JPS60201436A - Illegal use preventing device of off-line program - Google Patents

Abstract

PURPOSE:To prevent an illegal use by counting the number of times of execution of prescribed processing steps of an off-line program stored in an IC card, and making the off-line program inexecutable from information of the number of times of execution of each processing step. CONSTITUTION:An operation storage device body 1 of an IC card stores an off- line program consisting of plural processing steps 2a-2n, and it is used by installing it to an interface of a host computer 3. The host computer 3 inputs the off-line program of the IC card, and executes prescribed processings shown by the program based on discriminating information, etc. which an IC card user has inputted directly. Counters 4a-4n incorporated in the card execute the number of times of execution of the processing steps 2d-2n of the program, respectively, and an operation comparing circuit 6 compares counting values of the counters 4a-4n. As a result, when an illegal execution of the off-line program is detected from a deviation, etc. of the execution frequency, an eraser part 7 erases the prescribed processing step of the off-line program of the body 1.

Description

[Detailed Description of the Invention] [Technical Field of the Invention] The present invention provides a highly practical offline program fraud prevention device that can prevent unauthorized use or unauthorized reading of offline programs stored in portable cards, etc. Regarding.

(Technical background of the invention and its problems) Recently, information processing systems using various IC cards have been considered. A predetermined offline program is individually stored, and the IC card is used as a host.
When installed in a computer, specific information processing determined for each user is executed with the host computer based on an offline program stored therein. In this case, in order to prevent unauthorized use of the IC card, information that is kept confidential from other users, such as the user's identification information, is generally incorporated into the IC card as part of an offline program. Then, the host computer uses the user-specific confidential information incorporated in a part of this offline program and the information directly input by the IC card user to
We are trying to identify fraudulent card usage.

However, since the above-mentioned IC card is portable, it can be inserted into a separately prepared computer system, for example.
It is possible to execute an offline program stored in the IC card.

Therefore, it is possible for a third party to read the user-specific confidential information incorporated in a part of the offline program, or for the host computer to input information directly to identify the IC card user by trial and error. It is possible to check. Therefore, for example, if a third party comes to know the confidential information or makes unauthorized modifications to the offline program on the IC card, the host computer will not be able to know this or Since there is no inspection means, it has not been possible to prevent unauthorized use of the IC card.

[Purpose of the invention]

The present invention has been made in consideration of these circumstances, and its purpose is to prevent unauthorized modification and unauthorized use of portable computing storage devices such as IC cards that have built-in offline programs. The object of the present invention is to provide a highly practical offline program fraud prevention device.

[Summary of the invention]

The present invention counts the number of executions of each predetermined processing step of an offline program built in the main body of an arithmetic storage device, and detects fraud in the offline program from information on the number of executions of each processing step, for example, the frequency difference in the number of executions. This system is designed to prevent unauthorized use of offline programs by detecting unauthorized execution and disabling predetermined processing steps of offline programs.

(Effects of the Invention) Thus, according to the present invention, since the number of times each predetermined processing step of the offline program stored in the IC card is executed is counted, for example, if the offline program is executed fraudulently, the offline program is generally executed. Since the execution frequency of each processing step of the program differs from when the original offline program is executed, unauthorized use of the program can be effectively detected from the counted value of the number of executions of the predetermined processing step. , when trying to find information related to user identification hidden in an offline program, the offline program is rarely executed in its original processing routine;
Often only specific processing steps are performed repeatedly. Therefore, by monitoring the execution frequency of each processing step of the offline program, it is possible to easily and effectively detect unauthorized execution of the offline program. Therefore, in this case, if the predetermined processing steps of the offline program are erased so that the execution of the predetermined processing steps of the offline program is disabled, the IC storing the offline program can be
This has great practical effects, such as making it impossible to use the card and preventing unauthorized use of offline programs.

(Embodiment of the invention) An embodiment of the invention will be described below with reference to the drawings.

The figure is a schematic configuration diagram of an example device. In the figure, 1 is an arithmetic storage device main body that stores an offline program consisting of a plurality of processing steps 28 to 211.

This arithmetic storage device main body 1 is realized as, for example, an IC card, and is used by being attached to an interface of a host computer 3. The host computer 3 then inputs the offline program of the IC card and determines whether or not the user of the IC card is appropriate based on the identification information directly input by the IC card user. A predetermined process indicated by the offline program is executed. Incidentally, if a result of this judgment process is obtained that the ten cards are fraudulently used, the offline program is of course not executed, and the IC card is collected 6-.

However, this IC card contains predetermined processing steps 2 of the offline program as well as the arithmetic storage device main body 1.
A plurality of counters 4a to 4n are provided to count the number of times 8 to 2n are executed, respectively. Each of these counters 4a
Each processing step 2 counted by ~4n
The number of executions of 8 to 2n is monitored and output via the monitor 5, and is also provided to the arithmetic comparison circuit 6, respectively. This arithmetic comparison circuit 6 is connected to the counter 4a.
4n and also together with the eraser section 1 described later.
It is integrated into the C card.

The arithmetic comparison circuit 6 compares the number of executions of each of the processing steps 28 to 2n counted by the counters 4a to 4n, respectively, and detects unauthorized execution of the offline program from deviations in the frequency of execution. ing. When the arithmetic comparison circuit 6 detects illegal execution of the offline program, the eraser section 7 erases a predetermined processing step of the offline program stored in the arithmetic storage device main body 1.

In other words, if the IC card is installed and used in a computer system other than the original host computer,
Generally, since the official processing routine of the offline program is unknown, the offline program is executed using a processing routine different from the original processing routine. As a result, a large deviation from the original frequency occurs in the frequency of execution of each processing step, such as a decrease in the number of executions of a specific processing step, or a very large number of executions of a specific processing step.

Therefore, if such a bias is detected, it can be determined that the offline program is being used illegally, that is, the IC card is being used illegally.

Therefore, by driving the eraser section 7 based on this determination result and erasing the processing steps 28 to 2n, the IC card can no longer be used, thereby preventing its unauthorized use. Moreover, unauthorized modification of the offline program is also prevented.

Note that erasing of the processing steps of the offline program by driving the eraser section 7 may be performed under the control of the host computer 3. That is, if the off-line program of the IC card is used illegally, the counters 4a to 4n count the number of executions of each processing step at the time of the illegal use, so the IC card is then installed in the host computer 3. When this occurs, the host computer 3 may detect this and erase the processing steps and collect the IC card.

As described above, according to this device, since the number of executions of each processing step of the offline program is counted, it is possible to effectively determine the unauthorized use of the offline program from each of these counted values, and to prevent unauthorized use. It becomes possible to prevent the user from using the IC card. Therefore, great practical effects can be achieved, such as making it possible to effectively operate various information processing systems using this type of IC card while maintaining their soundness.

Note that the present invention is not limited to the embodiments described above. For example, only the number of executions of a specific processing step in an offline program may be counted, and only essential processing steps in the specific offline program may be deleted in the event of unauthorized use.

Furthermore, the IC card may be provided with only the arithmetic storage device main body 1 storing an offline program and the counters 4a to 4n. In short, the present invention can be implemented with various modifications without departing from the gist thereof.

[Brief explanation of the drawing]

The figure is a schematic configuration diagram showing one embodiment of the present invention. DESCRIPTION OF SYMBOLS 1... Arithmetic storage device body, 28-2n... Offline program processing step, 3... Host computer, 4a-4n... Counter, 5... Monitor,
6... Arithmetic comparison circuit, 7... Eraser section. Applicant's agent Patent attorney Takehiko Suzue 10-

Claims (2)

[Claims] (1) a counter provided in the main body of the arithmetic storage device containing the offline program and counting the number of times each predetermined processing step of the offline program is executed;
means for comparing the number of executions of each of the processing steps counted by the counter with each other to determine whether the processing step of the offline program is fraudulently executed; An off-line program fraud prevention device comprising means for disabling predetermined processing steps of the off-line program. (2) The means for determining unauthorized execution of the offline program and the means for disabling predetermined processing steps of the offline program are provided in the main body of the arithmetic storage device together with a counter.
Offline program fraud prevention device described in section.