JPS63247888A - Ic card - Google Patents

Abstract

PURPOSE:To discriminate whether a password is true or not or inquire about history information by the offline operation of only a card by giving a function deciding whether the password is true or not, and a function retrieving history information. CONSTITUTION:An IC card 1 is provided with a keyboard 2 as the information input means, a display part 3 as the information display means, an IC 4, a power supply part 5A, and external connection terminals 6A-6E. Transaction history information is stored in an EEPROM 48 through a CPU 41. A password number is inputted from the keyboard 2, and it is discriminated by the CPU 41 whether the inputted password number is true or not. Further, transaction history information stored in the EEPROM 48 is displayed on the display part 3.

Description

DETAILED DESCRIPTION OF THE INVENTION (Field of Industrial Application) The present invention relates to an IC card, and particularly to an IC card with an enhanced function to prevent unauthorized use.

(Prior Art) Magnetic cards having a magnetic tape (magnetic stripe) on the surface have conventionally been widely used in financial institutions, the credit industry, and the like. However, since magnetic cards can store only a small amount of data, there is little room for storing transaction history, etc., and they only store data for verifying the identity of the person, making them less convenient. It was lacking in quality. Furthermore, since the contents of the stored data can be read relatively easily by a malicious person, there is a high possibility that the lost card will be misused by a malicious person. Therefore, various IC cards have been proposed to prevent such unauthorized use.

Conventionally, as this type of IC card, the
There was something described in No. 91. This IC card is
microprocessor (μP), random access memory (hereinafter referred to as RA), and read-only memory
The card body has one or more chips built into an IC (integrated circuit) such as a memory (hereinafter referred to as ROM).

In this type of IC card, by incorporating an IC with active elements into the card itself, it is possible to generate a wide variety of signals for each card, and this allows the authenticity of the card and the person presenting it to be detected. It can be determined most accurately and automatically. In addition, since the identification device is composed of an IC, it is suitable for mass production and mass handling.Furthermore, since it uses an IC, it cannot be easily counterfeited, and there is no risk of malfunction due to external disturbance due to magnetism, unlike a magnetic card. Moreover, it has the advantage that the magnetic pattern is not easily erased.

<Problems to be Solved by the Invention> However, the IC card having the above configuration has the following problems.

■ When determining the authenticity of the presenter, the PIN code is applied as a signal from another input means such as a verification machine, and compared with the information read from the card, so there is no secret information outside the card. is output, and it is relatively easy to forge.

■ For example, when using a transaction card at a financial institution such as a bank, it is necessary to enter the PIN code from the bank's terminal equipment, making it impossible to eliminate congestion at bank counters.
I am not able to improve the speed of input operations.

■ For example, when used as a transaction card, transaction history cannot be stored within the card.

The microprocessor (μP) solves this drawback.
In addition to this, an IC card has also been proposed that has a built-in semiconductor memory (■C memory) inside the card.

However, even in this configuration, writing to and reading from memory is performed via a terminal device (hereinafter referred to as a card reader/writer) that is connected to the card and can exchange information with the card. Even when checking the transaction history stored in the card, the card
It is essential to connect the card to a reader/writer, and the card has the disadvantage that it is not possible to check the transaction history on its own.

The present invention provides an IC card that solves the problems of the prior art, such as being relatively easy to forge, not being able to perform input operations quickly, and not being able to display history information on the card alone. It is something to do.

(Problems to be Solved by the Invention) In order to solve the above-mentioned problems, the present invention provides an I.
In an IC card with a built-in C, an information input means for inputting information including password information, an information display means for displaying the information externally, a history information storage means for storing history information, and a history information storage means for storing the said password information. The card body includes a password information storage means, a logic processing means, a power supply means for supplying power, and an external connection means for exchanging signals with the outside. Here, the logical processing means includes a determination processing section that determines the authenticity of the password information and stores the determination result in the password information storage means, and a determination processing section that determines the authenticity of the password information and stores the determination result in the password information storage component, and displays the history information stored in the history information storage component. It has a verification processing section that displays the information on the means.

(Operation) According to the present invention, since the IC card is configured as described above, the information input means inputs the password information, and the logic means can determine the authenticity of the input password information. Further, by displaying the transaction history information using the information display means, the transaction history can also be verified using the card alone. Therefore, the above-mentioned problem can be eliminated.

(Embodiment) Fig. 1 is a circuit block diagram of an IC card showing an embodiment of the present invention, and Figs. 2 (A) and (B) are external views of an IC card incorporating the circuit of Fig. 1. FIG. 2(A) is a surface view of one side, and FIG. 2(8) is a surface view of the opposite side.

As shown in FIG.
4. It has a power supply section 5 as a power supply means, and an external connection terminal 6 as an external connection means, which are provided in the card body made of an insulating thin plate.

Here, the keyboard 2 is an input section for inputting a personal identification number, which is personal identification information, and information for instructing a function (operation) to the IC card. Display section 3
displays when inquiring the transaction history stored in the card, confirms the entered key, and provides guidance for instructing key operation procedures, etc. It consists of a liquid crystal display (hereinafter referred to as LCD). The IC4 has functions as a history information storage means, a password information storage means, and a logic processing means. For example, the IC4 has functions such as a central processing unit (hereinafter referred to as CPU) and memory for performing various controls in one chip. It consists of a built-in microcomputer. The power supply section 5 is for supplying power to each circuit section of the IC card 1 when the IC card 1 is operated by itself (hereinafter referred to as offline operation), and is composed of, for example, a solar cell. . The external connection terminals 6 are a group of terminals used when the IC card 1 is connected to a card reader/writer to exchange information with an external device (hereinafter referred to as online operation).

As shown in FIG.
4 has a CPU 41, to which is connected a circuit voltage detector 42 for detecting the 4iDO path voltage, and a switching circuit 43 for switching between an external power source and an internal power source based on the output of the circuit voltage detector 42; Voltage detector 42
A clock selection circuit 44 is connected which switches between an external clock signal and an internal clock signal based on the output of . An internal oscillator 45 for generating an internal clock signal is connected to the tarlock selection circuit 44. The CPU 41 also includes a ROM 46 for storing programs, etc., a RAH 47 used as a program work area, and an electrically erasable programmable ROH (hereinafter referred to as EEPROM).
) 48 is connected to it, and a drive circuit 49 for driving the display section 3, a keyboard 2, etc. are also connected thereto.

An internal power supply 5A constituting the power supply section 5 is connected to a switching circuit 43. In addition, the external connection terminal 6 is connected to the circuit voltage VDD.
Terminal 6A for inputting clock signal Cl-0CK, terminal 6B for inputting clock signal Cl-0CK, terminal 6C for input/output data I10, terminal 6D for reset signal RESET, and ground potential GND.
It has a terminal 6F for use.

The operation of the IC card 1 configured as above is described in (1)
Offline operation, (2) a specific example of offline operation, and (3) a specific example of online operation will be described below.

(1) Offline operation In FIG. 1, when the external connection terminal 6 consisting of terminals 6A to 6E is not connected to an external device, the offline mode is entered. In this offline mode, when the circuit voltage detector 42 detects that the circuit voltage VDD is not supplied from the terminal 6A, the switching circuit 43 is opened and the internal power supply 5
At the same time, the clock selection circuit 44 outputs the output of the internal oscillator 45 to the CPU.
141 clock, and offline operation is possible under the control of a program stored in the ROM 46. As a result, it becomes possible to input data from the keyboard 2, display on the display section 3 by the drive circuit 49, and read/write data to the EEPROHJ 8 as required.

(2) Specific example of offline operation Figures 3 (1) and (2) show flowcharts of the offline operation in Figure 1. The following offline operation is performed according to the program stored in the ROM 46 in Figure 1. executed.

First, when the clear key on the keyboard 2 in FIG. 1 is input, "Torihiki?/Shokai?" is displayed on the display section 3 to request the operator to select a function (step
0, 101). If you press "Trade" on the keyboard 2 to select the transaction function, the operation will be performed according to FIG. 3 (1), and if you press the "Verification" key on the keyboard 2 to select the verification function, It operates according to FIG. 3 (2).

<i> When the transaction function is selected (Fig. 3 (1)), in order to count the number of incorrect inputs of the password (hereinafter referred to as the NG number), the storage section (which is allocated in the EEPROHA 8 in Fig. 1) is stored in advance. The contents of the EEPROHNG flag (hereinafter referred to as the EEPROHNG flag) are read out, and if the number of NGs has reached three, the display unit 3 displays ``Trial Awareness'' and the process ends (step 104). If the number of NGs has not yet reached 3, the display section 3 displays "Unsold" and requests the password input (step 102).
~105).

Each time the operator enters his or her own PIN in response to a PIN input request, the entered numeric value is memorized, and when the operator has entered the last digit of his or her PIN, the "" button on the keyboard 2 will be displayed. Press the “Finish” key to proceed to the password confirmation process (
Steps 106-101).

If the PIN entered by the operator matches the PIN registered in advance in the card memory, a password is assigned in advance in the EEPROH 48 to remember that the PIN was entered correctly. Storage unit (hereinafter referred to as
The correctness is stored in the EEPROM OK flag (for example, set to "1"). Next, the current final balance is displayed on the display unit 3, and then a message indicating that transactions are possible is displayed as "Torihiki wo dozo", and the offline operation is ended (steps 108 to 111).

Banks, etc. process deposit withdrawals, etc.! [If the transaction is to be conducted with a bank, the IC card 1 with the EEPROHOK flag set in offline operation is inserted into a bank terminal, and online operation is performed. The terminal device senses the EEPROHOK flag in IC card 1 and
Since the K flag is set, it is determined that the person presenting the card is the genuine card holder, and transaction processing is permitted. After the transaction processing is completed, the EEPR is updated in preparation for the next transaction processing.
After setting the OHOK flag by the terminal device and clearing the NG count to 0, the IC card 1 is returned. That is, in order to perform transaction processing again, it is necessary to input the password again and set the EEPROHOK flag. Note that the card operator is configured so that it is not possible to search whether the EEPROHOK flag is set or not, so the operator can check whether the transaction is possible or not when entering the password without making any mistakes. It will be determined that it has been carried out.

If the FEPROHOk flag is not set,
When C card 1 is inserted into a terminal device, the terminal device is an IC
When the EEPROHOK flag in card 1 is sensed, the EEPROHOK flag is not set, so the number of NGs stored in IC card 1 is read out, and if the number of NGs has not reached 3, the operation Since there is a possibility of a mistake, I instruct the user to try again and return the IC card 1. When the number of NGs is three, it is determined that the person presenting the card is a fake card holder, and appropriate measures are taken, such as issuing a warning or confiscating the IC card 1. Note that if the EEPROHOK flag is not set, the transaction process, especially the withdrawal process, is never performed.

However, since deposit processing does not result in a loss for either the true card holder or the financial institution, the system may be configured so that only deposit processing can be performed.

In the password confirmation process of step 108, if the password entered by the operator does not match the password registered in the storage section in the error card, 1 is added to the number of NGs (the EEPROHNG flag is set to 1). (step 112), the process returns to step 103.

(ii> If you select the inquiry function (Fig. 3 (2)) 3rd
When the "inquiry" key on the keyboard 2 is pressed in response to a selection request for the function of step 101 in FIG. 3 (1), the process moves to the inquiry step (102A) in FIG. 3 (2).

In addition, in the processing step of FIG. 3(2), FIG.
For example, steps common to step 1) include 103A.
The reference numeral A is given as in , and the explanation of its operation will be omitted.

In step 103A, read out the number of NGs and
If the number of times has reached three, a message indicating that the process cannot be handled is displayed and the process ends. If the number of NGs has not yet reached 3, you will be asked to enter your password, and if the PINs do not match, the number of NGs will be counted up and the process will proceed to step 10.
3A, and if the passwords match, the balance is displayed (steps 103A to 113). In other words, transaction history information cannot be inquired unless the PIN numbers match, so security is high.

Next, enter the “#” key on keyboard 2,
Every time a transaction process is executed, transaction history information stored in a predetermined area of the EEPROM 48 is sequentially read out and displayed on the display section 3.
to be displayed. In other words, the first "#" key will display the date of the most recent transaction made manually.Step 1
14-115), the second "#" key to manually display the transaction amount Stella1116-117), the third "#" key to display the transaction amount manually
#” key Manually display the summary such as the distinction between deposits and withdrawals (steps 118 and 119), and the display for one transaction is finished.

If you continue to press the "#" key, the display will move to the history of the previous transaction, first displaying the date, then displaying the amount, then displaying the summary, then displaying the history of the previous transaction, etc.
The history display is repeated.

Although not shown in FIGS. 3 (1) and (2), when the clear key on the keyboard 2 is input at any step position, the process is initialized and the function of step 101 is started. It is desirable to return to the selection request. Then, if you do not want to stop inquiring the transaction history, you can exit the transaction history inquiry state by inputting the clear key at any time. Of course, even if this is not done, it is possible to exit from the transaction history inquiry state by requesting an input after step 119 as to whether or not to continue the inquiry function.

In this embodiment, the configuration was explained in which the "#" key is input three times to inquire the transaction history of one transaction, but by manually inputting the "#" key once, the transaction history of one transaction It is also possible to have a configuration that displays everything at once. In addition, in this embodiment, if the PIN is entered incorrectly three times, the
Explanation of the configuration in which, if C Card 1 is confiscated, in order to be able to use it again, the user must prove that he or she is the true owner at a bank counter, etc., and clear the NG count to zero. However, by performing the online operation shown in FIG. 4, which will be described later, it is possible to increase the permissible number of incorrect inputs of the PIN number to six.

(3) Specific example of online operation FIG. 4 shows a flowchart of the online operation shown in FIG. 1, in which the following online operation is executed according to instructions from the terminal device. In addition, in this FIG. 4, for ease of explanation, the EEPRO) 148 in the IC card 1 is
Only the processes that are accessed to check security are shown.

First, confirm transaction OK to EEPROH48 in IC card 1.
In addition to pre-allocating the flag (EEPROM OK flag) and NG count flag (EEPROHNG flag), the invalid attempt count flag (EEPRO)
l Invalid attempt count flag) is also assigned in advance,
The number of times an IC card 1 whose flag is not set to transaction 0 is connected to a terminal device to perform transaction processing is stored. That is, in step 130, if the terminal device reads the value of the number of fraudulent attempts flag and the number of fraudulent attempts has reached two, appropriate measures such as issuing an alarm are taken. If the number of fraudulent attempts has not yet reached 2, check whether the transaction OK flag is set (step 131); if the transaction OK flag is set, the card presenter is the genuine cardholder. It is determined that the EEPR in IC card 1 is
After clearing to zero all of the transaction OK flag, NG count flag, and fraudulent attempt count flag assigned to OH48, the transaction process is executed (steps 132 to 1).
34).

If the transaction OK flag is not set, check whether the number of NGs has reached 3 in step 135.
), if the number of times has not reached 3, instruct retry and IC
Return card 1. When the number of NGs has reached three, the previous history of fraudulent attempts is checked (step 136). In other words, if the number of unauthorized attempts is 0, instead of clearing the NG number flag to zero and enabling offline operation of the IC card 1, the number of unauthorized attempts flag is set to 1 and a retry is instructed. Return IC card 1 (Step 1)
37°138). As a result of checking the previous history of fraudulent attempts in step 136, if the number of fraudulent attempts is 1, then the number of incorrect PIN inputs, that is, the number of NGs, is 3 compared to the previous fraudulent attempt.
The total number of fraudulent attempts is 6, so add 1 to the number of fraudulent attempts to make it 2, and in order to be able to use the card again, the true owner must be verified at a bank counter etc. After proving this, it is notified that the number of NGs and the number of fraudulent attempts must be cleared to zero (step 139).

Note that the present invention is not limited to the illustrated embodiment, and various modifications are possible. Examples of such modifications include the following.

(a) In the above embodiment, the case where the allowable upper limit for the number of NG attempts is set to 3 and the allowable upper limit for the number of fraudulent attempts is set to 2 is explained, but each value may be changed as appropriate depending on the purpose. can.

(b) Although numbers are used as passwords, letters are not limited to numbers, and letters can also be used.

(c) Microprocessor (μP), R as IC4
Although a one-chip IC in which AM and ROM are integrated into one chip is used, a plurality of chip ICs may be used.

(d) Although a liquid crystal display was used as the display section 3,
It is also possible to use other display devices such as electrochromic displays.

(e) The power supply section 5 may use batteries other than solar cells.

m In the above embodiment, the EEPROM stores the transaction OK flag and the NG count flag, and the EEPROH stores the transaction history information, the fraudulent attempt count flag, etc.
the same memory device area as EEPROH
Although we will explain the case where it is set in the 48 area, transaction history information and fraud attempt count flag are set during online operation.
In other words, writing to the EEPROM is performed while power is being supplied from the terminal device via the circuit voltage terminal 6A, whereas the transaction OK flag and NG count flag are written during offline operation, that is, when power is supplied from the internal power supply 5A. The EEPROH must be written to using only the EEPROH.

By the way, writing to EEPROH requires the largest amount of power compared to reading, so the internal power supply 5^
In order to write to the EEPROH only by supplying power from the EEPROH, difficulties arise, such as the need to considerably increase the power capacity of the internal power supply 5A. However, IC card 1
In order to maintain the thinness that is standardized for conventional magnetic cards, there are considerable restrictions on the internal power supply that can be stored. In order to solve this difficulty, the EEPROH for the transaction OK flag and NG count flag uses only 4 bits of EEPROH.
It is desirable to provide PROH separately from other EEPROs (148).

(Effects of the Invention) As described in detail above, according to the present invention, an IC card is provided with an information input means, an information display means, a history information storage means, and a power source supply means, and the authenticity of the password is stored inside the card. Since the card has a function to determine the identity of the card and a function to search history information, it is possible to determine the authenticity of the password and inquire about the history information by offline operation of the card alone, without connecting it to a terminal device or the like. Therefore, when using a transaction card at a financial institution, etc., security is high because you can set the PIN key at home etc. in advance, and the process at the financial institution's counter is smooth, so the counter is crowded. It also has the convenience of being able to be used in place of a household account book, as transaction history can be viewed at home. Similar advantages also exist when used as a prepaid card for a card shopping system.

[Brief explanation of the drawing]

FIG. 1 is a circuit block diagram of an IC card showing an embodiment of the present invention, FIGS. 2(A) and (B) are external views of an IC card showing an embodiment of the present invention, and FIGS. 3(1), ( 2) is a flowchart of offline operation in Figure 1, and Figure 4 is a flowchart of offline operation in Figure 1.
3 is a flowchart of the online operation of FIG. l...IC card, 2...keyboard, 3...display section, 4...ICl3.
...Power supply section, 6...External connection terminal.

Claims (4)

[Claims] 1. information input means for inputting information including password information; information display means for externally displaying information; history information storage means for storing history information; password information storage means for storing said password information; It has a determination processing section that determines the authenticity of the password information and stores the determination result in the password information storage means, and a verification processing section that causes the information display means to display the history information stored in the history information storage means. An IC card comprising: a logic processing means; a power supply means for supplying power; and an external connection means for transmitting and receiving signals to and from the outside. 2. 2. The IC card according to claim 1, wherein said history information storage means and said password information storage means are constituted by mutually separated electrically erasable programmable read-only memories. 3. 2. The IC card according to claim 1, wherein said history information storage means, password information storage means, and logic processing means are housed in a one-chip microcomputer integrated into one chip. 4. 2. The IC card according to claim 1, wherein said power supply means is constituted by a solar cell.