TW413799B - Preloaded IC-card, system using preloaded IC-card, and method for authenticating same - Google Patents

Preloaded IC-card, system using preloaded IC-card, and method for authenticating same Download PDF

Info

Publication number
TW413799B
TW413799B TW88109224A TW88109224A TW413799B TW 413799 B TW413799 B TW 413799B TW 88109224 A TW88109224 A TW 88109224A TW 88109224 A TW88109224 A TW 88109224A TW 413799 B TW413799 B TW 413799B
Authority
TW
Taiwan
Prior art keywords
card
security module
signature
key
random number
Prior art date
Application number
TW88109224A
Other languages
Chinese (zh)
Inventor
Etienne Cambois
Original Assignee
Landis & Cyr Comm Sarl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Landis & Cyr Comm Sarl filed Critical Landis & Cyr Comm Sarl
Application granted granted Critical
Publication of TW413799B publication Critical patent/TW413799B/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Storage Device Security (AREA)

Abstract

A system comprising a card reader (1) with a terminal (3) and a security module (4) accepts a portable preloaded IC-card (2) having an integrated circuit (8) with a lock (9) to prevent unauthorised use of the IC-card (2), and a cash value unit counter content (10); which represents the cash value and is devaluated during a transaction at a stand alone point of sale. The IC-card (2) generates a card random number, whereas the security module (4) generates a security module random number. The IC-card (2) encodes the security module random number into a card signature, and the security module (4) decodes the card signature again to verify the authenticity of the IC-card (2). The security module (4) creates a security module signature from the card random number being decoded by the IC-card (2) to verify the authenticity of the security module (4). If the mutual authentication is positive, the lock (9) allows the payment transaction to take place.

