EP0987651B1 - Element portable de stockage d'unites et son procede d'utilisation - Google Patents

Element portable de stockage d'unites et son procede d'utilisation Download PDF

Info

Publication number
EP0987651B1
EP0987651B1 EP98901547A EP98901547A EP0987651B1 EP 0987651 B1 EP0987651 B1 EP 0987651B1 EP 98901547 A EP98901547 A EP 98901547A EP 98901547 A EP98901547 A EP 98901547A EP 0987651 B1 EP0987651 B1 EP 0987651B1
Authority
EP
European Patent Office
Prior art keywords
cryptogram
data
point
area
points
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP98901547A
Other languages
German (de)
English (en)
Other versions
EP0987651A4 (fr
EP0987651A1 (fr
Inventor
Junichi Hikita
Yoshihiro Ikefuji
Haruo Taguchi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rohm Co Ltd
Original Assignee
Rohm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rohm Co Ltd filed Critical Rohm Co Ltd
Publication of EP0987651A1 publication Critical patent/EP0987651A1/fr
Publication of EP0987651A4 publication Critical patent/EP0987651A4/fr
Application granted granted Critical
Publication of EP0987651B1 publication Critical patent/EP0987651B1/fr
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points

Definitions

  • the present invention relates to a portable point storing member and a method of using the same, and particularly a point storing member having improved secrecy and a method of using the same.
  • Fig. 12 shows a data communication system using IC cards, and particularly a structure of a communication system using non-contact IC cards.
  • This system is formed of an interrogator 40 (e.g., mounted in a gate of a ski lift) and a non-contact IC card 100.
  • Interrogator 40 is controlled by a controller 48 to issue a high-frequency carrier wave generated by an oscillator circuit (OSC) 49 from an antenna 41.
  • OSC oscillator circuit
  • an antenna 23 of non-contact IC card 100 receives this high-frequency carrier wave.
  • a power producing circuit 25 converts the received high-frequency wave into a DC power, and supplies it to other circuit portions. Thereby, non-contact IC card 100 can start the operation when it approaches interrogator 40.
  • Information transmission from interrogator 40 to non-contact IC card 100 is performed by modulating the above high-frequency carrier wave by a modulator-demodulator circuit 46.
  • a controller 35 performs necessary processing such as change of contents of a memory 37 and return of information based on the demodulated information.
  • Interrogator 40 issues non-modulated high-frequency carrier wave, and modulator-demodulator circuit 33 in non-contact IC card 100 changes an impedance of resonance circuit 22. Interrogator 40 handles this impedance change as the impedance change of resonance circuit 42 on its own side, and modulator-demodulator circuit 46 detects and demodulates it. Controller 48 obtains the demodulated information, and performs necessary processing.
  • non-contact IC card 100 moves away from interrogator 40, the power supply is interrupted so that non-contact IC card 100 stops the operation.
  • memory 37 is a nonvolatile memory, the stored information is held even when the power supply is interrupted.
  • Memory 37 in non-contact IC card 100 described above may store predetermined points, and the data in memory 37 may be changed in accordance with the used points, whereby the IC card can be used as a prepaid card.
  • Data is communicated in an encrypted form between the interrogator and the IC card. Thereby, it is possible to prevent unauthorized change of the contents in the IC card which was once used.
  • the communication system using the IC cards in the prior art suffers from the following problems.
  • the communication data is encrypted as described above, the data can be altered if the encryption algorithm is interpreted. Therefore, it is difficult to ensure the secrecy of the system only by the encryption.
  • the interrogator may be located in a place open to the public, and particularly, in a public telephone or the like, the telephone set internally provided with the interrogator may be stolen. When stolen, instructions and commands to be sent between the interrogator and the IC card may be analyzed.
  • a point storing member which comprises storing means for storing points and a first cryptogram storing portion for storing a first cryptogram set representing the authorised user, changing means for changing the points stored in the inset storing means, input means for receiving data to be verified and comparing means comparing the data received via said input means with said cryptogram.
  • An object of the invention is to overcome the above problems, and particularly to provide a portable point storing member, which can suppress illegal use, as well as a method of using the same.
  • Point storing member 1 has portability, and includes a point storing portion 3, a read portion 5, a point changing portion 7, a point rewrite information storing portion 13 and a collating portion 11.
  • Point storing portion 3 is a portion for storing points corresponding to moneys, and have data holding portions, which can hold write data and are equal in number to the points.
