WO2002076012A1 - Systeme de controle d'acces a la memoire et procede de gestion faisant appel a un ticket de controle d'acces - Google Patents
Systeme de controle d'acces a la memoire et procede de gestion faisant appel a un ticket de controle d'acces Download PDFInfo
- Publication number
- WO2002076012A1 WO2002076012A1 PCT/JP2002/002112 JP0202112W WO02076012A1 WO 2002076012 A1 WO2002076012 A1 WO 2002076012A1 JP 0202112 W JP0202112 W JP 0202112W WO 02076012 A1 WO02076012 A1 WO 02076012A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ticket
- memory
- partition
- access control
- manager
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Definitions
- MEMORY ACCESS CONTROL SYSTEM DEVICE MANAGEMENT DEVICE, PARTITION MANAGEMENT DEVICE, MEMORY EMBEDDED DEVICE, MEMORY ACCESS CONTROL METHOD, AND PROGRAM STORAGE MEDIUM
- the present invention relates to a memory access control system, a device management device, a partition management device, a memory mounted device, a memory access control method, and a program storage medium.
- one memory is divided into a plurality of areas (partitions), and each partition stores data managed by a service provider or a related entity.
- the present invention relates to a memory access control system, a device management device, a partition management device, a memory mounted device, a memory access control method, and a program storage medium which can be used for various services using a memory mounted device.
- tape media Conventionally, tape media, floppy disks, hard disks, optical disks, semiconductor media, etc. have been used as devices that have memory.
- semiconductor media has attracted attention as a device that can securely manage the memory in the device. The reason is that semiconductor memories can easily realize a structure that is not easily accessed from outside, that is, a tamper-resistant structure.
- the tamper-resistant structure is, for example, a device having a single-chip configuration made of a semiconductor, having a control unit, a memory controller, a non-volatile memory, a voltage detection unit, a frequency detection unit, and the like. This is achieved by a configuration sandwiched between dummy layers such as an aluminum layer.
- the conventional memory structure of such a secure device will be described with reference to FIG. 96 “Conventional memory structure”.
- the memory in FIG. 96 shows a memory configuration that can be used, for example, as an electronic manager. As shown in Figure 96, the memory area is roughly divided into three. A data area, a memory management area, and a system area.
- the memory management area stores a storage address for accessing each data in the data area, an access method, an access authentication key, and the like. For example, it is shown that access to data 1 (user name) in the data area can be performed only by reading (Read) by using the access authentication key (0123 ).
- the system area stores a device identifier (ID), a memory management key as an authentication key for securing a memory area in the data area, and the like.
- the data area of the memory device shown in FIG. 96 can be divided into a plurality of data areas, and these divided data areas can be divided into different service entities, for example, electronic money service providers (ex. Different banks). ) Can be managed.
- the data in each segmented area can be read by individual service providers, as well as users, for example, reader / writers as device access devices installed in stores that sell products using electronic money (exclusive reader / writers or PCs). Reads and writes data, and (ex. Updates balance data).
- Fig. 97 The relationship between the administrator and the user of a secure device with multiple divided data areas as shown in Fig. 96 is shown in Fig. 97 "Memory administrator ⁇ user".
- a memory administrator who is the subject of issuing a secure device
- a memory user who has a memory area allocated by this memory administrator and uses the allocated memory.
- the memory user is, for example, a bank or a store according to the above-described example of the electronic money manager.
- the memory manager knows the memory management key for the access control for securing the memory area, and uses this memory management key to allocate the memory (divided data area) of each memory user. assign.
- the memory user knows the access authentication key for accessing the data in each data area, and can use the access authentication key to access the memory in the data area allocated to each.
- There are various access modes such as data reading (Read), writing (Write), and reduction of balance (D ecrement).
- Access authentication keys are individually set according to each processing mode and individually set. Can be set Can be.
- data 4 in the memory shown in FIG. 96 is money amount data
- the user of data 4 can perform a process of decrementing the data 4 and reading and writing (Reread) / Write) processing is possible.
- the access key differs between the processing of data 4 reduction (Decrement) and the processing of reading and writing (Read / Write), It is necessary to access the memory using the access key.
- FIG. 98 is a diagram illustrating a memory securing process in which a memory manager allocates a certain temporary area in a memory device to a memory user.
- the memory manager uses the memory allocation reader / writer (R / W: Reader / Writer) shown on the left side of the figure to read the memory shown on the right side of the figure. Executes the process of securing a temporary storage area for the device.
- the memory securing reader / writer (R / W: Reader / Writer) has a secure NVRAM (Non-Volatile RAM) for holding the memory management key.
- NVRAM Non-Volatile RAM
- the RZW for securing memory is a dedicated read / write R / W for a secure device, or if the secure device is a device with an I / F such as USB or PCMCIA, these interfaces are used. It may be a device readable and writable via a device, for example, a PC.
- R / W To secure memory using R / W, first read the device ID from the secure device. Next, an authentication key is generated in the R / W using the memory management key and the device ID, and mutual authentication is performed with the secure device using the generated authentication key.
- the mutual authentication process is executed according to, for example, mutual authentication using a common key method (ex. IS0 / IEC9798-2).
- the R / W After successful mutual authentication, the R / W encrypts the data structure, data size, access method and access authentication key with the session key, and adds a MAC (Message Authentication Code) value for data verification as necessary.
- the secure device Upon receiving the command, the secure device decrypts the received data, performs data tampering verification as required by MAC verification processing, and then places it in the memory area according to the data size in the received data. Secure a memory area, write a data structure to the secured area, and address the memory secured in the memory management area. The access method, access method and access authentication key.
- the reader / writer on the left side of Fig. 9-9 is a memory access reader / writer (R / W) owned by the memory user.
- the reader / writer is composed of a dedicated R / W or PC.
- the memory access reader / writer (R / W) is provided with a secure NVRAM for holding the access authentication key. In order to access the secure device overnight using the R / W, the device ID is first read from the secure device.
- an authentication key is generated using the access authentication key and the device ID, and mutual authentication is performed with the secure device using the generated authentication key.
- the R / W makes a predetermined access to the data in the temporary storage area corresponding to the access authentication key.
- payment terminals can increase security like ATMs, but withdrawal terminals are often used as cash collection machines when delivering goods at stores, etc., installation locations are various, and terminal theft Risk is high and it is difficult to increase the level of security. Therefore, a configuration in which the access authentication key is made different for overnight access is effective.
- the authentication processing using the memory management key or the authentication processing using the access authentication key is executed to execute each processing.
- these are, for example, a common key using a DES encryption algorithm. It does not assume authentication using the public key method or verification using the public key method.
- the configuration using a common key for the memory management key and access authentication key as described above has the advantage that authentication and access permission are executed in one process, but memory access using the leaked key is possible due to leakage of the authentication key. This is a security problem.
- the present invention has been made in view of the state of the prior art as described above, and various types of access control tickets are assigned to each device or each access to a memory area divided into a plurality of partitions. Issued under the management of the partition management entity, and execute processing based on the rules described in each ticket on a device with memory to realize an independent management configuration of data in each partition. With the goal.
- a memory access control system that enables partition-compatible authentication and device-target authentication to be executed according to either a public key or a common key specification method, and enables secure data communication under various environments It is an object to provide a device management device, a partition management device, a memory-mounted device, a memory access control method, and a program storage medium.
- the memory unit of the memory-equipped device is the memory unit of the memory-equipped device.
- the device includes one or more partition areas as a memory area that stores the data file and is managed by a partition manager, and a device manager management area that is managed by a device manager as an administrator of the memory-equipped device,
- the memory-equipped device includes:
- an access control ticket managed by the device manager or an access control ticket managed by the partition manager is received from an access device, and processing is performed according to the description of the received ticket.
- the access control ticket includes mutual authentication designation data designating a mutual authentication mode to be executed between the memory-equipped device and the access device that has output the ticket.
- the memory-equipped device executes a mutual authentication according to the mutual authentication designation data of the access control ticket, and executes a process according to the record of the received ticket on condition that the authentication is established. It is characterized by having.
- the access control ticket includes ticket verification specification data specifying a verification mode of the access control ticket received by the memory-equipped device;
- the on-board device is configured to execute a ticket verification process according to the ticket verification designation data of the access control ticket, and to execute a process according to the record of the received ticket on condition that the verification is established.
- the access control ticket includes a category or an identifier of a means for issuing the access control ticket, and the memory-equipped device receives the access control ticket from an access device.
- Category or knowledge of the means of issuing the access control ticket described in the access control ticket It shall have a configuration to execute confirmation processing that the ticket is a ticket issued by a valid issuing means based on the discriminator, and to execute processing in accordance with the record of the received ticket on condition of the confirmation. It is characterized by.
- the access control ticket includes a category or an identifier of an access device that is a use unit of the access control ticket, and the memory-mounted device includes an access device. Based on the category or identifier of the access device that is the use means of the access control ticket described in the access control ticket received from, the ticket is confirmed to be a ticket provided by a valid use means And executing a process in accordance with the recording of the received ticket on condition that the confirmation is performed.
- the device The access control ticket managed by the manager includes the memory-equipped device A partition registration ticket (PRT) that allows the creation or deletion of partitions for the memory section, and the memory-equipped device receives the partition registration ticket (PRT) when it receives the partition registration ticket (PRT) from the access device. It is characterized by executing partition creation processing or deletion processing according to the record of the partition registration ticket (PRT).
- PRT partition registration ticket
- the partition registration ticket includes a ticket issuer managed by the device manager and a ticket manager managed by the partition manager. Is issued to the other access device.
- the access control ticket managed by the partition manager includes a data file generated in a partition generated in a memory section of the memory-equipped device.
- the device with the memory includes a file registration ticket (FRT) that allows processing or deletion processing.
- FRT file registration ticket
- the device with the memory receives the file registration ticket (FRT) from the access device, it receives the file registration ticket (FRT). It is characterized by executing a file generation process or a deletion process according to the record.
- the aisle registration ticket is characterized in that it is issued from a ticket issuing means managed by the partition manager to an access device as a ticket user managed by the partition manager.
- the access control ticket managed by the partition manager includes a service for permitting access to a data file in a partition in a memory unit of the memory mounted device. If the service-equipped ticket (SPT) is received from the access device, the memory-equipped device has a data file in accordance with the record of the received service permission ticket (SPT). It is characterized by executing access processing for.
- SPT service-equipped ticket
- the service permission ticket is issued from a ticket issuing unit managed by the partition manager to a ticket manager managed by the partition manager. And issued to the access device.
- the access control ticket managed by the device manager or the partition manager includes a data permitting update process of data stored in a memory unit of the memory-equipped device. If the device with the memory receives a data update ticket (DUT) from the access device, the device according to the record of the received data update ticket (DUT) includes the overnight update ticket (DUT). It is characterized by executing a one-time update process.
- DUT data update ticket
- a device update ticket (DUT) for updating data in a device manager management area managed by the device manager includes a ticket managed by the device manager.
- a second aspect of the present invention provides:
- a device that stores a data file and performs device management of a memory-equipped device having at least one partition area as a memory area managed by the partition management apparatus and a device manager management area managed by the device management apparatus.
- the device management apparatus further comprises a partition registration ticket (PRT) issuance unit as a memory access control ticket for permitting a process of creating or deleting a partition with respect to a memory unit of the memory-equipped device.
- PRT partition registration ticket
- one embodiment of the device management apparatus of the present invention is characterized in that the device management apparatus has a registration authority configuration for executing issuance management of a public key certificate for the memory-equipped device.
- the partition registration ticket specifies a mutual authentication mode to be executed between the memory-equipped device and the access device that has output the ticket. It is characterized by including mutual authentication designation data.
- the partition registration ticket (PRT) includes a ticket verification designation data specifying a verification mode of the access control ticket received by the memory-equipped device.
- the partition registration ticket (PRT) includes a category or an identifier of a unit for issuing the access control ticket. It is characterized by the following.
- the partition registration ticket includes a category or an identifier of an access device that is a use unit of the access control ticket.
- a third aspect of the present invention is that
- a memory-equipped device partition that stores data files and has at least one partition area as a memory area managed by the partition management device and a device manager management area managed by the device management device.
- Partition management device that performs
- the partition management apparatus further comprises an access control ticket issuing unit that permits access to the inside of the partition generated for the memory unit of the memory-mounted device.
- the access control ticket allows a process of generating or deleting a temporary file in a partition generated in a memory unit of the memory-equipped device. It is a file registration ticket (FRT).
- FRT file registration ticket
- the access control ticket is a service permission ticket (SPT) that allows access to a data file in a partition in a memory unit of the memory-equipped device.
- SPT service permission ticket
- the partition management device has a registration authority configuration for executing issuance management of a public key certificate for the memory device.
- the access control ticket includes mutual authentication designation data designating a mutual authentication mode to be executed between the memory-mounted device and the access device that has output the ticket. It is characterized by including.
- the access control ticket includes ticket verification specification data specifying a verification mode of the access control ticket received by the memory mounted device. I do.
- the access control ticket includes a category or an identifier of a means for issuing the access control ticket.
- the access control ticket includes a power category or an identifier of an access device that is a use unit of the access control ticket.
- a fourth aspect of the present invention is that A memory-equipped device having a memory part capable of storing data,
- the memory unit of the memory-equipped device is the memory unit of the memory-equipped device.
- At least one partition area as a memory area managed by the partition manager; and a device manager management area managed by a device manager as an administrator of the memory-equipped device;
- the memory-equipped device includes:
- an access control ticket managed by the device manager or an access control ticket managed by the partition manager is received from an access device, and processing is performed according to the description of the received ticket.
- a memory-equipped device characterized by having control means for execution.
- the access control ticket includes a mutual authentication designation designating a mutual authentication mode to be executed between the memory-equipped device and the access device that has output the ticket.
- Data and the control means has a configuration to execute mutual authentication according to the mutual authentication designation data of the access control ticket, and to execute processing according to the record of the received ticket on condition that authentication is established. It is characterized by.
- the access control ticket includes a ticket verification designation data designating a verification mode of the access control ticket received by the memory-equipped device
- the control means is configured to execute a ticket verification process according to the ticket verification designation data of the access control ticket, and to execute a process according to the record of the received ticket on condition that the verification is established. It is characterized by.
- the access control ticket includes a category or an identifier of a means for issuing the access control ticket, and wherein the control means includes an access control received from an access device. Based on the category or identifier of the issuing means of the access control ticket described in the ticket, a process for confirming that the ticket is issued by a valid issuing means is executed, and the confirmation is performed. It has a configuration to execute the processing according to the record of the receipt ticket as a condition It is characterized by that. ,
- the access control ticket includes a category or an identifier of an access device that is a use unit of the access control ticket, and Based on the category or identifier of the access device that is the means of using the access control ticket described in the received access control ticket, the process of confirming that the ticket is provided by a legitimate means of use And performing a process according to the recording of the received ticket on condition of the confirmation.
- a fifth aspect of the present invention provides:
- the memory unit of the memory-equipped device is the memory unit of the memory-equipped device.
- the device includes one or more partition areas as a memory area that stores the data file and is managed by a partition manager, and a device manager management area that is managed by a device manager as an administrator of the memory-equipped device,
- the memory-equipped device includes:
- an access control ticket managed by the device manager or an access control ticket managed by the partition manager is received from an access device, and processing is performed according to the description of the received ticket. Executing a memory access control method.
- the access control ticket includes a mutual authentication designation data designating a mutual authentication mode to be executed between the memory-equipped device and the access device that has output the ticket. Including performing the mutual authentication according to the mutual authentication designation data of the access control ticket, and performing the processing according to the record of the received ticket on condition that the authentication is established.
- the access control ticket includes an access control ticket received by the memory mounted device.
- the device includes ticket verification specification data specifying a verification mode, and the memory-equipped device executes a ticket verification process according to the ticket verification specification data of the access control ticket, and receives the ticket on condition that the verification is established. It is characterized by executing processing according to the record.
- the access control ticket includes a category or an identifier of a means for issuing the access control ticket
- the memory-equipped device includes an access control received from an access device. Based on the category or identifier of the access control ticket issuance means described in the control ticket, a process of confirming that the ticket is issued by a valid issuance means is executed, and the confirmation is performed. It is characterized in that a process according to the record of the received ticket is executed as a condition.
- the access control ticket includes a power category or an identifier of an access device that is a use unit of the access control ticket
- the memory-mounted device includes: Based on the category or identifier of the access device that is the means of using the access control ticket described in the access control ticket received from the device, the ticket must be provided by a legitimate use method. It is characterized in that a confirmation process is executed, and a process according to the record of the received ticket is executed on condition of the confirmation.
- the access control ticket managed by the device manager includes a partition that allows a process of creating or deleting a partition with respect to a memory portion of the memory-equipped device.
- the memory-equipped device includes a partition registration ticket (PRT) when the partition registration ticket (PRT) is received from the access device. It is characterized by executing generation processing or deletion processing.
- the partition registration ticket (PRT) is transmitted from a ticket issuing unit managed by the device manager to a ticket user managed by the partition manager. Is issued to the access device.
- the access control ticket managed by the partition manager includes data for a partition generated in a memory section of the memory mounted device.
- the device includes a file registration ticket (FRT) that allows a file generation process or a deletion process.
- FRT file registration ticket
- the memory-equipped device receives the file registration ticket (FRT) from the access device, it receives a file registration ticket (FRT). It is characterized by executing file creation or deletion processing according to the FRT) record.
- the file registration ticket is transmitted from a ticket issuing unit managed by the partition manager to an access device as a ticket user managed by the partition manager. It is characterized in that it is issued to the public.
- the access control ticket managed by the partition manager allows an access to a data file in a partition in a memory unit of the memory-equipped device.
- the memory-equipped device follows the record of the reception service permission ticket (SPT). Access processing to the data file.
- the service permission ticket is issued from a ticket issuing unit managed by the partition manager to a ticket managed by the partition manager. It is issued to the access device as one user.
- the access control ticket managed by the device manager or the partition manager allows a process of updating data stored in a memory unit of the memory-equipped device.
- the memory-equipped device records the received data update ticket (DUT). It is characterized by executing the data update processing according to the data.
- a data update ticket (DUT) for updating data in a device manager management area managed by the device manager is transmitted from a ticket issuing unit managed by the device manager.
- a data update ticket (DUT) issued to an access device as a ticket managed by the device manager and for updating data in a partition area managed by the partition manager is provided by the packet.
- the ticket issuance means is issued from a ticket issuing means managed by the partition manager to an access device as a ticket user managed by the partition manager.
- a sixth aspect of the present invention provides
- the program storage medium of the present invention is, for example, a medium that provides a computer program in a computer-readable format to a general-purpose computer system that can execute various program codes.
- the form of the medium is not particularly limited, such as a recording medium such as CDFD and MO, and a communicable medium.
- Such a program storage medium includes a computer program and a storage for realizing the functions of a predetermined computer and program on a computer system. It defines a structural or functional cooperative relationship with the medium. In other words, by installing the computer program in the computer system via the storage medium, a cooperative operation is exerted on the computer system, and the same operation and effect as the other aspects of the present invention are obtained. You can do it.
- a system is a logical set of a plurality of devices, and is not limited to a device having each configuration in the same housing.
- FIG. 1 is a schematic diagram (part 1) of the system configuration for explaining the outline of the system configuration of the present invention.
- FIG. 2 is a system configuration schematic diagram (part 2) for explaining the outline of the system configuration of the present invention.
- FIG. 3 is a system configuration schematic diagram (part 3) for explaining a specific example of the system configuration of the present invention.
- FIG. 4 is a diagram for explaining the relationship between the access control ticket issuing means and the use means in the system of the present invention.
- FIG. 5 is a diagram showing a device configuration having a memory unit in the system of the present invention.
- FIG. 6 is a diagram showing a memory format of the device of the present invention.
- FIG. 7 is a diagram showing a device manager configuration in the system of the present invention.
- FIG. 8 is a diagram showing the configuration of the control means of the device manager in the system of the present invention.
- FIG. 9 is a diagram showing a configuration of a partition manager in the system of the present invention.
- FIG. 10 is a diagram showing the configuration of a reader / writer (R / W) in the system of the present invention.
- FIG. 11 shows the format of the public key certificate that can be used in the system of the present invention.
- FIG. 12 is a diagram showing a signature generation processing method of the public key system that can be used in the system of the present invention.
- FIG. 13 is a diagram showing a signature verification processing method of the public key system that can be used in the system of the present invention.
- FIG. 14 is a diagram showing a data configuration of a manufacturing information block in data stored in the memory unit in the device of the present invention.
- FIG. 15 is a diagram showing a data configuration of a device management information block in data stored in the memory unit in the device of the present invention.
- FIG. 16 is a diagram showing the data structure of a public key device key definition block stored in the memory unit of the device of the present invention during the whole day.
- FIG. 17 is a diagram showing a data configuration of a common key system device key definition block in data stored in the memory unit in the device of the present invention.
- FIG. 18 is a diagram showing a data structure of a device key area in data stored in the memory unit in the device of the present invention. .
- FIG. 19 is a diagram showing a data structure of a partition definition block stored in the memory unit of the device of the present invention during the night.
- FIG. 20 is a diagram showing a data structure of a partition management information block in data stored in the memory unit in the device of the present invention.
- FIG. 21 is a diagram showing a data structure of a public key system partition key definition block in data stored in the memory unit in the device of the present invention.
- FIG. 22 is a diagram showing a data configuration of a common key system partition key definition block in data stored in the memory unit in the device of the present invention.
- FIG. 23 is a diagram showing a data configuration of a partition key area in data stored in the memory unit in the device of the present invention.
- FIG. 24 is a diagram showing a data configuration of a file definition block stored in the memory unit of the device of the present invention during the whole day.
- FIG. 25 is a diagram for explaining the type of the structure of a file during a night stored in the memory unit in the device of the present invention.
- FIG. 26 is a diagram showing a format of a partition registration ticket (PRT) as an access control ticket applied in the system of the present invention.
- FIG. 27 is a diagram showing a format of a file registration ticket (FRT) as an access control ticket applied in the system of the present invention.
- PRT partition registration ticket
- FRT file registration ticket
- FIG. 28 is a diagram showing a format (example 1) of a service permission ticket (SPT) as an access control ticket applied in the system of the present invention.
- FIG. 29 is a diagram for explaining types of file access modes using a service permission ticket (SPT) as an access control ticket applied in the system of the present invention.
- FIG. 30 is a diagram for explaining a file structure to be accessed using a service permission ticket (SPT) as an access control ticket applied in the system of the present invention.
- SPT service permission ticket
- FIG. 31 is a diagram showing a format (example 2) of a service permission ticket (SPT) as an access control ticket applied in the system of the present invention.
- FIG. 32 is a diagram showing a format of a data update ticket (DUT) as an access control ticket applied in the system of the present invention.
- FIG. 33 is a diagram for explaining a data update target using a data update ticket (DUT) as an access control ticket applied in the system of the present invention.
- FIG. 34 is a diagram for explaining an outline of processing up to device use in the system of the present invention.
- FIG. 35 is a diagram showing a flow of initial registration processing of a device by the device manufacturing entity in the system of the present invention.
- FIG. 36 is a diagram showing a device registration process flow (part 1) by the device manager in the system of the present invention.
- FIG. 37 is a diagram showing a device registration process flow (part 2) by the device manager in the system of the present invention.
- FIG. 38 is a diagram showing a device registration process flow (part 3) by the device manager in the system of the present invention.
- FIG. 39 is a diagram showing a flow (part 4) of the initial registration of the device by the device manager in the system of the present invention.
- FIG. 40 is a diagram showing a flow (part 5) of the initial registration of the device by the device manager in the system of the present invention.
- FIG. 41 is a diagram illustrating device storage data after the device initial registration process by the device manager in the system of the present invention.
- FIG. 42 is a diagram showing a public key certificate issuance processing flow (No. 1) by the development manager in the system of the present invention.
- FIG. 43 is a diagram showing a public key certificate issuance processing flow (part 2) by the device manager in the system of the present invention.
- FIG. 44 is a diagram illustrating a process of issuing a public key certificate by a device manager in the system of the present invention.
- FIG. 45 is a diagram illustrating a process of issuing a public key certificate by a device manager in the system of the present invention.
- FIG. 46 is a diagram illustrating data stored in the device after the public key certificate issuance processing by the device manager in the system of the present invention.
- FIG. 47 is a diagram showing a flow of a process of generating and deleting partitions for devices in the system of the present invention.
- FIG. 48 is a flowchart (part 1) illustrating a mutual authentication process with a device in the system of the present invention.
- FIG. 49 is a flowchart (part 2) for explaining the mutual authentication process with a device (device authentication) in the system of the present invention.
- FIG. 50 is a diagram for explaining the mutual authentication process of the public key system with the device in the system of the present invention.
- FIG. 51 is a diagram illustrating the configuration of an authentication table generated in a device after the mutual authentication process with the device in the system of the present invention.
- FIG. 52 is a diagram illustrating a configuration of an authentication table generated in the reader after the mutual authentication processing with the device in the system of the present invention.
- Fig. 53 shows the mutual authentication process of the common key method with the device in the system of the present invention.
- FIG. 54 is a diagram for explaining a mutual authentication process using a common key method with a device in the system of the present invention.
- FIG. 55 is a flowchart (part 3) for explaining the mutual authentication process (partition authentication) with a device in the system of the present invention.
- FIG. 56 is a flowchart (part 4) for explaining the mutual authentication process (partition authentication) with a device in the system of the present invention.
- FIG. 57 is a flowchart (part 1) for explaining the validity of a ticket and the user check process in the system of the present invention.
- FIG. 58 is a flowchart (part 2) for explaining the validity of the ticket and the user check processing in the system of the present invention.
- FIG. 59 is a flowchart (part 1) for explaining the MAC generation method applicable to the validity of the ticket in the system of the present invention.
- FIG. 60 is a flowchart (part 1) for explaining partition creation and deletion operations in the system of the present invention.
- FIG. 61 is a flowchart (part 2) for explaining partition creation / deletion operations in the system of the present invention.
- FIG. 62 is a flowchart (part 1) illustrating the initial registration processing of a partition in the system of the present invention.
- FIG. 63 is a flowchart (part 2) for explaining the partition initial registration process in the system of the present invention.
- FIG. 64 is a flowchart (part 3) for explaining the initial registration processing of a partition in the system of the present invention.
- FIG. 65 is a diagram for explaining device storage data after the initial registration processing of a partition in the system of the present invention.
- FIG. 66 is a diagram (part 1) illustrating a process of issuing a public key certificate by the partition manager in the system of the present invention.
- FIG. 67 is a diagram (part 2) illustrating a process of issuing a public key certificate by the partition manager in the system of the present invention.
- FIG. 68 is a view for explaining processing when public key authentication and public key ticket verification are executed in the partition generation processing by the partition manager in the system of the present invention.
- FIG. 69 is a view for explaining processing in the case where public key authentication and common key ticket verification are executed in the partition generation processing by the partition manager in the system of the present invention.
- FIG. 70 is a view for explaining the processing in the case where the common key system authentication and the common key system ticket verification are executed in the partition generation processing by the partition manager in the system of the present invention.
- FIG. 71 is a diagram for explaining the processing in the case where the common key scheme authentication and the public key scheme ticket verification are executed in the partition generation processing by the partition manager in the system of the present invention.
- FIG. 72 is a flowchart for explaining the file generation / erasure process using the file registration ticket (FRT) in the system of the present invention.
- FIG. 73 is a flowchart illustrating a file generation / deletion operation to which the file registration ticket (FRT) is applied in the system of the present invention.
- FIG. 74 is a diagram for explaining a device storage device after generating a file using the file registration ticket (FRT) in the system of the present invention.
- FIG. 75 is a view for explaining processing in a case where public key system authentication and public key system ticket verification are executed in the file generation processing by the file registration ticket (FRT) in the system of the present invention.
- FIG. 76 is a view for explaining processing in a case where public key scheme authentication and common key scheme ticket verification are executed in the file generation processing by the file registration ticket (FRT) in the system of the present invention.
