電子マネー・システムにおけるセキュリティ対策:リスク管理に焦点を当てて

Similar documents
サイドチャネル攻撃に対する安全性評価の研究動向とEMVカード固有の留意点


untitled


山田正雄ゼミナール 

リテール・バンキング・システムのICカード対応に関する現状とその課題

中田真佐男 323‐352/323‐352

電子マネーと通信産業の戦略

内閣官房情報セキュリティセンター(NISC)

( )

橡セキュリティポリシー雛形策定に関する調査報告書

21 Key Exchange method for portable terminal with direct input by user

29 jjencode JavaScript

ICカード利用システムにおいて新たに顕現化したPre-play attackとその対策

ICカード利用システムにおいて新たに顕現化した中間者攻撃とその対策

橡ボーダーライン.PDF

NRI , ,161, , ,736,663 87, ,938,239 74, ,944,577 47,667 4,085,836 30,644

IPA

情報セキュリティの現状と課題

<95DB8C9288E397C389C88A E696E6462>

_念3)医療2009_夏.indd

Huawei G6-L22 QSG-V100R001_02

_先端融合開発専攻_観音0314PDF用

モバイルプリペイド決済の実現モデルの調査研究

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

生理学研究所博士後期課程大学院生募集案内

第一次大戦後の日本における国債流通市場の制度改革

untitled

I

TH-47LFX60 / TH-47LFX6N

7,, i


経済論集 46‐2(よこ)(P)☆/2.三崎


°Å¹æµ»½Ñ¤Î¿ôÍý¤È¤·¤¯¤ß --- ¥á¡¼¥ë¤Ç¤¸¤ã¤ó¤±¤ó¡©¤¹¤ëÊýË¡ ---

<4D F736F F D F81798E518D6C8E9197BF33817A88C38D868B5A8F70834B D31292E646F63>


大学論集第42号本文.indb


ユーザーズマニュアル

Journal of Geography 116 (6) Configuration of Rapid Digital Mapping System Using Tablet PC and its Application to Obtaining Ground Truth


Sport and the Media: The Close Relationship between Sport and Broadcasting SUDO, Haruo1) Abstract This report tries to demonstrate the relationship be

RIETI Highlight VOL.25

AMR日本語版書式

ApeosPort-III C3300 / C2200

IPSJ SIG Technical Report Vol.2016-CE-137 No /12/ e β /α α β β / α A judgment method of difficulty of task for a learner using simple

..,,...,..,...,,.,....,,,.,.,,.,.,,,.,.,.,.,,.,,,.,,,,.,,, Becker., Becker,,,,,, Becker,.,,,,.,,.,.,,

Hospitality-mae.indd

52-2.indb

IMES Discussion Paper Series 98-J

a

「暗号/情報セキュリティ」


三税協力の実質化 : 住民税の所得税閲覧に関する国税連携の効果

大学における原価計算教育の現状と課題

The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). The material has been made available on the website

untitled

SG79F095HO2


会社法制上の資本制度の変容と企業会計上の資本概念について

Web Stamps 96 KJ Stamps Web Vol 8, No 1, 2004

91 / GNI.-*,**, + + +,*. +,*..+ +, ,*-+ 0,*,3 2, /+./1.+, 10. /02 -/ ,- *,*.,**/ + +/, 3** ,

Transcription:

1999 IC IC 2008 2 5 10 E-mail: masataka.suzuki@boj.or.jp E-mail: hirokawa@imes.boj.or.jp E-mail: une@imes.boj.or.jp //2008.8 39

1. 1990 2007 1 IC 1 1 20072006 2007 1 Edy Edy IC 2007 2 22 IC PASMO IC 2008 1 23 40 /2008.8

2 3 IC 4 NIST CRYPTREC 5 Une and Kanda [2007] 2007 1999 10 2 Suica 2007 11 10 WebMoney 2007 12 3 http://www.webmoney.jp/news/20071203_1.html 3 2007 12 20 64% 2008 1 14 4 1999 5CRYPTRECCryptography Research and Evaluation Committees 41