  • Read portion 5 reads out the points stored in point storing portion 3 in accordance with a read instruction which is externally applied.
  • Point changing portion 7 can change each data holding portion in point storing portion 3 from an unwritten state (first state), where the write data is not held, to a written state (second state), where the write data is held, based on an externally applied point change instruction.
  • Point rewrite information storing portion 13 stores point rewrite information, i.e., information for point rewriting. Collating portion 11 collates the applied information with the above point rewrite information. Point changing portion 7 can change each data holding portion from the unwritten state to the written state, and further can change each data holding portion from the written state to the unwritten state based on a result of the collation by collating portion 11.
  • the data change which increases the points can be reliably prevented, and the points can be increased only when such information is applied that matches with the point rewrite information which has been stored in advance.
  • Non-contact IC card 10 has a whole structure similar to that in the prior art, and includes an antenna 23, a resonance circuit 22, a power producing circuit 25, a modulator-demodulator circuit 33, a controller 60 and a memory 50 which are arranged within a casing 11.
  • the manner of arranging these portions and parts in casing 11 as well as manners of power supply and data transmission are the same as those in the prior art, and therefore will not be discussed below.
  • Fig. 3 is a block diagram specifically showing controller 60 and memory portion 50 shown in Fig. 2.
  • Memory 50 has a point area 51, a setting information area 52, a secret information area 53 and a secret data area 54.
  • Point area 51 is an area for storing the points.
  • Setting information area 52 is an area for storing setting information.
  • Secret data area 53 is an area for storing a cryptogram of an IC card user.
  • Secret data area 54 is an area for storing secret data of an IC card manufacturer.
  • point area 51 can store data of 128 bytes (1024 bits).
  • Setting information area 52 can store data of 32 bytes
  • secret data area 53 can store data of 3 bytes
  • secret data area can store data of 3 bytes.
  • memory portion 50 The memory structure of memory portion 50 will now be described with reference to Figs. 4 and 5.
  • an EEPROM is employed as the nonvolatile memory.
  • Memory portion 50 is formed of cells C11 (see Fig. 4) arranged in a matrix form (not shown).
  • a voltage of 20 V is applied to bit line BL, a voltage of 0 V is applied to select line SL and a voltage of 20 V is applied to word line WL so that a line AG is set to an open state.
  • electrons are injected into a floating gate of cell C11 so that cell 11 holds the data "0".
  • voltages opposite to those for keeping the data "0" are applied. More specifically, 0 V is applied to bit line BL, 20 V is applied to select line SL and 20 V is applied to word line WL so that line AG is set to the open state (or 0 V). Thereby, electrons are discharged from the floating gate of cell C11, and data "1" is kept therein.
  • a voltage of 5 Vis applied to select line SL a voltage of 5 V is applied to word line WL, and a sense amplifier (not shown) is connected to bit line BL.
  • the result of detection by the sense amplifier changes depending on whether memory cell C11 has stored “0” or "1". Thereby, it is possible to determine whether memory cell C11 has stored data "1" or data "0".
  • each memory cell in point area 51 stores the data "0" or "1", and each of the memory cells forms the data holding portion. Further, point area 51 has the memory cells equal in number to the points which were set in advance. For 1000 points, point area 51 has memory cells of 1000 bits.
  • Setting information area 52, secret data area 53 and secret data area 54 are configured to hold data of ordinary bit lengths, similarly to the prior art.
  • Controller 60 will now be described with reference to Fig. 3.
  • Controller 60 has a main controller 69, an address decoder 65, a memory area selection detecting circuit 67, a cryptogram collating portion 63 and a read change circuit 61.
  • Main controller 69 designates an address based on the data applied from modulator-demodulator circuit 33, and applies the address to address decoder 65. Further, it applies an instruction for reading, writing or erasing to read change circuit 61. Further, main controller 69 applies a cryptogram to be collated to cryptogram collating portion 63. The address selected by address decoder 65 is detected by memory area selection detecting circuit 67, which applies the selected address to cryptogram collating portion 63 and read changing portion 61.
  • Read change circuit 61 applies the read voltage, write voltage or erase voltage shown in Fig. 5 or a disabling voltage, which will be described later, to memory portion 50 in accordance with an instruction applied from main controller 69.
  • Read change circuit 61 will now be described with reference to Fig. 6.
  • Read change circuit 61 has selected address specifying terminals Ts1 - Ts3, a mode terminal Te and a mode terminal Tf.