- FIG. 77 is a view for explaining processing in a case where a common key scheme authentication and a common key scheme ticket verification are executed in the file generation processing by the file registration ticket (FRT) in the system of the present invention.
- Fig. 78 shows the common key method authentication and the public key method ticket verification performed in the file creation processing by the file registration ticket (FRT) in the system of the present invention.
- FIG. 9 is a diagram for explaining a process in a case where the information processing is performed.
- FIG. 79 is a diagram showing a file access processing port to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 80 is a diagram showing a file open operation flow to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 81 is a diagram (Example 1) illustrating the configuration of a file open table generated by a file open operation to which a service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 82 is a diagram (example 2) illustrating the configuration of a file open table generated by a file open operation using a service permission ticket (SPT) in the system of the present invention.
- SPT service permission ticket
- FIG. 83 is a diagram (example 1) illustrating an example of a file access process to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 84 is a diagram (example 2) illustrating an example of a file access process to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 85 is a diagram illustrating handling of a session key generated by authentication in the system of the present invention.
- FIG. 86 is a flowchart (example 1) illustrating an example of a file access process to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 87 is a flowchart (Example 2) illustrating an example of a file access process to which the service permission ticket (SPT) is applied in the system of the present invention.
- FIG. 88 is a view for explaining an example of access processing of a compound file to which the service permission ticket (SPT) is applied in the system of the present invention.
- SPT service permission ticket
- FIG. 89 is a view for explaining processing when public key authentication and public key ticket verification are executed in the file access processing by the service permission ticket (SPT) in the system of the present invention.
- SPT service permission ticket
- FIG. 90 is a view for explaining processing in the case where public key authentication and common key ticket verification are executed in the processing by the service permission ticket (SPT) in the system of the present invention.
- FIG. 91 is a diagram for explaining the processing in the case where the common key scheme authentication and the common key scheme ticket verification are executed in the processing using the service permission ticket (SPT) in the system of the present invention.
- FIG. 92 is a diagram for explaining the processing in the case where the common key scheme authentication and the public key scheme ticket verification are executed in the processing using the service permission ticket (SPT) in the system of the present invention.
- SPT service permission ticket
- FIG. 93 is a diagram showing a data update processing flow by the data update ticket (DUT) in the system of the present invention.
- FIG. 94 is a diagram showing a data update operation flow by the data update ticket (DUT) in the system of the present invention.
- FIG. 95 is a view for explaining an example of data update processing by the data update ticket (DUT) in the system of the present invention.
- FIG. 96 is a diagram showing a conventional memory structure.
- FIG. 97 is a diagram for explaining a conventional relationship between a memory manager and a user.
- FIG. 98 is a diagram illustrating a conventional memory area securing process.
- FIG. 99 is a diagram illustrating a conventional memory access method. BEST MODE FOR CARRYING OUT THE INVENTION
- a 7. Data stored in the memory part of the device A 7. 1. Device specific information and device partition information area A 7. 2. Partition area
- FIG. 1 is a diagram illustrating an outline of the data management system of the present invention.
- the memory-equipped device (hereinafter referred to as “device”) 100 is manufactured by a device manufacturing entity (manufacturer) 500 and provided to a user under the control of a device manager (DM) 200 as a device management entity and used. .
- the device may be provided to the user in any form, such as lending or selling (including transfer).
- the memory area is divided into partitions as a plurality of data storage areas, and each partition (Partition ⁇ , ⁇ ⁇ ) is composed of various service entities (A, ⁇ , - ⁇ ) 300 ⁇ Used for various services under the management of a partition manager of ⁇ 300m2.
- the partition setting registration process for the device 100, the file setting registration process in the partition set in the device, and the access process for each registered file are performed by valid ticket issuer. Requires an access control ticket for the issued device.
- the partition setting registration process for the device 100 requires a partition registration ticket (PRT) issued by a valid ticket issuer (Ticket Issuer).
- File registration and registration processing (FRT: File Registration Ticket) issued by a valid ticket issuer is required for the registration and registration of files within an application, and access to each file is required.
- a Service Permission Ticket (SPT) issued by a valid Ticket Issuer is required.
- Each ticket includes access rules for the device 100, such as rules for mutual authentication between the reader / writer and devices that perform various processes such as reading and writing to the device, and, for example, partition registration tickets (PRT). If it is a partition size that can be set, if it is a file registration ticket (FRT), it can be a file size that can be set, and if it is a service permission ticket (SPT), an executable access mode (ex. Data read, write Etc.) are stored. In addition, information about ticket issuers, ticket users, and other information is stored. In addition, an integrity check value (ICV) for falsification check of the data stored in the ticket is recorded, and the processing within the range recorded in the ticket can be executed on condition that the ticket is not falsified. The details of these tickets will be described later.
- PRT partition registration tickets
- FRT file registration ticket
- SPT service permission ticket
- an executable access mode ex. Data read, write Etc.
- information about ticket issuers, ticket users, and other information is stored.
- the ticket issuance means (Ticket Issuer) for issuing the partition registration ticket (PRT) is set in the device manager (DM) 200, and is included in the service entities A and 300A as the partition manager.
- a ticket registration ticket (FRT) and a ticket issuer that issues a service permission ticket (SPT) are set.
- the configuration in Fig. 1 has basically the same configuration as service entity A for service entity BZ and 300B to 300Z, and a file registration ticket (FRT) for each service entity.
- a ticket issuer (Ticket Issuer) that issues a service permission ticket (SPT) is set.
- the service entity and the partition manager are shown as the same entity. However, these entities do not necessarily need to be the same, and manage the partition as the memory area set in the device.
- the service entity to perform may exist as a separate entity. In the following description, a configuration example in which a service entity functions as a partition manager will be described for simplification of the description.
- the partition manager (PM) as each of the service entities 300 A to 300 Z issues a partition registration ticket (PRT) to the device manager (DM) 200 under a predetermined contract, for example, by paying a reasonable price.
- a request for issuance is issued, and under the permission of the device manager (DM), a ticket issuer (Ticket Issuer) in the device manager (DM) performs partitioning for the partition manager (PM) as a service entity.
- Each service entity (partition manager (PM)) 300 executes access to the user's own device 100 via the communication interface (I / F), and receives the partition registration ticket received from the device manager (DM) 200. Performs authentication, verification, and other processing in accordance with the rules recorded in the PRT (PRT), and performs the setting registration of partitions within the permitted range recorded in the Partition Registration Ticket (PRT). This processing will be described later in detail.
- the communication I / F may be any interface that enables data communication with external devices (wired or wireless), for example, US BI / F if the device has a USB connection configuration, If it is an IC card type, a reader / writer for an IC card, a device having various communication functions such as a public line, a communication line, and an Internet connection, or a device that can be connected to these communication devices, may be used. It is configured as a data communication interface according to the communication method.
- each service subject 300 accesses the device 100 owned by the user via the communication interface (I / F), and the ticket of each service subject 300 is provided. Executes authentication, verification, etc. according to the rules recorded in the File Registration Ticket (FRT) issued by the Ticket Issuer, and the permissions recorded in the File Registration Ticket (FRT). Execute the setting registration process of the files in the range. This processing will be described in detail later.
- each service entity 300 accesses the device 100 owned by the user via the communication interface (I / F), and issues a service permission ticket issued by the ticket issuer of each service entity. Performs authentication, verification, etc. according to the rules recorded in the (SPT), and accesses within the permitted range recorded in the service permission ticket (SPT) (ex. Data reading, writing, etc.) ) Execute the processing. This processing will be described later in detail.
- a code management organization 400 is set above the device manager 200 and the partition manager 300, and a code as identification information of each entity is assigned to each device manager and the partition manager. We are performing the swinging process.
- the code assigned to each of these managers is Stored as access control ticket data such as partition registration ticket (PRT) and file registration ticket (FRT).
- a device manager (DM) 200 that manages the provided device is set, and the device manager is included in the provided device.
- device manager management information is written. Details of these events will be described later.
- FIG. 2 shows a device manager as a device management entity, and a code that assigns an identification code to two partition managers 30 OA and 300 B and a device manager 200 as management entities for each partition set in the device.
- the management body 400 is shown. Further, in response to a public key certificate issuance request from the registration authority 210 under the jurisdiction of the device manager 200, the device manager 200 and each device under the jurisdiction of the device manager (partition registration ticket (PRT) issuing means (PRT Issuer) ) 210 or a device manager-compatible Certificate Authority (CA (DEV): 6100) that issues a device-related public key certificate (CERT-DEV) corresponding to device 100, 300 A, 300 B Each device under the jurisdiction (File registration ticket (FRT) issuance means (FRT Issuer) 310, Service permission ticket issuance means (SPT) 320, Reader / writer as a device access device that is a ticket user 7 1 1-7 1 4 or partition machine that issues a partition-compatible public key certificate (CERT-PAR) corresponding to
- the CAs are Device Manager-compatible CAs (Certificate Authority) for DM (or CA (DEV)) 610, and Partition Manager-compatible CAs are CA for PAR (or CA (PAR). )) 620 and 630 are shown separately, but the only CA that has both functions is provided, or a common CA that supports multiple partition managers and a CA that supports device manager are provided separately. And its configuration is free.
- the device manager 200 and the partition managers 300 A and 300 B are their own public key certificates and the public key certificates of the devices (ticket issuing means and ticket users) managed by each manager.
- a public key certificate issuance request from device 100, verifies the accepted issuance request, and after verification, performs a process of transferring the certificate issuance request to a certificate authority.
- It has a Registration Authority (RA: Registration Authority) 220 and 330 that manages the public key certificate.
- the public key certificate issued from each certificate authority (CA) 6100, 6200, 630 via these registration authorities (RA) 220, 330 is stored in the device 100, For example, a partition setting process as a process for the device 100, a file setting process as a process for the partition, a mutual authentication process at the time of an access process to a file, or each ticket described above. Used in the validation process of the project. Details of the public key certificate issuing process and each process using the public key certificate will be described later.
- the device 100 is a partition manager as a partition manager, the management partition of the OA 1, 30 OA: PM l Area, the management partition of the partition manager 2, 300 B: PM 2 Area and a DMA area as a management area for the device manager 200.
- the device manager 200 has a partition registration ticket issuing means (PRT Issuer) 210, and the partion manager 300 has a file registration ticket issuing means (FRT Issuer) 310, And a service permission ticket issuing means (SPT Issuer) 320, each of which issues a ticket.
- PRT Issuer partition registration ticket issuing means
- FRT Issuer file registration ticket issuing means
- SPT Issuer service permission ticket issuing means
- the partition manager 1, 300A has a dedicated reader / writer (interface for reading and writing data to the device) 711 to 713 for each PRT, FRT, and SPT ticket.
- the partition managers 2 and 300B show a configuration having a common reader / writer 14 for each ticket.
- the reader / writer can have various configurations as described above. Further, a specific example of the entity will be described with reference to FIG. Figure 3 shows East-West Railway Co., Ltd. and the North-South Railway Co., Ltd. as partition managers who provide services using the partitions set in the device.
- the figure below shows an example of a device usage configuration that assumes an organization called the Japan Railway Group as a device manager that registers the partition settings with these partition managers, assuming two service entities of the company.
- Tozai railway Co., Ltd. has set and registered multiple files in its own partition: PM1 set in the user's device. That is, a commuter pass file, a prepaid file, and other files.
- the partition manager as each service entity can register various files in the partition assigned by the device manager set according to the service provided by itself. However, a file registration ticket (FRT) is required to register file settings.
- FRT file registration ticket
- Tozai railway Co., Ltd. functions as a partition manager that manages one partition of the device: PM L Area. Participation: PM 1 Area is operated by the Japan Railway Group as a device manager for authentication, verification, etc. according to the rules recorded in the Partition Registration Ticket (PRT) issued by the Japan Railway Group's PRT Issuer. The process is executed, and is set by the partition registration process within the permitted range recorded in the partition registration ticket (PRT), and given to East-West railway Company.
- PRT Partition Registration Ticket
- Tozai railway Co., Ltd. sets up various files according to the service provided to PM 1 Area, which has been granted.
- a commuter pass file and a prepaid file In the data storage area of the commuter pass file, for example, various data required as commuter pass management data such as commuter pass user name, use period, and use section are recorded. I do.
- the prepaid file records the user name, prepaid amount, balance data, and the like.
- processing such as authentication and verification in accordance with the rules recorded in the file registration ticket (FRT) issued by the East-West Railway FRT Issuer is executed, and the file registration ticket (FRT) is used. It is set by the setting registration process of the file within the recorded permitted range.
- FRT file registration ticket
- a device in which various files are set is used by a user.
- a user may use a device to set a device in a ticket gate equipped with a reader / writer as a device access device and use the device. It is possible.
- ticket gate The commuter pass file is accessed by a valid reader / writer provided at the site, and the use section is read. Also, the prepaid file is accessed, and the process of updating the remaining balance in the prepaid file is executed.
- the service issued by the East-West Railway Service Permission Ticket (SPT) issuer determines which file in the device is accessed and what processing (read, write, reduce, etc.) is executed. Recorded in the permission ticket (SPT). For example, the reader / writer as a valid device access device provided for a ticket gate stores these tickets, and performs authentication processing between devices, ticket verification, etc. according to the rules recorded in the tickets. The processing is executed. If the reader / writer as the device access device and the device are legitimate devices and the ticket used is legitimate, processing within the permitted range recorded in the service permission ticket (SPT) (ex. The data in the file will be read, written, reduced, etc.).
- SPT Service Permission Ticket
- Ticket Issuer a ticket issuing means
- FRT file registration ticket
- SPT service permission ticket
- the ticket issuer is under the control of the device manager or the partition manager as described in Fig. 1 and others, and the partition registration ticket (PRT) according to the processing for the device.
- PRT partition registration ticket
- FRT file registration ticket
- SPT service permission ticket
- a ticket user is a device or means that uses a ticket issued by a ticket issuing means. Specifically, for example, a device access device that executes processing such as writing and reading data to and from a device. Devices such as a reader / writer correspond to this.
- a ticket user can store and use a plurality of tickets.
- a service permission ticket SPT that permits execution of only the section data reading of the commuter pass file described with reference to Fig. 3 is stored, and the processing of only the section data reading is performed.
- Configuration to execute Is also possible.
- a ticket company that reads only commuter passes only includes a service permission ticket (SPT) that permits only the reading of section data in the commuter pass file described above.
- SPT service permission ticket
- a Reader / Writer as a device access device for a ticket gate that executes both commuter pass and prepaid processing
- SPT service permission ticket
- a service permission ticket (SPT) that allows the reduction of the balance data of the prepaid file is also stored, so that it is possible to execute both the commuter pass file and the prepaid file. is there.
- partition registration ticket PRT
- file registration ticket FRT
- SPT service permission ticket
- Figure 5 shows the configuration of the device.
- the device 100 has a CPU (Central Processing Unit) 101 having a program execution function and an arithmetic processing function, and communicates with an external device such as a reader / writer as a device access device.
- a communication interface 102 having an interface function for processing, a ROM (Read Only Memory) 103 storing various programs executed by the CPU 101, for example, an encryption processing program, a load area of an execution program, and the like.
- RAM Random Access Memory
- the cryptographic processing unit 105 the above-mentioned partitions and files are set and stored.
- a memory unit 106 configured by, for example, an electrically erasable programmable ROM (EEPR0M) storing device-specific information including various key data.
- EEPROM electrically erasable programmable ROM
- FIG. 6 shows the data storage configuration of the memory unit 106.
- the memory unit is, for example, a flash memory which is a form of an electrically rewritable nonvolatile memory called an EEPROM (Electrically Erasable Programmable ROM).
- EEPROM Electrically Erasable Programmable ROM
- the present embodiment has a data storage area of 1 block 32 bytes, the number of blocks 0 XFFFF, and the main area is a partition area, an unused area, device specific information, and in-device partition information. Have an area.
- a partition which is a management area by the aforementioned partition manager is set and registered. Note that the memory shown in Fig. 6 shows an example in which partitions have already been set, but a newly manufactured device has no partitions set and does not have a partition area.
- the partition manager As described above, based on the PRT ticket issued by the partition registration ticket (PRT) issuance means (PRT Issuer) managed by the device manager, the partition manager as a service entity performs predetermined procedures, That is, it is set in the memory in the device according to the rules set in the partition registration ticket (PRT).
- PRT partition registration ticket
- PRT Issuer partition registration ticket
- the device-specific information and the partition information area in the device are necessary when executing the partition registration process by executing device access information, device manager information, configuration partition information, and device partition information. Key information and the like are stored. Details of these stored information will be described later.
- the data stored in the device unique information area can be used as data corresponding to IDm as a device unique value applied at the time of mutual authentication described later.
- the partition area further has one or more file areas, unused areas, partition-specific information, and file areas in the partition.
- the file area is allocated by the service entity that is the partition manager. For example, it is an area for storing files set for each service such as commuter pass and prepaid as described above.
- the unused area is an area where a file can be further set.
- the partition specific information and the file information area in the partition store, for example, information on files in the partition, key information necessary for file access processing, and the like. Details of these stored information will be described later.
- the device manager is a management entity for devices provided (sold or lent) to users.
- the device manager 200 configures a partition for a device in response to a request from a partition manager serving as a service entity that provides a service using a partition set as a divided area of a memory unit in the device. It has a partition registration ticket (PRT) issuing means (PRT Issuer) 210 that issues a partition registration ticket (PRT) to be enabled.
- PRT partition registration ticket
- PRT Issuer partition registration ticket
- the device manager 200 issues a device-compatible public key certificate (CERT-DEV) corresponding to the device.
- the device manager 200 receives the public key certificate issuance request from the device, verifies the received issuance request, and after verification, transmits the certificate issuance request to a certificate authority (CA (DEV): Certificate Authority) 61
- CA certificate authority
- RA Registration Authority
- the partition registration ticket (PRT) issuance means (PRT Issuer) 210 of the device manager 200 has a control means 211 and a database 212.
- the data is used to manage the issuance of the partition registration ticket (PRT), such as ticket issuance management data, such as the partition manager identifier, ticket identifier, and ticket user (ticket issuance destination).
- ticket issuance management data such as the partition manager identifier, ticket identifier, and ticket user (ticket issuance destination).
- ticket e X. Reader writer, PC, etc) Stores data associated with identifiers.
- a registration authority (RA) 220 has a control unit 221, and a database 222 for managing the issuance of public key certificates.
- the device identifier that issued the public key certificate Stores a date associated with an identifier (serial pick-up) and the like.
- Control Means 211 is a partition registration ticket (PRT) that is transmitted to the partition manager by data communication with the Partition Manager. Execute issuance processing.
- the control means 221 of a registration authority (RA) 220 executes a process of issuing a public key certificate to a device. At this time, communication with a device, a device manager compatible certificate authority (CA (DEV)) is performed. ) Execute communication with 6 10. The details of these processes will be described later.
- the configuration of the control means 211, 221 will be described with reference to FIG.
- the control unit 211 is constituted by a central processing unit (CPU) that executes various processing programs.
- ROM (Read only Memory) 2 1 1 2 is a memory that stores an execution processing program such as an encryption processing program.
- a RAM (Random Access Memory) 211 is a storage area for programs executed by the control unit 211, for example, an execution program such as a database management program, an encryption processing program, a communication program, and the like. Used as a work area.
- the display unit 211 has display means such as a liquid crystal display device and a CRT, and displays data during execution of various programs, for example, data to be processed, under the control of the control unit 211. I do.
- the input unit 211 has a keyboard and a pointing device such as a mouse, and outputs commands and data input from these input devices to the control unit 211.
- the HDD (Hard Disk Drive) 2 1 16 stores programs such as a database management program, an encryption processing program, a communication program, and various data.
- the drive 211 is a magnetic disk such as an HD (Hard Disk) or FD (Floppy Disk), an optical disk such as a CD-ROM (Compact Disk ROM), a magneto-optical disk such as a mini disk, a ROM or a flash memory. It has a function to control access to various types of recording media such as semiconductor memories. Various recordings on magnetic disks, etc.
- the medium stores programs, data, and the like.
- the communication interface 218 functions as an interface for communication via a wired or wireless network such as a network, a cable connection, and a telephone line, and functions as a user device, a partition manager, a certificate authority, and the like. It functions as a communication interface with each entity.
- the partition manager is a management entity for partitions set on devices provided (sold or lent) to users.
- the partition manager 300 uses the partition registration ticket (PRT) given by the device manager to divide the divided area into the memory part in the user's device according to the rule recorded in the given PRT. Set the partition as, and provide the service using the set partition.
- PRT partition registration ticket
- File setting and overnight access processing are executed by a ticket user, that is, for example, a reader / writer as a dedicated device access device using the ticket.
- the partition manager 300 includes a file registration ticket (FRT) issuing means (FRT Issuer) 310 as a ticket issuing processing means for such a ticket user, and a service permission ticket (SPT) issuing means (SPT). Issuer) 320.
- FRT file registration ticket
- SPT service permission ticket
- Issuer 320.
- the partition manager 300 issues a partitioning public key certificate (CERT-PAR) corresponding to each partition of the device.
- the partition manager 300 receives the request for issuing a public key certificate from DePice, verifies the received request, and verifies the request for certificate issuance, after which the certificate request is issued by a certificate authority (CA (PAR)).
- CA certificate authority
- RA Registration Authority
- a file registration ticket (FRT) issuing means (FRT Issuer) 310 of the partition manager 300 includes a control means 311 and a database 312, and a database 311.
- 2 is a file registration ticket (FRT) issuance management data, which includes data for managing issuance of a ticket, for example, a ticket user (ex. Reader / writer, PC, etc) identifier of a ticket issuance destination, and a ticket. Stores the data associated with the data identifier.
- the service permission ticket (SPT) issuer (SPT) 320 of the partition manager 300 has a control means 321 and a database 322, and the database 322 has a service 322.
- the issuance management data of the permission ticket (SPT) for example, the ticket issuer of the ticket issuance destination (ex. A reader / writer as a device access device, a PC, etc.) identifier , And data in which ticket identifiers are associated.
- the Registration Authority (RA) 330 has a database 332 for issuing and managing public key certificates, and issues, for example, public key certificates as a means of issuing and managing public key certificates. This stores data in which the associated device identifier, partition identifier, public key certificate identifier (serial number) is associated.
- the file registration ticket (FRT) issuance means (FRT Issuer) 310 of the partition manager 300 is controlled by the ticketer (ex. Reader / writer as a device access device, PC, etc.). Through the overnight communication, a file registration ticket (FRT) issuance process is executed, and the control means 321 of the service permission ticket (SPT) issuance means (Ticket Issuer) 320 is controlled by the ticket user (eX. Device). It issues a service permission ticket (SPT) by data communication with a reader / writer as an access device, a PC, etc.).
- the control means 331 of the registration authority (RA) 330 executes a process of issuing a public key certificate to the device, at which time communication with the device, a partition manager-compatible certification authority (CA (CA) PAR)) Execute communication with 620.
- CA partition manager-compatible certification authority
- control means 311, 321, and 331 of the partition manager 300 The configuration is the same as that of the control means in the device manager described above with reference to FIG.
- the reader / writer as a device access device is configured as a device that performs various processes such as setting partitions for devices, setting files, reading and writing data, and subtracting and adding money data.
- the processing for the device follows the rules recorded in the partition registration ticket (PRT), file registration ticket (FRT), or service permission ticket (SPT) applied during the processing. That is, all processing for the device is restricted by these applied tickets.
- PRT partition registration ticket
- FRT file registration ticket
- SPT service permission ticket
- FIG. 10 shows a configuration example of a reader / writer as a device access device.
- the reader / writer 700 has a CPU (Central Processing Unit) 701 having a program execution function and an arithmetic processing function, and has a device and ticket issuing means (Ticket Issuer). ), Etc., a communication interface having an interface function for communication processing with external devices 702, a ROM (Read Only Memory) storing various programs executed by the CPU 701, for example, an encryption processing program, etc.
- a CPU Central Processing Unit
- Etc. a communication interface having an interface function for communication processing with external devices 702, a ROM (Read Only Memory) storing various programs executed by the CPU 701, for example, an encryption processing program, etc.
- RAM Random Access Memory
- Cryptographic processing unit 705 that performs encryption processing such as encryption and decryption processing, various key data for authentication processing, encryption and decryption processing, and unique information of reader / writer, for example, EEPR 0 M (Electrically Erasable Programmable ROM).
- the data transmitting side and the data receiving side are mutually normal. After confirming that the data is to be transmitted and received, the necessary information is transferred. As a method of implementing a security configuration during data transfer, encryption of the transferred data, Signature generation and verification processes are applied.
- the encrypted data can be returned to a usable decrypted data (plaintext) by a decryption process according to a predetermined procedure.
- a one-time encryption and decryption method using an encryption key for such information encryption processing and a decryption key for decryption processing has been well known.
- Public key cryptography uses a different key for the sender and the receiver, one for the public key that can be used by unspecified users, and the other for the secret key that keeps the secret.
- a data encryption key is a public key
- a decryption key is a secret key.
- it is used in such a mode that the authenticator generation key is used as the secret key and the authenticator verification key is used as the public key.
- the public key encryption method has an advantage in key management because the secret key that needs to be kept secret must be held by a specific user. It is.
- the public key cryptosystem is slower in data processing speed than the common key cryptosystem, and is often used for objects with a small amount of data, such as private key distribution and digital signatures.
- a typical public key cryptosystem is the RSA (Rivest-Shamir-Adleman) cipher. It uses the product of two very large prime numbers (for example, 150 digits) and takes advantage of the difficulty of factoring the product of two large prime numbers (for example, 150 digits).
- a public key can be used by an unspecified number of people, and a method of using a public key certificate to certify whether the public key to be distributed is valid or not is called a public key certificate.
- Many are used.
- user A generates a key for a public key and a secret key, sends the generated public key to a certificate authority, and obtains a public key certificate from the certificate authority.
- User A publishes the public key certificate to the public.
- An unspecified user obtains the public key through a predetermined procedure from the public key certificate, encrypts the document, etc., and sends it to User A.
- User A is a system that uses a secret key to decrypt an encrypted document.
- User A signs a document or the like using the private key, and an unspecified user obtains the public key from the public key certificate through a predetermined procedure and verifies the signature. It is a system that performs.
- a public key certificate is a certificate issued by a certificate authority (CA) in public key cryptography, and when a user submits his / her ID and public key to the certificate authority, the certificate authority side It is a certificate created by adding information such as the ID of the certificate authority and the expiration date, and adding a signature by the certificate authority.
- CA certificate authority
- Figure 11 outlines the format of a public key certificate. The outline of each data is explained.
- the version number of the certificate indicates the version of the public key certificate format.
- serial number of the certificate is a serial number (SN: Serial Number), which is the serial number of the public key certificate set by the public key certificate issuing authority (certificate authority: CA).
- the signature algorithm (algorithm) and algorithm parameters (parameters) of the signature algorithm identifier field are fields for recording the signature algorithm of the public key certificate and its parameters.
- the signature algorithms include elliptic curve cryptography and RSA. The parameters and key length are recorded when elliptic curve cryptography is applied, and the key length is recorded when RSA is applied. Is done.
- the name of the Issuing Authority (Certificate Authority: CA) is recorded in a format (Distinguished Name) that identifies the issuer of the public key certificate, that is, the name (Issuer) of the public key certificate issuing authority (CA). Field.
- the start date and time and the end date and time which are the validity period of the certificate, are recorded.
- the identification data of the authentication target person who is the user is recorded. Specifically, for example, an identifier or category such as an ID of a user device or an ID of a service provider is recorded.
- the key algorithm (subject Public Key) of the user public key field (subject Public Key Info) and the key algorithm (subject Public key) are fields that store the key algorithm itself as the user's public key information and the key information itself. It is.
- user attribute data and other optional data for issuing and using public key certificates are recorded.
- attribute data a device management code (DMC) and a partition management code (PMC) are recorded as user group information.
- DMC device management code
- PMC partition management code
- the user is a user of the public key certificate, such as a device manager, a partition manager, a ticket user, a ticket issuing means, and a device.
- categories such as ticket users, ticket issuing means, entities such as devices, device managers and partition managers, and device types are recorded as category information.
