JPS6356775A - Portable storage medium processor - Google Patents

Abstract

PURPOSE:To contrive to improve a security by reading and writing data without passing through a host control means at the time of reading the data from a data holding device, holding the read data and writing the holding data into an IC card. CONSTITUTION:A key card KC and a fixed data card FC to hold the data common to the IC card to be written into a non-issued IC card are used, the data common to the IC card held at these key card KC and fixed data card FC are read by a reading writing control part 39, held in the built-in data buffer once, thereafter, written into the IC card. These processings are executed in any cases by a CPU 28 to control a reading writing control part 39, do not pass through a host processor 12, therefore, the data to be written into the IC card do not leak to the external part.

Description

DETAILED DESCRIPTION OF THE INVENTION OBJECTS OF THE INVENTION Field of Industrial Application The present invention relates to a portable storage medium processing device that issues portable storage media such as IC cards.

(Prior art) Cards with magnetic stripes, so-called magnetic cards, which are generally used for identification cards or credit cards, have a small amount of stored data and are easy to read, so they have low security. There's a problem.

Therefore, recently, portable storage media, so-called IC cards, which have high security for reading out stored contents and have a large storage capacity, are being used. This type of IC card is usually handed over from the card manufacturer to the card issuer in an unissued state, and the card issuer writes predetermined data on it, issues it, and hands it to the user. .

By the way, in the conventional IC card issuance processing method, data written on a magnetic tape or floppy disk is directly input to a card reader/writer via a host computer, as in the case of conventional magnetic card issuance.
A method was used in which the IC card was issued by writing on an unissued IC card.

However, in such conventional processing methods, there is a very large possibility that the data written on the IC card will be easily leaked to the outside, and therefore there is a drawback that security for the processing device is poor.

(Problems to be Solved by the Invention) As mentioned above, in the conventional processing method, there is a very large possibility that the data written on the portable storage medium will be easily leaked to the outside, and therefore, the security is poor. There is.

SUMMARY OF THE INVENTION Therefore, the present invention aims to eliminate the above-mentioned drawbacks and provides a portable storage medium processing device with high security that is suitable for a portable storage medium with high security.

[Structure of the Invention] (Means for Solving the Problems) A portable storage medium processing device of the present invention writes predetermined data to a portable storage medium. a data holding device holding data common to the portable storage medium to be loaded; a read/write control means for reading the data from the data holding device, temporarily holding it, and writing the held data to the portable storage medium; and a host control means for controlling the read/write control means, and the host control means is provided for reading data from the data holding device, holding the read data, and writing the held data to the portable storage medium. It is characterized by no intervention.

(Function) Data can be read from the data storage device, the read data is retained, and the retained data is written to the portable storage medium without using the host control means, so the data can be easily transferred to the outside. No more leaking,
Security becomes extremely high.

(Example) Hereinafter, an example of the present invention will be described with reference to the drawings.

FIG. 3 shows an example of a portable storage medium according to the present invention.
The appearance of an IC card with a magnetic stripe after being issued is shown. That is, 1 is a card body, which is made of, for example, a rectangular thin plastic plate. A magnetic stripe 2 is provided at the end of the front surface of the card body 1 in the form of a strip in the longitudinal direction. In addition, on the surface of the card body 1, embossed information 3 is written on an embossed print.
is formed. The embossed information 3 includes, for example, the name of the card holder, the account number, and the expiration date of the card.
It consists of identification information of the cardholder.

Furthermore, the surface of the card body 1 is electrically connected to an integrated circuit (IC) 4 embedded in the card body 1, and serves as an input/output terminal for electrical contact with a card reader/writer (not shown). A contact portion 5 is provided. The integrated circuit 4 includes a control section (for example, a microprocessor) 6 and a memory section (for example, an EEPROM) 7. In addition, emboss information 3 is required before issuance.
is not formed.

FIG. 2 shows an external perspective view of an IC card processing device that issues IC cards as an example of a portable storage medium processing device according to the present invention, and FIG. 1 shows a block configuration diagram thereof. That is, 11 is a host control unit, which includes a host processor 12 consisting of a control section (not shown) and a memory section containing a control program, and a hard disk drive 13 that stores a program for controlling the entire apparatus and the processing contents of the apparatus. and a floppy disk 1 for inputting data that is part of the data to be written on the IC card, which differs from IC card to IC card, such as the name of the card holder and the account number for a cash card.
It serves as a host for the device consisting of lt14. Numeral 15 is a magnetic tape unit for inputting different data for each IC card, similar to the Fronbi disk device 14, and is connected to the host processor 12. It is also possible to use the magnetic tape created by the host computer's magnetic tape unit from the list of new subscribers registered in the host computer of the current system.

16 is a keyboard for performing various operations, and 17 is a CRT display device for displaying operating procedures, status, etc., and these are connected to the host processor 12.

18 is a card reader/writer, and the host processor 12
It is possible to insert an access key card AC to activate the device. Here, as the access key card AC, for example, an IC card similar to the IC card shown in FIG. 3 is used.

However, it is assumed that the magnetic stripe 2 and the embossed information 3 are not provided.

