JPH10111896A - Ic card and its processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable electronic commerce of high security by outputting a 2nd password or its processed signal when an input signal to an IC card matches with a 1st password. SOLUTION: A bank system refers to information regarding EM with an electronic money ID and sends unused passwords i.1 or its processed signal f(passowrd i.1) (f(x): arbitrary function) to the EM. When the sent password i.1 matches with a password i.1 stored in the EM, the EM outputs a password i.2 or its processed signal g(password i.2) and sends it to the bank system. This passowrd i.2 operates equally to a password code. The bank system compares and inspects the sent password i.1 with the internal information regarding the EM to determine that it is the EM with the electronic money ID.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an IC card using non-volatile memory having the same function as money, and more particularly to a system configuration method for realizing high security.

[0002]

2. Description of the Related Art In recent years, there has been a movement to realize electronic money using the Internet or an IC card. Conventionally, merchandise was traded by giving and receiving money,
Electronic money realizes money transfer by data processing on a computer. In this case, the money is replaced with electronic data that is hard to grasp, so that the electronic money system requires further consideration in terms of security.

FIG. 2 shows a conventional cash acquisition method and its security system. Acquisition of cash using the dedicated card 23 (money card) is possible only with the bank's dedicated terminal device 22 (cash dispenser), and the user inserts the dedicated money card into the 22 and inputs a personal identification number. The central processing unit 21 of the bank connected to 22 identifies from the information recorded on the money card and the personal identification number that the payment is not fraudulent, and pays out the requested amount from the user's deposit.

[0004] This system can be simply extended to an electronic money system to build a system in which a user accesses a central processing unit of a bank connected via the Internet and transfers money from his / her account to a customer's account. .

[0005]

However, the above electronic money system has the following problems. (1) The Internet is a generally open communication line, and can also intercept important information regarding a password and a user's account. Once the password is known, others can easily access the user's account. (2) Assuming that the user pays from the terminal after placing the Internet terminal in a store and shopping, the user inputs important information including the personal identification number from the terminal. Providing a strict enclosure, such as a bank dedicated terminal, at the Internet terminal at the storefront is a waste of space, and the flow of customers at the cash register is deteriorated. Without an enclosure, there is a high possibility that others will be able to see your password. (3) Once another person knows the password, there is a possibility that all the deposits will be lost.

An object of the present invention is to provide an IC card using a non-volatile storage device, which can access its own account from a general terminal device connected to a general communication line without inputting a password.

[0007]

As shown in FIG. 1 (a), an IC card serving as electronic money according to the present invention has a password in which a pair of i.1 and i.2 is stored in a nonvolatile storage area thereof. Are held in multiple sets. Instead of inputting a password from the terminal device, a password i.2 is sent from the IC card of the present invention to the bank system, which becomes the password. However, the password i.2 is output from the IC card only when an input signal matching the password i.1 is given to the IC card from the bank system (FIG. 1).
(B)).

The use of the set of passwords i.1 and i.2 is limited to one time. That is, after the password is written in the IC card, the IC cards can be used in place of the personal identification number as many as the set of written passwords.

The set of passwords can be written in the IC card of the present invention only by the bank's dedicated terminal device 32 as shown in FIG. At this time, the user also sets the limit of the amount that can be paid to another account using the set of the plurality of written passwords. That is, the same processing as when the above-mentioned limit is paid to the IC card is performed. Using this IC card, the user makes a payment from the general terminal device 34 placed at a cash register of a store or the like.

In the banking system, as shown in FIG. 4A, an area M for storing information for each IC card which becomes electronic money.
Mx, there are electronic money ID, current IC
A set of passwords written on the card (the basic password is used when making a virtual deposit to electronic money at the dedicated terminal 42, and the passwords 1 to n are used when paying from the electronic money at the general terminal 44); Information on used password, IC before next password rewriting
At least the limit of the amount of money payable from the card (virtual deposit amount of electronic money) and the total deposit amount of the account corresponding to the IC card are held.