1999 2 3 4 2. 1 2. 42 /2008.8

2. 1 43

2 3 2 1 2 2 2 2 2 2 3 2 3 1 2. 2 2 1 2 1 2 2 1 2 2 2 1 2 44 /2008.8

2. 2 1 3 2 IC. 1990 Kocher [1996]Kocher, Jaffe, and Jun [1999] 1990 CMVPCryptographic Module Validation Program 1995 JCMVPJapan Cryptographic Module Validation Program, IPA2007 2007 4 IC 45

EMVCo EMVCo [2006] 6. NESSIENew European Schemes for Signatures, Integrity, and Encryption NESSIE consortium [2003] CRYPTREC 2003 NIST [2005] Une and Kanda [2007]2007 IC 7. 10 19991999 6 2008 7 1 Cartes Bancaires IC 2001 1989 RSA 200 IC IC 1999 2000 IC 46 /2008.8

3 1999 1999 3. 8 3 4 9 8 9 47

4 3 3 3. 10 Chida, Manbo, and Shizuya [2001] Chida, Manbo, and Shizuya [2001] unforgeability 1998 1998 1998 1999 10 48 /2008.8

1999. 1999 1999 1999. 1999 5 13 1 49

5 1 1 2 1 3 4 5 6 1 1 2 2 2 2 7 3 3 8 3 3 9 3 3 2 3 3 1999 1 3 1 3 2 3 9 19 50 /2008.8

6 1 2 3 4 5 11 5 15 6 3. 5 15 1 7. 11 IC 1 IC IC 51

7. 1999 3 8 M1 M2 M3 52 /2008.8

8 M1M3 M1 M2 M3 7 M1M3 3 ID U, ID U 0 ID U Λ V U PK U, SK U PK U 0, SK U 0 PK U Λ, SK U Λ PK I, SK I K E X.Y/ S X.Y/ DT DB.ID/ DB.PK/ DB.V/ U U 0 U Λ12 U U U 0 U Λ X Y X X Y ID 15 M1M3 9 M1 K ID U DT E K.ID U ; DT/ M2 K S I.ID U / DT E K.S I.ID U /; DT/ 12 U Λ 1999 53

9 1 2 M1 K, ID U, V U M2 K, S I.ID U /, V U M3 SK U, S I.PK U /, V U M1 K M2 K, PK I M3 PK I M1 K, DB.ID/ M2 K, PK I, SK I, DB.ID/ M3 PK I, SK I, DB.PK/ M1 K, DB.ID/, DB.V/ M2 K, PK I, SK I, DB.ID/, DB.V/ M3 PK I, SK I, DB.PK/, DB.V/ 3 M1 K, DB.ID/ M2 K, PK I, SK I, DB.ID/ M3 PK I, SK I, DB.PK/ 4 M1M3 M1 K, DB.ID/, DB.V/ 5 M1 K, ID U M2 K, S I.ID U / M3 SK U, S I.PK U / M2 K, PK I, SK I, DB.ID/, DB.V/ M3 PK I, SK I, DB.PK/, DB.V/ M3 SK U DT S U.DT/ 1, 2 M1 K E K.ID U ; DT/ DT M2 K E K.S I.ID U /; DT/ PK I S I.ID U / DT M3 PK I S I.PK U / PK U PK U S U.DT/ DT 35 M1 K E K.ID U,DT)ID U M2 K E K.S I.ID U /,DT) PK I S I.ID U / ID U M3 PK I S I.PK U / PK U PK U S U.DT/ 4, 5 54 /2008.8

2 2. D0D1. ID 13 S0A U 0A I 0 S1A U 1A I 1. M1M3 10 M3 10 M1 D0-S0 M2 D0-S1-A I 0 13 55

10 M1 M2 M3 M1M3 D0-S0 S0 D0 D0-S1 S1 D1-S0 S0 D1 D1-S1 S1 D0-S0-A I 0 S0 A I 0 D0-S1-A I 0 S1 A I 0 D0 D0-S0-A I 1 S0 A I 1 D0-S1-A I 1 S1 A I 1 D1-S0-A I 0 S0 A I 0 D1-S1-A I 0 S1 A I 0 D1 D1-S0-A I 1 S0 A I 1 D1-S1-A I 1 S1 A I 1 D0-A U 0-A I 0 A U 0 A I 0 D0-A U 1-A I 0 D0 A U 1 A I 0 D0-A U 1-A I 1 A U 1 A I 1 D1-A U 0-A I 0 A U 0 A I 0 D1-A U 1-A I 0 D1 A U 1 A I 0 D1-A U 1-A I 1 A U 1 A I 1 3 IC PC PC 56 /2008.8

