JPH09259235A - Portable information storage medium, applicant information input device, portable information storage medium system, and data access method for portable information storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to omit password input and prevent a password from being stolen by performing collation by a data managing means by using applicant information stored in an applicant information storage area of a nonvolatile storage means. SOLUTION: A CPU 12 controls an IC card 10 according to a program in a ROM 13. An EEPROM 15, on the other hand, stores original data recorded on the IC card 10. A directory file in this EEPROM 15 is provided with an unlocking information area storing unlocking information regarding a handling person's key. Consequently, even when the IC card 10 is not connected to a transaction terminal device 20, etc., and can not be supplied with electric power, its unlocking information is held. The unlocking information held in the unlocking information area is copied to a RAM 14 before a transaction starts once the IC card 10 is connected to the transaction terminal device 20, and used for matching against access conditions in a subsequent transaction process.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable information storage medium that requires a collation between applicant information for identifying a person who applies for access and access conditions when accessing data. The present invention relates to a personal information input device, a portable information storage medium system, and a data access method for a portable information storage medium.

[0002]

2. Description of the Related Art In recent years, so-called IC cards have been attracting attention as a portable information storage medium of this type. Generally, an IC card includes a non-volatile memory such as an EEPROM and a CPU that operates data in the non-volatile memory. A plurality of files are provided in the EEPROM, and data is stored in each file. Since each file is accessed through the CPU, C can be set by setting appropriate access conditions in advance.
Only when the PU determines that the access condition is satisfied, the file can be accessed.

As an access condition, it is general to set whether or not to collate some keys. That is, the key is written in the EEPROM in advance,
This internal key is compared with a key given from the outside and temporarily stored in the RAM by the CPU, and the result is used to determine whether or not the file can be accessed.

Keys set as access conditions include:
Specific target person (for example, IC card owner, issuer)
There is a key for authenticating the device or a key for authenticating specific hardware (for example, a terminal device). Of these, the key for authenticating a specific target person is unlocked by authenticating the password input via the transaction terminal device or the like. Normally, as a condition for access to a file, collation of a plurality of keys is set as a condition, and when the collation is successful for all the keys, access to the file is permitted.

[0005]

In the above-mentioned conventional IC card, the IC card owner inputs the password to the transaction terminal device each time the IC card is used, and proves that he is a valid card holder. There must be. However, in the case of an IC card having excellent portability, the card holder always carries the card and the card is surely under his / her own control, so that there is a small possibility that another person may illegally use the IC card. . In such a case, there is a problem that requiring the password input for each transaction to authenticate the person makes the handling of the IC card unnecessarily complicated and loses convenience for the user. on the other hand,
Since a transaction terminal device that conducts a transaction with an IC card is generally public, any person can handle the device. For this reason, the communication line of the transaction terminal device is tampered with, or a fake transaction terminal device is manufactured.
There is also a problem that a password may be illegally obtained by a third party by installing it and using the device.

[0006] Therefore, an object of the present invention is to solve the above-mentioned problem, and the password input can be omitted if necessary.
Also, it is to provide a portable information storage medium capable of preventing the password theft, an applicant information input device, a portable information storage medium system, and a data access method for the portable information storage medium.

[0007]

In order to solve the above-mentioned problems, the invention according to claim 1 provides a communication means (11, 12) capable of communicating with the outside, a data area for storing data, and the data. Non-volatile storage means (15) having an access condition storage area for storing access condition information to the area
And obtain the applicant information for identifying the person who applies for access to the data area via the communication means, collate the applicant information with the access condition information, and only when the collation is successful. A portable information storage medium, comprising: a data management means (12) for permitting access to the data area, wherein the non-volatile storage means has an applicant information storage area for storing the applicant information, The management means is characterized in that the collation is performed using the applicant information stored in the applicant information storage area.

The invention according to claim 2 is the portable information storage medium according to claim 1, wherein the data management means receives the applicant information stored in the applicant information storage area from an external command. It is characterized by rewriting based on

According to a third aspect of the present invention, in the portable information storage medium according to the first or second aspect, further, when the data management means performs the collation, information to be collated is temporarily stored. A temporary storage means (14) is provided, and the data management means copies the applicant information stored in the applicant information storage area to the temporary storage means, and then stores the applicant information in the applicant information storage area. It is characterized by erasing the applicant information that has been registered.

