JP2555096B2 - IC card - Google Patents

Description

[Detailed Description of the Invention] [Outline] Regarding an IC card that can receive multiple types of services with a single card, locks can be locked on a service-by-service basis, and locks can be locked automatically as well as by commands. In order to make it possible to release the locked one, an IC card having a processor, a first memory for storing a processing program therefor, and a second memory for storing data are provided. In the second memory, a file and its management information and management information at the time of file creation are stored for each service in the second memory, and the first memory stores the file designation information of the external input data and the personal identification number of the card holder. , And the terminal confirmation code, select the corresponding file and check the PIN and AC code of the management information of the selected file. If, PIN, exceeds the respective allowable number by counting the mismatch count, respectively, in matching AC code and function to flag that prohibits access to the file, when there is a lock command to the file to the external input data,
Checks whether or not the command has the write right to the file, and if there is, sets a flag that prohibits access to the file, file specification information in external input data, PIN of file creation management information, and AC When there is a code or unlock command for a file, select the file, check the PIN and AC code of the file creation management information of the file, and check whether you have the creation right of the file. If so, a program having a function of resetting a flag for locking the file is stored and configured.

[Industrial applications]

The present invention relates to an IC card that can receive multiple types of services with a single card.

[Conventional technology]

As shown in FIG. 4, an IC (integrated circuit) card has a processor 12, a read-only memory (ROM) 14 for storing its program, an electrically erasable and programmable ROM 16 in the card, and for signal input / output. The contact 18 is exposed and provided. In this example, there are eight contacts, and the signal (data) is bit serial transfer. Since the processor 12 and the memories 14 and 16 composed of semiconductor elements are minute, and are capable of complicated functions and large-capacity storage, they are not a single function like a magnetic card, but a deposit and savings,
Many service functions such as credit, hospital, and various clubs can be performed with one card. The IC card 10 is inserted into the terminal device 20 to receive a predetermined service. For example, if the terminal device 20 is a financial terminal, services such as deposit and payment can be received.

This kind of card prevents theft, and there are payment problems for the cardholder, so I want to ban it.
In withdrawing money, the customer enters the PIN code and checks if it matches the PIN code on the card,
However, if you do not know the secret code with a stolen card and randomly enter the secret code there, a number of inconsistencies occur.In such a case, set an invalid flag on the card and prohibit future use (terminal Even if a card is inserted into a reader, a writer of an IC card connected to a terminal device, to be precise, the card is ejected as an invalid card).

[Problems to be solved by the invention]

As described above, the conventional card also has the lock function of prohibiting access to the data area, but this has the following problems.

The lock is for the entire card, so if you apply a means such as an IC card that includes multiple services, one service will be locked, and other services will not be locked. Even in this case, the entire card will be locked and you will not be able to receive all services.

If you enter the wrong PIN code a certain number of times, you can immediately lock the card, and the lock is automatic and fixed.
Arbitrarily, conscious lock cannot be applied.

When locked, there is no way to unlock it, and even if the cause of the lock disappears, the card is invalid, a new card is issued if desired, and lock / unlock cannot be performed flexibly.

The present invention improves on these points, enables locks to be applied on a service-by-service basis, and locks mechanically,
The purpose is to enable it to be activated by an instruction and to unlock a locked object.

[Means for solving problems]

The above-mentioned object is an IC card having a processor (12), a first memory (14) for storing a processing program therefor, and a second memory (16) for storing data in an IC card. Is a file (3
1,32, ……) and its management information (41,42, ……) and file creation management information (51,52, ……) are stored, and the file management information includes the file ID and card possession. Personal identification number (PIN), terminal confirmation code (AC code) to confirm the validity of the terminal processing program to be used, access right indicating whether the file has read or write rights, and the total number of mismatches in PIN verification It includes a numerical value and its allowable number, a count value of the number of times of mismatch in terminal verification code (AC code) matching, its allowable number, and a status flag. The file creation management information includes the file I
D, PIN of the file creator, AC code of the terminal used to create the file, and access right are included. The first memory contains the file designation information of the external input data, the cardholder's personal identification number (PIN) and A function that receives the terminal confirmation code (AC code), selects the corresponding file, compares the management information of the selected file with the PIN and AC code, and counts the number of mismatches in the PIN and AC code comparisons. A function that sets a flag that prohibits access to the file in the status flag when the number exceeds the allowable number of times, and when the external input data has a lock instruction for the file, the instruction has the right to write to the file. Check whether or not there is a function that sets a flag to prohibit access to the relevant file in the status flag, and the external input When the data has the file specification information, the PIN of the file creation management information, the same AC code, and the unlock command for the file, select the corresponding file and enter the PIN and AC code of the file creation management information of the file. A processing program is stored that has the function of performing verification and checking whether or not there is an access right to the file, and resets the flag that prohibits access to the file that is set in the status flag, if any. It is achieved by configuring as follows.

[Action]

According to this configuration, the lock can be automatically (mechanically) applied by the service unit or by the command, and the lock can be released by the command, so that one card can be used for multiple services. As a result, it is possible to cancel the service provision by the service provider's will according to the instruction without invalidating the entire card due to a defect reason for one service, and unlock the card to resolve the prohibition reason. It can be reused without waste.

〔Example〕

1 to 3 are flow charts showing an embodiment of the present invention. FIG. 1 shows an automatic lock process, FIG. 2 shows a lock process by a command, and FIG. 3 shows an unlock process by a command. As shown in the IC card 10,
More specifically, there are a plurality of files 31 to 33 in this example in the memory 16, and each file corresponds to one service. The memory 16 also stores management information 41 to 43 of each file. The file management information is the file ID, which is the name of the file, and the PIN (Personal I
dentification Number; PIN code of the card holder), AC
From the card (Authentication code; code that verifies the validity of the program in the terminal to be processed), access right (read / write right to the file), PIN counter and the number of times allowed, AC code counter and the number of times allowed, and status flags Become. Processor 12 in IC card
Read the data and management information of these files,
Performs collation with external input data, counting, flag setting, etc.

First, the automatic lock process of FIG. 1 will be explained.
The card 10 is inserted into the terminal device 20, and its contact 18 connects with the terminal device. In this case, the terminal device is an automatic deposit / payment machine, and the file containing data such as the account number and balance is 31. When the card is inserted, the file designation information and the AC code are sent from the terminal device, and the PIN is sent to the IC card 10 when the customer inputs the personal identification number. The processor in the IC card creates a file according to the file specification information.
31 is selected, the PIN of the management information 41 is compared with the input PIN, and if they match (OK), the PIN counter of the management information 41 is cleared. Next, the AC code of the management information 41 is collated with the input AC code, and if they match (this indicates that this card can be used for this terminal device), the AC code counter of the management information 41 is cleared. After that, access processing starts. That is, for deposit payment, the balance of the file 31 is read, if the requested payment amount is within the balance, the requested amount is paid out, and the remaining amount is written into the file 31.

If the PIN verification result does not match (NG), the PIN of the management information 41
The counter is incremented by 1, the result is compared with the allowable number of PIN counters in the management information 41, and if the allowable number is less than or equal to the allowable number, error processing is performed and the entered PIN is erroneous. If the PINs that have been re-entered do not match again, the PIN counter is incremented by +1 again, and if the allowable number of times is three, for example, the status flag of the management information 41 is set to automatic lock due to a PIN mismatch (for example, from multiple bits). The value of the flag is set to the value of automatic lock due to PIN mismatch), and the IC card is ejected (access to the file in the IC card is prohibited).

Although not shown, there is a step of checking the status flag after the "file selection function". When the flag is set as described above, even if the card is inserted into the terminal device thereafter,
Access to the service will be prohibited without PIN verification.

If the AC code collation does not match, the AC code counter is +
If the number of times exceeds 1, and the number of times exceeds the allowable number, the status flag of the management information 41 shows the automatic lock status due to the AC code mismatch,
Is set, the IC card is locked for the file 31, and thereafter access is prohibited.

The same applies to the files 32 and 33 for other services. Lock is management information for each file (service) 4
Since it is done by setting the status flag of 1,42,43, even if the file 31 is locked,
Cards are valid for 32 and 33.

Referring to FIG. 2 for explaining the lock process by command, it is assumed that the terminal device 20 is for credit, and the customer wants to purchase and pay the price with the IC card 10.
There are 32 credit files and their management table
42. This management table 42 also has a file ID, PIN, AC
Although there are codes and the like, these contents are different from those of the management table 41. That is, the file ID that is the name of the file
Of course, the PIN (cardholder's PIN) can be different for deposits and credits. The AC code is that of an available credit terminal in this case.

Insert the IC card 10 into the credit terminal, select the file 32 according to the file designation information of the external input data, check the status flag of the management table 42 to see if it is locked or not, and check the external input data for the external input data. The PIN / AC code is compared with the PIN / AC code in the management table 42. Up to this point, the product purchase process is based on normal credits, but if there is a lock command (not shown) in the external input data, check the access right of the management table 42 to see if there is a write right for the file 32. Check whether or not. If the user has the write right, "lock by command" is set in the status flag of the management table 42.

If the status flag is locked by command, the IC card is inserted into the credit terminal and the file is selected. When the status flag in the management table of the file is checked, the card is accessed as invalid. Is prohibited. Other files 31,33
The same applies to the lock by the command for. Command locking should only be possible by the person authorized to do it. The person who has the lock authority (generally the service provider) has the right to write to the file.

Next, unlocking will be described with reference to FIG. Here, it is assumed that the lock on the credit file 32 is released.
Management information 51,5 at the time of creation of files 31,32,33 in IC card 10
2,53 are also stored, and this file creation management information consists of a file ID, PIN, AC code, and access right. The person who unlocks is generally the card issuer, and the PIN and AC code of the file creation management information are therefore the PIN of the card issuer and the AC code of the terminal having the unlock function.

When the IC card 10 is inserted into the terminal with the unlock function and the unlock instruction is given to the file 32, the PI of the file designation information of the external input data and the file creation management information
N, same AC code is input, select file 32, PIN, AC
The code is collated, and then it is checked whether or not there is the file creation right (unlock right) by the unlock instruction (not shown) of the external input data and the access right of the file creation management information 52. For example, the status flag of the management information 42 is reset. Other files 31,3
The same applies to the unlock of 3.

〔The invention's effect〕

As described above, according to the present invention, an IC card capable of processing a plurality of services can be locked on a service-by-service basis, and even if one service is locked, other services can be used by the same card. Not only can it be locked automatically, but it can also be locked by instruction. It is possible to separately check and lock the fraud by the card holder and the fraud by others. Since the lock can be released, the card can be reused.

The lock can be applied to the entire card, or various services can be layered and applied to that layer.

A person who illegally acquires the card and doesn't know the PIN can use it with the PIN counter, and a terminal that is not a card insertion target can be checked with the AC code counter for illegal use or misuse.

Since the PIN of the legitimate card holder is in the card and not in the host, etc., and the verification is performed in the card and is not read out to the terminal for verification, the confidentiality is high.

[Brief description of drawings]

1 to 3 show an embodiment of the present invention, FIG. 1 is a flow chart of automatic lock processing, FIG. 2 is a flow chart of lock processing by a command, FIG. 3 is a flow chart of unlock processing by a command, FIG. FIG. 4 is an explanatory diagram of the IC card. 1 and 4, 10 is an IC card, 12 is a processor, and 14
Is a first memory, 16 is a second memory, 31 to 33 are files, 41 to 43 are file management information, and 51 to 53 are file creation management information.

 ─────────────────────────────────────────────────── ─── Continuation of the front page (56) References JP-A-62-154190 (JP, A) JP-A-61-251985 (JP, A) JP-A-62-120564 (JP, A)

Claims (1)

(57) [Claims] 1. An IC card comprising a processor (12), a first memory (14) for storing a processing program therefor, and a second memory (16) for storing data in a card, the second memory Includes files for each service (31,3
2, ...) and its management information (41, 42, ...) And file creation management information (51, 52, ...) Are stored. The file management information includes the file ID and the card holder's A personal identification number (PIN), a terminal confirmation code (AC code) for confirming the validity of the terminal processing program used, an access right indicating whether the file has read or write rights, and a count value of the number of mismatches in PIN verification. The allowable number of times, the count value of the number of mismatches in the terminal confirmation code (AC code) collation, the allowable number of times, and the status flag are included, and the file creation management information includes the file ID,
File creator's PIN, terminal A used to create the file
The C code and access right are included, and the first memory receives the file designation information of the external input data, the PIN code of the card holder (PIN) and the terminal confirmation code (AC code), and selects the corresponding file. , A function to check the management information of the selected file with the PIN and AC code, and count the number of mismatches in the PIN and AC code matching. If the count value exceeds the allowable number, the status flag will be sent to the file. And a function to set a flag to prohibit access to the file, and when the external input data has a lock command for the file, it is checked whether the command has write access to the file, and if there is, the status flag is set to the file. The function to set a flag to prohibit access to the file and the PI of the file specification information and file creation management information in the external input data. When there is N, the same AC code, and an unlock command for a file, select the corresponding file,
Check the PIN and AC code of the file creation management information of the file and check whether you have the access right to the file. If there is, access to the file set in the status flag An IC card in which a processing program having a function of resetting a flag for prohibiting is stored.