JPH08137759A - Security verification work support device for information recording medium - Google Patents

Abstract

PURPOSE: To support the security verification work of an IC card and to reduce the burden of a verification worker. CONSTITUTION: A storage part 31 storing an instruction given to the IC card by grouping it, a storage part 32 storing security attributes of respective files in the IC card and a storage part 33 storing a status showing the unlocking state of a key at respective points of time during verification are provided in a storage means 30. The instruction displayed on an instruction display area 41 and the file displayed on a file display area 42 can be selected by a mouse 50. Security attribute information of the selected file are displayed on a display area 44. When a key file is double cricked and selected, the corresponding key becomes the unlocking state, and status information is changed. Status information at present time is displayed on a display area 43. When the arbitrary file and instruction are selected, whether the selected instruction can be executed or not is displayed on a display area 45 with respect to the selected file.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security verification work support device for an information recording medium, and in particular, when issuing a portable information recording medium such as an IC card, whether security is sufficiently secured by setting a key. The present invention relates to a device that supports verification work.

[0002]

2. Description of the Related Art A portable information recording medium represented by an IC card has been attracting attention as a new information recording medium replacing the conventional magnetic card. In particular, an IC card with a built-in CPU is expected to be used in various fields because it can be used in a state where a high level of security is ensured. Generally, IC cards are RAM, ROM, EEP
It has three types of memories, such as ROMs, all of which are accessed by the built-in CPU. The reader / writer device exchanges data with the IC card. When a given command is given from the reader / writer device to the IC card, this command is executed by the CPU in the IC card. For example, if it is a data write command,
The data given from the reader / writer device to the IC card is IC
If it is a data read command written in the memory in the card, the data read from the memory in the IC card is transferred to the reader / writer device.

In order to ensure the security of the data written in the IC card, a secret code key is usually used. That is, which key needs to be unlocked in order to access a specific file in the IC card is set in advance, and the secret code set in the IC card and the secret code input from the outside are set. The design is such that a particular key is unlocked only when the code matches.

By the way, in practice, a plurality of keys are generally used to ensure such security. This is because there are various types of access right settings. For example, even when accessing files stored in the same IC card, it is common to set different key settings for files with high sensitivity and files with low sensitivity. Further, even when accessing the completely same file, it is often the case that different keys are set with different degrees of security depending on the mode of access. For example, when a read command is executed for a file and when a write command is executed for a file, it is usual to set a high level of security for the latter. Generally, the key to be locked and the key to be unlocked when the read command is executed are set differently.

As described above, a considerably complicated key setting is performed on the IC card so that sufficient security can be ensured even when distributed in the real world. Then, it is necessary to sufficiently verify this complicated key setting before issuing it. Conventionally, such security verification has been performed as manual desk work. That is, an engineer who performs security design has verified on paper whether or not a sufficient security system has been constructed in consideration of various access rights and combinations of keys.

[0006]

However, such a verification work as a desk work requires a great deal of labor and skill, and a problem arises that a skilled security designer is burdened with a large work load. In particular, the market for portable information recording media such as IC cards tends to increase more and more in the future, and the verification work as desk work as in the past may be performed.
It is expected that it will be difficult to issue IC cards that meet demand.

[0007] Therefore, an object of the present invention is to provide a support device that supports the security verification work of an information recording medium and can reduce the burden on the verification worker.

[0008]

[Means for Solving the Problems]

(1) A first aspect of the present invention is a data file including data according to a user's use, and a key file including a secret code necessary for accessing various files,
Which stores at least two types of files and supports the security verification work for the information recording medium which is permitted to access the file when the secret code given from the outside and the secret code in the key file match. In the above, the first storage means for storing instruction group information indicating the grouping according to the degree of security required for each instruction executed for the file, and the instruction for each group for each file Second storage means for storing security attribute information indicating a key to be unlocked for execution, third storage means for storing status information indicating an unlocked state of the key at the present time in verification work, An instruction display area for displaying all or a part of the instructions stored in the first storage means; File display area for displaying all or part of the existing files, status display area for displaying status information stored in the third storage means, and security attribute display area for displaying security attribute information for a predetermined file And a command selecting unit for selecting a specific command from the commands displayed in the command display region, and a specific file selected from the files displayed in the file display region. File selection means for selecting in the second aspect or the second aspect,
A first process for displaying, in the security attribute display area, the security attribute information stored in the second storage section for the selected file when the file selection section makes a file selection in the first mode. When the file is selected by the file selecting means in the second mode, and the selected file is a key file, the status information stored in the third storage means is changed to the selected key. A second process of updating so as to change the unlocked / locked state of the key corresponding to the file, and when the file selection unit makes the file selection in the first mode and the instruction selection unit makes the instruction selection. The status information stored in the third storage means and the selected file stored in the second storage means. By referring to the security attribute information, it is determined whether or not the selection command can be executed for the selected file, and the result is displayed in the executability display area further provided in the display means. And processing means for executing the processing.