  • Selected address specifying terminals Ts1 - Ts3 are supplied with a signal, which specifies the selected area, from memory area selection detecting circuit 67. More specifically, when point area 51 is selected, a voltage "High” is applied to selected address specifying terminal Ts1. When setting information area 52 is selected, the voltage "High” is applied to selected address specifying terminal Ts2. When secret data area 53 is selected, the voltage "High” is applied to selected address specifying terminal Ts3.
  • Mode terminals Te and Tf receive signals from cryptogram collating portion 63.
  • read change circuit 61 selects one from the following three modes in accordance with the voltages applied to the two mode terminals.
  • mode terminals Tf and Te are supplied with voltages "High” and “Low”, respectively, a mode "1,0" (initializing mode) is selected.
  • Read change circuit 61 applies the disabling voltage to each of the area in memory 50 in accordance with the voltages applied to selected address specifying terminals Ts1 - Ts3 and mode terminals Te and Tf.
  • read change circuit 61 can apply the following voltages.
  • mode "0, 0" if the selected address which is specified by selected address specifying terminals Ts1 - Ts3 is point area 51 or setting information area 52, the write voltage shown in Fig. 5 can be issued. However, the erase voltage cannot be issued.
  • mode "1, 0" if the selected address which is specified by selected address specifying terminals Ts1 - Ts3 is point area 51 or setting information area 52, the write voltage and erase voltage shown in Fig. 5 can be issued. However, if selected address specifying terminals Ts1 - Ts3 specify secret data areas 53 or 54, the write voltage or the erase voltage shown in Fig. 5 cannot be issued. Thus, the writing and erasing shown in Fig. 5 can be performed only by point area 51 or setting information area 52.
  • Data lines of secret data areas 53 and 54 are connected to cryptogram collating portion 63 as shown in Fig. 3. Therefore, the cryptogram which is read out is not applied to main controller 69, and the cryptogram stored in secret data areas 53 and 54 can be prevented from being externally read out.
  • Cryptogram collating portion 63 is enabled when it receives a detection signal from memory area selection detecting circuit 67, and thereby determines whether the cryptogram stored in secret data area 53 or 54 matches with the signal applied from main controller 69. When they match with each other, voltage "High” is applied to mode terminals Te and Tf of read change circuit 61.
  • Cryptogram collating portion 63 will now be described in greater detail with reference to Fig. 7.
  • Cryptogram collating portion 63 has comparators 71 and 73, and a data converting circuit 75.
  • Comparator 73 applies the voltage "High" to mode terminal Tf when it receives from main controller 69 the cryptogram which matches with a cryptogram of an IC card manufacturer stored in secret data area 54.
  • Comparator 71 applies the voltage "High" to mode terminal Te when it receives from main controller 69 a cryptogram, which matches with a cryptogram formed by coalescing the data applied from data converting circuit 75 with the data applied from secret data area 53.
  • Comparator 71 may be configured such that the cryptogram stored in secret data area 53 is compared with data obtained by removing the data sent from data converting circuit 75 from the data applied from main controller 69.
  • the IC card user is required to obtain the data, which is prepared by converting the cryptogram in secret data area 54 by data converting circuit 75, from the IC card manufacturer, and apply the same, as the cryptogram to be collated, to main controller 69 after adding thereto his/her own cryptogram.
  • the cryptogram of secret data area 54 is converted and added to the cryptogram in secret data area 53 for comparison with the cryptogram data applied from main controller 69 for collation. Accordingly, the IC card manufacturer can store the cryptograms, which are different from each other and are dedicated to the IC card users, respectively, in secret data areas 53. Thereby, no confusion occurs even when two IC card users accidentally stored the same cryptogram in secret data areas 53, respectively. Thus, one of the users cannot erase the data in the IC card of the other user.
  • the specific comparator actually performing the collation is determined by a signal supplied from memory area selection detecting circuit 67. If the detected area is secret data area 54, the signal enabling the collating operation is applied to comparator 73. If the detected area is secret data area 53, the signal enabling the collating operation is applied to comparators 71 and 73.
  • step ST1 In the initial state (step ST1 which is not shown), mode terminals Te and Tf of read change circuit 61 are supplied with the voltages "Low”, and the operation is in the mode "0, 0".
  • main controller 69 determines whether the instruction applied from modulator-demodulator circuit 33 is the read instruction, remaining point removing instruction, data changing instruction or initializing instruction (step ST3).
