JP7585412B1 - Portable electronic device and IC card - Google Patents

Abstract

A portable electronic device and an IC card are provided that are capable of selecting one processing method from a plurality of processing methods to execute a specific process.
According to an embodiment, a portable electronic device includes an interface, a memory, and a processor. The interface communicates with an external device. The memory stores setting information for each of a plurality of different processing methods for executing a specific process. The processor selects one of the processing methods for executing the specific process according to information provided by the external device, and executes the specific process using the selected processing method.
[Selected Figure] Figure 1

Description

Embodiments of the present invention relate to portable electronic devices and IC cards.

Conventionally, a processing system consisting of an IC card as a portable electronic device and an IC card processing device is issued to execute a specific process using a processing method preset in accordance with the operation policy of the system. For example, an IC card is issued to execute cryptographic processing using one preset cryptographic method. Meanwhile, in recent years, there are many situations in which cryptographic processing using new cryptographic methods such as post-quantum cryptography is required to cope with the emergence of computers with advanced computing power such as quantum computers. In order to execute cryptographic processing using a new cryptographic method such as post-quantum cryptography, the conventional processing system described above requires replacing not only the IC cards but all IC card processing devices at once with ones compatible with the new cryptographic method.

However, it is considered practically difficult to simultaneously replace IC cards and IC card processing devices in an entire processing system currently in operation with devices compatible with the new encryption method. For this reason, in order to transition the encryption method used in encryption processing from the existing encryption method to the new encryption method, it is expected that a transition period will be necessary during which the existing encryption method and the new encryption method coexist as the encryption method used to execute encryption processing. During this transition period, it is desired that IC cards not only be compatible with both the existing encryption method and the new encryption method, but also be able to smoothly execute encryption processing using the encryption method required by the IC card processing device.

JP 2020-10396 A

To solve the above problems, the present invention provides a portable electronic device and an IC card that can select one processing method from multiple processing methods and execute a specific process.

According to an embodiment, a portable electronic device includes an interface, a memory, and a processor. The interface communicates with an external device. The memory stores setting information including information indicating whether each of a plurality of different encryption methods for performing encryption processing is enabled or disabled . When the processor receives a reset request specifying a reset type from the external device, the processor executes a reset process according to the reset type specified in the reset request, and sets an encryption method selected according to the reset type specified in the reset request to enabled in the setting information stored in the memory.

FIG. 1 is a block diagram showing an example of the configuration of an IC card as a portable electronic device according to an embodiment. FIG. 2 is a block diagram showing an example of the configuration of an IC card processing device that communicates with an IC card as a portable electronic device according to the embodiment. FIG. 3 is a diagram showing an example in which setting information (setting flags) for each of a plurality of encryption methods is stored in the NVM of an IC card as a portable electronic device according to an embodiment. FIG. 4 is a diagram showing an example in which information (identification flag) indicating the encryption method being selected (set) is stored in a RAM in an IC card as a portable electronic device according to an embodiment. FIG. 5 is a flowchart for explaining a first operation example of an IC card as a portable electronic device according to the embodiment. FIG. 6 is a flowchart for explaining a second operation example of the IC card as the portable electronic device according to the embodiment. FIG. 7 is a flowchart for explaining a third operation example of an IC card as a portable electronic device according to the embodiment. FIG. 8 is a flowchart for explaining a fourth operation example of an IC card as a portable electronic device according to the embodiment. FIG. 9 is a flowchart for explaining a fifth operation example of an IC card as a portable electronic device according to the embodiment. FIG. 10 is a flowchart for explaining a sixth operation example of an IC card as a portable electronic device according to the embodiment. FIG. 11 is a diagram showing an example of the configuration of a signature verification command supplied to an IC card as a portable electronic device according to the embodiment. FIG. 12 is a flowchart for explaining a seventh operation example of an IC card as a portable electronic device according to the embodiment. FIG. 13 is a diagram showing an example of a signature verification command including a parameter specifying an encryption method to be supplied to an IC card as a portable electronic device according to the embodiment. FIG. 14 is a diagram showing an example of a signature verification command including a parameter specifying an encryption method to be supplied to an IC card as a portable electronic device according to the embodiment. FIG. 15 is a flowchart for explaining the flow of an eighth operation example of an IC card as a portable electronic device according to the embodiment. FIG. 16 is a diagram showing an example of a signature verification command for each encryption method supplied to an IC card as a portable electronic device according to the embodiment. FIG. 17 is a diagram showing an example of a signature verification command for each encryption method supplied to an IC card as a portable electronic device according to the embodiment.

Hereinafter, embodiments will be described with reference to the drawings.
FIG. 1 is a block diagram illustrating an example of the configuration of an IC card 1 according to an embodiment.
An IC card 1 as a portable electronic device according to the embodiment constitutes an IC card processing system together with an IC card processing device 2 as an external device. The IC card 1 is a portable electronic device that is activated (made operable) by power supplied from the IC card processing device 2. The IC card 1 is also called a smart card.

The portable electronic device according to the embodiment is not limited to a card-like shape, but may be in the form of a booklet (for example, a notebook such as a passport) with the same configuration and processing functions as the IC card 1 described later. The portable electronic device according to the embodiment may be a portable electronic device (for example, a smartphone, mobile phone, tablet PC, dongle, etc.) with the same configuration and processing functions as the IC card 1 described later.

IC cards 1 can be broadly classified into contact type IC cards and contactless type IC cards. A contact type IC card 1 is activated by receiving an operating power supply and an operating clock from an IC card processing device 2 via a contact section serving as a communication interface. For example, a contact type IC card 1 is an IC card that complies with the standard defined in ISO/IEC 7816-3. A contactless type IC card 1 receives radio waves from an IC card processing device 2 via an antenna and a modulation/demodulation circuit serving as a communication interface, and activates itself by generating an operating power supply and an operating clock from the radio waves. For example, a contactless type IC card 1 is an IC card that complies with the standard defined in ISO/IEC 14443-3.

As shown in FIG. 1, IC card 1 has a main body C. Main body C is formed into a card shape from plastic or the like. IC card 1 has a module M inside main body C. Module M is formed integrally with one or more IC chips Ca and an external interface (interface) for communication connected thereto, and is embedded inside main body C.

The portable electronic device according to the embodiment may be one in which the module M is provided in the main body C formed in a booklet shape, or one in which the module M is provided within the main body C forming a portable electronic device.

In the configuration example shown in FIG. 1, a module M of an IC card 1 includes a processor 11, a RAM 12, a ROM 13, an NVM (memory) 14, a communication control unit 15, an interface 16, and the like.
The processor 11 includes circuits that execute various processes. The processor 11 is, for example, a CPU (Central Processing Unit). The processor 11 controls the entire IC card 1. The processor 11 executes programs stored in the ROM 13 or the NVM 14 to realize various processing functions. However, some or all of the various functions executed by the processor 11, which will be described later, may be realized by a hardware circuit.