(2) A second aspect of the present invention is the above-mentioned first aspect.
In the support device according to this aspect, when the processing unit determines that the selected command cannot be executed by the third process, which key needs to be unlocked to enable execution of the selected command. It is configured such that additional processing for recognizing whether there is any and displaying the result in the executability display area is performed.

(3) A third aspect of the present invention is the above-mentioned first aspect.
Alternatively, in the support apparatus according to the second aspect, deactivation instructing means for deactivating a specific key file is further provided, and the deactivated key file is stored in the file display area. The key file is displayed in an identifiable manner, and the processing means does not execute the second process on the inactivated key file.

(4) A fourth aspect of the present invention relates to the above-mentioned first aspect.
~ In the support device according to the third aspect, a folder file is defined in addition to the data file and the key file,
You can define a file with a hierarchical structure by containing a data file, key file, or another folder file in this folder file,
The status information is defined for each folder.

(5) A fifth aspect of the present invention relates to the above-mentioned first aspect.
~ In the support device according to the fourth aspect, the mouse is used as the file selection means, and the mouse pointer is clicked once while the mouse pointer is moved to the position of the file to be selected displayed in the file display area. The selection in the first mode is performed by, and the selection in the second mode is performed by clicking the mouse button twice.

(6) A sixth aspect of the present invention relates to the above-mentioned first aspect.
~ In the support device according to the fifth aspect, further comprising a fourth storage means for storing the key file, the key file corresponding to the key indicated by the security attribute information stored in the second storage means, The fourth processing is configured so that the processing means can execute the fourth processing for determining whether or not it is prepared in the four storage means.

[0014]

[Operation] According to the support device of the present invention, the process of accessing an information storage medium such as an IC card by the reader / writer device can be efficiently simulated. In particular, the transition between the unlocked state of the key and the mode of granting the access right can be confirmed on the display device. The processing device that is the center of this support device has three processing functions. First, when one file is selected from the files displayed on the display screen by the first mode (for example, clicking a mouse button), the security attribute information about the selected file is displayed on the display screen. . This is the first processing function. On the other hand, when one key file is selected from the key files displayed on the display screen by the second mode (for example, double-clicking the mouse button), the unlocked / locked state of the selected key is changed. , The current unlocked / locked state of each key is displayed on the display screen as status information. This is the second processing function. Furthermore, when one instruction is selected from the instructions displayed on the display screen, the current status information is checked to see whether the currently selected instruction can be executed for the currently selected file. The result is displayed on the display screen. This is the third processing function. By using these three processing functions, the verification operator simulates a state in which the IC card is used in the real world after being issued, and efficiently verifies whether or not sufficient security settings are made. It will be possible.

[0015]

The present invention will be described below based on illustrated embodiments. Here, an embodiment in which the present invention is applied to an IC card will be described. Therefore, first, the structure of a general IC card and the procedure for accessing the IC card using the reader / writer device will be briefly described.

FIG. 1 is a block diagram showing a state in which a general IC card 10 is connected to a reader / writer device 20. In the IC card 10, an I / O device 11 for connecting to the reader / writer device 20, a CPU 12, and a RAM
13, the ROM 14, and the EEPROM 15 are built in, and the IC card 10 and the reader / writer device 20 are connected by an I / O line. The I / O device 11 has a function of transmitting and receiving data to and from the reader / writer device 20. The CPU 12 receives an instruction given from the reader / writer device 20 via the I / O device 11 and executes it. Of the three types of memory built in the IC card 10, the RAM 13 is a volatile memory and is used as a work area for the CPU 12. The ROM 14 is a non-rewritable fixed memory in which basic program routines necessary for operating the CPU 12 are recorded. In addition, EEPROM
15 is a non-volatile memory that can be rewritten at any time,
The data corresponding to the user's purpose, the secret code necessary for accessing this data, and the like are stored. The subject of the verification work in the present invention is this EEPRO.
This is security for files stored in M15.

