JP2000268141A - Reader for prepaid card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To secure security by erasing all data after fetching the important data and program of a reader only at the time of opening the lid of the reader for maintenance. SOLUTION: In this reader 3, the important data such as consumed money amount information are recorded. At the maintenance, after an IC card for the maintenance is inserted to the reader 3 and identified by a flag, the authentication data of the reader 3 and the authentication data of the IC card for the maintenance are compared. Thus, when the IC card for the maintenance is authenticated, the important data such as the total amount of a consumed money amount stored in a RAM 57 are recorded in the IC card for the maintenance. Thereafter, when the lid of the reader 3 is opened, a battery 59 and an external power source 60 are turned off, a capacitor 55 becomes the power source of the RAM 57 and a ROM 58 and the fault data of the RAM 57 are extracted by an analysis tool for fixed time. Thereafter, the capacitor 55 is discharged and the entire memory is erased. Thus, when a third person intentionally opens the lid, the entire data disappear.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a reading apparatus for reading and writing information on a prepaid card, and more particularly to a technique for holding card data recorded in the reading apparatus and for security.

[0002]

2. Description of the Related Art A reading apparatus always stores a part of the amount information in its own memory while updating the amount information of a prepaid card. However, due to the relationship between the memory capacity of the reading device and the settlement process, the amount information is transmitted to the relay device that centrally manages all the information, regularly or irregularly. Therefore, reading devices include:
Important data such as balance information of a prepaid card and a part of important data and a program such as an encryption program for encrypting and transmitting information are stored. The encryption program is a processing program for a reading device to encrypt data such as money amount information, transmit the data to a prepaid card or a relay device, and write the encrypted data into each device. If you open the lid of the reading device arbitrarily so that the internal data and important programs of such a reading device will not be analyzed or tampered with by a third party, some or all of the data and programs in the memory will be lost Ingenuity such as doing is given. That is, the memory is erased if the order of opening the lid is different, or a switch mechanism is provided on the lid itself, and when the lid is opened arbitrarily, the power to the memory is cut off and the memory is erased. I have.

[0003]

Although such security measures can solve security problems such as theft prevention, the memory may be lost when the cover is opened for maintenance. Once the memory has disappeared, the money information and the like that has not been transmitted to the relay device has disappeared, causing problems such as difficulty in analyzing past money information and the like.

The present invention has been made in view of such circumstances, and has as its object only to take in important data and important programs of a reading device only when the lid of the reading device is opened for maintenance. An object of the present invention is to provide a reading device for a prepaid card in which data is erased, and when the lid is arbitrarily opened, all the data is erased without being stored, thereby ensuring security.

[0005]

In order to achieve the above-mentioned object, a prepaid card reading device according to the present invention is provided with a maintenance information recording card. Insert the information recording card into the reading device. Then, after the maintenance information recording card is identified by the flag, the ID number, and the like, the authentication of the maintenance information recording card is performed by the authentication data based on the encryption logic. If the authentication result is normal, the important data stored in the memory of the reading device is recorded on the maintenance information recording card. The important data is the total amount of consumption amount information of each prepaid card, a map of an encryption program for encrypting and transmitting the amount information correctly, a parameter for identifying an address number for operating the reading device, and the like. . In this way, when the lid of the reading device is opened after the important data is recorded on the maintenance information recording card, the power of the reading device is turned off, and all data stored in the memory of the reading device is erased. Therefore, if the maintenance person follows the prescribed procedure and opens the lid, all data in the reading device will be erased after important data is stored, but if a third party intentionally opens the lid, nothing will remain. All data will be lost and security will be ensured.

Further, when a reading device is provided with a capacitor and the lid is opened, the capacitor can immediately serve as a backup power source for the memory, and hold data on the memory for a certain period of time. In this way, after recording important data with the maintenance information recording card, the lid is opened, the analysis tool is inserted into a predetermined interface of the reading device, and the failure information and the log of the processing operation procedure are recorded. It is also possible to extract information and perform a failure analysis or the like.
Also in this case, when the predetermined data is extracted by the analysis tool, the capacitor is discharged and all the power of the memory is lost, so that all the data in the memory of the reading device disappears. Therefore, also in this case, there is no possibility that the information in the memory is used by a third party.