3 4 S1 K A U 1 SK U SK U 0 A I 1 SK I D1 11 M1 K M2 K SK I 4 M3 SK U SK U SK U 0 SK U SK U 0 SK I 3 4 5 11 3 57

11 M1 M2 M3 1 2 3 4 5 D0-S0 D0-S1 K K D1-S0 K K D1-S1 K D0-S0-A I 0 D0-S1-A I 0 K D0-S0-A I 1 SK I D0-S1-A I 1 K, SK I K D1-S0-A I 0 K K D1-S1-A I 0 K K, SK I D1-S0-A I 1 K, SK I SK I K, SK I D1-S1-A I 1 K, SK I D0-A U 0-A I 0 D0-A U 1-A I 0 SK U, SK U 0 D0-A U 1-A I 1 SK U, SK U 0, SK I SK U D1-A U 0-A I 0 SK U, SK U 0 D1-A U 1-A I 0 SK U, SK U 0 D1-A U 1-A I 1 SK U, SK U 0, SK I 58 /2008.8

12 1 2 3 4 5 0-0-0 M1 K 2-2-2 2-2-0 0-1-0 M2 M3 0-0-0 K 2-2-0 0-1-0 SK I 0-0-0 K, SK I 2-2-2 2-2-0 0-1-0 0-0-0 SK U 2-0-0 0-0-0 SK U, SK U 0 2-2-0 0-1-0 SK U, SK U 0, SK I 2-2-2 2-2-0 0-1-0 3 012 12 14 0-1-0 3 1 2 3 0-1-0 M1 M2 K 1, 2 M2 2-2-0M1 2-2-2 35 M1 M2 M2 M1 15 1, 2 3 14 15 M1 KM2 K SK I M3 SK U SK U 0 SK I 59

4, 5 4, 5 4. 1 3 2 1 1 1 1 1 60 /2008.8

13 1 1 Suica PASMO Edy nanaco WAON Octopus 250,000 149,995 20,000 20,000 5 5 50,000 1,035 HKD 14,914 1 20,000 20,000 50,000 29,999 50,000 1,000 HKD 14,410 Octopus Cards Limited 2 1 1 QUICPay id Smartplus 20,000 30,000 OneTouch (Barclaycard) 10 GBP 2,192 JCB DCMX UFJ Barclaycard QUICPayiDSmartplus 13 16 16 13 1 Suica 2 Suica http://www.jreast.co.jp/suica/faq/faq05.html#10 PASMO 1 2 PASMO http://www.pasmo.co.jp/stipulation/e_money.html Edy am/pm 1 5 http://www.ampm.jp/service/edy/ nanaco -1 5 nanaco http://www.nanaco-net.jp/faq/faq_shopping.html WAON WAON http://www.waon.com/guide/index.html Octopus If the remaining value on an Octopus is positive (e.g. HK$0.1 or above) but insufficient to cover the payment of a particular transaction, then the Octopus can still be used provided the resulting negative value does not exceed HK$35. http://www.octopuscards.com/consumer/help/faq/en/index.jsp QUICPay 2 http://www.quicpay.jp/faq/index.html#q4 OneTouch OneTouch payment is a new cashless way to pay for low value purchases of 10 and under more quickly and conveniently. http://www.barclaycard-onepulse.co.uk/onepulsefaq.html?set=set6 id DoCoMo Smartplus UFJ 61

3. 1 2 1 1 IC EMV EMVCo [2004] RSA 17 EMV 2 2 3 3 18 Octopus OneTouch 1 HKD = 14.41 JPY1 GBP = 219.26 JPY2008 1 9 UFJ 17 EMVCo RSA URL http://www.emvco.com/bulletins.asp?show=14 18 IP 62 /2008.8