19 is a printer that creates a shipping note for shipping the issued IC card to its owner, and 20 is a printer that sends the card holder's temporary PIN (which can be changed by the card holder) to the IC card holder. is a printer that creates an issue notification 121 for separate notification, and these printers are connected to the host processor 12. The issuance notice 21 created by the printer 20 is structured as shown in FIG. 5, for example. That is, an envelope-shaped issuance notice 21 is formed on two stacked sheets of paper 22 with the peripheral edge (hatched area 23) glued in advance, and can be cut at perforations 24 provided on the peripheral edge. ing. Then, address/name 25, temporary password 26, etc. are printed on this issuance notice 1121. In this case, the area where the address/name 25 is printed will also be colored on the first sheet on the front, and the area where the temporary PIN number 26 will be printed will be colored only on the front (inside) of the second sheet on the back, and the area where the temporary PIN number 26 will be printed will be colored only on the front (inside) of the second sheet. is designed not to develop color. This results in
The temporary identification number is written in such a way that only the card holder can know it.

27 is an issuance processing unit that processes the IC card to be issued, and is connected to the host processor 12. The issue processing unit 27 is configured as follows. That is, 28 is a microprocessor, and host processor 1
IC card issuance control according to commands from 2, that is, control to write magnetic data on the magnetic stripe 2 of the IC card, control to form embossed information 3 on the IC card, and write data to the memory section 7 of the IC card. Control etc. 29 is a keyboard, and 30 is a display device, which are connected to the microprocessor 28. The keyboard 29 is used for inputting a PIN number and for book issuance processing unit 27.
Used as input for test operation, reset in case of trouble, etc. The display 30 displays the status of the main issue processing unit 27, the results of test operations, and the like.

31 is a hojipa for storing an unissued IC card; 32 is an encoding unit for writing magnetic data; 33 is an embossing unit for forming and recording embossed information; and 34 is a reader/writer for reading and writing data to the IC card. A unit 35 is a destruction unit that destroys (for example, punches a hole) a defective IC card, and 36 is a sorting section that sorts the IC cards, and these are processed by the microprocessor 28. 37 is a power supply for storing defective IC cards, and 38 is an IC that has been issued.
This is a stacker that stores cards. Reference numeral 39 denotes a read/write control unit having a data buffer for temporarily holding data and an operation function, and is connected to the microprocessor 28 and the reader/writer unit 34. 40 is a card reader/writer for reading and writing data to the key card KC; 41 is a card reader/writer for reading and writing data to the fixed data card; these are read/write control units; It is connected to 39.

That is, unissued IC cards are stacked and stored in a hopper 31, and are taken out one by one in response to a signal from the microprocessor 28. The IC card taken out from the hopper 31 is sent to an encoding section 32 where magnetic data is written.

After a detector (not shown) detects that the IC card has arrived at the encoder 32, the microprocessor 28 writes magnetic data on the magnetic stripe 2 using a write/read head (magnetic head) (not shown). After writing is completed, the microprocessor 28 reads the written data, checks whether the written data is correctly written, and then transfers the IC card to the embossing unit 33.
send to If the written data is incorrect, magnetic data is written again, and then a check F is performed.

If writing still cannot be done correctly, pass through the embossing unit 33 and then write to the reader/writer unit 3.
4, and is sent to a destruction unit 35, where a hole 8 is made in the magnetic stripe 2, for example, as shown in FIG. This makes it impossible to use the IC card, and also makes it possible to visually determine that it is a defective IC card. Further, if the emboss information 3 has been formed, a hole 9 is also made in the emboss information 3 portion as shown in FIG. 4, for example. Regarding electrical recording, it is possible to write a void command in the memory section 7 so that the IC card cannot be used by the control section 6 of the IC card, so it is not necessarily necessary to destroy the IC card by drilling a hole or the like. This not only makes it impossible to use this IC card in a terminal that can use it, but also makes it possible to determine that this IC card cannot be used without using a device. The punching of the magnetic stripe 2 and the embossed information 3 and the writing of a void command into the memory section 7 are performed in the following manner.

The first is when the magnetic stripe 2 is defective, the writing to the magnetic stripe 2 is completed normally but there is an error in the middle of forming the embossed information 3, and the second is when the embossed information 3 is formed normally. and cases where the embossed information 3 is formed normally but not normally (for example, when the last digit of the account number is embossed with an incorrect number) and it is impossible to write to the memory unit 7. It is. Third, although the magnetic stripe 2 and emboss information 3 are normal, a part of the memory section 7 is defective, so it is not a normal IC card. If possible.

In the first case, a hole 8 is made in the magnetic stripe 2 by the destruction unit 35, and a hole 8 is made in the magnetic stripe 2 by the reader/writer unit 34.
A void command is written in the memory section 7. Although the emboss information 3 is not formed at all, since it is incomplete, it can be determined by looking at it, and therefore there is no need to make holes with the destruction unit 35.

In the second case, since the magnetic stripe 2 is written normally and the embossed information 3 is formed normally, each part of the magnetic stripe 2 and embossed information 3 is punched by the destruction unit 35. Let's do it. Since it is not possible to write into the memory section 7, there is no need to write a void instruction in the reader/writer unit 34, or rather, it is impossible to write the void instruction itself.

In the third case, each part of the magnetic stripe 2 and embossed information 3 is punched by the destruction unit 35, and a void command is written in the memory section 7 by the reader/writer unit 34.

After the above-mentioned unusable processing is applied to the defective IC card, the defective IC card is divided into sections by the sorting section 36, and the defective IC card is stacked in the reject stacker 37.