That is, in the prepaid card reading device according to the present invention, the prepaid card reading device that updates the amount information of the prepaid card in accordance with the consideration and stores the balance information stores the processed prepaid card balance information and the like. Storage means for storing; identification means for identifying the type of the inserted information recording card; authentication means for authenticating the information recording card identified for storage by the identification means; and authentication means for authenticating the information recording card. Recording means for recording the balance information stored in the storage means on the information recording card, and opening the lid of the reading device after the balance information is recorded on the information recording card by the recording means. Means, when the lid of the reading device is opened by the lid opening process, the information stored in the storage means disappears. Comprising an information disappears means for the. Here, the information can be erased by the information erasing means as follows: 1) erasing the storage contents of the storage means 2) When the storage means is a volatile memory such as a RAM, the power supply to the storage means is cut off. . Further, the storage means stores information (important information) required for maintenance of the apparatus, for example, addresses and parameters set in the apparatus, in addition to the balance information. You may make it record on a card.

[0008] The information extinguishing means erases information stored in the storage means after a lapse of a predetermined period after the lid of the reading device is opened by the lid opening means.
For example, in a prepaid card reading device, a memory power supply capacitor is interposed in the storage means, and when the lid of the reading device is opened by the lid opening means, the information erasing means tentatively supplies power to the memory only from the capacitor. Is supplied. Thereby, during the period when power is supplied to the memory in the provisional power supply process, failure analysis information can be extracted from the memory, and when the discharge of the capacitor is completed, all the information stored in the storage means is restored. Disappear. Here, the storage means is a volatile memory such as a RAM.

Further, in the prepaid card reading device according to the present invention, in the prepaid card reading device described above, the identification of the information recording card by the identification means is performed by using a flag or a flag recorded separately for each type of information recording card. I
This is performed by any identification information of the D number.

[0010] Further, in the prepaid card reading device according to the present invention, in the prepaid card reading device described above, the authentication of the information recording card by the authentication means is performed between the information recording card identified for maintenance and another information recording card. Perform authentication in different ways. As an example of the authentication method, the authentication is performed by comparing the authentication data generated by the authentication logic of the reading device with the authentication data generated by the authentication logic in the information recording card based on a random number generated by the reading device. . At this time, the encryption logic of the information recording card for maintenance is different from the encryption logic of the other information recording card.

The important information stored in the storage means is the total information of the balance or the consumption amount of each prepaid card stored in the reading device and the information for encrypting and transmitting the amount information from the reading device. It consists of a map of the encryption program and parameters for identifying an address number for operating the reading device.

[0012]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a configuration diagram showing a part of a prepaid card information processing system applied to an embodiment of the present invention. In this embodiment, an explanation will be given using an IC card having a large storage capacity as a prepaid card. In FIG. 1, information such as amount information and an ID number for specifying the card is recorded on the IC card 1. Insert this IC card 1 into the reading device 3,
When a desired article is purchased by the vending machine 4, the reading device 3 cancels a predetermined consumption amount from the amount information of the IC card 1 and records the updated balance information on the IC card 1. At this time, the balance information of the IC card 1 is stored in the memory of the reading device 3, and is transmitted to the relay device 2 as necessary, so that the information is centrally managed in the relay device 2. Also,
The relay device 2 performs a settlement regarding the amount information of the IC card 1 and transmits the amount information to be updated to the reading device 3. Note that the reading device 3 is installed as a pair with the vending machine 4, and there are a plurality of these pairs, each of which is connected to the relay device 2.

