System for mutually certifying an IC card and an IC card terminal
First Claim
Patent Images
1. An IC card system having an IC card and an external device which exchange certification data to certify each other, comprising:
- an IC card including;
data storage means for storing a plurality of data used by the IC card;
includinga first storage section for storing a plurality of key data;
a second storage section for storing a plurality of encryption algorithms; and
a third storage section for storing a command to be executed by the IC card, the command being sent from said external device;
a first contractor for communicating with the external device;
first designation means for designating a first pair of key data and an encryption algorithm stored in said data storage means of said IC card, and said external device, respectively;
data generating means for generating first and second certification data;
first encryption means for encrypting the first certification data by using the first pair of key data and the encryption algorithm read out from said data storage means in said IC card to deliver a first encryption output;
first comparison means for comparing the first encryption output from said first encryption means in said IC card and a second encryption output obtained in said external device to deliver a first coincidence output;
reading means for reading out a second pair of key data and an encryption algorithm from said data storing means in accordance with second designation data sent from the external device;
second encryption means for encrypting the second certification data by using the second pair of key data and the encryption algorithm designated by the external device to deliver a second encryption output in response to the first coincidence output delivered from the first comparison means; and
said external device including;
data storage means for storing a plurality of data including;
a fourth storage second for storing a plurality of key data; and
a fifth storage section for storing a plurality of encryption algorithms;
a second contractor including means for connecting with the first contactor for communicating with the IC card;
third encryption means for encrypting the first certification data to deliver a second encryption output by using the first pair of key data and the encryption algorithm read out from the fourth and fifth storage sections in accordance with the first designation data sent from the IC card;
second designation means for designating a second pair of key data from said fourth storage section, and designating the encryption algorithm stored in said IC card, respectively;
fourth encryption means for encrypting the second certification data by using the second pair of key data and the encryption algorithm read out from the third and fourth storing means to deliver a fourth encryption output when the first coincidence output is delivered from the first comparison means;
second comparison means for comparing the fourth encryption output with the second encryption output to deliver a second coincidence output;
means for delivering an output representing that the IC card is valid when the second coincidence output is delivered from said comparison means; and
means for sending the command to the IC card when the output is delivered from the output delivering means.
0 Assignments
0 Petitions
Accused Products
Abstract
A mutual certification method includes an IC card having a random number generator, a plurality of key data and a plurality of encryption algorithms, and an IC card terminal which also has a random number generator, a plurality of key data and a plurality of encryption algorithms. The key data and encryption algorithm to be used are designated, and a random number may be transmitted for encryption and return, so that mutual certification may be performed.
-
Citations
2 Claims
-
1. An IC card system having an IC card and an external device which exchange certification data to certify each other, comprising:
-
an IC card including; data storage means for storing a plurality of data used by the IC card;
includinga first storage section for storing a plurality of key data; a second storage section for storing a plurality of encryption algorithms; and a third storage section for storing a command to be executed by the IC card, the command being sent from said external device; a first contractor for communicating with the external device; first designation means for designating a first pair of key data and an encryption algorithm stored in said data storage means of said IC card, and said external device, respectively; data generating means for generating first and second certification data; first encryption means for encrypting the first certification data by using the first pair of key data and the encryption algorithm read out from said data storage means in said IC card to deliver a first encryption output; first comparison means for comparing the first encryption output from said first encryption means in said IC card and a second encryption output obtained in said external device to deliver a first coincidence output; reading means for reading out a second pair of key data and an encryption algorithm from said data storing means in accordance with second designation data sent from the external device; second encryption means for encrypting the second certification data by using the second pair of key data and the encryption algorithm designated by the external device to deliver a second encryption output in response to the first coincidence output delivered from the first comparison means; and said external device including; data storage means for storing a plurality of data including; a fourth storage second for storing a plurality of key data; and a fifth storage section for storing a plurality of encryption algorithms; a second contractor including means for connecting with the first contactor for communicating with the IC card; third encryption means for encrypting the first certification data to deliver a second encryption output by using the first pair of key data and the encryption algorithm read out from the fourth and fifth storage sections in accordance with the first designation data sent from the IC card; second designation means for designating a second pair of key data from said fourth storage section, and designating the encryption algorithm stored in said IC card, respectively; fourth encryption means for encrypting the second certification data by using the second pair of key data and the encryption algorithm read out from the third and fourth storing means to deliver a fourth encryption output when the first coincidence output is delivered from the first comparison means; second comparison means for comparing the fourth encryption output with the second encryption output to deliver a second coincidence output; means for delivering an output representing that the IC card is valid when the second coincidence output is delivered from said comparison means; and means for sending the command to the IC card when the output is delivered from the output delivering means.
-
-
2. A certification method for an IC card system utilizing an IC card having a plurality of key data and a plurality of encryption algorithms and an external device having a plurality of key data and a plurality of encryption algorithms, the external device and the IC card exchanging certification data to certify each other, the method comprising the steps of:
-
sending from the IC card to the external device a first designation data for designating a first pair of key data and an encryption algorithm stored in said external device; reading out the first pair of key data and the encryption algorithm stored in said IC card; generating first and second certification data; encrypting the first certification data using the first pair of key data and the encryption algorithm read out from said IC card, to deliver a first encryption output; comparing the first encryption output obtained in said IC card and a second encryption output obtained in said external device to deliver a first coincidence output; reading out a second pair of key data and an encryption algorithm from said IC card in accordance with a second designation data sent from the external device; encrypting the second certification data by using the second pair of key data and the encryption algorithm designated by the external device to deliver a second encryption algorithm output in response to the first coincidence output; encrypting the first cerification data to deliver a second encryption output by using the first pair of key data and the encryption algorithm read out from the external device in accordance with the first designation data sent from the IC card; designating a second pair of key data and the encryption algorithm stored in said external device; encrypting the second certification data by using the second pair of key data and the encryption algorithm read out from the external device to deliver a fourth encryption output when the first coincidence output is delivered; comparing the fourth encryption output with the second encryption output to deliver a second coincidence output; producing a valid output signal signifying that the IC card is valid when the second coincidence output is obtained; and sending a command from the external device to the IC card requesting further processing when the valid output signal is delivered at the output delivering step.
-
Specification