JPS6217865A - Ic card system - Google Patents

Abstract

PURPOSE:To check the reception of incorrect data by disconnecting an IC card from a card terminal when a response signal from the IC card to a card terminal can not be received within a prescribed time. CONSTITUTION:A sound controller 72, a working RAM73, a system program ROM74, a terminal attribute ROM75, an initial parameter RAM76, a main controller 77, etc. are connected to the system bus 71 of the card terminal. Data for setting up a signal response time corresponding to the data processing capacity of the card itself previously stored in the data ROM of the card side as answer-to-reset data are transmitted and stored to/in the RAM76. When a response signal is not received from the IC card side within the waiting time set up in a timer 101 by the RAM76 at the time of transmission to the IC card, the IFC card is disconnected from the card terminal.

Description

[Detailed Description of the Invention] [Technical Field of the Invention] The present invention relates to an IC that securely exchanges information between an IC card used as a cash card or credit card issued by a financial institution such as a bank and its card terminal. Regarding the card system.

[Prior art and its problems] In recent years, it has been called the cashless era, and by using cards issued by credit card companies, it has become possible to purchase products without handling cash. . The above cards include conventional cards, plastic cards, embossed cards, and! & Kisstribe cards are commonly used, but these cards are easy to counterfeit due to their structure, and unauthorized use has become a problem. In order to solve these problems, recently, information cards, so-called IC cards, have been developed that incorporate an IC circuit that stores a PIN number etc. into the card so that the PIN number cannot be read easily from the outside. ing. This IC card is difficult to forge, has excellent confidentiality, and has the advantage of being able to store a large amount of information. (For example, a bank employee) cannot know your PIN number, making it extremely secure.

However, since the physical dimensions and arrangement positions of the connection terminals of the above-mentioned IC cards are standardized by ISO, it is possible to install cards with different internal circuit configurations into the same card terminal. However, on the other hand, if the circuit configuration or the performance of the component devices on the card side differs, the operating conditions will naturally differ, so for card terminals that exchange data with IC cards, each In order to ensure reliable information exchange with cards, it is necessary to set data transmission and reception functions according to the operating conditions of each card.

In particular, with recent technological innovations, IC cards are becoming more and more sophisticated, and the card terminal must be configured to be able to send and receive data reliably and quickly with both old and new cards. desired.

First, one way to improve the performance of an IC card is to improve its data processing ability, that is, to speed up the signal response time, but in this case, the terminal side has to deal with changes in the response time (J Must be.

[Object of the invention 1 This invention was made in view of the above problems,
To provide an IC card system that makes it possible to set the response signal duration on the card terminal side according to various IC cards, even if the signal response speed changes due to the improvement in the performance of IC cards, for example. What is the purpose?

[Summary of the Invention] That is, the IC card system according to the present invention stores in advance in the IC card setting data for a signal response time determined according to the data processing capacity of the card itself,
When the card terminal sends a message to the IC card, it receives a response signal from the IC card according to the response signal waiting time based on the signal response time setting data stored on the card side, and sends the response signal from the IC card. If the response signal is not received within the response signal waiting time, the connection between the card terminal and the IC card is cut off.

[Configuration of embodiments of the invention] An embodiment of the present invention will be described below with reference to the drawings.

<Process of IC card manufacturing 9 issuance etc.> Figure 1 shows the process of IC card manufacturing (Manufa).
This shows the mutual relationship between the IC card issuer (lssure), such as a bank, and the cardholder (CARD I-(01der)) who uses the IC card.The card manufacturer is An IC card 11 and a card terminal, the details of which will be described later, are manufactured.After manufacturing the IC card 11, the card manufacturer writes a predetermined code into the IC card 11 using the IC card manufacturing terminal 12.This IC Card 11 is
As will be described in detail later, an IC circuit is configured inside, and a connector lla (-) is provided on the top surface of the IC.
When attached to the card manufacturing terminal 12, it is connected to the internal circuit of the terminal 12. The IC card manufacturing terminal 12 has a card insertion slot 13,
It is equipped with a keyboard 14, a display panel 15, and a printer section 16, and various codes, namely rCAJ, r
Write lPINJ, rPMKJ, and rPRKJ to the IC card 11. The above rcAJ (Card Au
then i cator) is a random number, e.g. 6
A 4-bit code used to encrypt and decrypt messages. IIPINJ (initia
lization personat 1dent
+'r+cat+on Number) is a random code, for example, 6 bits 1-, and is a number until a self-verification number PIN, which will be described later, is used. rPMKJ
(Production Master Key C
ode) is a manufacturing number, and the same number is used for each group (for example, for each robot), and is kept secret within the factory.

rPRKJ (Private Key Cod
e) is a code for decryption, and is an encryption code f'Publi written in the card terminal whose details will be described later.
c One-to-one correspondence with Key CodeJ. When a predetermined code is written on the IC card 11 by the IC card issuing terminal 12, only rPMKJ is printed on the printing paper 17 by the printer section 16. Then, the manufacturer separately seals the IC card 11 and the rPMKJ printing paper 17 on which the predetermined code has been written as described above, and sends them by separate mail to the issuer. The issuer attaches the IC card 11 sent from the manufacturer to the IC card issuing terminal 22, reads the recorded content f'PMKJ on the printing paper 17 sent from the manufacturer, and inserts it into the IC card issuing terminal 22. Enter the code.

Furthermore, the issuer sends the account number rPANJ for the IC card 11 to the IC card issuing terminal 22.
(Primary Account Number
).

