JP2001357373A - Data storage device and data storage method, information processing device and information processing method, and recording medium - Google Patents

Abstract

(57) [Problem] To update an authentication key stored in an IC card while maintaining security by using a reader / writer. SOLUTION: Steps S331 and S33
In step 2, authentication processing with the IC card is performed, and step S33 is performed.
In step 3, the authentication key ID is encrypted and transmitted.
If the signal from the IC card is received at 34 and the received signal is an ACK signal, the latest version information of the authentication key and the authentication key Kake are encrypted and transmitted at step S336, and the IC card is transmitted from the IC card at step S337. Is received, and if the received signal is an ACK signal, the process ends. Step S335 and step S3
If it is determined in step 38 that the received signal is not an ACK signal, an error message is displayed in step S339, and the process ends.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data storage device and a data storage method, an information processing device and an information processing method, and a recording medium, for example, such as an authentication key used for mutual authentication between an IC card and a reader / writer. It is possible to update secret information by using an authentication key for updating secret information by communication between the IC card and the reader / writer in a mode different from the normal service data transmission / reception. Data storage device and data storage method, information processing device, and information capable of executing authentication processing using an authentication key other than the authentication key that can no longer be used when leaked to The present invention relates to a processing method and a recording medium.

[0002]

2. Description of the Related Art The use of IC (Integrated Circuit) cards in electronic money systems and security systems is increasing. The IC card performs various processes.
It has a built-in PU (Central Processing Unit) and a memory that stores data necessary for processing, etc., and is capable of data transfer in a state of being in electrical contact with a predetermined reader / writer or in a non-contact manner using electromagnetic waves. Transmission and reception are performed. In addition,
In general, a required power is supplied to an IC card that transmits and receives data to and from a reader / writer in a non-contact manner using electromagnetic waves.

For authentication of an IC card and a reader / writer,
A common key method or a public key method is used. In the common key method, the key used for encryption and the key used for decryption are the same. To use symmetric key cryptography, the sender and receiver must share a common key in advance, so the key used for encryption must be transmitted to the communication partner using a secure means separate from the communication channel. (That is, the IC card and the reader / writer must share a common key in advance). Basically, encryption is performed by combining "transposition", which changes the order of characters, and "substitution", which replaces one character with another according to a certain rule. The encryption algorithm and the key indicate the order in which the characters are replaced, and which characters are replaced with which characters. In encryption, substitution encryption for shifting characters and transposition encryption for changing the order of characters are basic encryption conversions, and the number of characters to be shifted is a key.

[0004] The public key system is used in a cryptographic system.
Two keys, an “encryption key” and a “decryption key”, are used in pairs, of which the encryption key is made public and the decryption key is managed by the key issuer and kept secret. When transmitting data, the communication message is encrypted using an encryption key, and the received message is restored using a decryption key. Since the two keys are determined based on a certain mathematical relationship, it is not impossible to obtain a decryption key from an encryption key, but it is not realistic in terms of computational complexity.

[0005] In the public key cryptosystem, the encryption key does not need to be kept confidential as compared with the conventional common key cryptosystem, so that the encryption key can be easily distributed. Has the advantage of not having to distribute the decryption key, and has the function of authenticating the message by a digital signature. Processing time is longer.

[0006] The digital signature is a method for indicating that a message is transmitted from a legitimate sender in an electronic mail or an online transaction and that the message is not falsified on the way. In normal ciphertext communication,
Encryption is performed using a public key. For example, RSA (Rivest, Sh
amir, Adleman) In the case of a public key cryptosystem, the digital signature is conversely described as "encrypt with a decryption key (private key)". In another encryption method, a hash value is obtained for data to which a signature is to be added, and the hash value is encrypted with a secret key.

[0007] To verify the signature, a public key is used (that is, the roles of the encryption key and the decryption key are exchanged). Because public keys are widely publicized, anyone can easily check the validity of their signatures. If the ciphertext can be correctly restored with the public key and a meaningful sentence is obtained, it can be confirmed that it is the correct sender. Because only the legitimate sender knows the private key (the key that signed it), in order to create a digital signature that can be restored with the public key, you need to know the private key of the pair. It is not good. Also,
If the data has been tampered with, it will not be possible to correctly decode the data, so that it can be used to prevent or detect tampering. Verification of the signature is performed by comparing the value decrypted using the public key with a hash value separately calculated from the data, and if they match, it is determined that the data has not been tampered with, If they do not match, it is determined that the data has been tampered with.

Further, a third party organization for the purpose of issuing a certificate for certifying that the data is issued by a trusted organization is established by a certificate authority (CA).
Authority)).

[0009]

SUMMARY OF THE INVENTION A reader / writer has an IC
In order to mount the card 1 and receive various services, it is necessary to perform an authentication process using an authentication key defined for each service. For example, if an authentication key is leaked to a third party, security may be impaired if authentication processing using these authentication keys is continued as it is. Also, these authentication keys are often upgraded (that is, the keys are changed) to maintain security. In this case, conventionally, it has been necessary to discard the corresponding IC card and use a new IC card, or the issuer of the IC card needs to rewrite the authentication key stored in the IC card.

The present invention has been made in view of such a situation, and updates secret information such as an authentication key used for mutual authentication between an IC card and a reader / writer.
When the authentication key for updating confidential information is enabled by the communication between the IC card and the reader / writer in a mode different from the normal exchange of service data, or when a certain authentication key is leaked to a third party For example, the authentication processing can be executed using an authentication key other than the authentication key that can no longer be used.

[0011]

A first data storage device according to the present invention comprises: an input / output control unit for controlling input / output of data to / from an information processing apparatus; a storage control unit for controlling storage of secret information; From the version information of the first secret information of the secret information whose storage is controlled by the storage control means and the version information of the second secret information whose input is controlled by the input / output control means, the first secret information is obtained. Version and
Comparing means for comparing the versions of the second secret information, wherein when the comparing means determines that the second secret information has a newer version than the first secret information,
The storage control means performs control so that the second secret information is stored in the storage area where the first secret information is stored.

[0012] An authentication means for authenticating the transfer of secret information with the information processing apparatus may be further provided.
The transfer of the secret information can be authenticated using a second authentication key different from the first authentication key used for the transfer of data other than the secret information.

The input is controlled by the input / output control means,
Decryption means for decrypting the encrypted second secret information may be further provided, wherein the comparison means determines that the second secret information decrypted by the decryption means has a newer version than the first secret information. If it is determined, the storage control unit can be controlled to store the second secret information decrypted by the decryption unit in the storage area storing the first secret information.

A first data storage method according to the present invention includes an input / output control step of controlling input / output of data with respect to an information processing apparatus, a storage control step of controlling storage of secret information, and a storage control step. Version information of the first secret information of the secret information whose storage is controlled;
The second whose input is controlled by the processing of the input / output control step
And comparing the version of the first secret information with the version of the second secret information based on the version information of the secret information.
If it is determined that the version of the secret information is newer than the version of the first secret information, the storage control step proceeds to the first step.
The second secret information is controlled to be stored in the storage area storing the second secret information.

The program recorded on the first recording medium of the present invention includes an input / output control step for controlling data input / output with respect to the information processing apparatus, a storage control step for controlling storage of secret information, and a storage. From the version information of the first secret information of the secret information whose storage is controlled by the processing of the control step and the version information of the second secret information whose input is controlled by the processing of the input / output control step, the first A comparison step of comparing the version of the secret information with the version of the second secret information, and the processing of the comparison step determines that the version of the second secret information is newer than the version of the first secret information In this case, the storage control step is characterized in that control is performed such that the second secret information is stored in the storage area in which the first secret information is stored.

The second data storage device of the present invention is used for input / output control means for controlling input / output of data to / from an information processing device, and for authentication processing of data corresponding to a predetermined service and the information processing device. Storage control means for controlling the storage of a plurality of authentication keys; selecting means for selecting an authentication key used for authentication processing with the information processing device from the plurality of authentication keys whose storage is controlled by the storage control means; An authentication unit for performing an authentication process using the selected authentication key, wherein the selection unit performs a second authentication key different from the first authentication key when the authentication process using the selected first authentication key cannot be performed. Is further selected.

A second data storage method according to the present invention is used for an input / output control step of controlling input / output of data to / from an information processing apparatus, and authentication processing for data corresponding to a predetermined service and the information processing apparatus. A storage control step of controlling storage of a plurality of authentication keys; a selection step of selecting an authentication key used for an authentication process with the information processing apparatus from the plurality of authentication keys the storage of which is controlled by the processing of the storage control step; An authentication step of performing an authentication process using the authentication key selected by the step process. In the process of the selection step, if the authentication process by the selected first authentication key cannot be performed, the first authentication key A second authentication key different from the above is further selected.

The program recorded on the second recording medium according to the present invention includes an input / output control step for controlling input / output of data to / from the information processing apparatus, and a program for controlling the data / information processing apparatus corresponding to a predetermined service. A storage control step of controlling storage of a plurality of authentication keys used for the authentication processing, and an authentication key used for the authentication processing with the information processing apparatus is selected from the plurality of authentication keys the storage of which is controlled by the processing of the storage control step The method includes a selection step and an authentication step of performing authentication processing using the authentication key selected by the processing of the selection step. In the selection step, if the authentication processing by the selected first authentication key cannot be performed, the first A second authentication key different from the first authentication key is further selected.

A first information processing apparatus according to the present invention comprises: an input / output control unit for controlling input / output of data to / from a data storage device; a storage control unit for controlling storage of a plurality of pieces of secret information; Input control means for controlling the input of a signal indicating selection of the secret information, and a plurality of secret information whose storage is controlled by the storage control means based on the signal indicating selection of secret information whose input is controlled by the input control means. Selecting means for selecting the secret information, and the input / output control means controls the output of the secret information selected by the selecting means and the version information of the secret information to the data storage device.

An authentication unit for authenticating exchange of secret information with the data storage device may be further provided, and the authentication unit includes a second authentication key different from a first authentication key used for exchange of data other than secret information. Using the authentication key, the transfer of the secret information can be authenticated.

[0021] An encryption means for encrypting the secret information selected by the selection means may be further provided.

According to a first information processing method of the present invention, an input / output control step of controlling input / output of data to / from a data storage device, a storage control step of controlling storage of a plurality of pieces of secret information, An input control step of controlling input of a signal indicating selection of the secret information, and a plurality of storage units whose storage is controlled by the processing of the storage control step based on the signal indicating selection of secret information whose input is controlled by the processing of the input control step. A selection step of selecting predetermined secret information from the secret information, wherein the input / output control step controls the output of the secret information selected by the processing of the selection step and the version information of the secret information to the data storage device. It is characterized by.

The program recorded on the first recording medium of the present invention includes an input / output control step for controlling input / output of data to / from a data storage device, and a storage control step for controlling storage of a plurality of secret information. An input control step of controlling input of a signal indicating selection of secret information by a user; and storing by a storage control step based on a signal indicating selection of secret information whose input has been controlled by the processing of the input control step. And selecting the predetermined secret information from the plurality of controlled secret information. The input / output control step includes a step of storing the secret information selected by the processing of the selection step and the version information of the secret information in the data storage device. The output is controlled.

The second information processing apparatus of the present invention is used for input / output control means for controlling input / output of data to / from a data storage device, and for authentication processing of data and the data storage device corresponding to a predetermined service. Storage control means for controlling the storage of a plurality of authentication keys; selecting means for selecting an authentication key used for authentication processing with the data storage device from the plurality of authentication keys whose storage is controlled by the storage control means; An authentication unit that performs an authentication process using the selected authentication key, and when the authentication process using the first authentication key is prohibited among a plurality of authentication keys whose storage is controlled by the storage control unit, The means comprises a second authentication key different from the first authentication key.
Is selected.

The second information processing method of the present invention is used for an input / output control step of controlling input / output of data to / from a data storage device and an authentication process for data and a data storage device corresponding to a predetermined service. A storage control step of controlling storage of a plurality of authentication keys; a selection step of selecting an authentication key used for authentication processing with the data storage device from the plurality of authentication keys whose storage has been controlled by the processing of the storage control step; An authentication step of performing an authentication process using the authentication key selected in the step process, wherein the authentication process using the first authentication key is prohibited among the plurality of authentication keys whose storage has been controlled by the storage control step. If so, the selecting step comprises a second authentication key different from the first authentication key.
Is selected.

The program recorded on the second recording medium of the present invention includes an input / output control step for controlling the input / output of data to / from the data storage device, and a data / data storage device corresponding to a predetermined service. A storage control step of controlling storage of a plurality of authentication keys used for the authentication processing, and an authentication key used for the authentication processing with the data storage device is selected from the plurality of authentication keys the storage of which is controlled by the processing of the storage control step A first authentication key of a plurality of authentication keys, the storage of which is controlled by the processing of the storage control step, including a selection step and an authentication step of performing authentication processing using the authentication key selected by the processing of the selection step. In the case where the authentication process is prohibited, the selecting step is to select a second authentication key different from the first authentication key.

According to the first data storage device, the data storage method, and the program recorded on the recording medium of the present invention, input / output of data to / from the information processing device is controlled, storage of secret information is controlled, The version of the first secret information and the version of the second secret information are compared based on the version information of the first secret information among the stored secret information and the version information of the input second secret information. If it is determined that the version of the second secret information is newer than the version of the first secret information, the second secret information is controlled to be stored in the storage area storing the first secret information. You.

According to the second data storage device, the data storage method, and the program recorded on the recording medium of the present invention, the input and output of data to and from the information processing device are controlled, and the data and the data corresponding to the predetermined service are stored. The storage of the plurality of authentication keys used for the authentication process with the information processing device is controlled, the authentication key used for the authentication process with the information processing device is selected from the stored plurality of authentication keys, and the selected authentication key is If the authentication process is performed using the selected authentication key and the authentication process using the selected first authentication key cannot be performed, a second authentication key different from the first authentication key is further selected.