By the way, important information such as balance information of the used IC card 1 is stored in the memory of the reading device 3, and such a reading device 3 is operated by the user of the IC card 1. Since it is installed in an easy place, it is in an installation environment that is susceptible to damage such as data tampering or theft by a third party. Therefore, when the lid of the reading device 3 is intentionally opened by a third party or the like, the internal data is erased for security reasons. However, when the cover of the reading device 3 is opened for maintenance, the data on the memory is designed to be saved.

That is, an IC as a prepaid card
A maintenance IC card is prepared separately from a card (hereinafter referred to as a distribution IC card). The maintenance IC card is used as an unlocking card of the reading device 3, and the data on the memory of the reading device 3 is stored only when the maintenance IC card is unlocked according to a predetermined procedure. Has become.

Further, the IC card authentication check performed by the reading device 3 is configured to be performed by a different authentication method between the maintenance IC card and the distribution IC card. 2A and 2B are conceptual diagrams illustrating an example of an authentication method for a maintenance IC card and a distribution IC card. FIG. 2A illustrates an authentication method A for a distribution IC card, and FIG.
4 shows a C card authentication method B. For example, as shown in FIG. 2A, when the distribution IC card 12 is inserted into the reading device 3, the data A is transmitted from the reading device 3 to the distribution IC card 12.
Is transmitted from the distribution IC card 12 to the reading device 3 as a response signal. by this,
Authentication of the distribution IC 12 by the authentication method A is performed. As shown in FIG. 2B, the reading device 3 is provided with a maintenance IC.
When the card 13 is inserted, the data C is transmitted from the reading device 3 to the maintenance IC card 13, and the data D is returned from the maintenance IC card 13 to the reading device 3 as a response signal. Thereby, the authentication of the maintenance IC 13 by the authentication method B is performed. Therefore, even if the communication of the distribution IC card 12 is monitored, it cannot be diverted as an authentication method of the maintenance IC card 13.

Further, another authentication method of the distribution IC card and the maintenance IC card will be described. FIG. 3 is a conceptual diagram showing another example of a method for authenticating a maintenance IC card or a distribution IC card. In the case of this authentication method, the maintenance I
Since the authentication procedure for the C card and the IC card for distribution is the same processing procedure, it is simply shown as an IC card in FIG. That is, when the IC card 31 of either the maintenance IC card or the distribution IC card is inserted into the reading device 3, the reading device 3 generates a random number for authentication (S
1) Generate unique authentication data based on cryptographic logic which is information of a program provided in itself (S2). When the same random number is transmitted from the reading device 3 to the IC card 31 (S4), the IC card 31 generates unique authentication data based on the same encryption logic as the information of the program of the reading device 3 (S5) (S5). S6). Then, the authentication data of the IC card 31 is transmitted to the reading device 3 and compared with the authentication data of the reading device 3 (S7).
If they match, the authentication of the IC card is OK (S8).

Since the flow of this authentication process is the same for the distribution IC card and the maintenance IC card,
The C card and the maintenance IC card create authentication data using an authentication program that implements different authentication logics. On the other hand, the reading device 3 includes an authentication program for the distribution IC card and an authentication program for the maintenance IC card, and generates authentication data using one of the authentication programs according to the card type. Authentication is performed by comparing in step S7. That is, in FIG.
It has individual authentication data as shown in the figure showing authentication data for the maintenance IC card / distribution IC card. As shown in the figure, the maintenance IC card and the distribution IC card each have an individual flag and ID number recorded thereon. The flag is identification information for recognizing the maintenance IC card and the distribution IC card. Also,
The ID number is, for example, “9 ×
"Xxx" and the distribution IC card has "0xxx"
"X" is recorded, and each can be identified from the ID number. Further, the maintenance IC card and the distribution IC card each have an individual authentication program recorded thereon, and the maintenance IC card is authenticated. The logic B is mounted, and the distribution IC card is mounted with the authentication logic A. The reading device has both the authentication logic A and the authentication logic B.

Next, when the reading device 3 is to be maintained, the maintenance IC card is authenticated by an authentication method as shown in FIG. 3, for example. Then, if the authentication result of the maintenance IC card is normal, the maintenance IC from the reading device 3 in FIG.
As shown in the conceptual diagram showing writing of important data to the card, the reading device 3 writes only the important data portion to the maintenance IC card 13 while holding the data in its own memory. The important data is the minimum data required for maintenance. Specifically, the total data of the consumption amount information recorded from the data of each distribution IC card, the map of the encryption program, and the reading device 3 are stored. These are parameters of setting data for operation.

That is, since the consumption history of the amount information of each distribution IC card becomes enormous data, the maintenance IC card 13 whose storage capacity is not so large is stored in each distribution IC card.
Only the total amount of the consumption amount information of the C card is recorded. Further, the encryption program is normally stored in an irregular manner in a ROM (Read Only Memory) which is a read-only memory of the reading device 3, but a map indicating an order for executing the encryption program correctly is stored in the RAM (Read Only Memory). Random Access Memorey)
Is stored in During operation, by referring to this map, an encryption program stored in a disorderly manner can be correctly executed. Therefore, by writing the map of the encryption program on the maintenance IC card 13, the operation of the encryption program can be secured. Further, the parameter of the setting data for operating the reading device 3 is data such as identification information indicating the number of the logical address allocated to the reading device 3 and the like. Since the capacity of the map of the encryption program and the parameters of the setting data is not so large, all of these data can be recorded on the maintenance IC card.

By recording such important data on the maintenance IC card 13, if the circuit portion of the reading device 3 breaks down and the cover of the reading device 3 is opened,
Even if the data in the memory of the reading device 3 disappears, only the important data is recorded on the maintenance IC card 13, so that it is not possible to secure the maintenance data necessary to settle the price information of the distribution IC card. it can. Further, when the lid is opened by a third party, the data in the reading device 3 is lost, so that the security problem is also solved.

Furthermore, even if the cover of the reading device 3 is opened, the memory of the reading device 3 is not erased for a certain period of time, and during this time, data relating to failure information and the like is taken out from the memory, and failure analysis and the like are performed. There is also a way to do it. FIG.
FIG. 4 is a schematic diagram showing a state in which an analysis tool extracts failure data at a certain time after opening a lid of a reading device. That is,
A capacitor is interposed in the power supply of the RAM of the reading device 3 which stores important data and failure information. As a result, when the lid 42 of the reading device 3 is opened, the external power supply and the built-in battery power supply are turned off, but the power is supplied to the memory for a certain period of time by the capacitor for backing up the power of the memory circuit.

Therefore, when the cover 42 of the reading device 3 is opened, the analysis tool 44 is immediately connected to the interface 43 of the reading device 3, and the information of the RAM is taken into the analysis tool 44 and recorded. In this case, since the analysis tool 44 has a large memory capacity, the analysis tool 44 can read and record failure information recorded in the RAM of the reading device 3 and log information indicating processing and operation procedures recorded in a log file. In this manner, based on the failure information and log information recorded in the analysis tool 44, analysis data of the failure cause of the reading device 3 can be obtained, and the failure cause can be analyzed. After the lid 42 of the reading device 3 is opened, only the capacitor power supply is used. Therefore, after a predetermined time has elapsed, the power supply is discharged and the power supply is lost, and the memory recorded in the RAM is automatically erased. As a result, the lid 42 of the reading device 3 can be
If the device is left open, the memory is automatically erased and security is maintained.

FIG. 7 is a block diagram of the reading device 3 applied to the embodiment of the present invention. That is, the reading device 3
Are a lock opening / closing section 52 for receiving a lid opening / closing signal, and a card interface section 53 for communicating information with an IC card.
And a CPU (central processing unit) 54 for performing arithmetic processing of card information, a capacitor 55 serving as a power supply for temporarily holding a memory after opening the lid, and a communication interface unit 56 for communicating information with the relay device. A random access memory (RAM) 57, which is a rewritable memory for recording important data such as money information of an IC card, and a ROM (read-only memory), which stores a basic program for performing various processes. Read Only Memory) 58
And a battery 59 serving as a power supply of the reading device 3 are connected by a power supply wiring or a data bus.

As a normal power supply, an external power supply 60 such as a commercial power supply is connected to a power supply wiring, and is normally supplied with power from the external power supply 60.
When the value is less than 0, it is supplied from the battery 59. When the cover of the reading device 3 is opened, the battery 59 and the external power supply 60 are turned off. Power is supplied from the capacitor 55 to the RAM 57 for a certain period of time after the lid is opened.

The important data recorded in the RAM 57 includes a parameter of setting data for determining a logical address for operating the reading device 3, a total amount of consumption information of each distribution IC card, a relay device and an IC card. , And a map of an encryption program for transmitting the encrypted signal. The data recorded in the ROM 58 includes a maintenance IC card and a distribution IC card.
Card authentication program to identify C card,
Other programs for operating the reading device 3 and the like.

Next, the flow of processing performed between the reading device and the maintenance IC card will be described with reference to a flowchart. FIG. 8 is a flowchart showing a flow of processing performed by the reading apparatus shown in FIG. 7 with a maintenance IC card. First, when a maintenance IC card is inserted into the reading device 3 (S1).
1) The flag or ID number recorded on each IC card is identified (S12). Flag or I
As shown in FIG. 4, different information is recorded in the D number between the maintenance IC card and the distribution IC card.
Here, the flag or ID number of the maintenance IC card is referred for identification. Next, it is determined whether the identified IC card is a maintenance IC card or a distribution IC card (S13), and if the IC card is a distribution IC card, processing as a normal prepaid card is performed. (S
14).

On the other hand, the judgment result of the IC card indicates that the maintenance IC
If it is a card, the reading device 3 generates a predetermined random number (S15), and generates unique authentication data based on an authentication logic executed by an authentication program provided in the ROM 58 (S16) (S17). In addition, reading device 3
Sends the same random number to the maintenance IC card (S1
8) Since the maintenance IC card has a program that executes the same authentication logic as the authentication program of the reading device 3, unique authentication data is generated based on this program (S19) (S20). Then, the authentication data of the maintenance IC card is transmitted to the reading device 3 and compared with the authentication data of the reading device 3 (S21).

If the two authentication data do not match,
The authentication result of the maintenance IC card is NG, and error processing is performed (S22). If the authentication results match, backup processing of the important data stored in the RAM 57 is performed (S23), and the important data is stored in the maintenance I
It is recorded on the C card (S24). The important data is a map of the parameters of the setting data, the total data of the consumption amount, and the encryption program, as described above in detail. As a result, an unlocking signal is sent to the lock opening / closing section 52 of the lid of the reading device 3, and the lid can be opened (S25). At the same time, disconnection control between the battery 59 and the external power supply 60 and the power supply wiring is performed. (S26).

Then, only the capacitor 55 charged with a predetermined low charge becomes a memory power source for the RAM 57 (S27), and analysis data can be extracted by the analysis tool for a certain period of time (S28). The analysis data is, for example, failure information or log information as described above. Then, after a certain period of time, the electric charge of the capacitor 55 is discharged and all the power is turned off, so that all the data stored in the memory of the RAM 57 disappears (S29). As a result, when the lid of the reading device 3 is opened, the information in the memory of the reading device disappears when important data and data of the failure information extracted as necessary have been acquired. Are executed by the identification means (S12, S13) and the authentication means (S15 to S17, S2) for each function.
1, S22), recording means (S23), lid opening means (S2
5), is composed of information extinguishing means (S26, S27). Security is ensured.