  • step ST5 When the applied instruction is the read instruction, all the addresses in point area 51 are selected (step ST5).
  • the read instruction is issued (step ST7). Thereby, all the data in point area 51 is read and applied to main controller 69 (step ST8).
  • Main controller 69 counts and temporarily stores the bits (remaining points) holding data "1" in the applied data (step ST9).
  • step ST11 all the addresses in setting information area 52 are selected (step ST11).
  • step ST13 Thereby, the setting information stored in setting information area 52 is applied to main controller 69 (step ST14).
  • Main controller 69 temporarily stores the applied setting information (step ST15).
  • Main controller 69 issues the temporarily stored data to modulator-demodulator circuit 33 (step ST17).
  • main controller 69 reads out the remaining points which was temporarily stored in step ST9 (step ST19). The leading address of the memory cells in point area 51 holding data "1" is selected (step ST21). Main controller 69 applies the write signal (i.e., signal for holding data "0") to read change circuit 61 (step ST23).
  • Read change circuit 61 which received the write signal determines whether the current state allows application of the write voltage or not, in accordance with the voltages applied to the select address specifying, terminals and the mode terminals shown in Fig. 6.
  • the selected address is point area 51, and the mode terminals were in the mode "0, 0" in step ST1 so that it is determined that the writing can be performed, and the write voltage shown in Fig. 5 is issued (step ST24).
  • main controller 69 decrements the remaining points which were temporarily stored in step ST9 (step ST25). Then, a message to the effect that the remaining point removing processing is completed is issued to modulator-demodulator circuit 33 (step ST27).
  • the instruction of removing the remaining points is issued, therefore, it is possible to change in the decrementing direction the points stored in point area 51 by a specified value. In this manner, the points which have been stored in point area 51 are read out, or the data can be changed in the direction of reducing the points in accordance with the point removing instruction.
  • the data changing instruction is an instruction for changing the data in point area 51 or setting information area 52, and includes a collation instruction for collating the cryptogram stored in the secret data area.
  • main controller 69 selects the addresses in secret data areas 53 and 54 (step ST51 in Fig. 9). Then, data to be verified is issued to cryptogram collating portion 63 (step ST53). Main controller 69 issues the read signal to read change circuit 61 (step ST55). Thereby, read change circuit 61 applies the read voltage (step ST56). Cryptogram collating portion 63 collates the cryptogram read from secret data areas 53 and 54 with the verification target data applied from main controller 69 (step ST57).
  • the cryptogram stored in secret data area 54 is applied to data converting circuit 75 (see Fig. 7).
  • Data converting circuit 75 converts this cryptogram based on a predetermined rile, and applies the result of conversion to comparator 71.
  • Comparator 71 is also supplied with the cryptogram stored in secret data area 53. Comparator 71 coalesces the data applied from data converting circuit 75 with the data applied from secret data area 53, and determines whether the resultant data matches with the applied verification target data.
  • comparator 71 applies the voltage "High" to mode terminal Te for read change circuit 61. Thereby, read change circuit 61 enters mode "0, 1" (step ST61 in Fig. 10).
  • Main controller 69 selects all the addresses in point area 51 and setting information area 52 (step ST63). Then, it issues the erase signal to read change circuit 61 (step ST65). In this case, the erase voltage can be issued from read change circuit 61 because mode "0, 1" is selected, and the addresses in point area 51 and setting information area 52 are selected. Accordingly, read change circuit 61 applies the erase voltage (step ST66). When the erase voltage is applied, all the bits in point area 51 and setting information area 52 hold "1".
  • main controller 69 selects only the required bit(s) in point area 51 and setting information area 52 (step ST67). For example, it is necessary to write the data and time of erasing in setting information area 52 again. In this case, the bits holding data "0" are selected.
  • Main controller 69 issues the write signal to read change circuit 61 (step ST69).
  • Read change circuit 61 applies the write voltage (step ST70). Thereby, only the selected bits hold the data "0”.
  • Main controller 69 applies the end message to modulator-demodulator circuit 33 (step ST71).
  • main controller 69 selects all the addresses in point area 51 and setting information area 52 (step ST73 in Fig. 10). Then, the erase signal is issued to read change circuit 61 (step ST75). Read change circuit 61 does not issue the erase voltage, but issues the disabling voltage (step ST77) because the current mode is mode "0,0". Accordingly, contents of point area 51 and setting information area 52 do not change.
  • the disabling voltage is provided by placing the ground potential on line AG, and setting the other lines to the open state.
  • Main controller 69 selects only the required bits in point area 51 and setting information area 52 (step ST79). Main controller 69 issues the write signal to read change circuit 61 (step ST 81). Since the current mode is "0, 0", and the selected address relates to point area 51 and setting information area 52, read change circuit 61 does not issue the write voltage, but issues the disabling voltage (step ST83). Accordingly, contents of point area 51 and setting information area 52 do not change. Main controller 69 issues a message to the effect that rewriting could not be performed (step ST85).
  • read change circuit 61 does not apply the write voltage and the erase voltage even if main controller 69 issues the erase signal and the write signal to read change circuit 61.
  • the data in point area 51 and setting information area 52 can be changed only when the applied cryptogram matches with the cryptogram data which has already been entered or applied by the IC card user and the IC card manufacturer. Accordingly, the IC card described above can have high secrecy.
  • the initializing instruction acts to set all the data in point area 51, setting information area 52 and secret data area 53 other than secret data area 54 to "1", and is given from the IC card manufacturer.
  • main controller 69 selects the address of secret data area 54 (step ST31), and issues verification target data to cryptogram collating portion 63 (step ST32).
  • Main controller 69 issues the read signal to read change circuit 61 (step ST33).
  • Read change circuit 61 applies the read voltage (step ST34).
  • the cryptogram is collated in cryptogram collating portion 63 (step ST35).
  • comparator 73 is supplied with data stored in secret data area 54, and determines whether the verification target data applied from main controller 69 matches with the cryptogram stored in secret data area 54 or not (step ST36).
  • step ST36 When it is determined in step ST36 shown in Fig. 11 that the verification target data matches with the cryptogram, cryptogram collating portion 63 applies the voltage "High” to mode terminal Tf of read change circuit 61 (step ST37). Thereby, read change circuit 61 enters mode "1, 0".
  • main controller 69 selects all the addresses in point area 51, setting information area 52 and secret data area 53 (step ST38). Further, it issues the erase signal to read change circuit 61 (step ST39). Since read change circuit 61 is in mode "1,0", read change circuit 61 applies the erase voltage (step ST41). Thereby, all the data in point area 51, setting information area 52 and secret data area 53 are initialized. Main controller 69 issues the end message to modulator-demodulator 33 (step ST42).
  • step ST36 When mismatching occurs in the step ST36 shown in Fig. 11, the voltage "High” is not applied to mode terminal Tf of read change circuit 61. Accordingly, read change circuit 61 remains in mode "0, 0".
  • Main controller 69 selects all the addresses in point area 51, setting information area 52 and secret data area 53 (step ST43). Further, it issues the erase signal to read change circuit 61 (step ST44). In this state, since read change circuit 61 is in the mode "0, 0", and the selected addresses relate to point area 51, setting information area 52 and secret data area 53. Therefore, read change circuit 61 applies the disabling voltage (step ST45). Thus, all the data in point area 51, setting information area 52 and secret data area 53 are not initialized. Main controller 69 issues a message to the effect that the initialization is impossible to modulator-demodulator circuit 33 (step ST46).
  • the initialization can be performed only when the applied verification target data matches with the cryptogram stored in secret data area 54, even when the initializing instruction is issued.
  • the IC card user stores the cryptogram or password in secret data area 53, and for this purpose, the data in secret data area 53 can be changed only one time after the data in secret data area 53 is initialized.
  • main controller 69 allows the data change only one time so that the predetermined cryptogram can be stored in secret data area 53. More specifically, the above processing can be achieved through the steps from step ST61 to step ST70 in Fig. 10.
  • Main controller 69 stores whether the data in secret data area 53 is already changed or not, and will ignore the instruction for changing the data in secret data area 53 when this instruction is issued again.
  • the embodiment described above relates to the non-contact IC card employing the invention.
  • the invention can likewise to applied to contact IC card.
  • Main controller 69 may form a CPU, or may be partially or entirely formed of a logic circuit. This is true also with respect to read change circuit 61, cryptogram collating portion 63, memory area selection detecting circuit 67 and others.
  • point area 51 is provided with the memory cells corresponding in number to the intended points, as already described.