FIG. 4B shows an input / output unit of the bank system.
A device X for determining a signal route (bank dedicated line L1 or general communication line L2) is provided. In the discriminating apparatus X, for example, L1 is connected to the 'startup signal generator G1 for the virtual payment program', and L2 is connected to the 'startup signal generator G2 for the payout program'. That is, it is impossible as a hardware structure to use money from the general terminal 44 that is equal to or greater than the electronic money virtual deposit amount.

Reading of a password stored in an IC card is destructive reading in which information is lost once read, as shown in FIG.

[0013] The user's request regarding virtual payment to the electronic money and payment from the electronic money is transmitted to the bank system after being encrypted with the basic password 0.2 and the password i.2, respectively, as shown in FIG. Is also good.

The nonvolatile memory device of the IC card is composed of, for example, a ferroelectric memory, and some or all of a plurality of memory cells connected to the same word line as shown in FIGS.
It has a set of passwords i.1 and i.2.

In reading the password stored in the ferroelectric memory, the potential of the plate is set to, for example, 0 V and the potential of the bit line is set to a potential different from that of the plate, for example, Vcc as shown in FIG. However, when the other memory cells holding the passwords j.1 and j.2 that do not perform reading are connected to the activated word line, the bit line connected to the memory cell is set to the same potential as the plate. , For example, set to 0V.

[0016]

FIG. 1A shows a basic configuration of an electronic money (EM) IC card according to the present invention. A plurality of passwords are held in the nonvolatile storage area NV1 with the passwords i.1 and i.2 (i = 1 to n) as one set. Among the passwords, the basic password is used to enable writing of another password. At the time of writing the password, the amount that can be paid by EM until the next rewriting, that is, the virtual money amount for electronic money is also set. The passwords i.1 and i.2 are used each time payment is made, for example, at a cash register in a store. At this time, the payment record i and the initially set electronic money virtual deposit amount are:
The information may be stored in the EM, but is not essential. Also, the electronic money ID for identifying the EM may be recorded in the EM, or may be input by the user from the terminal.

FIG. 1B shows a procedure for recognizing the electronic money IC card of the present invention, and is an embodiment of the present invention. This procedure has the same effect as inputting a personal identification number to the terminal. First, an electronic money ID is given to the bank system. The bank system refers to the information on the EM of the ID and sends an unused password i.1 or a signal f (a password i.1) (f (x) is an arbitrary function) obtained by processing the unused password to the EM.
When the transmitted password i.1 matches the password i.1 stored in the EM, the EM outputs the password i.2 or a signal g (password i.2) obtained by processing the password i.2, and sends the signal to the bank system. Can be This password i.2 works in the same way as a password. The banking system compares and verifies the transmitted password i.2 with the information on the internal EM and determines that it is the EM of the electronic money ID. When f (password i.1) is transmitted from the bank system to the EM, the passwords i.1 and i.2 are recorded as used in the password information of the bank system. And never used again.

According to the embodiment of the present invention described in FIGS. 1 (a) and 1 (b), it is possible to construct a system similar to the case where a personal identification number is inputted from a terminal and electronic commerce is performed. There are the following advantages as compared with. (1) Password i.2, which is a personal identification number, is used only once. Therefore, in e-commerce using the Internet, for example, even if the password i.2 is intercepted, it is not misused. In order to read out the password i.2 recorded in the EM, the password i.1 is required, and it is difficult to duplicate the EM. (2) Even when used in a public place such as a cash register in a store, the user simply inserts the card into the terminal and does not input the personal identification number from the terminal, so that there is no fear that another person can see the personal identification number. (3) Since the limit of the EM that can be used by the next password rewriting is set, as long as the security at the time of writing the password is perfect as in the example shown later, a large loss is not incurred. That is, the IC card of the present invention can be regarded as completely equivalent to the set limit of money.

