JP2005100455A - Ic card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To supply an IC card improved in use efficiency of a memory. <P>SOLUTION: A first region for validating a write password and a second region for validating a read password are set in a user area of the IC card. When a write command to the first region is transmitted from a read/write device along with a password, it is checked against the write password; and when a read command to the second region is transmitted, it is checked against the read password. As a result of the checking, when the passwords coincides with each other, the respective commands are executed. A read password limit address and a write password limit address showing upper limit addresses for validating the read password and the write password are set; and the read password limit address and the write password limit address are made changeable. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a non-contact type IC card that transmits and receives data using a carrier wave such as a radio wave.

  For example, by using a contactless IC card for a train commuter pass and transferring data to and from a read / write device at the ticket gate, it is checked whether the commuter pass is valid. A system is being developed.

  FIG. 13 is a sequence chart showing a state of communication between the IC card and the read / write device in such a conventional non-contact type IC card system. First, the read / write device sends a read ID command to the IC card. When receiving the read ID command, the IC card sends an ID code unique to the IC card to the read / write device. The read / write device sends the command to be executed by the card, the ID code of the IC card to be transmitted, and the password together with the execution command. The IC card verifies the ID code and password sent from the read / write device, and executes the command instructed by the read / write device only when these match the ID code and password stored in the IC card. The execution result is sent to the read / write device. When the read / write device further causes the IC card to execute a command, it sends the corresponding execution command with the ID code and password of the IC card added, and the IC card again verifies the ID code and password, If they match, this command is executed and the execution result is sent to the read / write device. In the same manner, each time an execution command is sent from the read / write device to the IC card, an ID code and a password are sent out, and these are collated on the IC card side to execute the command. For this reason, for example, in order to write 1-byte data to the IC card, more than a dozen bytes must be added for sending the ID code and password, and the transmission efficiency is poor. In particular, in the case of such an IC card, a power source is often obtained by rectifying radio waves from the read / write device, so that particularly efficient data transmission is desired.

  FIG. 14 is a diagram showing a memory map of a conventional IC card. As shown in the figure, the user area is divided into blocks, and there is also a type having a password for each block separately from the system area access password for accessing the system area of the IC card. Further, the flag for storing the password and ID code verification result is set or reset each time the command is executed.

  Since the conventional non-contact type IC card is configured as described above, an ID code, a password, etc. are sent each time a command is sent to the IC card, ensuring data security and data transmission with higher transmission efficiency. There is a demand for a non-contact type IC card that enables the above.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a non-contact type IC card that ensures security and enables data transmission with higher transmission efficiency.

  The IC card according to the present invention includes a write password that is collated when data is written to the first area in the user area in the system area, and a read password that is collated when data is read to the second area in the user area. When a write command for the first area is sent from the read / write device together with a password, and a memory storing a system password to be verified when writing to or reading from the system area is performed, This password is compared with the write password stored in the memory, and a write password verification means for determining whether or not these passwords match, and a read command for the second area is sent together with the password from the read / write device. This password and the above The read password stored in the memory is compared with the read password verification means for determining whether these passwords match, and the read / write command for the system area is sent from the read / write device together with the password. In this case, the password is compared with the system password stored in the memory, and the system password verification means, the write password verification means, the read password verification means, and the system password for determining whether or not these passwords match. Based on the verification result of the verification unit, a command execution unit that executes a command sent from the read / write device when each password matches, and a read password limit address that indicates an upper limit address for which the read password is valid. Graphics and, provided with a write password limit address indicating the address of the upper limit write password is valid, but you can change the read password limit address and write password limit address.

  The IC card according to the present invention is such that a third area included in the first area and also included in the second area is present in the memory.

  An IC card according to the present invention includes a write password verification result holding unit that holds a password verification result by a write password verification unit, a read password verification result holding unit that holds a password verification result by a read password verification unit, and a system password System password verification result holding means for holding a password verification result by the verification means, and the command execution means, when a command is sent together with the password from the read / write device, write password verification means, read password verification means Based on the verification result of the system password verification unit, when the passwords match, the command sent from the read / write device is executed, and when the command is sent from the read / write device without the password Light password collation result holding means, in which a structure for performing a read password collation result holding means, or on the basis of the system password collation result holding means collation result held in the command.

