JPH07113959B2 - Portable storage medium processing device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION [Object of the Invention] (Field of Industrial Application) The present invention relates to a portable storage medium processing device for issuing a card having a built-in semiconductor memory such as an IC card.

(Prior Art) Generally, a card with a magnetic stripe, which is used as an identification card or a credit card, that is, a so-called magnetic card has a small amount of stored data and is easy to read the stored content, so that the security is low. There is.

Therefore, recently, a portable storage medium, which has high security for reading the stored contents and has a large storage capacity, so-called an IC card is being used. This type of IC card is usually handed to the card issuer from the card manufacturer in an unissued state, issued by writing predetermined data in the card issuer, and given to the user. .

By the way, the conventional IC card issuance processing method is the same as the conventional magnetic card issuance, in which the data written on the magnetic tape or the floppy disk is directly input to the card reader / writer via the host computer. The method of issuing by writing on the issued IC card was used. However, in such a conventional processing method,
There is a great possibility that the data to be written in the IC card will be easily leaked to the outside, and this has the drawback that the security of the processing device is poor.

(Problems to be Solved by the Invention) As described above, in the conventional processing method, there is a great possibility that the data written in the IC card easily leaks to the outside,
Therefore, there is a drawback that security is poor.

Therefore, the present invention eliminates the above drawbacks, and an object of the present invention is to provide a portable storage medium processing device having high security suitable for a card having a built-in semiconductor memory such as an IC card having high security.

[Structure of the Invention] (Means for Solving Problems) A portable storage medium processing device of the present invention is personal data including a personal name and personal identification information of a card carrier, and
In a portable storage medium processing device that issues a card, issuer data consisting of the issuer's name and personal identification information is recorded in a semiconductor memory built into the card to issue an issue code, issuer's name and personal identification information. First reading means for reading the issuer data from a key card in which the issuer data is stored in a semiconductor memory, and a second reading means for reading the issue code and fixed data in a fixed data card in which the issue code and fixed data are stored in the semiconductor memory. Reading means, comparing means for comparing the issuing code read from the key card by the first reading means with the issuing code read from the fixed data card by the second reading means; And personal data consisting of personal identification information for multiple persons If the issue code read from the key card and the issue code read from the fixed data card match as a result of the comparison, the reading means for sequentially reading the data from the issue file and the comparison result by the comparing means match. In this case, from the personal data including the personal name and personal identification information read from the issuing file by the reading means, and the name and personal identification information of the issuer read from the key card by the first reading means. The issuer data and the recording means for recording the fixed data read from the fixed data card by the second reading means on the card to be issued. , The name and password of the issuer read from the key card by the first reading means Things recorded issuer data should issue a card consisting of and wherein.

(Operation) Reading and writing of data between a fixed data card holding fixed data common to the card to be issued and a card to be issued can be performed without passing through a host device. Data will not be leaked to the outside easily, and the security will be very high.

In addition to the fixed data card, a key card that is a key for starting this device is provided, and since both the fixed data card and the key card are not valid, it will not start,
The effect of preventing unauthorized use is great, and the security can be further enhanced.

(Example) Hereinafter, one example of the present invention will be described with reference to the drawings.

FIG. 3 shows the appearance of an IC card with a magnetic stripe after issuance, as an example of a card incorporating the semiconductor memory according to the present invention. That is, 1 is a card body, which is made of, for example, a rectangular thin plastic plate. A magnetic stripe 2 formed in a strip shape in the longitudinal direction is provided on the front end of the card body 1. In addition, emboss information 3 written on the emboss printed on the surface of the card body 1 is formed. The emboss information 3 is made up of identification information of the card carrier, such as the card carrier's name, account number, and card expiration date. Further, the surface of the card body 1 is electrically connected to an integrated circuit (IC) 4 embedded in the card body 1 and serves as an input / output terminal for obtaining electrical contact with a card reader / writer (not shown). The contact part 5 is provided. The integrated circuit 4 includes a control unit (for example, a microprocessor) 6
And a memory unit (for example, EEPROM) 7. It should be noted that the emboss information 3 is not formed before issuance.

FIG. 2 shows an external perspective view of an IC card processing device for issuing an IC card as an example of the portable storage medium processing device according to the present invention, and FIG. 1 shows its block configuration diagram. That is, reference numeral 11 denotes a host control unit, which includes a host processor 12 including a control unit (not shown) and a memory unit that contains a control program, and a hard disk device 13 that stores a program for controlling the entire apparatus and processing contents of the apparatus. And a floppy disk device 14 for inputting data that is a part of the data to be written to the IC card, which is different for each IC card, such as the name of the card carrier, or the account number for a cash card. , Which will be the host of this device. Reference numeral 15 is a magnetic tape unit for inputting different data for each IC card, like the floppy disk device 14, and is connected to the host processor 12, whereby an IC card issuer uses it for its service, for example. From the list of new subscribers registered on the system host computer,
It is also possible to use the magnetic tape created by the magnetic tape unit of the host computer. Reference numeral 16 is a keyboard for performing various operations, 17 is a CRT display device for displaying operating procedures, states, etc. These are connected to the host processor 12. Reference numeral 18 denotes a card reader / writer which is connected to the host processor 12 and into which an access key card AC for activating the apparatus can be inserted. Access key card AC here
For example, an IC card similar to the IC card shown in FIG. 3 is used. However, the magnetic stripe 2 and the emboss information 3 may not be provided.