In this embodiment, the EEPROM 15 stores three types of files. That is, it is possible to define a file having a hierarchical structure by accommodating a data file containing data according to the user's purpose, a key file containing a password required to access the file, and other files. There are three types of folder files. Folder files are different from general "files" in that they actually only function as containers for containing data files, key files, or other folder files, but here For convenience of explanation, it will be treated as a file like a data file and a key file.
Put another folder file in the folder file,
Further, by accommodating another folder file in it, a file having an arbitrary hierarchy can be defined.

FIG. 2 is a conceptual diagram showing a state in which a file having such a hierarchy is defined in the EEPROM 15. Here, F _A , F _B , F _C , and F _D represent folder files, D1, D2, and D3 represent data files,
K1, K2 and K3 represent key files. The folder file _{F A} top tier, data files D1, D2, D3 belonging to the top tier, ... and the key file K1, K2, K3, ... are accommodated, and the second
A hierarchical folder file F _B is also stored. In the folder file F _B , the data files D1, D2, ... And the key files K1, K2 ,.
Is stored, and the folder file F of the third hierarchy
_C and F _D are also housed. Similarly, various files belonging to the third layer are stored in the folder files F _C and F _D.

As described above, the external access to the EEPROM 15 in which various files are stored is controlled by the CP from the reader / writer device 20 side via the I / O device 11.
This is done by giving a predetermined command to U12. The access from the outside is not limited to reading and writing to the file in the EEPROM 15, but also includes changing the file name, erasing data, generating a new file, and the like. Will be executed by the CPU 12. At this time, the CPU 12 determines whether or not the security condition necessary for executing each instruction is satisfied, executes the instruction only when the condition is satisfied, and when the condition is not satisfied, Refuses to execute the instruction. Normally, individual instructions are divided into groups according to the required degree of security, and security conditions are set for each group.

Each instruction used in this embodiment,
Instruction group information indicating the grouping is shown in the table of FIG. In this embodiment, each instruction is classified into five types of groups, group 0 to group 4. It should be noted that the commands shown here show only a part of the commands used in an actual IC card for convenience of explanation, and the summary of each command will be briefly described below.

First, the instructions belonging to group 0 are SEL
It is composed of an ECT instruction and a VERIFY instruction. SE
The LECT command is a command for selecting an arbitrary file as a target of some processing, and no specific processing is executed by this command alone. The VERIFY command is a command for verifying the selected file, and is a command for checking whether or not the file is stored in the correct format. Since these two instructions are not related to the illegal use of the IC card, they are classified into the instruction group of group 0 having the lowest security level. Therefore, in this example, to execute this group 0 instruction,
No key needed.

The instruction belonging to the next group 1 is READ.
It is composed of a RECORD command and a READBINARY command. The READ RECORD command is a command for reading data from the selected data file in record units, and the READ BINARY command is a command for reading binary data from the selected data file. As described above, the instruction of the group 1 is an instruction intended for reading, and is therefore referred to as a "reading instruction" here. This "read-out" instruction has a higher security level than the instruction of group 0, and some key is required to execute it.

Next, the instructions belonging to group 2 are AP
Only the PEND RECORD instruction. This command
This is an instruction for additionally writing data in record units to the selected data file. Since it is additional writing, existing data is not rewritten. Here, this group 2 instruction will be referred to as an “additional write type” instruction. The "write-once" command has a higher security level than the "read-out" command, and some key is required to execute the command.

Next, the instructions belonging to group 3 are WRI
TE RECORD command and WRITE BINARY
Command, ERASE RECORD command, ERASE
It is composed of a BINARY instruction. WRITE R
The ECORD instruction is an instruction to rewrite the existing data in the selected data file in record units, and the WRITE BINARY instruction is an instruction to rewrite the binary data. Also, ER
ASE RECORD command and ERASE BINAR
The Y command is a command for erasing data in record units or binary data. Since all the commands are commands that involve rewriting or erasing existing data, they will be called “update-type” commands here. This "update type" command has a higher security level than the "additional type" command.

