[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2004079639A1 - Authentication method for electronic settlement using password-only ic card - Google Patents

Authentication method for electronic settlement using password-only ic card Download PDF

Info

Publication number
WO2004079639A1
WO2004079639A1 PCT/JP2003/003051 JP0303051W WO2004079639A1 WO 2004079639 A1 WO2004079639 A1 WO 2004079639A1 JP 0303051 W JP0303051 W JP 0303051W WO 2004079639 A1 WO2004079639 A1 WO 2004079639A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
password
payment
passwords
authentication
Prior art date
Application number
PCT/JP2003/003051
Other languages
French (fr)
Japanese (ja)
Inventor
Akira Ichikawa
Original Assignee
Akira Ichikawa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Akira Ichikawa filed Critical Akira Ichikawa
Publication of WO2004079639A1 publication Critical patent/WO2004079639A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • IC cards can be used in various ways, but if they are used as the riding power of transportation, passwords are not used at the moment, but they are used as electronic payments.
  • a passcode as an authentication method is an effective means
  • Fingerprints, irises, and voiceprints have been developed as personal authentication methods other than passwords.However, at present, these methods are all password-based in terms of economy and convenience. It is impossible to replace it.
  • the password method is currently the best authentication method.
  • passwords such as names and dates of birth
  • others such as names and dates of birth
  • Setting is not possible.
  • the present invention can use a password for all payments on an IC card, prevent the IC card from being misused by being lost or stolen, and memorize the password without memorizing it.
  • the purpose is to eliminate the need for manual input.
  • the password-specific IC card of the present invention is:
  • the C card is used only for payment ⁇ When using the C card for payment ⁇ ⁇ When using the IC card and password key 3 ⁇ 4 C card By allowing both sides to authenticate the password set, the security of electronic payment by the Ic card is increased.
  • Claim 2 for exclusive use of password ⁇ The authentication method for electronic payment using C. card is as follows: Password is registered for exclusive use for password ⁇ Registered on C card and the same password is also used for payment IC card After registering and performing initial processing and mutual authentication between the reader / writer and both IC cards at the time of actual use, the reader / writer receives the encrypted random number data from the payment IC card and only uses the password.
  • the password-specific IC card decrypts the received encrypted random number data, connects it to the password and encrypts it, and the reader / writer receives it and sends it to the payment IC card.
  • the payment IC card checks whether the decrypted random number data and password match the data in the payment IC card, and if any or neither match, authentication to interrupt processing method It has adopted.
  • the ⁇ method for electronic payment using a password-specific IC card in claim 6 is the IG method used to determine a in claims 1 to 5 in ⁇ . If the processing executed on the card is performed by the certificate supplier of ATMs and other services, the country
  • the password-specific IC card described in claim 7 can be worn on items such as bracelets, watches, pendants, cowspots, brooches, key chains, belts, bags, bags, etc. It has a non-contact, portable structure that can be worn on a payment IC card when used. '' Embodiments of the Invention
  • PIGG2 indicates an IC card for settlement
  • PICC1 indicates an IC card exclusively for password
  • RW indicates a reader / writer.
  • Fig. 1 is a diagram showing the overall configuration of an authentication method for electronic payment using a password-specific IC card.
  • 1 is a card-shaped password-specific IC card
  • 3 is 2 for payment 1 C
  • a reader / writer for reading and writing cards and data.
  • the IC card for password and the IC card for payment also have the role of mediating data transmission / reception in order to authenticate the user with the password. .
  • Kuni 2 is your password! c card block country y, password only ⁇ c power
  • It has a CPU 5, a memory 6 for storing IE, passwords, encryption keys, programs and other data, a cryptographic circuit 7, a 3 ⁇ 4II tone adjustment circuit 8, and an antenna coil 9.
  • the CPU 5 uses the program data stored in the memory 6 and the working data to transmit a command from the reader / writer 3 received through the antenna coil 9. In addition to performing the processing based on the data, the data transmission processing to Reader / Writer 3 is performed.
  • Commands that are sent from the password reader / writer 13 to the password-specific IC card 1 include polling, authentication, data reading and harm, and prohibition.
  • the CPU 5 receives the transmission command from the card reader / writer 3 with the antenna coil 9, cuts it out with the e-adjustment circuit 8, fetches and analyzes it, and follows the analyzed command. The processing is executed.
  • Country 3 is for password only ⁇ C card is card-shaped and Circle 4 is breathlet-shaped for payment for authentication! Normally consciously separated from the C card for wearing and settlement! Avoid getting lost or stolen with your C-Card.
  • FIG. 5 illustrates the password authentication process sequence control between the password-specific IC card 1, the payment IC card 2, and the reader / writer 3.
  • [E10. D10] and [E11, D11] are the paired ciphers.
  • ⁇ Decryption algorithm Rcc is the random number of PIGC2
  • K10pc and K11pc are access keys
  • M10cc and M11pw are ciphertexts
  • P10cc and P11cc is a decrypted text
  • P10pw, P11pw, and Pwcc are passwords.
  • P1) initial communication for establishing communication is performed, and then P2) mutual authentication is performed according to the procedure specified in the IC card specification of JICSP (or ISO).
  • Dedicated for password ⁇ (S5) M10GG is decrypted with 10pc on C card 1 (D10) to obtain PI OCG.
  • M11 pw is sent to Reader / Writer 13 in Password Auth.3-3 response.
  • the Ml 1pw received by the reader / writer 13 (S8) is sent to the payment IC card 3 with the Password Auth.3-4 response as it is.
  • the (S9) M11pw is decrypted (D11) by K11pc with the IC card 2 for settlement, and the random number P11cc, password 7, and word P11pv; are obtained.
  • the password-specific Ic card of the present invention described in claim 1 is a password that is previously set between the payment IC card and the password-specific IC card when the payment ⁇ c card is used. By performing automatic authentication of electronic payment, the security of electronic payment using the payment IC card is enhanced.
  • the password authentication function at the time of payment can be always used by the password automatic authentication function, and the password input by the user can be input.
  • Electronic payment with no burden and enhanced security is possible.
  • registration of the password and the encryption key to the password-specific IC card and the payment IC card is performed by a special application software. It is installed on a personal computer that has a dedicated reader / writer that can be used for both the password-dedicated IC card and the settlement IC card. Registration, updating, and deletion are restricted by the payment system on the service side. Since it is not affected by the password, the IC card for settlement and the IC card for password can be freely combined, and the maintenance of the password and the encryption key can be easily performed.
  • the claim does not use the 1G power for settlement described in paragraphs 1 to 5, and ATM, cash power, AT, and credit vault.
  • Authenticated authentication can be performed between ⁇ 2 authentication and service card, and as a new method of using password, security of all electronic devices can be improved. Can be done.
  • Ic card for item 7 ⁇ Password for exclusive use of the card, in addition to the card shape, a presslet, a watch, a pendant, a cowspot, a broach, and a key holder belt It can be attached to wearable items such as buns, buns, packs, etc., and can be worn when using the IC card for payment. It can be easily used together with an IC card.
  • FIG. 1 Schematic configuration diagram of the system according to the embodiment of the invention