The IC card on which magnetic data has been normally written and sent to the embossing unit 33 has embossed information 3 formed thereon. Here, we generally use character types (
Although raised characters are formed on the upper side by pressing (convex and concave), raised characters may also be formed by pasting characters. When forming emboss information 3 by pressing a character mold, the position of the press mold for each character is checked, and the microprocessor 28 checks whether or not the emboss is done correctly. Immediately after this happens, embossing is stopped and the above-mentioned unusable process is performed. Of course, the data to be embossed is controlled by the microprocessor 28.

When the embossed information 3 is normally formed, the IC card is sent to the reader/writer unit 34, and the contact portion 5 of the IC card is placed at the contact position of the reader/writer unit 34.
came and was stopped. After that, the reader/writer unit 34
1 by the microprocessor 28 so that the contact portion (not shown) of the IC card comes into contact with the contact portion 5 of the IC card.
11111 is done.

When the microprocessor 28 inputs a signal indicating that the contact of the contact portion 5 is completed to the three read/write control portions, the read/write control portion 39 supplies power to the control portion 6 and the memory portion 7 via the contact portion 5. supply and send a start signal (command).

After receiving a reply signal (response) from the IC card control unit 6, the read/write control unit 39 reads the key card KC inserted into the card reader/writer 40 and the fixed data inserted into the card reader/writer 41. The data from the card FC is written into the memory section 7 of the IC card and checked. Here, when the read/write control unit 39 confirms that the data has been written normally,
In response to the signal from the read/write controller 39, the microprocessor 28 controls the reader/writer unit 34 to separate the contact section (not shown) from the contact section 5 of the IC card. Thereafter, under the control of the microprocessor 28 , it passes through the breaking unit 35 and becomes the dividing section 36 .
IC cards on which all writing has been normally completed are stacked in the stacker 38. Here is the key card K
For example, an IC card similar to the IC card shown in FIG. 3 is used as the C and fixed data card FC. However, it is assumed that the magnetic stripe 2 and the embossed information 3 are not provided.

The three components of magnetic data, embossed information, and electronic recording are finally brought to an electronic recording unit, i.e., reader/writer unit 34.

This is so that since the embossed information is written using a press, the integrated circuit 4, contact portion 5, etc. can be recorded on an undamaged IC card during this operation, that is, the product can be checked.

In addition, in FIG. 2, 42 is the I in the stacker 37°38.
This is an exit door for taking out the C card.

FIG. 6 shows the contents of the memory section 50 of the access key card AC. 51 is a control program area where a control program is stored, 52 is a terminal access code area where a terminal access code is stored, 53 is a card access code area where a card access code is stored, and 54 is a pin number stored therein. PIN code area, 55
56 is a user name area for storing the user's name (code); 56 is a void area for storing void commands;
57 is an error count area for counting errors, and 58 is an issuance record area for recording issuance.

FIG. 7 shows the contents of the memory section 60 of the key card KC. 61 is a control program area that stores a control program, 62 is an issue code area that stores an issue code, 63 is a terminal access need area that stores a terminal access code, and 64 is a card access code area that stores a card access code. 65 is a PIN area that stores the PIN number, 66 is the user name area that stores the user's name (code), and 67 is the issuing name plate that stores the PIN number. Name plate PIN number area, 68 is an issuer record area for storing issuer records, 69 is a void area for storing void instructions, 7
0 is an error count area for counting errors, and 71 is an issuance record area for recording issuance.

Figure 8 shows the memory section 80 of the fixed data card FC.
It shows the contents. 81 is a control program area that stores a control program, 82 is an issue code area that stores an issue code, 83 is a terminal access code area that stores a terminal access code, and 84 is a card access code 3a! '! 85 is a PIN area that stores a PIN number, 8G is a user name area that stores a user's name (code), and 87 is a void area that stores a void command. , 88 is an error count area for performing error counting, 89 is an issue number area that stores the number of issued cards (number of processed cards), and 90 is data that stores common data for IC cards to be written in the IC card. area. The above issued number is stored in advance by, for example, the administrator (full-time person), and is
This is the number of C cards.

FIG. 9 shows the contents of the memory section 7 of the IC card after it is issued. 91 is a basic control program area that stores basic control programs; 92 is a manufacturer record area that stores manufacturer records; 93 is a publisher record area that stores issuer records; and 94 is an issue record area. Reference numeral 95 is an application program area for storing an application program, reference numeral 96 is a carryer record area for carrying out carryer record, and reference numeral 97 is an empty area.

Next, the operation of the above configuration will be explained with reference to the flowchart shown in FIG.

First, when this Hffi is powered on, the host processor 12 performs initial settings, and if there is no problem, the display W1
17, a message "Please insert the access key card" is displayed (Sl). Here, the operator inserts the access key card AC into the card reader/writer 18 (S2). Then, the access key card AC is supplied with power and activated, and a check is made between the access key card AC and the host processor 12 to see if the inserted access key card AC is compatible with this device. It is done (S3.S4). This compatibility verification is performed, for example, in the following manner.

That is, a terminal access code is stored in the terminal access code area 52 of the memory section 50 of the access key card AC, and by requesting this terminal access code from the host processor 12 and returning it to the host processor 12, the host It is compared with a code registered in the processor 12. Next, the host processor 12 sends the card access code to the access key card AC, and the access key card A is checked against the card access code in the card access code area 53 of the memory section 50.
Do this in C. By any method, it is verified that the host processor 12 and the access key card AC can access each other. If the host processor 12 and the access key card AC cannot be matched here, the access key card AC is connected to the card reader.
It is ejected from the writer 18 (S5), and the entire process ends.

Note that since the access key card AC was different, if another access key card AC is used, the process will start from the first step.

In step S4, if the host processor 12 and the access key card AC are matched, the host processor 12 reads out all the data in the memory section 50 of the access key card AC and temporarily holds it (86), and displays the display device 1.
7 displays a message "Please enter your password" (S7). Here, the operator uses keyboard 1
6 to input the password (S8). This input password is sent to the host processor 12, and upon receiving it, the host processor 12 reads it from the access key card AC and compares it with the password stored in the password area 54 (S9). If the passwords do not match here, the value in the error count area 57 read from the access key card AC and held is checked (S10). For example, when the number of mismatches reaches three, if the access key card AC is controlled to be unusable, it is checked whether the number of mismatches (errors) is three. Here, if the number of mismatches has not reached three, the value in the error count area 57 of the memory section 50 of the access key card AC is counted up by one (S11), and the display device 17
The message "Password code not verified, please enter the code again" is displayed, but the operation returns to step S7. Then you will have to enter your PIN again. On the other hand, if the number of mismatches has reached 3, the host processor 12 clears the temporarily held data of the access key card AC (512) and sends a void command to the void area 56 of the memory section 50 of the access key card AC. Writing (S13), and subsequent use of the access key card AC is disabled. This method is carried out, for example, by issuing an unusable code instead of the terminal access code when verifying the host processor 12 and the access key card AC. In this way, when the access key card AC is voided, the contents of the user name area 55 of the memory section 50 of the access key card AC are read out by the printer 19, such as the user's name, unverified comments, and the date. is printed (S14), and the entire process ends after this printing is completed. The access key card AC is ejected from the card reader/writer 18 after the user's name is read before the above printing.

If the passwords match in step S9, the host processor 12 causes the display device 17 to display a message "insert key card" (815). Here, the key card KC is inserted into the card reader/writer 40 (S16). Then, the key card KC and the read/write control unit 39 verify that they can access each other in the same manner as the host processor 12 and the access key card AC described above (81).
7,818). If the key card KC and the reading/writing control unit 39 cannot be matched here, the key card KC is ejected from the card reader/writer 40 (3
19). If there is a new keycard KC, i.e. if you have inserted a different keycard KC by mistake, you can insert another correct keycard KC (820
). If there is no other key card KC, press the end key on the keyboard 16 (S21).

Then, the read/write control section 39 reads the data buffer? 822), after the contents of the user name area 55 of the memory section 5o of the access key card AC are read out, the access key card AC is cleared by the card reader/writer 1.
8 (823). At the same time, the printer 19 prints the user's name read from the user's name area 55 together with the date (824), and after this printing is completed, the entire process ends.

In step 318, if the key card KC and the read/write controller 39 are matched, the read/write controller 39 reads out all data in the memory section 60 of the key card KC and temporarily holds it in the data buffer (525). In addition, by receiving a signal from the reading/writing control unit 39 via the microprocessor 28 indicating that the verification has been completed, the host processor 12 causes the display device 17 to display the message "Enter your password" (826). >.

Here, enter your password using the keyboard 29 (
827). If the password is entered by the administrator rather than by the operator using the access key card AC, the security of the IC card issuance operation will be enhanced. Also, inputting the PIN number is done on the keyboard 1.
Since the process is performed using the keyboard 29 provided in the issuance processing unit 27 instead of using the computer 6, security is enhanced as there is no wiring to the outside to prevent eavesdropping during the process.

The password entered on the keyboard 29 is sent from the microprocessor 28 to the three read/write controllers, and the read/write controller 39 that receives it reads it from the key card KO and stores it in the data buffer, which is the password area. 65 is verified (828). This verification result is sent from the read/write control unit 39 to the host processor 12 via the microprocessor 28.

Therefore, the display of the matching result (match, mismatch) can be confirmed on the display device 17, but the matching result is also displayed on the display 30 of the issuing processing unit 27, and the PIN number of the key card KC is input in the issuing processing unit 27. It is easy to operate for those who use it.

If the passwords do not match in step 828, the read/write controller 39 checks the value in the error count area 70 read from the key card KC and held in the data buffer (S29). For example, if the number of discrepancies reaches 3, if the key card KC is controlled to be unusable, the number of discrepancies (errors) will be 3.
Check to see if it is turned on. Here, if the number of mismatches has not reached three times, the value in the error count area 70 of the memory section 60 of the key card KC is counted up by one (830), and the display 17 displays "Password mismatch. A message asking you to enter the PIN again will be displayed, but the operation will return to step S26.Then you will have to enter the PIN again.On the other hand, if the number of mismatches has reached 3, the Write control unit 39
flares the contents of the data buffer (831), writes a void command to the void area 69 of the memory section 60 of the key card KC (832), and disables the use of the key card KC thereafter.

This method is carried out, for example, by issuing an unusable code instead of the terminal access code when checking the read/write control section 39 and the key card KC. In this way, when the key card KC is voided, the contents of the user name area 55 of the memory section 50 of the access key card AC and the contents of the user name area 66 of the memory section 60 of the key card KC are read out. After that, the access key card AC is ejected from the card reader/writer 18 and the key card KC is ejected from the card reader/writer 40. At the same time, the printer 19 prints the user's name read from the user's name area 55, the user's name read from the user's name area 66, unverified comments, date, etc. (333).

After such processing, the operation of the apparatus ends, and if it is to be operated again, it must be restarted from the beginning.

If the passwords match in step 828, the host processor 12 causes the display device 217 to display a message "insert fixed data card" (834). Here, fixed data card F
C into the card reader/writer 41 (S35).

Then, the fixed data card FC and the read/write control unit 39 perform verification in the same manner as the above-mentioned three read/write control units and the key card KC verify that they can access each other (336 ,837
). If the fixed data card FC and the three reading/writing control units cannot be matched here, the fixed data card FC is connected to the card reader/writer 41.
(838). If there is a new fixed data card FC, that is, if a different fixed data card FC was inserted some time ago, another correct fixed data card FC can be inserted (S39). If there is no other fixed data card FC, press the end key on the keyboard 16 (840
). Then, the reading self-installation control section 39 clears the contents of the data buffer (S41), the contents of the user name area 55 of the memory section 50 of the access key card AC, and the user name area 66 of the memory section 60 of the key card KG. After the contents of each are read out, the access key card AC is transferred from the card reader/writer 18 to the key card K.
C are respectively ejected from the card reader/writer 40 (842), and at the same time, the printer 19 reads the user name read from the user name area 55, the user name read from the user name area 66, the comment and The date etc. are printed (843). After such processing, the operation of the apparatus ends, and if it is to be operated again, it must be restarted from the beginning.

In step S37, the fixed data card F
If the reading/writing controller 39 is able to match the reading/writing control section 39, the reading/writing section 39 reads out all the data in the memory section 80 of the fixed data card FC and temporarily holds it in the data buffer (844), and then reads the fixed data card FC. Verify data card FC and key card KC (
345°846). This verification can be done, for example, by key card K.
Compare the issued code in the issued code area 62 read from the fixed data card FC and held in the data buffer with the issued code in the issued code area 82 read from the fixed data card FC and held in the data buffer. It is carried out by Both the key card KC and the fixed data card FC are used as bare cards, and therefore it is necessary to perform the above verification. Fixed data card FC has different issuers but is used in the same way (for example, if OO Bank and XXX Bank are affiliated and can be used with each other, it will be the same application), key card KC and fixed data card FC It is effective to separate the data card FC and data card FC. In this case, by creating a plurality of issue codes in the issue code area 82 of the memory section 80 of the fixed data card FC, it becomes possible to deal with key cards KC from different issuers. Of course, by storing all the data of the fixed data card FC (data to be written to the issued IC card) in the key card KC, it is also possible to start the present device with only the key card KC. In this case, initial settings can be made using the keyboard 29 of the issue processing unit 27.

In step 846, if the key card KC and the fixed data card FC cannot be matched, the process proceeds to step 838 where the fixed data card FC is ejected, and the fixed data card FC and the reading/writing control section 39 described above are connected. The same processing as when no match is made is performed.

In step 846, if the key card KC and fixed data card FC are matched, a signal to that effect is sent from the read/write control section 39 to the microprocessor 2.
8, the host processor 12 causes the display device 17 to display a message "Enter your password" (847). Here, key card K
The password KN code is inputted using the keyboard 29 in the same manner as inputting the password number C (848). This is also a key card KC
If the administrator, rather than the operator using the access key card AC, enters the PIN number, the security of the IC card issuance process will be enhanced.

The PIN entered on the keyboard 29 is sent from the microprocessor 28 to the read/write controller 39, and upon receiving it, the read/write controller 39 reads out the PIN from the fixed data card FC and stores it in the data buffer. Verify with the PIN number in area 85 (S
49). This verification result is transmitted from the read/write control unit 39 to the host processor 12 via the microprocessor 28.
sent to. Therefore, the display of the matching result (match, mismatch) can be confirmed on the display @17, but the matching result is also displayed on the display 30 of the issuing processing unit 27, and the fixed data card
This makes the operation easier for those who have entered the PIN code of C.

If the passwords do not match in step S49, the read/write controller 39 checks the value in the error count area 88 read from the fixed data card FC and held in the data buffer (850). For example, if the number of discrepancies reaches 3, if the fixed data card FC is controlled to be unusable,
Check whether the number of mismatches (number of mismatches - number of errors) is 3. Here, if the number of mismatches has not reached three times, the memory section 80 of the fixed data card FC
The value in the error count area 88 is incremented by one (S51), and the message "Password code mismatch, please enter the code again" is displayed on the display device 17, but the operation continues at step 347. Return to So again,
You will have to enter your PIN number. On the other hand, the number of discrepancies is 3
If the number of times has been reached, the read/write control section 39 clears the contents of the data buffer (852), sends a void command to the void area 87 of the memory section 80 of the fixed data card FC (853), and performs subsequent fix operations. Disable the use of the data card FC. This method is performed by, for example, outputting an unusable code instead of the terminal access code when comparing the read/write control unit 39 with the fixed data card FC. In this way, when the fixed data card FC is voided, the contents of the user name area 55 of the memory section 50 of the access key card AC and the contents of the user name area 86 of the memory section 80 of the fixed data card FC After the contents are read, the access key card AC is ejected from the card reader/writer 18 and the fixed data card FC is ejected from the card reader/writer 41. At the same time, one printer prints the user name read from the user name area 55, the user name read from the user name area 86, unverified comments, the date, etc. (854).

After such processing, the operation of the apparatus ends, and if it is to be operated again, it must be restarted from the beginning.

If the passwords match in step S49, the host processor 12 causes the display device 17 to display a message "Enter data" (855). Here, a floppy disk (or magnetic tape), which is a file of different data for each IC card to be written to the IC card to be issued, is set in the floppy disk device 14 (or magnetic tape unit 15) (S56
). Next, an unissued IC card is set in the hopper 31 of the issuing processing unit 27 (S57). Next, by pressing the start key on the keyboard 16 (8
58), the startup of this device is completed.

When the startup is completed in this manner, the host processor 12 reads the IC card issue data from the floppy disk device 14 and sends it to the microprocessor 28. Then, the microprocessor 28 takes out one IC card from the hopper 31 (859). When the removed IC card comes to the encoding section 32, the microprocessor 28 writes the data sent from the host processor 12 onto the magnetic stripe 2 of the IC card (860). Allegory ends,
The microprocessor 28 reads the written data and checks whether the written data has been written correctly by comparing it with the data stored in the microprocessor 28 and sent from the host processor 12. (861).

If the writing is incomplete in this check, the microprocessor 28 writes the data again (S62). Then, the check is performed again (863), and if the writing is still incomplete, the IC card is sent to the destruction unit 35 as a defective IC card, and the magnetic stripe 2 has a hole 8.
is opened (864) and stacked in the reject stacker 37 by the sorting section 36 (865). Then, the recording is performed by the host processor 12 on the hard disk drive I! Recorded on 13th. When a defective IC card is accumulated in the reject stacker 37, the microprocessor 28 returns to step 859 and transfers the next IC card from the hopper 31.
You will have to take out your card.

If the check in step 861 or 863 shows that the entrapment is normal, the IC card on which the magnetic data has been written is sent to the embossing unit 33, and embossed information 3 is formed by the microprocessor 28 (866).

Since the embossing is performed by pressing one character at a time, the microprocessor 28 performs the embossing while checking the pressed character position one character at a time (867).

Therefore, when one character is erroneously embossed during embossing, the embossing is stopped and the IC card is sent to the destruction unit 35 as defective (368). The embossed information is usually at least the number (account number in banks) and name of the person carrying the IC card, so if it forms one line of either of these, or both, it is impossible to use it fraudulently. Destroy the embossed information 3 part.

Here, in order to emboss the wearer's number first, a hole 9 is made in the part corresponding to the number using the destruction unit 35.

In this case, the progress of embossing formation is determined (the microprocessor 28 checks the point at which embossing is interrupted).
, (369), the microprocessor 28 punches only the magnetic stripe 2 (870) or punches both the magnetic stripe 2 and the embossed information 3 (871), and then proceeds to step 865. They are accumulated in a reject stacker 37.

When the embossed information 3 is accurately formed, the IC card is sent to the reader/writer unit 34, and the contact part 5 comes to the contact position of the reader/writer unit 34 and is stopped. Then, the microprocessor 28 controls the contact part (not shown) of the reader/writer unit 34 to come into contact with the contact part 5 of the IC card, and then reads and writes a signal indicating that the contact part has been brought into contact with υJ.
t[Send to 1st section 39. Upon receiving this signal, the read/write control section 39 supplies power to the control section 6 and memory section 7 of the IC card, and performs initial signal transfer (memory section 7
The basic control program in the basic control program area 91 is written when the IC card is manufactured, so initial signal exchange is possible). Once the initial signal exchange is complete,
The key card KC is compared with the issued IC card via the read/write control section 39 (872, 873).
).

This verification method is performed, for example, by verifying the issued right board PIN number. It is considered that when an unissued IC card is handed over from a manufacturer to an issuer, a password is set for the exchange between the manufacturer and the issuer to prevent unauthorized use by a third party. Furthermore, since this PIN is required only when the IC card is delivered, the issued right board PIN is used as a separate PIN after the IC card is issued. Verification using the issued right plate PIN number is performed in the following manner. First, the three reading control units read out the key card KC, hold it in a data buffer, and send it to the control unit 6 of the IC card that issues the issued right board PIN in the issuer board Ifa identification number area 67. . The control unit 6 controls the issuer record area 93 (
The issued right board PIN written by the manufacturer in the area for writing data such as the issuer's name and issuer code is read out and compared with the issued right board PIN sent from the read/write i control unit 39. If the issuing right plate PIN number does not match after this verification, the writing of the magnetic data and the formation of the embossed information have been completed, so the IC card is sent to the destruction unit 35 (<874), and the magnetic stripe 2 and the embossed A hole is punched in the information 3 portion (S75), and the process then proceeds to step S65, where the information 3 is accumulated in the reject stacker 37.

