JPH0530203Y2 - - Google Patents

Description

[Detailed description of the invention] [Technical field of the invention] This invention relates to an IC card that can read confidential information with high security.

[Prior Art and Its Problems] In recent years, it has been called the cashless era, and by using cards issued by credit card companies, it has become possible to purchase products without handling cash.

Conventionally, the cards used include plastic cards, embossed cards, and magnetic stripe cards, but these cards are easy to forge due to their structure, so unauthorized use has become a problem.

Therefore, in order to solve this problem, an information card with a personal identification number stored inside the card, a so-called IC card, is being considered.
An IC card system that combines an IC card and a terminal has been developed.

By the way, the system used in this kind of system
In addition to IC information that is unique to the card, an IC card stores confidential information such as a highly confidential personal identification number (PIN) and account amount. In this case, in particular, confidential information can be obtained by entering specific data (such as a personal identification number "PIN") from outside the card.
Access is made only when a comparison match is confirmed within the card, so that confidential information within the card is not easily leaked to the outside.

However, as an exception, the card issuer owns the transport key as a special information read command, and when this key data is entered, all confidential information on the card can be freely accessed at any time and under any circumstances. It's starting to be seen.
Therefore, if the transport key were to become known to another person, someone other than the card issuer would be able to compare and match the keys, and the
All the secret information of the IC card is revealed, etc.
There was a risk that the security of the card would be significantly compromised.

[Purpose of the invention] This invention was made in view of the above circumstances.
The purpose of the present invention is to provide an IC card that can reliably prevent unauthorized reading of confidential information and improve safety in use.

[Key points of the invention] According to the IC card of this invention, reading of confidential information using the transport key is permitted only when the IC information is erased due to card invalidation and the card function is temporarily suspended. It's summery.

[Embodiment of the invention] An embodiment of the invention will be described below with reference to the drawings.

FIG. 1 shows the circuit configuration of the same embodiment. In the figure, 11 is a system bus, and this system bus 11 includes a system program storage unit 1.
2, working RAM 13, answer-to-reset storage section 14, amount calculation section 15, control section 1
6, read/write control section 17, data latch section 18, comparator 19, and serial I/020 are connected.

Here, the system program storage section 12 stores various system programs and also stores a code signal indicating whether or not the signal transmitted and supplied from the terminal side is correct.

The working RAM 13 stores various processing data within the card.

The answer-to-reset storage unit 14 stores all operating conditions for the IC card itself (for example, data writing, applied voltage, current permissible value and maximum applied voltage, maximum data transmission amount, and maximum response waiting time). When the internal initialization of the card itself is completed, the condition data can be sent to a terminal (not shown) as answer-to-reset data in a predetermined format.

Amount calculation unit 15 calculates the transaction amount for the card transaction, and stores the amount data in amount storage unit 21 .

The control section 16 outputs operation commands to each circuit according to the received data transmitted and supplied via the serial I/020 and the operation state.

The read/write control unit 17 controls the writing and reading of data to the memory unit 22 in response to a command from the control unit 16. In this case, the memory unit 22 has a card ID information storage unit 221, a secret information storage unit 222, and a public information storage unit 223. Here, the card IC information storage unit 221 stores card-specific information such as a country code, a system code, an issuer code, a language code, a card version number, an issue date, and an effective date, while the secret information storage unit 222 stores, for example, the card owner's personal identification number "PIN", an account amount, and an encryption key for card authentication. Furthermore, the public information storage unit 223 stores all application names of the IC card and card owner information such as a name, address, and telephone number.

The data latch section 18 temporarily stores data input from the terminal. Then, the data stored in the data latch section 18 and the data read out from the storage section 22 corresponding to this data are compared by the comparator 19, and the comparison result is sent to the control section 16.
give to

A control unit 16 to which the comparison result of the comparator 19 is given.
gives an output to the non-access flag storage section 23 or the access flag storage section 24. Here, in a state where the flag of the non-access flag storage section 23 is set, the read/write control section 17
access flag storage unit 2.
With flag No. 4 set, the read/write control section 17 is allowed to read from the storage section 22.

The serial I/020 is used to exchange data with the terminal via the data input/output terminal I/O.

Note that when the IC card thus constructed is attached to the terminal, the reset signal Reset and the system clock Clock are supplied from the terminal side, and the Vcc power supply, Vpp power supply, and GND are connected. Here, Vcc power supply is a power supply for driving the system, Vpp is a power supply for writing to the storage section 22, and the power supply voltage is set on the terminal side based on the answer-to-reset data stored in the answer-to-reset storage section 14. is set.

Next, the operation of the embodiment configured as described above will be explained.

First, when you insert the IC card into the terminal,
It is activated by receiving a reset signal from the terminal. Then, the answer-to-reset data stored in the answer-to-reset storage section 14 is read out under the control of the control section 16, and the answer-to-reset data stored in the answer-to-reset storage section 14 is read.
Sent to the terminal from 020. Then, a command to read ID information will be sent from the terminal. In this state, ID information is read out from the card ID information storage section 221 of the storage section 22 according to a command from the control section 16 and sent to the terminal. When the terminal confirms this, it will then send a command to read all application names. As a result, in the IC card, the internal application name is read from the public information storage section 223 of the storage section 22 according to a command from the control section 16 and sent to the terminal. When an application is selected on the terminal, an owner information read command is sent. Then, according to a command from the control section 16, the storage section 22
The owner information is read out from the public information storage section 223 and sent to the terminal. This makes it possible to identify the nature, purpose, and owner of the IC card.