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

A password can be used for all the settlement using an IC card, the IC card cannot be falsely used when it is lost or stolen, and the user does not need to memorize the password and to manually input it. An IC card is a password-only one having a function only for a password. When a settlement IC card is used, the settlement IC card and the password-only IC card automatically authenticate the passwords preset in both of them, thus enhancing the safety of electronic settlement using a settlement IC card.

Description

明細害  Harm
パスヮー ド専用 I Cカー ドによる電子決済おける認証方式  Authentication method for electronic payment using password-specific IC card
¾銜分野 ¾ bite field
本 s 月は 、 1 Cカー ドやク レジッ トカー ド等による電子 における認読技 術に 背景技術  This month, the background of the technology of electronic reading using 1C card and credit card is
ク レジッ トカー ドゃデビッ トカー ドは、 そのカー ドを使用した決済に先立ち 本人 έΐ£用 して予めパスヮー ドをオンライ ン決済システムに登録しておきィ ンタ一ネッ ト上のオンライ ン決済や、 A T Mやその他端末による電子決済に才ン ラィ ン決済システムがパスワー ドを要求 し本人がパスワー ドを入力する こ とに よ y 人 s忍 SJ している。  Credit card debit cards require you to register your password in the online payment system in advance for personal use prior to payment using that card, and to make online payments on the Internet, The online payment system requires a password for electronic payment using ATMs and other terminals, and the user himself / herself enters the password.
また I Cカー ドにおいても、色々な用途が考えられるが交通機関の乗車力 ― ド、と して利用される場合は、 現時点ではパスワー ドは使用されていないが、 電子 決済と して使う場合の本人認証と してパスヮ一 ドの使用が有効な手段となつて いる  In addition, IC cards can be used in various ways, but if they are used as the riding power of transportation, passwords are not used at the moment, but they are used as electronic payments. The use of a passcode as an authentication method is an effective means
パスヮー ド以外の本人認証手段と して指紋、 虹彩、 声紋による方法が開発さ れているが、現在のと こ ら経済性や利便性に於いてこれらの認証方法が全てパス ワー ド方式に取って代わるのは不可能である。  Fingerprints, irises, and voiceprints have been developed as personal authentication methods other than passwords.However, at present, these methods are all password-based in terms of economy and convenience. It is impossible to replace it.
パスヮー ド方式は、 現在のと ころ最良の本人認証方式である。  The password method is currently the best authentication method.
ただ、 パスワー ドは、 最近の不正使用の事例から氏名や生年月 日等、 本人から推 測できる内容は他人に見破られるケースが発生していて、本人から推測できるよ うな単純なパスヮ一 ドは設定不可となっている。 However, in some cases, passwords, such as names and dates of birth, can be guessed by others, such as names and dates of birth, based on recent cases of unauthorized use. Setting is not possible.
このよう なこ とからパスヮ一 ドを複 $1に設定し、 12えにく いパスヮー ドの锞用に よ y俊用の H に思い出せないケースが sg生している。 For this reason, there are cases in which the passcode is set to $ 1 and the passcode is difficult to remember.
したがって本発明は、 I Cカー ドの全ての決済にパスワー ドを使用すること が出来、 I Cカー ドの紛失や盗難で不正使用されないようにすること と、 パスヮ ー ドを記憶するこ とな く 叉手入力を不要とすることを目的とする。 本発明では、 上述の目的を達成するために、 次のよ うにしている。 すなわち、 請求の範囲第 1 項において本発明のパスワー ド専用 I Cカー ドは、Therefore, the present invention can use a password for all payments on an IC card, prevent the IC card from being misused by being lost or stolen, and memorize the password without memorizing it. The purpose is to eliminate the need for manual input. In the present invention, in order to achieve the above object, the following is performed. That is, in claim 1, the password-specific IC card of the present invention is:
I Cカー ドの機齙をパスワー ドに限定したパスワー ド専用 ί Cカー ドと し、 決済 用 Ϊ Cカー ド使用時に资渰用 I Cカー ドとパスワー ド ¾爾 ί Cカー ドとの閽で 予め双方に設定されたパスワー ドの自 認証を行わせることによ 、 決渰周 I c カー ドによる電子決済の安全性を高めている。 請求の範囲第 2項のパスワー ド専用 Ϊ C.カー ドによる電子決済における認 証方式は、 パスヮー ドをパスヮー ド専用 〖 Cカー ドに登録し同じパスヮ一 ドを決 済用 I Cカー ドにも登録し、 実際の使用時に、 リーダライターと双方の I cカー ドとの間の初期処理および相互認証後、 リーダライタ一が決済用 I Cカー ドから 暗号化した乱数データ を受信してパスワー ド専用 I cカー ドに送出し、 パスヮー ド専用 I Cカー ドは受信した暗号化乱数データを復号化し、 パスワー ドに連結し て暗号化し、 リーダライ ターがこれを受信して決済用 I Cカー ドに送出 し、 決済 用 I Cカー ドは復号化 した乱数データ とパスワー ドが決済用 I Cカー ド内デ一 タ と一致するか確認し、 何れかまたは何れも一致していない場合、 処瑪を中断す る認証方式を採っている。 請求の範囲第 3項のパスワー ド専用 I Cカー ドと決済用 I Cカー ドへのパ スワー ドおよび暗号鍵の登録を、 専用アプリケーショ ンソフ トをイ ンス トールし たパスワー ド専用 I Cカー ドと決済用 I Cカー ド双方に使用できる専用リーダ ライターを接続したパソコンで行い、 その登録 ' 更新 ' 削除はサービス側の決済 システムの制約を受けないパスワー ド運用方法を採っている。 請求の諫囲第 4項および第 5項のパスワー ド専搿 Ϊ Cカー ドは、 Ϊ Cカー ドOnly the password of the IC card is limited to the password 専 用 The C card is used only for payment 、 When using the C card for payment 资 渰 When using the IC card and password key ¾ C card By allowing both sides to authenticate the password set, the security of electronic payment by the Ic card is increased. Claim 2 for exclusive use of password Ϊ The authentication method for electronic payment using C. card is as follows: Password is registered for exclusive use for password 〖Registered on C card and the same password is also used for payment IC card After registering and performing initial processing and mutual authentication between the reader / writer and both IC cards at the time of actual use, the reader / writer receives the encrypted random number data from the payment IC card and only uses the password. Send it to the Ic card, and the password-specific IC card decrypts the received encrypted random number data, connects it to the password and encrypts it, and the reader / writer receives it and sends it to the payment IC card. The payment IC card checks whether the decrypted random number data and password match the data in the payment IC card, and if any or neither match, authentication to interrupt processing method It has adopted. Registration of the password and encryption key to the password-specific IC card and the payment IC card in Claim 3 and the password-specific IC card with the dedicated application software installed It uses a personal computer connected to a dedicated reader / writer that can be used for both IC cards, and its registration 'update' and deletion uses a password operation method that is not restricted by the settlement system on the service side.搿 C card is the password for exclusive use of the password in claims 4 and 5 of the request.
¾谤時の本人認証を、 パスヮ一 ドの手入力の itと椎 uされにく いパスヮー ドの 採用とパスヮー ド認証の高速化とパスヮ一 ドの機密性を高め更にパスヮー ド専 用 I Cカー ド使用者がパスワー ドを記憶する必要がない電子決済の認証方式お よびパスワー ド運用方法を採っている 請求の範囲第 6項のパスワー ド専用 I Cカー ドによる電子決済における認 κ方式は、 請求の α囲第 1 項から篛 5項に記 aの決渰用 I Gカー ドで実行してい る処理を A T Mやその他サービスの ϋ証綏側で行うようにすれば、蹬求の 國第In order to secure the personal identification at the time of use, it is necessary to manually enter the password manually and use a password that is difficult to use, speed up the password authentication, increase the confidentiality of the password, and further enhance the IC card dedicated to the password. Authentication methods for electronic payments that do not require the password user to memorize the password. The κ method for electronic payment using a password-specific IC card in claim 6 is the IG method used to determine a in claims 1 to 5 in α. If the processing executed on the card is performed by the certificate supplier of ATMs and other services, the country
1 項から第 5項に記述した決済用 ί Cカー ドを使用 しない、 A Τ Μとキャ ッシュ カー ドゃ A T Mとク レジッ トカ一 ドおよびその他サービスの認証機とサービス カー ドとの間でも使用することができる。 請求の範囲第 7項のパスワー ド専用 I Cカー ドは、 カー ド形状以外に、 ブレ ス レッ ト、 腕時計、 ペンダン ト、 カウスポタ ン、 ブローチ、 キーホルダー、 ベル ト、 カバン、 バック等の身に着けるものに取り付けられる形状と し、 決済用 I C カー ド使用時に身につけて使用する こ と も出来る非接触型の携帯構造を有して いる。 ' 発明の実施の形態 For settlement as described in paragraphs 1 to 5 ί Do not use C card, A Τ Μ and cash card 使用 Use between ATM and credit card and other service authenticator and service card can do. In addition to the card shape, the password-specific IC card described in claim 7 can be worn on items such as bracelets, watches, pendants, cowspots, brooches, key chains, belts, bags, bags, etc. It has a non-contact, portable structure that can be worn on a payment IC card when used. '' Embodiments of the Invention
