application 51) that can rewrite the master key of the information processing apparatus (card reader 3) and rewrite the temporary key (Kt) held in advance as temporary device authentication information.

  As for the authentication information algorithm, the manufacturer of the information processing device (card reader 3) creates a source code (authentication information algorithm for generating device authentication information Km) as a module (part), and the operation of the information processing system 1 is performed. By being provided to the administrator, the apparatus operation manager of the information processing system 1 adds an original algorithm and function for generating device authentication information Km to the source code provided as a module, and an authentication key generation module (Authentication key generation DLL 55) can be created. In addition, since the functions of the authentication information generation unit, the higher-level device side authentication processing unit, and the communication unit are provided to the device operation manager of the information processing system as control software with the respective functions as modules, the device operation manager The function can be changed and adjusted on a module-by-module basis, development resources can be reduced, and actual implementation becomes easier. That is, the apparatus operation manager can construct the information processing system 1 in which sufficient security is ensured even when the know-how (knowledge and technology) of the common key cryptosystem such as 3DES is insufficient. On the other hand, the manufacturer of the host device 2 only sets temporary device authentication information at the time of manufacturing, but does not grasp the device authentication information Km during actual operation. Risks such as leakage from contractors can be avoided.

The module functioning as the authentication information generation unit (authentication information generation unit 28) of the control software (reader control software 60) is configured as a DLL (authentication information generation DLL 55).
The device operation manager can create an authentication key generation DLL (authentication information generation DLL 55) by adding a unique algorithm or function for generating the device authentication information Km to the source code provided as the DLL. The part that requires knowledge and technology such as 3DES can be provided as an easy-to-use package (software) by the manufacturer of the host device 2 as a source code as a DLL. An authentication information algorithm for generating device authentication information Km (a DLL for generating authentication information) can be easily introduced.

The file name of the DLL (authentication key generation DLL 55) functioning as the authentication information generation unit (authentication information generation unit 28) and the communication interface (communication control DLL 62) with the DLL cannot be changed.
As a result, a processing program is dynamically created based on a prepared DLL, so that the processing of the application 51 and the card reader control software 60, operation check, and the like can be appropriately operated while ensuring compatibility.

The model-specific information of the information processing device (card reader 3) is stored in the memory of the higher-level device side authentication processing unit (authentication processing unit 20), and the higher-level device side authentication processing unit (authentication processing unit 20) For each input, it is confirmed whether or not the information processing apparatus (card reader 3) has been replaced.
Since replacement is confirmed for each input, the security of the authentication process can be further improved.

(Other embodiments)
In the above-described first embodiment, the information processing system 1 including the host device 2 has been described. However, the host device 2 is not limited to a host computer, and for example, a control device or a computation built in the computer. It may be a processing device such as a device, or may be, for example, ATM, POS, or the like.

  In the first embodiment described above, the information processing system 1 including the card reader 3 as the information processing apparatus has been described. However, an information processing apparatus other than the card reader 3, for example, an input / output device attached to an ATM or POS terminal: a touch panel The information processing system 1 may be provided with a PIN pad, a printer, a scanner, and the like.

  In the above-described first embodiment, the case where the serial number is used as the model-specific information has been described. For example, the device has a unique value as a seed for generating a key (so that the seed cannot be seen from the outside). It is also possible.

  In the first embodiment described above, the model-specific information of the card reader 3 may be stored in a file, and it may be confirmed whether the card reader has been replaced for each input.

  In the first embodiment described above, the case where the EEPROM 37 is used as the nonvolatile storage unit has been described. However, a nonvolatile storage unit other than the EEPROM 37 may be used instead.

  In the first embodiment, the case where 3DES is used to encrypt the random number and the communication exchange key Kex has been described. However, an encryption algorithm (for example, DES, FEAL, IDEA) as a common key encryption method other than 3DES is used. , AES, Camellia, MISTY, MULTI, RC4, RC5, etc.) may be substituted.

  In the first embodiment described above, the data of the communication exchange key Kex and the data of the random number R are nested. However, the present invention is not limited to this, and 2 such as a concatenation of two data. It is sufficient if two data are mixed.

  Furthermore, in the above-described first embodiment, the information processing system 1 in which one card reader 3 is connected to the upper apparatus 2 has been described. However, a plurality of (two or more) card readers 3 are connected to the upper apparatus 2. The present invention can be similarly applied to the information processing system 1.

1. Information processing system 2. Host computer (host device)
20 …… Authentication processing unit (high-level device authentication processing unit)
21 …… Random number generator 22 …… Encryption unit 23 …… Decryption unit 24 …… Authentication determination unit 25 …… Control unit 26 …… Communication unit 27 …… Storage unit 28 …… Authentication information generation unit 3 …… Card reader ( Information processing equipment)
30 …… Authentication processing unit (information processing device side authentication processing unit)
31 …… Encryption unit 32 …… Decryption unit 33 …… Authentication determination unit 34 …… Control unit 35 …… Communication unit 36 …… Storage unit 37 …… EEPROM (nonvolatile storage unit)
51 Application 55 Authentication key generation DLL
60 Card Reader Control Software 61 Device / Cryptographic Control DLL
62 Communication control DLL
63 Interface unit DLL
Kex …… Communication exchange key Kt …… Temporary device authentication information Km …… Device authentication information

Claims (4)

An information processing system that transmits and receives information between a host device and an information processing device,
The host device is
An upper-level apparatus-side authentication processing unit that authenticates that the information processing apparatus is a legitimate device using a common key cryptosystem;
Authentication information having an authentication information algorithm for generating device authentication information commonly held by the host device and the information processing device, and generating the device authentication information based on model-specific information owned by the information processing device A generator,
A communication unit that communicates with the information processing apparatus,
The information processing apparatus includes:
An information processing device side authentication processing unit for performing authentication processing with the host device;
A non-volatile storage unit that stores the device authentication information and the model-specific information,
The authentication information generation unit has a function of generating a master key from model-specific information of the information processing apparatus,
The functions of the authentication information generation unit, the higher-level device side authentication processing unit, and the communication unit are configured as control software with each function as a module,
An information processing system comprising a tool capable of rewriting the master key of the information processing apparatus and rewriting the temporary key held in advance as temporary device authentication information.   The information processing system according to claim 1, wherein the module functioning as the authentication information generation unit of the control software is configured as a DLL.   The information processing system according to claim 2, wherein a file name of the DLL that functions as the authentication information generation unit and a communication interface with the DLL cannot be changed. The model-specific information of the information processing device is stored in a memory of the higher-level device side authentication processing unit,
The information processing system according to any one of claims 1 to 3, wherein the higher-level apparatus side authentication processing unit confirms whether or not the information processing apparatus has been replaced for each input.

Images