JPH08339429A - Portable information recording medium and information processing system using the medium - Google Patents

Abstract

PURPOSE: To improve the security of the information processing system which performs mutual authorization with two IC cards. CONSTITUTION: The mutual authorization is performed by inserting the IC card 10 for a depositor and the IC card 20 for a bank 20 to a reader/writer device 30. A random number RND generated (2) in the IC card 10 is supplied to the IC card 20 and ciphered (5) to obtain an authorization code A (6). The authorization code A is supplied to the IC card 10 and collated (8) to check whether the code is correct or not, thereby authorizing the IC card 20. On condition that the authorization of the IC card 20 is completed, an authorizing process for the IC card 10 is allowed. An authorization code collation command (7) is executed only when given after a random number generation command (1), and dishonest trial and error are excluded by repeatedly giving only the authorization code collation command.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable information recording medium and an information processing system using the portable information recording medium. An advanced information processing system.

[0002]

2. Description of the Related Art IC cards have been attracting attention as a next-generation portable information recording medium replacing magnetic cards. Recently, due to technological advances for miniaturization and cost reduction of semiconductor integrated circuits, ICs have been used in various systems in the real world.
The card has come into practical use.

In particular, in an IC card with a built-in CPU,
Since an information processing function is added to the function of a mere information recording medium, it is expected to be used in an information processing system that requires high security. A typical method for ensuring security is a PIN (Personal Ideal) unique to the owner, issuer, or manufacturer of the IC card.
ntification number) and set this PIN for each I
PI that is recorded in the C card and given from the outside
A method of confirming the correctness of the operator by collating N with the PIN recorded inside is generally used. However, in such a PIN verification method, P
Sufficient security cannot be secured if the IN itself is leaked.

Therefore, a method of ensuring higher security by performing mutual authentication using two sets of media has also been put into practical use. For example, in an information processing system in which transaction data of bank deposits is recorded in an IC card and used in place of a passbook, it is a serious problem that transaction data recorded in the IC card may be tampered with by an unauthorized means. become. Therefore, with regard to the depositor IC card that is handed to each depositor instead of a passbook, it is possible to access the transaction data by making it impossible to access the transaction data by itself and using it together with a separately prepared bank IC card. With such a configuration, security can be enhanced. For example, a reader / writer device installed in a bank store is provided with an insertion slot into which two IC cards can be inserted at the same time. An IC card for a depositor is inserted through one opening and the other through the other opening. Insert a bank IC card. Then, if both parties perform processing to authenticate that the other party is a valid card, and only if both parties obtain a positive authentication result, it is possible to access the transaction data, Security can be improved.

As described above, if the system is constructed on the premise of mutual authentication using two sets of media, it is possible to secure much higher security than a system that relies only on PIN verification. In the above example, the bank IC card is reliably managed by the person in charge of the bank, and therefore the possibility of damage such as theft is extremely small. On the other hand, the IC card for depositors is stolen or lost because it is carried by ordinary depositors, but the transaction data cannot be accessed without using the IC card for banking. It becomes possible to suppress the occurrence of actual damage as much as possible.

A method using a secret key and a random number has been proposed as a method for performing mutual authentication on two sets of media. For example, when mutual authentication is performed between a depositor IC card and a bank IC card, the following processing is executed. First, the same secret key is recorded in each of the depositor IC card and the bank IC card. Once written, this secret key should never be read out. And
First, a random number is generated inside the depositor's IC card, and this random number is given to the bank IC card. The bank IC card side uses the secret key recorded inside to encrypt the given random number to create an authentication code, and returns the created authentication code to the depositor's IC card. IC for depositors
On the card side, using the secret key recorded inside, the random number generated inside is encrypted to create an authentication code, and the created authentication code and the authentication code returned from the bank IC card It is checked whether and match. If the two match, the process of authenticating the bank IC card with the IC card for depositor, in other words, the IC card for depositor itself said, "The other party IC card for bank is legitimate. Processing that is recognized as “” has been completed. If this processing is completely opposite, the processing for authenticating the depositor's IC card with the bank IC card, in other words, the bank IC card itself will say, "The other party's IC card for the depositor is legitimate. The process of recognizing that the item is "complete" is completed.

[0007]

As described above, in the information processing system that performs mutual authentication using two sets of media, P
It is possible to ensure a much higher level of security than a system that relies only on IN verification. However, the technical level of the so-called “hacker”, which is an illegal user, is also increasing year by year, and the mutual authentication system described above does not always have sufficient security. There is.

For example, it may be impossible to read out the secret key itself recorded in the IC card to the outside, but an encrypted command is given to the IC card together with some number, and this secret key is used. It is possible to output the obtained authentication code to the outside after internally executing the process of encrypting the number and creating the authentication code. Therefore, when given a number,
By analyzing what kind of authentication code is output, the secret key recorded inside can be estimated.

As another method, if an authentication code collation command is given to the IC card together with an authentication code and the authentication code collation processing is executed, at least a positive collation result or a negative collation result is obtained. , Or will be obtained. Therefore, by repeating the operation of giving various authentication codes by trial and error until a positive verification result is obtained, what kind of authentication code is given and which positive verification result is obtained. It will be possible to know and still have the material to deduce the secret key.

Therefore, it is an object of the present invention to provide a portable information recording medium capable of mutual authentication ensuring a higher degree of security and an information processing system using the portable information recording medium.

[0011]

[Means for Solving the Problems]

(1) According to a first aspect of the present invention, both a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function are provided in the information recording medium. And a first authentication process for authenticating whether or not the first portable information recording medium is a valid medium for the second portable information recording medium by connecting to a reader / writer device having a function of accessing , A second authentication process for authenticating whether or not the second portable information recording medium is a valid medium for the first portable information recording medium, and performing the first authentication process and the second In the information processing system configured to permit access to at least a specific recording area in the first portable information recording medium when a positive authentication result is obtained in both authentication processes, Authentication process The second authentication process can be executed only when a positive authentication result is obtained.

(2) According to a second aspect of the present invention, both a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function are provided.
A first authentication unit that is connected to a reader / writer device having a function of accessing these information recording media and authenticates whether or not the first portable information recording medium is a valid medium for the second portable information recording medium. Authentication processing, and second authentication processing for authenticating whether or not the second portable information recording medium is a valid medium for the first portable information recording medium.
In a portable information recording medium used in an information processing system configured to be capable of executing a predetermined key stored internally when a random number encryption command is given together with a predetermined random number from a reader / writer device. Create an authentication code by encrypting the given random number using
Only if the portable information recording medium of the other party is authenticated as a legitimate medium after connecting to the reader / writer device, the function is provided to execute the random number encryption process to send the created authentication code to the reader / writer device. The random number encryption process is configured to be executed.

(3) A third aspect of the present invention is the above-mentioned second aspect.
In the portable information recording medium according to this aspect, an area for recording the authenticated information of the other party is provided in the volatile memory that retains the stored content only while being connected to the reader / writer device, and the portable information recording of the other party is performed. When the medium is authenticated as a legitimate medium, the other party authentication information is written in this area, and when a random number encryption command is given from the reader / writer device, this area is referred to and the other party authentication is performed. The random number encryption process is executed only when the completed information is written.

(4) According to a fourth aspect of the present invention, both a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function are provided.
A first authentication unit that is connected to a reader / writer device having a function of accessing these information recording media and authenticates whether or not the first portable information recording medium is a valid medium for the second portable information recording medium. Authentication processing, and second authentication processing for authenticating whether or not the second portable information recording medium is a valid medium for the first portable information recording medium.
In a portable information recording medium used in an information processing system configured to execute a random number generation command when a random number generation command is given from the reader / writer device, the generated random number is used as the reader / writer device. And the function of executing the random number generation processing to be sent to the reader / writer device, when the authentication code collation command is given from the reader / writer device together with the authentication code created in the portable information recording medium of the other party, By using the key of, the random number generated by the random number generation process executed in the past is encrypted to create an authentication code, and whether the created authentication code matches the authentication code given by the reader / writer device. And a function for executing an authentication code matching process for sending the matching result to the reader / writer device. Only if the random number generation process is executed at least once after the continuation, and the authentication code comparison process has not been executed even once after the last executed random number generation process. The processing is configured to be executed.

(5) The fifth aspect of the present invention is the above-mentioned fourth aspect.
In the portable information recording medium according to this aspect, a region for recording the random number generated information is provided in the volatile memory that retains the stored content only while being connected to the reader / writer device, and the random number generation process is executed. After that, a process of writing information indicating “generated” in this area is performed, and after performing an authentication code matching process, a process of writing information indicating “not generated” in this area is performed and authentication is performed from the reader / writer device. When a code collation command is given, this area is referred to, and the authentication code collation processing is executed only when the information indicating "generated" is written.

(6) According to a sixth aspect of the present invention, both a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function are provided.
A first authentication unit that is connected to a reader / writer device having a function of accessing these information recording media and authenticates whether or not the first portable information recording medium is a valid medium for the second portable information recording medium. Authentication processing, and second authentication processing for authenticating whether or not the second portable information recording medium is a valid medium for the first portable information recording medium.
In a portable information recording medium used in an information processing system configured to execute a random number generation command when a random number generation command is given from the reader / writer device, the generated random number is used as the reader / writer device. And the function of executing the random number generation processing to be sent to the reader / writer device, when the authentication code collation command is given from the reader / writer device together with the authentication code created in the portable information recording medium of the other party, By using the key of, the random number generated by the random number generation process executed in the past is encrypted to create an authentication code, and whether the created authentication code matches the authentication code given by the reader / writer device. And a function for executing an authentication code matching process for sending the matching result to the reader / writer device. As immediately after the command of the random number generation command, only when the authentication code collating command is applied, which is constituted as the authentication code verification process is executed.

(7) A seventh aspect of the present invention relates to the above-mentioned sixth aspect.
In the portable information recording medium according to the above aspect, an area for recording the random number generated information is provided in the volatile memory that retains the stored content only while being connected to the reader / writer device, and processing based on the random number generation command is performed. After executing, perform the process to write the information indicating "generated" in this area,
After processing based on a command other than the random number generation command, write information indicating "not generated" in this area, and refer to this area when the reader / writer device gives the authentication code matching command. Then "generated"
The authentication code collating process is executed only when the information indicating is written.

[0018]

[Operation] In the information processing system according to the present invention, when two sets of portable information recording mediums are connected to a reader / writer device to perform mutual authentication, the first portable information recording medium is changed to the second portable information recording medium.
Only when a positive authentication result is obtained as a result of performing the first authentication process for authenticating whether the portable information recording medium is a valid medium, the reverse authentication process, that is, the second The second authentication process for authenticating whether the portable information recording medium is a valid medium for the first portable information recording medium can be executed.

Consider, for example, a concrete system in which the depositor IC card is the first portable information recording medium and the bank IC card is the second portable information recording medium. The bank IC card is valid for the depositor's IC card only when a positive authentication result is obtained as a result of the first authentication process for authenticating the bank IC card as the card. It is possible to execute the second authentication process for authenticating Therefore, even if the depositor IC card is stolen or lost, the authentication process for recognizing the depositor IC card as valid is not executed unless there is a valid bank IC card. No response based on the execution of such authentication processing can be obtained from the depositor IC card. That is, as a part of the authentication processing for recognizing the depositor IC card as valid, a random number encryption command is given to the depositor IC card, and an authentication code is created by encrypting the random number. Even if the function for sending the data to the outside is provided, if it is configured so that such a function is executed only when the bank IC card is authenticated as a valid medium, it is legal. Unless there is a proper bank IC card, the depositor IC card cannot execute such a function.

Further, in response to the random number generation command, a random number is internally generated, and the generated random number is given to the portable information recording medium of the other party.
After creating an authentication code based on this random number, if you have the function to collate the authentication code created in this other party's portable information recording medium with the authentication code created by yourself, execute it last If the authentication code collation process is configured to be executed only after the authentication code collation process has not been executed even once after the generated random number generation process, many authentication codes are tried for the same random number. It becomes impossible to erroneously give and execute the authentication code matching process, and it is possible to prevent a decrease in security due to an illegal trial and error. Further, even if the authentication code collating process is executed only when the authentication code collating command is given as the command immediately after the random number generation command, it is possible to prevent the illegal trial and error.

[0021]

The present invention will be described below with reference to illustrated embodiments.

§1. General information processing for mutual authentication
Basic Configuration of System First, the basic configuration of a general information processing system that performs mutual authentication will be described. This information processing system is a general system conventionally proposed as a system using two sets of portable information recording media. FIG. 1 is a conceptual diagram showing the overall configuration of such a system, and here, an example using an IC card as a portable information recording medium is shown.

In FIG. 1, both the first IC card 10 and the second IC card 20 are IC cards having an information processing function. The reader / writer device 30 is a device having a function of accessing these IC cards, and is usually used by connecting to a computer (not shown). The reader / writer device 30 is provided with two insertion ports. The first IC card 10 is inserted into one insertion port and the second IC card 20 is inserted into the other insertion port.

FIG. 2 is a block diagram showing the internal structure of the first IC card 10. As shown in this block diagram, the IC card 10 includes a CPU 11 and a ROM.
12, a RAM 13, and an EEPROM 14 are built in. The CPU 11 is a component that controls the information processing function of this IC card, and executes predetermined information processing based on a program stored in the ROM 12. RAM13
Is a memory used as a work area when the CPU 11 executes information processing. The EEPROM 14 is a memory used for recording information, which is the original purpose of the IC card, and stores user data, various keys, and the like. A power supply and a clock signal are supplied to the IC card 10 from the reader / writer device 30, and the card and the outside communicate with each other using I / O signals. Here, ROM12
The EEPROM 13 and the EEPROM 14 are non-volatile memories that retain recorded contents even when the power supply is stopped.
Is a volatile memory whose recorded contents are lost when power supply is stopped. Note that FIG. 2 shows a state in which the other party authenticated flag and the random number generated flag are written in the RAM 13, but these flags are flags used when the present invention is applied. The description will be given later.

All the memories in the IC card 10 are accessed by the CPU 11, and the memories in the IC card 10 cannot be directly accessed from an external device such as the reader / writer device 30. CPU
Reference numeral 11 has a function of centrally managing the entire IC card 10 based on a predetermined command given from an external device. For example, in order to write data to a predetermined area of the EEPROM 14 from an external device, it is necessary to give a predetermined write command to the CPU 11.
In order to read the data in the predetermined area of the ROM 14 to the outside, it is necessary to give a predetermined read command to the CPU 11. When executing such a write command or a read command, an EEPROM is used as necessary.
The key recorded in 14 and the key given from the external device are collated.

The internal structure of the first IC card 10 has been described above, but the hardware structure of the second IC card 20 is exactly the same. However, software is slightly different based on the different uses.

The essential part of this information processing system is
The point is that in order to access at least the user data portion in the EEPROM 14 of the first IC card 10, mutual authentication of both IC cards 10 and 20 is required. That is, first, both IC cards 10,
20 is inserted into the insertion port of the reader / writer device 30 so that both IC cards 10 and 20 are electrically connected to the reader / writer device 30, and the IC card of the other party is valid between them. If the card has not been authenticated, then at least the first I
Access to the user data portion in the EEPROM 14 of the C card 10 is prohibited.

Here, in order to facilitate understanding, the first
The following description will be made on a specific example in which the IC card 10 is used as a depositor's IC card and the second IC card 20 is used as a bank IC card. Transaction information relating to bank deposits will be recorded as user data in the depositor's IC card, and the depositor will use this IC card as a passbook. A reader / writer device 30 and a computer (not shown) connected to the reader / writer device 30 are installed in a branch of the bank, and the reader / writer device 30 has a bank IC.
The card is inserted. When the depositor uses the IC card for the depositor to perform some transaction, the IC card for the depositor is inserted into the reader / writer device 30, and a PIN key such as a PIN is input to the computer as necessary. . The input personal identification key is given to the depositor's IC card through the reader / writer device 30. Inside the depositor's IC card, the personal identification key pre-recorded in the EEPROM 14 and the personal identification given from the outside are provided. Matches with the key.

In this system, such PIN verification is performed, and mutual authentication is performed between both IC cards. That is, the IC card for depositor authenticates whether or not the IC card for bank of the other party is valid, and conversely, the IC card for bank is valid for the IC card for depositor of the other party. If a positive authentication result is obtained for both of them, a process of authenticating whether or not the data is authenticated is permitted to access the user data in the IC card for depositor such as reading and writing. Will be. By adopting such a mutual authentication system, security can be greatly improved. For example, consider a case where an IC card for a depositor is taken by an unauthorized user due to theft or loss. In this case, P
In a system having only IN collation as a security measure, if the PIN is known in some way, there is a possibility that an unauthorized user may make an unauthorized access.
For example, if an unauthorized user possesses a device having a function equivalent to that of the reader / writer device 30, if he / she only knows the PIN, the unauthorized access to the depositor IC card becomes possible. However, in a system that requires mutual authentication, such unauthorized access cannot be performed unless the bank IC card is illegally acquired.

§2. General Mutual Authentication Process Next , a general mutual authentication process conventionally proposed in the information processing system having the mutual authentication as a security condition as described in §1 will be described. FIG. 3 is a flowchart showing a general processing procedure of a CPU in an IC card having such mutual authentication as a security condition. As described above, the power supply to the IC card is generally performed from the reader / writer device side, and when the IC card is connected to the reader / writer device, the power supply is performed.
The CPU will be reset. The flowchart of FIG. 3 shows the processing procedure after this reset.

First, in step S1, reset response processing is performed. This is a process of transmitting a response signal indicating that the CPU has been reset from the IC card to the reader / writer device. Then, in step S2, the IC card enters a state of waiting for command reception.
When any command is given from the reader / writer device, a branch process based on the given command is performed in step S3, and a process corresponding to each command is executed in steps S4 to S7. Then, in the subsequent step S8, a response is transmitted. That is, some transmission data is transmitted as a response from the IC card to the reader / writer device side. What kind of data is transmitted depends on what kind of command processing is executed. In any case, when a command is given to the IC card from the reader / writer device, the CPU in the IC card
The operation of executing the process according to this command, transmitting some response, and waiting for the next command is repeated.

The processing contents for each command are programmed in the ROM in the IC card, and step S3
The command branch of is equivalent to the branch to each processing routine for the corresponding command. Since the purpose of this description is to explain the contents of the mutual authentication process, in the flowchart of FIG. 3, three commands related to this mutual authentication process, that is, a random number generation command, a random number encryption command, and an authentication code collation are given. Command, step S
4, S5 and S6 are shown independently, and other commands are shown in step S7. Actually, the "other commands" shown in step S7 include various commands necessary for using this IC card for its original purpose, such as a user data write command and a user data read command. However, the description of these commands is omitted here.

Next, the processing contents when three commands related to the mutual authentication processing are given will be briefly described.
First, the random number generation command executed in step S4 is a command generally called "GENERATE CHALLENGE". When this command is given, the CPU internally executes a process of generating a random number and setting the generated random number as transmission data. Therefore, in step S8 executed later, the value of this set random number is transmitted to the reader / writer device as response data. After all, from the viewpoint of the reader / writer device, when a random number generation command is given to the IC card, the random number value is returned as a response.

The random number encryption command performed in step S5 is a command generally called "INTERNAL AUTHENTICATE" (according to the IC card international standard). This command is given together with a predetermined random number. When this command is given, the CPU
A given key recorded in the PROM is used to encrypt a given random number to create an authentication code. Then, a process of setting the created authentication code as transmission data is executed. Therefore, in step S8 executed later, the value of the set authentication code is transmitted to the reader / writer device side as response data.

For example, assume that the reader / writer device gives a random number encryption command together with the random number "RND" to the IC card. The CPU uses the predetermined key "KEY" recorded in the EEPROM to generate this random number "R".
ND ”is encrypted. Although various methods are used as this encryption algorithm, if the encryption algorithm is grasped as a function “f”, the authentication code A obtained by the encryption is A = f (RND,
KEY). In other words, the authentication code A is the given random number “RND” and the predetermined key “KE”.
It will be represented by a function with "Y". After all, from the viewpoint of the reader / writer device, if a random number encryption command is given to the IC card together with the random number “RND”, A = f (RND, K
The authentication code A represented by EY) will be returned as a response.

Further, the authentication code collation command executed in step S6 is generally "EXTERNAL AUTHENTICATE".
It is a command called. This command is given with a predetermined authorization code. When this command is given, the CPU uses a predetermined key recorded in the EEPROM to encrypt a random number generated by a random number generation process executed in the past to create an authentication code. Then, it is checked whether the created authentication code matches the authentication code given by the reader / writer device, and a process of setting the verification result as transmission data is executed. Therefore, in step S8 executed later,
The set verification result is transmitted to the reader / writer device side as response data.

For example, it is assumed that the reader / writer device gives an authentication code collation command together with the authentication code "A" to the IC card. And at this time, this IC
It is assumed that a predetermined random number "RND" has been generated in the inside of the card. In this case, the CPU is the EEPROM
By using a predetermined key "KEY" recorded in, the process of encrypting the random number "RND" generated in the past,
Create an authentication code “B”. That is, the authentication code B
Becomes a value represented by B = f (RND, KEY). Further, the CPU verifies whether the created authentication code “B” and the authentication code “A” given from the reader / writer device match, and sets the result as transmission data. After all, from the viewpoint of the reader / writer device, when the authentication code collation command is given to the IC card together with the authentication code “A”, the comparison and collation between the authentication code “B” and the authentication code “A” created inside the IC card are performed. The matching result indicating matching or mismatching is returned as a response.

The processing contents when three commands related to the mutual authentication processing are given have been briefly described above.
Next, a specific authentication processing procedure using these commands will be described. FIG. 4 shows a second IC card 2 using the first IC card 10 (in this example, an IC card for depositors).
9 is a diagram showing a procedure of an authentication process for 0 (in this example, a bank IC card). In other words, this authentication process can be said to be a process in which the CPU on the IC card side for depositors authenticates whether or not the counterpart IC card for bank is valid. However, the CPU of each IC card
Each of them has only the function of performing some processing for the first time when a command is given from the reader / writer device. Therefore, in order to execute such authentication processing, some command is given from the reader / writer device to the IC card. You have to take action. In FIG.
The operation indicated by is an operation that gives such a command or an operation that is triggered by the command.
Hereinafter, these operations will be described in order.

First, as an operation, a random number generation command is given from the reader / writer device to the depositor IC card. In the IC card for depositor receiving this command, a random number "RND" is generated as an operation, and the generated random number "RND" is returned as a response to the reader / writer device in the operation. continue,
As an operation, a random number encryption command is given from the reader / writer device to the bank IC card. As described above, this random number encryption command is a command accompanied by a predetermined random number. Therefore, the reader / writer device gives the returned random number "RND" as an operation to the bank IC card together with the random number encryption command in the operation. The bank IC card operates as a given random number "RN
D "encryption is performed. That is, using the predetermined key "KEY" recorded in the EEPROM, the function f
Random number "RND" based on the predetermined algorithm
Is encrypted, and an authentication code A represented by A = f (RND, KEY) is created. Authentication code A created in this way
In operation, is returned to the reader / writer device as a response.

Next, as an operation, the reader / writer device gives an authentication code collation command to the depositor's IC card. As described above, this authentication code matching command is a command accompanied by a predetermined authentication code. Therefore, the reader / writer device gives the authentication code A returned as the operation to the depositor IC card together with the authentication code collation command in the operation. As an operation, the IC card for depositor executes the encryption of the random number generated in the past, that is, the random number “RND” generated in the operation. That is, the random number "RND" is encrypted based on a predetermined algorithm represented by the function f using a predetermined key "KEY" recorded in the EEPROM, and B = f
An authentication code B represented by (RND, KEY) is created. Then, it is checked whether or not the authentication code B created in this way and the authentication code A given from the reader / writer device match. This collation result (“O
In operation, "K" or "NG" indicating disagreement is returned as a response to the reader / writer device.

The above is the general procedure of the authentication processing. Here, the predetermined key "KEY" used on the depositor's IC card side and the predetermined key "KEY" used on the bank IC card side are set to be exactly the same (in other words, The same "KEY" is written in advance in the EEPROM of the IC card), and the encryption algorithm f used on the IC card side for the depositor and the encryption used on the IC card side for the bank If it is made to be exactly the same as the algorithm f (in other words, if the same routine is written in advance in the ROMs of both IC cards as the execution routine of the random number encryption command). , The authentication code A and the authentication code B should match. Therefore, in the operation, if a collation result of "OK" indicating a match is obtained, it is verified that the counterpart IC card for the bank is a legitimate one as viewed from the IC card for the depositor. It will be.

On the other hand, FIG. 5 shows the first IC card 1 using the second IC card 20 (in this example, a bank IC card).
It is a diagram showing the procedure of the authentication process for 0 (IC card for depositor in this example). In other words, this authentication processing can be said to be processing in which the CPU on the bank IC card side authenticates whether or not the counterpart IC card for depositor is valid. The procedure of this authentication process is a completely interchanged role of both IC cards in the procedure of the authentication process shown in FIG. 4, and the diagram of FIG. 4 corresponds to the diagram of FIG. Therefore, a detailed description of the diagram of FIG. 5 is omitted, but a brief description of only the outline is as follows.

First, as an operation, a random number generation command is given to the bank IC card, a random number "RND" is generated as an operation, and this is returned as a response in the operation. Next, as an operation, a random number encryption command is given together with the random number “RND” to the depositor IC card, and the authentication code C =
f (RND, KEY) is created, and this is returned as a response in the operation. Further, as an operation, for bank I
When the authentication code collation command is given to the C card together with the authentication code C, in operation, D = f (RN
An authentication code D represented by (D, KEY) is created and collated with the authentication code C, and in operation, the collation result is returned as a response. Then, "O" indicating a match
If the collation result of “K” is obtained, it means that the IC card for the depositor, which is the counterpart, is authenticated as seen from the IC card for the bank.

The reader / writer device indicates a match in both the collation result obtained in the final procedure of the authentication processing shown in FIG. 4 and the collation result obtained in the final procedure of the authentication processing shown in FIG. If “OK” is obtained, it is determined that the positive mutual authentication is performed, and the original processing such as the access processing to the user data is executed.
The depositor IC card and the bank IC card will accept such access processing.

§3. Problems of Conventional Mutual Authentication Processing As described above, in §2, the processing contents of the conventionally proposed general mutual authentication system are briefly explained, but in fact, in such a system, sufficient security is not always required. Cannot be secured. Here, two problems are pointed out regarding such a conventional mutual authentication system. As will be described later, by applying the present invention,
Both of these two problems are solved.

The first problem is that the random number encryption command is illegally used. For example, suppose that an IC card for a depositor is in the hands of an unauthorized user, and this unauthorized user
Let's assume that you have an unauthorized access device with the same functions as the reader / writer device. In this case, it is true that mutual authentication cannot be performed unless the IC card for bank is in the hands of this unauthorized user. Therefore, immediately access the user data in the IC card for depositor. I can't. However, it is possible to give a random number encryption command from the unauthorized access device to the depositor's IC card. That is, it is possible to perform the same processing as the operation in FIG. 5 using the unauthorized access device. At this time, if some value X is given as a random number together with the random number encryption command, the operation is executed on the IC card side for the depositor and Y
An authentication code Y represented by = f (X, KEY) is created, and the operation returns this authentication code Y to the unauthorized access device as a response. That is, the unauthorized user can know the fact that “a specific value Y is obtained as a response when an operation is performed by giving a certain value X”.

Therefore, various different values are used as X,
If you actually try what kind of response Y is obtained in each case, you can create a one-to-one correspondence table of X and Y, and by analyzing this correspondence table,
Encryption algorithm f and key KE used for encryption
It becomes possible to estimate Y. In the unlikely event of an unauthorized user,
Once the encryption algorithm f and the key KEY are known,
The bank IC card may be forged, which seriously hinders security.

The second problem is that the authentication code collation command is illegally used. After all, it is assumed that the IC card for the depositor is in the hands of the illegal user, and this illegal user
Let's assume that you have an unauthorized access device with the same functions as the reader / writer device. In this case, a random number generation command can be given to the depositor IC card from the unauthorized access device, and an authentication code collation command can be given. That is, it is possible to use the unauthorized access device to perform the operation shown in FIG. 4 or a process equivalent to the operation. Therefore, if a random number generation command is given by an operation and some random number RND is generated by the operation, the generated random number RND is returned as a response to the unauthorized access device. Of course, even if this random number RND is obtained, the operation in FIG. 4 cannot be executed unless there is a bank IC card, so this unauthorized user cannot obtain the correct authentication code A.

However, this unauthorized user can execute the operation by using the random authentication code P. That is, if an unauthorized access device is used and some authentication code P is given together with the authentication code collation command, the operation is executed on the IC card side for the depositor, and is expressed by B = f (RND, KEY). Authentication code B is created. Then, the created authentication code B is collated with the random authentication code P, and the collation result is returned as a response to the unauthorized access device by the operation. Of course, since the random authentication code P was used, in many cases,
The collation result “NG” indicating the disagreement is obtained.
However, while changing the random authentication code P by trial and error (for example, 0000001,0
If the process of giving the authentication code collation command in the operation is repeatedly executed while increasing the number of 002, ... by 1), the random authentication code P happens to coincide with the correct authentication code A. .

That is, until the collation result "OK" is obtained, if the random authentication code is changed variously and the authentication code collation command is continuously given by trial and error,
It is possible to recognize that the authentication code given when the collation result "OK" is obtained is the correct authentication code. At this time, since the random number RND has been obtained by the operation, it is possible to specify the correct authentication code A obtained by encrypting the specific random number RND. Therefore, by analyzing the relationship between the random number RND and the authentication code A, it is possible to estimate the encryption algorithm f and the key KEY used for encryption.

§4. Mutual Authentication Process According to the Present Invention In the mutual authentication process according to the present invention, as shown in the block diagram of FIG. 2, the RAM 13 is provided with an area for storing the other party authenticated flag and the random number generated flag. Three commands related to the authentication process, that is, a random number generation command, a random number encryption command, and an authentication code collation command are executed by the processing procedures shown in FIGS. 6, 7, and 8, respectively. Hereinafter, each of these processing procedures will be described in order. In these steps of each processing procedure, the step marked with "*" is a step peculiar to the present invention added to solve the above-mentioned first problem, and is marked with "**". The step that was performed is the second step described above.
This is a step peculiar to the present invention, which is added to solve the above problem. All the other steps are steps showing general processing that has been conventionally performed. In the IC card according to the present invention, the program routine for performing the processes shown in FIGS. 6, 7, and 8 is written in the ROM.

First, the processing of the random number generation command according to the present invention will be described with reference to FIG. This process is shown in FIG.
Alternatively, it is a process corresponding to the operations 1 to 5 in the diagram of FIG. That is, when a random number generation command (a command called "GENERATE CHALLENGE" in the standard of the general IC card) is given from the reader / writer device to the IC card according to the present invention, the step inside the IC card is first performed. In S41, a random number is generated, and in the subsequent step S42, the generated random number is set as transmission data. Up to this point, the processing procedure of the conventional general random number generation command has been described. The feature of the present invention is that the random number generated flag is turned on in step S43. As described above, the random number generated flag is a flag set in a predetermined area in the RAM, and it suffices if the state of "ON" or "OFF" is indicated. There should be an area. However, in this embodiment, a 1-byte area is used as a random number generation completion flag, and a hexadecimal number "0".
If it is "1", it is treated as "ON", and in other cases, it is treated as "OFF". The RAM, which is a volatile memory, takes a value other than "01" when the power is turned on. In the present embodiment, when the IC card is initially connected to the reader / writer device, the random number generated flag is set. Is in the "OFF" state.

With the above procedure, the processing of this random number generation command is completed, and the control returns to the original program that called this processing routine. That is, in the flowchart of FIG. 3, the process of step S4 is completed,
Subsequently, step S8 is executed, and the generated random number is returned to the reader / writer device as a response.

Next, the processing of the random number encryption command according to the present invention will be described with reference to FIG. This process is a process corresponding to the operations 1 to 5 in the diagram of FIG. 4 or FIG. That is, when a random number encryption command (a command called “INTERNAL AUTHENTICATE” in the general IC card standard) is given from the reader / writer device to the IC card according to the present invention together with a predetermined random number RND, the IC Inside the card, first step S
At 51, it is determined whether or not the other party authenticated flag is "ON". As mentioned above, the other party authenticated flag is
This is a flag that is set in a predetermined area in RAM and
Since it suffices to indicate the state of "N" or "OFF", it is sufficient to have a recording area of at least 1 bit. However, in this embodiment, as in the case of the random number generated flag, a 1-byte area is allocated to the partner authenticated flag,
It is treated as "ON" when it is a decimal number "01" and as "OFF" otherwise. The RAM, which is a volatile memory, takes a value other than "01" when the power is turned on.
At the beginning of connecting the C card to the reader / writer device, the other party authenticated flag is in the "OFF" state.

If it is determined in step S51 that the other party authenticated flag is "ON", the process proceeds to step S52, in which the random number RND is encrypted. That is, a predetermined key "K" recorded in the EEPROM
EY ”is used to perform the process of encrypting the given random number“ RND ”, and as a result, the authentication code A or C is obtained.
Get. Here, if the authentication code A or C represents the encryption algorithm as a function “f”, A = f (RN
D, KEY) or C = f (RND, KEY) (the difference between A and C is due to the difference in random number and KEY used by each card during authentication).

On the other hand, if it is determined in step S51 that the other party authenticated flag is "OFF", step S52 is not executed. In either case, the transmission data will be set in the subsequent step S53. Here, when step S52 is executed, the authentication code A or C obtained here is set as transmission data. On the other hand, if step S52 is not executed, in this embodiment, a specific value indicating that the authentication code has not been obtained is set as the transmission data.

The feature of the present invention regarding the procedure of FIG. 7 is that the determination processing of step S51 is added, and steps S52 and S53 are the processing procedure of the conventional general random number encryption command. After all, with the above procedure, the processing of this random number encryption command is completed, and the control returns to the original program that called this processing routine. That is, in the flowchart of FIG. 3, the process of step S5 has been completed, and then step S8 is executed to obtain the "authentication code" or "the specific value indicating that the authentication code was not obtained". Will be returned to the reader / writer device as a response.

Next, the processing of the authentication code matching command according to the present invention will be described with reference to FIG. This processing is the operation in the diagram of FIG. 4 or FIG.
Is a process corresponding to. That is, for the IC card according to the present invention, an authentication code collation command ("EXTERNAL AUTHENTICATE" in the standard of the general IC card) is issued from the reader / writer together with a predetermined authentication code A or C.
Command), inside the IC card, it is first determined in step S61 whether or not the random number generated flag is "ON". As described above, this random number generated flag is a flag that is turned “ON” in step S43 shown in FIG. This step S61
If the random number generation flag is "ON" in the determination of No., the process of inputting the authentication code A or C given from the reader / writer device is performed in the subsequent step S62, and further, in step S63. Random number RN
Encryption of D is performed. The random number RND used here is the step S41 in the random number generation command executed in the past.
It is the numerical value generated in. That is, the random number "RND" generated in the past is encrypted by using the predetermined key "KEY" recorded in the EEPROM, and as a result, the authentication code B or D is obtained. Here, the authentication code B or D is a value represented by B = f (RND, KEY) or D = f (RND, KEY) when the encryption algorithm is represented as a function “f”.

In the following step S64, step S62
Collation processing is performed to check whether or not the authentication code A or C entered in step S63 and the authentication code B or D created in step S63 match. Then, as a result of the collation, if they match with each other, in the subsequent step S65, a process of setting the other party authenticated flag to "ON" is performed. If they do not match, the process of step S65 is not executed, and the partner authenticated flag remains in the "OFF" state. In the subsequent step S66, the random number generation completed flag is turned off, and the transmission data is set in step S67. The transmission data set here is the step S
It is data indicating the matching “OK” or the mismatching “NG” of the 64 matching results.

If it is determined in step S61 that the random number generation completion flag is "OFF", the processes in steps S62 to S66 are not executed and immediately step S61 is performed.
Transmission data is set at 67. In this embodiment, in this case, the data indicating the mismatch “NG” of the matching results is set as the transmission data, but other data, for example, the data indicating the unmatching may be set.

The feature of the present invention regarding the procedure of FIG. 8 is that the determination process of step S61 is added and the flag operation process of steps S65 and S66 is added. The other steps are processing procedures of a conventional general authentication code matching command. After all, with the above procedure, the processing of this authentication code collation command is completed, and the control returns to the original program that called this processing routine. That is, in the flowchart of FIG. 3, the process of step S6 is completed, and then step S6 is completed.
8 is executed, and the data indicating the matching “OK” or the mismatching “NG” of the collation result or the data indicating “collation impossible” is returned to the reader / writer device as a response.

§5. Solution of Problems Due to the Present Invention As already described in §4, the feature of the present invention is that the processing procedure of the three commands related to the mutual authentication processing, that is, the random number generation command, the random number encryption command, and the authentication code matching command. In FIG. 6, steps shown with “*” mark and “**” mark are added to FIGS. 6, 7, and 8, respectively. So let's show that these additional steps solve the two problems described in §3.

First, the first problem is the problem of illegal use of the random number encryption command. That is, a process equivalent to the operation in FIG. 5 is performed using the unauthorized access device,
If some value X is given as a random number to the depositor's IC card along with the random number encryption command,
On the IC card side for the depositor, the operation is executed and Y = f
An authentication code Y represented by (X, KEY) is created, and by operation, this authentication code Y is returned as a response to the unauthorized access device. Thus
If you can create a one-to-one correspondence table between X and Y,
As described above, it is possible to estimate the encryption algorithm f and the key KEY used for encryption by analyzing this correspondence table.

In accordance with the present invention, the "*" in FIGS.
Since the step marked with is added, such unauthorized access can be prevented. That is, according to the processing procedure of the random number encryption command shown in FIG. 7, first, in step S51, the other party authenticated flag is “ON”.
It is determined whether or not, and only when it is “ON”,
The procedure following step S52 is executed. Here, the other party authenticated flag is “OFF” at the beginning when the IC card is connected to the reader / writer device, and step S65 of FIG.
Is turned on only when is executed. This is shown in Figure 4.
It means that the operation shown in FIG. 5 is not executed until after the operation shown in FIG. In other words, the bank IC card authentication process for the banker's IC card (FIG. 4) is performed only when a positive authentication result is obtained for the banker's IC card authentication process (FIG. 4). The configuration is such that execution of FIG. 5) is possible. Therefore, IC for depositors
Bank IC even if the card is in the hands of an unauthorized user
As long as there is no card, the authentication process shown in FIG. 4 cannot be performed, so the operation of FIG. 5 is inevitably executed.

Incidentally, as a reminder, steps S51 and S65 marked with "*" in FIGS. 7 and 8 are the ICs of either one of the two IC cards for mutual authentication. This is a procedure that should be applied only to cards. Because these procedures, IC card for depositor and IC for bank
If applied to both the card and the card, mutual authentication will be impossible. That is, in order to authenticate the bank IC card with the depositor IC card, it is necessary to cause the bank IC card to execute the process of the random number encryption command, and conversely, the bank IC card uses the depositor IC card. In order to authenticate, the IC card for depositor needs to execute the processing of the random number encryption command, so both IC cards are programmed so that the random number encryption command is not executed unless the other party's authentication is completed. This is because any processing that responds to the authentication request from the other party will be rejected.

In an information processing system for performing mutual authentication using two sets of IC cards, it is general that one IC card is generally managed more strictly than the other IC card. For example, IC card for depositor and I for bank
In the case of a system using the C card, the bank IC card is managed by the person in charge of the bank, and therefore, the IC card for the bank is strictly managed as compared with the IC card for the depositor which is carried by the general public. It can be said that there is a low possibility that unauthorized access will be made to this bank IC card. Therefore, in order to apply the present invention to such a system, step S51 marked with "*",
S65 may be added only to the routine in the ROM on the IC card side for the depositor. In this case, I for depositors
Execution of the random number encryption command in the C card (operation of FIG. 5) is performed in a state where the counterparty authenticated flag in the RAM of the IC card for the depositor is “ON”, in other words, the IC for the depositor. If the card is not a valid bank IC card, it will not be permitted and I
Unauthorized access to the C card can be prevented. On the other hand, execution of the random number encryption command in the bank IC card (operation of FIG. 4) is permitted regardless of whether or not the bank IC card authenticates the legitimate depositor IC card. The authentication process shown in can be executed without any trouble.
Of course, it is possible to make unauthorized access to the bank IC card to execute the operation, but it is extremely unlikely that such illegal access will be made to the bank IC card that is strictly managed. It doesn't matter because.

The second problem is that the authentication code collation command is illegally used. That is, this is a problem when the unauthorized access device performs the operation in FIG. 4 or a process equivalent to the operation. After the operation is performed to generate the random number RND, the random authentication code P is used instead of the authentication code A, and the operation is repeatedly performed by trial and error.
The collation result of "K" is obtained as an operation.

According to the present invention, "*" is added to FIGS.
Since the step with "*" is added, such unauthorized access can be prevented. That is, according to the processing procedure of the random number generation command shown in FIG.
After the ND is generated, in step S43, the random number generation completed flag is turned on. However, according to the processing procedure of the authentication code matching command shown in FIG. 8, in the first step S61, the random number generated flag is set to “O”.
The following processing is executed on condition that it is “N”,
In the final step S66, the random number generated flag is in the "OFF" state. The "ON" / "OFF" operation of such a random number generated flag is traced in the diagram of FIG. 4 as follows. First, when an operation is performed on the depositor's IC card to generate (operate) the random number RND, the random number generated flag is in the “ON” state. Next, as an operation, when an authentication code collation command is given, at that time, the random number generated flag is kept in the “ON” state, so the processing of the authentication code collation command (in the depositor IC card ( Operation) is executed without any trouble. However, after the operation is executed, the random number generated flag is in the “OFF” state. Therefore, subsequently, when the authentication code collation command is given again as the operation, the random number generated flag is in the “OFF” state at that time, so that the processing (operation) of the authentication code collation command is performed this time. Not executed In order to execute the authentication code collation command again, the operation is to give a random number generation command again, and a new random number RN is issued.
It is necessary to generate D.

With such a configuration, it is impossible to repeat the operation by giving a random authentication code P to the same random number RND by trial and error. Of course, it is possible to alternately repeat the operation and the operation, but since the random number RND generated each time is different, it is highly possible that the matching result “OK” indicating coincidence in the operation is obtained by chance. Get lower.

After all, if the steps marked with "**" are added to FIGS. 7 and 8, the random number generation process is executed at least once after the IC card is connected to the reader / writer device, and The authentication code matching process can be configured to be executed only when the authentication code matching process has not been executed even once after the last executed random number generation process, thereby preventing unauthorized access. It will be possible. The steps marked with "**" may be applied to both the depositor IC card and the bank IC card.

Finally, a modified example of the present invention for solving the above-mentioned second problem will be described. The essential point of this modification is that the authentication code matching process is executed only when the authentication code matching command is given from the reader / writer device immediately after the random number generation command. For example, in the case of the authentication processing of FIG. 4, a random number generation command is given to the IC card for depositor by an operation, and then an authentication code collation command is given by an operation. And I for this depositor
As long as proper authentication processing is performed on the C card, the command given after the random number generation command is an authentication code collation command, and another command is not interposed between both commands. Therefore, even if the authentication code collation process is executed only when the authentication code collation command is given as the command immediately after the random number generation command, no problem occurs in performing the legitimate authentication process. . On the other hand, in terms of preventing unauthorized access, it is significant to have such a configuration. That is,
The authentication code collation command is executed only when it is given immediately after the random number generation command, so that there is no unauthorized access in which the authentication code collation command is continuously given together with the random authentication code X to repeat trial and error. In addition to being prohibited, any attempt to make any unauthorized access by interposing some command between the random number generation command and the authentication code matching command will be eliminated.

In order to realize such a thing, when an authentication code collation command is given as an operation, the IC card side confirms that this command is a command immediately after the random number generation command, and in other words For example, it may be configured such that it is confirmed that the random number generation command has been given immediately before this command, and only when such confirmation is obtained, the authentication code matching process as the operation is executed. Specifically, in addition to the step marked with "**" described above, the random number generation flag is set to "OF" at the end of the processing procedure of all commands other than the random number generation command.
The step of setting to “F” may be added. By doing so, the random number generation flag is set to “ON” immediately after the random number generation command is executed, but even if any other command is executed thereafter, the random number generation flag is set to “OF”.
Therefore, the authentication code collation command can be executed only immediately after the random number generation command.

Although the present invention has been described above based on the illustrated embodiment, the present invention is not limited to this embodiment, and can be implemented in various modes other than this. For example, in the above embodiment, the processing of the random number encryption command is
Although the description has been made on the assumption that the operation is always performed based on the same key "KEY", it is possible to prepare a plurality of keys and give the information specifying the key used for encryption together with the command. For example, EE for IC cards for depositors
In the PROM, three types of encryption keys "KEY1",
Prepare "KEY2" and "KEY3" in advance.
It is assumed that three types of encryption keys "KEY1", "KEY2", and "KEY3" are also prepared in the EEPROM of the C card. In this case, when giving the random number encryption command in the operation, the random number RND and the key number (information specifying any one of the three encryption keys)
And are given to the IC card together with the command.
Then, in the operation, the encryption process of the random number RND is executed using the specified key. Further, even when the authentication code collation command in the operation is given, the authentication code and the key number are given to the IC card together with the command, and in the operation, the encryption processing of the random number RND is also executed using the specified key. To do so. In this way, a system using a plurality of encryption keys becomes possible, and the present invention is applicable to such a system as well.

Further, although the present invention is applied to the information processing system using the IC card for depositor and the IC card for bank in the above-mentioned embodiment, the present invention can be applied to any information processing system. I don't care. In particular, the application target of the present invention is not limited to an IC card, but can be widely applied to a portable information recording medium having an information processing function.

[0075]

As described above, according to the information processing system using the two sets of portable information recording media according to the present invention, it is necessary to authenticate the other party as a legitimate medium.
Since the processing for responding to the authentication request from the other party is executed and the repeated execution of the authentication code matching command is prohibited, sufficient security can be ensured.

[Brief description of drawings]

FIG. 1 is a diagram illustrating a basic configuration of a general information processing system that performs mutual authentication using two sets of IC cards.

2 is a block diagram showing an internal configuration of a first IC card 10 shown in FIG.

FIG. 3 is a flow chart showing a general processing procedure of a CPU in an IC card having mutual authentication as a security condition.

[FIG. 4] First IC card 10 (IC card for depositor)
6 is a diagram showing a procedure of an authentication process of the second IC card 20 (bank IC card) by the.

FIG. 5 is a diagram showing a procedure of authentication processing of the first IC card 10 (IC card for depositor) by the second IC card 20 (IC card for bank).

FIG. 6 is a flowchart illustrating a processing procedure of a random number generation command according to the present invention.

FIG. 7 is a flowchart illustrating a processing procedure of a random number encryption command according to the present invention.

FIG. 8 is a flowchart illustrating a processing procedure of an authentication code matching command according to the present invention.

[Explanation of symbols]

 10 ... 1st IC card (IC card for depositor) 11 ... CPU 12 ... ROM 13 ... RAM 14 ... EEPROM 20 ... 2nd IC card (bank IC card) 30 ... Reader / writer device

Claims (7)

[Claims] 1. A function for accessing both of a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function to these information recording media. Connect to a reader / writer device that you have,
A first authentication process for authenticating whether or not the first portable information recording medium is a valid medium for the second portable information recording medium, and the second portable information recording medium is the first portable information recording medium. When a second authentication process for authenticating whether the information recording medium is a valid medium or not is executed, and a positive authentication result is obtained in both the first authentication process and the second authentication process. In an information processing system configured to permit access to at least a specific recording area in the first portable information recording medium, when a positive authentication result is obtained for the first authentication process. As far as possible, an information processing system capable of executing the second authentication process. 2. A function of accessing both of a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function, to the information recording medium. Connect to a reader / writer device that you have,
A first authentication process for authenticating whether or not the first portable information recording medium is a valid medium for the second portable information recording medium, and the second portable information recording medium is the first portable information recording medium. A portable information recording medium used in an information processing system configured to perform a second authentication process for authenticating an information recording medium as to whether it is a valid medium, When a random number encryption command is given together with a predetermined random number, a given key stored inside is used to encrypt the given random number to create an authentication code, and the created authentication code is read by a reader / writer. It has the function of executing the random number encryption process to be sent to the device, and only when the portable information recording medium of the other party is authenticated as a valid medium after connecting to the reader / writer device.
A portable information recording medium characterized in that the random number encryption process is executed. 3. The portable information recording medium according to claim 2, wherein an area for recording the other party authenticated information is provided in a volatile memory that retains stored contents only while connected to the reader / writer device. If the portable information recording medium of the other party is authenticated as a valid medium, the process of writing the other party authenticated information in the area is performed, and when the random number encryption command is given from the reader / writer device, A portable information recording medium, characterized in that the random number encryption processing is executed only when the other party authenticated information is written by referring to the area. 4. A function of accessing both of a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function. Connect to a reader / writer device that you have,
A first authentication process for authenticating whether or not the first portable information recording medium is a valid medium for the second portable information recording medium, and the second portable information recording medium is the first portable information recording medium. A portable information recording medium used in an information processing system configured to perform a second authentication process for authenticating an information recording medium as to whether it is a valid medium, When a random number generation command is given, a function to generate a random number internally and send the generated random number to the reader / writer device, and the function to execute the random number generation process from the reader / writer device to the portable information recording medium of the other party. When the authentication code collation command is given together with the created authentication code, it is generated by the random number generation process executed in the past by using the predetermined key recorded inside. An authentication code is created by encrypting a random number, checking whether the created authentication code matches the authentication code given by the reader / writer device, and sending the verification result to the reader / writer device. It has a function to execute, and the random number generation process is executed at least once after connecting to the reader / writer device, and the authentication code verification is performed once even after the last executed random number generation process. A portable information recording medium, characterized in that the authentication code matching process is executed only when the process is not executed. 5. The portable information recording medium according to claim 4, wherein an area for recording random number generated information is provided in a volatile memory that retains stored contents only while connected to a reader / writer device. , After performing the random number generation process, "generated" in this area
After performing the process of writing the information indicating the, and executing the authentication code collation process, the process of writing the information indicating "ungenerated" in this area is performed, and when the authentication code collation command is given from the reader / writer device, A portable information recording medium, characterized in that the authentication code matching process is executed only when information indicating "generated" is written by referring to the area. 6. A function for accessing both of a first portable information recording medium having an information processing function and a second portable information recording medium having an information processing function, to the information recording medium. Connect to a reader / writer device that you have,
A first authentication process for authenticating whether or not the first portable information recording medium is a valid medium for the second portable information recording medium, and the second portable information recording medium is the first portable information recording medium. A portable information recording medium used in an information processing system configured to perform a second authentication process for authenticating an information recording medium as to whether it is a valid medium, When a random number generation command is given, a function that internally generates a random number and sends the generated random number to the reader / writer device is executed. When the authentication code collation command is given together with the created authentication code, it is generated by the random number generation process executed in the past by using the predetermined key recorded inside. An authentication code is created by encrypting a random number, and the created authentication code is checked to see if it matches the authentication code given by the reader / writer device. It has a function to execute, and is configured such that the authentication code matching process is executed only when the authentication code matching command is given as a command immediately after the random number generation command from the reader / writer device. Portable information recording medium. 7. The portable information recording medium according to claim 6, wherein an area for recording random number generated information is provided in a volatile memory that retains stored contents only while being connected to a reader / writer device. , After executing the processing based on the random number generation command, the processing to write the information indicating "generated" in this area is performed, and after the processing based on the commands other than the random number generation command is executed, When the authentication code collation command is given from the reader / writer device, the area is referred to and the authentication code collation is performed only when the information indicating "generated" is written. A portable information recording medium, characterized in that processing is executed.