JP3231466B2 - Information recording medium storing keys - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information recording medium storing keys and, more particularly, to an information recording medium which executes various functions using the stored keys.

[0002]

2. Description of the Related Art As a new information recording medium replacing a magnetic card, an IC card has attracted attention. In particular, CPU
An IC card with a built-in is expected to be used in various fields because of its high security. Generally I
The C card has three types such as RAM, ROM, and EEPROM.
There are various types of memories, all of which are accessed by the built-in CPU. The transfer of data to and from the IC card is performed by a reader / writer device. When a predetermined command is given from the reader / writer device to the IC card, the command is executed by the CPU in the IC card. For example, in the case of a data write command, data given from the reader / writer device to the IC card is written in the memory in the IC card, and in the case of a data read command, data is read from the memory in the IC card. The data is transferred to the reader / writer device.

As described above, since the access to the memory in the IC card is performed by the built-in CPU, it is possible to use the device in which the unauthorized access is prohibited. Normally,
A key is stored in the IC card, and a predetermined function is executed using the key. For example, IC
In the collation function for confirming that the card holder is a legitimate person, a collation key known only by the legitimate holder is also stored in the IC card, and is given from outside. When the collation key matches the collation key stored therein, a process of confirming that the access is performed by a valid holder is performed. In an encryption writing function used when writing data requiring confidentiality in an IC card, a predetermined encryption key is stored in the IC card, and data (externally supplied) is stored in the IC card. Data that requires confidentiality) is encrypted using this encryption key, and the encrypted data is written to a built-in memory. Since the data written in the memory is already encrypted, even if this data is read out by unauthorized access, anyone who does not know the encryption key must decrypt it. Can not. In addition, various functions using predetermined keys are used.

[0004]

As described above, IC cards are provided with various functions using keys.
In addition, in the conventional IC card, a specific key is associated with a specific function to be executed.
For example, if there are five types of functions, each of these functions is associated with a separate and independent key,
A total of five keys are required. However, the use of IC cards in the real world tends to become more and more complicated, and a more flexible use of keys is desired. For example, if a plurality of keys can be used for one function or a plurality of functions can be handled by one key, a very convenient usage can be realized.

Accordingly, an object of the present invention is to provide an information recording medium in which a key capable of realizing a more flexible key use mode is stored.

[0006]

According to the present invention, a program for executing a plurality of functions and a plurality of keys are stored therein, and information for specifying one of the plurality of functions and information of the plurality of keys are stored. when a predetermined instruction including the information specifying either given externally, in the information recording medium to perform the functions specified by using the key specified, a plurality
For each of the keys, data indicating the key itself
The key is valid for each of the
Key type information indicating whether or not the key
When a predetermined instruction is given from the outside and a memory stored as a key directory, a key directory for a specific key specified by the instruction is referred to, and based on key type information in the key directory, this instruction is referred to. A function execution unit that determines whether the key specified by this instruction is valid for the function specified by the instruction, and executes the specified function using the specified key only when the key is valid ; , Are provided .

Further, the key type information is constituted by a plurality of bit information corresponding to a plurality of functions on a one-to-one basis, and whether the validity is indicated by "1" or "0" of the bit information. It was done.

[0008]

With the information recording medium according to the present invention, it is possible to freely set the correspondence between a plurality of functions and a plurality of keys. That is, the key type information in the key directory indicates whether or not the key is valid for each function. By setting the key type information, it is possible to freely define which function the key corresponds to. Will be able to For example, if a setting of "valid for all functions" is made, this key can be used as a so-called master key, and all functions can be executed only by this key. The card issuer can set the key flexibly while considering the balance with security.

[0009]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described below with reference to the illustrated embodiments. FIG. 1 is a block diagram showing a state where a general IC card 10 is connected to a reader / writer device 20. IC
In the card 10, an I / O device 11 for connecting to a reader / writer device 20, a CPU 12, a RAM 13,
The ROM 14 and the EEPROM 15 are built in. The CPU 12 receives a command given from the reader / writer device 20 via the I / O device 11, and executes the command. Of the three types of memory, the RAM 13 is a volatile memory and is used as a work area of the CPU 12. The ROM 14 and the EEPROM 15 are both non-volatile memories. The ROM 14 is read-only, while the EEPROM can be rewritten at any time. For this reason, a program to be executed by the CPU 12 is prepared in the ROM 14, and various information (file directory, user data, etc.) necessary when the IC card 10 is used for a specific application is recorded in the EEPROM 15. .

As a general standard for using such an IC card 10 in the financial industry, "ISO9992" is known. In order to comply with the general specifications of the existing IC card and this ISO standard, five functions as shown in the table of FIG. 2 are required. In a conventional IC card, independent keys are prepared for each of these five types of functions. That is, in the example of FIG. 2, five keys A to E numbered “01” to “05” as key IDs
(In practice, each key is composed of a password composed of several alphanumeric characters. However, in this specification, for convenience of explanation, abstract expressions such as “key A” and “key B” are used. I will do that). Then, the information in the “key ID” column and the “key” column in the table shown in FIG. 2 is written in a predetermined area in the EEPROM 15 in the IC card 10. The programs for executing these five functions are written in the ROM 14.

In order for the IC card 10 to execute a specific function, information for specifying a function to be executed, information for specifying a key to be used, and
May be given to the IC card 10.
For example, if the authentication function is to be executed, information for specifying the “authentication function” (for example, “AUTHEN”)
A character string indicating a command "TICATE") and information for specifying "key B" to be used (for example, key ID
The predetermined instruction including the numerical value “02” that is
What is necessary is just to give to C card 10. When receiving such an instruction, the CPU 12 executes the program for executing the authentication function written in the ROM 14 using the “key B” written in the EEPROM 15.

Now, in order to facilitate understanding of the substantive description of the present invention, here, "ISO9992"
Fig. 3 shows each of the five functions based on the
This will be briefly described with reference to FIG. In FIGS. 3 and 4, the columns on the left side of the dashed-dotted line in the center show the processes on the reader / writer device 20 side, and the columns on the right side show the processes on the IC card 10 side. First, the "collation function" will be described with reference to FIG. This “collation function” is a function for performing a collation process for confirming that the owner of the IC card is a valid person. The legitimate holder of the IC card knows the verification key A. This collation key A is also stored in the IC card 10. When the valid holder inserts the IC card 10 into the reader / writer device 20 and inputs the verification key A to the reader / writer device 20, the input verification key A is transferred to the IC card 10 and the IC card 10 side In step 2, it is confirmed that the key A stored originally matches the key A transferred. If the two match, information "OK" indicating the confirmation of the match is returned to the reader / writer device 20, and if they do not match, the information "NG" indicating the mismatch is returned. "NG"
Is returned, the reader / writer device 20
Take measures to prohibit subsequent access to the card 10. Thus, unauthorized access of the IC card 10 by an unauthorized user who does not know the correct collation key A can be prevented.

The "authentication function" shown in FIG. 3 (b) is a function for performing an authentication process for confirming that the IC card 10 is a valid card. In the valid IC card 10,
The authentication key B is stored. The authentication key B is also held on the reader / writer device 20 side (more specifically, the authentication key B is managed by application software in a computer that controls the reader / writer device 20). As a pre-stage of the authentication process, first, a request for a random number is made from the reader / writer device 20 to the IC card 10. Upon receiving this request, a predetermined random number R is generated in the IC card 10, and the random number R is returned to the reader / writer device 20. In the reader / writer device 20, the random number R is encrypted using the authentication key B, and the encrypted data is transferred to the IC card 10. On the other hand, the random number R generated earlier is also encrypted on the IC card 10 side using the authentication key B stored in advance. Thus, the coincidence of the encrypted data is confirmed between the two. If the two match, information "OK" indicating the confirmation of the match is returned to the reader / writer device 20, and if not, the information "NG" indicating the mismatch is returned. When “NG” is returned, the reader / writer device 20 takes a measure to prohibit subsequent access to the IC card 10. Thus, it is possible to prevent a transaction using the forged IC card 10 from being performed. In this authentication function, data transferred between the IC card 10 and the reader / writer device 20 is a random number R and encrypted data, and the authentication key B itself is not transferred. Therefore, even if the signals on both transfer paths are monitored illegally, the authentication key B is not known to the outside. In this respect, it can be said that this authentication function is a function having higher security than the above-described collation function.

The “diversification function” shown in FIG. 4C is a function for performing processing for generating a new key inside the IC card 10. When the IC card 10 is diversified and used, it is necessary to generate a new key. In such a case, a necessary key is generated by executing the diversification function. In addition, a key newly generated by the diversification function is a unique key for each IC card. The diversification key C used to execute the diversification function is stored in the IC card 10 in advance. This diversification key C is also prepared on the reader / writer device 20 side.
Before the diversification process, first, the reader / writer device 2
From 0, the unique data U is read from the IC card 10. That is, in the IC card 10, the unique data U unique to the card is transferred to the reader / writer device 2.
The process of returning to 0 is executed. In this embodiment, the serial number of each card (usually written in a predetermined area of the EEPROM 15) is returned as unique data U. Subsequently, the reader / writer device 20 gives an instruction to the IC card 10 to generate a new key using the unique data U. The IC card 10 generates a new key X based on the unique data U and the diversification key C, and writes the new key X in the EEPROM. Thus, a new key X can be prepared on the IC card 10 side. This key X is
Since the key is generated based on data unique to each card (in this example, the serial number of the card), the key is unique for each card. On the other hand, on the reader / writer device 20 side, if a new key X is generated from the unique data U and the diversified key C, the new key X generated in the IC card 10 can be known.

The "transaction proof function" shown in FIG.
This function performs a process of creating certification data for certifying that some kind of transaction has been performed between the card 10 and the reader / writer device 20. A transaction certification key D for performing this function is stored in the IC card 10 in advance. Now, a case where a deposit transaction is performed on a bank account using the IC card 10 is taken as an example. In this case, when the “transaction proof function” is executed, the transaction data T indicating the date and the amount of the deposit transaction is transmitted from the reader / writer device 20 to the IC.
The data is transferred to the card 10. The IC card 10 generates certification data S based on the transaction data T and the transaction certification key D, and returns this to the reader / writer device 20. The reader / writer device 20, for example, prints out the certification data S and distributes it as a receipt to the holder of the IC card 10. At a later date, if it is questionable whether or not the above-described deposit transaction has been performed, the fact that the transaction is verified can be proved by the receipt on which the proof data S is printed. That is, the certification data S is reproduced based on the transaction data T and the key D, and it may be shown that the certification data S matches the certification data S printed on the receipt. Note that the same effect can be obtained by holding transaction data and certification data in a host computer that manages the reader / writer device 20 instead of issuing a receipt, and comparing the transaction data and the certification data recorded in the card. .

The "encrypted writing function" shown in FIG. 4E is a function used when data requiring confidentiality is written in the IC card 10. An encryption key E required for encryption is stored in the IC card 10 in advance. When writing the target data Z for which confidentiality is required in the IC card 10, first, the target data Z is transferred from the reader / writer device 20 to the IC card 10. In the IC card 10, the target data Z is encrypted using the encryption key E stored in advance, and the encrypted data is transmitted to the EE.
Write into PROM 15. In this way, if data is written after being encrypted, even if this data is read out by an unauthorized user, as long as the encryption key E is not known, the original target data can be read. Z cannot be decoded.

The above has briefly described the five types of functions. In a conventional IC card, these five types of functions are executed using separate keys A to E, respectively. In the present invention, these five methods are performed by the following method.
Flexibility is given to the correspondence between various functions and multiple keys. First, the EEPR of the IC card 10 according to the present invention
In a predetermined area in the OM 15, a key directory having a format as shown in FIG. 5 is provided for each key. A code for identifying this key is recorded in the first “Key ID” part, and in the subsequent “Key type” part, as described later, whether this key is valid for each function. Information indicating whether or not the information is recorded is recorded. In the following “key length” part, the number of bytes indicating the total length of the key is recorded, and in the last “key” part, a specific key itself (a character string composed of alphanumeric characters) is recorded. The features of the present invention are:
The point is that information called "key type" is written in this key directory. In this embodiment, a 1-byte memory area is allocated as information indicating the "key type". As shown in FIG. 5, each of the upper 5 bits of this 1 byte, that is, 8 bits, is described above. Each of the five functions is associated with each function, and whether the function is valid or invalid is expressed. That is, "valid" if the corresponding bit is "1", and "invalid" if the corresponding bit is "0".
Will be shown.

FIG. 6 is a table showing an example of a specific key directory prepared for six keys. In this example, key IDs “01” to “06” are defined for six keys. In FIG. 6, the key lengths are represented by abstract notations “L1” to “L6”, and the keys are represented by abstract notations “Key A” to “Key F”. Columns are used. When the key directory is set as shown in FIG. 6, the relationship between each function and each key is as shown in the table of FIG. As for the collation function, as in the conventional example shown in FIG. 2, only a single key A has a one-to-one correspondence. For example, for the authentication function, two keys, a key B and a key C, are used. Yes, it is. This corresponds to the key B in the key directory of FIG.
This is because the second bit (corresponding to the authentication function) of the key type for the key C is "1" indicating validity. As described above, one function can be associated with a plurality of keys, and conversely, one key can be associated with a plurality of functions. For example, in FIG.
The key type is “1” indicating that the third and fourth bits are valid, and this key D can be used for both the diversification function and the transaction certification function.
The key type of the key F is "1" indicating that the third, fourth, and fifth bits are valid. This key F has a diversification function, a transaction certification function, and an encryption writing function. It can be used for three functions. FIG. 8 is a diagram showing the correspondence between a plurality of functions and a plurality of keys. Key F
Is a so-called master key that serves both as keys D and E. By appropriately setting the bit information of the key type in the key directory, an arbitrary correspondence can be set between a plurality of functions and a plurality of keys.

Next, when a key directory as shown in FIG. 6 is set, how each of the five types of functions is specifically executed will be briefly described with reference to FIGS. Will be described. 9 to 11, the column on the left side of the one-dot chain line in the center shows the processing on the reader / writer device 20 side, and the column on the right side shows the processing on the IC card 10 side. First, the "collation function" will be described with reference to FIG. When a valid holder of the IC card 10 inputs the verification key A to the reader / writer device 20, the reader / writer device 20 transfers a command of the format “VERIFY + 01 + key A” to the IC card 10.
Here, the character string "VERIFY" is a command for instructing execution of the collation function. The following "01" is the key ID of the key A to be used, and the next "key A" is the actual key code. Upon receiving such a command, the IC card 10 first searches the key directory of the key ID “01” and checks the key type. In the example shown in FIG. 6, the first bit of the key type is “1”,
This indicates that the “collation function” is effective. Therefore,
Executes the specified collation function. Specifically, it confirms that key A previously written in the key directory matches key A given as a command, and returns "OK" or "NG" information.

The "authentication function" shown in FIG. 9B is executed as follows. First, a command “GENERATE R” for instructing generation of a random number is issued from the reader / writer device 20.
“ANDOM” is transferred to the IC card 10. In response, the random number R is returned from the IC card 10 to the reader / writer device 20. On the reader / writer device 20 side, the random number R is encrypted. This encryption process
It is represented by the general formula of P = f1 (R, key B). Here, f1 is a predetermined function having a random number R and a key B as arguments, and P is encrypted data. Subsequently, the reader / writer device 20 reads “AUTHENTICATE + 02
+ P ”is transferred to the IC card 10. Here, the character string "AUTHENTICATE" is a command for instructing execution of the authentication function, the following "02" is the key ID of the key B to be used, and the next P is encrypted data. Upon receiving such a command, the IC card 10 first searches the key directory with the key ID “02” and checks the key type. In the example shown in FIG. 6, the second bit of the key type is “1”.
, Indicating that the “authentication function” is valid. Then, the designated authentication function is executed. Specifically, an encryption process P = f1 (R, key B) similar to the process performed on the reader / writer device 20 side is performed. However,
Here, the key B stored in advance is used as the key B. Then, it confirms the agreement between the encrypted data P obtained on the IC card 10 side and the encrypted data P transferred from the reader / writer device 20 side, and returns "OK" or "NG" information. As shown in the table of FIG. 7, this authentication function can be performed using the key C. In this case, using the key ID of the key C, "AUTH
ENTICATE + 03 + P ”
What is necessary is just to give to the C card 10.

The "diversification function" shown in FIG. 10 (c) is executed as follows. First, from the reader / writer device 20, a command “READ” for giving an instruction to read a serial number is provided.
SERIAL ”is transferred to the IC card 10. In response, the serial number U is returned from the IC card 10 to the reader / writer device 20. Subsequently, the reader / writer device 20 transfers a command of the format “DIVERSIFY + 04 + 07 + U” to the IC card 10. here,
The character string “DIVERSIFY” is a command for instructing execution of the diversification function, and “04” is a key ID of the key D used for execution of the diversification function (“0
6 "), the key F can be used.
7 ”is a key I to be given to the newly generated key X
D, and the subsequent “U” is the read serial number. Upon receiving such a command, the IC card 10 first searches the key directory of the key ID “04” and checks the key type. In the example shown in FIG.
The third and fourth bits of the key type are “1”, indicating that the “diversification function” is valid (the “transaction certification function” is also valid). Therefore, the designated diversification function is executed. More specifically, this diversification processing is performed using the key X
This is a process of generating a new key X by an operation represented by a general formula of = f2 (U, key D). Where f2
Is a predetermined function having U and key D as arguments. When a new key X is generated in this way, the key directory of the key ID “07” is searched, and the new key X is written there. When all the processes are completed, finally, information “OK” is sent to the reader / writer device 20.

The "transaction certification function" shown in FIG. 10 (d) is executed as follows. First, the reader / writer device 20
The command of the format “CERTIFICATE + 06 + T” is transferred to the IC card 10. Here, "CERT
The character string "IFICATE" is a command for instructing execution of the transaction certification function, and "06" is the key ID of the key F used for execution of the transaction certification function ("04").
Key T can be used), and the subsequent "T" is predetermined transaction data (date, amount, etc.). Upon receiving such a command, the IC card 10 first searches the key directory of the key ID “06” and checks the key type. In the example shown in FIG. 6, the key type is 3
The 5th bit is "1" and the "transaction certification function"
It is shown that all three types of functions are effective, including. Therefore, the designated transaction certification function is executed.
Specifically, this diversification process is a process of generating proof data S by an operation represented by a general expression of S = f3 (T, key F). Here, f3 is a predetermined function having T and key F as arguments. When the proof data S is generated in this way, it is returned to the reader / writer device 20. The reader / writer device 20 records the certification data S in a memory or a receipt in the host computer as necessary.

The "encrypted writing function" shown in FIG. 11 (e) is executed as follows. First, the reader / writer device 20
The command of the format “ENCIPHER + 05 + Z” is transferred to the IC card 10. Here, "ENCIPHE
The character string "R" is a command for instructing execution of the encrypted writing function, and the following "05" is the key ID of the key E used for executing the encrypted writing function (if "06", The key “F” can be used), and the subsequent “Z” is target data to be encrypted. When receiving such a command, the IC card 10 first receives the key ID “05”.
Search the key directory and check its key type. In the example shown in FIG. 6, the fifth bit of the key type is “1”, which indicates that the “encryption writing function” is valid. Therefore, the designated encryption writing function is executed. Specifically, this encrypted writing process is performed by Q
= F4 (Z, key E) is a process of generating and writing encrypted data Q by an operation represented by the general formula. Here, f4 is a predetermined function using Z and key E as arguments. When all the processes are completed, finally, information “OK” is sent to the reader / writer device 20.

It should be noted that the key type is checked on the IC card 10 side when any of the five functions is executed. By performing this check, functions that are not valid for that key are not performed. For example, an unauthorized user who has learned the key A by some means can execute the collation function using the key A. However, as shown in the key directory of FIG. 6, this key A has a key type in which only the collation function is valid, so that the key A cannot execute other functions. For example, a command of the form "AUTHENTICATE + 01 + P" is given to the IC card 10 by some method, and even if an authentication function is executed using the obtained key A, the key directory of the key ID "01" is searched. When the key type is checked, it can be confirmed that the key A is invalid for the authentication function, and the authentication function is not executed.

Generally, when a plurality of keys correspond to one function, or when a plurality of functions correspond to one key, security is reduced. However, if one key corresponds to one function in a one-to-one correspondence to improve security as in the related art, it is difficult to realize a flexible usage form in the real world. According to the present invention, the most appropriate correspondence can be set in consideration of the balance between security and flexibility. Also, by making one key correspond to multiple functions,
The number of keys required as a whole can be reduced.
Therefore, the effect of reducing the occupied area of the key directory and saving the memory can be expected.

Although the present invention has been described based on the illustrated embodiment, the present invention is not limited to this embodiment, but can be implemented in various other modes. For example, the above-described embodiment is an example in which the present invention is applied to an IC card, but the present invention is widely applicable to an information recording medium using a key. In addition, the above-described five functions are shown as examples, and other functions may be applied.

[0027]

As described above, according to the information recording medium storing keys according to the present invention, the key type information indicating which function the key corresponds to can be set in the key directory, so that it is more flexible. It is possible to realize various key usage forms. In other words, it is possible to arbitrarily associate specific keys with various functions. For example, if keys are specified in accordance with the importance of functions, the security of data recorded in the card is improved. It can also be done.

[Brief description of the drawings]

FIG. 1 shows a general IC card 10 connected to a reader / writer 2
It is a block diagram showing the state connected to 0.

FIG. 2 is a table showing a correspondence relationship between general functions provided in a conventional IC card and keys used for the functions.

FIG. 3 is a diagram briefly describing the contents of a collation function and an authentication function among the five types of functions shown in FIG. 2;

FIG. 4 shows a diversification function among the five types of functions shown in FIG.
FIG. 3 is a diagram for briefly explaining a transaction certification function and an encryption writing function.

FIG. 5 is a diagram showing a format of a key directory provided in the IC card according to the present invention.

FIG. 6 is a diagram showing an example of a key directory described in the format shown in FIG.

FIG. 7 is a list showing the correspondence between each function and each key set based on the key directory shown in FIG. 6;

FIG. 8 is a diagram showing only correspondences extracted from the list shown in FIG. 7;

FIG. 9 is a diagram showing a procedure for performing a collation function and an authentication function among the five types of functions shown in FIG. 2 by the IC card according to the present invention.

FIG. 10 is a diagram showing a procedure for performing a diversification function and a transaction certification function among the five types of functions shown in FIG. 2 by the IC card according to the present invention.

FIG. 11 is a diagram showing a procedure for performing an encryption writing function by the IC card according to the present invention among the five types of functions shown in FIG. 2;

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 ... IC card 11 ... I / O device 12 ... CPU 13 ... RAM 14 ... ROM 15 ... EEPROM 20 ... Reader / writer device

────────────────────────────────────────────────── ─── Continuation of the front page (56) References JP-A-63-155344 (JP, A) JP-A-1-2777993 (JP, A) JP-A-1-217587 (JP, A) (58) Field (Int.Cl. ⁷ , DB name) G06K 19/07-19/077 G06F 12/14 320

Claims (2)

(57) [Claims] A program for executing a plurality of functions and a plurality of keys are stored therein, and information for specifying one of the plurality of functions and information for specifying one of the plurality of keys are stored therein. When a predetermined instruction including the following is given from the outside, in the information recording medium that executes the specified function using the specified key, for each of the plurality of keys, data indicating the key itself is displayed.
Data and the key are used for each of the plurality of functions.
Key type information indicating whether the key is valid or not
The memory stored as a key directory and the predetermined instruction given from the outside, based on the key type information in the key directory for the specific key identified by the instruction, specified by the instruction. it is determined whether the specific key is valid for a particular function, the key comprising: a, a function executing unit that performs execution of the specific function using the specific key only if it is valid An information recording medium that stores the information. 2. The information recording medium according to claim 1, wherein the key type information is constituted by a plurality of bit information corresponding to a plurality of functions on a one-to-one basis, and “1” or “0” of the bit information is provided. An information recording medium storing a key, which indicates whether the key is valid or not.