以下、 図面によって本発明の実施の形態について詳細に説明する。 尚、 図に 記載の P I GG2は決済用 I Cカー ドを P I CC1 はパスワー ド専用 I Cカー ドを R W はリーダライターを指す。  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the figure, PIGG2 indicates an IC card for settlement, PICC1 indicates an IC card exclusively for password, and RW indicates a reader / writer.
図 1 は、 パスワー ド専用 I Cカー ドによる電子決済における認証方式の全体構成 を示す図であり 、 同図において、 1 はカー ド形状のパスワー ド専用 I Cカー ド、 3 は 2の決済用 1 Cカー ドとデータの読出 し書き込みをするための リ ーダライ タ一であ りパスワー ド専用 I Cカー ドと決済用 I Cカー ドがパスワー ドによる 本人認証をするためにデータ送受信の仲介をする役目 を兼ねる。 Fig. 1 is a diagram showing the overall configuration of an authentication method for electronic payment using a password-specific IC card. In the figure, 1 is a card-shaped password-specific IC card, 3 is 2 for payment 1 C A reader / writer for reading and writing cards and data.The IC card for password and the IC card for payment also have the role of mediating data transmission / reception in order to authenticate the user with the password. .
國 2は、 パスワー ド尊用 ! cカー ドのブロ ック國であ y、 パスワー ド専用 ί c力Kuni 2 is your password! c card block country y, password only ί c power
— ドは内部に C P U 5 、 パスワー ド、 暗号鍵、 プログラムおよびその他データ を IE憶するメモ リ 6、暗号回路 7、¾ II調回路 8 、アンテナコイル 9 を有している。 — It has a CPU 5, a memory 6 for storing IE, passwords, encryption keys, programs and other data, a cryptographic circuit 7, a ¾II tone adjustment circuit 8, and an antenna coil 9.
C P U 5 は、 メ モ リ 6 に格納されているプログラムデータ と、 ワーキングデータ とを用いて、 アンテナコイル 9 を通じて受信した リーダライター 3からのコマン ドに基づく 処理を行う と共に、 リーダライター 3 に対してデータ送出の処理を行 ラ。 The CPU 5 uses the program data stored in the memory 6 and the working data to transmit a command from the reader / writer 3 received through the antenna coil 9. In addition to performing the processing based on the data, the data transmission processing to Reader / Writer 3 is performed.
力一 ドリ 一ダライ タ一 3からパスワー ド専用 I Cカー ド 1 に送出されて く るコ マン ドには、 ポーリ ング、 認証、 データの読出 しと害込み、 禁止などがある。 C P U 5は、 カー ドリーダライター 3からのこ う した送出コマン ドをアンテナコィ ル 9 で受信し、 e調回路 8で截黼し、 取り込んで涊析すると共に、 この 析し たコマン ドに従った処理を実行するようになっている。 Commands that are sent from the password reader / writer 13 to the password-specific IC card 1 include polling, authentication, data reading and harm, and prohibition. The CPU 5 receives the transmission command from the card reader / writer 3 with the antenna coil 9, cuts it out with the e-adjustment circuit 8, fetches and analyzes it, and follows the analyzed command. The processing is executed.
國 3 は、 パスワー ド専用 〖 Cカー ドをカー ド形状と したもの、 圈 4は、 ブレス レ ッ ト形状と したもので、 認証対象の決済用 ! Cカー ドとは通常、 意識的に離して 身に着け決済用 ! Cカー ドと一緒に紛失や盗難に会わないよ うにする。 Country 3 is for password only 〖C card is card-shaped and Circle 4 is breathlet-shaped for payment for authentication! Normally consciously separated from the C card for wearing and settlement! Avoid getting lost or stolen with your C-Card.
図 5 は、 パスワー ド専用 I Cカー ド 1 と決済用 I Cカー ド 2 と リーダライター 3 の間のパスワー ド認証処理シーケンス制御を説明 したものである。 FIG. 5 illustrates the password authentication process sequence control between the password-specific IC card 1, the payment IC card 2, and the reader / writer 3.
図中に示す [E10. D10] , [E11, D11] は, それぞれ対となる暗号 ■ 復号アルゴリ ズム、 Rcc は PIGC2 の乱数、 K10pc、 K11pc はアクセス鍵、 M10cc、 M11pw は暗号 化文、 P10cc, P11cc は復号化文、 P10pw, P11pw、 Pwccはパスワー ドとする。 In the figure, [E10. D10] and [E11, D11] are the paired ciphers. ■ Decryption algorithm, Rcc is the random number of PIGC2, K10pc and K11pc are access keys, M10cc and M11pw are ciphertexts, P10cc and P11cc is a decrypted text, P10pw, P11pw, and Pwcc are passwords.
まず J I C S A P (又は I S O ) の I Cカー ド仕様で規定される手順で、 通信確 立の為の P1)初期通信が行われ続いて P2)相互認証が行われる。 First, P1) initial communication for establishing communication is performed, and then P2) mutual authentication is performed according to the procedure specified in the IC card specification of JICSP (or ISO).