- the partition registration ticket issuing means code PRTIC: PRT Issuer Code
- DMC depth manager code
- the partition manager also serves as a file registration ticket issuing means and service permission ticket issuing means
- the file registration ticket issuing means code FRTIC: FRT Issuer Code
- SPT Issuer Code partition management code
- PMC partition management code
- a unique code different from the device management code (DMC) and the partition manager code (PMC) may be assigned to each ticket issuing means.
- the code is assigned by the aforementioned code management organization.
- the issuing authority signature is an electronic signature that is executed on the data of the public key certificate using the private key of the public key certificate issuing authority (CA). Verification is performed using the public key of the Certificate Authority (CA), and it is possible to check whether the public key certificate has been tampered with.
- CA Certificate Authority
- FIG. 12 A method of generating a digital signature using the public key encryption method will be described with reference to FIG.
- the processing shown in FIG. 12 is a generation processing flow of digital signature data using EC-DSA ((Elliptic Curve Digital Signature Algorithm), IEEE P1363 / D3).
- Elliptic Curve Cryptography is used as public key cryptography. (Hereinafter referred to as ECC)).
- ECC Elliptic Curve Cryptography
- ECC public key cryptography
- a similar public key cryptosystem for example, an RSA cryptosystem ((Rivest, Shamir, Adleman), etc. (ANSI X9.31) may be used. It is possible.
- r the order of G
- K s the secret key (0 ⁇ K s ⁇ r).
- a hash function is a function that takes a message as input, compresses it into data of a predetermined bit length, and outputs it as a hash value.
- a hash function it is difficult to predict the input from a hash value (output).
- MD4 MD5
- SHA-1 SHA-1
- DE S-CBC DE S-CBC
- step S3 a random number u (0 ⁇ u ⁇ r) is generated, and in step S4, a coordinate V (Xv, Yv) obtained by multiplying the base point by u is calculated.
- u ⁇ u ⁇ r
- step S12 it is verified whether the digital signature data c and d satisfy 0 ⁇ c ⁇ r and 0 ⁇ d ⁇ r.
- step S18 Xp modr is calculated and compared with the digital signature data c. Finally, if the values match, the process proceeds to step S19, where it is determined that the electronic signature is correct.
- the data has not been tampered with, indicating that the person holding the private key corresponding to the public key generated the electronic signature.
- step S12 If the electronic signature data c or d does not satisfy 0 ⁇ c ⁇ r and 0 ⁇ d ⁇ r in step S12, the process proceeds to step S20. If the point P is a point at infinity in step S17, the process proceeds to step S20. Furthermore, if the value of Xpmodr does not match the electronic signature data c in step S18, the process proceeds to step S20.
- step S20 If it is determined in step S20 that the electronic signature is incorrect, it is known that the electronic signature has been falsified or that the person holding the private key corresponding to the public key has not generated the electronic signature.
- the device stores a public key certificate (CERT-DEV) corresponding to the device issued to the device via the device manager's management registration authority in the device.
- a public key certificate (CERT-PAR) corresponding to the partition issued to the partition of the device via the registration authority is stored in each partition of the device.
- These public key certificates are processed by the DePiece, that is, the partition registration setting process using the partition registration ticket (PRT), the file registration setting process using the file registration ticket (FRT), and the service permission ticket (SPT). ) Is applied to the mutual authentication, signature generation, and verification processing between the ticket user (ex. A reader / writer as a device access device) and the device. Specific examples of these processes will be described later using a flow.
- the device has a memory unit composed of, for example, an EEPROM, and has, as main regions, a partition region, an unused region, device-specific information, and an in-device partition information region.
- EEPROM electrically erasable programmable read-only memory
- the device-specific information and the in-device partition information area are required when executing device configuration registration processing by accessing device manufacturing entity information, device manager information, configuration partition information, and access to the device. Key information and the like are stored.
- Figure 14 shows the data structure of the Manufacturing Information Block.
- the numerical value of each area indicates the number of bytes.
- the configuration of the present embodiment has a one-block: 32-byte configuration.
- the gray part in the figure may be either encrypted or unencrypted.
- the following data is stored in the Manufacturing Information Block.
- Wri table Flag Flag for determining whether writing to the block is permitted (ex. Oxffff: Writing permitted, others: Writing disabled)
- ID m is defined as a unique identifier of the device based on the information.
- the device unique identifier is obtained from the entire information written in the manufacturing information block (Manufacture Information Block), a part of the written information, or arithmetic data obtained based on the written information. It is also possible to adopt a configuration in which:
- FIG. 15 shows the Device Management Information Block Shows the data structure of The following data is stored in the Device Management Information Block.
- DMC Version Version of the device manager code (DMC). For example, it is used as a comparison condition when updating the DMC.
- FIG 16 shows the data structure of a public key device key definition block (PUB). The following data is stored in the Public Key Device Key Definition Block (PUB).
- POB Public Key Device Key Definition Block
- Pointer Pointer to the block where the public key of the CA (DEV), which is a device manager compatible certificate authority that issues a public key certificate via a registration authority under the jurisdiction of the device manager.
- DEV public key of the CA
- CERTJEV Pointer Pointer to the block where the public key certificate of the device (Device) issued by the certification authority CA (DEV) is stored.
- CERTJEV Size The size of the public key certificate of the device issued by the CA (DEV).
- CRL_DEV Pointer Pointer to the block that stores the Revocation List of the device (Device)
- the relocation list in the above data is a list of unauthorized devices, for example, a device exclusion list issued by the administrator of the device distribution system, and lists identification data of unauthorized devices. It's an overnight. If the device set in the reader / writer as a device access device is a device listed in the relocation list, take measures such as stopping the processing.
- the latest revocation list is always distributed to a reader / writer as all device access devices that execute processing for a device and processing is performed on a device
- execution of processing is performed by referring to the list. Determine stop.
- the latest relocation list is browsed over the network by the communication function of the reader / writer as a device access device, and the unauthorized device information described in the list is acquired to execute or stop processing. Is determined. Specific processing using the revocation list will be described later in the description using the flow.
- the data update ticket (DUT: Data Update Ticket) in the above data is an access restriction ticket for permitting and restricting the update process when executing the update process of various data stored in the device. Like the PRT, FRT, and SPT tickets described above, this is a ticket that records access rules for devices. This data update ticket (DUT: Data Update Ticket) Will be described in more detail later.
- FIG 17 shows the data structure of the common key device block (Device Key Definition Block (Common)). The following data is stored in the common key device key definition block (Device Key Definition Block (Common)).
- Pointer Pointer of master key for two-way individual key authentication (MKauth_DEV—A)
- Mkauth_DEV_A Size Size of master key for two-way individual key authentication (MKauth—DEV_A)
- Kauth_DEV_B Size The size of the key for two-way individual key authentication (Kauth_DEV_B)
- Kprt Pointer Pointer to the block where the MAC verification key (Kprt) of the partition registration ticket (PRT) is stored.
- Kprt Size Size of the MAC verification key (Kprt) of the partition registration ticket (PRT)
- Kdut_DEVl-4 Pointer: Point to the process where the MAC key (Kdut) of the data update ticket (DUT) is stored.
- Kdut_DEVl-4 Size The size of the key (Kdut) for MAC verification of the data update ticket (DUT)
- IRL_DEV Pointer Pointer to the block where the illegal ID device ID (Device ID) is stored as the device relocation list (Revocation List).
- Kdut_DEV There are four types of Kdut_DEV, which are used in pairs (Kdut_DEVl, Kdut_DEV2), (Kdut_DEV3, Kdut_DEV4).
- Kdut_DEVl, 3 is used for MAC generation
- Kdut_DEV2,4 is used for encryption.
- Fig. 18 shows the data structure of the device key area.
- the following data is stored in the Device Key Area.
- the device key area Each storage key of the device key area (Device Key Area) also stores version information. When the key is updated, the version is also updated.
- IRL_DEV Revocation List (Device) in which the identifiers (IDs) of rejected devices (Device) and rejected devices (reader / writer as device access device, ticketer such as PC, ticket issuing means) are registered. ID))
- CRLJEV Register the exclusion device (Device) and the public key certificate identifier (eX. Serial Nampa ': SN) of the exclusion device (reader / writer as device access device, ticket user such as PC, ticket issuing means) Relocation list
- CERT—DEV The public key certificate of the device issued by the certification authority CA (DEV) that issues the public key corresponding to the device manager.
- the device key area (Device Key Area) shown in the figure stores Kauth-DEV_A: a common key for bidirectional individual key authentication, and MKauth-DEV_B: a master key for bidirectional individual key authentication.
- the key may be configured not to be stored if the device does not request to perform the common key authentication process.
- Kprt The device also performs the ticket verification process for the MAC key of the partition registration ticket (PRT). In the case of a configuration that does not execute, the configuration may not be stored.
- IRL_DEV Registered device identifier (ID) of excluded device (Device) Revocation List (Device ID), CRL—DEV: Revocation List (Certificate) that registers the public key certificate identifier (ex. Serial number: SN) of the exclusion device (Device) Also, in the case where there are no revoked (excluded) devises, or in the case where the relocation list is obtained using another source, the revocation list may not be stored.
- Figure 19 shows the configuration of the Partition Definition Block '.
- the following data is stored in the Partition Definition Block.
- PMC Partition Manager Code
- PMC Code assigned to the Partition Manager. For example a number.
- the above is the device specific information of the memory section of the device and each data of the partition information area in the device.
- the partition area is the management area of the partition manager.
- PRT partition registration ticket
- PRT Issuer partition registration ticket
- the partition manager as each service entity performs a predetermined procedure, that is, performs partitioning.
- Set in the memory in the device according to the rules set in the registration ticket (PRT).
- PRT partition registration ticket
- FIG. 20 shows the data structure of the Partition Management Information Block. The following data is stored in the Partition Management Information Block.
- FIG. 21 shows the data structure of the public key type partition key information block (Partition Key Definition Block (PUB)). The following data is stored in the public key partition key information block (Partition Key Definition Block (PUB)).
- Partition Key Definition Block Partition Key Definition Block
- PUB_CA (PAR) Pointer Point to the block that stores the public key of the certification authority CA (PAR) that issues the public key certificate through the registration manager of the partition manager.
- PARAM_PAR Pointer Pointer to the block where the public key parameters of the partition (Partition) are stored.
- CERT_PAR Pointer Pointer to the block where the public key certificate of the partition (Partition) issued by the certification authority CA (PAR) is stored.
- DUTIC Version of the data update ticket (DUT) issuer category (DUTIC).
- FIG. 22 shows a configuration of a common key system partition key information block (Partition Key Definition Block (Common)). The following data is stored in the common key system partition key information block (Partition Key Definition Block (Common)).
- Pointer Pointer of master key for two-way individual key authentication (MKauth—PAR—A)
- Mkauth_PAR_A Size Size of master key for two-way individual key authentication (MKauth_PAR—A) * Kauth_PAR_B Pointer: Pointer of two-way individual key authentication key (Kauth_PAR—B)
- Kauth_PAR_B Size The size of the key for two-way individual key authentication (Kauth_PAR—B)
- Kfrt Pointer Pointer to the block that stores the MAC verification key (Kfrt) of the file registration ticket (FRT)
- Kfrt Size The size of the MFC verification key (Kfrt) of the file registration ticket (FRT)
- Kdut_PAill-4 Pointer to the block where the MAC key (Kdut) for the data update ticket (DUT) is stored.
- Kdut_PARl-4 Size The size of the key (Kdut) for MAC verification of the data update ticket (DUT)
- IRL_PAR Pointer Pointer to the block that stores the Revocation List (Device ID) that stores the ID of the partition elimination device.
- IRL—PAR Size Size of the Revocation List (Device) of the Partition (Partition)
- the method of two-way individual key authentication and the MAC (Message Authenticate Code) verification process shown in the above data will be described in detail later.
- Kdut-PAR There are four types of Kdut-PAR, which are used in pairs (Kdut_PARl, Kdut-PAR2), (Kdut_PAR3, Kdut_PAR4).
- Kdut_PARl, 3 is used for MAC generation
- Kdut_PAR2 is used for encryption.
- Fig. 23 shows the data structure of the Partition Key Area.
- the following data is stored in the Partition Key Area.
- version information is stored together with each storage key of the partition key area (Partition Key Area). When the key is updated, the version is also updated.
- IRL_PAR Revocation list (Revocation) in which the identifiers (IDs) of partition access exclusion devices (Devices), exclusion devices (reader / writers as device access devices, ticket users such as PCs, and ticket issuing means) are registered. List (Device ID))
- CRL_PAR The public key certificate identifier (ex. Serial number: SN) of the partition access exclusion device (Device) and exclusion device (reader / writer as device access device, ticket user such as PC, ticket issuing means) Registered Revocation List (Certificate)
- Kdut_PARl Key for MAC verification of data update ticket (DUT)
- Kdut_PAR2 Encryption key for data update
- Kdut_PAR3 Key for MAC verification of data update ticket (DUT)
- CERT_PAR Public key certificate of the partition (Partition) issued by Certificate Authority CA (PAR)
- FIG. 24 shows the data structure of a file definition block (FDB: File Definition Block). The following data is stored in the File Definition Block.
- FDB File Definition Block
- SPTIC Version Version of Service Authorization Ticket (SPT) Issuer Category (SPTIC)
- Acceptable Authentication Type Indicates the acceptable authentication type.
- the access mode defined for each file structure type corresponds to each bit of this field (up to 16 in this example). Details will be described below.
- Acceptable Verification Type Indicates the acceptable verification type. For each file structure type (File Structure Type), the defined access mode and each bit of this field (up to 16 in this example) correspond. Details will be described below.
- Kspt Key for MAC verification of service permission ticket (SPT) (Kspt)
- the above Acceptable Authentication Type corresponds to the access mode defined for each File Structure Type and each bit of this field (up to 16 in this example).
- This is an allowable authentication type that is set to perform authentication.For example, when a certain access mode is executed and the bit corresponding to the mode is set to 1, public key authentication has been completed and it must be authenticated. It shall not be executed. As a result, when executing commands with higher importance (for example, payment processing), public key authentication is obligatory and security can be ensured.
- the Acceptable Authentication Type is different from the ticket, and the file definition block (FDB: This information will not be changed after the file is created because it will be stored in the device as part of the File Definition Block. Therefore, it is possible to provide the minimum guarantee of security by using it when you want to give a strong constraint that never changes the allowable authentication type.
- the above-mentioned Acceptable Verification Type is the access mode defined for each File Structure Type and each bit of this field (up to 16 in this example). ) Is a permissible verification type that is set to support this. For example, when executing a certain access mode, if the bit corresponding to that mode is set to 1, the ticket verification using the public key method is performed. It will not be executed unless it is completed. In this example, each field is divided into two bytes, so that it is possible to associate only up to 16 access modes.However, by increasing the field size as needed, it is possible to associate more commands. Configuration.
- the allowable authentication type (Acceptable Authentication Type) and the allowable verification type (Acceptable Verification Type) are set as those requiring public key authentication or verification when the setting is “1”.
- these fields are configured in 2-bit units, and when the value is “1 1”, the public key method is used, when the value is “0 1”, the common key method, “0 0”, “1” In the case of “0”, it is also possible to make settings such as subdivision, such as allowing either the public key method or the common key method.
- the file structure type (File Structure Type) in the above data is a code indicating the structure of the file generated in the partition.
- Figure 25 shows an example of the correspondence between the file structure and the code.
- the file structure has various structures (File Structure) shown in Fig. 25, and codes 001 to 007 are assigned to them. The meaning of each structure is shown below.
- Random Data with this file structure is a file from which all reading and writing can be performed at random.
- the data having this file structure is the amount information data, and is a data file that allows the value change processing of the amount such as subtraction (Sub) and addition (Add).
- Cycl ic Data with this file structure is written in cyclic (Cycl ic) format. Is a possible file structure.
- Log Data with this file structure is a log data file, which is a record information file for each data processing information.
- Composite file A file having a composite structure (Ex. Purse and Log) of the above various file structures. Different codes are assigned to the composite file depending on the combination pattern (in the figure, 006: composite file 1, 007: composite file 2).
- the partition registration ticket (PRT) issued by a valid ticket issuer (Ticket Issuer) and the partition set in the device are used.
- File registration tickets (FRT: File Registration Ticket) issued by a valid ticket issuer (Ticket Issuer) are used to register and register files in the file. Also, valid tickets are issued to access each file.
- a Service Permission Ticket (SPT) issued by a ticket issuer (Ticket Issuer) is required.
- a data update ticket (DUT) is required for updating the data stored in the device.
- Each of these tickets is composed of a data string that describes the access rules for the device as binary data.
- the ticket is transmitted to the device from a ticket user, for example, a reader / writer as a device access device, in response to a process for the device.
- the device that has received the ticket performs the ticket validation process. If the device is successfully validated, it performs various processes (ex. Partition generation, file generation, data generation, etc.) according to the rules recorded in the ticket. Access) is executed.
- the data format of each of these tickets is described below. You.
- the partition registration ticket (PR :: Partition Registration Ticket) is an access control ticket applied at the time of partition setting registration processing for a device.
- PR Partition Registration Ticket
- a ticket issuer under the jurisdiction of a legitimate device manager
- a ticket user ex. Reader / writer as a device access device
- FIG 26 shows the format of the partition registration ticket (PRT). The data described below is stored in the partition registration ticket (PRT).
- Authentication Type Mutual authentication type of device (Device) (Public key authentication or Common key authentication, or any (Any))
- This field is data linked with [Authentication Type].
- [Authentication Type] is public key authentication: Distinguished Name (DN) or Category (Category) or Serial Number (SN) is used. Stored. In the case of common key authentication,: Authentication ID is stored. If authentication is not required, storage is not mandatory.
- Integrity Check Value Validity value of ticket (Public key method: Signature, Common key method: MAC)
- the partition registration ticket (PRT) When the ticket issued by the partition registration ticket (PRT) issuance means (PRT Issuer) is transmitted to the ticket user, in the case of the public key method, the partition registration ticket (PRT) is used.
- PRT The public key certificate (CERT_PRTI) of the issuing means (PRT Issuer) is also sent together.
- the attribute (Attribute) of the public key certificate (CERT_PRTI) of the PRT issuing means matches the identifier (PRTIC) of the PRT issuing means (PRT Issuer).
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or Common key authentication or Any) should be performed as mutual authentication using a ticket.
- the authentication type is recorded. More specifically, as will be described in detail later, it is specified that either device authentication, partition authentication, or both authentications be executed, and whether public key method or common key method is executed, or Information on whether authentication is also possible is recorded.
- the [Integrity Check Value] field that records the validity verification value of the ticket (public key method: signature, common key method: MAC) issuance of the partition registration ticket if the public key method is used.
- a signature (see Fig. 12) based on the private key of the means (PR T Issuer) is generated and stored.
- PR T Issuer public key of the means
- PRT Issuer public key of the partition registration ticket issuing means
- the issuing device must obtain the public key (public key certificate) of the partition registration ticket issuing means (PRT Issuer) (ex. Device manager) upon receipt of the ticket or in advance.
- a file registration ticket (FRT: File Registration Ticket) is an access control ticket applied when setting and registering a file in a partition set for a device.
- the ticket user (ex. A rewriter as a device access device) can use the FRT issued to the device according to the procedures recorded in the FRT. Access allows you to set up files within the limits recorded on the FRT.
- Figure 27 shows the format of the file registration ticket (FRT: File Registration Ticket).
- FRT File Registration Ticket
- the data described below is stored in the file registration ticket (FRT: File Registration Ticket).
- Authentication Flag Flag that indicates whether mutual authentication with the device is required in the process of using the ticket.
- Authentication Type The type of mutual authentication of the device (Device key authentication or symmetric key authentication, or any type (Any)) * Ticket User identifier: Ticket (Ticket) Identification data to identify the user (power category or identifier)
- [Authentication Type] is public key authentication: Distinguished Name (DN) or Category (Category) or serial number (CN) is used. Stored. In the case of common key authentication,: Authentication ID is stored. If authentication is not required, storage is not mandatory.
- DN Distinguished Name
- Category Category
- CN serial number
- Acceptable Authentication Type A bit indicating the type of mutual authentication (either public key method, public key, or common key is required) required to execute the access mode for the file defined by this ticket.
- Kspt_Encrypted The MAC verification key Kspt of the service permission ticket (SPT) described in the File Definition Block is encrypted with the MAC verification key Kfrt of the file registration ticket of the partition. Data Kfrt (Kspt)
- Integrity Check Type Type of validity verification value of ticket (Ticket) (Public key method (Public) / Common key method (Common))
- Integrity Check Value Validity value of ticket (Public key method: Signature, Common key method: MAC)
- the public key certificate (CERT_FRTI) of the file registration ticket (FRT) issuance means (FRT Issuer) is also sent.
- the attribute (Attribute) of the public key certificate (CERT_FRTI) of the FRT issuing means matches the identifier (FRTIC) of the file registration ticket (FRT) issuing means (FRT Issuer).
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or Common key authentication or Any) should be performed as mutual authentication using a ticket.
- the authentication type is recorded. More specifically, as will be described in detail later, it is specified that either device authentication, partition authentication, or both authentications be executed, and whether public key method or common key method is executed, or Information on whether authentication is also possible is recorded.
- the [Integrity Check Value] field that records the validity verification value of the ticket (public key method: signature, common key method: MAC) is a file registration ticket if it is a public key method.
- a signature (see Fig. 12) based on the private key of the FRT Issuer is generated and stored. If the partition manager itself also serves as a file registration ticket issuing means (FRT issuer), a signature is generated using the private key of the partition manager.
- the public key of the file registration ticket issuing means is used. Therefore, the device performing the ticket verification must obtain the public key (public key certificate) of the file registration ticket issuing means (FRT Issuer) (ex. Partition manager) upon receipt of the ticket or in advance. is there.
- the Service Permission Ticket is a service permission ticket that accesses each device in the partition set for the device, reads data, writes data, and subtracts and adds money data. Applied when executing Access control ticket.
- SPT Service Permission Ticket
- the data processing can be performed within the limits recorded in the SPT.
- the service permission ticket is a format that permits access to only one file among the files set in the partition, and a format that allows access to multiple files. The format of each is explained.
- Figure 28 shows the data format of a service permission ticket (SPT) that allows access to only one of the files set in the partition.
- SPT Service Permission Ticket
- Authentication Flag Flag that indicates whether mutual authentication with the device is required in the process of using the ticket.
- Authentication Type Mutual authentication type of the device (Public key authentication or symmetric key authentication, or any type (Any))
- Identification data (Title or identifier) that identifies the ticket user
- Integrity Check Value Validity value of ticket (Public key method: Signature, Common key method: MAC)
- the service permission ticket (SPT) is used in the case of a public key method.
- the public key certificate (CERT_SPTI) of the issuing means (SPT Issuer) is also sent together.
- the attribute (Attribute) of the public key certificate (CERT_SPTI) of the SPT issuing means matches the (SPTIC) of the (SPT) issuing means (SPT Issuer).
- the code of the service permission ticket (SPT) issuance means (SPT Issuer) is the same as that of the partition manager. (PMC).
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or Common key authentication or Any) should be performed as mutual authentication using a ticket.
- the authentication type is recorded. More specifically, as will be described in detail later, it is specified that either device authentication, partition authentication, or both authentications be executed, and whether public key method or common key method is executed, or Information on whether authentication is also possible is recorded.
- Partition Manager upon receipt of the ticket or in advance. It is necessary. After verifying the public key certificate (CERT_SPTI) of the service permission ticket (SPT) issuing means (SPT Issuer), the service permission ticket (SPT Issuer) of the service permission ticket (SPT) extracted from the public key certificate (CERT_SPTI) is verified.
- the public key enables signature verification of ICV (Integrity Check Value).
- the data generated as a file can be of various types, such as user identification data, amount data, cryptographic key data, log data, or compound file data. , Erasure, addition, subtraction, encryption, decryption, ... are executed for the access data.
- the File Access Mode of the service permission ticket defines which access mode is permitted among these various access modes.
- Figure 29 shows the list of access modes.
- the access mode shown in FIG. 29 is an example, and other access modes can be set according to data stored in the device.
- the processing defined in the file access mode [File Access Mode] for the file indicated by [File ID: identifier of the access file (File) in the partition] set in the service permission ticket (SPT) Can be executed. If the file access mode set in the service permission ticket (SPT) is read (Read), data in the file can be read. If the file access mode set in the service permission ticket (SPT) is Write, data can be written in the file.
- Such an access mode is based on the file structure described above ( Figure 2).
- the modes that can be set are limited by [5]. For example, if the file structure is purse, it is money data, and access modes such as addition (add) and subtraction (Sub) can be set.
- FIG. 30 shows an example of such a file structure, a settable access mode, and a command transmitted from a reader / writer as a device access device to a device.
- FIG. 30 shows the access modes and command examples that can be set when the file structure is Random and when the file structure is a compound file.
- the file structure is Random and the access mode is read (Read)
- the only command that the device can accept is [Read].
- the file structure is R a n d om and the access mode is encryption read (R e a d)
- the only command that the device can accept is the encryption read [E n c R e a d].
- the above-mentioned deposit command (Deposit Co ban and) is defined as a permissible command (see Fig. 30) corresponding to the deposit system in the file access mode (see Fig. 29), and the file access mode (File Set [Access Mode] to [Payment], generate an access permission ticket (SPT) that specifies the composite file that composes the electronic money as the file ID (File ID), and send the file access device to the device.
- SPT access permission ticket
- X yen is added to the file [Purse] in the composite file, and the file [L og] to execute sequential processing such as writing a processing record. Details of these processes will be described later.
- various combinations of access modes and commands are possible, and are set according to the actual usage of the device.
- the device holds definition data of commands permitted for each file stored in the memory unit as a table as shown in FIG. 30, and a command input from the access device is defined in the definition data. Execute the command only if the command is As described above, the definition data of the command permitted for the compound file includes a sequence command including a plurality of commands that can be executed for each of the plurality of files included in the compound file.
- FIG. 31 shows the format of a service permission ticket (SPT: Service Permission Ticket) in a format that permits access to multiple files among the files set in the partition.
- SPT Service Permission Ticket
- Authentication Type Type of mutual authentication of the device (Public key authentication or Common key authentication, or any type (Any))
- Ticket User identifier Ticket (Ticket) Identification data for identifying the user (power category or identifier) This field is considered to be a link with [Authentication Type], and when [Authentication Type] is public key authentication: Distinguished Name (DN) or Category (Category) is stored and shared. In the case of key authentication:: Authentication ID is stored. If authentication is not required, storage is not mandatory.
- Target File ID Identifier (ID) of the file (File) that allows access
- Read / Write Permission Processing mode (Read (Read)) for the file (File) that allows access (Target File) , Write) permission
- Integrity Check Value Validity value of ticket (Public key method: Signature, Common key method: MAC)
- a Group of Target File a group of files (File) to which access is permitted and recording it in a ticket, access to multiple files in the partition is the only service permission ticket. (SPT).
- the service permission ticket (SPT) When transmitting the ticket issued by the service permission ticket (SPT) issuance means (SPT Issuer) to the ticket user, the service permission ticket (SPT) is also used in the case of the public key method.
- the public key certificate (CERT_SPTI) of the issuing means (SPT Issuer) is also sent together.
- the attribute (Attribute) of the public key certificate (CERT_SPTI) of the SPT issuing means matches the identifier (SPTIC) of the service permission ticket (SPT) issuing means (SPT Issuer).
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or Common key authentication or Any) should be performed as mutual authentication using a ticket.
- the authentication type is recorded.
- device authentication, partition authentication, or both authentications it is possible to specify that either device authentication, partition authentication, or both authentications be performed, and that either public key method or common key method be performed, or either authentication be possible Information about the event is recorded.
- a data update ticket (DUT: Data Update Ticket) is an access control ticket that is applied when accessing various data stored in a device and executing data update processing.
- DUT Data Update Ticket
- Ticket Issuer a ticket user (ex. A reader / writer as a device access device) uses the DUT issued to the device according to the procedure recorded in the DUT. Access allows data processing to be performed within the limits recorded in the DUT.
