JP2002207974A - Card data processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent personal information from being illegally accessed through a network while a card data processor reads the personal information stored in a credit card, etc., and inquires of the host computer of a card company as to the personal information. SOLUTION: This card data processor for reading secret information of a card on which the secret information is stored, inquiring of the host computer 107 as to the secret information through the network 108 and performing data processing is provided with a first OS 101 for taking charge of card information reading processing and communication processing using the network 108 and with a second OS 102 separately for performing communication processing with the first OS 101 and taking charge of secret information storage processing. Thus, a memory area managed by the second OS 102 is prevented from being illegally accessed even though the first OS 101 is illegally accessed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a card data processing device which reads secret information such as personal information written on a card and inquires the secret information to a host computer via a network. The present invention relates to a card data processing device suitable for preventing unauthorized access to secret information held by a processing device via a network.

[0002]

2. Description of the Related Art For example, card data processing such as a payment terminal device which reads personal information written on a credit card or a cash card and communicates with a card company or a bank host computer via a network to make payment settlement. Equipment is becoming more widespread. A payment terminal device (hereinafter, a payment terminal device will be described as an example) reads personal information such as a bank account number and a personal identification number from a credit card or a cash card, and transfers the personal information together with the input payment amount to the payment terminal. It is designed to be held in the device. Then, during the payment processing, the held personal information is transmitted to the host computer of the card company or the bank via the network, and the payment processing is performed by the card company or the bank.

[0003] As related to the prior art, for example, there is one disclosed in Japanese Patent Application Laid-Open No. 5-314324.

[0004]

While the above-mentioned settlement terminal device holds secret information such as personal information inside and inquires the personal information of a card company host computer via a network, If the OS (operation system) of the payment terminal device is illegally accessed via the network, the personal information to be kept secret is the same
Since it is on S, the personal information may be stolen or tampered. The data held in the settlement terminal device is secret data such as a bank account number and a password, and it is necessary to prevent theft or tampering by unauthorized access.

[0005] It is an object of the present invention to provide a card data processing apparatus capable of preventing unauthorized access to confidential information held in the apparatus via a network.

[0006]

According to the present invention, there is provided a card data processing apparatus for reading the secret information of a card storing the secret information and inquiring the secret information to a host computer via a network to perform data processing. A first operating system (hereinafter, referred to as a first OS) in charge of a card information reading process and a communication process using the network; a communication processing unit;
A card data processing device comprising a second operating system (hereinafter, referred to as a second OS) which is in charge of storing the secret information with the S through the communication processing means.

[0007] Thereby, the secret data read from the card by the first OS is transferred to the second OS using the inter-OS communication means, and is held in a memory in the second OS (the management of the first OS does not extend). Even if the first OS is illegally accessed via the network, the second OS holding the secret data cannot be accessed, and the inter-OS communication can adopt a special protocol. Can be prevented. Furthermore, the second OS
Separates the used area on the physical memory that holds the secret data from the used area of the first OS, so that the first OS
The secret data in S cannot be viewed directly. In this way, the secret data is prevented from being stolen or falsified.

Further, the present invention relates to a card data processing device for reading the secret information of a card storing secret information and inquiring the secret information to a host computer via a network to perform data processing. A first operating system (hereinafter, referred to as a 10S) for performing communication processing using the network; an OS execution resource control unit;
And a second operating system (hereinafter, referred to as a second OS) which is in charge of storing the confidential information via the OS execution resource control means.

Further, according to the present invention, the OS execution resource control means is independent of the first OS and the second OS.
Computer resources such as a physical memory and an external device used by the OS and the second OS are separately allocated to each other, and a different communication protocol between the first OS and the second OS is used in the communication network. A card data processing apparatus according to claim 6, wherein the communication processing is performed according to the communication protocol of (1).

[0010]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 is a configuration diagram of a card data processing device according to one embodiment of the present invention. Card data processing device (settlement terminal device in this example) 10 according to this embodiment
0, the reading device 10 having the data reading button 118
4, the amount input device 105, and the payment processing request input device 1
06 is connected. In addition, the payment terminal device 100
Is configured to inquire data input from these input devices 104, 105, and 106 to a host computer 107 such as a card company or a bank via a network line 108 such as a telephone line or the Internet.

The main body of the payment terminal device 100 includes a first OS
An (OS1) 101, a second OS (OS2) 102, and an OS execution resource control function (means) 103 for allocating computer resources to these two OSs are provided. The invention incorporating the two OSs has been realized by the present applicant, and is disclosed in Japanese Patent Application Laid-Open No. H11-149385.
It is described in JP-A-11-85546, JP-A-11-41032, JP-A-11-40914 and the like. Product name DA
It has already been put to practical use as RMA.

The first OS 101 includes a card information reading function (means) 112 for reading data input from the reading device 104 and the amount input device 105, an inter-OS data transmission / reception function (means) 113, and a network line 108. Network communication function (means) 114 for performing communication control
And a payment processing program 109 that starts operation based on an input instruction from the payment processing request input device 106.

The OS execution resource control function 103 has a first
It is independent of the OS and the second OS, and has a firewall function 119 between the two OSs and a communication function (means) 111 between the OSs. This inter-OS communication function 111 is connected to the network line 10.
The communication between the OS1 and the OS2 is performed by a special communication protocol different from the communication protocol on the OS 8 for example.

The second OS 102 is an OS of the first OS 101
Data communication is performed with the inter-data transmission / reception function 113 using the inter-OS data transmission / reception function 115 in accordance with the communication protocol. The second OS includes an approval function (means) 116, a data holding function (means) 117, and a data holding program 110 for causing the data holding function (means) 117 to perform a secret data holding operation.

The OS execution resource control function 103 has a first
The OS and the second OS are independent of each other.
An inter-OS communication function 111 for controlling communication between the S data transmission / reception functions 113 and 115, a first OS 101 and a second OS
102, and a function of providing a firewall 119 between them. In this embodiment, the firewall function 119 completely allocates the use area of the physical memory used by each of the first OS 101 and the second OS 102, and the OSs directly exchange data via the physical memory. It is achieved by making it impossible to do it. Further, by performing communication using a protocol different from the communication protocol of the communication network line 108, it is possible to prevent data theft and hacker acts via the communication network line 108.

The payment processing program 109 reads personal data such as a bank account number and a personal identification number from a card using a card information reading function 112, and exchanges the personal data with the second OS 102 using an inter-OS data transmission / reception function 113. In addition to sending and receiving data, the second OS 102
The personal data is taken out from the server and sent to the card company or the host computer of the bank using the network communication function 114 to perform the settlement processing.

The data holding program 110 exchanges personal data with the first OS 101 using the inter-OS data transmission / reception function 115. Further, the processing request from the first OS 101 is transmitted to the first OS 101 by using the approval function 116.
Check whether the request is a valid processing request. If the processing request determined to be valid is “data holding”, the data is held using the data holding function 117.

FIG. 2 is a structural diagram of data stored in the second OS 102. The data includes the time of payment, user ID, bank account number, password, and payment amount.

FIG. 3 is a diagram showing a special protocol for communication performed between OSs. This protocol consists of an approval code, a processing code, data, and an end code.

The approval code is a code for the second OS to check the validity of the request from the first OS 101. The first OS 101 and the second OS 102 preliminarily negotiate. If the approval code is not correct, it is determined that the processing request from the first OS 101 is not valid, the processing is not performed, and a failure is returned.

The processing code is such that the first OS 101 is the second OS
This is a code representing a process requested to the client 102. Also, this processing code represents the processing result of the second OS 102 when communicating from the second OS 102 to the first OS 101.

As illustrated in FIG. 3, from the first OS to the second OS
When making a processing request to S, the processing code “00000000”
“0” indicates a processing request of “start communication between OSs”, and a processing code “000011111” indicates a processing request of “data storage processing”. Conversely, when the processing result is returned from the second OS to the first OS, the processing code “00000000” indicates “processing success”.

FIG. 4 is a flowchart showing the processing procedure of the payment processing program. The payment processing program receives a “card information reading request” and a “payment processing request” from a user, and performs each processing. When this program is started (step 400), the process enters a state of waiting for a processing request from the user (step 401). If there is a processing request, the type of the processing request is determined (step 40).
2). When the user presses the data reading button 118, a card information reading request is issued, and card information reading processing is executed (step 403). When a payment processing request is input from the payment processing request input device 106, payment processing is executed (step 404).

FIG. 5 is a flowchart showing a detailed processing procedure of the card information reading processing (step 403 in FIG. 4) in the payment processing program. The card information reading process reads information from the card and stores the read information in a second
This is completed by having the OS 102 hold the data.

When the card is set in the reader to read information from the card and the read button is pressed, the reading process is started (step 500). Personal information such as a user ID, an account number, and a personal identification number is written on the card. The data of the card is read by the settlement terminal device 100 by the reading function of the first OS (Step 501).
Then, the usage amount is input from the amount input device (step 502). The payment processing program creates the data structure of FIG. 2 from the data read from the card and the input amount (step 503). Then, in order to have the second OS hold the created data, a request to start inter-OS communication is made using the inter-OS data transmission / reception function.
Issued to S (step 504). This inter-OS communication start request is performed using the inter-OS communication protocol shown in FIG.

When the processing result corresponding to the request of step 504 is returned from the second OS, the first OS succeeds in the inter-OS communication start processing from the processing code “00000000”.
It is checked whether “0” or “11111111” has been performed (step 505) .If the processing has failed, the processing ends with an error (step 511). The data is transmitted to the second OS (step 506), and based on the processing result returned from the second OS in response to the request in step 506, the first OS determines whether the data retention by the second OS has succeeded or failed. Confirm (Step 50
7) If not successful, terminate with error (step 51)
1). If the operation succeeds, that is, if the secret data is held in the second OS, then an inter-OS communication end request is issued (step 508). Then, based on the processing code of the processing result returned from the second OS, it is confirmed whether the communication termination processing has succeeded or failed (step 509). If successful, the card information reading process ends (step 51).
0).

FIG. 6 is a flowchart showing a detailed processing procedure of the settlement processing (step 404 in FIG. 4) of the settlement processing program. In this settlement processing, the secret data held by the second OS according to the procedure of FIG.
S takes it out and sends it to the host computer on the bank side to have it settled, erasing the data held in the second OS, and completing.

When a payment processing request is input from payment processing request input device 106 (FIG. 1) (step 600), the first
The OS issues an inter-OS communication start request to retrieve data from the second OS (step 601). The first OS is
The processing result returned from the second OS is confirmed (step 602), and if the processing fails, the processing ends with an error (step 6).
18). If successful, a data retrieval request is issued to the second OS (step 603). The first OS confirms the processing result of the second OS in response to the request of step 603 (step 604), and terminates with an error if it fails (step 618). If successful, that is, if the first OS receives the secret data from the second OS, it issues an inter-OS communication end request (step 605). Next, the first OS
Checks the processing result of the second OS in response to the request in step 605 (step 606), and terminates with an error if it fails (step 618).

If the result of the determination in step 606 is successful, that is, if the first OS can extract personal data from the second OS, and if the inter-OS communication process has been completed, the process proceeds to step 607, and The first OS transmits personal data to a card company or a bank via the Internet or a public line using its own network communication function, and requests a settlement process. Then, it is confirmed whether or not the settlement processing is successful based on the settlement processing result from the bank or the like (step 608). If the settlement processing has failed, the user is notified that the settlement processing has failed (step 61).
6), the settlement process ends (step 617). Then, the user who has confirmed the settlement notice from the bank or the like makes an inquiry to the card company or the bank and solves the cause or problem of the failure.

When the settlement processing by the bank or the like is successful, the personal data held in the second OS is no longer necessary.
Issue a request to start communication between OSs (step 60).
9). The first OS checks the processing result from the second OS (step 610), and ends the error if the communication start processing fails (step 618). If the inter-OS communication start process is successful, the first OS issues a request to delete the corresponding personal data to the second OS (step 611).

The first OS responds to the second O in response to the erase request.
The processing result from S is checked (step 612), and if the processing fails, the processing ends with an error (step 618). If successful, issue an inter-OS communication end request (step 613),
Confirm the processing result from the second OS (step 614),
In the case of failure, the process ends with an error (step 618), and in the case of success, the process ends (step 615).

FIG. 7 is a flowchart showing a processing procedure of the data holding program executed by the second OS. The data holding program accepts a processing request from the first OS, checks the validity of the processing request using an approval function, and performs the processing.

Start of data holding program (step 70)
After 0), it is always in a state of waiting for communication from the first OS (step 701). When there is communication from the first OS, the data holding program checks the approval code of the communication protocol (FIG. 3) using the approval function (step 7).
02). If the authorization code is incorrect, a failure is returned to the first OS (step 717), and the process returns to the communication waiting state (step 701). If the approval code is correct, it is next determined what the processing code is (step 703).

If the processing code determined in step 703 is a request to start communication between OSs, communication between OSs is started (step 704), and then the second OS returns success to the first OS (step 705), and data processing is performed. A request waiting state is entered (step 706). If the processing code determined in step 703 is a request other than the inter-OS communication start request, a failure is returned to the first OS (step 718), and the process returns to the communication waiting state (step 701).

The data processing program includes a step 706
When a processing request for data from the first OS is received, an approval code is checked using an approval function (step 707). If the authorization code is incorrect,
Return failure to S (step 719), and return to the communication waiting state (step 701). If the authorization code is correct,
It is determined what the processing code is (step 70)
8). If the processing code is "data retention request",
The personal data is extracted from the data storage portion of the inter-S communication protocol, and the personal data is stored in the memory by the data storage function (step 709). If there is already stored data, a "NUL"
L ”, new holding data is added and held at the end of the already held data, and success is returned to the first OS.

If the processing code is "data retrieval request", the stored data is entered into the data storage portion (see FIG. 3) of the inter-OS communication protocol (step 71).
0), “00000000” (success) is entered in the processing code, and the processing code is returned to the first OS (step 712). If the processing code is "data erase request", the stored data is erased (step 711), and success is returned to the first OS (step 712). If the processing code is anything else,
A failure "11111111" is returned to the first OS (step 720), and the process returns to the communication waiting state (step 701).

Next, the data holding program executes the first OS
Waits for the end of inter-OS communication from the server (step 71).
3) Upon receiving a processing request from the first OS, an approval code is checked using an approval function (step 714). If the authorization code is incorrect, a failure is returned to the first OS (step 721), and the process returns to the communication waiting state (step 7).
01). If the approval code is correct, it is determined what the processing code is (step 715). If the processing code is an OS termination request, the first OS returns success (step 716), and returns to the communication waiting state (step 701).
Otherwise, a failure is returned to the first OS (step 7).
22), and returns to the communication waiting state (step 701).

As described above, according to the present embodiment,
A configuration in which a first OS for performing network communication and a second OS for holding secret data are mounted on the same terminal device (card data processing device), and the second OS holds secret data in a portion where the memory use area of each OS does not overlap. And each O
Since the protocol of the communication performed between the S is not a commonly used communication protocol, the secret data read from the card is illegally accessed via the network while being held in the card data processing device. Disappears.

The OS execution resource control function 103
There is also an example of belonging to either the first OS or the second OS. There is also an example in which the second OS has only the inter-OS communication function.

In the embodiment described above, the payment terminal device has been described as an example. However, a card data processing device for storing a large amount of personal information such as personal health information and administrative processing information, such as an IC card which will spread in the future. Needless to say, the present invention can be similarly applied to the present invention.

[0042]

According to the present invention, there is an effect that there is no danger that the secret data read from the card and held in the terminal device is illegally accessed via the network.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a card data processing device according to an embodiment of the present invention.

FIG. 2 is a structural diagram of data held by the card data processing device shown in FIG. 1;

FIG. 3 is a diagram showing a protocol of communication performed between two OSs shown in FIG. 1;

FIG. 4 is a flowchart showing a processing procedure of a payment processing program processed by a first OS shown in FIG. 1;

FIG. 5 is a flowchart showing a detailed procedure of a card information reading process shown in FIG. 4;

FIG. 6 is a flowchart showing a detailed procedure of a settlement process shown in FIG. 4;

FIG. 7 is a flowchart illustrating a processing procedure of a data holding program processed by a second OS illustrated in FIG. 1;

[Explanation of symbols]

 Reference Signs List 100 payment terminal 101, 102 OS 103 OS execution space allocation control function 104 reader 105 amount input device 106 payment processing request input device 107 card company or bank host computer 108 Internet or public line 109 payment processing program 110 data holding program 111 OS Communication function 112 card information reading function 113 inter-OS data transmission / reception function 114 network communication function 115 inter-OS data transmission / reception function 116 approval function 117 data holding function 118 data reading button 119 firewall

Continuing from the front page (74) One of the above agents 100093872 Patent Attorney Yoshihiro Takasaki (72) Inventor Hitoshi Nakanoya 5-2-1 Omika-cho, Hitachi City, Ibaraki Prefecture Information Control Systems Division, Hitachi, Ltd. ( 72) Inventor Naoto Kato 5-2-1 Omikacho, Hitachi City, Ibaraki Prefecture Within the Information Control Systems Division, Hitachi, Ltd. (72) Inventor Hideki Fujii 5-2-1 Omikamachi, Hitachi City, Ibaraki Prefecture (72) Inventor Akifumi Nakahashi 5-2-1 Omikacho, Hitachi City, Ibaraki Prefecture Hitachi Process Computer Engineering Co., Ltd. 1st address Hitachi Asahi Electronics F-term (reference) 5B058 CA27 KA02 KA04 KA21 KA31 KA33 YA20 5B098 AA09 FF08 GA02 GC16 GC20 GD15 JJ01

Claims (7)

[Claims] 1. A card data processing device which reads the secret information of a card storing secret information and inquires the host computer of the secret information via a network to perform data processing, the information reading process of the card and the network A first operating system (hereinafter, referred to as a first OS) in charge of communication processing using
A card data comprising: a communication processing means; and a second operating system (hereinafter, referred to as a second OS) responsible for storing the secret information between the first OS and the first OS via the communication processing means. Processing equipment. 2. The system according to claim 1, wherein the first OS and the second OS operate computer resources and management programs such as a physical memory and an external device respectively used by the first OS and the second OS without affecting the first OS and the second OS. A card data processing device, wherein the card data processing device assigns the data separately. 3. The card data processing device according to claim 1, wherein said inter-OS communication processing means has a function of a second OS. 4. The card data processing device according to claim 1, wherein the second OS has a function of approving a normality of communication from the first OS to the second OS. 5. The card data processing device according to claim 1, wherein the communication processing is performed by another communication protocol different from a communication protocol used in the network. 6. A card data processing device for reading said secret information of a card storing secret information and inquiring said secret information to a host computer via a network to perform data processing, wherein said card information reading process and said network A first operating system (hereinafter referred to as a 10S) which is in charge of communication processing using
A second operating system (hereinafter, referred to as an OS execution resource control unit) in charge of storing the secret information between the OS execution resource control unit and the tenth S via the OS execution resource control unit.
This is called a second OS. And a card data processing device. 7. The OS execution resource control means according to claim 1,
Independent of the OS and the second OS, the first OS and the second OS
S and computer resources such as a physical memory and an external device to be used separately from each other.
7. The card data processing device according to claim 6, wherein communication processing between the OS and the second OS is performed using a communication protocol different from a communication protocol used in the communication network.