JP4578167B2 - Information processing device with authentication function - Google Patents

Description

The present invention relates to an information processing apparatus having an authentication function, and more particularly, to an information processing apparatus that adopts a method of increasing security by limiting the number of continuous attempts of authentication processing.

  As a security measure related to the information processing apparatus, an authentication process for confirming that, when there is an external access, the access has an authorized authority is very important. In particular, in the case of a portable information processing apparatus such as an IC card, since there is a high risk of loss or theft, an authentication processing function when accessing from outside is indispensable. In order to perform such an authentication process, a method of writing a predetermined secret code in the apparatus in advance is usually employed. For example, if you write a password that only a legitimate user knows as a secret code, request access to the password when you access it, and confirm that the password matches, you can access it from a legitimate user. It can be authenticated. Alternatively, an encryption key held only by a legitimate user is written as a secret code, and predetermined data encrypted externally using the encryption key is decrypted inside the apparatus to obtain original data. In some cases, a method of confirming that they match is employed. For example, Patent Document 1 below discloses an authentication method for an IC card using such an encryption method.

In order to further improve the security in the authentication process as described above, a technique for limiting the number of consecutive trials of the authentication process is usually added. This is useful in reducing the risk of accidental password matching due to unauthorized access through repeated trial and error. Specifically, the number of authentication failures due to password mismatch or the like is counted, and the authentication secret code is invalidated when the number of consecutive authentication failures exceeds a predetermined allowable value. Can be done. For example, if the allowable value is set to 5 times, an incorrect password can be entered up to 5 times, but if the wrong password is entered for the 6th time, the secret code used for password authentication is invalidated. As a result, all accesses in the usual way are no longer accepted. If such measures are taken, the probability of successful unauthorized access can be significantly reduced. Patent Document 2 below discloses a method for limiting the number of password inputs per unit time.
JP-A-5-290225 JP-A-9-212458

  In recent years, the demand for portable information processing devices such as IC cards has been increasing, and their uses such as credit cards and mobile phones are various. Accordingly, the authentication functions required for such information processing apparatuses are diversifying, and various settings are made for the configuration of a secret code such as a password and the allowable value of the number of consecutive trials. For example, even with the same IC card for credit card, depending on the issuing credit sales company, the password configuration (numbers only, characters included, how many total digits, etc.), and the number of consecutive trials The permissible values are different.

  For this reason, for example, in the case of an IC card, a provider of an IC card that provides an IC card having basic functions is in a state in which data such as a unique secret code and an allowable number of consecutive trials are not written. The IC card is delivered to a service provider such as a credit sales company, and when the service provider issues the IC card to each user, a secret code having a desired configuration and a desired allowable value are written. It is the actual situation.

  Of course, there is no problem if the secret code and the allowable value are correctly written at the stage of issuing the IC card. However, if the allowable value is not written correctly due to some trouble, the number of consecutive trials is limited. Function that does not work properly, it is vulnerable to attacks by unauthorized access that repeats trial and error. Such an allowable value writing error may occur due to various factors, but recently, the occurrence of an error due to a communication environment trouble cannot be ignored. This is because the number of cases where the issuing process of an IC card or the like is performed from a remote location via various communication networks or networks is likely to increase. For example, in the case of an IC card of the type that is installed in a mobile phone, it is possible to communicate with the outside using the communication function of the mobile phone. It is also possible to receive. In this case, since the secret code and the allowable value writing process are also performed online, it is possible to sufficiently predict a situation where the allowable value is not correctly written due to the occurrence of a communication trouble.

  Here, considering the situation where the secret code writing process has succeeded and the allowable value writing process has failed, the authenticating process can be executed. There is a possibility that the IC card will be put into practical use because it seems to have ended without any abnormality. However, as described above, such an IC card is in an unprotected state against attacks by unauthorized access that repeats trial and error, and has a serious vulnerability in terms of security.

Therefore, an object of the present invention is to provide an information processing apparatus having an authentication function capable of ensuring sufficient security even when an abnormality occurs in the writing process of the allowable number of consecutive trials .

(1) The first aspect of the present invention is:
A secret code storage unit for storing a predetermined secret code;
A correct / incorrect determination unit that determines whether the input code is correct or not by using a secret code when there is an access with a predetermined input code from the outside;
A continuous trial number counting unit that counts the number of times the negative determination is continuously performed by the correctness determination unit;
An allowable value storage for storing the allowable value of the number of consecutive trials;
An invalidation processing unit for invalidating the secret code when the count value of the continuous trial number counting unit exceeds an allowable value;
A secret code writing unit for performing a process of writing a predetermined secret code in the secret code storage unit based on an instruction from the outside;
An allowable value writing unit that performs processing of writing a predetermined allowable value in the allowable value storage unit based on an instruction from the outside;
In an information processing apparatus comprising:
A tolerance value storage determination unit for determining whether or not a tolerance value is stored in the tolerance value storage unit is further provided, and only when the tolerance value storage determination unit determines that the tolerance value is stored, the secret code The writing process of the secret code by the writing unit is executed ,
The allowable value storage determination unit stores in advance the effective range that the allowable value should take, and the allowable value is stored when the data stored in the allowable value storage unit is data within the effective range. This is to make a determination of the effect.

(2) According to a second aspect of the present invention, there is provided an information processing apparatus including the authentication function according to the first aspect described above.
The correct / incorrect determination unit checks the input code given from the outside against the secret code stored in the secret code storage unit, and if both match, it determines that the input code is correct It is.

(3) According to a third aspect of the present invention, there is provided an information processing apparatus including the authentication function according to the first aspect described above.
When the result of executing a predetermined calculation based on one code for the input code given from the outside and the secret code stored in the secret code storage unit matches the other code, Alternatively, when the results of executing predetermined operations based on both codes match, it is determined that the input code is correct.

  According to the information processing apparatus having the authentication function according to the present invention, the allowable value storage determination unit determines whether or not the allowable value of the number of consecutive trials has been correctly written, and when the correct value has been correctly written. However, since the secret code writing process is executed, when an abnormality occurs in the allowable value writing process, the secret code is not written. Therefore, when an abnormality occurs in the allowable value writing process, the information processing apparatus is not put into practical use as it is, and sufficient security can be ensured in this respect.

  Hereinafter, the present invention will be described based on the illustrated embodiments.

<<< §1. Information processing device with general authentication function >>>
FIG. 1 is a block diagram showing a basic configuration of an information processing apparatus 100 having an authentication function that has been generally used conventionally. As illustrated, the information processing apparatus 100 includes components such as a correct / incorrect determination unit 10, a secret code storage unit 20, a continuous trial number counting unit 30, an invalidation processing unit 40, and an allowable value storage unit 50. Each of these components is an element for executing a process of authenticating that the access is a regular access when there is an access from the outside.

  Note that an original information processing unit 60 indicated by a broken line in the figure indicates a portion that performs the original information processing that should be performed by the information processing apparatus 100, and the specific contents thereof include the type of information processing apparatus 100 It depends on the application. For example, when the information processing apparatus 100 is an IC card having a function as a credit card, the original information processing unit 60 has a function of storing member information and payment information as a credit card member, When performing payment by card, it has a function of executing various processes necessary for payment. Therefore, the original information processing unit 60 should be the main component of the information processing apparatus 100. However, since the present invention is a technology related to the authentication function of the information processing apparatus 100, the original information processing unit 60 Detailed description of 60 itself is omitted.

  The correctness determination unit 10 is the most important component for performing authentication processing in the information processing apparatus 100, and determines whether the input code Ci is correct or not when there is an access with a predetermined input code Ci from the outside. It has a function. The determination result in the correctness determination unit 10 is transmitted to the original information processing unit 60. The original information processing unit 60 executes a normal process in response to the access when a positive determination is made by the correctness determination unit 10, but a negative determination is made by the correctness determination unit 10. To deny the access.

