JP2002183706A - Card information protecting method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To protect a card from a fraudulent act such as the duplication and surreptitious use of information by determining whether to authorize the use of a concerned card on the basis of the comparison of preceding history information stored in an extended recording section of a card and a host computer. SOLUTION: A program for recording and regenerating information to an extended recording section of the card 1 is downloaded from a host computer 3 to a card reader terminal 2 and started, and preceding history information is read from a legal card with the preceding history information recorded in the extended recording section. Protection information generated on the basis of the preceding history information and a plurality of communication procedure setting information selected using random numbers is transmitted from a card reader terminal 2 to the host computer 3 while changing the communication procedure setting information, and the use of the concerned card 1 is authorized when the preceding history information restored from the received protection information coincides with the preceding history information stored in the host computer 3.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for protecting card information, which protects various information recorded on a card-shaped recording medium used by being inserted into a card reader terminal from illegal acts such as duplication and plagiarism. is there.

[0002]

2. Description of the Related Art Card-shaped recording media used by inserting them into a card reader terminal include a credit card, a bank cash card, a debit card (J debit), and the like.
These card-shaped recording media generally record various types of information by magnetic recording or the like in a band-shaped recording area extending in the card longitudinal direction. Information recorded on such a card-shaped recording medium includes personal identification number (ID) information recorded when a card is issued.

[0003] As shown in FIG. 2A, the recording area has information (Star) indicating the start of the area at the head thereof.
t) is written, and information (End; EOF) indicating the end of the area is written in the end portion thereof.
It is standardized thereby. The portion adjacent to the end of the standardized recording area is a spare recording area. However, in a card reader terminal that operates with a normal program, the recording area ends by reading the EOF information. Therefore, even if information is written in the spare recording area, the information cannot be read.

[0004] As a conventional technique for protecting various information recorded on the card-shaped recording medium as described above, for example, a card reader terminal (a communication terminal having a built-in card reader such as a bank ATM terminal) is connected to a host computer. When transmitting and receiving information, there are methods of encrypting information and combining information relating to an identification number unique to the card reader terminal with information to be transmitted and received. Try to prevent plagiarism.

In recent years, fraudulent acts such as copying or plagiarizing various information recorded on a card-shaped recording medium have occurred frequently. For example, when a user makes a purchase using a credit card, an illegal card reader (for example, a small card reader that fits in the hand) is different from a card reader built into a card reader terminal that is properly installed in a credit card store. ), The clerk or the like reads the information recorded on the credit card, and uses the information to duplicate the credit card on which exactly the same information is recorded and to shop using the credit card, Fraudulent activities such as shopping by impersonating the user on the Internet are actually performed, and damages caused by the fraud are also occurring.

[0006]

In the case of using the above-mentioned conventional technology of encrypting information or combining unique identification number information, it is possible to prevent theft of information on a communication line. When a card-shaped recording medium is used, it is impossible to prevent a store clerk or the like from using an illegal card reader to steal information or copy a card-shaped recording medium having the same contents. Further, if a hacker or the like who has illegally accessed the communication line decrypts the encryption method or the unique identification number, theft of information on the communication line cannot be prevented.

SUMMARY OF THE INVENTION The present invention provides a method of accurately discriminating between a regular card-shaped recording medium and an unauthorized card-shaped recording medium based on the presence or absence of information recorded in an extended recording area which cannot be read or written in a normal manner. A first object is to protect a card-shaped recording medium from misconduct such as plagiarism. The present invention determines whether or not a regular card-shaped recording medium is properly used based on a comparison between previous history information recorded in an extended recording area that cannot be normally read and written and previous history information stored in a host computer. A second object of the present invention is to protect the card-shaped recording medium from illegal acts such as duplication and plagiarism of information by making a judgment. A third object of the present invention is to ensure a high degree of confidentiality with respect to interception of information transmitted from a card reader terminal to a host computer.

[0008]

According to a first aspect of the present invention, there is provided a first aspect of the present invention, wherein various kinds of information recorded on a card-shaped recording medium to be inserted into a card reader terminal are used. A method for protecting card information, which protects against fraudulent acts such as copying and plagiarism, wherein an extended recording area is provided outside a standardized normal recording area of a card-shaped recording medium, and dummy information is previously stored in the extended recording area. A recording step, a step of downloading a program for recording / reproducing information to / from the extended recording area from a host computer to a card reader terminal and starting the same, and a normal recording area of a card-shaped recording medium inserted into the card reader terminal Reading the normal information recorded in the card and the information recorded in the extended recording area, and reading the extended recording area of the card-shaped recording medium inserted into the card reader terminal. If the broadcast is not recorded, characterized by comprising; and a step of discharging the card-like recording medium from the decision to the card reader terminal and an unauthorized card-like recording medium.

In order to achieve the second and third objects, a second invention according to a second aspect is to copy and plagiarize various information recorded on a card-shaped recording medium to be inserted into a card reader terminal and used. This is a method for protecting card information, which protects against fraudulent acts, such as providing an extended recording area outside a standardized normal recording area of a card-shaped recording medium, and using dummy information as previous history information in the extended recording area. A step of pre-recording, a step of downloading a program for recording / reproducing information to / from the extended recording area from a host computer to a card reader terminal and starting the same, and a normal recording of a card-shaped recording medium inserted into the card reader terminal Reading the normal information recorded in the area and the previous history information recorded in the extended recording area, and a card-shaped record inserted in the card reader terminal When no information is recorded in the extended recording area of the body, the card-shaped recording medium is determined to be an unauthorized card-shaped recording medium and ejected from the card reader terminal; and information is recorded in the extended recording area. Generating the latest history information related to the time of insertion of the regular card-shaped recording medium, and generating protect information based on the previous history information and a plurality of communication procedure setting information selected using random numbers. Transmitting the normal information, the latest history information and the protect information to the host computer sequentially using a communication procedure based on the communication procedure setting information, and expanding the card-shaped recording medium with the latest history information and the protect information. Ejecting the card-shaped recording medium after recording in the recording area; and receiving the normal information and the latest history information. Receiving the protect information while changing the communication procedure of the host computer based on the communication procedure setting information, storing the latest history information received in a history list, and storing the received normal information in the host computer. Determining that the card-shaped recording medium is an unauthorized card-shaped recording medium if the information does not match the normal information on the card-shaped recording medium, A step of determining that the card-shaped recording medium is an unauthorized card-shaped recording medium if the history information of the card-shaped recording medium stored in the computer does not match the previous history information; Permission information from the host computer to the card reader terminal if it is not determined that And transmitting the information.

According to a third aspect of the present invention, the protection information is obtained by alternately arranging communication procedure setting information and previous history partial information obtained by dividing the previous history information by a preset division method. It is characterized by.

According to a fourth aspect of the present invention, the protection information includes, in advance, communication procedure setting information, previous history partial information obtained by dividing the previous history information by a preset dividing method, and audio information corresponding to a specific voice. It is characterized in that audio partial information divided by the set division method is repeatedly arranged in this order.

According to the first aspect of the present invention, an extended recording area provided outside a standardized normal recording area of a card-shaped recording medium to be used by being inserted into a card reader terminal may be a regular card-shaped recording medium. For example, since dummy information is recorded in advance, a program for recording and reproducing information in the extended recording area is downloaded from a host computer to a card reader terminal and activated, and a card-shaped card inserted into the card reader terminal is started. By reading the normal information recorded in the normal recording area of the recording medium and the information recorded in the extended recording area, when the information is not recorded in the extended recording area of the card-shaped recording medium inserted in the card reader terminal, The card-shaped recording medium can be determined to be an unauthorized card-shaped recording medium. Therefore, a card-shaped recording medium in which only the normal information recorded in the normal recording area is duplicated and no information is recorded in the extended recording area is determined to be an invalid card-shaped recording medium, and is ejected from the card reader terminal. Even if a proper card-shaped recording medium is created, damages caused by the use of the card-shaped recording medium can be prevented beforehand. Can be protected.

According to the second aspect of the present invention, the extended recording area provided outside the standardized normal recording area of the card-shaped recording medium to be inserted into the card reader terminal and used is a regular card-shaped recording medium. For example, at the start of use, since dummy information is recorded in advance as history information in advance, a program for recording and reproducing information in the extended recording area is downloaded from a host computer to a card reader terminal and activated, and the card reader is activated. By reading the normal information recorded in the normal recording area of the card-shaped recording medium inserted into the terminal and the previous history information recorded in the extended recording area, the extended recording area of the card-shaped recording medium inserted into the card reader terminal is read. If no information is recorded on the card, the card-shaped recording medium can be determined to be an unauthorized card-shaped recording medium Therefore, a card-shaped recording medium in which only the normal information recorded in the normal recording area is duplicated and no information is recorded in the extended recording area is determined to be an invalid card-shaped recording medium, and is ejected from the card reader terminal. Even if a proper card-shaped recording medium is created, damages caused by the use of the card-shaped recording medium can be prevented beforehand. Can be protected.

Further, for a regular card-shaped recording medium in which information is recorded in the extended recording area, the latest history information relating to the insertion time of the card-shaped recording medium is generated, and the last history information and the random number are generated. Protect information is generated based on a plurality of communication procedure setting information selected by using the above, and the normal information, the latest history information and the protection information are sequentially transmitted to the host computer using the communication procedure based on the communication procedure setting information. Recording the latest history information and the protection information in the extended recording area of the card-shaped recording medium, ejecting the card-shaped recording medium, and receiving the normal information and the latest history information in the host computer; The protection information is received while changing the communication procedure based on the procedure setting information, and the received latest history information is stored in the history. Additionally stored in the list, the received normal information is determined to be the normal information and unauthorized card-like recording medium the card-like recording medium in the case of disagreement regarding the card-like recording medium stored in the host computer,
If the previous history information embedded in the received protect information does not match the previous history information on the card-shaped recording medium stored in the host computer, the card-shaped recording medium is determined to be an invalid card-shaped recording medium. ,
If the card-shaped recording medium is not determined to be an unauthorized card-shaped recording medium, the host computer transmits use permission information to the card reader terminal, so only when the authorized card-shaped recording medium is properly used. Use is permitted, and the card-shaped recording medium can be more highly protected from illegal acts such as duplication and plagiarism of information. Furthermore, even if the protect information is intercepted by a third party when transmitting the protect information from the card reader terminal to the host computer, the protect information is not used for the plurality of communication procedure setting information selected using the random numbers. As it is impossible to decode unless the communication procedure is changed and received as it is, it is impossible for a third party to use the protected information to obtain permission to use it. can do.

According to the third aspect of the present invention, the protection information is obtained by alternately arranging the communication procedure setting information and the previous history partial information obtained by dividing the previous history information by a preset division method. When used as protection information in the invention, desired confidentiality is exhibited.

According to the fourth invention, the protection information is obtained by dividing the communication procedure setting information and the previous history information by the previously set division method into the previous history partial information and the voice information corresponding to the specific voice. The audio partial information divided by the above is repeatedly arranged in this order, so that when it is used as the protection information in the second aspect of the present invention, the confidentiality is further enhanced.

[0017]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a system diagram showing a schematic configuration of a card information protection system used for implementing a card information protection method according to a first embodiment of the present invention. As shown in FIG. 1, the card information protection system of the present embodiment includes a card reader terminal (communication terminal having a built-in card reader) 2 for inputting and outputting information to and from a card-shaped recording medium (hereinafter, referred to as a card) 1. And the host computer 3
And a communication line 4 for connecting the line between the card reader terminal 2 and the host computer 3. The card 1 to be protected by the card information protection system includes a credit card, a bank cash card, a debit card (J debit), and the like. When the protection target is a credit card or a debit card (J debit). In general, a combination of a small-sized manual card reader and a communication terminal such as a personal computer is used as the card reader terminal 2. When the protection target is a bank card, the card reader terminal 2 is used. 2, a bank ATM terminal having a built-in electric card reader is used.

The card 1 has a band-shaped recording area extending in the longitudinal direction, and various information is recorded in this recording area by magnetic recording or the like. At the beginning (left end in the figure) of this recording area, Start information indicating the start of the area is written as shown in FIG. 2A, and EO indicating the end of the area is written on the right side of the Start information.
F information is written. Thereby, a portion sandwiched between the Start information and the EOF information is standardized as a recording area. Generally, information such as personal identification number information (hereinafter referred to as normal information) is stored in the standardized recording area.
Record

By the way, the card 1 constructed as described above
Has a spare recording area adjacent to the right side of the EOF information, but a card reader terminal that operates with a normal program determines that the recording area has ended by reading the EOF information. Even if information is written in the spare recording area, the information cannot be read. Therefore, in the present embodiment, this spare recording area is made readable and writable by activating a program described later. In the present embodiment,
In order to distinguish between the standardized recording area and the spare recording area, in the following description, the former will be referred to as a normal recording area, and the latter will be referred to as an extended recording area.

The card reader terminal 2 includes a card reader 11, a determination unit 12, an information generation unit 13, a transmission / reception unit
4 is provided. The card reader 11 reads information from the inserted card 1 and writes information on the inserted card 1. Depending on the device configuration, the card reader 11 may be a built-in type or an external type card reader, or may be a manual type. Alternatively, an electric card reader is used. Here, a magnetic recording system is used as a recording system, but an optical recording system or the like may be used. In addition, among the card reader terminals, (1) it is properly installed at the card dealer,
(2) A device that is connected to a host computer of a card management company via a communication line and has an identification number such as a unique serial number (3) is defined as a “regular card reader terminal”.

The determination unit 12 determines whether the card inserted into the card reader 11 is a legitimate card or an unauthorized card based on the determination conditions described later. By issuing a card ejection command to the card reader 11, unauthorized use of the card is prevented. The information generation unit 13 generates latest history information, communication procedure setting information, and protection information described below. The transmission / reception unit 14 transmits information read from the card 1 by the card reader 11 and various information generated by the information generation unit 13 to the host computer 3 via the communication line 4,
And a program for recording / reproducing information to / from the extended recording area transmitted from the communication line 4 via the communication line 4.

The host computer 3 includes a transmitting / receiving unit 2
1, a communication procedure change unit 22, a storage unit 23, and a determination unit 2
4 is provided. The transmission / reception unit 21 receives a variety of information transmitted from the card reader terminal 2 via the communication line 4 and uses the communication line 4 with a program for recording and reproducing use permission information and information in the extended recording area. Or to the card reader terminal 2 via the Internet.

The communication procedure changing unit 22 changes the communication procedure (in this case, the communication speed) based on the communication procedure setting information received via the communication line 4 when receiving the protection information described later. is there. The storage unit 23 updates the history list by additionally recording the latest history information transmitted from the card reader terminal 2 in the history list, and stores various received information.

The determination unit 24 compares the information transmitted from the card reader terminal 2 with the information stored in the storage unit to collate information such as personal identification number information of the card and to store the previous history information. Is performed. It is assumed that the use permission information is transmitted from the transmission / reception unit 21 to the card reader terminal 2 via the communication line 4 only when the information does not match or deviate from the use conditions in all the comparisons.

Next, a method for protecting card information in the card information protection system of the present embodiment will be described based on the control program shown in FIG. The control program shown in FIG. 3 is executed between the card reader terminal 2 and the host computer 3 which are connected to each other via the communication line 4.

In the control program of FIG. 3, first, in step 51, dummy information is recorded in advance in the extended recording area of the card 1 as previous history information. As this dummy information, for example, “99/99/99/00/00 /
00 ”. The recording of the dummy information in step 51 is performed by writing a personal identification number (ID) specified by a user when a card management company issues a cash card or the like, and at the same time, a device having a function equivalent to that of the card reader terminal 2. Is not performed when the card is actually used.

In the next step 52, a program for recording and reproducing information in the extended recording area is downloaded from the host computer 3 to the card reader terminal 2 and activated. By downloading this program at the start of work or the like, it becomes possible to record and reproduce information in the extended recording area of the card 1 by the card reader 11 at any timing when the card 1 is inserted. .

In the next step 53, the normal information (such as personal identification number information) recorded in the normal recording area of the card 1 inserted into the card reader terminal 2 and the previous history information recorded in the extended recording area are stored in the card reader 11. Read by. In the case of the card 1 which has been used for the second time or later, since the latest history information written at the time of the previous use exists in the extended recording area, it is treated as the previous history information.

In the next step 54, it is determined whether or not information is recorded in the extended recording area of the card 1 inserted in the card reader terminal 2. Here, in the case of a fraudulent card in which no information is recorded, the card is determined to be a fraudulent card in step 55, and the card reader terminal 2
In the case of a legitimate card having information recorded therein, the latest history information relating to the insertion time of the card is generated in step 56. For example, when the insertion time is “10:11:12 on August 9, 2000 AD”, the information related to the insertion time is “00/08/09 /
10/11/12 ".

In the next step 57, protection information is generated based on the previous history information read in step 53 and a plurality of communication procedure setting information selected using random numbers. This protection information includes a large number of communication procedure setting information (for example, 13 communication speeds; 50, 150, and 3) stored in a storage unit (not shown) of the card reader terminal 2 in advance.
00,600,1200,2400,4800,960
0,12200,14400,19200,2880
0, 38400 (bps)), a plurality of (for example, three) pieces of communication procedure setting information are selected using random numbers, and the communication procedure setting information and the previous history obtained by dividing the previous history information by a preset division method. It is generated by alternately arranging partial information.

For example, in the case of the protect information shown in FIG. 2B, an array of a marker 1, data A, marker 2, data B, marker 3, and data C is arranged from left to right in the figure. Here, marker 1; 300 (bps), data A; 09/10, marker 2; 1200 (bps), data B; 11/12, marker 3; 19200 (bp)
s), data C; 00/08, the protection information is as follows. First, data "09/10" is transmitted at 300 (bps), and then data "11/12" is transmitted at 1200 (bp).
s) and then send the data “00/08” in 1920
This indicates that transmission is performed at 0 (bps).

In the next step 58, the normal information read in step 53, the latest history information generated in step 56, and the protection information generated in step 57 are
Using the communication procedure based on the communication procedure setting information, the data is sequentially transmitted from the card reader terminal 2 to the host computer via the communication line 4. In this case, each of the above information is transmitted as an analog signal. In the next step 59, the latest history information and the protection information are stored in the card 1
After recording in the extended recording area, the card 1 is ejected from the card reader terminal 2.

In the next step 60, the host computer 3 receives the normal information and the latest history information transmitted from the card reader terminal 2 via the communication line 4. In the next step 61, the protection information is received while changing the communication procedure of the host computer 3 based on the plurality of pieces of communication procedure setting information. In the reception of the protect information, for example, when the protect information in the above-described example is used, first, the data “09 / bp” at a communication speed of 300 (bps) is used.
10 ", then data" 11/12 "at a communication speed of 1200 (bps), and finally a communication speed of 1920 (bps).
Data “00/08” is received at 0 (bps).

In the next step 62, the previous history information is restored from the received protect information. The restoration of the previous history information is performed, for example, by rearranging the received previous history partial information (data A, B, C) based on the division method used for the division. It is sufficient to add information about the marker to a predetermined position such as the marker 1 and transmit the information from the card reader terminal 2 to the host computer. The host computer 3
If the previous history information is restored from the received protection information by comparing with the previous history information stored in the storage section, information on the division method becomes unnecessary. Thereafter, in steps 63 and 64, the received protection information is stored, and the received latest history information is additionally stored in the history list. The dummy information is stored at the head of the history list.