  • the data change is allowed to change the memory cell of point area 51 only from the unwritten state holding the data "1" to the written state not holding the write data "1". Thereby, forgery of the IC card can be prevented more reliably.
  • An ordinary read-out device provides only the instruction, which changes the data in point area 51 only in the decrementing direction, for the IC card side. Therefore, damages caused by so-called "impersonation" can be prevented.
  • the structure of memory 50 is not restricted to the foregoing, but may have such a structure that point area 51 and setting information area 52 are in one memory, and secret data areas 53 and 54 are formed in another memory.
  • Secret data areas 53 and 54 for providing the cryptograms in two stages are not essential, and only one of them may be employed.
  • EEPROM electrically erasable programmable read-only memory
  • another structure may be used for memory portion 50 provided that its allows change of data, and a flash memory, a ferroelectric memory or the like may be used.
  • the present invention is similarly applicable to any storage other than these to which date is written electrically, for example, a storage to which date is written optically, provided that it allows switching between writing and erasure.
  • each of mode terminals Te and Tf which are input terminals of read change circuit 61 with respect to cryptogram collating portion 63, remains in "Low". Accordingly, read change circuit 61 merely applies the disabling voltage to memory portion 50, and there is no possibility that the data is forged.
  • data "0" may be heldin all the bits in point area 51 and setting information area 52 so that the card cannot be reused until the cryptogram is applied to secret data area 54.
  • the voltages "High" are applied to mode terminals Te and Tf of read change circuit 61 only when cryptogram collating portion 63 issues the matching signal. Thereby, read change circuit 61 ignores the data change signal sent from main controller 69.
  • the collation mismatching signal may be applied to main controller 69, and main controller 69 may determine, based on this, that the data change cannot be performed so that the data change signal may not be not issued to read change circuit 61. Also, the message to the effect may be displayed.
  • the disabling voltage is applied by placing the ground potential on line AG and setting the other lines in the open state.
  • the voltage is not restricted to the above provided that neither writing nor erasing is performed.
  • 0 V may be applied to bit line BL for inhibiting the writing
  • 0 V may be applied to selected line SL for inhibiting the erasing.
  • the state where data "0” is written is the written state
  • the state where data "1” is written is the unwritten state
  • the data "0” is the written data
  • the state where data "1” is written is the written state, and thus the data "1" may be the written data.
  • the state where electrons are injected into the floating gate is the state where data "0" is held.
  • the state where the electrons are removed from the floating gate may be the state where the data "0" is held.
  • data "0" is set in the bit for reducing the points.
  • data "0" may be held in the initial state, and the data "1” may be set in the bit for reducing the points.
  • the voltages "Low” are usually applied to mode terminals Te and If so that only the rewriting for reducing the points in point area 51 is allowed, and erasing of the write data is allowed when the voltages "High” are applied to mode terminals Te and Tf.
  • the voltages "High” may be usually applied to mode terminals Te and Tf, and erasing of the write data may be allowed when the voltages "Low” are applied to mode terminals Te and Tf.
  • the disabling voltage is provided by placing the ground potential on line AG and setting the other lines in the open state.
  • line AG may be kept at the ground potential.
  • point area 51 forms, e.g., a point storing portion.
  • Main controller 69, address decoder 65 and read change circuit 61 form, e.g., a read portion.
  • Main controller 69, address decoder 65 and read change circuit 61 form, e.g., a point changing portion.
  • Secret data area 53 forms a point rewrite information storing portion.
  • Cryptogram collating portion 63 forms a collating portion.
  • the expression to the effect that inhibition is performed by the circuit structure means that a specific circuit structure is employed for disabling specific processing. More specifically, a logic circuit or an electric circuit is used for physically inhibiting specific processing.
  • the number of the data holding portions in the unwritten state (“1") is handled as the remaining points.
  • the number of the data holding portions in the written state (“0") may be handled as the remaining points.
  • all the data holding portions may be set to "0" in the all reset state, and "0" may be changed to "1" in accordance with reduction of the points.
  • the invention can provide the point storing member of which illegal use is difficult, and therefore can be advantageously applied to the fields of manufacturing and selling IC cards.

