JPS62177693A - Illegal registration preventing system for identifying data - Google Patents

Abstract

PURPOSE:To prevent the unfair registration of an identifying code by a dishonest person by confirming the legality and the illegality of the person to execute the writing to a card with the temporary identifying data stored in a card, at the time of the identifying data of a password number, etc., are registered to a card. CONSTITUTION:A card issuing machine 2 generates and outputs the identifying information to identify own device and identifying data PIN 1. A card issuing machine 3 outputs its own identifying information, temporary identifying data PIN 1' inputted from a key input means 31 and identifying data PIN 2. A decoding means 11 decides the propriety of writing to the card of respective issuing machines 2 and 3 based upon respective pieces of identifying information. An inspecting means 12 inspects whether or not the data stored into the card correspond to the data inputted from the external part. For example, at the time of it is decided that writing can be executed by the issuing machine 3, the identifying data PIN 2 are stored into a memory 10 after the means 12 inspects data PIN 1 and PIN 1'.

Description

[Detailed Description of the Invention] [Summary] When registering identification data such as a PIN number used by a customer on a card, the identity of the person who writes it on the card.

Illegal issuance is prevented by verifying the identity of the card using temporary identification data stored in the card.

[Industrial application field]

The present invention provides a card having a built-in memory for storing identification data such as a PIN number and a data processing device such as a micro CPU;
The present invention relates to so-called IC cards, and particularly to a method for preventing unauthorized registration of identification data to eliminate unauthorized storage of identification data such as a password on an IC card.

BACKGROUND OF THE INVENTION In recent years, NIIIC cards, which are portable size cards such as credit cards and bank cards, have been used as identification cards with built-in data processing functions in place of magnetic cards.

This IC card usually has a PIN number given to the card owner stored inside the card, and this number is used to authenticate the individual each time a transaction is made. Since a complex integrated circuit is formed inside the card, it cannot be counterfeited, but it is possible for someone who finds the card to rewrite the PIN number.
Fraud due to data forgery such as the following is possible, and it is desired to prevent this. [Prior Art] FIG. 6 is an explanatory diagram of a card issuing system for a conventional magnetic card.

A in the figure is the first issuing department, for example, a magnetic card manufacturer. The card issued by the first issuing department does not become a requested credit card as it is, but is issued as a card that can be transported to another department B such as a bank and handed over to user C at another department B. It will be.

At this time, in order to prevent the issuance of fraudulent cards in department B, the following method is usually adopted.

That is, in the card issuing machine 2a, a code is written on the rear of the magnetic recorder of the card 1a before the card is transported from department A to department B.

In department B, the issuing machine 3a reads the code written in department A, and the determining unit 3C determines whether or not it is a specified code. If it is a specified code, the gate means 3d is opened. Also, enter the PIN 1 account number from the keyboard 3b,
When other necessary data is input, the input data is recorded in the storage unit 1b via the gate means 3cl.When adopting the above system, the issuing machine is placed in a department authorized to issue a limited number of copies. Place it only in

As a result, if the card is found, a code other than the code recorded at department A can be detected at department B, thereby preventing unauthorized issuance.

On the other hand, in addition to magnetic cards, identification cards (referred to as IC cards) with embedded IC't cards have also become known in recent years. A conventional IC card will be explained with reference to FIG.

The IC card 1 has a 0 terminal 5 provided with terminals 51 to 56.
1 is a power supply terminal of the non-volatile memory 10, a terminal 52
Terminal 53 is a terminal for transmitting and receiving data signals between the data processing device (hereinafter referred to as CPU) 20 and an external device (not shown); terminal 53 is an input terminal for a reset signal to the CPU 20; terminal 54 is a clock terminal; Signal input terminal, terminal 5
5 is a power supply terminal for the CPU 20 and memory 10, and terminal 56 is a ground terminal.

The memory 10 is composed of nonvolatile memories such as E, P, ROM, IIJFROM, etc., and identification data is stored in this memory 10.

Explain the operation.

The identification card 1 is set in a card access device (not shown). At this point, the card access device
At this time, the card access device fθ, which connects the terminals 1 to 56 to the required circuits built into the card access device, supplies power to the terminal 55, supplies a clock signal to the terminal 54, and at the same time sends a reset signal to the terminal 53. Active logic circuits such as the CPU 20 that are supplied become electrically unstable when power and clock signals are supplied, and can operate normally when a reset signal is supplied. Active circuits such as a program counter and a register are brought into a clear state, for example, a state in which data "0" is written, by being supplied with a reset signal.