Finally, the instructions belonging to group 4 are CR
EATE FOLDER FILE command and CREATE
E DATA FILE command and CREATE KEY
FILE command, SET KEY command, UPDAT command
It is composed of an E KEY instruction, an INVALIDATE FILE instruction, and an ERASE ALL instruction. Here, the CREATE FOLDER FILE command, CR
EATE DATAFILE instruction, CREATE KE
The Y FILE command is a command for creating a new folder file, data file, and key file in the selected folder file. In addition, SET KE
The Y command and UPDATE KEY command are commands for writing a personal identification code (key) in the key file or rewriting an existing personal identification code. On the other hand, INV
The ALIDATE FILE instruction is an instruction for deactivating the selected file (making it inaccessible), and the ERASE ALL instruction is an instruction for erasing the entire selected file. These commands are commands that change the service itself provided by using the IC card, and are usually executed when the IC card is issued to general users. I will call it the command. This "issue system" command is a command having the highest security level.

Now, in order to ensure the necessary security for each file, "which key must be unlocked in order to execute the commands of each group for each file stored in the EEPROM 15. Security attribute information indicating "is there?" Is prepared. For example, for each data file D, all the instructions of groups 0 to 4 are to be executed, and therefore, as shown in FIG. 4, "read system", "addition system", "update system", "update system", For each of the four groups of "issuing" commands, security attribute information indicating which of the keys 1 to 8 should be unlocked in order to execute the commands (as described above) is prepared. As such, no keys are required to execute group 0 instructions). On the other hand, for each key file K and each folder file F, groups 0, 3,
Since the instruction of 4 becomes the execution target, as shown in FIG.
For each of the commands of the two groups of "update system" and "issue system", security attribute information indicating which of keys 1 to 8 should be unlocked in order to execute the command. Be prepared.

In the security attribute information shown in FIGS. 4 and 5, binary information indicating whether or not the key needs to be unlocked is recorded in the small square portion. FIG.
This is shown in a concrete example. Here, the security attribute information about the specific data file D3 is shown, a black box indicates that the key needs to be unlocked, and a white box indicates that the key must be unlocked. It indicates that it is unnecessary. Actually, for example,
It is recorded as binary data such as a black box = "1" and a white box = "0". In this example, 8 kinds of keys from 1 to 8 are prepared,
For example, in order to execute the "read-out" command, three keys 1, 4, 5 need to be unlocked, and in order to execute the "issue-related" command, the keys 1, 3 , 4, 7,
5 of 8 need to be unlocked.

In this embodiment, since the file structure having the hierarchy is defined as described above, the key to be unlocked to execute a predetermined command for a specific file is the file. It is prepared as a key file included in the same layer. For example, in the case where the hierarchical structure shown in FIG. 2 is defined, the folder file F
_In order to execute the "read-related" READ RECORD command for the data file D3 (file of the second layer) in _A , the key files K1, K4, K5 included in the same second layer are solved. It will have to be locked. The key is unlocked when the secret code given from the outside matches the secret code stored in the key file. For example, when the secret code “1234” is stored in the key file K1, the key file K1 is read from the reader / writer device 20 side.
When the secret code "1234" is given as the verification target, the key K1 is unlocked.

In this embodiment, the unlocked state of the key is handled separately for each folder. For example, in the hierarchical structure shown in FIG.
_Even if the second-level keys K1, K4, and K5 belonging to _A are unlocked and the "read-out" command for the data file D3 can be executed, the unlocked status of this key is This is valid only for each file in the second layer. For example, when accessing the data file in the third layer belonging to the folder file F _B , the unlocking operation for the key file in the third layer is required again.

As described above, in order to secure sufficient security for the IC card, the setting of security attribute information as shown in FIG. 6 becomes very important. Therefore, before supplying the IC card to the real world, it is necessary to verify whether or not the security attribute information is set sufficiently to secure the security. As already mentioned,
Until now, this verification work has been done by a security designer while making a table on paper. However, the verification work of the security attribute information is a very complicated work. The security attribute information shown in FIG. 6 is for one data file D3 in a specific hierarchy. Such security attribute information is EEPR.
It is set for each of all files (data file, key file, folder file) in the OM 15. Moreover, one security attribute information includes conditions for a plurality of keys (eight keys from key 1 to key 8 in this example), and each key has a unique meaning in practical use.

