Secure data transfer method of using a smart card
First Claim
1. A smart card, comprising:
- a communication unit to communicate with the outside;
an information accumulating unit to accumulate data and a program; and
an arithmetic processing unit to perform information processing,wherein said information accumulating unit stores value data, a transfer key that encrypts the value data, a transfer key identifier that verifies whether the transfer key is newer or older in accordance with a value of the transfer key identifier, an update key that encrypts the transfer key, and an upper limit of the transfer key identifier that represents an upper limit of the transfer key identifier that can be stored by the smart card,wherein said arithmetic processing unit updates the transfer key identifier and the transfer key by performing encryption using the update key on the basis of common-key cryptography,wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key on the basis of the common-key cryptography,wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said transfer key identifier to the outside as response data,wherein if command data that requests update permission of said transfer key is received, said arithmetic processing unit generates a first random number and transmitting said first random number to the outside as response data,wherein if command data which requests to obtain said transfer key, and which stores a second random number, is received, said arithmetic processing unit transmits first encrypted data, into which the second random number, said transfer key identifier, and said transfer key are encrypted by use of said update key on the basis of common-key cryptography, to the outside as response data, andwherein if command data which requests update of said transfer key, and which stores second encrypted data, is received, said arithmetic processing unit decrypts said second encrypted data by use of said update key on the basis of common-key cryptography to extract first data, second data, and third data, and if said first data is equivalent to said first random number, and if a value of said second data is between a value of said upper limit of transfer key identifier and a value of said transfer key identifier, changes a value of said transfer key identifier to a value of said second data, and chances a value of said transfer key to a value of said third data.
1 Assignment
0 Petitions
Accused Products
Abstract
A smart card and a settlement terminal are provided by which, when common-key cryptography is used for value transfer between smart cards, the security of the whole system can be improved by enabling easy updating of a cryptographic key used for the value transfer. A smart card transmits/receives value data to/from another smart card. The smart card includes an information accumulating unit for accumulating value data, a transfer key used to update the value data, and an update key used to update the transfer key; a communication unit for receiving a transfer key encrypted by use of the update key, the transfer key being transmitted from another smart card; and an arithmetic processing unit for decrypting the encrypted transfer key by use of the update key to update the transfer key accumulated in the information accumulating unit by use of the decrypted transfer key.
61 Citations
5 Claims
-
1. A smart card, comprising:
-
a communication unit to communicate with the outside; an information accumulating unit to accumulate data and a program; and an arithmetic processing unit to perform information processing, wherein said information accumulating unit stores value data, a transfer key that encrypts the value data, a transfer key identifier that verifies whether the transfer key is newer or older in accordance with a value of the transfer key identifier, an update key that encrypts the transfer key, and an upper limit of the transfer key identifier that represents an upper limit of the transfer key identifier that can be stored by the smart card, wherein said arithmetic processing unit updates the transfer key identifier and the transfer key by performing encryption using the update key on the basis of common-key cryptography, wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key on the basis of the common-key cryptography, wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said transfer key identifier to the outside as response data, wherein if command data that requests update permission of said transfer key is received, said arithmetic processing unit generates a first random number and transmitting said first random number to the outside as response data, wherein if command data which requests to obtain said transfer key, and which stores a second random number, is received, said arithmetic processing unit transmits first encrypted data, into which the second random number, said transfer key identifier, and said transfer key are encrypted by use of said update key on the basis of common-key cryptography, to the outside as response data, and wherein if command data which requests update of said transfer key, and which stores second encrypted data, is received, said arithmetic processing unit decrypts said second encrypted data by use of said update key on the basis of common-key cryptography to extract first data, second data, and third data, and if said first data is equivalent to said first random number, and if a value of said second data is between a value of said upper limit of transfer key identifier and a value of said transfer key identifier, changes a value of said transfer key identifier to a value of said second data, and chances a value of said transfer key to a value of said third data.