Thereafter, the CPU 20 checks the contents of the memory 10, for example, performs a parity check on stored data, etc., and shifts to an operating state in which data transmission with a data access device is possible.

Data is exchanged with the data access device via the terminal 52, and data is exchanged with the external device (data access fil) and CPU20
CP in the form of commands, etc. during the period of data transfer between
An access instruction is given to U20, and CPU20 accesses memory 10.

[M points while the invention is trying to solve]

However, with the spread of small electronic computers such as personal computers in recent years, it has become easier to write the above-mentioned card data, but these conventional systems have the disadvantage that it is possible to register fraudulent codes and issue fraudulent cards.

SUMMARY OF THE INVENTION An object of the present invention is to provide a method for preventing unauthorized registration of identification data that makes unauthorized issuance impossible in order to eliminate the drawbacks of the conventional technology.

[Means for solving problems]

In order to achieve the above object, in the principle diagram of FIG. 1, in the present invention, a memo! A card issuing system that stores identification data PIN2y such as a personal identification number in J(io) and issues identification information (denoted as identification) for identifying its own device and temporary identification data in place of the identification data PIN2. It has a first card issuing machine 2 that generates and outputs a PINI, a key input means 31, and a first card issuing machine 2 that generates and outputs a PINI, and has its own identification information, temporary identification data PINI' input from the key input means 31, and identification data PIN2k. A second card issuing machine 3 that outputs the data, a means 11 for determining whether or not each card issuing machine 2, 3 can write to the card based on the above-mentioned identification information, and a means 11 for determining whether data stored on the card can be written to the card from the outside. A verification means 12 is provided for verifying whether the data corresponds to the input data, and if the card issuing machine that has determined that the card is writable is a second card issuing machine, the verification means 12
After verifying the temporary identification data PINI and PINI', the identification data PIN2 is stored in the memory 10. be a sign.

[Effect]

That is, in the present invention, since the card 1 inspects the validity of each card issuing machine 2-3, it is possible to prevent issuance by unauthorized devices. Also, the temporary identification data PINI previously stored at location A and the input temporary job-specific data PIN
Since it will not be written to memory 10 unless it matches I',
It will also prevent PINs from being issued by unauthorized persons.

〔Example〕

FIG. 2 is a block diagram of a card according to an embodiment of the present invention.

In the figure, the same parts as those used in FIG. 50 and FIG. 1 are designated by the same numbers.

Also, 41.42 is a D-type flip-flop, 43°44.
46 is a Nant gate circuit, 4511-t flinopfronb, and 47 is a counter.

FIG. 3 is a time chart of main parts of the embodiment of FIG. 2.

The entire operation up to the initialization of the CPU 20 will be explained using FIGS. 2 and 3.

When the identification card 1 is connected to an external device (not shown) at time to, prescribed signals are supplied to each of the terminals 51 to 56, as in the conventional case.

In this embodiment, the external device has a function of generating a reset signal with a signal pattern corresponding to that right if the external device has the right to legitimate access as its own identification information.

In this embodiment, the time shown in FIG. 3(a).

The falling period T from t to t is made meaningful.

This reset signal (shown in FIG. 3(a)) puts the CPU 20 into the previously described reset state at the falling time t1, and releases the reset at the rising time 11, causing the CPU 20 to
2 is executed sequentially according to the program.

This falling period is measured by the detection means 4 and a signal pattern is detected.

That is, when the Q outputs and Q outputs of the D-type flip-flops 41 and 42 are supplied to the Nant gate circuits 43 and 44 through the connections shown, the Nant gate circuits 43Pi! At the falling time t of the reset signal, the Nant gate circuit 44 generates a pulse for one clock period (see FIG. 3(b)), and at the rising time t2 of the reset signal, the Nant gate circuit 44 generates a pulse for one clock period. occurs (see Figure 3 (cl)).

The output of each NAND gate circuit 43, 44 is supplied as a signal and a reset signal to a flip-flop 45 composed of a NAND gate.

Further, the output pulse signal of the Nant gate 43 clears the counter 47 at the same time.

The output of the flip-flop 45 thereby generates a signal of logic level "1" only during the reset signal pause period T.

Nant gate 46 receives the output of flip-flop 45 at one input terminal, and receives a clock signal supplied from an external device via terminal 54 at the other input terminal. Therefore, among the clock signals supplied to the terminal 54, the Nant gate 46
The output of the 7-lip frontop 45 supplies to the counter 47 only the clock signal during the period when the logic level is "1".

Incidentally, each signal waveform at time t in FIG. 3 shows the state when the identification card is removed from the external device.

FIG. 4 is an operation flowchart of the CPU 20. In the figure, 81 to S9 are program execution steps.

Hereinafter, the processing operation of the CPU 20 in FIG. 2 after time t2 in FIG. 3 will be described using FIG. 4.

When the reset signal explained in FIG. 3 rises at time t, the value of the CPU 20i program counter is 9:1, for example, 10.
"Start from.

Initialization processing step S1; In this step S1, the CPU 20 checks the memory 10 and other checks to see if it is okay to start the operation.

For example, if there is a fault in memory 10 or not, all memories 1
Confirm by checking the parity data in 0, and further clear all data in the area used as the work area of the memory 10.0 Initialization completion confirmation step S2; In this step S2, the above initialization operation is performed. Check whether it was performed correctly. In this case, if an inconvenient failure is discovered during operation, such as a failure in the memory 10, termination processing is performed. As a result, the CPU 20 becomes inactive, and does not respond to accesses from external devices, for example.

Counter reading step S3: When it is confirmed in the initialization completion confirmation step S2 that the identification card can operate normally, a reset signal is sent from the counter 47 of the detection means 4 shown in FIG. 2 in this step S3. Read the count value, which is a signal pattern.

That is, this count value is a value obtained by counting the rest period of the reset signal using a clock signal from an external device.

Step S4 This step S4 is a step of checking whether the count value of the counter read out in step S3 was set by an authorized external device.

In other words, Mesori 10 in Figure WJ2 is the memo shown in Figure 4! J
Area C of memory 31', 31.32, and memory 33 configured to include 31', 31-33
is written by the card manufacturer upon completion of card creation.

The memory 31 stores count values A, B,
C.

Information about write access to areas a, b, c, and d of the memory 33 corresponding to D is stored as information. Also, memory 3
1' stores information indicating whether reading is possible or not. In the figure, if the access is possible, the mark is "0", if it is not accessible, the mark is "1".For example, if the count value is the value "BI",
Information indicating that an area of the memory 33 is write-accessible and other areas are not write-accessible is stored.Similarly, the memory 31' is area a.

Information indicating that b and cK: are accessible for reading and pl d is inaccessible is stored.

Note that the count value is a specific value, for example, A'.

9B'', C'', and ``D''; determine the upper and lower limits of each value in consideration of the measurement error range, and if the count value is between ``10'' and ``15'', the memory 31 in the figure Accessibility information of each area corresponding to the count value "A" is stored in , and in the case of 30" to "40", the accessability information of each area corresponding to the count value "B" is stored in the memory 31 in the figure.
. . . and a range may be set for each count value.

In the case of the present invention, each card is issued so that the signal pattern of the first card issuing machine 3 in FIG. 1 becomes the count value "B", and the signal pattern of the second card issuing machine 3 becomes the count value "A". In step S4, a search is made to see if the count value of the counter 47 shown in FIG. 2 exists in the memory 31 and the memory 31'.

As a result of the search, if the count value is not registered in this memory 31, the processing of the CPU 20 is terminated. This results in no response even when accessed from an external device.

Step S5; As a result of the search in step S4, the corresponding count value is found in memory 3.
If it is registered as 1, the process moves to step S5.

In step S5, access permission information for each area to be drawn is registered in the memory 32 in the count value obtained by searching the memory 31.

The memory 32 is composed of flag setting areas corresponding to specific areas a, b, c, and d of different types to be captured in the memory 33.

If the count value is "B", C
The PU 20 stores access permission information of each area corresponding to the value "B" in the memories 31 and 31', that is, "x" in FIG.
, O1×, ×” and 1×, ○, ○, ×” are written in the memory 32 in the a*l), c, and d* positions in order, respectively. When the writing is completed, the process moves to the next step S9'.

Step 89'; This step will be described later using FIG. 5, but it is checked whether the temporary PIN code or PIN A has already been registered in the memory 33 of the card 1, and the program route is changed accordingly. This step is to

This step S9'! When the process is completed, information can be transmitted between the CPU 20 and the external device via the terminal 52. After this step 89', steps 86, S7, and S8 are performed.
exists. In this step S9', there are three exit routes as described later, but in step S9', there are three routes as described below.
, 88 are provided at any route exit, so they will be explained first.

After completing step 89', information can be transmitted between the CPU 20 and the external device via the terminal 52.Step S6: This step S6 is performed when the external device calls via the terminal 52 or transmits data. I am in a state of waiting to see if there is one.
When a specific polling signal used, for example, in a data transmission procedure is received from an external device, processing is performed to return it as a complete data response No. 46 indicating completion of preparation.

Step S7; The external device issues a command to the CPU 20 via the terminal 52 to instruct the CPU 20 to operate.

Therefore, the identification card 1 analyzes this command and determines whether the command requires memory access or not.

For example, if the command is a temporary password write command,
The write destination address is the area "'b" of the memory 33, and if it is a PIN code write command, the storage area is the third area.
Since it is area a of the memory 33 in the figure, the command itself is determined.〇Step S8; In this step, it is determined whether the area determined in step S7 is an area of the memory 32 that is permitted to be accessed.

This limits the areas that can be accessed.

For example, if an external device is installed inside the continuation unit and is assigned as the second card issue @3 in Figure 1, where the PIN code iK is written, the count value becomes 1A''.
The memory 33 is access permission information indicated by 1.
Area a is set to allow writing,
Other areas b to d are set to be inaccessible for writing. Therefore, storing the password in area a from the correct external device is permitted in this step. However, in the case of an unauthorized writing device, step S4 or this step S
7 can be detected.

In addition, in the case of the first card issuing machine 2 where the external device is provided at the card manufacturer or card transport manufacturer and writes the temporary password Jf, the count direction becomes "B" and the memory 3 is stored as shown in the figure.
2, writing is permitted for the area of the memory 33.

Also in step S7, if the access area requested by the external device is not permitted in the memory 32,
Transition to end processing END, CPU 20 of identification card 1
becomes unresponsive to external devices.

Step S9: If the access area is permitted by the memory 32 in step S8, the corresponding process is executed using the permitted area of the memory in step S9. This execution result is responded to the external device via the second meat terminal 52.

FIG. 5 shows details of step 89' and this step S9.

In step S9', first, the area a of the memory 33 in FIG.
, b, that is, all areas where the temporary PIN number and the PIN number are stored or stored are searched.

Next, it is checked whether the temporary password has already been stored.

If the temporary PIN is not stored in the area, follow route Ra and proceed to step S6. After executing S7,58-i,
Step S9a is executed.

Step 89a is a step of storing the temporary password in the area of the memory 33.

In step S9a, first, if a temporary PIN write command is not received from an external writing device, the CPU 20 shown in FIG.
is inactive.

Furthermore, if a temporary password and a temporary password registration command have been received, the received temporary password is stored in the area. If the temporary password is stored in area a of the memory 33 at step 89', then it is determined whether the password is registered in area a of the memory 33.

If the PIN number is not registered, it is determined in this step that the card should undergo PIN registration processing, and the route Rb
to move to. In Rb, step 86.
S7. After executing S8, step S9b is executed.

In step S9b, the CPU 20 of the card 1:
Waits to see if a temporary password is received from the writing device. When received, the received temporary password is compared with the temporary password read from the area of the memory 33 to determine whether they correspond. Verify by comparing.

If the comparison results do not match, the CPU 2 becomes inactive. If they match, it will wait for the new PIN to be received.

When a new password is supplied from the second card issuing machine 3 shown in FIG. 1, or if it has been supplied, the received password is stored in the password storage area a of the memo 1J33.

Further, if the password has been registered in step S9', the process moves to steps 86 and 87. Step 59c of normal transaction processing is executed via S8. In this step S9c, for example, the PIN number in area a of the memory 33 is read out, and the PIN number supplied to the IC card from the so-called transaction device is compared with the PIN number supplied to the IC card from the transaction device. The data is sent and received at step S6 to complete the transaction, and the process returns to step S6.

Note that in step S9c, not only the password verification but also a normal known transaction process may be performed.

The IC card 1 shown in FIG. 1 is configured to operate as described above.

Therefore, in FIG. 1, issuing machine 21-1 installed at a manufacturer or the like. It notifies its own identification information by the IJ cent signal, and then supplies a temporary password and a temporary password registration command to the terminal 52 in FIG.

As a result, as described above, the determination means 11 of the IC card 1 determines that the IC card is the legitimate first card issuing machine 2 in steps S4 and S7 of FIG.
The temporary password is stored in the memory 10 shown (area b of the memory 33 in FIG. 4).

In FIG. 1, a card 1 in which a temporary PIN number is stored at a first card issuing machine 2 is transported to a second issuing office, that is, an issuing office such as a bank or credit company that directly contacts customers.

The second card issuing machine 3 installed at the second issuing place receives identification information having a signal pattern such that the counter 47 explained in FIG. 2 above becomes the value "A" explained in FIG. 4. When the generated 0 card 1 is connected to the second card issuing machine 3, the validity of the second issuing machine 3 is similarly determined by the determining means 11, that is, steps S4 and S7 in FIG. 4 described above. do.

Thereafter, the temporary PIN number PINI' and the PIN number P r presented by the customer are sent from the key 3 of the second card issuing machine 3.
N2 is supplied to card 1.

In the card, the authentication means 12° in FIG. 1, ie, step S9b explained in FIG. 5, compares the temporary PIN numbers PINI and PINI'.

If the comparison results in a match, then the card stores the received personal identification number PIN2i in area a of the memory 33 in the card 1, and the issuing process ends.

The card 2 issued in this manner is then passed on to the customer and used for transactions.

When a customer completes a transaction, the customer is authenticated in step S9c in FIG. 5, and the transaction is possible only if the customer authentication is correct. Also, the program of the flowchart shown in FIG. 4 is set in the area C which is inaccessible to most people. In this case, the memory 32 is set to be an area that can be accessed for writing only in step S5.

According to the above embodiment, in step S4, the specific areas a, b
, c, and d is determined based on the pattern of the reset signal, which is an initialization signal, so that the external device can only access the correct ones. Moreover, since the count value of the counter is determined by the combination of the reset signal pattern and the clock signal, the elimination of unauthorized external devices that can be complicated, 0, and even rough, is actually difficult when external devices and CPUs do not share data. This is done before sending and receiving, and since multiple types of checks result in an inoperable state, the operator of the external device has the advantage of not being able to figure out what went wrong and at what point.

In the above embodiments, only the reset signal and the clock signal were explained as the initialization signals, but the present invention is not limited to this, and these may be used when initialization is performed using a signal on a data signal transmission line. .

Further, the signal pattern horizontal use means is not limited to the circuit of the embodiment, but may be a circuit that stores the signal pattern so that it can be discriminated when the CPU 20 is activated, such as a shift register. 10, in the above embodiment, the CPU
20 becomes inactive, but other methods may be used. For example, if an AND gate is provided on the CPU 20 side of the terminal 52 and the CPU 20 closes it, subsequent data transmission and reception can be closed by this gate.

Furthermore, in this case, a pressure AND gate is provided between the reset terminal 53 in FIG. , re-access to the CPU 20 becomes impossible, making the inhibition even more effective.

Further, in the above embodiment, the pattern of the reset signal is used as the self-identification information, but the present invention is not limited to this, and the code written from the card 1 to the self-device can be sent, for example, to the normal device via the terminal 52 in FIG. It may also be transmitted as a code.

〔Effect of the invention〕

As explained in detail above, according to the present invention, since the card verifies the validity of the issuing device using the identification information of the issuing device,
Issuance by a fraudulent fitK can be prevented, and since overwhelming identification data is registered after checking the password, unauthorized registration of the identification code by an unauthorized person can be prevented.

[Brief explanation of drawings]

Fig. 1 is a diagram explaining the principle of the present invention, Fig. 2 is a block diagram of the embodiment, Fig. 3 is a time chart of the embodiment, Figs. 4 and 5 are flow charts of the embodiment, and Figs. 6 and 7 The figure is a block diagram of a conventional issuing system and card. In the figure, 1 is an identification card, 2 is a first issuing machine, 3 is a second issuing machine, 31 is a keyboard, 4.10 is a memory, and 11 is a 12 is a recognition means. Place PfIA Place B/'F, Rizutanjzu 了 疋 閆の毫1 te system 蒅 6 图 2 fig. (+) Dentoge ow) ' = u time na ya - ト茗 3 fig. cPU's soi 乍Flow whistle figure 4 Rental identification card figure r'7

Claims (1)

[Claims] In a card issuing system that stores identification data in a memory (10) built into a card (1) and issues the card, there is provided a first card that generates and outputs temporary identification data in place of the identification data. A second card issuing machine that has an issuing machine (2) and a key input means (31) and outputs its own identification information, temporary identification data and identification data input from the key input means (31). (3), and a means for determining whether identification data can be written to the card (1) of each card issuing machine based on the identification information on the card (
11), and a verification means (12) for verifying whether the data stored on the card corresponds to the data input from the outside.
If the card issuing machine that has determined that the card is writable is a second card issuing machine, the verification means (12) verifies the temporary identification data, and then stores the identification data in the memory (10).
A method for preventing unauthorized registration of identification data.