RAM 12 is a volatile memory that functions as a working memory. RAM 12 also functions as a buffer that temporarily stores data being processed by processor 11. For example, RAM 12 functions as a communication buffer that temporarily stores data sent and received between IC card processing device 2 via communication control unit 15 and interface 16.

ROM 13 is a non-volatile memory that functions as a program memory. Control programs and control data are stored in advance in ROM 13. ROM 13 is incorporated into IC card 1 during the manufacturing stage with the control programs and control data stored therein. The control programs and control data stored in ROM 13 are incorporated in advance according to the specifications of the IC card 1.

For example, the ROM 13 stores a program for the processor 11 to execute processing in response to a command received from the IC card processing device 2. In addition, since the IC card according to the embodiment supports multiple encryption methods as multiple processing methods, the ROM 13 stores a program for performing encryption processing in each corresponding encryption method (new encryption method and existing encryption method).

NVM14 is a non-volatile memory to which data can be written and rewritten. NVM14 is, for example, configured with an EEPROM (registered trademark) (Electrically Erasable Programmable Read Only Memory) or a flash ROM. In addition, NVM14 has a storage area in which some or all of its areas are tamper-resistant and data can be securely stored.

Programs and various data according to the operational use of the IC card 1 are written in the NVM 14. Program files or data files are defined in the NVM 14, and programs and various data are written in these files. For example, the NVM 14 is provided with a storage area for storing information (information indicating validity) indicating whether an encryption method is valid or invalid for each of a plurality of encryption methods. The NVM 14 may also store encryption processing programs and encryption processing data such as key data for each of a plurality of encryption methods. The NVM 14 also stores user data, data for network authentication for communicating with an external network, and application programs for executing various processes.

The communication control unit 15 connects to the interface 16. The interface 16 is an interface for communication connection to an external device. The communication control unit 15 and the interface 16 constitute a communication unit. The communication control unit 15 and the interface 16 realize a communication function using a communication method corresponding to the interface of the IC card processing device 2. In addition, the communication control unit 15 and the interface 16 may be configured to support multiple communication methods (communication protocols), whether in the case of contact communication or non-contact communication.

When the IC card 1 is realized as a contact-type IC card, the communication control unit 15 and the interface 16 constitute a communication unit that contacts and communicates with the IC card processing device 2. In this case, the interface 16 is constituted by a contact unit that makes physical and electrical contact with the contact unit of the IC card processing device 2, and the communication control unit 15 is constituted by a circuit that controls the transmission and reception of signals via the contact unit. In addition, the communication control unit 15 controls communication according to a communication method (communication protocol) specified by the processor 11.

When the IC card 1 is realized as a contactless IC card, the communication control unit 15 and the interface 16 constitute a communication unit that communicates contactlessly (wirelessly) with the card reader/writer of the IC card processing device 2. In this case, the interface 16 is constituted by an antenna that transmits and receives radio waves, and the communication control unit 15 is constituted by a modulation circuit for generating radio waves to be transmitted and a demodulation circuit for generating a signal from the received radio waves. The communication control unit 15 that performs contactless communication controls communication according to a communication method (communication protocol) such as Type A or Type B specified by the processor 11.

FIG. 2 is a block diagram illustrating an example of the configuration of the IC card processing device 2 according to the embodiment.
2, the IC card processing device 2 is a device (R/W) that has a function of communicating with the IC card 1 via a card reader/writer 24. The IC card processing device 2 may be, for example, a device in which the card reader/writer 24 is connected to a control device such as a personal computer (PC).

As shown in FIG. 2, the IC card processing device 2 includes a control unit 21, a display unit 22, an operation unit 23, a card reader/writer 24, and the like.
The control unit 21 controls the operation of the entire IC card processing device 2. The control unit 21 is composed of a processor (CPU) 25, RAM 26, ROM 27, non-volatile memory 28, communication unit 29, etc. For example, the control unit 21 is composed of a personal computer. The processor 25 executes various processes by executing programs stored in the ROM 27 or non-volatile memory 28. The RAM 26 functions as a working memory that temporarily holds data. The ROM 27 is a non-volatile memory that stores programs, control data, etc. The non-volatile memory 28 is a rewritable non-volatile memory. The communication unit 29 is an interface for communicating with an external device.

The control unit 21 has a function of sending commands to the IC card 1 via the card reader/writer 24, and a function of performing various processes based on data received from the IC card 1. For example, the control unit 21 controls writing of data to the non-volatile memory in the IC card 1 by sending a data write command to the IC card 1 via the card reader/writer 24. The control unit 21 also controls reading of data from the IC card 1 by sending a read command to the IC card 1. The control unit 21 also controls the application selected in the IC card 1 by sending an application selection command to the IC card 1.

In addition, in this embodiment, the control unit 21 of the IC card processing device 2 specifies the encryption method that the IC card 1 will use for encryption processing by supplying information such as commands to the IC card 1, as described in each operation example below.

The display unit 22 is a display device that displays various information under the control of the control unit 21. The operation unit 23 is composed of a keyboard, a numeric keypad, a pointing device, etc. The operation unit 23 is used by the operator of the IC card processing device 2 to input various operation instructions and data. The operation unit 23 also functions as an input unit for inputting the identification information of the user of the IC card 1 or authentication information such as a password.

The card reader/writer 24 is a communication unit (second communication unit) for communicating with the IC card 1. The card reader/writer 24 is configured with an interface according to the communication method of the IC card 1. For example, if the IC card 1 is a contact type IC card, the card reader/writer 24 is configured with a contact unit for physically and electrically connecting to the contact unit of the IC card 1. Also, if the IC card 1 is a non-contact type IC card, the card reader/writer 24 is configured with an antenna and communication control for wireless communication with the IC card 1. The card reader/writer 24 supplies power and an operating clock to the IC card 1. The card reader/writer 24 transmits commands to the IC card 1 and receives responses to the commands from the IC card 1 under the control of the control unit 21.

Next, the configuration of a file for storing data in the NVM 14 of the IC card 1 according to the embodiment will be described.
The NVM 14 in the IC card 1 stores data in each file of a file structure defined by, for example, ISO/IEC 7816-4, an international standard for IC cards. In such a defined file structure, a group of multiple files having a hierarchical structure including a Master File (MF), a Dedicated File (DF), and an Elementary File (EF) are defined.

The MF is at the top level, with one or more DFs defined at the next level below the MF, and one or more EFs defined at the next level below the DF. A single DF stores, for example, a set of data for implementing one application provided in the IC card 1. An IC card 1 that implements multiple functions through multiple applications has multiple DFs in the NVM 14 corresponding to each application. Each EF under a DF is a data file for storing various data used by the application serving as the DF at the higher level.

Next, a number of different processing methods for executing specific processes provided in the IC card 1 according to the embodiment will be described.
The IC card 1 according to the embodiment supports a plurality of different processing methods (encryption methods) for executing encryption processing as a specific process. The IC card 1 has a function of executing a specific process by one processing method selected from the plurality of processing methods. In the present embodiment, the IC card 1 as a portable electronic device supports an existing encryption method (existing encryption method, first encryption method) and an encryption method different from the existing encryption method (new encryption method, second encryption method). In addition, the IC card 1 according to the present embodiment has a function of executing encryption processing using either one of the encryption methods selected from the existing encryption method and the new encryption method as the plurality of encryption methods.

In this embodiment, the new encryption method is capable of realizing encryption processing with higher encryption strength than existing encryption methods. For example, quantum-resistant encryption is assumed as the new encryption method. Quantum-resistant encryption is a general term for encryption methods that are considered difficult to decrypt even using a quantum computer. Examples of quantum-resistant encryption include lattice encryption. Existing encryption methods include RSA and DES (Data Encryption Standard). RSA is one of the algorithms for data encryption using a public key encryption method. DES is one of the algorithms for data encryption using a common key encryption method. Encryption methods such as quantum-resistant encryption, RSA, and DES differ in the amount of calculation required to execute encryption processing. In general, quantum-resistant encryption has stronger encryption strength (higher security level) than RSA and DES, and the processing load (amount of calculation) of encryption processing is larger.

Fig. 3 is a diagram showing a storage area of the NVM 14 in which the IC card 1 according to the embodiment stores setting information indicating the status (validity) of each of a plurality of encryption methods. Fig. 4 is a diagram showing a storage area of the RAM 12 in which the IC card 1 according to the embodiment stores setting information (encryption method identification flag) indicating the encryption method being selected (set).
3, the NVM 14 of the IC card 1 has a storage area for storing information indicating whether the existing encryption method is valid or invalid and information indicating whether the new encryption method is valid or invalid. For example, when both the existing encryption method and the new encryption method are valid, the NVM 14 stores, as encryption method setting information (flags), information indicating that the existing encryption method is valid and information indicating that the new encryption method is valid. In addition, when the new encryption method remains valid and the existing encryption method is set to invalid, the NVM 14 stores setting information indicating that the existing encryption method is invalid and the new encryption method is valid.

In addition, information indicating the selected encryption method is stored in the RAM 12 of the IC card 1 as an encryption method identification flag. According to the example shown in FIG. 4, when the encryption method identification flag is in a state indicating a new encryption method ("11"), the IC card 1 indicates that the new encryption method (encryption processing using the new encryption method) has been selected as the encryption method, and when the encryption method identification flag is in a state indicating an existing encryption method ("22"), the IC card 1 indicates that the new encryption method (encryption processing using the new encryption method) has been selected as the encryption method.

Note that if there is no time limit for the coexistence of the existing encryption method and the new encryption method, there is no need to disable any of the encryption methods, and therefore there is no need for a setting to disable any of the encryption methods as described above. For example, if IC card 1 is issued as a credit card or the like, and there is no operational plan to disable any of the encryption methods before the operational expiration date, then IC card 1 does not need to have a setting to disable any of the encryption methods.

Next, operation examples (first to third operation examples) including a process in which the IC card 1 as the portable electronic device according to the embodiment selects an encryption method in response to a command from the IC card processing device 2 will be described.
First, a first operation example of the IC card 1 as the portable electronic device according to the embodiment will be described.
FIG. 5 is a flowchart for explaining the flow of a first operation example of the IC card 1 as a portable electronic device according to the embodiment.
The IC card 1 is connected to the IC card processing device 2 via the interface 16 by the communication control unit 15. When the processor 11 of the IC card 1 is connected to the IC card processing device 2, it is started up by the power supplied from the IC card processing device 2.

The processor 11 of the IC card 1 executes a reset in response to a reset request (command) from the IC card processing device 2. The processor 11 of the IC card 1 determines the type of reset to be executed in response to the request from the IC card processing device 2 (step ST11). In the example shown in FIG. 5, the processor 11 determines whether the reset is a cold reset or a warm reset.

Here, a cold reset is an operation that starts (resets) various memories, programs, etc. to their initial states. A warm reset is an operation that starts (resets) the information and programs held in the memory without resetting them to their initial states. For example, a cold reset is executed immediately after the power is turned on from an off state, and a warm reset is a startup operation that is executed while maintaining the state of the information and programs held in the memory when the power is on. For example, the cold reset and warm reset in the IC card 1 may be as defined in ISO/IEC 7816-3.

When a cold reset is requested by the IC card processing device 2 (step ST11, YES), the processor 11 executes the cold reset (step ST12). In the cold reset, the processor 11 sets the new encryption method as the encryption method to be used for encryption processing (step ST13). For example, the processor 11 sets data indicating the new encryption method as an encryption method identification flag stored in the RAM 12. When the cold reset is completed, the processor 11 transmits a response (ATR; Answer To Reset) indicating that the cold reset is completed to the IC card processing device 2 (step ST14).

When a warm reset is requested by the IC card processing device 2 (step ST11, NO), the processor 11 executes the warm reset (step ST15). The timing of the warm reset request is determined by the IC card processing device 2 depending on the processing performed on the IC card 1. In the warm reset operation, the processor 11 sets an existing encryption method as the encryption method to be used for the encryption processing (step ST16). For example, the processor 11 sets data indicating the existing encryption method as an encryption method identification flag to be stored in the RAM 12. When the warm reset is completed, the processor 11 transmits a response (ATR) indicating that the warm reset is completed to the IC card processing device 2 (step ST17).

After performing the reset operation, the processor 11 of the IC card 1 accepts various commands from the IC card processing device 2 (step ST18).

When processor 11 receives a command, it executes processing (command processing) according to the command (step ST19). Command processing will be described in detail later. Processor 11 transmits a response indicating the result of the command processing (step ST20), returns to step ST18, and enters a state of waiting for a command.

As described above, the IC card according to the first operation example sets an encryption method in a reset operation to be selected according to the type of reset requested by the IC card processing device. For example, when a cold reset is requested by the IC card processing device, the IC card sets a new encryption method as the second encryption method in the cold reset operation, and when a warm reset is requested by the IC card processing device, the IC card sets an existing encryption method as the first encryption method in the warm reset operation.

The second encryption method and the first encryption method described above may be reversed from the example described above. That is, when a cold reset is requested from the IC card processing device, the IC card may set the existing encryption method as the second encryption method in the cold reset operation, and when a warm reset is requested from the IC card processing device, the IC card may set the new encryption method as the first encryption method in the warm reset operation.

According to this first operation example, the IC card can set the encryption method according to the type of reset requested by the IC card processing device. Correspondingly, the IC card processing device can specify the encryption method according to the type of reset requested of the IC card.

As a specific example, the IC card can set a new encryption method when performing a cold reset operation in response to a cold reset request from the IC card processing device, and can set an existing encryption method when performing a warm reset operation in response to a warm reset request from the IC card processing device. In other words, the IC card processing device can set a new encryption method with strong encryption strength, such as quantum-resistant cryptography, in the IC card during a cold reset in which various information is set to its default state, and can set an existing encryption method in the IC card during a warm reset in which various information is retained.

Next, a second operation example of the IC card 1 as the portable electronic device according to the embodiment will be described.
FIG. 6 is a flowchart for explaining the flow of a second operation example of the IC card 1 as a portable electronic device according to the embodiment.
The IC card 1 is connected to the IC card processing device 2 via the interface 16 by the communication control unit 15, and is started up by power supplied from the IC card processing device 2. The processor 11 of the IC card 1 executes a reset in response to a reset request from the IC card processing device 2 (step ST31).

When the reset operation is completed, the processor 11 transmits a reset response (ATR) to the IC card processing device 2 (step ST32). For example, when a cold reset is requested by the IC card processing device 2, the processor 11 executes a cold reset and transmits an ATR corresponding to the cold reset, and when a warm reset is requested by the IC card processing device 2, the processor 11 executes a warm reset and transmits an ATR corresponding to the warm reset.

When the processor 11 transmits an ATR, the processor 11 sets communication conditions including a communication rate (communication speed) corresponding to the ATR to be transmitted to the IC card processing device 2 (step ST33), and sets an existing encryption method which is the default encryption method of the IC card 1 (step ST34). After setting the communication conditions and encryption method, the processor 11 accepts various commands from the IC card processing device 2.

When the processor 11 receives a request to set (change) communication conditions such as the communication rate as a command from the IC card processing device 2 (step ST35, YES), it changes the communication conditions in response to the command (step ST36). For example, according to ISO/IEC 7816-3, which is a standard for contact IC cards, the IC card processing device 2 requests the IC card 1 to set the communication rate by a command called a PPS request. In response, the IC card 1 changes the communication rate to the one requested in the PPS request and returns a response called a PPS response to the IC card processing device 2. Note that if the IC card 1 is a contactless IC card, the communication rate can be changed by the PPS request and PPS response specified in ISO/IEC 14443-4.

When the communication conditions are changed, the processor 11 of the IC card 1 determines whether the communication conditions have been changed to those for which a new encryption method should be set (step ST37). For example, setting information indicating the communication conditions, such as the communication rate, for which a new encryption method should be set is stored in the NVM 14 or the like. The processor 11 determines, based on the setting information stored in the NVM 14, whether the communication conditions, such as the communication rate, are communication conditions for which a new encryption method should be set.

If the communication conditions are changed to communication conditions that require the setting of a new encryption method (step ST37, YES), the processor 11 sets the encryption method to be used in the encryption process to the new encryption method (step ST38). If the communication conditions are not communication conditions that require the setting of a new encryption method (step ST37, NO), the processor 11 leaves the encryption method to be used in the encryption process as the existing encryption method.

When the processor 11 of the IC card 1 receives a command other than a request to set the communication rate from the IC card processing device 2 (step ST39), it executes processing according to the received command (command processing) (step ST40). After executing the command processing, the processor 11 transmits a response as a result of the command processing (step ST41), and returns to step ST35 to wait for a command.

As described above, the IC card according to the second operation example sets the existing encryption method (first processing method) as the default setting during the reset operation, and if the communication conditions changed in response to a request (command) from the IC card processing device are communication conditions that require the setting of a new encryption method (second processing method), the encryption method used for encryption processing is changed to the new encryption method.

According to this second operation example, the IC card can set the encryption method according to the communication settings requested by the IC card processing device, and can switch the encryption method according to changes in the communication settings from the IC card processing device. Correspondingly, the IC card processing device can specify the encryption method of the IC card according to the communication conditions (communication rate) requested of the IC card at any timing.

As a specific example, when the IC card speeds up the communication rate in response to a request from the IC card processing device, the IC card can switch the encryption method used for encryption processing in command processing to the new encryption method. Since the new encryption method is expected to require a large amount of data for encryption, using it for high-speed communication improves convenience. Furthermore, by setting the existing encryption method as the default for the IC card, existing systems that perform processing using the existing encryption method can be used as is.

Next, a third operation example of the IC card 1 as the portable electronic device according to the embodiment will be described.
FIG. 7 is a flowchart for explaining the flow of a third operation example of the IC card 1 as a portable electronic device according to the embodiment.
7 corresponds to a plurality of communication methods (communication protocols) and has a function of switching one of the communication methods in response to a request from the IC card processing device 2. For example, in a contactless IC card defined in ISO/IEC14443-3, there are "Type A", "Type B", etc. as communication methods. The IC card processing device 2 supports at least one communication method and communicates with the IC card to be processed.

When the processor 11 of the IC card 1 receives a request for a communication method (communication protocol) from the IC card processing device 2 (step ST51, YES), it transmits a response indicating the communication conditions that can be supported in response to the request from the IC card processing device 2 (step ST52). For example, in the case of "Type B", the IC card processing device 2 transmits a command called REQB (REQuest command, Type B) to the IC card 1. In response, the processor 11 of the IC card 1 returns a response called ATQB (Answer to Request, Type B). Here, the ATQB response indicates communication conditions such as multiple communication speeds that can be supported between the IC card processing device 2 and the IC card 1, and the buffer size of the communication data.

The processor 11 of the IC card 1 also receives a command specifying communication conditions from the IC card processing device 2, and sets up communication under the specified communication conditions (step ST53). For example, the IC card processing device 2 selects parameters (communication speed, buffer size, etc.) as communication conditions from the multiple communication speeds indicated by the ATQB from the IC card 1 as described above, and transmits an ATTRIB (PICC selection command, Type B) command specifying the selected communication conditions to the IC card. The processor 11 of the IC card 1 sets the communication conditions specified by the ATTRIB from the IC card processing device 2, and responds with an Answer to ATTRIB command. As a result, the IC card 1 communicates under the parameters (communication speed, buffer size, etc.) specified by the IC card processing device 2.

When the processor 11 of the IC card 1 sets the communication conditions specified by the IC card processing device 2, it selects an encryption method according to the set communication method and communication conditions (step ST54). For example, the processor 11 of the IC card 1 selects either an existing encryption method or a new encryption method based on the parameters (e.g., communication speed, buffer size, etc.) specified in the ATTRIB command.

For example, the processor 11 of the IC card 1 selects an encryption method as a communication condition based on the setting information for each communication method stored in a memory such as the NVM 14. As a specific example, in Type B, setting information is stored in the NVM 14 such that if the communication speed is 106 kbps, the existing encryption method is set, and if it is other than 106 kbps, a new encryption method is set. The IC card 1 with such setting information stored therein sets the existing encryption method if the communication speed specified in ATTRIB is 106 kbps, and sets the new encryption method if it is other than 106 kbps.

That is, when the processor 11 selects a new encryption method according to the communication method and communication conditions (step ST54, YES), it sets the new encryption method as the encryption method for executing the encryption process (step ST55). When the processor 11 selects an existing encryption method according to the communication method and communication conditions (step ST54, NO), it sets the existing encryption method as the encryption method for executing the encryption process (step ST56).

When the processor 11 of the IC card 1 receives a command other than a communication method request from the IC card processing device 2 (step ST57, YES), it executes processing according to the received command (command processing) (step ST58). After executing the command processing, the processor 11 transmits a response indicating the result of the command processing (step ST59), and returns to step ST51, where it waits to receive a communication setting request or other command.