The invention according to claim 4 is a portable applicant information input device for inputting applicant information to the portable information storage medium according to any one of claims 1 to 3, Communication means (41,
42), an input means (46) capable of inputting information relating to rewriting of information stored in the applicant information storage area according to claim 1, and power for operating the communication means and the input means. And a power source (45) for supplying electric power to the portable information storage medium via the communication means, wherein the information input by the input means is transferred via the communication means to the portable information. It is characterized in that the rewriting of the applicant information stored in the applicant information storage area is instructed by transmitting to the storage medium.

The invention according to claim 5 is the portable information storage medium according to any one of claims 1 to 3, and
And a transaction device (20) for exchanging the data stored in the portable information storage medium and the data area of the portable information storage medium.

The invention according to claim 6 obtains applicant information for identifying a person who applies for access to the data area through communication with the outside, and access condition information to the data area where data is stored and the application. In a data access method of a portable information storage medium which collates with the applicant information and permits access to the data area only when the collation is successful, the applicant information is stored in a non-volatile storage means, and the non-volatile It is characterized in that the collation is performed using the applicant information stored in the sex storage means.

The invention according to claim 7 is the data access method for a portable information storage medium according to claim 6,
It is characterized in that the applicant information stored in the non-volatile storage means is rewritten based on an external command.

The invention according to claim 8 is the data access method for a portable information storage medium according to claim 7,
The applicant information stored in the non-volatile storage means is copied to the temporary storage means, and then the applicant information stored in the non-volatile storage means is erased.

[0015]

Hereinafter, an embodiment of the present invention will be described in more detail with reference to the drawings. FIG. 1 is a block diagram showing a configuration of an IC card 10 and a holder-only collation device 40 according to the present invention, and a connection relationship with a transaction terminal device 20.

First, the structure of the IC card 10 will be described with reference to FIG. As shown in the figure, the IC card 10 includes an I / O interface 11, a CPU 12,
The ROM 13, the RAM 14, and the EEPROM 15 are built in. The I / O interface 11 is an input / output circuit for transmitting / receiving data, and the CPU 12 communicates with the transaction terminal device 20 or the owner-only collating device 40 via the I / O interface 11. In ROM13, C
A program to be executed by the PU 12 is stored, and the CPU 12 integrally controls the IC card 10 based on this program. The RAM 14 is a memory used as a work area when the CPU 12 performs such overall control. On the other hand, the EEPROM 15 is a memory for storing original data to be recorded in the IC card 10.

A power supply and a clock are supplied to the IC card 10 from the transaction terminal device 20 or the owner-only collating device 40. Therefore, the IC card 10 becomes the transaction terminal device 20.
And the like, the power supply and the clock supply to the IC card 10 are stopped. However, EEPROM1
Since 5 is a non-volatile memory, its recorded content is retained as it is even after the power supply is stopped. However, RAM
All the data in 14 are lost due to the stop of power supply.

Each memory 13, 14 in the IC card 10
All access to 15 is performed via the CPU 12, and these memories cannot be directly accessed from the outside. That is, from the transaction terminal device 20 or the like to the CPU 12
When a predetermined “command” is given to, the CPU 12 interprets and executes the “command”, and returns the result as a “response” to the transaction terminal device 20 or the like.

For example, when writing to a predetermined file in the EEPROM 15, data to be written is given to the CPU 12 together with the "write command", and the CPU
The writing process is carried out in the form of executing the “write command” by 12. On the contrary, when reading data from a predetermined file in the EEPROM 15,
A predetermined "read command" is given to the CPU 12, and the CPU 1
The read process is performed in the form of executing the "read command" by the command No. 2.

As described above, when the execution of the "command" in the IC card 10 is completed, the "response" to the executed "command" is returned to the outside. For example, when a "write command" is given, a "response" indicating whether or not the writing process has been executed without any trouble
Is returned and the "read command" is given, the data to be read is returned in the form of a response. However, the access to the EEPROM 15 is not performed unconditionally, and it is premised that the access condition described later is satisfied.

FIG. 2 is a block diagram showing a hierarchical structure in the EEPROM 15 shown in FIG. EEP of this embodiment
The ROM is composed of four layers. That is, the first
Layer MF (Master File), second layer DF (Dedicated Fil)
e), an EF (Elementary File) of the third layer and a record structure (not shown) of the fourth layer. The MF is a file of the entire data memory. The MF is a file for storing data common to each application (service). For example, information such as the name, address, and telephone number of the owner of the IC card 10 is recorded.

The DF is a dedicated file, and the DF is set for each application. The EF is a basic file, and has two types: an IEF that stores data that is interpreted and executed when the CPU manages and controls the IC card, and a WEF that stores data used by an application.

Each file described above is managed by a directory file. FIG. 3A is a diagram showing the structure of a directory file for managing the DF. The directory file 50 stores file attribute information such as a relative address 52 from the beginning of the file, a total allocated capacity 53, a remaining capacity 54, and a check code 56 for the entire data. Also, the directory file 50
In addition, an unlocking information area 55 for storing unlocking information regarding the operator key is provided.

FIG. 5 is a diagram showing an example of the contents of the unlocking information stored in the unlocking information area 55. Unlock information is 8
It consists of one operator key. Each key is assigned to a different operator, for example, K8 is assigned to the IC card manufacturer and K7 is assigned to the issuer. When each key is "0", it means that it is unlocked.
When it is "1", it indicates that it is in the unlocked state.

FIG. 3B is a diagram showing the structure of a directory / file for managing the WEF. The WEF directory / file 60 is provided with an access condition information area 65 for storing access conditions, in addition to an area for storing the start address 62, the total capacity 63, and the like. here,
The access condition is a condition that must be satisfied when accessing the WEF, and defines the type of key that must be unlocked.

FIG. 4 is a diagram showing an example of access conditions stored in the access condition information area 65. The access condition is set for each mode of access to the file, that is, “read”, “write”, or “update” of data.
It is determined for each of the. Each access condition is composed of eight keys corresponding to each of the eight operator keys in the unlocking information described above. In each key, "1" indicates that the corresponding operator key needs to be unlocked, and "0" indicates that unlocking is unnecessary. In the example of FIG. 4, at least “K1” is unlocked in the unlock information for “reading” of data, and at least K1 and K for “writing”.
4 is unlocked, and for "update",
At least K1 and K5 are unlocked, but this is set as a condition.

Next, the structure of the owner-only collating device 40 will be described with reference to FIG. Collating device for exclusive use of holder 40
Is a portable password input device used to input the password of the IC card holder into the IC card 10. The owner-specific collation device 40 is mainly used for I / O.
O interface 41, CPU 42, ROM 43, RA
M44, battery 45, pin pad 46 and display 4
7.

The I / O interface 41 is an input / output circuit for transmitting / receiving data to / from the IC card 10. When inputting a password to the IC card 10 using the holder-only verification device 40, the I / O interface 4
1 is connected to the I / O interface 11 of the IC card 10. The ROM 43 is a memory that stores a program to be executed by the CPU 42. CPU4
Reference numeral 2 collectively controls the operation of the holder-only collation device 40 based on the program stored in the ROM 43, and also the IC card 1 through the I / O interface 41.
Communicate with 0.

The battery 45 is a power source that supplies the power required for the owner-specific collation device 40 to operate. in this way,
Since the owner-only verification device 40 also has a built-in power source, it can be carried with the IC card. The power of the battery 45 is also supplied to the IC card 10 via the I / O interface 41 when the IC card 10 is connected to the owner-only collation device 40. The RAM 44 is a memory used by the CPU 42 as a work area. The pin pad 46 is an input means capable of inputting numbers or alphanumeric characters, and the holder of the IC card inputs his own password from the pin pad 46. The display 47 is a liquid crystal screen or the like on which the CPU 42 outputs a display for requesting input of a password or the like.

As described above, in the present embodiment, it is possible to input the password of the IC card holder to the IC card 10 by using the holder-specific collation device 40.
FIG. 6 shows the IC card 1 using the collation device 40 dedicated to the owner.
IC card 10 when entering a password in 0
6 is a flowchart showing the operation of the collation device 40 for exclusive use of the owner. In the figure, (A) shows the operation of the holder-only collation device 40, and (B) shows the operation of the IC card 10. Further, the arrow indicates that the IC card 10 and the owner-only collation device 40 are communicating.

