JP3957167B2 - Data update method and apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an IC card that can prevent unauthorized updating of data during offline use, for example, and can reduce the risk of a card issuer and a cardholder caused thereby.
[0002]
[Prior art]
The target data managed by the center system that is the card issuer, for example, data corresponding to the amount of money (hereinafter referred to as amount data) is stored in the IC card, and the center system side uses the amount data. There is a transaction form in which goods are purchased without obtaining approval. Such a transaction form is called offline transaction. For example, by using an ATM (automatic teller machine) connected online with the center system, money amount data corresponding to all or part of the bank deposit balance is stored in the memory area of the IC card. A case where the amount data is successively subtracted using an offline terminal in a store corresponds to offline transaction.
[0003]
In such offline transactions, the amount of data stored in the IC card and the amount of data corresponding to the deposit balance managed on the center system side do not match between the card issuer and the cardholder. It is important to take measures to avoid troubles.
[0004]
Therefore, in the past, there has been a contrivance that sets an upper limit for the amount data that can be stored in the IC card on the center system side and places a certain limit when updating (increase) the amount data, thereby preventing inconsistencies in the amount data. It was given. FIG. 7 is a sequence chart in this case, and shows the flow of each processing in the IC card, the card reader / writer (hereinafter referred to as R / W) provided in the ATM, and the center system connected online to the ATM. Is.
[0005]
In FIG. 7, the R / W (ATM) performs the required post-card insertion processing upon the detection of card insertion (R21), and then the current value for the IC card, that is, the amount data currently stored. A read request is made (R22). Upon receiving this request (K21), the IC card reads the amount data currently stored from its own memory area and transmits it to the R / W (K22). The R / W that has received the money amount data from the IC card adds the money amount data and the planned increase amount to calculate the changed value (R23), and transmits the changed value as the calculation result to the center system (R24). That is, it is inquired whether it can be updated.
[0006]
In the center system, when the change value is received, the amount data (hereinafter referred to as management value) managed for the registered owner of the IC card is searched (C21), and if it exists, the management value and the received change value and Are compared (C22). If the change value is equal to or less than the management value (C23: Yes), an update possible notification is sent to the R / W. If the change value exceeds the management value (C23: No), an update impossible notification is sent to the R / W.
[0007]
When the notification from the center system is an updatable notification, the R / W sends a message to that effect to the IC card (R25).
[0008]
When the IC card confirms the update possible notification, it updates the current value of the amount data (K232). If the update is normally completed, the R / W is notified to that effect (K24). The R / W that has received this notification displays updated information (R27), and controls the ejection of the IC card when the necessary processing is completed (R28). As a result, the IC card is discharged, and offline transaction based on the updated amount data becomes possible.
[0009]
[Problems to be solved by the invention]
As described above, when the amount data stored in the IC card is updated, it is usually checked whether the update is possible after checking the consistency with the amount data managed on the center system side. It has become. However, if a third party steals the amount data update procedure performed on the IC card and creates an unauthorized ATM with a function for realizing the procedure, it is not necessary to make an inquiry to the center system. The amount data inside the IC card can be unilaterally updated. In addition, if the authorized cardholder loses or steals an IC card, repeat the increase of the set amount or purchase of goods within the range of amount data that can be updated by the malicious third party who acquired it. Can be considered.
[0010]
As described above, when an offline transaction is performed using a conventional IC card, there is a problem that the transaction form becomes dangerous for both the card owner and the card issuer (or the system operator). Such a problem is caused by whether or not the target data stored inside the IC card is updatable by the judgment of a device existing outside the IC card, such as the amount data, and the same method It also existed in common with other IC card systems that employ the.
[0011]
SUMMARY OF THE INVENTION An object of the present invention is to provide an improved IC card capable of thoroughly restricting update of target data stored in the card and reliably preventing unauthorized access to the target data. .
[0012]
[Means for Solving the Problems]
In order to solve the above problems, the present invention provides a data storage area for storing target data whose value increases or decreases by updating, and a setting area in which an updatable range of target data stored in the data storage area is set And generating update candidate data based on the current value and new input value of the target data stored in the data storage area, and only when the update candidate data is within the updatable range set in the setting area There is provided an IC card comprising: a first memory control unit that allows updating of the data storage area.