If the issued right board PIN numbers match in step 873, the read/write control unit 39 reads the fixed data in the issuer record area 93I3 and the application program area 95 of the memory unit 7, and the fixed data in the bearer record area 96 for each issued IC card. variable data (carrier's name,
account number, etc.) (876). This writing is performed as follows. First, fixed data canid F
The fixed data in the data area 90 read from C and held in the data buffer is written into the memory section 7. The fixed data contents are stored in the application program area 95.
These include application programs to be written in the area, area divisions of the issuance record area 94 and the bearer record area 96, and the like. When writing of this fixed data is completed, the contents of the issuer recording area 68 read from the key card KO and held in the data buffer are written into the issuer recording area 93 of the memory section 7. When writing of these data is completed, the read/write control section 39 controls the microprocessor 28.
The variable data for the wearer sent from the host processor 12 via the host processor 12 is written into the wearer recording area 96 of the memory section 7.

In this way, when data writing to the memory section 7 is completed,
The read/write control unit 39 reads the written data and compares it with the data from the fixed data card FC and key card KC held in the data buffer and the data from the host processor 12, thereby updating the data in the memory unit 7. The written data is checked (S77). As a result of this check, if the writing is defective, the data is written to the memory section 7 again (878). Still, there is a write failure again (879
), if the application is possible to some extent, although not completely (S80), void data is written in the issue recording area 94 of the memory unit 7 so that it cannot be used (S82). If void data cannot be written on the IC card, it is sent to the destruction unit 35 as a defective IC card, and a hole is punched in the magnetic stripe 2 and embossed information 3 (
881, 883), the process then proceeds to step 865 and is accumulated in the reject stacker 37. When a defective IC card is stacked on the reject stacker 37, it is checked by the microprocessor 28 and sent from the microprocessor 28 to the host processor 12.
The number of defective sheets is recorded in the hard disk device 13.

If the writing is normal in the check in step 877 or 879, the read/write control unit 39 calculates the temporary carrier PIN number using random numbers (584), and records the calculated temporary carrier PIN number in the memory unit 7. Write to area 96 (885). Next, the read/write control section 39
Access key card AC held in data buffer
, Key Card KC and Fixed Data Card FC
The names of each user are written in the issuance record area 94 of the memory section 7 (S86). When this is completed, the read/write control unit 39 transfers data to the basic control program area 91 of the memory unit 7.
Write non-rewritable hold data in (887)
It is not possible to rewrite any password other than the temporary PIN of the bearer or the part written by the bearer when receiving the service. Then, this IC card becomes issued and is sent to the stacker 38 to be accumulated (888). At the same time, the host processor 12 uses the printer 19 to
Shipping the card All of this data can be created from the data recorded on the floppy disk of the floppy disk device 14 or the magnetic tape of the magnetic tape unit 15), and the temporary PIN number of the carrier calculated above is printed using the printer 20. A printed issuance notice 21 is created (S89). When the temporary PIN number of the bearer is printed by the printer 20, the memory in the read/write control unit 39 is erased, and as a result, the security of the Nama vlI becomes extremely old.

The read/write control unit 39 controls the I/O that has been issued to the stacker 38
When C cards are accumulated, the number of issued cards is counted up (590), and the count value and data buffer? By comparing the number of issued cards in the issued number area 89 read from the fixed data card FC held in the fixed data card FC,
It is checked whether the number of issued sheets has reached the planned number (891). As a result of this check, if the planned number of cards has not been reached, a signal to that effect is sent to the host processor 12, so after receiving the data from the host processor 12, the microprocessor 28 takes out one IC card from the hopper 31 ( 859). As a result of the check in step 891, if the scheduled number of sheets has been reached (if the number of sheets to be issued after counting up and the number of sheets to be issued in the number of issued sheets area 89 are the same), the issuance ends. Of course, even if there is data to be issued to the host processor 12 side, the issuance ends.

Note that before writing the hold data in step 887, the serial number written in the manufacturer record area 92 of the memory section 7 (a serial number is attached to each IC card manufactured by the manufacturer, along with the manufacturing record). By reading out the stored number) and writing it in the issuance record area 71 of the memory section 60 of the key card KC as the serial number of the issued IC card, it is possible to check the IC card including the manufacturing number, which is effective for management.

When the issuance is completed in this way, the read/write control section 39 stores the counted number of issued cards in the memory section 6 of the key card KC.
Write in the issue record area 71 of 0 along with the date (892
). When this writing is completed, the host processor 12 causes the display device 17 to display a message "Press the end key" (893). Here, keyboard 16
The end key is pressed (894). This results in
The host processor 12 prints the issuance record stored in the hard disk device 13 using one printer (S95). For example, as shown in FIG. 11, this issue record includes the serial number read from the IC card issued in the order of issue number 11, and the carrier number entered by the disk drive 14 (or magnetic tape unit 1-15). The name and address of the person are printed. In addition, by opening the ejection port door 42 of the issue processing unit 27, the defective IC can be removed from the stacker 37 and the stacker 38.
Take out the card and the issued IC card (
896). In addition, since defective IC cards have holes punched at least in the magnetic stripe 2 or in both the magnetic stripe 2 and embossed information 3, they can be easily distinguished from issued IC cards. There is.

After that, when the end key is pressed again on the keyboard 16 (897), the host processor 12 writes the issuance date and issuance record to the issuance record area 58 of the access key card AC, in the same way as the issuance record was written to the key card KO. The number of cards, key card code, fixed data card code, etc. are written (S98). This records what kind of issue was issued, when and how many copies were issued. Next, the read/write control unit 39 clears the contents of the data buffer (899). Then, the access key card AC, key card KC, and fixed data card FC are each ejected (8100), and all operations of this device are completed.