FIG. 3 shows an embodiment of the present invention showing an electronic commerce system using the IC card of the present invention and its security system. Bank central processing unit 31
Is connected to a dedicated terminal device 32 via a dedicated line and a general terminal device 34 via a general communication line (such as the Internet). The writing of the password to the IC card of the present invention and the virtual payment (setting of the limit) associated therewith are possible only with the dedicated terminal device 32. That is, 32 corresponds to a conventional cash dispenser. Rewriting of the password is permitted by the recognition operation of FIG. 1B for the basic password. Alternatively, rewriting may be permitted by inputting a password from a terminal, or password recognition may be used together. Payment to another account within the virtual deposit amount of the IC card is performed by the general terminal device 34. Reference numeral 34 is arranged at a cash register of a store, for example, and pays for shopping. Or you can shop at home with a personal computer at home.

According to the embodiment of FIG. 3, since the password rewriting of the IC card is performed using the dedicated line, there is no fear that the password is intercepted and abused during the rewriting. Further, since the dedicated terminal device can be installed in a strict enclosure like a conventional cash dispenser, it is possible to use a password together with rewriting permission. As a result, when the IC card is lost, it is possible to prevent a loss exceeding the virtual deposit amount.

FIG. 4 is an embodiment of the present invention showing a more detailed configuration of the computer system BS of the bank. FIG.
In (a), the BS stores the IC of the present invention in the storage area M.
There is an area MMx for storing information for each card, and an area MMx
x is a set of an electronic money ID and a password currently written in the IC card (the basic password is
Are used when making a virtual deposit into electronic money, and passwords 1 to n are used when paying out from electronic money at the general terminal 44), information on the used password, and IC until the next password rewriting. Limit of amount payable from card (virtual deposit amount of electronic money), IC
At least the total deposit amount of the account corresponding to the card is kept. Furthermore, a user password used for password rewriting and virtual payment at the dedicated terminal 42 and a payment record i when a password i (a set of i.1 and i.2) is used may be held. The BS includes a virtual payment program that operates on the dedicated terminal 42, a payment program and a processing device C that operate on the general terminal 44, and the like. The input / output unit of the BS includes a signal route discriminating device X.
Is provided.

FIG. 4B shows a more detailed configuration example of the discriminating apparatus X. The dedicated line L1 is connected to the 'virtual deposit program' starting signal generator G1 and the general line L2
Is connected to the 'payment program' start signal generator G2. A data buffer D for exchanging data between the dedicated terminal 42 and the general terminal 44 and the BS.
1 and D2. Here, the payment program does not treat the total deposit amount as data. According to the embodiment, changing the total deposit amount from the general terminal 44 is impossible as a hardware structure. Therefore, it is possible to prevent a loss exceeding the virtual deposit amount from occurring for L2, which does not know what signal is sent, and to construct a highly secure system.

FIG. 5 is an embodiment showing a more specific configuration example of the electronic money IC card EM. The input signal In is latched by the input latch L50 in synchronization with the signal RASB and sent to the decoder D50. Then, the passwords i.1 and i.2 stored in the non-volatile storage area NV5
Is read out to the volatile registers R51 and R52. The reading at this time is a destructive reading, and the information of the passwords i.1 and i.2 of the NV5 is lost. As mentioned above,
RASB is used to latch a password selection signal.

On the other hand, the input signal In is latched by the input latch L51 in synchronization with the signal CASB. When the signal WE is at the low level, the output of L51 is sent to the comparison circuit C51 by the read / write switching circuit C50. After the delay in the delay circuit D52, the activation signal S53 is used to compare with the password i.1 already output to R51. If the input signal latched in synchronization with CASB does not match the password i.1, the mismatch signal S
N occurs and R51 and R52 are reset. That is, all information relating to passwords i.1 and i.2 is lost. If they match, a match signal SG is generated, and the password i.2 latched in R52 is sent to the output buffer B32.

After a delay in the delay circuit D33 from the occurrence of SG, a serial output start signal S53 to the outside is generated from the output buffer B32, and the password i.2 is read as the output signal Out. As described above, when the signal WE is at the low level, when the signal corresponding to the password i.1 is input, the operation of outputting the password i.2 is performed.

When WE is at a high level, the output of L51 is supplied to the write amplifier B5 by the read / write switching circuit C50.
Sent to 0. The 16-bit data is R51 / R
The data is first sent to the 16-bit R51 by the 52-switching circuit. Once again, In is fetched in synchronization with CASB and sent to R52 in a similar procedure. In this case, In captured in synchronization with the RASB becomes a write address in the NV5. As described above, when WE is at a high level, a password writing operation is performed.