続いて本発明のパスヮ一 ド専用 I Cカー ド 1 の P3)パスヮー ド認証が行われる。 以下に P3)パスワー ド認証のシーケンス制御を説明する。 Subsequently, the P3) password authentication of the IC card 1 for exclusive use of the password of the present invention is performed. The sequence control of P3) password authentication is described below.
決済用 I Cカー ド 2で(S1)乱数 RGC を発生する、 (S2)乱数 Rcc を K10pc によ り暗 号化(E10) して M10cc とする (S1) Generate random number RGC with IC card 2 for settlement, (S2) Encrypt (E10) random number Rcc with K10pc to M10cc
(S3) Password Auth.3-1 コマン ドで MtOccがリーダライター 3へ送出される。 リーダライター 3で(S4)受信した Ml Occ をそのまま Password Auth.3- 2 コマン ド でパスワー ド専用 I Cカー ド 1 へ送出される。  (S3) MtOcc is sent to Reader / Writer 3 by Password Auth.3-1 command. The Ml Occ received by reader / writer 3 (S4) is sent as is to Password Dedicated IC card 1 using the Password Auth.3-2 command.
パスワー ド専用 ∑ Cカー ド 1 で(S5)M10GGを 10pcによ y復号化(D10) して PI OCG とする。 Dedicated for password ∑ (S5) M10GG is decrypted with 10pc on C card 1 (D10) to obtain PI OCG.
(56) P10CC とパスヮー ド P1 Opw を m ¾gし 【U 1 PG で暗号化(E11 ) し M11 w を生成す る。  (56) The P10CC and password P1 Opw are converted to M1w, which is then encrypted (E11) with U1PG to generate M11w.
(57) Password Auth.3-3 レスポンスで M11 pwがリーダライタ一 3へ送出される。 リーダライタ一 3で(S8)受信した Ml 1pwをそのまま Password Auth.3-4 レスポン スで決済用 I Cカー ド 3へ送出される。 (57) M11 pw is sent to Reader / Writer 13 in Password Auth.3-3 response. The Ml 1pw received by the reader / writer 13 (S8) is sent to the payment IC card 3 with the Password Auth.3-4 response as it is.
決済用 I Cカー ド 2で(S9)M11pw を K11pc によ リ複号化(D11) し乱数 P11cc とパ 7、ワー ド P11pv; とする。 The (S9) M11pw is decrypted (D11) by K11pc with the IC card 2 for settlement, and the random number P11cc, password 7, and word P11pv; are obtained.
(S10)Rcc と P11GG、 パスヮ一 ド Pwcc と P11pw ¾ ϋ霞する。  (S10) Rcc and P11GG, passcodes Pwcc and P11pw
(S1 D cc と P11 、 パスヮ一 ド PWGG と P11 ρινの何れかまたは何れも等し く ない とき »理を中断する。 産業上の利用可能性  (S1 D cc and P11, pass code PWGG and P11 ριν are not equal to each other. »Stop processing.
以上のよう に本発明によれば次の効果を得られる。  As described above, according to the present invention, the following effects can be obtained.
請求の範囲第 1 項の本発明のパスワー ド専用 I cカー ドは、 決済用 〖 cカー ド使用時に決済用 I Cカー ドとパスワー ド専用 I Cカー ドとの間で予め双方に 設定されたパスワー ドの自動認証を行わせることによ り、 決済用 I cカー ドによ る電子決済の安全性が高まる。  The password-specific Ic card of the present invention described in claim 1 is a password that is previously set between the payment IC card and the password-specific IC card when the payment 〖c card is used. By performing automatic authentication of electronic payment, the security of electronic payment using the payment IC card is enhanced.
請求の範囲第 2項の本発明のパスワー ド専用 I Cカー ドによれば、 パスヮ一 ド自動認証機能によ り 、 決済時のパスワー ド認証の常時使用が出来、 且つ使用者 のパスワー ド入力の負担がない、 安全性を高めた電子決済が出来る。  According to the password-specific IC card of the present invention as set forth in Claim 2, the password authentication function at the time of payment can be always used by the password automatic authentication function, and the password input by the user can be input. Electronic payment with no burden and enhanced security is possible.
請求の範囲第 3項の本発明のパスワー ド専用 I Cカー ドによれば、 パスヮ一 ド専用 I Cカー ドと決済用 I Cカー ドへのパスワー ドおよび暗号鍵の登録を、 専 用アプリ ケーショ ンソフ トをイ ンス トールした、 パスワー ド専用 I Cカー ドと決 済用 I Cカー ド双方に使用できる専用 リーダライタ一を接続したパソコ ンで行 い、 その登録 ■ 更新 ■ 削除はサービス側の決済システムの制約を受けないので、 決済用 I Cカー ドとパスワー ド専用 I Cカー ドとの自由な組み合わせが出来、 パ スワー ドや暗号鍵のメ ンテナンスが容易に出来る。  According to the password-specific IC card of the present invention described in claim 3, registration of the password and the encryption key to the password-specific IC card and the payment IC card is performed by a special application software. It is installed on a personal computer that has a dedicated reader / writer that can be used for both the password-dedicated IC card and the settlement IC card. Registration, updating, and deletion are restricted by the payment system on the service side. Since it is not affected by the password, the IC card for settlement and the IC card for password can be freely combined, and the maintenance of the password and the encryption key can be easily performed.
請求の範囫第 4項および第 5項の本 ¾明のパスワー ド専用 ί Cカー ドによ れぱ、 パスヮー ドの手入力の排除と推測されにく いパスヮー ドの採用とパスヮ一 ド認証の高邃化とパスヮー ドの ¾3密性を高め Ηにパスヮ一 ドを記億する ^要が ないので、 サービスの種類やサービス提供会社の違いや使用者の年齢 (お年寄り や子供等) を選ばないで電子決済の安全性を高められる。 請求の範囲第 6項の本発明のパスワー ド専用 I Cカー ドによれば、 請求の範 囲第 1 項から第 5項に記載の決済用 I Cカー ドで実行している処理を A T Mや その他サービスの認証機側で行う よ うにすれば、 請求.の範囲第 1 項から第 5項に 述した決済用 1 G力一 ドを使用 しない、 A T Mとキャッシュ力一 ドゃ A T Μと ク レジ V 卜カー ドおよぴその他サービス ω認証 ¾2とサービスカー ドとの阖 俊蹈する '一とができ、 パスワー ド? 1用方法の新方式と して、 全ての電子 ¾ ¾の安 全性を とが出来る。 Exclusively for the password in the claims of paragraphs 4 and 5 of the claim ί Elimination of manual entry of passwords, adoption of passwords that are difficult to be guessed, and password authentication by C card In order to improve the quality of the service and to increase the density of the passcode, it is not necessary to record the passcode. Therefore, it is not necessary to change the type of service, the service provider, and the age of the user (such as the elderly and children). The security of electronic payment can be enhanced without choosing. According to the password-specific IC card of the present invention described in claim 6, the processing executed by the payment IC card described in claims 1 to 5 is performed by an ATM or other service. If the authentication is performed on the side of the authentication machine, the claim does not use the 1G power for settlement described in paragraphs 1 to 5, and ATM, cash power, AT, and credit vault. Cards and other services Authenticated authentication can be performed between ω2 authentication and service card, and as a new method of using password, security of all electronic devices can be improved. Can be done.
求 ί!囫第 7項の;^ 明のパスヮー ド専用 I cカー ドによれば、 カー ド形 状以外に 、 プレス レッ ト、 脑時計、 ペンダン ト、 カウスポタ ン、 ブローチ、 キー ホルダ一 ベル ト 、 力パン、 パック等の身に着けるものに取り付けられる形状と し、 決済用 I cカー ド使用時に身につけて使用することも出来、 パスワー ド専用 I Cカー ドの用途の機密性を保ち、 決済用 I Cカー ドと一緒に使用するこ とが容 易に出来る。 図面の簡単な説明  According to the Ic card for item 7; ^ Password for exclusive use of the card, in addition to the card shape, a presslet, a watch, a pendant, a cowspot, a broach, and a key holder belt It can be attached to wearable items such as buns, buns, packs, etc., and can be worn when using the IC card for payment. It can be easily used together with an IC card. BRIEF DESCRIPTION OF THE FIGURES
図 1 、 発明の実施形態に係るシステムの概略構成図 Figure 1, Schematic configuration diagram of the system according to the embodiment of the invention
図 2 、 パスワー ド専用 I C力 — ドのブ □ ック図 Figure 2, Password-only IC force
図 3 、 力一ド形状をしたパスワー ド専用 I Cカー ド Fig. 3 Forced password dedicated IC card
図 4 、 ブレスレツ ト形状を したパスつ一ド専用 I C力 Fig. 4 Bracelet-shaped path dedicated IC force
図 5 、 パスヮー ド認証処理シ —ゲンス制御 符号の説明 Fig. 5 Password authentication process
1 パスヮ一 用 I C力一  1 pass for IC force
2 決済用 I C力 ―  2 Settlement IC capability ―
3 リ一ダラィタ一  3 Leader
4 リ一ダラ タ ―シス亍ムの上位コ ンピュ  4 Leader computer-higher-level computer in the system
5 sヽへ ― Ϊ C力一ドの G P U  To 5 s ヽ-Ϊ C force G P U
6 パスつ一ド'専用 I C力一ドのメ モリ  6 Pass 1st 'dedicated I C memory
7 パスヮ一 K専用 I C力一ドの暗号回路 パスワー ド専用 I Cカー ドの変復調電源回路 パスワー ド専用 I Cカー ドのアンテナコイル カー ド形状のパスワー ド専用 I Cカー ド ! Cチップ 7 pass ヮ K dedicated IC power encryption circuit Modular demodulation power supply circuit for password-specific IC card Antenna coil for password-specific IC card Card-shaped IC card for password only! C chip
アンテナコイル  Antenna coil
プレスレッ ト形状のパスワー ド専用 I Cカー ド  Preslet-shaped password dedicated IC card