First, when the IC card 10 and the holder-specific collation apparatus 40 are connected and the holder-specific collation apparatus 40 is turned on, the holder-specific collation apparatus 40 supplies power to the CPU 12 and resets it. A signal is transmitted (S100). Upon receiving the reset signal, the CPU 12 initializes the RAM 14 and the like, and then makes an initial response (Answer_to_reset) to the owner-only collation device 40 (S200). Here, the initial response means the IC card 10
It refers to the transmission of information about the type and operating characteristics of the.

Upon receipt of the initial response, the CPU 42 displays on the display 47 that a password is to be input and whether or not the password confirmation is required at the time of the next transaction is to be input, and the information is input from the pin pad 46. Receive (S110).

Here, "no password confirmation" means that no password is entered or authenticated when a transaction is carried out between the IC card 10 and the transaction terminal device 20. For example, if the target application is one with relatively low security requirements, such as a medical appointment at a medical institution, and the IC card holder decides that the password entry when using the card may be omitted. , No password confirmation required is selected. On the other hand, "password required" means that the password is entered and authenticated at the time of transaction. For example, if the target application is one that requires high security, such as withdrawing a bank deposit, password confirmation is selected.

Upon receiving the input, the CPU 42 determines whether or not the next password confirmation is required, the key number corresponding to the password,
And a command "VERYFY_PW" with the password as an argument is transmitted to the IC card 10 (S120).

I received the transmission of the command "VERYFY_PW"
In the C card 10, the CPU 12 authenticates the transmitted password, and transmits the result as a response to the owner-only collation device 40 (S210). Also, CPU
If the authentication is successful, the key 12 unlocks the key by setting the corresponding key of the unlock information provided in the RAM 14 to "1" (S230). The unlock information provided in the RAM 14 has the same configuration as the unlock information stored in the unlock information area 54 described above.

Further, the CPU 12 confirms in the argument of the "VERYFY_PW" command whether the next password confirmation is set to "necessary" or "unnecessary". As a result, if it is "unnecessary", the EEPROM1
The corresponding key in the unlock information area 55 in 5 is "1"
(S250), and the operation ends. vice versa"
If "Required" is set, the CPU 12 sets the corresponding key in the unlock information area 55 to "0" (S25).
2) The operation is finished.

As described above, the IC card 10 for which the password has been input using the holder-only collation device 40 is next connected to the transaction terminal device 20 and the transaction is executed. Figure 7
3 is a flow chart showing respective operations when a transaction is carried out between the IC card 10 and the transaction terminal device 20. In the figure,
(A) is a flowchart of the operation of the transaction terminal device 20,
(B) is a flowchart of the operation of the IC card 10. Also,
The arrow indicates that the IC card 10 and the transaction terminal device 20 are communicating.

When the IC card 10 is connected to the transaction terminal device 20, the transaction terminal device 20 supplies power to the CPU 12 and transmits a reset signal (RESET) (S300). Upon receiving the reset signal, the CPU 12 initializes the RAM 14 and the like, and then makes an initial response (Answer-to-reset) to the transaction terminal device 20 (S4).
00).

Next, the transaction terminal device 20 is input with the contents of the application such as “○ × bank deposit balance inquiry”,
Based on the contents, the file name of the DF to be referred to in the IC card 10 is specified, and the command "SELECT_DF" having the file name as an argument is transmitted to the IC card 10 (S310). Note that here, the file name of the specified DF is assumed to be “DF1”.

The CPU 12, which has received the "SELECT_DF",
The unlocking information area 55 of the directory that manages the DF1 is referred to, and the unlocking information stored therein is copied to the RAM 14. Moreover, CPU12 transmits the content of the unlocking information to transaction terminal device 20 (S410). On the other hand, the transaction terminal device 20 specifies the access condition to the data required when executing the application from the input application content, and compares this with the transmitted unlocking information.

