JPH07219851A - Pc card and its loading/unloading method - Google Patents

Abstract

PURPOSE:To surely detect that a PC card of a memory bus system is once unloaded at the side of a system which contains the PC cared and a host terminal equipment that works when the PC card is loaded. CONSTITUTION:When a PC card 2 is loaded into a terminal slot 14, the flag information of the card 2 is turned off. Then the card 2 continuously transmits the error signals to the access commands received from a terminal equipment 1 unless the flag information is turned on after a host prescribed control command is received from a PCC initialization module 131. Furthermore the processing is not carried on as long as a prescribed certification code is not accordant even after the flag information is turned on.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a collaborative system of a host terminal device and a PC card, and more particularly to a memory bus system P used in a system where security is valued.
The present invention relates to a C card and a management method for inserting and removing the PC card.

[0002]

2. Description of the Related Art In recent years, a PC (programmab) in which a card having a CPU chip and a memory is dedicated to sequence control is used.
le controller) cards are widely used.

Among such PC cards, those of the I / O bus type access the memory by the I / O address. One of the features of this type of PC card is the I / O bus interface control LS.
It has an I (large-scale integrated circuit) and an interrupt function.

On the other hand, the memory bus (direct connection) type PC card does not have the interrupt function because it does not have the control LSI, but since the signal of the memory element is directly output to the card interface, the memory element itself can be accessed at high speed. It is possible and has the advantage of requiring fewer peripheral parts.

Such a PC card is used as a key for operating the system, for example, in a system that cooperates with a host terminal device. That is, when the PC card is inserted into the terminal slot (card access mechanism), the host terminal device refers to the individual ID (identification information) of the card and confirms that it matches the predetermined authentication code, and then the system is started. While in the operating state, various sequence controls are executed based on the control procedure and related data (security information) programmed in the memory in the PC card to be changeable at any time.

[0006] Conventionally, the management of the insertion and removal of the PC card has been entrusted to a predetermined operator in charge, and the above-mentioned management is not performed by the host terminal device.

[0007]

By the way, it is extremely easy to manually insert the PC card into the terminal slot, and the detection of the insertion / removal of the PC card depends on the visual detection by the operator. Therefore, even if a third party removes the PC card while the system is operating or reinserts it, the upper terminal device cannot detect the situation.

In this case, in the case of an I / O bus type PC card, when the self card is removed, the upper terminal device is interrupted and an error signal or the like is transmitted so that the higher terminal device side is informed of the situation. Can inform you. However, since the memory bus type PC card does not have the interrupt function as described above, even if the self card is unplugged, it cannot be notified to the host terminal device.
That is, in a system using a memory bus type PC card, even if the PC card is once removed and then reinserted, the upper terminal device continues processing according to a predetermined procedure. Therefore, the security during operation becomes insufficient, and there is a problem that a third party replaces the PC card with an adverse effect.

In view of such a problem, the present invention is a memory bus type PC which facilitates insertion / removal management on the terminal side.
It is an object of the present invention to provide a card and an insertion / removal management method for improving the security of a system using this PC card.

[0010]

A PC card according to the present invention that achieves the above object stores security information including identification information, and when installed in a card access mechanism of a cooperating terminal device, the PC card can In a memory bus type PC card that permits access to the security information, lock means for forming an access prohibited state to the security information upon mounting to the card access mechanism, and a predetermined control command from the terminal device. And a lock releasing means for releasing the access prohibition state upon reception of the message, and an error signal is returned to the access command from the terminal device in the access prohibition state.

The PC card insertion / removal management method of the present invention which achieves the above object, is a memory bus type PC card in which security information including identification information is stored, and the PC card mounted in the card access mechanism. A method for managing insertion / extraction of a PC card into / from the card access mechanism in a system having a terminal device for accessing the PC and fetching desired security information, wherein the PC is triggered by mounting the PC card in the card access mechanism. The first step of forming an access prohibition state for the security information of the card, the second step of sending the predetermined control command generated by the terminal device to the PC card in the access prohibition state, and the reception of the predetermined control command. And a third step of releasing the access prohibition state of the PC card. To access command from said terminal device, characterized in that said PC card sends back an error signal.

Another method of the present invention is the above-mentioned PC card insertion / removal management method, which further comprises a fourth step of loading the identification information of the PC card whose access-prohibited state has been released into the terminal device. The fifth step of encrypting the identification information with the key information unique to the terminal device to generate a check authentication code, and P which the terminal device previously acknowledged to cooperate with
A sixth step of comparing the authenticating code obtained by encrypting the identification information of the C card with the key information and the checking authenticating code to judge the matching between the two authenticating codes, and the terminal when the matching is found. And a seventh step of executing a process of transmitting a subsequent access command from the device to the PC card.