For example, taking this IC card as a bank cash card, for example, key K1: a secret code indicating that the connected device is a correct reader / writer device key K2: the connected device is written. Security code key K3 indicating that the device is a reader / writer device that has the authority to perform embedded processing: password code K4 that indicates that the connected device is a reader / writer device that has the authority to issue processing. Key K4: user (depositor) Set code code K5: Bank code code that permits read processing Key K6: Bank code code that allows additional processing Key K7: Bank code code K8 that allows data rewriting processing Assuming that it is a secret code that indicates permission from the main store, the security attribute information shown in FIG. Bring. In particular,
It is essential that the key K1 is unlocked when executing any of the command systems, because this is to reject access from an unauthorized reader / writer device. If a legitimate reader / writer device has a built-in personal identification code corresponding to the key K1 and is provided with a function of transmitting the personal identification code to the IC card side when an IC card is connected, the key code K1 can be solved. The lock operation will be performed automatically. Also, to execute the "read-out" command, the key K
Unlocking 1, K4, K5 is a condition, but this is
It is a condition that it is connected to the correct reader / writer device, and that the correct user's personal identification code and the correct bank's personal identification code that permits the reading process are given.

As described above, even with the security attribute information set for only one file, a considerable work load is required to perform verification in consideration of the meaning of each key. Moreover, the reader / writer device and the I
The operation with the C card connected takes the process of unlocking specific keys one by one in order, so make a note of which key is unlocked at which operation stage. However, it is necessary to proceed with the verification work.

The present invention relates to a support device for reducing the burden of such verification work. Hereinafter, the configuration and operation of this support device will be described based on examples. FIG. 7 is a block diagram showing the basic configuration of the security verification work support apparatus according to the embodiment of the present invention. The main constituent elements of this support device are storage means 30,
The display means 40, the input means 50, and the processing means 60. In reality, this support device is configured by using a general-purpose personal computer. That is, the storage means 30
Is realized by the internal memory of this personal computer or an external storage device such as a hard disk,
The display means 40 is realized by a display device connected to the computer and software for controlling display on the display device, and the input means 50 is
This is realized by an input device such as a keyboard and a mouse for this computer, and the processing means 60 is realized by the computer itself and necessary application software.

The storage means 30 can be divided into three storage means 31 to 33 in terms of function. However, actual hardware is not always divided in this way. In the first storage means 31, for each instruction executed in the IC card to be verified,
Instruction group information indicating grouping according to the required degree of security is stored. In the case of this embodiment, specifically, instruction group information as shown in FIG. 3 is stored. On the other hand, in the second storage means 32, security attribute information indicating a key to be unlocked for executing an instruction of each group is stored for each file stored in the IC card to be verified. Has been done. Specifically, the security attribute information as shown in FIG. 6 is stored for each file. Also,
In the third storage means 33, status information indicating the unlocked state of the key at the present time in the verification work is stored.

On the display screen of the display device constituting the display means 40, as shown in FIG.
1, a file display area 42, a status display area 43,
Security attribute display area 44, executability display area 4
Five display areas 5 are secured. Here, the command display area 41 displays all or part of the commands stored in the first storage unit 31, and the file display area 42.
Indicates all or part of the files stored in the second storage means 32, and the status display area 43 displays the status information stored in the third storage means. . Further, as will be described later, the security attribute display area 44 displays the security attribute information about the selected predetermined file, and the executability display area 45 displays the command selected for the selected file. Information indicating whether or not it is executable is displayed.

The input means 50 is composed of a mouse in this embodiment, and the mouse is the instruction selection means 5.
1, file selection means 52, and deactivation instruction means 53
And function as three means. The function as the command selection unit 51 is a function of selecting a specific command from the commands displayed in the command display area 41. In this embodiment, when a command list as shown in the right column of FIG. 3 is displayed in the command display area 41, when the mouse pointer is moved to a specific command display position and the mouse button is clicked, the command is displayed. It has a configuration that can be selected.
Similarly, the function as the file selection means 52 is a function of selecting a specific file from the files displayed in the file display area 42. In this embodiment, the E of the IC card to be verified is displayed in the file display area 42.
With the file list stored in the EPROM 15 displayed, the file can be selected by aligning the mouse pointer with a specific file display position and clicking the mouse button. However,
With regard to this file selection, two modes can be selected. That is, the selection in the first mode is performed by clicking the mouse button once, and the selection in the second mode is performed by clicking the mouse button twice (so-called double click). Two
The difference between the two selection modes will be described later. The function as the deactivation instructing means 53 is a function of inputting an instruction to deactivate the selected file when the specific file is selected by the file selecting means 52. In order to enable such an instruction input with a mouse, for example, a character "deactivate" is displayed on the display screen of the display means 40, and this character is clicked with the mouse. Good.

The processing means 60 has a function of executing various kinds of processing based on the selection or instruction input from the input means 50. In other words, application software for executing such processing is prepared. The basic processing performed by the processing means 60 is the following three processing.

In the first processing, when the file selection means 52 selects a file in the first mode, the security attribute information stored in the second storage means 32 for the selected file is This is processing for displaying in the security attribute display area 44. For example, in Figure 2.
When an IC card in which a file having a hierarchical structure as shown in is stored is to be verified, a file list having such a hierarchical structure is displayed in the file display area 42 and, for example, the mouse pointer When the user clicks the data file D3 in the second layer in accordance with the display position, the security attribute information (information shown in FIG. 6) about the data file D3 is displayed in the security attribute display area 44 on the display screen.

In this embodiment, the file display area 42 displays only the files in the currently selected folder file instead of displaying all the files. For example, when a folder file F _C is selected when a file having the hierarchical structure shown in FIG. 2 exists, the selected folder file F _C is shown in a thick frame as shown in FIG. 8 (a). , Below that,
Only files that exist in this folder file are displayed. In this state, to select a specific file by the file selection means 52, the mouse pointer 55 may be moved to a desired file display position and the mouse button may be clicked. For example, when the data file D3 is clicked, the display of the selected data file D3 is surrounded by a frame as shown in FIG. 8 (b), and at the same time, the security attribute information of the data file D3 is displayed in the security attribute display area 44. Will be displayed. In this embodiment, as shown in FIG. 9, the status display area 43 is provided adjacent to the security attribute display area 44. Since the unlocked / locked state of each of the keys K1 to K8 is displayed in both the security attribute display area 44 and the status display area 43, when the keys are arranged adjacent to each other in such a manner, The visibility in performing the verification work can be improved.

The second processing is the third processing when the file selection means 52 selects a file in the second mode and the selected file is a key file.
Is a process of updating the status information stored in the storage means 33 so as to change the unlocked / locked state of the key corresponding to the selected key file. For example, when the mouse pointer 55 is moved to the display position of the key file K1 and double-clicked in the state where the display as shown in FIG. The lock / lock status is changed. Specifically, if the key K1 has been in the locked state up to now, it will be in the unlocked state, and if it has been in the unlocked state, it will be in the locked state. As a result of this second processing, the status information in the third storage means 33 is rewritten, and, for example, as shown in FIG. 9, in the status display area 43, the key K1 is in the unlocked state. A display (in this example, a black box) will be displayed. The second processing is performed only when the key file is double-clicked, and even when the data file or the folder file is double-clicked, no processing is executed.

In the third processing, in the state where the specific file is selected by the above-mentioned first processing,
When a specific command is selected by the command selection unit 51, the status information stored in the third storage unit 33 and the security attribute information about the selected file stored in the second storage unit 32 are referred to. This is a process of determining whether or not the selection command can be executed for the selected file, and displaying the result in the execution / non-execution display area 45. In this embodiment, instruction selection is also performed by clicking with the mouse. When the selected instruction is executable, for example, the display as shown in FIG. 10 (a) is displayed, and when it is not executable, for example, the display as shown in FIG. 10 (b) is displayed. become. Specifically, when the data file D3 having the security attribute information as shown in FIG. 6 is selected and only the key K1 is in the unlocked state as shown in FIG. On the other hand, when the "reading type" instruction is selected, a display indicating that execution is impossible is made as shown in FIG. 10 (b).

When the execution is impossible in this way, it is recognized which key needs to be unlocked to make it executable, and the result is displayed in the execution availability display area 45. Additional processing may be performed. For example, in the case of the above-described specific example, it is necessary to unlock the keys K4 and K5 in order to execute the command of "reading system", so that the display as shown in FIG. 11 may be performed.

The basic structure of the verification work support device according to the embodiment of the present invention and the function of each component have been described above. After all, this support device uses the actual IC card 10 as shown in FIG.
You will have the ability to simulate the process you access. With the support of such a simulation function, the work burden on the verification worker is greatly reduced. First, by using the first processing function of the processing device 60, the security attribute information regarding an arbitrary file can be easily obtained in the display area 44. That is, the operator can obtain the security attribute information as shown in FIG. 9 on the screen only by selecting the desired file with the mouse and clicking.

Moreover, by utilizing the second processing function of the processing device 60, it is possible to easily set an arbitrary unlocking / locking status. For example, in order to realize the unlocked state of the key K1, the operator may double-click to select the key file K1 with the mouse, and to restore the locked state, double-click again. Good. In order to realize such status setting in the actual system shown in FIG. 1, the same code as the personal identification code written in the key file K1 is actually transmitted from the reader / writer device 20 side to the IC card 10 side. There is a need to. By using this support device, it is possible to unlock / lock each key by simply performing a simple operation of double-clicking with a mouse without paying attention to what the actual personal identification code is. Therefore, the verification operator can verify the various key statuses while considering the process actually performed in the actual system shown in FIG.

Furthermore, by utilizing the third processing function of the processing device 60, when an instruction is actually given, it is possible to immediately recognize whether or not the instruction can be executed. As shown in FIG. 9, since the status display area 43 and the security attribute display area 44 are arranged adjacent to each other,
By comparing the two, it is possible to recognize which type of command can be executed with respect to the currently selected file, but this recognition is a process that is performed by the human head. However, false recognition may occur. By using the third processing function, it is possible to surely recognize whether or not it is possible to execute a specific command for a specific file in a specific status.

Further, in the apparatus of this embodiment, it is possible to deactivate the selected key file. That is, the second processing function of the processing unit 60 is not performed on the key file that has been deactivated by the deactivation instruction unit 53. In other words, if a locked key is deactivated, the status will not be unlocked even if the key file is double-clicked and selected. This kind of "deactivation" setting
It can be used to simulate special processes in real-world systems. For example, in a real system, if the user inputs an incorrect PIN code n times in a row, the key is invalidated, and even if the correct PIN is accidentally entered after the (n + 1) th time, In many cases, measures are taken so that the key is not unlocked. To simulate such a special process on this assistive device, a given key file can be "deactivated". In this example, for the key file in the "deactivated" state,
The key file is displayed in a manner that can be distinguished from other key files (for example, a strikethrough is added to the display of the file name).

The verification work described so far can be said, so to speak, a dynamic verification work of the access right to the file. That is, this is a work of verifying the access right set for each file by sequentially simulating the process of accessing the IC card by the reader / writer device, especially the unlocking procedure thereof. In addition to the function of supporting the dynamic verification work as described above, the support device according to the present embodiment can be added with a function of performing a static verification work. This static verification work is a work of verifying all the relationships between the access rights set in each file and the key file, and specifically, the key corresponding to the key indicated by the security attribute information in the storage means 30. This is a work to check whether the file is actually prepared. For example, when the security attribute information as shown in FIG. 6 is set for the data file D3, it is necessary to unlock the keys K1, K4, K5 in order to execute the read system instruction. Therefore, the key files K1, K
If 4 and K5 are not prepared, data file D3
The read-related instruction cannot be executed. In this way, for each file, the static verification work to check in advance whether or not the key file necessary for accessing in each mode is prepared is performed before the above-mentioned dynamic verification work. It is convenient to keep it.

In order to add such a function of static verification work to the support apparatus according to the present embodiment, an area for storing a key file is provided in the storage means 30 in the constituent elements shown in FIG. The processing means 6 determines whether or not the key file corresponding to the key indicated by the security attribute information 32 is prepared in the storage means 30.
It may be configured so that it can be executed by 0.

The present invention has been described above based on the illustrated embodiment, but the present invention is not limited to this embodiment and can be implemented in various other modes. In particular,
The configuration of the present invention shown in FIG. 7 shows the present invention as a block for each functional element, and any hardware or software may be used as long as such a function can be realized.

[0050]

As described above, according to the security verification work support device for an information recording medium according to the present invention, the security attribute information set for each file can be easily confirmed on the display screen and the key for each key can be read. Since the locked / locked state can be easily set, and whether or not a specific command can be executed can be easily recognized, the burden on the verification operator can be greatly reduced.

[Brief description of drawings]

FIG. 1 illustrates a general IC card 10 and a reader / writer device 2
It is a block diagram which shows the state connected to 0.

FIG. 2 is a conceptual diagram showing a state in which a file having a hierarchy is defined in the EEPROM 15.

FIG. 3 is a table showing each command given to the IC card and command group information indicating the grouping thereof.

FIG. 4 is a diagram showing security attribute information about a data file D.

5 is a diagram showing security attribute information about a key file K and a folder file F. FIG.

FIG. 6 is a diagram showing a specific example of security attribute information about a data file D3.

FIG. 7 is a block diagram showing a basic configuration of a verification work support device according to an embodiment of the present invention.

8 is a diagram showing a display example of a file display area 42 in the support device shown in FIG.

9 is a diagram showing a display example of a status display area 43 and a security attribute display area 44 in the support device shown in FIG.

10 is a diagram showing a display example of an executability display area 45 in the support device shown in FIG.

11 is a diagram showing another display example of the executability display area 45 in the support apparatus shown in FIG.

[Explanation of symbols]

10 ... IC card 11 ... I / O device 12 ... CPU 13 ... RAM 14 ... ROM 15 ... EEPROM 20 ... Reader / writer device 30 ... Storage means 31 ... First storage means 32 ... Second storage means 33 ... Third Storage means 40 ... Display means 41 ... Command display area 42 ... File display area 43 ... Status display area 44 ... Security attribute display area 45 ... Executability propriety display area 50 ... Input means 51 ... Command selection means 52 ... Deactivation instruction means 53 ... file selection means 55 ... mouse pointer 60 ... processing means D1, D2, D3, ... data file _{F A, F B, F C} , F D, ... folders files K1, K2, K3, ... key file

Claims (6)

[Claims] 1. At least two of a data file containing data according to a user's purpose and a key file containing a secret code necessary for accessing various files.
It is a device that stores files of different types and supports the security verification work on the information recording medium that is permitted to access the file when the secret code given from the outside and the secret code in the key file match. A first storage means for storing instruction group information indicating a grouping according to the degree of security required for each instruction executed for a file, and an instruction for each group for each file. Second storage means for storing security attribute information indicating a key to be unlocked for execution, third storage means for storing status information indicating an unlocked state of the key at the time of verification work, An instruction display area for displaying all or part of the instructions stored in the first storage means, and an instruction display area stored in the second storage means. File display area for displaying all or a part of the stored files, a status display area for displaying status information stored in the third storage means, and a security attribute for displaying security attribute information for a predetermined file. A display unit having a display area; an instruction selection unit for selecting a specific instruction from the instructions displayed in the instruction display area; and a specific file selected from the files displayed in the file display area. In the first mode or the second mode, and when the file selection unit selects the file in the first mode, the second storage unit for the selected file. A first process of displaying the security attribute information stored in the security attribute display area in the security attribute display area; When the file is selected by the file selection means in the second mode and the selected file is the key file, the status information stored in the third storage means is used as the selected key file. A second process of updating so as to change the unlocked / locked state of the key corresponding to, and a file selection in the first mode by the file selection means, and a command selection by the command selection means. At this time, by referring to the status information stored in the third storage means and the security attribute information about the selected file stored in the second storage means, a selection command is issued to the selected file. And a third process for determining whether or not it is feasible and displaying the result in an feasibility display area further provided in the display means. Security verification supporting apparatus of the information recording medium, characterized in that it comprises processing means for, the. 2. The apparatus according to claim 1, wherein when the processing means determines that the selected instruction cannot be executed by the third processing, which key is further added to enable execution of the selected instruction. A security verification work support device for an information recording medium, characterized by performing additional processing of recognizing whether unlocking is necessary and displaying the result in an executability display area. 3. The apparatus according to claim 1, further comprising deactivation instructing means for deactivating a specific key file, wherein the deactivation state is set in the file display area. The key file is displayed in a manner distinguishable from other key files, and the processing means does not execute the second process for the inactivated key file. Information recording medium security verification work support device. 4. The apparatus according to claim 1, wherein a folder file is defined in addition to the data file and the key file, and the data file, the key file, or another folder file is stored in the folder file. A security verification work support device for an information recording medium, characterized in that a file having a hierarchical structure can be defined by accommodating the files, and status information is defined for each folder. 5. The apparatus according to any one of claims 1 to 4, wherein a mouse is used as file selection means, and a mouse pointer is moved to a file position to be selected displayed in a file display area, Information recording medium characterized in that the selection in the first mode is performed by clicking the mouse button once, and the selection in the second mode is performed by clicking the mouse button twice. Security verification work support device. 6. The apparatus according to claim 1, further comprising a fourth storage unit for storing the key file, wherein the key indicated by the security attribute information stored in the second storage unit. A security verification work support device characterized in that the processing means can execute a fourth processing for judging whether or not a key file corresponding to is prepared in the fourth storage means. .