  In the IC card according to the present invention, the system area has an area in which an ID code is stored, and the IC card is further stored in the memory when the ID code is sent from the read / write device together with a command. ID code matching means for checking whether or not these ID codes match, and an ID code matching result holding means for holding the matching result of the ID code matching means. The command execution means executes the command based on the collation result of the ID code collating means when the command is sent together with the ID code from the read / write device, and the command is sent from the read / write device without the ID code. In this case, the command is executed based on the ID code matching result held in the ID code matching result holding means. It is obtained by a configuration in which.

  In the IC card according to the present invention, the password verification result holding means holds the password verification result only when there is no transmission error in communication when a command is sent from the read / write device.

  In the IC card according to the present invention, the ID code verification result holding means holds the ID code verification result only when there is no transmission error in communication when a command is sent from the read / write device. .

  According to the present invention, the memory stores the write password, the read password, and the system password, and the command execution unit determines the password based on the verification results of the write password verification unit, the read password verification unit, and the system password verification unit. Is configured to execute the command sent from the read / write device when they match, the memory can be used efficiently with a small password, and each area can be changed by changing the limit address. As compared with the conventional case where a password is provided for each block, the memory can be used more efficiently.

  According to the present invention, since the memory includes an area that includes both the valid area of the write password and the valid area of the read password, the user area can be divided into two passwords with different security levels. It can be managed by dividing into two areas, and there is an effect that the memory can be used more effectively.

  According to this invention, when a command is sent without a password from the read / write device, the verification result held in the write password verification result holding, the read password verification result holding means, or the system password verification result holding means is displayed. Since the command is executed based on this, there is an effect that the data transmission efficiency can be increased and the security can be further increased.

  According to this invention, when a command is sent without an ID code from the read / write device, the command is executed based on the ID code verification result held in the ID code verification result holding means. Therefore, there is an effect that the data transmission efficiency can be further increased.

  According to the present invention, since the password verification result holding means holds the password verification result only when there is no transmission error in communication when a command is sent from the read / write device, a more accurate password There is an effect that error checking can be performed.

  According to the present invention, the ID code collation result holding means holds the ID code collation result only when there is no transmission error in communication when a command is sent from the read / write device. There is an effect that an error check of an ID code can be performed.

Next, an embodiment of the present invention will be described with reference to the drawings.
Embodiment 1 FIG.
FIG. 1 is a block diagram showing a basic configuration of a non-contact type IC card according to Embodiment 1 of the present invention together with a read / write device. In the figure, 100 is a non-contact type IC card, 200 is a read / write device that communicates with the non-contact type IC card 100, and 110 is an electric signal that is converted into radio waves in order to exchange radio waves with the read / write device. Furthermore, a transmission / reception antenna 120 that converts radio waves into high-frequency signals, a transmission / reception circuit 120 that converts the high-frequency signals converted by the transmission / reception antenna 110 into digital signals, and converts the digital signals into high-frequency signals to be supplied to the transmission / reception antenna 110, 140 Is a programmable memory for storing data, 150 is a power supply circuit for supplying power to each part of the non-contact IC card 100, and 300 is a non-contact type for controlling each part of the non-contact IC card 100 Performs information processing for data written to or read from the IC card 100 It is a control circuit. Note that the power supply circuit 150 may be configured to use a small battery or rectify the received radio wave to obtain a DC power supply.

  FIG. 2 is a diagram showing a memory map of the memory 140 according to this embodiment. As shown in the figure, the memory 140 is divided into a user area UA and a system area SA. The user area UA is an area used as application data such as personal information and money amount data of a person who uses the contactless IC card 100. The system area SA is an area used for card control. The system area SA stores a system ID, a card ID, a system password, a read password, a read password limit address, a write password, and a write password limit address. The system ID is for identifying in which system the card is used. The card ID is for identifying the non-contact type IC card 100. The system password is a password that is verified when the system area is read / written. The read password and the write password are passwords that are collated when reading and writing the user area UA, respectively. The read password limit address indicates the upper limit address at which the read password is valid, and the write password limit address indicates the upper limit address at which the write password is valid.