- the data update ticket (DUT: Data Update Ticket) is a ticket DUT (DEV) applied to execute the update processing of the data items managed by the device manager, and a packet managed by the partition manager.
- DUT Data Update Ticket
- PAR ticket DUT
- Ticket: DUT (DEV) issuing means is under the control of the device manager
- Ticket: DUT (PAR) issuing means is under the control of the partition manager.
- Figure 32 shows the data format of two data update tickets (DUT: Data Update Ticket), DUT (DEV) and DUT (PAR). The data described below is stored in the Data Update Ticket (DUT).
- DUT Data Update Ticket
- DEV Data Update Ticket
- PAR DUT
- Ticket Type Ticket type (DUT (DEV) / DUT (PAR) * Format Version: The format of the ticket.
- Ticket Issuer The identifier of the Depice / Partition Manager. If the type of ticket (Ticket Type) is DUT (D EV), DMC, DUT (PA
- This field is data linked with [Authentication Type].
- [Authentication Type] is public key authentication: Distinguished Name (DN) or Category (Category) is stored, and common key authentication is performed. In case of: Authentication ID is stored. If authentication is not required, storage is not mandatory.
- Authentication Type Type of mutual authentication of the device (Public key authentication or Common key authentication, or any type (Any))
- Encrypted Flag Whether or not the data to be updated is encrypted (encryption: Encrypted / non-encryption: none)
- New Data New data to be updated (may be encrypted).
- Integrity Check Value Validity value of ticket (Public key method: Signature, Common key method: MAC)
- Exact can update the data if the value specified in the following [Data Version Condition] is the same,
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or symmetric key authentication, or Any type) should be executed as mutual authentication using a ticket.
- the authentication type is recorded. More specifically, as will be described in detail later, it is specified that either device authentication, partition authentication, or both authentications be executed, and whether public key method or common key method is executed, or Information on whether authentication is also possible is recorded.
- the device manager also serves as a data update ticket-DUT (DEV) issuing means (DUT Issuer)
- the data update ticket DUT (DEV) issuing means (DUT Issuer) code (Ticket Issuer) is used.
- User) can be configured as a device manager code (DMC).
- DMC device manager code
- PAR data update data ticket-DUT
- PAR data update ticket—DUT
- DUT Issuer partition manager code
- [Authentication Type] that records the type of mutual authentication of the device (Public key authentication or Common key authentication or Any) should be performed as mutual authentication using a ticket.
- the authentication type is recorded. More specifically, as will be described in detail later, specify either device authentication, partition authentication, or both authentications, and execute either the public key method or the common key method. Information about whether or not any authentication is possible is recorded.
- the data update ticket (DUT) issuance means (DUT) extracted from the public key certificate (CERT_DUTI) enables signature verification of ICV (Integrity Check Value).
- Figure 33 shows an example of data updated by applying a data update ticket (DUT: Data Update Ticket).
- the data to be updated includes a device manager code, a device manager code version, a partition manager code, a partition manager code version, each ticket issuing means code, a MAC generation key and a buffer for each ticket. Includes information such as renewal list and revocation list.
- Each data subject to these updates is updated according to the rules recorded in the DUT by applying a Data Update Ticket (DUT). The specific procedure of the update process will be described later using a flowchart. Version information such as Device Manager Jaco-Doha, Partition Manager Jaco-Dub, and other version information must be updated at the same time as the data added to each version is updated. become. These purge information are stored in the Data Update Ticket (DUT).
- a device having an EPROM (flash memory) is manufactured by a device manufacturing entity (manufacturer), an initial data write is performed by a device manager, and the device is provided (ex. Sold, leased) to a user. And In order for users to receive services using devices from various service entities, partitions are set up by the partition manager in the memory section of the device, and data for service provision is stored in the set partitions. File must be set.
- various processes for the device that is, partition settings using the partition registration ticket (PRT), file settings using the file registration ticket (FRT), and use of the service permission ticket (SPT)
- PRT partition registration ticket
- FRT file settings using the file registration ticket
- SPT service permission ticket
- various procedures are executed between the device and a ticketer (ex. Reader / writer as a device access device) that executes the process on the device.
- mutual authentication processing to confirm that both are valid devices and devices
- signature generation and verification processing to guarantee and confirm the validity of transferred data
- the configuration of the present invention proposes a configuration using a public key certificate for these processes. Therefore, the public key certificate issuance process for the device and the device storage process are executed before the use of the service by the device.
- FIG. 34 is a diagram schematically showing the flow from device manufacturing to use. Each of these processes will be described in detail later with reference to the flow. However, in order to understand the overall process, each stage shown in FIG. 34 will be briefly described.
- the device is manufactured by a manufacturing entity.
- a device code is assigned to each device as an identification data (ID) of each device.
- ID an identification data
- Various manufacturing information Manufacture Information Block (see Fig. 14)) such as the Depth Code and the Manufacturing Code is written to the device during the manufacturing stage and stored in the device's memory.
- the device manager will provide its own 1D, Device management information (Device Management Information (see Figure 15)) such as the public key of the certificate authority (PUB CA (D EV)), and information such as device key (Device Key (see Figure 18)) To be stored.
- Device Management Information such as the public key of the certificate authority (PUB CA (D EV)
- PUB CA public key of the certificate authority
- Device Key Device Key (see Figure 18)
- the device with the management information written by the device manager is provided to the user.
- the user executes the process of obtaining a public key certificate corresponding to the device, and stores the obtained public key certificate corresponding to the device (CERTDEV) in the device key area of the device (see FIG. 18).
- the service entity which sets a partition in the memory part of the device and provides services, requests the partition setting from the device manager, receives the permission, and registers the partition registration ticket.
- PRT public key of the certificate authority
- PAR public key of the certificate authority
- the device communicates with the ticket manager (ex. Reader / writer as a device access device) managed by the partition manager, and executes the partition registration ticket (PRT) for the partition.
- the ticket manager ex. Reader / writer as a device access device
- PRT partition registration ticket
- the public key of the certificate authority (PUB CA (PAR)) is stored in the partition key area (Fig.
- the device in which the partition has been set sends a partition-related public key certificate issuance request to the partition manager, and the obtained partition-compatible public key certificate (CERT PAR) is transferred to the partition key area (see Figure 23).
- CERT PAR partition-compatible public key certificate
- the above processes 5 to 7 for partition setting and other processes are executed for each partition manager that intends to provide a service by setting a partition, and a plurality of partitions are registered in the device.
- the partition manager executes, for example, a service registration file setting registration process by applying a file registration ticket (FRT) in the partition set in the device.
- FRT file registration ticket
- Fig. 35 shows the processing of the registration device of the device manufacturing entity (Manufacture), and the right side shows the processing of the device (see Fig. 5).
- the registration device of the device manufacturing entity Manufacture
- the registration device of the device manufacturing entity is configured as a reader / writer (see Fig. 10) as a dedicated device access device capable of reading and writing data to the device.
- step S101 the registration apparatus transmits a read command of a write flag (Wri table Flag) of a manufacturing information block (MIB: Manufacture Information Block (see Fig. 14)) to the device.
- a write flag Wri table Flag
- MIB Manufacturing Information Block
- the device receives the command (S122), it sends a write (Writable) flag in the manufacturing information block (MIB) of the memory part of the device to the registration device (S122).
- the registered device determines whether the write flag (Writable Flag) is set to writable (0xffff) (S103). If the writable flag (Writable Flag) is not set to writable (O xffff), the following manufacturing information block (MIB: Manufacture Information Block) cannot be written, and the process ends with an error.
- MIB Manufacture Information Block
- writable flag (Writable Flag) is set to writable (0xffff)
- MIB Manufacturing Information Block (see Fig. 14))
- SI 04 Manufacturing Information Block
- the MIB data is transmitted to the device along with the command (S105).
- the device that receives the MIB write command and MIB data verifies the MIB write flag (Writable Flag) (S124), and sets the write flag (Writable Flag) to writable (0xffff). If it is not set to), the following manufacturing information block (MIB: Manufacture Information Block) cannot be written, and the process ends with an error.
- MIB Manufacture Information Block
- a write completion notification is transmitted to the registration device (S126).
- the registration device that has received the write end notification (S106) sends an initial registration completion command to the device (S107), and the device that has received the initial registration completion command (S127) sends the manufacturing information block (MIB: The writing flag (Writable Flag) of the Manufacture Information Block is set to writing disabled (0x0000) (S128), and a write completion notification is sent to the registration device (S129).
- the registration device Upon receipt of the write completion notification (S108), the registration device sends a read command of the write flag (Writable Flag) of the manufacturing information block (MIB: Manufacture Information Block (see Fig. 14)) to the device ( S109).
- the device receives the command (S130) it sends a write flag (Writable Flag) in the manufacturing information block (MIB) of the memory section of the device to the registration device (S131).
- the registering device that has made 1 110 determines whether the write flag (Writable Flag) is set to write disable (0 X 0000) (S111). If the write flag (Writable Flag) is not set to write disabled (0x0 000), it indicates that normal MIB data write processing has not been completed, and processing is terminated as an error. If the write flag (Writable Flag) is set to write-disabled (0x00000), the process ends assuming that the normal MIB data write process has been completed.
- the device manager processes that are executed before the use of the device include the Device Management Information Block (DMIB) in the memory part of the device and the public key system device key definition block (DKDB). (PUB)), Device Key Definition Block (DKDB) for common key system, device registration process executed as data write process to device key area (Device Key Area), and There is a process to issue a device-compatible public key certificate (CERT DEV).
- DMIB Device Management Information Block
- DKDB public key system device key definition block
- DKDB Device Key Definition Block
- CERT DEV device-compatible public key certificate
- the initial registration process involving the storage process of the device management information and the like for the device by the device manager will be described with reference to the flow shown in FIG. In the flow of Fig. 36 and below, the left side shows the process of the initial registration device of the device manager (DM), and the right side shows the process of the device (see Fig. 5).
- the initial registration device of the device manager (DM) is a device (ex. Reader / writer or PC as a device access device) that can read and write data to the device. It has a configuration equivalent to a writer.
- a read command of the device identifier ID m is output to the device.
- the device receives the command (S211) and sends the device identifier IDm to the registration device (S212).
- the registration device that has received the device identifier IDm (S202) writes a write flag (DMIB: Device Management Information Block (see Fig. 15)) of the device management information block (DMIB) to the device.
- the device Upon receiving the command (S213), the device transmits a write flag (Writable Flag) in the device management information block (DMIB) in the memory section of the device to the registration device (S214).
- the registration device that has received the write flag (Writable Flag) in the device management information block (DM IB) determines whether or not the write flag (Writable Flag) is set to writable (Oxffff). It is determined (S205). If the writable flag (Writable Flag) is not set to writable (0xffff), the following device management information block (DMIB: Device Management Information Block) cannot be written, and an error occurs. Exit as one. If the writable flag (Writable Flag) is set to writable (0xffff), send the device manager code (DMC) and the DMC version write (DMC Write) command to the device (S206). . This code was previously assigned to the device manager by the code management organization (see Figures 1 to 3).
- the device that has received the DMC Write command verifies the DMIB write flag (Writable Flag) (S216), and the write flag (Writable Flag) is set to Writable (Oxffff). If not, the following device management information block (DMIB: Device Management Information Block) write processing cannot be executed, and the processing ends with an error. If the writable flag (Writable Flag) is set to writable (Oxffff), the received device management Jacod (DMC) and DMC version are written to the DMIB area (S212) ).
- DMIB Device Management Information Block
- a write completion notification is transmitted to the registration device (S218).
- the registration device that has received the write end notification (S207) transmits a device total block number (Device Total Block Number) write command to the device (S208).
- the device that has received the device total block number (Device Total Block Number) write command (S219) verifies the DMIB write flag (Writable Flag) (S220), and the write flag (Writable Flag) is writable ( If it is not set to 0xffff), the following device management information block (DMIB: Device Management Information Block) write process cannot be executed, and the process ends with an error.
- DMIB Device Management Information Block
- the write flag (Writable Flag) is set to writable (0xffff)
- the received device total block number (Device Total Block Number) is written to the DMIB area (S221). Further, the device writes TB-4 in the device free block number information area (Free Block Number in Device) of the DMIB area (S222).
- TB means Device Total Block Number.
- the four blocks of TB-4 are the Manufacturing Information Block (MIB), Device Management Information Block (DMIB), and the Dekey Key Definition Block (DKDB). Block (PUB)), which indicates the DK DB (Device Key Definition Block (Common)).
- the device writes 0 in the partition number (Partition Number) area of the device management information block (DMIB) (S223). At this point, no partitions have been set for the device. Further, 0 is written in the pointer of the free area of the DMIB (Pointer of Free Area) (S224), and the completion of the writing process is transmitted to the registration device (S225).
- partition Number Partition Number
- DMIB Device management information block
- the registration device that has received the write processing completion notification from the device determines whether or not to use a common key for device authentication (S231).
- the authentication process will be described in detail later, but it is possible to execute either the public key authentication method or the common key authentication method, and the device manager can set the necessary authentication method for the device. It becomes possible. If the device is a device that performs symmetric key authentication, the device manager sets the information necessary for symmetric key authentication (ex. Key for generating an authentication key, etc.) in the device, and the device performs symmetric key authentication. If it is a device that does not execute, this information will not be stored in the device. Depending on the authentication method used by the device, the Depth Manager can select either common key authentication or public key authentication, Alternatively, data that can execute both methods is set in the device.
- steps S232 to S233 and S241 to S245 are performed. If a common key is not used for device authentication, these steps are performed. Omitted.
- the registration device sends the common key authentication data write command as MKauth—DEV_A: master key for two-way individual key authentication, Kauth—DEV—B: two-way individual key Authentication common key, IRL_DEV: Revocation List (Device ID) in which the device identifier (ID) of the exclusion device (Device) is registered, and the version information thereof are transmitted to the device.
- MKauth—DEV_A master key for two-way individual key authentication
- Kauth—DEV—B two-way individual key Authentication common key
- IRL_DEV Revocation List (Device ID) in which the device identifier (ID) of the exclusion device (Device) is registered, and the version information thereof are transmitted to the device.
- step S241 the device receives the above-described write command.
- step S242 the device confirms that the write flag (Writable Flag) of the DMIB is writable, and stores the received data in the device key area (FIG. (See 18) (S243).
- the position, size, and number of free blocks in the device generated by data writing are adjusted (S244), and a write completion notification is transmitted to the registration device (S245).
- the registration device that has received the write end notification determines in step S234 whether to use the public key for the decryption authentication. As shown in FIG. 37, if a public key is used for device authentication, steps S235 to S239 and S246 to S254 are performed.If no public key is used for device authentication, these steps are performed. Omitted.
- the registration device issues a public key authentication data write command as PUB_CA (DEV): the public key of a certification authority CA (DEV) that issues a device manager corresponding public key.
- PUB_CA public key of a certification authority CA (DEV) that issues a device manager corresponding public key.
- PARAM_DEV Public key parameters of the device (Device)
- CRL_DEV Revocation List (Certificate)
- SN public key certificate identifier
- SN public key certificate identifier
- step S246 the device receives the above-mentioned write command, and in step S247, confirms that the write flag (Writable Flag) of the DMIB is writable, and stores the received data in the device key area (see FIG. 18). ) Write to (S 248). Next, the pointer, the size, and the number of free blocks in the depth generated by the data writing are adjusted (S249), and the writing completion notification is transmitted to the registration device (S250).
- the registration device that has received the write completion notification (S 236) transmits a public key and private key key generation command to the device (S 237).
- the key pair is generated by the device, but the key pair may be generated by the registration device and provided to the device.
- the device that has received the key pair generation command (S251) generates and generates a pair of a public key (PUB DEV) and a secret key (PR ID EV) in the encryption processing unit (see Fig. 5) in the device.
- the key is written to the device key area (see Fig. 18) (S252).
- the public key (PUB DEV) is temporarily stored in the CERT ⁇ DEV area of the device key area, and then, when the public key certificate storing the public key (PUB D EV) is received, the public key certificate (CERT).
- the pointer, size, and the number of free blocks in the depice generated by data writing are adjusted (S253), and the generated and stored public key is transmitted to the registration device (S254).
- the registration device receives the public key (PUB DEV) from the device and sends it to the database (DB (DEV) (see Fig. 7)) in the device manager along with the device identifier I Dm previously received from the device. save.
- the registration device of the device manager determines whether or not to use a common key for the process of verifying the partition registration ticket (PRT: Partition Registration Ticket) (S2661).
- the ticket verification includes a common key method using MAC value verification and the like, and a signature generation using a private key and a signature verification using a public key described with reference to FIGS. 12 and 13 described above. It is possible to apply any of the public key methods to be performed, and the device manager can set the verification processing method adopted by the device.
- the device manager sets data that can execute either the common key, the public key, or both methods to the device according to the PRT ticket verification method adopted by the device.
- the device manager is a device that performs symmetric key authentication
- the device manager sets the information required for PRT verification using the common key method (ex. PRT verification common key) in the device. If the device does not perform common key authentication, do not store this information in the device. become.
- steps S262 to 263 and S271 to S275 are executed. If the common key is not used for PRT verification, these steps are omitted. You.
- the registration device transmits the Kprt: MAC key of the partition registration ticket (PRT) and the version information to the device as a PRT verification common key write command. I do.
- step S271 the device receives the above-mentioned write command, and in step S272, confirms that the write flag (Writable Flag) of the DMIB is writable, and stores the received data in the device key area (FIG. (See 18) (S273).
- step S273 the pointer, the size, and the number of free locks in the device generated by the data writing are adjusted (S274), and a write completion notification is transmitted to the registration device (S275).
- the registration device that has received the write end notification determines in step S264 whether to use a public key for PRT verification. As shown in Fig. 38, if a public key is used for PRT verification, steps S265 to S266 and S276 to S282 are performed.If a public key is not used for PRT verification, these steps are omitted. Is performed.
- the registration device issues a PRT verification data write command as PRTIC (PRT Issuer Category): a partition registration ticket (PRT) issuer category, PUB_CA (DEV).
- PRTIC PRT Issuer Category
- PRT partition registration ticket
- PUB_CA DEV
- Public key of the CA (DEV) that issues the public key corresponding to the device manager
- PARAM_DEV Public key parameter of the device
- CRL — DEV Public key certificate identifier of the excluded device (Ex. A revocation list (Certificate) in which the serial number (SN) has been registered and the version information are transmitted to the device.
- step S276 the device receives the write command described above, In S277, it is confirmed that the write flag (Writable Flag) of the DMIB is writable, and in step S278, the PRTIC (PRT Issuer Category): partition registration ticket (PRT) issuer in the received data is received.
- the category is written to the public key-based development key definition block (DKDB: Device Key Definition block (PUB) (see Fig. 16)), and the version information is written to the version area of the same program.
- DKDB Device Key Definition block
- step S279 the device determines whether or not PUB_CA (DEV): the public key data of the certification authority CA (DEV) that issues the public key corresponding to the device manager has been written. If not, in step S280, write PUB_CA (DEV), PARAM_DEV, CRL-DEV to the device key area (see Fig. 18). Next, the pointer, the size, and the number of free blocks in the device generated by the data writing are adjusted (S281), and a write completion notification is transmitted to the registration device (S282).
- PUB_CA DEV
- DEV the public key data of the certification authority CA
- CRL-DEV CRL-DEV
- the registration device that has received the write end notification determines in step S291 whether or not the device supports updating of the common key data.
- Some of the data stored in the device can be updated using the above-mentioned Data Update Ticket (DUT) (see Fig. 32) as the data to be updated.
- the data to be updated is as described above with reference to FIG.
- DUT Data Update Ticket
- either the common key method or the public key method is possible, and the device manager can use either the method or the method according to the device.
- the device manager If the device is a device that performs data update using the common key method, the device manager provides information necessary for data update processing using the common key method (ex. MAC key for the data update ticket (DUT), etc.). If the device is set in the device and the device does not perform symmetric key authentication, this information will not be stored in the device.
- step S292 the registration device sends a Kdut_DEVl: data update ticket (DUT) as a data update ticket (DUT) verification common key write command.
- Kdut— DEV2 Data update encryption key
- Kdut_DEV3 Data update ticket (DUT)
- Kdut_DEV4 Data update encryption key and their version information are sent to the device. I do.
- step S301 the device receives the above-described write command.
- step S302 the device confirms that the write flag (Writable Flag) of the DMIB is writable, and stores the received data in the device key area (FIG. 1). (See 8) (S303).
- step S304 adjustment of the position, size, and number of free tracks in the depice caused by the data writing are performed (S304), and a writing completion notification is transmitted to the registration device (S305).
- step S294 the registration device that has received the write end notification (S293) performs a data update process using a data update ticket (DUT) using a public key method. It is determined whether or not to support. As shown in FIG. 39, if the public key method is supported, steps S295 to S296 and S306 to S310 are executed.If the public key method is not supported, Steps are omitted.
- step S295 the registration device sends a DUTIC_DEV (DUT Issuer Category): Data Update Ticket (DUT) as a command to write a Data Update Ticket (DUT) issuer code. : Data Update Ticket) Sends the issuer category and version information to the device.
- DUTIC_DEV Data Update Ticket
- DUT Data Update Ticket
- step S306 the device receives the above-described write command.
- step S307 the device confirms that the write flag (Writable Flag) of the DMIB is writable.
- step S308 the device receives the write command. Evening is included in the public key device key definition block (DKDB (PUB): Device Key Definition Block (PUB)).
- DKDB public key device key definition block
- PMB Device Key Definition Block
- Write S308.
- the pointer, the size, and the number of free blocks in the device generated by the data writing are adjusted (S309), and a write completion notification is transmitted to the registration device (S310).
- the registration device that has received the write completion notification (S296) transmits a device manager (DM) initial registration completion command to the device in step S321.
- the device that has received the command (S331) verifies the mutual authentication, the partition registration ticket (PRT), and the data update ticket (DUT). In both cases, it is determined whether data that can execute either the public key method or the common key method has been set. If there is a shortage in these data, one of the processes cannot be executed, and the initial registration by the device manager is determined to be in error, and the process ends.
- step S332 mutual authentication, verification of the partition registration ticket (PRT), verification of the data update ticket (DUT), and at least one of the public key method and the common key method are performed. If it is determined that possible data has been set, in step S333, the device disables the write (Writable) flag of the device management information block (DMIB) (0x 0000), and sends a write end notification to the registration device (S334).
- PRT partition registration ticket
- DUT data update ticket
- step S334 the device disables the write (Writable) flag of the device management information block (0x 0000), and sends a write end notification to the registration device (S334).
- DMIB device management information block
- the registration device Upon receiving the write completion notification (S322), the registration device issues a command to read the write flag (Writable Flag) of the device management information block (DMIB: Device Management Information Block (DMIB) (see Fig. 15)) to the device. Send (S323).
- the device Upon receiving the command (S335), the device transmits a write flag (Writable Flag) in the device management information block (DMIB) in the memory of the device to the registration device (S336).
- the registered device that has received (S 324) the write flag (Writable Flag) in the device management information block (DM IB) has the write flag (Writable Flag) set to write disabled (0x00000000). Is determined. If the Writable Flag is not set to Writable (0 x 0 000) Indicates that the normal DM IB data write processing has not been completed, and ends the processing as an error. If the write flag (Writable Flag) is set to write-disabled (0x00000), the process ends as if normal DMIB data write processing was completed.
- Fig. 41 shows the Manufacturing Information Block, Device Management Information Block, and Public Key Device Key Definition (Device) described with reference to Fig. 6, Fig. 14 to Fig. 18. Key Definition Block (PUB)), Common Key Device Block (Device Key Definition Block), and Device Key Area. At this point, no partitions have been formed in the memory.
- device codes and the like as unique information of the device are written in the manufacturing information block (Manufacture Information Block).
- the information written in the Manufacturing Information Block, a part of the written information, or the arithmetic data obtained based on the written information corresponds to the device identifier (IDm).
- the device key area shown in the figure stores Kauth-DEV_B: a common key for two-way individual key authentication, and MKauth-DEV-A: one master key for two-way individual key authentication. These keys may not be stored unless there is a request for the device to perform the symmetric key authentication process. In addition, the device may not be able to store the Kprt: Partition Registration Ticket (PRT) MAC verification key. If the ticket verification process using the common key is not performed, the configuration may not be stored.
- PRT Partition Registration Ticket
- IRL_DEV Revocation List (Device ID) in which the device identifier (ID) of the excluded device (Device) is registered
- CRL_DEV Public key certificate identifier (ex. Serial) of the excluded device (Device) Regarding the Revocation List (Certificate) that has registered the Nampa: SN, if there is no device that has been repoked (excluded) at the time of issuing the device, or another source
- the configuration may be such that the relocation list is not stored.
- the device-compatible public key certificate (CERT DEV) is stored in the device key area (Device Key Area) (see Fig. 18), which is the memory area under the control of the device manager.
- the partition-compatible public key certificate (CERT PAR) is stored in the device key area. It is stored in the partition key area (Partition Key Area) (see Fig. 23), which is the memory area under the control of each partition manager.
- the public key certificate for the device (CERT DEV) is issued to the device via the registration authority under the jurisdiction of the device manager and issued by the certificate authority (CA for DM) (see Figs. 2 and 3). It manages the public key certificate (CERT DEV) issued by the procedure and issued by the registration authority of the device manager (database 222 (see Fig. 7)).
- the public key certificate (CERT PAR) corresponding to the partition is issued to the device by the public key certificate issued by the certificate authority (CA for PM) (see Figs. 2 and 3) via the registration authority under the jurisdiction of the partition manager. It executes the management (database 332 (see Fig. 9)) of the public key certificate (CERT PAR) issued by the granting procedure and issued by the registration authority of the partition manager.
- FIG. 4 shows the relationship between the issuing device (DM), the certification authority (CA), and the user device that extracted only the registration authority (RA) configuration of the device manager.
- the control means 222 has encryption processing means. The cryptographic processing is performed by executing a program related to the cryptographic processing under the control of the control unit (CPU (2111 in FIG. 8)).
- the left side is the CERT (Public Key Certificate) issuing device of the registration authority under the jurisdiction of the device manager, specifically, the processing of the control means 222 in the configuration diagram of the device manager shown in FIG. Is the processing of depay.
- CERT Public Key Certificate
- the CERT issuing device obtains the user information of the device for which the device corresponding public key certificate (CERTDEV) is to be issued, permits (determines) the issuance of the certificate, and issues the device to be issued. Establish a communication channel with The user information of the device to be issued a public key certificate corresponding to the DePies (CERTD EV) can be obtained, for example, from the data generated during the initial registration of the device. Alternatively, the user's name, address, telephone number, e-mail address, etc. may be separately obtained through another route. Note that the user information may be obtained from the device after setting the communication path with the device.
- the communication path may be secured as a communication path capable of transmitting and receiving data regardless of whether it is wired or wireless.
- step S355 the CERT issuing device transmits an authentication data generation command including a random number to the device.
- the device that has received the authentication data generation command (S361) applies the device private key (PR IDEV) to the combined data of the received random number R and the device identifier (IDm) to generate the digital signature (S).
- the generation process (see FIG. 12) is executed (S362).
- the device sends the device identification data (IDm) and signature (S) to the CERT issuing device.
- the CE RET issuing device Upon receiving the identification data (IDm) and the signature (S) from the device (S353), the CE RET issuing device uses the received device identification data (IDm) as a search key to retrieve the data—evening DB (DEV) 222 Get the stored device public key (PUBDEV) from. Further, the signature (S) is verified (see FIG. 13) by applying the obtained device public key (P UB DEV) (S355). If the verification is not successful, the data transmitted from the device is determined to be invalid data, and the process ends.
- IDm the received device identification data (IDm) as a search key to retrieve the data—evening DB (DEV) 222 Get the stored device public key (PUBDEV) from.
- the signature (S) is verified (see FIG. 13) by applying the obtained device public key (P UB DEV) (S355). If the verification is not successful, the data transmitted from the device is determined to be invalid data, and the process ends.
- the device is sent to the Certificate Authority (CA for DM) 610. Request issuance processing of the corresponding public key certificate (CERT DEV) (S357).
- the device manager receives the public key certificate (CERT DEV) for the device issued by the certificate authority 610 (S358) and transmits it to the device (S359).
- CERT DEV Depth-compatible public key certificate
- P UB CA DEV
- the device public key (PUB DEV) stored in the device-compatible public key certificate (CERT DEV) is compared with the device public key (PUB DEV) stored in the local device (S382). If they do not match, an error notification is executed. If they match, the received device-compatible public key certificate (CERT DEV) is stored in the device key area (see FIG. 18) (S383). Prior to the issuance of a device-compatible public key certificate (CE RT DEV), the public key (PUBDEV) generated by the own device is stored in this area, and a valid device-compatible public key certificate (C ERT DEV) is stored. At the time of issuance, it is stored as a process to overwrite with the public key certificate for certificate (CERT DEV).
- CE RT DEV device-compatible public key certificate
- C ERT DEV valid device-compatible public key certificate
- a storage end notification is transmitted to the CERT issuing device (S384).
- the CERT issuing device receives the storage process end notification (S371), confirms the storage success (S372), and ends the process. If the storage success cannot be confirmed, the process ends as an error.
- Fig. 45 is a diagram for explaining the process of sending and receiving data between the Depth Manager 200, the Device 100, and the Certificate Authority (CA) 6110 in the issuing process of the device-related public key certificate (CERT DEV). Show.
- the processing is executed in the order of Nos. 1 to 14 in FIG.
- the registration process of the bespoke child (IDm) is a process executed in the initial registration by the device manager.
- the procedure for issuing the device-compatible public key certificate is from process No. 3. 3. Acquisition of customer information from the device by the device manager, 4. Registration of customer information (not required if already registered) ), 5. Acquire the device identifier (IDm) from the device, 6. Perform a database search based on the acquired device identifier (IDm) to acquire the corresponding public key (PUB DEV), 7. Authentication processing between the device and the device manager. This processing was omitted in the processing in FIGS. 42 and 43, but in FIGS. 42 and 43, when the device identifier (IDm) was obtained from the device. Signature verification was performed, and authentication was omitted by confirming the transmission data of the communication partner. It is desirable to execute at least one or both of the signature verification in FIGS. 42 and 43 and the authentication in FIG. The details of the authentication process will be explained later in B.4.
- FIG. 46 shows the data storage configuration of each block of the memory after storing the device-compatible public key certificate (CERT DEV) in the device key storage area of the memory.
- FIG. 46 shows the manufacturing information block (Manufacture Information Block), device management information block (Device Management Information Block), and public key device key definition (Device Key) described with reference to FIGS. 6, 14 to 18. Definition Block (PUB)), common key device key definition block (Device Key Definition Block (Common) Indicates the Device Key Area. At this point, no partitions have been formed in the memory.
- the device key area (Device Key Area) shown in FIG. 46 stores a public key certificate (CERT DEV) corresponding to the Depice. Before issuing the device-compatible public key certificate (CERT DEV), this area stores the public key (PUB DEV) generated by the device and receives the device-compatible public key certificate (CERT DEV). Then, the overwriting process is performed by the public key certificate for the device (CERT DEV). If there are pointers, sizes, and management data due to this overwriting process, necessary changes are performed.
- CERT DEV public key certificate
- the process performed by the partition manager before starting to use the device includes the process of setting a partition in the memory of the device and the process of issuing a partitioning public key certificate (CERT PAR) to the device. is there.
- CERT PAR partitioning public key certificate
- the process of setting partitions includes mutual authentication between the device and the partition manager (device authentication or partition authentication), and validity verification of the partition registration ticket (PRT: Partition Registration Ticket).
- PRT Partition Registration Ticket
- the partition setting processing includes mutual authentication processing (device authentication or partition authentication) between the partition and the partition manager, and a partition registration ticket (PRT). ), And also describes these processes. I do.
- the partition setting registration / deletion processing flow shown in Fig. 47 will be described.
- the left side shows the partition creation / deletion device of the partition manager
- the right side shows the processing of the device (see Fig. 5).
- the partition creation / deletion device of the partition manager is a device (ex. A reader / writer or PC as a device access device) capable of processing data read / write to the device. Equivalent to evening.
- the outline of the partition creation and deletion processing will be described with reference to FIG. 47, and then the details of each processing included in this processing will be sequentially described using the flow of FIG.
- a mutual authentication process is performed between the partition creation / deletion device and the device.
- the two means of transmitting and receiving data mutually check whether the other party is the correct data communicator and then perform the necessary data transfer.
- the process of checking whether the other party is the correct data communicator is the mutual authentication process.
- One preferred data transfer method is a configuration in which a session key is generated at the time of mutual authentication processing, and the generated session key is used as a shared key to perform encryption processing and transmit data.
- Authentication Flag A flag that indicates whether mutual authentication with a device is necessary in the process of using a ticket.
- Authentication Type Mutual authentication type of the device (Public key authentication or Common key authentication, or any type (Any))
- the partition creation / deletion device sends a partition registration ticket (PRT) to the device.
- the partition registration ticket (PRT) is a ticket issued to the partition manager by the partition registration ticket (PRT) issuing means (PRT Issuer) managed by the device manager at the request of the partition manager.
- the partition registration ticket (PRT) is an access control ticket for a device, and has the data format configuration of FIG. 26 described above.
- the public key certificate (CERT_PRTI) of the partition registration ticket (PRT) issuing means PRT Issuer
- the attribute of the public key certificate (CERT—PRTI) of the PRT issuing means matches the identifier (PRTIC) of the partition registration ticket (PRT) issuing means (PRT User).
- the device that has received the partition registration ticket (PRT) (S412) executes the validity of the received ticket (PRT) and the user check processing (S413).
- the verification of the validity of the ticket is performed by applying either the MAC verification using the common key method or the signature verification processing using the public key method.
- the user check is a process of checking the validity of the device (ticket user) that has transmitted the ticket. Mutual authentication has been established, and the identification data of the authentication partner and the data recorded in the ticket are used. This is executed as processing to verify the match with the ticket user identifier (see Fig. 26). Details of these processes will be described later.
- the partition registration ticket (PRT) Notify the partition creation / deletion device of the reception error (S41.8). If it is confirmed that the ticket and the user are valid (Yes in S414), the partition is generated in the memory in the depice according to the rules described in the received partition registration ticket (PRT). , Or delete process. The details of this process will be described later using another flow.
- the partition registration ticket (PRT) if the partition creation or deletion processing is successful (Yes in S416), the PRT reception success is notified to the partition creation / deletion device (S417). ) On the other hand, if the creation or deletion of the partition fails (No in S416), a PRT reception error is notified to the partition creation / deletion device (S418).
- the partition creation / deletion device receives the PRT reception result (S404), determines the PRT processing result, and if the PRT reception result is an error (No in S405), ends the processing as an error. If the PRT reception result is successful (Yes in S405) and the process is partition generation, the partition initial data writing process (S406, S419) is executed. The initial data writing process will be described in detail later using another flow. If the write process of the partition initial data is completed, or if the PRT reception result is successful (Y es in S405) and the process is a partition deletion, a session clear command is sent and received (S404), determines the PRT processing result, and if the PRT reception result is an error (No in S405), ends the processing as an error. If the PRT reception result is successful (Yes in S405) and the process is partition generation, the partition initial data writing process (S406, S419) is executed. The initial data writing process will be described in detail later using another flow. If the write process of the partition initial data is completed, or
- the authentication table is a table generated in the mutual authentication processing in steps S401 and S410, and details thereof will be described later.
- the partition registration ticket (PRT) is used to create a new partition in the device or delete the created partition.
- the mutual authentication processing (S401, S410) included in this processing, the validity of the ticket and the user's check (S413), the partition generation and deletion processing (S411)
- FIG. 48 shows a processing flow of the mutual authentication processing.
- the left side shows the processing of the authentication device of the partition manager, and the right side shows the processing of the device (see FIG. 5).
- the authentication device of the partition manager is a device (ex. A reader / writer, a PC as a device access device) capable of reading and writing data to the device, and has a configuration corresponding to the reader / writer shown in FIG.
- the authentication device reads an authentication method required for using the partition registration ticket (PRT) from the ticket and determines the authentication method.
- the authentication mode is not limited to the authentication method described in the ticket.
- device authentication and partition authentication may be determined according to a method specified by an access device (ex. A redirector).
- the determined authentication method be A (1) to A (n).
- Various authentication processing modes are set in the partition registration or deletion processing to which the partition registration ticket (PRT) is applied. For example, registering partition settings requires device authentication for the device, and deleting a partition requires both device authentication and the partition authentication to be deleted. In this way, settings that require authentication of either one or both can be described in the partition registration ticket (PRT) according to the processing.
- the authentication method required for PRT use processing is described in the [Authentication Type] of the partition registration ticket (PRT), and the authentication device uses the authentication method required for using the partition registration ticket (PRT). Is read from the ticket and determined, and the authentication processing procedure is defined as A (i): A (1) to A (n).
- step S432 the first authentication processing method A (1) is read, and it is determined whether the authentication method of A (1) is device authentication or partition authentication (S433). Is executed (S434, S441), and in the case of partition authentication, partition authentication is executed (S435, S442). If authentication is not successful as a result of authentication processing with the device, the processing ends as an error. If the authentication is successful, i is incremented in step S437, and the process returns to step S433 to determine the next authentication method and execute authentication according to the method. Perform these processes from A (1) to A (n), and all If successful, proceed to the next step.
- the device authentication processing will be described with reference to the flow in FIG. In Fig. 49, the left side shows the processing of the device authentication device of the partition manager, and the right side shows the processing of the device (see Fig. 5).
- the device authentication device of the partition manager is a device that can read and write data to the device (ex. A reader / writer as a device access device, PC), and a reader / writer as a device access device shown in Fig. 10. It has a corresponding configuration.
- step S451 the device authentication device determines whether or not to apply a public key authentication method using a public key to the device authentication process based on the partition registration ticket (PRT). Depth authentication is performed using either the public key method or the common key method, and the ticket specifies the execution method.
- PRT partition registration ticket
- the processing in steps S452 to S455 and S461 to S465 in FIG. 49 is not performed, and the process proceeds to step S456.
- the device authentication device transmits a public key device authentication start command to the device in step S452.
- the device Upon receiving the command (S461), the device stores the public key certificate for the device (CERT DEV) by referring to the public key device key definition block (see Figure 16) in the memory section of the device. Is verified (S462). If the public key certificate (CERT DEV) for the device is not stored, the mutual authentication of the public key method cannot be executed, the error is determined and the process ends.
- the public key certificate issued by the certificate authority (CA (DEV)) corresponding to the device manager is used. Mutual authentication and key sharing are performed.
- FIG. Figure 50 shows a mutual authentication sequence using a public key cryptosystem, elliptic curve cryptography (ECC) with a length of 160 bits.
- ECC elliptic curve cryptography
- B first generates a 64 bit random number Rb and sends it to A. Upon receiving this, A generates a new 64-bit random number Ra and a random number Ak smaller than the characteristic p.
- Ra and Rb generate a digital signature for a total of 448 bits because the X and Y coordinates of Av are each 64 bits, and the X and Y coordinates of Av are each 160 bits.
- the user When using a public key certificate, the user verifies the electronic signature of the public key certificate using the public key of the public key certificate authority (CA) held by the user, and verifies the electronic signature. After successful authentication, extract the public key from the public key certificate and use the public key. Therefore, all users who use the public key certificate need to hold the public key of the common public key certificate issuing authority (C #). Note that the method of verifying the electronic signature has been described in FIG.
- B is calculated as BkxAv (Bk is a random number, but Av is a point on the elliptic curve, so scalar multiplication of the point on the elliptic curve is required), and ⁇ is Ak
- BkxAv Bk is a random number, but Av is a point on the elliptic curve, so scalar multiplication of the point on the elliptic curve is required
- ⁇ Ak
- the XBV is calculated, and the lower 64 bits of the X coordinate of these points are used as a session key for subsequent communication (when the common key encryption is a 64-bit key length common key encryption).
- the session key may be generated from the Y coordinate, and may not be the lower 64 bits. Note that in secret communication after mutual authentication, the transmitted data may not only be encrypted with the session key, but also may be digitally signed.
- the transmission data is encrypted by using the generated session key, and the mutual data communication is performed.
- the device determines in step S464 the CRL_DEV stored in the device key area (see FIG. 18) of the memory unit of the device: A lipocket that has registered the public key certificate identifier (eX. Serial number: SN) of the exclusion device (Device :) and exclusion device (a redirector as a device access device, a ticket user such as a PC, and a ticket issuing means).
- the Revocation List (Certificate) to verify whether the device authentication device that is the communication partner has been revoked. If the device authentication device has been revoked, it will not be possible to permit the partition creation process, so an error will occur. The process ends as one.
- step S465 the session key K ses generated in the mutual authentication and key sharing process and the communication partner (a reader / writer as a device access device constituting the device authentication device, a PC, etc.)
- the public key of the certificate The distinguished name (DN: Distinguished Name), the serial number, and the category in the certificate are stored in the authentication table that associates the device manager code (DMC) as a key.
- DMC device manager code
- step S454 the device authentication apparatus also checks whether the device has not been re-poked.
- CRL_DEV Excluded device (Device), Excluded device (Reader / writer as device access device, ticket user such as PC, ticket issuing means) of Judge by referring to the Revocation List (Certificate) in which the public key certificate identifier (ex. Serial number: SN) is registered.
- the device authentication device can obtain the repock list (CR DEV) from the registration authority (RA (PAR)). If revoked, the partition generation processing cannot be permitted, so the processing ends as an error.
- step S455 the session key K ses generated in the mutual authentication and key sharing process, the distinguished name (DN: Distinguished Name) in the public key certificate of the communication partner (device), and the serial number
- the numbers and categories are stored in an authentication table that associates the device manager code (DMC) as a key.
- DMC device manager code
- FIG. 51 shows an example of an authentication table generated in the device
- FIG. 52 shows an example of an authentication table generated in a reader / writer (PC also possible) as a device access device as an authentication device.
- Figure 51 shows an example of an authentication table generated in the device at the end of device authentication and the authentication of partitions 1 and 2 as the partition authentication described later.
- a device manager DMC
- PMC partition manager code
- data is stored according to each authentication method executed. Is done.
- the session key K ses and the identifier (ID RW) of the communication partner (a reader / writer as a device access device) are stored.
- the authentication table is destroyed when the session is cleared.
- the device can check the authentication status of the device and each partition by referring to the information in the table, and can check the session key to be used.
- FIG. 52 shows an authentication table on the reader / writer side as a device access device.
- This example is also an example of the authentication table at the time when the authentication of the partitions 1 and 2 as the device authentication and the partition authentication is completed.
- Basic structure The configuration is the same as the authentication table in the device.
- the device manager code (DMC) for device authentication and the partition manager code (PMC) for partition authentication are recorded.
- Each data is stored by each executed authentication method.
- the session key K ses, the distinguished name (DN: Distingui shed Name) in the public key certificate of the communication partner (device), the serial number, and the category are the same as described above.
- the session key K ses and the identifier (IDRW) of the communication partner (device) are stored.
- the authentication table on the reader / writer side is also destroyed when the session is cleared.
- On the reader / writer side as a device access device it is possible to determine the presence or absence of the authentication status of the device and partition by referring to the information in the authentication table, and it is possible to confirm the session key to be used.
- the device authentication device determines in step S451 that the device authentication method is not the public key method
- the device authentication device outputs a common key device authentication command to the device in step S456.
- the device Upon receiving the command (S466), the device refers to the common key device key definition block (see Fig. 16) in the memory section of the device (see Fig. 16), and the master for bidirectional individual key authentication used for common key authentication. It verifies whether the key (MKauth-DEV) is stored (S467). If the master key for two-way individual key authentication (MKauth-DEV) is not stored, mutual authentication using the common key method cannot be executed, the error is determined and the process ends.
- MKauth-DEV the master key for two-way individual key authentication
- a and B are entities that perform common key authentication using a master key, and A has its own identifier IDa, two-way individual key authentication common key Ka, and two-way individual key. It has a key authentication master key MKb, where B is its own identifier IDb, two-way individual key authentication common key Kb, and two-way individual key authentication mask. It has a master key MK a.
- the DES algorithm (ex.DES, triple DES) is used as the common key cryptosystem, but if a similar common key cryptosystem is used, other cryptosystems can be applied. Is also possible.
- B generates a 64-bit random number Rb, and sends Rb and its own ID, IDb, to A.
- A Upon receiving this, A generates a new 64-bit random number Ra, and performs bidirectional individual key authentication symmetric key K Get b. Further, using the keys Ka and Kb, the data is encrypted in the CBC mode of DESS in the order of Ra, Rb, IDa, and IDb, and is returned to B together with its own identifier IDa.
- B Upon receiving this, B first obtains the bidirectional individual key authentication common key Ka by performing IDa DES encryption processing using the bidirectional individual key authentication master key MKa. Furthermore, the received data is decrypted with the keys Ka and Kb. It verifies that Rb and IDb among Ra, Rb, IDa, and IDb obtained by decoding match those transmitted by B. If this verification passes, B authenticates A as valid.
- B generates a 64-bit random number K ses to be used as a session key, and uses the keys Kb and Ka to generate R C, C D C Encrypts the data and sends it back to A.
- A decrypts the received data with the keys Ka and Kb. It verifies that Ra, Rb, IDa, and IDb obtained by decryption match those transmitted by A. If it passes, A authenticates B as valid. After mutually authenticating each other, the session key K ses is used as a common key for secret communication after authentication.
- FIG. 54 is a diagram for explaining a flow of the process of common key authentication using a master key associated with data stored in the system of the present invention.
- a reader / writer (R / W) as a device access device generates a 64-bit random number Rb and sends Rb and its own ID rw to the device (Dev ice). I believe.
- Ra Generates Ra, and obtains a bidirectional individual key authentication common key Kauth—DEV_A by performing DES encryption processing of ID rw using the bidirectional individual key authentication master key MKauth—DEV_A.
- the data is encrypted in the order of Ra, Rb, and ID rw, for example, in the DES—CBC mode as the encryption algorithm, and the device is encrypted with its own identifier IDm. Return to the reader / writer (R / W) as the access device.
- the reader / writer (R / W) Upon receiving this, the reader / writer (R / W) first uses the two-way individual key authentication master-key MKauth-DEV-B to generate a common key for two-way individual key authentication through I 0 ⁇ 1 0 ES encryption processing. Kauth—Get DEV_B. Furthermore, the received data is decrypted using the key Kauth-DEV_A and Kauth-DEV_B. Verify that the decrypted Rb and ID rw match the ones transmitted by the reader / writer (R / W) as the device access device. If this verification is passed, the reader / writer (R / W) authenticates the device (Device) as valid.
- the reader / writer (R / W) generates a 64-bit random number K ses to be used as a session key, and uses the common keys for bidirectional individual key authentication Kauth—DEV_A and Kauth_DEV_B to generate Rb, Ra,
- the data is encrypted using, for example, Tribble DES mode as a DES algorithm, and sent back to the device (Device).
- the device receiving this decrypts the received data with the common key Kauth-DEV_A, Kauth-DEV_B for bidirectional individual key authentication. Verify that the decrypted Ra, Rb, and ID rw match those transmitted by the device (Device). If the verification passes, the device (Device) authenticates the reader / writer (R / W) as valid, and after authentication, uses the session key Ksession as a common key for secret communication.
- IDm as the device unique value
- a value based on the data stored in the device manager management area can be applied as described above using the device memory format of FIG.
- the communication partner's individual key generated by executing the processing based on the communication partner's master key and its own Two keys are set as a common key, and the two This is a configuration in which mutual authentication is performed by the common key method using the same key, so that a more secure authentication system and A method is implemented.
- the device stores in the device key area (see FIG. 18) of the memory portion of the device in step S469.
- IRL_DEV Revocation List (ID) in which the identifiers (IDs) of rejected devices (Devices) and rejected devices (rewriters as device access devices, ticket users such as PCs, and ticket issuing means) are registered. With reference to)), verify that the authentication device that is the communication partner is not re-poked. If so, the partition creation process cannot be permitted, and the process ends as an error.
- step S470 the session key K ses generated in the mutual authentication and key sharing process and the communication partner (a reader / writer as a device access device constituting the device authentication device, a PC, etc.)
- the identification information (ID rw) is stored in the authentication table (see Fig. 51) that is associated with the device management code (DMC) as a key.
- step S458 the device authentication device also checks whether the device has been revoked.
- I RL_DEV Excluded device (Device), Excluded device (Reader / Writer as device access device, Ticketer such as PC, Ticketer, etc.)
- ID the Revocation List
- the device authentication device can acquire the relocation list (IRL_DEV) from the registration authority (RA (PAR)). If revoked, the partition creation process cannot be permitted, so the process ends as an error.
- step S459 the session key K ses generated in the mutual authentication and key sharing process and the identification information (IDm) of the communication partner (device) are keyed to the device manager code (DMC).
- DMC device manager code
- the above processing is based on the device access devices under the control of the partition manager. This is a device authentication process executed between the reader / writer and the device. Next, the partition authentication processing executed in steps S435 and S442 of FIG. 48 will be described with reference to FIGS.
- the partition registration processing executed in steps S435 and S442 of FIG. 48 will be described with reference to FIGS.
- the partition registration processing executed in steps S435 and S442 of FIG. 48 will be described with reference to FIGS.
- the partition registration or deletion processing of the partition to which the partition registration ticket is applied either the device authentication or the partition authentication or the authentication of both is required depending on the processing as described above. .
- These settings are described in the partition registration ticket (PRT). If the partition registration ticket (PRT) has a description to execute the partition authentication, the partition authentication is executed.
- FIGS. 55 and 56 Each step of the processing port in FIGS. 55 and 56 will be described.
- the partition authentication device of the partition manager is a device (ex. A reader / writer as a device access device, a PC) that can read and write data to the device, and corresponds to the reader / writer as a device access device in FIG. Having a configuration.
- step S471 the partition authentication device outputs a partition A existence check command for executing the existence check of the partition A to be authenticated to the decompiler.
- the device that has received the command (S4801) checks whether or not partition A exists in the memory part of the device (S4882).
- a partition manager code PMC
- the depice determines the presence or absence of a partition based on, for example, a PMC stored in a partition definition block (PDB). be able to.
- PDB partition definition block
- the partition authentication device that has received the check result verifies the check result (S473), and if the result that the partition does not exist is received, authentication is not possible. End the error. If the check result indicates that a partition exists, the partition authentication device uses the public key for the partition authentication process based on the partition registration ticket (PRT) in step S474. It is determined whether to apply the key authentication method. Partition Similar to the depth authentication described above, the authentication is performed by either the public key method or the common key method, and the specification of the execution method is described in the ticket. If the common key method is specified, the processing in steps S475 to S478 and S484 to S488 in FIG. 55 is not performed, and the process proceeds to step S491.
- the partition authentication device transmits a public key partition A authentication start command to the device in step S475.
- the device Upon receiving the command (S484), the device refers to the public key type partition key definition block (see Figure 21) in the memory part of the device, and refers to the public key certificate (C ERT PAR) corresponding to the partition A. It is verified whether or not is stored (S485). If the public key certificate corresponding to partition A (CERTP AR) is not stored, mutual authentication of the public key method cannot be executed, the error is determined and the process ends.
- the public key certificate used for partition authentication is a public key certificate issued by a partition manager compatible certificate authority (CA (PAR)), and the signature verification of this public key certificate requires the partition manager compatible certificate.
- the public key (PUB CA (PAR)) of the bureau (CA (PAR)) is used.
- the public key (PUB CA (PAR)) is stored in the partition key area (see Figure 23). In such a mutual authentication process, transmission data is encrypted using the generated session key, and data communication is performed with each other.
- CRL_PAR Excluded device (Device), public key certificate identifier of exempt device (reader / writer as device access device, ticket user such as PC, ticket issuing means) (ex. Refer to the Revocation List (Certificate) that has registered the Real Nampa: SN to verify that the partition authentication device that is the communication partner has not been re-poked. Since the process of creating or deleting a partition cannot be permitted, the process ends as an error.
- step S488 the session key K ses generated in the mutual authentication and key sharing process and the communication partner (a reader / writer as a device access device constituting the partition authentication device, a PC, etc.)
- the distinguished name (DN: Distinguished Name), serial number, and category in the public key certificate are stored in an authentication table that associates the partition manager code (PMC) as a key.
- step S 477 the partition authentication device also checks whether the device has not been re-reported.
- CRL_PAR Excluded device (Device), Excluded device (Reader writer as device access device, ticket user such as PC, ticket issued
- the method is determined by referring to a Revocation List (Certificate) in which the public key certificate identifier (ex. Serial number: SN) of the method is registered.
- the device authentication device can obtain the repock- ment list (CRL_PAR) from the registration authority (RA (PAR)). If it has been re-poked, the partition creation or deletion processing cannot be permitted, so the processing ends as an error.
- step S478 the session key K ses generated in the mutual authentication and key sharing process, the distinguished name (DN: Distinguished Name) in the public key certificate of the communication partner (depice), and the serial The number and category are stored in an authentication table that associates the partition manager code (PMC) with the key.
- PMC partition manager code
- FIG. 51 an authentication table shown in the device
- FIG. 52 an authentication table shown in FIG. 52 is generated in a reader / writer (PC is also possible) as a device access device as a partition authentication device.
- FIGS. 51 and 52 show examples of the authentication table generated in the device at the time when the device authentication and the authentication of partitions 1 and 2 as the partition authentication are completed and in the reader / writer as the depth access device.
- partition management code PMC
- Each type of authentication that was recorded and performed stores its own data.
- the session key K ses, the distinguished name (DN: Distinguished Name) in the public key certificate of the communication partner, the serial number, and the category are stored in a table and shared.
- the session key K ses and the identifier of the communication partner are stored.
- the authentication table is destroyed when the session is cleared.
- the reader / writer as a device and device access device can confirm the authentication status of the device and each partition by referring to the information of the table, and can confirm the session key to be used.
- the partition authentication device determines in step S474 that the partition authentication method is not the public key method, the partition authentication device outputs a common key partition A authentication command to the device in step S491.
- the device receives the command (S501)
- it refers to the common key system pass block in the memory section of the device (see Fig. 22) and performs two-way individual key authentication used for common key authentication.
- It verifies whether the master key for use (MKauth-PAR_A) is stored (S502). If the master key for two-way individual key authentication (MKauth—PAR_A) is not stored, mutual authentication using the common key method cannot be executed, and an error is determined and the process ends.
- step S492 and S503 mutual authentication and key sharing using one master key are performed. Is executed.
- Mutual authentication and key sharing processing using the common key method are the same as those described with reference to FIGS. 53 and 54 in the previous device authentication, and therefore description thereof is omitted.
- the key to be applied in the case of partition authentication is defined in the partition key definition block (see Fig. 22), and the common key for two-way individual key authentication (see Fig. 23) stored in the no-key key area (see Fig. 23). Kauth_PAR_B) and master key for two-way individual key authentication (MKauth—PAR_A).
- step S504 the partition key area of the memory part of the device (see FIG. 23) IRL_PAR stored in): Rejected device (Device), Refer to the Revocation List (ID) in which the identifier (ID) of the excluded device (reader / writer as device access device, ticketer such as PC, ticket issuing means) is registered, and Verify that a partition authentication device has not been revoked. If it is re-poked, the process of generating or deleting the partition cannot be permitted, so the process ends as an error.
- step S505 the session key K ses generated in the mutual authentication and key sharing process and the communication partner (a reader / writer as a device access device constituting the device authentication device, a PC, etc.)
- the identification information (ID rw) is stored in an authentication table (see Fig. 51) that is associated with the partition management code (PMC) as a key.
- the partition authentication device also checks whether the device has not been re-reported.
- I RL_PAR Excluded device (Device), Excluded device (Rewriter / writer as device access device, ticket user such as PC, ticket Judgment is made by referring to the Revocation List (ID) in which the identifier (ID) of the issuing means is registered.
- the partition authentication device can obtain the revocation list (IRL_PAR) from the registration authority (RA (PAR)). If revoked, partition creation or deletion processing cannot be permitted, and the processing ends with an error.
- step S494 the session key K ses generated in the mutual authentication and key sharing process and the identification information (IDm) of the communication partner (device) are keyed to the partition manager code (DMC).
- DMC partition manager code
- the above processing is the partition authentication processing executed between the device and the reader / writer as the device access device under the control of the partition manager. Through such mutual authentication, authentication between the device or partition and the reader / writer as the device access device is established, sharing of the session key is achieved, and encrypted communication using the session key of communication data becomes possible.
- the ticket validity and user check processing described below are performed in accordance with the other tickets, that is, the file registration ticket (FRT: File Registration Ticket), the service permission ticket (SPT: Service Permission Ticket), The device access process using a data update ticket (DUT: Data Update Ticket) is a process that is also performed as needed, as needed.
- the flows in Figs. 57 and 58 are common to each ticket. It is configured as a processing flow.
- the validity of the ticket and the user check process are based on the ticket received from the ticket user ( ex . Reader / writer as a device access device, PC, etc.) executing the communication with the device (see Figure 5). ) Is the processing to be executed. After confirming the validity of the ticket and the validity of the user who is the ticket and the ticket user (ex. A reader / writer as a device access device, PC, etc.) in the user check process, the device is described in the ticket. Allow processing within the specified limits.
- step S 511 in FIG. 57 the device receiving the ticket from the ticket user (ex. A reader / writer as a device access device, a PC, etc.) verifies the ticket type, and the ticket is registered in the partition registration ticket (step S 511).
- PRT Partition Registration Ticket
- the ticket type is recorded for each ticket (see Fig. 26, Fig. 27, Fig. 28, Fig. 31 and Fig. 32). If the ticket type is a partition registration ticket (PRT: Partition Registration Ticket), execute steps S512 to S514 to execute the partition registration ticket (PRT: If it is not a Partition Registration Ticket), go to step S515.
- step S512 the Integrity Check Type (Ticket) described in the ticket is used. It is determined whether the setting of the type of validity verification value (public key system (Public) / common key system (Co-band)) is public key system (Public).
- Public public key system
- Co-band common key system
- step S513 If the type (Integrity Check Type) of the validity verification value is the public key method (Public), the process proceeds to step S513 to execute various processes.
- the processing executed in step S513 is as follows. First, the public key certificate of the ticket issuer (Ticket Issuer) using the public key PU BCA (DEV) of the certificate authority (CA (DEV)) corresponding to the device manager is used. C ERT) verification process.
- the partition registration ticket is used.
- the public key certificate (CERT_PRTI) of the PRT Issuer (PRT Issuer) is also sent to the device.
- the attribute of the public key certificate (CERT_PRTI) of the PRT issuing means matches the identifier (PRTIC) of the partition registration ticket (PRT) issuing means (PRT User).
- the public key certificate (see Fig. 11) has a signature executed with the private key of the CA (DEV) corresponding to the device manager. )) Is verified using the public key PUB CA (DEV).
- the signature generation and verification are executed, for example, as processing according to the flow of FIGS. 12 and 13 described above. By this signature verification, it is determined whether the ticket issuer's public key certificate (CERT) is a legitimate public key certificate (CERT) that is not falsified.
- step S513 the user's power recorded in the option area of the public key certificate (CERT) of the ticket issuing means, whose validity has been confirmed by signature verification, is determined. It is determined whether the code as the category matches the ticket issuing means code (PRT IC: PRT Issuer Code) recorded in the DKDB (Device Key Definition Block) (PUB) in the device.
- PRT IC PRT Issuer Code
- the public key certificate includes a ticket issuer (PRT, FRT, SPT, etc.) as a means for issuing each ticket.
- Affiliation code in this case, PRT IC (PRT Issuer Code) is recorded.
- PRTIC PRT Issuer Code
- DKDB Device Key Definition Block
- the device uses the CRL_DEV (excluded device (Device), excluded device (rewriter / writer as a device access device, a ticket such as a PC, etc.) stored in the device key area (see Fig. 18) in the memory section of the device.
- the Ticket Issuer refers to the Revocation List (Certificate) that has registered the public key certificate identifier (ex. Serial number: SN) of the ticket issuer. It is determined whether or not re-poke has been performed.
- the signature recorded in the partition registration ticket (11) (see FIG. 26), which is the reception ticket, that is, the integrity check value (validity verification value of the ticket (Ticket)) (public key method: Signature) )))
- the integrity check value validity verification value of the ticket (Ticket)
- public key method public key method: Signature
- the public key certificate (CERT) of the ticket issuer (Ticket Issuer) is a valid public key certificate (CERT) that is not falsified
- the ticket issuer (Ticket Issuer) ) In the optional area of the public key certificate (CERT) and the ticket issuing means code (PRTIC: PRT Issuer Code) recorded in the DKDB (Device Key Definition Block) (PUB) in the device.
- PRTIC: PRT Issuer Code PRTIC: PRT Issuer Code
- PRTIC PRT Issuer Code
- step S512 the Integrity Check Type (the type of the validity verification value of the ticket (Public) / the common key method (Co on)) described in the ticket If it is determined that the setting is the common key method (Common), the process proceeds to step S 5 14 to perform MAC (Message Authentication Code) verification.
- the device performs the MAC verification process on the ticket using the MAC key for the MAC of the partition registration ticket (PRT) stored in the device key area (see Figure 18) of the device: Kprt.
- Fig. 59 shows an example of MAC value generation using the DES encryption configuration.
- the target message is divided into 8-byte units (hereinafter, the divided messages are referred to as M1, M2, ..., MN).
- I1 is entered into the DES encryption unit, and is encrypted using a MAC verification key: Kprt (output is E1).
- E1 and M2 are exclusive-ORed, and the output I2 is input to the DES encryption unit, and is encrypted using the key Kprt (output E2).
- E2 Message Authentication Code
- the same ICV (Integrity Check Value) generated by the data transmitting side at the time of data generation and the ICV generated by the data receiving side based on the received data, the same ICV If it is obtained, it is guaranteed that the data has not been tampered with. If the ICVs are different, it is determined that the data has been tampered with.
- the I CV generated at the time of data generation by the data transmitting side which is guaranteed to be falsified, is the PRT I CV as described in the description of the format of the partition registration ticket (PRT) in FIG. (Integrity Check Value) field. Compare the I CV generated by the device with the I CV stored in the reception ticket (PRT). If they match, it is determined that the ticket is valid. If they do not match, it is determined that the ticket has been tampered with, and the processing using the ticket is stopped.
- the above processing completes the ticket verification processing when the Integrity Check Type described in the ticket is the common key method.
- step S511 If it is determined in step S511 that the ticket type is not a partition registration ticket (PRT: Partition Registration Ticket), the ticket type is verified in step S515 and the ticket is identified as a file registration ticket (PRT). FRT: File Registration Ticket).
- PRT Partition Registration Ticket
- step S516 is executed. If the ticket type is a file registration ticket (FRT: File Registration Ticket), steps S516 to S518 are executed. If the ticket type is not a file registration ticket (FRT: File Registration Ticket), step S516 is executed. Go to 5 1 9 If the ticket type is a file registration ticket (FRT: File Registration Ticket), in step S516, the type of the Integrity Check Type (validity verification value of the ticket (Ticket) described in the ticket (public It is determined whether the setting of the key method (Public) / common key method (Common))) is the public key method (Public). If the type (Integrity Check Type) of the validity verification value is the public key method (Public), the process proceeds to step S 5 17 to execute various processes.
- FRT File Registration Ticket
- step S 517 The processing executed in step S 517 is as follows. First, the public key certificate of the ticket issuer (Ticket Issuer) using the public key PUB CA (PAR) of the certificate authority (CA (PAR)) corresponding to the partition manager. This is the verification process of the certificate (CERT).
- the file registration ticket (FRT) issuance means (FRT Issuer)
- the public key certificate (CERT_FRTI) of (FRT Issuer) is also sent to the device.
- the attribute of the public key certificate (CERTJRTI) of the FRT issuing means matches the identifier (FRTIC) of the file registration ticket (FRT) issuing means (FRT Issuer).
- the public key certificate (see Fig. 11) has a signature executed with the private key of the CA (PAR) corresponding to the partition manager. Verification is performed using the public key PUB CA (PAR) of the certification authority (CA (PAR)) corresponding to Yong Manager.
- the signature generation and verification are executed, for example, as processing according to the flow of FIGS. 12 and 13 described above. This signature verification determines whether the ticket issuer's public key certificate (CERT) is a legitimate public key certificate (CERT) that is not falsified.
- step S 517 the user's belonging code recorded in the option area of the public key certificate (CERT) of the ticket issuing means, whose validity has been confirmed by signature verification, and the PKD B ( It is determined whether or not it matches the ticket issuer code (FRTIC: FRT IssuerCode) recorded in the Partition Key Definition Block (PUB).
- CERT public key certificate
- FRTIC FRT IssuerCode
- the public key certificate includes a ticket issuer (PRT, FRT, SPT, etc.) which is a means for issuing each ticket.
- Affiliation code in this case, FRT IC (FRT Issuer Code).
- FRT IC FRT Issuer Code
- FRTIC FRT Issuer Code
- the device uses CRL_PAR (rejected device (Device), rejected device (reader / writer as device access device, ticket user such as PC, ticket user, etc.) stored in the partition key area (see Figure 23) in the memory part of the device.
- the ticket issuer (Ticket Issuer) is revoked with reference to the revocation list (Certificate) in which the public key certificate identifier (ex. Serial number: SN) of the issuer is registered. Determine if there is any.
- the signature recorded in the file registration ticket (FRT) (see Fig. 27), which is the reception ticket, that is, the Integrity Check Value (validation value of the ticket (public key method: Signature))
- FRT file registration ticket
- Fig. 27 the Integrity Check Value (validation value of the ticket (public key method: Signature))
- the signature verification is executed in accordance with the same sequence as the flow of FIG. 13, for example, similar to the signature verification of the public key certificate.
- the public key certificate (CERT) of the ticket issuer is (2) The code recorded in the optional area of the public key certificate (CERT) of the ticket issuer (Ticket Issuer) and the validity of the public key certificate (CERT) Matching of ticket issuing means code (FRTIC: FRT Issuer Code) recorded in PKDB (Partition Key Definition Block) (PUB), (3) Ticket issuing means (Ticket Issuer) is not revoked, ( 4) Verify the signature of the received ticket (FRT) to confirm that the ticket is not falsified. On the condition that all the above confirmations have been made, the validity verification of the file registration ticket (FRT) shall be successful.
- step S518 the setting of Integrity Check Type (the type of the validity verification value of the ticket (Public) / Public key (Common)) described in the ticket is changed. If it is determined that the secret key system (Co-band) is used, the process proceeds to step S518 to execute MAC (Message Authentication Code) verification.
- the device uses the file registration ticket (FRT) MAC verification key: Kfrt stored in the partition key area of the device (see Fig. 23) to execute the MAC verification process on the ticket.
- the MAC verification processing is executed according to the MAC value generation processing using the DES encryption processing configuration of FIG. 59 described above.
- the same ICV Integrity Check Value
- the ICV generated by the data sender at the time of data generation is described in the FRT I CV (Integrity Check Value) field.
- the ICV generated by the device is compared with the ICV stored in the received ticket (FRT). If they match, it is determined that the ticket is valid. If they do not match, the ticket has been tampered with. Judge and cancel the process using the ticket.
- the Integrity Check Type described in the ticket by the above processing is the common key method. If, the file registration ticket (FRT) verification process is completed.
- FRT file registration ticket
- step S515 If it is determined in step S515 that the ticket type is not a file registration ticket (FRT: File Registration Ticket), the ticket type is verified in step S519 to determine that the ticket is a service permission ticket (FRT).
- FRT File Registration Ticket
- SPT Service Permission Ticket
- step S520 the type of the Integrity Check Type (validation value of the ticket) described in the ticket It is determined whether the setting of (public key method (Public) / common key method (Common))) is the public key method (Public).
- the process proceeds to step S521, and various processes are executed.
- the process executed in step S521 is as follows. First, the public key certificate (Ticket Issuer) of the ticket issuer (Ticket Issuer) using the public key PUB CA (PAR) of the partition manager compatible certificate authority (CA (PAR)) CERT) verification process.
- Service permission ticket When transmitting a ticket (Ticket) issued by an issuance means (SPT Issuer) to a ticket user, in the case of the public key method, a service permission ticket (SRT)
- the public key certificate (CERT_SPTI) of the issuing means (SPT Issuer) is also sent to the device. Note that the attribute (Attribute) of the public key certificate (CERT_SPTI) of the SPT issuing means matches the identifier (SPTIC) of the service permission ticket (SPT) issuing means (SPT Issuer).
- the public key certificate (see Fig. 11) has a signature executed with the private key of the CA (PAR) corresponding to the partition manager, and this signature is used to transfer the signature to the CA (CA (PAR)). PAR)) using public key PUB CA (PAR).
- the signature generation and verification are executed, for example, as processing in accordance with the flow of FIGS. 12 and 13 described above. This signature verification ensures that the ticket issuer's public key certificate (CERT) is not a falsified legitimate public key certificate (CERT). Is determined.
- step S521 the user's belonging code recorded in the option area of the public key certificate (CERT) of the ticket issuing means that has been verified by signature verification and the file definition block ( Judge whether or not it matches the ticket issuing means code (SPTIC: SPT Issuer Code) recorded in FDB: File Definition Block.
- CERT public key certificate
- SPTIC SPT Issuer Code
- the public key certificate includes a ticket issuer (PRT, FRT, SPT, etc.) as a means for issuing each ticket.
- Affiliation code in this case, SPT IC (SPT Issuer Code).
- SPTIC SPT Issuer Code
- FDB File Definition Block
- the device uses CRL_PAR (Excluded Device (Device), Excluded Device (Reader / Writer as device access device, Ticket User such as PC, etc.) stored in the partition key area (see Figure 23) in the memory section of the Device.
- the ticket issuance means (Ticket Issuer) is reported by referring to the revocation list (Revocation List (Certificate)) in which the public key certificate identifier (ex. Serial number: SN) of the issuance means is registered. Determine if there is any.
- the signature recorded in the service authorization ticket (SPT) (see Fig. 28 and Fig. 31), which is the received ticket, that is, the integrity check value (validity verification value of the ticket (Ticket) (public key method: Verification of the signature (Signature) is performed to confirm that the ticket has not been tampered with.
- the signature verification is the same as the signature verification of the public key certificate, for example, a sequence similar to the flow in FIG. It is executed according to.
- the public key certificate (CERT) of the ticket issuer (Ticket Issuer) is a valid public key certificate (CERT) that is not falsified
- the ticket issuer (Ticket Issuer) ) In the optional area of the public key certificate (CERT) and the ticket issuing means code (SPT IC: SPT Issuer Code) recorded in the FDB (File Definition Block) in the device.
- SPT IC SPT Issuer Code
- Match (3) ticket (4) Confirm that the Ticket Issuer has not been revoked, and (4) Verify that the ticket has not been tampered with by verifying the signature of the received ticket (SPT).
- SPT Service Definition Block
- step S520 the setting of the Integrity Check Type (the type of the validity verification value of the ticket (Ticket) (public key method (Public) / common key method (Common))) described in the ticket is common. If it is determined that the key method (Cowake on) is used, the process proceeds to step S522 to perform MAC (Message Authentication Code) verification.
- the device performs the MAC verification process of the ticket using the service verification ticket (SPT) MAC verification key: Kspt stored in the device file definition block (see Fig. 24).
- SPT service verification ticket
- the MAC verification processing is executed according to the MAC value generation processing using the DES encryption processing configuration of FIG. 59 described above.
- the same ICV can be obtained. In this case, it is guaranteed that the data has not been tampered with. If the ICVs are different, it is determined that the data has been tampered with.
- the ICV generated at the time of data generation by the data sender which is guaranteed not to have been tampered with, is described in the description of the format of the service permission ticket (SPT) in Fig. 28 and Fig. 31. I Stored in the CV (Integrity Check Value) field.
- the ICV generated by the device is compared with the ICV stored in the received ticket (SPT). If they match, the ticket is judged to be valid. If not, the ticket is tampered. Judge and stop the process using the service permission ticket (SPT). With the above processing, the service permission ticket (SPT) verification processing when the Integrity Check Type described in the service permission ticket (SPT) is a common key method is completed.
- step S519 If it is determined in step S519 that the ticket type is not a service permission ticket (SPT: Service Permission Ticket), the process proceeds to step S523. Then, the ticket type is verified and it is determined whether or not the ticket is a data update ticket-DEV (DUT: Data Update Ticket (DEV)) (see FIG. 32).
- the update ticket (DUT) is an access permission ticket for updating various data stored in the memory of the device, and is used to update the management data of the device manager.
- DUT Data update ticket
- DUT data update ticket-PAR
- PAR data update ticket-PAR
- step S524 executes steps S524 to S528 to execute the data update ticket (DEV) (DUT: Data Update Ticket (DEV)). If not, go to step S529.
- step S524 the type of the Integrity Check Type (validation value of the ticket) described in the ticket It is determined whether the setting of (Public key method (Public) / Common key method (Co-hidden)) is the public key method (Public).
- step S525 When the type (Integrity Check Type) of the validity verification value is the public key method (Public), the process proceeds to step S525 to execute various processes.
- the process executed in step S525 is as follows. First, the public key certificate (C ERT) of the ticket issuer (Ticket Issuer) using the public key PU BCA (DEV) of the certificate authority (CA (DEV)) corresponding to the device manager. ) Verification process.
- Data update ticket-DEV (DUT (DEV))
- DUT Data update ticket-DEV
- the public key certificate (CERT_DUTI) of the ticket (DUT) issuer (DUT Issuer) is also sent to the device.
- the attribute of the public key certificate (CERT_DUTI) of the DUT issuing means is the ticket issuing means code (DUTIC_DEV) recorded in the DKD B (PUB) (Device Key Definition Block) (PUB) in the device. ID (DUTIC).
- a public key certificate contains a device manager-compatible certificate authority (CA (DE V))
- CA device manager-compatible certificate authority
- the signature executed with the private key is added, and this signature is verified using the public key PUB CA (DEV) of the certificate authority (CA (DEV)) corresponding to the depth manager.
- the signature generation and verification are executed, for example, as processing according to the flow of FIGS. 12 and 13 described above. This signature verification determines whether the ticket issuer's public key certificate (CERT) is a legitimate public key certificate (CERT) that is not falsified.
- step S525 the user's belonging code recorded in the option area of the public key certificate (CERT) of the ticket issuing means verified by signature verification and the DKDB (PUB) in the device Judge whether it is the same as the ticket issuing means code (DUTIC-DEV: MT Issuer Category for Device) recorded in (Device Key Definition Block) (PUB).
- CERT public key certificate
- PUBBER-DEV MT Issuer Category for Device
- the public key certificate has a ticket issuing means (Ticket issuing means) (PRT, FRT, SPT, DUT). Issuer) belonging code, in this case, DUT IC (DUT Issuer Code).
- Ticket issuing means PRT, FRT, SPT, DUT
- Issuer belonging code, in this case, DUT IC (DUT Issuer Code).
- the code of this option area and the ticket issuing means code (DUTIC—DEV: DUT Issuer Category for Device) recorded in the Device Key Definition Block (PUB) (PUB) in the device ( Figure By confirming the match of (16), it is confirmed that the received ticket (DUT) is a ticket issued by a valid ticket issuing means.
- the device uses CRL_DEV (excluded device (Device), excluded device (reader / writer as device access device, PC, etc.) stored in the device key area (see Fig. 18) in the memory section of the device.
- the ticket issuer refers to the revocation list (Revocation List (Certificate)) that has registered the public key certificate identifier (ex. Serial number: SN) of the ticket issuer. It is determined whether or not it has been performed.
- the signature recorded in the received ticket the data update data ticket-DEV (DUT (DEV)) (see Fig. 32), that is, the integrity check value (validation value of the ticket) (Public key method: Signature) is verified to check whether the ticket has been tampered with. Similar to the signature verification of the certificate, for example, it is executed according to the same sequence as the flow of FIG.
- the public key certificate (CERT) of the ticket issuer (Ticket Issuer) is a valid public key certificate (CERT) that is not falsified
- the ticket issuance code (DUTIC—DEV) (DUT Issuer Category for Device) match
- Ticket issuer (Ticket Issuer) is not re-poked
- Received ticket (DUT) signature (Signature) verification indicates that the ticket has been tampered with. Confirmation that there is not.
- the data update ticket-DEV (DUT (DEV)) shall be validated successfully on condition that all the above confirmations have been made. If any of the above (1) to (4) is not confirmed, it is determined that the validity of the data update ticket-DEV (DUT (DEV)) cannot be obtained, and the data update ticket- Processing using D EV (DUT (DEV)) is stopped.
- step S524 the Integrity Check Type (the type of the validity verification value of the ticket (Public / Public key / Co-key on)) described in the ticket If the setting is determined to be the common key method (Co-band), in step S526, the data indicated by the Old Data Code described in the data update ticket-DEV (DUT (DEV)) Check whether it is KdutJEVl (MAC key for data update ticket (DUT)) or Kdut_DEV2 (encryption key for data update) stored in the device key area (see Fig. 18). judge.
- KdutJEVl MAC key for data update ticket (DUT)
- Kdut_DEV2 encryption key for data update
- Data update ticket-Kdut_DEVl data update
- the data indicated by the Old Data Code (old data code to be updated) described in DEV (DUT (DEV)) is stored in the device key area (see Fig. 18). If it is a key (key for MAC verification of the ticket (DUT)) or Kdut_DEV2 (encryption key for updating overnight), in step S528, Kdut_DEV3 stored in the device key area (see Fig. 18) (MAC verification key of the data update ticket (DUT)) to execute the MAC verification processing, and the data update ticket-DEV (DUT (DEV)) The data indicated by the updated Old Data Code (old data code to be updated) is stored in the device key area (see Fig. 18).
- Kdut—DEVI Data Update Ticket (DUT) MAC verification key
- Kdut_DEV2 Encryption key for data update
- the MAC verification key of KdutJEVl data update ticket (DUT)) stored in the device key area (see Fig. 18) Execute the MAC verification process using.
- the data to be updated is Kdut_DEVl (the MAC key for the data update ticket (DUT)) or Kdut_DEV2 (the data update key)
- Kdut_DEVl the MAC key for the data update ticket (DUT)
- Kdut_DEV2 the data update key
- the device When the device stores a new Kdut_DEVl (data verification ticket (DUT) MAC verification key) in the device key area of the device (see Fig. 18), it stores the previously stored Kdut_DEV3 (data update ticket). (DUT) MAC swap key), that is, swapping.
- Kdut_DEV2 encodecryption key for data update
- Kdut_DEV4 encryption key for data update
- Kdut_DEVI By swapping Kdut-DEVI with Kdut_DEV3 and swapping with Kdut_DEV2 and Kdut_DEV4, Kdut_DEV3 (MAC key for data update ticket (DUT)) and Kdut_DEV4 (encryption for data update)
- the key pair is maintained at a newer version than the Kdut_DEVl (MAC key for the data update ticket (DUT) MAC) and Kdut—DEV2 (encryption key for data update).
- the keys KdutJEVl and Kdut_DEV2 are always used keys, and Kdut_DEV3 and Kdut-DEV4 update Kdut_DEVl and Kdut_DEV2 in an emergency and replace them with the currently used Kdut-DEVI and Kdut_DEV2 keys. It has a role as a backup key to be used.
- KdutJEVl and Kdut_DEV2 are always used keys
- Kdut_DEV3 and Kdut-DEV4 update Kdut_DEVl and Kdut_DEV2 in an emergency and replace them with the currently used Kdut-DEVI and Kdut_DEV2 keys. It has a role as a backup key to be used.
- the ICV generated at the time of data generation by the data sender which is guaranteed not to be falsified, is the data update ticket as described in the description of the format of the update date ticket (DUT) in Fig. 32. (DUT) is stored in the I CV (Integrity Check Value) field.
- the ICV generated by the device is compared with the ICV stored in the data update packet -DEV (DUT (DEV)), which is the receive ticket, and if they match, it is determined that the ticket is valid. If they do not match, it is determined that the ticket has been tampered with, and processing using the update ticket-DEV (DUT (DEV)) is discontinued.
- the above process completes the data update ticket-DEV (DUT (DEV)) verification process when the Integrity Check Type described in the data update ticket-DEV (DUT (DEV)) is a common key method.
- step S523 If it is determined in step S523 that the ticket type is not the data update ticket-DEV (DUT (DEV)), the ticket is the data update ticket-PAR (DUT (PAR)) (see FIG. 3 See 2)).
- Data update ticket-PAR (DUT (PAR)) is a ticket applied to the process of updating the management data of the partition manager.
- step S529 the Integrity Check Type (the type of the validity verification value of the ticket (Ticket) (public key method (Public) / common key method (Co ban on))) described in the ticket is determined. It is determined whether the setting is a public key method (Public).
- step S530 the process executed in step S530 is a public key certificate of a ticket issuer (Ticket Issuer) using a public key PUB CA (PAR) of a certification authority (CA (PAR)) corresponding to a partition manager. (CERT) verification processing.
- PAR public key PUB CA
- CA certification authority
- DUT (PAR) Data Update Ticket-PAR (DUT (PAR)) Issuer (DUT Issuer)
- the public key certificate (CERTJUTI) of the data update ticket (DUT) issuing means (DUT Issuer) is also included. Sent to the device together. Note that the attribute (Attribute) of the proposed key certificate (CERT_DUTI) of the DUT issuing means matches the ticket issuing means code (DUTIC_PAR) recorded in the PKD B (PUB) (Pqrtition Key Definition block) in the device. .
- the public key certificate (see Fig. 11) has a signature executed with the private key of the CA (PAR) corresponding to the partition manager, and this signature is used to transfer the signature to the CA (CA (PAR)). PAR)) using public key PUB CA (PAR).
- the signature generation and verification are executed, for example, as processing according to the flow of FIGS. 12 and 13 described above. This signature verification determines whether the ticket issuer's public key certificate (CERT) is a legitimate public key certificate (CERT) that is not falsified.
- step S530 the user's belonging code recorded in the option area of the public key certificate (CERT) of the ticket issuing means, whose validity has been confirmed by signature verification, and the PKDB (PUB) in the device It is determined whether it matches the ticket issuing means code (DUTIC_PAR: DUT Issuer Category for Partition) recorded in (Pqrtition Key Definition block).
- CERT public key certificate
- PUB PKDB
- the public key certificate has a ticket issuing means (Ticket issuing means) (PRT, FRT, SPT, DUT). Issuer) belonging code, in this case, DUT IC (DUT Issuer Code). Confirm that the code in this option area matches the ticket issuing means code (DUTIC: DUT Issuer Category) (see Fig. 21) recorded in the PKDB (PUB) (Pqrtition Key Definition block) in the device. This confirms that the received ticket (DUT) is a ticket issued by a valid ticket issuing means.
- Ticket issuing means PRT, FRT, SPT, DUT
- Issuer belonging code
- DUT IC DUT Issuer Code
- the device uses the CRL_DEV (removed device (Device)), rejected device (a reader / writer as a device access device, a ticket user such as a PC, a ticket user, etc.) stored in a device key area (see Fig. 18) in the memory section of the device.
- CRL_DEV removable device
- rejected device a reader / writer as a device access device, a ticket user such as a PC, a ticket user, etc.
- a device key area see Fig. 18
- Publicly available Referring to the revocation list (Revocation List (Certificate)) in which the key certificate identifier (ex. Serial number: SN) is registered, it is determined whether the ticket issuing means (Ticket Issuer) has not been re-poked.
- the signature recorded in the data update ticket-PAR (DUT (PAR)) (see FIG. 32), which is the reception ticket, that is, the integrity check value (validation value of the ticket (Ticket)) Verifies the key method (Signature) and checks whether the ticket has been tampered with.
