JPH03224080A - Mutual authentification system - Google Patents

Abstract

PURPOSE:To reduce the amount of data to be held and to utilize a memory area for another purpose by applying cryptographic processing when two pieces of random number data and two pieces of key data are prepared by a first request, and holding only authentification information that is a result. CONSTITUTION:Terminal equipment (second electronic device) 8 which handles an IC card (first electronic device) as a portable electronic device connects the IC card 1 to a control part 3 consisting of a CPU, etc., via a card reader/ writer 2, and also, it is comprised by connecting a keyboard 4, a CRT display device 5, a printer 6, a floppy disk device 7 to the control part 3. When the two pieces of random number data and two pieces of key data are prepared by the first request, the cryptographic processing is performed, and only the authentification information that is the result of the processing is held. In such a way, it is possible to reduce the amount of data to be held in a process where a second request is received after the first request is executed, and to effectively use the memory area for another purpose.

Description

Detailed Description of the Invention [Object of the Invention] (Industrial Application Field) The present invention relates to erasable non-volatile memory and C
A portable electronic device (first electronic device) called an IC card that has a built-in IC (integrated circuit) chip having a control element such as a PU, and a terminal device (second electronic device) that handles this portable electronic device. The present invention relates to a mutual authentication method that performs mutual authentication between electronic devices (electronic devices).

(Prior art) In the conventional mutual authentication method of this type, as is well known, the first
In response to the request, the first random number data is received, the first authentication key data is prepared based on the key designation information, and in response, the second random number data is generated and the second authentication key data is prepared. Encryption processing is performed twice according to the following second request,
Two types of authentication information were generated.

(Problems to be Solved by the Invention) Conventionally, two random number data and two key data were held in response to a first request, and were used as manual data and key data for cryptographic processing in response to a second request. Therefore, the memory area (RAM) for holding these four types of data is
was necessary.

SUMMARY OF THE INVENTION Therefore, an object of the present invention is to provide a mutual authentication method that reduces the amount of data that needs to be held and allows the memory area to be effectively used for other purposes.

[Structure of the Invention] (Means for Solving the Problems) The present invention provides a mutual authentication system between a first electronic device and a second electronic device, in which a second electronic device is used for authentication. a first receiving means for receiving information specifying the first data and the first key data, and a means for transmitting the information specifying the second data and the second key data to the second electronic device; a second receiving means for receiving first authentication information generated from second data and second key data in the second electronic device;
a first generation means for generating second authentication information based on key data; a comparison means for comparing the first authentication information and the second authentication information; and a comparison means for comparing the first authentication information and the second authentication information; and a second generation means for generating third authentication information by executing the first generation means and/or the second generation means before reception by the second reception means, and the comparison means and a holding means for holding second authentication information used for the second authentication information and/or third authentication information output to the second electronic device.

(Function) When two random number data and two key data are obtained in the first request, encryption processing is performed, and only the resulting authentication information is retained.

This reduces the amount of data that must be retained in the process of receiving the second request after issuing the first request.
It becomes possible to effectively utilize the memory area for other purposes.

(Example) Hereinafter, an example of the present invention will be described with reference to the drawings.

FIG. 6 shows a configuration example of a terminal device (second electronic device) that handles an IC card (first electronic device) as a portable electronic device according to the present invention.

That is, this terminal device 8 enables the IC card 1 to be connected to the control section 3 consisting of a CPU etc. via the quad reader/writer 2, and also connects the control section 3 to the keyboard 4, CR, etc.
It is constructed by connecting a T-display device 5, a printer 6, and a floppy disk device 7.

The IC card 1 is held by the user and is used to refer to a personal identification number known only to the user when purchasing a product, for example, and to store necessary data. Its functional blocks are shown in Fig. 5. It is further comprised of parts that execute basic functions such as a read/write section 11, a password setting/password verification section 12, and an encryption/decryption section 13, and a screen hider 14 that manages these basic functions. The read/write unit 11 has a function of reading, writing, or erasing data from a data memory 16, which will be described later.

The password setting/password verification unit 12 has a function of storing the password set by the user and prohibiting reading of the password, as well as verifying the password after setting the password and granting permission for subsequent processing. The encryption/decryption unit 13 is
For example, it performs encryption to prevent leakage and forgery of communication data when transmitting data from the control unit 3 to another terminal device via a communication line, and decrypts encrypted data. The supervisor 14 has the function of decoding the function code input from the card reader/writer 2 or the function code to which data is added, and selecting and executing a necessary function among the basic functions.

In order to perform these functions, the IC card 1 has a control element (for example, a CPU) 1, as shown in FIG.
5, it is composed of a data memory 16, a program memory 17, and a contact part 18 for obtaining electrical contact with the card reader/writer 2, and the part within the broken line (control element 15, data memory 16, The program memory 17) is composed of one IC chip (or a plurality of IC chips) and is embedded within the IC card body.

The program memory 17 is composed of, for example, a mask ROM, and stores a control program for the control element 15 including subroutines for realizing each of the basic functions described above.

The data memory 16 is used to store various data, and is composed of an erasable nonvolatile memory such as an EEPROM.

For example, as shown in FIG. 3, the data memory 16 stores one common data file (hereinafter abbreviated as CDF) 21 that is commonly used by all applications, and a plurality of application data files (hereinafter referred to as CDF) that are used individually by each application. (hereinafter abbreviated as ADF) 22a, 2
2b and 22c, and each ADF 22
a.

In 22b and 22c, the data file name (D
F N) is given.

In the example of FIG. 3, in the CDF 21,
The ADF 22a includes designation key data aaa indicated by key data number KIDOI and internal key data bbb indicated by key data number KIDO2, and the ADF 22a indicated by DFN-AAA contains a specification key data indicated by key data number KIDO3. Data CCC and designation key data ddd indicated by key data number KIDO4 are included. The ADF 22b indicated by DFN-BBB has internal key data ee indicated by key data number KIDO5.
e, and a data area indicated by area number AIDS5. In particular, the data area is given attribute information indicating that it can be accessed if authentication is confirmed through authentication processing using internal key data within the ADF 22b. Also,
The ADF22c indicated by DFN-CCC has internal key data f f f indicated by key data number KID80.
, a data area indicated by area number AIDS6, and a data area indicated by area number AIDS7. In particular, the data area indicated by the area number AID56 is given attribute information that allows access when authentication is confirmed by the internal key data in the CDF21, and the data area indicated by the area number AIDS7 is , attribute information indicating that access is possible when authentication is confirmed through authentication processing using internal key data in the CDF 21 or internal key data in the ADF 22C is given.

Here, the designation key data is key data for the terminal device 8 to authenticate the IC card 1, and the internal key data is the key data for the IC card 1 to authenticate the terminal device 8.

Next, an overview of the operation of the IC card 1 will be explained using FIG. When the IC card 1 receives the message shown in FIG. 2(a) from the terminal device 8, it selectively reads the message shown in FIG. 1(a) from the function code.
Execute the mutual authentication preparation flow in a). These processes are performed by the control element 15 according to the program in the program memory 17. That is, first, it is determined whether the ADF has been selected or not by checking the internal RAM (RAM in the control element 15).
) in the selected ADF specific information. At this time, if it has not been selected, the key data number (K
ID) and, if selected, CDF 2
Find KID from within 1 and also within the selective flow ADF. If it is not found at this point, an error status will be output.

If found, the corresponding key data is internally read and checked to see if it is normal. At this time, if it is not normal, an error status is output. If normal, the random number information A in the message and the key data are stored in a predetermined area of the internal RAM.

Next, random number information B is generated according to a predetermined algorithm using this random number information A, the card-specific number set at the time of card issuance, and card random number information stored in advance as an initial value in the data memory 16. ,
Rewrite this as new card random number information (.

Next, check again whether the ADF has been selected, and if it is not selected, find the KID of the internal key data from the CDF21, and if it has been selected, check the internal key data KID in the CDF21 and the selected ADF.
Find KID from inside (ADF is prioritized). If not found, output an error status. If found, the corresponding key data is read internally and checked to see if it is normal. At this time, if it is not normal, an error status is output.

Now, if normal, the previously generated random number information B is encrypted using the found internal key data as an encryption key, and the result is stored in a predetermined area of the internal RAM as authentication information C2X. Then, the internal key data KID and random number information B are output, and this flow ends.

Through this flow, random number information and key designation information can be shared in mutual authentication between the terminal device 8 and the IC card 1.

Next, when the message shown in FIG. 2(b) is received, the flow shown in FIG. 11(b) is selectively executed from the function code. That is, first, it is checked whether the mutual authentication preparation command described above has been executed, and if not, an error status is output.

If it has been executed, the authentication information C2 in the next input message
and the authentication information C2X that was previously stored on the internal RAM.
If they match, turn on the match flag, otherwise turn it off. At this time, depending on whether the internal key data belongs to ADF or CDF, either the ADF correspondence match flag or the CDF correspondence match flag is turned on or off. Next, the random number information A previously stored on the internal RAM is encrypted using the specified key data as the encryption key, and the result is output as the authentication information CIX together with the result of the matching flag above, and this flow is continued. finish.

This flow enables mutual authentication with the terminal device 8.

Next, when the message shown in FIG. 2(C) is received, the ADF selection flow shown in FIG. 1(c) is selectively executed from the function code. That is, first, it is checked whether the DFN in the message is registered in the data memory 16 of the IC card 1, and if it is not found, an error status is output.

If found, the ADF compatible match flag among the C2/C2X match flags is turned off. Next, the specified DFN
It holds the unique information corresponding to in the internal RAM and outputs the normal completion status.

Next, when the read command message shown in FIG. 2(d) or the write command message shown in FIG. 2(e) is received, the flow shown in FIG. 1(d) is selectively executed from the function code. In other words, first determine whether the ADF has been selected,
If it has not been selected, the area number (AID) in the input message is found in the CDF 21, and if it has been selected, the AID is found in the selected ADF and the CDF 21.

If it is not found, an error status will be output.

If found, it is determined whether or not it is necessary to check the previous match flag by referring to the attribute information of the correspondingly stored area. If necessary, it is determined whether it is an ADF compatible match flag, a CDF compatible match flag, or either one.

If the ADF compatible match flag is required or if either is acceptable, refer to the ADF compatible match flag and check whether it is turned on. If off, output error status.

Further, if the CDF correspondence match flag is necessary or if either is acceptable, the CDF correspondence match flag is referred to and checked whether it is turned on or not. If it is off, it will output an error status.

Then, according to the function code in the message, the corresponding read or write processing is performed and the processing result is output.

Next, the operation of the IC card 1 with respect to the key data and area configuration as shown in FIG. 3, for example, will be explained. In Fig. 3, as described above, in this state, for mutual authentication when ADF selection is not performed, the key data of KIDO1 is used as the designated key data, and the key data of KIDO2 is used as the internal key data. is used.

In addition, when ADF22a is selected by DFN-AAA, the specification key data is KID03 or KID03.
The key data of IDO4 or the key data of KIDO1 is used, and the key data of KIDO2 is used as an internal keep.

Similarly, when the ADF 22b is selected by DFN-BBB, the key data of KIDOI is used as the specification key data, and the key data of KIDO5 is used as the internal key data.

Now, in order to access the area of AIDS5 in the ADF 22b, the attributes of this area require internal key data in the ADF. Therefore,
Mutual authentication must be performed after selecting the ADF 22b. If ADF22b is selected after mutual authentication, the internal key data used for this mutual authentication is KID, 0.
This is because it becomes the second key data.

Further, in order to access the area of AID 56 in ADF 22C, the attribute of this area requires internal key data in CDF 21. Therefore, it is necessary to select the ADF 22c and access the area after mutual authentication.

In addition, for AIDS7 areas, A
This allows access whether the DF22c is selected or vice versa.

Further, in particular, if the ADF 22b is selected and the ADF 22c is selected after mutual authentication is executed, access to the AIDS7 area becomes impossible.

[Effects of the Invention] As detailed above, according to the mutual authentication method of the present invention, encryption processing is performed when two random number data and two key data are prepared in the first request, and the result is Since only the authentication information is retained, the amount of data that must be retained in the process of receiving the second request after making the first request is reduced, and the memory area can be effectively used for other purposes. becomes. In particular, for example, I
This is effective for C cards, etc.

[Brief explanation of drawings]

The figures are for explaining one embodiment of the present invention, and FIG. 1 is a flowchart explaining an overview of the operation of the IC card, FIG. 2 is a diagram showing examples of various command message formats input to the IC card, and FIG. 3 is a diagram showing the file structure of the data memory, FIG. 4 is a block diagram showing the schematic configuration of the IC card, and FIG. 5 is a diagram showing the functional blocks of the IC card.
FIG. 6 is a block diagram showing the configuration of the terminal device. 1...IC card (first electronic device), 8...
...Terminal device (second electronic device), 15...
- Control element, 16...Data memory (non-volatile memory), 17...Program memory, 21...
...Common data file (CD F), 22
a, 22b, 22c = 1 - Application Data File (ADF).

Claims (1)

[Claims] A mutual authentication method between a first electronic device and a second electronic device, wherein the second electronic device specifies first data and first key data used for authentication. first receiving means for receiving information; means for transmitting information specifying second data and second key data to the second electronic device; and second receiving means for receiving the first authentication information generated by the second data and the second key data; and a first generating means for generating the second authentication information by the second data and the second key data. a comparison means for comparing the first authentication information and the second authentication information; a second generation means for generating the third authentication information from the first data and the first key data; The first generating means and/or the second generating means are executed before the second receiving means receives the second authentication information and/or the second electronic device. A mutual authentication method comprising: a holding means for holding output third authentication information.