  When a write command for the user area UA is sent from the read / write device 200 together with a password, 361 checks the password against the write password stored in the memory 140 to determine whether these passwords match. Write password verification means 362 for determining the password when the read command for the user area UA is sent from the read / write device 200 together with the password, and compares the password with the read password stored in the memory 140. Read password verification means 363 for determining whether or not the passwords match, when a read or write command for the system area SA is sent from the read / write device 200 together with the password, this password and the memory 14 The system password collating unit 350 collates with the system password stored in the memory and determines whether or not these passwords match. 350 is a write password collating unit 361, a read password collating unit 362, and a system password collating unit 363. This is a command execution means for executing a command sent from the read / write device 200 when the passwords match based on the collation result. The write password verification unit 361, the read password verification unit 362, and the system password verification unit 363 constitute a password verification unit 360. Further, reference numeral 370 denotes ID code checking means for checking the ID code stored in the memory 140 when the ID code is sent from the read / write device 200 together with the command.

  Next, the operation of the non-contact type IC card of this embodiment will be described. First, a schematic communication operation between the read / write device 200 and the non-contact type IC card 100 will be described. First, an ID read command that is an instruction for reading an ID code from the read / write device 200 is sent to the non-contact type IC card 100. The non-contact IC card 100 sends back the system ID and / or card ID in the system area SA. The read / write device 200 determines whether or not the non-contact type IC card 100 has been issued to the system by identifying the system ID from the non-contact type IC card 100. Further, when the service is changed based on the card ID, the card ID is also identified. Next, when reading the user area UA, when reading data at an address lower than the read password limit address, the read / write device 200 reads “read command + system ID + card ID + read”. Send address + read password. When reading data at an address higher than the read password limit address, no password is added.

  Next, the processing operation in the non-contact type IC card 100 will be described. FIG. 3 is a flowchart showing a write command processing operation in the non-contact type IC card 100. First, the command sent from the read / write device 200 is received and decoded (step S301). If the input command is not a command that can be received by the non-contact type IC card 100 (step S302), it is processed as a command error and an error status is set (step S305). If there is no command error, the system ID and the card ID are received and collated with the system ID and the card ID stored in the non-contact type IC card 100 (step S303). If these IDs do not match (step S304), an error status is set (step S305). If the IDs match as a result of the ID collation, the write address is received (step S306). If the address input is an error (step S307), an error status is set (step S305). If the input address is not an error (step S307), it is checked whether the sent address is lower than the write limit address (step S308). If the input address is higher than the write limit address, the process goes to step S312. If the input address is lower than the write limit address, it is checked whether or not the input address is in the system area SA (step S309). If the input address is outside the system area SA, it is input. The write password is received and collated with the write password stored in the non-contact type IC card 100 (step S310). As a result of the collation, if the write password does not match (step S311), an error status is set (step S305). If the passwords match in step S311, the data to be written is received (step S312). On the other hand, if the address input in step S306 is an address in the system area SA (step S309), the input system password and the system password stored in the contactless IC card 100 are collated. (Step S313). As a result of verification, if the system passwords do not match (step S314), an error status is set (step S305). If the passwords match in step S314, the data to be written is received (step S312). When reception of data is completed in step S312 (steps S315 and S316), it is checked whether or not there is a transmission error (step S317). If there is a transmission error, an error status is set (step S318). Next, the error status is confirmed (step S319). If there is an error (step S320), the process goes to step S322. If there is no error when the error status is confirmed in step S319 (step S320), a write command is executed (step S321). If there is a command to be received next, the process returns to step S301, and if not, the process ends (step S322).

