JP7487837B1 - ELECTRONIC INFORMATION STORAGE MEDIUM, IC CHIP, IC CARD, KEY DATA STORAGE METHOD, AND PROGRAM - Google Patents

Abstract

To provide an electronic information storage medium, an IC chip, an IC card, a key data storage method, and a program that are capable of storing generated key data in an appropriate key file even when a key file is not specified in a command for generating key data.
[Solution] The IC chip 1 determines whether an IEF is specified in the received asymmetric key pair generation command, and if it determines that an IEF is not specified, it identifies an IEF to which information indicating a specific use is associated from among multiple IEFs stored in the NVM 13, generates a key pair to be used for the specific use in accordance with the asymmetric key pair generation command, and stores the generated key pair in the identified IEF.
[Selected figure] Figure 4

Description

The present invention relates to the technical field of IC (Integrated Circuit) chips that can generate and store key data in response to commands from an external device.

Conventionally, as disclosed in, for example, Patent Document 1, an IC chip issuing system is known that issues IC cards equipped with IC chips that are provided to the market through a plurality of process processes. Patent Document 1 discloses that an IC card calculates a hash value based on a value corresponding to a unique card ID and secret information input from the outside, and generates a private key based on a solution of an interpolation formula obtained by substituting the calculated hash value into the interpolation formula. Meanwhile, Patent Document 2 discloses a technology in which a device that receives a key pair generation command from a registration device generates a key pair (an example of key data) of a public key and a private key, and writes the generated key pair to a partition key area. As a command for generating such a key pair, the international standard ISO/IEC 7816-8 specifies an asymmetric key pair generation (GENERATE ASYMMETRIC KEY PAIR) command.

Patent No. 6228761 JP 2002-281009 A

In the process of issuing an IC chip, an asymmetric key pair generation command defined in ISO/IEC 7816-8 may be used to write a key pair in the IC chip. In this case, the external device that transmits the asymmetric key pair generation command usually specifies a key file for storing the key pair generated in the IC chip in the parameter P2 in the asymmetric key pair generation command. As a result, the IC chip stores the key pair generated in response to the asymmetric key pair generation command in the key file specified by the command, and then transmits a response including the public key of the generated key pair to the external device. However, since the key pair generation process requires determining whether the generated random number is a prime number, it takes time for the IC chip to generate a key pair. Furthermore, if multiple key files are stored in the IC chip in advance, there is a problem that it takes time because the asymmetric key pair generation command and response are exchanged between the external device and the IC chip for the number of key files.

Also, according to ISO/IEC 7816-8, it is possible not to specify a key file by setting parameter P2 of the asymmetric key pair generation command to "00(h)". However, if multiple key files are pre-stored in the IC chip, and a key file is not specified in the asymmetric key pair generation command, the key file in which the generated key pair should be stored becomes unknown, so it was necessary to take appropriate measures on the IC chip side.

The present invention has been made in consideration of these points and has as its object to provide an electronic information storage medium, an IC chip, an IC card, a key data storage method, and a program that are capable of storing generated key data in an appropriate key file even when a key file is not specified in a command for generating key data.

In order to solve the above problem, the invention described in claim 1 is an electronic information storage medium having a memory that stores multiple key files for storing key data, and is characterized by comprising: a receiving means for receiving a command for generating key data to be used for a specific purpose among multiple purposes from an external device; a determining means for determining whether a key file is specified in the command received by the receiving means; a specifying means for specifying a key file to which information indicating the specific purpose is associated from among the multiple key files stored in the memory when the determining means determines that the key file is not specified; a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means; and a storing means for storing the key data generated by the generating means in the key file specified by the specifying means.

The invention described in claim 2 is characterized in that, in the electronic information storage medium described in claim 1, the memory stores a security environment file that stores information indicating the correspondence between the multiple key files and the uses of the key data stored in each of the key files, and the identification means refers to the security environment file to identify the key file associated with the information indicating the specific use.

The invention described in claim 3 is characterized in that, in the electronic information storage medium described in claim 1 or 2, the identification means identifies a plurality of key files to which information indicating the specific use is associated, the generation means generates key data to be used for the specific use for each key file identified by the identification means, and the storage means stores each key data generated by the generation means in a key file identified by the identification means that corresponds to each of the key data.

The invention described in claim 4 is characterized in that, in the electronic information storage medium described in claim 1 or 2, the identification means identifies a key file associated with information indicating the specific use from among the multiple key files under the dedicated file of the selected application.

