JPH0935030A - Portable information recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To increase the security of the right to access an IC card. SOLUTION: This medium is composed of an instruction executing means 2 which executes instructions, a 1st storage means 31 which stores a plurality of certified data, a 2nd storage means 32 which stores data, a 3rd storage means 33 which stores access control information, requiring a plurality of times of certification using the certified data at the time of access to the 2nd storage means 32, having specific certifying methods, a frequency of successive certification success, and the order of the certification methods, and allowing access on condition that certification is successful at least twice, corresponding to the storage area of the 2nd storage means 32, a 4th storage means 34 which stores certification history having certifying method for executed certification requests, a frequency of successive certification success, and the order of the certification methods, and an access control means 4 which allows access, instruction by instruction, when the certification history as the result of the certification requests from the instruction executing means 2 satisfies the access control information.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable information storage medium represented by an IC card or the like, and more particularly to a portable information storage medium with high security that prevents unauthorized access to a memory area requiring authentication.

[0002]

2. Description of the Related Art An internal CPU represented by an IC card
The information storage medium having a built-in memory can give various instructions to the CPU from the outside to perform various calculations, condition judgments, etc., in addition to operations such as writing and reading data to and from the memory. Then, for the data for which security is to be ensured, the access right to the memory area in which the data is stored is set, and the password, the encryption key, and the like are collated with predetermined authentication data to prevent the data from being illegally accessed. Protects.

[0003]

However, in order to obtain an access right such as recording / reading of data to / from a certain memory area, a single authentication method is used to collate with a single authentication data only once. In such a valid authentication method, there is a risk that a fraudulent person may analyze the legitimate authentication method and the legitimate authentication data by trying a large number of authentication methods and a large number of authentication data. Therefore, by using not only one but also a plurality of authentication data used to obtain a certain access right,
A final access permission is also obtained based on a combination result of a plurality of logical sums and logical products.
However, since this is also a simple combination of the above single cases, there is a limit to the improvement in security. In particular, since it is an access permission condition that does not include a time element such as a logical sum or a logical product, no protection has been given to authentication in an abnormal order that is likely to occur in an illegal analysis. Therefore, there is a problem that the conventional authentication method cannot ensure high security. Therefore, an object of the present invention is to provide a portable information storage medium that can ensure a high degree of security.

[0004]

In order to solve the above problems and achieve the object, a portable information storage medium of the present invention stores command execution means for executing a command from the outside and a plurality of authentication data. A portable information storage medium comprising a first storage means and a second storage means for storing usage data,
When accessing the area in the second storage means that requires authentication, such as writing or reading data, the authentication data stored in the first storage means is required to be authenticated a plurality of times. The authentication data to be used with the method, the number of consecutive authentication successes by the authentication method, and the order of the authentication methods in the case of a plurality of authentication methods, the access control information having at least two successful authentications as an access permission condition. A third storage means for storing the area corresponding to the two storage means;
Of the authentication requests made to access the area of the second storage unit that requires authentication, at least the authentication request that has been successfully authenticated is the authentication method, the number of consecutive successful authentications of the authentication method, and the plurality of authentication methods. Fourth storage means for storing the authentication history including the order of the authentication method when used, and fourth authentication means for the authentication request from the command execution means. And an access control unit that permits access to a desired area of the second storage unit for each command of the command execution unit only when the authentication history satisfies the access permission condition defined by the access control information. Prepared for configuration.

Further, in the above portable information storage medium,
The access control information stored in the third storage means is the control information that sets the access permission condition to the success of all the authentication requests in a series, and if even one unsuccessful authentication request occurs, the access control means. Is also the one that does not allow access. Further, in each of the above portable information storage media, the area of the second storage means that requires authentication is a file.

Further, in each of the above portable information storage media, when the access for rewriting the authentication data stored in the first storage means is performed, like the access to the area in the second storage means requiring the authentication, The authentication data stored in the first storage means, which is other than the authentication data to be rewritten, requires a plurality of times of authentication, the authentication data used with the authentication method, and the number of consecutive successful authentications by the authentication method. Further, in the case of using a plurality of authentication methods, the second access control information including the order of the authentication methods and having at least two successful authentications as an access permission condition is stored in association with the authentication data of the first storage means. Further, the fourth storage means further has at least authentication succeeded in the authentication request made to access to rewrite the authentication data. For the certificate request, an authentication history including an authentication method, the number of consecutive successful authentications of the authentication method, and the order of the authentication methods when a plurality of authentication methods are used is stored, and the access control unit further includes an instruction execution unit. In response to the authentication request from, the authentication history of at least the authentication request that has been successfully authenticated is stored in the fourth storage means, and only when the authentication history satisfies the access permission condition defined by the second access control information, It is also configured to permit rewriting of desired authentication data in the first storage means.

Further, in each of the portable information storage media, the second access control information stored in the fifth storage means is the control information which is an access permission condition that all the series of all authentication requests are successful. The access control means does not permit access if any one of the authentication requests fails.

Further, in each of the above portable information storage media, the area of the second storage means that requires authentication is a file.

[0009]

BEST MODE FOR CARRYING OUT THE INVENTION An embodiment of the portable information storage medium of the present invention will be described in detail below as an example.

First, FIG. 1 is a block diagram of an embodiment of a portable information storage medium of the present invention. The portable information storage medium 1 includes a command execution unit 2 that executes a command given by the external device 5 and a first storage unit 31 that stores authentication data.
The second storage means 32 for storing the usage data, the third storage means 33 for storing the access control information corresponding to the area of the second storage means, and the authentication request executed when the authentication request is made. A fourth storage unit 34 that stores an authentication method, an authentication history that includes the number of successful successive authentications in the authentication method, and an execution order of the authentication method, and an authentication history that is stored in the fourth storage unit are stored in the third storage unit. Access control means 4 for permitting access to a desired area of the desired second storage means for each individual command from the command execution means when the authentication history satisfies the access control information. Further, in the example of FIG. 1, when the rewriting access of the authentication data stored in the first storing means is performed, the fifth storing means 35 for storing the second access control information corresponding to the authentication data to be rewritten is also provided. ing.

FIG. 2 is a conceptual diagram showing the device configuration of the portable information storage medium of the block diagram illustrated in FIG.
In FIG. 2, a portable information storage medium 1 of the present invention has a CPU (Central Processes) as an arithmetic and control unit.
centering on the Sing Unit (ROM) 12 and a ROM (Read Only M) that stores CPU operation programs and the like.
memory 14, RAM (Ra) as a working memory
end access memory (EEPROM) 15, an EEPROM (Electri) as a storage memory for various data
cally Erasable and Program
(mmableRead Only Memory), and components such as a connection terminal 11 for electrically connecting to the external device 5. The instruction executing means and the access control means are realized by the CPU 12, and the operation programs of these means are stored in the ROM 14. The third storage means for storing the authentication history is the RAM 15, the first storage means for storing the authentication data, the second storage means for storing the usage data, the third storage means for storing the access control information, and the second storage means. The fifth storage means for storing the access control information of is implemented by the EEPROM 13.

First, the access requiring the authentication of the second storage means will be described below. Based on this, the authentication for the access for rewriting the authentication data will be described.

First, the usage data stored in the second storage means is data other than the authentication data that is actually read and written under the usage environment. Here, it is stored in the area of the concept of a file as shown in FIG. It (Of course, the data storage area is not limited to the concept of a file.) The authentication data may also be stored in the area of the concept of a file. In the example of FIG. 3, two areas, file 1 and file 2, are shown as the storage areas of the second storage means for storing the usage data. Each of the files 1 and 2 has a file attribute, a position in the storage area of the file, a size, and an access control table AC to be referred to when an access right to the file is obtained.
T (Access Control Table) is determined for each file. It is necessary to obtain ACT1 authorization for file 1 and ACT2 authorization for file 2.

Access control information is stored in the access control table ACT. The access control information is, as access permission conditions for granting an access right to a predetermined storage area, the authentication method used by the authentication request, the authentication data used, the number of consecutive authentication successes by the authentication method, and further multiple authentications. When the method is used, the information includes the order of the authentication methods. FIG. 4 is a specific example of this, and for accessing a certain file (for example, file 1 in FIG. 3)
In order for the command executing means to execute the READ command or the WRITE command, an authentication request satisfying a predetermined access permission condition is issued, and it is indicated that authentication by the access control means is required.