Here, as an example, the access condition specified by the transaction terminal device 20 is the condition illustrated in "reading" in FIG. 4, and the unlocking information transmitted from the CPU 12 is illustrated in FIG. 5 (A). It has been done. In this case, the key of K1 is required to collate the unlocked state in the access condition. On the other hand, in the unlocking information, the K1 key is in the unlocked state. Therefore, transaction terminal device 20 determines that the unlocking information satisfies the access condition (S320: YES), and proceeds to the next operation without requesting the input of a new password (S360).

On the other hand, the unlocking information is, for example, as shown in FIG.
In the case of the example illustrated in (B), since the key of K1 is not unlocked, transaction terminal device 20 determines that the unlocked information does not satisfy the access condition (S32).
0: NO), requesting that a required password be entered through a display or the like (S330). As a result,
When the password is input, transaction terminal device 20 transmits to the IC card 10 a "VERYFY" command using the key number corresponding to the password and the input password as arguments (S340).

In the IC card 10 which has received the "VERYFY" command, the CPU 12 verifies the transmitted password and transmits the response to the result to the transaction terminal device 20 (S430). When the collation is successful, the CPU 12 causes the RAM 14 (S41
The corresponding key of the unlocking information copied in 0) is set to "1" (S450). As a result, if the access conditions are verified in the subsequent transactions,
The access conditions are satisfied and the data can be accessed.

Next, the transaction terminal device 20 and the IC card 10
Perform mutual authentication (authentication regarding machine) according to a known method (S360, S460). If the authentication is successful, a publicly known transaction procedure is executed between the IC card 10 and the transaction terminal device 20 (S380, S480), and after the transaction is completed, each operation is terminated.

As described above, in this embodiment, E
An unlock information area 54 is provided in the EPROM 15, and unlock information is stored therein. Therefore, even if the IC card 10 is not connected to the transaction terminal device 20 or the like and cannot be supplied with power, the unlocking information is retained. Also,
When the IC card 10 is connected to the transaction terminal device 20, the unlock information stored in the unlock information area 54 is copied to the RAM 14 before the start of the transaction, and used for collating access conditions in the subsequent transaction process. Used. As a result, in the present embodiment, by storing the unlocking information of appropriate contents in the unlocking information area 54, the password input when using the IC card is omitted, and the complicated procedure of password input for each transaction is performed. It is possible to avoid it.

Further, in the present embodiment, the unlock information area 54
The unlock information stored in the
Each key can be operated. That is, in this embodiment, the unlocked state of each operator key in the unlocked information area 54 is arbitrarily set by transmitting the password and the information regarding the necessity / unnecessity of password confirmation at the time of transaction to the IC card. be able to. As a result, in the present embodiment, it is possible to execute and omit the procedure of password input / authentication at the time of transaction as necessary.

Further, in this embodiment, the IC card 10
Input of the password to the transaction terminal device 20,
It is supposed to be carried out using the portable collation device 40 for exclusive use of the owner. Therefore, if the owner of the IC card carries the collation device 40 for exclusive use of the holder, it is possible to prevent a third party from making a trick on the collation device 40 for exclusive use of the owner and illegally obtaining the input password. Therefore, the security of the IC card system can be further enhanced.

(Other Embodiments) The present invention is not limited to the above embodiment. The above embodiment is an exemplification, and has substantially the same configuration as the technical idea described in the scope of the claims of the present invention. It is included in the technical scope of the invention.

1) In the above embodiment, the unlocking information stored in the unlocking information area 54 is operated by using the owner-only collating device 40. This is performed by the transaction terminal device 20. It may be done. In this case, the operation of the transaction terminal device 20 is, for example, as shown in FIG.
In (A), (S330) and (S340) are shown in FIG.
It is replaced with (S110) and (S120) of (A). That is, the transaction terminal device 20 is "VERYFY".
Use the "VERYFY_PW" command instead of the command
If the password and the information regarding the necessity / unnecessity of password confirmation at the time of transaction are transmitted to the IC card, the same function as that of the owner-only collation device 40 can be achieved.

2) In the above embodiment, the main purpose is to prevent password theft, and when handling an application that requires particularly high security, IC is used.
The card itself may delete all the contents of the unlocking information stored in the unlocking information area 54 under a certain condition. For example, after copying the unlocking information in the unlocking information area 54 to the RAM 14 in (S220) of FIG. 7, the CPU 12 sets all the key designating bits in the unlocking information area 54 of the EEPROM to "0". May be In this case, even if the password is input to the IC card 10 by using the owner-only collation device 40, the password is always input for each transaction,
It is possible to secure high security at the same time while achieving the effect unique to the present embodiment of preventing the theft of a password.

