JPH01177184A - Portable electronic device - Google Patents

Abstract

PURPOSE:To operate a variety of code numbers without damaging the property of security by prohibiting the use of all the >=two code numbers when the accumulated value of the code numbers reaches the determined limit of the number of the times of unfair use by the unfair use of one code number out of the code numbers. CONSTITUTION:An IC card as a portable electronic device is composed of parts to execute basic functions such as a reading and writing part 11, a code setting and code collating part 12, and an enciphering and decoding part 13 and a supervisor 14 to control these basic functions. Further, the IC card prohibits the use of all the code numbers, the number of which is at least >=two, when the accumulated value of the code numbers reaches the determined limit of the number of the times of the unfair use by the unfair use of one code number out of the code numbers by holding an accumulating means for the number of the times of the unfair use in common which corresponds to the code numbers. Thus, the property of the security is not damaged as a system, and a variety of the code numbers can be operated.

Description

DETAILED DESCRIPTION OF THE INVENTION [Objective of the Invention (Field of Industrial Application) The present invention relates to a portable electronic device called an IC card, which is used, for example, as a credit card or a cash card.

(Prior Art) In recent years, as cards with magnetic stripes such as credit cards and cash cards, so-called magnetic cards, have become popular, erasable non-volatile memories with newly expanded storage capacity and CP that controls these
2. Description of the Related Art A so-called IC card incorporating an IC chip having a control element such as a U is attracting attention.

With such IC cards, transactions are performed based on transaction account information stored in memory, and when performing such transactions, a PIN number is verified to verify the identity of the cardholder. There is.

In other words, a single or multiple PIN numbers are registered in the memory of the IC card, and the card internally performs a line of verification between the PIN number input from the outside and the specified registered PIN number, and the verification result is displayed. is output to the outside. At this time, the number of matching errors (mismatching matching) is also generally accumulated using a matching error counter corresponding to each password located in the memory.

Recently, the development of applications for IC cards has become popular, and the needs for how to use PIN numbers are becoming more diverse. For example, the PIN number for identity verification is
There is also a demand for C cards to be different for each type of application they support.

However, conventional IC cards have verification error counters corresponding to each of a plurality of registered personal identification numbers. Therefore, when a user's personal identification number is fraudulently used during the operation of a certain application, only the verification error counter corresponding to the personal identification number used in this application accumulates. At this time,
Since the corresponding verification error counter for a PIN used in another application has not yet accumulated, the PIN is valid, and there is a risk that the security of the IC card may be compromised.

(Problems to be Solved by the Invention) The present invention has been made to solve problems related to security when, for example, multiple PIN numbers are registered. The purpose of the present invention is to provide a portable electronic device that allows the use of a secure PIN number.

[Structure of the Invention] (Means for Solving the Problems) The present invention includes a memory section and a control section for reading and writing data to the memory section, and selectively allows external input. A portable electronic device comprising means for outputting at least two data strings (e.g., a PIN number) stored in the memory section, and a data string (e.g., a PIN number) inputted from the outside. Collation means for collating the data string stored in the memory unit to determine whether there is a predetermined relationship between the two, and accumulating the number of times the collation result of the collation means is negative. and an accumulating means, and the at least two or more data strings share the corresponding accumulating means.

(Function) For example, by sharing the means for accumulating the number of unauthorized uses for at least two or more PIN numbers,
If the cumulative value of one PIN number reaches a predetermined limit on the number of unauthorized uses, it becomes possible to disable the other PIN number as well. It becomes possible to use the PIN number.

(Example) Hereinafter, an example of the present invention will be described with reference to the drawings.

FIG. 20 shows an IC as a portable electronic device according to the present invention.
This figure shows an example of the configuration of a terminal device that handles cards. That is, this terminal device allows an IC card 1 to be connected to a control unit 3 consisting of a CPU or the like via a card reader/writer 2, and also connects a keyboard 4 to the control unit 3.
It is constructed by connecting a CRT display device 5, a printer 6, and a floppy disk device 7.

The IC card 1 is held by the user, and is used to refer to a personal identification number known only to the user when purchasing products, etc., and to store necessary data. Its functional blocks are shown in Fig. 18. It is comprised of parts that execute basic functions such as a read/write section 11, a password setting/password verification section 12, and an encryption/decryption section 13, and a supervisor 14 that manages these basic functions. Lead
The write section 11 has a function of reading, writing, or erasing data from/to the card reader/writer 2. The password setting/password verification unit 12 has a function of storing the password set by the user and prohibiting reading of the password, as well as verifying the password after setting the password and granting permission for subsequent processing. The encryption/decryption unit 13 performs encryption and encryption of encrypted data to prevent leakage and forgery of communication data when transmitting data from the control unit 3 to another terminal device via a communication line, for example. It performs decoding, for example, DES (Data Encryption).
This is a function that processes data according to an encryption algorithm that has sufficient cryptographic strength, such as Cryption Standard. The supervisor 14 has the function of decoding the function code input from the card reader/writer 2 or the function code to which data is added, and selecting and executing a necessary function among the basic functions.

In order to perform these functions, the IC card 1 has a control element (control unit) 15 such as a CPU, a data memory (memory unit) 16, a program memory 17, and a card reader/card reader, as shown in FIG. It is composed of a contact part 18 for obtaining electrical contact with the writer 2, and the parts within the broken line (control element 15, data memory 16, program memory 17) are integrated into one IC.
IC consists of a chip (or multiple IC chips)
It is embedded within the card body. Program memory 17
is constituted by, for example, a mask ROM, and stores a control program for the control cable 15, etc., which includes subroutines for realizing each of the basic functions described above. The data memory 16 is used to store various data, such as EEP
It is composed of erasable nonvolatile memory such as ROM.

The card reader/writer 2 sends and receives function codes and data between the IC card 1 and the control unit 3.
It also has a function of performing one command, one response operation to the IC card 1 based on macro commands from the control unit 3. Specifically, as shown in FIG. 19, there is a transport mechanism 21 that transports the IC card 1 inserted into a card insertion slot (not shown) to a predetermined position, and a contact section 18 of the IC card 1 set at the predetermined position. a contact section 22 that is electrically contacted, a control circuit 23 consisting of a CPU that controls the entire system, and an input/output ink face for exchanging command data and response data between the control circuit 23 and the control section 3. It is composed of a circuit 24, a data memory 25 for storing data, and the like.

The data memory 16 includes, for example, an area definition table 161 and a password information table 162, as shown in FIG.
, and a data area 163. In particular, the area definition table 161 includes a password information area definition table 164 and a transaction data area definition table 165.

The password information area definition table 164 is data area 1
63 stores definition information that defines a password information area, and this definition information is, for example, a collection of a series of data strings consisting of an area number, area start address, and area size, as shown in FIG. It is.

The transaction data area definition table 165 is
Definition information that defines a transaction data area is stored in the data area 163, and this definition information is, for example, a series of area numbers, area start addresses, area sizes, and access condition information, as shown in FIG. is a collection of data strings.

The data area 163 is the password information area definition table 1
The area is defined by 64 and transaction data area definition table 165, and various data are stored therein, and a specific example thereof is shown in FIG.

For example, as shown in FIG. 1, the PIN information table 162 includes an index section, an area number section of the PIN area,
This is a collection of a series of data strings consisting of the area number part of the error counter area, the area number part of the error limit area, and the area number part of the password verification status area.

The index section contains password verification command data (first
It operates in association with the index designation information in (see Figure 4). That is, the same index as the IN, DEX designated tn information in the password verification command data is searched for, and if it is found, the corresponding password becomes the target of verification.

The area number part of the password area is the area number of the password area in the data area 163 in which the password specified as the verification target is stored.

The area number part of the error counter area is the control cable 15.
This specifies the first error counter (see FIG. 6) on the RAM in the data area 163, and also specifies the area number of the second error counter area in the data area 163.

The area number part of the error limit area is the area number of the error limit area in the data area 163 in which the limit values of the first and second error counters are stored. This error limit area is a 1-byte area, and as shown in the format shown in Figure 7, the upper 4 bits indicate the limit value of the first error counter, and the lower 4 bits indicate the limit value of the second error counter. Indicates the limit value.

The area number portion of the password verification status area is a data area 163 in which information identifying which bit of the verification status bits (see FIG. 8) on the RAM in the control element 15 is to be used as the verification status flag is stored. This is the area number of the password verification status area within the area.

For example, if you specify the index "31", the area number of the corresponding PIN number area will be "0" as shown in Figure 1.
1”. Search this from the password information area definition table 164 shown in FIG. 3, refer to the data area 163 shown in FIG. 5 from the corresponding area start address rTAo IJ and area size "10 bytes", and enter the password rl i 111111J. get. Here, the PIN area consists of a length section indicating the number of bytes of a 1-byte PIN number and a variable length PIN section.

When the length part is "FF" Hex, it is recognized that no password is stored.

Next, the area number of the corresponding error counter area is
Since it is "11" according to FIG. 1, similarly refer to the data area 163 shown in FIG. 5 from the area start address TA11 and the area size "1 byte",
Obtain the value "00" of the second error counter.

In the same way, the PIN specified by index "31" is 8-byte data rl 1111111J
, and the value of the second error counter is "00",
The error limit value is "3" as the first error counter.
, the second error counter is "5", and the control element 15 of the IC card 1 recognizes that the verification status bit corresponds to the 0th bit in FIG.

Next, the operation in such a configuration will be explained.

First, the card reader/writer 2 operates according to the flowchart shown in FIG. That is, in the steady state, it is in a state of waiting for command data from the control section 3. When command data is manually input from the control unit 3, the control circuit 2
3 determines whether or not the IC card 1 is in execution, and if it is in execution, outputs response data indicating a multiple instruction data error to the control unit 3, and returns to the instruction data waiting state again. If the IC card 1 is not in execution, the control circuit 23 outputs command data to the IC card 1 and waits for response data from the IC card 1.

When there is response data from the IC card 1, the control circuit 23
If the command is a macro command, it outputs command data to the IC card 1 again, otherwise it outputs response data to the control unit 3, and returns to the state of waiting for command data.

The command data output from the card reader/writer 2 to the IC card 1 has a format as shown in FIG. 10, for example, and may be in the form of only a function code as shown in FIG. As shown in b), there is a form in which data is added to the function code.

The IC card 1 operates according to the flowchart shown in FIG. That is, in the steady state, it is in a state of waiting for command data from the card reader/writer 2. When command data is input from the card reader/writer 2, the control element 15 executes basic functions according to the command data, outputs response data indicating the processing result to the card reader/writer 2, and waits for command data again. Return to state.

The response data in this case is, for example, in the format shown in FIG. Take protective measures in case of disturbance.

Next, the password verification operation will be explained with reference to the flowchart shown in FIG. 13. When command data is input, the control element 15 confirms whether the command data is password verification command data having a format as shown in FIG. Here, the password verification command data is composed of a password verification function code, index designation information, and password information (consisting of a password length and a password). According to the above confirmation, if it is not the password verification command data, the control element 15 decodes the function code in the command data, executes the corresponding process, outputs response data for the processing result, and returns to the command data waiting state. return.

As a result of the above confirmation, if it is the password verification command data, the control search element 15 searches the index portion of the password information table 162 in the data memory 16 for an index that matches the index designation information in the command data. As a result of this search, if no command is found, the control element 15 outputs response data indicating that execution is not possible, and returns to the command data waiting state.

If it is found through the above search, the control element 15 refers to the password area corresponding to the index.

Here, if the length part of the PIN area is "FF"
If it is ex, the control cord 15 recognizes that no password is stored, outputs response data meaning that the password is not set, and returns to the command data waiting state.

If the length part of the password area is other than "FF" Hex, the control element 15 recognizes that the password is stored, and then calculates the value of the corresponding second error counter and its limit value. Read and compare and check the two. As a result of this comparison and verification, if the limit value is larger than the value of the second error counter, the control element 15 performs a password verification process. As a result of the comparison and verification, if the limit value is greater than the value of the second error counter (if not, the control element 15 refers to the password verification status area corresponding to the index and reads the contents of that area, thereby The corresponding verification status bit is set to rOJ, response data indicating that the password cannot be used is output, and the process returns to the instruction data waiting state.

Now, in the password verification process, the password information in the manually entered command data is compared and verified with the specified password. Through this comparison, if the two match,
The control element 15 sets the first and second error counters to "0".
0", then refer to the password verification status area corresponding to the index and read the contents of that area.
The corresponding verification status bit is set to "1", response data indicating completion of verification is output, and the state returns to the instruction data waiting state.

According to the above comparison, if the two do not match,
The control element 15 refers to the error limit area corresponding to the index and reads the contents of that area to determine whether the value of the lower 4 bits (limit value of the second error counter) is "0" or not. to judge. Based on this judgment, if the value is "0", the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, and sets the corresponding verification status bit to "0". , - Outputs response data indicating that the PIN number does not match, and returns to the command data waiting state.

Based on the above judgment, if the value is not "0", the control element 15 compares and verifies the value of the upper 4 bits (limit value of the first error counter) with the value of the first error counter. As a result of this comparison, if the former is greater than the latter, the control element 15 increments the value of the corresponding first error counter by one. Then, the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, sets the corresponding verification status bit to "0", and outputs response data indicating that the password does not match. Then, it returns to the instruction data waiting state.

As a result of the above comparison, if the former is not larger than the latter, the control element 15 refers to the second error counter area corresponding to the index, reads the contents of the area, and sets the value of the second error counter. and the corresponding limit value (value of the lower 4 bits). As a result of this comparison, if the latter is larger than the former, the control element 15 increases the value of the corresponding second error counter by one. Then, the control element 15 refers to the password verification status area corresponding to the index and reads the contents of that area, thereby setting the corresponding verification status bit as "
0'', outputs response data indicating that the PIN number does not match, and returns to the command data waiting state.

As a result of the comparison and verification, if the latter is not larger than the former, the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, and sets the corresponding verification status bit as ""O", outputs response data indicating that the password cannot be used, and returns to the command data waiting state.

As shown in FIG. 1, area numbers "12" and "13" of the error counter area are index "3".
2" and "33" and "34" and "35", respectively. This means that the same error counter is used as the password corresponding to the index "32" and the password "33" as the verification command target. Also, indexes "34" and "35"
' has a similar relationship. Furthermore, especially the index “3
For "4" and "35", the error limit value is also shared (
"24" is commonly used as the area number). As a result, if the second error counter reaches the limit value when, for example, a password is verified using the index "34", it becomes impossible to simultaneously verify the password using the index "35".

Further, the area numbers of the password verification state areas corresponding to indexes "32" and "33" also indicate the same area number "42". Therefore, no matter which one is used for verification, the first bit of the verification status flag in FIG. 8 becomes "1".

Next, the transaction data write operation will be explained with reference to the flowchart shown in FIG. 15. In FIG. 13, if the input command data is not password verification command data, the control cable 15 determines whether the next manually input command data is transaction data write command data having the format shown in FIG. Decide whether or not. Here, the transaction data write command data is composed of a transaction data write function code, area designation information, and write data. Based on the above judgment, if the transaction data is not write command data, the control cable 15 decodes the function code in the command data, executes the corresponding process, outputs response data for the processing result, and waits for the command data again. Return to state.

Based on the above judgment, if the transaction data is write command data, the control element 15 sends the area number that matches the area designation information in the command data to the data memory 16.
Transaction data area definition table 165 in
Search from. As a result of this search, if no data is found, the control element 15 outputs response data indicating that the area is undefined, and returns to the command data waiting state.

If an area is found through the above search, the control element 15 refers to the access condition information corresponding to the area number, and determines whether the collation status bit indicated by the access condition information is "1".

As a result of this determination, if it is "0", the control element 15 outputs response data indicating that access is prohibited, and returns to the command data waiting state again. Based on the above judgment, if it is "1", the control element 15 performs the write processing of the transaction data, outputs response data corresponding to the processing result, and returns to the command data waiting state again.

For example, referring to Figure 4, the access condition information is ``04'' for the area number ``80'', so if the second bit of the verification status bit is ``1'', the transaction data It is possible to write. Therefore, if the verification of the PIN number using the index "34" is successfully completed, the area "
Data can be written to "80". Also, since the area number "81" is related to the first bit of the verification status bit, if the verification of the PIN using the index "32" or "33" is successfully completed, the area in the data area 163 Data can now be written to "81".

In this way, in an IC card in which multiple pin numbers are registered, for at least two or more pin numbers,
By sharing error counters for accumulating the number of unauthorized uses, if one of the PINs reaches the specified number of unauthorized uses due to unauthorized use of one of the PINs,
It becomes possible to disable the use of the other PIN number, and it becomes possible to use a variety of PIN numbers without compromising the security of the IC card system.

In the above embodiments, an IC card is used as an example of a portable electronic device, but the present invention is not limited to a card-shaped device, and may be a block-shaped or rod-shaped device, for example. In addition, the hardware configuration of portable electronic devices
Various modifications can be made without departing from the gist of the invention.

[Effects of the Invention] As detailed above, according to the present invention, for example, for at least two or more PIN numbers, by sharing the means for accumulating the number of unauthorized uses corresponding to them, it is possible to prevent unauthorized use of one of the PIN numbers. When the cumulative value reaches a predetermined limit on the number of unauthorized uses, it becomes possible to disable the use of the other PIN, allowing the use of a variety of PINs without compromising the security of the system. A portable electronic device can be provided.

[Brief explanation of the drawing]

The figures are for explaining one embodiment of the present invention. Figure 1 is a diagram showing a specific example of a password information table, Figure 2 is a diagram showing the format of the data memory, and Figure 3 is a diagram showing the password information area definition. A diagram showing a specific example of a table, FIG. 4 is a diagram showing a specific example of a transaction data area definition table, FIG. 5 is a diagram showing a specific example of data stored in the data area,
Fig. 6 shows the first error counter area, Fig. 7 shows the format of the limit value stored in the error counter area, Fig. 8 shows the format of the verification status bit, Fig. 9 10 is a flowchart explaining the operation of the card reader/writer, FIG. 10 is a diagram showing the format of command data input to the IC card, and FIG.
The figure is a flowchart explaining the operation of the IC card.
2 is a diagram showing the format of general response data output from an IC card, FIG. 13 is a flowchart explaining the PIN verification operation, FIG. 14 is a diagram showing the format of PIN verification command data, and FIG. 15 Figure 16 is a flowchart explaining the transaction data write operation, Figure 16 is a diagram showing the format of the transaction data write command data, Figure 17 is a block diagram showing the configuration of the IC chip built into the IC card, and Figure 18 is the IC card. FIG. 19 is a block diagram showing the configuration of the card reader/writer, and FIG. 20 is a block diagram showing the configuration of the terminal device. 1... IC card (portable electronic device), 2... Card reader/writer, 15... Control element (control unit),
16...Data memory (memory section), 17...Program memory, 161...Area definition table, 1
62... Password information table, 163... Data area, 164... Password information area definition table, 165
...Transaction data area definition table. Applicant's representative Patent attorney Takehiko Suzue Figure 2 Figure 3 Figure 4 Figure 6 Figure 7 Figure 9 (a) Kokushi Figure 10 Figure 11 Figure 12 Figure 13 (C) Figure 14 L- ------j Figure 17 Figure 18 Figure 15

Claims (1)

[Scope of Claims] A portable electronic device comprising a memory section, a control section for reading and writing data to the memory section, and means for selectively inputting and outputting data from the outside. at least two or more data strings stored in the memory section; and a data string input from the outside and a data string stored in the memory section, whether there is a predetermined relationship between them. a verification means for verifying whether the verification result is negative; and an accumulation means for accumulating the number of negative verification results when the verification result of the verification means is negative;
A portable electronic device characterized in that more than one data string shares the corresponding accumulating means.