1. Field of the Invention
The present invention relates to a random number generation method and more particularly relates to a random number generation device, and a method thereof, that could be, for example, mounted on a noncontact IC card to which power is supplied in a noncontact manner, and is easily subjected to external influence.
2. Description of the Related Art
Random numbers are often used in the data processing devices of IC cards, which are the target of the present invention. IC cards are often used to authenticate persons represented by a resident register, credit cards and the like. For the authentication function, a public key encryption is usually used and a random number is used to generate the key. Conventionally, a pseudo-random number generated, for example, by software is used. However, it has been pointed out that biased random numbers which are generated by software, depending on the method used to acquire the seed (which is the base of a random number), often occur and there is a possibility that subsequent numbers may be anticipated when they are generated from the above generated pseudo-random number. In order to solve such problems, a method in which a value is difficult to anticipate has been studied by devising a seed acquisition method; in addition, the mounting of a random number generator utilizing a physical phenomenon, such as thermal noise or the like, has also been studied.
In order to evaluate the randomness of a random number generated by the conventional random number generator, the state of a single random number generator is evaluated. Specifically, the randomness of a random number generated by providing power and a signal only to a random number macro is evaluated. However, the operation of the random number generator is sometimes affected by its operational conditions (such as power voltage or the like and sampling intervals and the like), which generate biased random numbers. More particularly, in a noncontact card, since power supplied from an antenna via an electromagnetic wave is used, the random number generator operates in a relatively unstable power condition. There is also a possibility that the operation of the random number generator will be affected by the location relationship between the IC card and its reader/writer.
As a result, even when a single random number generator in which the occurrence of its randomness has been confirmed is used, the randomness is not always assured when power is supplied from an antenna via an electromagnetic wave and the random number generator is mounted on an unstably powered noncontact IC card. This situation is problematic.
As to the use of random numbers in such IC cards, there is the following prior art.
Patent reference 1: Japanese Patent Application Publication No. H03-294987 “IC Card System”
Patent reference 2: Japanese Patent Application Publication No. 2002-268874 “Random Number Seed Generation Circuit and Driver and SD Memory Card System thereof”
Patent reference 3: Japanese Patent Application Publication No. 2002-32732 “Pseudo-Random Number Acquisition Method in Portable Information Processing Device”
Patent reference 1 discloses a system for providing new services utilizing a security function and a memory function by using an IC card in which a plurality of random numbers are stored in a large capacity of nonvolatile memory.
Patent reference 2 discloses a random number seed generation circuit capable of generating a different random number seed every time power is switched on, since each point in time of outputting the taking-in signal of a power-on resetting circuit, which is for outputting the taking-in signal of a latch for latching the counter value (random number seed) of a counter, is different.
Patent reference 3 discloses a random number acquisition method capable of widely reducing the waiting time for obtaining a random number by storing many random numbers generated in advance in nonvolatile memory or the like and for referring to the memory when a random number is needed. However, even in prior art such as these, when a random number generator is mounted on a noncontact IC card or the like, there is still an unsolvable problem: it cannot be guaranteed that the randomness of a generated random number will always be sufficiently secured regardless of external influence.
It is the first object of the present invention to provide a random number generation device, and a method thereof, for generating a random number whose randomness is secured even in an easily affected environment, such as when the random number generator is mounted on a noncontact IC card or the like.
It is the second object of the present invention to provide a method of evaluating a random number generator that generates random numbers with a fairly short bit length and to find an effective method of using a random number generated with such a random number generator, as when the random number generator is mounted on an IC card.
The random number generation device of the present invention comprises a random number generation unit for generating random numbers, a random number generation control unit for giving a parameter for enabling the random generation unit to generate random numbers, and a randomness determination unit for determining the randomness of each generated random number. If the randomness of a generated random number does not meet a predetermined condition, the random number generation control unit updates the above-described parameter to enable the random number generation unit to generate a new random number.
In the random number generation method of the present invention, a parameter for generating a random number is read from memory, a random number is generated using the parameter, and it is determined whether the randomness of the generated random number meets the predetermined condition. If the randomness does not meet the condition, the parameter for generating the random number is updated and a new random number is generated using the updated parameter. Then, the process after the determination of the randomness of the generated random number is repeated.
Thus, a random number with a secured randomness can be generated, thereby realizing data processing using such a random number.
Next, the random number generator evaluation method of the present invention evaluates a random number generator for generating a random number string with a bit number of less than 20,000. In the random number generator evaluation method, the generation of a random number string by a random number generator and the storage in memory of the generated random number string are repeated. When the total bit number of random number string stored in the memory exceeds 20,000, the randomness of a sample with 20,000 bits or more is determined, and the random number generator is evaluated according to the randomness determination result. Thus, a random number generator can be evaluated by, for example, using the static determination method, as specified in FIPS 140.
Next, the method for using a random number in the present invention is by length in units of bytes. In the method of using a random number in the present invention, generated random numbers are stored in nonvolatile memory in which data can be read and written in units of bytes. When using a random number in an operation, an unused random number with the necessary byte length is read from the nonvolatile memory and is used. Thus, the use of the same random number is restricted in a hardware-like manner, thereby reducing the possibility that a random number can be anticipated.
The random number generation unit 2 generates random numbers. The random number generation control unit 3 provides a parameter for generating a random number to the random number generation unit 2. The randomness determination unit 4 determines the randomness of a generated random number. If the randomness determination unit 4 determines that the randomness of a random number generated by the random number generation unit 2 does not meet a predetermined condition, the random number generation control unit 3 updates the parameter to enable the random generation unit 2 to generate a new random number.
In the present invention, the random number generation device 1 can further comprise a parameter storage unit for storing a default parameter as the parameter to be used to generate a random number at the time of activation. In this case, when the random number generation device 1 is activated, the random number generation control unit 3 can also provide the default parameter to the random number generation unit 2.
If the randomness of the random number generated using the default parameter as the parameter does not meet the predetermined condition, the parameter storage unit can also store an update parameter for the random number generation control unit 3 to use for the parameter update. Alternatively, the parameter storage unit can store a plurality of such update parameters in relation to randomness information that indicates whether the generated random number will likely be biased to 0 or 1. The random characteristic determination unit 4 can also provide, to the random number generation control unit 3, determination information indicating whether the generated random number is biased to 0 or 1, and the random number generation control unit 3 can select the update parameter stored in the parameter storage unit according to the given determination information.
Furthermore, if the randomness of the random number re-generated by the random number generation unit 2 meets the condition, the random number generation control unit 3 can also rewrite the default parameter stored in the parameter storage unit into the parameter used to re-generate the random number.
In the present invention, the random number generation device 1 can also be mounted on an IC card in which power is externally supplied in a noncontact manner.
Next, in the random number generation method of the present invention, a parameter for generating a random number is read from memory, a random number is generated using the parameter, and it is determined whether the randomness of the generated random number meets the predetermined condition. If the randomness does not meet the condition, an update parameter is read as a parameter for generating the random number and a new random number is generated using the update parameter. Then, the process that occurs after the randomness determination of the generated random number is repeated.
As the program for enabling a computer to generate a random number in the present invention, a program is used for enabling the computer to execute the following processes: reading a parameter for generating a random number from memory, generating a random number using this parameter, determining whether the randomness of the generated random number meets a predetermined condition, reading an update parameter as the parameter for generating a random number when the randomness of the generated random number does not meet a predetermined condition, generating a new random number using the update parameter, and repeating the process after the determination of the randomness of the generated random number.
Next, the random number generator evaluation method of the present invention evaluates a random number generator for generating random number string with a bit numbers less than 20,000. In the random number generator evaluation method, the random number generation by a random number generator and the storage in memory of the generated random number string are repeated. When the total bit number of random number string stored in the memory exceeds 20,000, the randomness of a sample with 20,000 bits or more is determined, and the random number generator is evaluated according to the randomness determination result.
Furthermore, the method for using random numbers of the present invention is by length in units of bytes. In this method of using random numbers, generated random numbers are stored in nonvolatile memory in which data can be read and written in units of bytes. When using a random number in an operation, an unused random number with the necessary byte length is read from the nonvolatile memory and is used.
In
In this case, the random number generation unit in claim 1 of the present invention corresponds to the random number generator control circuit 22 and the random number generator 12. The random number generation control unit corresponds to the default correction table parameter setting unit 20 and the correction table parameter update unit 21. The parameter storage unit in claim 2 of the present invention corresponds to the default correction table parameter storage unit 23 and the correction table parameter storage unit 24.
At the time of activation of the IC card 10, the generation of a random number by the random number generator 12 is performed using a default correction table parameter as a parameter for generating a random number. Specifically, the default correction table parameter setting unit 20 sets a default parameter read from the default correction table parameter storage unit 23 in the random number generator control circuit 22, and the random number generator control circuit 22 controls the operation of the random number generator 12. The randomness determination unit 13 determines whether data indicating the randomness of the generated random number, such as the frequency of the appearance of 0 or 1 in the random number, meets a predetermined condition. If the data meets the condition, a termination flag is reported to the random number generation control unit 11 and the operating unit 14, and the generated random number is stored in the random number data storage unit 25 and operates via the operating unit 14 without performing any processes.
If the data does not meet the condition, the fact that the random number cannot be used is reported to the operating unit 14 and the random number generation control unit 11 with an error flag or the like. The correction table parameter update unit 21 of the random generation control unit 11 sets a correction table parameter stored in the correction table parameter storage unit 24 of the nonvolatile memory 15 in the random number generator control circuit 22 instead of the default correction table parameter, and the random number generator 12 re-generates a new random number according to the result. Then, the randomness determination unit 13 determines whether the randomness of the re-generated random number meets the predetermined condition. If the randomness meets the condition, the random number is stored in the random number data storage unit 25, and the operating unit 14 also performs an operation using the random number. Then, the correction table parameter value used to re-generate a new random number is overwritten into the default correction table parameter storage unit 23 of the nonvolatile memory 15 to update the default correction table parameter.
When the re-generated random number does not meet the predetermined condition, the parameter is updated as described above and the operation after the re-generation of a new random number is performed. Thus, when a new random number is generated, the stored contents of the default correction table parameter storage unit 23 is overwritten and updated when a new random number is found whose randomness meets the condition. After the IC card 10 is activated again, the updated default correction table parameter is used to generate a new random number immediately after the reactivation. In this case, by storing the correction table parameter in the nonvolatile memory, the correction table parameter can be easily added/updated externally.
The noncontact communication unit 27 communicates with a noncontact IC card reader/writer. Simultaneously, the noncontact communication unit 27 activates the IC card 10 by receiving an electromagnetic wave from the reader/writer and generating DC power for the IC card, and also generates a power-on resetting signal for resetting each unit. Since the power is supplied in a noncontact environment, the power condition is not always stable and there is a great possibility that the randomness of a generated random number will be a problem.
The random number generator control circuit 22 of the random number generation control unit 11 controls the thermal noise generation device 29, the amplifier 30 and the sampling circuit 31 together constitute the random number generator 12, and random numbers are generated via these devices. The operation of these devices is described in greater detail later.
The counter 33 of the randomness determination unit 13 counts the frequency of the appearance of 0 or 1 in a generated random number in order to determine its randomness. The comparison/determination circuit 34 determines whether the appearance frequency meets a predetermined condition. The random number storage buffer 35 temporarily stores generated random numbers. These operations are also described in more detail later.
When, for example, the communication/power control unit 16 shown in
If in
In
For the random number generator 12, its power is switched on when the counter value reaches a value corresponding to t0 after the resetting of the power-on function and the output of the thermal noise generation device 29 is amplified by an amplifier 30 and is given to a sampling circuit 31. Then, when the counter 46 counts a number corresponding to the time t1, the sampling circuit 31 begins the sampling of the output of the amplifier 30, performs the sampling using the frequency set by the sampling frequency setting register 47, and outputs an output SOUT to the randomness determination unit 13.
The randomness determination method of a random number generated by the random number generator 12 in
In this preferred embodiment, the randomness of a generated random number is determined on the basis of the monobit test. In this monobit test, the number of “1s” in 20,000 bits of sample streams is counted and if the number X satisfies the following expression, the generated random number is determined to be usable.
9654<X<10346
However, in the random number generator mounted on the IC card as in this preferred embodiment, since the length of a generated random number is at most approximately 1024 bits, these 1024 bits are related to the 20,000 bits of the monobit test. Then, if the occurrence frequency X of 0 or 1 in the 1024 bits satisfies the following expression, the generated random number is determined to be usable.
495<X<529
In this case, when the counter 33 counts the occurrence frequency of 0 or 1 in the random number generated by the random number generator 12, if the comparison/determination circuit determines that the counter value of the counter 33 is located between 495 and 529, which are set by a comparison value setting register 51, the generated random number can be determined to be usable.
As a result, in step S4, the random number generator 12 outputs a random number. Then, in step S5, the randomness determination unit 13 determines its randomness, and the determination result is reported to the random number generation control unit 11. If the randomness result is OK, in step S6 it is determined whether a new random number was generated; specifically, for example, if the randomness was inappropriate when generating the random number using the default parameter and a new random number was generated using another parameter. If a new random number was not generated, in step S7 the random number is stored in the random number data storage unit 25 of the nonvolatile memory 15 and then the processing of the IC card continues.
If in step S5 the randomness result is NG, in step S8 new parameters, specifically the setting values t0′, t1′ and f′, are selected from the correction table parameter storage unit 24 of the nonvolatile memory 15, the correction table parameter update unit 21 of the random number generation control unit 11 provides the new parameters to the random number generator control circuit 22, and a re-generation flag is raised in the re-generation flag storage unit 48. Then, the processes after step S2 and after are performed.
If in step S6 the determination of whether a new random number was not generated is NG, that is, a new random number was generated, in step S9 the latest correction table parameters, specifically the correction table parameters used to generate the currently output random number, are overwritten into the default correction table parameter storage unit 23 of the nonvolatile memory 15. Then, after the re-generation flag of the re-generation flag storage unit 48 is dropped, in step S7 the random number is stored.
Next, as the method of using random numbers in this preferred embodiment, many random numbers are stored in advance in the random number data storage unit 25 of the nonvolatile memory 15 shown in
Ferroelectric memory whose data can be stored and erased in units of bytes is used as the nonvolatile memory 15, many random numbers are generated in advance, and the stored portion of used random numbers are prevented from being accessed. In this case, by generating and storing a new random number after all pieces of the random number data are used, the possibility that a random number will be anticipated in the processing of the IC card can be reduced.
Lastly, the evaluation of the random number generator in this preferred embodiment is described with reference to
Specifically, in
Although in the above description the time t0 until the power of the random number generator is switched on after the power of the card is switched on, the stabilization time t1 until the operation of the random number generator is stabilized after the power of the random number generator is switched on, and the sampling frequency f for generating a random number are all specified as examples of correction table parameters, as described with reference to
Although the randomness is determined on the basis of the monobit test of the FIPS 140, it can also be based on the poker test, the runs test or the long runs test.
Furthermore, as described with reference to
The present invention can be used in all industries using an IC card that mounts a random number generator. The present invention can be used not only in all industries using an IC card but also in a random number generator in an environment easily affected externally.
This application is a continuation of international PCT application No. PCT/JP2004/008611 filed on Jun. 18, 2004.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/JP04/08611 | Jul 2004 | US |
Child | 11601775 | Nov 2006 | US |