Method for issuing ic card storing encryption key information
Abstract
It is possible to issue an IC card storing unique encryption key information in such a manner that re-issuing is enabled and sufficient security can be assured. An IC card provider X delivers an IC card having a group code G(A) to a company A and an IC card having a group code G(B) to a company B. When a company staff α inputs a unique personal code P(α) and performs initialization, in the IC card, calculation is performed according to a predetermined algorithm using the P(α) and G(A). Data uniquely determined by the calculation is stored as encryption key information K(α) in the IC card. Even if the company staff α loses the IC card, it is possible to obtain the IC card having the same encryption key information K(α) as before by performing initialization again by using the IC card delivered by the IC card provider X.
Claims
exact text as granted — not AI-modified1 . A method for issuing a plurality of IC cards, each storing unique encryption key information, to specific individuals belonging to specific groups, the method for issuing IC cards storing encryption key information comprising the steps of:
preparing IC cards ( 100 ), each having a CPU ( 120 ), a memory ( 110 ), and an I/O unit ( 130 ), which performs transaction of information with respect to the exterior, and having stored in the memory, a key information generating program, which, by performing a calculation process based on a predetermined algorithm using at least two pieces of data, generates encryption key information that is uniquely determined by the two pieces of data (S 1 ); defining a secret group code (G) for each group, and writing the secret group code, defined for a group to which an individual, to whom an IC card is to be issued, belongs, into the memory of each prepared IC card (S 2 ); writing a predetermined secret personal code (P), designated by an individual to whom an IC card is to be issued, into the memory of each prepared IC card (S 3 ); and making the CPU execute the key information generating program to generate encryption key information (K) using at least the two pieces of data of the secret group code and the secret personal code and store this encryption key information into the memory of each IC card.
2 . The method for issuing IC cards storing encryption key information according to claim 1 , wherein
an encryption key itself, which is used for encryption or decryption, is generated as the encryption key information (K).
3 . The method for issuing IC cards storing encryption key information according to claim 1 , wherein
a key table, a portion of which is used as an encryption key used for encryption or decryption, is generated as the encryption key information (K).
4 . The method for issuing IC cards storing encryption key information according to claim 3 , wherein
two codes are written as secret personal codes (P), a first key table is generated based on a first secret personal code (P(a 1 )) and a secret group code (G(A)), a second key table is generated based on a second secret personal code (P(a 2 )) and a secret group code (G(A)), the two key tables are stored in each IC card as encryption key information, and an encryption key, used in encryption or decryption, is enabled to be obtained by synthesizing a portion of the first key table and a portion of the second key table.
5 . The method for issuing IC cards storing encryption key information according to claim 1 , wherein
a routine, which, when the key information generating program is executed on an IC card for a predetermined number of times, records an instruction prohibiting subsequent execution of the program in the IC card, and a routine, which, when the instruction is recorded, prohibits the execution of the program, are included in the key information generating program.
6 . The method for issuing IC cards storing encryption key information according to claim 1 , wherein
each secret group code is managed so as to be in a state in which it can be known only by a manager not belonging to any group, or only by a manager belonging to a corresponding group, or only by a manager not belonging to any group and a manager belonging to a corresponding group, and each secret personal code is managed so as to be in a state in which it can be known only by a corresponding individual.
7 . An IC card issued by the IC card issuing method according to claim 1 .
8 . The key information generating program used in the IC card issuing method according to claim 1 or an IC card storing said program.
9 . An IC card, used for executing an encryption process or a decryption process using unique encryption key information, the IC card comprising:
a CPU ( 120 ), a memory ( 110 ), and an I/O unit ( 130 ) performing transaction of information with respect to the exterior; there being stored in the memory ( 110 ), a program for performing a process of storing encryption key information generating data, provided from the exterior, into a first storage location and a second storage location, respectively, inside the memory, a program for performing a calculation process based on a predetermined algorithm using a first data stored in the first storage location and a second data stored in the second storage location to generate encryption key information that is uniquely determined according to the two pieces of data and storing the encryption key information in the memory, and a program for executing the encryption process or the decryption process inside the IC card using the encryption key information.
10 . An IC card, used for executing an encryption process or a decryption process using unique encryption key information, the IC card comprising:
a CPU ( 120 ), a memory ( 110 ), and an I/O unit ( 130 ) performing transaction of information with respect to the exterior; there being stored in the memory ( 110 ), a program for performing a process of storing encryption key information generating data, provided from the exterior, into a first storage location and a second storage location, respectively, inside the memory, a program for performing a calculation process based on a predetermined algorithm using a first data stored in the first storage location and a second data stored in the second storage location to generate encryption key information that is uniquely determined according to the two pieces of data and storing the encryption key information in the memory, and a program for reading out the encryption key information or a portion thereof for execution of the encryption process or the decryption process outside the IC card.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.