The invention described in claim 5 is characterized in that in the electronic information storage medium described in claim 1 or 2, the key data is a key pair of a private key and a public key.

The invention described in claim 6 is an IC chip having a memory that stores multiple key files for storing key data, characterized in that it comprises: a receiving means for receiving a command from an external device to generate key data to be used for a specific purpose among multiple purposes; a determining means for determining whether a key file is specified in the command received by the receiving means; a specifying means for specifying a key file to which information indicating the specific purpose is associated from among the multiple key files stored in the memory when the determining means determines that the key file is not specified; a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means; and a storing means for storing the key data generated by the generating means in the key file specified by the specifying means.

The invention described in claim 7 is an IC card having a memory that stores multiple key files for storing key data, and is characterized in that it comprises: a receiving means for receiving a command from an external device to generate key data to be used for a specific purpose among multiple purposes; a determining means for determining whether a key file is specified in the command received by the receiving means; a specifying means for specifying a key file to which information indicating the specific purpose is associated from among the multiple key files stored in the memory when the determining means determines that the key file is not specified; a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means; and a storing means for storing the key data generated by the generating means in the key file specified by the specifying means.

The invention described in claim 8 is a key data storage method executed by an electronic information storage medium having a memory that stores multiple key files for storing key data, and is characterized in that it includes the steps of receiving a command from an external device to generate key data to be used for a specific purpose among multiple purposes, determining whether a key file is specified in the received command, and if it is determined that the key file is not specified, identifying a key file to which information indicating the specific purpose is associated from among the multiple key files stored in the memory, generating key data to be used for the specific purpose in response to the received command, and storing the generated key data in the identified key file.

The invention described in claim 9 is characterized in that a computer included in an electronic information storage medium having a memory that stores multiple key files for storing key data is made to function as a receiving means for receiving a command from an external device to generate key data to be used for a specific purpose among multiple purposes, a determining means for determining whether a key file is specified in the command received by the receiving means, a specifying means for specifying a key file to which information indicating the specific purpose is associated from among the multiple key files stored in the memory when the determining means determines that the key file is not specified, a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means, and a storing means for storing the key data generated by the generating means in the key file specified by the specifying means.

According to the present invention, even if a key file is not specified in the command for generating key data, the generated key data can be stored in an appropriate key file.

FIG. 2 is a diagram illustrating an example of a hardware configuration of an IC chip 1. 2 is a diagram showing an example of the configuration of each file stored in the NVM 13. FIG. FIG. 13 is a diagram illustrating an example of an asymmetric key pair generation command format. 11 is a flowchart showing an example of a key pair generation and storage process of a CPU 15 in an IC chip 1.

The following describes in detail an embodiment of the present invention with reference to the drawings.

[1. Configuration and Function of IC Chip 1]
First, the configuration and functions of an IC chip 1 according to this embodiment will be described with reference to Fig. 1. The IC chip 1 is a secure element having tamper resistance, and is an example of an electronic information storage medium of the present invention. The IC chip 1 is mounted on, for example, an IC card such as a credit card, a cash card, or a My Number card, or a mobile device such as a smartphone. In the case of a mobile device such as a smartphone, the IC chip 1 may be mounted on a small IC card that is detachable from the mobile device, or may be mounted on an embedded board as an eUICC (Embedded Universal Integrated Circuit Card) so that it cannot be easily removed or replaced from the mobile device.

1 is a diagram showing an example of the hardware configuration of an IC chip 1. As shown in FIG. 1, the IC chip 1 includes an I/O circuit 11, a RAM (Random Access Memory) 12, a NVM (Nonvolatile Memory) 13, a ROM (Read Only Memory) 14, a CPU (Central Processing Unit) 15 (an example of a computer), and a coprocessor 16 that performs cryptographic operations. The I/O circuit 11 serves as an interface with an external device 2. Note that communication between the IC chip 1 and the external device 2 may be non-contact communication or contact communication. In the case of non-contact communication, the IC chip 1 and the external device 2 communicate with each other via an antenna (not shown) mounted on an IC card or a mobile device, for example. In the communication between the IC chip 1 and the external device 2, command APDUs (Application Protocol Data Units) and response APDUs defined in ISO/IEC 7816-3 and the like are exchanged. Note that in this embodiment, the external device 2 is an issuing terminal in a factory before the shipment of the IC chip 1.