  The correctness determination in the correctness determination unit 10 is performed using the secret code Cs stored in the secret code storage unit 20. The simplest correct / incorrect determination method is to check the input code Ci given from the outside and the secret code Cs stored in the secret code storage unit 20, and when the two match, the input code Ci is correct. This is a method of determining the effect. In this case, the secret code Cs stored in the secret code storage unit 20 functions as a password that only a legitimate user can know. At the time of access, the same password as the secret code Cs is input as the input code Ci. By doing so, the authentication succeeds. In other words, the correctness determination unit 10 makes a positive determination when the input code Ci input from the outside matches the secret code Cs.

  However, the correctness determination using the secret code Cs is not limited to the method for determining the match with the input code Ci. As another method, the result of executing a predetermined calculation based on one code for the input code Ci given from the outside and the secret code Cs stored in the secret code storage unit 20 matches the other code. In this case, it can be determined that the input code Ci is correct. For example, consider a case where an encryption key used for encryption processing based on a predetermined algorithm is prepared in the secret code storage unit 20 as a secret code Cs. Here, for example, the serial number assigned to the information processing apparatus 100 is encrypted by performing an encryption process using a predetermined algorithm using the encryption key (secret code Cs), and encrypted. Suppose that the serial number is input as the input code Ci. In this case, the correctness determination unit 10 uses the same algorithm as described above with respect to the serial number stored in the information processing apparatus 100 using the secret code Cs stored in the secret code storage unit 20 as an encryption key. It is only necessary to perform the encryption processing by performing encryption processing and to make a positive determination when the result matches the input code Ci. Of course, the object of encryption is not limited to the serial number of the information processing apparatus 100. For example, the user name of the information processing apparatus 100, date and time information, or the like may be used. In addition, a predetermined calculation is executed based on both the input code Ci given from the outside and the secret code Cs stored in the secret code storage unit 20, and the input code Ci is found when the two calculation results match. It can also be determined that is correct.

  In addition to this, there are various correctness determination methods using the secret code Cs, but the specific correctness determination method itself performed by the correctness determination unit 10 is not the subject of the present invention. Omitted.

  As described above, as long as the correct / incorrect determination unit 10 performs the correct / incorrect determination using the secret code Cs, the possibility that an affirmative determination is accidentally made by unauthorized access that repeats trial and error cannot be excluded. Therefore, as already mentioned, usually, a measure is taken to limit the number of consecutive trials of the authentication process. The continuous trial number counting unit 30, the invalidation processing unit 40, and the allowable value storage unit 50 shown in the figure are components for taking such measures.

  That is, the continuous trial number counting unit 30 is a component having a function of counting the number of times negative determination is continuously performed by the correctness determination unit 10, and the allowable value storage unit 50 is configured to allow the number of consecutive trials. The invalidation processing unit 40 is a component for storing the value M. The invalidation processing unit 40 is a component for invalidating the secret code Cs when the count value of the consecutive trial number counting unit 30 exceeds the allowable value M. is there.

  When there is an access accompanied by the input code Ci from the outside, the correctness determination unit 10 determines whether the input code Ci is correct by the above-described method, and transmits the result to the continuous trial number counting unit 30. When the positive determination is transmitted, the continuous trial number counting unit 30 clears the count value so far to 0, but when the negative determination is transmitted, the count value so far is only 1. Process to increase. As a result, when negative determination is continuously performed by the correct / incorrect determination unit 10, the total number of times is counted by the continuous trial number counting unit 30.

  The invalidation processing unit 40 invalidates the secret code Cs in the secret code storage unit 20 when the count value by the consecutive trial number counting unit 30 exceeds the allowable value M stored in the allowable value storage unit 50. Perform the process. For example, when the allowable value M stored in the allowable value storage unit 50 is 5, when the correctness determination unit 10 makes negative determinations six times in succession, the invalidation by the invalidation processing unit 40 From then on, all accesses in the normal manner will be denied. As a specific invalidation method, a method of rewriting the value of the secret code Cs to a predetermined “value indicating invalidity” may be used, or a flag indicating invalidity is set, and the secret judgment unit 10 is provided with the secret The code Cs may be invalid.

  Such a cooperative action of each component makes it possible to increase the protection against unauthorized access that repeats trial and error. For example, in the case of the above-described example, there is a possibility that an affirmative determination may be obtained by trial and error up to six times, but subsequent trials are prevented by invalidation.

<<< §2. Information processing device with write function during issue processing >>>
FIG. 1 shows an example in which a predetermined secret code Cs is already set in the secret code storage unit 20 and a predetermined allowable value M is already set in the allowable value storage unit 50. However, as described above, each of these setting contents varies depending on the use of the information processing apparatus 100. In practice, there are many cases where the information is written when the information processing apparatus 100 is issued to a specific user. Generally, when the information processing apparatus 100 is issued, processing for writing personal information for a specific user or the like is performed in the original information processing unit 60, and at the same time, processing for writing the secret code Cs or the allowable value M is performed. Is called.

  FIG. 2 is a block diagram showing a configuration example in which a secret code writing unit 25 and an allowable value writing unit 55 are further added to the information processing apparatus 100 shown in FIG. Here, the secret code writing unit 25 is a component that performs a process of writing a predetermined secret code Cs in the secret code storage unit 20 based on an instruction from the outside. Similarly, the allowable value writing unit 55 This is a component that performs a process of writing a predetermined allowable value M in the allowable value storage unit 50 based on an instruction from the outside. The original information processing unit 60 similarly includes components for writing information necessary for issuing, but the description thereof is omitted here.

  By using the information processing apparatus 100 having such a writing function at the time of issuing processing, a contractor who provides various services using the information processing apparatus 100 uses the information processing apparatus 100 for individual users. When issuing, it becomes possible to write a desired secret code Cs and a desired allowable value M, respectively. However, in the process at the time of issuance, if the secret code writing process succeeds but the allowable value writing process fails, it becomes vulnerable to attacks due to unauthorized access that repeats trial and error, which is a security point. As mentioned above, a serious problem arises.

  For example, in the case of the illustrated example, if the secret code Cs is written in the secret code storage unit 20, the correctness determination unit 10 can normally perform its function, and there is no problem with the authentication function itself. Does not occur. Therefore, from this point of view, it seems that the issuing process has been completed without any abnormality. However, if the allowable value M is not written in the allowable value storage unit 50, the invalidation function by the invalidation processing unit 40 is not likely to operate normally even if there is an unauthorized access. For example, when a non-volatile memory such as an EEPROM is used as the allowable value storage unit 50 and the initial value is “FF” in hexadecimal, if the writing of the allowable value M fails, the allowable value storage is performed. Since the initial value “FF” is stored in the unit 50, the invalidation processing by the invalidation processing unit 40 is executed when the count value of the continuous trial number counting unit 30 reaches 256. Become. This results in allowing 256 kinds of unauthorized access by trial and error, which is a serious problem in terms of security.

  The inventor of the present application predicts that the number of cases where the allowable value M fails to be written will tend to increase in the future. The reason for this is that, as described above, it is likely that the number of cases where the issuing process of the information processing apparatus 100 is performed online will increase more and more. Actually, in the case of an IC card of a type that is mounted on a mobile phone, a function of communicating with the outside using the communication function of the mobile phone and downloading data and programs is already provided. Therefore, in the future, in order to be able to use the information processing apparatus 100 made up of a mobile phone-mounted IC card or the like as a credit card for a specific credit sales company, the server of the credit sales company and the information processing apparatus 100 will be connected. It is considered that a form in which online connection is performed and credit card issuance processing is performed in that state is generalized. In such a case, there is a possibility that the writing process of the allowable value M may fail due to a communication environment trouble in the issuing process.