  Next, a case where a read command is executed will be described. FIG. 4 is a flowchart showing an operation for executing a read command. The execution of the read command has almost the same flow as the operation of the write command shown in FIG. However, there is no data reception step corresponding to step S312 of FIG. In step S406, the read address is received. In step S408, it is determined whether the input address is equal to or less than the read limit address. In step 410, the read password is verified. In step S421, the read address data is transmitted to the read / write device 200.

  FIG. 5 is a diagram showing a memory map of the memory 140 when the non-contact type IC card 100 of this embodiment is used in a system. As shown in the figure, the system area SA stores a write password, a write password limit address “12H”, a read password, and a read password limit address “1DH”. In this case, since the user area UA is from addresses “10H” to “1FH”, the effective area of the write password (first area) is “10H” to “12H”, and the effective area of the read password (second area). ) Is changed from “10H” to “1DH.” That is, in the area (third area) from the address “10H” to “12H”, a password is required for both reading and writing. Therefore, this area is suitable for storing highly confidential data such as a monetary amount that needs to be read / written even after issuance. In addition, a password is required only for reading from addresses “13H” to “1DH”. For this reason, it is suitable for storing data that only needs to be read after issuance, such as address, name, and telephone number. Furthermore, it is possible to access from “1EH” to “1FH” without a password. Therefore, it is suitable for storing data that does not require security.

  In this way, by providing two passwords, a write password and a read password, it is possible to divide and manage into three types of areas with different security levels. Also, by changing the limit address, the size of each area can be changed, and the memory can be used more efficiently than in the case where a password is provided for each block as in the prior art.

Embodiment 2. FIG.
FIG. 6 is a diagram showing a part of a control circuit, a transmission / reception circuit, and a memory of the contactless IC card according to the second embodiment. In this embodiment, the basic configuration is the same except for the operation of the control circuit and the non-contact type IC card 100 of FIG. The transmission / reception circuit 120 includes a serial I / O 121 that converts parallel data to serial data, a serial data to parallel data, a modulation circuit 122 that modulates data from the serial I / O 121 and supplies the data to the transmission / reception antenna 110, and a transmission / reception antenna And a demodulation circuit 123 that demodulates a high-frequency signal from 110 and supplies it to the serial I / O 121.

  In the figure, reference numeral 300a denotes an ID and password error processing circuit in the control circuit 300. A comparator 301 compares the parallel data sent from the memory 140 and the serial I / O 121 of the transmission / reception circuit 120 and outputs an “H” signal when they do not match. 302 to 305 are reset flip-flops, and 306 to 311 are AND. It is a gate.

  Next, the operation will be described. FIG. 7 is a timing chart showing timings of signals input to each part of the ID and password error processing circuit. The signal IDstat becomes “H” during the ID verification. The signal PASSstat becomes “H” during password verification. The signal CMDwait becomes “H” while waiting for a command (waiting for reception). The signal RESET is output when the card changes from the stopped state to the operating state. The reset command signal is output when a reset command is received from the read / write device 200 and executed. The command signal with ID verification is output when a command with an ID code is executed, and the command signal with password verification is output when a command with a password verification is executed. Strictly speaking, the read / write command signal is output from immediately before checking the error status to the completion of command execution when executing read / write to an area requiring a password. Note that the command signal with ID verification and the command signal with password verification are output at the same timing as the read / write command. The read ID command signal is output when the read ID command is executed. The ID code collation result flag is the output Q of the flip-flop 304 (ID code collation result holding means), and is reset when the ID code collation results in a match. The password verification result flag is reset when the password verification results in a match. The contents of both flags are held until the signal RESET or the reset command signal is input. Note that the flip-flop 304 and the flip-flop 305 (password verification result holding means) are set by the input of the RESET signal or the reset command.