Next, a password verification is performed. In this case, when the personal identification number "PIN" is input from the terminal, it is provided to the data latch section 18 via the serial I/020. On the other hand, the personal identification number “PIN” is read out from the secret information storage unit 222 of the storage unit 22 according to a command from the control unit 16 and is provided to the comparator 19. In this state, the personal identification number "PIN" latched in the data latch section 18 and the personal identification number "PIN" read from the secret information storage section 222 are compared by the comparator 19, and the comparison result is provided to the control section 16. In this case, when a match is obtained and the password is verified, a specific personal file of a host computer at a bank or the like is accessed via the terminal, and an actual monetary transaction is performed.

By the way, the characteristics regarding such IC cards,
Prior to confirmation and selection of each piece of information in a series of information exchanges to identify the purpose and owner, verification is performed to verify the validity of the card and terminal, but verification errors may occur here. Further, in the above-described verification of the personal identification number "PIN", if the verification fails, the personal identification number "PIN" is allowed to be re-entered, but the number of re-inputs may reach a predetermined number n.

In such a case, the process proceeds to step A1 shown in the flowchart of FIG. 2 as an unauthorized access to the IC card.

In this step A1, the storage section 22 of the IC card is
is stored in the card IC information storage unit 221 of
Delete ID information. In other words, by erasing the ID information, the function of the card is temporarily suspended and the card becomes invalid.

IC cards whose functions have been suspended in this way are
In principle, the information will be brought to the card issuer.

The card issuer attaches the invalidated IC card to the card issuer terminal. Then, the process proceeds to step B1 shown in the flowchart of FIG.
In this step B1, a transport key input is given as an information read command from the key input section of the terminal. This key input data is sent to the control section 16 and latched by the data latch section 18. Then, first, as shown in step B2, the control section 16 determines whether or not there is ID information in the card ID information storage section 221 of the storage section 22.
In this case, the IC card will have an ID due to the above-mentioned invalidation process.
Since the information has been deleted and the answer is NO,
Proceed to step B3.

In step B3, the transport key data is read from the secret information storage section 222 of the storage section 22 via the read/write control section 17 according to a command from the control section 16, and is provided to the comparator 19. The comparator 19 then compares the data with the transport key input latched in the data latch section 18. Here, if the two match, that is, if the verification is established, the process proceeds to step B4. Then, control section 1
6, the flag in the access flag storage unit 24 is set, and this information is transmitted to the read/write control unit 17.
given to.

As a result, even if the IC card is temporarily disabled, the secret information storage section 222 can be accessed in response to various requests given from the terminal.
Necessary secret information can now be read. After the cause of the invalidation of the card is investigated by reading out such confidential information, various ID information is written to the ID information storage section 221, and the card function is restored and the card owner can use it again. It becomes possible.

On the other hand, in step B3, if the transport keys do not match and are not established, the process proceeds to step B5. In this step B5, the control section 16
The flag in the non-access flag storage unit 23 is set, and this information is transmitted to the read/write control unit 17.
given to.

As a result, the IC card is stored in the secret information storage unit 222 no matter what request is given from the terminal.
is no longer accessed, and the card remains in a temporarily disabled state.

By the way, if the transport key is known to another person, the person who knows the transport key may try to read the secret information of the other person's IC card that is currently being used illegally. However,
Since the ID information is still stored in the IC card that is currently in active use,
If YES is determined, proceed to step B5. Then,
The flag in the non-access flag storage section 23 is raised by the control section 16, and this information is given to the read/write control section 17. As a result, the secret information storage section 222 of the IC card will not be accessed no matter what request is given from the terminal, and the secret information of the card will be prevented from being read out to the outside.

Therefore, by doing this, the ID information will be erased due to card invalidation processing, and only for IC cards whose card functions have been temporarily suspended, reading of confidential information will be allowed upon successful verification of the transport key. , If the transport key is known to someone else, even if the person who knows the transport key tries to read the confidential information of the other person's IC card that is currently being used illegally,
It is possible to prevent reading of secret information from an IC card that has ID information currently in use. In this case, it is conceivable that someone who has illegally learned the transport key will attempt to read confidential information from the IC card whose ID information has been erased after the card has been invalidated. This can prevent fraud. This makes it possible to reliably prevent the reading of confidential information based on fraudulent activity, thereby dramatically increasing the security of card usage.

Note that this invention is not limited to the above-mentioned embodiments, and can be implemented with appropriate modifications within the scope of the invention. For example, in the above-described embodiment, when the card is invalidated, the ID information is deleted and the card functions are temporarily stopped, but other specific information may be deleted.

[Effects of the invention] According to this invention, it is possible to provide an IC card that can reliably prevent unauthorized reading of secret information and improve safety in use.

[Brief explanation of the drawing]

FIG. 1 is a block diagram showing the circuit configuration of an embodiment of this invention, and FIGS. 2 and 3 are flowcharts explaining the operation of the embodiment. 11...on the system bus, 13...working
RAM, 14...Answer-to-reset storage unit, 17...Read/write control unit 17, 18...
...Data latch unit, 19...Comparator, 22...Storage unit, 221...Card ID information storage unit, 222
... Secret information storage section, 223 ... Public information storage section, 23 ... Non-access flag storage section, 24 ...
Access flag storage.

Claims (1)

[Scope of utility model registration request] A storage means that stores at least confidential information and specific information, a specific information erasing means that erases the specific information from the storage means under predetermined conditions, a collation means that collates an information read command given from the outside, and An IC card characterized by comprising: control means for permitting reading of secret information from the storage means on the condition that verification of the information read command is verified by the means and erasure of the specific information.