Landscapes

  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Claims (4)

  1. Un procédé d'utilisation d'un élément portable de stockage d'unités (1), comprenant les étapes suivantes :
    on stocke, à l'avance, des unités correspondant à des monnaies, un premier cryptogramme, établi par une première personne intervenant dans la fabrication de l'élément de stockage d'unités (1), ce premier cryptogramme caractérisant des données secrètes de la première personne, et un second cryptogramme, établi par une seconde personne différente de la première personne et intervenant dans l'utilisation de l'élément de stockage d'unités (1), le second cryptogramme caractérisant des données secrètes de la seconde personne; on collationne les premier et second cryptogrammes pour générer un troisième cryptogramme et on compare le troisième cryptogramme avec une donnée appliquée de façon externe à vérifier, on lit les unités stockées dans l'élément de stockage d'unités conformément à une instruction de lecture appliquée de façon externe; et on change les unités conformément à une instruction de changement d'unités appliquée de façon externe, dans lequel
    le changement des unités dans une direction d'augmentation des unités, sur la base de l'instruction de changement d'unités, est effectué après avoir déterminé si l'instruction de changement d'unités doit être suivie ou non, sur la base d'un résultat de la comparaison entre la donnée appliquée de façon externe à vérifier et le troisième cryptogramme.
  2. Le procédé de la revendication 1, dans lequel le collationnement comprend la conversion du premier ensemble de cryptogrammes et l'ajout de celui-ci au second ensemble de cryptogrammes.
  3. Un élément de stockage d'unités (1) comprenant :
    un moyen de stockage (3) pour stocker des unités;
    une première zone de données secrètes (54) stockant un premier cryptogramme, pouvant être établi par une première personne intervenant dans la fabrication de l'élément de stockage d'unités (1), ce premier cryptogramme caractérisant des données secrètes de la première personne;
    une seconde zone de données secrètes (53) stockant un second cryptogramme pouvant être établi par une seconde personne différente de la première personne et intervenant dans l'utilisation de l'élément de stockage d'unités (1), le second cryptogramme caractérisant des données secrètes de la seconde personne;
    un moyen de changement (7) pour changer les unités stockées dans le moyen de stockage (3);
    un moyen d'entrée pour recevoir une donnée à vérifier;
    un moyen de collationnement de cryptogrammes (63) pour collationner les premier et second cryptogrammes pour générer un troisième cryptogramme, ce moyen de collationnement de cryptogrammes (63) incluant
    un moyen de comparaison (71) pour comparer la donnée à vérifier reçue par l'intermédiaire du moyen d'entrée avec le troisième cryptogramme, dans lequel
    il est déterminé si le moyen de changement (7) doit augmenter les unités ou non, sur la base du résultat de la comparaison effectuée par le moyen de comparaison (71).
  4. L'élément de stockage d'unités selon la revendication 3, dans lequel le moyen de collationnement de cryptogrammes convertit le premier ensemble de cryptogrammes et ajoute cet ensemble de cryptogrammes converti au second ensemble de cryptogrammes.
EP98901547A 1997-02-13 1998-02-06 Element portable de stockage d'unites et son procede d'utilisation Expired - Lifetime EP0987651B1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2885997 1997-02-13
JP9028859A JPH10228527A (ja) 1997-02-13 1997-02-13 可搬性を有する度数記憶部材およびその運用方法
PCT/JP1998/000512 WO1998036377A1 (fr) 1997-02-13 1998-02-06 Element de stockage d'unite de message portable et son procede d'utilisation

Publications (3)