According to this embodiment, the nonvolatile information of the password is lost once it is read. Here, it is assumed that the disappearance means that the password becomes 0, for example, and that the password is not set to 0. As a result, using the password twice is avoided as a hardware configuration, and electronic commerce can be performed more safely. Also, by repeatedly trying different input signals to the EM, the password i.
Since it becomes impossible to read 1 and i.2, an IC card which is difficult to forge is obtained.

FIGS. 6A and 6B respectively show FIGS.
7 is an operation waveform showing reading of the password i.2 and writing of the passwords i.1 and i.2 in the configuration of FIG. In FIG. 6A, an address Ar is taken in synchronization with the fall of the RASB. Then, the corresponding password selection line Wi is activated, and the password is latched by R51 and R52. In the example of FIG.
Ar may be 10 bits for bits. Top 6 in In
The case where the bit is other than 0 can be used to select an area other than the password (payment recording or the like).

In FIG. 6A, a signal that should match the password i.1 (PWi.1) is latched in L51 in synchronization with the fall of CASB. After a certain time from the fall of CASB, the comparison circuit C51 compares the data of R51 and L51, and if they match, SG goes high. Then, the data of R52 is serially output as Out from B32. When CASB returns to high level, L51
Is also reset to zero. In other words, a circuit that latches only while CASB is at low level and resets it to 0 at high level is used as L51. As a result of resetting L51, a mismatch signal SN is generated at C51,
And R52 are reset. At this point, the information on the passwords i.1 and i.2 is completely lost except for the i.2 data being output. After a certain time from the rise of CASB, C51 becomes inactive again, and Wi also becomes inactive by rise of RASB. Thus, a series of operations of outputting the password i.2 by inputting the password i.1 are completed.

In the password write operation shown in FIG. 6B, first, the address Ar is synchronized with the fall of RASB.
Is taken in. Then, the corresponding password selection line W
i is activated, and it becomes possible to write data from R51 and R52 to the nonvolatile storage area of NV5. The password i.1 is latched in L51 in synchronization with the first fall of CASB. Then, it is sent to R51, and the password i.1 is written to NV5. The password i.2 is latched in L51 in synchronization with the next fall of CASB. Then, it is sent to R52, and the password i.2 is written to NV5. Thus, the writing of the password i.1 and the password i.2 into the NV5 is completed.

According to the method shown in FIG. 6B, there is a risk that the EM password can be arbitrarily rewritten. In this case, since the rewritten password does not match that of MMx in FIG. 4, no forgery problem occurs, but it is equivalent to losing the virtual deposit amount. In order to prevent this, for example, when the coincidence signal SG of C51 becomes a high level, a volatile register that reverses from 0 to 1 is provided, and only when this register is in the 1 state, WE is internally at a high level. What is necessary is just to comprise EM so that it may become.

FIG. 7 shows a configuration in which the reliability of the IC card of the present invention is further enhanced. At the time of virtual payment to the electronic money IC card, information about the virtual payment is once
The data is written to the nonvolatile storage area NV7 of the C card. After that, a basic password of 0.
When 1 is given, the encryption circuit C71 inside the IC card
Encrypts the information about the virtual deposit with the basic password of 0.2 and sends it to the bank system. Similarly, at the time of payment from the electronic money IC card, information regarding the payment is temporarily written to the nonvolatile storage area NV7 of the IC card. Thereafter, when the password i.1 is given to the IC card from the bank system, the C71 encrypts the payment information with the password i.2, and then sends it to the bank system.

According to the embodiment of the present invention, (1) a signal to be communicated is encrypted with a password which cannot be known to an outside person, so that high confidentiality of information is maintained. The information about the virtual deposit and the payment written in the NV 7 has the same function as the receipt, so that even if a trouble occurs, it is possible to solve the problem promptly.

FIGS. 8 to 11 show a more specific configuration example of the NV5 and R51, R52 in FIG.

FIG. 8 shows the nonvolatile storage area NV in FIG.
5 is an embodiment of the present invention in which the basic units of the register 5 and the registers R51 and R52 are realized by a ferroelectric memory array.
As shown in FIG. 9, NV8 (1) and R8 in FIG.
As shown in FIG. 5, there are 32 basic units having the same configuration as (1).
32K bit NV5 and each 16 bit R5
1, R52 can be configured.

In FIG. 8, one memory cell, for example, M (1, 1) is composed of two ferroelectric capacitors connected to complementary bit line pairs BL1 / BB1 via transistors. NV (8) has four bit line pairs. As shown in the operation waveforms later, when one word line, for example, W1 is selected, only the memory cells connected to one of the four bit line pairs, for example, M (1, 1) are read / written. Each bit line pair has a precharge potential VP
Precharge circuits PC1 to PC4 for supplying C are provided. PC1 to PC4 are controlled by signal lines PS1 to PS4. In a read / write operation, one of the four bit line pairs is connected to R8 (1) by signal lines SH1 to SH4. R8 (1)
Is provided with a precharge circuit PC0 for supplying the power supply voltage Vcc to the bit line pair BL0 / BB0, a sense amplifier SA0, an output inverter, and a capacitor C0 for unbalancing the BL0 / BB0. Here, PC0 is controlled by a signal line PS0. At the time of re-reading after destructive reading of memory cell information, C0 is always set to 0 on the BL0 side.
Provided to become. Although FIG. 8 shows an example in which the memory cell is configured by two ferroelectric capacitors, the memory cell is configured by one ferroelectric capacitor.
A transistor 1 capacitor configuration may be used. In this case, C0 is unnecessary.

According to the embodiment of the present invention shown in FIGS. 8 and 9,
By activating one word line, the passwords i.1 and i.2 can be latched into the respective registers at once, so that the operation can be performed at high speed and with low power consumption. Also, a part of the memory cells connected to one word line, for example, a quarter
Since only the memory mat is selected, the memory mat can be configured to be closer to a square, and the layout becomes easier. That is, for example, 1K word lines and 32 bit lines
The same function can be realized by a configuration in which the word line is 256 and the bit line is 128.

FIG. 10 shows a read operation waveform in the configuration of FIG. 8 when the password i.1 stored in the memory cell is latched in R51 for the input PWi.1 that matches the password i.1. When WE is at the low level, the plate potential VPL and the precharge potential VPC are set to the ground potential Vss. In synchronization with the fall of the RASB, the addresses of the passwords i.1 and i.2 to be selected, for example, A1 are taken in, and after decoding, the word line W
1 is activated. During a decoding operation of the selected word line, a bit line pair connected to the selected memory cell, for example, BL
1 / BB1 stops VPC supply by PS1 and S
H1 connects to BL0 / BB0 of R8 (1). As a result, BL1 / BB1 is precharged to Vcc by PC0. Note that PS2 to 4 and SH2 to 4 remain at the high level, and therefore BLi / BBi (i =
2-4) remain fixed at Vss. BL1 / BB
When 1 is precharged to Vcc, a floating state is set by PS0. Thereafter, decoding of the selected word line ends, and W1 is activated. VPL is Vss, BL1
Since / BB1 is Vcc, an electric field is applied to the ferroelectric capacitor, and a potential difference occurs between BL1 / BB1. This is W
This is because the polarizations of the two ferroelectric capacitors of M (1,1) were set in opposite directions before one activation. After the activation of W1, the polarization directions of the two ferroelectric capacitors are aligned, and the nonvolatile information is lost at this point. Then, when M (1, 1) is accessed next by the function of C0, BL0 always becomes 0. The potential difference between BL1 / BB1 is read out by activating SA0 by SAN. Then, while SAN is at the high level, the signal is latched at SA0, and the output T / B is output from the comparison circuit C5 of FIG.
Sent to 1. When CASB goes low,
PWi.1 is captured and compared with the output T / B. Thereafter, the reset signal of R51 is generated according to the procedure described with reference to FIG. 6, and PS0 and SAN are changed to low level. BL
0 / BB0 and BL1 / BB1 are again precharged to Vcc. Finally, when RASB returns to high level, PS
1, SH1, and W1 also return, and a series of operations ends. While W1 is activated, BLi / BBi (i = 2
-4) are the same Vss as VPL, and therefore M (1
i) The nonvolatile information of (i = 2 to 4) is not read out and is not destroyed.

According to the embodiment, since the information is lost by performing the read operation of the nonvolatile information, the same effect as that described in FIG. 5 can be obtained. Also, for example, in a configuration in which the word line is 1K and the bit line is 32,
6. Since the same function can be realized with a configuration in which the number of bit lines is 128, the layout becomes easy.

FIG. 11 shows that the password i.1 is stored in the memory cell.
9 shows operation waveforms in the configuration of FIG. 8 when writing i.2 and i.2. WE is set to high level, and VP
L and VPC become Vcc / 2. The address of a memory cell to be written, for example, A
1 is taken in, and after decoding, the word line W1 is activated. During the decoding operation of the selected word line, the bit line pair connected to the selected memory cell, for example, BL1 / BB1,
VPC supply is stopped by PS1, and R8 is
It is connected to BL0 / BB0 of (1). At this time, PS0
Also makes PC0 inactive, so BL0 / BB
0 and BL1 / BB1 settle to an appropriate potential due to capacitance division. When SAN is set to high level, the BL1 side is latched to low level by the action of C0. Alternatively, the read operation has not been performed on the memory cell yet,
If the reset has not been performed, the retained nonvolatile information is also involved, so that BL1 can be at either a low level or a high level. FIG. 11 shows a case where the reset has already been performed, and BL1 for R51 and BL1 (BL65 in FIG. 9) for R52 are separately shown. The signals PWi.1 and PWi.2 of the password i.1 and the password i.2 are fetched corresponding to the first and second falling edges of the CASB, respectively, and the write is performed to the SA0 by the write amplifier B51 in FIG. Done. At this time, W1 is activated and VPL
Is Vcc / 2, nonvolatile information is written into M (1, 1) (the polarization direction of the ferroelectric capacitor is set). When RASB returns to a high level and WE returns to a low level, a series of operations ends. While W1 is activated, BLi / BBi (i = 2 to 4) is V
Vcc / 2, which is the same as PL, so that M (1i) (i
= 2-4) is not destroyed.

FIG. 12 shows a circuit example of the latch L51 in FIG. N-channel with the input connected to the gate on one side as the source resistance of the flip-flop circuit
The MOS transistor is connected on the other side to an n-channel MOS transistor having a gate connected to the reference potential Vref. The two n-channel MOS transistors have the same size and characteristics. When the CASB inverted signal S32 is at a low level, the two nodes of the flip-flop circuit are short-circuited to a high level, so that both the output T and the output B are at a low level. When S32 becomes high level,
The flip-flop circuit operates, and a difference occurs between the output T and the output B due to the difference in the source resistance. Input is Vref
If higher, the output T is latched high and Vre
If it is lower than f, it is latched at low level. As described above, the characteristic of L51 in FIG. 5 can be realized.

[0042]

According to the IC card of the present invention, it is possible to construct a system similar to a case where an electronic commerce is performed by inputting a personal identification number from a terminal, and furthermore, an electronic commerce that cannot be misused even if the communication information is intercepted is possible. Becomes Also, it is difficult to forge,
Even if lost, an electronic money IC card with a small amount of damage can be obtained.

According to the password rewriting method for an IC card of the present invention, it is possible to perform high-security electronic commerce in which it is difficult for a password to be intercepted during rewriting or for others to rewrite without permission.

According to the method of configuring a banking system relating to electronic commerce of the present invention, it is impossible to rewrite the contents of another person's account by a communication line, and electronic commerce with high security can be performed.

According to the method for reading a password in an IC card of the present invention, electronic commerce with high security is possible, and forgery of the IC card is difficult.

The contents of the electronic commerce recorded on the IC card are
ADVANTAGE OF THE INVENTION According to the communication method of this invention which transmits after encrypting with the password in a C card, there exists an effect that an electronic commerce as specified by the user is performed reliably.

According to the IC card of the present invention having a ferroelectric memory, the layout of the ferroelectric memory array becomes easy, and an IC card which is easily designed can be obtained.

According to the method of reading an IC card of the present invention having a ferroelectric memory, electronic commerce with high security is possible, and it is difficult to forge the IC card.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram of a basic configuration and a recognition operation of an IC card of the present invention.

FIG. 2 is an explanatory diagram of a conventional security system using a password input.

FIG. 3 is an explanatory diagram of the security system of the present invention extended to a general communication line.

FIG. 4 is a block diagram of a system configuration in which the IC card of the present invention is used.

FIG. 5 is a block diagram of the IC card of the present invention.

FIG. 6 is an explanatory diagram of a password output operation and a write operation in FIG. 5;

FIG. 7 is an explanatory diagram of an IC card of the present invention in which electronic commerce data is transmitted after being encrypted with a password.

FIG. 8 is a circuit diagram of a basic unit of a nonvolatile storage area in the IC card.

FIG. 9 is an explanatory diagram of a nonvolatile storage area in an IC card constituted by the basic unit of FIG. 8;

FIG. 10 is an explanatory diagram of a password reading operation in FIG. 8;

FIG. 11 is an explanatory diagram of a password writing operation in FIG. 8;

FIG. 12 is a circuit diagram of a latch L51 in FIG. 5;

[Explanation of symbols]

EM: Electronic money IC card, NVi: Non-volatile storage area.

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁶ Identification code FI G07G 1/12 321 G07D 9/00 476 G07F 7/08 B

Claims (9)

[Claims] In an IC card having a rewritable nonvolatile storage area, a password set including two passwords as one set is stored in the storage area,
When the input signal to the C card matches one of the first passwords, a control circuit for outputting a second password or a signal obtained by processing the second password is provided.
C card. 2. The IC according to claim 1, wherein said password set is plural and said IC is used to generate said output signal.
A processing device for providing an input signal to a card is an IC card processing device that generates an input signal to the IC card only once per one password set. 3. The processing device according to claim 2, wherein the processing device accesses the IC card via a terminal device connected to the processing device via a communication line, and the processing device receives the output signal from the IC card. The first communication line is an IC card processing device which is physically different from the second communication line when writing the password set in the IC card. 4. An IC card processing apparatus according to claim 3, wherein said first communication line is the Internet. 5. The IC card according to claim 3, wherein said processing device determines whether the communication signal to said processing device has passed through said first or second communication line. Processing equipment. 6. The IC card according to claim 1, wherein the stored information of the password is lost once it is read. 7. The data processing system according to claim 3, wherein when the terminal device instructs the arithmetic processing in the processing device, data necessary for the arithmetic processing is temporarily written to a nonvolatile storage area of the IC card, and When an input signal corresponding to the password is given to the IC card, an encryption device provided in the IC card encrypts the data written in the IC card using the second password as a key, and A processing device for an IC card for outputting a conversion signal from the IC card to the processing device. 8. The nonvolatile memory area according to claim 6, wherein said nonvolatile memory area comprises a plurality of memory cells arranged in a matrix at an intersection of a plurality of word lines and a plurality of bit lines intersecting said plurality of word lines. Is composed of a ferroelectric capacitor and a field-effect transistor. The password set stored in the IC card is plural, and memory cells holding information of the same password set are connected to the same word line. IC card. 9. The bit line according to claim 8, further comprising: means for supplying first and second voltages to said bit line, wherein said bit line intersects a selected word line connected to a selected memory cell to be read. The potential of the bit line connected to the selected memory cell is set to the first potential, the potential of the plate of the ferroelectric capacitor of the selected memory cell is set to the second potential, and connected to memory cells other than the selected memory cell. The potential of the bit line is set to the second potential, the potential of the plate of the ferroelectric capacitor of the unselected memory cell is set to the second potential,
An IC card wherein a potential of a plate of a ferroelectric capacitor of a memory cell connected to the selected word line is constant while the selected word line is activated.