As described above, the IC card according to the third operation example holds setting information indicating the communication conditions for selecting an encryption method for each communication method (communication protocol), and when the communication method is set (switched), sets the processing method (encryption method) based on the setting information for each communication method. As an IC card processing device, when specifying the communication method of the IC card, it specifies the processing method to be set in the IC card according to the communication conditions for the specified communication method.

According to this third operation example, the IC card can set a processing method for executing a specific process according to the communication conditions for each communication method requested by the IC card processing device, and can switch the processing method according to the setting information set for each communication method. In addition, the IC card processing device can specify the processing method of the IC card according to the communication conditions for each communication method.

Next, an operation example (fourth operation example) including a process in which the IC card 1 as the portable electronic device according to the embodiment notifies the IC card processing device 2 of the encryption method that the IC card itself supports will be described.
FIG. 8 is a flowchart for explaining the flow of a fourth operation example of the IC card 1 as the portable electronic device according to the embodiment.
The fourth operation example is an example of an operation including a process in which the IC card 1 notifies the IC card processing device 2 of the encryption method that is valid (an encryption method that can be executed).

In the example shown in FIG. 8, first, the processor 11 of the IC card 1 receives a request for a reset (cold reset) immediately after power is supplied from the IC card processing device 2. When a cold reset is requested from the IC card processing device 2 (step ST61, YES), the processor 11 executes the cold reset (step ST62). The processor 11 sets the new encryption method as the encryption method to be used for encryption processing in the cold reset (step ST63). When the cold reset is complete, the processor 11 transmits a response (ATR) indicating that the cold reset is complete to the IC card processing device 2 (step ST64).

After executing the reset operation, the processor 11 of the IC card 1 accepts various commands from the IC card processing device 2 (step ST69). If the processor 11 receives a command other than a reset request from the IC card processing device 2 (step ST70, YES), it executes processing according to the received command (command processing) (step ST71).

When the processor 11 executes the command process, it determines whether the existing encryption method (an encryption method different from the new encryption method set by default (cold reset)) is valid (step ST72). For example, the processor 11 determines whether the existing encryption method is valid or invalid based on information indicating an encryption method setting flag stored in the NVM 14.

If the existing encryption method is valid (step ST72, YES), the processor 11 sets information indicating that the existing encryption method is valid in the response data indicating the result of the command processing (step ST73). The processor 11 transmits the response data in which the data indicating that the existing encryption method is valid is set to the IC card processing device 2 (step ST75), and returns to step ST69, waiting for a command. Note that the information indicating that the existing encryption method is valid may include information indicating that the existing encryption method is valid in a status word indicating the result of the command processing, or data indicating that the existing encryption method is valid may be set in the response data.

If the existing encryption method is not valid (step ST72, NO), the processor 11 sets data indicating that the existing encryption method is invalid in the response data indicating the result of the command processing (step ST74). The processor 11 transmits the response data in which the data indicating that the existing encryption method is invalid is set to the IC card processing device 2 (step ST75), and returns to step ST69, waiting for a command.

However, in the processing of steps ST73-ST75, the processor 11 may transmit response data indicating a normal abnormality if the existing encryption method is valid and the result of the command processing is abnormal, and may transmit response data indicating that the processing result is normal and the existing encryption method is valid if the existing encryption method is valid and the result of the command processing is normal.

In the fourth operation example described above, an example was described in which the validity of the encryption method is notified in response to a command in the operation of setting the encryption method according to the type of reset as described in the first operation example. However, in the operation example shown in FIG. 8, the operation of selecting the encryption method to be set may be the operation described in the second or third operation example. In other words, the operation of setting the encryption method according to the reset type may be replaced with an operation of setting the encryption method according to communication conditions such as the communication rate.

In addition, in the fourth operation example described above, the IC card 1 is described on the assumption that the encryption method set at cold reset (default state) is the new encryption method. Therefore, in the processing of steps ST72-74 (response processing to the command), the IC card 1 transmits a command response to the IC card processing device 2 that includes information indicating whether or not an existing encryption method, which is a different encryption method from the new encryption method set at the default state (cold reset), is valid.

As a modified example, this fourth operation example can also be applied to a case where the IC card 1 is operated in a default state with the existing encryption method set. In other words, when the IC card 1 is operated in a default state with the existing encryption method set, the IC card 1 may transmit to the IC card processing device 2, in the response process to the command in steps ST72-74, a command response including information indicating whether or not a new encryption method, which is an encryption method different from the existing encryption method set in the default state, is valid.

As a further modification, the fourth operation example described above may be configured so that, in the response indicating the command processing result, the IC card 1 outputs a response indicating information indicating the validity of each encryption method (new encryption method and existing encryption method) supported by the IC card 1, regardless of the encryption method set in the default state by the IC card 1. In other words, the fourth operation example may be implemented by replacing the processing of steps ST72-74 with processing to output a response indicating information indicating the validity of each encryption method (new encryption method and existing encryption method).

As described above, the IC card according to the fourth operation example outputs a response including information indicating the validity of each encryption method in the IC card when it executes command processing in response to a command from the IC card processing device. According to this fourth operation example, the IC card can transmit information indicating the encryption methods that the IC card can execute to the IC card processing device in response to the command processing.

The IC card according to the fourth operation example described above outputs a response indicating the result of the command processing, including information indicating whether an encryption method other than the encryption method set in the default state is valid. According to this fourth operation example, the IC card can transmit information indicating whether an encryption method other than the encryption method set in the default state is valid in response to the command processing to the IC card processing device.

Next, a fifth operation example of the process in which the IC card 1 serving as the portable electronic device according to the embodiment disables a specific encryption method as a command process will be described.
FIG. 9 is a flowchart for explaining the flow of a fifth operation example of the IC card 1 as a portable electronic device according to the embodiment.
Fig. 9 is a flowchart for explaining an example of processing for disabling a specific encryption method as a fifth operation example, which is executed as one of the command processes in Fig. 5 to Fig. 8. In the fifth operation example, the IC card 1 performs processing for disabling a specific encryption method designated by the IC card processing device 2 from among a plurality of supported encryption methods.
When the processor 11 of the IC card 1 receives a command from the IC card processing device 2 in the processes shown in FIGS. 5 to 8 described above, it executes the command process.

When the processor 11 receives a command from the IC card processing device 2, it determines whether the received command is a command requesting the invalidation of an encryption method (step ST81). For example, if the received command is in a format such as that shown in FIG. 11 described later, the processor 11 determines whether the received command requests the invalidation of an encryption method based on whether data indicating a request for invalidation of an encryption method is set in the command identification information "CLA/INS." As a specific example, when invalidating an existing encryption method of the IC card 1, the IC card processing device 2 transmits a command to the IC card 1 requesting the invalidation of the existing encryption method. As a result, the processor 11 of the IC card 1 receives the command requesting the invalidation of the existing encryption method.