The embodiment described above is an example for describing the present invention, and the present invention is not limited to the above-described embodiment, and various modifications are possible within the scope of the invention. is there. For example, in the above-described embodiment, the maintenance IC card for recording important data and the analysis tool for recording failure information and the like have been described as IC cards. It is needless to say that the present invention can be applied even by using. Also,
If there is little important data to be backed up, a magnetic card may be used. Furthermore, although a capacitor is used as a power supply for backing up the memory for a certain period of time, any power supply configuration may be used as long as the power supply can be turned off immediately after extraction of predetermined data into the analysis tool. For example, a circuit configuration may be provided in which a timer mechanism is provided in the power supply and the power is turned off at the time when the analysis tool has finished extracting data.

[0031]

As described above, according to the unlocking method of the prepaid card reading device of the present invention, when a maintenance person or the like opens the lid by a predetermined operation, important data is stored in the maintenance IC card. After the information has been recorded, the information recorded in the memory of the reading device automatically disappears.
For this reason, when a third party intentionally opens the lid, the important data is erased without being recorded, and security in security is ensured. Also, after extracting important data with the maintenance IC card, the power of the memory is secured for a certain period of time, so that relatively large data such as failure analysis data is extracted by the analysis tool, and the cause of the failure of the reading device is obtained. Can also be analyzed. In this case as well, the memory disappears in a certain time, for example, on the order of several seconds to several tens of seconds, so that the security in security is sufficiently maintained.

[Brief description of the drawings]

FIG. 1 is a configuration diagram showing a part of a prepaid card information processing system applied to an embodiment of the present invention.

FIG. 2 is a conceptual diagram showing an example of a method of authenticating a maintenance IC card and a distribution IC card, and FIG.
A card authentication method A is shown, and (b) shows a maintenance IC card authentication method B.

FIG. 3 is a conceptual diagram showing another example of a method of authenticating a maintenance IC card or a distribution IC card.

FIG. 4 is a diagram showing authentication data of a maintenance IC card / distribution IC card.

FIG. 5 is a conceptual diagram showing writing of important data from a reading device to a maintenance IC card.

FIG. 6 is a schematic diagram illustrating a state in which an analysis tool extracts failure data during a predetermined time after opening a lid of the reading device.

FIG. 7 is a block diagram of a reading device applied to the embodiment of the present invention.

8 is a flowchart showing a flow of processing performed by the reading apparatus shown in FIG. 7 with a maintenance IC card.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... IC card, 2 ... relay apparatus, 3 ... reading apparatus, 4 ... vending machine, 12 ... distribution IC card, 13 ... maintenance IC card, 31 ... IC card, 42 ... lid, 43 ... reading apparatus interface, 44: analysis tool, 52: lock opening / closing part,
53: card interface unit, 54: CPU (central processing unit), 55: capacitor, 56: communication interface unit, 57: RAM (Random Access Memory), 5
8 ROM (Read Only Memory), 59 battery, 60
External power supply

 ────────────────────────────────────────────────── ─── Continued on the front page F term (reference) 3E044 AA20 BA04 BA06 CA06 CB06 DA03 DA10 DB02 DC01 DC05 DC06 DC10 DD01 DD07 DE01 5B058 CA05 CA23 CA27 CA28 KA13 KA35 YA06

Claims (3)

[Claims] 1. A prepaid card reading device for updating amount information of a prepaid card in accordance with a consideration and storing balance information, wherein a storage means for storing processed prepaid card balance information and the like; Identification means for identifying the type of information recording card; authentication means for authenticating the information recording card identified for storage by the identification means; information recording card authenticated by the authentication means; stored in the storage means Recording means for recording the read balance information; lid opening means for opening the lid of the reading device after the balance information is recorded on the information recording card; and the reading device by the lid opening process. And an information extinguishing means for extinguishing the information stored in the storage means when the lid is opened. For prepaid card reading devices. 2. The information deletion unit according to claim 1, wherein the information stored in the storage unit is deleted after a lapse of a predetermined period after the lid of the reading device is opened by the lid opening unit. 2. The reading device for a prepaid card according to 1. 3. The authentication of the information recording card by the authentication means, wherein authentication of the information recording card identified for maintenance and another information recording card is performed by different methods. Item 3. A reading device for a prepaid card according to Item 2.