For example, a flash memory is applied to the NVM 13. The NVM 13 may be an "Electrically Erasable Programmable Read-Only Memory". The NVM 13 or the ROM 14 stores the OS (Operating System) and applications (including the program of the present invention) installed in the IC chip 1. Examples of applications include a trading application used for settling the subject of a transaction, and an authentication application used to operate equipment, etc. Applications include programs that define encryption algorithms such as the Rivest-Shamir-Adleman cryptosystem (RSA) and the Elliptic Curve Digital Signature Algorithm (ECDSA). Multiple applications may be installed in the IC chip 1.

When an application is installed in the IC chip 1, a number of files having a hierarchical structure (specified in ISO/IEC 7816-3, etc.) consisting of MF (Master File), DF (Dedicated File), EF (Elementary File), etc. are stored (created) in the NVM 13. Each file is assigned a unique file ID (identifier). The EF is divided into WEF (Working Elementary File) and IEF (Internal Elementary File), etc. Data used by the application (e.g., transaction data, etc.) is stored in the WEF. The IEF (an example of a key file) stores a PIN (personal identification number) and key data used by the application. The key data is, for example, a key pair (i.e., a private key and a public key) used in an encryption operation by a public key cryptosystem, or the private key. When the EF is stored (i.e., when the application is installed), a default value (e.g., FFFF(h)) is stored, and then actual data (i.e., key data used by the application, etc.) is stored in the EF in response to an issued command APDU from the external device 2. Examples of issued command APDUs include the WRITE RECORD command, the STORE DATA command, and the GENERATE ASYMMETRIC KEY PAIR command.

Figure 2 is a diagram showing an example of the configuration of each file stored in NVM13. In the example of Figure 2, DFa and DFb are located under MF. DFa is a dedicated file (application DF) for application A, and DFb is a dedicated file (application DF) for application B. IEFa1 to a3, etc. are located under DFa. IEFa1 stores a PIN and is associated with information indicating the use of the PIN (for verification). IEFa2 stores a key pair including a private key and is associated with information indicating the use of the private key (for signature generation: an example of a specific use). IEFa3 stores a public key and is associated with information indicating the use of the public key (for signature verification). The information indicating the above uses may be stored in each IEF.

On the other hand, IEFb1 to b3 and SEF (Security Environment File) b4 are located under DFb. IEFb1 stores a PIN and is associated with information indicating the purpose of the PIN (for verification). IEFb2 stores a key pair including a private key and is associated with information indicating the purpose of the private key (for signature generation: an example of a specific purpose). IEFb3 stores a key pair of a private key and a public key and is associated with information indicating the purpose of the key pair (for authentication: an example of a specific purpose). SEFb4 stores a security environment defined in ISO/IEC 7816-9, etc. SEFb4 is a file that is arbitrarily stored by, for example, a predetermined command APDU (for example, a MANAGE SECURITY ENVIRONMENT command) from the external device 2. The security environment includes correspondence information I indicating the correspondence between IEFb1 to b3 and the purpose of the key data, etc. stored in each of IEFb1 to b3. In the correspondence relationship information I shown in FIG. 2, the file ID of the IEF is associated with the purpose (purpose category). In the example of FIG. 2, the SEF is created only under DFb, but it may be created under DFa.

The CPU 15 (an example of a computer) executes the OS and applications stored in the NVM 13 to function as a receiving means, a determining means, a specifying means, a generating means, a storing means, and the like in the present invention. More specifically, the CPU 15 receives an asymmetric key pair generation (GENERATE ASYMMETRIC KEY PAIR) command from the external device 2 via the I/O circuit 11. The asymmetric key pair generation command is an example of a command APDU for generating key data to be used for a specific purpose. FIG. 3 is a diagram showing an example of an asymmetric key pair generation command format. As shown in FIG. 3, the asymmetric key pair generation command is composed of a header portion consisting of CLA, INS, P1, and P2, and a body portion consisting of Lc, Data, and Le. Here, the parameter P1 indicates asymmetric key generation. The parameter P2 is "00(h)" (no information on the target file), so no IEF is specified. Data stores a CRT (Control Reference Template) used to generate a key pair. If a key pair is generated for multiple uses, Data contains multiple CRTs (i.e., CRTs corresponding to each of the multiple uses). Note that the CRTs contain, for example, a cryptographic mechanism reference indicating the cryptographic algorithm, a cryptographic content reference, and usage restriction information.

The CPU 15 determines whether an IEF is specified in the received asymmetric key pair generation command, and if it determines that an IEF is not specified, it identifies one or more IEFs to which information indicating a specific use (e.g., for signature generation, for authentication) is associated from among the multiple IEFs stored in the NVM 13. For example, the CPU 15 identifies an IEF (e.g., by file ID) by searching for an IEF to which information indicating a specific use is associated from among the multiple IEFs under the DF of the selected application. Here, the DF of the selected application (i.e., the current DF) is the DF of the application selected by default, or the DF of the application selected by the SELECT command. If the DF of the selected application has an SEF b4 as shown in FIG. 2, the correspondence information I stored in the security environment stored in the SEF b4 is referenced to identify the IEF to which the information indicating the specific use is associated. In this way, if there is an SEF under the DF of the selected application, the IEF can be identified in a shorter time than if there is no SEF. In the case of DFb shown in Figure 2, IEFb2 and IEFb3 are identified.

The CPU 15 generates a key pair to be used for the specific purpose using a CRT or the like in response to the received asymmetric key pair generation command. When a plurality of IEFs are identified to which information indicating the specific purpose is associated, the CPU 15 generates a key pair to be used for the specific purpose for each of the identified IEFs. Various known methods can be applied to the method of generating a key pair. The CPU 15 then stores the generated key pair in the identified IEF. When a key pair is generated for each of the multiple purposes, the CPU 15 stores each key pair in the identified IEF (i.e., the IEF corresponding to each of the key pairs). The CPU 15 then transmits a response APDU including the public key of the generated key pair and status words SW1 and SW2 indicating normal termination to the external device 2 via the I/O circuit 11. When a key pair is generated for each of the multiple purposes, the response APDU includes the public key of each key pair (i.e., multiple public keys). In other words, even when multiple key pairs are generated and stored, the asymmetric key pair generation command and the response can be exchanged only once.

2. Operation of IC chip 1
Next, the key pair generation and storage operation of the IC chip 1 according to this embodiment will be described with reference to Fig. 4. Fig. 4 is a flowchart showing an example of the key pair generation and storage process of the CPU 15 in the IC chip 1. The process shown in Fig. 4 is started when the IC chip 1 receives an asymmetric key pair generation command from an external device 2 (e.g., an issuing terminal) during an issuing process in a manufacturing factory of the IC chip 1, for example. Note that, as a prerequisite for the key pair generation and storage process, it is assumed that an IEF having default values is stored in the NVM 13 by installing one or more applications, and one application is in a selected state (selected) before receiving the asymmetric key pair generation command.

When the process shown in FIG. 4 is started, the IC chip 1 (CPU 15) refers to the parameter P2 in the received asymmetric key pair generation command to determine whether or not IEF is specified (step S1). If it is determined that IEF is specified (step S1: YES), normal processing according to the asymmetric key pair generation command is executed (step S2), and the process shown in FIG. 4 ends. Since this normal processing is well known, a detailed explanation is omitted. On the other hand, if it is determined that IEF is not specified (step S1: NO), the process proceeds to step S3.

In step S3, the IC chip 1 determines whether or not there is an SEF under the DF of the selected application. If it is determined that there is no SEF under the DF of the selected application (step S3: NO), the process proceeds to step S4. In step S4, the IC chip 1 refers to all IEFs under the DF of the selected application one by one, and searches for an IEF associated with the information indicating the specific use, thereby identifying one or more IEFs. On the other hand, if it is determined that there is an SEF under the DF of the selected application (step S3: YES), the process proceeds to step S5. In step S5, the IC chip 1 refers to the SEFs under the DF of the selected application, and identifies one or more IEFs associated with the information indicating the specific use.

Next, the IC chip 1 generates a key pair to be used for the specific purpose using a CRT or the like in response to the received asymmetric key pair generation command (step S6). Next, the IC chip 1 stores the key pair generated in step S6 in the IEF specified in step S4 or S5 (step S7). Next, the IC chip 1 determines whether or not there is a key pair that has not yet been generated (step S8). If it is determined that there is a key pair that has not yet been generated (step S8: YES), the process returns to step S6, and a key pair that has not yet been generated is generated. On the other hand, if it is determined that there is no key pair that has not yet been generated (step S8: NO), the process proceeds to step S9. In step S9, the IC chip 1 transmits a response APDU including the public key in the key pair stored in step S7 and status words SW1 and SW2 indicating normal termination to the external device 2, and terminates the process shown in FIG. 4.

