JPH06309529A - Security method for IC card storage device - Google Patents

Abstract

PURPOSE:To assure the security of a portable auxiliary storage of large capacity providing a pass code register or an IC card type semiconductor file device. CONSTITUTION:A pass code register 5 and a pass code collating circuit 4 are prepared so that a user can confirm the justice for use of a file device 1. The circuit 4 confirms that a person is a right one who can use the device 1, based on the code written in the register 5. If the person is conformed to be a right one, the circuit 4 reports it to a control circuit 2, and the circuit 2 accepts the access requests of the file data received thereafter from a host. If the person is confirmed to be a not right one, the circuit 2 receives no access request. By having the individual pass code of an IC card in the IC card, pass code for individual IC card can be set, and the security is assured for an auxiliary storage with no use of an information equipment of a host.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an auxiliary storage device for a portable small information device, and more particularly to a file storage device using a semiconductor memory as a storage medium and a security system for an information device equipped with the file storage device.

[0002]

2. Description of the Related Art Since hard disk drives, which are the most common auxiliary storage devices, require mechanical components, portable information devices are becoming smaller and smaller. There was a problem. Therefore, attention has been focused on a file storage device using a semiconductor memory as a storage medium. In particular, the file card, which is made into a card shape and is easy to insert, remove, and carry, is considered to have a high utility value as a removable disk device other than a portable information device. Then, as a security of the file data stored in these, measures have been taken in the information equipment as the host. In other words, enter your personal password and ID number at the start of use
If is confirmed, it is a system method that allows access to the file of the individual.

[0003]

The auxiliary storage device including the hard disk has not been considered in terms of its own security. Personal files such as personal computers and workstations that serve as hosts are protected by passwords, but the auxiliary storage device itself did not have such a function. Also, with floppy disks and the like, the application software is protected from copy protection, but read access is possible. Considering a removable auxiliary storage device, it is necessary to protect the auxiliary storage device itself in order to ensure the security of the stored file. That is, it is possible to carry information data that is not desired to be seen by others as an IC card, but it is necessary to prevent the data from being stolen due to loss, theft, unauthorized borrowing, etc. of the IC card itself. Up to now, the security has been protected only by the host system, and the portable auxiliary storage device has not considered ensuring the security by itself.
In the future information era, it is necessary to carry around a large-capacity auxiliary storage device and to ensure security by itself.

[0004]

An IC card type semiconductor file device, which has the most potential as a portable auxiliary storage device, is provided with a passcode register, and the stored data cannot be read or rewritten unless a specific code is written in the passcode register. To do so. Moreover, in order to counter the method of canceling the access protection by writing all possible codes, a penalty is imposed on the writing of an incorrect code so that the access protection is not easily broken. For example, once an incorrect passcode is entered, the passcode entry itself is protected, and the passcode for access cannot be entered unless the passcode for canceling this protection is entered.

[0005]

By providing the passcode register inside the IC card, the passcode for each IC card can be set. Further, the controller of the storage device inside the IC card can verify the passcode. That is, security can be achieved regardless of the information device of the host. Then, a penalty peculiar to the security system of the IC card can be imposed on the input of an incorrect passcode.
This penalty can improve the level of security. By simply checking the passcode, if all possible passcodes are entered, the access protection will be canceled, but if the wrong passcode is entered, the passcode input protection will be applied. Safety is improved.

[0006]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a diagram showing a schematic configuration of an IC card of the present invention, in which 1 is an IC card type file device,
Reference numeral 2 is a control circuit for controlling the file apparatus 1 in a centralized manner, and 3 is a file storage area, which is composed of a semiconductor memory in which data does not volatilize even when power is not supplied. Reference numeral 4 is a passcode matching circuit for keeping the stored data of the file device 1 confidential, 5 is a passcode register for confirming the legitimacy of the user using the file device 1, and 6 is a host for handling the file device 1. It is a peripheral bus for information equipment. FIG. 2 is a diagram showing a specific example of the passcode matching circuit of FIG. 1, in which 11 is a passcode register configured by a volatile memory circuit, and 12 is a pass written in the passcode register 11 from the outside. A non-volatile register that stores the original data of the passcode for checking whether the code is correct, 13 is a check circuit for checking the above two passcodes, and 14 is a check circuit connected to the access control circuit. Reference numeral 13 denotes an access permission signal which becomes active when the verification of two passcodes is confirmed in 13 and cancels the access protection, and 15 is the entire passcode verification circuit. Next, the operation will be described with reference to these figures. The bus of the file device 1 is connected to the peripheral bus 6 of the host system and receives access to files and registers. The host side receives the desired file data stored in the file storage memory 3 through the peripheral bus 6 or requests to rewrite the file or store a new file. Then, similarly to that, the register in the file device 1 can be accessed. Writing a code into the pass code register 5, which is one of the internal registers, is the first process to use this file device. The passcode collating circuit 4 confirms from the code written in the passcode register 5 whether the person is an authorized person to use the file device 1. A specific confirmation method will be described later with reference to FIG. If it can be confirmed that the person is legitimate, the passcode collating circuit reports this to the control circuit 2, and the control circuit 2 receiving this report accepts subsequent file data access requests from the host. On the contrary, if it is recognized as an unauthorized person, the access request is not accepted. Now, a method of matching passcodes will be described with reference to FIG. The code comparison circuit 13 collates the code written in the pass code register 5 by the host system through the peripheral bus with the original code previously set and stored in the register 12. The collation circuit 13 is composed of an exclusive OR gate equal to the number of bits of the code and a circuit for taking the logical product of the results. If the two codes match, the matching circuit 13 outputs L level, and if they do not match, H level output. This output signal becomes the access permission signal 14 as it is. If the access permission signal 14 is at the L level, the data stored in the file storage memory 3 can be accessed. If it is at the H level, the access mask remains. Since this operation maintains the state when the correct code is written in the passcode register 11, the access permission is continued unless the power supply to the passcode register 11 is stopped and the data is volatilized. According to this embodiment, the first
The invention can be configured by hardware, and once the passcode is written, it is effective during power supply.

Next, a second embodiment will be described with reference to FIGS. 1 and 3. FIG. 3 is a circuit example of a passcode register. In the figure, 21 is a flip-flop for storing passcode data, 22 is a flipflop for generating a passcode mask signal, and 23 is a logic for generating a write clock of the passcode flip-flop 21. A sum gate, a pass code mask clear circuit 24, and a pass code mask release code register 25 are volatile registers. Reference numeral 26 is a pass code mask release code collation register which is a non-volatile register. Reference numeral 27 denotes a collation circuit for collating the above two passcodes, which is basically the same as the collation circuit 13 of FIG. Reference numeral 28 is a passcode mask release signal, and 29 is an input passcode data signal. Next, the operation will be described. The passcode register 11 in FIG. 1 is composed of several passcode flip-flops 21 in FIG. If the pass code is a 4-digit code, it becomes a 16-bit register, and therefore 16 pass code flip-flops 21 are required. In FIG. 1, the pass code flip-flops 21 are arranged side by side, but in the present embodiment, this has an additional circuit. Passcode mask flip-flop 22
When writing to the passcode register 21, the output of becomes active and masks the writing of the passcode register 11. That is, if the write data to the passcode register 11 is not correct, the access permission signal 14 is not activated and the writing to the passcode register 11 is masked. So pass code mask flip-flop 2
A circuit for clearing 2 is added. By writing in the pass code mask release code register 25 a code that matches the code stored in the pass code mask release code collation register 26, the mask release code collation circuit 27 outputs a mask release signal 28, and the pass code mask flip block is output. 22 is cleared and the write mask of the passcode flip-flop 21 is released. As a result, it becomes possible to write again in the pass code register 11, and it becomes possible to correct the code that was written by mistake. The components 22 to 28 in FIG. 3 can be shared by any number of bits in the passcode register and do not depend on the number of bits of the passcode flip-flop. According to the present embodiment, the pass code collating circuit and the pass code mask release code collating circuit can be configured by the same circuit, and the circuit design can be simplified. It is also possible that the passcode and the passcode mask release code have different numbers of bits.

Next, a third embodiment will be described with reference to FIG. FIG. 4 is a diagram showing an example of a configuration in which two types of memories are configured as file memories and access masking is performed on only one of them, and 31 in the figure is an electrically rewritable nonvolatile memory among the file memories. 32 is a read-only memory of the file memory, 33 is a memory control signal generation circuit for controlling these two memories, 34 is an access request signal output to the memory control circuit for reading and writing a file from the control circuit of the storage device, Reference numerals 35 and 36 are memory control signals such as a chip enable signal, a write enable signal, and an output enable signal, which are input to the electrically rewritable nonvolatile memory and the read-only memory, respectively, and 37 is a mask signal for verifying a pass code. Is a pass code matching circuit, and 38 is an electrically rewritable nonvolatile memory. 31 is a circuit for masking access by masking the control signal 35. The pass code matching circuit 37 is similar to the configuration shown in FIG. 2 except that the output is inverted in logic, but the access mask can be released by writing an appropriate code in the pass code register 11. I shall. When the memory control signal 35 is masked by the mask circuit 38, if it is a mask for writing, a write enable signal,
It is sufficient to select only one mask such as an output enable signal for a read mask and a chip enable signal for both masks and select only one mask.
With this configuration, there are two kinds of memories 31 and 32 as file memories, and electrically rewritable nonvolatile memory 3
1 stores user-specific data and programs to prohibit unauthorized access by others, and stores general-purpose programs and data in the read-only memory 32 so that anyone can access them. Then, in order to access the electrically rewritable nonvolatile memory 31, it is necessary to write an appropriate code in the pass code register to cancel the access mask. Further, by adding the passcode register mask circuit shown in FIG. 3 to this configuration, security can be improved. Further, as an effect peculiar to the present embodiment, since the memory control signal is directly masked, there are few malfunctions, it is impossible to cancel the access mask by software, and the security is high. Further, among the same electrically rewritable non-volatile memories, it is easy to separate the memory control signal masking and the memory control signal non-masking, and the mask control can be performed for each memory chip. As described above, it is possible to select a mask only for writing or a mask only for reading.

Next, a fourth embodiment will be described with reference to FIG. Figure 5 shows JEIDA, which is the standard specification for IC cards.
It is a diagram showing a standard attribute memory space and its peripheral portion, and a pass code register and a pass code mask release code register are added as option registers. In the figure, reference numeral 41 denotes an attribute memory space, which is a space for writing the attribute information of this IC card or writing the information from the host. 42
Is a selection signal group necessary for accessing the attribute memory space 41, and by decoding these signals, a desired portion can be accessed. Four
Reference numeral 3 is a decoding circuit of the selection signal group 42. 44 is a card attribute information area in the attribute memory space, 45 is a configuration option register, 46 is a configuration status register, 47 is a pin replacement register, 48 is a socket copy register, 49 is a passcode register, and 50 is a passcode mask release. It is a code register. The spaces 44 to 48 are memory spaces and registers in which the information necessary for the host information equipment to access the IO card, such as the electrical specifications of the IO card, the memory device specifications, and the memory configuration specifications are written or the correspondence of the host is written. It is a space and is defined by the JEIDA standard, which is a standard specification of IC cards. Internationally, it is a standard called PCMCIA. 49 and 50 are the same as the pass code register 11 and the pass code mask release code register 25 described in the above embodiments. That is, the present invention is realized while the passcode register 11 and the passcode mask release code register 25 are part of the attribute memory space while conforming to the standard IC card.
That is, the host information device accesses the attribute memory to access the file stored in this IC card, and the access mask is released by writing an appropriate code in the passcode register 49, and the file in the IC card is released. Can be accessed. Then, in order to write an incorrect code, it is necessary to write an appropriate code in the passcode mask release code. A part of the attribute memory space 41 may be omitted depending on the system. According to this embodiment, all the embodiments described so far can be easily applied while complying with the standard IC card.

Next, a fifth embodiment will be described with reference to FIG. The figure shows a configuration in which the writing of the numerical code is masked by writing the numerical code four times. In the figure, 61 is a pass code register, which is composed of one or more flip-flops. 62 is the passcode register 6
A non-volatile register that stores a collation code for collating the pass code written in 1; 63 is a pass code writing number counter;
It is a counter that becomes active on one rising edge. Reference numeral 64 is a logic gate for masking writing to the pass code register, 65 is a matching circuit for matching and comparing the pass code register 61 and the pass code matching code register 62, 66 is an access permission signal which is the matching result of the matching circuit 65, 67 Is a write signal of the pass code register 61 output from the control circuit of the storage device, 68 is pass code data input together with the register write signal 67, 69 is an electrically writable non-volatile memory control circuit, and 70 is an electrically write Possible non-volatile memory, 71 is a pass code write mask releasing means. Next, the operation will be described. When the register write signal 67 is output, the data of the pass code register 61 is written and the count of the counter 63 is incremented by 1. Initially, it is assumed that all the flip-flops forming the counter 63 are cleared, and the writing in the pass code register 61 is not masked. If the written passcode value and the passcode collation value do not match and the access permission signal 66 is not activated, the file data cannot be accessed and the next passcode register 61 is waited for writing. . When the register write signal 67 is output again and writing to the pass code register 61 is performed, the counter is incremented by 1 as in the previous case. If the correct code is not written even after this is repeated four times, the memory control means 69 writes this in the memory 70, and the pass code write mask gate 64 becomes active by this data, and the subsequent pass code writing is performed. become unable. This state continues until the passcode write mask releasing means 71 causes the memory control means 69 to clear the state, that is, rewrite the memory 70. According to this embodiment, any count number can be set by increasing or decreasing the number of bits of the counter 62 or logically inverting it. Further, since the data of the non-volatile memory is used as it is as the pass code write mask signal, the state retention is highly reliable.

[0011]

According to the first aspect of the present invention, by providing an access mask function inside the auxiliary storage device, it is possible to improve security and prevent confidential data from being seen by others, even as a removable auxiliary storage device. . Second
According to the invention, the security of the first invention can be further improved. Because in the first invention, the access mask can be canceled by inputting all possible codes. Therefore, if the number of bits of the code is increased, it becomes difficult to store the code and it becomes impractical. Therefore, by operating the mask in two steps as in the present invention, for example, a four-digit code is normally stored and used, and a wrong input is made or a wrong code is input by another person. as long as,
It is possible to cancel the mask by referring to the reserved code. According to a third aspect of the present invention, a system in which personal data written in an electrically rewritable non-volatile memory is allowed to access only a legitimate one by an access mask and is stored in a read-only memory. By making the program and application program accessible to anyone, the utility as an auxiliary storage device is improved, and the application software can be reused. According to the fourth invention, the effect of the second invention and the effect of the third invention can be obtained at the same time. According to the fifth and sixth aspects of the present invention, there is provided a system capable of easily implementing the present invention in a card type auxiliary storage device conforming to the standard specifications of an IC card. According to the seventh invention, even if the device is used by a legitimate person, there is a possibility of making an input code error. Therefore, if the legitimate writing can be performed twice or more times, the access is permitted. The security system is easy to use and highly safe. The eighth invention solves the drawback that the effect of preventing the use by an illicit person is diminished because it is cleared by turning off the power even if the input mistake is made a prescribed number of times. In other words, if the wrong code is input a prescribed number of times, even if the power is turned off, the state is remembered and it is impossible to start over.

[Brief description of drawings]

FIG. 1 is a schematic configuration diagram for realizing a first invention.

FIG. 2 is a configuration diagram for generating an access permission signal for a file memory.

FIG. 3 is a circuit diagram for realizing a passcode mask circuit and its cancellation.

FIG. 4 is a diagram showing an example of an access mask by a pass code when an electrically rewritable nonvolatile memory and a read-only memory are configured as a file memory.

FIG. 5 is a diagram showing a configuration example in which the present invention is applied to an attribute memory space of a standard specification IC card.

FIG. 6 is a configuration diagram of an access mask circuit that permits a passcode input error.

[Explanation of symbols]

4 ... Passcode collation circuit, 5 ... Passcode register, 11 ... Volatile passcode register, 12 ... Nonvolatile passcode original code register, 13 ... Passcode collation circuit (exclusive OR), 14 ... Access permission signal, 21 ... Passcode mask flip-flop, 22 ... Passcode mask release flip-flop, 24 ... Passcode mask release collation circuit, 25 ... Volatile passcode mask release code register, 26 ... Nonvolatile passcode mask release source code register, 27 ... pass code mask release code collation circuit, 31 ... electrically rewritable non-volatile memory, 32 ... read-only memory, 37 ... memory control signal mask circuit, 41 ... attribute memory space, 49 ... attribute memory space pass code register, 50 … Attribute memo Space passcode unmasking code register, 63 ... write counter, 69 ... electrically rewritable non-volatile memory control circuit, 70 ... electrically rewritable nonvolatile memory, 71 ... passcode write mask releasing means.

Claims (8)

[Claims] 1. An IC card-shaped file data storage device comprising a semiconductor memory, wherein a file data storage means for storing file data and an arbitrary numeric code can be written inside the file data storage device. Code storage means, specific code storage means for storing a specific numeric code, and coincidence detection for detecting a match between the numeric code stored in the specific code storage means and the numeric code written in the arbitrary code storage means. In order to access the present file data storage device, first, write the same numeric code as the numeric code stored in the specific code storage means to the arbitrary code storage means, and then match by the match detection means. Must be detected before the file data stored in the file data storage means. Security scheme of the IC card memory device characterized in that it can not access the. 2. The IC card storage device according to claim 1, wherein if an erroneous numeric code other than the numeric code stored in the specific code storage means is written in the arbitrary code storage means, another numeric value is written. Even if it is rewritten to a code, it will fall into the access prohibited state, and it is necessary to write a numerical code that matches the release code stored in advance in the release code storage means provided to release this state in the arbitrary code storage means. A security method for an IC card storage device. 3. An IC card-shaped file data storage device comprising a semiconductor memory, comprising a read-only memory and an electrically rewritable non-volatile memory as the semiconductor memory for storing file data. Arbitrary code storage means capable of writing an arbitrary numerical code, specific code storage means for storing a specific numerical code, numerical code stored in the specific code storage means and the arbitrary Equipped with a coincidence detection means for detecting the coincidence of the numerical codes written in the code storage means, the file data stored in the read-only memory can be accessed without any procedure, but it is stored in an electrically rewritable nonvolatile memory. To access the stored file data, first use the arbitrary code Writing said same numeric codes and a numerical code stored in the identification code storage means 憶 means and characterized in that it can not be accessed unless from being detected a match by said match detecting means IC
Card storage security method. 4. The IC card storage device according to claim 3, wherein when an incorrect numerical code other than the numerical code stored in the specific code storage means is written in the arbitrary code storage means, another numerical value is written. Even if it is rewritten to a code, it will fall into the access prohibited state, and it is necessary to write a numerical code that matches the release code stored in advance in the release code storage means provided to release this state in the arbitrary code storage means. A security method for an IC card storage device. 5. The IC card storage device according to claim 1, further comprising a specification information storage unit that describes interface specifications and storage configuration specifications inside the IC card storage device.
Further, a specification recognition result storage means for writing information indicating that the information equipment serving as a host reads the specification information storage unit and recognizes each specification of the IC card storage device is provided, and the arbitrary code storage means is provided for the specification recognition result storage means. An IC card storage device characterized by being provided in part. 6. The IC card storage device according to claim 3, further comprising a specification information storage section describing interface specifications and storage configuration specifications inside the IC card storage device,
Further, a specification recognition result storage means for writing information indicating that the information equipment serving as a host reads the specification information storage unit and recognizes each specification of the IC card storage device is provided, and the arbitrary code storage means is provided for the specification recognition result storage means. An IC card storage device characterized by being provided in part. 7. The IC card storage device according to claim 1, further comprising a write number counting means for counting the number of times of writing a numeric code to said arbitrary code storage means, said write number counting means being capable of writing a correct numeric code. The count value is cleared, and when the number of consecutive writings of an incorrect numerical code reaches a certain number of times, such as one or more, writing to the arbitrary code storage means becomes impossible and this writing is impossible. A security system for an IC card storage device, characterized in that it requires means for canceling such a state. 8. The file data storage device according to claim 1, further comprising a write number counting means for counting the number of times of writing a numeric code to said arbitrary code storage means, said write number counting means being capable of writing a correct numeric code. The count value is cleared, and when the number of consecutive writings of an incorrect numerical code reaches a certain number of times, such as one or more, writing to the arbitrary code storage means becomes impossible and this writing is impossible. A security system for an IC card storage device characterized by storing the state in a writable non-volatile memory provided inside the device so that it cannot be released even if the power supply is cut off.