According to the first information processing apparatus, the information processing method, and the program recorded on the recording medium of the present invention, input / output of data to / from a data storage device is controlled, and storage of a plurality of secret information is controlled. The input of a signal indicating selection of the secret information by the user is controlled, and based on the signal indicating the selection of the input secret information, predetermined secret information is selected from a plurality of stored secret information, and the selected secret information is selected. The output of the secret information and the version information of the secret information to the data storage device is controlled.

According to the second information processing apparatus, the information processing method, and the program recorded on the recording medium of the present invention, the input / output of data to / from the data storage device is controlled, and the data and the data corresponding to a predetermined service are stored. The storage of the plurality of authentication keys used for the authentication process with the data storage device is controlled, and the authentication key used for the authentication process with the data storage device is selected from the stored plurality of authentication keys. When the authentication process is performed using the authentication key and the authentication process using the first authentication key is prohibited from among the plurality of stored authentication keys, a second authentication key different from the first authentication key is selected. .

[0031]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 shows the relationship between an IC card and a reader / writer. The IC card 1 can support both authentication services using a common key method and authentication using a public key method (the respective authentication methods will be described later). The contactless common key compatible reader / writer 2-1 is an IC
The communication with the card 1 is performed in a non-contact manner, and the authentication is performed by the common key method. The non-contact public key compatible reader / writer 2-2 communicates with the IC card 1 in a non-contact manner, and performs authentication by a public key method. The contact-type public key-compatible reader / writer 2-3 performs communication by contact, and performs communication by a public key method.

For example, the IC card 1 includes information for providing services such as a prepaid card for paying a commuter pass or a fare. When the IC card 1 is used to use a ticket gate at a station, The IC card 1 includes a function as an ID card, and in a process requiring a short processing time, such as when authenticating entry permission using the IC card 1, a non-contact type common key compatible reader / writer. Non-contact communication using a common key is performed using 2-1.

For example, when the IC card 1 contains information for providing an electronic money service, and when a user purchases a merchandise at a store or the like, the public key system is used for authentication. However, the authentication process takes time.
For this reason, when the processing time is not particularly considered, non-contact communication may be performed using the non-contact type public key compatible reader / writer 2-2, or in order to reduce the processing time,
The communication may be performed by contact using the contact type public key compatible reader / writer 2-3.

In FIG. 1, the reader / writer corresponding to the non-contact type common key to the reader / writer corresponding to the contact type public key 2-
Although 3 is described as an individual reader / writer, a single reader / writer may be able to use a plurality of communication methods and a plurality of authentication methods as needed.

Next, the card issuer, service provider, and card holder will be described with reference to FIG.

The card issuer 11 has a service provider 12
The card holder 13 who has authorized the card holder 13 holding the IC card 1 to provide services using the IC card 1 and has requested to issue the IC card 1
3 is issued with the IC card 1.

The service provider 12 that has been authorized by the card issuer 11 provides a service registration reader / writer 2-11 of the card issuer 11 with the service provided by the card issuer 11 to the card holder 13. The data (Service Individual Info described later with reference to FIG. 6) is registered. For this registration, for example, a personal computer (not shown) of the service provider 12 may register the information in the reader / writer 2-11 for service registration via the Internet or the like, or the operator manually registers the information. You may do so.

The card holder 13 can use the service registration reader / writer 2-11 to register the desired service in the IC card 1 issued by the card issuer 11. Reader / writer 2-11 for service registration
The service registration process of the IC card 1 is described in FIG.
9 and FIG. 30 will be described later.

When the card holder 13 wants to delete a service registered in his / her own IC card 1, the service registration reader / writer 2-11 managed by the card issuer 11 or the service provider The service can be deleted from the IC card 1 of the user himself / herself using the general reader / writer 2-12 managed by the user 12. IC card 1 and reader / writer 2-1 for service registration
1 and FIG. 3 for the service deletion process.
2. The service deletion process of the IC card 1 and the general reader / writer 2-12 will be described later with reference to FIGS.

Further, the card holder 13 is, for example, an IC
In a situation where the electronic money service and the prepaid service are registered in the card 1 and the respective value information is recorded in the information relating to the respective services of the IC card 1, a part of the value of the electronic money is transferred to the prepaid card. When the value is to be replaced with a value, the inter-module communication reader / writer 2-13 managed by the service provider 12 uses the inter-module communication reader / writer 2-13 to transmit a value between the public key module and the common key module of the IC card 1 described later with reference to FIG. Thus, the inter-module communication can be executed. The inter-module communication reader / writer 2-13 is adapted to support two methods, a common key method and a public key method. The processing between the IC card 1 and the inter-module communication reader / writer 2-13 will be described later with reference to FIGS.

Further, when the card holder 13 wishes to update (upgrade) the expired authentication key, the general reader / writer 2 managed by the service provider 12
-12 or reader / writer 2 for version up
Using -14, the version of the authentication key registered in the IC card 1 of the user can be upgraded. IC card 1 and reader / writer 2 for version upgrade
The key version up process with −14 is described in FIG.
The process of upgrading the key between the IC card 1 and the general reader / writer 2-12 using
This will be described later using Nos. 5 to 47.

FIG. 3 is a block diagram showing the configuration of the IC card 1.

The IC card 1 includes a reader / writer 2 (reader / writer 2-1 to 2-3, or reader / writer 2-1).
In the case where it is not necessary to particularly distinguish 1 to 2-14, these are collectively referred to as a reader / writer 2), and a communication unit 21 that performs communication with the IC card processing unit that performs data processing 22.

[0045] The communication unit 21 determines that the corresponding IC card 1 is
The reader / writer 2-1 corresponding to the contactless common key described with reference to FIG.
2 is a non-contact type common key compatible reader / writer 2-
1 or contactless public key compatible reader / writer 2-2
And a coil for communicating using electromagnetic waves. In addition, the communication unit 21 may be configured such that the IC card 1 includes not only the contactless public key compatible reader / writer 2-1 and the contactless public key compatible reader / writer 2-2 described with reference to FIG. When the communication with the key compatible reader / writer 2-3 is also supported, the non-contact type common key compatible reader / writer 2
-1 or contactless public key compatible reader / writer 2-2
And a coil for communicating using electromagnetic waves, and a contact terminal for communicating with the contact type public key compatible reader / writer 2-3.

The communication unit 21 receives data transmitted from the reader / writer 2 and transmits the received data to, for example, an AS.
K (Amplitude Shift Keying) or BPSK (Binary Pha
In the case where modulation is performed using (se Shift Keying), the received data is demodulated by a predetermined process, supplied to the control unit 31 of the IC card processing unit 22, and generated by the process of the IC card processing unit 22. Data is transferred to the control unit 3
1 and is modulated using ASK or BPSK and transmitted to the reader / writer 2.

The IC card processing section 22 includes a control section 31, a memory 32, and an encryption processing section 33.
The control unit 31 controls the encryption processing unit 33 in accordance with the data supplied from the communication unit 21 to execute an encryption process required for an authentication process with the reader / writer 2 or to record it in the memory 32 as necessary. Read the data that has been
The data is transmitted to the reader / writer 2 via the communication unit 21.

The memory 32 has a memory area 44 in which a card ID, an authentication key Kreg for service registration, and a CA_Pub, which is a public key of a certificate authority, are recorded.
An e Relation Table (SRT) 45 and a Service Registration Area (SRA) 46 described later with reference to FIG.

The cryptographic processing unit 33 includes a public key processing unit 41, a common key processing unit 42, and another cryptographic processing unit 43. Details regarding the processing executed by the public key processing unit 41 to the other encryption processing units 43 will be described later with reference to FIG.

Next, FIG. 4 is a block diagram showing a configuration of the IC card 1 different from that of FIG. In the IC card 1 shown in FIG. 4, parts corresponding to those in FIG. 3 are denoted by the same reference numerals, and a description thereof will be omitted as appropriate (hereinafter the same).

The IC card 1 includes a communication unit 51 for executing communication with the reader / writer 2 relating to the common key service, a common key service processing unit 52 for executing processing of data obtained by the processing of the communication unit 51, and a public key service. Communication unit 53 that executes communication with reader / writer 2 regarding communication
The public key service processing unit 54 executes the processing of the data obtained by the above processing.

The communication unit 51 has a coil for communicating with the non-contact type common key compatible reader / writer 2-1.
Similarly to the communication unit 21, for example, when data transmitted from the IC card 1 is modulated using ASK or BPSK, the received data is demodulated by a predetermined process.
The data generated by the processing of the common key service processing unit 52 is supplied from the control unit 61, and is supplied to the control unit 61 of the common key service processing unit 52.
The signal is modulated using K and transmitted to the reader / writer 2.

The common key service processing unit 52 includes the control unit 6
1, a memory 62, and a cryptographic processing unit 63. The control unit 61 controls the encryption processing unit 63 in accordance with the data supplied from the communication unit 51 to execute processing required for authentication processing with the IC card 1 and the like, and stores the processing in the memory 62 as necessary. Read the data
The data is transmitted to the reader / writer 2 via the communication unit 51.

The memory 62 includes a memory area 44, an SRT 45, and an SRA 46, similarly to the memory 32 described with reference to FIG. In the memory area 44, a card ID, an authentication key Kreg for service registration, and a shared secret key K_common used for communication between modules are recorded.

The cryptographic processing section 63 comprises a common key processing section 42 and another cryptographic processing section 43. That is, the common key service processing unit 52 does not process the service related to the public key, so the encryption processing unit 63 does not include the public key processing unit 41 described with reference to FIG.

The communication section 53 includes a coil or a contact terminal for communicating with the non-contact type public key compatible reader / writer 2-3 or the contact type public key compatible reader / writer 2-3. Similarly to the communication unit 21, the communication unit 53 transmits data transmitted from the IC card 1 to ASK or B
When the data is modulated using PSK, the received data is demodulated by a predetermined process, and the public key service processing unit 5
4 and supplies the data generated by the processing of the public key service processing unit 54 to the control unit 61.
, And is modulated using ASK or BPSK, and transmitted to the reader / writer 2.

The public key service processing unit 54 includes the control unit 6
1, a memory 62, and an encryption processing unit 33. That is, except that the cryptographic processing unit 33 described with reference to FIG.
It has basically the same configuration as the common key service processing unit.

Next, the public key processing unit 41 to other encryption processing units 43 will be described with reference to FIG.

As shown in FIG. 5A, the public key processing unit 41 includes, for example, RSA (Rivest, Shamir, Adlema).
n) An RSA signature generation / verification unit 71 that generates and verifies a signature using a public key cryptosystem, and a DSA (Digi
A DSA signature generation / verification unit 72 for generating and verifying a signature using a tal signature algorithm) method is provided.

The RSA signature generation / verification unit 71 performs encryption and decryption using two keys. In the RSA encryption system, 2
One key is determined, for example, as follows.

Two large prime numbers p and q are selected, and the product n = pq is obtained. Then, an integer e that is less than (p−1) × (q−1) and is relatively prime to (p−1) × (q−1) is selected, and an integer d that satisfies the following equation (1) is obtained. e × d = 1 mod ((p−1) × (q−1)) (1) Then, (e, n) is a public key and d is a secret key.

When the encrypted data C is generated by encrypting the sentence M, the following equation (2) is used. C = M ^e mod n (2) When decrypting the encrypted data C, the following equation (3) is used. M = C ^d mod n (3)

The DSA signature generation / verification unit 72 includes a random number generation unit (not shown). DSA is DLP (Dis
Improve the ElGamal signature based on the difficulty of the crete Logarithm Problem (discrete logarithm problem) to increase the signature length to 160 bi
This is a digital signature algorithm that shortens to t × 2 and operates signature key generation and the like in a specific manner. In signature generation,
SHA-1 (Secure Has)
h It is assumed that Algorithm-1) is used. DSA
The method is based on the US government agency NIST (National Institute of Standards and Technolog).
y) was developed as a standard for electronic signatures and was developed by the US Federal Information Processing Standard.
ard) Specified in FIPS PUB 186.

As shown in FIG. 5B, the common key processing unit 42 includes, for example, DES (Data Encryption
Standard) D that performs authentication processing using a common key cryptosystem
ES processing unit 73, RC5 processing unit 74 that performs authentication processing by RC5 (Rivest Cipher5) method, and AES (Ad
An AES processing unit 75 for performing authentication processing according to the vanced Encryption Standard) method is provided.

The DES symmetric key encryption system was developed by NI in 1977.
Established by the ST, and in 1981 the American National Standards Institute (ANSI: American
National Standards Institute). The key authentication algorithm of the DES common key cryptosystem is open to the public and is widely used as a representative of the common key cryptosystem.

The DES symmetric key encryption system converts data to 64
This is an encryption system that performs encryption and decryption processing in units of bits. In the DES algorithm, encryption and decryption are symmetric, and the original text can be restored by converting the received cipher text again using the same key. In the DES common key cryptosystem, a combination of simple bit position transposition and XOR operation is repeated 16 times. Since there is no data feedback or condition determination part internally and the processing is sequential, processing can be performed at high speed by forming a pipeline. The algorithm was originally determined on the premise that the LSI was implemented, and many DES chips have been manufactured.

RC5 is RSA Data Security,
This is a RC series secret key cryptosystem developed by the Massachusetts Institute of Technology, and was proposed in 1995. RC5 is a block having a variable-length block size, a variable-length key size, and a round of variable-length times (a data-dependent-rotations (data-dependent-rotations) algorithm in which the amount of bit rotation changes depending on the original data and key). This is an encryption method. The block sizes are 32, 64, 12
It can take 8 bits and the number of rounds is from 0 to 25
5. The key size is variable from 0 to 2048 bits. RC5
The algorithm is publicly available and is available as RFC2040.

The AES system is a next-generation standard encryption system of the United States government for which selection work is being performed by NIST. DES, which is currently used as a standard encryption, was established in 1977, and its reliability has been decreasing year by year with recent advances in computer performance and encryption theory. Therefore, NIST has publicly solicited cryptography from the world as an AES candidate as a next-generation encryption standard to replace DES. Fifteen schemes from around the world have been reviewed and will be decided by the early 21st century.

The other cryptographic processing unit 43 creates a “message digest” by applying an irreversible hash function to the message, for example, when using a digital signature, and signs the message digest. By performing encryption using a key, an encryption process other than the process performed by the public key processing unit 41 or the common key processing unit 42, such as creation of a digital signature, is performed. As shown in FIG. 5C, the other cryptographic processing unit 43 includes, for example, a SHA-1 processing unit 76 that performs processing of a hash function SHA-1 used for signature generation and signature verification, and a mutual authentication protocol. Is provided, or a true random number generation unit 77 that generates a true random number used in FIG.
, An MD5 processing unit 78 that performs processing of a hash function MD5 used for signature generation and signature verification,
And a pseudo-random number generation unit 79 for generating a pseudo-random number (an artificial random number having a random number sequence within a certain finite number of digits) used in the mutual authentication protocol.

In the digital signature, since the public key cryptosystem is used, the processing speed is problematic. However, by creating the message digest, the time required to create the digital signature is reduced. Further, since the hash function has a characteristic of largely responding to data tampering, when a digital signature is verified, a message digest obtained by decrypting the digital signature with a verification key and sending the message digest is sent. By comparing the message digest created by applying the hash function to the message body, the user can easily confirm whether the message body has been tampered with.

SHA-1 is a message of any length,
This is a one-way hash function that generates a hash value of t.
Like DSA, it was developed by NIST, and FIPS
Specified in PUB180. The draft standard (N544) basically complies with FIPS PUB 180.

MD5 is one of widely used message digest function algorithms.
And is defined in RFC1321. The algorithm of MD5 is determined so that it can be efficiently calculated on a 32-bit computer. There are other similar algorithms, such as MD4 and MD2.

Next, information stored in the SRA 46 of the IC card 1 described with reference to FIGS. 3 and 4 will be described with reference to FIG.

The SRA 46 is used by the general reader / writer 2-1 described with reference to FIG.
In order to be able to receive a plurality of services by using the service registration reader / writer 2-11 described with reference to FIG. Memory area for recording recorded information).

That is, the SRA 46 has Service In which is information of the service registered in the IC card 1.
dividual Info 1 to N are registered, and each S
Service Individual Info includes a service ID for identifying a service type, a service ID predetermined for each service,
One or more authentication key information (Serv in FIG. 6)
In ice Individual Info k, 1 to n n pieces of authentication key information), service data used to receive a service, an authentication key Kake_vup for upgrading the key information, and, if necessary, And a certificate for the authentication key are registered.

The authentication key information includes, for example, an authentication key ID,
Key level and version, authentication method, and identification key Kake used to identify multiple authentication keys
(If necessary, a certificate for the authentication key). Also, in the service data, in addition to the user ID, Se
If the rvice Individual Info k is, for example, an electronic money service, electronic money balance information and accumulated points are stored. If the Service Individual Info k is, for example, an automatic ticket gate service, valid section information is stored.

Next, referring to FIG. 7, the Service Indi
The authentication key information registered in vidual Info will be described.

In FIG. 7A, the area No. 1 and area No. The authentication key ID, the key version, the authentication method, the identification authentication key Kake, and, if necessary, the certificate data are registered for each of the two. FIG. 7 (A)
The authentication key identification processing when the authentication key information is registered as described above will be described later with reference to FIGS.

In FIG. 7B, the area No. 1 to area No. 7, an authentication key ID, a key level, a key version, an authentication method, an identification authentication key Kake, and, if necessary, certificate data are registered.
The authentication key identification processing when the authentication key information including the key level is registered as shown in FIG. 7B will be described later with reference to FIGS. 27 and 28.

Next, information stored in the SRT 45 of the IC card 1 described with reference to FIGS. 3 and 4 will be described with reference to FIG.

In the SRT 45, when a plurality of services are registered in the ID card 1, data for permitting access to service data of another service while performing one service is registered. SRT45
Is a registered service ID field in which the service ID registered in the IC card 1 is described (in FIG. 8, described as service IDs A to J);
It is composed of a permission information field in which permission information corresponding to each service ID is described.

The registered service ID field of the permission information contains the service ID of the registered service.
Are all listed. The permission information field includes, when the corresponding service is being executed, a service ID that can access the service described in the registered service ID field, and what processing is permitted to be performed. Is indicated. For example, when reading and writing are permitted, "rw" is described as permission information, when only reading is permitted, "ro" is described as permission information, and when key version-up is permitted. , "Vup" is described as the permission information. "Rw" and "ro" are not allowed for the same service ID, but "rw" and "vu"
"p" and "ro" and "vup" are the same service ID
And can be listed in the permission information field.

That is, when the permission information shown in FIG. 8 is registered in the SRT 45, the service I
During the execution of the service indicated by C in D, the service ID
Are permitted to read and write to the service indicated by B, and are also permitted to read from the service indicated by B while the service indicated by D is being executed. , During execution of the service whose service ID is indicated by E,
Are permitted to read, write, and upgrade the key of the service indicated by D. Hereinafter, the service indicated by E is indicated by E, and the service ID is indicated by F.
, The service whose service ID is indicated by G, or the service whose service ID is indicated by I, a process corresponding to another service ID based on the information described in the corresponding permission information field. During execution of the process, the process corresponding to the permission information is permitted.

The registration of these permission information is based on the I
This is performed when a corresponding service is registered in the C card 1. That is, when the user uses the service registration reader / writer 2-11, the IC card 1
For example, if the service indicated by the service ID F is registered, for example, if the service indicated by the service ID G is already registered and the service indicated by the service ID H is not registered, the registration service In the permission information field corresponding to F in the ID field, only permission information corresponding to the service whose service ID is indicated by G can be registered. Then, after the user registers the service whose service ID is indicated by H in the ID card 1, the user updates the service whose service ID is indicated by F.
The service ID is H for the service whose D is indicated by F
Can be registered.

Next, FIG. 9 is a block diagram showing the configuration of the reader / writer 2.

The reader / writer 2 comprises a communication unit 91 for communicating with the IC card 1 and a reader / writer processing unit 92 for executing data processing.

The communication section 91 is controlled by a communication method with the IC card 1 (that is, depending on whether the reader / writer 2 employs the non-contact communication method or the contact communication method described with reference to FIG. 1). Either a coil for communicating using electromagnetic waves alone is provided, or a structure for providing a coil for communicating using electromagnetic waves and a contact terminal for performing contact-type communication is provided.

The communication section 91 receives the data transmitted from the IC card 1 and converts the received data into, for example, ASK data.
If the data is modulated by using the BPSK or BPSK, the received data is demodulated by a predetermined process,
2 and supplies the data generated by the processing of the reader / writer processing unit 92 to the control unit 10.
1 and is modulated using ASK or BPSK.
Send to C card 1.

The reader / writer processing unit 92 includes the control unit 10
1, encryption processing unit 102, memory 103, communication unit 104,
It comprises a display unit 105 and an input unit 106. The control unit 101 controls the encryption processing unit 102 in accordance with the data supplied from the communication unit 91 to execute encryption processing necessary for authentication processing with the IC card 1 and to record the information in the memory 103 as necessary. The read data is read and transmitted to the IC card 1 via the communication unit 91, a signal corresponding to various operations input by the user using the input unit 106, or the communication unit 104 via the network.
, The processing is executed in accordance with these signals, and the result is displayed on the display unit 105.

The communication unit 104 includes a drive 114
Are also connected, and the magnetic disk 115, the optical disk 116, and the magneto-optical disk 11
7 and the semiconductor memory 118.

Since the encryption processing unit 102 has the same configuration as the encryption processing unit 33 described with reference to FIG. 3, the description thereof will be omitted.

The memory 103 stores information for executing predetermined processing with the IC card 1. The information differs depending on which of the reader / writer 2-11 for service registration and the reader / writer 2-14 for version upgrade described with reference to FIG. The data stored in the memory 103 of the reader / writer for service registration 2-11 to the reader / writer for version upgrade 2-14 will be described with reference to FIGS.

The authentication key Kreg used when registering or deleting data in the SRA 46 of the memory 32 of the IC card 1 is stored in the memory 103 of the reader / writer 2-11 for service registration shown in FIG. The certificate of the authentication key is also stored in accordance with the service ID.) Service Individu corresponding to various services for registration in the IC card 1
al Info 1 to n are stored.

The general reader / writer 2- shown in FIG.
12 memory 103 includes this general reader / writer 2-1.
2 stores a service ID corresponding to a service that can be processed in step 2, an authentication key list corresponding to the service ID, and key revocation information. Also, a general reader / writer 2-12
In the case where the service for upgrading the key version is made possible, information such as the key of the new version is also stored in the memory 103 of the general reader / writer 2-12.

The memory 103 of the inter-module communication reader / writer 2-13 shown in FIG. 12 has the same inter-module communication reader / writer as the information stored in the memory 103 of the general reader / writer 2-12. Service ID corresponding to the service that can be processed in 2-13
And the corresponding authentication key list and key revocation information. As shown in FIG. 13, the inter-module communication means that the inter-module communication reader / writer 2-13 adapted to the two methods of the common key method and the public key method transmits the public key module 121 (for example, 4 and the common key module 122 (for example, the communication unit 51 and the communication unit 51 of the IC card 1 described with reference to FIG. 4). By mounting the IC card 1 having the common key service processing unit 52), data communication between the public key module 121 and the common key module 122 is performed via the inter-module communication reader / writer 2-13. is there. The details of the processing related to inter-module communication will be described later with reference to FIGS.

Then, in the memory 103 of the reader / writer for version upgrade 2-14 shown in FIG. 14, a service ID for version upgrade of the authentication key of the service registered in the attached IC card 1 is stored. , The version-up authentication key Kake corresponding to the service ID
_vup and a list of authentication keys Kake are stored.

When the IC card 1 and the reader / writer 2 perform communication, first, except for some exceptional processes, a service for performing communication between the IC card 1 and the reader / writer 2 is required for mutual authentication. And the authentication key for the service must be mutually identified. The mutual authentication process between the IC card 1 and the reader / writer 2 will be described with reference to the flowchart in FIG.

First, in step S1, the reader / writer 2 communicates with the IC card 1 to exchange necessary data as necessary, thereby enabling the reader / writer 2 to be described later with reference to FIGS. Execute service identification processing. Then, in step S2, the IC card 1
Communicates with the reader / writer 2 as necessary to transmit and receive necessary data, thereby executing a service identification process of the IC card 1 described later with reference to FIGS.

When the service identification process of the reader / writer 2 in step S1 and the service identification process of the IC card 1 in step S2 are completed normally, in step S3, the reader / writer 2 By transmitting and receiving necessary data through communication, an authentication key identification process of the reader / writer 2 described later with reference to FIGS. 20, 22, and 27 is executed. And step S
4, the IC card 1 communicates with the reader / writer 2 as necessary to transmit and receive necessary data, so that the IC card 1 described later with reference to FIGS.
The authentication key identification processing of the card 1 is executed.

Next, referring to the flowchart of FIG. 16, in the IC card 1 corresponding to a plurality of services and the reader / writer 2 corresponding to a plurality of services,
The service identification process of the reader / writer 2 executed in step S1 of FIG. 15 by the user inputting a desired service and determining whether or not the service can be executed will be described.

In step S11, the control unit 101 of the reader / writer 2 transmits an IC card detection command to the IC card 1 via the communication unit 91, and executes step S11.
At 12, it is determined whether or not an ACK signal (a signal transmitted by the IC card 1 in step S22 of FIG. 17 described later) is received from the IC card 1. Step S1
In step 2, if it is determined that the ACK signal has not been received, the process of step S12 is repeated until it is determined that the ACK signal has been received.

If it is determined in step S12 that an ACK signal has been received (that is, IC card 1
In the case where the control unit 101 is attached to the reader / writer 2), in step S13, the control unit 101 requests the user according to a signal indicating an operation input by the user using the input unit 106 or based on a predetermined service. The service ID corresponding to the service is transmitted to the IC via the communication unit 91.
Send to card 1.

In step S14, the control unit 101
Is a signal transmitted from the IC card 1 (see FIG. 17 described later).
In step S25 or step S26,
(A signal transmitted by the C card 1). Step S1
In 5, the control unit 101 determines whether or not the data received in step S14 is an ACK signal. If it is determined in step S15 that the received signal is not an ACK signal (that is, it is a NACK signal),
In step S16, control unit 101 outputs data corresponding to the error message to display unit 105 to display the data, and ends the process (that is, the process does not proceed to step S3 in FIG. 15). In step S15,
If it is determined that the received signal is an ACK signal, the process proceeds to step S3 in FIG.

Next, referring to the flowchart of FIG. 17, in step S2 of FIG. 15, the service identification of the IC card 1 is executed in parallel with the service identification processing of the reader / writer 2 described with reference to FIG. The processing will be described. Note that, here, a description will be given assuming that processing is performed in the IC card 1 described with reference to FIG.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

The control section 31 of the IC card 1 determines in step S
At step S21, the IC card detection command transmitted by the reader / writer 2 is received via the communication unit 21 at step S11 in FIG. 16, and an ACK signal is transmitted to the reader / writer 2 at step S22.

The control section 31 determines in step S23
In step S13 of FIG. 16, the service ID transmitted by the reader / writer 2 is received via the communication unit 21, and in step S24, the received service ID is IC
The corresponding module of the card 1 (here, since the processing in the IC card 1 described with reference to FIG. 3 is described, the module corresponds to the memory 32 of the IC card processing unit 22. In the case of the IC card 1 described above, the ID is registered in the memory 62 of the common key service processing unit 52 or the memory 62 of the public key service processing unit according to the method supported by the reader / writer 2). Whether the service ID received in step S23 is the SR described in FIG.
It is determined whether it is registered in A46.

If it is determined in step S24 that the received service ID is registered in the module, the control unit 31 transmits an ACK signal to the reader / writer 2 via the communication unit 21 in step S25. And
The process proceeds to step S4 in FIG. Step S24
In step S26, if it is determined that the received service ID is not registered in the module, the control unit 31 transmits a NACK signal to the reader / writer 2 via the communication unit 21 in step S26, and the process ends. (Ie, do not proceed to step S4 in FIG. 15).

Next, referring to the flowchart of FIG. 18, in the IC card 1 corresponding to a plurality of services and the reader / writer 2 corresponding to a plurality of services,
A service that can be executed by the corresponding IC card 1 and reader / writer 2 is extracted and displayed on the display unit 105 of the reader / writer 2, and a user selects a desired service from the services, thereby identifying the service. The service identification process of the reader / writer 2, which is performed in step S1 of FIG.

The control unit 101 of the reader / writer 2 transmits a service ID list transmission command to the IC card 1 via the communication unit 91 in step S31, and in step S32, a step S52 of FIG.
In, it is determined whether or not the service ID list transmitted by the IC card 1 has been received. If it is determined in step S32 that the service ID list has not been received, the process of step S32 is repeated until it is determined that the service ID list has been received.

When it is determined in step S32 that the service ID list has been received, in step S33, the control unit 101 determines that the service ID described in the received service ID list corresponds to the reader / writer 2. It is determined whether a service is included (that is, whether a service ID stored in the memory 103 of the reader / writer 2 is included).

If it is determined in step S33 that the received service ID list includes a service compatible with the reader / writer, in step S34, the control unit 101 determines that a plurality of services included in the service ID list are included. Is determined. Step S34
In step S3, if it is determined that there are not a plurality of corresponding services (that is, only one service).
Go to 7.

If it is determined in step S34 that there are a plurality of compatible services, the control unit 101 displays the plurality of compatible services in the display unit 105 in step S35.
Is generated and output to the display unit 105 for display. In step S36, the input unit 10
From 6, the user receives an input of a desired service. Alternatively, priority information may be included in each service, and a service having the highest priority may be automatically selected from a plurality of corresponding services.

In step S37, the control unit 101
If it is determined in step S34 that there is only one corresponding service, the service ID corresponding to that service is determined. If it is determined in step S34 that there are a plurality of corresponding services, the process proceeds to step S36. Then, the service ID corresponding to the desired service input by the user using the input unit 106 is transmitted to the IC card 1 via the communication unit 91, and the process proceeds to step S3 in FIG.

If it is determined in step S33 that the received service ID list does not include the service corresponding to the reader / writer, the control unit 101 proceeds to step S33.
At 38, the IC card 1 is set to N via the communication unit 91.
An ACK signal is transmitted, and in step S39, FIG.
Then, the same processing as in step S16 is performed, and the processing ends (that is, the processing does not proceed to step S3 in FIG. 15).

Next, referring to the flowchart of FIG. 19, in step S2 of FIG. 15, the service identification of the IC card 1 is executed in parallel with the service identification of the reader / writer 2 described with reference to FIG. The processing will be described. Note that, here, a description will be given assuming that processing is performed in the IC card 1 described with reference to FIG.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

The control section 31 of the IC card 1 determines in step S
At 51, the reader / writer 2 executes the processing in step S of FIG.
The service ID transmission command transmitted in step 31 is received via the communication unit 21, and in step S52, the service ID list corresponding to itself (that is,
Service ID registered in SRA 46 of memory 32
Is generated and transmitted to the reader / writer 2 via the communication unit 21.

The control unit 31 determines in step S53 that
The reader / writer 2 receives the data transmitted to the IC card 1 in step S37 or step S38 in FIG. 18 via the communication unit 21, and determines in step S54 whether the data received from the reader / writer 2 is a NACK signal. Judge. If it is determined in step S54 that the received signal is a NACK signal (that is, if the received data is a signal transmitted to the IC card 1 by the reader / writer 2 in step S38 of FIG. 18), the process is terminated. The process is terminated (that is, the process is performed as shown in FIG. 1).
The process does not proceed to step S4 of No. 5).

In step S54, the reader / writer 2
If it is determined that the received data is not a NACK signal (that is, if the received data is the service ID transmitted to the IC card 1 by the reader / writer 2 in step S37 of FIG. 18), in step S55 The control unit 31 determines whether or not the service ID received from the reader / writer 2 is registered in the SRA 46 of the memory 32 of the control unit 31 itself.

If it is determined in step S55 that the service ID has not been registered, the process ends (ie, the process does not proceed to step S4 in FIG. 15). If it is determined in step S55 that the service ID has been registered, the process proceeds to step S4 in FIG.

Next, referring to the flowchart of FIG. 20, when the authentication key identification is performed using the authentication key information described with reference to FIG. 7A, the process is executed in step S3 of FIG. The authentication key identification processing of the reader / writer 2 will be described.

In step S61, the control unit 101 of the reader / writer 2 determines in step S61 the service ID (here, the corresponding service ID) corresponding to the service identified by the service identification processing in steps S1 and S2 in FIG.
D is assumed to be ID_S), the authentication key ID corresponding to one of the authentication keys belonging to the memory card 103 is read out from the memory 103, and transmitted to the IC card 1 via the communication unit 91.
At 62, the data transmitted by the IC card 1 is received at step S73 or step S75 in FIG.

In step S63, control unit 101
Determines in step S62 whether the data received from the IC card 1 is an ACK signal. Step S
If it is determined in 63 that the ACK signal has been received, in step S64, the control unit 101 controls the encryption processing unit 33, and in step S61, the public key processing unit 111 of the encryption processing unit 102 or the common key processing By selecting and controlling a processing unit that performs an authentication process using the authentication key corresponding to the authentication key ID transmitted to the IC card 1, the mutual authentication process and the key sharing process with the IC card 1 are performed. Start, IC card 1 and session key
After sharing the Kses and completing the mutual authentication process, the process ends.

If it is determined in step S63 that no ACK signal has been received (ie, NACK
If it is determined that a signal has been received), in step S65, the same processing as in step S16 of FIG. 16 is performed, and the processing ends.

Next, referring to the flowchart of FIG. 21, in step S4 of FIG. 15, an authentication key identification process of the IC card 1 executed in parallel with the authentication key identification process of the reader / writer 2 of FIG. explain. Here, the case where the processing is executed by the IC card 1 described with reference to FIG. 3 will be described. However, even when the processing is executed by the IC card 1 described with reference to FIG. A similar process is executed.

[0125] The control unit 31 of the IC card 1 determines in step S
At 71, the authentication key ID transmitted by the reader / writer 2 is received via the communication unit 21 at step S61 of FIG. 20, and at step S72, the authentication key ID received at step S71 is stored in the SRA 46 of the memory 32.
It is determined whether or not the data relating to ID_S is registered in the area where the data is stored.

If it is determined in step S72 that the authentication key ID has been registered, the control unit 31 transmits an ACK signal to the reader / writer 2 via the communication unit 21 in step S73. The mutual authentication process is executed by selecting and controlling which of the public key processing unit 41 or the common key processing unit 42 of the encryption processing unit 33 performs the authentication process using the authentication key designated by the reader / writer 2. , Reader / writer 2 and session key Kses
After the mutual authentication processing is completed, the processing is terminated.
If it is determined in step S72 that the authentication key ID has not been registered, in step S75, the control unit 31 sends the NAC to the reader / writer 2 via the communication unit 21.
A K signal is transmitted, and the process ends.

In the processing described with reference to FIGS. 20 and 21, the IC card 1 and the reader / writer 2
The mutual authentication is performed using the authentication key specified by the reader / writer 2 corresponding to the service ID of the service identified by the processing of steps S1 and S2.

For example, when two types of authentication keys, a common key and a public key, are prepared for a certain service, the default is to perform high-speed processing by an authentication process based on the common key, and the version of the common key is If it is older, the authentication process may be performed based on the public key.

Next, with reference to the flowchart of FIG. 22, FIG.
Authentication key identification processing of the reader / writer 2 when two types of authentication keys, a common key and a public key, are prepared for the service corresponding to the service ID of the service identified by the processing of steps S1 and S2 Will be described.

In step S81, the control unit 101 of the reader / writer 2 sets the service ID of the service identified by the processing in steps S1 and S2 in FIG.
The common key version information request command of the authentication key corresponding to the authentication key is transmitted to the IC card 1 via the communication unit 91, and in step S82, a later-described step S92 of FIG.
, The common key version information transmitted by the IC card 1 is received via the communication unit 91.

In step S83, control unit 101
Determines whether the common key version is valid based on the common key version information received in step S82. When it is determined in step S83 that the common key version is valid, in step S84, the control unit 101 transmits a mutual authentication start command using the common key to the IC card 1 and the common key processing of the encryption processing unit 102 is performed. By controlling the unit 112, mutual authentication using a common key is started,
After the session key Kses is shared with the IC card 1 and the mutual authentication is completed, the processing is terminated.

If it is determined in step S83 that the common key version is not valid, in step S85, the control unit 101 transmits a mutual authentication start command using the public key to the IC card 1, and the The public key processing unit 111 is controlled to start mutual authentication using the public key, share the session key Kses with the IC card 1,
After the mutual authentication ends, the process ends.

Next, referring to the flowchart of FIG. 23, in step S4 of FIG. 15, the authentication of IC card 1 is executed in parallel with the authentication key identification process of reader / writer 2 described with reference to FIG. The key identification processing will be described. Here, a case where the process is executed by the IC card 1 described with reference to FIG. 3 will be described.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

The control section 31 of the IC card 1 determines in step S
At 91, the common key version information request command transmitted by the reader / writer 2 is received at step S81 in FIG. 22, and at step S92, the common key version information is transmitted to the reader / writer 2 via the communication unit 21.

The control unit 31 determines in step S93 that
In step S84 or step S85 in FIG. 22, the mutual authentication start command transmitted by the reader / writer 2 is received. In step S94, is the mutual authentication start command received in step S93 a mutual authentication start command using a common key? Determine whether or not.

If it is determined in step S94 that the command is a mutual authentication start command using a common key, in step S95, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to execute the mutual key processing using the common key. The authentication is started, the session key Kses is shared with the reader / writer 2, and after the mutual authentication is completed, the processing is terminated.

If it is determined in step S94 that the command is not a mutual authentication start command using a common key (that is, a mutual authentication start command using a public key), in step S96, the control unit 31 makes the encryption processing unit 33 It controls the key processing unit 41 to start mutual authentication with the public key, shares the session key Kses with the reader / writer 2,
After the mutual authentication ends, the process ends.

According to the processing described with reference to FIGS. 22 and 23, the IC card 1 and the reader / writer 2 first attempt to perform mutual authentication using a common key having a high authentication speed, and the mutual authentication using the common key cannot be performed. (For example, when the version of the corresponding common key is old, or when the authentication key is leaked to a third party, etc.), the mutual authentication is executed using the public key.

In the processing of step S85 in FIG. 22 and step S96 in FIG. 23, mutual authentication using a public key is performed. SRA4 of the memory 103 of the reader / writer 2
6 stores the certificate of the reader / writer 2 shown in FIG. The memory 32 of the IC card 1
24 stores a certificate of the IC card 1 shown in FIG.

As shown in FIGS. 24A and 24B, each certificate has a certificate version number, a certificate serial number assigned by a certificate authority, an algorithm and parameters used for signature, The name of the certificate authority, the expiration date of the certificate, the name (ID) of the reader / writer 2 or the IC card 1, the public key Kpsp of the reader / writer 2 or the public key Kpu of the IC card 1, and the entire message
The message digest is created by applying an irreversible hash function (data compression function) as described with reference to FIG. 5, and the message digest is created by encrypting the message digest with the secret key Ksca of the certificate authority. , A digital signature.

Next, the signature generation processing will be described with reference to the flowchart in FIG. Here, a case in which a digital signature is generated using an elliptic curve cryptosystem (elliptical DSA signature) will be described. Here, the process executed by the control unit 31 of the IC card 1 controlling the DSA signature generation / verification unit 72 of the public key processing unit 41 will be described, but the same process is executed in the reader / writer 2. Therefore, the description of the process of the reader / writer 2 is omitted.

In step S101, the control unit 31
Recognizes parameters required for the signature generation process. sand
That is, p is a characteristic, a and b are coefficients of an elliptic curve, and an elliptic curve
Line to y ^Two= X^Three+ Ax + b, G is the base point on the elliptic curve
, R is the order of G, M is the message, Ks is the secret key,
Let G and KsG be public keys.

In step S102, the DSA signature generation / verification unit 72 of the public key processing unit 41 uses a random number generation unit (not shown) to generate u satisfying 0 <u <r, and in step S1
In 03, the public key G is multiplied by u using the random number u generated in step S102, and V = uG = (Xv, Y
Calculate V to be v).

The DSA signature generation / verification section 72 calculates c = Xv mod r in step S104, and based on the calculation result in S104, calculates c = Xv mod r in step S105.
It is determined whether or not = 0. If it is determined in step S105 that c = 0, the process returns to step S102, and the subsequent processes are repeated.

If it is determined in step S105 that c = 0 is not satisfied, the DSA signature generation / verification unit 72
In step S106, f = SHA-1 (M) (here, SHA-1 is used as a hash function) which is a hash value of the message M is calculated, and step S107 is performed.
, D = [(f + cKs) / u] mod r is calculated.

In step S108, the DSA signature generation / verification section 72 determines whether d = 0 based on the calculation result in step S107. If it is determined in step S108 that d = 0, the process returns to step S102, and the subsequent processes are repeated. If it is determined in step S108 that d is not 0, in step S109, the DSA signature generation / verification unit 72 sets the signature data to (c, d), and the process ends.

The reader / writer 2 that has received the digital signature generated in the IC card 1 in this manner performs a process for verifying the received digital signature. The signature verification processing will be described with reference to the flowchart in FIG. Here, a process executed by the control unit 101 of the reader / writer 2 controlling the DSA signature generation / verification unit 72 of the public key processing unit 41 will be described.
Since the same processing is executed in the card 1, the I
The description of the processing of the C card 1 is omitted.

In step S111, the control unit 101
Recognizes parameters required for the signature generation process. That is, p is characteristic, a and b are coefficients of an elliptic curve, elliptic curve is y ² = x ³ + ax + b, G is a base point on the elliptic curve, r is an order of G, M is a message, and Ks is a secret key. ,
Let G and KsG be public keys.

In step S112, the DSA signature generation / verification unit 72 of the public key processing unit 41 determines whether 0 <c <r and 0 <based on the values of c and d of the received signature data.
It is determined whether d <r.

If it is determined in step S112 that 0 <c <r and 0 <d <r, the process proceeds to step S120. In step S112, 0 <c
If it is determined that <r and 0 <d <r, in step S113, the DSA signature generation / verification unit 72 calculates f = SHA-1 (M), which is the hash value of the message M, and proceeds to step S114. In the above, h = 1 / d mod r is calculated.

The DSA signature generation / verification section 72 calculates h1 = fh and h2 = ch mod r in step S115 using the value of h calculated in step S114, and in step S116, P = (Xp , Y
p) = h1G + h2KsG is calculated.

In step S117, the DSA signature generation / verification unit 72 calculates
It is determined whether the value of P is at the point at infinity. here,
If the value of P is at the point at infinity, it is possible to determine at step S116 whether the value of P is at the point at infinity based on the fact that the solution of h1G + h2KsG cannot be obtained. If it is determined in step S117 that P is a point at infinity, the process proceeds to step S1.
Go to 20.

If it is determined in step S117 that the value of P is not the point at infinity, in step S118, the DSA signature generation / verification unit 72 sets c = Xp mod
It is determined whether or not r holds. If it is determined in step S118 that c = Xp mod r does not hold, the process proceeds to step S120.

In step S118, c = Xp mod
If it is determined that r is satisfied, in step S119, the DSA signature generation / verification unit 72 determines that the received signature is correct, and the process ends.

If it is determined in step S112 that 0 <c <r and 0 <d <r are not satisfied, step S1
At 17, when it is determined that p is a point at infinity,
Alternatively, in step S118, c = Xp mod
If it is determined that r does not hold, step S120
In, the DSA signature generation / verification unit 72 determines that the received signature is incorrect, and the process ends.

In the case where authentication key identification is performed using the authentication key information described with reference to FIG. 7B and a plurality of level-divided authentication keys are stored for a certain service. Alternatively, the authentication process may be started preferentially from a low-level key, the version of the key may be determined, and when the key version is old, the authentication process may be performed using a higher-level authentication key.

Next, with reference to the flowchart of FIG. 27, the authentication of the reader / writer 2 executed in step S3 of FIG. 15 when a plurality of authentication keys classified for a certain service are stored. The key identification processing will be described.

In step S131, the control unit 101 of the reader / writer 2 transmits a key level negotiation command to the IC card 1 via the communication unit 91, and in step S13
In step S2, the key version information V at level N transmitted by the IC card 1 is received via the communication unit 91 in step S143 of FIG.

In step S133, control unit 101
Determines whether the level N of the key version information V received in step S132 is N> 0. If it is determined in step S133 that N> 0, the process proceeds to step S137.

When it is determined in step S133 that N> 0, in step S134, the control unit 101 determines whether the key version information at the level N is valid based on the key version information V received in step S132. Judge.

If it is determined in step S134 that the key version at level N is not valid (that is, if it is determined that the key version is old), in step S135, the control unit 101 sets the communication unit 91
, A NACK signal is transmitted to the IC card 1, the process returns to step S132, and the subsequent processes are repeated.

When it is determined in step S134 that the key version at level N is valid, in step S136, the control unit 101 transmits an ACK signal to the IC card 1 via the communication unit 91, and Will be terminated.

If it is determined in step S133 that N> 0 is not satisfied, in step S137, FIG.
The same processing as in step S16 of No. 6 is performed, and the processing ends.

Next, an authentication key identification process of the IC card 1 executed in parallel with the authentication key identification process of the reader / writer 2 described with reference to FIG. 27 will be described with reference to a flowchart of FIG. Here, the case where the processing is executed by the IC card 1 described with reference to FIG. 3 will be described. However, even when the processing is executed by the IC card 1 described with reference to FIG. A similar process is executed.

The control section 31 of the IC card 1 determines in step S
141, in step S131 of FIG.
The key level negotiation command transmitted by the reader / writer 2 is received, and in step S142, the current key level N is set to
Set N = 1.

In step S143, the control unit 31 transmits the current key level N and the key version information V at that level to the reader / writer 2 via the communication unit 21. In step S144, the process proceeds to step S144 in FIG. In step S135 or step S136, the data transmitted by the reader / writer 2 is received.

At step S145, control unit 31
Determines in step S144 whether the signal received from the reader / writer 2 is an ACK signal. If it is determined in step S145 that the signal received from the reader / writer 2 is not an ACK signal, the control unit 3
1 sets N = N + 1 in step S146, and determines in step S147 whether the value of N exceeds a predetermined maximum level.

If it is determined in step S147 that N does not exceed the maximum level, the process proceeds to step S147.
Returning to 143, the subsequent processing is repeated. If it is determined in step S147 that N exceeds the maximum level, then in step S148, the control unit 31
Sets the current level to N = 0 (N = 0 indicates an exceptional state), the process returns to step S143, and the subsequent processes are repeated.

If it is determined in step S145 that the signal received from reader / writer 2 is an ACK signal, the process ends.

Referring to FIGS. 15 to 28, the IC card 1
And the processing related to the service identification and the authentication key identification of the reader / writer 2 have been described. For example, the service registration reader / writer 2-11 described with reference to FIG.
When the card 1 is inserted and a new service is registered, and when the service is deleted, FIG.
As described with reference to FIG. 15, since the authentication process is performed using the service registration authentication key Kreg stored in the memory 103 of the service registration reader / writer 2-11, the description has been given with reference to FIGS. Such a mutual authentication process need not be used.

Next, the service registration process of the service registration reader / writer 2-11 will be described with reference to the flowchart of FIG.

The control unit 101 of the service registration reader / writer 2-11 determines in step S151 that the communication unit 91
A service registration command is transmitted to the IC card 1 via the IC card 1. In step S152, mutual authentication is performed with the IC card 1 using the service registration key Kreg, and the session key Kses is shared.

In step S153, control unit 101 transmits a free area confirmation command to IC via communication unit 91.
It is transmitted to the card 1 and in step S154, step S175 or step S176 in FIG.
Receives data transmitted from the IC card 1.

At step S155, control unit 101
Determines in step S154 whether the signal received from the IC card 1 is an ACK signal. If it is determined in step S155 that the signal received from the IC card 1 is an ACK signal, the control unit 101
In step S156, the common key processing unit 112 of the encryption processing unit 102 is controlled to encrypt the registration data newly registered in the memory 32 of the IC card 1 with the session key Kses, and in step S157, the encrypted data is ,
The data is transmitted to the IC card 1 via the communication unit 91.

The control unit 101 determines in step S158 that the IC
The data registration completion notification transmitted by the card 1 is transmitted to the communication unit 91.
, And in step S159, a service deletion permission flag by service authentication is transmitted, and the process ends.

At step S155, the IC card 1
If it is determined that the signal received from is not an ACK signal, in step S160, step S1 of FIG.
6 is performed, and the process is terminated.

Next, with reference to the flowchart of FIG. 30, the service registration process of the IC card 1 executed in parallel with the service registration process of the service registration reader / writer 2-11 described with reference to FIG. Will be described. Here, a case where the process is executed by the IC card 1 described with reference to FIG. 3 will be described.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

At step S171, the IC card 1
Of the service registration reader / writer 2- through the communication unit 21 in step S151 of FIG.
11 receives the service registration command transmitted.

In step S172, the control unit 31 performs mutual authentication with the IC card 1 using the service registration key Kreg, shares the session key Kses, and executes step S1.
At 73, the service registration reader / writer 2-1 is transmitted via the communication unit 21 at step S153 in FIG.
1 receives the free space confirmation command transmitted.

In step S174, control unit 31
Determines whether or not the SRA 46 of the memory 32 has a free area for registration data. If it is determined in step S174 that there is no free area, step S17
In 5, the control unit 31 transmits a NACK signal to the service registration reader / writer 2-11 via the communication unit 21, and the process ends.

If it is determined in step S174 that there is a free area, the control unit 31 transmits an ACK signal to the service registration reader / writer 2-11 via the communication unit 21 in step S176.

At step S177, control unit 31 receives the encrypted data transmitted by service registration reader / writer 2-11 at step S157 of FIG. 29 via communication unit 21, and at step S178,
The common key processing unit 42 of the encryption processing unit 33 is controlled to decrypt the encrypted data received in step S177 using the session key Kses.

At step S179, control unit 31
Supplies the data decrypted by the session key Kses in step S178 to the memory 32,
6 in the Service Individual Info area and the SRT 45.

In step S180, the control section 31 notifies the service registration reader / writer 2-11 of the completion of data registration via the communication section 21.
At 81, the service deletion permission flag by service authentication transmitted by the service registration reader / writer 2-11 is received at step S159 in FIG. 29, and the service deletion permission flag is stored in the Servicing of the SRA 46 of the memory 32.
e Set in the Individual Info area, and the process ends.

Next, the service deletion processing of the service registration reader / writer 2-11 will be described with reference to the flowchart of FIG.

At step S191, the control unit 101 of the service registration reader / writer 2-11
A service ID corresponding to the service to be deleted, which is input using the input unit 106, is received (here, the service whose corresponding service ID is ID_S is to be deleted).

In step S192, the same processing as in step S152 in FIG. 29 is performed. Control unit 101
Is transmitted via the communication unit 91 in step S193.
Sends the ID_S area deletion command to the IC card 1,
In step S194, it is determined whether an error message transmitted by the IC card 1 in step S205 of FIG. 32 described below has been received.

If it is determined in step S194 that an error message has been received, in step S195, the same processing as in step S16 of FIG. 16 is performed, and the processing ends. If it is determined in step S194 that no error message has been received, the process ends.

Next, with reference to the flowchart of FIG. 32, the service deletion process of the IC card 1 executed in parallel with the service deletion process of the service registration reader / writer 2-11 described with reference to FIG. Will be described. Here, a case where the process is executed by the IC card 1 described with reference to FIG. 3 will be described.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

In step S201, the same processing as in step S172 in FIG. 30 is executed. IC card 1
The control unit 31 receives the ID_S area deletion command transmitted by the service registration reader / writer 2-11 in step S193 in FIG. 31 in step S202, and determines whether there is data corresponding to the ID_S area in step S203. It is determined whether the validity of the ID_S area deletion command received in step S202 has been verified by confirming whether the command is valid or not.

If it is determined in step S203 that the validity of the ID_S area deletion command has been verified,
In step S204, the control unit 31
The area corresponding to ID_S is deleted from SRT 45 and SRA 46 of, and the process ends.

If it is determined in step S203 that the validity of the ID_S area deletion command has not been verified, in step S205, the control unit 31 transmits the service registration reader / writer 2-11 via the communication unit 21.
Then, an error message is transmitted, and the process is terminated.

The service deletion process described with reference to FIGS. 31 and 32 can be executed by the general reader / writer 2-12 and the IC card 1. The service deletion process of the general reader / writer 2-12 will be described with reference to the flowchart in FIG.

In step S211, the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed. In step S212, the reader / writer described with reference to FIG. 20, FIG. 22, or FIG. The authentication key identification process of Step 2 is executed, and Step S21
In 3, the same processing as in step S193 of FIG. 31 is executed.

In step S214, the control unit 101 of the general reader / writer 2-12 determines whether or not the IC has been used in step S226 or step S227 of FIG.
The signal transmitted by the card 1 is received. Then, in steps S215 and S216, the same processes as those in steps S15 and S16 of FIG. 16 are performed, and the process ends.

Next, referring to the flowchart of FIG. 34, the general reader / writer 2-1 described with reference to FIG.
A service deletion process of the IC card 1 which is executed in parallel with the service deletion process 2 will be described. Here, the case where the processing is executed by the IC card 1 described with reference to FIG. 3 will be described. However, even when the processing is executed by the IC card 1 described with reference to FIG. A similar process is executed.

In step S221, the service identification processing of the IC card 1 described with reference to FIG. 17 or FIG. 19 is executed.
The authentication key identification process of the IC card 1 described with reference to FIG. 1, FIG. 23, or FIG. 28 is executed.

In step S223, control unit 31
Receives the ID_S area deletion command transmitted by the general reader / writer 2-12 via the communication unit 21 in step S213 in FIG. In step S224, a process similar to step S203 in FIG. 32 is executed. If it is determined in step S224 that the validity of the command has been verified, in step S225, the same processing as in step S204 of FIG. 32 is performed. In step S226, the control unit 31 An ACK signal is transmitted to reader / writer 2-12, and the process ends.

If it is determined in step S224 that the validity of the command has not been verified, the process proceeds to step S224.
At 227, the control unit 31
A NACK signal is transmitted to the general reader / writer 2-12, and the process ends.

Next, with reference to the flowchart of FIG. 35, the general reader / writer 2-12, which is executed when the user receives the service registered in the IC card 1 with the general reader / writer 2-12. The service acquisition processing will be described.

In step S231, the service identification processing of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed. In step S232, the reader / writer described with reference to FIG. 20, FIG. 22, or FIG. 2 is executed.

In step S233, the control unit 101 of the general reader / writer 2-12
A data request command for the ID_S area is transmitted to the IC card 1.

In step S234, the control unit 101 determines in step S245 in FIG.
The data transmitted from the card 1 is received, and step S2
At 35, the common key processing unit 112 of the encryption processing unit 102
To decrypt the encrypted data received in step S234 using the session key Kses. The control unit 101 performs predetermined data processing such as subtraction or addition of electronic money using the decrypted data, and the processing ends.

Next, referring to the flowchart of FIG. 36, the general reader / writer 2-1 described with reference to FIG.
2 which is executed in parallel with the service data acquisition process of
The service data acquisition process of the C card 1 will be described. Here, a case where the process is executed by the IC card 1 described with reference to FIG. 3 will be described.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

In step S241, the service identification processing of the IC card 1 described with reference to FIG. 17 or FIG. 19 is executed.
The authentication key identification process of the IC card 1 described with reference to FIG. 1, FIG. 23, or FIG. 28 is executed.

At step S243, the IC card 1
The control unit 31 receives the data request command of the ID_S area transmitted by the general reader / writer 2-12 in step S233 of FIG. 35 via the communication unit 21.
In step S244, the control unit 31 controls the common key processing unit 42 of the encryption
The data registered in the area corresponding to _S is encrypted using the session key Kses, and in step S245, the encrypted data is transmitted to the general reader / writer 2-12 via the communication unit 21 to perform processing. Is terminated.

Also, the IC card 1 and the general reader / writer 2
In -12, even when information relating to a certain service is exchanged, the SR described with reference to FIG.
When the corresponding permission information is recorded in T45, it is possible to exchange information on services other than the information currently being exchanged. Referring to the flowchart of FIG. 37, the service I other than ID_S
The service data acquisition process of the general reader / writer 2-12 performed during the execution of the service corresponding to D will be described.

In steps S251 to S254, steps S231 to S23 in FIG.
The same process as in No. 4 is executed. In step S255, the control unit 101 of the general reader / writer 2-12 determines whether or not the data received from the IC card 1 in step S254 is a NACK signal.

If it is determined in step S255 that the received data is not a NACK signal, in step S256, the same processing as in step S235 in FIG. 35 is executed, and the processing ends. Step S255
In, when it is determined that the received data is a NACK signal, the same processing as in step S16 of FIG. 16 is performed, and the processing ends.

Next, referring to the flowchart of FIG. 38, the general reader / writer 2-1 described with reference to FIG.
2 which is executed in parallel with the service data acquisition process of
The service data acquisition process of the C card 1 will be described. Here, a case where the process is executed by the IC card 1 described with reference to FIG. 3 will be described.
Even when the processing is executed by the IC card 1 described with reference to FIG. 4, basically the same processing is executed.

In steps S261 through S263, steps S241 through S24 in FIG.
The same processing as in No. 3 is performed. Step S261
It is assumed that authentication of service ID_T different from service ID_S is performed. In step S264, the control unit 31 of the IC card 1
It is determined whether the ID_S area corresponding to the data request command received in step S263 is registered in SRA46 and SRA46. If it is determined in step S264 that the ID_S area has not been registered, the process proceeds to step S269.

If it is determined in step S264 that the ID_S area has been registered, the control unit 31 determines in step S265 that the SRT 45 of the memory 32
The permission information of ID_S is acquired from the permission information field corresponding to ID_S, and in step S266, it is determined whether the reading of the data of ID_S is permitted at the time of ID_T authentication (that is, the permission corresponding to ID_S of SRT45). At the time of authentication by ID_T, it is determined whether or not data read permission, that is, ro or rw is described in the information field). In step S266,
If it is determined that data reading is not permitted, the process proceeds to step S269.

If it is determined in step S266 that data reading is permitted, the process proceeds to step S2
In steps 67 and S268, the same processes as those in steps S244 and S245 in FIG. 36 are performed, and the process ends.

If it is determined in step S264 that the ID_S area is not registered, or if it is determined in step S266 that data reading is not permitted, then in step S269,
The control unit 31 transmits a NACK signal to the general reader / writer 2-12 via the communication unit 21, and the process ends.

After the data is acquired from the IC card 1 to the general reader / writer 2-12 by the service data acquisition processing described with reference to FIGS. 35 to 48 and predetermined processing is performed, the general reader / writer 2-12 If necessary, the SRT 45 or SRT in the memory 32 of the IC card 1
A process of writing data to a predetermined area of the RA 46 is executed.

Next, the service data writing process of the general reader / writer 2-12 will be described with reference to the flowchart of FIG.

In step S281, the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed. In step S282, the reader / writer described with reference to FIG. 20, FIG. 22, or FIG. 2 is executed.

Control unit 101 of general reader / writer 2-12
Controls the common key processing unit 112 of the encryption processing unit 102 to encrypt the data to be transmitted to the IC card 1 using the session key Kses in order to write the data to the memory 32 of the IC card 1 in step S283. , Step S
In step 284, the data write command and the data encrypted in step S284 are transmitted to the IC card 1 via the communication unit 91, and the process ends.

Next, referring to the flowchart of FIG. 40, the general reader / writer 2-1 described with reference to FIG.
The service data writing process of the IC card 1, which is executed in parallel with the service data writing process of No. 2 will be described. It should be noted that, also here, the I described with reference to FIG.
The case where the processing is executed by the C card 1 will be described, but basically the same processing is executed when the processing is executed by the IC card 1 described with reference to FIG.

In step S291, the service identification process of the IC card 1 described with reference to FIG. 17 or FIG. 19 is executed.
The authentication key identification process of the IC card 1 described with reference to FIG. 1, FIG. 23, or FIG. 28 is executed.

In step S293, control unit 31
Receives the data write command and the encrypted data transmitted by the general reader / writer 2-12 in step S284 of FIG. 39 via the communication unit 21. Control unit 3
1 controls the common key processing unit 42 of the encryption processing unit 33 in step S294 to decrypt the received data using the session key Kses. In step S295, the decrypted data is stored in the SRT 45 The data is written to the service storage area corresponding to ID_S of SRA 46, and the process ends.

Also, an IC card 1 and a general reader / writer 2
In -12, even when information relating to a certain service is exchanged, the SR described with reference to FIG.
If the corresponding permission information is recorded in T45, a service data writing process is performed for a service other than the information currently being exchanged, similarly to the service data acquisition process described with reference to FIGS. 37 and 38. It is possible to Referring to the flowchart of FIG. 41, the general reader / writer 2-12 performed during the execution of the service corresponding to the service ID other than ID_S
The service data writing process will be described.

In steps S301 to S304, steps S281 to S28 in FIG.
The same process as in No. 4 is executed. Then, step S30
In steps 5 and S306, the same processing as steps S15 and S16 in FIG. 16 is performed, and the processing ends.

Next, referring to the flowchart of FIG. 42, the general reader / writer 2-1 described with reference to FIG.
The service data writing process of the IC card 1, which is executed in parallel with the service data writing process of No. 2 will be described. It should be noted that, also here, the I described with reference to FIG.
The case where the processing is executed by the C card 1 will be described, but basically the same processing is executed when the processing is executed by the IC card 1 described with reference to FIG.

In steps S311 through S313, steps S291 through S29 in FIG.
The same processing as in No. 3 is performed. Step S311
It is assumed that authentication of service ID_T different from service ID_S is performed. In steps S314 and S315, the same processing as in steps S264 and S265 of FIG. 38 is performed. If it is determined in step S314 that the ID_S area is not registered, the processing proceeds to step S320.

In step S316, control unit 31
Determines whether writing of data is permitted for the service of ID_S at the time of ID_T authentication (that is, in the permission information field corresponding to ID_S of SRT 45, data writing permission at the time of ID_T authentication, ie, , Rw are described). If it is determined in step S316 that data writing is not permitted, the process proceeds to step S320.

If it is determined in step S316 that data writing is permitted, the process proceeds to step S3.
In steps 17 and S318, the same processing as in steps S294 and S295 in FIG. 40 is executed. In step S319, the control unit 31 sends an ACK to the general reader / writer 2-12 via the communication unit 21.
A signal is transmitted, and the process ends.

If it is determined in step S314 that the ID_S area is not registered, or if it is determined in step S316 that data writing is not permitted, then in step S320
The control unit 31 transmits a NACK signal to the general reader / writer 2-12 via the communication unit 21, and the process ends.

As described above, the general reader / writer 2
At -12, in order to mount the IC card 1 and receive various services, an authentication process must be performed using a common key or a public key defined for each service. These authentication keys are often upgraded (that is, the keys are changed) to maintain security. The user mounts the IC card 1 on the reader / writer for upgrading 2-14 or the general reader / writer 2-12 described with reference to FIG.
Must be performed to upgrade the authentication key registered in the IC card 1 managed by itself to the authentication key of the latest version as possible. No.

Next, referring to FIG. 43, a version upgrade key executed using a version upgrade key (version upgrade key Kake_vup described with reference to FIGS. 6 and 14) determined for each service. Reader / writer 2-14
Will be described.

In step S331, the service identification process of the reader / writer 2 described with reference to FIG. 16 or FIG. 18 is executed. In step S332, the reader / writer described with reference to FIG. 20, FIG. 22, or FIG. 2 is executed.

In step S333, the control unit 101 of the reader / writer for version upgrade 2-14 controls the common key processing unit 112 of the encryption processing unit 102 to change the authentication key ID corresponding to the authentication key to be upgraded. The data is encrypted using the session key Kses and transmitted to the IC card 1. In step S334, the control unit 101 executes step S355 or step S36 in FIG.
At 0, a signal transmitted by the IC card 1 is received.

At step S335, control unit 101
Determines whether the signal received from the IC card 1 in step S334 is an ACK signal. If it is determined in step S335 that the received signal is not an ACK signal, the process proceeds to step S339.
When it is determined in step S335 that the received signal is an ACK signal, in step S336,
The control unit 101 stores the latest version information corresponding to the authentication key to be upgraded and the authentication key Kake in the memory 103.
And the common key processing unit 112 of the encryption processing unit 102
To be encrypted using the session key Kses, and transmitted to the IC card 1 via the communication unit 91.

Then, in step S337, IC
The card 1 receives the signal transmitted in step S359 or step S360 of 44 described later. In step S338, the same process as in step S335 is performed. If it is determined in step S338 that the received signal is an ACK signal, the process ends. If it is determined in step S335 and step S338 that the received signal is not an ACK signal, in step S339, step S1 in FIG.
6 is performed, and the process is terminated.

Next, referring to the flowchart of FIG. 44, the key version of the IC card 1 executed in parallel with the key version-up process of the version-up reader / writer 2-14 described with reference to FIG. The up processing will be described. Here, the case where the processing is executed by the IC card 1 described with reference to FIG. 3 will be described. However, even when the processing is executed by the IC card 1 described with reference to FIG. A similar process is executed.

In step S351, the service identification processing of the IC card 1 described with reference to FIG. 17 or FIG. 19 is executed, and in step S352, FIG.
The authentication key identification process of the IC card 1 described with reference to FIG. 1, FIG. 23, or FIG. 28 is executed.

At step S353, control unit 31
Receives the encrypted authentication key ID transmitted by the upgrade reader / writer 2-14 in step S333 of FIG. 43 via the communication unit 21 and sets the common key processing unit 42 of the encryption processing unit 33 to Under control, the received data is decrypted using the session key Kses. Step S
At 354, the control unit 31 determines the ID_ID of the SRT 45 and the SRA 46 of the memory 32 based on the decoded data.
It is determined whether the corresponding authentication key ID exists in S. If it is determined in step S354 that the authentication key ID does not exist, the process proceeds to step S360.

If it is determined in step S354 that the authentication key ID exists, control unit 31 proceeds to step S354.
At 355, an ACK signal is transmitted to the reader / writer for upgrade 2-14 via the communication unit 21, and at step S356, the encryption transmitted by the reader / writer for upgrade 2-14 at step S336 in FIG. Version information and authentication key Kake
Is received via the communication unit 21 and the common key processing unit 42 of the encryption processing unit 33 is controlled so that the received version information is
Decrypt using the session key Kses.

In step S357, control unit 31
Determines whether the received version information is correct (that is, whether the received version information is a newer version than the version information of the authentication key already held by itself) based on the decrypted data. If it is determined in step S357 that the version information is incorrect, the process proceeds to step S360.

If it is determined in step S357 that the version information is correct, the control unit 31 controls the common key processing unit 42 of the encryption processing unit 33 to generate the authentication key Kake.
Using the session key Kses to decrypt the
In step A359, an ACK signal is transmitted to the upgrade reader / writer 2-14 via the communication unit 21, and the process ends.

When it is determined in step S354 that the authentication key ID does not exist, and when step S357
In step S360, when it is determined that the version information is not correct, the control unit 31 transmits a NACK signal to the reader / writer 2-14 for upgrading via the communication unit 21, and the process ends.

Also, an IC card 1 and a general reader / writer 2
In the case where information about a certain service is exchanged at -12, the SRT described with reference to FIG.
When the corresponding permission information is recorded in the service information 45, the service information acquisition processing described with reference to FIGS. 37 and 38 and the service data writing processing described with reference to FIGS. It is possible to execute a key version-up process for a service other than the service that has been given / received. The key version-up process of the general reader / writer 2-12 performed during the execution of the service corresponding to the service ID other than ID_S will be described with reference to the flowchart in FIG.

Steps S371 and S372
In step S331 and step S331 in FIG.
332 is executed. In step S373, the control unit 101 of the general reader / writer 2-12 transmits an upgrade command for the authentication key of the service corresponding to ID_S to the IC card 1 via the communication unit 91. Figure 4
Step S397 of FIG. 6 or Step S40 of FIG.
At 5, receiving the data transmitted by the IC card 1,
In step S375, it is determined whether the signal received from IC card 1 is an ACK signal.

If it is determined in step S375 that the received signal is not an ACK signal, the process proceeds to step S382. If it is determined in step S375 that the received signal is an ACK signal, in steps S376 to S382, processes similar to those in steps S333 to S339 in FIG. 43 are performed, and the process ends.

Next, referring to the flow charts of FIGS. 46 and 47, the IC card 1 executed in parallel with the key version-up process of the version-up reader / writer 2-14 described with reference to FIG. Will be described. Here, the case where the processing is executed by the IC card 1 described with reference to FIG. 3 will be described. However, even when the processing is executed by the IC card 1 described with reference to FIG. A similar process is executed.

Steps S391 and S392
In step S351 and step S351 in FIG.
The same processing as 352 is executed. Step S3
91, service ID_ different from service ID_S
Assume that authentication of T is performed. In step S393, the control unit 31 receives the upgrade command for the authentication key of ID_S transmitted by the upgrade reader / writer 2-14 in step S373 of FIG.

Steps S394 and S395
In step S264 and step S264 in FIG.
The same processing as in step S265 is performed, and if it is determined in step S394 that the ID_S area is not registered, the processing proceeds to step S405.

In step S396, control unit 31
Determines whether or not the version up of the authentication key of ID_S is permitted at the time of ID_T authentication (namely, S
It is determined whether or not permission of vup at the time of ID_T authentication is described in the permission information field corresponding to ID_S of RT45). In step S396,
If it is determined that the version of the authentication key is not permitted, the process proceeds to step S405.

If it is determined in step S396 that version-up of the authentication key has been permitted, in step S397, the control unit 31 transmits the A to the version-reading reader / writer 2-14 via the communication unit 21.
Transmit the CK signal.

Then, Steps S398 to S398
In 405, the same processing as in steps S353 to S360 in FIG. 44 is performed, and the processing ends.

Next, the inter-module communication described with reference to FIG. 13 will be described with reference to the flowcharts in FIGS. The inter-module communication is executed by the IC card 1 described with reference to FIG. 4 and the inter-module communication reader / writer 2-13. Here, the communication unit 51 and the common key service processing unit 52 of the IC card 1 described with reference to FIG. 4 are replaced with the common key module 122 described with reference to FIG. 13, and the communication unit 53 described with reference to FIG.
The public key service processing unit 54 will be described as the public key module 121 described with reference to FIG.

First, referring to the flowchart of FIG. 48, the common key module 122 sets the session key shared with the inter-module communication reader / writer 2-13 and the public key module 121 sets the inter-module communication reader / writer 2- The communication between modules when the shared session key is different from the shared session key will be described.

In step S411, the inter-module communication reader / writer 2-13
8, the service identification process of the reader / writer 2 is executed, and in step S412, the IC card 1
The public key module 121 of FIG.
, The service identification process of the IC card 1 is executed, and the session key Kses1 is shared between the inter-module reader / writer 2-13 and the public key module 121.

In step S413, the inter-module communication reader / writer 2-13
8, the service identification processing of the reader / writer 2 is executed, and in step S414, the IC card 1
The common key module 122 of FIG.
Described above, the service identification process of the IC card 1 is executed, and the session key Kses2 is shared between the inter-module reader / writer 2-13 and the common key module 122.

In step S415, the control unit 101 of the inter-module communication reader / writer 2-13 transmits the I / O information obtained in the service identification process of the reader / writer 2 executed in steps S411 and S413.
The public key module 12 based on the card ID of the C card 1
It is determined whether or not 1 and the two card IDs of the common key module 122 match. In step S415,
If it is determined that the card IDs do not match, step S
In 416, the same processing as in step S16 of FIG. 16 is performed.

If it is determined in step S415 that the two card IDs match, the control unit 101 of the inter-module communication reader / writer 2-13 transmits a module data transfer command to the public key module 121 in step S417. .

The control unit 61 of the public key module 121
In step S418, the module data movement start command is received from the inter-module communication reader / writer 2-13, and the common key processing unit 42 of the encryption processing unit 33 is controlled to encrypt the data to be moved with the session key Kses1. In step S419, the encrypted data is transmitted to the inter-module communication reader / writer 2-13.

Reader / writer 2-13 for communication between modules
In step S420, the control unit 101 controls the common key processing unit 112 of the encryption processing unit 102 to decrypt the received data with the session key Kses1, and in step S4
At 21, the data is encrypted with the session key Kses 2 and transmitted to the common key module 122. In step S422, the control unit 61 of the common key module 122 controls the common key processing unit 42 of the encryption processing unit 63,
The received data is decrypted with the session key Kses2, and in step S423, the decrypted data is stored in a corresponding area of the memory 62 and used.

Next, referring to the flowchart of FIG. 49, the common key module 122 sets the session key shared with the inter-module communication reader / writer 2-13 and the public key module 121 sets the inter-module communication reader / writer 2 A description will be given of inter-module communication when the shared session key is the same as -13.

In step S431, the inter-module communication reader / writer 2-13
8, the service identification processing of the reader / writer 2 is executed, and in step S432, the IC card 1
The public key module 121 of FIG.
, The service identification process of the IC card 1 is executed, and the session key Kses1 is shared between the inter-module reader / writer 2-13 and the public key module 121.

In step S433, the inter-module communication reader / writer 2-13
8, the service identification processing of the reader / writer 2 is executed, and in step S434, the IC card 1
The common key module 122 of FIG.
Described above, the service identification process of the IC card 1 is executed, and the session key Kses1 is shared between the inter-module reader / writer 2-13 and the common key module 122.

In steps S435 to S439, steps S415 to S41 in FIG.
The same processing as in step 9 is performed. Then, step S44
0, the inter-module communication reader / writer 2-13
The control unit 101 transmits the received data to the common key module 122. In step S420 and step S421 in FIG. 48, the received data is decrypted with the session key Kses1, and the decrypted data is
Although the data is transmitted to the common key module 122 after being encrypted by Kses2, here, the common key module 122 also has the session key Kses1, so that these processes are not necessary.

The control unit 61 of the common key module 122
In step S411, the cryptographic processing unit 63 is controlled to decrypt the received data with the session key Kses1, and in step S422, the decrypted data is stored in the memory 62.
Save and use in the corresponding area.

Next, referring to the flowchart of FIG. 50, the common key module 122 sets the session key shared with the inter-module communication reader / writer 2-13 and the public key module 121 sets the inter-module communication reader / writer 2 -13 and the shared session key is different, but the inter-module communication reader / writer 2-13 uses the public key module 1
A description will be given of inter-module communication in a case where encryption is performed with the other session key of 21 and the encrypted session key is supplied to the public key module 121.

In steps S451 to S456, steps S411 to S41 in FIG.
The same processing as in step 6 is executed. That is, the session key Kses1 is shared between the inter-module reader / writer 2-13 and the public key module 121, and the inter-module reader / writer 2-13 and the common key module 122
The session key Kses2 is shared.

In step S457, the control unit 101 of the inter-module communication reader / writer 2-13 controls the encryption processing unit 102 to encrypt the session key Kses2 with the session key Kses1, and transmits the encrypted session key Kses2 to the public key module 121. I do. The control unit 61 of the public key module 121 controls the common key processing unit 42 of the encryption processing unit 33 to decrypt the received data with the session key Kses1.
Extract the session key Kses2.

In step S459, the same processing as in step S417 in FIG. 48 is executed. Step S4
At 60, the control unit 61 of the public key module 121
Encrypts the moving data with the session key Kses2,
Reader / writer 2-1 for communication between modules
Send to 3.

At step S461, the same processing as at step S440 in FIG. 49 is executed. Then, in steps S462 and S463, FIG.
The same processing as in steps S422 and S423 is performed.

That is, in steps S420 and S421 in FIG. 48, the received data is decrypted with the session key Kses1, the decrypted data is encrypted with the session key Kses2, and then transmitted to the common key module 122. Similarly to the processing described with reference to FIG. 49, the common key module 122 and the public key module 1
21 can obtain the same session key Kses2, so that these processes need not be performed.

Referring to the flowchart of FIG. 51, public key module 121 and common key module 122
However, a description will be given of inter-module communication when a common secret key K_common is shared, mutual authentication is performed using the shared secret key K_common, and a common session key Kses is shared.

Steps S471 and S472
In, the public key module 121 and the common key module 122 perform mutual authentication using the common secret key K_common and share the session key Kses. In step S473, the inter-module communication reader / writer 2-13
Only the communication path for mutual authentication in step S471 and step S472 is provided (that is, the session key is not shared by the public key module 121 and the common key module 122).

At step S474, the same processing as at step S417 in FIG. 48 is executed. Step S4
At 75, the control unit 61 of the public key module 121
Controls the common key processing unit 42 of the encryption processing unit 33 to encrypt the moving data with the session key Kses, and transmits the encrypted data to the inter-module communication reader / writer 2-13. Then, steps S476 to S47
8, steps S421 to S421 in FIG.
The same processing as 423 is performed.

In other words, in the inter-module communication described with reference to FIG. 51, the inter-module communication reader / writer 2-13 only provides a data communication path, encrypts data transmitted between the modules, There is no decryption.

The above-mentioned series of processing can be executed by software. The software is a computer in which a program constituting the software is built in dedicated hardware, or a general-purpose personal computer that can execute various functions by installing various programs. For example, it is installed from a recording medium.

As shown in FIG. 9, the recording medium is a magnetic disk 115 (including a floppy (registered trademark) disk) on which the program is recorded, which is distributed separately from the computer to provide the user with the program. ),
Optical disk 116 (CD-ROM (Compact Disk-Read Only M
emory), a DVD (including a Digital Versatile Disk), a magneto-optical disk 117 (including an MD (Mini-Disk)), or a package medium including a semiconductor memory 118 or the like.

[0276] In this specification, a step of describing a program recorded on a recording medium may be performed not only in chronological order but also in chronological order according to the described order. This also includes processing executed in parallel or individually.

[0277]

According to the first data storage device, the data storage method, and the program recorded on the recording medium of the present invention, input / output of data to / from an information processing device is controlled, and storage of secret information is performed. The version of the first secret information and the version of the second secret information are obtained from the version information of the first secret information among the secret information stored and controlled, and the version information of the input second secret information. And if it is determined that the version of the second secret information is newer than the version of the first secret information, the second secret information is stored in the storage area storing the first secret information. Update of secret information, such as an authentication key used for mutual authentication between the IC card and the reader / writer, can be performed in a mode different from the normal mode for sending and receiving service data. It may be possible by communication between the earth and the reader-writer.

According to the second data storage device, the data storage method, and the program recorded on the recording medium of the present invention, input / output of data to / from an information processing device is controlled, and data corresponding to a predetermined service is controlled. And controlling storage of a plurality of authentication keys used for authentication processing with the information processing apparatus, selecting an authentication key used for authentication processing with the information processing apparatus from the plurality of stored authentication keys, and selecting the selected authentication key. When the authentication process using the selected first authentication key cannot be performed by using the authentication key, a second authentication key different from the first authentication key is further selected. In the case of leakage to a third party, using an authentication key other than the authentication key that can no longer be used,
An authentication process can be performed.

According to the first information processing apparatus, the information processing method, and the program recorded on the recording medium of the present invention, input / output of data to / from a data storage device is controlled to store a plurality of pieces of secret information. Controlling the input of a signal indicating the selection of the secret information by the user, based on the signal indicating the input selection of the secret information, selecting predetermined secret information from the stored plurality of secret information, and selecting the selected secret information. The output of the secret information and the version information of the secret information to the data storage device is controlled, so that the update of the secret information such as an authentication key used for mutual authentication between the IC card and the reader / writer is performed in a normal manner. The transfer of service data can be made possible by communication between the IC card and the reader / writer in a different mode.

According to the second information processing apparatus, the information processing method, and the program recorded on the recording medium of the present invention, input / output of data to / from a data storage device is controlled, and data corresponding to a predetermined service is controlled. And controlling storage of a plurality of authentication keys used for authentication processing with the data storage device, selecting an authentication key used for authentication processing with the data storage device from the plurality of stored authentication keys, and selecting the selected authentication key. When the authentication process using the first authentication key is prohibited from among the plurality of stored authentication keys, a second authentication key different from the first authentication key is selected. Therefore, when a certain authentication key is leaked to a third party, the authentication process can be executed using an authentication key other than the authentication key that cannot be used anymore. It is possible .

[Brief description of the drawings]

FIG. 1 is a diagram for explaining a communication system and an authentication system between an IC card and a reader / writer.

FIG. 2 is a diagram for explaining a relationship among a card issuer, a service provider, and a card holder.

FIG. 3 is a block diagram illustrating a configuration of an IC card.

FIG. 4 is a block diagram showing a configuration of an IC card.

FIG. 5 is a diagram for describing an encryption processing unit in FIGS. 3 and 4;

FIG. 6 is a diagram for explaining the SRA of FIGS. 3 and 4;

FIG. 7 is a diagram for describing authentication key information stored in the SRA of FIG. 6;

FIG. 8 is a diagram for explaining the SRT of FIGS. 3 and 4;

FIG. 9 is a block diagram illustrating a configuration of a reader / writer.

FIG. 10 is a diagram illustrating memory information of a service registration reader / writer.

FIG. 11 is a diagram for explaining memory information of a general reader / writer.

FIG. 12 is a diagram for explaining memory information of a reader / writer for communication between modules.

FIG. 13 is a diagram for explaining inter-module communication.

FIG. 14 is a diagram for explaining memory information of a reader / writer for upgrading.

FIG. 15 is a flowchart illustrating an authentication process of an IC card and a reader / writer.

FIG. 16 is a flowchart illustrating a service identification process of the reader / writer.

FIG. 17 is a flowchart illustrating a service identification process of an IC card.

FIG. 18 is a flowchart illustrating a service identification process of the reader / writer.

FIG. 19 is a flowchart illustrating a service identification process of an IC card.

FIG. 20 is a flowchart illustrating an authentication key identification process of the reader / writer.

FIG. 21 is a flowchart illustrating an authentication key identification process of an IC card.

FIG. 22 is a flowchart illustrating an authentication key identification process of a reader / writer.

FIG. 23 is a flowchart illustrating an authentication key identification process of an IC card.

FIG. 24 is a diagram illustrating a certificate.

FIG. 25 is a flowchart illustrating a signature generation process.

FIG. 26 is a flowchart illustrating a signature verification process.

FIG. 27 is a flowchart illustrating an authentication key identification process of a reader / writer.

FIG. 28 is a flowchart illustrating an authentication key identification process of an IC card.

FIG. 29 is a flowchart illustrating a service registration process of a service registration reader / writer;

FIG. 30 is a flowchart illustrating a service registration process of an IC card.

FIG. 31 is a flowchart illustrating a service deletion process of the service registration reader / writer.

FIG. 32 is a flowchart illustrating a service deletion process of an IC card.

FIG. 33 is a flowchart illustrating a service deletion process of a general reader / writer.

FIG. 34 is a flowchart illustrating a service deletion process of an IC card.

FIG. 35 is a flowchart for describing service data acquisition processing of a general reader / writer.

FIG. 36 is a flowchart for describing service data transmission processing of an IC card.

FIG. 37 is a flowchart for describing service data acquisition processing of a general reader / writer.

FIG. 38 is a flowchart for describing service data transmission processing of an IC card.

FIG. 39 is a flowchart for describing service data writing processing of a general reader / writer.

FIG. 40 is a flowchart for describing service data writing processing of an IC card.

FIG. 41 is a flowchart for describing service data writing processing of a general reader / writer.

FIG. 42 is a flowchart for describing service data writing processing of an IC card.

FIG. 43 is a flowchart for describing a key version-up process of a version-up reader / writer;

FIG. 44 is a flowchart illustrating a process of upgrading a key of an IC card.

FIG. 45 is a flowchart illustrating a key version-up process of a general reader / writer.

FIG. 46 is a flowchart for describing a key version upgrade process of an IC card.

FIG. 47 is a flowchart illustrating a key version upgrade process of an IC card.

FIG. 48 is a flowchart illustrating an inter-module communication process.

FIG. 49 is a flowchart for describing inter-module communication processing.

FIG. 50 is a flowchart illustrating an inter-module communication process.

FIG. 51 is a flowchart for describing inter-module communication processing;

[Explanation of symbols]

1 IC card 1 reader / writer, 21 communication unit,
31 control unit, 32 memory, 33 encryption processing unit,
41 public key processing unit, 42 common key processing unit, 43
Other cryptographic processing units, 45 SRT, 46 SR
A, 51 communication unit, 52 common key service processing unit,
53 communication unit, 54 public key service processing unit, 6
1 control unit, 62 memory, 63 encryption processing unit, 9
1 communication unit, 101 control unit, 102 encryption processing unit, 103 memory, 111 public key processing unit, 11
2 common key processing unit, 113 other encryption processing unit,
105 display unit, 106 input unit, 121 public key module, 122 common key module

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/10 H04L 9/00 621A 9/32 673E (72) Inventor Tomoyuki Asano 6 Kita Shinagawa, Shinagawa-ku, Tokyo 7-35 within Sony Corporation (72) Kenji Yoshino 6-35 Kita Shinagawa, Shinagawa-ku, Tokyo 7-35 Inside Sony Corporation (72) Taizo Shirai 6-chome Kita-Shinagawa, Shinagawa-ku, Tokyo 7-35 Inside Sony Corporation (72) Inventor Ryuta Taki 6-73 Kita-Shinagawa, Shinagawa-ku, Tokyo F-term within Sony Corporation (Reference) 5B035 AA13 BB09 BC00 CA23 CA38 5B058 CA13 CA15 CA27 KA02 KA04 KA08 KA35 YA20 5J104 AA07 AA16 EA17 KA01 NA02 NA03 NA12 NA35 NA36 NA37 NA38 NA40

Claims (16)

[Claims] 1. A data storage device mounted on an information processing device for exchanging data with the information processing device, comprising: an input / output control unit for controlling input / output of the data to / from the information processing device; Storage control means for controlling storage, version information of first secret information of the secret information whose storage is controlled by the storage control means, and second secret information whose input is controlled by the input / output control means And comparing means for comparing the version of the first secret information with the version of the second secret information, based on the version information of the information. When it is determined that the version is newer than the secret information of the second secret information, the storage control means stores the second secret information in the storage area storing the first secret information. Data storage device and controls so as to. 2. An authentication unit for authenticating exchange of the secret information with the information processing apparatus, wherein the authentication unit is different from a first authentication key used for exchange of the data other than the secret information. 2. The data storage device according to claim 1, wherein the transfer of the secret information is authenticated using a second authentication key. 3. The apparatus according to claim 2, further comprising a decryption unit for decrypting the encrypted second secret information, the input of which is controlled by the input / output control unit, wherein the comparison unit decrypts the second secret information. When it is determined that the version of the second secret information is newer than the version of the first secret information, the storage control unit stores the first secret information in the storage area storing the first secret information.
2. The data storage device according to claim 1, wherein control is performed such that the second secret information decrypted by the decryption unit is stored. 4. A data storage method for a data storage device mounted on an information processing device and exchanging data with the information processing device, comprising: an input / output control step of controlling input / output of the data to / from the information processing device. A storage control step of controlling storage of secret information; version information of first secret information of the secret information whose storage has been controlled by the processing of the storage control step; and input by processing of the input / output control step. And a comparing step of comparing the version of the first secret information and the version of the second secret information from the version information of the controlled second secret information. If it is determined that the version of the secret information of No. 2 is newer than the version of the first secret information, the storage control step includes: 1
A data storage method for storing the second secret information in a storage area storing the second secret information. 5. A program for a data storage device mounted on an information processing device and exchanging data with the information processing device, comprising: an input / output control step of controlling input / output of the data to / from the information processing device. A storage control step of controlling storage of secret information; version information of first secret information of the secret information whose storage has been controlled by the processing of the storage control step; and processing of the input / output control step. A comparing step of comparing the version of the first secret information with the version of the second secret information based on the version information of the second secret information whose input is controlled; If it is determined that the version of the second secret information is newer than the version of the first secret information, the storage control step includes the step of:
A storage medium storing a computer-readable program, wherein the second secret information is controlled to be stored in a storage area storing the second secret information. 6. A data storage device mounted on an information processing device for exchanging data with the information processing device, comprising: an input / output control means for controlling input / output of the data to / from the information processing device; Storage control means for controlling storage of data corresponding to the information and a plurality of authentication keys used for authentication processing with the information processing apparatus, and the information processing apparatus from the plurality of authentication keys the storage of which is controlled by the storage control means Selecting means for selecting the authentication key used for the authentication processing, and authentication means for performing an authentication processing using the authentication key selected by the selecting means, wherein the selecting means selects the selected first key. A data storage device characterized by further selecting a second authentication key different from the first authentication key when the authentication process using the authentication key cannot be performed. 7. A data storage method of a data storage device mounted on an information processing device and exchanging data with the information processing device, comprising: an input / output control step of controlling input / output of the data with respect to the information processing device. A storage control step of controlling storage of data corresponding to a predetermined service and a plurality of authentication keys used for authentication processing with the information processing apparatus; and a plurality of the authentications whose storage is controlled by the processing of the storage control step. A selection step of selecting the authentication key used for the authentication process with the information processing device from a key; and an authentication step of performing an authentication process using the authentication key selected by the processing of the selection step, In the processing of the step, when the authentication processing using the selected first authentication key cannot be performed, a second authentication key different from the first authentication key is used. Data storage method characterized by further selecting Akashikagi. 8. A program for a data storage device mounted on an information processing device and exchanging data with the information processing device, comprising: an input / output control step of controlling input / output of the data to / from the information processing device. A storage control step of controlling storage of data corresponding to a predetermined service and a plurality of authentication keys used for authentication processing with the information processing apparatus; and a plurality of the storages controlled by the processing of the storage control step. A selection step of selecting the authentication key used for the authentication processing with the information processing device from an authentication key, and an authentication step of performing an authentication process using the authentication key selected by the processing of the selection step, In the processing of the selecting step, when the authentication processing using the selected first authentication key cannot be performed, a second authentication different from the first authentication key is performed. Recording medium readable program a computer, characterized by further selecting the key is recorded. 9. An information processing apparatus having a data storage device mounted thereon and exchanging data with the data storage device, comprising: an input / output control unit configured to control input / output of the data to / from the data storage device; Storage control means for controlling storage of information; input control means for controlling the input of a signal indicating selection of the secret information by a user; and a signal indicating selection of the secret information whose input is controlled by the input control means. Selecting means for selecting predetermined secret information from the plurality of pieces of secret information whose storage is controlled by the storage control means, based on the secret information selected by the selecting means. And the version information of the secret information,
An information processing device for controlling output to the data storage device. 10. An authentication unit for authenticating exchange of the secret information with the data storage device, wherein the authentication unit is different from a first authentication key used for exchange of the data other than the secret information. The information processing apparatus according to claim 9, wherein the exchange of the secret information is authenticated by using a second authentication key. 11. The information processing apparatus according to claim 9, further comprising an encryption unit that encrypts the secret information selected by the selection unit. 12. An information processing method for an information processing apparatus having a data storage device mounted thereon and exchanging data with the data storage device, an input / output control step of controlling input / output of the data to / from the data storage device. A storage control step of controlling storage of a plurality of secret information; an input control step of controlling input of a signal indicating selection of the secret information by a user; and the secret information whose input is controlled by the processing of the input control step. Selecting the predetermined secret information from a plurality of the secret information, the storage of which is controlled by the processing of the storage control step, based on a signal indicating the selection of Storing the secret information and the version information of the secret information selected by the processing of the step in the data storage device; The information processing method characterized by controlling the force. 13. A program for an information processing device having a data storage device mounted thereon and exchanging data with the data storage device, comprising: an input / output control step of controlling input / output of the data to / from the data storage device. A storage control step of controlling storage of a plurality of secret information; an input control step of controlling input of a signal indicating selection of the secret information by a user; and the secret whose input is controlled by the processing of the input control step. A selection step of selecting predetermined secret information from a plurality of pieces of secret information whose storage has been controlled by the processing of the storage control step, based on a signal indicating information selection, and the input / output control step includes: The secret information and the version information of the secret information selected by the process of the selecting step are stored in the data storage device. Recording medium readable program computer and controlling the force is recorded. 14. An information processing apparatus having a data storage device mounted thereon and exchanging data with the data storage device, wherein: an input / output control means for controlling input / output of the data to / from the data storage device; Storage control means for controlling storage of data corresponding to the data and a plurality of authentication keys used for authentication processing with the data storage device; and the data storage device from the plurality of authentication keys the storage of which is controlled by the storage control means. A selection unit for selecting the authentication key used for the authentication process, and an authentication unit for performing an authentication process using the authentication key selected by the selection unit. The storage is controlled by the storage control unit. When the authentication process using the first authentication key is prohibited among the plurality of authentication keys, the selecting unit may select a second authentication key different from the first authentication key. The information processing apparatus characterized by selecting Akashikagi. 15. An information processing method for an information processing apparatus having a data storage device mounted thereon and exchanging data with the data storage device, comprising: an input / output control step of controlling input / output of the data to / from the data storage device. A storage control step of controlling storage of data corresponding to a predetermined service and a plurality of authentication keys used for authentication processing with the data storage device; and a plurality of the authentications whose storage is controlled by the processing of the storage control step. A selection step of selecting the authentication key used for authentication processing with the data storage device from a key; and an authentication step of performing authentication processing using the authentication key selected by the processing of the selection step, The authentication process using the first authentication key is prohibited among the plurality of authentication keys whose storage is controlled by the process of the control step. If it has, the selection step, information processing method, characterized by selecting said first authentication key is different from the second authentication key of. 16. A program for an information processing device having a data storage device mounted thereon and exchanging data with the data storage device, comprising: an input / output control step of controlling input / output of the data to / from the data storage device. A storage control step of controlling storage of data corresponding to a predetermined service and a plurality of authentication keys used for authentication processing with the data storage device; and a plurality of the storages controlled by the processing of the storage control step. A selection step of selecting the authentication key used for the authentication process with the data storage device from an authentication key; and an authentication step of performing an authentication process using the authentication key selected by the processing of the selection step, The authentication processing using the first authentication key is prohibited among the plurality of authentication keys whose storage is controlled by the processing of the storage control step. If it has, the selection step, the first authentication key is different from the second recording medium on which computer-readable program, wherein is recorded to select the authentication key.