-
-
2. A smart card, comprising:
-
a communication unit to communicate with the outside; an information accumulating unit to accumulate data and a program; and an arithmetic processing unit to perform information processing, wherein said information accumulating unit stores value data, a transfer key that encrypts the value data, a transfer key identifier that verifies whether the transfer key is newer or older in accordance with a value of the transfer key identifier, a first public key certificate including a first public key, which encrypts the transfer key, a secret key corresponding to the first public key, and an upper limit of transfer key identifier that represents an upper limit of the transfer key identifier which can be stored by the smart card, wherein said arithmetic processing unit updates the transfer key identifier and the transfer key by performing encryption using the first public key certificate and the secret key on the basis of public-key cryptography, wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key on the basis of common-key cryptography, wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said transfer key identifier and said first public key certificate to the outside as response data, wherein if command data which requests update permission of said transfer key, and which stores a second public key certificate including a second public key, is received, said arithmetic processing unit generates a first random number and transmitting said first random number to the outside as response data, wherein if command data which requests to obtain said transfer key, and which stores a second random number and a third public key certificate including a third public key, is received, said arithmetic processing unit first creates first encrypted data into which said transfer key identifier and said transfer key are encrypted by use of said third public key on the basis of public-key cryptography, next creates first digital signature data from said first encrypted data and said second random number by use of said secret key on the basis of public-key cryptography, and lastly transmits said first encrypted data and said first digital signature data to the outside as response data, and wherein if command data which requests update of said transfer key, and which stores second encrypted data and second digital signature data, is received, said arithmetic processing unit first checks said second digital signature data by use of said second public key on the basis of public-key cryptography, next decrypts the second encrypted data by use of said secret key on the basis of public-key cryptography to extract first data and second data, and lastly if a value of the first data is between a value of said upper limit of transfer key identifier and a value of said transfer key identifier, changes a value of said transfer key identifier to a value of said first data, and a value of said transfer key to a value of said second data.
-
-
3. A smart card, comprising:
-
a communication unit to communicate with the outside; an information accumulating unit to accumulate data and a program; and an arithmetic processing unit to perform information processing, wherein said information accumulating unit stores value data, a transfer key that encrypts the value data, a transfer key identifier that verifies whether the transfer key is newer or older in accordance with a value of the transfer key identifier, an update key that updates the transfer key, an update key identifier that verifies whether the update key is newer or older in accordance with a value of the update key identifier, a first public key certificate including a first public key, which encrypts the transfer key, a secret key corresponding to the first public key, and an upper limit of transfer key identifier that represents an under limit of the transfer key identifier which can be stored by the smart card, wherein said arithmetic processing unit updates the transfer key by use of the update key on the basis of common-key cryptography, or updates the transfer key by use of the first public key certificate and the secret key on the basis of common-key cryptography, wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key on the basis of the common-key cryptography, wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said transfer key identifier, said update key identifier, and said first public key certificate to the outside as response data, wherein if command data that requests update permission of said transfer key is received, said arithmetic processing unit generates a first random number and transmits said first random number to the outside as response data, wherein if command data which requests to obtain said transfer key, and which stores a second random number, is received, said arithmetic processing unit transmits first encrypted data, into which said second random number, said transfer key identifier, and said transfer key are encrypted by use of said update key on said basis of common-key cryptography, to outside as response data, and wherein if command data which requests update of said transfer key, and which stores second encrypted data, is received, said arithmetic processing unit first decrypts said second encrypted data by use of said update key on said basis of common-key cryptography to extract first data, second data, and third data, and next if the first data is equivalent to the first random number, and if a value of the second data is between a value of the upper limit of transfer key identifier and a value of the transfer key identifier, chances a value of the transfer key identifier to a value of the second data, and changes a value of the transfer key to a value of the third data.
-
-
4. A smart card, comprising:
-
a communication unit to communicate with the outside; an information accumulating unit to accumulate data and a program; and an arithmetic processing unit to perform information processing, wherein said information accumulating unit stores value data, a transfer key that encrypts the value data, a transfer key identifier that verifies whether the transfer key is newer or older in accordance with a value of the transfer key identifier, an update key that updates the transfer key, an update key identifier that verifies whether the update key is newer or older in accordance with a value of the update key identifier, a first public key certificate including a first public key, which encrypts the transfer key, a secret key corresponding to the first public key, and an upper limit of transfer key identifier that represents an upper limit of the transfer key identifier which can be stored by the smart card, wherein said arithmetic processing unit updates the transfer key by use of the update key on the basis of common-key cryptography, or updates the transfer key by use of the first public key certificate and the secret key on the basis of common-key cryptography, wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key on the basis of the common-key cryptography, wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said transfer key identifier, said update key identifier, and said first public key certificate to the outside as response data, wherein if command data which requests update permission of said transfer key, and which stores a second public key certificate including a second public key, is received, said arithmetic processing unit generates a first random number and transmitting said first random number to the outside as response data, wherein if command data which requests to obtain said transfer key, and which stores a second random number and a third public key certificate including a third public key, is received, said arithmetic processing unit first creates first encrypted data into which said transfer key identifier and said transfer key are encrypted by use of said third public key on the basis of public-key cryptography, next creates first digital signature data from said first encrypted data and the second random number by use of the secret key on the basis of public-key cryptography, and lastly transmits said first encrypted data and the first digital signature data to outside as response data, and wherein if command data which requests update of said transfer key, and which stores second encrypted data and second digital signature data, is received, said arithmetic processing unit first verifies the second digital signature data by use of said second public key on the basis of public-key cryptography, next decrypts said second encrypted data by use of said secret key on the basis of public-key cryptography to extract first data and second data, and lastly if a value of the first data is between a value of the upper limit of transfer key identifier and a value of said transfer key identifier, changes a value of said transfer key identifier to a value of the first data, and changes a value of said transfer key to a value of the second data.
-
-
5. A smart card, comprising:
-
a communication unit to communicate with the outside; an information accumulating unit to accumulate data and a program; and an arithmetic processing unit to perform information processing, wherein said information accumulating unit stores value data, two or more transfer keys that encrypts the value data, a transfer key identifier that includes a selection transfer key identifier that identifies the transfer key currently selected, and that identifies said two or more transfer keys, and an update key used to update the transfer key, wherein if the value of the transfer key identifier, which is received by said communication unit, is newer than that of said selection transfer key identifier, and which is equivalent to either a value of said transfer key identifier stored by said information accumulating unit, said arithmetic processing unit updates said selection transfer key identifier to the transfer key identifier received by said communication unit by performing encryption using the update key on the basis of common-key cryptography, wherein said arithmetic processing unit updates the value data by performing encryption using the transfer key corresponding to the update transfer key identifier on the basis of common-key cryptography, wherein if command data that requests transmission of card information is received, said arithmetic processing unit transmits said selection transfer key identifier to the outside as response data, wherein if command data that requests update permission of the transfer key is received, said arithmetic processing unit generates a first random number and transmitting the first random number to the outside as response data, wherein if command data which requests to obtain the transfer key, and which stores a second random number, is received, said arithmetic processing unit transmits first encrypted data, into which said second random number, said selection transfer key identifier are encrypted by use of said update key on the basis of common-key cryptography, to the outside as response data, and wherein if command data which requests update of the transfer key, and which stores second encrypted data, is received, said arithmetic processing unit decrypts the second encrypted data by use of the update key on the basis of common-key cryptography to extract first data, second data, and if the first data is equivalent to the first random number, and if a value of the second data which is equivalent to one of values of said transfer key identifiers, and which is newer than that of said selection transfer key identifier used to identify said transfer key currently selected, changes a value of said selection transfer key identifier to a value of the second data.
-
Specification