- DUT data update ticket-PAR
- FIG. 32 which is the reception ticket, that is, the integrity check value (validation value of the ticket (Ticket)) Verifies the key method (Signature) and checks whether the ticket has been tampered with.
- the flow of FIG. It is executed according to a similar sequence.
- the public key certificate (CERT) of the ticket issuer (Ticket Issuer) is a valid public key certificate (CERT) that is not falsified
- the ticket issuer (Ticket Issuer) ) Is recorded in the option area of the public key certificate (CERT)
- the ticket issuance code (DUTIC_PAR: DUT Issuer Category for) recorded in the PKDB (PUB) (Pqrtition Key Definition block) in the device.
- Partition match
- Ticket issuer (Ticket Issuer) is not revoked
- Received ticket (DUT) signature (Signature) verification verifies ticket tampering. Confirmation that there is not.
- the data update ticket-PAR (DUT) validity verification shall be successful on condition that all the above confirmations have been made. If any of the above (1) to (4) is not confirmed, it is determined that the validity of the data update ticket -PAR (DUT (PAR)) cannot be obtained, and the data update ticket- Processing using PAR (DUT (PAR)) is stopped.
- step S529 the setting of the Integrity Check Type (the type of the validity verification value of the ticket (Ticket) (public key method (Public) / common key method (Common))) described in the ticket is changed to the common key. If it is determined that the method is (Co ⁇ on), in step S531, the Old Data Code (the old data to be updated) described in the data update ticket-PAR (DUT (PAR)) is used. Kdut_PARl (data update ticket (DUT) MAC verification key) or Kdut_PAR2 (data update encryption key) in which the data shown in the following code is stored in the partition key area (see Fig. 23). Is determined.
- Kdut_PARl where the data indicated by the old data code (old data code to be updated) described in the data update ticket-PAR (DUT (PAR)) is stored in the partition key area (see Fig. 23). If it is (data update ticket (DUT) MAC verification key) or Kdut_PAR2 (data update encryption key), it is stored in the partition key area (see Figure 23) in step S533. MAC verification processing is performed using the stored Kdut_PAR3 (MAC verification key for the data update packet (DUT)), and the old data code (updated) described in the data update ticket-PAR (DUT (PAR)) is executed. The data stored in the partition key area (see Fig.
- step S532 the MAC verification processing is executed using Kdut_PARl (MAC verification key of the data update ticket (DUT)) stored in the partition key area (see Fig. 23). I do.
- the use of different MAC verification keys depends on whether the data to be updated is Kdut_PARl (MAC key for data update ticket (DUT)) or Kdut_PAR2 (data update key) (Encryption key), the key data is information whose use is to be suspended for some reason, such as leakage of key information. To avoid.
- the MAC verification processing is executed according to the MAC value generation processing using the DES encryption processing configuration of FIG. 59 described above.
- the same ICV Integrity Check Value
- the ICV generated by the data transmitting side at the time of data generation which is guaranteed not to be falsified, is the IV of the data update ticket (DUT) as described in the description of the format of the data update ticket (DUT) in FIG. Stored in the CV (Integrity Check Value) field.
- the ICV generated by the device is compared with the ICV stored in the data update ticket -PAR (DUT (PAR)), which is the receive ticket, and if they match, it is determined that the ticket is valid. If they do not match, it is determined that the ticket has been tampered with, and the processing using the data update ticket-PAR (DUT (PAR)) is stopped.
- the above process completes the data update ticket-PAR (DUT (PAR)) verification process when the Integrity Check Type described in the data update ticket-PAR (DUT (PAR)) is a common key method.
- step S5401 in FIG. 58 the user is checked, that is, the reader as a device access device executing communication with the device as a ticket user. Execute the check of the writer (or PC).
- step S541 the device determines whether or not mutual authentication with the device is required in the process of using the Authentication Flag (Ticket) of the received ticket (PRT, FRT, SPT, or D.UT). Check). If the flag indicates that authentication is not required, the process ends without executing the process.
- Ticket the Authentication Flag
- step S541 if the flag indicates that authentication is required, the process proceeds to step S542, where the ticket user (requests as a device for a device that attempts to execute the process of applying the ticket to the device).
- the authentication table (see Fig. 51) is referenced using the affiliation (group) of one Dalita or PC) as a key.
- step S 543 the authentication type of the received ticket (the type of mutual authentication of the device (Device) (public key authentication or symmetric key authentication, or any type (Any)) is recorded). ), And if both are acceptable (Any), the process proceeds to step S544, where it is determined whether or not the mutual authentication data of the group checked in step S542 is stored in the authentication table (see FIG. 51). judge. Mutual authentication information of the corresponding group is stored in the table, and mutual authentication between the ticket user (reader / writer as a device access device, PC, etc., that attempts to execute the process that applies the ticket to the device) and the device has been completed. Judgment If it is determined, the validity of the ticket user (ex.
- step S543 the Authentication Type of the received ticket (the type of mutual authentication of the device (public key authentication or symmetric key authentication, or any one of “Any”) is recorded) If neither of them is possible (Any), it is determined in step 545 whether the Authentication Type is the public key authentication.
- step S546 determines whether or not the public key mutual authentication data of the group checked in step S542 is stored in the authentication table (see FIG. 51).
- the public key mutual authentication information of the corresponding group is stored in the table, and the mutual authentication between the ticket user (a reader / writer as a device access device, a PC, etc., that attempts to execute the process that applies the ticket to the device) and the device is established.
- step S547 determines whether the ticket user identifier exists in the processing target ticket (PRT, FRT, SPT, or DUT).
- step S548 the identifier or category recorded as the identification data (DN) in the public key certificate of the authentication partner (such as the reader / writer as the device access device that is the ticket user) or An identifier or category recorded as serial (SN) and identification data of the ticket stored in the ticket Or determining whether that Itasu serial (SN) gar. If they match, the process ends with user confirmation successful.
- the identification data such as the reader / writer as the device access device that is the ticket user
- SN serial
- SN Itasu serial
- step S 546 the public key mutual authentication data of the group checked in step S 542 is not stored in the authentication table (see FIG. 51), and the ticket user (the user may perform a process that applies a ticket to the device). If it is determined that mutual authentication between the device and the device (such as a reader / writer, PC, etc. as an access device) and the device has not been established as public key authentication processing, it is determined that the user check has not been completed, and the process ends with an error. Also, in step S548, the identifier or category or serial (SN) recorded as the identification data (DN) in the public key certificate of the authentication partner (such as a reader / writer as a device access device that is a ticket user). ) And the identifier of the ticket user stored in the ticket do not match, it is also determined that the user ticket has not been completed and the error is terminated.
- the identifier or category or serial (SN) recorded as the identification data (DN) in the public key certificate of the authentication partner (such as a reader / writer as
- step S548 If there is no ticket user identifier in the ticket, the process in step S548 is not executed, and the process ends as the user confirmation is successful.
- step S545 the Authentication Type of the received ticket (the data that records the mutual authentication type of the Device (public key authentication or symmetric key authentication, or any type of data)) is the public key. If it is determined that the authentication is not the authentication, the process proceeds to step S549, and it is determined whether the common key mutual authentication data of the group checked in step S542 is stored in the authentication table (see FIG. 51).
- the table stores the mutual key mutual authentication information of the corresponding group, and the mutual authentication between the ticket user (reader / writer as a device access device, PC, etc., which attempts to execute the process that applies the ticket to the device) and the device.
- step S550 the process proceeds to step S550, and the ticket user identifier exists in the processing target ticket (PRT, FRT, 3? 01 or 011).
- step S551 the identification data (ID rw) of the authentication partner (such as a reader / writer as a device access device that is a ticket user) and the ticket user stored in the ticket are determined. It is determined whether or not the identifiers match. If they match, the process ends as the user confirmation is successful.
- step S549 the common key mutual authentication data for the group checked in step S542 is not stored in the authentication table (see FIG. 51), and the ticket user (executes a process that applies a ticket to the device). If it is determined that mutual authentication between the device (reader / writer as an access device, PC, etc.) and the device has not been established as common key authentication processing, it is determined that the user check has not been completed, and the error is terminated.
- step S551 the identification data (ID rw) of the authentication partner (such as a reader / writer as a device access device that is a ticket user) is added to the ticket. If it is determined that the identifiers of the stored ticket users do not match, it is determined that the user check has not been completed and the error is terminated.
- the authentication partner such as a reader / writer as a device access device that is a ticket user
- step S550 If there is no ticket user identifier in the ticket or if all ticket users are available, the process in step S550 is not executed, and the process ends as a user confirmation success.
- step S415 details of the partition creation / deletion processing based on the partition registration ticket (PRT) executed in step S415 shown in the flow of FIG. 47 will be described. The explanation will be made using the first word.
- the process of creating and deleting partitions is based on the partition registration ticket (PRT) received by the device that has received the partition registration ticket (PRT) from the ticket user (ex. Reader / writer as a device access device, PC, etc.). This is the process to be executed.
- step S601 in FIG. 60 the device specifies the processing type recorded in the received PRT Partition Registration ticket (PRT Partition Registration ticket), that is, the operation type (partition) creation or deletion. Verify (Generate / Delete). If the operation type (Operation Type) is to create a partition (Partition), the steps from step S602 are executed, and if the operation type is to delete a partition (Partition), the steps from step S621 are executed.
- PRT Partition Registration ticket the processing type recorded in the received PRT Partition Registration ticket
- Verify Geneerate / Delete.
- step S602 the device verifies whether a partition having the same code as the partition manager code (PMC) described in the partition registration ticket (PRT) exists in the memory of the device. This determination is made by verifying whether the same code as the description code of the reception ticket (PRT) is described in the partition definition work (see Fig. 19) of the memory section of the device. It can be determined. If a partition with the same code (PMC) already exists in the device, the existence of duplicate partitions with the same code is not allowed, and the generation of a partition is not allowed. Is not executed, and the error ends.
- PMC partition manager code
- PRT partition registration ticket
- step S603 the number of free blocks (Free Block Number in Device) in the device (Device) in the device management information block (see FIG. 15) and the partition registration ticket Compare with the partition size (Partion Size) described in (PRT), and check if there is an empty block area in the device memory that is equal to or larger than the partition size (Partion Size) described in the ticket (PRT). Is determined. If it does not exist, a partition of the size described in the PRT cannot be generated, so the error is terminated.
- step S604 If it is determined that an empty block area larger than the partition size (Partion Size) described in the ticket (PRT) exists in the memory part of the device, the process proceeds to step S604, and the empty area of the device management information block is determined. Referring to the pointer (Pointer of Free Area), a partition definition block (PDB) area (see Fig. 19) is secured in the highest block of the free area in the device (Free Area in Device).
- PDB partition definition block
- the device stores a copy of the partition manager code (PMC) described in the partition registration ticket (PRT) in the reserved partition definition block (PDB) area, and a copy of the PMC version described in the PRT.
- PMC partition manager code
- PRT partition registration ticket
- PDB reserved partition definition block
- Partition Start Position a copy process of the free area pointer (Pointer of Free Area) of the device management information block (see Fig. 15) is executed (S6). 0 7) In addition, copy processing of the partition size (Partion Size) described in the partition registration ticket (PRT) is performed in the partition size (Partion Size) of the partition definition block (PDB) area. Execute (S608).
- the value copied to the partition size (Partion Size) of the partition definition block (PDB) area is added to the free area pointer (Pointer of Free Area) of the device management information block (see Fig. 15) (S 60 9)
- the number of free blocks (Free Block) in the device (Device) of the device management information block (see Fig. 15) Subtract the partition size (Partion Size) + 1 from (Number in Device) (S610). +1 means a block for the partition definition block (PDB).
- Partition Number the number of partitions in the devise management information block (see Fig. 15), that is, the number of generated partitions (1) is added (S6 1 1) 0
- step S 63 1 in FIG. 61 the highest-order block of the generated partition area is set as a partition management information block (PMIB) (see FIG. 20), and the setting is performed.
- the PMC of the partition registration ticket (PRT) is copied (S632) to the partition manager code (PMC) field of the created partition management information block (PMI B), and the partition management information block (PM IB) is executed.
- the PMC version of the partition registration ticket (PRT) is copied to the PMC version field (S633), and the total number of partitions in the partition management information block (PMIB) (Total Block number in Partition) is executed.
- partition Size 13 of the partition registration ticket (PRT) is recorded in the Free Block number in Partition field of the partition management information block (PM IB) (S635). I do.
- the meaning of 13 means that the partition management information block (PMIB), which is already scheduled to be used, the common key type partition key definition block (PKDB (co ban on)), and the public key type partition. This means that three blocks of the key definition block (PKDB (PUB)) are subtracted.
- 0 is entered in the file number (File Number) of the partition management information block (PM IB) (S636).
- File settings can be set using the File Registration Ticket (FRT).
- the file registration process using this file registration ticket (FRT) will be described later.
- the start position of the partition definition block (PDB) is copied to the free area pointer (Pointer of Free Area) of the partition management information block (PM IB), and the partition setting registration is completed.
- step S621 it is verified whether or not a partition having the same code as the partition manager code (PMC) described in the partition registration ticket (PRT) exists in the memory of the device. This determination can be made by verifying whether the same code as the description code of the reception ticket (PRT) is described in the partition definition block (see Figure 19) in the memory section of the device. is there.
- PMC partition manager code
- PRT partition registration ticket
- step S622 it is determined whether a partition created after the partition to be deleted exists in the device. If not, the partition to be deleted is the latest partition, and the partition definition block (PDB) (see FIG. 19) of the partition to be deleted is deleted in step S629. .
- PDB partition definition block
- step S622 if it is determined that the partition generated after the partition to be deleted exists in the device, the data of the partition (later partition) generated later is deleted from the device to be deleted. Chillon size (P
- step S626 the number of empty blocks (Free Block Number in Device) in the device of the device management information block (DMIB) (see FIG. 15) is set.
- Delete Partition Size (P S) + 1 is added.
- +1 means a block for the partition definition block (PDB) of the deleted partition.
- step S627 the size of the deleted partition (PS) is subtracted from the value of the free area pointer (Pointer of Free Area) of the device management information block (see FIG. 15). Further, in step S628, 1 is subtracted from the number of partitions (Partition Number) of the device management information block (see FIG. 15), that is, the number of deleted partitions (1) is subtracted to obtain a partition registration ticket (PRT). ) Is terminated.
- PS the size of the deleted partition
- PRT partition registration ticket
- the left side shows the processing of the initial registration device under the control of the partition manager
- the right side shows the processing of the device (see FIG. 5).
- the initial registration device under the jurisdiction of the partition manager is a device that can read and write data to and from the device (ex. A reader / writer or PC as a device access device). —It has a configuration equivalent to a Dalita.
- FIG. 47 shows that before the start of the processing of FIG. 62, mutual authentication is established between the initial registration device and the device, and the ticket and the user (the ticket) are checked in the validity of the ticket and the user check.
- step S61 of FIG. 62 the initial registration device It is determined whether to use a common key. This determination is based on the type of mutual authentication of the authentication type (Device) of the partition registration ticket (PRT) (see Figure 26) to be used (public key authentication or symmetric key authentication, or any ))) This is done with reference to the field.
- steps S642 to 643 and S651 to S654 are performed. If a common key is not used for partition authentication, these steps are omitted. Is done.
- step S642 the initial registration device sends a common key authentication data write command as MKauth—PAR_A: master key for bidirectional individual key authentication, and Kauth—PAR_B: bidirectional individual key.
- step S651 the device receives the above-described write command, and in step S652, writes the received data into the partition key area (see FIG. 23).
- step S652 the pointer, the size, and the number of free locks in the device generated by the data writing are adjusted (S6553), and a write completion notification is transmitted to the registration device (S654).
- the registration device that has received the write end notification determines in step S644 whether or not to use a public key for partition authentication. As shown in Fig. 62, if a public key is used for partition authentication, steps S645 to 649 and S655 to S662 are performed.If a public key is not used for partition authentication, these steps are omitted. You.
- the registration device sends a public key authentication data write command as PUB_CA (PAR): a certificate authority CA (PAR) that issues a public key certificate corresponding to the partition manager.
- PAR public key authentication data write command
- PARAM_PAR public key parameter of the partition (Partition)
- CRL_PAR public key certificate identifier of the exclusion device (Device) (ex. Serial number: SN), a revocation list (SN) (Certificate)
- PUB_CA PAR
- PARAM_PAR public key parameter of the partition
- CRL_PAR public key certificate identifier of the exclusion device (Device) (ex. Serial number: SN), a revocation list (SN) (Certificate)
- step S655 the device receives the write command described above, and
- the received data is written to the partition key area (see FIG. 23).
- the pointer, the size, and the number of free blocks in the device generated by data writing are adjusted (S657), and a write completion notification is transmitted to the registration device (S657).
- the registration device that has received the write end notification (S 646) transmits a public key and secret key key generation command to the device (S 647).
- the key pair is generated by the device, but the key pair may be generated by the registration device and provided to the device.
- the device that has received the key pair generation command (S 659) generates and generates a pair of a public key (PUB PAR) and a secret key (PR I PAR) in the encryption processing unit (see Fig. 5) in the device.
- the key is written in the partition key area (see FIG. 23) (S660).
- the pointer, size, and the number of free blocks in the device generated by data writing are adjusted (S661), and the generated and stored public key is transmitted to the registration device (S666).
- the registration device receives the public key (PUB PAR) from the device (S648), and the database (DB (PAR)) in the partition manager together with the device ID I Dm previously received from the device (see Fig. 9). )) Save to.
- PDB PAR public key
- PAR database
- the registration device of the partition manager determines whether or not to use a common key for the verification processing of the file registration ticket (FRT: File Registration Ticket) (S671).
- ticket verification can be performed using either a common key method using MAC value verification or the like, or a public key method using signature generation using a private key and signature verification using a public key.
- the application manager can set the verification processing method adopted by the device.
- the partition manager sets data to the device that can execute either the common key, the public key, or both depending on the FRT ticket verification method adopted by the device.
- FRT File Registration Ticket
- Information required for FRT verification of the pass-key method (ex. FRT verification common key) is set in the device, and if the device does not execute common key authentication, this information will not be stored in the device. .
- step S672 the registration device transmits Kfrt: the MAC verification key of the file registration ticket (FRT) and the version information to the device as an FRT verification common key write command.
- step S681 the device receives the write command described above, and
- the received data is written to the partition key area (see FIG. 23).
- the pointer, size, and the number of free locks in the device generated by data writing are adjusted (S683), and a write completion notification is transmitted to the registration device (S683).
- the registration device that has received the write end notification determines in step S674 whether to use a public key for FRT verification. As shown in Figure 63, when using a public key for FRT verification, perform steps S675 to 676 and S685 to S690, and when not using a public key for FRT verification, these steps are Omitted.
- the registration device sends an FRT verification data write command as FRTIC (FRT Issuer Category): File registration ticket (FRT) issuer category, PUB_CA (PAR): PARAM_PAR: Public key parameters of the partition (Partition), CRL_PAR: Public key certificate of the exclusion device (Device), which issues the public key certificate corresponding to the partition manager.
- FRTIC FRT Issuer Category
- PUB_CA PAR
- PARAM_PAR Public key parameters of the partition
- CRL_PAR Public key certificate of the exclusion device (Device)
- a revocation list (Certificate) in which the certificate identifier (ex. Serial number: SN) is registered and the version information are transmitted to the device.
- step S 685 the device receives the write command described above.
- step S 686 the public key type partition key definition block specifies the FRTIC (FRT Issuer Category): file registration ticket (FRT) issuer category in the received data.
- FRTIC FRT Issuer Category
- FRT file registration ticket
- PKDB Partition Key Definition block (PUB) (see Fig. 22)) Write the version information to the version area of the block.
- step S687 the device determines whether or not the public key data of the certificate authority CA (PAR) that issues the public key certificate corresponding to PUB_CA (PAR): partition manager has been written. If it is not written, in step S688, PUB_CA (PAR), PARAM-PAR, and CRL_PAR are written in the partition key area (see FIG. 23). Next, the pointer, the size, and the number of free blocks in the device generated by data writing are adjusted (S689), and a write completion notification is transmitted to the registration device (S690).
- PAR public key data of the certificate authority CA
- PARAM-PAR PARAM-PAR
- CRL_PAR CRL_PAR
- the registration device Upon receiving the write end notification (S676), the registration device determines in step S701 whether or not to use a device that supports updating of the common key data. Some of the data stored in the device can be updated using the above-mentioned Data Update Ticket (DUT) (see Fig. 32) as the data to be updated. The data to be updated is as described above with reference to FIG. In the update process using this Data Update Ticket (DUT: Data Update Ticket), either the common key method or the public key method is possible, and the partition manager determines whether the partition is set according to the set partition. Set the device to be able to execute the method or both methods.
- DUT Data Update Ticket
- the partition manager is configured to execute a data update process using the common key method for the set partitions, the information necessary for the data update processing using the common key method (ex. MAC of the data update ticket (DUT)) Verification key, etc.) is set in the partition key area of the device. If the device does not execute symmetric key authentication, the information is not stored in the partition key area of the device.
- steps S702 to 703 and S711 to S are omitted.
- step S702 the registration device —Digital Update Ticket (DUT: Data Update Ticket) Verification common key write command: Kdut_PARl: Data verification ticket (DUT) MAC verification key, Kdut_PAR2: Data update encryption key, Kdut_PAR3: Data update Ticket (DUT) MAC verification key, Kdut_PAR4: Transmits the data update encryption key and their version information to the device.
- DUT Data Update Ticket
- Kdut_PARl Data verification ticket (DUT) MAC verification key
- Kdut_PAR2 Data update encryption key
- Kdut_PAR3 Data update Ticket (DUT) MAC verification key
- Kdut_PAR4 Transmits the data update encryption key and their version information to the device.
- step S711 the depice receives the above-described write command, and in step S712, writes the received data into the partition key area (see FIG. 23).
- step S713 the pointer, size, and number of flip-locks in the device generated by the data writing are adjusted (S713), and a write completion notification is transmitted to the registration device (S714).
- step S704 the registration device that has received the write completion notification (S703) uses a data update ticket (DUT) in which the partition set for the device uses a public key method. It is determined whether to support the updated data processing. As shown in FIG. 64, if the public key method is supported, steps S705 to S706 and S715 to S718 are performed.If the public key method is not supported, these steps are performed. Omitted.
- DUT data update ticket
- step S705 the registration device sends a DUTIC-PAR (DUT Issuer Category) as a command to write a data update ticket (DUT) issuer code.
- Data Update Ticket (DUT: Data Update Ticket) Transmits issuer category and version information to the device.
- step S 715 the device receives the above-mentioned write command.
- step S 716 the device determines whether the received data is a public key type partition key definition block (PKDB (PUB): Partition Key Definition Block (PUB)). ).
- PKDB public key type partition key definition block
- PDB Partition Key Definition Block
- step S 716 the device determines whether the received data is a public key type partition key definition block (PKDB (PUB): Partition Key Definition Block (PUB)).
- PDB public key type partition key definition block
- PDB Partition Key Definition Block
- FIG. 65 shows an example of the configuration of data stored in the memory of the device in a state where the initial registration processing (the processing port in FIGS. 62 to 64) by the partition manager is completed.
- Fig. 6 5 In the partition key area shown in (1), the following data transmitted from the registration device and written in the above-mentioned interface (FIGS. 62 to 64) is written.
- IRL_PAR Revocation list in which the identifier (ID) of the partition access exclusion device (Device), exclusion device (reader / writer as device access device, ticket user such as PC, ticket issuing means) is registered. (Device ID))
- CRL_PAR Partition access exclusion device (Device), public key certificate identifier of the exclusion device (reader / writer as device access device, ticket user such as PC, ticket issuing means) (ex. Serial number: SN) Revocation List (Certiticate)
- Kdut_PARl Key for verifying the MAC of the data update ticket (DUT)
- Kdut_PAR2 Encryption key for data update
- Kdut_PAR3 Key for MAC verification of data update ticket (DUT)
- Partition Key Information Block Partition Key Definition Block (Common)
- Partition Key Definition Block Each piece of data in the partition management information block (Partition Management Information Block) is data that is written when a partition is generated (see processing flow diagrams 60 and 61).
- the device includes a device-related public key certificate (CER TDEV) that can be applied to the authentication and processing of the entire device, and authentication and other verification processing when processing a specific partition in the device.
- CER TDEV device-related public key certificate
- a partition-related public key certificate (CERT PAR) applicable to, for example, can be stored.
- the public key certificate for partition (CERT PAR) can be set and stored for each partition set in the device.
- the public key certificate for partition (CERT PAR) is given to the device by the public key certificate issued by the certificate authority (CA for PM) (see Figs. 2 and 3) via the registration authority under the jurisdiction of the partition manager.
- the Registration Authority manages the public key certificate (CERT PAR) issued by the Registration Authority under the jurisdiction of the partition manager (December 3rd (see Figure 9)).
- FIGS. 66 and 67 The procedure for issuing a partition-related public key certificate (CERT PAR) for a set partition by the registration authority of the partition manager will be described with reference to FIGS. 66 and 67.
- the left side is the CERT (public key certificate) issuing device of the registration authority under the jurisdiction of the partition manager.
- the right side is the processing of the device.
- the CERT issuing device obtains the user information of the device for which a public key certificate (CERT PAR) for partition is to be issued, permits (determines) the issuance of the certificate, and determines that the certificate is issued. Establish communication paths with other devices.
- the user information of the device for which the partitioning public key certificate (CERT PAR) is to be issued can be obtained, for example, from the data generated during the initial registration of the device.
- the user information is obtained from the device after setting the communication path with the device. You may.
- the communication path may be secured as a communication path capable of transmitting and receiving data regardless of whether it is wired or wireless.
- step S722 the CERT issuing device transmits an authentication data generation command including the random number R to the device.
- the device that has received the authentication data generation command (S731) applies the device private key (PR I PAR) to the combined data of the received random number R and the device identifier (IDm) to generate the digital signature (S).
- the generation processing (see FIG. 12) is executed (S732).
- the device sends the device identification data (IDm) and signature (S) to the CERT issuing device.
- the CERT issuing device Upon receiving the identification data (IDm) and the signature (S) from the device (S723), the CERT issuing device uses the received device identification data (IDm) as a search key to retrieve the database DB (PAR ) Acquire the stored device key (PUB PAR) from 332. Furthermore, the signature (S) is verified (see FIG. 13) by applying the obtained device public key (PUB PAR) (S725). If the verification is not successful, the data transmitted from the device is determined to be invalid data, and the process ends.
- the device that has received the partitioning public key certificate (CERT PAR) from the partition manager (registration authority) receives the certificate authority's public key (PUB CA (PAR)) stored in advance in the partitioning key area (see Fig. 23). ) Is used to verify the signature of the received public key certificate (CERT PAR). That is, the public key certificate is executed with the private key of the certificate authority and has a signature (see FIG. 11), and the signature is verified (S735).
- the partitioning public key certificate (CERT PA R) compares the device public key (PUB PAR) stored in the device with the device public key (PUB PAR) stored in its own device (S741), and if they do not match, issues an error notification If they match, the received public key certificate corresponding to the partition (CERT PAR) is stored in the partition key area (see FIG. 23) (S743).
- the public key (PUB PAR) generated by the own device is stored in this area, and a valid partition-compatible public key certificate (CERT PAR) is stored. At the time of issuance, it is stored as a process of overwriting with a public key certificate (CERPAR) corresponding to the partition.
- the storage processing end notification is transmitted to the CERT issuing device (S744).
- the CERT issuing device receives the storage processing end notification (S751), confirms the storage success (S752), and ends the processing. If the storage success cannot be confirmed, the process ends as an error.
- the partition setting registration process mutual authentication is performed between the device and the reader / writer as the device access device managed by the partition manager, and the party based on the partition registration ticket (PRT) is executed. Settings are made.
- the mutual authentication process is either public key mutual authentication or common key mutual authentication.
- the ticket (PRT) verification process is also performed by public key signature verification and common key system. Either of the two types of MAC verification will be performed. That is, the processing mode is roughly divided into
- the public key certificate (Cert. PM) is issued to the partition manager by the certificate authority (CA) upon the issuance request of the partition manager by the certificate issuance procedure via the registration authority.