The IC card issuing terminal 22 is equipped with a card insertion slot 23, a keyboard 24, a display panel 25, and a printer unit 26, similar to the IC card manufacturing terminal 12 described above.
The rPMKJ written in the IC card 11 and the rPMKJ entered from the keyboard 24 are compared in the IC card 11, and only when they match, the account number IPANJ is written in the IC card 11, and this IC
The rlPINJ is read from the card 11 and printed on the printing paper 27. Therefore, the issuer receives the IC card 11 and rlPI on which the account number IPANJ has been written as described above.
Each NJ printing form 27 is sealed separately and sent separately to the cardholder. The cardholder receives the I.
When the C card 11 and the printing paper 27 are sent to us, we go to the issuing light and attach the IC card 11 to the IC card user terminal 32 installed there for the card owner. The recorded content rIPINJ on the print paper 27 that has come is read and the code is input into the IC card user terminal 32. Furthermore, the cardholder inputs an arbitrary self-verification number IPINJ (Personal
Enter the Identification Number.

The IC card user terminal 32 is equipped with a card insertion slot 33, a keyboard 34, a display panel 35, and a printer section 36, similar to the IC card issuing terminal 22 described above. The input rlPINJ is compared within the IC card 11, and the self-verification number rPINJ is written into the IC card 11 only when they match. Through the above procedure, the IC card 11 issuance process is completed, and it becomes possible to actually use this IC card 11 from now on.

The details are described in Application No. 645.925 filed in the United States on August 30, 1984, so the explanation thereof will be omitted.

<External implementation of terminal> Fig. 2 shows the external configuration of the IC card 11 and the card terminal 41 corresponding to the card 11 when the IC card system of the present invention is realized.
This card terminal 41 includes a card insertion slot 42, a keyboard 43, and a display section 44. The keyboard 43 is provided with a numeric keypad 45, a yes key 46, a no key 47, and the like. The internal circuit of this card terminal 41 will be described in detail later.

<Circuit Configuration of IC Card> Next, the configuration of the IC circuit configured inside the IC card 11 will be described with reference to FIG.

In the figure, 51 is a system bus, and this system bus 51 includes a data ROM 52, an application R
An input controller 60 is connected through an OM 53, a system program ROM 54, a working RAM 55, a system controller 56, a decoding arithmetic unit 57, a read/write controller 58, and an input buffer 59, and an output controller 62 is connected through an output buffer 61. . A data input/output terminal I10 is connected to the input controller 60 and output controller 62.

The data ROM 52 stores all operating conditions for this card 11 itself (data write applied voltage, its current permissible value, maximum application time, maximum data transmission amount, maximum response time, etc.), and each condition data is stored in the data ROM 52. When the card's own internal initialization is completed, Answer To Reset data (Answer To Reset data) is generated according to a predetermined format.
It is sent to the terminal 41 side as a). Also,
The application ROM 53 contains card type data rAPN indicating what type of card 11 is.
This card type data is stored in a predetermined data format when exchanging attributes with the terminal 41 after setting initial parameters based on the above answer-to-reset data. 1~ and transmitted. The system program ROM 54 stores code signals "A CK" and ", which indicate whether or not the signals transmitted and supplied from the terminal 41 side are correct or not along with various system programs.
Furthermore, the system controller 56 has a judgment area therein, and the system controller 56 has a judgment area therein, and the system controller 56 has a judgment area in which each judgment area is judged depending on the data reception signal transmitted and supplied via the five input buffers and the operating state. Outputs operation commands etc. to the circuit.Furthermore, the decryption arithmetic unit 57
It decrypts the code based on the "R8A" algorithm, and the key code for decryption (■5sure's Pr) stored in the key code memory (ROM) 57a is
1vate Key), the input data supplied from the terminal 41 side via the five input buffers is decoded and output to the comparator 63. The comparison output from the secret information comparison section 63 is supplied to the system control line 56a of the system controller 56. A flag 64 that is activated based on the comparison result by the comparison section 63 is connected to this system control line 56a. On the other hand, the read/write controller 58 controls the data memory 6--in response to a command from the system controller 56.
12=5, and the memory data read by the read/write controller 58 is sent to the comparator 63, the system bus 51, or the card status buffer 76.
6 is output. The data memory 65 includes, for example, E
EP-ROM is used, and this memory area contains rcAJ, rIPINJ, rPANJ, rcHNJ
, rEPDJ, 1PRKJ, rRTNJ and status data rsTJ are written. The rcHNJ written in the data memory 65 is rCard
Holder's NameJ (Cardholder's Name), rEPDj is rExpiration
It is an abbreviation of Datl (expiration date). Also, rRTN
J is the number of times data is re-entered when incorrect data is entered. Furthermore, the above rsTJ is the current card 11
For example, if the card shown in Fig. 1 has been manufactured after the manufacturing process has been completed, the manufacturing process completion data is unregistered, and if rPINJ is not registered in the card after it has been issued, the P■N is not registered. Data is written. This card status data rSchoJ is the card type data "△PNJ" stored in the application ROM 53.
It is transmitted to the terminal 41 side in the same data format as . Note that the data memory 65 is an EEP-RO
Not limited to M, for example, Ep-RoM may be used.

On the other hand, the system controller 56 includes a timer 67.
is connected. This timer 67 clocks a certain period of time when a command to start data write voltage supply is output to the card terminal 41 during normal information exchange processing. If the acknowledgment signal "ACK" is not supplied from the terminal 41 side, the system controller 56 prohibits data input/output to the card 11. Further, an address comparator 68 is connected to a path line connecting the read/write controller 58 and the system path 51. This address comparator 68 always compares an unused specific address set in the fixed address section 69 at the end of a test after card manufacture with a specified address specified via the system bus 51. The comparison output from the comparator 68 is transmitted to the read/write controller 58.
and clears all memory data in the data memory 65 only when the comparison output is an address matching signal due to unauthorized use of the terminal, etc., to prevent confidential information from being read out from the card. do. Here, when the IC card 11 as described above is attached to the card terminal 41, the connector 1 is connected from the card terminal 41.
A reset signal Re5et and a system clock clock are supplied through 1a, and the Vcc power supply and Vpp
1f source is connected. The Vcc power supply is for system driving, and the Vpp power supply is Nw for writing data to the data memory 65, and its power supply voltage is set to the terminal 41 side based on the answer-to-reset data stored in the data ROM 52. It is set in on the other hand,
A system operation signal from the system clock is supplied to each circuit via a frequency divider 70.