Publication Number Publication Date
EP0987651A1 EP0987651A1 (fr) 2000-03-22
EP0987651A4 EP0987651A4 (fr) 2001-05-16
EP0987651B1 true EP0987651B1 (fr) 2003-10-01

Family

ID=12260115

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98901547A Expired - Lifetime EP0987651B1 (fr) 1997-02-13 1998-02-06 Element portable de stockage d'unites et son procede d'utilisation

Country Status (5)

Country Link
EP (1) EP0987651B1 (fr)
JP (1) JPH10228527A (fr)
AU (1) AU5780898A (fr)
CA (1) CA2280852A1 (fr)
WO (1) WO1998036377A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8037269B2 (en) * 2005-11-07 2011-10-11 Panasonic Corporation Portable auxiliary storage device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0646892A2 (fr) * 1993-09-30 1995-04-05 Toppan Printing Co., Ltd. Carte à mémoire

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07105335A (ja) * 1993-09-30 1995-04-21 Toppan Printing Co Ltd 情報カード

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0646892A2 (fr) * 1993-09-30 1995-04-05 Toppan Printing Co., Ltd. Carte à mémoire

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Beutelspacher: Chipkarten als Sicherheitswerkzeug, Springer Verlag Heidelberg, 1991, ISBN 3-540-54140-3 *

Also Published As

Publication number Publication date
EP0987651A4 (fr) 2001-05-16
AU5780898A (en) 1998-09-08
CA2280852A1 (fr) 1998-08-20
EP0987651A1 (fr) 2000-03-22
JPH10228527A (ja) 1998-08-25
WO1998036377A1 (fr) 1998-08-20

Similar Documents

Publication Publication Date Title
US7182251B2 (en) IC-card service period setting method, IC card, IC card case and battery charger
JP4163264B2 (ja) スマートカード
EP1113387A2 (fr) Carte à puce comportant une mémoire non volatile avec un mappage nouveau
US20030154355A1 (en) Methods and apparatus for providing a memory challenge and response
US7367047B2 (en) Portable information recording medium
WO1999027499A2 (fr) Memoire protegee contre l'acces illicite
US5889266A (en) Data transfer system having a terminal and a portable data carrier configuration and method for recharging the portable data carrier configuration using the terminal
JP3689213B2 (ja) 非接触型icカード
US7660169B2 (en) Device and method for non-volatile storage of a status value
EP1192589B1 (fr) Dispositif de communication permettant d'ecrire rapidement et simultanement sur plusieurs supports de donnees, et support de donnees d'un tel dispositif
JP2003501758A (ja) カードメモリ装置
US7455234B2 (en) Roll back method for a smart card
EP0987651B1 (fr) Element portable de stockage d'unites et son procede d'utilisation
EP0754331B1 (fr) Carte a puce
KR100374071B1 (ko) 터미널과휴대용데이터캐리어장치를갖고있는데이터전송시스템및이터미널에의하여상기휴대용데이터캐리어장치를재충전하는방법
JPH0844832A (ja) 非接触式携帯用記憶媒体処理システム
KR20000051010A (ko) 접촉/비접촉 인식방식 및/또는 선불/후불 방식의 신용카드 시스
JP2002183783A (ja) 自動料金収受方法及び自動料金収受用車載器
JPS60153581A (ja) 不正使用防止機能を有するicカ−ド
US20010030239A1 (en) Circuit configuration and method for authenticating the content of a memory area
JPH1069532A (ja) Icカード端末およびicカードシステム
JP2005267656A (ja) 非接触型icカード

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990902

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): FR GB

A4 Supplementary search report drawn up and despatched

Effective date: 20010329

AK Designated contracting states

Kind code of ref document: A4

Designated state(s): FR GB

17Q First examination report despatched

Effective date: 20010905

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

RTI1 Title (correction)

Free format text: PORTABLE POINT STORING MEMBER AND ITS USING METHOD

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): FR GB

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

RIN2 Information on inventor provided after grant (corrected)

Inventor name: TAGUCHI, HARUO

Inventor name: IKEFUJI, YOSHIHIRO

Inventor name: HIKITA, JUNICHI

ET Fr: translation filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20040702

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20080206

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20080208

Year of fee payment: 11

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20090206

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20091030

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090206

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090302