JPH09179787A - Portable information storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent information from being lost and damaged at the time of rewriting it by judging the normality/abnormality of rewrite based on management information and recovering the information of a backup area to a job information area in the case of being abnormal. SOLUTION: An anti-tearing processing part performs so-called backup for copying the data of WEF present in a file storage area to the backup area corresponding to the instruction of a main storage part. A data backup part backs up the WEF before a main processing part rewrites the WEF. Also, a backup information clearing part resets backup information present in a system area after the main processing part rewrites the WEF. A tearing check part copies the data present in the backup area to an original position present in the file storage area based on a backup start page and a page number recorded inside the backup information and recovers the data of the WEF.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable information recording medium having a non-volatile storage unit, and more particularly to a portable information recording medium capable of preventing loss of information when rewriting information in the storage unit. .

[0002]

2. Description of the Related Art IC cards have attracted attention as next-generation media replacing magnetic cards, and recently, due to technological innovations for miniaturization and cost reduction of semiconductor integrated circuits,
It has come to be used in various systems in the real world. In particular, since an IC card having a built-in CPU has not only a function as an information recording medium but also an information processing function, it is expected to be used for an information processing system requiring high security. In such an IC card, EEPRO is generally used as a memory for data storage.
M is used. The EEPROM is a non-volatile memory capable of electrically erasing stored information, and has a characteristic that it can be repeatedly rewritten and is suitable for use in an IC card.

[0003]

However, the above-mentioned EE
In the PROM, when rewriting data, the old data is first erased, and then new data is written. For this reason, if the power supply is shut down due to noise being added to the system control system, or the rewriting of data is interrupted due to so-called tearing or the like of pulling out the IC card from the reader / writer to which it is connected, the storage unit However, there is a problem that the information, that is, both the old data and the new data may be lost. Therefore, it is an object of the present invention to solve the above problems and provide a portable information recording medium capable of preventing loss of data even when an unexpected situation occurs when rewriting data in a storage unit. There is.

[0004]

In order to solve the above problems, the invention according to claim 1 provides a nonvolatile storage unit having a system area, a backup area, and a business information area, and the storage unit. A portable information recording medium having a control unit for writing or reading information to and from the external connection device, wherein the control unit is stored in the business information area. When rewriting the existing information, the pre-rewriting information is copied to the backup area and the copying means for recording the management information related to the pre-rewriting information in the system area, and the rewriting of the business information area is normal. Copy invalidation means for invalidating the management information when it ends, and normal rewriting based on the management information after reset and before execution of the first command. Determining an abnormality, if an abnormality is characterized by having an information returning means for returning the information of the backup area to the business information area.

According to a second aspect of the present invention, in the portable information storage medium according to the first aspect, when the information restoring means determines that the rewriting is abnormal, a warning is transmitted to the external connection device. A warning means is provided.

[0006]

Embodiments of the present invention will be described below in more detail with reference to the drawings. FIG.
FIG. 3 is a block diagram showing how the IC card 10 according to the present embodiment is connected to the reader / writer device 20. The IC card 10 has an I / O interface 11,
CPU12, ROM13, RAM14, EEPROM1
5 is built-in. The I / O interface 11 is an I
The I / O interface 1 is an input / output circuit for transmitting / receiving data via the I / O line 30.
1 to communicate with the reader / writer device 20. RO
A program to be executed by the CPU 12 is stored in the M13, and the CPU 12 has a function of centrally controlling the IC card 10 based on this program. The RAM 14 is a memory used as a work area when the CPU 12 performs such general control. On the other hand, the EEPROM 15 is a memory for storing original data to be recorded in the IC card 10.

Power and clock are supplied to the IC card 10 from an external reader / writer device 20. Therefore, when the IC card 10 is separated from the reader / writer device 20, the supply of power and clock to the IC card 10 is stopped. However, EEPRO
Since M15 is a non-volatile memory, its recorded content is retained as it is even after the power supply is stopped. Where R
All the data in the AM 14 is lost due to the stop of power supply.

Each memory 13, 14 in the IC card 10,
All access to 15 is performed via the CPU 12, and these memories cannot be directly accessed from the outside. That is, from the reader / writer device 20 to the CPU
When a predetermined “command” is given to 12, the CPU 1
2 interprets and executes this "command" and returns the result to the reader / writer device 20 as a "response".

For example, when writing to a predetermined file in the EEPROM 15, data to be written is given to the CPU 12 along with the "write command", and C
The writing process is performed in the form of execution of the “write command” by the PU 12. Conversely, EEPROM15
When reading data from a predetermined file in the above, a predetermined "read command" is given to the CPU 12 and the CP
The reading process is performed in the form of executing the "read command" by U12. Thus, when the execution of the “command” in the IC card 10 is completed,
A "response" to the executed "command" is returned to the outside. For example, when a "write command" is given, a "response" indicating whether or not the writing process has been executed without any trouble is returned, and when a "read command" is given, it becomes the read target. The data will be returned in the form of a response. However, EEPROM1
Access to 5 is not performed unconditionally, but it is premised that a predetermined access condition is satisfied. This access condition is set, for example, for each file.

FIG. 2 is a diagram showing the internal structure of the EEPROM 15. The present embodiment is characterized in that the user area of the EEPROM 15 is divided into a file storage area and a backup area. The file storage area is an area for storing WEF, which is a basic file for data used by an application. As shown in the figure, the WEF directory is "WEF
Data is stored in the "DIR" area and data is stored in the "WEF DATA" area, while the backup area is stored in the "WEF DIR" area and the "WEF D" area.
This is an area for copying and saving data in the ATA "area. Therefore, the size of the backup area is
The number of bytes is set to be the maximum number of bytes of data handled by the system.

FIG. 3 is a block diagram showing the functions of the CPU 12. The CPU 12 of this embodiment is composed of two processing units, a main processing unit and a tearing processing unit. The main processing unit is a processing unit that realizes general functions of a conventional IC card, such as performing communication with a reader / writer via an I / O interface or performing memory management. On the other hand, the anti-tearing processing unit performs a function of preventing data loss / loss by copying the data of the WEF in the file storage area to a backup area according to an instruction of the main processing unit, so-called backup. It is a department. In addition, the WEF data means "WEF DIR" area and "WEF DAT".
It means the data stored in the A "area.

The anti-tearing processing section is further composed of three processing sections. The first processing unit is a data backup unit that backs up the WEF before the main processing unit rewrites the WEF. The second processing unit is a backup information clearing unit that resets the backup information in the system area after the main processing unit rewrites the WEF. The third processing unit, when the main processing unit receives the first block of each command,
It is determined whether or not the command is the first command after the IC card reset, and if it is the first command, the backup information is confirmed, and the WEF rewriting abnormality is detected.
And a tearing check unit that restores data.

FIG. 4 is a diagram for explaining the operation of the CPU 12 when the "write command" is executed in this embodiment. When the main processing unit receives a command from the reader / writer device 20, it first checks the parameters of the command, and if it recognizes that the command is a "write command", it backs up data to the anti-tearing processing unit. Is instructed (S400). The anti-tearing processing unit backs up the data before rewriting of the WEF according to the instruction from the main processing unit (S410). When the backup is completed, the main processing unit erases the data of the WEF in the final storage area, and then writes new data (S42).
0). After writing one data block,
The main processing unit inquires of the reader / writer device 20 whether there is a data block to be further written (S430), and if there is a next block, receives it (S440) and writes it in the WEF (S420). . When the writing of all data blocks is completed, the anti-tearing processing unit operates the backup information clearing unit according to the instruction from the main processing unit to clear the backup information of the system area (S450). Finally, the main processing unit transmits a response to the reader / writer device 20 (S460), and the series of rewriting operations is completed.

FIG. 5 is a diagram for explaining the operation of the data backup unit. The data backup unit first receives the write start address and the number of write bytes of the data to be written from the main processing unit (S500), and calculates the number of write pages of the main processing unit from them (S51).
0). Next, the obtained number of write pages is compared with the number of bytes in the backup area (S520). As a result of the comparison, if the backup area is smaller, it is considered that the amount of data (the number of bytes) to be handled is abnormal, and the operation is terminated without executing the backup (S53).
0). Conversely, if the backup area is larger,
The operation is continued, and the contents from the page including the write start address of the file storage area to the final write page are copied to the backup area in page units (S54).
0). Also, when writing to the backup area,
Each time, it is confirmed whether or not the writing is normally performed (S550), and if a write after verify error occurs as a result, the verify error status is set in the transmission buffer and the operation ends ( S
553, S555). On the other hand, when the copy can be normally performed in the backup area, the starting page number and the number of pages of the WEF which is the copy source in the file storage area are stored in the system area as backup information and CRC (Cyclic Red) is included in the backup information.
undancy Check) code is also added (S560). Also in this case, it is confirmed whether or not the writing to the system area is normally performed (S570), and if a verify error occurs, the verify error status is set in the transmission buffer to operate. When the process ends (S573, S575) and no error occurs, the operation ends (S580).

FIG. 6 is a diagram for explaining the operation of the backup information clearing unit. As shown in the figure, the backup information clearing unit clears the backup information by changing the copy start page number written in the system area by the data backup unit to "0".

FIG. 7 is a diagram for explaining the operation of the CPU 12 until the IC card 10 is connected to the reader / writer device 20 and the first command is executed. IC card 1
When 0 is connected to the reader / writer device 20, the CPU 1
2, the CPU 12 is reset, the CPU 12 is reset (610), and an internal check is performed (S620).
Next, the command from the reader / writer device 20 is received (S630). It is determined whether the received command is the first command after reset (S64).
0), if it is the first command, a tearing check is executed in the tearing processing unit (S65).
0). Therefore, the execution of the first command and the transmission of the response accompanying it are performed only after the tearing check is completed (S660).

FIG. 8 is a diagram for explaining the operation of the tearing check unit. The tearing check unit first performs a CRC check on the page in which the backup information in the system area is stored (S600), and ends the operation if an error is detected as a result of the check (S610). If no error is detected, the value of the backup start page is confirmed (S62).
0). When the backup start page is "0", S420 to S4 in the operation explanatory diagram shown in FIG.
This means that all the data writing to the file storage area in 40 was normally performed, and finally the backup information in S450 was cleared. Therefore, in this case, it is not necessary to restore the backed up information to the file storage area, and the tearing check unit ends the operation as it is (625).

On the contrary, when the backup start page is not "0", it means that the writing to the file storage area has not been normally completed and the normal data is lost in the corresponding area. Therefore, the tearing check unit sets the warning status in the transmission buffer. As a result, after this, the main processing unit executes S46.
When 0 (see FIG. 4) is executed, a warning that the writing state of the file storage area is abnormal is transmitted to the reader / writer device 20. Next, the tearing check unit copies the data in the backup area to the original position of the file storage area based on the backup start page and the number of pages recorded in the backup information, and restores the data of the WEF ( S64
0). Further, after the copy is completed, the backup start page in the backup information is rewritten to "0" (S65
0), the operation ends (S660).

As described above, in this embodiment, E
When the user area of the EPROM is divided into a physical storage area and a backup area and the WEF in the physical storage area is rewritten, the data contained in the WEF is backed up in advance and new data is written to the WEF. There is. This gives E
When an accident occurs that the writing is interrupted due to the influence of noise while writing data to the EPROM, or when an illegal act such as pulling out the IC card from the reader / writer device is performed. EEPRO
It is possible to prevent the data stored in M from being lost or lost. Furthermore, in the present embodiment, when an abnormality in writing to the WEF is detected, the fact is notified to the reader / writer device. Accordingly, if the same warning is issued a plurality of times for the IC card in a relatively short period of time, for example, the application provider may discriminate the writing abnormality from a mere accidental accident and perform an illegal act such as tearing. It is possible to detect.

[0020]

As described in detail above, according to the first aspect of the invention, when the control section rewrites the information stored in the business information area, the copying section rewrites the information before rewriting. While copying to the backup area, the management information related to the information before rewriting is recorded in the system area, the copy invalidating means invalidates the management information when the rewriting of the business information area is completed normally, and the information restoring means, After the reset and before executing the first command, it is judged whether the rewriting is normal or abnormal based on the management information, and if it is abnormal, the information in the backup area is restored to the business information area. It has become possible to prevent the information stored in the area from being lost or lost during rewriting. According to the second aspect of the present invention, the warning means sends a warning to the external connection device when the information restoration means determines that the rewriting is abnormal. It has become possible to detect.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a state in which an IC card according to the present invention is connected to a reader / writer device.

FIG. 2 is a diagram showing an internal configuration of an EEPROM according to the present invention.

FIG. 3 is a block diagram showing functions of a CPU in the present invention.

FIG. 4 is a diagram illustrating an operation of the CPU when a “write command” is executed in the present invention.

FIG. 5 is a diagram illustrating an operation of a data backup unit according to the present invention.

FIG. 6 is a diagram illustrating an operation of a backup information clearing unit according to the present invention.

FIG. 7 is a diagram illustrating the operation of the CPU after resetting and before executing the first command in the present invention.

FIG. 8 is a diagram illustrating the operation of the tearing check unit in the present invention.

[Explanation of symbols]

 10 IC Card 11 I / O Interface 12 CPU 13 ROM 14 RAM 15 EEPROM 20 Reader / Writer Device 30 I / O Line

Claims (2)

[Claims] 1. A system area, a backup area,
A portable storage device that has a non-volatile storage unit having a business information area and a control unit that writes or reads information to or from the storage unit, and selectively exchanges information with an external connection device. In the information recording medium, when the control unit rewrites the information stored in the business information area, the pre-rewriting information is copied to the backup area and the management information related to the pre-rewriting information is stored. Copying means for recording in the system area, and when rewriting of the business information area is normally completed,
Copy invalidating means for invalidating the management information, and after resetting, before execution of the first command, judge normality / abnormality of rewriting based on the management information, and if abnormal, information of the backup area A portable information storage medium, comprising: an information restoring means for restoring the information to the business information area. 2. The portable information storage medium according to claim 1, further comprising warning means for transmitting a warning to an external connection device when the information restoration means determines that the rewriting is abnormal. A portable information recording medium characterized by: