JP2002288623A - Ic card system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve performance of functions for preventing unauthorized use using comparatively simple equipment. SOLUTION: Two password of a user side password to collate in an IC card and a business side password to collate, after sending it to the side of a card reader are input and used in a key input part 20 and a key display part 22. The user side password is collated with the one registered in a user side password memory part 24 in the IC card in a user side password comparison part 26. The business side password is collated at the side of the card reader. It is possible to improve the performance of the function, to prevent unauthorized use since the two password are used.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an IC system which allows a user to input a personal identification number at the time of use.
The present invention relates to an IC card system that compares a password registered in advance with a card to determine whether or not authentication of use qualification is possible, and in particular, to improve the performance of a function for preventing unauthorized use with a relatively simple device. The present invention relates to an IC card system capable of performing such operations, an IC card used in the IC card system, and a card reader.

[0002]

2. Description of the Related Art An IC (Integrated Circuit) card is widely used as a cash card, a prepaid card, a debit card, and other cards used for settlement of commercial transactions. IC cards are also used as employee ID cards, membership cards and other ID (IDentification) cards.

In order to prevent plagiarism when using an IC card, the user is required to input a personal identification number when using the IC card,
In some cases, the use qualification is authenticated by collating with a password registered in advance in the C card. Or,
In some cases, fingerprints or voiceprints are collected at the time of use, and collated with a pre-registered source to authenticate use qualification.

[0004]

However, conventionally,
The password input at the time of use qualification authentication is performed by a keyboard connected to the card reader. Therefore, there is a possibility that the input contents may be observed at the time of input and the personal identification number may be leaked, and there is a risk of plagiarism. Alternatively, there is a possibility that a malicious modification is made to the card reader and the personal identification number is leaked.

[0005] In the case of using a fingerprint or a voiceprint to authenticate the use qualification, there are problems such as a recognition rate and reliability. Further, there is a problem that a special and complicated expensive device is required to collect fingerprints and voiceprints.

The present invention has been made to solve the above-mentioned conventional problems, and has as its object to provide an IC card system capable of improving the performance of a function for preventing unauthorized use with a relatively simple device. I do.

[0007]

First, in the IC card system of the first invention of the present application, a user inputs a personal identification number at the time of use, and is registered in advance in an IC card possessed by each user. In an IC card system in which the authentication of a use qualification is determined by collating with a personal identification number,
A key input unit used by the user to input at least the user's personal identification number to be collated in the IC card and the business's personal identification number to be collated after being sent to the card reader at the time of qualification authentication. And a user-side password storage unit for storing the user-side password for verification, the user-side password for verification, and the user-side password input by the key input unit. By transmitting the user-side password comparison unit that determines whether or not to use the user qualification authentication, the determination result of the user qualification authentication based on the user-side password, and the business-side password input by the key input unit, An IC card having a card-side communication unit, a business-side password generation unit that randomly generates the business-side password, and a business-side password display unit that displays the business-side password to a user. , A business password storage unit that stores a business password as a verification business password, and receives the user password usage qualification authentication determination result and the business password transmitted from the IC card. A result of determining whether or not use qualification authentication is possible by collating a reader-side communication unit, the collation business-side password and the business-side password received from the IC card, and using the IC card. A card reader comprising: a business-side password comparison unit that outputs, to the outside, that the use qualification authentication determination of the IC card is possible when all the qualification authentication determination results are acceptable. The above problem has been solved by using.

Next, the IC card according to the second invention of the present application
The user's personal identification number to be verified in the C card,
A key input unit used by a user to input at least the personal identification numbers of the business side personal identification numbers to be verified after being sent to the reader side, and use for storing the user side personal identification numbers for verification. The user-side password which determines whether or not the use qualification authentication is possible by comparing the user-side password stored in the user-side password and the collation user-side password and the user-side password inputted by the key input unit. By providing a number comparison unit and a card-side communication unit that transmits the determination result of the use qualification authentication by the user-side password, and the business-side password input by the key input unit, This has solved the above-mentioned problem.

Further, the card reader according to the third invention of the present application is a business-side password generation unit for randomly generating the business-side password, and a business-side password display for displaying the business-side password to a user. Unit, a business password storage unit that stores the business password as a collation business password,
The reader side communication unit that receives the user side password authentication qualification determination result transmitted from the IC card side and the business side password, the collation business side password, and the reader side communication unit received from the IC card side. In the case where the result of judging whether or not the use qualification authentication is possible by collating the business side PIN number and the result of the use qualification authentication judgment on the IC card side are both acceptable, the use qualification of the IC card is judged. The above problem is solved by providing a business-side password comparison unit that outputs to the outside that the authentication determination is possible.

Hereinafter, the operation of the present invention will be briefly described.

According to the present invention, at the time of use, a user inputs a personal identification number, and the personal identification number is compared with a personal identification number registered in advance in an IC card possessed by each user to determine whether or not the user qualification can be authenticated. In such an IC card system,
The user's PIN to be verified in the IC card and the business PIN to be verified after being sent to the card reader.
Use two passwords.

The user-side personal identification number is collated in the IC card with what is registered in the IC card in advance.
Thereby, it is determined whether or not the use qualification authentication can be performed by the user side personal identification number. The result of the determination is transmitted to the card reader.

Next, the business personal identification number is randomly generated on the card reader side. Then, the generated business-side personal identification number is first displayed to the user, the user inputs the information on the IC card, and the input is transmitted to the card reader. Secondly, by comparing the information transmitted in this way with the information generated at random and stored in the card reader, it is determined whether or not the use qualification can be authenticated by the business-side password. I do.

In the case where the IC card determines whether or not the user credential can be authenticated based on the user-side password, and the business-purpose password can determine whether or not the user qualification can be verified, To the outside, it is output to the outside that the use qualification authentication judgment of the IC card is possible.

As described above, in the present invention, there are no problems such as the recognition rate and the reliability as in the case where the use qualification is authenticated using a fingerprint or a voiceprint. In addition, special and complicated expensive devices, such as those used for collecting fingerprints and voiceprints, are not required. Since two passwords are used, the performance of the function for preventing unauthorized use can be improved.

In particular, when the business side personal identification number and other information are transmitted between the IC card and the card reader by radio using microwaves, infrared rays, ultrasonic waves, etc. If you use
Since the user's personal identification number and the business's personal identification number are manually input by the user on the IC card side, there is little possibility that the personal identification number and the business identification number will be leaked by others.

The user-side personal identification number unique to the IC card is compared with the result of the use qualification authentication judgment by collation.
Although transmitted to the reader, the content of the user-side personal identification number is not output to a card reader or the like. Therefore, the confidentiality of the user-side password is high. For example, there is no possibility that the card reader is illegally remodeled and the user's personal identification number is leaked. Although the present invention is not limited to this, it is possible to change the user-side password by using the IC card alone, and in such a case, the confidentiality of the user-side password can be changed. Will be even higher.

The present invention can be first applied to an IC card as its name is called an IC card system. However, the present invention is not limited to application only to a pure IC card. In other words, the present invention is not limited to an IC card, but may be applied to any other card having a purpose similar to that of an IC card. Such a card is also an object of the present invention. For example,
In recent years, it is possible to provide a mobile phone having a much higher ownership ratio with a use qualification authentication function similar to that of the IC card of the present invention, and the mobile phone in this case is an object of the present invention. The object of the present invention is a PDA (Person
al Digital Assistants).

In the present invention, the user-side password and the business-side password are not specifically limited. These may be only numeric, alphanumeric, or mixed with kana. Also, the number of digits is not particularly limited, and may be a predetermined fixed length or a variable length.
In the case of mixed kana, there is a possibility that the number of keys for inputting these passwords may increase.

In the present invention, the collation business side personal identification number and other information transmission media between the card side communication unit of the IC card and the reader side communication unit of the card reader are not particularly limited. For example, such information transmission according to the present invention may be performed by a signal line connected by contact with a contact, an infrared ray, a microwave, other electromagnetic waves or ultrasonic waves, or the like. Further, the protocol and the like at the time of transmitting the information are not specifically limited, and may adopt, for example, a specification of Bluetooth using microwaves.

[0021]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 shows an embodiment I to which the present invention is applied.
FIG. 2 is a block diagram illustrating a configuration of a part according to the present invention of the IC card used in the C card system.

As shown in the figure, the IC card of the present embodiment includes a key input unit 20, a key display unit 22, a user-side password storage unit 24, a user-side password comparison unit 26,
And a card-side communication unit 30.

First, the key input unit 20 authenticates at least the user's personal identification number to be verified in the IC card and the business's personal identification number to be verified after being sent to the card reader. Used to input at the time of. The key display unit 22 is a display device used for such input. The key display unit 22 prompts the user to input a personal identification number or the business side personal identification number. Note that these user-side passwords and the business-side passwords that are being input are not displayed on the key display unit 22 in order to prevent others from viewing the information.

The key input unit 20 and the key display unit 22
It is attached to the surface of the C card. Therefore, the external appearance of the IC card in this embodiment is a credit card,
It is similar to an electronic desk calculator of size.

The user-side password storage unit 24 stores the user-side password for verification. The user-side password comparison unit 26 determines whether or not the use qualification authentication is possible by comparing the collation user-side password and the user-side password input by the key input unit. The card-side communication unit 30 transmits the determination result of the use qualification authentication based on the user-side password, and the business-side password input by the key input unit.

The user's personal identification number stored in the user's personal identification number storage unit 24 can be changed by the user alone without connecting the IC card to a card reader or the like. At the time of the change, the key input unit 2
0, a key display unit 22, a user-side password storage unit 24, and a user-side password comparison unit 26.

First, the user inputs the user's personal identification number before the change through the key input unit 20 and the key display unit 22, and the user's personal identification number storage unit 24 compares the user's personal identification number. The unit 26 determines whether the change can be authenticated. If the change is authorized, the user enters a new user-side password and re-enters the new user-side password for confirmation. If the new user password entered twice matches,
The user password storage unit 24 is rewritten with the new user password.

The card-side communication unit 30 may transmit the business-side password only when it is possible to determine the use qualification authentication based on the user-side password. Even in such a case, the fact that the business side security code has been transmitted implies that the determination of the use qualification authentication using the user side security code is possible.

FIG. 2 shows an embodiment I to which the present invention is applied.
FIG. 3 is a block diagram showing a configuration of a portion of the card reader according to the present invention used in the C card system.

As shown in the figure, the card reader according to the present embodiment includes a business side password generation unit 40, a business side password display unit 42, a business side password storage unit 44, and a reader side communication unit 50. , An IC card recognizing unit 52 and a business side personal identification number comparing unit 54.

The various business processing unit 60 uses the result of the use qualification authentication judgment in the present embodiment. For example, when the present embodiment is used for settlement of commercial transactions, the various business processing units 60 are business application systems for this purpose. When the present embodiment is used as a function such as an employee card or a membership card, the various business processing units 60 are business application systems for this purpose.

More specifically, in the card reader, first, the business-side password generation unit 40 randomly generates the business-side password. The business side security code display section 42
The business side password is displayed to the user. The business side password storage unit 44 stores the business side password as a verification business side password.

The reader-side communication unit 50 receives the user-side personal identification number use qualification determination result transmitted from the IC card side, the business-side personal identification number, and other additional information. When the IC card shown in FIG. 1 is inserted and attached to a predetermined position of the card reader, contact contacts for information exchange are made, and the card-side communication section 30 of the IC card is provided.
, And information can be exchanged with the reader-side communication unit 50 of the card reader.

The IC card recognizing section 52 recognizes that the IC card is physically regular by the normal contact of the card side communication section 30 and the reader side communication section 50. Further, the contact contact and reader side communication unit 50
Thus, by reading the card number of the IC card, it can be grasped that the card is a legitimate card in terms of contents and is an object to be used.

The business side password comparison unit 54 compares the business side password for collation with the business side password received from the IC card side to determine whether the use qualification authentication is possible, and If all of the use qualification authentication determination results on the IC card side are acceptable, the fact that the use qualification authentication determination of the IC card is acceptable is output to the outside. In the present embodiment, the output of the business-side password comparison unit 54 is output to various business processing units 60.

FIG. 3 is a flowchart showing the processing from the insertion of the IC card into the card reader to the display of the business personal identification number on the card reader in this embodiment. FIG. 4 is a flowchart showing a process from the input operation of the displayed business-side password to the output from the various business processing units 60 that the use qualification authentication determination is possible.

In these flowcharts, the processing on the card reader side is on the left side of the broken line. The processing on the IC card side is on the right side of the broken line.

First, in step 112 of FIG.
Insert and attach the IC card at a predetermined position on the reader. Then, in step 114, the IC card recognition section 52 recognizes the insertion and attachment of the IC card, and recognizes the use start so as to start the determination as to whether or not to certify the use qualification of the IC card.

In step 116, the reader-side communication unit 50 of the card reader requests the user identification name from the card-side communication unit 30 of the IC card. Card side communication unit 30
Is previously written with a card number for individually recognizing the IC card. In the present embodiment, the user identifier is a card number. The user identification name may be another member number or the like. In step 118, in response to the request in step 116, the IC card notifies the card reader of the card number.

At step 120, the card reader receives the card number. At this point, the IC card recognition unit 52 indicates that the IC card is physically
In addition, since the card number can be read normally, it can be understood that the card is a legitimate card in terms of contents and is to be used. Then, in step 120, the business password generation unit 40 generates a business password. In step 122, the generated business personal identification number is displayed on the business personal identification number display unit 42.

In step 124, the user who has the IC card displays this business password at his / her own risk.
Check visually. In step 126, after the user operates the display deletion push button or after a predetermined time has elapsed, the display of the business password on the business password display unit 42 ends. The predetermined time is preferably short from the viewpoint of preventing the business personal identification number from being seen by others.

Next, in step 142 of FIG. 4, the user's personal identification number is input through the key input section 20 and the key display section 22 of the IC card. In step 144, the user-side password comparison unit 26 compares the verification user-side password stored in the user-side password storage unit 24 with the user-side password input in step 142. Then, it is determined whether or not the use qualification authentication can be performed. When it is determined that the use qualification authentication is permitted, in step 146, the user inputs the business-side personal identification number visually observed in step 124 through the key input unit 20 and the key display unit 22 of the IC card.

In step 148, a processing start request is transmitted. In step 150, the reader communication unit 50 of the card reader requests the user identification name from the card communication unit 30 of the IC card. In step 152, the IC card notifies the card reader of the card number in response to the request in step 150. Step 154
Then, the business side password comparison unit 54 of the card reader
The key input unit 20 of the C card requests the business side personal identification number. In step 156, in response to the request in step 154, the IC card notifies the card reader of the business side personal identification number.

In step 158, the collation business password stored in the business password storage unit 44 and the business password transmitted from the IC card in step 156 are verified. If it is determined in the collation that the use qualification authentication is possible or not, since the use qualification authentication determination result on the IC card side has already been determined to be acceptable in step 144, the business-side password comparison unit 54 sets the various business processing units 6
For 0, it outputs that IC card use qualification authentication determination is possible. Then, in step 160,
All the above-mentioned use qualification authentication processing ends.

According to the invention as described above, the present invention can be effectively applied. Therefore, it is possible to improve the performance of the function of preventing unauthorized use with a relatively simple device.

[0047]

According to the present invention, it is possible to improve the performance of a function for preventing unauthorized use with a relatively simple device.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a part according to the present invention of an IC card used in an IC card system of an embodiment to which the present invention is applied.

FIG. 2 is a block diagram showing a configuration of a portion according to the present invention of the card reader used in the embodiment.

FIG. 3 is a flowchart showing processing from the insertion of an IC card into a card reader to the display of a business personal identification number on the card reader in the embodiment.

FIG. 4 is a flowchart showing processing from input operation of a business-side password displayed in the embodiment to output to the various business processing units that usage qualification authentication determination is possible;

[Explanation of symbols]

 Reference Signs List 20 key input unit 22 key display unit 24 user password storage unit 26 user password comparison unit 30 card communication unit 40 business password generation unit 42 business password display unit 44: business-side password storage unit 50: reader-side communication unit 52: IC card recognition unit 54: business-side password comparison unit 60: various business processing units

Claims (3)

[Claims] At the time of use, a user inputs a personal identification number, and the personal identification number is collated with a personal identification number registered in advance in an IC card possessed by each user to judge whether or not authentication of use qualification is possible. In the IC card system, the user inputs at least the user's personal identification number to be verified in the IC card and the business's personal identification number to be verified after being sent to the card reader at the time of qualification authentication. Key input unit for use, a user-side password storage unit for storing the user-side password for verification, a user-side password for verification, and the user input by the key input unit. By comparing the personal identification numbers, a user identification number comparison unit that determines whether or not the user qualification authentication can be performed, a determination result of the user qualification authentication based on the user identification number, and the key input unit. An IC card including a card-side communication unit for transmitting the business-side password, a business-side password generation unit for randomly generating the business-side password, and displaying the business-side password to a user. A business password display unit, a business password storage unit for storing the business password as a verification business password, and an IC.
A reader-side communication unit for receiving the user-side password use qualification authentication determination result transmitted from the card side and the business-side password, the collation business-side password, and the I
The result of determining whether or not the use qualification authentication is possible by collating the business-side password received from the C card side, and the use qualification authentication determination result on the IC card side are as follows:
In the case where all of the determinations are acceptable, a card reader including a business-side password comparison unit that outputs to the outside that the IC card use qualification authentication determination is available is used. An IC card system characterized by the above-mentioned. 2. The user inputs at least the personal identification number to be collated in the IC card and the business identification number to be collated after being sent to the card reader at the time of qualification authentication. A key input unit used for: a user password storage unit for storing the user password for verification; a user password input for the verification user; and the user input by the key input unit A user-side password comparison unit that determines whether or not the user credential is authenticated by collating the password; a determination result of the user qualification authentication based on the user-side password; and the business input by the key input unit. An IC card, comprising: a card-side communication unit for transmitting a personal identification number. 3. A business password generation unit for randomly generating the business password, a business password display unit for displaying the business password to a user, and a collation unit for collating the business password. A business side secret number storage unit that stores as a business side personal identification number; a reader side communication unit that receives the user side personal identification number use qualification authentication determination result transmitted from the IC card side and the business side personal identification number; The result of judging whether or not the use qualification authentication is possible by comparing the collation business side secret number and the business side secret number received from the IC card side, and the use qualification authentication judgment result on the IC card side are: And a business-side password comparison unit that outputs to the outside that the IC card use qualification determination can be made. leader.