Terminal Circuit Configuration> Next, the circuit configuration of the card terminal 41 will be explained with reference to FIG.

In the figure, 71 is a system bus, and this system bus 71 includes a sound controller 72, a working RAM 73, a system program ROM 74, a terminal ROM 75, and an initial parameter RAM.
76, main controller 77, display drive controller 78, key controller 79, reader/writer controller 80, comparator 81, encryption calculation unit 82 for performing encryption based on the RS A "algorithm
, a latch circuit 83 for latching rcAJ, data encryption standard (Data En
Based on ``crypton 5 standard''
DES” method encryption arithmetic unit 84, “D E
An output buffer 788 is connected to an input buffer 789 via an arithmetic unit 85 for decoding the S'' method, an input/output controller (■10 controller) 86, and an output controller 87.
An input controller 90 is connected via -.

A speaker 91 is connected to the sound controller 72, and is configured to output an alarm sound as necessary. In addition, the memory area of the working RAM 73 contains rPANJ and rPANJ sent from the IC card 11.
In addition to storing cHNJ, rEPDJ, etc., various processing data within the terminal 41 are also stored. The system program ROM 74 includes various system programs as well as an "ENQ" code 5 for matching with the IC card 11. In addition, the terminal attribute ROM 75 contains a terminal code rTCJ that differs depending on the purpose of each terminal.
(for example, manufacturing code, issue code, store code, etc.), and this terminal code rTcJ is used to store information on the card 11 side after the initial parameters are set based on the answer-to-reset data from the IC card 11. It is sent in a predetermined data format when exchanging attributes. Here, the answer-to-reset data from the IC card 11 side is stored all at once in the initial parameter RAM 76. This initial parameter RAM 76 includes an initial data transmission line 76.
The output controller 87, input controller 90, Vpp level latch section 92, Vpp timer latch section 93, and Ipp level latch section 94 are connected through the a, and each latch section is connected to a corresponding Vpp power supply 95, Vpp timer 96, I, pp! J-mitter 97 is connected. The output line of the Vpp power supply 95 is sequentially connected to the V and pp output terminals via a Vpp timer 96 and an Ipp limiter 97. Here, the IC card 11 is controlled by the main controller 77.
The maximum data transmission amount for , the maximum card data write voltage by the Vpp power supply 95, the write voltage supply time by the Vpp timer 96, and the maximum allowable card data write current by the RPP limiter 97 are all collectively stored in the initial parameter RAM 76. It is set based on the stored answer-to-reset 1~ data.

Further, an IC card operating frequency selector 98 is connected to the data transmission line 76a. The selector 98 receives the oscillation signal from the oscillator 99 from the frequency divider 100.
On the other hand, an oscillation signal whose operating frequency is set is output from the clock terminal. Furthermore, the initial parameter RAM 76 includes a timer 101.
is connected. This timer 101 receives, for example, the above-mentioned timing signal from the terminal 41 side to the card 11 side based on answer-to-reset data sent from the IC card 11 side and stored all at once in the initial parameter RAM 76. This is to count the maximum response waiting time from the time when "E N Q" or other command signals etc. are sent. If there is no response signal of any kind from the card 11 side within this time, the main controller 77 - Instruct again to transmit the recording "EN Q" or other command signal, or instruct the reader/writer mechanism section 102 to disconnect from the card 11 via the reader/writer controller 1-0-580. It looks like this.

In addition, the system control line 7 of the main controller 77
7a includes the comparison section 81, the encrypted deduction unit 82,
A latch circuit 83, an input/output controller 86, etc. are connected, and the main controller 1 to roller 7 are connected depending on the operating state of the system.
Control commands are sent from 7 to each circuit section. The display drive controller 78 includes a display unit 44 and a backlight 4.4 using an EL display element installed behind the display unit 44.
．． The backlights 1 to 4.4a are controlled to be lit only when the IC card 11 is inserted in the reader/writer mechanism section 102. key controller 79
provides a key sampling signal to the keyboard 43 and detects a key human input signal. The reader/writer controller 80 drives and controls the reader/writer mechanism section 102, and the reader/writer mechanism section 102 has the following functions:
This mechanism is equipped with a motor for card transport, and transports the IC card 11 inserted from the card insertion slot 42 to a predetermined position, and also returns the IC card 11 that has completed the predetermined processing to the card insertion slot 42. be. Also, this reader
The writer mechanism section 102 includes the output buffer 788, the reset controller 103, the rpp level latch section 94,
The operating frequency selector 98 and the Veal source 104 are connected, and the corresponding terminals l10SReset and V
pp, clock, and Voc are set to high impedance only when the IC card 11 is not inserted. Here, the output controller 87 connected to the input/output terminal I10 via the input controller 90 and output buffer 88 controls the card terminal 41 and the IC card 11 in response to a command from the main controller 77 via the initial parameter RAM 76. The input controller 90 outputs data sent from the IC card 11 to the storage unit such as the working RAM 73 via the input buffer 89, and The output controller 87 sends data provided from a storage device such as the terminal attribute ROM 75 to the IC card 11 via an output buffer 88. On the other hand, data from the IC card 11 side input via the input buffer 89 is sent to the comparison section 87 via the pass line, and the comparison output is supplied to the main controller 77.

Furthermore, the output controller 87 transfers the encrypted data given from the encryption arithmetic unit 82 to an output buffer 788.
The data is sent to the IC card 11 via the .

The encryption operation unit 82 includes a working RAM 7
Data r sent from 3 via the system bus 71
PANJ is configured with data ROM (1p) (fis
suer-s publicKe'/) ROM105
Encrypt according to the public key code given by. Inside the above IPKROM 105, IC card 1
A public key code corresponding to IF'RKJ stored in the data memory 65 of 1 is written in advance, and when a command is given from the main controller 77, the stored code is output.