When processor 11 receives a command requesting the invalidation of a specific encryption method (step ST81, YES), it performs a process of invalidating the encryption method specified in the received command (step ST82). For example, processor 11 invalidates the specified encryption method by storing information indicating that the encryption method specified in the command is invalid in NVM 14. As a specific example, when processor 11 receives a command requesting the invalidation of an existing encryption method, processor 11 of IC card 1 invalidates the existing encryption method by updating the encryption method setting flag in NVM 14 as shown in FIG. 3 to information indicating that the existing encryption method is invalid.

When the processor 11 has disabled the encryption method specified in the command, it generates response data including information indicating that the specified encryption method has been disabled as data indicating the result of the command processing (step ST84). When the processor 11 generates the response data, it transmits the response data indicating the result of the command processing to the IC card processing device 2, as shown in Figures 5 to 8. As a result, the IC card processing device 2, which is the sender of the command, confirms that the specified encryption method has been disabled in the IC card 1.

In addition, if the processor 11 receives a command other than a command requesting the disabling of the encryption method (step ST81, NO), it executes processing (command processing) according to the received command (step ST83) and generates response data indicating the result of the command processing (step ST84).

As described above, the IC card according to the fifth operation example disables the specified encryption method in response to a command requested from the IC card processing device. This allows an IC card that supports multiple encryption methods to disable a specific encryption method in response to a command from the IC card processing device. As a result, even after an IC card capable of executing multiple encryption methods has been issued, a specific encryption method in which a vulnerability has been discovered can be disabled in response to a command from the IC card processing device.

For example, when an IC card according to the fifth operation example receives a command from an IC card processing device requesting the invalidation of the existing encryption method, it invalidates the existing encryption method in response to the received command. This makes it possible to invalidate the existing encryption method after the end of the transition period, even if an IC card capable of executing both the existing encryption method and the new encryption method is issued during a transition period from the existing encryption method to the new encryption method. As a result, it is possible to invalidate the encryption method using the existing encryption method, which has weak encryption strength, after the transition time, and it becomes possible to smoothly carry out operations during the transition period in which the existing encryption method and the new encryption method coexist, and operations after the end of the transition period.

Furthermore, according to the fifth operation example described above, an IC card compatible with the new encryption method and the existing encryption method can also disable the existing encryption method, which has weaker encryption strength than the new encryption method, in response to a command from the IC card processing device. As a result, the IC card can perform encryption processing using either the existing encryption method or the new encryption method during a transition period in which the entire system including the IC card and the IC card processing device transitions from the existing encryption method to the new encryption method, and can disable the existing encryption method, which has weaker encryption strength, when the transition period ends.

Next, an operation example (sixth operation example) including processing when the IC card 1 as a portable electronic device according to the embodiment receives a signature verification command, which is an example of command processing that requests processing including cryptographic processing, will be described.
FIG. 10 is a flowchart for explaining the flow of a sixth operation example of the IC card 1 as a portable electronic device according to the embodiment.
In the sixth operation example, the IC card 1 sets one encryption method from among a plurality of encryption methods, and when a command for processing including encryption processing is received, the IC card 1 executes processing including encryption processing using the set encryption method. In other words, in the sixth operation example, the command for processing including encryption processing (signature verification command) has the same content (the same data or a command in which data equivalent to the same data is set) regardless of which encryption method is set.

In the operation example shown in FIG. 10, the processor 11 of the IC card 1 first executes a reset in response to a reset request from the IC card processing device 2 (step ST90). When the reset operation is completed, the processor 11 transmits a reset response (ATR) to the IC card processing device 2 (step ST91). When transmitting the ATR, the processor 11 sets communication conditions including a communication rate corresponding to the ATR to be transmitted to the IC card processing device 2 (step ST92). After setting the communication conditions, the processor 11 accepts various commands from the IC card processing device 2 (step ST93).

When the processor 11 of the IC card 1 receives a command (step ST93, YES), it determines whether the received command is a command requesting processing including cryptographic processing (step ST94). One example of a command requesting processing including cryptographic processing is a signature verification command. Here, we will assume that the command requesting processing including cryptographic processing is a signature verification command, as shown in Figure 10.

FIG. 11 is a diagram showing an example of the format of a signature verification command, which is an example of a command requesting processing including cryptographic processing.
The format of the command as shown in Fig. 11 includes "CLA/INS" which is command identification information and "P1P2" which is a parameter. Fig. 11 shows an example of a signature verification command, and shows an example in which "0088" is set in "CLA/INS". In other words, a command with "CLA/INS" of "0088" indicates a signature verification command. In the sixth operation example, the signature verification command as shown in Fig. 11 is used regardless of the encryption method. In other words, in the sixth operation example, the signature verification command is a common command for the existing encryption method and the new encryption method as shown in Fig. 11.

If the received command is a command requesting processing including encryption (signature verification command) (step ST94, YES), the processor 11 determines whether the encryption method selected by the IC card 1 in response to the communication conditions is the new encryption method or the existing encryption method (step ST95). If the encryption method selected in response to the communication conditions is the new encryption method (step ST95, YES), the processor 11 executes signature verification processing as processing including encryption processing using the new encryption method in response to the signature verification command (step ST96). After executing signature verification including encryption processing using the new encryption method, the processor 11 transmits response data indicating the results of the signature verification processing to the IC card processing device 2 (step ST99).

If the encryption method set in the IC card 1 is an existing encryption method (step ST95, NO), the processor 11 executes a signature verification process including encryption processing using the existing encryption method in response to the signature verification command (step ST98). After executing the signature verification including encryption processing using the existing encryption method, the processor 11 transmits response data indicating the signature verification process result to the IC card processing device 2 (step ST99).

In addition, if the processor 11 receives a command other than a command requesting processing including cryptographic processing (signature verification command) (step ST94, NO), it executes processing according to the received command (step ST97) and transmits response data indicating the result of the command processing to the IC cart processing device 2 (step ST99).

As described above, the IC card according to the sixth operation example executes encryption processing using the encryption method that has been set (selected) in the IC card. This means that the IC card does not need to specify (identify) the encryption method to be used for encryption processing from a command that requests processing that includes encryption processing, and the IC card processing device does not need to change the command data to specify the encryption method to be used for encryption processing. For example, when the IC card according to the sixth operation example is implemented in combination with the first operation example, it is only necessary to set the encryption method in the reset operation, and it is not necessary to specify the encryption method in the command that requests encryption processing.

Next, a seventh operation example will be described in which the IC card 1 serving as the portable electronic device according to the embodiment receives a signature verification command, which is an example of a command requesting processing including cryptographic processing.
FIG. 12 is a flowchart for explaining the flow of a seventh operation example of the IC card 1 as a portable electronic device according to the embodiment.
In the seventh operation example, the IC card 1 executes cryptographic processing using an encryption method specified by parameters in a command for processing including cryptographic processing (a signature verification command is taken as an example.) In other words, the IC card in the seventh operation example specifies which encryption method to use for the cryptographic processing based on parameters in the command for processing including cryptographic processing.

In the operation example shown in FIG. 12, the processor 11 of the IC card 1 first executes a reset in response to a reset request from the IC card processing device 2 (step ST100). When the reset operation is completed, the processor 11 transmits a reset response (ATR) to the IC card processing device 2 (step ST101). When transmitting the ATR, the processor 11 sets communication conditions including a communication rate corresponding to the ATR to be transmitted to the IC card processing device 2 (step ST102). After setting the communication conditions, the processor 11 accepts various commands from the IC card processing device 2 (step ST103).