Claims

請求の範囲 The scope of the claims
I Cカー ドの機能をパスワー ドに限定したパスワー ド専用 I Cカー ドと し、 決済用 Ϊ Cカー ド使用時に決済用 1 Cカー ドとパスワー ド専用 I Cカー ド との閬で予め ¾方に設定されたパスヮー ドの自動認証を行わせる こ とによ y、块资用 ί cカー による a子教¾の安全性を寓めたことを特黴とするパ スワー ド専用 I Cカー ドによる電子決渰における認読方式  The IC card function is limited to a password, and it is a password-only IC card.For payment 時 に When using a C-card, it is set in advance to one side between the payment 1 C card and the password-only IC card The password is automatically authenticated, and the e-mail is sent to the IC card for exclusive use of the password, which indicates that the safety of the child teacher was demonstrated by the user's car.読
スワー ドをパスワー ド専用 I Cカー ドに登録し同 じパスワー ドを決済用 Ϊ Register the password on the password-specific IC card and use the same password for payment.
Cカー ドにも'直'録し、 実際の使用時にリーダライターと 1 方の I Cカー ドと の閬の初期処理および相互認証後、 リーダライターが決済用 s Cカー ドから 暗号化した乱数データ を受信してパスワー ド専用 Ϊ Cカー ドに送出 し、 パス ワー ド専用 I cカー ドは受信した暗号化乱数データ を復号化し、 パスワー ド に連結して暗号化し、 リーダライタ一がこれを受信して決済用 I Cカー ドに 送出 し、決済用 I Cカー ドは復号化した乱数データ とパスワー ドが決済用 I Cカー ド内データ と一致するか確認し、何れかまたは何れも一致していない 場合、処理を中断する こ とを特徴とするパスワー ド専用 I Cカー ドによる電 子決済における認証方式 The data is also recorded 'directly' on the C card, and after the initial processing and mutual authentication between the reader / writer and one of the IC cards during actual use, the reader / writer encrypts the random number data from the C card for payment. And the password is sent to the C card.The Ic card for the password decrypts the received encrypted random number data, connects it to the password and encrypts it, and the reader / writer receives it. And sends it to the payment IC card.The payment IC card checks whether the decrypted random number data and password match the data in the payment IC card, and if any or none do not match Authentication method for electronic payment using a password-specific IC card that interrupts processing
求の範囲第 1 項および第 2項記載のパスワー ド専用 I Cカー ドは、 パスヮ - ド専用 I Cカー ドと決済用 I Cカー ドへのパスヮ一 ドおよび暗号鍵の登 録を、 専用アプリケーショ ンソフ トをイ ンス トールしたパスワー ド専用 1 c カー ドと決済用 I Cカー ド双方に使用できる専用 リ ーダライ ターを接続し たパソコ ンで行い、 その登録 ■ 更新 · 削除はサービス側の決済システムの制 約を受けない事を特徴とするパスヮ一 ド運用方法  The password-specific IC card described in paragraphs 1 and 2 of the request is used to register the password and encryption key to the password-specific IC card and the payment IC card, and to use a dedicated application software. Is installed on a PC connected to a dedicated reader / writer that can be used for both the password-installed 1c card and the payment IC card. Registration and update / restriction of the service-side payment system Passcode operation method characterized by not receiving
求の範囲第 1 項から第 3項に記載のパスワー ド専用 I Cカー ドは、 I C力 ー ドの特徵の一つであるオンライ ン照合を不要と した使用方法において、 ί The password-only IC card described in paragraphs 1 to 3 of the claim is used in a usage method that does not require online verification, which is one of the features of the IC card.
Cカー ド決済時の本人認証を、 パスワー ドの手入力の排除と推 ?11されにく い パスヮー ドの採用とパスヮー ド認証の高速化とパスヮー ドの機密性を高め 更にパスワー ド専 ί cカー ド使招者がパスヮー ド ¾記憶する必要がない 事を特徴とする電子決済の認証方式およびパスワー ド運用方法 C-card authentication requires password elimination by eliminating manual entry of passwords.Adopting passwords, speeding up password authentication, increasing confidentiality of passwords, and specializing passwords. An electronic payment authentication method and a password operation method, in which the card messenger does not need to memorize the password.
求の範囲第 1 項から第 3項に記載のパスワー ド専用 I Cカー ドは、 I C力 ー ドをオンライ ン照合する使用方法においても、 I Cカー ド決済時の本人認 証を、 パスヮー ドの手入力の排除と推測されにく いパスヮー ドの採用とパス ワー ド認証の高速化とパスワー ドの機密性を高め更にパスワー ド専用 I C カー ド使用者がパスヮー ドを記憶する必要がない事を特徵とする電子決済 の認証方式おょぴパスヮー ド II用方法 The password-specific IC card described in paragraphs 1 to 3 of the In the usage method for online verification of passwords, personal identification at the time of IC card payment is also performed by eliminating password manual entry, adopting passwords that are hard to be guessed, speeding up password authentication and passwords. Authentication method for electronic payment, which is characterized by increasing the confidentiality of passwords and eliminating the need for password-specific IC card users to memorize passwords.
家の ffi囲篛 1 頊から篛 5項に記 01のパスワー ド専用 ! Cカー ドは、 請求の 範囫第 1 項から第 5項に記載の決涛用 I Gカー ドで賽行している処理を A T Mやその他サービスの認証機側で行う よ うにすれば、 請求の ¾囲篛 1 項か ら第 5項に記述した決済用 Ϊ Cカー ドを使用 しない、 A T Mとキャッシュ力 一ドゃ A T Mと ク レジッ トカ一 ドおよびその他サービスの認証機とサービ スカー ドとの間でも使用する こ とができる こ と を特徴とする電子決済にお ける認証方式  Ffi Enclosure of the house 頊 1 頊 to 篛 5 In section 5, only password 01! The C-card will be charged if the processing performed by the IG card for decision-making described in Paragraphs 1 to 5 is performed by the ATM or other service authenticator. Surrounding: For payment as described in paragraphs 1 to 5 Ϊ ATM and cash power without C card 1 ATM Between credit card and other service authenticator and service card Authentication method for electronic payment, characterized in that it can be used
求の範囲第 1 項および第 6項に記載のパスワー ド専用 I Cカー ドは、 カー ド形状以外に、 ブレスレッ ト、 腕時計、 ペンダン ト、 カウスポタ ン、 ブロー チ、 キ一ホルダ一、 ベル ト、 カバン、 バック等の身に着けるものに取り付け られる形状と し、 決済用 I Cカー ド使用時に身につけて使用するこ とも出来 る こ と を特徴とする非接触型の携帯構造を有するパスワー ド専用 I Cカー  In addition to the card shape, the password-specific IC card described in paragraphs 1 and 6 of the scope of request also includes a breathlet, wristwatch, pendant, cowspot, brooch, key holder, belt, and bag. It is designed to be attached to a wearable object such as a backpack, etc., and can also be worn when using a payment IC card.
PCT/JP2003/003051 2003-03-03 2003-03-13 Authentication method for electronic settlement using password-only ic card WO2004079639A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2003055067A JP2004265156A (en) 2003-03-03 2003-03-03 Authentication system in electronic payment by ic card exclusively for password
JP2003-055067 2003-03-03