Description

413799 經濟部智慧財產局員工消費合作社印製 Α7 Β7 五、發明說明(1 ) 本發明係關於如申請專利範圍第1、4及1 〇啦之預 存式i C卡及用於預存式I c卡與讀卡機之間交互確認之 系統以及確認方法。 存式I C卡及用於預存式I C卡與相關讀卡機之間交 互確認之系統係用於行動或公用電話、商品計費裝置、販 賣機、鎖售點等等。 1C卡係根據DE—PS 25 60 080及 DE — PS 25 12 935且今日廣泛用於世界各 地。讀卡機與I C卡之間的資訊交換可能在寫入已由資料 佔據的記憶體區時受阻。 W09 7/2 1 1 9 7說明習知技藝的預存式1 c卡 之付款操作,其會在付款操作之前辨識1 c卡及之後檢查 I C卡內容正確的扣除値。 US—A4,710,613揭示辨識系統檢查讀卡 機與I C卡之間的資料傳送之有效性。在I C卡插入讀卡 機之後,使用者會輸入個人辨識碼至讀卡機’讀卡機接著 使用R S A加密演繹法產生辨識碼資訊及計算I C卡處理 器處理辨識碼資訊所需的估計時間。讀卡器量測1 c卡處 理器處理辨識碼資訊所需的真正時間’且假使真正的處理 時間未符合估計時間時’則阻止進一步的資料傳送。 W〇9 4 2 4 6 7 3係揭示含有微處理器及分成頁之 非揮發性記憶體區之1 c卡°微處理器一次僅寫入一頁。 記愆體會將第一區非揮性記憶體分配給資料及將笫二區非 揮發性記惊體分®給狀態資訊。假使成功地執行资料釘入 --------LI! — I — I I I — I 訂- -------- (請先閱讀背面之庄意事項再填寫本頁) 本紙張尺度適用中0 ®家標準(CNS)A4規格(210 X 297公釐) -4- 經濟部智慧財產局員工消費合作社印製 413799 A7 ___B7___ 五、發明說明(2 ) 操作時,皰由將資料寫至第一區及將資訊寫至第二區以執 行資料寫入操作。此程序確認及表示完全完成資料傳送。 U S — A 5 ,5 7 2 · 0 0 4係說明使用預存式I C 卡以支付服務或貨品之付款方法,預存式I C卡會經由位 於讀卡機中的電子終端而與安全模組通訊。此方法確定 I C卡的正確扣除値及從I C卡傳送至讀卡機的安全模組 之正確額度- F R — A 2 5 8 0 8 3 4係揭示以遮蔽件保護 記憶體免於詐欺檢測。遮蔽件包括積體電路上的電阻層’ 電阻層係代表整合於積體電路中之惠斯登電橋的四個電阻 器之二個電阻器。對於遮蔽件的任何實體損害會由積體電 路感測到且積體電路將使任何進一步的接取無法致動。 這些具有密碼能力之I C卡可作爲電子錢包。在任何 交易發生之前,錢包或智彗卡的的所有人必須以個人辨識 碼向讀卡機終端證實自己的身份。假使個人辨識碼有效或 無效,讀卡機會呈現根據個人辨識碼之簽字給I C卡’接 著由I C卡檢查簽字。簽字也稱爲"密碼‘。在有效的個 人辨識碼的情形下,允許讀卡機繼續進行交易’舉例而言 ,讀取IC卡的額度及改變IC卡的額度以便支付交易。 相對地,預存式I C卡可當作錢一般使用’任何I c 卡的持有人會被授權使用I C卡而無須任何辨識。I C卡 的確認係由讀卡機配合安全模組執行*隨著讚卡機的数目 增加,將無法追蹤過時的讀卡機及仍然操作之安全校組的 正確位趙。經由詐欺方式竄改的諧丨丨機可將I c p的全部 -----------------------訂----------線 (請先閱讀背面之注意事項再填寫本頁) 本纸張尺度適用申國國家標準(CNS)A4規格(210x297公;s ) -5- 413799 A7 _B7 五、發明說明(3 ) (請先閱讀背面之注意事項再填寫本頁) 現金總額値扣光而非銷售點通知持卡者的正確總額並非法 地將有價的錢傳送給遭竄改的讀卡機之安全模組ύ接著’ 儲存於安全模組中的現金値會不令人起疑地傳送給詐欺者 的銀行帳戶。 大部份的I C卡係根據I S 0 / I E C 7 8 1 6 parts 1至5標準化。 本發明的主要目的係防止分別在I C卡及未經辨識的 讀卡機和其安全模組之間未經授權的現金値轉移,及提供 包括讀卡機和連接至讀卡機的預存式IC卡之系統、及用 於此系統之安全方法、以及I C卡。 根據本發明,申請專利範圍第1、6及1 0項之特徵 符合這些目的。 在閱讀配合附圖之較佳實施例詳述之後,將可完整地 瞭解本發明,其中 圖1係用於預存式I C卡的交互確認之系統視圖, 圖2係IC卡的積體電路之方塊圖, 圖3係交互確認操作·之流程圖' 經濟部智慧財產局員工消費合作杜印製 圖4係付款交易的流程圖, 圖5係顯示隨機數字產生電路, 圖6係顯示計數器記錄, 圖7係顯不備份的計數區’ 圖8係鑰匙更改操作的流程圖, 圖9係顯示暴力攻擊計數器’ 圖1 0係顯示二記憶體區,及 本紙張尺度適用中囷®家標準(CNS)A.l規格(210x297公;S ) -6- 413799 A7 _B7 五、發明說明(4 ) 圖1 1係顯示完整檢査。 主要元件對照表 經濟部智慧財產局員工消費合作社印製 1 二1-丄*· 51 卡 機 2 I C 卡 3 電 子 卡 4 安 全 模 組 5 接 點 墊 6 畜 料 線 7 安 全 模 組 用 插 座 8 積 體 電 路 9 電 子 鎖 1 0 現 金 値 單 元 計 數器內 容 1 1 — 重 資 料加 密 標準單 元 1 2 隨 機 數 Μ 生 器 1 3 微 控 制 器 1 4 記 憶 區 1 5 記 憶 區 1 6 記 憶 區 1 7 記 憶 區 1 8 記 •fa 區 1 9 記 憶 區 2 0 記 憶 丨品- 2 1 非 同 步 接 收 器 /發射 器單 元 2 2 1 2 位 元 寬 位 址匯流 排 2 3 雙 向 8 位 元 寬 資料匯 流排 2 4 重 ^FL 日又 線 2 5 時 計 線 2 6 雙 向 單 線 輸 入 /輸出 線 2 7 遮 蔽 件 2 8 產 生 器 電 2 9 演 繹 法 單 元 3 0 無 效 線 4 7 比 較 器 4 9 隨 機 存 取 記 憶 區段 ---------,---..裝 ---------訂.-------- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS)AI規格(210x297公芨) 413799 A7 B7 經濟部智慧財產局員工消費合作社印製 計數器 暴力攻擊計數器 8 五、發明說明(5 5 2 銷售點 8 0 記憶區段 9 2 鑰匙固持器 在圖1 1中’ 1係代表讀卡機,2係I c卡,3係讀 卡機1的電子終端’ 4係安全模組,5係接點墊,6係畜 料線’ 7係安全模組4的插座,8係積體電路,9係電子 鎖’ 1 0係現金値單位計數器內容,1 1係產生安全模組 簽字之T — DES單元,12係隨機數字產生器。電子電 路8於貫施時可爲微小模組’能裝入代表I c卡2的平ί日 塑膠件中。此模組的接點墊5能使電子電路8與終端3通 訊。讀卡機1可爲獨立銷售點5 2的部份或與其相連,且 與智慧卡的裝置相反,無須直接連接至外部主電腦即可操 作,獨立銷售點5 2,舉例而言,可爲付費電話、低價銷 售點.商品計質裝置、販賣機等等。除了此處未顯示的機 械部份之外,讀卡機1提供凹壁或槽以容納一 I C卡2, 又包括配合安全模組4以控制讀/寫操作之電子端。讀卡 機中所使用的至少一安全模組4 ( E T S I ΕΝ726 — 7)具有看似小 1C 卡 2 (CEN/ENV 1 3 7 5 - ^ Additional ICC Formats, -parti : I D - 0 0 0 Cai.d 〃 )的標準尺寸,且能夠確認一發行 者的I C卡2及處理經辨識的I C卡2之交易。假使1 C 卡2插人讀卡機1時,接點墊5會與讀卡機i的接點指( 此處未顯示)接觸,以致於終端3能夠藉由资料線6與 ------r----------------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公5 ) -8 - A7 413799 ___B7___ 五、發明說明(6 ) <請先閱讀背面之注意事項再填寫本頁) IC卡2交換资料。每一安全投組4會插入插座7以使以 容易交換或移除之方式連接至終端3,及提供用於安全固 的之I C卡2的特定資料及用於自I C卡2收集的現金値 單位總數之記憶空間給予終端3。插座7及資料線6在圖 式中係以雙箭頭表示,標示資料傳輸至終端3及自終端3 傳出之雙箭頭》所有在I C卡2與安全模組4之間交換的 資料會由終端3處理。讀卡機1係代表I C卡2的外部世 界。 系統的其它實施係使用電磁波以在終端3與I C卡2 之間建立雙向資料鏈結。IC2卡可具有這些電磁接點機 構以結合通過接點墊5的資料傳輸,且讀卡機會致動適當 的接點機構。 經濟部智慧財產局員工消費合作社印製 如同習知技藝般,預存式I C卡2的積體電路8於其 記憶體中儲存有卡識別碼及現金値內容計數器1 0,記憶 體係由電子鎖9保護。安全模組4會以I C卡2的識別碼 辨識I C卡2,且假使測試爲正|則鎖9會開啓且現金値 單位會從I C卡2傳送至安全模組4。此系統的缺點已在 導論部份述及。因此,預存式卡2具有額外特點,以致於 不僅安全模組4辨識I C卡,反向操作亦可,亦即,I C 卡2能夠檢查使用中的安全模組4的確認。 圖2係顯示I C卡2及更詳細地顯示積體電路8 ’積 體電路8可允許安全模組(圖1 ).與I C卡2之問的交互 確認。秸體電路8可爲根據8位元微控制器1 3之微處观 器。記憶區1 4至2 0、作爲鈹9之實體安全坩疋、及與 本纸張尺度適用中國國家標準(CN’S)A*1規格(210* 297公釐> A7 413799 ___B7___ 五、發明說明(7 ) 用的非同步接收器/傅送器單元2 1會秸由寬位址匯流排 2 2及雙向8位元寬資料匯流排2 3連接至此控制器1 3 。重設線2 4允許終端3 (圖1 )重設控制器1 3及鎖9 =關於記錄,鎖9及接收器/發射器單元2 1會藉由中斷 和狀態線直接連接至控制器1 3。終端3會藉由與時計線 2 5上的時計訊號同步之接點墊5 ,將要於雙向單一接線 输入/輸出線2 6上傳送之資料送至積體電路8或從積體 電路8接收資料。同步接收器/發射器單元2 1會作爲控 制器1 3所控制的資料匯流排2 2的介面。接點墊5又允 許重設線2 4、時計線2 5、及電源線(此處未顯示)連 接至終端3。單一接線輸入/輸出線2 6上的資料傳送可 以根據130/1£(:標準7816 — 3(]_989): 電子訊號及傳送協定,包含修正1 (1992):第9條 ,且特徵在於根據協定T=1之非同步半多工區塊傳送。 記憶體可以分成儲存資料及程式資訊之七個記憶區 14至20。唯讀記憶體(ROM)用於區14及15。 二R Ο Μ區1 4及1 5可爲快閃記憶體或傳統的R 〇 Μ ’ 舉例而言,合計有4 0 9 6位元組。第三區1 6係具有諸 如1 2 8位元組容量之隨機存取記憶體(R A Μ記憶體區 16),其可提供R A Μ區4 9給因重設或斷電而遺失之 資料。具有諸如1 7 6位元組之其餘記億胞可爲電氣可抹 式及可程式R Ο M ( = E : P R 〇 Μ )胞型且被分成四區 1 7至2 0。Ε 2 P R 〇 Μ記憶體區1 7至2 ◦提供非邢發 性儲存空問用於敏感的或秘密的资料,舉例而言’用於第 ------1----' I ----^-----I--t---------^ Ϊ (琦先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 本纸張又度適用中囷國家揉準(CNS)A-丨規格(210x297公釐) -10- 經濟部智慧財產局員工消費合作社印敦 413709 A7 __B7____ 五、發明說明(8 ) 三記憶區1 9中的秘密密碼鑰K,用於第四E^P ROM記 憶體區2 0中的現金値單位計數器內容1 0,用於第一 E 2 P R Ο Μ記憶體區1 7中的使用週期狀態L S等等,而 且,藉由使用遮蓋這些Ε 2 F R ◦ Μ記億區1 7至2 0之特 別遮蔽遮件2 7,可保護這四個區免於被掃瞄式電子顯微 鏡等分析。遮蔽件27的遮蔽件27的實體完整性在IC 卡2的開啓電源步驟(圖3 )期間至少會由控制器1 3測 試。對遮蔽件之件何實體損害將會被感測並造成控制器 1 3將使用週期狀態L S設定爲”無效〃及藉由將 E2PROM記億區1 7至2 0中所有儲存有保密資料的胞 設定爲零以抹拭E 2 P R OM記憶區中所有這些胞的內容, 並因而遺失秘密資料。至少密碼鑰K必須被抹拭以使I C 卡2無用。 鎖9包括產生卡隨機數之產生器電路2 8、作爲演繹 法單元2 9之電子電路,舉例而言,此電子電路係由硬體 接線的邏輯元件所製成,根據三重資料加密標準(TRIPLE DATA ENCRYPTION STANDARD ( = 丁 一 DES : DES 及 T 一 D E S,參見 Bruce Schneier 所著之 Applied Cryptography > I S B N 0 — 47 1 — 11709 — 9 ’ P . 2 9 4 )),執行D E S轉換及能夠非常快速的計 算(毫秒等級)簽字。D E S轉換及反D E S轉換係用以 根據T - D E S轉換之編碼及解碼並分別由相同的演繹法 單元29由T — DE S單元(圖1 )所處理。密碼鑰κ係 於T - D E S碼化程序中使用以川.於要在[C卡2與安全 本纸張尺度適用中國S家標準(CNS)A<1規格(21〇x 297公.¾ ) -11 - — — — — — ^ — — —-111·^^·· — I I — I I 訂--- - - ----1, {請先閱讀背面之注意事項再填寫本頁) A7 413701; B7______ 五、發明說明(9 ) 模組4之間交換的敏感資料。因此,I C卡2及安全校組 4均將識別密碼鑰Κ儲存於它們個別的記憶體中及分別在 演繹法單元2 9和編碼器1 1 (圖1 )中使用相同的演繹 法,以將交換的資料編碼及解碼。鎖的另一工作係將終端 3對I C卡提出的任何接取請求解碼,以比較請求與使用 週期狀態L S (舉例而言「測試模式」、「發行者模式」 、「使用者模式」、「無效」),並據此而動作。使用週 期測試每次開始時,1C卡2會連接至讀卡機1的電源( 圖1) »鎖9會讀取使用週期狀態LS。使用位於第一 R Ο Μ 1 4中的測試程式之「測試模式」僅於工廠品管時 使用一次,在執行「測試模式」程式之後,第一 R Ο Μ 1 4中的測試模式會使其自己不致動。第二 ROM15會儲存作業程式。假使IC卡2的使用週期狀 態L S處於「發行者模式」或「使用者模式」時控制器 1 3會在作業程式下操作,並將由測試程式致動。「發行 者模式」也僅使用一次,於其中,至少個別卡號,現金値 單元計數器內容1 0 (圖1 )、日期、鑰匙、I C卡的其 它需要參數等等會在作業程式的控制之下饋送至 E2PROM記憶體區17至20。假使I c卡2發給使用 者時,鎖9 一般必須僅區分「無效」與「使用者模式」。 在「使用者模式」中1檢查無效的接取嘗試次數。假使已 超過無效接取嘗試的限制時,使用週期狀態L S會被設定 爲「無效」u不可能將使用週期狀態L S茧設成=「無效 」ϋ假使鎖9未偵测到使用週期狀態L S =「使用荇校式 本紙張尺度適用中國0家標準(CNS)A4規格(210 X 297公g ) ------r--------I -------—訂—-------線 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消费合作社印製 -12- 413799 Λ7 ______B7___ 五、發明說明(1〇 ) 」’則無效線3 0上的訊號會阻擋任何對記憶體區1 4至 (請先閱讀背面之注意事項再填寫本頁) 2 〇之存取。位於諸如第四E 2 P R Ο Μ記憶體區2 0中的 錯誤接取次數4 8會將不成功的接取嘗試限制於某極限値 。在「發行者模式」中,允許的不成功接取嘗試之最大數 目會作爲錯誤接取次數4 8儲存。爲了將狀態資訊從I C 卡2傳出,可使用儲存於R A Μ記憶體區1 6中的週期狀 態位元組。舉例而言,第一 Ε 2 P R Ο Μ記憶體區1 7中的 使用週期狀態之七位元會被拷貝至使用週期狀態位元組中 。第八個元件代表確認旗標,標示目前的確認處理之狀態 。在「發行者模式」中錯誤接取次數4 8設定爲諸如1 5 或十六進位之F的次數之假設下,解釋下述程序。 圖3係顯示I C卡2與讀卡機1 (圖1 )之間的交互 確認處理之流程圖。流程圖標示那些步驟分別發生於I C 卡2中、終端3中、及安全模組4中。交互確認處理開始 於終端3接觸I C卡2及供應電力之後的開啓電源步驟 3 1。重設線2 4 (圖2 )上的重設訊號會於重設步驟 3 2期間被送至I C卡2。控制器1 3 (圖2 )會被設定 於啓始位址及接著改寫ram記憶區16 (圖2) »重設 經濟部智慧財產局員工消費合作社印製 訊號也會將鎖9 (圖2 )初始化以便在準備步驟3 3期間 啓始使用週期狀態L S上的使用週期測試。使用鎖9的比 較器4 7 (圖2 ),控制器1 3可在卡檢查3 3 1比較錯 誤接取次数4 8與零》假使錯誤接取次數4 8等於零,則 不再允許更多的確認且藉由將使用週期狀態L S設定爲「 無效」及抹拭保密資料之後’使I C卡2在無效步驟3 3 本紙倀又度適用中囫國家標準(CNS)A4規格(210 X 297公餐) -13- 413799 A7 _B7_____ 五、發明說明(11 ) (請先閱讀背面之注意事項再填冩本頁) 經濟部智慧財產局員工消費合作社印t 2期間無效,目.處理會被送至輸出步驟3 3 3。否則·處 理會繼續進行至隨機步驟3 3 4。使用週期狀態L S現在 處於「使用者模式」,且產生器電路2 8 (圖2 )準備卡 隨機數,控制器1 3將卡隨機數儲存於R A Μ記憶區1 6 的RAM段4 9 ,並繼續進行至輸出步驟3 3 3。在該處 ,使用週期狀態位元組會被更新並與任何與終端3有關的 資料一起傳送。相關資料,舉例而言,爲個別卡序號、積 體電路號碼、發行曰期、現金値單元數目、卡隨機數等等 。在收到至少更新過的使用週期狀態位元組之後’終端3 會在終端檢查期間3 4測試真實的使用週期狀態位元組’ 且假使I C卡2處於「使用者模式」中,則終端3會藉由 送出I C卡2的相關資料及初始請求給安全模組4而在初 始化步驟中初始確認:否則,假使使用週期狀態位元組被 設定爲「無效」時,處理會於停止3 6由終端3終止。在 產生器步驟3 7中,隨機數產生器1 2 (圖1 )會產生安 全模組隨機數,安全模組隨機數會與相關的I C卡2的資 料一起儲存於安全模組4中。安全模組隨機數會於接收步 驟3 8被送回至終端3。然後,終端3會於編碼請求步驟 3 9將安全模組隨機數送至鎖9及以錯誤接取次數4 8減 少一單位之方式初始化卡編碼步驟4 0 »然後,演繹法單 元2 9 (圊2 )計算卡簽字,卡簽字係使用密碼鑰之安全 模組隨機數及I C卡2的相關資料之T 一 D E S轉換》卡 簽字及安全模組隨機數也儲存於R A Μ區4 9。卡簽字會 興史新的使用週期狀態位元組一起送回至終端3。終端3 本纸張尺度適用中國國家標準(CNS)A.l規格(210 * 297公釐) -14- 經濟部智慧財產局員工消費合作社印製 413799 Λ7 _____B7____ 五、發明說明(12 ) 會將卡簽字作爲確認請求送至安全模組4,於其中,在確 認測試4 2期間,T 一 D E S單元1 1 (圖1 )會以密碼 鑰K將轉換的卡簽字解碼,舉例而言,藉由比較轉換的卡 簽字與由使用密碼鑰K之T - D E S單元1 1所計算的卡 簽字以及比較儲存的原始安全模組隨機數與儲存於安全模 組4中的I C卡之相關資料。根據比較結果,假使I C卡 2爲可接受的,則安全模組狀態位元組會設定爲「卡確認 」,假使爲否,則設定爲「卡未確認」。假使安全模組狀 態位元組爲「卡確認」,則卡簽字會儲存於安全模組4且 使用密碼鑰K之T一DES單元11會根據卡隨機數及先 前的確認結果,亦即卡簽字,而將安全模組簽字編碼。安 全模組簽字(假使有的話)及安全模組狀態位元組會呈現 給終端3。假使決定4 3建立安全模組狀態位元組爲「卡 未確認」’則於停止4 4放棄處理。但是,假使卡簽字正 確且I C卡2因而對安全模組4爲可接受,則根據安全模 組狀態位元組之決定4 3會將處理分枝至證實請求4 5。 在該處,終端3會將安全模組簽字呈現給鎖9 =在證實步 驟4 6期間,鎖9會測試安全模組簽字。演譯法單元2 9 (圖2 )會以密碼鎌K及儲存於R A Μ記憶區1 6中的卡 簽字和原始卡隨機數重新計算安全模組簽字,且控制器 i 3會使用比較器4 7將結果與傳送的安全模組簽字相比 較°假使重新計算及傳送的安全模組簽字是相等的,则交 互確認爲有效’錯誤接取次數4 8會增加一眾元,tl確認 旗β會被設定於「接取正確」。化」.足,假使虚祈計党及傅 本紙張尺度適用令國®家標準(CNS)A4規格(210 X 297公g ) -15- — — — — — l· — — —-— — — ! --------^ '1 — — — — — — — (請先閱讀背面之注意事項再填寫本頁) 413799 Λ7 __B7____ 五、發明說明(13 ) 送的安全模組簽字不同,則確認無法通過且確認旗標會被 設定爲「接取錯誤」。I C卡2會將更新的使用週期狀態 位元組傳送給終端3,終端3會於第二決定5 0中再度測 試使用週期狀態位元組》假使使用週期狀態位元組標示「 使用者模式」且確認旗標發出安全模組4對I C卡2爲可 接受的(「接取正確」),則鎖9會被打開且允許第四記 億區20中的現金値計數器內容10 (圖2)被改變。交 互確認會成功地於服務步驟5 1停止且與經授權的安全模 組4相連接之終端3會被允許繼續進行付款交易。假使第 二決定5 0感測到錯誤確認時,亦即,確認旗標被設定爲 「接取錯誤」,則處理會於停止4 4結束。在成功交互確 認處理結束時,I C卡2及安全模組4二者均在個別的記 憶體中儲存卡簽字及安全模組簽字》 圖4係代表付款程序的流程圖,於其中,在現金値從 I C卡2傳送至安全模組4之前,再度檢查確認。在正確 地處理交互確認及終端3到達服務步驟5 1之後,終端3 會接受來自售銷點5 2之交易値的付款請求5 3 |亦即現 金値單元計數器內容1 〇 (圖2 )中要減少的現金値單元 數目。僅在交易値小於現金値單元計算數器內容1 〇時, 終端3才會繼續進行程序及送出減少請求5 4和交易値給 安全模組4。根據先前訐算的及儲存的安全模組簽字及交 易値,在簽字步驟5 5中建立新的安全模組及取代記憶體 中先前的安全模組簽字。在接收步驟5 6 ,終端3會接 收新的安全模組簽字及在請求步驟5 ί中將其與交勒値一 本紙張尺度適用中囤國家標準(CNS)A,1規格(2丨0 X 297公芨) (請先閱讀背面之注意事項再填寫本頁) -I ------ 1. I 訂·--------1,. 經濟部智慧財產局員工消費合作社印製 -16- 經濟部智慧財產局員工消費合作社印製 ^13799 Λ7 _____B7__ 五、發明說明(14 ) 起呈現給〖c卡2的鎖9 (圖2 )。在算術步驟5 8中, 控制器1 3首先將錯誤接取次數4 8減少一單位及將確認 旗標設定於f接取錯誤」。然後,演繹電路2 9 (圖2 ) 會於算術歩驟5 8中根據R A Μ記億區1 6中的R A Μ區 段4 9 (圖2 )中所儲存的舊安全模組簽字及交易値,重 新計算新的安全模組簽字。在R A Μ區段4 9中舊的安全 模組簽字會由新安全模組簽字取代。假使計算結果與轉換 的新安全模組簽字相同,則證實確認。真正的現金値單位 計數器內容10會被拷貝至第四E2PROM記億區20中 作爲先前現金値單位計數器內容1 〇 〃,之後扣除交易値 以取得目前的現金値單位計數器內容1 〇,亦即,目前的 現金値爲先前的現金値減掉交易値後的差値。在完成現金 値單元計數器內容1 〇的扣減之後,控制器1 3 (圖2 .) 會將錯誤接取次數4 8 (圖2 )增加一單位並將確認旗標 設定爲「接取正確」。更新的使用週期狀態位元組會被送 至終端3,在其中,對於此狀態位元組之第三決定5 9會 使程序分枝。假使確認旗標標示「接取錯誤」,則終端3 會於停止6 0放棄程序。假使第三決定5 9感測到確認旗 標在「接取正確」的狀態中時,終端3會將簽字請求6 1 送至I C卡2。在碼化步驟6 2中· I C卡2會根據密碼 鑰K、目前的現金値及先前使用的卡簽字,於演繹法電路 2 9中產生新的卡簽字。新的卡簽字會取代R A Μ記憶區 1 6中舊的簽字並被送至終端3 (終端步驟6 3 u同時, 安全忮組4從儲存於安全模組4中的資料安分別地計党目 本纸張尺度適用中國國家標準(CNS)A.U見格mo X 297公发) -17- I I I I I l· I--*----. I I ! — I 訂---------! (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印5^ 413799 ___B7____ 五、發明說明(15 ) 前的現金値以便加強安全性及節谐輸入/輪出線2 6 (隨 2 )上的傳送時間。在傳送步驟6 4中,終端3會將新的 卡簽字傳送給安全模組4並初始化增量步驟6 5,於增量 步驟6 5中,新的卡簽字會取代儲存的舊簽字。 T- DES單元11 (圖1)會根據先前使用的卡簽字及 目前的現金値,證實新的卡簽字的確認。假使新的卡簽字 的確認爲真,則狀態位元組會設定爲「正確」且交易計數 器6 6 (圖1 )會以交易値增量,假使確認未被證實,則 僅有安全模組狀態位元組會被設定「不正確」。安全模組 狀態位元組會回歸至終端3以在第四決定6 7中接受測試 。假使安全模組狀態位元組爲「不正確」,則交易程序會 於停止6 8終止。但是,假使安全模狀態位元組爲「正確 」,則終端3成功地完成交易程序且在承認步驟6 9中銷 售點5 2會接受付款。然後,終端3回至服務步驟5 1, 等待新的交易程序或I C卡2的移除。從終端步驟6 3, 程序會在未與I c卡2有何連接的情形下,向前執行,直 至承認步驟6 9並從此至服務步驟5 1 ’假使I C卡2被 移除時,終端3會進入睡眠直至再與I C卡2發生接觸爲 止。 假使處理在停止3 6 (圖3 )、4 4 (圖3 )及6 0 結束時,I c卡2會由無效線3 0 (圖3 )上的訊號鎖住 並必須於重設步驟32 (1113)由重設線24 (圖2)上 的訊號重設' 以便再啓動確認處理。藉由回至噩設步驟 3 2,終端3的任何其它執行會於俘止4 4及/或6 0處 — — — , I 1 I I I — -----1 I I I I I (請先閱讀背面之注意事項再填寫本頁) 本紙張义度滷用中國國家標準(CNS)A‘l規格(210 X 297公釐) -18- 經濟部智慧財產局員工消費合作杜印製 413799 Λ7 Β7 五、發明說明(16 ) 有限次數地自動再啓動確認處埋及/或交易程序。 交互確認處理的監督至少涵蓋加密資料的準腩及交換 週期’亦即,從編碼步驟4 0 (圖3 )啓動至第二決定 5 0 (圖3 )以及在算術步驟5 8期間,並且具有下述優 點:辨認任何不正常結束的接取,亦即,導因於無效的 I C卡2、停電或I C卡2與讀卡機1斷接等原因而不正 常結束的接取,以及藉由使儲存於E 2 P R Ο Μ記憶區2 0 中的錯誤接取次數4 8減量以限制這些不正常接取的數目 。加密資料的準備及交換週期需要耗時的計算且可能持續 數秒並因而有足夠的時間以不正常的方式結束交互確認處 理。 父易程序具有單一接線輸入/輸出線2 6上的資料流 動會大量地減少且I C卡2和安全模組4的個別電路中的 計算時間會最小而不用犧牲安全度。密碼處理藉由每當確 認處理開始時僅計算二隨機數及接著使用先前個別的簽字 以取代耗時的新隨機數產生及交換,可以有利地節省時間 〇 在終端3於諸如重設步驟3 2 (圖3 )、編碼請求 3 9 (圖3 )、證實請求4 5 (圖3 )、請求步驟、簽字 請求6 1等步驟中有效地接觸I C卡2之條件下,使用週 期狀態L S可由終端3設定。舉例而言,在安全模組4偵 測到傳送的卡號被列入被偷或有嫌疑的淸單上的情形下, 可能產生此種情形。在使用週期狀態L S被設定爲「無效 j的怙形中,控制器1 3會如上所述般至少抹拭第三 尺度適用中國國家標準(CNS)A4規格(210 * 297公釐) -19- ------L---,1---裝--------訂---------線 (請先閱讀背面之泛意事項再填寫本頁) 緩濟邹智慧%產局員X消費合作社印製 413799 Λ7 87 五、發明說明(17 ) E2P ROM記憶區1 9中的保密密碼鑰。 在圖5中,顯示產生器裝置7 0 ’其可作爲用於分別 產生安全模組隨機數及卡隨機數之隨機數產生器12(圖 1 )及產生器2 8 (圖2 ) a裝置7 0包括線性偏移暫存 器7 1、自由運轉時計72、及布林單元73。在所示的 實施例中,八位元的移位暫存器7 1會將其內容從最低效 位元移至最高效位元,舉例而言,在圖5的圖示中,移位 暫存器7 1將其內容移至右方。最高效或八位元與第六位 元和第三位元之真正內容的輸出會由布林單元7 3以自由 運轉的時計7 2之訊號混合在一起以形成饋送至最低效位 元輸入之合倂訊號。自由運轉時計7 2的訊號與移位暫存 器7 1的時計訊號不同步。布林單元7 3的種類和要由布 林單元7 3合併之移位者存器7 1的訊號、移位暫存器 7 1的大小及自由運轉時計7 2的頻率係由產生器裝置 7 0的需要所決定,舉例而言,裝置7 0所產生的隨機數 必須符合基本的統計分佈定律及S. W.G〇l〇mb所發展的準則 (S. W.Golomb, Holden-Day, San Fancisco 1 9 6 7 年所 著之 w Shift Register Sequence 〃或 Aegean Park Press, 1 9 8 2之第二版)。 現在回至圖2,追蹤無效接取嘗試的數目及將此數目 限制於預定數目的允許的無效接取嘗試之特徵具有之優點 爲演繹法電路2 9所使用的用於簽字產生之密碼鑰K無法 藉由嘗試錯誤取出,因此可將密碼鑰保密。在確認處理之 前,鉛誤接取次數4 8的減少,可防止系統在下述情形中 ------:---------裝·-------訂·---I---- (请先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS)A4規格(210x 297公餐) -20- A7 413799 B7__ 五、發明說明(18 ) 受愚弄:I c卡2與讚卡機(圖1 )在錯誤接取次数4 8 因證實步驟4 6及算術步驟5 8 (圖4 )成功地結束交易 而要再度增量之前被分離。 在I C卡2的另一實施中,確認測試會於準備步驟 3 3開始時啓動而非在編碼步驟4 0 (圖3 )開始時啓動 ,以便使整個程序從準備步驟3 3直至證實步驟4 6結束 時均在監督之下。 在I C卡2的另一實施中,控制器1 3係程式化成在 操作程式的控制下直接比較二數字組,而無須硬體接線比 較器4 7。 現金單位計數器內容1 0儲存於第四記憶區2 0中且 現金値單位會於終端3要求時由控制器1 3減量直至所有 的現金値單位被用完及現金値爲零。然後,1C卡2被用 完及丢棄。 I C卡2的實施可以是能夠重新塡滿預定的現金値限 値,舉例而言,等於CHF300 . 00。在其 E2PR〇M記憶區1 7至2 0之一中儲存有「發行者模式 」中設定之允許的重塡次數。假使允許的重塡次數設定爲 零,則I C卡2爲可用一次直到現金値單位計數器內容 1 0達到零爲止。只要所允許的重塡次數不同於零時,終 端3 (圖1 )可請求I C卡2準備好重塡現金値單位計數 器內容1 0。在服務步驟5 1 (圖3 )建立交互確認之後 可初始此服務。控制器1 3會測試允許的塡次數。假 使允許的01塡次數不爲零時,則控制器1 3會將允許的噩 本紙張尺度適用中國國家標準(CNSM4規樁(210 X 297公釐) I ! I I I L-------- I 1 I I I I I 訂 *ιί1· — — ·* *5^ <請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印一^ A7 413799 ____B7___ 五、發明說明(19 ) 塡次數減少一單位且現金値單位計數器內容1 0可以接受 新的現金値單位。®填可發生於連接至銀行的電腦而非連 接至銷售點5 2 (圖1 )之特別讀卡機1處。除了 I C卡 2與讀卡機1之間的交互確認之外,銀行也會要求藉由個 人辨識碼之增加的使用者辨識。有利地限制重塡次數,以 使任何誤用最小及使老舊的I C.卡無效以避免導因於 E 2 P R ◦ Μ記億胞的壽命限制之故障。 舉例而言,現金値單位計數器內容1 0之限制、錯誤 存取次數4 8的限制、重塡次數的限制等等會於「發行者 模式」中設定於最大允許次數,它們係儲存於記憶區2 0 中。假使個別事件發生時,適當的限制至少會減少一單位 。此方法由於控制器1 3比較個別的數字與零會比其執行 與儲存於記憶體中的數字之比較更快。在證實步驟4 6及 算術步驟5 8,錯誤接取次數4 8會增加一單位。 預存式I C卡2及讀卡機1的系統(圖1 )具有之優 點爲預存式卡2與安全模組4 (圖1 )能夠交互地確認資 料傳送的相對方並提供機構給系統以拒絕任何對使用者付 款機構的非確認接取嘗試。這將大幅地加強客戶對其I C 卡2以及發行者對整個系統的信心等級。 爲加強I C卡2的記億體之整體性,積體電路8必須 防止導因於突然斷電之效應,舉例而言,在交易完成之前 或在Ε 2 P R Ο Μ記憶區1 7至2 0中的計數區之一更新期 間,1C卡2從讀卡機1 (圖1)脫離之倩形。在預存式 卡技術的習知技藝中,硬體接線的邏蜋屯路會藉由使用每: 本紙張尺度適用中國國家標準(CNS)A.丨規格mo X 297公釐) ----I l· I I L--I I * 1 I I I I I I ^ *--1----- (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 -22 - 41379^ 經濟部智慧財產局員工消费合作社印製 A7 B7 五、發明說明(20 ) 當計數器內容1 〇改變時會被改變之旗標或證明位元而於 計數區更新期間防止卡取出效應。由於不能與計數器恰好 平行地寫入證明位元’所以’仍然有可能因突然斷電而發 生錯誤。這甚至會造成計數器內容1 〇可以非法地增加之 狀態。 新的Ic卡2具有用於每一靈敏計數器之自動備份機 構以藉由至少儲存個別計數器之先前及真正的內容而追蹤 計數器內容的改變。 在圖6中,顯示計數器記錄7 4之實施例。計數器記 錄7 4包括三欄,管理欄7 5標示計數器記錄7 4的年資 ,計數器7 6儲存計收器7 4儲檔時真正的I C卡値1 0 (圖2 ),總數核對欄7 7中的總數核對。其(總數核對 )內容係根據計數器値76。I C卡2的每一靈敏計數器 具有至少二計數器記錄7 4,位於記憶區2 0的備份計數 區7 8。計數器記錄7 4的整數大於1但小於管理欄7 5 的容量。最靈敏的計數器處理現金値單位。將進一步說明 現金値單位計數器。 在圖7中所示的實施例中,備份區7 8具有一組四個 計數器記錄7 4。控制器1 3會於準備步驟3 3 (圖3 ) 期間決定備份計數器7 8的四個管理欄7 5 a至7 5 d中 的內容之最大値,並將四個管理欄7 5 a至7 5 d之該最 大値儲存於R A Μ記憶區1 6中的致動欄7 9中。控制器 1 3總是會改嵙備份計數器區7 8中最老的登入。最老的 登錄之位址係根據下述規則計箅:「致勋fl^I79的内容會 ^^1 *^1 ^^1 ^^1 ^^1 1 1^1 ί I ft nk J f— I 1^1 m ^^1 V n ^^1 ^^1 I n «^1 n I (請先閲讀背面之注意事項再填寫本頁) 本紙張尺度適用中固囫家標準(CNS)A4规格Γ210 X 297公釐) -23 - 經濟邨智慧財產局—工消費合作社印製 413799 Λ7 Β7 五、發明說明(21 ) 增加一且被作爲備份計數器區7 8中的計數器記錄7 4 a 至7 4 d的滿數」。 假使計數器內容,亦即,現金値單位計數器內容1 0 (圖2 )必須改變時,則控制器1 3會於資料匯流排2 3 上接取具有備份計數器區7 8之記憶區2 0。然後’控制 器1 3讀出致動欄7 9的內容,及藉由「致動欄7 9的內 容滿4」之操作以決定計數器記錄7 4 a至7 4 d之一的 位址,舉例而言,計數器記錄7 4 b,其已在計數器先前 改變時被使用及根據計數器値7 6 b (舉例而言’現金値 單位記數器內容1 0 )重新計算總數核對。假使重新計算 的總數核對與儲存於攔7 7 b中的總數核對相同時 > 則計 數器的先前改變會成功地終止。控制器1 3會將致動欄 7 9的內容增加一單位、讀出計數器値7 6 b、及將計數 器値7 6 b的內容根據需要減少一或數個單位。然後,致 動欄7 9的新內容會由控制器1 3使用以計算下一計數器 記錄7 4 (在本實施例中爲計數器記錄7 4 c )的新位址 。控制器1 3會將作爲下一計數器値7 6 c之減量値及致 動欄7 9的增量內容儲存於管理欄7 5 c中’及根據計數 器値7 6 c的內容計算新的總數核對並將新的總數核對儲 存於欄7 7 c中。 假使在總數核對適當地儲存於欄7 7 c中之前發生斷 電時,則總數核對不正確。在I c卡2與讀卡機的下一接 取接觸期間(圆1 ) ’控制器1 3會將位址給予計'数器記 錄7 4 c及根據計數器値7 6 c的內容重新Η卜算總ii核對 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公蹵) -24- I I I I I l·--LI —--· I f -----訂---— — — — — — (請先閱讀背面之注意事項再填寫本頁) A7 413799 B7_ 五、發明說明(22 ) 。顯然地,由於在算術步驟5 8 (圖4 )失敗之先前交易 處理,亦即,在先前交易中1增量步驟(圖4 )及承認步 驟6 9 (圖4 )未被執行且扣除的交易量未用於付款,所 以,新近重新計數的總數核對現在不同於總數核對攔 7 7 c的內容。假使總數核對比較未通過,則控制器1 3 會因而使致動欄7 9的內容減量一單位並讀出諸如先前的 現金値單位計數器內容1 〇e(圖2 )之計數器値7 6 b, 作爲真實的現金値單位計數器內容1 0。控制器1 3會如 上所述般繼續進行測試顯然正確的欄7 7 b中的總數核對 、使致動欄7 9增加一單位、使現金値單位計數器內容 1 ◦根據新交易減量、及將新的真正內容儲存於計數器記 錄74c的欄75c、 76c及77c中。此程序具有之 優點爲I C卡2的所有者無法藉由人爲地中斷交易處理而 欺騙系統,其對意外誤處理或造成I C卡2的斷電之有缺 陷讀卡機1也不敏感。 假使總數核對比較連續失敗多於二次,則控制器1 3 會決定個別的計數器記錄7 4含有有缺陷的記憶胞並藉由 將使用週期狀態L S設定爲「無效」而使I C卡2失效。 一旦秘密鑰被發現時,習知技藝之具有預存式I C卡 2之系統除了以新系列的I C卡2更換所有I C卡2以及 更換相關的安全模組4之外,並無法改變鑰匙,這會造成 發行者的信用受損及巨大的財務損害。 在圖2中,第三E2PR〇M記憶區1 9提供記憶區段 8 0給輔助鑰A K。輔助鑰A K不适用於標準處邱。在「 -----U---------裝·-------訂-------- {請先閱讀背面之沒意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公芨) -25- 413799 經濟部智慧財產局員工消費合作社印製 Α7 Β7 五、發明說明(23 ) 發行者模式」期間,値會塡充於記憶區段8 0中並作爲輔 助鑰A K。僅在鑰匙從安全模組4 (圖1 )下載的情形下 ,舉例而言,用於演繹法電路2 9中的密碼鑰K被發現之 後,則積體電路8會以輔助鑰A K解譯新的密碼鑰。顯然 地,輔助鑰A K在安全模組4中也是可利用的。此設計之 優點在於發行者僅須在對大眾而言並不明顯之讀卡機1 C 圖1 )的額外維修時,初始化安全模組4 〔圖1 )之內的 鑰更換程序。在額外維修期間,新的密碼鑰K會傳送至安 全模組4以取代儲存於安全模組4之內的另一記億體處之 過時的老鑰匙K*,。這也將致動鑰更換處理。因此’由於 鑰更改處理已經是確認處理的一部份,所以,在所有讀卡 機1的此額外維修期間,無須關閉卡操作,爲簡明起見’ 未於圖3中顯示鑰更換處理。 圖8係顯示具有增加的鑰更換處理步驟之確認處理的 相關部份。卡簽字會於確認請求4 1中傳送給安全模組4 。假使在使用新的鑰匙K之確認測試4 2中,安全模組4 根據卡簽字而將I C卡2分類成未確認,則I C卡2仍可 使用過時的舊鑰匙K *,或爲真正未確認的。在額外維修期 間被致動的開關8 1會使得處理轉向至第二確認測試 4 2 ',於其中使用過時的舊鑰匙K *重新計算卡簽字且結 果會與傳送來的卡簽字相比較。假使重新計算過及傳送來 的卡簽字不同,則I C卡2是未經確認的且處理會由第二 DPJ關8 2轉回至具有安全模組狀態位元組被設定爲「未確 認」之終端3。但是,假使重新計算過的及傳送來的卡簽 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -26 - — — — — — illj—— — — i I I I I I I ^ > — — — — — <請先閱讀背面之注意事項ΐ填寫本頁) 經濟部智慧財產局員工消f合作社印製 413799 Λ7 Β7 五、發明說明(24 ) 字是相等的,則安全模組狀態位元組會被設定爲「更換鑰 匙」,且第二開關8 2會使處埋轉至送出鑰步驟8 3。在 送出鑰步驟83中,會由T — DES單元11 (圖1)使 用D E S -轉換及同於記億區段8 0中(圖2 )所儲存的 輔助鑰A K以及傳送的卡簽字,將新的鑰匙K編碼。 T 一 DES單元1 1使用新的鑰匙K及傳送的卡簽字準備 訊息確認碼。安全模組4接著傳送安全模組狀態位元組、 加密的新鑰及訊息確認碼給終端3。於其中,第一決定 4 3偵測被設定於「更換鑰」之安全模組狀態位元組,且 終端3會將加密的新鑰和訊息確認碼當作鑰更換請求送至 1 C卡2。在鑰證實步驟84,演繹法電路29 (圖2) 會以使用儲存在記憶區段8 0之輔助鑰AK之反D E S轉 換將加密鑰解碼。結果係新的鑰匙K,其接著於碼步驟 8 5中被用於重新計算訊息確認碼。比較器4 7 (圖2 ) 會比較重新計算的訊息確認碼及傳送來的訊息確認碼《假 使二個碼相同,亦即,假使比較器4 7感測到「真」,則 控制器1 3 (圖2 )會考慮加密鑰的傳送及將訊息確認碼 視爲正確,以新鑰K取代第三E 2 P R Ο Μ記憶區1 9 (圖 2 )中的舊密碼鑰Κ,將確認旗標設定於「接取正確」, 及將錯誤接取次數4 8增量一單位。處理會於第二決定 5 0回至終端3。自此開始,I C卡2會使用新的鑰Κ取 代原先的但現爲過時的鎗Κ· ·但是,假使比較器4 7的結 果爲「假」,則確認旗標會被設定於「存取正確」,錯誤 接収次败4 8會維持減少一氓位,亦即,接收會被控制器 — I!— — — — -- - - ---訂- I —--- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS)A4規格X 297公釐) -27 - 經濟部智慧財J.局員工消費合作社印製 413799 A7 __B7__ 五、發明說明(25 ) 1 3視爲無效接取嘗試。最後’使用週期狀態位元組會被 更新至「使用者模式」且處理會回至第二決定5 〇 (圖3 )13 假使增量及減量如上述般直接地作用於錯誤接取次數 4 8之上,則錯誤接取次數4 8的低效位元之邏輯狀態改 變至少會改變四次》約1〇〇,〇〇〇週期之E2PR〇M 記憶胞的有限壽命會將確認次限制於約5 0,0 0 〇。現 在將詳細解釋追蹤有效接取嘗試的另一方式。 在圖9中’顯示第四E2PROM記憶區2 〇的二個欄 ,第一欄係稱爲暴力功擊(BRUTE FORCE ATTACK (FBA))計數器86,包括錯誤接取數 目,而第二欄係具有偶數位元8 8之核准區8 7。在I C 卡2 (圖1)的先前接取期間,舉例而言,在「發行者模 式」中,錯誤接取次數4 8被設定爲代表最大數目的可允 許之有效嘗試的初始値。同時,核准區8 7的位元8 8被 設定爲一,舉例而言,假使核准區8 7爲從位元8 8 a至 位元8 8 q之1 6位元寬,核准區8 7的內容之十六位表 示係「FFFF」。16位元88a至88q之一的邏輯 狀態由控制器1 3 (圖2 )反轉以致於處於相同邏輯狀態 (零或一)之位元8 8的數目爲奇數(標誌步驟)’以取 代每當開始確認處理時從錯誤存取次數4 8扣除一單位’ 舉例而言,在編碼步驟4 0 (圖3 )開始時及在算術步驟 5 8 (圖4 )開始時等等。處於相同邏蛆狀態(零或一) 的位元8 8數目的同位往後被稱爲「位元同位」位元丨司 - -------------^ - I I I I---^-------- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS>A4規格(210x297公釐) -28- 經濟部智慧財產局員Η消費合作杜印製 4137S9 A7 _B7 五、發明說明(26 ) 位係作爲確認旗標的內容’舉例而言’邏樹零標示偶數同 位,而邏輯一係奇數同位ϋ假使確認失敗時’終端3 (圖 1)會於停止44(圖3)或60(圖4)放棄處理且控 制器1 3會將無效線3 0 (圓2 )設定成致動且不再從第 二R Ο Μ 1 5接收任何進一步的指令。I C卡2必須由重 設線2 4 (圖2 )上的訊號重設以便重啓動確認處理。另 一方面,假使確認正確,則控制器1 3會使鄰近的位元 8 8的邏輯狀態反轉以將位元同位改成偶數(調節步驟) 0 現在回至圖3的確認處理。在重設步驟3 2重設I C 卡2之後,控制器1 3 (圖2 )會於準備步驟3 3中測試 卡檢查33 1處之錯誤接取次數48 (圖2)。假使錯誤 接取次數4 8超過零,則確認處理在開始隨機數步驟 3 3 4的工作之前,首先進入隨機步驟3 3 4內增加的位 元同位檢查3 3 5。位元同位檢查3 3 5會決定核准區 8 7 (圖9 )的位元同位並視位元同位値而將處理分枝。 偶數的位元同位使控制器1 3確信任何先前的確認爲正確 的。假使位元同位爲奇數,其標示先前使用的I C卡2是 不正常的,控制器1 3會藉由反轉核准區8 7中的1 6位 元8 8 a (圖9 )至8 8 q (圖9 )之一的邏輯狀態而將 位元同位改變成偶數,以及將錯誤接取次數4 8減量一單 位。然後,確認處理會離開位元同位檢查3 3 5及繼續隨 機步驟3 3 4的工作。 使用核准區8 7的優點在於錯誤接取次数4 8僅會減 本紙張尺度適用中囷囷家標準(CNS)A‘l規格(210x297公芨) -29- I _^i n n n 一 n n 1 n n I I (請先閒讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印贫 413799 A7 _B7 五、發明說明(27 ) 量,且E ^ P R Ο Μ記憶胞的改變僅發生於不正確的事件( 斷電等等)之後,可加強Ε 2 P R Ο Μ記億胞的壽命。 在編碼步驟4 0開始時,在演繹法單元2 9 (圖2 ) 計算卡簽字之前,控制器1 3會藉由反轉核准區8 7中的 1 6個位元8 8 a至8 8 q之一的邏輯狀態,而將位元同 位改變成奇數。在交互確認處理之監督已於準備步驟3 3 啓動之I C卡2的實施中,位元同位改變可能發生於位元 同位檢查3 3 5與隨機數步驟3 3 4之間。 而且*在算術步驟5 8 (圖4 )開始時,假使使用週 期狀態L S被設爲「使用者模式」且確定交互確認時,則 控制器1 3會將核准區8 7中的位元同位改爲奇數。 在證實步驟4 6 (圖3)結束時及算術步驟5 8結束 時,假使控制器1 3感測到交互確認成功且總數核對適當 地置於總數核對欄7 7 (圖6 )中時•則控制器1 3會再 度將核准區8 7中的位元同位改變成偶數。或者,假使控 制器1 3感測到不成功的確認時,則控制器1 3會將核准 區8 7中的位元同位保持於奇數狀態。然後,載有位元同 位資訊之確認旗標會呈現給終端3,假使確認旗標設定爲 邏輯1 ,則控制器會分別將第二決定5 0處程序分枝至停 止4 4及將第三決定5 9處的程序分枝至停止6 0。此失 敗的接取會在核准區8 7中留下奇數位元同位。 僅藉由反轉核准區8 7中的一位元8 8,可允許可觀 地增加確認敝目,舉例而言•在1 6位元寬的核准區8 7 的贳施例中,增加爲1 6倍至約8 0 0,0 0 〇確認而不 本紙張尺度適用中國國家標準(CNS)A4规格(210 X 297公釐) -30- --------------* 裝 *-------訂·-------線 (請先閱讀背面之注意事項"填寫本頁) 經濟部智慧財產局員工消費合作社印製 413799 A7 _B7_ 五、發明說明(28 ) 用犧牲E 2 P R Ο Μ記憶胞的優點,在確認區8 7中的位元 8 8之配置會於無電週期期間遺失直至對讀卡機1 (圖1 )的下一接取爲止。此外,在大多數的接取嘗試中,錯誤 接取次數4 8的內容會有多於一位元必須被改變,這對於 Ε 2 P R 〇 Μ記憶胞係緩慢及耗能之處理且於一般確認及付 款轉換期間是無法接受的。 現在詳細介紹位元同位的改變。控制器1 3會讀取核 准區8 7及測試自最低效位元8 8 a至最高效位元8 8 q 之每一位元8 8。假使最高效位元8 8 Q爲邏輯1 ,則控 制器1 3會決定及標誌始於位元8 8 a之含有邏輯1之第 —位元。假使最高效位元8 8 Q爲邏輯0,則控制器1 3 會決定及標誌始於位元8 8 a之含有邏輯0之第一位元。 假使此被標誌的位元係位元8 8 a、8 8 c、8 8 e、 88g、 88i、 881、 88n及88p中之一,則控 制器1 3會將核准區8 7中的位元同位視爲偶數。在其它 位兀8 8之一被標誌的情形下’位兀问位被視爲奇數。核 准區8 7中的位元同位會被儲存於確認旗標中。對於位元 同位的每一改變,控制器1 3僅會反轉標誌過的位元之邏 輯狀態,亦即,控制器1 3會將邏輯1轉換成邏輯0,或 相反。 資訊傳送的安全性之優點現在已很淸楚。包括使用週 期狀態L S之使用週期狀態位元組及確認旗標係唯一要淸 楚送出的資訊,但是,使用週期狀態位元組的資訊未允許 關於包含於I C卡2中的資訊之任何結架。所苻其它交換 --------------- I --------訂--------- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CNS)A4規格(210x 297公g ) -31 - ΑΓ 413799 ___ Β7 1 __..-----------—— 五、發明說明(29 ) 的資訊會被有效率地及可靠地擾頻。 在圖1 ◦中’顯示位於R A Μ記憶區1 6中之使用週 期狀態位元組的實施例°第一 Ε 2 p R Ο Μ記憶區1 7包括 記憶空間8 9 ’記憶空間8 9的七個位元8 8係用於將使 用週期狀態L S儲存於非揮發性記憶體中。僅有記億體空 間8 9的資訊會被改變以更改使用週期狀態。爲了更新上 述使用週期狀態位元組’使用R A Μ記憶區1 6的位元組 區9 0。在準備步驟3 3 (圖3 )及每當此更新處理開始 時,控制器1 3 (圖2 )會讀取記憶空間8 9並將其內容 拷貝至位元組區9 0內’舉例而言,拷貝至由l S所標示 的七個最低效位元。然後’控制器會決定確認旗標的狀態 及將具有關於確認旗標之資訊之單一位元旗標9 1放置位 元組區9 0的最高效位元。因此,使用週期狀態位元組包 括使用週期狀態L S及確認旗標。控制器1 3總是自位元 組區9 0讀出使用週期狀態位元組及將其呈給終端3 (圖 1 ) 0 習知技藝之預存式I C卡2 (圖2 )未具有機構以在 發行者處訂製之前識別它們自己。在「發行者模式」中的 訂製步驟中,秘密密碼鑰與訂製資料會被拷貝至預存式 I C卡2中。無機構防止載入秘密密碼鑰至類似I C卡2 中,類似I C卡2係仿製真實的I C卡2。類似I C卡2 將接受秘密密碼鑰及訂製資料,il可從其中取出密碼鑰與 訂製資料。秘密密碼鑰因此會被發現且整個系統的安全會 被破壞。 II----1 I I J I --- I I I I I--訂--— — — — — —— (請先閱讀背面之注意事項填寫本頁) 經濟部智慧財產局員工消費合作社印製 本紙張尺度適用中SS家標準(CNS)A:1規格(210* 297公釐) -32- 413799 Α7 Β7 五、發明說明(3〇 ) (請先閱讀背面之注意事項再填寫本頁) 在圖1 1中,顯示專用於發行者處所使用的卡訂製之 終端3處的整體檢查。I C卡2會連接至終端3以及鑰匙 固持器9 2 *鑰匙固持器9 2係從受信託的第三方借給發 行者。鑰匙固持器9 2具有與I C卡2的積體電路8相同 設計之積體電路9 2並因此包括相同功能塊,這些相同的 功能塊具有相同的代號但以下標線標示:演繹法電路 2 9 含有作業系統之r〇Μ記憶區1 5 <反至少第四 Ε 2 P R ◦ Μ記憶區2 0 等等。舉例而言,鑰匙固持器 9 2具有一般1C卡2的實體形式或者安全模組4 (圖1 )之一以便使鑰匙固持器9 2可適合讀卡機1的插座7 ( 圖1 )之一。R Ο Μ記憶區1 5 >儲存同於R ◦ Μ記憶區 1 5之作業程式,而可能爲空之第四E2PROM記憶區 2 0 >係要個人化之I C卡2的第四E2PR〇M記憶區 2 0之拷貝。 經濟部智慧財產局員工消費合作社印製 I C卡2會置入讀上機1中以開始訂製。終端3會於 重設步驟3 2 (圖3 )中給予I C卡2電源。I C卡2開 始測試根據準備步驟3 3 (圖3 )之使用週期狀態L S及 將更新過的使用週期狀態位元組呈現給終端3。終端測試 3 4會測試使用週期狀態位元組。假使使用週期狀態L S 被設定於「測試模式」,則程式會切換至識別步驟9 4, 否則1程序會於停止3 6放棄。在識別步驟9 4中,終端 3會將相同的宣告9 5 (舉例而言,日期及/或真正時間 或隨機数)傳送給I C卡2及鑰匙固持器9 2。宣告9 5 可能同時或不同時被送至I C卡2及鑰匙圃持器9 2。演 -33- 本紙張尺度適用中國S家標準(CNS)/V1規格(210 X 297公釐) 經濟部智慧財產局員工消費合作社印製 413799 A7 _ B7____________ 五、發明說明(31 ) 釋法電路2 9及2 9疋分別根據这告9 5及諸如R〇Μ記保 區1 5和1 5 -的內容、第四E 2 p R〇M記億區2 0及 2 〇 -的內容,獨立地執行它們自己的〇 E s操作° 一個 D E S操作的結果均會呈給終端3。於其中’一個D E s 的結果會呈給識別決定9 6以相比較。假使二個結果不相 同,則由於I C卡會被視爲有缺陷的或是未確認的模擬器 (特洛伊木馬('、Troj an h〇rs e 〃 ))’所以會於停止9 7 放棄程序。假使二個結果相等’則終端3會開姑I C卡2 的訂製並將至少相關的資料和從鑰匙固持器9 2取出的秒 密鏡(舉例而言,儲存於第三E2P ROM記憶區1 9 ) 經由終端3分別載入第三和第四E 2 P R ◦ Μ記憶區1 9和 .2 0。在證實傳送內容之後,儲存於記憶空間8 9 (圖 1 0 )之使用週期狀態L S會由控制器1 3 (圖2 )設定 爲「使用者模式」。終端3 —收到更新使用週期狀態位元 組及感測到使用週期狀態L S =「使用者模式」及確認旗 標「接取正確」時,終端3會結束I C卡2的訂製。 第四E2 PROM記憶區2 0現在具有之內容不同於可 能仍然爲空之第四E2PR〇Μ記憶區2 0 $之內容。因此 ,即使I C卡在使用週期狀態L S被設定爲「使用者模式 」之前從讀卡機1移除,仍然不能將這些敏感資料第二次 載入I C卡2。在識別決定9 6之I C卡2的回應不同於 鑰匙固持器9 2之回應。個人化的I C卡之使用週期狀態 L S不再處於「發行者模式」下時,I C卡2將會於終端 檢查3 4被拒絕並被送至停止3 6。此訂製前之確認的優 ίιιιιιιιιο— — — — - f ---- ] I I 1 ·11111111 (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中0®家標準(CNS)A4規格(210 X 297公坌) -34- 經濟部智慧財產局員工消費合作杜印製 413799 A7 _B7_ 五、發明說明(32 ) 點在於強化安全性,以防秘密密碼鑰被發現及在發行者處 使用的卡被「非法更新」。 -----fi----裝--------訂·--------線 (請先閱讀背面之注意事項H:填寫本頁) -35- 本紙張尺度適用中0國家標準(CNS)A4規格(210 X 297公釐)413799 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the Invention (1) The present invention relates to pre-stored IC cards such as those in the scope of application for patents 1, 4 and 10, and pre-stored IC cards System and method for interactive confirmation with card reader. Deposited IC cards and systems for mutual confirmation between pre-stored IC cards and related card readers are used for mobile or public telephones, commodity billing devices, vending machines, lock-in points, and so on. The 1C card is based on DE-PS 25 60 080 and DE-PS 25 12 935 and is widely used in various parts of the world today. Information exchange between the card reader and the IC card may be blocked when writing to a memory area already occupied by data. W09 7/2 1 1 9 7 describes the payment operation of the pre-stored 1 c card of the conventional art. It will recognize the 1 c card before the payment operation and check the IC card content for the correct deduction. US-A4,710,613 reveals that the identification system checks the validity of the data transfer between the card reader and the IC card. After the IC card is inserted into the card reader, the user will input a personal identification code into the card reader 'card reader, and then use RS encryption encryption to generate the identification code information and calculate the estimated time required for the IC card processor to process the identification code information. The reader measures the true time required for the 1 c card processor to process the identification code information, and prevents the further data transmission if the real processing time does not match the estimated time. W09 4 2 4 6 7 3 reveals that a 1 c card microprocessor containing a microprocessor and a paged non-volatile memory area. The microprocessor writes only one page at a time. The memory will assign the first non-volatile memory to the data and the second non-volatile memory to the status information. If you successfully execute the data entry -------- LI! — I — III — I order--------- (Please read the dignified matters on the back before filling this page) Applicable Chinese Standard 0 (CNS) A4 (210 X 297 mm) -4- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 413799 A7 ___B7___ 5. Description of the invention (2) During the operation, the data was written to The first area and the information are written to the second area to perform a data writing operation. This procedure confirms and indicates that the data transfer is completely completed. U S — A 5, 5 7 2 · 0 0 4 is a payment method that uses a pre-stored IC card to pay for services or goods. The pre-stored IC card communicates with the security module via an electronic terminal located in the card reader. This method determines the correct deduction of the IC card and the correct amount of the security module transmitted from the IC card to the reader-F R — A 2 5 8 0 8 3 4 is revealed to protect the memory from fraud detection with a cover. The shield includes a resistive layer on the integrated circuit. The resistive layer represents two of the four resistors of the Wheatstone bridge integrated in the integrated circuit. Any physical damage to the shield will be sensed by the integrated circuit and the integrated circuit will render any further access inactive. These IC cards with cryptographic capabilities can be used as electronic wallets. Before any transaction occurs, the owner of the wallet or smart card must verify his identity to the card reader terminal with a personal identification number. If the personal identification code is valid or invalid, the card reader will present the signature to the IC card according to the personal identification code, and then the IC card will check the signature. The signature is also called " password '. In the case of a valid personal identification code, the card reader is allowed to continue the transaction ', for example, reading the IC card limit and changing the IC card limit in order to pay for the transaction. In contrast, the pre-stored IC card can be used as money for general use. The holder of any IC card will be authorized to use the IC card without any identification. The IC card verification is performed by the card reader in conjunction with the security module. * As the number of like cards increases, it will not be possible to track the correct position of outdated card readers and the still-operating security proofreaders. Harmony tampered with through fraud methods 丨 All machines of I cp can be ordered ------------ (Please read the notes on the back before filling this page) This paper size applies to the national standard of China (CNS) A4 (210x297); -5- 413799 A7 _B7 5. Description of the invention (3) (Please read first Note on the back, please fill out this page again) The total amount of cash is deducted instead of the point of sale to notify the cardholder of the correct total amount and illegally transmit valuable money to the security module of the tampered card reader, and then 'store in security The cash in the module will be transferred to the bank account of the scammer without question. Most IC cards are standardized according to I S 0 / I E C 7 8 1 6 parts 1 to 5. The main object of the present invention is to prevent unauthorized cash transfers between an IC card and an unidentified card reader and a security module thereof, and to provide a pre-stored IC including a card reader and a card reader connected thereto. Card system, security method for the system, and IC card. According to the present invention, the features of claims 1, 6 and 10 of the scope of patent application meet these objectives. After reading the detailed description of the preferred embodiment in conjunction with the accompanying drawings, the present invention will be fully understood, in which FIG. 1 is a system view for interactive confirmation of a pre-stored IC card, and FIG. 2 is a block circuit of an integrated circuit of an IC card Figure, Figure 3 is a flowchart of the interactive confirmation operation. The employee ’s consumer cooperation of the Intellectual Property Bureau of the Ministry of Economic Affairs has printed a flowchart of the payment transaction. Figure 5 is a random number generation circuit, and Figure 6 is a counter record. 7 series display count area without backup 'Figure 8 is a flow chart of key change operation, Figure 9 series shows a brute force attack counter' Figure 10 Series 0 shows a two-memory area, and this paper standard applies the China Standard® (CNS) Al specifications (210x297 male; S) -6- 413799 A7 _B7 V. Description of the invention (4) Figure 1 1 shows the complete inspection. Comparison table of main components Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 1 2 1- 丄 * · 51 Card machine 2 IC card 3 Electronic card 4 Security module 5 Contact pad 6 Livestock line 7 Security module socket 8 Body circuit 9 Electronic lock 1 0 Cash / unit counter content 1 1 — Heavy data encryption standard unit 1 2 Random number M generator 1 3 Microcontroller 1 4 Memory area 1 5 Memory area 1 6 Memory area 1 7 Memory area 1 8 Note • fa area 1 9 memory area 2 0 memory 丨 product-2 1 asynchronous receiver / transmitter unit 2 2 1 2 bit wide address bus 2 3 bidirectional 8 bit wide data bus 2 4 double ^ FL Day and second line 2 5 Timepiece line 2 6 Two-way single-line input / output line 2 7 Shelter 2 8 Generator circuit 2 9 Deduction unit 3 0 Invalid line 4 7 Comparator 4 9 Random access memory section ----- ----, --- .. install --------- order .-------- (Please read the back Note: Please fill in this page again.) This paper size applies the Chinese National Standard (CNS) AI specification (210x297). 413799 A7 B7 The counter printed by the employees ’cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs and the counter of brute force attack. 8 V. Description of invention (5 5 2 Point of sale 8 0 Memory section 9 2 Key holder in Figure 1 1 '1 represents the card reader, 2 is the I c card, 3 is the electronic terminal of the card reader 1' 4 is the security module, 5 is the connection Point pad, 6 series animal feed line '7 series security module 4 socket, 8 series integrated circuit, 9 series electronic lock' 1 0 series cash / unit counter content, 1 1 series generated T — DES signature of security module Unit, 12 series random number generator. The electronic circuit 8 can be a tiny module when it is applied. It can be installed in the plastic parts representing the IC card 2. The contact pads 5 of this module can make the electronic circuit. 8 communicates with terminal 3. The card reader 1 can be part of or connected to the independent point of sale 5 2 and is contrary to the device of the smart card, it can be operated without directly connecting to an external host computer, independent point of sale 5 2 as an example For example, it can be a pay phone, a low-cost point of sale. Sell machine, and so on. In addition to the mechanical parts not shown here, the card reader 1 provides a recessed wall or slot to accommodate an IC card 2 and includes an electronic terminal that cooperates with the security module 4 to control read / write operations. At least one security module 4 (ETSI ENE726 — 7) used in the card reader has a seemingly small 1C card 2 (CEN / ENV 1 3 7 5-^ Additional ICC Formats, -parti: ID-0 0 0 Cai. d)) standard size, and can confirm an issuer's IC card 2 and process transactions of the identified IC card 2. If the 1 C card 2 is inserted into the card reader 1, the contact pad 5 will contact the contact finger (not shown here) of the card reader i, so that the terminal 3 can communicate with the data line 6 through ---- --r ---------------- order --------- line (please read the precautions on the back before filling this page) This paper size applies to Chinese national standards (CNS) A4 specifications (210 X 297 male 5) -8-A7 413799 ___B7___ 5. Description of the invention (6) < Please read the notes on the back before filling this page) IC card 2 exchange information. Each security investment group 4 will be inserted into the socket 7 so as to be connected to the terminal 3 in an easy exchange or removal manner, and provide specific information for the secure IC card 2 and cash collected from the IC card 2 The memory space of the total number of units is given to the terminal 3. Socket 7 and data line 6 are indicated by double arrows in the diagram, indicating that the data is transmitted to terminal 3 and the double arrows from terminal 3 "All data exchanged between IC card 2 and security module 4 will be transmitted by the terminal 3 processing. Card reader 1 represents the outside world of IC card 2. Other implementations of the system use electromagnetic waves to establish a two-way data link between the terminal 3 and the IC card 2. The IC2 card may have these electromagnetic contact mechanisms to incorporate data transmission through the contact pad 5, and the card reader may actuate the appropriate contact mechanism. The consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs has printed the integrated circuit 8 of the pre-stored IC card 2 as it is known in the art. The card identification code and cash counter are stored in its memory. protection. The security module 4 will identify the IC card 2 with the identification code of the IC card 2, and if the test is positive, the lock 9 will be opened and the cash will be transmitted from the IC card 2 to the security module 4. The disadvantages of this system have already been addressed in the introduction. Therefore, the pre-stored card 2 has additional features such that not only the security module 4 recognizes the IC card, but also reverse operation, that is, the IC card 2 can check the confirmation of the security module 4 in use. FIG. 2 shows the IC card 2 and the integrated circuit 8 in more detail. The integrated circuit 8 allows the security module (FIG. 1). The interaction with the IC card 2 is confirmed. The straw circuit 8 may be a microprocessor based on an 8-bit microcontroller 13. Memory area 14 to 20, physical security crucible as beryllium 9, and the Chinese national standard (CN'S) A * 1 specification (210 * 297 mm > A7 413799 _B7___) applicable to this paper size V. Description of the invention ( 7) Asynchronous receiver / transmitter unit 2 1 will be connected to this controller 1 3 by wide address bus 2 2 and bidirectional 8-bit wide data bus 2 3. Reset line 2 4 allows terminal 3 (Figure 1) Reset controller 1 3 and lock 9 = Regarding records, lock 9 and receiver / transmitter unit 2 1 will be directly connected to controller 1 through interrupt and status lines. Terminal 3 will be connected via The timepiece signal synchronization contact pad 5 on the timepiece line 2 5 sends or receives data to or from the integrated circuit 8 to be transmitted on the two-way single wiring input / output line 26. Synchronous receiver / transmitter The controller unit 21 will serve as the interface of the data bus 2 2 controlled by the controller 1 3. The contact pad 5 allows the reset line 2 4, the timepiece line 2 5 and the power line (not shown here) to be connected to the terminal 3. The data transmission on single wiring input / output line 2 6 can be based on 130/1 £ (: standard 7816 — 3 (] _ 989): electronic signal and Sending agreement, including amendment 1 (1992): Article 9, and characterized by asynchronous half-multiplexed block transmission according to agreement T = 1. Memory can be divided into seven memory areas 14 to 20 for storing data and program information. Read-only memory (ROM) is used for areas 14 and 15. The two R 0 M areas 14 and 15 can be flash memory or traditional ROM 0. For example, a total of 4 096 bytes The third area 16 has random access memory (RAM memory area 16) such as 128 bytes, which can provide RAM area 49 for data lost due to reset or power failure. The remaining cells with hexabytes such as 176 bytes can be electrically erasable and programmable R 0 M (= E: PR 〇) cell type and are divided into four regions 17 to 20. Ε 2 PR 〇Memory area 17 to 2 ◦ Provide non-prompt storage space for sensitive or secret data, for example 'for the first ------ 1 ----' I --- -^ ----- I--t --------- ^ Ϊ (Qi first read the notes on the back and then fill out this page) Printed on paper again by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Applicable to China National Standard (CNS) A- 丨 size (210x297 male ) -10- Intellectual Property Co-operative Consumers' Cooperative, India, Ministry of Economic Affairs, India 413709 A7 __B7____ V. Description of the Invention (8) The secret key K in the third memory area 19 is used in the fourth E ^ P ROM memory area 20 The contents of the cash counter unit 10 are used for the use cycle status LS in the first E 2 PR Ο Μ memory area 17 and so on, and these E 2 FR are masked by the use. The special mask 2 7 of 20 can protect these four areas from being analyzed by scanning electron microscope. The physical integrity of the shielding member 27 of the shielding member 27 is tested at least by the controller 13 during the power-on step (FIG. 3) of the IC card 2. Any physical damage to the shield will be sensed and cause the controller 13 to set the use cycle status LS to "invalid" and by storing the E2PROM in the 17 million to 20 million cells that store confidential information Set to zero to erase the contents of all these cells in the memory area of E 2 PR OM and thus lose the secret data. At least the password key K must be erased to make IC card 2 useless. Lock 9 includes a generator that generates a random number of the card. Circuit 2 8. As the electronic circuit of the deduction unit 29, for example, this electronic circuit is made of hardware-connected logic elements, according to the triple data encryption standard (TRIPLE DATA ENCRYPTION STANDARD (= Ding Yi DES: DES And T-DES, see Applied Cryptography > ISBN 0 — 47 1 — 11709 — 9 'P. 2 9 4) by Bruce Schneier), perform DES conversion and can perform very fast calculations (millisecond level) signature. DES conversion And anti-DES conversion is used to encode and decode according to T-DES conversion and is processed by the same deduction unit 29 by T-DES unit (Figure 1). The cryptographic key κ is in the T-DES coding process Yichuan was used in the preface. In the [C card 2 and safety, this paper standard applies to China Standards (CNS) A < 1 Specifications (21〇x 297mm. ¾) -11-— — — — — ^ — — — —111 · ^^ ·· — II — II Order --------- 1, {Please Read the notes on the back before filling this page) A7 413701; B7______ V. Description of the invention (9) Sensitive data exchanged between modules 4. Therefore, the IC card 2 and the security school group 4 both store the identification key K in their individual memories and use the same deduction method in the deduction method unit 29 and the encoder 1 1 (Figure 1), respectively, to Encoding and decoding of exchanged data. Another job of the lock is to decode any access request made by the terminal 3 to the IC card to compare the request with the use cycle status LS (for example, "test mode", "issuer mode", "user mode", " Invalid ") and act accordingly. At the beginning of the cycle test, 1C card 2 will be connected to the power supply of card reader 1 (Figure 1) »Lock 9 will read the cycle state LS. The "test mode" using the test program located in the first R 0 Μ 1 4 is used only once during factory quality control. After the "test mode" program is executed, the test mode in the first R Ο Μ 1 4 will make it Do not act on your own. The second ROM 15 stores the operation program. If the use cycle state L S of the IC card 2 is in the "issuer mode" or "user mode", the controller 1 3 will operate in the operating program and will be actuated by the test program. "Issuer mode" is also used only once, in which at least individual card numbers, cash and unit counter contents 10 (Figure 1), date, key, other required parameters of the IC card, etc. will be fed under the control of the operating program To E2PROM memory area 17 to 20. If the IC card 2 is issued to the user, the lock 9 must generally only distinguish between "invalid" and "user mode". In "User Mode", check the number of invalid access attempts. If the limit of invalid access attempts has been exceeded, the use cycle status LS will be set to "invalid" u It is impossible to set the use cycle status LS cocoon = "invalid" ϋ If lock 9 does not detect the use cycle status LS = "Using the standard paper size of this paper is applicable to China's 0 standard (CNS) A4 specification (210 X 297 g) ------ r -------- I --------- order —------- line (Please read the notes on the back before filling this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs-12- 413799 Λ7 ______B7___ V. Description of Invention (1〇) "'is invalid The signal on line 30 will block any access to memory area 14 to (please read the precautions on the back before filling this page) 2 0. The number of erroneous accesses, such as in the fourth E 2 P R 0 Μ memory area 20, will limit unsuccessful access attempts to a certain limit 値. In "Publisher Mode", the maximum number of unsuccessful access attempts allowed is stored as the number of error accesses 4 8. In order to transmit the status information from the IC card 2, the periodic status bytes stored in the RAM memory area 16 can be used. For example, the seven bits of the usage cycle state in the first Ε 2 P R 0 Μ memory area 17 will be copied into the usage cycle state bytes. The eighth component represents the confirmation flag, which indicates the status of the current confirmation process. The following procedure is explained on the assumption that the number of erroneous accesses 4 8 in the "issuer mode" is set to the number of F such as 1 5 or hexadecimal. Fig. 3 is a flowchart showing the interaction confirmation process between the IC card 2 and the card reader 1 (Fig. 1). The flowchart indicates which steps occur in the IC card 2, the terminal 3, and the security module 4, respectively. The interactive confirmation process starts at step 3 1 after the terminal 3 contacts the IC card 2 and supplies power. The reset signal on reset line 2 4 (Figure 2) will be sent to IC card 2 during reset step 32. Controller 1 3 (Figure 2) will be set at the starting address and then rewrite the ram memory area 16 (Figure 2) »Reset the printed signal of the employee consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs will also lock 9 (Figure 2) Initialize to start the life cycle test on the life cycle state LS during the preparation steps 33. Using the comparator 4 7 (Figure 2) of the lock 9, the controller 1 3 can check the card 3 3 1 to compare the number of wrong access 4 8 and zero. "If the number of wrong access 4 8 is equal to zero, then no more is allowed. Confirm and set the use cycle status LS to "Invalid" and erase the confidential information to 'make the IC card 2 invalid. Step 3 3 This paper is reapplied to the Chinese Standard (CNS) A4 specification (210 X 297 meals) ) -13- 413799 A7 _B7_____ V. Invention Description (11) (Please read the notes on the back before filling out this page) The Intellectual Property Bureau Employees ’Consumer Cooperatives’ Seal of Printing is invalid during t 2 and will be sent to the output. Step 3 3 3. Otherwise, processing will continue to random steps 3 3 4. The use cycle state LS is now in the "user mode", and the generator circuit 2 8 (Figure 2) prepares the card random number, and the controller 13 stores the card random number in the RAM section 4 9 of the RAM memory area 16 and Continue to output step 3 3 3. Here, the usage cycle status byte is updated and transmitted with any data related to terminal 3. The relevant information is, for example, individual card serial number, integrated circuit number, issue date, number of cash units, card random number, etc. After receiving at least the updated usage cycle status byte, 'Terminal 3 will test the true usage cycle status byte during the terminal check period 3 4' and if IC card 2 is in the "user mode", then Terminal 3 The initial confirmation is performed in the initialization step by sending the relevant information of the IC card 2 and the initial request to the security module 4. Otherwise, if the use cycle status byte is set to "invalid", the processing will stop at 3 6 by Terminal 3 terminates. In the generator step 37, the random number generator 12 (Fig. 1) will generate a security module random number, and the security module random number will be stored in the security module 4 together with the relevant IC card 2 data. The random number of the security module will be returned to the terminal 3 in the receiving step 3 8. Then, the terminal 3 sends the random number of the security module to the lock 9 in the encoding request step 3 and initializes the card encoding step 4 by reducing the number of incorrect access times 4 8 by one. Then, the deduction method unit 2 9 (圊2) Calculate the signature of the card. The signature of the card is the random number of the security module using the cryptographic key and the T-DES conversion of the relevant information of the IC card 2. The signature of the card and the random number of the security module are also stored in the RAM area 49. Card signing session Xingshi's new usage cycle status byte is sent back to terminal 3. Terminal 3 This paper size is in accordance with Chinese National Standard (CNS) Al specifications (210 * 297 mm) -14- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 413799 Λ7 _____B7____ 5. The invention description (12) will sign the card as The confirmation request is sent to the security module 4. During the confirmation test 4 2, the T-DES unit 1 1 (Figure 1) will decode the converted card signature with the cryptographic key K, for example, by comparing the converted The card signature is compared with the card signature calculated by the T-DES unit 11 using the cryptographic key K, and the stored random number of the original security module and the relevant information of the IC card stored in the security module 4 are compared. According to the comparison result, if the IC card 2 is acceptable, the security module status byte will be set to "card confirmation", if not, it will be set to "card unconfirmed". If the security module status byte is "card confirmation", the card signature will be stored in the security module 4 and the T-DES unit 11 using the cryptographic key K will be based on the card random number and the previous confirmation result, that is, the card signature , And encode the security module signature. The security module signature (if any) and the security module status byte will be presented to terminal 3. If it is decided that the establishment of the security module status byte is "Card Unconfirmed", the processing will be aborted at 4 4. However, if the card signature is correct and the IC card 2 is therefore acceptable to the security module 4, then the decision of the security module status byte 4 3 will branch the processing to a confirmation request 4 5. Here, the terminal 3 will present the security module signature to the lock 9 = during the verification step 4 6, the lock 9 will test the security module signature. The deduction method unit 2 9 (Figure 2) will recalculate the security module signature with the password Si and the card signature stored in the RAM memory area 16 and the original card random number, and the controller i 3 will use the comparator 4 7 Compare the result with the signature of the security module transmitted. If the recalculated and transmitted security module signatures are equal, the interactive confirmation is valid. The number of incorrect accesses 4 8 will increase by one yuan, and the tl confirmation flag β will It is set to "access correct". "Sufficiently, if the paper size of the party and the paper is applied to the National Standard (CNS) A4 specification (210 X 297 g) -15- — — — — — l · — — — — — — — ! -------- ^ '1 — — — — — — — (Please read the precautions on the back before filling out this page) 413799 Λ7 __B7____ 5. The description of the security module sent by the invention (13) is different, The confirmation will fail and the confirmation flag will be set to "Access Error". IC card 2 will transmit the updated usage cycle status byte to terminal 3, and terminal 3 will test the usage cycle status byte again in the second decision 50. "If the usage cycle status byte is marked" user mode " And confirm that the flag issued by the security module 4 is acceptable to the IC card 2 ("accepted correctly"), then the lock 9 will be unlocked and the cash / counter content 10 in the 4th billion area 20 will be allowed (Figure 2) Was changed. The mutual confirmation will be successfully stopped at service step 51 and the terminal 3 connected to the authorized security module 4 will be allowed to continue the payment transaction. If the second decision 50 senses an erroneous confirmation, that is, the confirmation flag is set to "access error", the process ends at stop 4 4. At the end of the successful interactive confirmation process, both the IC card 2 and the security module 4 store the card signature and the security module signature in separate memories. "Figure 4 is a flowchart representing the payment process. Before transmitting from the IC card 2 to the security module 4, check again. After the interaction confirmation is processed correctly and the terminal 3 reaches the service step 51, the terminal 3 will accept the payment request 5 3 from the sales point 5 2 | that is, the content of the cash unit counter 1 0 (Figure 2). Reduced number of cash units. Only when the transaction (less than the cash) unit calculator content 10, the terminal 3 will continue the process and send a reduction request 54 and a transaction to the security module 4. According to the previously calculated and stored security module signatures and transactions, a new security module is created in the signature step 5 5 and the previous security module signature in the memory is replaced. In the receiving step 5 6, the terminal 3 will receive the signature of the new security module and in step 5 of the request, it will be handed over with a paper standard applicable to the national standard (CNS) A, 1 specification (2 丨 0 X 297 public money) (Please read the notes on the back before filling out this page) -I ------ 1. Order I · -------- 1. System -16- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs ^ 13799 Λ7 _____B7__ 5. The description of the invention (14) is presented to [lock 9 of card 2] (Figure 2). In arithmetic steps 5 8, the controller 1 3 first reduces the number of erroneous accesses 4 8 by one unit and sets the confirmation flag to f access error ". Then, the deduction circuit 2 9 (Fig. 2) will sign and trade the old security module stored in the RA M section 4 9 (Fig. 2) in the RA M memory area 16 in the arithmetic step 58. , Recalculate the new security module signature. The signature of the old security module in the R AM section 49 will be replaced by the signature of the new security module. If the calculation result is the same as the signature of the converted new security module, the confirmation is confirmed. The real cash / unit counter content 10 will be copied to the fourth E2PROM memory area 20 as the previous cash / unit counter content 10, and then the transaction is deducted to obtain the current cash / unit counter content 10, that is, The current cash rate is the previous cash rate minus the transaction rate. After completing the deduction of the cash unit counter 10, the controller 1 3 (Fig. 2) will increase the number of incorrect accesses 4 8 (Fig. 2) by one unit and set the confirmation flag to "correct access" . The updated usage cycle status byte is sent to terminal 3, where the third decision 5 9 for this status byte will cause the program to branch. If the confirmation flag indicates "access error", terminal 3 will abort the process at 60. If the third decision 5 9 senses that the confirmation flag is in the state of "acceptance is correct", the terminal 3 sends the signature request 6 1 to the IC card 2. In the encoding step 62, the IC card 2 will sign according to the cipher key K, the current cash card and the previously used card, and a new card signature will be generated in the deductive circuit 29. The new card signature will replace the old signature in the RAM memory area 16 and be sent to the terminal 3 (terminal step 6 3 u. At the same time, the security group 4 will separately calculate the party account from the data stored in the security module 4 This paper size applies to the Chinese National Standard (CNS) AU see grid mo X 297) -17- IIIII l · I-* ----. II! — I Order ---------! (Please read the notes on the back before filling this page) 5 ^ 413799 _B7____ printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Cash in front of the invention description (15) in order to enhance security and harmonious input / round-out Transmission time on 6 (with 2). In the transfer step 64, the terminal 3 will transfer the new card signature to the security module 4 and initialize the incremental step 65. In the incremental step 65, the new card signature will replace the stored old signature. The T-DES unit 11 (Figure 1) confirms the confirmation of the new card signature based on the previously used card signature and the current cash card. If the confirmation of the new card signature is true, the status byte will be set to "correct" and the transaction counter 6 6 (Figure 1) will be incremented by the transaction. If the confirmation is not confirmed, only the security module status will be available. Bytes will be set to "incorrect". The security module status byte will return to terminal 3 for testing in the fourth decision 6 7. If the security module status byte is "incorrect", the transaction process will be terminated at stop 6 8. However, if the security mode status byte is "correct", the terminal 3 successfully completes the transaction process and the point of sale 5 2 in the acceptance step 6 9 will accept the payment. Then, the terminal 3 returns to the service step 51 and waits for the removal of the new transaction program or the IC card 2. From the terminal step 6 3, the program will be executed forward without any connection with the IC card 2, until the step 6 9 is acknowledged and the service step 5 1 'if the IC card 2 is removed, the terminal 3 It will go to sleep until it comes into contact with the IC card 2 again. If the processing ends at 3 6 (Figure 3), 4 4 (Figure 3), and 60, the IC card 2 will be locked by the signal on the invalid line 30 (Figure 3) and must be reset at step 32 ( 1113) Reset by signal on reset line 24 (Figure 2) to restart the confirmation process. By returning to step 32, any other execution of terminal 3 will be stopped at 4 4 and / or 60 — — —, I 1 III — ----- 1 IIIII (Please read the note on the back first Please fill in this page again for details) Chinese National Standards (CNS) A'l Specification (210 X 297 mm) for this paper -18- Consumption Cooperation between Employees and Intellectual Property Bureau of the Ministry of Economic Affairs 413799 Λ7 Β7 V. Description of Invention (16) Automatically restart the confirmation and / or transaction process for a limited number of times. The supervision of the cross-confirmation process covers at least the standardization of the encrypted data and the exchange period ', that is, from the start of the encoding step 40 (Figure 3) to the second decision 50 (Figure 3) and during the arithmetic step 58, and has the following Advantages: Identify any abnormally ended access, that is, access that does not end normally due to invalid IC card 2, power failure, or disconnection of IC card 2 from card reader 1, etc., and by using The number of erroneous accesses stored in E 2 PR Ο Μ memory area 20 is decremented to limit the number of these abnormal accesses. The preparation and exchange cycle of encrypted data requires time-consuming calculations and may last for several seconds and thus have sufficient time to end the interactive confirmation processing in an abnormal manner. The parent program has a single wiring. The data flow on the input / output lines 26 is greatly reduced and the calculation time in the individual circuits of the IC card 2 and the security module 4 is minimized without sacrificing security. Cryptographic processing can advantageously save time by calculating only two random numbers each time the confirmation process starts and then using the previous individual signature to replace the time-consuming new random number generation. 0 At terminal 3, such as reset step 3 2 (Figure 3), encoding request 3 9 (Figure 3), verification request 4 5 (Figure 3), request steps, signature request 61, etc., under the conditions that the IC card 2 is effectively contacted in the steps, etc., the use cycle state LS can be determined by the terminal 3 set up. This may happen, for example, when the card number transmitted by the security module 4 is detected on a stolen or suspected slip. In the case where the use cycle state LS is set to "invalid j", the controller 13 will wipe at least the third dimension as described above, and apply the Chinese National Standard (CNS) A4 specification (210 * 297 mm) -19- ------ L ---, 1 --- install -------- order --------- line (please read the general notice on the back before filling this page) Ji Zou wisdom% Production Bureau member X Consumer Cooperative printed 413799 Λ7 87 V. Description of the invention (17) The secret key in the E2P ROM memory area 19. In FIG. 5, the display generator device 7 0 'can be used as Random number generator 12 (Figure 1) and generator 2 8 (Figure 2) that generate random numbers for security modules and card random numbers, respectively. Device 7 0 includes a linear offset register 7 1. Free-running timepiece 72, and Bollinger unit 73. In the embodiment shown, the eight-bit shift register 71 will move its content from the least significant bit to the most significant bit, for example, as shown in the diagram in FIG. In the middle, the shift register 7 1 moves its content to the right. The output of the most efficient or true content of the octet and the sixth and third bits will be provided by the Bollinger unit 7 3 in a free-running timepiece 7 2 Signal Mix Together to form a combined signal that is fed to the least significant bit input. The signal of the free-running timepiece 7 2 is not synchronized with the clock signal of the shift register 7 1. The type of the Bollinger Unit 7 3 and the Bollinger Unit 7 3 The signal of the combined shifter register 71, the size of the shift register 71, and the frequency of the free-running timepiece 72 are determined by the needs of the generator device 70. For example, the device 70 generates The random number must conform to the basic statistical distribution law and the criteria developed by SWG0l0mb (SWGolomb, Holden-Day, San Fancisco, 1976, w Shift Register Sequence 〃 or Aegean Park Press, 1 9 8 The second edition of 2). Now returning to FIG. 2, the feature of tracking the number of invalid access attempts and limiting this number to a predetermined number of allowed invalid access attempts has the advantage of using the deductive circuit 2 9 The cryptographic key K used for signature cannot be retrieved by trial and error, so the cryptographic key can be kept secret. Before the confirmation process, the reduction of the number of lead-in mistaken access 48 can prevent the system in the following situations --- : --------- install · ------- order · --- I ---- (Please read the notes on the back before filling out this page) This paper size applies to Chinese National Standard (CNS) A4 (210x 297 meals) -20- A7 413799 B7__ 5. Description of the invention ( 18) Fooled: IC card 2 and Zanka machine (Figure 1) were separated before the number of incorrect access 4 8 because of verification step 4 6 and arithmetic step 5 8 (Figure 4) before the transaction was successfully completed and incremented again. . In another implementation of the IC card 2, the confirmation test is started at the beginning of the preparation step 3 3 instead of at the beginning of the encoding step 40 (Figure 3), so that the entire process from the preparation step 3 3 to the verification step 4 6 They were all under supervision at the end. In another implementation of the IC card 2, the controller 1 3 is programmed to directly compare two digital groups under the control of an operating program, without the need for a hard-wired comparator 47. The cash unit counter content 10 is stored in the fourth memory area 20 and the cash unit will be decremented by the controller 13 when requested by terminal 3 until all the cash units are used up and the cash unit is zero. Then, the 1C card 2 is used up and discarded. The implementation of the IC card 2 may be able to refill the predetermined cash limit, for example, equal to CHF300. 00. In one of its E2PROM memory areas 17 to 20, the number of retry attempts set in the "Publisher Mode" is stored. If the allowable number of retry times is set to zero, the IC card 2 is available once until the cash unit counter content 10 reaches zero. As long as the number of allowed retransmissions is different from zero, the terminal 3 (Fig. 1) may request the IC card 2 to prepare the retransmission cash counter unit contents 10. This service can be initiated after the service step 5 1 (Figure 3) establishes an interactive confirmation. The controller 13 will test the allowable number of slugs. If the allowed number of 01 塡 is not zero, the controller 13 will apply the allowed paper size to the Chinese national standard (CNSM4 gauge (210 X 297 mm) I! III L ------- -I 1 IIIII Order * ιί1 · — · * * 5 ^ < Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs ^ A7 413799 ____B7___ V. Description of the invention (19) 塡 The number of times is reduced by one unit and the cash 値 unit counter content 1 0 is acceptable New cash unit. ® Filling can occur on a special card reader 1 connected to the bank's computer instead of to point of sale 5 2 (Figure 1). In addition to the interactive confirmation between the IC card 2 and the card reader 1, the bank will also require user identification through the increase of the personal identification code. It is advantageous to limit the number of repetitions so as to minimize any misuse and invalidate the old IC card to avoid malfunctions due to the life limit of E 2 P R ◦M. For example, the limit of the contents of the cash counter unit 10, the limit of the number of error access 48, the limit of the number of retry times, etc. will be set to the maximum allowed number in the "Issuer Mode", which are stored in the memory 2 0 in. If an individual event occurs, the appropriate limit will be reduced by at least one unit. This method is faster because the controller 13 compares individual numbers with zeros than it does with the numbers stored in memory. In the verification step 46 and the arithmetic step 5 8, the number of wrong access 4 8 will increase by one unit. The pre-stored IC card 2 and card reader 1 system (Figure 1) has the advantage that the pre-stored card 2 and the security module 4 (Figure 1) can interactively confirm the counterparties of data transmission and provide a mechanism to the system to reject any Unconfirmed access attempt to a user payment institution. This will significantly enhance the level of confidence that customers have in their IC cards2 and the issuer's overall system. In order to enhance the integrity of the IC card 2 memory module, the integrated circuit 8 must prevent the effects caused by sudden power failure, for example, before the transaction is completed or in the Ε 2 PR Ο Μ memory area 17 to 20 During the renewal of one of the counting areas, the 1C card 2 is separated from the card reader 1 (Fig. 1). In the know-how of the pre-stored card technology, the hard-wired Logger Tun Road will be used by: This paper size applies to China National Standard (CNS) A. 丨 size mo X 297 mm) ---- I l · II L--II * 1 IIIIII ^ *-1 ----- (Please read the precautions on the back before filling out this page) Printed by the Intellectual Property Bureau Employee Consumer Cooperatives of the Ministry of Economic Affairs -22-41379 ^ Ministry of Economic Affairs Printed by the Intellectual Property Bureau employee consumer cooperative A7 B7 V. Description of the invention (20) When the content of the counter is changed, the flag or certification bit will be changed to prevent the card removal effect during the update of the counting area. Since the certification bit 'cannot be written exactly parallel to the counter, it is still possible that an error may occur due to a sudden power failure. This may even cause a state where the contents of the counter 10 can be illegally increased. The new Ic card 2 has an automatic backup mechanism for each sensitive counter to track changes in the contents of the counter by storing at least the previous and actual contents of the individual counter. In Fig. 6, an embodiment of the counter record 74 is shown. The counter record 7 4 includes three columns. The management column 7 5 indicates the number of years of the counter record 74. The counter 7 6 stores the counter. 7 4 The real IC card when storing files. 10 (Figure 2). The total check column 7 7 Check the total. Its (total check) content is based on counter 値 76. Each sensitive counter of the IC card 2 has at least two counter records 7 4 and is located in the backup count area 7 8 of the memory area 20. The integer of the counter record 7 4 is greater than 1 but smaller than the capacity of the management column 7 5. The most sensitive counter handles cash puppet units. The cash / unit counter will be explained further. In the embodiment shown in Fig. 7, the backup area 78 has a set of four counter records 74. The controller 13 will determine the maximum content of the four management columns 7 5 a to 7 5 d of the backup counter 7 8 during the preparation step 3 3 (Figure 3), and set the four management columns 7 5 a to 7 The maximum volume of 5 d is stored in the activation column 79 in the RAM memory area 16. The controller 1 3 always changes the oldest login in the backup counter area 7 8. The oldest registered address is calculated according to the following rules: "To the content of Zhixun fl ^ I79 will be ^^ 1 * ^ 1 ^^ 1 ^^ 1 ^^ 1 1 1 ^ 1 ί I ft nk J f— I 1 ^ 1 m ^^ 1 V n ^^ 1 ^^ 1 I n «^ 1 n I (Please read the precautions on the back before filling out this page) This paper size is applicable to the CNS A4 specification Γ210 X 297 mm) -23-Printed by the Economic Village Intellectual Property Bureau—Industrial and Consumer Cooperatives 413799 Λ7 Β7 V. Invention Description (21) Added one and used as a counter record in the backup counter area 7 8 7 4 a to 7 4 full number of d. " If the contents of the counter, that is, the cash / unit counter content 10 (Fig. 2) must be changed, the controller 13 will access the memory area 2 0 with the backup counter area 7 8 on the data bus 2 3. Then the 'controller 1 3 reads out the content of the actuation column 7 9 and determines the address of one of the counter records 7 4 a to 7 4 d by the operation of "the content of the actuation column 7 9 is 4", for example In other words, the counter record 7 4 b, which has been used when the counter was previously changed, is recalculated based on the counter 値 7 6 b (for example, 'cash 値 unit counter content 1 0'). If the recalculated total check is the same as the total check stored in block 7 7 b > the previous change of the counter will be successfully terminated. The controller 13 will increase the content of the actuation column 7 9 by one unit, read the counter 値 7 6 b, and decrease the content of the counter 値 7 6 b by one or several units as needed. Then, the new content of the activation column 7 9 will be used by the controller 13 to calculate the new address of the next counter record 7 4 (the counter record 7 4 c in this embodiment). The controller 13 will store the next counter 値 7 6 c decrement 値 and the increment of the actuation column 7 9 in the management column 7 5 c ′ and calculate a new total check based on the contents of the counter 値 7 6 c The new total check is stored in column 7 7 c. If there is a power failure before the total check is properly stored in column 7 7 c, the total check is incorrect. During the next access period between I c card 2 and the card reader (circle 1) 'controller 1 3 will give the address to the counter' record 7 4 c and re-read according to the contents of the counter 7 7 c Calculate the total paper size ii to check that the Chinese paper standard (CNS) A4 (210 X 297 cm) is applicable to this paper size -24- IIIII l · --LI —---- · I f ----- Order ----- — — — — — (Please read the notes on the back before filling out this page) A7 413799 B7_ V. Description of the invention (22). Obviously, due to the previous transaction processing that failed at arithmetic step 5 8 (Figure 4), that is, the 1 increment step (Figure 4) and the acknowledgement step 6 9 (Figure 4) in the previous transaction were not executed and deducted. The amount is not used for payment, so the newly recounted total reconciliation is now different from the total reconciliation block 7 7 c. If the total comparison check fails, the controller 13 will thus decrement the content of the actuation column 7 9 by one unit and read out a counter 値 7 6 b such as the previous cash 値 unit counter content 10 e (Figure 2), As a real cash 値 unit counter content 10. The controller 13 will continue the test as described above. It is obviously correct to check the total in column 7 7 b, increase the activation column 7 9 by one unit, increase the cash / unit counter content 1 ◦ decrement according to the new transaction, and The actual contents of are stored in columns 75c, 76c, and 77c of the counter record 74c. This procedure has the advantage that the owner of the IC card 2 cannot deceive the system by artificially interrupting the transaction processing, and it is not sensitive to the accidental mishandling or the failure of the IC card 2 to the fault of the card reader 1. If the total comparison is more than two consecutive failures, the controller 1 3 will determine that the individual counter record 7 4 contains defective memory cells and invalidate the IC card 2 by setting the use cycle state L S to "invalid". Once the secret key is found, the system with the pre-stored IC card 2 of the known technology cannot change the key except to replace all IC cards 2 with the new series of IC cards 2 and the related security module 4, which will cause Issuer's credit is compromised and financial damage is significant. In FIG. 2, the third E2PROM memory area 19 provides a memory section 80 to the auxiliary key AK. The auxiliary key A K is not applicable to the standard office. In "----- U --------- installation -------- order -------- {Please read the unintentional matter on the back before filling this page) Economy Printed by the Ministry of Intellectual Property Bureau ’s Consumer Cooperatives The paper size is applicable to the Chinese National Standard (CNS) A4 (210 X 297 gong) -25- 413799 Printed by the Intellectual Property Bureau ’s Consumer Cooperatives of the Ministry of Economic Affairs A7 Β7 V. Invention Description (23 During the "Publisher Mode" period, it will be filled in the memory section 80 and used as the auxiliary key AK. Only in the case where the key is downloaded from the security module 4 (Figure 1), for example, after the cryptographic key K used in the deductive circuit 29 is found, the integrated circuit 8 will interpret the new key with the auxiliary key AK Password key. Obviously, the auxiliary key A K is also available in the security module 4. The advantage of this design is that the issuer only needs to initiate the key replacement procedure within the security module 4 (Figure 1) during additional repairs to the card reader 1 C (Figure 1) that is not obvious to the public. During the additional maintenance period, the new cryptographic key K is transmitted to the security module 4 to replace the outdated old key K * stored in another billion-dollar body stored in the security module 4. This will also trigger the key replacement process. Therefore, since the key change process is already part of the confirmation process, it is not necessary to close the card operation during this additional maintenance of all the card readers 1, for the sake of brevity. The key replacement process is not shown in FIG. Figure 8 shows the relevant parts of the confirmation process with the additional key replacement process steps. The card signature is transmitted to the security module 4 in the confirmation request 41. If in the confirmation test 4 2 using the new key K, the security module 4 classifies the IC card 2 as unconfirmed according to the card signature, the IC card 2 can still use the outdated old key K *, or it is truly unconfirmed. The switch 8 1 which is activated during the extra maintenance will cause the process to shift to the second confirmation test 4 2 ′, in which the outdated old key K * is used to recalculate the card signature and the result will be compared with the transmitted card signature. If the re-calculated and transmitted card signatures are different, the IC card 2 is unconfirmed and the processing will be transferred from the second DPJ gate 8 2 to the terminal with the security module status byte set to "unconfirmed" 3. However, if the paper size of the recalculated and transmitted card signature is applicable to the Chinese National Standard (CNS) A4 (210 X 297 mm) -26-— — — — — illj—— — — i IIIIII ^ > — — — — — < Please read the notes on the back first and fill in this page) Printed by the staff of the Intellectual Property Bureau of the Ministry of Economic Affairs and printed by the cooperative 413799 Λ7 Β7 V. Description of the invention (24) The words of the security module status byte will be The setting is "replace the key", and the second switch 8 2 will cause the key to be transferred to the key sending step 8 3. In step 83 of sending the key, the T-DES unit 11 (Fig. 1) will use the DES-transform and the auxiliary key AK stored in the 80 million (Fig. 2) and the transferred card to sign, and will sign the new Key K code. T-DES unit 1 1 Use the new key K and the card sent to sign the message confirmation code. The security module 4 then transmits the security module status byte, the encrypted new key, and the message confirmation code to the terminal 3. Among them, the first decision 4 3 detects the security module status byte set in the "replace key", and the terminal 3 sends the encrypted new key and message confirmation code as a key replacement request to the 1 C card 2 . In the key verification step 84, the deductive circuit 29 (FIG. 2) decodes the encryption key by using the inverse DES conversion of the auxiliary key AK stored in the memory section 80. The result is a new key K, which is then used to recalculate the message confirmation code in step 85. Comparator 4 7 (Figure 2) will compare the recalculated message confirmation code and the transmitted message confirmation code "if the two codes are the same, that is, if comparator 4 7 senses" true ", then the controller 1 3 (Figure 2) The encryption key transmission will be considered and the message confirmation code will be considered correct. The new key K will replace the old cryptographic key K in the third E 2 PR 0 Μ memory area 1 9 (Figure 2), and the confirmation flag will be Set to "Accept correct", and increase the number of incorrect access by 48 units. Processing will return to terminal 3 at the second decision 50. From then on, IC card 2 will use the new key K to replace the old but now outdated gun K. However, if the result of comparator 4 7 is "false", the confirmation flag will be set to "access "Correct", the wrong reception of the next defeat 4 8 will maintain a reduction of a rogue bit, that is, the reception will be controlled by the controller — I! — — — — — — — — Order-I — --- (Please read the back first Please pay attention to this page and fill in this page again) This paper size applies Chinese National Standard (CNS) A4 size X 297 mm) -27-Printed by the Ministry of Economic Affairs J. Bureau Consumer Cooperatives 413799 A7 __B7__ V. Description of the invention (25) 1 3 is considered an invalid access attempt. Finally, the 'use cycle status byte will be updated to the "user mode" and the processing will return to the second decision 5 0 (Figure 3) 13 If the increment and decrement directly affect the number of wrong access as above 4 8 Above, the logical state change of the inefficient bit with the wrong access times of 4 8 will change at least four times. The limited life of the E2PROM memory cell of about 10,000 cycles will limit the confirmation times to about 5 0, 0 0 〇. Another way to track effective access attempts will now be explained in detail. In FIG. 9, two columns of the fourth E2PROM memory area 20 are shown. The first column is called a BRUTE FORCE ATTACK (FBA) counter 86, which includes the number of error accesses, and the second column has Approved area 8 7 with even bits 8 8. During the previous access of the IC card 2 (Fig. 1), for example, in the "Issuer Mode", the number of erroneous accesses 4 8 is set to the initial frame representing the maximum number of valid attempts allowed. At the same time, bit 8 8 of the approval area 8 7 is set to one. For example, if the approval area 8 7 is 16 bits wide from bit 8 8 a to bit 8 8 q, The sixteen-digit content is "FFFF". The logic state of one of the 16 bits 88a to 88q is reversed by the controller 1 3 (Figure 2) so that the number of bits 8 8 in the same logic state (zero or one) is an odd number (sign step) to replace each One unit is deducted from the number of erroneous accesses 48 when the confirmation process is started, for example, at the beginning of the encoding step 40 (FIG. 3), at the beginning of the arithmetic step 58 (FIG. 4), and so on. Bits 8 and 8 in the same logic state (zero or one) are called "bit parity" 丨 Division-------------- ^-III I --- ^ -------- (Please read the notes on the back before filling out this page) This paper size applies to Chinese national standard (CNS > A4 size (210x297 mm) -28- Member of Intellectual Property Bureau, Ministry of Economic Affairs ΗConsumer Cooperation Du printed 4137S9 A7 _B7 V. Description of the invention (26) Bits are used as the content of the confirmation flag 'for example' a logical tree zero indicates even parity, and a logical one is odd parity ϋ If confirmation fails, terminal 3 ( (Figure 1) The processing will be abandoned at stop 44 (Figure 3) or 60 (Figure 4) and the controller 13 will set the invalid line 3 0 (circle 2) to actuate and no longer receive from the second R 0 Μ 1 5 Any further instructions. The IC card 2 must be reset by a signal on the reset line 24 (Figure 2) in order to restart the confirmation process. On the other hand, if the confirmation is correct, the controller 13 will cause the adjacent bit 8 The logic state of 8 is reversed to change the bit parity to an even number (adjustment step) 0 Now go back to the confirmation process of FIG. 3. After resetting step 3 2 after resetting the IC card 2, The controller 1 3 (Figure 2) will test the card in preparation step 3 3 to check the number of incorrect access 48 48 (Figure 2). If the number of incorrect access 4 8 exceeds zero, the confirmation process starts at the random number step. Before working on 3 3 4, first enter the random parity check 3 3 5 added in the random step 3 3 4. The bit parity check 3 3 5 will determine the parity of the approved area 8 7 (Figure 9) and treat the bit Parity will handle branching. Even parity makes the controller 1 3 sure that any previous confirmation is correct. If the parity is odd, it indicates that the previously used IC card 2 is abnormal, and the controller 1 3 will change the bit parity to an even number by reversing the logical state of one of the 16 bits 8 8 a (Figure 9) to 8 8 q (Figure 9) in the approval area 8 7 and the wrong access The number of times 4 8 is reduced by one unit. Then, the confirmation process will leave the bit parity check 3 3 5 and continue the work of random steps 3 3 4. The advantage of using the approval area 8 7 is that the number of incorrect access 4 8 will only reduce the paper size. Applicable to CNS A'l specification (210x297 male) -29- I _ ^ innn 一 nn 1 nn II (Please read the precautions on the reverse side before filling out this page) The Intellectual Property Bureau of the Ministry of Economic Affairs, Employee Consumption Cooperative, India 413799 A7 _B7 V. Description of the invention (27), and the change of E ^ PR Ο Μ memory cell only occurs After the correct event (power failure, etc.), the life of E 2 PR 0 μM can be enhanced. At the beginning of the encoding step 40, before the deduction method unit 2 9 (Fig. 2) calculates the card signature, the controller 13 will reverse the 16 bits 8 8 a to 8 8 q in the approval zone 8 7 One of the logical states, while changing the bit parity into an odd number. In the implementation of the IC card 2 that the supervision of the interactive confirmation process has been initiated in preparation step 3 3, the bit parity change may occur between the bit parity check 3 3 5 and the random number step 3 3 4. And * At the beginning of arithmetic step 5 8 (Figure 4), if the use cycle state LS is set to "user mode" and the interactive confirmation is determined, the controller 13 will change the bits in the approval zone 8 7 in the same position. Is odd. At the end of the verification step 4 6 (Figure 3) and the end of the arithmetic step 5 8, if the controller 13 senses that the interactive confirmation is successful and the total check is appropriately placed in the total check column 7 7 (Figure 6) • The controller 13 will change the bits in the approval zone 8 7 to an even number again. Alternatively, if the controller 13 senses an unsuccessful acknowledgement, the controller 13 will keep the bits in the approval zone 8 7 in an odd state in the same position. Then, the confirmation flag containing bit parity information will be presented to the terminal 3. If the confirmation flag is set to logic 1, the controller will branch the program at the second decision 50 to stop 4 4 and the third Decide the program branch at 59 to stop at 60. This unsuccessful access will leave the parity of odd bits in the approved area 87. Only by reversing one bit 8 8 in the approval area 8 7 can a considerable increase in confirmations be made, for example • In the example of a 16-bit wide approval area 8 7, the increase is 1 6 times to about 8 0,0 0 〇 confirmed that the Chinese paper (CNS) A4 specification (210 X 297 mm) is not applicable to this paper size -30- -------------- * Equipment * ------- Order · ------- line (please read the precautions on the back & fill in this page first) Printed by the Consumers' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs 413799 A7 _B7_ V. Invention Explanation (28) With the advantage of sacrificing E 2 PR Ο Μ memory cells, the configuration of bits 8 8 in the confirmation area 8 7 will be lost during the no-power cycle until the next access to the card reader 1 (Figure 1) until. In addition, in most access attempts, the content of the incorrect access number 4 8 will be changed by more than one bit. This is for the slow and energy-consuming processing of the E 2 PR 0M memory cell and is generally confirmed. And payment conversions are not acceptable. The changes in bit parity will now be described in detail. The controller 13 will read the calibration area 8 7 and test each bit 8 8 from the lowest effective bit 8 8 a to the most efficient bit 8 8 q. If the most efficient bit 8 8 Q is a logic 1, the controller 13 will determine and mark the first bit containing logic 1 starting at bit 8 8 a. If the most efficient bit 8 8 Q is logic 0, the controller 1 3 will determine and mark the first bit containing logic 0 starting at bit 8 8 a. If the flagged bit is one of the bits 8 8 a, 8 8 c, 8 8 e, 88g, 88i, 881, 88n, and 88p, the controller 13 will set the bits in the approved area 8 7 Parity is considered even. In the case where one of the other bits 88 is marked, the bit bits are treated as odd. The parity bits in the verification zone 8 7 are stored in the confirmation flag. For each change in bit parity, the controller 13 will only reverse the logic state of the flagged bits, that is, the controller 13 will convert logic 1 to logic 0, or vice versa. The benefits of security in messaging are now clear. The usage cycle status byte and the confirmation flag including the usage cycle status LS are the only information that must be sent clearly. However, the information of the usage cycle status byte does not allow any conclusion about the information contained in the IC card 2. . Other exchanges I ------------ Order --------- (Please read the precautions on the back before filling this page ) This paper size is in accordance with Chinese National Standard (CNS) A4 (210x 297g) -31-ΑΓ 413799 ___ Β7 1 __..-------------------- 5. Description of the invention (29) Information is scrambled efficiently and reliably. In FIG. 1 ′ 'shows an example of the usage cycle status byte located in the RA memory area 16 ° The first E 2 p R 0 Μ memory area 17 includes a memory space 8 9' memory space 8 9 seven Units 8 8 are used to store the use cycle state LS in non-volatile memory. Only the information in the space of billions of bodies will be changed to change the life cycle status. In order to update the above-mentioned use period byte, the byte area 90 of the RAM memory area 16 is used. In preparation step 3 3 (Fig. 3) and whenever this update process starts, the controller 1 3 (Fig. 2) will read the memory space 8 9 and copy its contents into the byte area 9 0 'for example , Copy to the seven least significant bits marked by lS. The controller will then determine the status of the confirmation flag and place the single bit flag 9 1 with the information about the confirmation flag in the most efficient bit of the byte area 90. Therefore, the use cycle status byte includes the use cycle status L S and the acknowledge flag. The controller 1 3 always reads out the use cycle status byte from the byte area 9 and presents it to the terminal 3 (Fig. 1) 0 The pre-stored IC card 2 (Fig. 2) of the conventional technique does not have a mechanism to Identify themselves before ordering at the issuer. During the ordering process in the "Issuer Mode", the secret password key and ordering information will be copied to the pre-stored IC card 2. There is no mechanism to prevent the loading of secret cryptographic keys into a similar IC card 2, which is an imitation of the actual IC card 2. Similar to the IC card 2, the secret key and customized data will be accepted, and the key and customized data can be taken out of it. Secret cryptographic keys are thus discovered and the security of the entire system is compromised. II ---- 1 IIJI --- IIII I--Order --- — — — — — (Please read the notes on the back and fill in this page first) The paper printed by the Intellectual Property Bureau Staff Consumer Cooperatives of the Ministry of Economy applies Chinese SS Home Standard (CNS) A: 1 specification (210 * 297 mm) -32- 413799 Α7 Β7 V. Description of the invention (3〇) (Please read the precautions on the back before filling this page) In Figure 1 1 , Displays the overall inspection at the terminal 3 dedicated to the card used by the issuer. The IC card 2 is connected to the terminal 3 and the key holder 9 2 * The key holder 9 2 is lent to the issuer from a trusted third party. The key holder 9 2 has the integrated circuit 9 2 of the same design as the integrated circuit 8 of the IC card 2 and therefore includes the same functional blocks. These same functional blocks have the same code but are marked by the following lines: deductive circuit 2 9 ROM memory area with operating system 1 5 < At least the fourth E 2 P R ◦ M memory area 2 0 and so on. For example, the key holder 92 has a physical form of a general 1C card 2 or one of the security modules 4 (FIG. 1) so that the key holder 92 can fit one of the sockets 7 (FIG. 1) of the card reader 1. . R Ο Μ memory area 1 5 > stores the same operating program as R ◦ Μ memory area 15 and may be empty fourth E2PROM memory area 2 0 > is the fourth E2PR of IC card 2 to be personalized. Copy of M memory area 20. The IC card 2 printed by the employee's consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs will be placed in the reader 1 to start the order. The terminal 3 will supply power to the IC card 2 in the reset step 32 (Fig. 3). The IC card 2 starts the test according to the preparation cycle 33 (Fig. 3) and presents the updated use cycle status byte to the terminal 3. The terminal test 3 4 tests the use of periodic status bytes. If the use cycle state L S is set to the "test mode", the program will switch to the identification step 9 4; otherwise, the program 1 will be abandoned at the stop 3 6. In the identification step 9 4, the terminal 3 transmits the same announcement 9 5 (for example, date and / or real time or random number) to the IC card 2 and the key holder 92. Announcement 9 5 may be sent to the IC card 2 and the key garden holder 9 2 at the same time or at different times. Yan-33- This paper size is applicable to Chinese Standards (CNS) / V1 (210 X 297 mm) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 413799 A7 _ B7 ____________ 5. Explanation of the Invention (31) Interpretation Circuit 2 9 and 2 9 疋 are independently based on the contents of this report 95 and contents such as ROM record protection area 15 and 15-, and the fourth E 2 p ROM record storage area 20 and 20-, respectively Perform their own 0E s operation ° The results of a DES operation are presented to the terminal 3. The result of one of the DEs is presented to the identification decision 9 6 for comparison. If the two results are different, the IC card will be regarded as a defective or unconfirmed simulator (Trojan horse (', Troj an hórs e 〃))', so the program will be aborted on 9 7. If the two results are equal, then the terminal 3 will open the subscription of the IC card 2 and take at least the relevant information and the second secret mirror removed from the key holder 9 2 (for example, stored in the third E2P ROM memory area 1 9) Load the third and fourth E 2 PR via the terminal 3 ◦ M memory area 19 and .20. After confirming the transmission content, the usage cycle state L S stored in the memory space 8 9 (Fig. 10) will be set by the controller 1 3 (Fig. 2) to "user mode". Terminal 3 —When receiving the updated usage cycle status byte and sensing the usage cycle status L S = "user mode" and the confirmation flag "accepted correctly", the terminal 3 will end the subscription of the IC card 2. The content of the fourth E2 PROM memory area 20 now differs from the content of the fourth E2PROM memory area 20 $, which may still be empty. Therefore, even if the IC card is removed from the card reader 1 before the use cycle state L S is set to "user mode", these sensitive data cannot be loaded into the IC card 2 a second time. The response of the IC card 2 in the identification decision 9 6 is different from that of the key holder 92. When the personal IC card's life cycle status is no longer in "issuer mode", IC card 2 will be checked at the terminal 3 4 and rejected and sent to stop 3 6. Confirmed before this order. — — — —-F ----] II 1 · 11111111 (Please read the precautions on the back before filling out this page) The standard of this paper applies to 0® House Standard (CNS) A4 Specifications (210 X 297 public money) -34- Consumption cooperation by employees of the Intellectual Property Bureau of the Ministry of Economic Affairs 413799 A7 _B7_ V. Description of the invention (32) The point is to strengthen security to prevent the secret key from being discovered and issued by the issuer The card used was "illegal updated". ----- fi ---- Installation -------- Order · -------- Line (Please read the note H on the back first: fill in this page) -35- This paper size Applicable to China National Standard (CNS) A4 specification (210 X 297 mm)

Claims (1)

附件2A :第88109224號專利申請案 中文申請專利範圍修正本民國89年3月呈 413799 、申請專利範圍 1 . 一種系統,包括讀卡機 1C卡(2),該讀卡機(1 少一安全模組(4 ) 修正補充 經濟部智慧財產局員工消費合作社印製 1 )及可攜被 具有電子終端(3)和至 該可攜帶的預存式I C卡(2 )具 有積體電路(8 )及扣減機構’該積體電路(8 )具有鎖 (9 )以防止未經授權使用該I C卡(2 )及具有非揮發 性記憶區(2 0 )以儲存目前的I C卡値(1 0 ),該扣 減機構會於連接至讀卡機(1)的終端(3)之獨立銷售 點(5 6 )處交易期間’逐步扣減目前的ί C卡値’該終 端(3 )提洪I C卡(2 )與安全模組(4 )之間的通道 通道(5,6;7),特徵在於:該1C卡(2)具有機 構(9,21 ,28,29)以產生卡隨機數及卡簽字及 將它們供應給安全模組(4 ) ’安全模組(4 )具有機構 (1 1 ,1 2 )以產生安全模組隨機數和安全模組簽字’ 及將它們供應給I C卡(2 ) ,I C卡(2 )具有密碼鑰 Κ及機構(2 9 )以根據至少安全模組隨機數產生卡簽字 及將安全模組簽字解碼以證實安全模組(4 )的確認’安 全模組(4 )具有密碼鑰Κ及機構(1 1 )以從至少該卡 隨機數產生該安全模組簽字及將該卡簽字解碼以證實1 c 卡(2 )的確認,積體電路(8 )包括通用記憶區(1 6 ),該通用記憶區(1 6 )具有區域(4 9 )以儲存至少 卡隨機數和安全模組隨機數,該鎖(9 )能夠於I C卡( 2 )與安全模組(4 )的交互確認爲肯定時,允許付款交 易。 2 .如申請專利範圍第1項之系統,特徵在於該I c 本紙張尺度適用_國國家標準(CNS)A4規格(210 X 297公釐) -------------一一^ — i (請先閱讀背面之注意事項再填寫本頁) 訂- 線 附件2A :第88109224號專利申請案 中文申請專利範圍修正本民國89年3月呈 413799 、申請專利範圍 1 . 一種系統,包括讀卡機 1C卡(2),該讀卡機(1 少一安全模組(4 ) 修正補充 經濟部智慧財產局員工消費合作社印製 1 )及可攜被 具有電子終端(3)和至 該可攜帶的預存式I C卡(2 )具 有積體電路(8 )及扣減機構’該積體電路(8 )具有鎖 (9 )以防止未經授權使用該I C卡(2 )及具有非揮發 性記憶區(2 0 )以儲存目前的I C卡値(1 0 ),該扣 減機構會於連接至讀卡機(1)的終端(3)之獨立銷售 點(5 6 )處交易期間’逐步扣減目前的ί C卡値’該終 端(3 )提洪I C卡(2 )與安全模組(4 )之間的通道 通道(5,6;7),特徵在於:該1C卡(2)具有機 構(9,21 ,28,29)以產生卡隨機數及卡簽字及 將它們供應給安全模組(4 ) ’安全模組(4 )具有機構 (1 1 ,1 2 )以產生安全模組隨機數和安全模組簽字’ 及將它們供應給I C卡(2 ) ,I C卡(2 )具有密碼鑰 Κ及機構(2 9 )以根據至少安全模組隨機數產生卡簽字 及將安全模組簽字解碼以證實安全模組(4 )的確認’安 全模組(4 )具有密碼鑰Κ及機構(1 1 )以從至少該卡 隨機數產生該安全模組簽字及將該卡簽字解碼以證實1 c 卡(2 )的確認,積體電路(8 )包括通用記憶區(1 6 ),該通用記憶區(1 6 )具有區域(4 9 )以儲存至少 卡隨機數和安全模組隨機數,該鎖(9 )能夠於I C卡( 2 )與安全模組(4 )的交互確認爲肯定時,允許付款交 易。 2 .如申請專利範圍第1項之系統,特徵在於該I c 本紙張尺度適用_國國家標準(CNS)A4規格(210 X 297公釐) -------------一一^ — i (請先閱讀背面之注意事項再填寫本頁) 訂- 線 413799 BS CS D8 六、申請專利範圍 (請先閱讀背面之注意事項再填冩本頁) 卡(2 )與安全模組(4 )分別包括演繹電路(2 9 )及 T — DES單元(11),以密碼鑰對要相互交換及證實 之資料執行T- DES轉換。 3 ·如申請專利範圍第1或2項之系統,特徵在於該 安全模組(4 )具有機構以用新的密碼鑰K取代I C卡( 2 )的過時密碼鑰K '儲存於I C卡(2 )的記憶體( 8 0 )中的輔助鑰AK、及該輔助鑰AK單獨用於將下載 至I C卡(2)中的新密碼鑰解碼。 4. 一種預存式1C卡(2),具有積體電路(8) 及比較器(47),該積體電路(8)具有鎖(9)以防 止未經授權使用I C卡(2 )、非揮發性資料記憶區( 經濟部智慧財產局員工消費合作社印製 1 7至2 0 )以至少儲存付款交易期間會逐漸減少之真正 的I C卡値(1 0 )、通訊通道(5,2 1 )以將資料供 應至外部世界、一般記億區(16)之區段(80)、及 卡隨機數產生器電路(2 8 )以產生卡隨機數,特徵在於 該一般記憶區(1 6 )包括機構以暫時儲存至少卡隨機數 、卡簽字、安全模組隨機數及安全模組簽字,該非揮發性 資料記憶區(1 7 : 1 8 ; 1 9 ; 2 0 )包括機構以儲存 至少錯誤接取次數(4 8 )、密碼鑰K及先前的I C卡値 (1 〇 ^ ),該鎖(9 )包括機構以視錯誤接取次數( 4 8 )而防止對該卡之接取,且其進一步包括機構以在無 效接取嘗試的情形中更新錯誤接取次數(4 8 )、及使用 密碼鑰K以將卡簽字解碼及將安全模組簽字解碼之演繹法 單元(2 9 ),該比較器(4 7 )證實所收到的安全模組 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) 413799 益 B8 B88 六、申請專利範圍 簽字。 (請先閱讀背面之注音?事項再填寫本頁) 5.如申請專利範圍第4項之1C卡(2),特徵在 於該非揮發性資料記憶區(2 0 )包括含有錯誤接取數目 之錯誤接取區(8 0 )及作爲先前接取不正常結束的標示 器之核准區(8 7),以及該積體電路(8 )設有機構( 9,13)以調查核准區(87)及在核准區(87)標 示不正常的接取之情形中更新錯誤接取次數(48)。 6·如申請專利範圍第4或5項之1C卡(2),特 徵在於該非揮發性資料記憶區包括分割成至少二計數器記 錄(7 0 )之備份計數器區(7 4 ),每一記錄包括代表 真正I C卡値(10)或至少先前的I C卡値(1〇 _) 之計數器値(7 6 )及標示儲存於計數器記錄(7 0 )的 交易次數之管理資料(75 ’ 77),以及提供機構以更 新真正的1C卡値(10)的管理資料(75 ,77)及 假使更新過的管理資料和儲存於個別計數器記錄(7 0 ) 中真正的I C卡値(1 〇)的管理資料不同時,以先前的 1 C卡値(10^)用於付款交易。 7 .如申請專利範圍第4至5項中任一項之I C卡( 經濟部智慧財產局員工消費合作社印製 2 ),其中非揮發性資料區(1 7至2 0 )會由遮蔽件( 2 7 )遮蓋,且積體電路(8 )具有機構(1 3 )以便在 假測到遮蔽件(2 7 )遭到任何損傷時抹拭儲存於非揮發 性資料記憶區(1 7至2 0 )中的敏感資料。 8 .如申請專利範圍第4至5項中任一項之I C卡( 2 ),其中該非揮發性資料記億區(1 9 )提供記憶空間 本紙張尺度適用令國國家標準(CNS)A4規格(210x297公釐) B3 CS D8 413799 六、申請專利範圍 給用以將密碼鑰解碼之輔助鑰A K以及控制器(1 3 )肯g 夠以新的鑰取代過時的鑰K*。 9 .如申請專利範圍第4至5項中任一項之I C卡( 2 ),其中非揮發性資料記憶區(1 7 )包括個別卡號且 該個別卡號係密碼計算的參數。 10 · —種交互確認方法,在1C卡(2)與具有終 端(3)之讀卡機(1 )中的安全模組(4)之間交互確 認I C卡(2 )與安全模組(4 )之間的資料交換,包括 下述步驟: -由I C卡(2 )產生卡隨機數及將其傳送給安全模 組(4 )- -由安全模組(4 )產生安全模組隨機數及將其傳送 給I C卡(2 ), -使用至少密碼鑰K及安全模組隨機數由I C卡計算 卡簽字,將其傳送至安全模組, -使用至少密碼鑰K及安全模組隨機數由安全模組( 4 )計算卡簽字並將其與傳送來的卡簽字比較,假使二簽 字不同,則停止處理, 一使用至少密碼鑰K、卡隨機數及卡簽字由安全模組 (4)計算安全模組簽字,並將其傳送給ic卡(2), -使用至少密碼鑰K、卡隨機數及卡簽字由I C卡( 2 )計算安全模組簽字’及將其與傳送來的安全模組簽字 相比較’假使二簽字不同,則停止處理。 1 1 ‘如申請專利範圍第1 〇項之方法,特徵在於卡 ------------—裝--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作·吐.印製 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -4 - 經濟部智慧財產局員工消費合作社印制代 413789 § D8六、申請專利範圍 隨機數會與至少I C卡獨特的序號一起從I C卡傳送,密 碼鑰K係由安全模組使用獨特的序號決定。 1 2 ·如申請專利範圍第1 0或1 1項之方法,特徵 在於其又包括在不成功的比較情形下更新錯誤接取次數( 4 8)。 1 3 ·如申請專利範圍第1 2項之方法,特徵在於, 在啓動交互確認處理之前,IC卡(2)會檢查代表無效 接取嘗試的數目之錯誤接取次數(4 8 )的內容及在錯誤 接取次數(4 8 )達到預定限制時使I C卡(2 )的接取 不致動。 14.如申請專利範圍第10項之方法,特徵爲,其 又包括下述步驟:當傳送第一卡簽字時,,由IC卡在非 揮發性資料記憶區中標記核准區*及在成功的簽字比較之 後使核准區組織化。 1 5 .如申請專利範圍第1 4項之方法,特徵在於’ 更新核准區包括下述步驟: -在卡檢查(3 3 1 )之後及在產生卡隨機數之前^ 檢查核准區(87)中儲存的位元(88), -在核可區標示未終止區的情形下,更新錯誤接取次 數(4 8 )及使核准區(8 7 )的位元(8 8 )組織化’ —標記核可區(8 7 )中的位元(8 8 )以標示該區 的啓始^ -在成功的終止區之情形中,使核准區(8 7 )中的 位元(8 8 )組織化。 — lit· 1 -------- I 訂---- - - (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國國家標準(CMS)A4規格(210 X 297公釐) 經茗部智慧財產局員工消費合作社印製 «3799 § 六、申請專利範圍 1 6 .如申請專利範圍第1 5項之方法,特徵爲,藉 由使單一位元一個接一個反轉而標記及組織化核准區( 87)中的位元(88) a 1 7 .如申請專利範圍第1 0項之方法,特徵在於付 款交易,至少包括下述步驟: -根據至少先前交換的密碼及要減少的數額,由安全 模組(4 )計算密碼,將其與要減少的數額傳送給I C卡 (2 ), 一根據至少先前交換的密碼及要減少的數額,由I C 卡(2 )計算密碼,將其與所收到的密碼相比較且假使二 密碼相同時減少內部計數器’ -根據至少先前交換的密碼及目前的I C卡値,由 I C卡C 2 )計算密碼,將其傳送給安全模組(4 ), -根據至少先前交換的密碼及預期的目前IC卡値, 由安全模組(4 )計算密碼,將其與所收到的密碼相比較 ,且假使二密碼相等時成功地終止交易及更新IC卡値。 1 8 .如申請專利範圍第1 7項之方法,特徵在於更 新I C卡値包括下述步驟: -爲下一計數器値記錄定址’每一記錄均包括至少計 數器値(76) ’該計數器値(76)代表真正的1C卡 値(1 0 )或先前的I C卡値(1 0 1 )及管理資料( 7 5 ' 7 7 ) ’ -將目前的I C卡値儲存在定址的計數器値記錄中’ -更新及儲存其在定址的計數器値記錄中對應的管理 -------------^--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度適用中國囷家標準(CNS)A4規格(210 χ 297公釐) -6 - 413799 、申請專利範圍 資料。 1 9 ·如申請專利範圍第1 〇項之方法,特徵爲在安 全模組(4 )辨識出I C卡(2 )仍然使闬過時的密碼繪 K *之情形下,執行下述鑰更換處理步驟: -由安全模組(4 )使用輔助鑰AK將加密的新鑰κ 傳送給I C卡(2 )及確認密碼(M A C ),該確認碼( MA C )至少根據新鑰K或加密的新鑰κ及先前傳送的卡 簽字, —由I C卡(2 )使用輔助鑰A K將加密的新鑰K解 碼, -計算確認密碼(M A C )’確認密碼至少根據新鑰 K或加密的新鑰K及先前傳送的卡簽字, -比較傳送的及計算的確認密碼,且假使二者相同時 * 一以新錄K取代目前的繪K *。 —1^— ^^1 ^^1 n I n I m i HI 1 n n n 1^1 I^i I (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合泎社印製 -7 - 本纸張尺度適用^國國家標準(CNS)A4規格(21〇χ 297公釐)Attachment 2A: Chinese Patent Application No. 88109224, Amendment of Chinese Patent Application Range, March 1989, 413799, Patent Application Range 1. A system, including a card reader 1C card (2), the card reader (1 less one security The module (4) is amended to supplement the printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 1) and the portable electronic terminal (3) and the integrated pre-stored IC card (2) with integrated circuits (8) and Deduction mechanism 'The integrated circuit (8) has a lock (9) to prevent unauthorized use of the IC card (2) and a non-volatile memory area (20) to store the current IC card (1 0) , The deduction agency will 'gradually deduct the current ί C card' during the transaction at the independent point of sale (5 6) of the terminal (3) connected to the card reader (1). The terminal (3) Tihong IC The channel (5, 6; 7) between the card (2) and the security module (4) is characterized in that the 1C card (2) has a mechanism (9, 21, 28, 29) to generate a card random number and Sign the card and supply them to the security module (4) 'The security module (4) has a mechanism (1 1, 1 2) to generate random security modules And security module 'and supply them to the IC card (2), the IC card (2) has a cryptographic key K and a mechanism (29) to generate a card signature based on at least the security module random number and decode the security module signature To confirm the confirmation of the security module (4) 'The security module (4) has a cryptographic key K and a mechanism (1 1) to generate the security module signature from at least the card random number and decode the card signature to confirm 1 c Confirmation of the card (2), the integrated circuit (8) includes a general memory area (16), and the general memory area (16) has an area (49) to store at least the card random number and the security module random number. The lock (9) can allow payment transactions when the interaction confirmation between the IC card (2) and the security module (4) is positive. 2. If the system of item 1 of the scope of patent application is characterized in that the paper size of this paper is applicable _ National Standard (CNS) A4 (210 X 297 mm) ------------- One by one ^ — i (Please read the precautions on the back before filling this page) Order-Line Attachment 2A: Patent Application No. 88109224 Chinese Application for Patent Scope Amendment March 1989 413799 and Application for Patent Scope 1. The system includes a card reader 1C card (2), the card reader (1 less one security module (4) amended and supplemented by the consumer property cooperative printed by the Intellectual Property Bureau of the Ministry of Economy 1) and portable electronic terminals (3) And the portable pre-stored IC card (2) has an integrated circuit (8) and a deduction mechanism 'the integrated circuit (8) has a lock (9) to prevent unauthorized use of the IC card (2) and With non-volatile memory area (20) to store the current IC card (1 0), the deduction mechanism will be at an independent point of sale (5 6) at the terminal (3) connected to the card reader (1) The channel between the terminal (3) and the IC card (2) and the security module (4) is gradually deducted during the transaction. Road (5, 6; 7), characterized in that the 1C card (2) has a mechanism (9, 21, 28, 29) to generate card random numbers and card signatures and supply them to the security module (4) 'Security The module (4) has a mechanism (11, 12) to generate a random number of the security module and a signature of the security module 'and supply them to the IC card (2), which has a cryptographic key K and a mechanism ( 2 9) Generate a card signature based on at least a random number of the security module and decode the security module signature to confirm the confirmation of the security module (4) 'The security module (4) has a cryptographic key κ and a mechanism (1 1) to At least the random number of the card generates the signature of the security module and decodes the card signature to confirm the confirmation of the 1 c card (2). The integrated circuit (8) includes a general memory area (1 6), and the general memory area (1 6 ) Has an area (49) to store at least the card random number and the security module random number. The lock (9) can allow payment transactions when the interaction between the IC card (2) and the security module (4) is positive. 2. If the system of item 1 of the scope of patent application is characterized in that the paper size of this paper is applicable _ National Standard (CNS) A4 (210 X 297 mm) ------------- One by one ^ — i (Please read the precautions on the back before filling this page) Order-line 413799 BS CS D8 VI. Patent application scope (Please read the precautions on the back before filling this page) Card (2) and security The module (4) includes a deduction circuit (2 9) and a T-DES unit (11) respectively, and performs T-DES conversion on the data to be exchanged and verified with a cryptographic key. 3. If the system of item 1 or 2 of the scope of patent application, characterized in that the security module (4) has a mechanism to replace the outdated password key K 'of the IC card (2) with a new password key K stored in the IC card (2 ) The auxiliary key AK in the memory (80) and the auxiliary key AK are used solely to decode the new cryptographic key downloaded to the IC card (2). 4. A pre-stored 1C card (2), which has an integrated circuit (8) and a comparator (47). The integrated circuit (8) has a lock (9) to prevent unauthorized use of the IC card (2), non- Volatile data memory area (printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 17 to 20) to store at least real IC cards (1 0), communication channels (5, 2 1) that will gradually decrease during payment transactions To supply data to the outside world, the segment (80) of the general memory region (16), and the card random number generator circuit (2 8) to generate card random numbers, which is characterized in that the general memory area (1 6) includes The organization temporarily stores at least the card random number, the card signature, the security module random number, and the security module signature. The non-volatile data memory area (17: 18; 19; 20) includes the organization to store at least the wrong access The number of times (4 8), the cipher key K and the previous IC card 値 (1 0 ^). The lock (9) includes the mechanism to prevent access to the card depending on the number of incorrect accesses (4 8), and it further Including the organization to update the number of incorrect accesses in the case of invalid access attempts (4 8), and use the password The key K is a deductive method unit (2 9) that decodes the card signature and decodes the security module signature. The comparator (4 7) confirms that the received security module is in accordance with the Chinese National Standard (CNS) A4 specification. (210 X 297 public love) 413799 Benefit B8 B88 Six, signature of the scope of patent application. (Please read the phonetic on the back? Matters before filling out this page) 5. If the 1C card (2) in item 4 of the patent application scope is characterized in that the non-volatile data memory area (20) includes an error containing the number of incorrect accesses The access area (80) and the approval area (87) as a marker for the abnormal end of the previous access, and the integrated circuit (8) is provided with a mechanism (9, 13) to investigate the approval area (87) and The number of incorrect accesses (48) is updated in the case where the approved area (87) indicates abnormal access. 6. If the 1C card (2) in item 4 or 5 of the scope of patent application, the non-volatile data memory area includes a backup counter area (7 4) divided into at least two counter records (70), each record includes A counter (7 6) representing the real IC card (10) or at least the previous IC card (1〇_) and management data (75 '77) indicating the number of transactions stored in the counter record (70), and Provide institutions to update the management data (75, 77) of the real 1C card (10) and the updated management data and the management information of the real IC card (10) stored in the individual counter record (70) At the same time, the previous 1 C card (10 ^) is used for payment transactions. 7. If the IC card in any one of the patent application scope items 4 to 5 (printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 2), the non-volatile data area (17 to 20) will be covered by a shield ( 2 7) cover, and the integrated circuit (8) has a mechanism (1 3) to wipe and store in the non-volatile data memory area (1 7 to 2 0) when any damage to the shield (2 7) is falsely detected ). 8. If the IC card (2) of any of the items 4 to 5 of the scope of patent application, the non-volatile data is recorded in the 100 million area (19) to provide memory space. The paper size applies the national standard (CNS) A4 specification. (210x297 mm) B3 CS D8 413799 6. The scope of patent application is for the auxiliary key AK for decoding the cryptographic key and the controller (1 3) Ken g can replace the outdated key K * with a new key. 9. The IC card (2) according to any one of claims 4 to 5, in which the non-volatile data memory area (17) includes an individual card number, and the individual card number is a parameter calculated by a password. 10 · A method of interactive confirmation, interactively confirming the IC card (2) and the security module (4) between the 1C card (2) and the security module (4) in the card reader (1) with the terminal (3) The data exchange between) includes the following steps:-the card random number is generated by the IC card (2) and transmitted to the security module (4)--the security module random number is generated by the security module (4) and Send it to the IC card (2),-Sign the IC card with at least the cryptographic key K and the random number of the security module, and send it to the secure module,-Use the cryptographic key K and the random number of the security module by The security module (4) calculates the card signature and compares it with the transmitted card signature. If the two signatures are different, the processing is stopped. One uses at least the cryptographic key K, the card random number, and the card signature to be calculated by the security module (4). Sign the security module and send it to the IC card (2),-Use at least the cipher key K, the card random number and the card signature to calculate the security module signature by the IC card (2) and send it to the security module that was transmitted Comparison of group signatures' If the two signatures are different, processing will stop. 1 1 'The method according to item 10 of the scope of patent application is characterized by a card -------------- installation -------- order --------- line (Please read the precautions on the back before filling out this page.) The consumer cooperation and spitting of the Intellectual Property Bureau of the Ministry of Economic Affairs. Printed paper is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) -4-Ministry of Economic Affairs Printed by the Intellectual Property Bureau employee consumer cooperative 413789 § D8 6. The patent application scope random number will be transmitted from the IC card together with at least the unique serial number of the IC card. The key K is determined by the unique serial number of the security module. 1 2 · The method as claimed in item 10 or 11 of the patent application scope is characterized in that it further includes updating the number of incorrect accesses in the case of unsuccessful comparison (4 8). 1 3 · The method according to item 12 of the scope of patent application is characterized in that before starting the interactive confirmation process, the IC card (2) will check the content of the number of incorrect accesses (4 8) representing the number of invalid access attempts and When the number of wrong accesses (48) reaches a predetermined limit, the access of the IC card (2) is deactivated. 14. The method of claim 10 in the scope of patent application, characterized in that it further comprises the steps of: when transmitting the first card signature, the IC card marks the approved area * in the non-volatile data memory area and the successful Organize the approved area after signing and comparing. 15. The method according to item 14 of the scope of patent application, characterized in that 'updating the approval area includes the following steps:-after the card check (3 3 1) and before generating a card random number ^ check the approval area (87) Stored bit (88),-in the case where the approved area is marked with an unterminated area, the number of incorrect accesses (4 8) is updated and the bits (8 8) of the approved area (8 7) are organized '— marking Approve the bits (8 8) in the area (8 7) to mark the beginning of the area ^-In the case of a successful termination zone, organize the bits (8 8) in the approved area (8 7) . — Lit · 1 -------- I order ------(Please read the notes on the back before filling this page) This paper size is applicable to China National Standard (CMS) A4 (210 X 297) (%) Printed by the Consumers ’Cooperative of the Ministry of Intellectual Property,« 3799 § VI. Application for Patent Scope 16. The method for applying for Patent Scope Item 15 is characterized by reversing single bits one by one and Mark and organize the bits (88) a 1 7 in the approval area (87). The method of item 10 in the scope of patent application is characterized by a payment transaction including at least the following steps:-According to at least the previously exchanged password and The amount to be reduced is calculated by the security module (4), and it is transmitted to the IC card (2) with the amount to be reduced. One is calculated by the IC card (2) based on at least the previously exchanged password and the amount to be reduced. Password, comparing it with the received password and decrementing the internal counter if the two passwords are the same-based on at least the previously exchanged password and the current IC card, the IC card C 2) calculates the password and transmits it to security Module (4),-based on at least the previously exchanged The password and the expected current IC card are calculated by the security module (4), and compared with the received password, and if the two passwords are equal, the transaction is successfully terminated and the IC card is updated. 18. The method according to item 17 of the scope of patent application, characterized in that updating the IC card includes the following steps:-Addressing the next counter's record 'Each record includes at least a counter' (76) 'The counter' ( 76) On behalf of the real 1C card (1 0) or the previous IC card (1 0 1) and management information (7 5 '7 7)'-store the current IC card in the address counter's record. ' -Update and store the corresponding management in the address counters and records ------------- ^ -------- Order --------- line (please Please read the notes on the back before filling in this page.) This paper size applies to China National Standard (CNS) A4 specification (210 χ 297 mm) -6-413799, patent application data. 1 9 · If the method in the scope of patent application No. 10 is characterized in that the security module (4) recognizes that the IC card (2) still makes the outdated password K *, the following key replacement processing steps are performed :-The security module (4) uses the auxiliary key AK to transmit the encrypted new key κ to the IC card (2) and the confirmation password (MAC), the confirmation code (MA C) is at least based on the new key K or the encrypted new key κ and the previously transmitted card signature, the IC card (2) uses the auxiliary key AK to decode the encrypted new key K,-calculates the confirmation password (MAC) 'the confirmation password is at least based on the new key K or the encrypted new key K and the previous Signature of the transmitted card,-Compare the transmitted and calculated confirmation passwords, and if they are the same *-replace the current drawing K with a new record K *. —1 ^ — ^^ 1 ^^ 1 n I n I mi HI 1 nnn 1 ^ 1 I ^ i I (Please read the notes on the back before filling out this page) Printed by the Consumer Consumption Agency, Intellectual Property Bureau, Ministry of Economic Affairs -7-The size of this paper applies to the national standard (CNS) A4 (21〇χ 297 mm)
TW88109224A 1998-06-05 1999-06-03 Preloaded IC-card, system using preloaded IC-card, and method for authenticating same TW413799B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP98110350 1998-06-05

Publications (1)

Publication Number Publication Date
TW413799B true TW413799B (en) 2000-12-01

Family

ID=8232071

Family Applications (1)

Application Number Title Priority Date Filing Date
TW88109224A TW413799B (en) 1998-06-05 1999-06-03 Preloaded IC-card, system using preloaded IC-card, and method for authenticating same

Country Status (5)

Country Link
EP (1) EP1082710A1 (en)
AR (1) AR018624A1 (en)
AU (1) AU3841999A (en)
TW (1) TW413799B (en)
WO (1) WO1999064996A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI408608B (en) * 2009-05-14 2013-09-11

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7249108B1 (en) 1997-07-15 2007-07-24 Silverbrook Research Pty Ltd Validation protocol and system
US7702926B2 (en) 1997-07-15 2010-04-20 Silverbrook Research Pty Ltd Decoy device in an integrated circuit
US6473743B1 (en) * 1999-12-28 2002-10-29 Pitney Bowes Inc. Postage meter having delayed generation of cryptographic security parameters
US7197642B2 (en) 2000-02-15 2007-03-27 Silverbrook Research Pty Ltd Consumable authentication protocol and system
AU2006252277B2 (en) * 2000-02-15 2008-09-04 Silverbrook Research Pty Ltd An Apparatus for Validating a Device
AU2004201740B2 (en) * 2000-02-15 2005-06-23 Silverbrook Research Pty Ltd Validation chip
US7685423B1 (en) * 2000-02-15 2010-03-23 Silverbrook Research Pty Ltd Validation protocol and system
AU2001243658B2 (en) 2000-03-15 2005-12-15 Mastercard International Incorporated Method and system for secure payments over a computer network
DE10015098A1 (en) * 2000-03-28 2001-10-25 Giesecke & Devrient Gmbh Process and terminal for data transactions using smart card used in network system
DE10060912A1 (en) * 2000-12-07 2002-06-27 Infineon Technologies Ag Data carriers and methods for their cancellation
FR2820231B1 (en) * 2001-01-26 2005-01-21 Gemplus Card Int INTEGRATED CIRCUIT BOARD (S) OR CHIP CARD (S) INCORPORATING A SECURITY LAYER AND COMMUNICATION DEVICE COOPERATING WITH SUCH A CARD
US7249256B2 (en) 2001-07-11 2007-07-24 Anoto Ab Encryption protocol
SE0102474L (en) * 2001-07-11 2003-01-12 Anoto Ab encryption Protocol
KR101019524B1 (en) * 2002-03-19 2011-03-07 마스터카드 인터내셔날, 인코포레이티드 Method and system for conducting a transaction using a proximity device
US7844747B2 (en) * 2002-06-05 2010-11-30 Stmicroelectronics, Inc. Performance tuning using encoded performance parameter information
DE10340181A1 (en) * 2003-09-01 2005-03-24 Giesecke & Devrient Gmbh Method for cryptographically securing communication with a portable data carrier
EP1515507A1 (en) 2003-09-09 2005-03-16 Axalto S.A. Authentication in data communication
JP4706220B2 (en) * 2004-09-29 2011-06-22 ソニー株式会社 Information processing apparatus and method, recording medium, and program
WO2006086232A2 (en) * 2005-02-07 2006-08-17 Sandisk Corporation Secure memory card with life cycle phases
US8966284B2 (en) 2005-09-14 2015-02-24 Sandisk Technologies Inc. Hardware driver integrity check of memory card controller firmware
EP1873963A1 (en) * 2006-06-29 2008-01-02 Incard SA Authentication method for IC cards
US8484464B2 (en) 2007-06-15 2013-07-09 Research In Motion Limited Method and devices for providing secure data backup from a mobile communication device to an external computing device
EP2003842B1 (en) * 2007-06-15 2011-05-04 Research In Motion Limited A method and devices for providing secure data backup from a mobile communication device to an external computing device
CN111292089A (en) * 2020-02-12 2020-06-16 北京智慧云测科技有限公司 PSAM card protection management method and PSAM card

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2266222B1 (en) 1974-03-25 1980-03-21 Moreno Roland
JPS61139873A (en) 1984-12-13 1986-06-27 Casio Comput Co Ltd Authorization system
FR2580834B1 (en) 1985-04-17 1989-09-22 Grandmougin Michel MEMORY CARD, WITH PROTECTION RESISTANCE
EP0398545A1 (en) * 1989-05-19 1990-11-22 Delco Electronics Corporation Method and apparatus for storing data in a non-volatile memory
FR2681165B1 (en) * 1991-09-05 1998-09-18 Gemplus Card Int METHOD FOR TRANSMITTING CONFIDENTIAL INFORMATION BETWEEN TWO CHIP CARDS.
DE69331006D1 (en) * 1992-03-30 2001-11-29 Telstra Corp Ltd SECRET TRANSFER METHOD AND SYSTEM
ATE161348T1 (en) 1992-12-01 1998-01-15 Landis & Gyr Tech Innovat PROCEDURE FOR COMPENSATION FOR SERVICES AND/OR GOODS AND FACILITY FOR IMPLEMENTING THE PROCESS
GB9307623D0 (en) 1993-04-13 1993-06-02 Jonhig Ltd Data writing to eeprom
EP0727894B1 (en) * 1994-08-30 2004-08-04 Kokusai Denshin Denwa Co., Ltd Certifying system
DE4442357A1 (en) * 1994-11-29 1996-06-05 Deutsche Telekom Ag Protecting data passing between data processing device and terminal device connected via telecommunications network
DE19506921C2 (en) * 1995-02-28 1997-03-20 Orga Kartensysteme Gmbh Method for performing a secret code comparison on a microprocessor-based, portable data carrier
CH689812A5 (en) 1995-12-01 1999-11-30 Ip Tpg Holdco Sarl Process at a use of synchronously operated smart card.
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
DE19604349A1 (en) * 1996-02-07 1997-08-14 Deutsche Telekom Ag Process for billing electronic wallet systems with chip cards
US6073236A (en) * 1996-06-28 2000-06-06 Sony Corporation Authentication method, communication method, and information processing apparatus
JPH10222618A (en) * 1997-01-31 1998-08-21 Toshiba Corp Ic card and ic card processing system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI408608B (en) * 2009-05-14 2013-09-11

Also Published As

Publication number Publication date
WO1999064996A1 (en) 1999-12-16
AU3841999A (en) 1999-12-30
AR018624A1 (en) 2001-11-28
EP1082710A1 (en) 2001-03-14

Similar Documents

Publication Publication Date Title
TW413799B (en) Preloaded IC-card, system using preloaded IC-card, and method for authenticating same
US4498000A (en) Security method and device for communicating confidential data via an intermediate stage
US4317957A (en) System for authenticating users and devices in on-line transaction networks
US4450535A (en) System and method for authorizing access to an article distribution or service acquisition machine
EP0883866B1 (en) Method for protectedly debiting an electronic payment means
AU2007217172B2 (en) Pin servicing
EP0873554B1 (en) Method of debiting an electronic payment means
US20100228668A1 (en) Method and System for Conducting a Transaction Using a Proximity Device and an Identifier
EP0213534A2 (en) IC card
JPS6194177A (en) Apparatus for computing and recording transacted money value
EP1402343A1 (en) A bio-metric smart card, bio-metric smart card reader, and method of use
EP0985204A1 (en) Ic card transportation key set
EP0981807A2 (en) Integrated circuit card with application history list
JPS6244869A (en) Ic card collating system
US20070174615A1 (en) Method and device for communication using random codes
CN105117963A (en) Device and method based on digital signature
US6662151B1 (en) System for secured reading and processing of data on intelligent data carriers
US6163612A (en) Coding device, decoding device and IC circuit
JP2001524724A (en) Data management method for chip card
US7171565B1 (en) Method and system for producing wise cards
JPH0619945A (en) Data transfer system portable terminal equipment
AU723525B2 (en) A method for certifying a running total in a reader
Read EFTPOS: electronic funds transfer at point of sale
JPH06231161A (en) System for preventing money transaction by ic card from being illegally altered
KR20030070580A (en) System for processing transaction of card by certifying electronic signature

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent
MM4A Annulment or lapse of patent due to non-payment of fees