JPH0314052A - Portable medium - Google Patents

Abstract

PURPOSE:To prevent the rise of cost and to shorten the development period by inhibiting data read from and data write to a storage area where data for fundamental program of a rewritable data memory is stored by a user program. CONSTITUTION:A portable medium is provided with a communication control circuit 21, a CPU 28, a mask ROM 29, a memory control circuit 40, a program working memory 30, a data memory 31, a timer 32, a calendar circuit 33, a display control circuit 35, a keyboard interface 38, etc. A storage means 31 is provided with a first rewritable storage areas where fundamental functions are stored and a second rewritable storage area where user application programs can be stored and an inhibit area to which the access is inhibited is provided, and the execution of an application program is inhibited if the access from this application program to the inhibit area of the second storage area is detected. Thus the rise of cost is prevented and the development period is shortened.

Description

[Detailed Description of the Invention] [Objective of the Invention] (Industrial Application Field) The present invention has a built-in CPU 1 data memory, an internal battery, etc., and can be used as a stand-alone card in a calculator, a time display, etc., or in a terminal device. The present invention relates to a portable medium such as a multifunctional IC card that can be used by inserting the card.

(Prior technology) Conventionally, cards have a built-in CPU (control element), data memory, etc., and have a keyboard, display, etc., and are used as standalone cards for trains, time displays, etc., or used for insertion into terminals. Multifunctional IC cards have been developed. Above C
The PU, data memory, etc. are built into LSI.

For such IC cards, after examining the program according to the specifications submitted by the customer, the program is designed, depacked, and tested, and then the LSI is manufactured from the mask design stage. . In this case, all basic functions are implemented in a program memory configured by a mask ROM.

Therefore, when changing specifications or adding functions, L
Since the SI is manufactured, there is a disadvantage that not only the price of the LSI, that is, the price of the IC card becomes high, but also the development period becomes long.

(Problem to be solved by the invention) As mentioned above, this invention eliminates the disadvantages of high prices and long development periods, prevents high prices, and
The purpose is to provide a portable medium that can shorten the development period.

[Structure of the Invention] (Means for Solving the Problems) A portable medium of the present invention has a control element and a storage means, wherein the storage means is a non-rewritable first storage medium that stores basic functions. and a rewritable second storage area having a prohibited IF area in which an application program for the user can be stored but access is prohibited, and the second storage area is prohibited from being accessed by the application program. The system comprises a means for detecting access to an area, and a prohibiting means for prohibiting execution of the application program when the detecting means detects an access to the prohibited area.

(Function) The present invention has a control element and a storage means, in which the storage means has a non-rewritable first storage area that stores basic functions, and an application program for the user that can be stored therein and is accessible. and a rewritable second storage area having a prohibited area that is prohibited, and the application program detects access to the prohibited area of the second storage area, and the access to the prohibited area is detected. In this case, execution of the above application program is prohibited.

(Example) Hereinafter, an example of the present invention will be described with reference to the drawings.

In FIG. 2, 10 is an IC card as a portable medium, which is a multifunctional card having various functions. For example, it has an online function used in conjunction with a terminal (not shown), an offline function in which the IC card 10 operates independently, and a waiting state in which only the clock is counted.

The offline functions mentioned above include a calculator mode that can be used as a calculator, a time mode that displays the time according to the clock used by the user, and an electronic notebook that allows you to register and read out addresses, names, phone numbers, etc. mode,
Alternatively, the IC card 10 can be used alone, such as in a shopping mode in which the IC card 10 is used as a plurality of credit cards.

In the above shopping mode, the used balance, expiration date, shopping record, etc. are stored in the IC card 10, and each time the IC card 10 makes a purchase, the amount spent is deducted from the balance in the IC card 10, and the shopping information is recorded. It is. The above IC card 10
If the balance in the card or the expiration date has expired, it can be updated by having the contracted bank issue a secret code.

On the surface of the IC card 10, there is a contact section 11 arranged at a position that matches the card specifications.A keyboard section 12 consisting of 20 keys, and a display formed of a liquid crystal display element arranged on the top surface of this keyboard section 12. A section 13 is provided.

The contact portion 11 includes a plurality of terminals 118 to 118, for example.
llf, and the operating power supply voltage (V
cc, +5V), EEPROM write power supply voltage (Vp
It consists of terminals for p), ground, clock signal, reset signal, and data input/output.

The keyboard section 12 has selection keys (TI, T2, T3, T4) 12 a for selecting processing corresponding to the card type, ie, various credit cards, cash cards, etc.
, numeric keypad 12 b s 7 y four arithmetic operation keys as function keys, that is, addition (+) key 12 c 1 subtraction (
-) key 12d1 Division (÷) key 12e1 Multiplication (X) key 12f1 Decimal point (,) key 12g1 and Equal (
-) key 12h.

The addition key 12c is used as a NEXT key, that is, a mode selection key for selecting a mode during offline date and time display, and the subtraction key 12d is used as a BACK key.
The multiplication key 12f is used as a start key, the decimal point key 12g is used as a NO key and an end key, and the equal key 12h is used as a YES key. It is now used as a power-on key.

For example, equal key 12h as a power-on key
When is pressed, the CPU, which will be described later, is released from the HALT state and displays the time and weight of the operation start message on the display section 13.

In this state, when the numeric keypad 12b is pressed, the IC card 10 enters the calculator mode, and four arithmetic operations can be performed.

Further, the addition key 12C as a mode selection key is used as a key to advance the display state of the display section 13 which is currently displaying the date and time to another mode, and displays menus on the display section 13 such as electronic book, time set, date, etc. Each time the key is pressed, the transaction mode such as set, purchase, etc. is displayed. When executing these modes, press the equal key 12h above.
By pressing the YES key, the mode is entered and execution becomes possible.

The display section 13 is a 16-digit dot matrix with each digit being 5×7.

FIG. 3 shows an IC card reading/writing unit 1 used in a terminal device such as a personal computer that handles an IC card 10.
This shows the appearance of No. 6. In other words, card insertion slot 1
By connecting with the contact part 11 of the IC card 10 inserted from 7, data in the memory of the IC card 10 can be read or data can be written into the memory.

The IC card reading/writing section 16 is connected to the main body of a personal computer (not shown) by a cable.

Further, the electric circuit of the IC card 10 is constructed as shown in FIG. That is, the contact portion 1
1. Communication control circuit 21, reset control circuit 22, power supply control circuit 23, for example, a 3-volt internal battery (built-in power supply) 25, and a battery check circuit that checks whether the voltage value of this internal battery 25 is above a specified value. 24,
The clock control circuit 26 is a crystal oscillator for arithmetic clock oscillation, and has an oscillation frequency of 200 KHz (high-speed clock).
an oscillator 27 that outputs a signal, a control CPU (central processing unit) 28, a mask ROM 29 in which the basic program of the IC card 10 and necessary data are recorded, and a working memory 3.
0, a password, data, etc. are recorded, as well as programs for each user and the basic program described above, a data memory 31 composed of an EEPROM, a memory control circuit 40 for controlling the mask ROM 29 and the data memory 31, and processing. A timer 32 used for timekeeping during operation, a calendar circuit 33, an oscillator 34 which is a crystal oscillator for basic clock oscillation and always outputs a signal with an oscillation frequency of 32.768 KHz (low-speed clock), and a display section. a control circuit 35 and a display driver 3 that drives the display unit 13;
6, and a keyboard interface 38 as a key input circuit of the keyboard section 12.

The communication control circuit 21, CPU 28, ROM 29, memory control circuit 40, program working memory 30,
Data memory 31, timer 32, calendar circuit 33, display control circuit 35, and keyboard interface 38 are connected by data bus 20.

The communication control circuit 21 converts a serial human output signal, which is supplied via the contact unit 11 from the IC card reading/writing unit 16 connected to the terminal (not shown) at the time of reception, into parallel data. At the time of transmission, that is, parallel data supplied from the data bus 20 is converted into a serial human output signal and output to the terminal 16 via the contact section 11. . In this case, the format of the conversion is
It is defined for the terminal device and the IC card 1o.

When the reset control circuit 22 goes online, it generates a reset signal and starts the CPU 28.

