JPS62164185A - Test program starting method and test program starting device - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

DETAILED DESCRIPTION OF THE INVENTION [Technical Field of the Invention] The present invention relates to a test program starting method for starting a test program stored in an IC card.

[Prior art and its problems]

2. Description of the Related Art In recent years, it has become possible to purchase products without having to handle cash by using cards issued by credit card companies.

Conventionally used cards include plastic cards, embossed cards, and magnetic striped cards, but these cards are easy to forge due to their structure, so unauthorized use has become a problem.

In order to solve this problem, an information card, a so-called IC card, is being considered in which an IC circuit that stores an authentication number and the like is built into the card so that the authentication number cannot be easily read from the outside.

By the way, such an IC card stores various types of storage 31 such as data memory and system program ROM, and in particular, data memory addressing, write/read operations, and system program ROM bit pattern status are always normal. Therefore, it is necessary to be able to test these conditions when the card is completed or even while the card is in use.

Therefore, in conventional IC cards, a test program is stored, and this program is executed from outside the card using a test terminal provided on the card to enable a predetermined test.

However, the ability to easily perform tests from outside the card using test terminals means that highly confidential information such as the bit pattern of the system program ROM and the bit pattern of data memory can be easily retrieved to the outside. become. This not only makes it possible to forge cards based on this information, significantly reducing security, but in the worst case scenario, the technology of the entire system that uses IC cards will be analyzed and exploited on a large scale. There was a risk.

OBJECT OF THE INVENTION] The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a test program starting method that can reliably prevent unauthorized starting of a test program in an IC card.

[Key Points of the Invention] The test program starting method according to the present invention utilizes the Reset terminal or I10 terminal provided on the IC card, inputs multi-level signals of different levels to this terminal in series, and also The combination of level information and the combination of serial level information stored in advance in the card are compared, and the test program is allowed to start only when they match.

[Embodiments of the invention] An embodiment of the present invention will be described below with reference to the drawings.

In this embodiment, a case will be described in which a reset terminal is used to request startup of a test program.

FIG. 1 shows the circuit configuration of the same embodiment.

In the figure, 11 is a system bus, and this system bus 11 includes a data ROM 12, an application data R
An OM 13, a working RAM 14, a system program ROM 15, a test program ROM 16, a main controller 17, a data memory controller 18, a cryptographic comparator 19, and a USART circuit 20 are connected, respectively.

Here, the data ROM 12 stores all operating conditions for the IC card itself, and when the internal initialization of the card itself is completed, these data are displayed as answer-to-reset data in accordance with a predetermined format. It is supposed to be sent to the terminal side.

The application data ROM 13 contains card type data rAPNJ indicating what type of card this card is.
This data is stored in the answer to
Reset 1--After setting the initial parameters, the data is sent out in a predetermined data format when exchanging attributes with the terminal.

The working RAM 14 stores calculation data within the card.

The system program ROM 15 contains various system programs as well as code signals rAcKJ or rNAc indicating whether the signals transmitted and supplied from the terminal side are correct or not.
Equipped with J. In addition, this system program ROM
15 contains a specific code 1 for finally checking the test program starting command from the terminal.

The test program ROM 16 stores a test program for checking the bit pattern in the system program ROM 15 or accessing the data memory as a test inside the card.

The main controller 17 outputs operation commands to each circuit in accordance with the data signal transmitted and supplied from the terminal side and the operating state.

The data memory controller 18 is the main controller 1
Addressing and data writing/reading with respect to the data memory 21 are performed in response to commands from 7, and furthermore, these addressing and data writing/reading can be completely stopped.

For example, an EEP-ROM is used as the data memory 21. In this case, such data memory 25 is rcAJ,
rlPINJ, IPANJ, rcHNJ, rEPDJ,
It stores information such as each code of rPRKJ and status data rsTJ. Here, rcAJ (Car
dAuthenticator) is a random code used to encrypt and decrypt messages.

r[PINJ Nn1tialization Pe
rsonal IdentificationNLl
mber) is a random code of, for example, 6 bits, and is a number until the own verification number IF'lNJ is used. I'PANJ (Primary Accou
nt Number) represents the account number. r
cHNJ (Card holder's Na
me) represents the cardholder's name. f'EP
DJ (Expirati.

n　Date) represents the expiration date.

rPRKJ (Private Key Cod
e) is a decryption code. rsTJ is used to represent the current card status and is sent to the terminal side in data format.

The code comparator 19 decrypts the input data transmitted from the terminal side based on the rR8AJ algorithm, and also compares the input data with a specific code read from the system program ROM 15 if necessary. The output of this cryptographic comparator 19 is then sent to the main controller 17.

The USART circuit 20 is connected to the terminal via the [/0@ child and controls data transmission to and from the terminal.

On the other hand, 22 is a check circuit for checking whether or not a request to start the test program of the card is made.
has a Reset terminal to which a reset signal is applied when the card is attached to the terminal. A level detector 23 is connected to this Reset terminal.

In this case, in addition to the regular reset signal, the Reset terminal receives a plurality of multilevel signals with different levels, c! oc
It is input serially in synchronization with the clock signal of the k terminal. Specifically, as shown in FIG. 3, as multi-value signals with different levels, for example, three-value voltages Vcc and V1 with different potentials are used.
, V2 are used, and these three-value signals are the clock signal Φ
The signals are applied to the Reset terminal in a predetermined order in synchronization with the . In this state, the level detector 23 outputs "O" for vCC and "r" for vl in response to the above-mentioned three-way signal.
In lJ, v2, level information of "2" is obtained.

The output of this level detector 23 is given to a comparator 24. The comparator 24 is supplied with the output of the level matrix 25. This level matrix 25 has card-specific level information corresponding to the level information from the level detector 23. Further, the level matrix 25 is given the above clock signal.

Then, the comparison result of the comparison section 24 is the main controller 1.
Sent to 7.

Here, to describe the check circuit 22 more specifically based on FIG. 2, the level detector 23 has an output terminal 01.02, and when the level information rOJ is "00", the level information "1" ” when the level information is “01”, and when the level information is “2” it is “
10" is output.

On the other hand, the level matrix 25 includes a counter 251 that counts the clock signal Φ, a matrix section 252 that outputs read addresses 1 to 10 according to the count contents of the counter 251, and The memorized 3-value level information “0”
”, “1”, and r2J. In this case, level information "0" is output as code data of roOJ, level information "1" is output as "ol", and level information "2" is output as code data of "10".

The output of this storage section 273 is then given to the comparison section 24.

On the other hand, returning to FIG. 1, power for card driving is applied to the Vcc terminal and power for writing to the data memory 21 is applied to the Vpp terminal from the terminal side. The power supply voltage at this time is the answer-to-reset voltage stored in the data ROM12.
Set on the terminal side based on the data. Also, G
The GND line on the terminal side is connected to the ND terminal.

Roughly speaking, the clock signal of the Clock terminal is passed through the frequency divider 26.
is supplied to each circuit as Φ'.

Here, the relationship between such an IC card and the terminal to which the card is installed will be briefly described as follows. Now, when an IC card is inserted into a terminal, an initial setting signal set in advance on the terminal side is transmitted. Then, the IC card is operated under operating conditions based on this signal.

In other words, the data R is controlled by the main controller 17.
The answer-to-reset data stored in OM12 is read out and sent to the terminal side. and,
If this data is determined to be correct on the terminal side, the card-specific operating conditions are determined and rE
An NQJ (makeshift) code will be sent back to you. This code is loaded into the working RAM 14 by 1. In this state, the main controller 17 determines whether or not the rENQJ code can be properly received in normal operation, and if YES is determined from the system program ROM 15, the rENQJ code is
In the case of cKJ and No (7), the respective signals of rNAcJ are extracted and sent to the terminal side. When the rAcKj signal is confirmed on the terminal side, a different terminal code rTcJ is returned depending on the type of terminal. On the other hand, if the rNAcJ signal is confirmed, the connection with the terminal is severed. When the terminal code rTcJ is sent from the terminal side, the main controller 17 of the IC card extracts an application name rAPNJ, which differs depending on the type of card stored in the application data ROM 13, and sends it back to the terminal side.

Thereafter, when it is determined on the terminal side whether or not the application types have a correspondence relationship based on rAPNJ, an instruction code is returned. On the other hand, if it is determined that there is no match,
The connection with the terminal is severed. Once the command code is obtained, the personal authentication number PINJ entered from the terminal is compared with the authentication number pre-stored in the IC card, and after waiting for the two to match, subsequent financial transactions can be made. information exchange will be carried out.

Next, the operation of the embodiment configured as described above will be explained according to the flowchart shown in FIG.

First, to perform a test, an IC card is attached to a test terminal. Then the IC card's 1/'Oi child,
The ReSet terminal, C1ock terminal, Vcc terminal, vpp terminal, and GND terminal are connected to corresponding terminals on the terminal side.

This causes the process to proceed to step A1. In this step A1, it is determined whether or not the request to start the test program is accepted. To do this, first, from the terminal side,
Analog signals with different levels are applied to the terminals. Specifically, depending on the test command on the terminal side, as shown in Figure 3, three signals with different levels are synchronized with the clock signal.
Direct voltages Vcc, Vl", V2 are output in series and Re
It is given to the set terminal. In this case, in the illustrated example, V2-
1 in the order of Vcc-V 1- V c c-...-V 2
A 31 direct signal of 0#A is given. Then, the serial level information corresponding to these three direct signals is sent to the level detector 23.
The signals are generated in order from the output terminals o1 and o2 of the output terminals o1 and o2, and are applied to the comparator 24.

On the other hand, in the level matrix 25, a counter 251 counts the overload signal Φ from the terminal. Then, read addresses from 1 to 10 are outputted from the matrix section 252 according to the count contents of the counter 251. As a result, the serial level information stored in advance in the order of addresses 1 to 10 is read out from the storage unit 253.

In this case, the level information read from the storage unit 253 is “
2""O""1"..."2" are output in this order.

This output is then given to the comparator 24.

Thereby, the comparator 24 checks whether the level information from the level detector 23 and the level information from the level matrix 25 match. In this case, if a matching result is obtained,
A "1" output is generated, but if the combination of 311 signals from the terminal is different from the one stored in advance in the storage unit 253 due to an illegal program activation request, the rOJ output remains as a result of the mismatch.

In this state, the output of the comparator 24 is the main controller 1
In this case, if the 3 short signals shown in FIG. 3 are input in series to the Reset terminal, a matching result will be obtained in the comparator 24, and a "1" output will be generated.

Then, it is determined that the request is a legitimate program activation request, and the process proceeds to step A2.

In step A2, the main controller 17 commands the terminal side to notify that the request has been accepted as a legitimate program startup request. In this state, a specific code for starting the program is sent from the terminal side and given to the code comparator 19.

On the other hand, a specific code written in the system program ROM 15 is read out according to a command from the main controller 17, and is given to the code comparator 19. Thereby, in step A3, the specific code from the terminal is compared with the specific code of the card itself. If the comparison results do not match, the process proceeds to step A5, where card invalidation processing is executed. In this case, card invalidation processing is performed by the data memory controller 18 after receiving a command from the main controller 17.
Address designation and data writing/reading with respect to the data memory 21 are completely stopped. On the other hand, if they match, the process proceeds to step A4, where the contents of the test program ROM 16 are read out, and it becomes possible to check the bit pattern of the system program ROM 15 in the card or access the data memory 21 on the terminal side.

However, if the combination of 3 short signals from the terminal is different from the normal one due to an unauthorized program startup request, the output of the comparator 24 will remain rOJ due to the discrepancy result, and it will be determined that it is an unauthorized program startup request, and the step Proceed to A5. Therefore, in the same way as described above, addressing and data writing/reading to and from the data memory 21 by the data memory controller 18 are completely stopped, and the card is invalidated.

Therefore, if you do this, you can reset the IC card.
Using the t terminal, apply 3 short signals to this terminal in series from the terminal side, and the combination of serial level information based on the 3 short signals at this time is the combination of serial level information stored in advance inside the card. Since the test program in the card is only allowed to start when the data matches the 1- terminal, it is easier to perform a test 1- from outside the card using the 1- terminal than in the past. By preventing programs from being started, attempts to extract highly confidential information to the outside can be thwarted. This makes it possible to reliably prevent counterfeiting of cards and technical analysis of the entire system, thereby dramatically improving card security.

It should be noted that the present invention is not limited to the above-mentioned embodiments, but can be implemented with appropriate modifications without changing the gist.

The combination of level information in the level matrix 25 described above is an example, and other combinations may also be used. In this way, even cards using the same IC circuit can be used as cards using different IC circuits. Furthermore, although the case where the Reset terminal is used has been described above, it is also possible to use an I/OM child or the like. Furthermore, although the 31a signal was consistently used in the above,
4 Short signals may be used, analog signals may be used, etc.
It is not limited to these.

[Effects of the Invention] According to the present invention, unauthorized activation of the test program in the IC card is reliably prevented, and the risk of highly confidential information being inadvertently taken out to the outside is eliminated, so card forgery is prevented. Such problems can be reliably prevented, and card security can be dramatically improved.

[Brief explanation of drawings]

Fig. 1 is a block diagram showing the circuit configuration of an embodiment of the present invention, Fig. 2 is a circuit diagram showing a check circuit used in the embodiment, and Fig. 3 is a 3-short signal signal used in the embodiment. FIG. 4 is a flow chart for explaining the operation of the same embodiment. 15... System program ROM, 16... Test program ROM, 17... Main controller,
18... Data memory controller 1.21... Data memory, 22... Check circuit, 23... Level detector, 24... Comparison section, 25... Level matrix, 251... Counter , 252... Matrix section, 253... Storage section.

Claims (2)

[Claims] (1) A plurality of signals with different levels are input in series to one of the terminals provided on the IC card, and the combination of serial level information based on these input signals and the serial level information stored in the card in advance is performed. A test program startup method is characterized in that the test program can be started only when the combinations are compared and the combinations match. (2) The above IC card has a Reset terminal or
Claim 1, characterized in that an O terminal is used and voltages of three different levels are applied to the terminal.
Test program startup method described in section.