14 14 9 15 9 4, 5 4, 5 3 3. 1-1 -2-1 35 35 3 35 63

-2 1, 2 1, 2. -1-2 -1 2, 4, 5-1-1 4, 5 5 19 19 64 /2008.8

-1-2 2 20-2 2, 4 2, 4 21. ID -1-2 -1 35 3 35 20 21 65

-2 1, 2. 35 1, 2-1-2-1 1, 2 66 /2008.8

-2 1, 2. 15 35 67

. 15 1, 2 3 4, 5 3 4, 5 68 /2008.8

15 WL BL 69

5. 10 1999 70 /2008.8

. 1 15 M1 15 M1 E K.ID U ; DT/E K.ID U 0 ; DT/E K.ID U Λ ; DT/ M1 K K K 1 2 3 4 5 K K ID U 0 ID U Λ K U U ID U 0 ID U Λ DB.ID/ 71

K 1 2 3 4 5 K 2 15 M2 15 M2 E K.S I.ID U /,DT)E K.S I.ID U 0 /; DT/ E K.S I.ID U Λ /; DT/ M2 K SK I K SK I 4 K 1 2 3 4 5 K S I.ID U 0 / K U U ID U 0 SK I S I.ID U Λ / 72 /2008.8

SK I 1 2 3 4 5 SK I S I.ID U / S I.ID U 0 /S I.ID U Λ / K K SK I 1 2 3 4 5 K 13 M2 SK I ID U Λ S I.ID U Λ / S I.ID U Λ / K K 4, 5 M2 ID U Λ DB.ID/ 1 2 3 4 5 K SK I 73

3 15 M3 15 M3 S U.DT/, S I.PK U / S U 0.DT/,S I.PK U 0 /S U Λ.DT/,S I.PK U Λ / M3 SK U SK U SK U 0 SK U SK U 0 SK I 4 SK U 1 2 3 4 5 SK U U U SK U 0 S U Λ.DT/ SK I S I.PK U Λ / SK U SK U 0 1 2 3 4 5 SK U 13 M3 SK U 0 S I.PK U 0 / SK U 4, 5 M3 ID U 0 SK I 15 M3 74 /2008.8

SK U SK U 0 SK I 1 2 3 4 5 SK U SK U 0 13 M3 SK I PK U Λ S I.ID U Λ / PK U Λ SK U Λ SK U SK U 0 4, 5 M3 PK U Λ DB.PK/ 1 2 3 4 5 SK U SK U 0 S U Λ.DT/ SK I S I.PK U Λ / 75

IC EMV 26 1 2007 3152 2003 http://www.cryptrec.jp/images/cryptrec_01.pdf 27 1 2008 79114 IPA IPA2007 http://www.ipa.go.jp/security/jcmvp/ 18 2 1999 57114 20 2 2001 2132 ISECvol. 98 no. 4261998 6774 2007 12 10 http://www.yano.co.jp/press/pdf/314.pdf Chida, E., M. Manbo, and H. Shizuya, Digital Money A Survey, Interdisciplinary Information Sciences, vol. 7, no. 2, Tohoku University, 2001, pp. 135 165. EMVCo, EMV Integrated Circuit Card Specification for Payment Systems (EMV 4.1): Book 2 Security and Key Management, EMVCo, 2004., EMV Security Guidelines: EMVCo Security Evaluation Process, v1.0, EMVCo, 2006. Kocher, P., Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proc. of CRYPTO 96, Springer-Verlag, 1996, pp. 104 113., J. Jaffe, and B. Jun, Differential Power Analysis, Proc. of CRYPTO 99, Springer-Verlag, 1999, pp. 388 397. National Institute of Standards and Technology (NIST), Recommendation on Key Management, SP800-57, NIST, 2005. (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-part1.pdf) New European Schemes for Signatures, Integrity, and Encryption (NESSIE) consortium, Portfolio of recommended cryptographic primitives, NESSIE, 2003. (https://www.cosic.esat.kuleuven.be/nessie/deliverables/decision-final.pdf) Une, M., and M. Kanda, Year 2010 Issues on Cryptographic Algorithms, Monetary and Economic Studies, vol. 25, no. 1, Institute for Monetary and Economic Studies, 76 /2008.8

Bank of Japan, 2007, pp. 129 164. 77

78 /2008.8

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック