JPS63121993A - Certification information collation system - Google Patents

Abstract

PURPOSE:To improve stability in using an IC card system by counting the number of times discontinuously generating errors by certification and deciding the failure of certification when the contents of a counted value reaches prescribed width. CONSTITUTION:The number of times discontinuously generating errors by certification are counted. The titled system is so constituted that when the contents of the counted value reaches the prescribed width, the failure of certification is decided. Namely a counter 70 counts the number of times discontinuously or continuously generating errors when a terminal is certified, and consists of eight bits. High order four bits C1 count the number of times discontinuous certification errors, while low order while bits C2 does continuous errors. The count value in the area of the high order four bits C1 is not cleared even when certification is established. After that the high order bits four C1 count errors continuously, whereas the count value in the area of the low order four bits C2 is cleared at everytime certification is established. Thus the stability in using the IC card system can be dramatically improved.

Description

DETAILED DESCRIPTION OF THE INVENTION [Technical Field of the Invention] The present invention relates to an authentication information verification method that improves the stability of IC card system operation.

[Prior art and its problems] In recent years, it has become known as the cashless era, and by using cards issued by credit card companies, it has become possible to purchase products without handling cash.

Conventionally, cards used include plastic cards, embossed cards, and magnetic striped cards, but these cards are easy to forge due to their structure, so fraudulent use has become a problem.

To solve this problem, an information card with a personal identification number stored inside the card, a so-called IC card, has been considered, and an IC card system that combines such an IC card and a terminal has been developed. ing.

By the way, when such an IC card system is actually used for purchasing products, etc., in order to prevent unauthorized use, the IC card is inserted into the terminal, and in addition to terminal authentication to check the authenticity of the terminal, a password is also required. number r
The person who enters the PINJ is asked to perform OH. In this case, in principle, each of these types of authentication only needs to be performed once, but it may not be possible to obtain the authentication once for some legitimate reason. Therefore, in anticipation of these things, the inducement allows re-authentication several times, and if authentication is still not obtained, it is assumed that there is a possibility of fraudulent use of the card, and the use of the card itself is invalidated. I try to do that.

Therefore, the previous methods were designed with the assumption that authentication could not be obtained a certain number of times in a row, and there would be no problem even if authentication could not be obtained discontinuously within the specified number of times. treated as such. However, if authentication cannot be obtained in a discontinuous manner like this, it may be difficult to obtain authentication due to fraudulent use, or it may be difficult to obtain authentication due to defects in the IC card or terminal hardware. will not be able to check anything, and the IC
This was not favorable from the viewpoint of stability of card system operation.

[Purpose of the Invention] This invention was made in view of the above circumstances, and provides an authentication information verification method that can detect authentication errors that occur discontinuously and improve the stability of IC card system operation. The purpose is to provide.

[Summary of the Invention] The E-information matching method according to the present invention is an IC card that performs authentication by comparing authentication information given from the outside with internal information in an IC card and a terminal in which the card is installed. The system is configured to count the number of errors that occur discontinuously due to authentication, and to determine that authentication has failed when this count reaches a predetermined value.

Embodiment j of the C invention An embodiment of the present invention will be described below with reference to the drawings.

Figure 1 shows a terminal and an IC installed in the terminal.
This shows the appearance of the card. In the figure, 1 is a terminal, and this terminal 1 has a keyboard 2 with numeric keys etc. arranged on the surface, a display section 3 for displaying messages, input data, etc., and an IC card slot (not shown). It has an insertion port 4.

An IC card 5 is inserted through this IC card insertion slot 4. This IC card 5 has an IC circuit incorporated therein, and has connectors 6 arranged in a 4×2 matrix on its surface.

FIG. 2 shows the circuit configuration of such a terminal 1. In the figure, 11 is a system bus, and this system bus 11 includes a sound controller 12, a working RAM 13, and a system program R○M 14.
, terminal attribute ROM15, initial parameter R
AM16, main controller 17, display drive controller 18, key controller 19, reader/writer controller 2o, comparator 21, [l@decoder 22, output buffer 24 via output controller 23, input controller 26 via input buffer 25 , a latch circuit 42 for latching rCAJ, and a data encryption standard (Data Encryption Standard).
An encryption arithmetic unit 43 of the rDEsJ system, a decryption arithmetic unit 44 of a similar rDEsJ system, and an input/output controller (I10 controller) 45 are connected, respectively.

A speaker 27 is connected to the sound controller 12 and outputs an alarm sound as necessary.

The working RAM 13 stores rPAll, rcHNJ, and "EPD" sent from the IC card 5 side in the memory area.
, etc. are stored, as well as various processing data within the terminal 1.

The system program ROM 14 has an EN for matching with the IC card 5 along with various system programs.
Equipped with Q code etc.

The terminal attribute ROM 15 stores terminal codes TC (for example, manufacturing code, issue code, store code, etc.) depending on the purpose of the terminal.

Initial parameter RAM 16 stores answer-to-reset data from IC card 5 all at once. This initial parameter RAM 16 contains the transmission line 16.
Output controller 23, input controller 2 via a
6 and ■pp level latch section 28, ■pp timer latch section 29, and Ipp level latch section 30 are connected, and these latches 28, 29, and 30 are connected to the corresponding Vpp1 source 31.
, Vpp timer 32, and Ipp limiter 33 are connected.
There is.

Here, the vpp voltage 8131 is for securing the voltage Vpp used for writing data to the data memory of the IC card 5. Further, the Vpp timer 32 is for securing the VCCJii high voltage application time specified by the IC card 5. Further, the Ipp limiter 33 determines the permissible value of the data write current.

In this case, the maximum data write voltage by the Vpp power supply 31, the ■pp application time by the Vpp timer 32, the maximum allowable data write N flow by the Ipp limiter 33, etc. are based on the answer-to-reset data stored in the initial parameter RAM 16. Set.

An IC card operating frequency selector 34 is connected to the data transmission line 16a. An oscillation signal from a generator 35 is supplied to this selector 34 via a frequency divider 36.
It is output from the C1ock terminal as a signal with the operating frequency set.

Further, a timer 37 is connected to the initial parameter RAM 16. This timer 37 receives the above-mentioned intermittent signal ENQ from the terminal 1 side to the card 5 side, for example, based on answer-to-reset data sent from the IC card 5 side and stored collectively in the initial parameter RAM 16. '' or other command signals, etc. is counted. If there is no response signal of any kind from the card 5 side within this waiting time, the main controller 17
ENQ" or other command signal, or instructs the reader/writer machine side section 38 to disconnect from the card 5 via the reader/writer controller 20.

The system control line 17a of the main controller 17 is connected to a comparator 21.1 key storage unit 41, a latch circuit 42, an encryption arithmetic unit 43, a decryption arithmetic unit 44, an input/output controller 45, etc., and controls the operation of the system. Control commands are sent from the main controller 17 to each circuit depending on the state.

The display drive controller 18 controls the display on the display section 3 of the terminal 1.

The key controller 19 provides a key sampling signal to the keyboard 2 of the terminal 1 to detect a key input signal.

The reader/writer controller 20 drives and controls the reader/writer mechanism section 38. Here, this R structure 38 leaks a motor for card conveyance, conveys the IC card 5 inserted from the card insertion slot of the terminal 1 to a predetermined position, and electrically connects the card 5 to the terminal 1. When the predetermined process is completed, the IC card 5 is returned to the card insertion slot.

The reader/writer 81 structure 38 has an output buffer? 24, reset controller 39, IpI) level latch section 30, operating frequency selector 34, Vccl source 40
is connected. The IC is connected to the output buffer 24, reset controller 39, pp level latch section 30, operating frequency selector 34, and Vccl source 40.
It has an I10 terminal, a Re5et terminal, a Vpp terminal, a Clock terminal, and a Vcc terminal, which are respectively connected to the card 5 side.

The input controller 26 and the output controller 23 control data exchange with the IC card 5 in accordance with commands from the main controller 17 via the initial parameter RAM 16. Among these, the input controller 26 outputs the data sent from the IC card 5 to the working RAM 13 etc. via the input buffer 25 and also provides it to the comparator 21, and provides the comparison output here to the main controller 17. Further, the output controller 23 sends data provided from the terminal attribute ROM 15 or the like to the IC card 5 via the output buffer 24.

The decryptor 22 encrypts the random number sent from the IC card 5 during terminal authentication according to the encryption key given from the encryption key storage section 41. The cryptographic key storage section 41 has a cryptographic key corresponding to the authentication key written in the IC card 5 written therein, and outputs the cryptographic key in response to a command from the main controller 17.

The latch circuit 42 inputs the latched rcAJ to the encryption arithmetic unit 43 and the decryption arithmetic unit 44. The encryption arithmetic unit 43 receives predetermined data via the system bus 11, performs cryptographic processing on rPANJ and the like stored in the working RAM 13 according to instructions from the main controller 17 using rcAj as a key, and sends the data to the input/output controller 45. I am trying to output it.

Further, the decoding arithmetic unit 44 is the input/output controller 4
The encrypted data input to 5 is decrypted based on rCAJ and output to system bus 11.

The input/output controller 45 is connected online to a host computer of a credit company, bank, etc., and is configured to exchange encrypted data.

Next, FIG. 3 shows the circuit configuration of the IC card 5. As shown in FIG. In the figure, 51 is a system bus, and this system bus 51 includes an answer-to-reset storage section 52, a working RAM 53, a system program storage section 54, a control section 55, a write/read control section 56, and a random number generation section 57.
, clock circuit 58, authentication key storage section 59, code decryptor 60
, balance update section 61, data holding section 62, comparator 63, serial l1064, input control section 65, display control section 66,
An access prohibited area number storage section 67 and a comparator 68 are connected to each other.

In this case, the answer-to-reset storage unit 52 stores all operating conditions for the IC card 5 itself (for example, data writing, applied voltage, current allowable value, maximum applied voltage, maximum data transmission period, maximum response waiting time, etc.). Something,
When the internal initialization of the card itself is completed, these condition data are sent to the terminal 1 side as answer-to-reset-data according to a predetermined format. The working RAM 53 stores data for each insertion process within the card. The system program storage unit 54 stores various system programs as well as code signals indicating whether the signals sent from the terminal 1 are correct or not. The control unit 55 is a serial l10
An operation command is output to each circuit according to the data reception signal supplied via the circuit 64 and the operation state. The write/continuation control section 56 controls the writing and reading of data into and from the data memory 69 in response to commands from the control section 55.

Here, the data memory 69 stores the personal identification number "PIN" and the number rIPINj (Initial 1zation) until the personal identification number rPINJ is used.
PersonalIdentificati
on Number), account number "PAN" (prt
mary Account Number),
Decryption code rPRKj (Private K
ey C0de), in addition to the allowable Salel D certificate error count RTI due to discontinuity and the authentication error count RT due to continuity.
2 is stored.

A random number generator 57 generates a random number RAN used for terminal authentication. The clock circuit 58 measures the current date and time. The authentication key storage section 59 stores an authentication key, and the encryption and decryption are performed by the decryptor 60 using this authentication key.

In this case, the decryptor 60 decrypts the random number RAN- encrypted on the terminal 1 side in terminal authentication. The data holding unit 62 is the random number generating unit 5 in terminal authentication.
It holds the random number RAN of 7, and also holds the rPINJ given from the terminal 1 for rPINJ verification. The output of this data holding section 62 is given to a comparator 63. The comparison result of comparator 63 is sent to control section 55 and counter 70.

In this case, the counter 70 counts the number of consecutive and discontinuous authentication errors that occur during terminal authentication, and is composed of 8 bits.The upper 4 bits C1 count the number of discontinuous authentication errors, and the lower 4 Bit C2 is used to count the number of consecutive authentication errors.

In this case, in the area of the upper 4 bits C1, the count contents are not cleared even if authentication is successful, and the number of subsequent authentication errors is continuously counted, and in the area of the lower 4 bits C2, the count contents are updated every time authentication is successful. It is meant to be cleared.

The balance update section 61 updates the contents of the balance storage section 75 in accordance with transactions. A data input/output terminal I10 is connected to the serial I1064, and data is exchanged with the terminal 1. Access prohibited area number storage unit 67
stores the access prohibited area number of the data memory 69, and when this prohibited area is accessed, the comparator 6
A coincidence output is generated from 8, and the write/read control unit 56 is prohibited from reading the corresponding area.

The input control unit 65 provides a key sampling signal to the keyboard 76 of the IC card 5 to detect a key input signal. Further, the display control section 66 controls the display on the display section 77 of the IC card 5.

When such an IC card 5 is attached to the terminal 1, a reset signal is supplied from the terminal 1 to the Re5et terminal, a system clock signal is supplied to the C1ock terminal, a vppi source is supplied to the pp terminal, a Vcc power is supplied to the Vcc terminal, A ground line is then connected to the GND terminal.

The VCC power supplied to the VCC terminal is supplied to the voltage detection circuit 71.
given to. This voltage detection circuit 71 has an internal power supply 72.
is connected. Here, the voltage detection circuit 71
If the power source is connected, the YCC power source is detected with priority, and if the VcciI source is not connected, the internal power source 72 is detected and output Vdd is generated.

A clock signal applied to the Q I ock terminal is applied to the selector 73. An internal oscillator 74 is connected to this selector 73. Here, the selector 73 selects the clock signal applied to the C1ock terminal or the output of the internal oscillator 74 according to the detection content of the voltage detection circuit 71, and supplies the selected signal to each circuit. In this case, the oscillation frequency of the internal oscillator 74 is set lower than the clock signal applied to the C1oCk terminal.

Next, the operation of the embodiment configured as described above will be explained.

First, when the IC card 5 is installed in the terminal 1, the
In step A1 of the flowchart shown in the figure, a reset signal for initialization set in the terminal 1 in advance is sent to the IC card 5.

Then, depending on the operating conditions based on this signal, the IC card 5
is operated. That is, in step A2, the answer-to-reset data stored in the answer-to-reset storage section 52 is read out according to a command from the control section 55, and sent to the terminal 1 via the serial I 1064.

When the answer-to-reset data is sent to the terminal 1 in this way, the terminal 1 side writes the sent data into the initial parameter RAM 16. Then, it is determined whether the answer-to-reset data written in the initial parameter RAM 16 by the main controller 17 is correct for the terminal 1. Here, if it is determined that such data corresponds, the data write voltage of the Vpp power supply 31,
Data write continuous application time of p timer 32, allowable value of data write current of pp limiter 33, operation selector 3
The four operating frequencies are each set based on the answer-to-reset data.

Next, selection is performed in step A3. In this step A3, the rENQJ code is retrieved from the system program ROM 14 of the terminal 1,
It is sent to the IC card 5.

In the IC card 5, this code is stored in the working RAM 53.
In addition, it is determined whether or not it can be legitimately received under normal operation. Then, this judgment result is sent back to the terminal 1. When terminal 1 receives the judgment result of what can be legitimately received with normal operation,
Proceed to step A4 attribute exchange, terminal attribute RO
The terminal code rTcJ corresponding to the type of terminal 1 stored in M15 is taken out and sent to the IC card 5.

When the IC card 5 receives the terminal code rTcJ,
Different application names depending on the card type
Send APNJ to Terminal 1, and in Terminal 1, I
It is determined whether the rAPNJ sent from the C card 5 and the rAPNJ stored in the terminal attribute ROM 15 have a corresponding relationship in their usage types. If the types match, the instruction code is extracted from the system program ROM 14.

Next, the process proceeds to step A5, where terminal authentication is performed. In this case, the random number generator 57 of the IC card 5 generates a random number RAN. This random number RAN is serial l10
64 to terminal 1. terminal 1
Then, the random number RAN is given to the decryptor 22. Then, it is encrypted using the key stored in the encryption key storage unit 41,
The decryptor 22 outputs the encrypted data RAN-. This encrypted data RAN- is sent to the IC card 5. The IC card 5 provides the encrypted data RAN' to the decryptor 60. Then, the code decryptor 60 decrypts the data using the key stored in the authentication key storage section 59 and outputs decrypted data [RAN'], which is applied to one terminal of the comparator 63.

In this case, the other terminal of the comparator 63 is connected to the data holding section 62.
The random number RAN is stored in the data holding unit 62 here.

Therefore, the comparator 63 compares [RANl and RAN. The comparison result of this comparator 63 is then
5, and it is determined whether or not terminal authentication is possible.

Then, in accordance with such terminal authentication, the operation is shifted to the one shown in the flowchart of FIG.

First, if authentication is established and it is determined as YES in step B1, the lower four of the counter 70 is counted in step B2.
The contents of bit C2 are cleared and the process moves on to the next process. On the other hand, if the authentication result in step B1 is determined to be No due to an authentication error, the process proceeds to step B3. In this step B3, the contents of the upper 4 bits C1 and lower 4 bits C2 of the counter 70 are counted up by +1.

Then, the process advances to step B4. In this step B4,
The contents of the lower four bits C2 of the counter 70 are compared with the number of consecutive allowable authentication errors RT2 stored in the data memory 69. In this case, if both match and it is determined as YES, it is determined that the authentication has not been established and the card is invalidated. Further, if the determination is No, the process proceeds to step B5. In step B5, it is determined whether the authentication errors are continuous or discontinuous. This determination is made by the control section 55. In this case, if authentication errors occur continuously, terminal authentication is performed again. On the other hand, if the authentication errors are discontinuous, the process advances to step B6. In this step B6, the contents of the upper four bits C1 of the counter 70 are compared with the number of discontinuous permissible authentication errors stored in the data memory 69 (8-1). In this case, if both match and it is determined as YES, it is determined that the authentication has not been established and the card is invalidated. If the answer is NO, terminal authentication is performed again.

Therefore, if authentication errors occur continuously as shown in FIG. 6(a), each time a NO is determined in step B1, the upper 4 bits C1 and lower 4 bits C2 of the counter 70 will be changed in step B2. Content is +1
In step B4, it is compared with the number of consecutive allowable authentication errors RT2 stored in the data memory 69. In this case, the number of allowable authentication errors is 8.
When D2 is set to "3", terminal authentication is performed again via step B5 until the content of the lower four bits C2 of the counter 70 becomes "3". Then, in step B4, when it is determined that the contents of the lower 4 bits C2 of the counter 7o have reached "3", the card is processed as being invalidated as authentication failure.

On the other hand, if an authentication error occurs every other time as shown in FIG. The contents of C2 are counted up by +1.

Then, if it is determined No in step B4 and discontinuous is determined in step B5, step B6
, it is compared with the discontinuous allowable number of authentication errors RTI stored in six data memories. In this case, when the allowable number of authentication errors RTI is set to "4", terminal authentication is performed again unless the contents of the upper 4 bits C1 of the counter 70 have reached "4". In this case, if it is determined in step B1 that authentication is successful and YES, then in step B2 the lower 4 of the counter 70 is
Only the contents of bit C2 are cleared and the process moves on to the next process. Then, the same operation as described above is repeated in the next terminal authentication. Then step B
At step 6, when it is determined that the contents of the upper 4 bits C1 of the counter 70 have reached "4", the card is invalidated as authentication failure.

When such terminal authentication is completed, in step 80 of Figure 4, the user is authenticated, that is, the password r is entered.
PINJ verification is performed. In this case, step A6
In the rPINJ verification in
Similar to the terminal authentication in Step 5, continuous authentication errors and discontinuous authentication errors may be detected.
Continuously occurring authentication errors and discontinuously occurring authentication errors may be detected only during verification. When the IPINJ verification in step 80 is established, the process proceeds to step A7, and upon completion of the transaction, the IPINJ verification is completed.
The card 5 is ejected from the card insertion slot 4 of the terminal 1, and the process ends.

Therefore, in this way, in terminal authentication, it is possible to count the number of occurrences of authentication errors that occur discontinuously but not more than a predetermined number of times consecutively, and to detect the number of times that authentication errors occur discontinuously from this count. At the same time, the failure of authentication is determined when the number of errors reaches a predetermined number, so it can be used in cases where it is difficult to obtain authentication due to almost fraudulent use, or when it is difficult to obtain authentication due to a defect in the IC card or terminal hardware. It becomes possible to know in advance of defects that could not be checked, and the operational stability of the IC card system can be dramatically improved.

It should be noted that the present invention is not limited to the above-mentioned embodiments, but can be implemented with appropriate modifications without changing the gist.

[Effects of the Invention] According to the present invention, by detecting authentication errors that occur discontinuously during authentication of terminals, etc., it is possible to dramatically improve the stability of IC card system operation.

[Brief explanation of the drawing]

FIG. 1 is an external view showing an embodiment of the present invention, FIG. 2 is a block diagram showing the circuit configuration of the terminal of the same embodiment, and FIG.
The figure is a block diagram showing the circuit configuration of the IC card of the same embodiment, FIGS. 4 and 5 are flowcharts for explaining the operation of the same embodiment, and FIG. 6 is a diagram for explaining the same embodiment. be. 1...Terminal, 2...Keyboard, 3...Display section, 5...IC card, 13...Working RA
M, 17... Main controller, 21... Comparator, 22... Encryption decoder, 41... Encryption key storage unit,
52...Answer to reset storage section, 53...
Working RAM 155: Control unit, 57: Random number generation unit, 59: Authentication key storage unit, 62: Data holding unit, 63: Comparator, 70: Counter. Applicant: Casio Kei Sifter Co., Ltd. Figure 5 (1) F-18]
2 times Hidden F]] Mouth “I can (3) F-3U3 匝] [“Work j] [■ Ko (a) (1) Air 10 Masa no Ryo ■ Loco (2) Rokon ○K Hidden Σ [口】Go1 (3) Error 1 concave 匡logo■C口（4）Verification to 0 ■drunk]*]Go] (5) F-1[] 大亭工工 I亙!ko (6)Verification OK
0011001 page (7) F - 1st verse ■] B mouth “ΣKO (b) Figure 6

Claims (1)

[Claims] In an IC card system in which authentication is performed by comparing externally provided authentication information with internal information on an IC card and a terminal in which the card is installed, the number of discontinuous errors that occur due to the above authentication is counted. An authentication information verification method characterized in that when the count reaches a predetermined value, it is determined that the authentication is unsuccessful.