On the other hand, rcAJ latched by the latch circuit 83 is input to the encryption calculation unit 84 and the decryption calculation unit 85. Further, predetermined data is input to the encryption calculation unit 84 via the system bus 71,
In response to a command from the main controller 77, rPANJ and the like stored in the working RAM 73 are encrypted using rcAJ as a key, and then output to the input/output controller 86. This input/output controller 86 outputs a database, that is, encrypted data to the host computer when the host computer is connected online. Further, the input/output controller 86 decodes the encrypted data sent from the host computer based on the rcAJ using the decoding arithmetic unit 85 and outputs the decrypted data to the system bus 71.

<Operation of the embodiment of the invention> Next, the operation of the above embodiment will be explained with reference to a flowchart.

First, as shown in Figure 1 above, when the user uses the card 11 after manufacturing and issuing the IC card 11 and registering the user's IP NJ, the user must When the IC card 11 is inserted into the powered-on card terminal 41 as shown, the system starts processing operations according to the flowchart in FIG.

<Initial processing> That is, as shown in step A1 of FIG. 6 (A>),
The terminal 41 transmits a preset initial setting signal to the IC card 11. This initial setting signal is transmitted to the input/output terminal I under the control of the main controller 77, for example.
10 is H (high) level, reset terminal Re5et goes from low) to H (high) level, ■ cc terminal and V
The pp terminals are each set to 5V, and the clock terminal cloc
k is set to 4.9152MHz, and this initial setting signal is the card 11. At step B1, each corresponding terminal I10. Re5et.

VPP% Received via Vcc and C1ock.

Then, in step B2, the IC card 11 starts operating under the operating conditions based on the initial setting signal.

<Answer-to-reset processing> The IC card 11 that has started its initial operation in this way first reads out the answer-to-reset data stored in advance in the data ROM 52 under the control of the system controller 56 in step B3, and resets the system. I via bus 51, output buffer 761 and output controller 62
It is transmitted from terminal 10 to terminal 41. Now, the contents of the answer-to-reset data stored in the data ROM 52 will be explained with reference to FIGS. 7 to 16.

First, FIG. 7 shows the overall structure of the answer-to-reset data stored in the data ROM 52. In the figure, each operating condition data of the IC card 11,
are the interface bytes TA1 . TB1.
TCl and T, A2. TB2. , TO2, . . . and whether each condition data exists or not is indicated by a format byte TO. On the other hand, TDl indicates whether or not condition data after TA2 is present, and initial byte TS is initial setting data for transmitting these condition data. Additionally, a complementary byte TI.

T2. ...TK is used when increasing the condition data on this card 11. The initial byte TS, format byte TO, and interface byte are configured in an 8-bit data format. FIG. 8 shows the code contents of the initial byte TS. Among the 8-bit codes a-h, a, b, c
is a fixed code pit, d is a pit that indicates whether parity is used, e is a pit that indicates a level attribute, f is a bit that indicates the data transfer direction order, and h and Q are bits that indicate the parity attribute. FIG. 9 shows the code contents of the format byte To in FIG. 7, a, b, c
, d are the complementary bytes T1. T2.・・・
・Pips 1 to 1 which indicate the number of TK, e are bits that indicate whether or not there is condition setting data in the above interface byte TA1, f is a bit that also indicates the presence or absence of interface byte TBI, and 0 indicates the presence or absence of TCI. h is a bit indicating the presence or absence of TDI, that is, whether there is any condition setting data after the interface byte TA2. FIG. 10 shows the interface byte TA1 in FIG. 7, which includes a, b, and c of the 8-bit code.

d is a bit area for setting the data transmission speed to this card 11, e, f, g, h are clock terminals c l
This is a bit area for setting the dynamic frequency of the main card 11 taken out from the ock. Next, Figure 11 shows the above 7
This shows the interface byte TBI in the figure. Of the 8-bit code, a to e are bit areas for setting the data write voltage for the data memory 65 of this card 11. Here, Vpp-5V to 25V are applied to various cards. It can be configured accordingly. Also, f-
Similarly, 0 is a pip area for setting the permissible value of the data write current for the data memory 65, and here Ipp can be set from 50 mA to 100 mA depending on various cards. In addition, in this embodiment, Ipp
Although the value of N is specified as either 50 mA or 100 TrLA, the specified N current value and its range can be set arbitrarily. Figure 12 shows the above interface pi 1 to pie C1.
Here, all of 8 pins 1 to codes a to h indicate the data transmission interval (Guard) for this card 11.
This is the area where you can set the time. FIG. 13 does not show the above-mentioned interface by 1 to TDn. Here, 4 bits a to d of the 8 bits 1 to code are unused bits, and each of them is followed by e, f, g, and h. Interface byte TAn1, Tan 1.
TCn 1. TDn 1 Indicates whether condition setting data exists or not. FIG. 14 shows the interface byte TA2 in FIG. 7 above, where all the 8-digit codes are the area for setting the maximum amount of data transmission allowed for the card 11, and the reading capacity of various cards is It can be set from 1 to 255 bytes depending on the setting. Furthermore, FIG. 15 shows the interface byte TB2 in FIG.
All bit codes a to h are areas for setting the duration of response signals to this card 11, and range from 100m5 to 25.500Tr depending on the data processing capacity of each card.
It is possible to set up to LS. Furthermore, FIG. 16 shows the interface byte TO2 in FIG. 7, in which all 8-bit codes a to h are areas for setting the maximum continuous application time of the data write voltage Vpp to the card 11, and various cards 100m8 to 25.500m5 depending on data writing capacity or pressure resistance performance
It is possible to set up to

That is, as described above, initial byte T81 format 1 to byte TO, interface byte TAI
, TBI, TCl, TDI, TA2° . . . , TK, the terminal 41 waits and receives answer-to-reset data in step A2. In this case, it is determined in step A3 whether the answer-to-reset data sent from the card 11 side has been received within an initially set data standby time (for example, 100 m5). Yes in this step A3, that is, within the data waiting time set by the timer 101, the answer-to-reset data is sent to the I10 terminal, input controller 90. Input buffer 89. system bus 71
When the main controller 77 determines that the initial parameter has been written into the RAM 76 via the
Proceeding to step A4, the main controller 77 further determines whether the write data in the initial parameter RAM 76 is correct for the terminal 41. If it is determined Yes in step A4, the process proceeds to step 5, where the main controller 77 allocates and sets each interface byte in the initial parameter RAM 76 to each corresponding circuit as operating condition setting data of the IC card 11. That is, the operating frequency setting data of the IC card 11 corresponding to the interface byte TAI is transmitted through the data transmission line 76.
The write voltage setting data and maximum allowable write current setting data for the data memory 65 corresponding to the Inter 7 Eighth Byte TB1 are set to the IC card operating frequency selector 98 via the Vpp level latch unit 92 and Ipp It is set in the level latch section 94. And the above Inter 7 Eighth Byte TA
Setting data for the maximum data transmission amount for the IC card 11 corresponding to TB2 is set in the main controller 77 itself, and setting data for the response signal duration corresponding to TB2 is set in the timer 101. In this case, the fixed data standby time set in this timer 101 in step A2 is
It will be possible to rewrite it to a dedicated time. Furthermore, setting data for the write voltage application time to the data memory 65 corresponding to the interface byte TO2 is set in the VPP timer latch section 93. As a result, the maximum data transmission amount controlled by the main controller 77, the data write voltage determined by the Vpp1i source 95, the continuous application time of the data write voltage determined by the Vpp timer 96, the allowable value of the data write current determined by the Ipp limiter 97, The operating frequency for the card determined by the operating frequency selector 98 is based on the answer-to-reset data written in the initial parameter RAM 76.
It is set to a value corresponding to the operating conditions specific to the card 11 currently installed.

Therefore, for example, the data write voltage Vp for each card
Even if operating conditions such as p and its continuous application time, allowable current Ipp, data reading ability, response ability, etc. If it has a set function, it is possible to set operating conditions that correspond to cards of any performance.

On the other hand, if the determination is No in step A3 or NO in step A4, the process proceeds to step A6, where it is determined whether the number of times the determination is NO has reached three times. In this case, step A2 or A3 above
The number of times it was determined NO is stored in the working RAM 7.
By checking the value of this count data in the main controller 77, the judgment in step 86 is made. If the determination in step 86 is No, the process returns to step A1, where initial data is sent to the IC card 11. On the other hand, if the answer in step 86 is Yes, that is, the card 11
The Answer Fist Two Reset data sent from the side is
If it is determined that the terminal 41 is definitely not compatible, the main controller 77 sends a control command to the reader/writer controller 80 to flip the plunger in the reader/writer mechanism 102 and lock the card lock mechanism. The IC card 11 is released, the IC card 11 is ejected, and the connection is severed. As a result, for example, if the 3c card 11 installed in the terminal 41 is not compatible with this system at all, or if its operating conditions cannot be set, the card 11 can be set in advance in step 80 above. The connection with 11 is cut off, and troubles are prevented from occurring.

<Selecting Process> Next, in step A5 described above, when the setting of the initial parameters for the attached card 11 is completed, the process proceeds to step A7 shown in FIG. 6(B), in which the main controller 77 selects the '
E N Q ” code, that is, an inquiry code to confirm whether or not the other card 11 operates normally under the operating conditions set in step A5 above, is taken out and sent to the system bus 71 .output controller 87 . It is sent to the IC card 11 side via the output buffer 88 and the I10 terminal.Then, on the card 11 side, the 'ENQ' signal sent via the I10 terminal is sent via the input controller 60 and the input buffer 59. It is received and written into the working RAM 56 (step B4.).

In this case, in step B5, the input controller 60 performs a parity check on the "E N Q" signal, and if it is determined that the parity check of the input signal is OK, the process proceeds to step B6, and the system The controller 56 is the working RA
It is determined whether the "E N Q" code written in M55 can be received as a regular "E N Q" code. Yes in this step B6.

In other words, if it is determined that the above-mentioned "EN Based on the judgment that it is in a normal operating state, the "A CK" code is extracted from the system program ROM 54, and the output buffer 761, output controller 62 and I1 are
It is transmitted to the terminal 41 side via the 0 terminal. On the other hand, if the determination in step B5 or B6 is No, the process proceeds to step B8, and the system controller 1 to roller 56
is a judgment that the card 11 does not operate normally under the operating conditions set on the terminal 41 side, or the terminal 41. Based on the judgment that there is some kind of abnormality in the transmission system between the cards 11, the 'N A C' code is extracted from the system program ROM 54, and the output buffer 761
．． It is transmitted to the terminal 41 side via the output controller 1-roller 62 and I10 terminal.

Then, the terminal 41 side waits and receives the △CK'' signal or the ``N A C'' signal sent from the card 11 side via the I10 terminal in step 88. In this case, the above ``A CK'' signal is received. It is determined in step A9 whether the "signal or 'N A C" signal has been received within the IC card 11 response waiting time (for example, 150 TrLS) set in the timer 101 in step A5. If Yes in this step A9, that is, within the response time of the IC card 11 set by the timer 101, the above-mentioned "ACK" signal or "N A C" signal is transmitted to the I10 terminal, the input controller 90, the input buffer 789. When the main controller 77 determines that the data has been written into the working RAM 73 via the system bus 71, step A1
0, and the main controller 77 further writes the write data in the working RAM 73 to this terminal 4.
It is determined whether it is the correct one corresponding to 1. If it is determined Yes in this step AIO, the process proceeds to step A11, where the main controller 77 determines whether the code written in the working RAM 73 is "ACK". Then, in this step A11, Y
eSl, that is, the card 11 received in step 88 above.
The signal from the terminal 41 side is 'ACK', and if it is confirmed that the card 11 is operating normally according to the operating conditions set in step A5 above, it is assumed that there is no abnormality in the transmission system between the terminal 41 side and the step A5. Proceeding to A12, the main controller 77 retrieves a different terminal code TC according to the type of terminal stored in the terminal attribute ROM 75, latches it in the output buffer 88 via the output controller 87, and performs attribute exchange processing in the next step and thereafter. Prepare for.

On the other hand, if the determination in step A9, A10 or A11 is No, the process proceeds to step A13, and the
It is determined whether the number of times the determination is O has reached three times. In this case, step A9, A10 or A11
The number of times it was determined as No in the working RAM 7
The main controller 77 checks the value of this count data to make the determination in step A13. If it is determined No in this step A13, the process goes to step A7 again, and the I
The "'ENQ" code is transmitted to the C card 11. On the other hand, in step A13 above, Yes
In other words, the content of the signal sent from the card 11 side is determined not to correspond to this terminal 41, or the signal sent from the card 11 side is 'NA
C" signal, and if it is determined that the IC card 11 does not operate normally under each operating condition set in step A5 above, or that there is some kind of abnormality in the transmission system between the terminal cords, the main controller 77 By sending a control command to the reader/writer controller 80, the plunger in the reader/writer mechanism section 102 is flicked, and the IC
The card 11 is ejected and the connection is severed. As a result, even after setting the initial parameters in step A5 above, if the IC card 11 installed in the terminal 41 does not operate normally, the connection with the card 11 will be terminated as the card is incompatible with the terminal or the transmission system is abnormal. This will prevent trouble from occurring.

<Attribute Exchange Process> Next, the attribute exchange process shown in FIG. 6(C) and subsequent figures will be described.

First, as shown in step A14, the terminal 41 transmits the terminal code TC latched in the output buffer 88 in step A12 to the card 11 via the I10 terminal. In this case, the terminal code TC is transmitted in a data format as shown, for example, in FIG. and stored in the working RAM 55. In this case, in step BIO, the human controller 6
0 performs a parity check on the transmission signal in which the terminal code TC is incorporated and determines whether the data content is correct. If it is determined that the parity check of the transmission signal is OK, step 0 is executed. B1
Proceeding to step 1, the system controller 56 extracts the application name APN, which is different depending on the type of card stored in the application ROM 53, and latches it in the output buffer 61 in preparation for the next step. Then, in step 812, the application name APN latched in the output buffer 61 in step 811 is transmitted to the terminal 41 via the output controller 62 and the I10 terminal. In this case, the application name APN is configured in the data format shown in Figure 18 and transmitted as a card type code, and the name area is, for example, 12 bytes including the extension byte (2 bytes). configured. In addition, when transmitting this application name APN, the card status data ST stored in the data memory 65 is also transferred to the read/write controller 58.
It is then transmitted via the card status buffer 66 to the terminal 41 side as the card type code.

On the other hand, if the determination in step BIO is NO, the process proceeds to step 813, where the system controller 56 executes 'NA' from the system program ROM 54 based on the determination that the terminal code TC cannot be read.
C" code is taken out and transmitted to the terminal 41 side via the output buffer 61, output controller 62 and I10 terminal.

Then, on the terminal 41 side, the card type code or "N A C" signal sent from the card 11 side via the I10 terminal is received in step A15, and is stored in the working RAM 73. and,
Proceeding to step A16, the main controller 77 determines whether the write data in the working RAM 73 is correct for this terminal 41. If it is determined to be '1/es in this step A16,
Proceeding to step A17, the main controller 77 determines that the data written in the working RAM 73 is
Determine whether or not. In this step A17, NOl
In other words, the data sent from the card 11 side is ``N''
A C” de na (, card application name AP
If it is determined that the card type code includes N and card status data ST, steps A18 and A1
The process advances to a card type determination flow as shown in 9.

On the other hand, if NO in step A16 or A17
If it is determined Yes in step A20, the number of times the determination is No in step A16 and Yes in step A17 is n times (for example, n-2).
It is determined whether or not it has been reached. In this case, the number of times the determination is No or Yes in step A16 or A17 is stored as count data in the working RAM 73, and by checking the value of this count data in the main controller 77, A judgment is made.

If the determination in step A20 is No, the process returns to step A14, where the terminal code TC is transmitted to the IC card 11. On the other hand, if the answer in step A20 is Yes, that is, it is determined that the signal content transmitted from the card 11 side does not correspond to this terminal 41, or the card 1
If it is determined that the signal transmitted from side 1 is the "N A C" signal and that the terminal code TC is already unreceivable at the time of step BIO above,
The main controller 1 - roller 77 sends a control command to the reader/writer controller 80 to flick the plunger in the reader/writer mechanism section 102 and remove the IC card 11 .
drain and sever that connection.

As a result, even after the IC card 11 starts normal operation by setting the initial parameters on the terminal 41 side, if data exchange of the terminal code TC and card type code is not performed successfully, the card → terminal malfunctions. As a countermeasure, the connection with the card 11 is cut off, and the trouble is prevented from occurring.

Application Name Determination Process> Next, the card type determination operation in steps A18 and A19 will be described.

FIG. 19 shows the above-mentioned card type determination operation in detail. First, in the above-mentioned step B12, the card
In step A19a, the card type code (application name APN) sent from the side and stored in the working RAM 73 is taken out by the main controller 77, and the application name APN and its usage type stored in advance in the terminal attribute ROM 75 are retrieved. Determine whether there is a correspondence relationship. Here, assuming that the terminal code TC of this terminal 41 is a merchant code and the application name APN is for example for abc bank store installation, the application name APN of the card type code sent from the card 11 side is, for example, abc bank deposit. If it is the ABC Bank CD branch for deposits and withdrawals, it is determined in step A19a that the two application names match, and step A21
Proceed to the subsequent information exchange process. In step A21, the IC currently installed in step A19a is
Based on the judgment that the card 11 matches the type of the terminal 41, the card 11 enters the system program ROM 7 for the first time.
4, the formal instruction code is transmitted to the extraction card 11 side.

On the other hand, if the application name APN of the card type code transmitted to the terminal 41 side in step B12 is, for example, an xy credit card for general shopping, it is determined that the card types do not match in step A19a, and step The process moves to card ejection processing in A22. In step A22, the main controller 77 sends a control command to the reader/writer controller 80 based on the determination in step A19a that the type of the currently installed IC card 11 does not match the terminal 41. As a result, the plunger in the reader/writer mechanism section 102 is flicked, the IC card 11 is ejected, and the connection is severed.

At the same time, a control command is also transmitted to the display drive controller 78 to cause the display unit 44 to display that the card types do not match. In the above embodiment, the application name APN is the terminal attribute ROM7.
Although the application name APN is stored in advance in the working RAM 55, the application name APN may be written into the working RAM 55 by inserting a startup card after the terminal is powered on.

As described above, for example, if the purpose of use of the IC card 11 does not match the type of the terminal 41, the connection with the card 11 is cut off before the actual information exchange takes place, so terminal malfunctions etc. It is possible to prevent troubles from occurring.

<Instruction code determination process> Next, after the above card type determination operation, the terminal 41
The terminal command confirmation operation when an instruction code is sent from the card 11 side to the card 11 side to perform actual information exchange processing will be explained.

FIG. 20 shows the terminal command confirmation operation in detail. First, in step A14, the working RA of the IC card 11 that has already been sent from the terminal 41 side is shown in FIG.
The terminal code TC stored in M55 and the command code (COM> sent in step A21 (information exchange start step) in FIG. 19 above are
In step B14, arithmetic processing is performed using a predetermined relational expression. Then, in step B14, the terminal code TC' and its instruction code (C
In step B15, a comparison is made to determine whether or not the OM-) have a normal correspondence relationship. Here, the terminal command code (COM') sent in step A21 is, for example, a PIN comparison verification command (P
INC.

mpare), it is determined in step B15 that the terminal instruction code matches (TC-PIN Compare).

Furthermore, if the terminal instruction code is, for example, a PIN write instruction (PIN Write), the terminal instruction code mismatch (T
C-≠PIN Write'). That is, the terminal code TC in step B15 above
The comparison result between - and its instruction code COM= is the second
It follows the correspondence table between terminal codes and instruction codes as shown in Figure 1, and a match is determined only when the instruction code (indicated by an O symbol) that should exist in each terminal is sent to the card side. If an instruction code that should not exist is sent, a mismatch is determined. Then, in step B15, when it is determined that the terminal code TC' and the instruction code COM' match, the process proceeds to step B16, where the instruction code whose correspondence with the terminal 41 has been confirmed (in this case, the PIN code comparison In accordance with the command), for example, the comparison unit 63 compares the password inputted from the terminal 41 with the PIN stored in the data memory 65 of the card 11. If the compared personal identification numbers PINs match, the process moves to information exchange processing for monetary transactions. On the other hand, if it is determined in step B15 that the terminal code TC' and the instruction code COM' do not match, the process proceeds to step B17, where the system controller 56 sends the command sent to the terminal 41 in step A21. It is notified that the code is an error instruction code that does not correspond to the terminal code T'C, and the system program ROM 54 or data memory 65 is locked to prevent unauthorized reading or rewriting of the memory contents. Therefore, for example, by applying some kind of modification to the terminal 41 side, the attached IC card 11
Even if an attempt is made to illegally use the contents of the
A C card system can be realized.

Card Status Registration and Confirmation Process>Next, this I
The card status registration function in the C card system will be explained.

FIG. 22 is a flowchart showing the card status registration function and its confirmation operation.
At the point in time when manufacturing of the IC card 11 is completed in step 101, a manufacturing completion status is written in the data memory 65 of the IC card 11 at the card manufacturing terminal 12 as shown in FIG. 1, for example. After completing the card 11 manufacturing process, proceed to the card issuing process and insert the IC card 11 into the card issuing terminal 22. At step △102, the terminal 22 stores the information in the data memory 65 on the card 11 side. The status data ST is read and it is determined whether there is a manufacturing end status or not.

If it is determined Yes in this step AlO2,
After finishing the predetermined card issuing process, step AlO
Proceeding to step 3, the card issuing terminal 22 further writes an issuing process completion status into the data memory 65 within the card 11. After completing this card issuing process, proceed to the PIN registration process and insert the IC card 11 into the PIN registration user terminal 32.
First, in step AIO4, the terminal 32 reads the status data ST in the data memory 65 on the card 11 side and determines whether or not there is an issue completion status.

If it is determined Yes in this step AlO4,
After completing the predetermined PIN registration process, step AlO3
Then, the user terminal 32 writes the PIN registration status into the data memory 65 in the card 11. After completing this PIN registration process, proceed to the in-store usage process and insert the IC card 11 into the in-store terminal 41 as shown in FIG.
Eight pieces of status data in the first side data memory 65 are read and it is determined whether there is a PIN registration status or not.

If it is determined Yes in this step A106,
Proceeding to step Δ107, the product can be purchased at the store. Here, FIG. 23 shows the code contents of the card status data ST stored in the data memory 65 of the IC card 11. Among the 8-bit codes, b is written in the step Al01 at the end of the manufacturing process. The bit indicating the status, C, is the bit that indicates the status in step A above.
A bit indicating the PIN registration status written in step AlO3, and d indicating the issuance process completion status written in step AlO3. Furthermore, this status data ST includes a bit in a indicating that the verification number was incorrect three times in a row, a bit in f indicating a condition in which there is no write item area in response to a write command from the terminal 41, and A bit indicating the invalid state of the card is provided in h. e and Q are unused bits.

The manufacturing process completion status is not written, that is, 1'' is set in bit area b in FIG. 23 above.
Or, when proceeding to the PIN registration process, the IC card 11
If it is determined that the issue process end status is not written in the data memory 65 of the data memory 65, that is, 1'' is set in the bit area d in FIG.
Proceeding to O3, each terminal 22 or 32 determines that the process that should have been completed has not been completed, and that there is a possibility of unauthorized use of the system.
The first flag 64 is turned off so that the system controller 56 is virtually unable to control it. This invalidates the card itself. Furthermore, the above step A1
06: No, that is, when proceeding to the in-store usage process,
If it is determined that the PTN registration status is not written in the data memory 65 of the IC card 11, that is, rr 1 It is set in the bit area C in FIG. Since it is not possible to verify the identity of the person using the personal identification number PIN, it is impossible to purchase a product, and PIN registration in the PIN registration process is inevitably required. However, in this case, the first
As explained using the diagram, in order to register a PIN on the user terminal 32, the verification number IPIN, which is sent directly from the issuer to the user by separate mail, is required as a key code that includes the PIN. For example, if this IC card is stolen by a third party, the PIN can never be registered, making unauthorized use impossible. As a result, even if, for example, an attempt is made to use an IC card that has not gone through the official card manufacturing, issuing, and PIN registration route, the card status data ST in the card internal data memory 65 is checked each time. It becomes possible to prevent crime. On the other hand, bit areas a, f, h in FIG.
By appropriately displaying and using the information on the terminal when actually using the card, it is possible to reduce the occurrence of troubles caused by, for example, manually entering the wrong PIN key.

Therefore, according to the IC card system configured as described above, step B3 in FIG. 6 (Δ) above is first performed.
→For A2 to A5, the data ROM on the card 11 side
When connected to the terminal 41, the signal response time setting data corresponding to the card's own data processing capacity, which is stored in advance as answer-to-reset data in the card 52, is stored in the initial parameter RAM 7 on the terminal 41 side.
6, and when transmitting to the IC card 11 in step A7 of FIG. A response signal is received from the IC card 11 according to the response signal waiting time based on the response time setting data, and if there is no response signal from the card 11 side within the above waiting time, the card ejection processing flow starts from step A13. Since the connection between the card terminal 41 and the IC card 11 is cut off after proceeding to step 1, it is possible to perform speedy information exchange that always matches the signal response time on the card 11 side.
For example, an abnormal response signal that is output from the card 11 side beyond the waiting time of the response signal described above is not received by the terminal 41 side because the connection with the card 11 is cut off in advance, so it is not received by the terminal 41 side. It is possible to prevent information exchange processing from being performed.

[Effects of the Invention] As described above, according to the present invention, in advance, in the IC card,
The card stores signal response time setting data that is determined according to its own data processing ability, and when the card terminal sends a message to the IC card, the response signal from the IC card is transmitted as described above. The response signal is received according to the response signal duration based on the signal response time setting data stored on the card side, and if the response signal from the IC card is not received within the response signal duration, the card terminal and the IC card I configured it to break the connection, so
For example, even if the signal response speed changes as the performance of IC cards increases, it is possible to set the waiting time for response signals on the card terminal side depending on each type of IC card, and only within the regular signal response time. By exchanging data with the IC card, reception of abnormal signals can be prevented, and information can be exchanged accurately with all cards.

[Brief explanation of the drawing]

FIG. 1 shows the production and issuance of an IC card in an IC card system according to an embodiment of the present invention, and the PIN number (P
FIG. 2 is an external configuration diagram showing the IC card and its card terminal in the above IC card system; FIG. 3 is a diagram showing the circuit configuration of the IC card in the above IC card system; FIG. The figure is above I
A diagram showing the circuit configuration of a card terminal in the C card system, FIG. 5 is a flowchart showing a simplified overall flow of operations in the above IC card system, and FIGS. 6 (A) to (C) show operations in the above IC card system. A flowchart showing the overall flow in correspondence between the card terminal side and the IC card side.
An overall configuration diagram showing the answer-to-reset data stored in the card. Figure 8 is a diagram showing the code contents of the initial byte TS in Figure 7 above. Figure 9 is a diagram showing the format byte in Figure 7 above. 10 is a diagram showing the code content of the interface byte TA1 in FIG. 7, FIG. 11 is a diagram showing the code content of the interface byte TB1 in FIG. 7, and FIG. The figure shows the code contents of the interface byte TCI in FIG. 7, FIG. 13 shows the code contents of the interface byte TDn in FIG. 7, and FIG. 14 shows the code of the interface byte TA2 in FIG. 7. A diagram showing the contents, Figure 15 is the interface byte T in Figure 7 above.
Figure 16 shows the code content of interface byte TC2 in Figure 7. Figure 17 shows the terminal code (TC) stored in the card terminal transmitted to the IC card side. Figure 18 is a diagram showing the data format when the card application name (AP
FIG. 19 is a diagram showing the data format when transmitting N) and card status data (ST) to the card terminal side. 20 is a flowchart showing the terminal command confirmation operation executed based on the terminal code and terminal command code transmitted from the card terminal on the IC card side in the above-mentioned IC card system. , FIG. 21 is a diagram showing the correspondence between the terminal code and the terminal command code in the terminal command confirmation operation, and FIG. 22 is a flowchart showing the card status registration function in the above IC card system.
FIG. 23 is a diagram showing the code contents of card status data (ST) stored in the IC card. 11...IC card, 41...card terminal,
42... Card insertion slot, 51... Terminal system bus, 52... Data ROM, 56... System controller 1 roller, 61... Card output buffer, 65
...Data memory, 71...Terminal system bus, 76...Initial parameter RAM, 77...
- Main controller, 80... Reader/writer controller, 89... Terminal input buffer, 101
...Timer, 102...Reader/writer mechanism section.

Claims (1)

[Claims] In an IC card system comprising an IC card and a card terminal to which the IC card is installed, means for storing setting data for a signal response time determined according to the data processing capacity of the card itself in the IC card, and a terminal side means for setting a waiting time for a response signal from the time of signal transmission based on signal response time setting data stored in the IC card; means for determining whether or not a response signal from the IC card is received within the waiting time of the response signal;
An IC characterized by comprising means for cutting off the connection between the card terminal and the IC card if a response signal from the C card is not received within the waiting time of the response signal, thereby preventing the exchange of erroneous data. card system.