Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
JP4162166B2 - IC card with variable response time - Google Patents
[go: Go Back, main page]

JP4162166B2 - IC card with variable response time - Google Patents

IC card with variable response time Download PDF

Info

Publication number
JP4162166B2
JP4162166B2 JP24307198A JP24307198A JP4162166B2 JP 4162166 B2 JP4162166 B2 JP 4162166B2 JP 24307198 A JP24307198 A JP 24307198A JP 24307198 A JP24307198 A JP 24307198A JP 4162166 B2 JP4162166 B2 JP 4162166B2
Authority
JP
Japan
Prior art keywords
card
pin
response
input
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP24307198A
Other languages
Japanese (ja)
Other versions
JP2000076402A (en
Inventor
矢野義博
半田富己男
松田雅之
柴田直人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dai Nippon Printing Co Ltd
Original Assignee
Dai Nippon Printing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dai Nippon Printing Co Ltd filed Critical Dai Nippon Printing Co Ltd
Priority to JP24307198A priority Critical patent/JP4162166B2/en
Publication of JP2000076402A publication Critical patent/JP2000076402A/en
Application granted granted Critical
Publication of JP4162166B2 publication Critical patent/JP4162166B2/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Description

【0001】
【発明の属する技術分野】
本発明はICカードと端末装置間の通信において、端末装置より入力される命令に対するICカードからのレスポンスの送信タイミングを可変化するようにしたICカードに関する。
【0002】
【従来の技術】
従来、ICカードの不正利用に対する防止策として外部からの命令に対するICカードのレスポンス時間に着目したものが知られている。例えば、特開昭62─251963号公報は、Personal IdentificationNumber(以下PIN)の照合のためのレスポンス時間をあえて一定にするもので、これはPINが正しいか、間違っているかを判断するとき、判断するロジックが変わるとレスポンス時間が変化し、そのためロジックの類推が可能となるので、あえてレスポンス時間を一定にすることで、悪意のある者からのロジッの類推を防ぐように工夫したものである。
【0003】
また、特開平10─69222号公報では、ICカード内で暗号化処理、復号処理を行うものにおいて、暗号化のために使用した鍵とレスポンス時間とが相関をもち、レスポンス時間から鍵の性質が分かる可能性があるため、レスポンス時間をランダムに遅延させることにより鍵の類推を防止している。
【0004】
【発明が解決しようとする課題】
ICカードの情報記録部あるいはアクセス制御部へのアクセスのためのコマンドに対するICカードからのレスポンスのタイミングは、照合や認証の正否等の結果や、レスポンスに載せる情報生成手順によって異なるが、同じ処理手順で行う場合、処理に要する時間はほぼ一定になる傾向がある。例えば、ICカードのような高セキュリティな機能を有する媒体において、不正な利用者によるランダムなPIN入力に対しても照合結果の出力に要する時間は正当な利用者のものと変わらず、そのため総当たり攻撃によってPINが分かってしまう可能性がある。
【0005】
本発明は上記課題を解決するためのもので、総当たり攻撃からPINや認証用暗号鍵の類推を不可能にし、セキュリティを向上させることを目的とする。
【0006】
【課題を解決するための手段】
本発明は、情報記憶手段と情報処理制御手段とを持ち、前記情報処理制御手段は、外部から入力された命令を解釈し、情報記憶手段にアクセスして一定の処理を行うとともに、認証コードの入力がある度に該認証コードの照合を行った後、レスポンスを返すICカードであって、認証コードの照合の結果、入力された認証コードが真正でないとき、レスポンスを返す際にそのタイミングを遅延させる遅延手段と、照合の結果認証コードが真正でないときインクリメントするカウンタとを設け、前記遅延手段は、前記カウンタの計数値が所定値に達する毎に階段状に遅延時間を増大させることを特徴とする。
【0007】
【発明の実施の形態】
以下、本発明の実施の形態について説明する。
図1は本発明のシステム概念図で、端末装置1に対してICカード2をセットすると、端末装置1からはICカード2に対して、コマンド(命令)を送信し、これを受信したICカード2はコマンドを解釈して書き込み、読み取り、読み出し等の処理を実行し、処理結果をレスポンスとして端末装置1に返すようになっている。
【0008】
図2は本発明のICカードの構成を示す概念図である。ICカードにはCPU20、情報記憶部21、不正PINカウンタ22、遅延回路23、送受信回路24を有している。情報記憶部21はプログラム記憶領域、作業エリア、書換え可能な不揮発性メモリ領域を有している。CPU20は、端末装置1から送信されるコマンドを受信するとコマンドと共に送信されたデータを読み込み、情報記憶部21にアクセスして必要な処理を行い、結果を送受信回路24よりレスポンスとして出力する。さらに本発明においては、不正PINカウンタ22、遅延回路23を有している。不正PINカウンタ22は連続してPIN入力が行われたとき、その入力された回数をカウントするものであり、遅延回路23はレスポンス時間を遅延させるためのものである。遅延手段は、遅延回路ではソフトウエアによる実現のいずれでもよい。
【0009】
図3はICカードの信号の流れを示しており、図示するように、送受信回路24を通してPIN入力が行われると、CPU20では入力したPINが真正か否かを判定するための照合を行い、正否を送受信回路24を通してレスポンスとして送信する。不正PINカウンタ22は連続して入力される不正なPIN入力回数をカウントし、例えば、図4に示すように、不正PIN入力回数が所定値に達すると、所定の遅延時間を遅延回路23に設定する。この不正PIN入力回数に対して階段状に遅延時間が増えるように設定する。このため、総当たり攻撃でPIN入力を行おうとすると、入力回数に応じて応答時間が飛躍的にかかってしまうため、結局は真正なPIN情報を盗み取ることは不可能である。
【0010】
図5はレスポンスを遅延させる処理フローを示す図である。
PIN入力があってこれを受信すると(S1)、入力されたPINが真正か否か判断するための照合を行う(S2)。照合の結果、真正なものであれば次の処理に進み、真正でないと判断されると不正PINカウンタをインクリメントする(S3、S4)。次いで、不正PINカウンタの値が所定値K以上か否か判断し(S5)、所定値K未満であれば、通常のタイミングでPINが間違っていることをレスポンスとして出力し(S7)、所定値K以上であればレスポンスの時間を遅延させ(S6)、出力する。
【0011】
【発明の効果】
以上のように本発明によれば、連続的に入力される不正なPIN入力に対し、ICカードからのレスポンス送信までの時間を大幅に遅らせことによりランダムなPIN入力による総当たり攻撃を防ぐことが可能となる。
【図面の簡単な説明】
【図1】 本発明のシステム概念図である。
【図2】 本発明のICカードの構成を示す図である。
【図3】 ICカードの信号の流れを示す図である。
【図4】 不正PIN入力回数に対する遅延時間の関係を示す図である。
【図5】 レスポンスを遅延させる処理フローを示す図である。
【符号の説明】
1…端末装置、2…ICカード、20…CPU、21…情報記憶部、22…不正PINカウンタ、23…遅延回路、24…送受信回路。
[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an IC card in which the transmission timing of a response from an IC card in response to a command input from the terminal device is made variable in communication between the IC card and the terminal device.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, as a preventive measure against illegal use of an IC card, one that pays attention to the response time of the IC card in response to an external command is known. For example, Japanese Patent Laid-Open No. Sho 62-251963 dares to make the response time for collating Personal Identification Number (hereinafter PIN) constant, which is determined when determining whether the PIN is correct or incorrect. When the logic changes, the response time changes, so that it is possible to analogize the logic. Therefore, by deliberately making the response time constant, it is devised to prevent logic analogy from a malicious person.
[0003]
In Japanese Patent Laid-Open No. 10-69222, in the case where encryption processing and decryption processing are performed in an IC card, the key used for encryption and the response time have a correlation, and the property of the key is determined from the response time. Since there is a possibility of understanding, the analogy of the key is prevented by randomly delaying the response time.
[0004]
[Problems to be solved by the invention]
The timing of the response from the IC card to the command for accessing the information recording unit or the access control unit of the IC card differs depending on the result of verification or authentication correctness and the information generation procedure included in the response, but the same processing procedure In this case, the time required for processing tends to be almost constant. For example, in a medium having a high security function such as an IC card, the time required for outputting the collation result for a random PIN input by an unauthorized user is the same as that of a legitimate user. An attack may reveal the PIN.
[0005]
An object of the present invention is to solve the above-described problems, and it is an object of the present invention to make it impossible to analogize a PIN or an authentication encryption key from a brute force attack and improve security.
[0006]
[Means for Solving the Problems]
The present invention has an information storage means and an information processing control means. The information processing control means interprets an externally input command, accesses the information storage means to perform a certain process, and An IC card that returns a response after verifying the authentication code every time there is an input, and if the input authentication code is not authentic as a result of verifying the authentication code, delay the timing when returning the response And a counter that increments when the verification code is not authentic, and the delay means increases the delay time stepwise each time the count value of the counter reaches a predetermined value. To do.
[0007]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below.
FIG. 1 is a conceptual diagram of a system according to the present invention. When an IC card 2 is set in a terminal device 1, a command (command) is transmitted from the terminal device 1 to the IC card 2, and the IC card that has received this command. 2 interprets a command, executes processing such as writing, reading, and reading, and returns a processing result to the terminal device 1 as a response.
[0008]
FIG. 2 is a conceptual diagram showing the configuration of the IC card of the present invention. The IC card has a CPU 20, an information storage unit 21, an unauthorized PIN counter 22, a delay circuit 23, and a transmission / reception circuit 24. The information storage unit 21 has a program storage area, a work area, and a rewritable nonvolatile memory area. When receiving a command transmitted from the terminal device 1, the CPU 20 reads data transmitted together with the command, accesses the information storage unit 21, performs necessary processing, and outputs the result as a response from the transmission / reception circuit 24. Furthermore, the present invention has an illegal PIN counter 22 and a delay circuit 23. The illegal PIN counter 22 counts the number of input times when the PIN input is made continuously, and the delay circuit 23 is for delaying the response time. The delay means may be realized by software in the delay circuit.
[0009]
FIG. 3 shows the signal flow of the IC card. As shown in the figure, when a PIN input is made through the transmission / reception circuit 24, the CPU 20 performs collation to determine whether or not the input PIN is authentic. Is transmitted as a response through the transmission / reception circuit 24. The illegal PIN counter 22 counts the number of illegal PIN inputs that are continuously input. For example, as shown in FIG. 4, when the number of illegal PIN inputs reaches a predetermined value, a predetermined delay time is set in the delay circuit 23. To do. It is set so that the delay time increases stepwise with respect to the number of illegal PIN inputs. For this reason, if a PIN input is attempted by a brute force attack, the response time is drastically increased according to the number of inputs, and therefore it is impossible to steal genuine PIN information after all.
[0010]
FIG. 5 is a diagram showing a processing flow for delaying a response.
When a PIN input is received and received (S1), collation is performed to determine whether the input PIN is authentic (S2). If the result of the collation is authentic, the process proceeds to the next process. If it is determined that the result is not authentic, the illegal PIN counter is incremented (S3, S4). Next, it is determined whether or not the value of the illegal PIN counter is equal to or greater than a predetermined value K (S5). If it is less than the predetermined value K, it is output as a response that the PIN is incorrect at a normal timing (S7). If it is greater than or equal to K, the response time is delayed (S6) and output.
[0011]
【The invention's effect】
As described above, according to the present invention, it is possible to prevent a brute force attack by a random PIN input by significantly delaying the time until the response is transmitted from the IC card with respect to continuously input illegal PIN inputs. It becomes possible.
[Brief description of the drawings]
FIG. 1 is a conceptual diagram of a system of the present invention.
FIG. 2 is a diagram showing a configuration of an IC card according to the present invention.
FIG. 3 is a diagram showing a signal flow of an IC card.
FIG. 4 is a diagram illustrating a relationship of a delay time with respect to the number of illegal PIN inputs.
FIG. 5 is a diagram showing a processing flow for delaying a response.
[Explanation of symbols]
DESCRIPTION OF SYMBOLS 1 ... Terminal device, 2 ... IC card, 20 ... CPU, 21 ... Information storage part, 22 ... Incorrect PIN counter, 23 ... Delay circuit, 24 ... Transmission / reception circuit

Claims (1)

情報記憶手段と情報処理制御手段とを持ち、前記情報処理制御手段は、外部から入力された命令を解釈し、情報記憶手段にアクセスして一定の処理を行うとともに、認証コードの入力がある度に該認証コードの照合を行った後、レスポンスを返すICカードであって、認証コードの照合の結果、入力された認証コードが真正でないとき、レスポンスを返す際にそのタイミングを遅延させる遅延手段と、照合の結果認証コードが真正でないときインクリメントするカウンタとを設け、前記遅延手段は、前記カウンタの計数値が所定値に達する毎に階段状に遅延時間を増大させることを特徴とするレスポンスタイムを可変化したICカード。An information storage means and an information processing control means, the information processing control means interprets an externally input command, accesses the information storage means to perform a certain process, and each time an authentication code is input And a delay means for delaying the timing when returning the response when the authentication code input is not authentic as a result of the verification of the verification code. And a counter that increments when the verification result authentication code is not authentic, and the delay means increases the delay time stepwise every time the count value of the counter reaches a predetermined value. Variable IC card.
JP24307198A 1998-08-28 1998-08-28 IC card with variable response time Expired - Fee Related JP4162166B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP24307198A JP4162166B2 (en) 1998-08-28 1998-08-28 IC card with variable response time

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP24307198A JP4162166B2 (en) 1998-08-28 1998-08-28 IC card with variable response time

Publications (2)

Publication Number Publication Date
JP2000076402A JP2000076402A (en) 2000-03-14
JP4162166B2 true JP4162166B2 (en) 2008-10-08

Family

ID=17098365

Family Applications (1)

Application Number Title Priority Date Filing Date
JP24307198A Expired - Fee Related JP4162166B2 (en) 1998-08-28 1998-08-28 IC card with variable response time

Country Status (1)

Country Link
JP (1) JP4162166B2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3929888B2 (en) 2002-12-25 2007-06-13 株式会社東芝 IC card
JP4845057B2 (en) 2008-04-14 2011-12-28 京セラ株式会社 Portable electronic device and program
WO2016158136A1 (en) * 2015-03-31 2016-10-06 ブラザー工業株式会社 Information input device and program
JP6520741B2 (en) * 2015-03-31 2019-05-29 ブラザー工業株式会社 Information input system
CN105721650B (en) * 2016-01-27 2018-12-04 努比亚技术有限公司 A kind of realization mobile phone card identification method and terminal

Also Published As

Publication number Publication date
JP2000076402A (en) 2000-03-14

Similar Documents

Publication Publication Date Title
RU2224288C2 (en) Intercept-protected memory device
EP1759338B1 (en) One-time authentication system
EP2247024B1 (en) Determining the validity of a connection between a reader and a transponder
US5513261A (en) Key management scheme for use with electronic cards
US10044512B2 (en) Decoupling of measuring the response time of a transponder and its authentication
JP3155973B2 (en) Method and apparatus for enhancing protection of a chip card
US20090282259A1 (en) Noisy low-power puf authentication without database
JPS61139873A (en) Authorization system
JPS63229541A (en) data exchange system
US8146154B2 (en) Method and system for using shared secrets to protect access to testing keys for set-top box
RU2377655C2 (en) Protection module component
WO1999064996A1 (en) Preloaded ic-card and method for authenticating the same
EP3855326B1 (en) Biometric system and method for recognizing a biometric characteristic in the biometric system
JP3586475B2 (en) Method and circuit device for generating pseudo-random number sequence
JPH0934798A (en) Electronic assembly with integrated circuit device with lockcircuit
KR100358705B1 (en) An apparatus for information protection using Universal Serial Bus(USB) security module and crypto-chip based on PC
JP2003528515A (en) Cryptographic communication method for protection against fraud
JP2003198529A (en) Recovering secret quantities from integrated circuit identifiers
JP4162166B2 (en) IC card with variable response time
JP2003228521A (en) Blocking of operation of integrated circuit
US7886163B2 (en) Authentication protocol with memory integrity verification
JP2007026051A (en) Information processing apparatus and information processing system
US7110858B2 (en) Object identification uses prediction of data in distributed network
JP3586478B2 (en) Method for generating pseudo-random number sequence, circuit device and method of using the same
JP2009015651A (en) Information storage medium

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20050825

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20070914

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20071112

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20071207

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080204

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20080229

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080423

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20080718

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20080718

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110801

Year of fee payment: 3

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110801

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120801

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120801

Year of fee payment: 4

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130801

Year of fee payment: 5

LAPS Cancellation because of no payment of annual fees