When the power supply control circuit 23 goes online, it switches from being driven by the internal battery 25 to being driven by an external power supply after a predetermined period of time has elapsed, and when it goes offline, that is, when the external voltage drops, it switches from being driven by the external power source to being driven by the external power source. This is to switch to driving by the battery 25.

The clock control circuit 26 switches between a low-speed clock and a high-speed clock in a timely manner in an offline mode in which the card operates with the internal battery 25, and also switches between a low-speed clock and a high-speed clock in a timely manner in order to power down after executing a HALT command.
The oscillation circuit (not shown) that outputs the signal of the oscillation frequency (high-speed clock) of KH2 is stopped, and the supply of the clock to the CPO 28 is also stopped, so that it stands by in a completely stopped state. The clock control circuit 26 resets,
The configuration is such that when the HALT command is executed, the clock mode is basically selected.

The basic programs stored in the mask ROM 29 include a credit function, a drive program for I10 control,
These include a calendar function and various other subroutine functions.

As shown in FIG. 4, the data memory 31 includes a user application program storage area 31a in which user application programs are stored, and a user data storage area 31 in which user data is stored.
b1 It is constituted by a basic program data storage area 31c in which data for the basic program (for example, important data such as the amount of money) is stored, and access by the user application program is prohibited.

The basic program stored in the mask ROM 29 is LS
The application program for the user, which is installed before the card is manufactured and stored in the data memory 31, is loaded from the terminal and installed by the issuer as part of the card issuance process after the card is manufactured. It has become so.

The memory control circuit 40 uses a mask to prevent basic data from being destroyed due to software bugs or noise, and to prevent unauthorized programs from entering the user area.
It monitors the operations of the ROM 29 and data memory 31 and controls reading and writing of data. For example, the basic program data storage area 31c in the data memory 31 by the user application program.
This disallows (prohibits) access to, that is, reading and writing data.

The calendar circuit 33 has a display clock that can be freely set and changed by the card holder, and a transaction clock that sets, for example, world standard time when the card is issued and cannot be changed thereafter. ing.

The display unit control circuit 35 converts the display data supplied from the CPU 28 into a character pattern using a character generator (not shown) configured with an internal ROM, and converts the display data supplied from the CPU 28 into a character pattern on the display unit 13 using a display unit driver 36. It is to be displayed.

The keyboard interface 38 converts keys manually pressed on the keyboard section 12 into key manual signals and outputs the signals to the CPU 28.

The memory control circuit 40 is configured as shown in FIG. In other words, data indicating an access-prohibited area that is set in advance at the time of manufacturing, that is, data memory 3
There is an address monitoring area buffer 50 in which the upper few bits of the start address of the basic program data storage area 31c in No. 1 are stored. The address monitoring area buffer 50 stores data indicating an access prohibited area in response to a write signal and data indicating an access prohibited area supplied from the CPO 28 via the data bus 20 during manufacturing. The stored data indicating the access prohibited area is supplied to one input terminal B of the prohibited area comparison circuit 51. This prohibited area comparison circuit 5
The other input terminal A of 1 is connected to the data bus 2 from the CPU 2g.
Address data to be accessed from now on is supplied via 0.

The prohibited area comparison circuit 51 compares whether or not the data indicating an access prohibited area from the address monitoring area buffer 50 matches the upper few bits of the address data from the CPU 28. The output is a flip-flop circuit (FF circuit) 52 for inhibiting operation.
supplied to

The set output as an access prohibition signal of this FF circuit 52 is transmitted to an access permission gate 53 constituted by an AND circuit.
and the select terminal S of the data selection circuit 54.

The data input terminal A of the data selection circuit 54 is supplied with the read data from the data memory 31 stored in the read buffer 55, and the data input terminal B is supplied with the soft interrupt stored in the soft interrupt instruction code register 56. An instruction code is supplied. The output of the data selection circuit 54 is connected to the upper ID CP 028 via the data bus 20.
Output to.

Further, there is an address monitoring area buffer 57 in which data indicating a user program area set in advance at the time of manufacturing, that is, the upper few bits of the start address of the user application program storage area 31a in the data memory 31 is stored. In the address monitoring area buffer 57, data indicating a user program area is stored in response to a write signal and data indicating a user program area supplied from the CPU 28 via the data bus 20 during manufacturing. This stored data is supplied to one input terminal Bin of the program area comparison circuit 58.

The other input terminal Ai of this program area comparison circuit 58
Address data corresponding to the program currently being executed is supplied to n from the CPO 28 stored in the buffer 60 via the data bus 20 .

The match signal outputted from the output end 58a of the program area comparison circuit 58 is supplied to the other end of the access permission gate 53, and the output of this access permission gate 53 is sent to one end of the access permission gate 59 constituted by an OR circuit. The mismatch signal output from the output terminal 58b of the program area comparison circuit 58 is supplied to the other end of the five access permission gates, and the output of the five access permission gates is output to the data memory 31 as an access signal. Ru.

As a result, the set output as an access prohibition signal is not supplied from the FF circuit 52 to the access permission gate 53.
When a match signal is output from the output end 58a of the program area comparison circuit 58, or when a mismatch signal is output from the output end 58b of the program area comparison circuit 58,
The access signal output from the access permission gate 59 is in an enabled state.

Further, a set output as an access prohibition signal is supplied from the FF circuit 52 to the access permission gate 53, and when a match signal is output from the output terminal 58a of the program area comparison circuit 58, an access signal is output from the access permission gate 59. is not enabled, and a set output as an access prohibition signal is supplied from the FF circuit 52 to the access permission gate 53, and the program area comparison circuit 58
When the mismatch signal is output from the output terminal 58b of the access permission gate, the access signals output from the five access permission gates become enabled.

The data memory 31 also contains addresses to be accessed, read signals, write signals, and write data for the CPU 2.
8 via the data bus 20.

Next, the operation in such a configuration will be explained.

For example, when a card is manufactured, data indicating an access-prohibited area by the manufacturer, that is, the upper few bits of the start address of the basic program data storage area 31c in the data memory 31, and data indicating a user program area, that is, the data memory The upper several bits of the start address of the user application program storage area 31a in 31 are set. This allows the CPU
28 supplies data indicating the set access-prohibited 11 area and a write signal to the address monitoring area buffer 50 in the memory control circuit 40 via the data bus 20;
Data indicating the set user program area and a write signal are supplied to the address monitoring area buffer 57 in the memory control circuit 40 via the data bus 20.

At the time of manufacturing, the address monitoring area buffer 5
Data indicating an access prohibited area is stored in 0, and data indicating a user program area is stored in address monitoring area buffer 57.

After the manufacture of the IC card 10 in which each data is set in this way is completed, an application program for the user is loaded from the terminal device and installed as part of the card issuing process on the issuer side.

After the IC card 10 is issued, when the IC card 10 is used by the user, the memory control circuit 40 is stored in the basic program data storage area in the data memory 31 while executing processing with the user's application program. 31c, the access signal to the data memory 31 is not enabled, and a soft interrupt instruction code is output to the CPU 28. As a result, when the basic program data storage area 31c is accessed by a user application program, the access is disallowed and the program currently being executed by the CPU 28 is invalidated.

That is, first, when an application program is selected, the CPO 28 outputs its address to the buffer 60' in the memory control circuit 40. This buffer 6
The address stored as 0 is output to the user program area comparison circuit 58.

Then, the user program area comparison circuit 58
The address supplied from the PU 28 is compared with data from the user area program buffer 57 indicating the user program area that has been set in advance during manufacturing, and if the address to be accessed is the user program area, a match signal is sent from the output @58a. is output, and if it is outside the user program area, a mismatch signal is output from the output terminal 58b.

Processing is performed according to the application program, and when the data memory 31 is accessed, the CPU 28 outputs the address to be accessed to the prohibited area comparison circuit 51 in the memory control circuit 40. Then, the prohibited area comparison circuit 51
The address supplied from the address monitoring area buffer 50 is compared with data indicating an access prohibited area that is set in advance at the time of manufacture from the address monitoring area buffer 50, and if the address to be accessed is an access prohibited area, a match signal is sent to the FF circuit 52. supplied to

As a result, the FF circuit 52 is set, and the set output as an access prohibition signal is transmitted to the access permission gate 53.
and is supplied to the select terminal S of the data selection circuit 54.

Therefore, since the access permission gate 53 is closed, the output terminal 58a of the user program area comparison circuit 58
When a match signal is output from the access permission gate 59, the access signal output from the access permission gate 59 is not enabled, and when a mismatch signal is output from the output terminal 58b of the user program area comparison circuit 58, the access permission gate The access signal output from 59 is enabled.

Further, the data selection circuit 54 selects the input terminal B by the set output from the FF circuit 52, and transfers the soft interrupt instruction code "00" from the soft interrupt instruction code register 56 supplied to the data input terminal B to the data bus. 20 to the CPU 28. As a result, if the program currently being processed is a user program, the CPO 28 that has received the soft interrupt instruction code "00" reads the soft interrupt instruction program from the mask ROM 29 and performs the processing according to this program, that is, the program currently being executed. The program will be disabled.

Furthermore, if the program currently being processed is not a user program, data is written to the address supplied by the CPU 28, and data at that address is read.

Further, if the comparison result of the prohibited area comparison circuit 51 is a non-coincidence, the coincidence signal is not supplied to the FF circuit 52, and the FF circuit 52 is not set. This opens the access permission gate 53, so if a match signal is output from the output end 58a of the user program area comparison circuit 58, or a mismatch signal is output from the output end 58b of the user program area comparison circuit 58. If so, the access signal output from the access permission gate 59 is enabled.

At this time, data is written to the address supplied from the CPU 28, and data at that address is read.

As mentioned above, the rewritable data memory is equipped with a storage area in which user programs and basic program data are stored, and reading and writing of data in the basic program data storage area by the user program is prohibited. It was designed to do so.

As a result, there is no need to create a new LSI every time the specifications change, and by monitoring program operation for users, it is highly reliable that prevents destruction of basic data and intrusion of unauthorized software. card can be provided.

In other words, the data for the basic program is stored in a rewritable memory, but in the user program,
Since the area for basic program data is released, it is possible to prevent the card from losing its basic functions or becoming damaged by simply freeing up memory.

In the above embodiment, an IC card is used, but the IC card is not limited to this, as long as it has a data memory and a control element, and selectively performs input/output from the outside, and the shape is not card-like. , or other shapes such as a rod shape.

[Effects of the Invention] As detailed above, according to the present invention, it is possible to provide a portable medium that can prevent price increases and shorten the development period.

[Brief explanation of drawings]

The drawings are for explaining one embodiment of the present invention, and FIG. 1 is a diagram showing a schematic configuration of an electric circuit of an IC card, and FIG.
Figure 3 is a plan view showing the configuration of an IC card, Figure 3 is a diagram showing a terminal that handles the IC card, Figure 4 is a diagram showing the configuration of a data memory, and Figure 5 is a diagram showing the configuration of a memory control circuit. be. DESCRIPTION OF SYMBOLS 10... IC card (portable medium), 11... Contact part, 12... Keyboard part, 13... Display part, 16... Terminal, 28... CPU (control element), 29...Mask ROM (storage means), 31...
- Data memory (storage means), 31a... User application program storage area, 31b... User data storage area, 31c... Basic program data storage area, 40... Memory control circuit, 50
．． 57... Address monitoring area buffer, 51...
Forbidden area comparison circuit, 52...Flip-flop circuit, 53.59...Access permission gate, 54...Data selection circuit, 55...Read buffer, 56...
Soft interrupt instruction code register, 58...Program area comparison circuit, 60...Buffer. II2Figure 313Figure

Claims (1)

[Scope of Claims] A portable medium having a control element and a storage means, wherein the storage means includes a first storage area that cannot be rewritten and stores basic functions, and an application program for a user that can be stored and accessed. a rewritable second storage area having a prohibited area in which the prohibited area is prohibited; means for detecting access to the prohibited area of the second storage area by the application program; 1. A portable medium comprising prohibition means for prohibiting execution of the application program when access to the application program is detected.