Publications (1)

Publication Number Publication Date
WO2004079639A1 true WO2004079639A1 (en) 2004-09-16

Family

ID=32958650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2003/003051 WO2004079639A1 (en) 2003-03-03 2003-03-13 Authentication method for electronic settlement using password-only ic card

Country Status (2)

Country Link
JP (1) JP2004265156A (en)
WO (1) WO2004079639A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009301205A (en) * 2008-06-11 2009-12-24 Hitachi Systems & Services Ltd Personal authentication method for contactless electronic money settlement system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7647499B2 (en) * 2005-03-24 2010-01-12 Avaya Inc Apparatus and method for ownership verification
JP5315137B2 (en) * 2009-06-11 2013-10-16 株式会社エヌ・ティ・ティ・データ Authentication system, authentication method, reader, and program
JP6774193B2 (en) * 2016-03-28 2020-10-21 株式会社タイトー Game system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0877110A (en) * 1994-06-28 1996-03-22 Omron Corp Information system
JPH09326086A (en) * 1996-06-06 1997-12-16 Matsushita Electric Ind Co Ltd Credit processing system
JP2002117378A (en) * 2000-10-05 2002-04-19 Dainippon Printing Co Ltd Noncontact ic card system
JP2003050960A (en) * 2001-08-07 2003-02-21 Minoru Takayama Security system for electronic money

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0877110A (en) * 1994-06-28 1996-03-22 Omron Corp Information system
JPH09326086A (en) * 1996-06-06 1997-12-16 Matsushita Electric Ind Co Ltd Credit processing system
JP2002117378A (en) * 2000-10-05 2002-04-19 Dainippon Printing Co Ltd Noncontact ic card system
JP2003050960A (en) * 2001-08-07 2003-02-21 Minoru Takayama Security system for electronic money

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009301205A (en) * 2008-06-11 2009-12-24 Hitachi Systems & Services Ltd Personal authentication method for contactless electronic money settlement system

Also Published As

Publication number Publication date
JP2004265156A (en) 2004-09-24

Similar Documents

Publication Publication Date Title
US12050674B2 (en) Biometric identification device and methods of use
US7284125B2 (en) Method and apparatus for personal identification
US20230124022A1 (en) Security system for handheld wireless devices using time-variable encryption keys
US10637854B2 (en) User-wearable secured devices provided assuring authentication and validation of data storage and transmission
US10560444B2 (en) Methods, apparatuses and systems for providing user authentication
TW565786B (en) Electronic transaction systems and methods therefor
US7505941B2 (en) Methods and apparatus for conducting electronic transactions using biometrics
US8799670B2 (en) Biometric authentication method, computer program, authentication server, corresponding terminal and portable object
US10154031B1 (en) User-wearable secured devices provided assuring authentication and validation of data storage and transmission
JP2005032164A (en) Authentication system, authentication device, server device, registration device, and terminal device
US20170316408A1 (en) Bionumerical Authentication Systems
US20220311610A1 (en) Authentication system using paired, role reversing personal devices
Nath et al. Issues and challenges in two factor authentication algorithms
JP2006190175A (en) Rfid-use type authentication control system, authentication control method and authentication control program
KR20100006004A (en) Autentification processing method and system using card, card terminal for authentification processing using card
JP2005148982A (en) Method for authenticating user, user information acquisition device, authentication server device, program for user information acquisition device, and program for authentication server device
WO2018231713A1 (en) User-wearable secured devices provided assuring authentication and validation of data storage and transmission
US20170344984A1 (en) Card payment system and method for using body information
CN116830532A (en) Mobile device privacy protection system and method
WO2004079639A1 (en) Authentication method for electronic settlement using password-only ic card
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
JP3903629B2 (en) Information processing apparatus and storage medium storing program used for information processing apparatus
JP2001067477A (en) Individual identification system
JPH10255005A (en) User authentication system
JP2002269045A (en) Method and device for identification

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN KR US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase