JPH01217690A - Portable electronic equipment - Google Patents

Abstract

PURPOSE:To recognize whether the number of times of the discords of a password number reaches a cumulative upper limit value or not by outputting a negative response data when a prescribed relation is not present between a second externally inputted data train and a first data train stored in a memory part. CONSTITUTION:For instance at the time of the discord of the collation of the password number, the cumulative value of the number of times of the discords is compared with the cumulative upper limit value, and when the cumulative value does not reach the cumulative upper limit value, a first discord information (first negative response data) is outputted and when the cumulative value reaches the cumulative upper limit value, a second discord information (second negative response data) is outputted. Thereby, even when an external device does not already know the cumulative upper limit value of the password number to be collated, whether the number of times of the discords reaches the cumulative upper limit value or not can be recognized. Accordingly, for instance, a security as an IC card system can be maintained to apply no burden on a control as the external device even by registering the plural password numbers.

Description

DETAILED DESCRIPTION OF THE INVENTION [Objective of the Invention (Field of Industrial Application) The present invention relates to a portable electronic device called an IC card, which is used, for example, as a credit card or a cash card.

(Prior art) In recent years, as cards with magnetic stripes such as credit cards and cash cards, so-called magnetic cards, have become widespread, erasable non-volatile memories with newly expanded storage capacity and magnetic cards have been developed to replace them. CP that controls
2. Description of the Related Art A so-called IC card incorporating an IC chip having a control element such as a U is attracting attention.

In systems where such IC cards are operated, IC
When using your card, your PIN number will be verified to verify your identity.

That is, by registering a password in advance in the memory of the IC card and inputting the password using an external device, the manually entered password is compared with the registered password inside the card. Based on this verification result, the card itself determines whether subsequent operations are possible, thereby maintaining the security of the data in the memory. In addition, in the event of a match mismatch, the number of mismatches is accumulated within the card and compared with the cumulative upper limit value (limit value) registered in advance in the memory, and when the cumulative number reaches the cumulative upper limit value, From then on, the PIN number will no longer be usable.

Now, if there is only one type of response data to be output to the external device in the event of a verification mismatch, it will be possible to tell when the PIN in the IC card is no longer usable during the verification process of the external device. It disappears.

If the system can recognize the cumulative upper limit value of the PIN number to be verified, the above state can be recognized by the external device.

One possible method is to read out the cumulative upper limit value corresponding to the target PIN number from within the IC card at the time of verification, but this may significantly impair the security of the IC card system.

One possible method is to register the cumulative upper limit value in an external device in advance, but in the future we will create a system in which multiple PIN numbers are registered in the IC card and each has a different cumulative upper limit value. In some cases, an excessive load is placed on the external device in terms of control.

(Problem to be Solved by the Invention) As mentioned above, if there is only one type of response data to be output to the outside when a PIN number does not match, the PIN number may become unusable during the verification process of the external device. I don't understand the situation. In other words, it is not possible to recognize whether the number of mismatches has reached the cumulative upper limit.

Therefore, the two methods mentioned above are considered, but the former method has security problems, and the latter method imposes a burden on the external device in terms of control when multiple PIN numbers are registered. There is a problem with being too loose.

The present invention was made in order to solve the above problem, and it is possible to detect whether or not the number of discrepancies has reached the cumulative upper limit even if the external device does not know the cumulative upper limit of the PIN number to be verified. To provide a portable electronic device that can be recognized, maintains security as a system, and does not impose a burden on control as an external device even if a plurality of passwords are registered.

[Structure of the Invention] (Means for Solving the Problems) The present invention includes a memory section and a control section for reading and writing data to the memory section, and selectively allows external input. A portable electronic device comprising means for outputting a first memory stored in said memory portion.
a data string (for example, a PIN number), a second data string (for example, a PIN number) inputted from the outside, and the first data string stored in the memory section, such that a predetermined relationship exists between them. a collation means for collating whether or not there is one; and when the collation result of this collation means is negative, selectively selecting one negative response data from at least two or more negative response data according to the subsequent processing availability status; and an output means for outputting.

(Function) For example, when a PIN does not match, the cumulative value of the number of discrepancies is compared with the cumulative upper limit, and if the cumulative value does not reach the cumulative upper limit, the first discrepancy notification (the first negative response data ), and if the cumulative value has reached the cumulative upper limit value, a second mismatch notification (second negative response data) is output.

Thereby, it is possible to recognize whether the number of mismatches has reached the cumulative upper limit even if the external device does not know the cumulative upper limit of the password to be verified. Therefore, for example, the security as an IC card system can be maintained, and even if a plurality of password numbers are registered, there is no burden on the external device in terms of control.

(Example) Hereinafter, an example of the present invention will be described with reference to the drawings.

FIG. 20 shows an IC as a portable electronic device according to the present invention.
This figure shows an example of the configuration of a terminal device that handles cards. That is, this terminal device enables an IC card 1 to be connected to a control section 3 consisting of a CPU, etc. via a card reader/writer 2, and also connects the control section 3 with a keyboard 4, a CRT, etc.
It is constructed by connecting a display device 5, a printer 6, and a floppy disk device 7.

The IC card 1 is held by the user and is used to refer to a personal identification number known only to the user when purchasing products, etc., and to store necessary data. For example, FIG. 18 shows the functional blocks of the IC card 1. As in, read/write section 1
1, a password setting/password verification section 12, an encryption/decryption section 13, and other sections that execute basic functions, and a supervisor 14 that manages these basic functions.

The read/write unit 11 has a function of reading, writing, or erasing data from a data memory or the like. The password setting/password verification unit 12 has a function of storing the password set by the user and prohibiting reading of the password, as well as verifying the password after setting the password and granting permission for subsequent processing. Encryption/decryption section 13
, for example, performs encryption and decryption of encrypted data to prevent leakage and forgery of communication data when data is transmitted from the control unit 3 to another terminal device via a communication line. , for example DES (Data Enc
This function performs data processing according to an encryption algorithm with sufficient cryptographic strength, such as ryptlon 5 standard. The supervisor 14 has the function of decoding the function code input from the card reader/writer 2 or the function code to which data is added, and selecting and executing a necessary function among the basic functions.

In order to demonstrate these various functions, the IC card 1:
For example, as shown in FIG. 17, a control element (control section) 15 such as a CPU, a data memory (memory section) 16, a program memory 17, and a contact section 18 for making electrical contact with the card reader/writer 2. Of these, the control element 15, data memory 16, and program memory 17 are composed of one IC chip (or a plurality of IC chips) and are embedded within the IC card body. The program memory 17 is composed of, for example, a mask ROM, and stores a control program for the control element 15 including subroutines for realizing each of the basic functions described above. Data memory 16
is used to store various data, such as EEPRO
It is composed of erasable non-volatile memory such as M.

The card reader/writer 2 sends and receives function codes and data between the IC card 1 and the control unit 3.
It also has a function of performing one command, one response operation to the IC card 1 based on macro commands from the control unit 3. Specifically, as shown in FIG. 19, for example, a transport mechanism 21 that transports an IC card 1 inserted into a card insertion slot (not shown) to a predetermined position, an IC set at a predetermined position,
A contact section 22 electrically contacts the contact section 18 of the C card 1, a control section 23 consisting of a CPU that controls the entire system, and a control section 23 that exchanges command data and response data between the control section 23 and the control section 3. an input/output interface circuit 24 for performing data processing, and a data memory 25 for storing data.
It is composed of etc.

The data memory 16 includes, for example, an area definition table 161 and a password information table 162, as shown in FIG.
, and a data area 163. In particular, the area definition table 161 includes a password information area definition table 164 and a transaction data area definition table 165.

The password information area definition table 164 is data area 1
63 stores definition information that defines a password information area, and this definition information is, for example, a collection of a series of data strings consisting of an area number, area start address, and area size, as shown in FIG. It is.

The transaction data area definition table 165 is
Definition information that defines a transaction data area is stored in the data area 163, and this definition information includes, for example, an area number, an area start address, an area size, and access condition information, as shown in FIG. It is a collection of a series of data strings.

The data area 163 is the password information area definition table 1
The area is defined by 64 and transaction data area definition table 165, and various data are stored therein, and a specific example thereof is shown in FIG.

For example, as shown in FIG. 7, the PIN information table 162 includes an index section, an area number section of the PIN area,
This is a collection of a series of data strings consisting of the area number part of the error counter area, the area number part of the error limit area, and the area number part of the password verification status area.

The index section contains password verification command data (second
It operates in association with the index specification information in (see figure). That is, the same index as the index designation information in the password verification command data is searched for, and if it is found, the corresponding password etc. becomes the target of verification.

The area number part of the password area is the area number of the password area in the data area 163 in which the password specified as the verification target is stored.

The area number part of the error counter area is the control element 15.
It specifies the first error counter (see FIG. 8) on the RAM in the data area 163, and also serves as the area number of the second error counter area in the data area 163.

The area number part of the error limit area is the area number of the error limit area in the data area 163 in which the limit values (cumulative upper limit values) of the first and second error counters are stored. This error limit area is a 1-byte area, and as shown in the format shown in Figure 9, the upper 4 bits indicate the limit value of the first error counter, and the lower 4 bits indicate the limit value of the second error counter. Indicates the limit value.

The area number part of the password verification status area is a data area 163 in which information identifying which bit of the verification status bits (see FIG. 10) on the RAM in the control element 15 is to be used as the verification status flag is stored. This is the area number of the password verification status area within the area.

For example, if you specify the index "31", the area number of the corresponding PIN area will be "0" as shown in Figure 7.
1". This is searched from the password information area definition table 164 shown in FIG. 4, and based on the corresponding area start address rTAo1J and area size "10 bytes",
Referring to the data area 163 shown in FIG. 6, enter the password r.
l 1111111J is obtained. Here, the PIN area consists of a length section indicating the number of bytes of a 1-byte PIN number and a variable length PIN section.

When the length part is "FF'" Hex, it is recognized that no password is stored.

Next, the area number of the corresponding error counter area is
Since it is "11" according to FIG. 7, similarly refer to the data area 163 shown in FIG. 6 from the area start address TA1□ and the area size "1 byte",
Obtain the value "00" of the second error counter.

In the same way, the PIN specified by index "31" is 8-byte data rl 1111111J
, and the value of the second error counter is "00",
The error limit value is "3" as the first error counter.
, the second error counter is "5", and the control element 15 of the IC card 1 recognizes that the verification status bit corresponds to the 0th bit in FIG.

Next, the operation in such a configuration will be explained.

First, the card reader/writer 2 operates according to the flowchart shown in FIG. That is, in the steady state, it is in a state of waiting for command data from the control section 3. In this state, when command data is input from the control unit 3, the control unit 23 determines whether or not the IC card 1 is being executed, and if it is, it indicates a multiple command data error. Output the response data to the control unit 3,
Return to instruction data waiting state. If the IC card 1 is not in execution, the control unit 23 outputs command data to the IC card 1 and waits for response data from the IC card 1. When there is response data from the IC card 1, the control unit 2
3 outputs the instruction data to the IC card 1 again if the instruction is a macro instruction, and if not, the control unit 3 outputs the instruction data to the IC card 1 again.
Outputs response data to and returns to command data waiting state.

The command data output from the card reader/writer 2 to the IC card 1 has a format as shown in FIG. 12, for example, and may be in the form of only a function code as shown in FIG. As shown in b), there is a form in which data is added to the function code.

The IC card 1 operates according to the flowchart shown in FIG. That is, in the steady state, it is in a state of waiting for command data from the card reader/writer 2. In this state, when command data is input from the card reader/writer 2, the control element 15 executes basic functions according to the command data, and
It outputs response data indicating the processing result to the writer 2 and returns to the command data waiting state.

The response data in this case has a format as shown in FIG. 14, for example, and the function code included in the input command data is added to the information indicating the processing result, and the sequence between the response data and the card reader/writer 2 is Take protective measures in case of disturbance.

Next, a password verification operation will be explained with reference to the flowchart shown in FIG. When command data is input, the control element 15 determines whether the command data is password verification command data having a format as shown in FIG. 2, for example.

Here, the password verification command data is the password verification function code,
It is composed of index designation information and password information (consisting of password length and password). As a result of the above judgment, if it is not PIN verification instruction data,
The control element 15 decodes the function code in the command data,
After executing the corresponding process, it outputs response data for the process result and returns to the instruction data waiting state.

As a result of the determination of the command data, if it is password verification command data, the control element 15 stores an index that matches the index designation information in the command data in the data memory 16.
The search is performed from the index section of the password information table 162 in . As a result of this search, if it is not found, control element 1
5 outputs response data indicating that execution is not possible, and returns to the command data waiting state. If the index is found as a result of the above search, the control element 15 refers to the password area corresponding to the index. Here, if the length part of the password area is "FF" Hex, the control element 15 recognizes that the password is not stored and outputs response data indicating that the password is not set. Return to instruction data waiting state.

If the length part of the password area is other than "FF" Hex, the control element 15 recognizes that the password is stored, and then calculates the corresponding second error counter value and its limit value. is read out and compared and verified. As a result of this comparison, if the limit value is larger than the value of the second error counter, the control element 15
Performs PIN verification processing. As a result of the comparison and verification, if the limit value is not greater than the value of the second error counter, the control element 15 refers to the password verification status area corresponding to the index and reads the contents of that area, thereby The corresponding verification status bit is set to "0", response data indicating that the password cannot be used is output, and the state returns to the command data waiting state.

Now, in the password verification process, the password information in the input command data is compared and verified with the specified password. As a result of this comparison, if the two match,
The control element 15 sets the first and second error counters to "
00", then refers to the password verification status area corresponding to the index, reads the contents of that area, sets the corresponding verification status bit to "1", and outputs response data indicating verification completion, Return to instruction data waiting state.

As a result of the above comparison and verification of the PIN numbers, if they do not match, the control element 15 refers to the error limit area corresponding to the index and reads out the contents of that area, thereby changing the value of the lower 4 bits ( It is determined whether the second error counter (limit value) is "0". If the result of this judgment is "0", the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, and sets the corresponding verification status bit to "0". ”, outputs response data indicating that the PIN number does not match, and returns to the command data waiting state.

As a result of the judgment of the value of the lower 4 bits of the error limit area, if it is not "0", the control element 15 sets the value of the upper 4 bits of the error limit area (limit value of the first error counter). The value of the first error counter is compared and verified.

As a result of this comparison, if the former is larger than the latter, the control element 15 increases the value of the corresponding first error counter by one. Then, the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, sets the corresponding verification status bit to "0", and outputs response data indicating that the password does not match. and returns to the instruction data waiting state.

As a result of comparing the value of the upper 4 bits of the error limit area with the value of the first error counter, if the former is not larger than the latter, the control element 15 controls the second error counter area corresponding to the index. By referring to and reading the contents of the area, the value of the second error counter and the corresponding limit value (value of the lower 4 bits) are compared and verified. As a result of this comparison, if the latter is larger than the former, the control element 15 controls the corresponding second
Increment the value of the error counter by one. Then, the control element 15 refers to the password verification status area corresponding to the index, reads the contents of that area, sets the corresponding verification status bit to "0", and outputs response data indicating that the password does not match. and returns to the instruction data waiting state.

As a result of the comparison between the value of the second error counter and the corresponding limit value, if the latter is not larger than the former, the control element 15 refers to the password verification status area corresponding to the index and By reading the contents of the area, the corresponding verification status bit is set to "0", response data indicating that the password cannot be used is output, and the process returns to the instruction data waiting state.

Furthermore, as shown in FIG. 7, the area numbers "12" and "13" of the error counter area correspond to the index "3".
2" and "33" and "34" and "35", respectively. This means that the same error counter is used as the password corresponding to the index "32" and the password "33" as the verification command target. Also, indexes "34" and "35"
' has a similar relationship. Furthermore, especially the index “3
For "4" and "35", the error limit value is also shared (
"24" is commonly used as the area number). As a result, if the second error counter reaches the limit value when, for example, a password is verified using the index "34", it becomes impossible to simultaneously verify the password using the index "35".

Further, the area numbers of the password verification state areas corresponding to indexes "32" and "33" also indicate the same area number "42". Therefore, no matter which one is used for verification, the first bit of the verification status flag in FIG. 10 becomes "1".

Next, the transaction data write operation will be explained with reference to the flowchart shown in FIG. 15. In FIG. 1, if the input command data is not password verification command data, the control element 15 determines whether the next input command data is transaction data write command data having the format shown in FIG. Decide whether or not. Here, the transaction data write command data is composed of a transaction data write function code, area designation information, and write data. As a result of the above judgment, if the transaction data is not write command data, the control element 15 decodes the function code in the command data, executes the corresponding processing, outputs response data for the processing result, and waits for the command data. Return to state.

If the above instruction data is determined to be transaction data write instruction data, the control element 15 searches the transaction data area definition table 165 in the data memory 16 for an area number that matches the area designation information in the instruction data. . As a result of this search, if no area is found, the control element 15 outputs response data indicating that the area is undefined, and returns to the command data waiting state.

If the area number is found as a result of the above search, the control element 15 refers to the access condition information corresponding to the area number and checks whether the collation status bit indicated by the access condition information is "1" or not. to judge. As a result of this determination, if it is rOJ, the control element 15 outputs response data indicating that access is not possible, and returns to the command data waiting state. If the result of the above judgment is "1", the control module 15 performs transaction data write processing, outputs response data corresponding to the processing result, and returns to the instruction data waiting state.

For example, referring to FIG. 5, the access condition information for area number "80" is "o4", so if the second bit of the verification status bit is "1", the transaction data It is possible to write. Therefore, if the verification of the PIN number using the index "34" is successfully completed, the area "
Data can now be written to "8o". Also, since the area number "81" is related to the first bit of the verification status bit, if the verification of the PIN using the index "32" or "33" is successfully completed, the area in the data area 163 Data can now be written to "81".

In this way, when the PIN code does not match, the cumulative value of the number of discrepancies (error counter value) is compared with the cumulative upper limit value (limit value), and if the cumulative value has not reached the cumulative upper limit value, the first discrepancy notification (first negative response data),
In other words, it outputs response data that means that the PIN does not match, and if the cumulative value has reached the cumulative upper limit, it outputs a second discrepancy notification (second negative response data), that is, response data that means that the PIN cannot be used. It is something to do.

Thereby, it is possible to easily recognize whether the number of mismatches has reached the cumulative upper limit even if the external device does not know the cumulative upper limit of the PIN number to be verified. Therefore, I
The security of the C card system can be maintained, and even if multiple passwords are registered, there is no burden on the external device in terms of control.

In the above embodiments, an IC card is used as an example of a portable electronic device, but the present invention is not limited to a card-shaped device, and may be a block-shaped or rod-shaped device, for example. In addition, the hardware configuration of portable electronic devices
Various modifications can be made without departing from the gist of the invention.

[Effects of the Invention] As detailed above, according to the present invention, even if the external device does not know the cumulative upper limit of the PIN number to be verified, the number of discrepancies reaches the cumulative upper limit. It is possible to provide a portable electronic device that can recognize whether or not the device is in use, maintains security as a system, and does not impose a burden on the control side as an external device even if a plurality of passwords are registered.

[BRIEF DESCRIPTION OF THE DRAWINGS] The figures are for explaining one embodiment of the present invention.
3 shows an example of the format of the data memory. FIG. 4 shows a specific example of the PIN information area definition table.
The figure shows a specific example of the transaction scene data area definition table, FIG. 6 shows a specific example of data stored in the data area, FIG. 7 shows a specific example of the password information table, and FIG. 8 shows a specific example of the PIN information table. A diagram showing a first error counter area,
FIG. 9 is a diagram showing an example of the format of the limit value stored in the error counter area, FIG. 10 is a diagram showing an example of the format of the collation status bit, and FIG. 11 is a flowchart explaining the operation of the card reader/writer. Figure 12 is a diagram showing an example of the format of command data input to the IC card, Figure 13 is a flowchart explaining the operation of the IC card, and Figure 14 is an example of the format of general response data output from the IC card. 15 is a flowchart explaining the transaction data write operation, FIG. 16 is a diagram showing an example of the format of transaction data write command data, FIG. 17 is a block diagram showing the configuration of the IC card, and FIG. 18 19 is a block diagram showing the structure of the card reader/writer, and FIG. 20 is a block diagram showing the structure of the terminal device. 1...IC card (portable electronic device), 15...
Control element (control unit), 16... Data memory (memory unit), 17... Program memory, 161... Area definition table, 162... Password information table, 16
3...Data area, 164...Password information area definition table, 165...Transaction data area definition table. Applicant's representative Patent attorney Takehiko Suzue Figure 1 (a) Figure 1 (c) Figure 2 Figure 3 Figure 4 Area number Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 r
7817Figure 18

Claims (1)

[Scope of Claims] A portable electronic device comprising a memory section, a control section for reading and writing data to the memory section, and means for selectively inputting and outputting data from the outside. and a first data string stored in the memory section, a second data string inputted from the outside, and the first data string stored in the memory section, with a predetermined gap between them. a verification means for verifying whether or not there is a relationship; and a verification means for verifying whether there is a relationship between the 1. A portable electronic device comprising: output means for outputting negative response data.