  FIG. 8 is a sequence chart showing a sequence example of communication between the read / write device and the non-contact type IC card. A case where a read command for an area requiring a password is received from the read / write device 200 will be described. First, a read ID command is received from the read / write device 200, and the read ID command signal becomes “H”. Then, since the ID error becomes “L” and the error status indicates that there is no error, the read ID command is executed. Then, the ID code as the execution result is returned to the read / write device 200 (step A). Next, an execution command (read command) + ID code + read address + password is sent from the read / write device 200 to the non-contact type IC card 100. On the non-contact type IC card 100 side, the signal CMDwait becomes “L” by the reception of the execution command, and then the signal IDstat becomes “H”. Next, the received ID code and the ID code in the memory 140 are compared by the comparator 301. When the collation results match, the output Q bar of the flip-flop 302 becomes “H”.

  Next, the read address is received, and it is determined whether the area requires a password. At this time, the signal IDstat becomes “L”. Next, the signal PASSstat becomes “H”, and the received password is compared with the password stored in the memory 140. When the collation results match, the output Q bar of the flip-flop 303 becomes “H”. The contents of the flip-flops 302 and 303 are stored in the flip-flops 304 and 305 as an ID verification result flag and a password verification result flag, respectively, at the timing of the read / write command signal, the ID verification command signal, and the password verification command signal. Will be.

  When the ID code sent from the serial I / O 121 and the ID code stored in the memory 140 are different, the comparator 301 outputs a signal “H”, and as a result, the flip-flop 302 is set. Therefore, an “L” signal is output from the output Q bar, and the flip-flop 304 is not reset. Since the flip-flop 304 is initially set by the signal RESET or the reset command signal, the ID collation result flag becomes “H” and an ID error is output. Even when the passwords are different, a password error is output by the same operation.

  When executing the command, the ID error or password error described above is confirmed, and the command is executed only when there is no error. Then, the execution result is returned to the read / write device 200 (step B). Further, when reading data at another address that requires a password, these commands can be executed on the IC card side by sending only the execution command and address from the read / write device (step C). That is, since the ID code and the password have been collated in step B, it can be executed without sending the ID code and password after step C, so that the transmission data can be greatly reduced. In addition, even if another unverified IC card enters the communication area while the verified IC card and the read / write device are communicating with each other, the flip-flops 304 and 305 are set and the ID is set after reset in each IC card. Since both the verification result flag and the password verification result flag are set so as not to match, another card does not execute the command by mistake.

Embodiment 3 FIG.
FIG. 9 is a diagram showing the configuration of the error processing circuit of the control circuit of the contactless IC card according to the third embodiment of the present invention. In the figure, the same parts as those shown in FIG. 6 are denoted by the same reference numerals, and redundant description will be omitted.

  300b is an error processing circuit of the control circuit of the non-contact type IC card 100, 309a, 309b, 309c, 311a, 312b, 311c are AND gates, 305a (system password verification result holding means), 305b (read password verification result holding means) 305c (write password verification result holding means) are flip-flops for storing a system password verification result flag, a read password verification result flag, and a write password verification result flag, and 312 is output from AND gates 311a, 311b, 311c. This is an OR gate that takes the OR of the error signal. The system area read / write signal is output when the system area read / write command is executed. The read command signal is output when a read command is executed in an area requiring a user area password. The write command signal is output when a write command is executed in an area that requires a user area password. The output timing of these signals is the same as the timing of the read / write command signal described in the second embodiment.

  Next, the operation will be described. In this embodiment, since the output of the ID error signal is the same as that of the second embodiment whose configuration is shown in FIG. 6, the description thereof is omitted, and the output of the password error signal is different from that of the second embodiment. The point will be explained. In the configuration of the second embodiment, there is one flip-flop that stores the password verification result. In this embodiment, however, flip-flops 305a, 305b, and 305c are provided for each system password, read password, and write password. Yes. That is, the results of password verification for each of the system area read / write command, user area read command, and user area write command are stored from the flip-flop 303 to the flip-flops 305a, 305b, and 305c. . For each password, the password verification result flag stored in the flip-flops 305a, 305b, and 305c is referred to without referring to the same password from the command next to the command for which the password has been verified, and the OR gate 312 is referred to. Outputs a password error signal indicating the presence or absence of a password error.

  Therefore, since the verification result can be stored independently for the three passwords, the password error can be checked independently when the system password, the write password, and the read password are provided as described in the first embodiment. it can. For example, in the second embodiment, when a write command without password verification in an area requiring a password is sent after executing a read command for an area requiring a password, the write command is executed. In the form, each password is checked independently, so it is not unconditionally executed in such a case. Therefore, it is possible to perform a password error check with higher security.

Embodiment 4 FIG.
FIG. 10 is a diagram showing the configuration of the error processing circuit of the control circuit of the non-contact type IC card according to Embodiment 4 of the present invention. In the figure, the same parts as those shown in FIG. 9 are denoted by the same reference numerals, and redundant description will be omitted.

  300c is an error processing circuit of the control circuit of the non-contact type IC card 100, 313 and 315 are AND gates, 314 and 316 are inverters. A transmission error signal is input to the inverter. FIG. 11 is a timing chart showing the timing of the signals of each part of the error processing circuit of this embodiment. As shown in the figure, if there is a transmission error, the transmission error signal becomes “H” immediately after receiving the password.

  Next, the operation will be described. In the error processing circuit according to the fourth embodiment, the ID code and the password verification result are not immediately set as flags in the flip-flops 304, 305a, 305b, and 305c. After checking that there is no transmission error, the flag is set in the flip-flop. Therefore, according to this embodiment, it is possible to improve the reliability of the operation of the non-contact type IC card even in an environment where a transmission error may occur.

Embodiment 5 FIG.
FIG. 12 is a diagram showing the configuration of the error processing circuit of the control circuit of the non-contact type IC card according to Embodiment 5 of the present invention. In the figure, the same parts as those shown in FIG. 11 are denoted by the same reference numerals, and redundant description will be omitted.

  300d is an error processing circuit of the control circuit of the non-contact type IC card 100, 316 to 319 are AND gates, and 320 to 323 are OR gates.

  Next, the operation will be described. In the configuration of the second to fourth embodiments, it is assumed that once the ID code and password are verified, no command with ID code and password verification is input thereafter. In this embodiment, each time an ID code / password verification command is input, the ID code / password verification is performed correctly. When a command without ID code / password verification is input, the flip-flop 304 is used. , 305a, 305b, and 305c are referred to, and an ID error and password error signal is output.

  First, the actual circuit operation for ID code verification will be described. In the second to fourth embodiments, the flip-flop 304 is set only when the signal RESET or the reset command signal is input. However, in this embodiment, the flip-flop 302 is connected to the AND gate 316. The flip-flop 304 is further set by the OR gate 320 even when an “H” signal is output from the output Q and the AND gate 313 outputs an “H” signal. That is, if the ID codes are compared by the comparator 301 and they do not match, an “H” signal is output from the AND gate 306 and the output Q of the flip-flop 302 becomes “H”. Further, when there is no transmission error from the AND gate 313 and a command with ID code verification is input, an “H” signal is output. Therefore, the AND gate 316 outputs the “H” signal to the OR gate 320, the output of the OR gate 320 becomes “H”, the flip-flop 304 is set, and the “H” signal is output to the output Q and the ID collation flag indicates an error. Set as a thing. Therefore, even if a plurality of commands with ID verification are input, ID code verification is performed correctly each time. Since the above operation is the same for the verification of each password, the description thereof will be omitted. As described above, since the ID code and password are correctly verified each time a command with ID code and password verification is input, the efficiency of data transmission can be increased and higher security can be ensured. .

It is a block diagram which shows the basic composition of the non-contact-type IC card of Embodiment 1 of this invention with a read / write apparatus. FIG. 3 is a diagram showing a memory map of the memory according to the first embodiment. 4 is a flowchart illustrating a write command processing operation of the non-contact IC card according to the first embodiment. 4 is a flowchart showing a read command processing operation of the non-contact IC card according to the first embodiment. It is a figure which shows the memory map of the memory at the time of being used with the system with the non-contact-type IC card of Embodiment 1. FIG. It is a figure which shows the error processing circuit, transmission / reception circuit, and memory of the control circuit of the non-contact-type IC card of Embodiment 2. 6 is a timing chart illustrating timings of signals input to each part of the error processing circuit according to the second embodiment. 9 is a sequence chart illustrating a communication sequence example between a read / write device and a non-contact type IC card in the second embodiment. FIG. 10 is a diagram illustrating a configuration of an error processing circuit of a control circuit of a non-contact IC card according to a third embodiment. FIG. 10 is a diagram illustrating a configuration of an error processing circuit of a control circuit of a non-contact IC card according to a fourth embodiment. 10 is a timing chart illustrating timings of signals of respective units of the error processing circuit according to the fourth embodiment. FIG. 10 is a diagram illustrating a configuration of an error processing circuit of a control circuit of a contactless IC card according to a fifth embodiment. It is a sequence chart which shows the mode of communication between the IC card and the read / write device in the conventional non-contact type IC card system. It is a figure which shows the memory map of the conventional IC card.

Explanation of symbols

  140 memory, 304 flip-flop (ID code verification result holding means), 305 flip-flop (password verification result holding means), 305a flip-flop (system password verification result holding means), 305b flip-flop (read password verification result holding means), 305c flip-flop (write password verification result holding unit), 350 command execution unit, 360 password verification unit, 361 write password verification unit, 362 read password verification unit, 363 system password verification unit, 370 ID code verification unit, UA user area, SA System area.

Claims (6)

  In an IC card that communicates with a read / write device, a memory for storing data divided into a system area and a user area, the system area having a first area in the user area An area storing a write password to be collated when writing data, an area storing a read password to be collated when reading data to the second area in the user area, and the system area When a write command for the first area is sent from the read / write device together with a password, and a memory having an area storing a system password to be collated when writing or reading is performed. This password is compared with the write password stored in the memory. Write password verification means for determining whether or not these passwords match, and when a read command for the second area is sent from the read / write device together with the password, the password and the memory are stored in the memory. Read password verification means for determining whether or not these passwords match, and when a read or write command for the system area is sent together with the password from the read / write device, A system password verification unit that verifies the password and a system password stored in the memory and determines whether or not the passwords match, the write password verification unit, the read password verification unit, and the system path A command execution unit that executes a command sent from the read / write device when the passwords match based on a verification result of the code verification unit, and a read password that indicates an upper limit address for which the read password is valid An IC card comprising a limit address and a write password limit address indicating an upper limit address at which the write password is valid, wherein the read password limit address and the write password limit address can be changed.   2. The IC card according to claim 1, wherein a third area included in the first area and also included in the second area is present in the memory.   Write password verification result holding means for holding the password verification result by the write password verification means, Read password verification result holding means for holding the password verification result by the read password verification means, and password verification by the system password verification means System password verification result holding means for holding a verification result, and the command execution means, when a command is sent together with a password from the read / write device, the write password verification means, the read password verification means, Based on the verification result of the system password verification means, the command sent from the read / write device is executed when the passwords match, and the command is sent from the read / write device without the password. The command is executed based on a verification result held in the write password verification result holding unit, the read password verification result holding unit, or the system password verification result holding unit. 1. The IC card according to 1.   The system area has an area where an ID code is stored, and when the ID code is sent together with a command from the read / write device, the ID code is compared with the ID code stored in the memory. And an ID code collating unit that determines whether or not these ID codes match, and an ID code collation result holding unit that holds a collation result of the ID code collating unit, and the command executing unit includes the command execution unit When a command is sent together with an ID code from the read / write device, the command is executed based on the collation result of the ID code collating means, and when a command is sent from the read / write device without an ID code A command is executed based on the ID code verification result held in the ID code verification result holding means. IC card according to claim 3, wherein a.   4. The IC card according to claim 3, wherein the password verification result holding means holds the password verification result only when there is no transmission error in communication when a command is sent from the read / write device.   5. The IC according to claim 4, wherein said ID code collation result holding means holds the ID code collation result only when there is no transmission error in communication when a command is sent from said read / write device. card.

Images