[0013]
In addition, there is a data storage area for storing target data whose value is increased or decreased by updating, a setting area for setting an updatable range of the target data stored in the data storage area, and at least one in this setting area There is also provided an IC card having second memory control means for setting or updating the type of updatable range.
[0014]
In each of the above IC cards, the updatable range is, for example, a set of an update upper limit value and an update lower limit value, at least one of which is a fixed value, or an update upper limit value and an update lower limit value that can be individually set and updated. In addition, when a plurality of types of target data storage areas are formed in the data storage area, each target data storage area is specified. For example, the update upper limit value prevents the value of the target data from being accumulated too much, and the update lower limit value can be used as a maintenance technique for preventing the value of the target data from being excessively reduced.
[0015]
Another IC card of the present invention identifies an update request for the target data input from the outside of the card and a setting or update request for the updatable range, and performs an authentication process in a different form depending on the identification result It further has a processing means. This authentication processing means is preferably configured to allow setting or updating of the upper limit value and the lower limit value of the updatable range based on different authority IDs.
[0016]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing a configuration example of an IC card to which the present invention is applied. The IC card 1 includes an input / output control unit (I / O) 11 that performs data input / output control with a card reader / writer (R / W) 2, a microprocessor (CPU) 12, a ROM 13, a RAM 14, and an EEPROM 15. It is prepared for.
[0017]
The RAM 14 is a working memory that is used by the CPU 12 to execute a program, and the ROM 13 is a memory that stores at least a control program executed by the CPU 12.
[0018]
FIG. 2 is an explanatory diagram of the contents of the EEPROM 15. In the present embodiment, the EEPROM 15 has at least a PIN storage area 151 for storing a plurality of PINs (Personal Identification Numbers) as access authority IDs, and an updatable range of amount data as an example of target data. A setting data storage area 152 for setting and a storage area 153 for the amount data are formed. The amount data used here is data representing the amount of money and the like, and is data in which the value increases when the funds are reserved at the time of offline transaction and decreases when the payment such as the purchase of goods is made.
[0019]
In the PIN storage area 151, a PIN # 1 for a card issuer and a PIN # 2 for a legitimate card holder are set. The updatable range set in the setting data storage area 152 consists of a set of an update upper limit value and an update lower limit value, and the update upper limit value and the update lower limit value are individually set or updated (hereinafter, set in this embodiment). Etc.). For example, the update upper limit value can be set by the card issuer, and the update lower limit value can be set by only the card holder.
[0020]
It should be noted that at least one of the update upper limit value and the lower limit value may be a fixed value. If both are fixed values, at least the configuration of the authentication processing means described later can be further simplified.
[0021]
The update upper limit value and the update lower limit value can be set in a plurality of sets, and the update upper limit value and the update lower limit value of each set are individually set for each storage area of the plurality of amount data # 1 to #n. can do. In this way, it is possible to cope with a case where a plurality of services are received with one IC card. In the example shown in the figure, money amount data # 1 is set for the set of update upper limit value A and update lower limit value A, and money amount data # 2 and money amount data # 3 are set for the set of update upper limit value B and update lower limit value B.
[0022]
FIG. 3 is a functional block configuration diagram realized by the CPU 12 in accordance with the control program stored in the ROM 13. In this embodiment, the authentication processing unit 120, the command execution management unit 121, the upper limit value setting unit 122, the lower limit value setting unit 123, the target data setting unit 124, the data comparison processing unit 125, the arithmetic processing unit 126, and the data update processing unit 127 is built. Here, it is assumed that the update upper limit value and the update lower limit value can be updated individually.
[0023]
The authentication processing unit 120 identifies a PIN input from the R / W 2 via the I / O 11 and performs a required authentication process. When updating the amount data, the authentication process by PIN input can be omitted (PIN unlock state). The command execution management unit 121 performs an authentication process on the premise that the authentication processing unit 120 requests a request different from the update request for the amount of money data, that is, setting of the updatable range and the setting of the amount of money data for each updatable range. When executed, the command corresponding to the request is selectively executed.
[0024]
The processing procedure in the command execution management unit 121 will be described with reference to FIG. For example, when the card issuer requests setting of an update upper limit value based on the input of its own PIN # 1 (step S101: Yes), the command execution management unit 121 sends an update upper limit value to the upper limit value setting unit 122. A setting command is sent (step S102). Further, when the cardholder requests setting of the update lower limit value based on his / her PIN # 2 input (step S101: No, step S103: Yes), the update lower limit value is set in the lower limit value setting unit 123. Command is sent (step S104). Even when the amount data # 1 to #n are individually set in the updatable range, the cardholder PIN verification is performed, and the target data setting command is sent to the target data setting unit 124 when normal. To do. If authentication cannot be obtained as a result of the PIN verification, an error process is performed (step S105), and the process ends.
[0025]
The data comparison processing unit 125 adds the current value of the amount data stored in the amount data storage area 153 and the amount data (new input value) newly input via the I / O 11 using the arithmetic processing unit 126. Then, it is compared whether the total value is within the updatable range set for the amount data. If it is within the updatable range, the total value is sent to the data update processing unit 127. The data update processing unit 127 updates the corresponding data area of the money amount data storage area 153 according to the comparison processing result of the data comparison processing unit 125.
[0026]
Next, a method of using the IC card having the above configuration will be specifically described with reference to FIGS. FIG. 5 shows a flow of processing procedures in the data comparison processing unit 125 and the data update processing unit 127, and FIG. 6 shows a sequence procedure between the IC card 1 and the R / W 2. Here, it is assumed that the updatable range has already been set and there is no problem with the authentication process.
[0027]
In FIG. 6, when the IC card 1 is inserted (R11), the R / W 2 transmits a data update request (command) to the IC card (R12). On the IC card side, upon receipt of this update request, the corresponding area in the EEPROM 15 is searched and necessary update processing is performed (K11 to K16).
[0028]
Specifically, as shown in FIG. 5, upon receipt of a data update request (step S201), a corresponding money amount storage area is searched (step S202). When the amount data exists (step S203: Yes), it is searched whether there is an updatable range set for the amount data (step S204). If there is an updatable range (step S205: Yes), it is determined whether or not it is an increase request (step S206). If it is an increase request, the current amount value and the increase value are added (step S206: Yes, S207k), it is checked that the added value is not more than the update upper limit value (step S208k). On the other hand, if it is confirmed in step S206 that it is a reduction request, the reduction value is subtracted from the current amount value (step S206: No, S207g), and this subtraction value is checked to be equal to or greater than the data changeable lower limit value. (Step S208g).
[0029]
When it is confirmed that the calculated data is within the updatable range at the time of checking in the above steps S206, S208k, and S208g, the corresponding amount data is updated (step S209), and the fact that the processing has been completed normally is confirmed. R / W2 is notified (step S210). On the other hand, if an error occurs in the execution condition check of the command, predetermined error processing is performed, and abnormal termination is notified to the R / W 2 (step S211). Returning to FIG. 6, the R / W 2 outputs the notification contents from the IC card 1 in a form that can be recognized by the user (R 13), and after the necessary end processing, the card is discharged (R 14).
[0030]
Thus, since the IC card 1 of this embodiment has set an updatable range that determines the range of the amount data that can be stored in the IC card 1 and performs the self-check when updating the amount data, The update process is simplified compared to the conventional method. Therefore, for example, when shopping at a store or the like, the checkout process and work at the cash register are simplified, and a situation in which a queue by other customers near the cash register can be avoided. Moreover, since it is not necessary to inform the R / W side of the current amount data as in the prior art, there is no possibility that a malicious third party will read out the amount data inside the card, thus protecting the privacy of the IC card owner. Connected.
[0031]
The upper limit of the updatable range is set in the IC card 1 secretly by the card issuer, and the lower limit is set by the authorized owner of the IC card 1, and these settings are illegal access Therefore, it is possible to safely carry out off-line transactions using an IC card by allowing only a special command to be executed after PIN verification. In addition, the cardholder can use his / her IC card to another person who can be trusted to purchase the product up to the lower limit of the current amount data.
[0032]
In the present embodiment, the example in the case of monetary data is shown as the target data. However, the same embodiment is possible in the case of a loan amount by a book card or a score amount by a game card.
[0033]
【The invention's effect】
As is clear from the above description, according to the IC card of the present invention, even if an attempt is made to improperly update the target data inside the card using an unauthorized R / W, the update is restricted, so that at the time of offline transaction There is a unique effect that the risk of cardholders and card issuers is reduced.