In this way, the present invention proposes a new technique that makes it possible to ensure sufficient security even when an abnormality occurs in the process of writing the allowable number of consecutive trials. This technology is roughly divided into two approaches. The first approach is an approach adopted by the information processing apparatus having an authentication function according to the present invention. That is, an additional component is added to the information processing apparatus 100, and the problem is solved by the function of the additional component, and an embodiment thereof will be described in Section 3. On the other hand, the second approach solves the same problem by devising the issuing process of the information processing apparatus 100 . This second approach is not adopted by the present invention, but for reference, its embodiment will be described in §4.

<<< §3. Embodiments based on the first approach of the present invention >>>
FIG. 3 is a block diagram showing a basic configuration of the information processing apparatus 100 according to the embodiment based on the first approach of the present invention. The difference from the conventional apparatus shown in FIG. 2 is that the allowable value storage determination unit 70 is added as a new component, and the secret code writing unit 25 depends on the determination result of the allowable value storage determination unit 70. Thus, the writing process is executed. That is, the tolerance value storage determination unit 70 has a function of determining whether or not the tolerance value is stored in the tolerance value storage unit 50, and the secret code writing unit 25 is configured to accept the tolerance value by the tolerance value storage determination unit 70. The secret code writing process is executed only when it is determined that is stored.

  Therefore, before performing the process of writing the desired secret code Cs to the information processing apparatus 100, it is necessary to execute the process of writing the desired allowable value M. Even if the writing process for the secret code Cs is performed before the writing process for the allowable value M, the allowable value is still stored in the allowable value storage unit 50 by the allowable value storage determination unit 70. The secret code writing unit 25 rejects the write instruction for the secret code Cs.

  As a result, in the information processing apparatus 100 shown in FIG. 3, regarding the issue processing process issued for a specific user, the restriction on the writing order “always write the allowable value M first, and then write the secret code Cs”. However, there is no particular inconvenience at other points. Moreover, according to the information processing apparatus 100 shown in FIG. 3, there is an advantage that sufficient security is ensured even if an abnormality occurs in the allowable value writing process. For example, if a communication error occurs during the execution of the writing process of the allowable value M and the secret code Cs (the issuing process of the information processing apparatus 100) via online connection and the writing of the allowable value M fails, The secret code Cs writing process to be performed is rejected by the secret code writing unit 25 based on the negative determination result of the allowable value storage determining unit 70. As a result, the issuing process itself for the information processing apparatus 100 ends in failure, so that the information processing apparatus 100 in which at least the allowable value is not written is never put into practical use.

  Of course, usually, when the issuing process itself fails as described above, the issuing process is executed again. If the allowable value M is correctly written in this reissue process, the secret code Cs is written by the secret code writing unit 25 based on the positive determination result by the allowable value storage determining unit 70. become.

  The basic concept of the embodiment based on the first approach of the present invention has been described above. Next, a specific determination method performed by the allowable value storage determination unit 70 will be described based on two examples. FIG. 4 is a block diagram for illustrating a first example, and FIG. 5 is a block diagram for illustrating a second example.

  As described above, the allowable value storage determination unit 70 is a component that determines whether or not the allowable value is stored in the allowable value storage unit 50. Actually, the allowable value storage unit 50 includes an EEPROM or the like. This is a component consisting of one area of the memory, and some data is written there. For example, consider a case where the allowable value storage unit 50 is configured by a memory area of 1 byte. In this case, the memory area indicates any one numerical value from hexadecimal “00” to “FF”. This is the same whether or not the writing process by the allowable value writing unit 55 is performed. If the initial value of this memory area is hexadecimal “FF”, even if the write processing by the allowable value writing unit 55 is not performed, the allowable value storage unit 50 stores “FF”. "Is stored.

  As described above, since some data is always stored in the allowable value storage unit 50 at any time, the allowable value storage determination unit 70 determines the allowable value based on some criterion. It is necessary to determine whether the data stored in the storage determination unit 70 is data indicating an allowable value.

  The example shown in FIG. 4 is an example in which an effective range that the allowable value should take is defined as the reference. In the illustrated example, an effective range setting unit 71 is provided in the allowable value storage determination unit 70, and an effective range of “1 to 10” is set here. As described above, if the allowable value storage determination unit 70 stores in advance the effective range that the allowable value should take, the data stored in the allowable value storage unit 50 is data within this effective range. It can be determined that the allowable value is stored. In the case of the illustrated example, when the data stored in the allowable value storage unit 50 is a value within the range of the valid range 1 to 10, the allowable value storage determination unit 70 makes an affirmative determination. Become.

  The permissible value to be stored in the permissible value storage unit 50 indicates the maximum number of times that the erroneous input code Ci can be continuously input, and is generally set to a value of about 1 to 10 at most. It is a power value. In this way, the effective range setting unit 71 may be set to a range that can be determined to some extent as an effective range that the allowable value should take. Then, if the allowable value writing process fails and the data in the allowable value storage unit 50 indicates the initial value “FF”, the allowable value storage determination unit 70 makes a negative determination. Thus, the secret code Cs writing process by the secret code writing unit 25 is rejected.

  If the allowable value writing process has failed, but the data in the allowable value storage unit 50 falls within the effective range set in the effective range setting unit 71, the allowable value storage determination unit 70 makes a positive determination. In this case, since the data in the allowable value storage unit 50 is within the valid range in the first place, the positive determination by the allowable value storage determination unit 70 is made. Even if it does not cause a big problem. For example, even though an instruction is given to the allowable value writing unit 55 to write “5” as the allowable value M, the writing process fails and “10” is written as the allowable value M. In such a case, the process of writing the allowable value M itself has failed, but the allowable value “10” written in the allowable value storage unit 50 can be determined to be somewhat valid as an effective range that the allowable value should take. Even if the allowable value storage determination unit 70 makes a positive determination, the secret code Cs is written, and the information processing apparatus 100 is put to practical use, it is a serious security problem. There will be no hindrance.

  On the other hand, in the example shown in FIG. 5, the fact that the normal writing process by the allowable value writing unit 55 has been completed is recorded as a flag. That is, the illustrated flag area 72 has a function indicating either the first logical state or the second logical state, and is initially configured by a storage area indicating the first logical state. The allowable value writing unit 55 has a function of changing the flag area 72 to the second logical state when a process of writing the allowable value is performed. In this case, the allowable value storage determining unit 70 may determine that the allowable value is stored when the flag area 72 indicates the second logical state.

  For example, assume that a 1-bit memory indicating “1” in the initial state is used as the flag area 72. In this case, the allowable value writing unit 55 may perform a process of rewriting the bit to “0” when the allowable value writing process is completed. The allowable value storage determination unit 70 makes a positive determination if the bit of the flag area 72 is “0”, and makes a negative determination if the bit is “1”.

<<< §4. Embodiment based on second approach >>>
Subsequently, an embodiment based on the second approach will be described. In this embodiment, the issue processing of the information processing apparatus 100 is devised to solve the problem, and the information processing apparatus 100 used may be the conventional information processing apparatus shown in FIG. 2 (allowable value storage determination). It is not necessary to provide the portion 70).

  FIG. 6 is a flowchart showing a procedure of an issuance method of the information processing apparatus according to the embodiment based on the second approach. As shown in the figure, this issuance method includes three stages: a processing apparatus preparation stage (step S1), an issuance preparation stage (step S2), and an issuance processing stage (step S3). The processing device preparation stage in step S1 is a stage in which the information processing apparatus 100 shown in FIG. 2 is prepared. The configuration of the information processing apparatus 100 is as already described in §1 and §2.

  The subsequent issuance preparation stage of step S2 is a stage in which the default permissible value D is written in the permissible value storage unit 50 in the information processing apparatus 100. Specifically, a predetermined default allowable value D may be written in the allowable value storage unit 50 by giving an instruction to the allowable value writing unit 55. As the default permissible value D, any value may be set as long as the permissible value can be determined to some extent as an effective range to be taken. It is preferable to set a standard allowable value as a default allowable value D for a trader.

  The issuance process stage of step S3 is a process for issuing the information processing apparatus 100 for a specific user by writing a desired secret code and a desired allowable value for the information processing apparatus 100 thus prepared. Yes, after the issue preparation stage of step S2 is executed. In this issuance processing stage, an instruction is given to the secret code writing unit 25 to write a desired secret code Cs in the secret code storage unit 20, and an instruction is given to the tolerance value writing unit 55 to allow the allowable value. A process of writing a desired allowable value M in the storage unit 50 is executed. The order of both writing processes is not questioned. Note that since the default allowable value D is already written in step S2 in the allowable value storage unit 50, the process of writing the desired allowable value M performed in step S3 sets the default allowable value D to the desired allowable value. This is a process of rewriting the value M.

  If the information processing apparatus 100 is issued in such a procedure, even if the process of writing the desired allowable value M fails in step S3, the default value written in step S2 is stored in the allowable value storage unit 50. Since the allowable value D is stored, no serious trouble occurs in terms of security.

  It should be noted that the provider providing the information processing apparatus 100 can perform the process up to the issuance preparation stage of step S2. This point will be described in more detail with respect to an example in which a mobile phone-mounted IC card is used as the information processing apparatus 100.

  Now, IC card provider X has received an order for the addition of a credit function from Y and three credit sales companies A, B, and C on a mobile phone-mounted IC card received from mobile phone service provider Y. It shall be delivered to Company Y. In this case, the value of the allowable value M to be set in the allowable value storage unit 50 is different for each of the A company, the B company, and the C company, and even if it is a credit card issued by the same A company, Since there is a possibility that the tolerance value M has a variation, the original tolerance value M cannot be written in the tolerance value storage unit 50 when the provider X delivers the IC card to each company. Further, since the secret code Cs usually differs for each individual user, the secret code Cs cannot be written in the secret code storage unit 20. In any case, each credit sales company A, B, C is information to be written when a process of issuing each IC card (a process of step S3) to a specific customer is performed.

  However, in the method described in §4, the provider X allows the allowable value in each IC card at a stage (step S2) before the issue processing (step S3) by each credit sales company A, B, C is executed. A process of writing the default allowable value D into the storage unit 50 is performed. The default permissible value D may be different for each of the A company, the B company, and the C company. However, in practice, the same permissible value may be used for each company. For example, when the default permissible value D = 5 is set, a process of writing the default permissible value 5 into the permissible value storage unit 50 of all IC cards is executed. Since the writing process performed in step S2 is performed when the IC card is under the control of the provider X, it can be executed in a stable environment where there is little risk of communication errors and the like, and the default allowable value. The possibility of shipping a product that fails to write D is very small.

  In this way, the IC card in which the default allowable value D is written leaves the provider X and reaches the user through a general distribution channel. In the case of an IC card mounted on a mobile phone, the card is often provided to the user as an accessory of the mobile phone. Here, if the user attaches the IC card to a mobile phone and uses the communication function of the mobile phone to connect online to a server of a desired credit sales company, remote issue processing from the server (step S3) is performed. The IC card can have a function as a credit card. For example, when the credit sales company A has set the allowable value M = 4, the default allowable value D = 5 is rewritten to the allowable value M = 4.

  As described above, if a communication error occurs in the remote issuing process, writing of the allowable value M may fail. However, even if the allowable value M fails to be written in step S3, since the default allowable value D written in step S2 is stored in the allowable value storage unit 50, there is a serious security problem. Is not reached. In the case of the above example, the allowable value storage unit 50 should originally store the allowable value 4, but if the writing fails, the default allowable value 5 is stored. Strictly speaking, it will not be as intended by credit sales company A, but it will not be a serious hindrance.

  As mentioned above, although this invention was demonstrated based on embodiment shown in figure, this invention is not limited to these embodiment, In addition, it can implement in a various aspect. In particular, each component shown as a block in FIG. 1 to FIG. 5 is obtained by extracting a specific processing function of the information processing apparatus 100 as one component, and in fact, a CPU configuring the information processing apparatus 100 This is an element realized by a combination of hardware such as a memory and software such as various programs incorporated in the information processing apparatus 100.

It is a block diagram which shows the basic composition of the information processing apparatus provided with the authentication function generally used conventionally. FIG. 2 is a block diagram showing a configuration example in which a secret code writing unit 25 and an allowable value writing unit 55 are further added to the information processing apparatus 100 shown in FIG. 1. It is a block diagram which shows the basic composition of the information processing apparatus which concerns on embodiment based on the 1st approach of this invention. It is a block diagram which shows the more concrete 1st example of embodiment shown in FIG. It is a block diagram which shows the 2nd example of a concrete example of embodiment shown in FIG. It is a flowchart which shows the procedure of the issuing method of the information processing apparatus which concerns on embodiment based on the 2nd approach shown for reference .

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Correct / incorrect determination unit 20 ... Secret code storage unit 25 ... Secret code writing unit 30 ... Continuous trial number counting unit 40 ... Invalidation processing unit 50 ... Allowable value storage unit 55 ... Allowable value writing unit 60 ... Original information processing Unit 70 ... Allowable value storage determination unit 71 ... Effective range setting unit 72 ... Flag area 100 ... Information processing device Ci ... Input code Cs ... Secret code D ... Default tolerance value M ... Allowable values S1-S3 ... Each step of the flowchart

Claims (3)

A secret code storage unit for storing a predetermined secret code;
A correct / incorrect determination unit that determines whether the input code is correct using the secret code when there is an access with a predetermined input code from the outside;
A continuous trial number counting unit that counts the number of times that the negative determination is continuously performed by the right / fail judgment unit;
An allowable value storage for storing the allowable value of the number of consecutive trials;
An invalidation processing unit for invalidating the secret code when the count value of the consecutive trial number counting unit exceeds the allowable value;
A secret code writing unit for performing a process of writing a predetermined secret code in the secret code storage unit based on an instruction from the outside;
An allowable value writing unit that performs processing of writing a predetermined allowable value in the allowable value storage unit based on an instruction from the outside;
In an information processing apparatus comprising:
A tolerance storage determination unit that determines whether or not a tolerance value is stored in the tolerance value storage unit is further provided, and only when the tolerance value storage determination unit determines that the tolerance value is stored, the secret is stored. The secret code writing process by the code writing unit is executed ,
The allowable value storage determination unit stores in advance the effective range that the allowable value should take, and the allowable value is stored when the data stored in the allowable value storage unit is data within the effective range. An information processing apparatus provided with an authentication function, characterized in that determination is made that it has been performed. The information processing apparatus according to claim 1,
  A correct / incorrect determination unit compares an input code given from the outside with a secret code stored in a secret code storage unit, and determines that the input code is correct when they match. An information processing apparatus having an authentication function. The information processing apparatus according to claim 1,
  When the result of executing a predetermined calculation based on one code for the input code given from the outside and the secret code stored in the secret code storage unit matches the other code, Alternatively, an information processing apparatus having an authentication function, wherein when the result of executing a predetermined calculation based on both codes matches, the input code is determined to be correct.