In the figure, in order to obtain the authentication of the READ command, first, an authentication method "method A" [actually, for example, a code "00" is recorded as the method number as shown in the figure] is used. The request is made to the access control means, the authentication is successful once (that is, the authentication method is independent), the authentication permission is obtained (that is, the authentication is successful), and then the “method B” [ The authentication request of the code "01"] is required, the authentication method B succeeds twice in succession (that is, the authentication permission of the authentication method alone is obtained twice in succession), and then , “Method C” [code “02”] is used to request an authentication request, the authentication is successful three times in succession, and the READ command is executed only after the authentication is successful six times. Indicates that you can get access There. In addition, if these are shown by a code string,

[00], [01], [01], [02],
[02] and [03]. Although the relationship with the authentication data is not shown in the drawing, the information designating the authentication data to be used is stored as one of the access control information corresponding to the authentication method. For example, if the authentication method is "method A", "method A" uses authentication data A, and if "method B", authentication data B is used. However, one method does not use only one authentication data. Also, regarding the authentication method,
Password authentication using password, D using secret key
ES (Data Encryption Standard)
rd), RSA (Rivest-Sha) using the public key
A mir-Adleman) encryption system and the like are known.

Similarly, in order to obtain the authentication of the WRITE command in the figure, first, the authentication method "method B" succeeds twice in succession, and then the authentication method "method C" succeeds once, and further. Next, it shows that the access right is obtained by succeeding four times consecutively by the authentication method "method B" and succeeding by the other authentication methods.

Note that, for example, the number of successful authentications is "continuous 2
“Twice” means that the number of consecutive authentication requests by the authentication method is two, and that authentication must succeed in all of them, and anyway, if the authentication succeeds twice, that There is a meaning that authentication does not have to be successful before and after. The former is more strict, the latter is looser, and the former is more secure. In addition, it is not "two times in a row", but simply "2
There may be a method of defining the access permission condition of "times", but in this case, it means that there may be an unsuccessful authentication request between two successful authentication requests, which is not preferable because of low security. Further, although the above is about the success or failure of the authentication in the single authentication method, the same can be said when the plurality of authentication methods are used. That is, it suffices if each method succeeds in authentication once, but if method A, method B, and method D (skipping method C) are the permission conditions in that order, then method A, method B, and success. Then, the authentication request is issued by the method C (of course, since the authentication method of the method D is desired at this time), the authentication is unsuccessful, but if the method D is succeeded next, , If only success is taken up, it matches the permit conditions. Therefore, when a plurality of authentication requests are the access permission conditions, if even one of the issued authentication requests is unsuccessful, the condition of not permitting is the most secure and preferable. However, in the process of the authentication request which will be described specifically, the case where all the most strict authentications succeed in succession will be taken up.

5 to 10 are diagrams for explaining the authentication request made to obtain the access right of the READ command of FIG. 4 step by step. The authentication history stored in the fourth storage means as the authentication history is shown in FIG. Shown for each number of executed authentication requests. In this case, I never made any mistakes.
This is an example in which the authentication request is made up to the sixth step and the access permission condition is satisfied for the first time.

First, FIG. 5 is a diagram for explaining the first stage of authentication. The first authentication request executed is "method A", and method A is the authentication method specified as shown in FIG. Since the first authentication request of the method A is successful, the authentication history shows a state in which “method A: number of times 1”, the authentication method and the number of (continuous) successes by the authentication method are stored. And
At this stage, the access control means compares and verifies whether or not the authentication history satisfies the access control information stored in the third storage means, and since it is not satisfied, the access is still permitted to the command execution means. do not do. When the authentication request is executed by the authentication method of method A, the authentication data that may be correct is sent to the access control means together with the specification of method A as described above, and the authentication data is compared and collated with the authentication data specified by the access control means. That is, the instruction control means executes the content verify instruction. Next, FIG. 6 is a diagram for explaining the second step of the authentication. The second authentication request executed is “method B”, and method B is the authentication method designated as shown in FIG. Since the first authentication request of B has succeeded, the authentication history shows “method A: number of times 1” in FIG. 5 as “method A:
Number of times 1, method B: number of times 1 ”is shown instead of the authentication method, the number of consecutive successes by the authentication method, and the order of each authentication method. Then, the access control means again verifies whether the authentication history satisfies the access control information, and as a result, the access is not permitted yet. Next, FIG. 7 is a diagram for explaining the third stage of authentication, the third authentication request executed is also “method B”, method B is the designated authentication method, and the second method Since the authentication request succeeded to B, the authentication history stores “method A: number of times 1, method B: number of times 2”, the authentication method, the number of consecutive successes by the authentication method, and the order of each authentication method. Indicates the status. Then, since the authentication history does not satisfy the access control information, access is not permitted yet.

Further, FIG. 8 is a diagram for explaining the fourth stage of authentication. The authentication request executed fourth is “method C”, and method C is the specified authentication method. Since the first authentication request of method C was successful, the authentication history is “method A: number of times 1, method B: number of times 2, method C: number of times 1”, the authentication method and the number of consecutive successes by the authentication method,
The state in which the order of each authentication method is stored is shown. Similarly, FIG. 9 is a diagram for explaining the fifth step of the authentication. The fifth authentication request executed is also “method C”, and the method C is the specified authentication method and the fourth time. Since the authentication request succeeded to the method C, the authentication history shows the stored state as “method A: number of times 1, method B: number of times 2, method C: number of times 2”. Next, FIG. 10 is a diagram for explaining the sixth step of authentication, in which the authentication request executed sixth is also “method C”, and method C is the specified authentication method and the fifth time. Since the authentication request succeeded to the method C, the authentication history is “method A: number of times 1, method B: number of times 2, method C:
The number of times 3 ”, the number of consecutive successes by the authentication method, the authentication method, and the order of each authentication method are stored. Then, the access control means confirms that the authentication history satisfies the access control information stored in the third storage means, and allows the instruction execution means to access the predetermined area for the first time.

If an unsuccessful authentication request occurs in the middle of the above authentication step, in the case of this embodiment, the subsequent authentication requests are not evaluated and access is denied. In order to access again, the access right cannot be obtained unless the authentication request is made again from the beginning by the correct and specified authentication method.

Next, the same thing as described above can be performed for the access for rewriting the authentication data by using the second access control information stored in the new fifth storage means. This is because the person who can change the password is limited to those who have the privilege when actually using the portable information storage medium, for example, for the need to change the personal password during use. It is what you need. When the authentication data is used for accessing the usage data, the second access control information is not used because only the authentication data is read and no authentication is required. The characteristic information storage medium of the present invention is characterized by access authentication, and may be used only for accessing the usage data in the second storage means, but is the same for rewriting the authentication data. By making the authentication required, the information storage medium can be made more sophisticated.

The second access control information for the authentication data has exactly the same relationship between the usage data and the access control information for the usage data. However, the access control information for the usage data defines access permission conditions for each instruction such as READ and WRITE commands, but the second access control information defines access permission conditions for only the rewrite command. is there. Similarly,
The fourth storage means for storing the history information also stores the authentication history for the rewriting access of the authentication data stored in the first storage means, and the access control means further stores the authentication data for rewriting access. The access control information to be compared with the authentication history is the second access control information stored in the fifth storage means. Further, even in the access for rewriting the authentication data, if an unsuccessful authentication request occurs in the middle of the authentication step, in the case of this embodiment, the subsequent authentication request is not evaluated and the access is denied. Allow it. In order to access again, the access right cannot be obtained unless the authentication request is made again from the beginning by the correct and specified authentication method.

The operation of the portable information storage medium of the present invention having the above-mentioned structure will be described below.

In the portable information storage medium of the present invention, an instruction is given from the outside and the instruction executing means executes the instruction. At this time, in the data storage area in which the utilization data of the second storage means is stored, When accessing an area such as a file that requires authentication such as writing or reading data, a plurality of authentications using the predetermined authentication data stored in the first storage unit are obtained. It is a mechanism that you can not access it until after. The authentication mechanism is also a feature of the present invention, in which the command execution means uses an external command to access the access control means when accessing an area requiring authentication in the storage area of the second storage means. It is necessary to issue an authentication request, obtain authentication from the access control means, and acquire an access right. Therefore, the access control information, which is the access permission condition when the access control unit permits the access, is stored in advance in the third storage unit in association with the area of the second storage unit to be accessed.
The access control information includes, for the authentication method executed by the authentication request issued from the command execution means, authentication data used with a prescribed authentication method and the number of consecutive successful authentications by the authentication method, and an authentication method when there are a plurality of authentication methods. , Which includes the order of authentication as the access permission condition. On the other hand, for the authentication request that is actually made, at least every time the authentication request is executed, The access control unit sequentially stores the authentication history including the authentication method and the number of times of continuous authentication success of the authentication method, and when a plurality of authentication methods are used, in the fourth storage unit. Then, the access control means permits access to a desired area of the second storage means for each instruction of the instruction execution means only when the authentication history satisfies the access permission condition defined by the access control information.

Further, the above-mentioned authentication method in the case of accessing the area requiring the authentication of the second storage means is, if necessary, for rewriting the authentication data itself of the first storage means. Is done in the same way. In this case, the same operation as when the second access control information newly stored in the fifth storage unit corresponding to the authentication data is regarded as the same source as the above-mentioned access control information is performed. Be seen.

[0027]

According to the portable information storage medium of the present invention,
The authorization condition for the authentication request is not only the logical product or the logical sum that is not related to the temporal order as in the past, but the temporal order in which the authentication request is executed is also adopted as the authorization condition. On the other hand, it is possible to obtain a high level of security that makes it difficult for unauthorized access. Also, excellent security can be obtained in terms of giving access permission individually for each instruction. Further, since the order of the authentication procedure of access permission is managed on the side of the storage medium, illegal analysis from the outside becomes more difficult. Also, carrier (person, device)
With regard to authentication, security can be further enhanced by combining password authentication and encryption authentication multiple times.

[Brief description of drawings]

FIG. 1 is a block diagram of an embodiment of a portable information storage medium of the present invention.

FIG. 2 is a conceptual diagram of an embodiment of a device configuration of a portable information storage medium of the present invention.

FIG. 3 is a diagram showing an example of a file as a data storage area and its file attributes.

FIG. 4 is a diagram showing an example of access control information of a file.

FIG. 5 is a diagram showing an authentication history in the first stage of an authentication request for a certain file.

FIG. 6 is a diagram showing an authentication history in the second stage of the authentication request.

FIG. 7 is a diagram showing an authentication history in the third stage of the authentication request.

FIG. 8 is a diagram showing an authentication history at the fourth stage of the authentication request.

FIG. 9 is a diagram showing an authentication history at the fifth stage of the same authentication request.

FIG. 10 is a diagram showing an authentication history in a sixth step of the same authentication request.

[Explanation of symbols]

 1 Portable Information Recording Medium 11 Connection Terminal 12 CPU 13 EEPROM 14 ROM 15 RAM 2 Command Execution Means 31 First Storage Means 32 Second Storage Means 33 Third Storage Means 34 Fourth Storage Means 35 Fifth Storage Means 4 Access Control Means 5 External equipment

Claims (5)

[Claims] 1. A portable information storage medium comprising: an instruction executing means for executing an external instruction; a first storage means for storing a plurality of authentication data; and a second storage means for storing usage data. , When accessing the area in the second storage means that requires authentication, such as writing or reading data, requires multiple times of authentication using the authentication data stored in the first storage means, The access control information including the authentication data used with the authentication method, the number of consecutive authentication successes by the authentication method, and the order of the authentication methods in the case of using a plurality of authentication methods, the access control information having at least two successful authentications as an access permission condition, At least the authentication succeeds, out of the third storage unit that stores the area corresponding to the second storage unit and the authentication request made to access the area of the second storage unit that requires authentication. The authentication request, the number of consecutive authentication successes of the authentication method, and the order of the authentication methods when a plurality of authentication methods are used, the fourth storage means for storing the authentication history, and the command execution means. The authentication history of at least the successful authentication request is stored in the fourth storage means, and the second storage is performed only when the authentication history satisfies the access permission condition defined by the access control information. A portable information storage medium, comprising: access control means for permitting access to a desired area of the means for each instruction of the instruction executing means. 2. The access control information stored in the third storage means is control information that sets an access permission condition that all series of all authentication requests are successful, and even one unsuccessful authentication request occurs. The portable information storage medium according to claim 1, wherein the access control means does not permit the access. 3. The authentication stored in the first storage means when accessing to rewrite the authentication data stored in the first storage means, similarly to the access to the area in the second storage means requiring authentication. When data is authentication data that requires authentication multiple times using authentication data other than the authentication data to be rewritten, the authentication data used with the authentication method and the number of consecutive successful authentications by the authentication method, and the case of using more than one authentication method Further includes a fifth storage unit for storing the second access control information including the order of the authentication methods and having at least two successful authentications as an access permission condition in correspondence with the authentication data of the first storage unit. The fourth storage means further includes an authentication method and the authentication method for at least an authentication request that has been successfully authenticated among the authentication requests made to access to rewrite the authentication data. The authentication history is stored, which includes the number of consecutive successful authentications of the above, and the order of the authentication methods when a plurality of authentication methods are used. The access control means further authenticates at least the authentication request from the command execution means. The authentication history of the successful authentication request is stored in the fourth storage means, and only when the authentication history satisfies the access permission condition defined by the second access control information, the desired authentication data of the first storage means is stored. The portable information storage medium according to claim 1 or 2, wherein rewriting is permitted. 4. The second access control information stored in the fifth storage means is control information that sets an access permission condition that all series of all authentication requests are successful, and there is one unsuccessful authentication request. Even if it happens, the access control means does not permit the access.
The portable information storage medium described. 5. The portable information storage medium according to claim 1, wherein the area of the second storage means that requires authentication is a file.