JPS62231352A - Ic card - Google Patents

Abstract

PURPOSE:To hold mutual security among information systems even in a card where plural information systems share the same card, by limiting an access to data, and lifting a restriction by a specified input, when the number of times of the mis-inputs of a password number exceed a prescribed number of times. CONSTITUTION:An IC card consists of a CPU1 that is a control means, a ROM2 having a storage area for plural password codes, an EPROM4 having plural error bit areas which store the number of times of the mis-inputs of the password code, and a RAM3 having the storage area group of a bit of information. The CPU1 checks an input code and the password code in the ROM2, and when a coincidence is obtained in a checked result, the storage area to which the password code is related, is accessed. When a mis-match is obtained in the checked result, the CPU1 counts the number of times of mis-matches and stores them at an error bit area, and when the number of counts arrive at a prescribed number of counts, the access to the storage area is prohibited. Also, the CPU1 nullifies the count in the error bit area when a specified signal is inputted, and the IC card is constituted so that it is possible to use the IC card safely even when the plural information systems share the same IC card.

Description

Detailed Description of the Invention (Industrial Application Field) The present invention relates to an IC card that is used for multiple purposes with multiple information systems coexisting in one card, and particularly relates to an IC card that is used for multiple purposes by having multiple information systems coexist in one card. The present invention relates to an IC card that can restrict access to data and release the restriction based on input.

Note that the IC card in this invention includes not only a flat-shaped IC card but also a tablet-shaped or rod-shaped one. In addition, the PIN number in this invention refers to a specific input signal for accessing an IC card that includes a code called a key code or secret code, and includes not only numerical numbers but also alphabetic characters, kana characters, etc. This also includes characters or symbols or a combination thereof.

(Prior art) When using a credit card, identification card, etc., a personal identification number is manually entered to confirm the identity of the individual.
It is common practice to allow access to information only if the correct number is entered.

To protect the secrecy of your PIN, limit the number of incorrect inputs.
An IC card has been proposed in which the card is locked and becomes unusable if incorrect input is made a certain number of times or more.

(Problem to be solved by the invention) However, it is preferable to make the IC card unusable (damage to the memory unit, etc.) because the PIN number has been input incorrectly a predetermined number of times, as it may also be due to a mistake in the user name, etc. isn't it.

Therefore, while the IC card is inserted into the input device, the number of incorrect inputs of the PIN number is temporarily stored in the volatile memory built into the IC card, and when the card is removed from the input device, the number of incorrect inputs is recorded. It is possible to volatilize the memory and reset it, but in this case, if the IC card is inserted repeatedly, the number of accesses will be virtually unlimited, and the purpose of ensuring the safety of the IC card is to limit incorrect input of the PIN number. will be lost.

In addition, if a non-volatile memory such as a ROM is built into the card instead of a volatile memory, and the number of incorrect inputs is permanently and cumulatively stored in this memory, the history of incorrect inputs of the I18 identification number can be completely memorized. However, instead, the number of incorrect inputs up to the previous time is recorded and remains, so the new number of incorrect inputs is counted as is, and there is a problem that the limit is quickly reached, making it impractical.

In particular, when a single IC card has multiple information systems and is used for multiple purposes,
In many cases, there are multiple business entities that manage the information systems built into C-cards, and there are issues of information security between business entities, and concerns about one's own company's security in the event that information is locked due to information management by another company. There is a processing problem.

Furthermore, incorrect input of a PIN number can be made not only by the card holder or administrator, but also by a third party involved in other information systems on the same card, so a means to reset it is necessary. Become.

(Means for Solving the Problems) Therefore, it is an object of the present invention to reduce the number of incorrect inputs of a PIN number by rewriting the number of times a PIN number is incorrectly entered, which Security is ensured by recording in a memory that cannot be permanently or easily rewritten, and even if the PIN is entered incorrectly a certain number of times, the IC card will not be damaged, and the number of incorrect entries can be canceled so that it can be used again. Our goal is to provide a practical IC card that can be used.

According to the IC card according to the present invention, the IC card includes at least a control means and a storage means, and the storage means stores a plurality of storage areas for storing information and a password defined in relation to each storage area. and a plurality of error pin areas for storing the number of incorrect inputs of the password, and the control means stores the input number and the defined password stored in the password area. If the verification means to be verified and the verification results of the verification means match, and the means for accessing the storage area to which the defined PIN number relates and the verification results of the verification means do not match, the number of times;
An error counting means to be stored in the error bit area, and a storage area that prohibits access to the storage area related to the defined PIN number when the error count means has counted a predetermined number of times. - locking means and means for disabling or setting said error bit area count by means of at least one specific input signal;

(Operation) According to the present invention, a plurality of storage areas are provided, a plurality of error bit areas are provided corresponding to one or some of the storage areas, and each storage area is accessed. When a password is input incorrectly, the number of incorrect inputs is recorded in the corresponding error bit area, and when the number of incorrect inputs reaches a predetermined number, the corresponding storage area is locked inaccessible. In this case, access to the storage area belonging to the error bit area that is not in the locked state can be performed normally.

The locked state can be released by using a specific password to make the locked storage area accessible again. Such locking and unlocking is performed independently for each of a plurality of error bit areas.

(Effects) Since a PIN code locks or unlocks only the related storage area, mutual security is maintained even if multiple information systems are installed on one card, and an unlock signal can be used to You can reset error counts for a particular information system to eliminate interference from locks from other systems.

Furthermore, a single card can be used safely with information systems provided by various business entities such as banks, department stores, hospitals, etc., creating a multifunctional and safe card for the card holder.

(Example) Embodiments of the present invention will be described with reference to the accompanying drawings.

Figure 1 shows the configuration of the IC card.
tJl) and memory section (ROM2.RAM3゜EPROM
4), which is formed from one or several chips of IC, and accesses data stored in the memory section via the control section. Figure 2 shows the interface (I) for connecting to a host computer to use an IC card.
C card reader/writer).

Next, the logical configuration of the memory of the embodiment will be explained with reference to FIG. The memory includes a group of storage areas for storing data, a PIN area for storing PIN numbers defined for accessing each storage area, and an error area for storing incorrect PIN inputs. A count area is required and a memory format mark area is provided to indicate that memory is being recorded.

1IaVL number area, error count area, etc. are stored in non-rewritable memory such as ROM to prevent alteration of recorded contents, or in EPROM (or EE) that cannot be easily rewritten by other means such as a program.
PROM, RAM) 4, etc.

A PIN is a personal code (ID code) determined by the individual so that it is not easily known to a third party, and an organization code determined by the bank or company that issued the credit card in the same way as for the personal card. code, issue code or unique manufacturing code (key).

These passwords are defined for each storage area in the storage area group, so, for example, it is not possible to read data in the storage area for company B using the password for bank A.

The control unit uses the PIN number recorded on the PIN number j-rear,
Error counting means that compares the input numbers and counts the number of incorrect inputs in the error call I~ area if the numbers do not match, and stores the count value when it reaches a predetermined value. It has storage area lock means for prohibiting access to the area, and reset means for invalidating the count in the error count area by a specific input signal.

Next, the relationship between the password area, error count area, and storage area AM shown in FIG. 3 will be explained based on FIG. 4. In the figure, the storage area group includes, for example, a first storage area that records data for bank A, a second storage area that records data for department store B, and a third storage area that records data for school C. It includes a fourth storage area for recording data for the D credit company. A plurality of these storage areas can be allocated for different courses, for example for ΔBank. Password numbers are defined in each storage area in a one-to-one correspondence, and different password numbers are used for each storage area.

The error count area is provided with an error bit area for recording the number of incorrect inputs in one-to-one correspondence with each password, that is, with each storage area.

FIG. 5 shows one of the error bit areas shown in FIG. 4 for explanation. In FIG. 5, the @ diagram shows the state of the error bit area where the number of incorrect inputs has not yet been written, and is in the state (111). If there is an incorrect input of the password, the lowest error bit (bit O) is inverted from 1 to O as shown in (c). When there is a second erroneous input, the writable second digit error bit (bit 1) is inverted from 1 to 0 as shown in the figure. If there is a third incorrect input, the third digit error bit (bit 2) will be entered in the same way as shown in the figure.
) is inverted from 1 to O. In this state, there are no unwritten error bits, meaning that the permissible limit of erroneous input has been reached, and this state is defined as a locked state.

The number of incorrect inputs may be cumulatively counted until the lock state is reached, even if the correct PIN is entered before the lock state is entered, and if the correct PIN is entered before the lock state is entered, The number of erroneous human efforts counted up to that point may be reset. Here, an example applied to the latter case will be explained based on FIG. 6.

In FIG. 6, first, in step 100, initial settings are performed by inserting the IC card into the input/output device, and then, in step 101, the secret number corresponding to the storage area to be accessed is input. Then step 10
In step 7, the error bit area corresponding to the storage area is read out, and in step 108, it is checked whether the number of incorrect inputs of the password is less than three times. If the determination is No here, the storage area is in a locked state, so an error will only be displayed in step 109; however, if the determination is YES.
If it is determined that this is correct, it is checked in step 111 whether or not it is correct. If it is determined to be correct, the corresponding error bit area is read out again in step 112, and it is checked in step 113 whether or not there is a count of erroneous inputs in that area. If there is a count, step 1
This area is reset in step 14, and if there is no count, the process directly advances to step 115, where it is checked whether or not the storage area in question is being read.

In the case of reading, data reading processing is performed in step 116, and if not, it is checked in step 117 whether or not it is writing. If writing is determined here, writing is performed in step 118, and if not writing, step 1
In step 19, other processing is performed and this flow is ended, or if another storage area is to be accessed, the process returns to (2), and if the same storage area is to be accessed again, the process is returned to (i).

If it is determined in step 111 that the PIN has been input incorrectly, the corresponding error bit area is read out again in step 122, and in step 123 or 125 it is determined whether the number of incorrect PINs entered is 0 or 1, respectively. If it is 0 times, the first time is recorded in step 124, if it is 1 time, the second time is recorded in step 126, and if other times, the third time is recorded in step 127.The number of incorrect inputs is recorded in the corresponding error bit area. do. When the number of incorrect inputs is recorded for the first time (step 124) and the second time (step 126), the process returns to ■, but when it is the third time (step 127), it is locked, so an error is displayed at step 128. If this flow is terminated or another rear is placed in the marlocked state (000) as shown in Section 7Iia(a), the memory area corresponding to the error bit area may be reused. Unlock and initial state (111)
The unlocking operation for restoring the state will be explained based on FIG. 8.

In FIG. 8, when an IC card is inserted into a device dedicated to unlocking, initial settings are first performed in step 195, and a password is entered in step 196, and then step 19
Step 7 reads out the error bit area corresponding to the PIN number. In step 19, check whether the number of incorrect inputs recorded in this error bit area is less than 3.
Check with 8. If it is determined to be YES here, a message indicating that it is not in the locked state is displayed in step 199 and the process ends;
If it is determined as o, it is in the locked state, so step 20
In step 0, a command to release the lock is input, and in step 201, the input of the unlock command is confirmed. Here, if the determination is NO, other processing is performed, but if the determination is YES, the required predetermined PIN and master code are input for the storage area in step 204, and in step 205, those input numbers are correct. Check whether or not. Here, if it is determined to be incorrect, a message to that effect is displayed in step 206 and the process ends; however, if it is determined to be correct, step 206
7 indicates that the input symbols are correct, and step 2
At step 08, the corresponding error bit area is read out, and at step 209, the error bit area is read out (111).
Then, in step 210, the completion of the reset processing is confirmed. If it is determined as YES here, the unlock completion is displayed in step 211.
If the answer is No, a message indicating that the unlocking process was unsuccessful is displayed in step 212.

Note that after inputting the two keys in step 204, it is confirmed in step 205 whether the input keys are correct, but it may be confirmed each time each key is input. Alternatively, step 200 may be replaced with a command input by inputting a master code, and step 201 may check whether the input master code is correct. In this case, step 204 is omitted and step 205 is a password input. Only the number will be confirmed. This change can be made in the same way in FIG. 9a. Furthermore, in step 204, you may input two keys consecutively, but only one master code.
It may also be used as a password.

FIG. 9 shows an embodiment in which an erasable memory such as an EEPROXV is used and the error count area is configured with one segment consisting of only two error bits. In this example, it is assumed that two bits represent two binary digits, and as shown in FIG. 9 (2), the initial state (zero number of incorrect inputs) is represented by (11), and the The number of incorrect inputs is (10).

The number of erroneous inputs for the second time is (01), and the number of erroneous inputs for the third time is (00), that is, the lock state is set. As a result, the lock is released and the storage area becomes usable, but if the key required for unlocking is input incorrectly, the storage area remains locked as shown in FIG.

Since this embodiment can be implemented according to FIGS. 6 and 8, a detailed explanation will be avoided here.

In the above description, a case has been described in which the storage area, password number, and error bit area are set in one-to-one correspondence, but the present invention is not limited to this. For example, as shown in Figure 10, the storage area group is divided into multiple groups, each group consisting of one or more storage areas, and all storage areas within one group are accessed with the same password. You can do it like this. For example, the first group is 4 for Bank A.
storage areas are allocated, a first storage area for deposits, a second storage area for loans, a third storage area for financial management services, and a fourth storage area for reserves. It can be used as Also, the second group assigns the fifth and sixth storage areas to Bank B for shopping and club use, respectively, and the third group C assigns the seventh and eighth storage areas to C School. assign. In addition, a similar method may be used to allocate storage areas to D credit companies and the like.

One error bit area and one password are set for each group.

The procedure for executing the embodiment shown in FIG. 10 will be explained based on FIG. 11. Since most of the operations in FIG. 11 are similar to those in FIG. 6, corresponding steps are indicated by the same reference numerals. This embodiment will be described below, focusing on the differences from FIG. 6.

In FIG. 11, after initial settings are made in step 100, a storage area to be accessed is specified in step 101. It is determined in step 102 whether or not the designated storage area exists, and if not, it is determined in step 103 whether or not the number of incorrect designations of the storage area is a predetermined number of times. If it is determined YES here, an error is displayed in step 104 and the process ends; however, if it is determined NO, in step 105 a message indicating that there is no designated area is displayed and the number of erroneous inputs is counted by one.

If it is determined in step 102 that there is a designated storage area, the error bit area corresponding to the storage area is read out in step 107, and it is checked in step 108 whether the number of incorrect inputs of the PIN number is less than three times. Check whether or not. If the answer is NO, an error is displayed in step 109, but if the answer is YES, the password is input in step 110, and step 11
1, it is checked whether it is correct or not. The steps from step 111 onward are exactly the same as those in FIG. 6, so the explanation will be omitted.

The unlocking operation in this embodiment can also be performed in the same way as the operation shown in FIG.

FIG. 12 shows an example in which the processing procedure shown in FIG. 11 is modified, and has substantially the same content as FIG. 11. Corresponding steps are therefore designated by the same reference numerals.

In FIG. 12, steps 100 to 109
The steps up to this point are the same as in FIG. In step 140, a command instructing successive processing, write processing, or some combination thereof is input, and in steps 115 and 117 it is determined which processing is to be performed. Step 1 for read or write
A password is input in step 10A or 110B, and it is determined in step 111A or 111B whether or not the input @identification number is correct. If it is correct, data reading or data writing processing is performed in step 116 or 118, respectively. The steps from the next step 112 to step 114 are the same as in FIG.

If it is determined in step 111A or step 111B that an erroneous input has been made, the process proceeds to step 122, and the process is executed up to step 128 in the same manner as in FIG.

In addition, in the above, if reading of the designated area does not require 1m authentication of the PIN number, steps 110A and 111A in FIG. After the determination is made, data read processing may be performed in step 116, and the process may be terminated without proceeding to step 112, or other processing may be performed.

FIG. 13 is a diagram showing another embodiment in which unlocking processing is also possible. In the figure, initial settings are performed in step 301, and a password and commands (storage area designation, read, write, unlock, and other instructions) are performed in step 302.
Alternatively, data is input, and in step 303 it is checked whether a password is input. Here, if it is determined that the PIN number has been entered, a check is made in step 304 to see if it is in the locked state, and if YES, an error display is displayed in step 305, and if NO, it is verified that the PIN number is correct. Then, the process returns to step 302.

If it is determined in step 303 that the input is not a PIN number, it is determined in steps 307 and 313 whether to read or write, and the error bit area corresponding to the storage area accessed in step 308 or 315 is read out. Then, in step 309 or 316, it is confirmed whether or not it is in the locked state. If it is locked, an error message will be displayed in step 310 or 317, but if not, the password will be checked in step 311 or 318, and then step 312 or 3 will be displayed, respectively.
Data is read or written in step 19 and step 3
Return to 02.

If it is determined NO in step 313, step 32
If the answer is 0, it is determined whether or not unlock processing is to be performed. If the determination is No, the process for that number is performed and the process returns to step 302.

When it is determined in step 313 that unlock processing is to be performed, the error bit area corresponding to the storage area is read out in step 322, and in step 323 it is determined whether or not it is in a locked state. If it is determined No here, an error is displayed in step 324 and the process returns to step 302, but if it is determined YES, the TM confirms that the PIN is correct in step 325, and then the lock is released in step 326. do. This process is performed in the same manner as the steps starting from step 204 in FIG.

In the embodiment shown in FIG. 10, a case has been described in which the password numbers are different from each other, but the password numbers may be shared by several groups.

That is, for example, the first password may be used to access the first to sixth storage areas, and the second password may be used to access the seventh to tenth storage areas. .

In this case, as shown in FIG. 14, the #1 PIN number is used for bank A and department store B, and corresponds to both the #1 error bit area and the #2 error pit area.

To count the #1 error pit area, read out the storage area number along with the password in step 111 of FIG. 11, and if at least one of them is input incorrectly,
The number of incorrect inputs is counted in the error bit area, which corresponds not only to the password but also to the storage area. Similarly, when unlocking, in step 205 of FIG. 8, the storage area number is input together with the password to specify the error pin 1 area to be unlocked. This embodiment has the advantage of allowing fine-grained locking and unlocking by memorizing a decimal password. Therefore, it is very useful to be able to configure and manage at least one password, multiple storage areas, and multiple error count areas corresponding thereto.

[Brief explanation of drawings]

Fig. 1 is a diagram showing an overview of an IC card, Fig. 2 is a diagram showing an interface host computer for using the IC card, and Fig. 3 is an allocation of the memory area of the IC card of this invention.

[Figure 4 is a diagram showing the main parts of the memory section in more detail, Figure 5 is a logic diagram showing an embodiment of the present invention, and Figure 6 is a procedure for executing processing according to the present invention. FIG. 7 is a logic diagram for explaining unlocking, FIG. 8 is a flowchart for explaining the procedure of unlock processing according to the present invention, and FIG. 9 is a logic diagram for explaining another embodiment of the present invention. 10 is an explanatory diagram showing another configuration of the memory section according to the present invention, FIG. 11 is a flowchart showing the execution procedure in the case of the memory configuration shown in FIG. 10, and FIG. Figure 13 is a flow diagram showing another embodiment of the present invention; Engraving (No change in content) Figure 1 Figure 2 Figure 3 Five-sided sword Fu Iv] Ham Gen Molick Procedure Amendment (Jibai Guhe 1. Incident Indication 1985 Patent Application No. 73185 @ 2 ) Name of the invention IC card 3, Relationship with the person making the amendment Patent applicant name Trappan Moore Co., Ltd. 4 Agent drawings Figures 1 to 14 (all drawings) attached to the application form Replace with the attached figures 1 to 14.

Claims (5)

[Claims] (1) It has at least a control means and a storage means, and the storage means has a plurality of storage areas for storing information;
The control means includes a password area for storing at least one password defined in relation to each storage area, and a plurality of error bit areas for storing the number of times the password is incorrectly input. collating means for collating the code stored in the code code stored in the code code area; means for accessing the storage area to which the code code relates when the matching result of the code code is a match; an error counting means for storing the number of times when the matching result of the matching means does not match in the error bit area; and when the error counting means counts a predetermined number of times, the password is An IC card comprising storage area locking means for prohibiting access to the storage area to which the code relates, and reset means for invalidating the error bit area count by at least one specific input signal. (2) The IC card according to claim 1, wherein a plurality of the PIN codes are provided, and each PIN code accesses a different storage area.
card. (3) In the IC card according to claim 2, the error bit area is provided corresponding to each of the personal identification codes. (4) In the IC card according to claim 2, the error bit area is provided corresponding to each of the storage areas. (5) The IC card according to claim (1), wherein at least one of the error bit areas is commonly used by a plurality of the storage areas.