The IC card processing device described above uses a key card KC and a fixed data card FC that hold data common to IC cards to be stored in an unissued IC card. The data common to the held IC cards is read by the read/write controller 39 and temporarily held in a built-in data buffer, and then the data held in the data buffer is written to the IC card by the read/write controller 39. Reading data from the key card KC and fixed data card FC, holding the read data, and writing the held data to the IC card are performed by the reading port control unit 39 (and microprocessor 28) as described above. It is something to do. As a result, key card KC and fixed data card F
Read data from C, save read data 1″1
．． Since the held data can be written to the IC card without going through the host processor 12, the data written to the IC card will not be easily leaked to the outside, and security will be extremely high.

In addition, in the above embodiment, the fixed data card FC
Although the number of issued sheets (number of processed sheets) is input using the above, the input is not limited thereto, and may be inputted using a key card KC, or may be inputted using the keyboard 29 of the issuing processing unit 27.

Further, the present invention is not limited to the above embodiments, and various modifications are possible. For example, instead of the key card KC and its card reader/writer 40, a data holding device including a control unit and a memory unit that can store information that identifies the user and perform internal verification may be used, and the read/write control unit 39 may be used. It is conceivable to connect it with a removable contact point.

Similarly, the fixed data card FC and its card reader/writer 41 are also data storage devices equipped with a control unit and a memory unit that can store and internally check information that identifies the user, and control reading and writing. It is conceivable to connect the part 39 with a removable contact. In addition, although a PIN number was used to identify the user of the key card KC and fixed data card FC, it is also possible to memorize the user's physical characteristics such as fingerprints or signature, and use that information for verification. be. In that case, the keyboard 29 of the issuing processing unit 27 needs to be provided with means for inputting fingerprints, signatures, etc.

Further, in the embodiment, an IC card is issued by writing predetermined data to an unissued IC card.
Although we have explained the case where it is applied to a C card processing device,
The present invention is not limited to this, but can be similarly applied to an IC card processing device that writes initialization data to an IC card, for example, at the stage of manufacturing the IC card.

Furthermore, in the above embodiment, the case where the portable storage medium is an IC card with a magnetic stripe has been explained, but the application is also applicable to the case of an IC card without a magnetic stripe or an optical memory card called a laser memory card. can.

[Effects of the Invention] As detailed above, according to the present invention, it is possible to provide a portable storage medium processing device with high security that is suitable for a portable storage medium with high security.

[Brief explanation of drawings]

The drawings are for explaining one embodiment of the present invention. Fig. 1 is a block diagram of an IC card processing device, and Fig. 2 is a block diagram of an IC card processing device.
Figure 3 is an external perspective view of the card processing device, Figure 3 is an external perspective view of the IC card after it has been issued, Figure 4 is an external perspective view of a defective IC card, and Figure 5 is the printing of a notice of issuance of the temporary PIN number of the bearer. Figure 6 shows the contents of the memory part of the access key card, Figure 7 shows the contents of the memory part of the key card, and Figure 8 shows the contents of the memory part of the fixed data card. FIG. 9 is a diagram showing the contents of the memory section of the IC card after it is issued, FIG. 10 is a flowchart explaining the operation, and FIG. 11 is a diagram showing an example of printing of the issuance record. 6...IC card control unit, 7...I
C card memory section, 11... host control unit, 12... host processor, 27...
...Issuance processing unit, 28...Microprocessor, 34...Reader/writer unit, 3
9...read/write control section, 40.41...
...Card reader/writer, 6o...Key card memory section, 80...Fixed data card memory section, KO...Key card, FC
...Fixed data card. Applicant's representative Patent attorney Takehiko Suzue Figure 3 Figure 4 Figure 5 Figure 6 Figure 8 Figure 9 (C) Figure 10 Procedural amendment θ2.1.12 Showa year Mon/Japan Commissioner of the Japan Patent Office Black 1) Akio Yu 1, Indication of the case Patent Application No. 1989-199923 2, Name of the invention Portable storage medium processing device 3, Person making the amendment Relationship with the case Patent applicant (307) Toshiba Corporation 1-, (Idiot) 1 person) 4, Agent USE Building 7, 3-7-2 Kasumigaseki, Chiyoda-ku, Tokyo;
On page 7, line 19 and on page 16, lines 12 and 13 of the details of the amendment, the words ``shall not be provided'' have been replaced with ``may not be provided.'' I am corrected.

Claims (3)

[Claims] (1) A portable storage medium processing device that writes predetermined data to a portable storage medium; a data holding device that holds data common to portable storage media to be written to the portable storage medium; A read/write control means for reading the data from the data holding device, temporarily holding the data, and writing the held data to a portable functional storage medium; a host control means for controlling the read/write control means; and a host control means for controlling the read/write control means; A portable storage medium processing device characterized in that reading data from the holding device, holding the read data, and writing the held data to the portable storage medium does not involve the host control means. (2) The portable storage medium processing device according to claim 1, wherein the portable storage medium is an IC card. (3) The portable storage medium processing device according to claim 1, wherein an IC card is used as the data holding device.