[0013]

In the PC card of the present invention, the lock means is activated when the terminal device is attached to the card access mechanism, and the access prohibited state is immediately formed. When an access command is received from the terminal device in this state, an error signal is returned to the terminal device. As a result, the terminal device
It is possible to detect that the C card has been removed at least once. After that, when a predetermined control command is received from the terminal device, the lock release means is activated upon this reception to release the access prohibition state. As a result, it becomes possible to control the processing for subsequent access commands from the terminal device.

Further, in the PC card insertion / removal management method of the present invention, the PC card and the terminal device cooperate with each other so that the terminal device automatically performs the PC detection without relying on the conventional visual detection by the operator. Detects card insertion / removal. Specifically, in the first stage, when the PC card is attached to the card access mechanism of the terminal device, an access prohibited state for the security information of the PC card is formed. this is,
For example, it is realized by the locking means described above. At this time, when the access command is transmitted from the terminal device, the PC card does not process this command and returns an error signal. If the PC card is not removed during processing, no error signal is returned, so that the terminal device side can detect the fact that the PC card has been removed.

When the continuous processing is to be executed based on this PC card, the terminal device generates a predetermined control command in the second stage and sends it to the PC card in the access prohibited state. The PC card that received this command releases the access prohibition state in the third step and permits access from the terminal device.

Further, in the fourth step, the identification information of the PC card whose access prohibition state has been released is fetched into the terminal device side, and in the fifth step, the fetched identification information is encrypted with the key information unique to the terminal device. Generate the check authentication code. In the sixth step, the authenticating code obtained by encrypting the identification information of the PC card that the terminal device has approved to cooperate with with the key information is compared with the checking authenticating code, and the matching of the two authenticating codes is checked. To judge. When they do not match, it is known that the card is another PC card, and therefore, illegal card processing or the like is performed. On the other hand, when it matches, it is found that the legitimate card once removed is reattached, so in the seventh step, the processing of sending the subsequent access command from the terminal device to the PC card is executed. This makes it possible to work only with valid PC cards,
Security during system operation is dramatically improved.

[0017]

Embodiments of the present invention will now be described in detail with reference to the drawings. FIG. 1 is a configuration diagram of a main part of a business processing system according to an embodiment of the present invention, in which 1 is a higher-level terminal device and 2 is a PC card. It should be noted that only the configuration relating to the insertion / removal management of the PC card 2 is shown in this figure.

The higher-level terminal device 1 is a programmed business processing unit 11, a memory 121 for storing an authentication code K of a PCC (which means a PC card, the same applies hereinafter) that allows cooperation, and a terminal individual key used for encryption ( Storage unit 12 including a secret area 122 for storing key information) k, a PCC initialization module 131 and a PCC access module 132, which will be described later.
PCC control A consisting of a PCC termination module 133
P (application program) module 13 and P
It has a terminal slot (card access mechanism) 14 into which the C card 2 can be detachably inserted.

The PC card 2 is of a memory bus type, and is a transmission / reception buffer 21 for transmitting / receiving information to / from the host terminal device 1, a command processing control module 22 connected to the transmission / reception buffer 21 by a bus, and , And a RAM (random access memory) 23 for storing flag information and individual IDs (identification information).

The command processing control module 22 executes an initialization program which is first activated and executed after activation of itself and a predetermined control command (hereinafter referred to as a self-initialization command in this embodiment) from the host terminal 1. A self-initialization program that is started and executed upon reception,
And a control program for controlling the processing of various commands from the host terminal 1 excluding the self-initialization command.
The initialization program performs resource control necessary for forming a normal operation state such as memory check. The self-initialization program controls initial processing of special commands including ON control of the flag information. Individual ID
Are recorded in the RAM 23 when the card is manufactured. Further, the flag information forms an access-permitted state only when it is ON-controlled by the self-initialization program, and the READ memory processing or WRITE from the higher-level terminal device 1 is performed.
Access commands for memory processing etc. shall be accepted.

A PCC initialization module 131 constituting the PCC control AP module 13 in the host terminal device 1.
Consists of a cryptographic module F shown in FIG. 2 and an initialization command transmission module not shown.

The initialization command transmission module activates the PC card 2 immediately after confirming that the PC card 2 is attached to the terminal slot 14. The activation here means, for example, power supply to each circuit constituting the PC card 2 and clock signal supply. After that, a self-initialization command is transmitted to the PC card 2 in order to turn on the flag information, and when the PC card 2 is in a state of accepting various access commands, its individual ID (“00000001” in the illustrated example) Read. And this individual I
2 is led to the encryption module F of FIG. 2 together with the terminal individual key k, and the corresponding PCC authentication code K (valid authentication code;
In the illustrated example, [12345678] is generated and stored in the PCC use memory 121.

Further, the PCC access module 132
Is a PC card 2 based on a command from the business processing unit 11.
It consists of a group of access commands sent to. This access command group includes, for example, READ memory processing (data reading) and WRITE memory processing (data writing). The PCC end module 133 stores the PCC authentication code K (“1234
5678 ”).

FIG. 3 is an explanatory diagram showing the initialization procedure of the PC card 2 in the normal operation mode (procedure from the access prohibited state to its cancellation) and the relationship of the host terminal 1 side at this time. PC card 2 in terminal slot 14
It shows the state immediately after being attached. Referring to FIG. 3, the PC card 2 is activated by the higher-level terminal device 1, and then activates / executes the initialization software to perform processing such as memory check. If the check is good, the flag information is set to OFF and a self-initialization command waiting state is formed (locking means). At this time, the PC of the upper terminal device 1
When the self-initialization command is received from the C initialization module 131, the self-initialization software is started and executed, and the flag information is turned on.
In addition, the necessary program check is performed (lock release means). As a result, a command waiting state is formed.

Next, in the above business processing system, P
When the C card 2 is initially inserted (installed) and the system is operating, the PC card 2 is inserted into the terminal slot 1
A processing procedure in the case where the sheet is once removed from No. 4 and is reinserted (mounted) will be described with reference to FIG. In addition, in FIG.
S represents a processing stage.

First, when the PC card is initially inserted, the PC card is activated and the initialization process is executed as described above, and the flag information is set to OFF (S).
101). When the self-initialization command is received from the upper terminal device in this state (S102), the PC card sets the flag information to ON and notifies the upper terminal device to that effect (S103). The upper terminal device detects this state and transmits a command for READ memory processing of the individual ID (S104). Based on this command, the PC card returns an ID unique to the card to the host terminal device (S105). This is because in the configuration of FIG. 1, the command processing control module 22 moves from the secret area of the RAM 23 to I
This is realized by reading D and sending it to the transmission / reception buffer 21. The upper terminal device that has received the individual ID
As described above, the PCC authentication code K is stored in the PCC use memory 121 as the legitimate authentication code.

Next, R of data A from the host terminal device
When the EAD memory processing command is received (S10
6) Since the PC card 2 is in the normal operation mode, the data A is read and returned to the host terminal device (S10).
7). This processing is also performed by the command processing control module 22 shown in FIG.
Is read and sent to the transmission / reception buffer 21.

Here, the PC card is removed (S10
8) After that, when another PC card (may be the same PC card) is reinserted (installed) (S109), the P
In the C card, as in the case of the initial insertion, the flag information is set to OFF through the activation processing, the initialization processing and the like.

Since the upper terminal device does not know this situation,
A READ memory processing command for the next data B is transmitted (S110), but since the PC card is not in the command waiting state, an error signal indicating flag information OFF is returned (abnormal operation mode; S111). As a result, the host terminal device can detect that this PC card has been removed once. Next, the host terminal sends the self-initialization command to the PC card again (S112), and
Try to check. The PC card turns on the flag information by this self-initialization command to form a command waiting state, and notifies the upper terminal device of that fact (S113). The upper terminal device sends a command for READ memory processing of the individual ID '(S114). P based on this command
The C card returns its own ID 'to the host terminal device (S115). Here, in order to distinguish it from the ID in the case of initial insertion, it is expressed as ID ′. If it is a valid PC card, ID = ID '. The upper-level terminal device reads this individual ID 'and checks the corresponding authentication code K'of the PC card (K' to distinguish it from the legitimate authentication code K '.
2) is generated by the cryptographic module F in FIG. Then, the generated verification authentication code K'is displayed on the PC of FIG.
C legitimate authentication code K stored in the used memory 121
If it does not match, it is processed as an illegal card.
When they match, it is possible to know that the card is a valid card that permits cooperation, and therefore it can be detected that the initially inserted PC card has been removed and then reinserted.

If it is confirmed that the card is a valid card, the READ memory processing of the data B previously performed (S11
0) command retry is performed (S116). PC
The card reads the corresponding data B from its own data recording area and returns it to the host terminal device (S117).

Thereafter, in the same procedure, the command transmission from the upper terminal device and the return to the PC card based on the processing control result are repeated, and when the fact that the card is removed and reinserted is detected, it is detected again. The processing from S112 to S115 is performed.