[0051]

As described in detail above, according to the present invention, it is possible to omit the input of the applicant information, which has been performed for each transaction, at any time, and avoid complicated procedures as necessary. It became possible to do. Further, in particular, according to the invention according to claim 4 or 5, it is possible to prevent the applicant information from being illegally stolen by a third party because the applicant information is prevented from being input to the transaction terminal device or the like. Became possible.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of an IC card 10 and a holder-only collation device 40 according to the present invention, and a connection relationship with a transaction terminal device 20.

FIG. 2 is a block diagram showing a hierarchical structure within an EEPROM 15 shown in FIG.

FIG. 3 is a diagram showing a structure of a directory file.

FIG. 4 is a diagram illustrating an example of access conditions to a file.

FIG. 5 is a diagram showing an example of unlocking information stored in an unlocking information area 55.

FIG. 6 shows an IC card 1 using a collation device 40 exclusively for holders.
6 is a flowchart showing respective operations when a password is input to 0.

FIG. 7 is a flowchart showing respective operations when a transaction is carried out between the IC card 10 and the transaction terminal device 20.

[Explanation of symbols]

 11 I / O Interface 12 CPU 15 EEPROM 20 Transaction Terminal Device 41 I / O Interface 42 CPU 45 Battery 46 Pin Pad

Claims (8)

[Claims] 1. A non-volatile storage means having a communication means capable of communicating with the outside, a data area for storing data, and an access condition storage area for storing access condition information for the data area, and a data area. The applicant information for identifying the person who applies for the access is acquired through the communication means, the applicant information is collated with the access condition information, and only when the collation is successful, the data area is stored. A portable information storage medium comprising: a data management unit that permits access, wherein the non-volatile storage unit has an applicant information storage area for storing the applicant information, and the data management unit is the applicant A portable information storage medium, characterized in that the verification is performed using the applicant information stored in the information storage area. 2. The portable information storage medium according to claim 1, wherein the data management unit rewrites the applicant information stored in the applicant information storage area based on an external command. And a portable information storage medium. 3. The portable information storage medium according to claim 1 or 2, further comprising: when the data management means performs the collation.
The temporary storage means for temporarily storing the information to be collated, the data management means, copy the applicant information stored in the applicant information storage area to the temporary storage means,
After that, the applicant information stored in the applicant information storage area is erased, wherein the portable information storage medium is characterized. 4. A portable applicant information input device for inputting applicant information to the portable information storage medium according to claim 1, wherein the portable information storage device communicates with the portable information storage medium. A communication means capable of inputting, an input means capable of inputting information relating to rewriting of information stored in the applicant information storage area according to claim 1, power for operating the communication means and the input means, and A power source for supplying electric power to the portable information storage medium via the communication means, and transmitting the information input by the input means to the portable information storage medium via the communication means. The portable applicant information input device is characterized by instructing rewriting of the applicant information stored in the applicant information storage area. 5. The portable information storage medium according to any one of claims 1 to 3, the applicant information input device according to claim 4, the portable information storage medium and the portable information storage. A portable information storage medium system, comprising: a transaction device for exchanging data stored in a data area of a medium. 6. The applicant information for identifying a person who applies for access to the data area is acquired by communication with the outside, and the access condition information for the data area in which the data is stored and the applicant information are collated. In the data access method of the portable information storage medium, the applicant information is saved in the non-volatile storage means, and the applicant information is saved in the non-volatile storage means. The data access method of a portable information storage medium, characterized in that the verification is performed by using the registered applicant information. 7. The portable information storage medium data access method according to claim 6, wherein the applicant information stored in the nonvolatile storage means is rewritten based on an external command. Data access method for removable information storage medium. 8. The data access method for a portable information storage medium according to claim 7, wherein the applicant information stored in the nonvolatile storage means is copied to a temporary storage means, and then the nonvolatile storage is performed. A data access method for a portable information storage medium, characterized in that the applicant information stored in the means is erased.