19 is a printer that creates a shipping note for sending the issued IC card to the carrier, 20 is the cardholder's temporary PIN (which can be changed by the card carrier) Is a printer that creates an issuance notice 21 for making another notification, and these are connected to the host processor 12. Issuance notice 21 created by printer 20
Is configured, for example, as shown in FIG. That is, the peripheral portion (the shaded portion 2
An envelope-shaped issuance notice 21 to which 3) is glued is formed so that it can be cut at perforations 24 provided in the peripheral portion thereof. Then, in this issuance notice 21,
Name 25 and temporary PIN 26 are printed. In this case, the area where the address / name 25 is printed is also colored on the first sheet of the front surface, and the area where the temporary secret code 26 is printed is colored only on the second (front) side of the back sheet Does not develop color. As a result, the temporary personal identification number is written so that only the card carrier can know it.

Reference numeral 27 denotes an issuance processing unit for processing an IC card to be issued, which is connected to the host processor 12. The issue processing unit 27 is configured as follows. That is, 28 is a microprocessor, which controls the issuance of the IC card according to an instruction from the host processor 12, that is, the control of writing magnetic data on the magnetic stripe 2 of the IC card, the control of forming the emboss information 3 on the IC card, the IC The control of writing data in the memory unit 7 of the card is performed. 29 is a keyboard, 30 is a display, these are microprocessor 28
It is connected to the. The keyboard 29 is for inputting a personal identification number,
It is used as an input for the test operation of the issue processing unit 27, resetting at the time of trouble, and the like. The display unit 30 displays the state of the issue processing unit 27, the result of the test operation, and the like.

The IC cards before issuance are stacked and housed in the hopper 31 so that they can be taken out one by one in response to a signal from the microprocessor 28. The IC card taken out from the hopper 31 is sent to the encoding unit 32 for writing magnetic data. The microprocessor 28 detects that an IC card has arrived at the encoding unit 32 by a detector (not shown), and then writes magnetic data on the magnetic stripe 2 by a write / read head (magnetic head) (not shown). After the writing is completed, the microprocessor 28 reads the written data, checks whether the written data is correctly written, and then sends the IC card to the embossing unit 33. If the written data is incorrect, the magnetic data is written again and then checked. If you still cannot write correctly, pass through the embossing unit 33,
Further, it passes through the reader / writer unit 34 and passes through the destruction unit 35.
Then, a hole 8 is made in the portion of the magnetic stripe 2 as shown in FIG. 4, for example. This makes it impossible to use the IC card, and visually confirms the defective IC.
Be able to determine that it is a card. If it is after the emboss information 3 is formed, for example, the fourth
As shown in the figure, a hole 9 is also formed in the embossed information 3 portion. Regarding electric recording, since a void command can be written in the memory unit 7 by the control unit 6 of the IC card so that the IC card cannot be used, it is not always necessary to make a break such as making a hole. This not only makes it impossible to use this IC card in a terminal that can operate, but also makes it possible to determine that this IC card cannot be used without using the device. The magnetic stripe 2 and the embossed information 3 are punched and the void command is written in the memory section 7 in the following forms.

The first is when the magnetic stripe 2 is defective, and the error is during the formation of the embossed information 3 due to the normal writing to the magnetic stripe 2, and the second is that the embossed information 3 is normally formed. When the embossing information 3 is formed normally (for example, when the last number of the account number is embossed with an incorrect number), it is impossible to write to the memory unit 7 Is. Third, the magnetic stripe 2 and the embossed information 3 are normal, but the IC card is not a normal IC card because a part of the memory unit 7 is defective. However, this IC card can be partially used by a terminal device. If possible.

In the case of the first case, the destruction unit 35 makes a hole 8 in the magnetic stripe 2, and the reader / writer unit 34 writes a void command in the memory unit 7. Although the embossing information 3 is not formed at all, it can be judged even if it is seen because it is incomplete, and therefore it is not necessary to make a hole in the destruction unit 35.

In the case of the second case, since the magnetic stripe 2 is normally written and the emboss information 3 is normally formed, each part of the magnetic stripe 2 and the emboss information 3 is punched by the destruction unit 35. To do. Since writing to the memory unit 7 is impossible, it is not necessary to write a void instruction with the reader / writer unit 34 (rather, it is impossible to write the void instruction itself).

In the case of the third case, the destruction unit 35 perforates each part of the magnetic stripe 2 and the embossed information 3, and the reader / writer unit 34 writes a void instruction in the memory unit 7.

After the unusable process described above is applied to the defective IC card, it is sorted by the sorting unit 36, and the reject stacker is sorted.
Bad IC cards are accumulated in 37.

In the IC card in which the magnetic data is normally written and sent to the embossing unit 33, the embossing unit 33 forms the embossing information 3. Here, generally, the raised character is formed on the upper side by a letter type press (convex type and concave type), but the letter may be attached or the raised character may be formed. When the embossing information 3 is formed by pressing a character die, the position of the press die for each character is checked to see if the embossing is done normally or not.
When 28 is checked, if the embossing becomes defective, the embossing is immediately stopped and the unusable process as described above is performed. Of course, the data to be embossed is controlled by the microprocessor 28.

When the emboss information 3 is formed normally, the IC card is sent to the reader / writer unit 34, and the reader / writer unit 34
The contact portion 5 of the IC card comes to the contact position of and is stopped. Thereafter, the microprocessor 28 controls so that the contact portion (not shown) of the reader / writer unit 34 comes into contact with the contact portion 5 of the IC card. When a signal that the contact of the contact unit 5 is completed is input to the read / write control unit 39 by the microprocessor 28,
The read / write control unit 39 supplies power to the control unit 6 and the memory unit 7 via the contact unit 5 and sends a start signal (command). The read / write control unit 39 receives the reply signal (respond) from the control unit 6 of the IC card, and then inserts into the card reader / writer 40 connected to the read / write control unit 39 the key card KC and the card reader / reader. Writer 41
The data from the fixed data card FC to be inserted into the IC card is written in the memory section 7 of the IC card and checked.
Here, when it is confirmed by the read / write control unit 39 that the data has been normally written, the read / write control unit 39
In response to the signal from the microprocessor 28, the microprocessor 28 controls the reader / writer unit 34 to separate the contact portion (not shown) from the contact portion 5 of the IC card. After that, under the control of the microprocessor 28, the IC cards which have passed through the destruction unit 35 and are sorted by the sorting section 36 and all writing is normally completed are stacked in the stacker 38. here,
As the key card KC and the fixed data card FC, for example, an IC card similar to the IC card shown in FIG. 3 is used. However, the magnetic stripe 2 and the emboss information 3 may not be provided.

The three writings of magnetic data, embossing information and electronic recording are brought to the end by the electronic recording unit, ie the reader / writer unit 34. Since the writing of the emboss information is a press, the integrated circuit 4 and the contact portion 5 are recorded on the IC card in which the integrated circuit 4 and the contact portion 5 are not destroyed during this work, that is, the product check can be performed.

In FIG. 2, reference numeral 42 designates a take-out door for taking out the IC cards in the stackers 37, 38.

FIG. 6 shows the contents of the memory section 50 of the access key card AC. 51 is a control program area, 52 is a terminal access code area, 53 is a card access code area, 54
Is the personal identification number area, 55 is the user name (code) area,
56 is a void area, 57 is an error count area, and 58 is an issue recording area.

FIG. 7 shows the contents of the memory section 60 of the key card KC. 61 is a control program area, 62 is a issuing code area, 63 is a terminal access code area, 64 is a card access code area, 65 is a personal identification number area, 66 is a user name (code) area, and 67 is an issuer temporary personal identification number area. , 68 is an issuer recording area, 69 is a void area, 70 is an error count area, 71 is an issued number area, 72 is an issue count area, 73 is a defective count area, 74 is an issue cumulative area,
75 is an issue recording area.

FIG. 8 shows the contents of the memory section 80 of the fixed data card FC. 81 is control program area, 82 issuance code area, 83 is terminal access code area, 84 is card access code area, 85 is personal identification number area, 86 is user name (code) area, 87 is void area, 88 is error The count area and 89 are data areas.

FIG. 9 shows the contents of the memory section 7 of the IC card after issuance. 91 is the basic control program area, 92 is the manufacturer recording area, 93 is the issuer recording area, 94 is the issue recording area,
95 is an application program area, 96 is a carrier recording area, and 97 is an empty area.

Next, the operation of the above configuration will be described with reference to the flowchart shown in FIG. First, when the power of this device is turned on, the host processor 12 performs the initial setting, and if there is no problem, causes the display device 17 to display a message "Insert access key card" (S
1). Here, the operator inserts the access key card AC into the card reader / writer 18 (S2). Then, the Asseskey card AC is powered up and activated,
Between the access key card AC and the host processor 12,
It is verified whether the inserted access key card AC is suitable for this device (S3, S4). This matching of conformity is performed by the following method, for example. That is, the terminal access code is stored in the terminal access code area 52 of the memory unit 50 of the access key card AC, by requesting this terminal access code from the host processor 12, and by returning this to the host processor 12, It is compared with the code registered in the host processor 12. Next, the card access code is sent from the host processor 12 to the access key card AC, and the card access code in the card access code area 53 of the memory section 50 is checked in the access key card AC. Whatever method is used, it is verified that the host processor 12 and the access key card AC can access each other. If the host processor 12 cannot be compared with the access key card AC here, the access key card AC is ejected from the card reader / writer 18 (S5), and the process is completed. Since the access key card AC is different, if another access key card AC is used, the process starts from the first step.

If the host processor 12 and the access key card AC are compared in step S4, the host processor 12
Causes the display device 17 to display a message "Do not enter your PIN" (S6). Here, the optor inputs the personal identification number using the keyboard 16 (S7). The input personal identification number is sent to the access key card AC by the host processor 12, and inside the access key card AC, a control unit (not shown) of the access key card AC and a control program area 51 of the memory unit 50 are stored. The control program collates with the personal identification number in the personal identification number area 54 (S8). If the personal identification numbers do not match here, the error count area 57 of the memory unit 50 is checked (S9). For example, if the number of mismatches is 3, if the control program in the control program area 51 controls that the access key card AC cannot be used, whether the number of mismatches (error count) is 3 or not. I will check. Here, the number of mismatches is 3
If the number of times has not been reached, the value in the error count area 57 is incremented by 1 (S10), and the message "PIN code mismatch, re-enter PIN code" is displayed on the display device 17. However, the operation returns to step S6.
Therefore, you will have to enter the password again. On the other hand, when the number of mismatches reaches 3, the void command is written in the void area 56 of the memory unit 50 (S11), and the access key card AC cannot be used thereafter. This method is performed by issuing an unusable code instead of the terminal access code when the host processor 12 is compared with the access key card AC. In this way, when the access key card AC is voided, the contents of the user name area 55 of the memory unit 50 are read and the printer 19 prints the user name, unmatched comment and date (S12 ), After the printing is completed, all the processing is completed. The access key card AC is ejected from the card reader / writer 18 after the user name is read before the printing.

If the personal identification numbers match in step S8, the host processor 12 causes the display device 17 to display a message "insert key card" (S13). here,
Insert the key card KC into the card reader / writer 40 (S1
Four). Then, the key card KC and the read / write control unit 39 are connected to the above-mentioned host processor 12 and access key card.
The verification is performed in the same manner as the verification that AC and each other can access each other (S15, S16). If the key card KC and the read / write control unit 39 cannot be checked here, the key card KC is ejected from the card reader / writer 40 (S17). If there is a new key card KC, that is, if a different key card KC is inserted by mistake, another correct key card KC can be inserted (S18). Keyboard 16 if you do not have another keycard KC
Press the end key with (S19). Then, after the contents of the user name area 55 of the memory section 50 of the access key card AC are read, the access key card AC is ejected from the card reader / writer 18 (S20). At the same time, the user name read out from the user name area 55 by the printer 19 is printed with the date (S21), and after the printing is completed, the entire process is completed.

In step S16, when the key card KC and the read / write control unit 39 are collated, the host processor 12 causes the display device 17 to receive the signal from the read / write control unit 39 via the microprocessor 28. The message "Enter password" is displayed (S22). Here, the personal identification number is input using the keyboard 29 (S23). If the administrator, not the operator who uses the access key card AC, inputs the personal identification number, the security of the IC card issuance work is enhanced. In addition, the password input keyboard 16
However, since it is performed by the keyboard 29 provided in the issuing processing unit 27, security is enhanced such that wiring to the outside is not performed so that wiretapping cannot be performed on the way.

The personal identification number input by the keyboard 29 is sent by the microprocessor 28 to the key card KC via the read / write control unit 39, and inside the key card KC, the control unit (not shown) of the key card KC and the memory unit 60. The control area in the control program area 61 and the secret code area 65
The personal identification number is compared (S24). The verification result is sent from the key card KC to the read / write control unit 39, and further sent to the host processor 12 via the microprocessor 28. Therefore, the display of the verification result (match, mismatch) can be confirmed on the display device 17, but the verification result is also displayed on the display unit 30 of the issuing processing unit 27, and the PIN of the key card KC is entered in the issuing processing unit 27. The operation is easy for those who are doing it.

If the PIN numbers do not match in step S24,
The error count area 70 of the memory unit 60 is checked (S25). For example, if the number of mismatches is 3,
Control program area 61 when key card KC cannot be used
If it is controlled by the control program therein, it is checked whether or not the number of times of mismatch (number of times of error) is three. Here, if the number of times of disagreement has not reached 3, the value in the error count area 70 is incremented by 1 (S26), and the display device 17 displays “PIN code mismatch, re-enter PIN code”. Is displayed, but the operation returns to step S22. Therefore, you will have to enter the password again. On the other hand, if the number of times of disagreement has reached 3, the void command is written in the void area 69 of the memory unit 60 (S27), and the key card KC cannot be used thereafter. This method is performed, for example, by issuing an unusable code instead of the terminal access code when the read / write control unit 39 and the key card KC are collated. In this way, if the key card KC is voided, the contents of the user name area 55 of the memory section 50 of the access key card AC and the memory section of the key card KC
After the contents of the user name area 66 of 60 are read, the access key card AC is ejected from the card reader / writer 18 and the key card KC is ejected from the card reader / writer 40, respectively. At the same time, the user name read from the user name area 55 and the user name read from the user name area 66, the unmatched comment, the date, etc. are printed by the printer 19 (S28). After such processing, the operation of the present apparatus ends, and in the case of re-operation, it is necessary to start from the beginning.

When the personal identification numbers match in step S24, the host processor 12 causes the display device 17 to display a message "Insert fixed data card" (S2
9). Here, the fixed data card FC is inserted into the card reader / writer 41 (S30). Then, the fixed data card FC and the read / write control unit 39 perform the same verification as the above-described verification that the read / write control unit 39 and the key card KC can access each other (S31). , S32). If the fixed data card FC and the read / write control unit 39 cannot be collated here, the fixed data card FC is ejected from the card reader / writer 41 (S33). When there is a new fixed data card FC, that is, when a different fixed data card FC is inserted by mistake, another correct fixed data card FC can be inserted (S34). If there is no other fixed data card FC, press the end key on the keyboard 16 (S35).
Then, after the contents of the user name area 55 of the memory unit 50 of the access key card AC and the contents of the user name area 66 of the memory unit 60 of the key card KC are read respectively, the Asseskey card AC is read by the card reader / reader. The key card KC is ejected from the writer 18 from the card reader / writer 40 (S36). At the same time, the printer 19 prints the user name read from the user name area 55 and the user name, comment, date, etc. read from the user area 66 (S37). After such processing,
The operation of this device ends, and in the case of re-operation, it must start from the beginning.

If the verification data card FC and the read / write control unit 39 are verified in step S32, then the fixed data card FC and the key card KC are verified (S38, S39). For this collation, for example, the issue code in the issue code area 82 of the memory section 80 of the fixed data card FC is read by the read / write control 39 and sent to the key card KC, so that the memory section 60 inside the key card KC. Is performed by collating with the issue code in the issue code area 62. Both the key card KC and the fixed data card FC are used as a pair, and therefore the above verification needs to be performed. Fixed Data Card FC can be used with Key Card KC when issued by different issuers but used in the same way (for example, if XX Bank and XX Bank can cooperate with each other and use each other). Fixed Data Card FC
It is effective to separate into In this case, if a plurality of issue codes are provided in the issue code area 82 of the memory unit 80 of the fixed data card FC, it is possible to deal with key cards KC of different issuers.

In step S39, if the key card KC and the fixed data card FC cannot be collated, the fixed data card FC is discharged, and the process proceeds to step S33.
The same processing is performed as when the collation with 39 cannot be obtained.

In step S39, when the key card KC and the fixed data card FC are collated, the host processor 12 receives the signal from the read / write control unit 39 via the microprocessor 28, and the display device 17 receives the signal. The message "Enter password" is displayed (S40). Here, as in the case of inputting the personal identification number of the key card KC, the personal identification number is input using the keyboard 29 (S4
1). If this is also done by the administrator instead of the operator who uses the access key card AC as in the case of inputting the personal identification number of the key card KC, the security of the IC card issuance work will be enhanced.

The personal identification number input by the keyboard 29 is sent by the microprocessor 28 to the fixed data card FC via the read / write control unit 39, and inside the fixed data card FC, the control unit of the fixed data card FC (illustration is shown. No) and the control program area 81 of the memory section 80
Collation with the personal identification number in the personal identification number area 85 is performed by the control program therein (S42). The collation result is sent from the fixed data card FC to the read / write controller 39, and further sent to the host processor 12 via the microprocessor 28. Therefore, the display of the verification result (match, mismatch) can be confirmed on the display device 17, but the verification result is also displayed on the display unit 30 of the issuing processing unit 27, and the PIN of the fixed data card FC is displayed on the issuing processing unit 27. The operation is easy for the person who is inputting.

If the PIN numbers do not match in step S42,
The error count area 88 of the memory section 80 is checked (S43). For example, if the number of mismatches is 3,
If the fixed data card FC cannot be used and is controlled by the control program in the control program area 81, it is checked whether or not the number of mismatches (number of errors) is three times. Here, if the number of times of disagreement has not reached 3, the value in the error count area 88 is incremented by 1 (S44), and the display device 17 displays “PIN code mismatch, re-enter PIN code”. Is displayed, but the operation returns to step S40. Therefore, you will have to enter the password again. On the other hand, when the number of mismatches reaches 3, the void area of the memory unit 80
A void command is written in 87 (S45), and the fixed data card FC cannot be used after that. This method is performed by issuing an unusable code instead of the terminal access code when the read / write control unit 39 and the fixed data card FC are collated. In this way, when the fixed data card FC is voided, the contents of the user name area 55 of the memory section 50 of the access key card AC and the user name area 86 of the memory section 80 of the fixed data card FC are After the contents are respectively read, the access key card AC is discharged from the card reader / writer 18 and the fixed data card FC is discharged from the card reader / writer 41, respectively. At the same time, the user name read from the user name area 55 and the user name read from the user name area 86, the non-matching comment and the date are printed by the printer 19 (S46). After such processing, the operation of the present apparatus ends, and in the case of re-operation, it is necessary to start from the beginning.

When the personal identification numbers match in step S42, the host processor 12 "puts data in" on the display device 17.
Is displayed (S47). Here, a floppy disk (or magnetic tape), which is a file of data different for each IC card to be written in the issued IC card, is set in the floppy disk device 14 (or magnetic tape unit 15) (S48). Next, an unissued IC card is set in the hopper 31 of the issue processing unit 27 (S49). Next, by depressing the start key with the keyboard 16 (S50), the activation of this device is completed.

The read / write control unit 39 uses the issued number area 71 of the memory unit 60 of the key card KC (the number of issued sheets previously written by the administrator) and the issue count area 72.
The contents of the issued number area 71 are compared with each other, and when the content of the issued number area 71 is larger than the content of the issued count area 72, a signal indicating that there is an issued number is issued
To the host processor 12 via. As a result, the host processor 12 reads the data issued by the IC card from the floppy disk device 14 and outputs the data to the microprocessor 28.
Send to. Then, the microprocessor 28 takes out one IC card from the hopper 31 (S51). When the IC card taken out reaches the encoding unit 32, the microprocessor 28 writes the data sent from the host processor 12 in the magnetic stripe 2 of the IC card (S52). After the writing is finished, the microprocessor 28 reads the written data and compares the written data with the data sent from the host processor 12 stored in the microprocessor 28 to determine whether the written data is correctly written. Is checked (S53). If the writing is incomplete in this check, the microprocessor 28 writes the data again (S54). And
Check again (S55), and if the writing is still incomplete, the IC card is determined to be defective and the destruction unit 35
, The holes 8 are made in the magnetic stripe 2 (S56), and are stacked on the reject stacker 37 by the dividing section 36 (S57). Then, the record is recorded in the hard disk device 13 by the host processor 12. When defective IC cards are accumulated in the reject stacker 37, the microprocessor 28 returns to step S51 and takes out the next IC card from the hopper 31.

If the writing is normal in the check in step S53 or S55, the IC card in which the magnetic data is written is sent to the embossing unit 33, and the microprocessor 28 forms the embossing information 3 (S58). Since the embossing is performed by pressing one character at a time, the microprocessor 28 performs embossing while checking the pressed character position one character at a time (S59). Therefore, the embossing is stopped at the time when one character is miss-embossed during the embossing, and the IC card is sent to the destruction unit 35 as a defect (S60). The embossed information is usually at least the IC card carrier's number (bank account number) and name, so it seems impossible to use one of them or both of them. The part of the emboss information 3 is destroyed. Here, since the embossment of the number of the carrier is formed first, the destruction unit 35 makes a hole 9 in the portion of that number. In this case, the progress of emboss formation is judged (the time of the emboss interruption is determined by the microprocessor 28).
(S61), the microprocessor 28 punches only the magnetic stripe 2 (S62), or punches both the magnetic stripe 2 and the embossed information 3 (S63). Proceed to S57 and the information is accumulated in the reject stacker 37.

When the emboss information 3 is formed correctly, the IC card is sent to the reader / writer unit 34, and the reader / writer unit 34
The contact portion 5 comes to the contact position and is stopped.
Then, the microprocessor 28 controls the contact portion (not shown) of the reader / writer unit 34 so as to contact the contact portion 5 of the IC card, and then sends a signal indicating that the contact portion is contacted to the read / write controller 39. .
Receiving this signal, the read / write control unit 39 supplies power to the control unit 6 and the memory unit 7 of the IC card to exchange initial signals (the basic control program in the basic control program area 91 of the memory unit 7 is Since it was written when the IC card was manufactured, it is possible to send and receive initial signals). When the initial exchange of signals is completed, the key card KC is compared with the IC card to be issued via the read / write control unit 39 (S64, S65). This collation method is performed, for example, by collating the issuer temporary personal identification number. It is considered that when a manufacturer gives an unissued IC card to the issuer, a personal identification number is set for the delivery between the manufacturer and the issuer so that the third party does not illegally use the IC card. Also, this PIN is IC
Since it is necessary only when the card is handed over, use a different issuer temporary PIN after issuing it. Verification using this issuer's provisional PIN is performed as follows. First, the read / write control unit 39 reads the issuer temporary personal identification number in the issuer temporary personal identification number area 67 of the memory unit 60 of the key card KC,
It is sent to the control unit 6 of the issued IC card. The control unit 6 reads the issuer temporary secret identification number written by the manufacturer in the issuer recording area 93 (area for writing data such as issuer name and issuer code) of the memory unit 7, and the read / write control unit 39. Check it with the issuer's temporary PIN sent from. If the issuer temporary PINs do not match in this verification, the IC card is sent to the destruction unit 35 (S66) because the writing of magnetic data and the formation of embossing information have been completed (S66). The information 3 portion is perforated (S67), and then the process proceeds to step S57 and the information is accumulated in the reject stacker 37.

If the issuer temporary PINs match in step S65, the fixed data in the issuer recording area 93 and the application program area 95 of the memory unit 7 or the variable data that is different for each IC card issued by the bearer recording area 96 Name, account number, etc.) (S68). This writing is performed as follows. First, fixed data is read from the data area 89 of the memory section 80 of the fixed data card FC and written in the memory section 7. The contents of the fixed data are the application program to be written in the application program area 95 and the issue recording area 94.
And the area classification of the carrier recording area 96. When the writing of the fixed data is completed, the contents of the issuer recording area 68 of the memory unit 60 of the key card KC are read and written in the issuer recording area 93 of the memory unit 7. Reading and writing of data from the fixed data card FC and the key card KC and writing of data to the memory unit 7 are all performed by the read / write control unit 39. When the writing of these data is completed, the read / write control unit 39 writes the variable data for the carrier sent from the host processor 12 via the microprocessor 28 in the carrier recording area 96 of the memory unit 7.

Thus, when the data writing to the memory unit 7 is completed,
The read / write control unit 39 reads the written data,
The write data in the memory unit 7 is checked by collating with the data from the fixed data card FC, the key card KC and the host processor 12 (S69). If the result of this check is that there is a write error, it is written again in the memory section 7 (S70). If the writing is not successful again (S71), but it is not perfect, but it can be applied to some extent (S7)
2) The void data is written in the issue recording area 94 of the memory unit 7 so that it cannot be used (S74). If the void data cannot be written, it is sent as a defective IC card to the destruction unit 35 as it is, a hole is made in the magnetic stripe 2 and the emboss information 3 (S73, S75), and then the process proceeds to step S57 and is rejected. Stacked on the stacker 37. Of course, when a defective IC card is accumulated in the reject stacker 37, it is checked that it is a microprocessor.
By being sent to the read / write control unit 39 via 28, the defect count area 73 of the memory unit 60 of the key card KC
The content of 1 is updated and recorded. This is also recorded when defective IC cards are accumulated in the reject stacker 37, even when the encoder 32 and the emboss unit 33 are defective. Of course, it is also recorded in the hard disk device 13 of the host processor 12.

If the writing is normal in the check in step S69 or S71, the read / write control unit 39 calculates the temporary carrier secret code number with a random number (S76), and the calculated temporary carrier secret code number is carried by the carrier of the memory unit 7. Write to recording area 96 (S7
7). Next, the read / write control unit 39 reads the cumulative issuance value from the cumulative issuance area 74 of the memory unit 60 of the key card KC, adds 1 to the cumulative issuance value, and outputs it as the issue number to the issuance recording area 94 of the memory unit 7. Write (S78). At the same time, the user name (or code) is read from the access key card AC, the key card KC and the fixed data card FC and written in the issue recording area 94 of the memory unit 7. When this is completed, the read / write control unit 39
The non-rewritable hold data is written in the basic control program area 91 of the memory unit 7 (S79), and the rewriting is performed except for the secret code which is the temporary secret code of the carrier and where it is written when the carrier receives the service. Not possible And
This IC card has already been issued and is sent to the stacker 38 for stacking (S82). Further, the read / write controller 39 adds 1 to the contents of the issue count area 72 and the issue total area 74 of the memory section 60 of the key card KC (S8).
0). After writing the hold data in step S79, the host processor 12 causes the printer 19 to send the IC card's shipping document (this data is all stored in the floppy disk device 14).
Can be created from the data recorded on the floppy disk or the magnetic tape of the magnetic tape unit 15), and the issuance notice 21 is printed by the printer 20 on which the carrier temporary identification number calculated above is printed (S81). . When the printer 20 prints the temporary personal identification number of the carrier, the memory in the read / write control unit 39 is erased, which makes the temporary personal identification number highly secure.

When the read / write control unit 39 counts up the issue count area 72 of the memory unit 60 of the key card KC, by comparing the number with the content of the issue number area 71,
It is checked whether the issued number of sheets has reached the planned number of sheets (S83). If the result of this check is that the planned number has not been reached, a signal to that effect is sent to the host processor 12. Therefore, after receiving data from the host processor 12, the microprocessor 28 takes out one IC card from the hopper 31 ( S51). As a result of the check in step S83, when the planned number of sheets has been reached (when the content after the count up in the issued count area 72 and the content in the issued number area 71 become the same), the issuance ends. Of course, the issue ends even if there is data to be issued on the host processor 12 side.

Before writing the hold data in step S79, the manufacturing number written in the manufacturer recording area 92 of the memory unit 7 (a serial number is attached to each IC card manufactured by the manufacturer together with the manufacturing record). Read the stored number),
By writing as the serial number of the issued IC card in the issuance recording area 75 of the memory unit 60 of the key card KC, the check including from the manufacturing can be performed, which is effective in management.

When the issuance is completed in this way, the read / write control unit 39
The contents of the issue count area 72 and the defect count area 73 of the memory unit 60 of the key card KC are written together with the date in the issue recording area 75 (S84), and then the contents of the issue count area 72 and the defect count area 73 are respectively cleared. . Since the content of the cumulative issue area 74 is the total number of issued sheets up to now, it remains the same as the final issue number. When this writing is completed, the host processor 12 causes the display device 17 to display a message "Press the end key" (S85). Here, the end key is pressed by the keyboard 16 (S86). As a result, the host processor 12 causes the printer 19 to print the issue record stored in the hard disk device 13 (S87). This issue record is, for example, as shown in FIG. 11, the serial number read from the IC cards issued in the order of issue numbers, and the name and address of the carrier input by the floppy disk device 14 (or the magnetic tape unit 15). Is printed. Further, by opening the outlet door 42 of the issuing processing unit 27, the defective IC card and the issued IC card are taken out from the reject stacker 37 and the stacker 38, respectively (S88). Since a defective IC card has a hole in at least the magnetic stripe 2 or both the magnetic stripe 2 and the embossed information 3, it can be easily distinguished from the issued IC card. There is.

After that, when the end key is pressed again by the keyboard 16 (S89), the host processor 12 determines that the access key card AC is entered in the same manner as the issue record is written in the key card KC.
The issue date, issue number, defective number, and
Write the key card code, fixed data card code, etc. (S90). As a result, a record of what was issued at what time and how many was issued is recorded. Then, the access key card AC, the key card KC, and the fixed data card FC are ejected (S91), and all the operations of the present apparatus are completed.

The IC card processing device described above uses the fixed data card FC that holds the fixed data common to the IC cards to be written in the unissued IC card, and the fixed data card FC and the unissued IC card By writing and reading data between each other, the above fixed data is written in the unissued IC card.Reading and writing of data between the fixed data card FC and the unissued IC card, This is performed by the microprocessor 28 and the read / write controller 39. As a result, reading and writing of data between the fixed data card FC and the unissued IC card can be performed without passing through the host processor 12, so that the data to be written to the unissued IC card is easy. It will not be leaked to the outside and security will be very high.

In addition to the fixed data card FC, an access key card AC storing information for activating the host control unit 11 and a key card KC storing information for activating the issue processing unit 27 are provided. Since the present apparatus is activated by these cards AC and KC, the present apparatus cannot be activated without these cards AC and KC, and therefore the security can be further enhanced.

It should be noted that the access key card AC and the key card KC do not necessarily have to have both, and may have at least one of them.

Further, the present invention is not limited to the above embodiment, and various modifications can be made. For example, instead of the key card KC and its card reader / writer 40, a read / write control unit 39 is provided as a data holding device having a control unit and a memory unit that stores information for identifying the user and can perform collation inside. It is conceivable that the and are connected by a detachable contact. Similarly, the fixed data card FC and its card reader / writer 41 also store information for identifying the user, and are a data holding device having a control unit and a memory unit capable of collating internally, and read / write control. It is conceivable to connect the portion 39 with a detachable contact. In addition, although the personal identification number was used for the information that identifies the user of the key card KC and the fixed data card FC, it is also possible to memorize physical characteristics such as the user's fingerprint and signature, and to verify it with it. is there. In that case, it is necessary to provide the keyboard 29 of the issuing processing unit 27 with means for inputting a fingerprint, a signature, or the like.

Further, in the above-described embodiment, the case where the present invention is applied to the IC card processing device that issues the IC card by writing the predetermined data to the unissued IC card has been described, but the present invention is not limited to this. Instead, for example, write initialization data to the IC card at the IC card manufacturing stage.
The same can be applied to the IC card processing device.

Furthermore, in the above-described embodiment, the case where the portable storage medium is an IC card with a magnetic stripe has been described, but the same can be applied to the case of an IC card without a magnetic stripe, for example.

[Effects of the Invention] As described in detail above, according to the present invention, it is possible to provide a portable storage medium processing device having high security suitable for a card having a built-in semiconductor memory such as an IC card having high security.

[Brief description of drawings]

1 is a block diagram of an IC card processing device, FIG. 2 is an external perspective view of the IC card processing device, and FIG. 3 is an IC after issuance. External perspective view of card, FIG. 4 is an external perspective view of defective IC card, fifth
FIG. 6 is a diagram showing an example of printing a notice of issuance of a provisional personal identification number of a carrier, FIG. 6 is a diagram showing contents of a memory unit of an access key card, FIG. 7 is a diagram showing contents of a memory unit of a key card,
FIG. 8 is a diagram showing the contents of the memory unit of the fixed data card, FIG. 9 is a diagram showing the contents of the memory unit of the IC card after issuance, FIG. 10 is a flowchart explaining the operation, and FIG.
The figure shows an example of printing the issuance record. 6 ... IC card control unit, 7 ... IC card memory unit,
11 …… Host control unit, 12 …… Host processor,
18 ... Card reader / writer, 27 ... Issuing processing unit, 28 ... Microprocessor, 34 ... Reader / writer unit, 39 ... Read / write control unit, 40,41 ... Card reader / writer, 50 ... Access Key card memory, 60 …… Key card memory, 80 …… Fixed data card memory, AC …… Access key card,
KC …… Key card, FC …… Fixed data card.

Claims (1)

[Claims] 1. A card is issued by recording personal data consisting of the name and personal identification information of the card carrier and issuer data consisting of the name and personal identification information of the issuer in a semiconductor memory built in the card. In a portable storage medium processing device, first reading means for reading the issuer data from a key card in which issuer data consisting of an issue code, an issuer's name and personal identification information is stored in a semiconductor memory, and an issue code and fixed data. Second reading means for reading the issuance code and fixed data from a fixed data card stored in a semiconductor memory; an issuance code read from the key card by the first reading means and the fixing by the second reading means. A comparison means for comparing the issued code read from the data card and the personal name of the card carrier. If the issue file storing personal data consisting of the front and personal identification information for a plurality of persons, as a result of the comparison by the comparing means, the issue code read from the key card and the issue code read from the fixed data card match, Reading means for sequentially reading data from the issuance file, personal data including personal name and personal identification information read from the issuance file by the reading means when the comparison result by the comparing means matches, and A card for issuing the issuer data including the name and password of the issuer read from the key card by the first reading means, and the fixed data read from the fixed data card by the second reading means. When the comparison result by the comparison means does not match, Portable storage medium processing device characterized by not recorded in the first reading means issuer data to be issued cards consisting of name and password information of the issuer that is read from the key card by.