As described above, in the business processing system of this embodiment, the PC card 2 is provided with means for forming ON / OFF of the flag information, and after it is mounted in the terminal slot 14, it receives a self-initialization command. Since a structure for returning an error signal in response to an access command sent from the host terminal device 1 has been realized, the host terminal 1 side can easily detect the insertion / removal of the PC card, and the system security Can be improved. In addition, even if the PC card has an error signal, the PC card can be used if the host terminal 1 sends the self-initialization command again to check the ID and if the card is confirmed to be a valid card. Therefore, the subsequent operation can be continued without any trouble.

Although the present invention has been described in detail with reference to the embodiments, the PC card of the present invention maintains the access prohibited state unless a predetermined control command (self-initialization command) is received from the host terminal 1. Since the main point is to do so, the present invention is not limited to the configuration of the above embodiment, and various design changes can be made. For example, the power ON / OFF and the initialization process may be triggered by the operation of the PC card itself,
The process until the flag information is turned off may be simpler. Further, when the PC card is removed and then mounted again, and when a predetermined control command is received, this fact can be recorded in the journal of the host terminal device as history information.

[0034]

As is apparent from the above description, the PC card according to the present invention is protected against security information even if it is removed from the card access mechanism of the terminal device and then mounted again, unless a predetermined control command is received from the terminal device. Since the configuration is such that the access prohibition state is maintained, even in the memory bus system having no interrupt function, the terminal device can be informed of the status of being temporarily removed.

According to the PC card insertion / removal management method of the present invention, if the PC card is once removed from the card access mechanism, an error signal is issued to the access command unless a predetermined control command from the terminal device is received. Since it is returned, the fact that the PC card has been removed can be easily detected on the system side, and security can be improved.

According to the PC card insertion / removal management method of the present invention, if the check authentication code corresponding to the PC card does not match the legitimate authentication code even after the access prohibition state of the PC card is released, the terminal device. Since the subsequent transmission processing of the access command from is not executed, a different P
It is possible to prevent an adverse effect due to the mounting of the C card, and there is an effect that the security of the system during operation is significantly improved. Also, when the authentication codes match,
Since it can be seen that the legitimate PC card has been once removed and then re-installed, the system side can centrally manage the insertion and removal of the PC card.

[Brief description of drawings]

FIG. 1 is a configuration diagram regarding card insertion / removal of a business processing system according to an embodiment of the present invention.

FIG. 2 is a processing explanatory diagram of a cryptographic module used in the embodiment having the configuration shown in FIG.

FIG. 3 is an explanatory diagram showing the relationship between a host terminal device and a PC card in a PC card initialization procedure.

4 is a diagram showing a business processing system according to the configuration of FIG.
FIG. 6 is a processing procedure diagram when the PC card is once removed from the terminal slot and then reinserted (mounted).

[Explanation of symbols]

 1 Upper Terminal Device (Terminal Device) 11 Business Processing Unit 12 Storage Unit 121 PCC Used Memory 122 Secret Area 13 PCC Control AP Module 131 PCC Initialization Module 132 PCC Access Module 133 PCC Termination Module 14 Terminal Slot (Card Access Mechanism) 2 Memory Bus type PC card 21 Transmission / reception buffer 22 Command processing control module 23 RAM

Claims (3)

[Claims] 1. A memory bus system that stores security information including unique identification information and permits access to the security information from the terminal device when the security information is attached to a card access mechanism of a cooperating terminal device. In a PC card, lock means for forming an access prohibited state for the security information when it is attached to the card access mechanism, and unlocking for releasing the access prohibited state when receiving a predetermined control command from the terminal device Means for returning an error signal in response to an access command from the terminal device in the access prohibited state. 2. A memory bus type PC card in which security information including unique identification information is stored, and a terminal device for accessing the PC card mounted in the card access mechanism to fetch desired security information. P to the card access mechanism in the system having
A method of managing the insertion and removal of a C card, the first step of forming an access prohibited state for security information of the PC card when the PC card is attached to the card access mechanism, and a predetermined step generated by the terminal device. A second step of sending a control command to the PC card in the access prohibited state, and a third step of releasing the access prohibited state by the PC card upon receipt of the predetermined control command. The PC card insertion / removal management method, wherein the PC card returns an error signal in response to an access command from the terminal device before the step. 3. The PC card insertion / removal management method according to claim 2, further comprising: a fourth step of loading the identification information of the PC card whose access prohibition state is released in the third step into the terminal device; A fifth step of encrypting the identification information with the key information unique to the terminal device to generate a check authentication code, and encrypting the identification information of the PC card that the terminal device has previously agreed to cooperate with with the key information. A sixth step of comparing the obtained legitimate authentication code with the checking authentication code to determine whether the two authentication codes match, and when the two match, the terminal device sends the subsequent access command to the PC card. And a seventh step of carrying out the method.