As described above, according to the above embodiment, the IC chip 1 determines whether an IEF is specified in the received asymmetric key pair generation command, and if it determines that an IEF is not specified, it identifies an IEF associated with information indicating a specific use from among the multiple IEFs stored in the NVM 13, generates a key pair to be used for a specific use in response to the asymmetric key pair generation command, and stores the generated key pair in the identified IEF. Therefore, even if an IEF is not specified in the asymmetric key pair generation command, the generated key pair can be stored in an appropriate IEF. Furthermore, according to the above embodiment, key generation can be performed collectively for multiple IEFs that require key generation under the current DF, so that the asymmetric key pair generation command and response can be exchanged only once, and key generation can be made more efficient.

In the above embodiment, a key pair is used as an example of key data, and an asymmetric key pair generation command is used as an example of a command for generating the key data. However, the present invention can also be applied to a common key shared between the IC chip 1 and the external device 2, and a command for generating the common key. In this case, the specific use may be, for example, authentication.

1 IC chip 11 I/O circuit 12 RAM (
13 NVM
14 ROM
15 CPU
16 Coprocessor

Claims (9)

An electronic information storage medium having a memory for storing a plurality of key files for storing key data,
a receiving means for receiving, from an external device, a command for generating key data to be used for a specific purpose among a plurality of purposes;
a determination means for determining whether or not a key file is specified in the command received by the receiving means;
a specifying means for specifying, when the determining means determines that the key file is not specified, a key file associated with information indicating the specific use from among a plurality of the key files stored in the memory;
a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means;
a storage means for storing the key data generated by the generation means in a key file specified by the specification means;
An electronic information storage medium comprising: the memory stores a security environment file that stores information indicating a correspondence between a plurality of the key files and uses of key data stored in each of the key files;
2. The electronic information storage medium according to claim 1, wherein said specifying means specifies a key file associated with the information indicating the specific use by referring to the security environment file. The identification means identifies a plurality of key files associated with information indicating the specific use,
the generating means generates key data to be used for the specific purpose for each key file identified by the identifying means;
3. The electronic information storage medium according to claim 1, wherein the storage means stores each key data generated by the generation means in a key file identified by the identification means and corresponding to each of the key data. The electronic information storage medium according to claim 1 or 2, characterized in that the identification means identifies a key file associated with information indicating the specific use from among the multiple key files under the dedicated file of the selected application. The electronic information storage medium according to claim 1 or 2, characterized in that the key data is a key pair consisting of a private key and a public key. An IC chip having a memory for storing a plurality of key files for storing key data,
a receiving means for receiving, from an external device, a command for generating key data to be used for a specific purpose among a plurality of purposes;
a determination means for determining whether or not a key file is specified in the command received by the receiving means;
a specifying means for specifying, when the determining means determines that the key file is not specified, a key file associated with information indicating the specific use from among a plurality of the key files stored in the memory;
a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means;
a storage means for storing the key data generated by the generation means in a key file specified by the specification means;
An IC chip comprising: An IC card having a memory for storing a plurality of key files for storing key data,
a receiving means for receiving, from an external device, a command for generating key data to be used for a specific purpose among a plurality of purposes;
a determination means for determining whether or not a key file is specified in the command received by the receiving means;
a specifying means for specifying, when the determining means determines that the key file is not specified, a key file associated with information indicating the specific use from among a plurality of the key files stored in the memory;
a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means;
a storage means for storing the key data generated by the generation means in a key file specified by the specification means;
An IC card comprising: 1. A key data storage method executed by an electronic information storage medium having a memory that stores a plurality of key files for storing key data, comprising:
receiving a command from an external device to generate key data to be used for a specific purpose among a plurality of purposes;
determining whether a key file is specified in the received command;
when it is determined that the key file is not specified, identifying a key file associated with information indicating the specific use from among a plurality of key files stored in the memory;
generating key data for the particular application in response to the received command;
storing the generated key data in the identified key file;
13. A method for storing key data, comprising: A computer included in an electronic information storage medium having a memory for storing a plurality of key files for storing key data,
a receiving means for receiving, from an external device, a command for generating key data to be used for a specific purpose among a plurality of purposes;
a determination means for determining whether or not a key file is specified in the command received by the receiving means;
a specifying means for specifying, when the determining means determines that the key file is not specified, a key file associated with information indicating the specific use from among a plurality of the key files stored in the memory;
a generating means for generating key data to be used for the specific purpose in response to the command received by the receiving means;
a program that functions as a storage unit that stores the key data generated by the generation unit in a key file specified by the specification unit.

Images