When the processor 11 of the IC card 1 receives a command from the IC card processing device 2 (step ST103, YES), it determines whether the received command is a command requesting processing including cryptographic processing (signature verification command) (step ST104). If the processor 11 receives a command other than a signature verification command (step ST104, NO), it executes command processing according to the received command (step ST105) and transmits response data indicating the result of the command processing to the IC card processing device 2 (step ST111).

If the received command is a signature verification command (step ST104, YES), the processor 11 determines whether the data set in the parameters of the signature verification command specifies a new encryption method or an existing encryption method. In other words, the processor 11 identifies the encryption method to be used for the encryption process of the signature verification based on the parameters of the received signature verification command.

Fig. 13 shows an example in which data specifying an existing encryption method is set as a parameter of a signature verification command, while Fig. 14 shows an example in which data specifying a new encryption method is set as a parameter of a signature verification command.
In the example of the signature verification command shown in FIG. 13 and FIG. 14, the parameters "P1" and "P2" are defined as follows:
"P2" specifies the encryption method. For example, if "P2" is "01", an existing encryption method is specified. If "P2" is "02", a new encryption method is specified. Also, "P1" indicates the identifier of the key to be used for the signature data. In this case, if "P1" is "01", it indicates that key data with an ID of "01" will be used. If "P1" is "02", it indicates that key data with an ID of "02" will be used. Note that the key data is stored together with the identifier in a memory such as an NVM in the IC card 1.

As a specific example, in the example shown in FIG. 13, the data set in the parameters "P1" and "P2" of the signature verification command is "01" and "01", indicating that the encryption method is the existing encryption method and the ID of the key data is "01". Also, in the example shown in FIG. 14, the data set in the parameters "P1" and "P2" of the signature verification command is "03" and "02", indicating that the encryption method is the new encryption method and the ID of the key data is "03".

If the parameter of the signature verification command is the new encryption method (step ST106, YES), the processor 11 executes the signature verification process as a process including encryption processing by the new encryption method in response to the signature verification command (step ST107). After executing the signature verification including encryption processing by the new encryption method, the processor 11 transmits response data indicating the signature verification process result to the IC card processing device 2 (step ST111).

If the parameter of the signature verification command is not a new encryption method (step ST106, NO), the processor 11 determines whether the parameter of the signature verification command is an existing encryption method (step ST108). If the parameter of the signature verification command is an existing encryption method (step ST108, YES), the processor 11 executes a signature verification process including encryption processing using the existing encryption method in response to the signature verification command (step ST109). After executing the signature verification including encryption processing using the existing encryption method, the processor 11 transmits response data indicating the signature verification process result to the IC card processing device 2 (step ST111).

If the parameters of the signature verification command are neither the new encryption method nor the existing encryption method (step ST108, NO), the processor 11 determines that the parameters of the signature verification command are in error (abnormal value) (step ST110). If the parameters of the received signature verification command are in error, the processor 11 transmits response data indicating that the parameters of the signature verification command are abnormal to the IC card processing device 2 (step ST111).

As described above, the IC card according to the seventh operation example identifies the encryption method based on the parameters of the received signature verification command, and executes signature verification including encryption processing using the encryption method specified by the parameters. This allows the IC card to identify the encryption method to be used for encryption processing based on the parameters of the command requesting processing including encryption processing. Each time the IC card processing device requests processing including encryption processing, it can specify the encryption method to be used for encryption processing based on the parameters of the command.

Next, an operation example (eighth operation example) including processing when the IC card 1 as a portable electronic device according to the embodiment receives a signature verification command, which is an example of command processing that requests processing including cryptographic processing, will be described.
FIG. 15 is a flowchart for explaining the flow of an eighth operation example of the IC card 1 as the portable electronic device according to the embodiment.
The eighth operation example is an operation example in which identification information (CLA/INS) of the signature verification command is defined for each encryption method. The IC card 1 determines whether the signature verification command is for the existing encryption method or the new encryption method based on the identification information of the command received from the IC card processing device 2. In other words, the IC card in the eighth operation example specifies the encryption method to be used for encryption processing based on the identification information of the signature verification command, since the signature verification command is defined for each encryption method.

For example, Fig. 16 shows an example of a signature verification command that specifies an existing encryption method, and Fig. 17 shows an example of a signature verification command that specifies a new encryption method.
The signature verification commands shown in Figures 16 and 17 have different data (values) for "CLA/INS," which is command identification information. In the command shown in Figure 16, "CLA/INS" is "008A." As shown in Figure 16, a command with "CLA/INS" of "008A" is defined as a signature verification command using the existing encryption method. Also, in the command shown in Figure 17, "CLA/INS" is "008C." As shown in Figure 17, a command with "CLA/INS" of "008C" is defined as a signature verification command using the new encryption method.

In the operation example shown in FIG. 15, the processor 11 of the IC card 1 first executes a reset in response to a reset request from the IC card processing device 2 (step ST120). When the reset operation is completed, the processor 11 transmits a reset response (ATR) to the IC card processing device 2 (step ST121). When transmitting an ATR, the processor 11 sets communication conditions including a communication rate corresponding to the ATR to be transmitted to the IC card processing device 2 (step ST102). After setting the communication conditions, the processor 11 accepts various commands from the IC card processing device 2 (step ST123).

When the processor 11 of the IC card 1 receives a command from the IC card processing device 2, it determines whether the received command is a command requesting signature verification including encryption processing using the new encryption method (signature verification command) (step ST124). According to the example shown in FIG. 16 above, the processor 11 determines whether the received command is a signature verification command specifying the new encryption method depending on whether the "CLA/INS" of the received command is "008C".

If the received command is a signature verification command specifying a new encryption method (step ST124, YES), the processor 11 executes a signature verification process including encryption processing using the new encryption method in response to the command (step ST125). After executing the signature verification including encryption processing using the new encryption method, the processor 11 transmits response data indicating the signature verification process result to the IC card processing device 2 (step ST129).

If the received command is not a signature verification command specifying a new encryption method (step ST124, NO), the processor 11 determines whether the command is a signature verification command specifying an existing encryption method (step ST126). If the received command is a signature verification command specifying an existing encryption method (step ST126, YES), the processor 11 executes signature verification processing including encryption processing using the existing encryption method in response to the command (step ST127). After executing signature verification including encryption processing using the existing encryption method, the processor 11 transmits response data indicating the signature verification processing result to the IC card processing device 2 (step ST129).

In addition, if the received command is not a signature verification command that specifies an existing encryption method, that is, if the received command is not a signature verification command (step ST126, NO), the processor 11 executes command processing according to the received command (step ST128) and transmits response data indicating the result of the command processing to the IC card processing device 2 (step ST129).

As described above, the IC card according to the eighth operation example identifies which encryption method is used for the signature verification command based on the identification information of the received command, and performs signature verification including encryption processing using the specified encryption method. As a specific example, when the IC card receives a signature verification command that specifies an existing encryption method, it performs signature verification including encryption processing using the existing encryption method, and when the IC card receives a signature verification command that specifies a new encryption method, it performs signature verification including encryption processing using the new encryption method.

As a result, the IC card can specify the encryption method to be used for encryption processing by the command defined for each encryption method, and can execute processing including encryption processing using the specified encryption method. In addition, the IC card processing device can specify the encryption method to be used for encryption processing by command, by selecting a command that specifies the desired encryption method from multiple types of commands defined for each encryption method.

The above-mentioned operation examples can be implemented in appropriate combinations. For example, the first to third operation examples can be implemented in combination with the fourth to eighth operation examples, and the sixth to eighth operation examples can be implemented in combination with the first to fifth operation examples. The fourth and fifth operation examples can also be implemented in further combination with other operation examples.

Furthermore, the functions described in each of the above embodiments can be realized not only by using hardware, but also by using software to load a program that describes each function into a computer. Furthermore, each function may be configured by selecting either software or hardware as appropriate.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, substitutions, and modifications can be made without departing from the spirit of the invention. These embodiments and their modifications are included in the scope and spirit of the invention, and are included in the scope of the invention and its equivalents described in the claims.
The following is an appended summary of the contents of the claims as originally filed.
[1]
an interface for communicating with an external device;
A memory that stores setting information for each of a plurality of different processing methods for executing a specific process;
a processor that selects one of the processing methods for executing the specific process in response to information supplied from the external device, and executes the specific process using the selected processing method;
A portable electronic device having:
[2]
the specific processing is cryptographic processing,
The processing method is an encryption method.
The portable electronic device according to [1].
[3]
The cryptographic method includes a post-quantum cryptographic method and a non-post-quantum cryptographic method.
The portable electronic device according to [2].
[4]
The processor selects one encryption method according to a type of reset requested by the external device.
The portable electronic device according to [2].
[5]
The processor selects one encryption method in accordance with a communication condition specified by the external device.
The portable electronic device according to [2].
[6]
The processor selects one encryption method in accordance with a communication rate specified by the external device.
The portable electronic device according to [5].
[7]
the processor sets a communication method designated by the external device, and selects one encryption method according to communication conditions for each of the set communication methods.
The portable electronic device according to [5].
[8]
the processor transmits to the external device information indicating an encryption method that can be executed when executing command processing in response to a command from the external device;
The portable electronic device according to [2].
[9]
the processor disables the specific encryption method when a command requesting the disablement of the specific encryption method is received from the external device;
The portable electronic device according to [2].
[10]
the processor holds information indicating a currently selected encryption method, and when a command requesting processing including encryption processing is received from the external device, executes encryption processing using the currently selected encryption method.
The portable electronic device according to [2].
[11]
when the processor receives a command requesting processing including encryption processing from the external device, the processor selects an encryption method to be used for the encryption processing based on a parameter of the command.
The portable electronic device according to [2].
[12]
when the processor receives a command requesting processing including encryption processing from the external device, the processor selects an encryption method specified by the command.
The portable electronic device according to [2].
[13]
a module having an interface for communicating with an IC card processing device, a memory having a storage area for storing data for executing cryptographic processing in each of a plurality of cryptographic methods, and a processor for selecting one cryptographic method from the plurality of cryptographic methods, sharing the selected cryptographic method with the IC card processing device, and executing processing using cryptographic processing in accordance with the cryptographic method shared with the IC card processing device;
a main body having the module;
An IC card comprising:

1...IC card (portable electronic device), C...main body, Ca...IC chip, M...module, 2...IC card processing device (external device), 11...processor, 12...RAM, 13...ROM, 14...NVM (data memory), 15...communications control unit, 16...interface, 21...control unit, 22...display unit, 23...operation unit, 24...card reader/writer.

Claims (13)

an interface for communicating with an external device;
a memory for storing setting information including information indicating whether each of a plurality of different encryption methods for executing encryption processing is valid or invalid ;
a processor that, when receiving a reset request specifying a reset type from the external device, executes a reset process according to the reset type specified in the reset request, and sets an encryption method selected according to the reset type specified in the reset request to valid in the setting information stored in the memory ;
A portable electronic device having: The types of reset include a warm reset and a cold reset,
when the warm reset is specified, a first encryption method associated with the warm reset is set to be valid, and when the cold reset is specified, a second encryption method different from the first encryption method associated with the cold reset is set to be valid.
2. The portable electronic device of claim 1. an interface for communicating with an external device;
a memory for storing setting information including information indicating whether each of a plurality of different encryption methods for executing encryption processing is valid or invalid ;
a processor that, when receiving a setting request specifying communication conditions from the external device, executes communication setting in accordance with the communication conditions specified in the setting request, and sets an encryption method selected according to the communication conditions specified in the setting request in setting information stored in the memory to valid ;
A portable electronic device having: The processor selects one encryption method in accordance with a communication rate specified by the external device.
4. The portable electronic device of claim 3 . the processor sets a communication method designated by the external device, and selects one encryption method according to communication conditions for each of the set communication methods.
4. The portable electronic device of claim 3 . the processor transmits to the external device information indicating an encryption method that can be executed when executing command processing in response to a command from the external device;
4. A portable electronic device according to claim 1 or 3 . the processor disables the specific encryption method when a command requesting the disablement of the specific encryption method is received from the external device;
4. A portable electronic device according to claim 1 or 3 . the processor holds information indicating a currently selected encryption method, and when a command requesting processing including encryption processing is received from the external device, executes encryption processing using the currently selected encryption method.
4. A portable electronic device according to claim 1 or 3 . when the processor receives a command requesting processing including encryption processing from the external device, the processor selects an encryption method to be used for the encryption processing based on a parameter of the command.
4. A portable electronic device according to claim 1 or 3 . when the processor receives a command requesting processing including encryption processing from the external device, the processor selects an encryption method specified by the command.
4. A portable electronic device according to claim 1 or 3 . The cryptographic method includes a post-quantum cryptographic method and a non-post-quantum cryptographic method.
4. A portable electronic device according to claim 1 or 3 . a module having an interface for communicating with an IC card processing device, a memory having a storage area for storing setting information including information indicating whether each of a plurality of different encryption methods for executing encryption processing is valid or invalid, and a processor for, when receiving a reset request specifying a reset type from an external device, executing a reset process according to the reset type specified in the reset request, and setting the encryption method selected according to the reset type specified in the reset request in the setting information stored in the memory to valid ;
a main body having the module;
An IC card comprising: a module having an interface for communicating with an IC card processing device, a memory having a storage area for storing setting information including information indicating whether each of a plurality of different encryption methods for executing encryption processing is valid or invalid, and a processor for, when receiving a setting request specifying communication conditions from an external device, executing communication setting according to the communication conditions specified in the setting request, and setting the encryption method selected according to the communication conditions specified in the setting request in the setting information stored in the memory to valid ;
a main body having the module;
An IC card comprising: