JP5163178B2 - Encryption key generation apparatus and method - Google Patents

Description

  The present invention relates to an encryption key generation apparatus and method using a password.

  Conventionally, operating automatic transaction machines such as ATMs (Automatic Teller Machines) and CDs (Cash Dispensers) installed at branches of financial institutions such as banks, credit unions, post offices, etc. Then, when performing financial transactions such as deposit, withdrawal, transfer, transfer, and remittance, the customer uses a card such as a cash card and inputs a personal identification number. In addition, when payment is made at a restaurant, store, etc., and the payment is made with a card such as a debit card or credit card, the customer uses the card and is placed at the store's cash register. A personal identification number is input by operating a terminal such as a POS (Point of Sales) terminal, a credit card terminal, or an accessory device thereof.

  Then, the automatic transaction apparatus and the terminal transmit the card information read from the card and the entered personal identification number together with information such as the amount of money to a host device such as a host computer connected via a communication line, Execute transaction processing such as transaction and settlement transaction. In this case, if the code number is transmitted to the host device without performing the encryption process, that is, in plain text, the code number may be analyzed by a third party from the communication content.

  Therefore, in recent years, a device called a pin pad has been adopted as a password input device for encrypting an input password. By connecting or incorporating the pin pad to the automatic transaction apparatus and the terminal, it is possible to transmit the encrypted password to the host device, so that the password is analyzed by a third party from the communication contents. There is nothing.

  The pin pad requires a key for encryption, and ANSI (American National Standard Institute) 9.24 is defined as a key handling rule. According to the convention, in order to generate a master key that is the highest key, a number string called a plurality of key components, that is, components must be input, and the components must be calculated to generate a master key. According to the PCI (Payment Card Industry) standard, in order to maintain a high security level, a component for generating a master key is provided with data input by a plurality of input persons in a sealed form, and is input from a pin pad based on the data. It is prescribed to be performed by a method (for example, see Non-Patent Documents 1 and 2).

  FIG. 2 is a diagram illustrating a conventional encryption key generation apparatus.

  In FIG. 2, reference numeral 102 denotes a password management unit provided in the conventional encryption key generation apparatus, and reference numeral 104 denotes a key generation unit provided in the conventional encryption key generation apparatus. Here, for convenience of explanation, only the case where the conventional encryption key generation device is a pin pad will be described.

  The pin pad has an input operation unit (not shown) provided with a numeric keypad, a denomination, a confirmation, a correction button, and the like for inputting an amount, a password, and the like. When the pin pad is connected to or incorporated in the automatic transaction apparatus and the terminal, the key component 103 as a component is generated by the operator. Then, the pin pad calculates the generated key component 103 to generate and register an encryption key 105 as a master key.

  In this case, in order to maintain confidentiality, data for generating the key component 103 is divided into a plurality of pieces in advance, and the divided pieces of data are handed to different workers. Here, for convenience of explanation, there are two workers A and B, the key component 103 generated by the worker A is the key component 103a, and the key component 103 created by the worker B is the key component. It is assumed that the number is 103b. Also, the passwords 101a and 101b as the key component creation password 101 are assigned to the workers A and B, respectively.

  When the generation of the key component 103 is started, first, the worker A operates the pin pad and inputs the password 101a for generating the key component. The input password 101a is checked by the password management unit 102. If the password 101a is not correctly input, it is repeatedly performed until it is correctly performed. When the correct password 101a is input, the worker A can generate the key component 103a. The generated key component 103 a is registered in the key generation unit 104.

  Subsequently, the worker B operates the pin pad to input the password 101b for generating the key component. As in the case of the worker A, the input password 101b is checked by the password management unit 102. If the password 101b is not input correctly, it is repeatedly performed until it is correctly performed. When the correct password 101b is input, the worker B can generate the key component 103b. The generated key component 103 b is registered in the key generation unit 104.

  When all the key components 103, that is, the key components 103a and 103b are generated and registered, the key generation unit 104 generates and registers the encryption key 105 based on the key components 103a and 103b.

When the password 101a of the worker A is changed, the password management unit 102 records that the password 101a has been changed, and does not permit generation of the key component 103 unless the password 101b of the worker B is also changed. It is like that. This is to increase the security of password management. Therefore, when one password 101 is changed, all passwords 101 need to be changed.
http://partnernetwork.visa.com/dv/pin/main.jsp http://www.ecom.jp/qecom/about_wg/wg05/cr-swg/code-4.html

  However, in the conventional encryption key generation device, when one password 101 is changed, it is necessary to change all the passwords 101. For example, when the worker A changes the password 101a, the worker Until B changes the password 101b, the worker A cannot generate the key component 103a. In the operation of generating the key component 103, not all workers necessarily work at the same place and at the same time zone. Therefore, until the password 101 of all workers is changed, If the generation cannot be performed, the work efficiency is significantly reduced.

  The present invention solves the above-mentioned conventional problems, and arranges a password management unit for managing the password of the worker who generates the key component for each worker, and records the password change history for each worker. Can generate a key component for each worker regardless of whether or not the password of another worker has been changed, and an encryption key generation device capable of maintaining high security with high work efficiency. It aims to provide a method.

  Therefore, in the encryption key generation device of the present invention, an input operation unit that is operated by a plurality of workers, inputs an individual password for each worker, and generates an individual key component for each worker; It is arranged for each worker, manages a password for each worker, records a change history of the password in password management data, and encrypts based on a plurality of key components generated by the worker A key generation unit that generates a key, and when the input password is correct, the password management unit permits generation of the key component regardless of whether the password of another worker is changed, and the key The generation unit refers to the password change history recorded in the password management data, and when the number of changes of all passwords is the same, the encryption key Generated.

  In another encryption key generation device of the present invention, when the time from when the first worker changes the password until the second worker changes the password exceeds a predetermined time, Disable the key component generated by the worker.

  In the encryption key generation method of the present invention, a plurality of workers operate the input operation unit to input individual passwords for each worker, and generate individual key components for each worker. A password management unit arranged for each worker manages a password for each worker, records a change history of the password in password management data, and a key generation unit is based on a plurality of key components generated by the worker. An encryption key generation method for generating an encryption key, wherein if the input password is correct, the generation of the key component is permitted regardless of whether the password of another worker is changed, and the password management data An encryption key is generated when the number of times of change of all passwords recorded in is the same.

  In another encryption key generation method of the present invention, when the time from when the first worker changes the password until the second worker changes the password exceeds a predetermined time, Disable the key component generated by the worker.

  According to the present invention, in the encryption key generation apparatus, the password management unit that manages the password of the worker who generates the key component is provided for each worker, and the password change history is recorded for each worker. As a result, a key component can be generated for each worker regardless of whether or not the password of another worker has been changed, so that work efficiency is high and high security can be maintained.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram showing an encryption key generation apparatus according to an embodiment of the present invention.

  In the figure, reference numeral 10 denotes an encryption key generation apparatus according to the present embodiment. For example, the encryption key generation apparatus is similar to an apparatus called a pin pad, and is used as a personal identification number input apparatus that encrypts an input personal identification number. . Specifically, the encryption key generation device 10 is used by being connected to or incorporated in a transaction device (not shown), and transmits the encrypted password to the host device of the transaction device. As a result, the personal identification number is not analyzed by a third party from the communication content.

  The transaction apparatus is, for example, an automatic transaction apparatus such as an ATM or a CD disposed in a branch of a financial institution such as a bank, a credit union, a post office, a store of a store such as a convenience store, a supermarket, or a department store, an underground mall Multi-function terminals such as kiosks (KIOSK) terminals that have a ticket reservation function, product purchase application function, credit card credit confirmation function, facility information guidance function, etc., restaurants and shops such as restaurants and bars POS terminals, credit card terminals, etc., which are arranged at the cash register of stores, but using cards such as cash cards, debit cards, credit cards, etc., such as deposit, withdrawal, transfer, transfer, remittance, etc. When performing various transactions such as financial transactions and payments, it is possible to install a device that authenticates by entering a PIN. It may be any type of device.

  Here, a case where the transaction apparatus is an apparatus having a deposit / withdrawal function such as an automatic transaction apparatus, a multi-function terminal, a POS terminal, and the like will be described. In this case, the transaction apparatus is connected to a communication line network such as a telephone line network, a LAN (Local Area Network), an intranet, an online network, and the Internet, and a host computer (not shown) is connected through the communication line network. It is communicably connected to the host device. Then, the input password is sent to the host device together with information such as the amount of money, and processing of transactions such as financial transactions and settlement transactions is executed.

  The encryption key generation device 10 as a pin pad functions as a device that is operated by a customer to input a personal identification number. For this reason, the encryption key generation apparatus 10 includes a calculation unit such as a CPU and an MPU, a storage unit such as a semiconductor memory and a magnetic disk, and a numeric keypad and denomination as an input unit for inputting numbers and characters such as a password. And an input operation unit (not shown) provided with a confirmation, correction button, etc., and an encryption processing means for encrypting the input password and transmitting the encrypted password. The encryption key generation device 10 may be incorporated in the transaction device, or may be configured separately from the transaction device and connected to the transaction device via a communication cable or the like. Also good.

  The encryption key generation apparatus 10 is compliant with ANSI 9.24 as the pin pad standard described in the section “Background Art”. Therefore, in order to generate the encryption key 15 as a master key that is the highest key, a plurality of key components 13 must be generated and a master key must be generated by performing an operation based on the plurality of key components 13. Further, in the PCI standard described in the “Background Art” section, in order to maintain a high security level, the key component 13 for generating the encryption key 15 is provided with a plurality of workers, each of which is handed data in a sealed form. It is stipulated that the method is performed by operating the pin pad based on the data.

  Note that the data for generating the key component 13 is divided into a plurality of pieces in advance, and the divided pieces of data are handed to different workers. Here, for convenience of explanation, there are two workers A and B, the key component 13 generated by the worker A is the key component 13a, and the key component 13 created by the worker B is the key component. It is assumed that it is 13b. Also, the passwords 11a and 11b as the passwords 11 for creating the key components are assigned to the workers A and B, respectively.

  The encryption key generation apparatus 10 includes a password management unit 12 that checks the input password 11 and manages the password 11 and records a change history of the password 11. The password management unit 12 is provided for each worker, and creates password management data 16 in which the change history of the password 11 is recorded for each worker. Therefore, in the illustrated example, the password management unit 12 includes password management units 12a and 12b corresponding to the workers A and B. When the input password 11 is correct, each password management unit 12 permits the key component 13 to be generated regardless of whether the password 11 of another worker has been changed.

  Further, the encryption key generation apparatus 10 registers the key component 13 generated by the operator, and when all the key components 13 are registered, the encryption key 15 is based on the plurality of registered key components 13. A key generation unit 14 for generating. The key generation unit 14 refers to the password management data 16 when generating the encryption key 15, and when any one password 11 is changed, all the remaining passwords 11 are not changed. As long as the encryption key 15 is not generated. That is, the key generation unit 14 generates the encryption key 15 when all the passwords 11 have the same number of changes.

  Next, the operation of the encryption key generation apparatus 10 having the above configuration will be described. Here, only the operation of generating the encryption key 15 will be described.

  In order to make the encryption key generation device 10 as a pin pad usable, a plurality of keys for generating the encryption key 15 when the encryption key generation device 10 is connected to or attached to a transaction device. Key components 13a and 13b are generated and registered. An operator who specifies the data for generating the key components 13a and 13b at the time of shipment of the encryption key generation apparatus 10 from the factory, and that generates the encryption key 15 by the envelope in which the printed paper is enclosed. Handed to each of A and B. Further, in order to generate the key components 13a and 13b, individual passwords 11a and 11b are designated for the workers A and B, and are handed to each of the workers A and B.

  When the operation of generating the encryption key 15 is started, the workers A and B operate the encryption key generation device 10 at different times, and according to the data handed to each, the key components 13a and 13 13b is generated. The procedure for generating the key component 13 is the same for all the key components 13.

  When generation of the key component 13a is started, the worker A first operates the input operation unit of the encryption key generation device 10 to input the password 11a for generating the key component. The input password 11a is checked by the password management unit 12a corresponding to the worker A. If the password 11a is not correctly input, it is repeatedly performed until it is correctly performed. When the correct password 11a is input, the worker A can generate the key component 13a. The generated key component 13 a is registered in the key generation unit 14.

  Subsequently, the worker B operates the input operation unit to input the password 11b for generating the key component. As in the case of the worker A, the input password 11b is checked by the password management unit 12b corresponding to the worker B. If the password 11b is not input correctly, it is repeated until it is correctly input. Done. When the correct password 11b is input, the worker B can generate the key component 13b. The generated key component 13 b is registered in the key generation unit 14.

  When all the key components 13, that is, the key components 13 a and 13 b are generated and registered, the key generation unit 14 refers to the password management data 16. In this case, since no password 11 of any worker has been changed, the key generation unit 14 generates and registers the encryption key 15 based on the key components 13a and 13b.

  Next, a case where the password 11a designated for the worker A is changed will be described.

  The change of the password 11a designated for the worker A is managed by the password management unit 12a corresponding to the worker A. Then, the password management unit 12 a registers the change history of the password 11 a in the password management data 16.

  Subsequently, when generation of the key component 13a is started, first, the worker A operates the input operation unit of the encryption key generation apparatus 10 and inputs the changed password 11a '. The input password 11a 'is checked by the password management unit 12a corresponding to the worker A. When the input password 11a ′ matches that registered in the password management data 16 as the changed password 11a ′, that is, when the password management unit 12a determines that the password is correct, the worker A A key component 13a can be generated.

  In this case, the worker A can generate the key component 13a regardless of whether or not the password 11b designated for the other worker, that is, the worker B is changed. Then, the generated key component 13 a is registered in the key generation unit 14.

  The change of the password 11b designated for the worker B is managed by the password management unit 12b corresponding to the worker B. The password management unit 12 b registers the change history of the password 11 b in the password management data 16.

  Subsequently, when generation of the key component 13b is started, the worker B first operates the input operation unit of the encryption key generation device 10 and inputs the changed password 11b '. The input password 11b 'is checked by the password management unit 12b corresponding to the worker B. When the input password 11b ′ matches that registered in the password management data 16 as the changed password 11b ′, that is, when the password management unit 12b determines that the password is correct, the worker B A key component 13b can be generated.

  In this case, the worker B can generate the key component 13b regardless of whether or not the password 11a designated for the other worker, that is, the worker A has been changed. Then, the generated key component 13 b is registered in the key generation unit 14.

  Subsequently, when all the key components 13, that is, the key components 13 a and 13 b are generated and registered, the key generation unit 14 refers to the password management data 16. In this case, since the password 11 of any worker has been changed, the key generation unit 14 generates and registers the encryption key 15 based on the key components 13a and 13b. In other words, the key generation unit 14 generates and registers the encryption key 15 only when all the key components 13 are generated and registered, and all the passwords 11 are changed the same number of times.

  Thus, in this embodiment, the password management unit 12 is provided for each worker, and the change history of the password 11 is recorded and registered in the password management data 16 for each worker. Each password management unit 12 permits the generation of the key component 13 regardless of whether or not the password 11 of another worker is changed when the input password 11 is correct. The key generation unit 14 refers to the change history of the password 11 registered in the password management data 16, all the key components 13 are generated and registered, and all the passwords 11 are changed the same number of times. The encryption key 15 is generated and registered only when it is broken.

  Thereby, each worker can generate each key component 13 regardless of whether or not the password 11 of another worker is changed. Therefore, each worker can individually perform the work for generating the key component 13 without waiting for the change of the password 11 of the other worker, so that work efficiency is improved.

  The key generation unit 14 refers to the change history of the password 11 registered in the password management data 16 and generates the encryption key 15 only when the same number of changes have been made for all passwords 11. High security can be maintained.

  In the present embodiment, the case where the encryption key generation device 10 is a pin pad has been described as an example. However, the encryption key generation device 10 does not necessarily need to be a pin pad and is accompanied by the input of the password 11. As long as the device generates the encryption key 15, any type of device may be used.

  Also, the time from when worker A as the first worker changes password 11a to when worker B as the second worker changes password 11b has exceeded a predetermined time set in advance. In this case, the key component 13a generated by the worker A may be invalidated. Thereby, security can be further improved.

  In addition, this invention is not limited to the said embodiment, It can change variously based on the meaning of this invention, and does not exclude them from the scope of the present invention.

It is a figure which shows the encryption key production | generation apparatus in embodiment of this invention. It is a figure which shows the conventional encryption key generation apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Encryption key generation apparatus 11a, 11b Password 12a, 12b Password management part 13a, 13b Key component 14 Key generation part 15 Encryption key 16 Password management data

Claims (4)

(A) an input operation unit that is operated by a plurality of workers, inputs an individual password for each worker, and generates an individual key component for each worker;
(B) a password management unit that is arranged for each worker, manages a password for each worker, and records a change history of the password in password management data;
(C) a key generation unit that generates an encryption key based on a plurality of key components generated by the worker;
(D) If the input password is correct, the password management unit permits generation of the key component regardless of whether or not the password of another worker is changed,
(E) The key generation unit refers to a password change history recorded in the password management data, and generates an encryption key when the number of changes of all passwords is the same. Key generator. The key component generated by the first worker is invalidated when the time from when the first worker changes the password until the second worker changes the password exceeds a predetermined time. The encryption key generation device described in 1. (A) A plurality of workers operate the input operation unit to input individual passwords for each worker, and generate individual key components for each worker,
(B) A password management unit arranged for each worker manages a password for each worker, records a change history of the password in password management data,
(C) An encryption key generation method in which a key generation unit generates an encryption key based on a plurality of key components generated by the worker,
(D) If the entered password is correct, the generation of the key component is permitted regardless of whether the password of another worker has been changed,
(E) An encryption key generation method, wherein an encryption key is generated when the number of changes of all passwords recorded in the password management data is the same. 4. The key component generated by the first worker is invalidated when the time from when the first worker changes the password until the second worker changes the password exceeds a predetermined time. The encryption key generation method described in 1.

Images