At the next step 65, the received card 1 is stored in the host computer 3.
It is determined whether or not it matches the normal information on In this determination, if all the information constituting the normal information matches or satisfies the use condition, the determination is YES and the control proceeds to step 66, where the passwords do not match or the current transaction amount exceeds the tradable balance. In this case, the determination is NO, and the control proceeds to step 67. In step 67, the use rejection information relating to the card is stored and the card reader terminal 2
Unauthorized card processing including transmission of use rejection command information and alarm generation command information to the user is performed.

In the next step 66, it is determined whether or not the previous history information restored in step 62 matches the previous history information on the card 1 stored in the host computer 3. If the determination is YES, the control proceeds to step 68; if the determination is NO, the control proceeds to step 67 to perform the illegal card processing.

In step 68, the history list is updated. In the update of the history list, an update process is performed in which the latest history information additionally recorded in the history list in step 64 is used as the previous history information only when the determination in step 66 is YES, and the determination in step 66 is NO. In this case, the latest history information additionally recorded in the history list in step 64 is discarded. Then, the next step 69
Then, use permission information is transmitted from the host computer 3 to the card reader terminal 2 via the communication line 4. This use permission information is received by the card reader terminal 2 in the next step 70, so that the card 1 can be used thereafter.

Next, the operation of the card information protection method of the present embodiment will be described for each of various types of usage such as when using a regular card and when using an unauthorized card. [When Using a Regular Card] When the regular card is used for the first time, the dummy information in the extended recording area of the card 1 is read as the previous history information in step 53 in FIG. 3, so the determination in step 54 is YES. Then, step 54
YES to step 65 after step 64 is executed
Unless the determination in step 66 is NO due to a password input error or insufficient balance, etc., the determination in step 66 is YES by collating the dummy information. Therefore, the card 1 is deleted based on the use permission information transmitted in step 69. It can be used in the card reader terminal 2.

If the regular card has been used for the second time or later, the previous history information in the extended recording area of the card 1 is read in step 53, so the determination in step 54 is YES.
become. Thereafter, YES in step 54 to step 64
Unless the determination in step 65 after the execution of step 6 is NO due to a password input error or insufficient balance, step 6
Since the determination in step 6 is YES when the previous history information restored from the transmitted protect information matches the previous history information stored in the host computer 3, the determination is made based on the use permission information transmitted in step 69. Thus, the card 1 can be used in the card reader terminal 2.

[When using unauthorized card] First use or 2
In the case of using an unauthorized card which is a duplicate of a regular card after the first time, an illegal card reader (for example, a small card reader that fits in a hand) different from a card reader built in a card reader terminal 2 that is properly installed in a card dealer ), The previous history information in the extended recording area has not been duplicated. Therefore, in step 53, the previous history information is not read from the extended recording area of the unauthorized card, and the determination in step 54 is NO. The card is discharged from the card reader terminal 2 by executing step 55. Therefore, the fraudulent card cannot be used in the card reader terminal 2, and even if the fraudulent card is created, no damage is caused by the use of the fraudulent card.

When using an unauthorized card in which information has been recorded in the extended recording area by using any means after duplicating the first or second regular card, or using the first or second regular card When using an unauthorized card in which the protect information recorded in the extended recording area is falsified by any means after copying, the determination in step 54 becomes YES, and the control proceeds from YES in step 54 to step 66. However, since the determination in step 66 is NO due to the inconsistency between the previous history information restored from the transmitted protect information and the previous history information stored in the host computer 3, the illegal card process is executed in step 67. Will be executed. Therefore, the fraudulent card cannot be used in the card reader terminal 2, and even if the fraudulent card is created, no damage is caused by the use of the fraudulent card. It should be noted that the latest history information related to the insertion time when the use is not permitted despite the insertion into the card reader terminal 2 is written into such an unauthorized card by executing step 59, so that the unauthorized card is never used again. You can't do that.

Even if the protection information transmitted as an analog signal is intercepted in step 58, if the protection information is not received in a receiving mode corresponding to a communication procedure (communication speed) that is periodically changed in real time, the protection is not performed. Since the information cannot be decrypted, it is impossible to recover the protected information from the intercepted information. Therefore, in the case of using an unauthorized card in which information generated from information intercepted after duplicating an authorized card for the first time or the second time or later is recorded in the extended recording area, the unauthorized card is also transferred to the card reader terminal 2 in the same manner as described above. Therefore, even if the above unauthorized card is created, no damage is caused by the use of the unauthorized card.

According to the card information protection method of the present embodiment, even if an unauthorized card that duplicates only the normal information recorded in the normal recording area is inserted into the card reader terminal 2, the regular protection information is stored in the extended recording area. Also, when an unauthorized card recording information different from that of the unauthorized card is inserted into the card reader terminal 2, use of the unauthorized card is prohibited, so that even if an unauthorized card is created, no damage is caused by the unauthorized use. Therefore, the legitimate card 1 is indirectly protected from illegal acts such as duplication and plagiarism of information.

Further, according to the card information protection method of the present embodiment, even if the protect information being transmitted is intercepted by a third party, the protect information is transmitted to a plurality of communications selected using random numbers. Since it cannot be decrypted unless it is received while changing the communication procedure according to the procedure setting information, it is impossible for a third party to use the protection information to obtain the use permission. Therefore, a high degree of confidentiality can be secured against interception of information.

FIG. 4 is a diagram showing the structure of protect information used in the card information protection method according to the second embodiment of the present invention. In the present embodiment, as shown in FIG. 4, from the left to the right in the figure, the marker 1a, the marker 1b, the data A1, the data A2, the marker 2a, the marker 2b, the data B1, the data B2, and the marker 3a are used as protection information. , Marker 3b, data C1, and data C2. The protection information of the present embodiment is shown in FIG.
Markers 1b, 2b, 3 are added to the protection information of (b).
b and data A2, B2, and C2 are added, and each of the additional portions, such as the marker 1b and the data A2, is selected from a large number of pieces of voice designation information stored in advance using random numbers. For example, three) audio designation information and audio information corresponding thereto are recorded.

Here, the marker 1a; 300 (bps),
Marker 1b; information designating voice "Ao", data A
1: 09/10, data A2: analog signal corresponding to voice "blue", marker 2a; 1200 (bps), marker 2b; information designating voice "yes", data B1: 1
1/12, data B2; analog signal corresponding to voice "No", marker 3a; 19200 (bps), marker 3
b; information designating voice "Uo", data C1; 00 /
08, data C2; the protection information in the case of an analog signal corresponding to the sound “Uo” is first data “09 /
10 "and three analog signals corresponding to the voice" Ao "
00 (bps), and then an analog signal corresponding to data “11/12” and voice “No” is 1200
(Bps), and then an analog signal corresponding to data “00/08” and voice “Uo” is transmitted in 19200
(Bps).

Note that standard audio information registered in advance is used as the audio information. If it is possible to use audio information when the card holder utters,
This is preferable in order to enhance the confidentiality of the protected information.

According to the card information protection method of the present embodiment, in addition to the effect of the first embodiment, the effect of improving the confidentiality of information interception as compared with the first embodiment can be obtained. .

In the above embodiments, the number of repetitions of the “marker and data” of the protection information is set to 3. However, the present invention is not limited to this, and the number of repetitions is set to 4 according to the recording capacity of the extended recording area. The number may be increased as described above.

Further, in each of the above embodiments, the communication procedure is changed only for the transmission of the protection information. However, the communication procedure is changed for the transmission of all the information so that all the information of the card 1 can be changed. You may protect directly from illegal acts, such as duplication and plagiarism. In this case, the normal information and the latest history information are also divided by the same division method as that for the protect information.

Further, in each of the above-described embodiments, a method of changing the communication procedure is used as a countermeasure for information interception. However, in the case of a dedicated line connection with a low possibility of information interception, FIG.
Instead of the communication procedure setting information as the markers 1, 2, 3 of the protection information of (b), "data failure (data e
rr)), so that the communication procedure is not changed. In this case, if the illegal card reader cannot download the above program,
Since reading of the information is stopped after reading "data failure", the protection information is not read, so that the cost can be reduced by simplifying the card information protection system.

[Brief description of the drawings]

FIG. 1 is a system diagram showing a schematic configuration of a card information protection system used for carrying out a card information protection method according to a first embodiment of the present invention.

2A is a diagram illustrating a configuration of a recording area of a card-shaped recording medium according to the first embodiment, and FIG. 2B is a diagram illustrating a configuration of an extended recording area of the card-shaped recording medium according to the first embodiment; It is.

FIG. 3 is a flowchart illustrating a control program for protecting card information according to the first embodiment.

FIG. 4 is a diagram illustrating a configuration of an extended recording area of a card-shaped recording medium according to a second embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Card-shaped recording medium (card) 2 Card reader terminal 3 Host computer 3 4 Communication line 11 Card reader 12 Judgment unit 13 Information generation unit 14 Transmission / reception unit 21 Transmission / reception unit 22 Communication procedure change unit 23 Storage unit 24 Judgment unit

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B035 AA13 BB02 BC00 5B058 CA31 KA02 KA04 KA31 YA20

Claims (4)

[Claims] 1. A card information protection method for protecting various information recorded on a card-shaped recording medium used by being inserted into a card reader terminal from fraudulent acts such as duplication and plagiarism. A step of providing an extended recording area outside the standardized normal recording area and recording dummy information in advance in the extended recording area; and a program for recording and reproducing information in and from the extended recording area from a host computer to a card reader. A step of downloading to a terminal and starting up; a step of reading normal information recorded in a normal recording area and an information recorded in an extended recording area of a card-shaped recording medium inserted into a card reader terminal; If no information is recorded in the extended recording area of the card-shaped recording medium, The method of protection card information, characterized by comprising; and a step of discharging from the card reader terminal is determined to be a body. 2. A card information protection method for protecting various information recorded on a card-shaped recording medium used by being inserted into a card reader terminal from improper acts such as duplication and plagiarism. Providing an extended recording area outside the standardized normal recording area, pre-recording dummy information as previous history information in the extended recording area, and hosting a program for recording and reproducing information in the extended recording area Downloading from a computer to a card reader terminal and activating; reading normal information recorded in a normal recording area of a card-shaped recording medium inserted in the card reader terminal and previous history information recorded in an extended recording area; If no information is recorded in the extended recording area of the card-like recording medium inserted in the card reader terminal, The step of determining that the medium is an unauthorized card-shaped recording medium and ejecting it from the card reader terminal, and generating the latest history information related to the insertion time of the regular card-shaped recording medium whose information is recorded in the extended recording area And the step of generating protect information based on the previous history information and a plurality of communication procedure setting information selected using a random number, the normal information, the latest history information and protect information,
Sequentially transmitting to the host computer using a communication procedure based on the communication procedure setting information; and discharging the card-shaped recording medium after recording the latest history information and the protection information in an extended recording area of the card-shaped recording medium. Receiving the protect information while changing the communication procedure of the host computer based on the plurality of communication procedure setting information after receiving the normal information and the latest history information; Adding the list to the list; and determining that the card-shaped recording medium is an unauthorized card-shaped recording medium when the received normal information does not match the normal information on the card-shaped recording medium stored in the host computer. The previous history information embedded in the received protection information. Determining that the card-shaped recording medium is an invalid card-shaped recording medium if the previous record information does not match the previous history information stored in the card-shaped recording medium; and Transmitting the use permission information from the host computer to the card reader terminal when it is not determined that the card information is a recording medium. 3. The protection information according to claim 2, wherein the protection information is obtained by alternately arranging communication procedure setting information and previous history partial information obtained by dividing the previous history information by a preset division method. How to protect card information. 4. The protection information includes: communication procedure setting information and previous history information divided by a preset division method; previous history partial information; and audio information obtained by dividing audio information corresponding to a specific audio by a preset division method. 3. The card information protecting method according to claim 2, wherein the information is repeatedly arranged in this order.