JPH0652545B2 - IC card having data management means - Google Patents

Description

TECHNICAL FIELD The present invention relates to a data management device in an IC card,
The present invention relates to an IC card having a data management means that allows new data to be sequentially stored in a memory built in the IC card and the data can be read out as needed.

(Prior Art) According to a conventional art of this kind, a CPU for processing data according to a certain program, a memory including a personal identification number area, an index area group, and a storage area group are provided. Is composed of a plurality of storage areas, and each storage area contains a plurality of records for sequentially storing a particular type of data. When the data is entered together with the personal identification number, after confirming that the personal identification number is correct, the corresponding index area is read, and the input data is written to the record to be written next to the storage area designated by the read index area. Write. When all the records in the corresponding storage area have been written, the data cannot be written in that storage area even if data is input thereafter.

(Problems to be Solved by the Invention) According to the conventional techniques as described above, each storage area is assigned an area having a capacity that is considered necessary by predicting the number of times data is input in advance. If the data is input more times than this, there arises inconveniences such as the inability to store new data and the complicated data storage operation.

In this case, after writing the data in the record of the last write order in each storage area, the data can be written again in the record of the first write order so that the data can be rewritten cyclically as many times as possible. However, if the cyclic rewriting is always enabled, old data that would be a problem when erasing may be erased.

An object of the present invention is to perform cyclic rewriting when data is rewritten frequently or when data is written to a storage area that stores data such that old data is unnecessary because new data is written. It is an object of the present invention to provide an IC card having a data managing means that enables circular writing in the case of writing to a storage area for storing data that may cause inconvenience when old data is erased.

(Means for Solving Problems) According to the IC card having the data management means according to the present invention, at least a CPU and a memory capable of rewriting data are provided, and the memory has a plurality of records. An IC card having a storage area and having a data management means for sequentially writing data to these records or reading the written data, and designating the address of the record to which the next input data is to be written. Record pointer means, means for determining whether or not data has been written in the record in the final write order, and the record if the determination means determines that no data has been written in the record in the final write order .Means for causing the pointer means to specify the address of the record having the next write order of the record last written , Means for setting whether or not the storage area is in a circulation mode in which data should be sequentially circulated and written in the record, and when the determining means determines that the data has been written in the record in the final writing order, Means for causing the record pointer means to specify the address of the record in the highest write order only when the setting means is set in the circulation mode.

(Operation) When write data is input, the input data is stored in the record designated by the record pointer means. At the same time, the judging means judges whether or not the record just written is in the final writing order. When it is judged that the record is not in the final writing order, the record pointer means When the address of the record in the write order is specified, and when the determination means determines that the record just written is in the final write order, only when the storage area is set to the circulation mode By making the record pointer means specify the address of the record with the highest write order, it is possible to rewrite data from the record with the highest write order even after all the records have been written. ing.

(Effect of the Invention) According to the present invention having such a configuration and operation, data can be rewritten in a storage area set to the circulation mode repeatedly as many times as possible, so that data is stored in all records. Even if it has been written, old unnecessary data can be erased and new data can be written in its place, so that the memory can be used efficiently and economically. Then, the data can be cyclically rewritten to the storage area in which the circulation mode is not set, and the old data which is troublesome to be erased is retained as it is without being erased. Further, according to the present invention, since the write position of the new write data and the write position of the latest data can be specified by the record pointer means, the data management at the time of reading / writing the data is correctly executed. can do.

Embodiment An embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 is a diagram showing a circuit configuration of the present invention. A CPU chip 40 and a memory chip 41 are mounted on the IC card 1. The IC card 1 is provided with five contact terminals 5 so that it can be electrically connected to an external circuit. The CPU chip 40 includes a CPU 401 that performs calculation control based on a program, a ROM 402 that stores the program and the like, and a RAM 403 that temporarily stores data and the like during execution of the program.
The memory chip 41 includes an EEPROM 411 that can electrically erase and write data any number of times.

The IC card is used by being connected to a host computer via an IC card reader / writer as shown in FIG. The keyboard is for inputting various commands (commands) such as a personal identification number, reading or writing, and data (information), and is connected to a host computer or a reader / writer. The reader / writer, the host computer, and the keyboard may be integrally formed, or they may be formed as separate devices and connected to each other by communication means.

FIG. 3 shows the EEPROM 411 according to the embodiment of the present invention.
Shows the configuration of. This EEPROM comprises a system area for storing information for managing the entire IC card, and a laser area for storing data to be actually recorded and information for managing the data. The system area is provided with a personal identification number area in which the personal identification number used in this IC card is stored and a key lock area for managing erroneous input of the personal identification number. The personal identification number is a personal identification number that is unique to the card user, a management key that identifies the card administrator of the business entity, and a business entity key that identifies the relationship between the data (or storage area) and the business entity. And an issuer key for identifying the issuer of the IC card.

On the other hand, the user area includes a storage area group including a plurality (X) of storage areas and an index area group including the same number of index areas provided in a one-to-one correspondence with each of the storage areas. The individual index areas are the storage areas of the corresponding storage areas (the No. n index areas correspond to the No. n storage areas) as illustrated in the No. n index areas on the right side of FIG. It is divided into definition information and storage area management information. This will be described again with reference to FIG. Each storage area is divided into m records from the 1st to the mth (m can be set arbitrarily), as illustrated in No. n storage area in FIG. One data is stored in the record.

FIG. 4 shows the structure of the No. n index area corresponding to the No. n storage area in the user area of FIG. 3 in more detail. First, the storage area definition information of FIG. 4 will be described. A storage area start address is defined in the first and second bytes. This shows the start address of the No. n storage area. Next, in the third byte, the security level W. S. L.
(Write Seculity Level.) And security level R. S. L. (Read Seculity Level) is defined. The security level gives a difference in confidentiality depending on the content of information, and is set by selecting the type of personal identification number required for access according to the confidentiality. That is, the information in this storage area defines which and which personal identification number can be accessed. In the present embodiment, the security level is defined by 4 bits, and the business entity key is required / unnecessary in the highest bit and the private key, management key and issuer key are required / unnecessary in the lower 3 bits. The 4th and 5th bytes define the type of business entity key required for writing and reading, respectively. In the present embodiment, since it is defined by 8 bits, 8 kinds of business entities can be defined. That is, composite IC
Eight business companies can participate in the card. This business entity key level can be defined differently for reading and writing depending on the content of information. The sixth byte defines the record length of the corresponding storage area.

The seventh byte defines the number of records that can be used in the storage area (m in FIG. 3).

The 8th byte defines the mode of the corresponding storage area, the details of which will be described later with reference to FIG. The 9th and 10th bytes are spare bytes to which other processing functions can be added.

Next, the storage area management information will be described. The lower two bits of the 11th and 12th bytes are written with the number of incorrect input of the personal identification number during writing and reading, respectively. The thirteenth byte plays the role of an address pointer for designating the address of the record to be written next in the process of writing data, which is an important element of the present invention.
The 14th byte is a storage area status byte. When the number of key errors in the 11th or 12th byte reaches 3, the storage area lock bit for prohibiting access to the storage area is written. And a permanent that permanently locks access to that storage area.
A lock bit and the highest full bit F indicating that all the records in the corresponding storage area have been recorded are defined. Both lock bits are defined for access for both read and write. The first
The upper 5 bits of the 1st and 12th bytes are the first
Since the number of times the 4-byte storage area lock bit is released (unlocked) is written, the write lock and the read lock can be written separately. It is not possible for anyone to unlock the memory area, lock, and bit, and it will not be possible without entering the specified PIN and command. This unlock is a remedy for the lock caused by the mistaken input of the personal identification number due to the negligence of the legitimate card user or the business entity. However, if this unlock is repeated 31 times and then the storage area becomes the locked state, the storage area cannot be permanently unlocked. In that case, the above-mentioned 14th
The permanent lock bit in the byte storage area status is written. The fifteenth and first
The 6 bytes are spare bytes.

FIG. 5 shows details of the storage area mode of the 8th byte of the storage area definition information shown in FIG. The 0th bit of this byte stores the record write mode. When this bit "0" is recorded, a predetermined number of times is repeated even if all the records in the corresponding storage area have been written. It represents a circular mode in which the data of each record can be rewritten in the writing order. When "1" is recorded in this bit, the data will be rewritten further after all records have been written. Represents a full stop mode that disables. Also, the first bit of this byte is a code indicating whether or not each record in the corresponding storage area is accompanied by a record status byte indicating the attribute of the record (when it is "0", there is no
If "1", it is recorded. The second bit has a check code that has a check code for error detection in each record.
A code indicating whether or not a byte is attached is recorded (“0” means nothing, “1” means yes). The upper 5 bits of this byte are unused.

The operation of the data management device according to the present invention will be described below.

FIG. 6 shows a basic operation flow when the IC card shown in FIG. 1 is connected to the IC card reader / writer shown in FIG. The IC card reader / writer has a card insertion portion (not shown), and when the card is inserted into the insertion portion, the electrical contact 5 of the card and the contact provided on the reader / writer come into contact with each other. It should be noted that the connection between the card and the card reader / writer is not limited to only metal contacts such as metal conductors, but optical connection means or optical connection means may be used as long as signals can be transmitted between the card and the card reader / writer. Various signal transmission means such as acoustic connection means or electromagnetic induction connection means can be used. When the IC card is inserted into the IC card reader / writer and connected, the power is supplied to the IC card in step 60, and a clock pulse or the like starts to be sent to the card. As a result, the IC card receives power supply and clock pulse is input,
It is reset to the operable state. The IC card outputs the answer to reset byte at step 61, and enters the standby state for command input. The reader / writer receives the answer to reset byte at step 62 and then outputs the command at step 63. The command includes a command to input, read or write a personal identification number, and the following steps are executed for each command.

When the IC card receives the command in step 64, the command is executed in step 65, the result of executing the command in step 66 is transferred to the reader / writer, and the process returns to step 64 again. When the reader / writer receives the result of executing the command in step 67, step 68
Check whether there is a next command, and if there is, return to step 63 and repeat the above procedure. Step 6 based on the command that all command processing has been completed
8 judges "NO" and proceeds to step 69, where the reader / writer stops the supply of power to the card, terminates the operation of the IC card, and displays necessary processing such as displaying that processing has been completed. Take action.

FIG. 7 shows the procedure of the reading and writing operations of the IC card according to the present invention, and corresponds to the closed loop flow of steps 64 to 66 of FIG.

First, in step 71, initial setting is performed. This corresponds to steps 60, 61 and 62 of FIG.
Next, at step 72, commands and data are input.
This includes input of a necessary personal identification number, a read instruction and designation of a storage area to be read, the following instruction and designation of a storage area to be written, and input of write data. The read command includes a history continuation command that reads all the data recorded in the storage area and an update read command that reads only the latest data. At step 73, it is checked whether the personal identification number (key) has been input. If the personal identification number has been input, it is checked at step 74 whether the personal identification number is prohibited (key lock). The keylock is
This is provided to prevent unauthorized use of the PIN, and unlike the one that prohibits access to the storage area (storage area status byte in Fig. 4), prohibits the use of the PIN itself. It is a thing. That is, when the personal key, the management key, the issuer key, and the business entity key (plurality) do not match the correct personal identification number 15 times in succession, the personal identification number cannot be used (key lock).
In the case of a keylock, a keylock area is provided for each personal identification number in the system area shown in FIG. 3, and when the number of discrepancies in the personal identification number reaches 15, the keylock is written. At step 74, the key-lock area of the system area is read and it is checked whether or not the inputted personal identification number is key-locked. If it is a key lock, the card cannot be processed with the personal identification number, so an error notification is sent to the reader / writer at step 75 and the next new command is waited for. If not locked
In step 76, the system area is read out and the password is collated. In step 77, the collation result (whether it matches or not)
Is stored in the RAM 403 to notify the end of collation, and the process returns to step 72. Next, at step 72, when a read command consisting of a read command and designation of a read storage area is input, step 73 does not indicate key input, so step 7
Go to 8. At step 78, it is checked whether or not the read command is issued. Since it is a read command now, step 79
Then, the storage area status byte (FIG. 4, byte 14) corresponding to the storage area designated by the command is read out, and at step 80, whether the storage area lock or permanent lock has been set. Check out. If it is locked, step 81
Then, the error notification is sent to the reader / writer, and it waits for another command. If it is not in the locked state, step 82 performs the key check. This is the RAM 403 in step 77.
Check whether the key matching result stored in is a match or a mismatch. If the check results do not match, an error is notified in step 83 and the next command wait state is entered. If the result of the check check is OK, the designated storage area is read at step 84. The details will be described later. If the command in step 72 is a write command consisting of a write command, a designation of a write storage area, and write data, the process moves from step 86 to step 87. If it is neither a read command nor a write command, other processing is performed in step 88 and the process returns to step 72. In step 87, the storage area status byte corresponding to the storage area designated by the command is read out, and in step 89 the storage area lock and the permanent lock are checked. If it is in the locked state, an error notification is given in step 90, and another command waiting state is entered. If it is not in the locked state, the key check is performed in step 91. If the key check results do not match, an error is notified in step 92,
If they match, the data is written in the designated storage area in step 93. The details will be described later.

FIG. 8 is a flow chart showing the data writing in step 93 in FIG. 7 in more detail. In the figure, first, in step 95, it is judged whether or not the cyclic writing is performed based on the contents of the 0th bit (see FIG. 5) in the storage area mode shown in FIG. If "NO" is determined here, the full stop mode is in effect, so at step 96, the record of the corresponding storage area is made by the highest full bit F in the storage area status (14th byte) of FIG. Has been recorded, and if "YES" is determined here, no more data can be written. Therefore, in step 97, a notification that the storage area is full is issued and the processing ends. . If step 96 determines “NO”, step 9
Go to 8. When it is determined in step 95 that the cyclic writing is performed, the process also proceeds to step 98. At step 98, the contents of the record address byte (13th byte) shown in FIG.
The data is read to the record pointer in M403, and the data and the check byte are written in the record designated by the record pointer in step 99. Then, in step 100, the content of the record pointer is incremented by 1 to specify the address at which the next input data is recorded. At step 101, it is checked whether or not the result of the increment is a record having a rank corresponding to the number of records in the storage area. Where "NO"
If it is determined that the record
The contents of the pointer are written into the record address byte (FIG. 4, 13th byte) in the corresponding index area, and the write result is output in step 103.

If "YES" is determined in the step 101, it means that all the records in the corresponding storage area have been written. Therefore, in the step 105, the record address byte is written to the first write order of the storage area. The address of the record is written, then at step 106, the flag indicating the full storage area is set to the highest full bit F in the storage area status byte (14th byte) in FIG. 4, and the write result is obtained at step 103. And output.

FIG. 9 is a flow chart showing in more detail the contents of the data read at step 84 in FIG. In the figure, first, in step 109, it is judged whether or not it is an update read command. When it is judged that the update read / write instruction is executed, step 110 is executed.
In order to read out only the latest data, the record pointer stores the address of the record in which the final write data is decremented by 1 from the record address byte (FIG. 4, 13th byte), and step 111
In step 112, the latest data is read out, and in step 112, the check byte is used to check if there is any error. After that, in step 113, the corresponding latest information is output, and the process ends.

On the other hand, if "NO" is determined in the step 109, it means that the instruction is a history read command, and the process proceeds to the step 115 first. In step 115, the storage area, status,
A check is made as to whether or not writing of all records has been completed by the highest full bit F of bytes (FIG. 4, FIG. 14). If “YES” is determined here, the record /
Since the content of the address byte will represent the address of the record in which the oldest data was recorded, at step 116 the content of that byte is set in the record pointer. If "NO" is determined in the step 115, since the writing to the record has not been completed yet, the oldest data is recorded in the record of the first writing order. Therefore, the first writing is performed in the step 117. The record address of the priority order is set in the record pointer. Next, in step 118, the data of the record designated by the record pointer is read out, in step 119, the check / byte collation is performed, and in step 120 the data is output. Then, in step 121, the record pointer is incremented by 1, and in step 122, it is judged whether or not the rank of the record designated by the record pointer is equal to the number of records. If "YES" is determined here, the contents of the record pointer are set to the address of the first write order record in step 123, which means that the record of the last write order is just read out.
Proceed to 24. Even if it is determined to be "NO" in step 122, the process also proceeds to step 124. In step 124, it is judged whether or not the address pointer is equal to the address (record address byte content) of the record to which the data to be inputted next is written. If "YES" is judged here, the history reading is carried out. Since all have ended, this flow ends. If "NO" is determined in the step 124, the process returns to the step 118 to read the data of the next record.

In the above description, the address of the record is recorded in the record address byte (FIG. 4, 13th byte). However, apart from this method, the record number in the corresponding storage area causes the corresponding record to be recorded. May be accessed.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing a circuit configuration of an IC card according to the present invention, and FIG. 2 is an IC card for inserting an IC card.
FIG. 3 is a diagram showing the relationship between the reader / writer, the host computer and the keyboard, FIG. 3 is a diagram showing the area structure of the EEPROM shown in FIG. 1, and FIG. 4 is one index in the index area group of FIG. FIG. 5 is a configuration diagram, FIG. 5 is a diagram showing details of the storage area mode in FIG. 4, FIG. 6 is a flowchart showing the mutual operation relationship of the IC card and the IC card reader / writer, and FIG. FIG. 6 is a flow chart of the main operation part of the IC card in FIG. 6, FIG. 8 is a flow chart of a write operation, and FIG. 9 is a flow chart of a read operation.

Claims (1)

[Claims] 1. At least a CPU and a memory capable of rewriting data are provided, and the memory has a plurality of storage areas having a plurality of records, and data is sequentially written in the records or written data. It is an IC card having a data management means for reading data, and a record pointer means for designating an address of a record to which the next input data is to be written, and whether or not the data is written in the record of the final writing order. And a means for determining whether or not data has not been written in the record in the final write order, the record pointer means determines whether the record in the write order next to the record last written in the record pointer means. The means for specifying the address and the circulation mode in which the storage area is to be written by sequentially circulating the data in the record. And a record pointer only when the setting means is set to the circulation mode when the determining means determines that the data is written in the record of the final writing order. An IC having a data management means, characterized in that the means includes means for designating the address of the record in the highest writing order.
card.