- the partition registration ticket (PRT) is a packet managed by the device manager.
- a signature using the private key of the device manager is generated (see Fig. 12) and added to the PRT in order to generate and verify the public key signature.
- the target device that wants to create a partition according to the issued PRT and the partition manager (specifically, a redirector as a ticket access device, a decipher access device) use a public key mutual authentication (Figure 5). 0).
- the partition manager sends a partition registration ticket (PRT) and a DM public key certificate (Cert. DM) to the device.
- PRT partition registration ticket
- DM DM public key certificate
- PM the ticket access device is a device access device.
- the PRT user (PM: device access device) checks the identity of the identifier or category or serial (SN) recorded as the identification data (DN) of the partition manager's public key certificate, and confirms that they have been mutually authenticated. (See Fig. 57 and Fig. 58).
- Partition Registration Ticket PRT
- PRT Issuer If the verification of the PRT user succeeds, a partition is generated in the memory of the device according to the rules described in the partition registration ticket (PRT) (see Fig. 60 and Fig. 61).
- the device When performing public key authentication in the authentication process for various services for the generated partition (authentication process for using services such as partition generation, file generation, file access, and data update), the device must be a public / private key pair.
- a public key certificate is generated, transmitted to the partition manager, the public key certificate is issued through a registration authority and a certificate authority, and the issued public key certificate is transferred to a partition key area (Fig. 23). See).
- the public key certificate issued to the generated public key storage area is stored.
- the processes (9) and (10) are disclosed during authentication processing for various services for the created partition (authentication processing for using services such as partition generation, file generation, file access, and data update). This may be performed in the case of a configuration in which key authentication is performed.
- the public key certificate (Cert. PM) is issued by the Certificate Authority (CA) upon request of the partition manager, and by the certificate issuance procedure through the Registration Authority. Issued to the security manager.
- CA Certificate Authority
- the partition registration ticket (PRT) is a packet managed by the device manager.
- the partition registration ticket (PRT) issued by the partition registration ticket issuing means (PRT Ticket Issuer) managed by the device manager is transmitted to the partition manager.
- the target device that is to create a partition according to the issued PRT and the partition manager (specifically, a reader / writer as a device access device that is a ticket user) perform mutual authentication using the public key method (see Figure 50). ).
- the partition manager sends the issued partition registration ticket (PRT) to the device.
- the device performs a MAC verification process on the received partition registration ticket (PRT), verifies the PRT issuer, and further checks the PRT user (in this case, PM: The ticket user is a reader / writer as a device access device) and the received identification code (DN) recorded as the identification data (DN) of the public key certificate of the partition manager. Verification of the PRT user (PM: reader / writer as a device access device) is performed by confirming that (see Fig. 57 and Fig. 58).
- partitions are generated in the device memory according to the rules described in the partition registration ticket (PRT).
- Figure 60 See Figure 61).
- the device When performing public key authentication in the authentication process for various services for the generated partition (authentication process for using services such as partition generation, file generation, file access, and data update), the device must be a public / private key pair.
- the public key is sent to the partition manager, the public key certificate is issued via the registration authority and certificate authority, and the issued public key certificate is processed into the partition key area (Fig. 23). See).
- the public key certificate issued to the generated public key storage area is stored.
- the processing of (8) and (9) is the authentication processing at the time of various services for the created partition (authentication processing at the time of using services such as partition generation, file generation, file access, and data update). This may be performed in the case of a configuration in which public key authentication is performed at the time of ()).
- partition generation processing is performed according to the mutual authentication (public key) and ticket (PRT) verification (common key) methods.
- the partition registration ticket (PRT) is issued to the partition manager (PM) by the partition registration ticket issuing means (PRT Ticket Issuer) managed by the device manager.
- PRT Ticket Issuer partition registration ticket issuing means
- MAC see Fig. 59
- the target device for which a partition is to be created in accordance with the issued PRT and the partition manager (specifically, a reader / writer as a device access device that is a ticketer) are mutually authenticated using a common key method (Figure 53, see Figure 54).
- the partition manager sends the issued partition registration ticket (PRT) to the device.
- the device performs a MAC verification process on the received partition registration ticket (PRT), verifies the PRT issuer, and further checks the PRT user (in this case, PM: ticket) stored in the PRT ticket.
- PRT user PM: Remote access as a device access device
- PM Remote access as a device access device
- a partition is generated in the memory of the device according to the rules described in the partition registration ticket (PRT). 60, see Figure 61).
- Authentication processing for various services for generated partitions authentication for services such as partition generation, file generation, file access, and data update
- the device When performing public key authentication, the device generates a public / private key pair, sends the generated public key to the partition manager, and sends the public key certificate to the partition manager via the registration authority and certificate authority. Issue the public key certificate and store the issued public key certificate in the partition key area (see Fig. 23). At this time, the public key certificate issued to the generated public key storage area is stored.
- the processes (7) and (8) are performed when the public key is used in the authentication process for various services for the created partition (authentication process for using services such as partition generation, file generation, file access, and data update). This may be performed in the case of a configuration in which authentication is performed.
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02702790A EP1276271A4 (en) | 2001-03-15 | 2002-03-07 | DEVICE FOR MEMORY ACCESS CONTROL AND ADMINISTRATIVE PROCEDURE USING A MEMORY ACCESS TICKET |
KR1020027015365A KR100874061B1 (ko) | 2001-03-15 | 2002-03-07 | 액세스 제어 티켓을 이용한 메모리 액세스 제어 시스템 및관리 방법 |
US10/276,432 US7225341B2 (en) | 2001-03-15 | 2002-03-07 | Memory access control system and management method using access control ticket |
HK04104627.9A HK1063115A1 (en) | 2001-03-15 | 2004-06-28 | Memory access control system and management method using access control ticket |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2001073352A JP2002278838A (ja) | 2001-03-15 | 2001-03-15 | メモリアクセス制御システム、デバイス管理装置、パーティション管理装置、メモリ搭載デバイス、およびメモリアクセス制御方法、並びにプログラム記憶媒体 |
JP2001-73352 | 2001-03-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002076012A1 true WO2002076012A1 (fr) | 2002-09-26 |
Family
ID=18930793
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/002112 WO2002076012A1 (fr) | 2001-03-15 | 2002-03-07 | Systeme de controle d'acces a la memoire et procede de gestion faisant appel a un ticket de controle d'acces |
Country Status (7)
Country | Link |
---|---|
US (1) | US7225341B2 (ja) |
EP (1) | EP1276271A4 (ja) |
JP (1) | JP2002278838A (ja) |
KR (1) | KR100874061B1 (ja) |
CN (1) | CN100449507C (ja) |
HK (1) | HK1063115A1 (ja) |
WO (1) | WO2002076012A1 (ja) |
Families Citing this family (83)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7237257B1 (en) * | 2001-04-11 | 2007-06-26 | Aol Llc | Leveraging a persistent connection to access a secured service |
FI20021833A0 (fi) * | 2002-10-09 | 2002-10-15 | Nokia Corp | Sertifikaattien toimittamisen kontrollointi matkaviestinjärjestelmässä |
US7586855B1 (en) * | 2002-12-05 | 2009-09-08 | Cisco Technology, Inc. | System and method to detect non-native storage components to manage configuration in a communications network |
JP4600042B2 (ja) * | 2002-12-06 | 2010-12-15 | ソニー株式会社 | 記録再生装置およびデータ処理装置 |
US9477820B2 (en) | 2003-12-09 | 2016-10-25 | Live Nation Entertainment, Inc. | Systems and methods for using unique device identifiers to enhance security |
TWI251743B (en) * | 2003-04-07 | 2006-03-21 | Benq Corp | Method for disabling writing function of storage apparatus |
JP4624732B2 (ja) * | 2003-07-16 | 2011-02-02 | パナソニック株式会社 | アクセス方法 |
US7281103B2 (en) * | 2003-10-01 | 2007-10-09 | Kabushiki Kaisha Toshiba | Microcomputer with a security function for accessing a program storage memory |
JP2005196412A (ja) * | 2004-01-06 | 2005-07-21 | Sony Corp | データ通信装置及びデータ通信装置のメモリ管理方法 |
KR100969241B1 (ko) * | 2004-02-13 | 2010-07-09 | 노키아 코포레이션 | 네트워크 상의 데이터 관리 방법 및 시스템 |
DE602005007531D1 (de) * | 2004-04-09 | 2008-07-31 | Proton World Int Nv | Gemeinsamer Dateizugriff an unteilbaren Dateien |
US7890769B2 (en) * | 2004-08-04 | 2011-02-15 | Broadcom Corporation | System and method for secure code downloading |
JP4301513B2 (ja) * | 2004-11-26 | 2009-07-22 | インターナショナル・ビジネス・マシーンズ・コーポレーション | ポリシーを用いたアクセス制御効果の判定方法 |
US8051052B2 (en) * | 2004-12-21 | 2011-11-01 | Sandisk Technologies Inc. | Method for creating control structure for versatile content control |
US20070168292A1 (en) * | 2004-12-21 | 2007-07-19 | Fabrice Jogand-Coulomb | Memory system with versatile content control |
US8601283B2 (en) * | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
CN101120355B (zh) * | 2004-12-21 | 2012-09-26 | 桑迪士克股份有限公司 | 用于控制在存储器装置中存取的方法 |
US8504849B2 (en) * | 2004-12-21 | 2013-08-06 | Sandisk Technologies Inc. | Method for versatile content control |
EP1844392B1 (en) | 2005-01-21 | 2012-07-04 | Certicom Corp. | Elliptic curve random number generation |
KR100670005B1 (ko) * | 2005-02-23 | 2007-01-19 | 삼성전자주식회사 | 모바일 플랫폼을 위한 메모리의 무결성을 원격으로 확인하는 확인장치 및 그 시스템 그리고 무결성 확인 방법 |
US7617400B2 (en) * | 2005-03-02 | 2009-11-10 | Intel Corporation | Storage partitioning |
US8161296B2 (en) * | 2005-04-25 | 2012-04-17 | Samsung Electronics Co., Ltd. | Method and apparatus for managing digital content |
KR100708162B1 (ko) * | 2005-04-25 | 2007-04-16 | 삼성전자주식회사 | 도메인 관리 방법 및 그를 위한 장치 |
US8127147B2 (en) * | 2005-05-10 | 2012-02-28 | Seagate Technology Llc | Method and apparatus for securing data storage while insuring control by logical roles |
JP2007011522A (ja) * | 2005-06-29 | 2007-01-18 | Hitachi Ltd | データの消去方法、ストレージ・デバイス及び計算機システム |
US7743409B2 (en) | 2005-07-08 | 2010-06-22 | Sandisk Corporation | Methods used in a mass storage device with automated credentials loading |
US8015606B1 (en) | 2005-07-14 | 2011-09-06 | Ironkey, Inc. | Storage device with website trust indication |
US8438647B2 (en) * | 2005-07-14 | 2013-05-07 | Imation Corp. | Recovery of encrypted data from a secure storage device |
US8335920B2 (en) * | 2005-07-14 | 2012-12-18 | Imation Corp. | Recovery of data access for a locked secure storage device |
US8321953B2 (en) * | 2005-07-14 | 2012-11-27 | Imation Corp. | Secure storage device with offline code entry |
US20070067620A1 (en) * | 2005-09-06 | 2007-03-22 | Ironkey, Inc. | Systems and methods for third-party authentication |
US7802092B1 (en) * | 2005-09-30 | 2010-09-21 | Blue Coat Systems, Inc. | Method and system for automatic secure delivery of appliance updates |
US8266378B1 (en) | 2005-12-22 | 2012-09-11 | Imation Corp. | Storage device with accessible partitions |
US8639873B1 (en) | 2005-12-22 | 2014-01-28 | Imation Corp. | Detachable storage device with RAM cache |
JP4827919B2 (ja) * | 2006-04-28 | 2011-11-30 | パナソニック株式会社 | 通信端末装置およびアクセス方法 |
US8800008B2 (en) * | 2006-06-01 | 2014-08-05 | Intellectual Ventures Ii Llc | Data access control systems and methods |
US20080022120A1 (en) * | 2006-06-05 | 2008-01-24 | Michael Factor | System, Method and Computer Program Product for Secure Access Control to a Storage Device |
US20070300031A1 (en) * | 2006-06-22 | 2007-12-27 | Ironkey, Inc. | Memory data shredder |
JP2008009717A (ja) * | 2006-06-29 | 2008-01-17 | Megachips Lsi Solutions Inc | 情報処理端末およびコンテンツ書き込みシステム |
US8365294B2 (en) * | 2006-06-30 | 2013-01-29 | Intel Corporation | Hardware platform authentication and multi-platform validation |
US8613103B2 (en) * | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
US8140843B2 (en) * | 2006-07-07 | 2012-03-20 | Sandisk Technologies Inc. | Content control method using certificate chains |
US8266711B2 (en) * | 2006-07-07 | 2012-09-11 | Sandisk Technologies Inc. | Method for controlling information supplied from memory device |
US20100138652A1 (en) * | 2006-07-07 | 2010-06-03 | Rotem Sela | Content control method using certificate revocation lists |
US8639939B2 (en) * | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
US8245031B2 (en) * | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
US20080072070A1 (en) * | 2006-08-29 | 2008-03-20 | General Dynamics C4 Systems, Inc. | Secure virtual RAM |
US20080066192A1 (en) * | 2006-09-07 | 2008-03-13 | International Business Machines Corporation | Keyless copy of encrypted data |
US7841010B2 (en) * | 2007-01-08 | 2010-11-23 | Apple Inc. | Software or other information integrity verification using variable block length and selection |
JP5130722B2 (ja) * | 2007-01-19 | 2013-01-30 | セイコーエプソン株式会社 | 認証装置及び方法 |
JP4892382B2 (ja) * | 2007-03-27 | 2012-03-07 | 株式会社日立製作所 | 記憶装置及びデータ管理方法 |
US20090038007A1 (en) * | 2007-07-31 | 2009-02-05 | Samsung Electronics Co., Ltd. | Method and apparatus for managing client revocation list |
JP2009258860A (ja) | 2008-04-14 | 2009-11-05 | Sony Corp | 情報処理装置および方法、記録媒体、プログラム、並びに情報処理システム |
WO2009135196A1 (en) * | 2008-05-02 | 2009-11-05 | Ironkey, Inc. | Enterprise device policy management |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US20100228906A1 (en) * | 2009-03-06 | 2010-09-09 | Arunprasad Ramiya Mothilal | Managing Data in a Non-Volatile Memory System |
US8683088B2 (en) | 2009-08-06 | 2014-03-25 | Imation Corp. | Peripheral device data integrity |
US8745365B2 (en) * | 2009-08-06 | 2014-06-03 | Imation Corp. | Method and system for secure booting a computer by booting a first operating system from a secure peripheral device and launching a second operating system stored a secure area in the secure peripheral device on the first operating system |
JP5476086B2 (ja) * | 2009-10-16 | 2014-04-23 | フェリカネットワークス株式会社 | Icチップ、情報処理装置およびプログラム |
EP2348452B1 (en) | 2009-12-18 | 2014-07-02 | CompuGroup Medical AG | A computer implemented method for sending a message to a recipient user, receiving a message by a recipient user, a computer readable storage medium and a computer system |
EP2348450B1 (en) * | 2009-12-18 | 2013-11-06 | CompuGroup Medical AG | Database system, computer system, and computer-readable storage medium for decrypting a data record |
EP2348447B1 (en) * | 2009-12-18 | 2014-07-16 | CompuGroup Medical AG | A computer implemented method for generating a set of identifiers from a private key, computer implemented method and computing device |
EP2365456B1 (en) * | 2010-03-11 | 2016-07-20 | CompuGroup Medical SE | Data structure, method and system for predicting medical conditions |
US8776204B2 (en) * | 2010-03-12 | 2014-07-08 | Alcatel Lucent | Secure dynamic authority delegation |
US8370648B1 (en) * | 2010-03-15 | 2013-02-05 | Emc International Company | Writing and reading encrypted data using time-based encryption keys |
JP5552917B2 (ja) * | 2010-06-24 | 2014-07-16 | ソニー株式会社 | 情報処理装置、および情報処理方法、並びにプログラム |
US8909929B2 (en) * | 2012-05-31 | 2014-12-09 | Atmel Corporation | Stored public key validity registers for cryptographic devices and systems |
CN103034799B (zh) * | 2012-12-14 | 2016-03-30 | 南京中孚信息技术有限公司 | 一种内核级的桌面访问控制方法 |
CN104378699B (zh) * | 2013-08-15 | 2019-07-23 | 上海斐讯数据通信技术有限公司 | Pon设备中实现通信的方法 |
GB2517732A (en) * | 2013-08-29 | 2015-03-04 | Sim & Pin Ltd | System for accessing data from multiple devices |
US9276910B2 (en) * | 2013-11-19 | 2016-03-01 | Wayne Fueling Systems Llc | Systems and methods for convenient and secure mobile transactions |
US10140194B2 (en) * | 2014-03-20 | 2018-11-27 | Hewlett Packard Enterprise Development Lp | Storage system transactions |
AT513782B1 (de) * | 2014-04-11 | 2018-08-15 | Avl List Gmbh | Vorrichtung und Verfahren zur Übermittlung von Daten |
CN105989299A (zh) * | 2014-11-13 | 2016-10-05 | 株式会社东芝 | 存储装置的管理方法及计算机系统 |
CN104598402B (zh) | 2014-12-30 | 2017-11-10 | 北京兆易创新科技股份有限公司 | 一种闪存控制器和闪存控制器的控制方法 |
JP6596848B2 (ja) * | 2015-03-10 | 2019-10-30 | 富士ゼロックス株式会社 | アクセス権推定装置及びアクセス権推定プログラム |
US20160292447A1 (en) * | 2015-04-06 | 2016-10-06 | Lawlitt Life Solutions, LLC | Multi-layered encryption |
CN105138870B (zh) * | 2015-10-08 | 2018-09-07 | 浪潮(北京)电子信息产业有限公司 | 一种芯片合法性鉴别方法及装置 |
US10387636B2 (en) | 2015-10-20 | 2019-08-20 | Vivint, Inc. | Secure unlock of a device |
JP6789906B2 (ja) * | 2017-09-20 | 2020-11-25 | キオクシア株式会社 | データ蓄積装置 |
US10659054B2 (en) * | 2018-02-23 | 2020-05-19 | Nxp B.V. | Trusted monotonic counter using internal and external non-volatile memory |
WO2021205164A1 (en) * | 2020-04-08 | 2021-10-14 | Ncipher Security Limited | A device, a method of performing a file transaction, and a method of performing an access operation |
US11868503B2 (en) | 2020-11-24 | 2024-01-09 | International Business Machines Corporation | Recommending post modifications to reduce sensitive data exposure |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH04232586A (ja) * | 1990-12-27 | 1992-08-20 | Pentel Kk | ハンディタ−ミナル |
JPH06222980A (ja) * | 1993-01-27 | 1994-08-12 | Dainippon Printing Co Ltd | メモリ領域の管理方法 |
JPH06289782A (ja) * | 1993-04-07 | 1994-10-18 | Matsushita Electric Ind Co Ltd | 相互認証方法 |
JPH0784959A (ja) * | 1993-09-14 | 1995-03-31 | Toshiba Corp | ユーザ認証システム |
JPH103257A (ja) * | 1996-06-18 | 1998-01-06 | Toshiba Corp | 電子署名付加方法及び電子署名装置並びに電子署名検証方法 |
JPH11285582A (ja) * | 1998-04-03 | 1999-10-19 | Pa Net Gijutsu Kenkyusho:Kk | 遊技機監視システム |
JP2000148567A (ja) * | 1998-09-02 | 2000-05-30 | Internatl Business Mach Corp <Ibm> | スマ―ト・カ―ドのメモリにデ―タ・オブジェクトを記憶する方法 |
JP2000151583A (ja) * | 1996-02-23 | 2000-05-30 | Fuji Xerox Co Ltd | アクセス資格認証方法および装置ならびに証明用補助情報作成方法および装置 |
JP2000215165A (ja) * | 1999-01-26 | 2000-08-04 | Nippon Telegr & Teleph Corp <Ntt> | 情報アクセス制御方法および装置と情報アクセス制御プログラムを記録した記録媒体 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3278544D1 (en) * | 1981-07-27 | 1988-06-30 | Ibm | Data processing apparatus including stored value access control to shared storage |
GB8613069D0 (en) * | 1986-05-29 | 1986-07-02 | Univ Manchester | Parallel storage allocation |
US5628023A (en) * | 1993-04-19 | 1997-05-06 | International Business Machines Corporation | Virtual storage computer system having methods and apparatus for providing token-controlled access to protected pages of memory via a token-accessible view |
JPH08263438A (ja) | 1994-11-23 | 1996-10-11 | Xerox Corp | ディジタルワークの配給及び使用制御システム並びにディジタルワークへのアクセス制御方法 |
US5987134A (en) | 1996-02-23 | 1999-11-16 | Fuji Xerox Co., Ltd. | Device and method for authenticating user's access rights to resources |
US6061740A (en) * | 1996-12-09 | 2000-05-09 | Novell, Inc. | Method and apparatus for heterogeneous network management |
JP3613929B2 (ja) | 1997-05-07 | 2005-01-26 | 富士ゼロックス株式会社 | アクセス資格認証装置および方法 |
US6324087B1 (en) * | 2000-06-08 | 2001-11-27 | Netlogic Microsystems, Inc. | Method and apparatus for partitioning a content addressable memory device |
US7134138B2 (en) * | 2001-02-15 | 2006-11-07 | Emc Corporation | Methods and apparatus for providing security for a data storage system |
-
2001
- 2001-03-15 JP JP2001073352A patent/JP2002278838A/ja not_active Abandoned
-
2002
- 2002-03-07 EP EP02702790A patent/EP1276271A4/en not_active Withdrawn
- 2002-03-07 KR KR1020027015365A patent/KR100874061B1/ko not_active IP Right Cessation
- 2002-03-07 WO PCT/JP2002/002112 patent/WO2002076012A1/ja active Application Filing
- 2002-03-07 US US10/276,432 patent/US7225341B2/en not_active Expired - Fee Related
- 2002-03-07 CN CNB028016904A patent/CN100449507C/zh not_active Expired - Fee Related
-
2004
- 2004-06-28 HK HK04104627.9A patent/HK1063115A1/xx not_active IP Right Cessation
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH04232586A (ja) * | 1990-12-27 | 1992-08-20 | Pentel Kk | ハンディタ−ミナル |
JPH06222980A (ja) * | 1993-01-27 | 1994-08-12 | Dainippon Printing Co Ltd | メモリ領域の管理方法 |
JPH06289782A (ja) * | 1993-04-07 | 1994-10-18 | Matsushita Electric Ind Co Ltd | 相互認証方法 |
JPH0784959A (ja) * | 1993-09-14 | 1995-03-31 | Toshiba Corp | ユーザ認証システム |
JP2000151583A (ja) * | 1996-02-23 | 2000-05-30 | Fuji Xerox Co Ltd | アクセス資格認証方法および装置ならびに証明用補助情報作成方法および装置 |
JPH103257A (ja) * | 1996-06-18 | 1998-01-06 | Toshiba Corp | 電子署名付加方法及び電子署名装置並びに電子署名検証方法 |
JPH11285582A (ja) * | 1998-04-03 | 1999-10-19 | Pa Net Gijutsu Kenkyusho:Kk | 遊技機監視システム |
JP2000148567A (ja) * | 1998-09-02 | 2000-05-30 | Internatl Business Mach Corp <Ibm> | スマ―ト・カ―ドのメモリにデ―タ・オブジェクトを記憶する方法 |
JP2000215165A (ja) * | 1999-01-26 | 2000-08-04 | Nippon Telegr & Teleph Corp <Ntt> | 情報アクセス制御方法および装置と情報アクセス制御プログラムを記録した記録媒体 |
Non-Patent Citations (3)
Title |
---|
D. HAGIMONT, J.-J. VANDEWALLE: "JCCap: capability-based access control for Java card", 4TH SMART CARD RESEARCH AND ADVANCED APPLICATION CONFERENCE, September 2000 (2000-09-01), pages 1 - 40, XP002952764, Retrieved from the Internet <URL:http://sirac.inrialpes.fr/~hagimont/publications/cardis-jccap-200.pdf> [retrieved on 20020404] * |
MASAKI KYOJIMA, KIL-HO SHIN: "Ticket authentication protocols version 1.0", FUJI XEROX CO., LTD., 15 January 2000 (2000-01-15), pages 1 - 38, XP002952765, Retrieved from the Internet <URL:http://www.accessticket.com/990618TAP.pdf> [retrieved on 20020404] * |
See also references of EP1276271A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP1276271A4 (en) | 2006-10-04 |
JP2002278838A (ja) | 2002-09-27 |
HK1063115A1 (en) | 2004-12-10 |
EP1276271A1 (en) | 2003-01-15 |
US20030149854A1 (en) | 2003-08-07 |
CN1465161A (zh) | 2003-12-31 |
KR100874061B1 (ko) | 2008-12-12 |
CN100449507C (zh) | 2009-01-07 |
KR20030001498A (ko) | 2003-01-06 |
US7225341B2 (en) | 2007-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100860162B1 (ko) | 액세스 제어 티켓을 이용한 데이터 액세스 관리 시스템 및관리 방법 | |
KR100874061B1 (ko) | 액세스 제어 티켓을 이용한 메모리 액세스 제어 시스템 및관리 방법 | |
KR101037006B1 (ko) | 데이터 처리장치 | |
CN100511329C (zh) | 数据处理设备和数据处理方法 | |
JP4660900B2 (ja) | 個人認証適用データ処理システム、個人認証適用データ処理方法、および情報処理装置、並びにプログラム提供媒体 | |
KR100859623B1 (ko) | 정보 처리 시스템 및 방법 | |
JP4654498B2 (ja) | 個人認証システム、個人認証方法、および情報処理装置、並びにプログラム提供媒体 | |
TW514844B (en) | Data processing system, storage device, data processing method and program providing media | |
CN102214280A (zh) | 存储器装置、主机装置以及存储器系统 | |
EP1130844A2 (en) | Public-key-encryption data-communication system and data-communication-system forming method | |
EP1383073A1 (en) | Data processing system, memory device, data processor, data processing method, and program | |
JPWO2005117336A1 (ja) | 親子カード認証システム | |
KR20200133881A (ko) | 분산 환경에서의 신원 인증 방법 | |
JP2006262393A (ja) | 耐タンパ装置およびファイル生成方法 | |
TWI644556B (zh) | 具隱密性的kyc資料共享系統及其方法 | |
JP4536330B2 (ja) | データ処理装置、および、その方法 | |
JP2002279390A (ja) | データアクセス制御システム、メモリ搭載デバイス、およびデータアクセス制御方法、並びにプログラム記憶媒体 | |
JP2002281009A (ja) | 相互認証システム、相互認証方法、およびメモリ搭載デバイス、メモリアクセス機器、並びにプログラム記憶媒体 | |
JP2002281023A (ja) | データ処理システム、メモリ搭載デバイス、およびデータ処理方法、並びにプログラム記憶媒体 | |
WO2000022539A1 (fr) | Systeme fournisseur d'informations | |
CN113836516B (zh) | 一种打印机硒鼓防伪与打印次数保护系统、方法 | |
JP2002278842A (ja) | メモリアクセス制御システム、メモリ搭載デバイス、およびメモリアクセス制御方法、並びにプログラム記憶媒体 | |
JP2002278841A (ja) | データアクセス処理システム、メモリ搭載デバイス、およびデータアクセス処理方法、並びにプログラム記憶媒体 | |
JP2004015527A (ja) | データ処理権限管理システム、情報処理装置、および方法、並びにコンピュータ・プログラム | |
JP2003162691A (ja) | データ処理システム、メモリデバイス、データ処理装置、およびデータ処理方法、並びにコンピュータ・プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN KR SG US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002702790 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020027015365 Country of ref document: KR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 1020027015365 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 028016904 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2002702790 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10276432 Country of ref document: US |