[Brief description of the drawings]
FIG. 1 is a configuration diagram of an IC card to which the present invention is applied.
FIG. 2 is an explanatory diagram of contents of an EEPROM of the IC card according to the present embodiment.
FIG. 3 is a configuration diagram of functional blocks realized by the IC card of the present embodiment.
FIG. 4 is an explanatory diagram of a processing procedure in a command execution management unit of the present embodiment.
FIG. 5 is an explanatory diagram of a processing procedure in the IC card of the present embodiment.
FIG. 6 is a sequence chart showing a processing procedure performed between the IC card and the R / W.
FIG. 7 is a sequence chart showing a processing procedure performed between the conventional IC card, the R / W, and the center system.
[Explanation of symbols]
1 IC card 2 Card reader / writer (R / W)
11 Input / output control unit (I / O)
12 Microprocessor (CPU)
121 Authentication Processing Unit 122 Command Execution Management Unit 123 Upper Limit Value Setting Unit 124 Lower Limit Value Setting Unit 125 Data Comparison Processing Unit 126 Operation Processing Unit 127 Data Update Processing Unit 13 ROM
14 RAM
15 EEPROM
151 PIN storage area 152 Setting data storage area 153 Amount data storage area

Claims (8)

A can communicate with a reader-writer, a method of updating data to be executed by the IC that includes a processor and a memory operating according to a predetermined program,
In the memory,
A data storage area for storing target data whose value increases or decreases by updating, and an update upper limit value and an update lower limit value at least one of which is a fixed value as an updatable range of the target data stored in the data storage area A set area set by a set is formed,
The processor is
When an update request for the target data is received from the reader / writer, update candidate data is generated based on the current value and new input value of the target data stored in the data storage area, and the update candidate data is A data update method executed by an IC comprising a processor and a memory, wherein the data storage area is allowed to be updated only when it is within an updatable range set for the area. An update method of data executed by an IC that is communicable with a reader / writer and that includes a processor and a memory that operate according to a predetermined program,
In the memory,
A data storage area for storing target data whose value increases or decreases by updating, an update upper limit value and an update lower limit value that can be individually set and updated as an updatable range of the target data stored in the data storage area, and And a setting area set by a set of
The processor is
When an update request for the target data is received from the reader / writer, update candidate data is generated based on the current value and new input value of the target data stored in the data storage area, and the update candidate data is A data update method executed by an IC comprising a processor and a memory, wherein the data storage area is allowed to be updated only when it is within an updatable range set for the area. 3. A data updating method executed by an IC having a processor and a memory according to claim 1, wherein an area for setting a plurality of types of the updatable range is formed in the setting area. . The storage area for plural types of target data is formed in the data storage area, and the update upper limit value and the update lower limit value are defined for each storage area of the target data. A data update method executed by an IC including the processor and the memory according to any one of 1 to 3. The processor is configured to identify an update request for the target data received from the reader / writer and a setting or update request for the updatable range, and perform different forms of authentication according to the identification result. A data updating method executed by an IC including the processor and the memory according to any one of 1 to 4. 6. The authentication is executed by an IC having a processor and a memory according to claim 1, wherein the upper limit value and the lower limit value of the updatable range are allowed to be set or updated based on different authority IDs. how to update that data. An IC that includes a processor and a memory that can communicate with a reader / writer and operate according to a predetermined program,
In the memory,
A data storage area for storing target data whose value is increased or decreased by updating, an update upper limit value and an update lower limit value at least one of which is a fixed value as an updatable range of the target data stored in the data storage area; And a setting area set by a set of
The processor is
When an update request for the target data is received from the reader / writer, update candidate data is generated based on the current value and new input value of the target data stored in the data storage area, and the update candidate data is The IC, wherein the data storage area is allowed to be updated only when it is within an updatable range set in the area. An IC that includes a processor and a memory that can communicate with a reader / writer and operate according to a predetermined program,
In the memory,
A data storage area for storing target data whose value increases or decreases by updating, an update upper limit value and an update lower limit value that can be individually set and updated as an updatable range of the target data stored in the data storage area, and And a setting area set by a set of
The processor is
When an update request for the target data is received from the reader / writer, update candidate data is generated based on the current value and new input value of the target data stored in the data storage area, and the update candidate data is The IC, wherein the data storage area is allowed to be updated only when it is within an updatable range set in the area.

Images