JPS62221753A - Illegal access preventing system - Google Patents

Abstract

PURPOSE:To prevent an illegal access by inhibiting the subsequent procedure for a fixed period of time as long as the given password number is not right to the password number registered previously. CONSTITUTION:It is decided whether a password number X received as an external password signal 115 is right or not to a password number X1 registered to a password number storing means 111. If the number X is right, an access control means 121 permits an access to an information storing means 113 via an external access signal 119. While the subsequent procedure is halted for a prescribed period of time if the number X is not right to the number X1. Here an access is impossible even if only the password number is varied. Thus a illegal access can be completely avoided.

Description

[Detailed Description of the Invention] [Table of Contents] Page Overview/
・・・・・・・・・・・・・・・・・・3 Industrial application fields・・・・・・・・・・・・4 Conventional technology・・・・・・・・・・・・
...6 Problems that the invention attempts to solve...
10 Means to solve problems... 12 Actions
・・・・・・・・・・・・・・・13 Examples of the invention...
・・・・・・・・・・・・14■, Correspondence between the embodiment and FIG. 1...14■, Structure of the embodiment...16
■, Operation of the embodiment...18■, Summary of the embodiment...25■, Modifications of the invention...
・・・・・・26 Effects of the invention・・・・・・・・・・・・・・・
28 [Summary] This is an unauthorized access prevention method that prevents external access to the information storage means if the given password (X) is not valid for the pre-registered password (X1). Unauthorized access can be prevented by configuring the information so that it does not continue or decline for a predetermined period of time.

[Industrial application field]

The present invention relates to an unauthorized access prevention method, and more particularly to an unauthorized access prevention method that does not permit access to internal information storage means unless specific conditions are met.

In recent years, the use and research of so-called IC cards incorporating IC memories has progressed. This IC memory has come to have a large storage capacity, and financial institutions and the like are considering ways to use it for the convenience of users.

Currently, each financial institution disburses cash using a magnetic card called an individual CD card.

We provide services that allow you to deposit your belongings. However, since the storage capacity of this magnetic card is extremely small (it cannot record only a few dozen characters), the reality is that it is not shared among multiple financial institutions.

Focusing on the large storage capacity of such IC cards, experiments 4) have been conducted at financial institutions. For example, the use of IC cards was reported in the Nihon Keizai Sangyo Shimbun dated January 271, 1985, under the title ``IC card joint experiment 1''.

Furthermore, since an IC card has a large storage capacity, it is possible to share information from multiple financial institutions with one card. This is convenient because the user does not need to have a card for each financial institution.

Furthermore, information collected at financial institutions, such as health information of the IC card holder, can also be stored in the IC card, which can be used extremely effectively at medical institutions.

As described above, since IC memory has a large storage capacity, a variety of personal information can be stored on one IC card, and this IC card is expected to be widely used in the future.

[Conventional technology]

Even if one IC card can be shared by multiple financial institutions, there is a problem in that if no protection measures are taken, information about one financial institution can be known by other financial institutions. Furthermore, if protection against writing is not taken, there is a problem that the contents can be tampered with.

Furthermore, if no protective measures are taken to protect personal health information, even a doctor other than a doctor who is bound to maintain confidentiality can read the health information stored on the IC card.
There is a problem that personal information may be leaked.

In this way, unless measures are taken to prevent information leakage and destruction of information stored on IC cards by making it impossible for anyone other than the authorized person to decipher them, there will be a major problem in the widespread use of IC cards. be.

In this way, various personal information can be stored on a single IC card, and it is expected that it will be used widely in the future.However, on the other hand, from the viewpoint of crime prevention and privacy, sufficient protection measures are required for its use. It is necessary to consider.

By the way, FIG. 8 shows an example of a conventional IC card used for financial institutions. This IC card 810 has
A CPU (central processing unit) 811. A memory 813 and a ROM 815 are embedded. In addition, these CPU8
11. Terminal group 820 (terminal 82
1 to 826).

The CPU 811 is a data processing device and includes an accumulator, a program counter, a register, and the like. memory 81
3 retains the stored information even when the power is turned off;
It is an IE Fi P ROM that can be written to at any time by visual or electrical means. ROM81
5, a program to be executed by the CPU 81 is written.

By the way, if the IC card 810 is used for bank transactions, the memory 813 stores the bank code, account number,
Transaction phonetic name, transaction details, etc. are written. In addition, a PIN (Personal ± de
ntification Number) is registered in advance at the stage of card issuance.

FIG. 9 shows a system for performing password verification with an external device when making a transaction using the IC card 810. Here, it is assumed that the external device to the IC card 810 is, for example, an automatic transaction device such as an ATM. This automatic transaction device 930 basically consists of a system control section 931 and a keyboard section 933 for controlling the entire system.

Reference will now be made to FIGS. 8 and 9.

The person who is transacting with the IC card 810 is now using this I
It is assumed that a withdrawal is made using the automatic transaction device 930 using the C card 8]0.

The card holder enters the keyboard section 9 of the automatic transaction device 930.
33 to input a PIN (for example, a 4-digit number), the system controller 931 supplies a signal representing the PIN to the CPU 811 via a terminal 822 through an IC card writer (not shown).

On the IC car B10 side, the CPU 811 compares the PIN with the PIN registered in the memory 813 in advance. If they match, the CPU 811 outputs a signal to the automatic transaction device 930 to authorize the transaction (withdrawal). After that. When the trader operates the keyboard section 933 to specify the withdrawal amount, the system control section 931 performs the desired processing.After the withdrawal, a signal representing the transaction information is sent from the automatic transaction device 930 via the terminal 822. is given to the IC card 810.
In the case of the card 810, the CPU 811 newly writes the transaction details into the memory 813.

In this way, the desired transaction is performed after determining whether or not the transaction person is a legitimate transaction person using the PIN, which is a personal identification number.

[Problem that the invention seeks to solve]

In such a conventional system, when the CPU 811 exchanges data with an external device (automatic transaction device 930), the memory 813 is only used if the PIN as a personal identification matches.
In order to protect the information stored in a specific area of the memory 813, the information stored in a specific area of the memory 813 is protected.

However, there are devices other than automatic transaction devices that can supply a PIN to the IC card 810. For example, personal computers, which are now commonly used in households, convert PINs into appropriate electrical signals and send them to
It is possible to give it to the CPU 811 of the C card 810.

Therefore, a problem has been pointed out that even someone other than the legitimate holder of the IC card 810 can decipher the password and use the IC card 810 illegally.

In order to solve these shortcomings, the applicant has proposed
"Method for preventing unauthorized access to identification cards" (19861)
I have already proposed the month (1st date of 1st, Soviet Union). In this method, C is supplied from an external device through a terminal 822.
A detection means for detecting the signal pattern of the initialization signal for the PU 81 is installed in the IC card 810.

When the CPU 811 enters the operating state, the area that can be accessed by the CPU 811 in the memory 813 is restricted according to the pattern of this initialization signal. This prevents unauthorized access to the IC card 810.

However, even with the IC card 810 that uses the J'fE' AC method described above, using a personal computer or the like, a four-digit number with consecutive -f syncments is used as the PIN, and the IG card is 810, the PIN registered therein can be read at some point.There was a problem that protection against unauthorized access due to such routine operations was insufficient.

The present invention was created in view of the above points, and is designed to provide sufficient protection even when ++n certificate verification is repeated and prevent unauthorized access to the information storage means. The purpose is to provide an access prevention method.

[Failure to solve the problem]

FIGS. 1(A) and 1(B) are block diagrams showing the principle structure and basic operation diagrams of the unauthorized access prevention system of the present invention.

In FIG. 1(A), a password (x1) is stored in the password storage means 111 in advance.

The information storage means 113 can store and access information.

The access control means 121 uses a password (
Receiving an external password signal 115 representing the input password (X) and outputting a test password signal 117 based on the input password (X),
An external access signal 119 for making a desired access to the information storage means 113 is received from the outside.

The decoding means 127 decodes the password (
X) stored in the password storage means 111
Compare with [7] to determine whether it is valid or not, and if it is valid, select i1. (It has a function of outputting a 2-pass permission control signal 123 and also outputting a procedure continuation control signal 125 if it is not valid.

In response to this procedure continuation control signal 125, the access control means 121 puts the subsequent procedure in a standby state for a predetermined period of time.

Therefore, overall, the input password (X) is the registered password (X1
), access is permitted if it is legitimate, but the password (
If x1) is not valid, the control is such that the continuation of the subsequent procedure is placed in a standby state.

[For production]

In Figure 1 (+3), first, external password 1 is sent from the outside.
15, it is determined whether the I-T received person: password (X) is valid or not compared to the password (X1) registered in the password storage means 111. If legitimate, access control 1
Stage 1214.1, information fI by external access signal 119
Access to the I storage means 113 is permitted.

If the password (X1) is not valid, the process remains on standby for a predetermined period of time before continuing the procedure.

In the present invention, if the password verification is not possible, the procedure goes into a standby state for a predetermined period of time, and even if access is attempted by simply changing the password, the access will not be possible. This provides complete protection against unauthorized access.

[Embodiments of the invention]

Hereinafter, embodiments of the present invention will be described in detail based on the drawings.

FIG. 2 shows the configuration of the unauthorized access prevention method according to the embodiment of the present invention, and FIGS. 3(A) and 3(B) show an IC card used in the unauthorized access prevention method according to the embodiment of the present invention.

The correspondence between the main components of the example and the main components of FIG. 1(A) will be described.

The password storage means 11 corresponds to the memory 213.

Information storage means 113 corresponds to memory 213.

The external password signal 115 corresponds to a recognition signal based on r)IN input by the -1-1 board unit 233.

External access signal] 194;l, keyboard section 233
This corresponds to an operation signal input manually by the operator.

The access control means 121 includes the CPU 211 and the ROM.
It corresponds to 215.

The decoding means 127 corresponds to the CPU 211 and the ROM 215.

Test PIN signal 117. The access permission control signal 123 and the procedure continuation control signal 125 correspond to signals inside the CPU 211 and signals exchanged between the CI 21.1 and the ROM 215.

The password (X1) corresponds to a PIN.

Embodiments of the present invention will be described below on the assumption that there is a correspondence relationship such as ``JyuJυ1小茊RAN戊一''.

FIG. 2 is an overall configuration diagram to which an unauthorized access prevention method is applied. In the figure, a TC card 210 used in the embodiment of the present invention includes a CPU 211 as a data processing device and a memory (EEPROM) 21 in which personal information of the IC card holder is stored, as in the conventional example.
3 and the RO in which the desired control program is written.
It is equipped with M215. It also includes a plurality of metal contact electrodes 217 that make electrical contact with external devices.

The automatic transaction device 230 that accesses the IC card 210 includes a system control section 231 that controls the entire system, a keyboard section 233 that specifies and inputs the password and transaction details, and the automatic transaction device 230. An IC card reader/writer 235 is provided to enable adaptation to the following.

The IC card reader/writer 235 includes a CPU 241 for data communication between the system control unit 231 and the CPU 211 of the IC card 1-210, and
External interface 243 that enables information exchange between II and system control unit 231, CPU 211 and CP
It is equipped with an IC car 1 interface 245 that exchanges information with U21.1, and an IC cart power supply 247 that supplies power necessary for the operation of the IC card 210.

As shown in FIGS. 3(A) and (B), the rc card 21
0 is made of plastic, for example, and has a rectangular plate shape with a certain thickness.

CPU211. The memory 213 and ROM 215 are
It is embedded inside the C car 1' 210 and is not visible from the outside. The plurality of contact electrodes 217 are connected to the rc card 2
It is exposed in Table 1 Stone-1- of No. 10 and can be contacted with the outside.

CPU211. Memory 213. ROM 215 and contact electrode 217 are electrically interconnected within IC card 210.

1, the control information G for instructing the IC card 210 to write or read personal information or information from the outside is assumed to be 4 bits. Therefore, contact electrode 217
are in groups of four each. However, other electrode terminals are omitted.

FIG. 4 shows the concept of the file structure in an embodiment of the present invention.

In other words, according to the file management program written in the ROM 215, the CPU 211 stores the
Personal information is filed item by item. For example, file 1 (F1) contains transaction information for bank account A, file 2 (F2) contains transaction information for bank account B, file 3 (
F3) contains transaction information for the C securities account, file 4. (F
4) contains D credit shopping information, file 5 (F5
) contains pension receipt information, ......, file n (
Fn) is where various types of information are filed, such as medical records from N Hospital.

FIG. 5 shows the storage state of information in the memory 213. Here, in the area MPI in the memory 213, the IC
A table of information necessary for decoding with the card 210 and the serial number of the card are written. The other area MP2 is for files. File area M1)
2 is assigned to be filed item by item as described above with reference to FIG.

Now, looking at the allocation for Bank A, the card holder's account number with bank code at Bank A, home phone number, PIN (4-digit number) as PIN, current balance, and transactions in the past specified period. Information regarding recording is stored corresponding to areas 551 to 555.

By the way, among the above information, the information in areas 551 to 553 is written by a legitimate institution such as a bank at the time of issuance of the IC car F210 or at the time of need for correction. however,
The contents of areas 554 and 555 are updated each time IC card 210 is used.

Information from other institutions is similarly written to other files in the memory 213.

FIG. 6 shows the operating state of the unauthorized access prevention system according to the embodiment of the present invention. However, since the method of password verification is unique, the relevant parts are mainly shown.

FIG. 7 shows the operation when the holder of the IC card 210 makes a withdrawal using the automatic transaction device 230.

Hereinafter, FIGS. 2 to 7 will be referred to.

(i) The automatic transaction device 230 installed at the store of Bank A, where the transaction is normal, is on standby for use (step 711). In other words,
Wait until the IC card 210 is inserted into a card insertion slot (not shown) included in the automatic transaction device 230.

When the IC card 210 is inserted into the automatic transaction device 230 (step 712), the automatic transaction device 230
Waits for IN input. Here, the electrodes of the IC card 21O are in electrical contact with the automatic transaction device 230, and the power necessary for the operation of the rc card 210 is supplied from the rc card power supply 247. In addition, mutual signal exchange becomes possible.

The keyboard section 233 is operated and the 4-digit number is entered as the PIN (
Xif), on the automatic transaction device 230 side, the system control unit 231 gives the numerical information to the IC card reader/writer 235. The IC card reader/writer 235 supplies the signal to the IC card 210 in the form of a signal that can be analyzed on the IC card 210 side (step 713).

On the IC card 210 side, the PIN content (Xif)
The CPU 211 receives the signal representing the input PIN (
Xjf) is deciphered. Here, the area 55 of the memory 213
3. CP the recognition PIN (Xr) stored in advance in
U211 reads and determines whether the manual PIN (Xif) matches (step 714).

If they match (affirmative determination), it is determined that the current operator, that is, the transaction person is the legitimate owner of the IC card 210, and the automatic transaction device 230 waits for the withdrawal amount to be specified (step 715). ), the designated amount of cash is provided (step 716). After that, IC card 210
is returned to the operator (step 717).

The above is normal trading operation.

(ii) Creation of φ with password error Now let's look at the operation when the password verification at the time of card operation does not match.

In the execution order in FIG. 7, steps 713 and 7
14, the input PIN and the registered PIN did not match during the PIN input and password verification.

In other words, since a negative determination is made in step 714, the automatic transaction device 230 shifts to a standby state in which it accepts the password input again in order to determine whether the current operator is the authorized holder. It has become.

If the first password verification is not possible and the determination in step 714 is negative, the IC card 210 is reset (step 718).

Here, first, on the IC card 210 side, the CPU 2
11, and waits for a reset command from the automatic transaction device 230 side.

On the other hand, the automatic transaction device 230 side outputs a reset command in response to a signal indicating a negative determination result from the CPU 211, and enters a standby state with no response for a certain period of time. When this reset command l' is received, the CPU of the IC card 210
211 moves to the next step 719.

In step 719, the CPU 211 sets a timer (not shown). As a result, a constant predetermined time period is counted.

Next, wait for the PIN to be entered again, and the operator enters 4 as the PIN.
After entering the digit number, the automatic transaction bag N230 will proceed to step 7.
Perform PIN input processing similar to step 13 (step 720)
.

On the IC card 210 side, the IC card 210 remains unresponsive and waits until the clocking state of the timer set in step 719 passes a predetermined time (time determined by the entire system) (step 721). When this predetermined period of time has elapsed (affirmative determination in step 721), the IC card 210 is released from the non-responsive state, and the PI from the automatic transaction device 230 side is released.
It becomes possible to receive N.

The automatic transaction device 230 also cancels the non-transmission state and inputs the PIN signal based on the PIN accepted in step 720 to the IC.
Step 722). CPU
At step 211, the process returns to step 714, and it is again determined whether the newly input PIN is valid.

If the PIN manually entered by the current operator is correct, step 71
4, an affirmative determination is made and the process moves to step 715. As a result, the operation mode returns to the above-mentioned "(i) When the password is normal" and normal withdrawal operations are possible.

Transactions using such automatic transaction device 230 are the same when accessing transaction information for the B tli 1 line account in file 2 (1''2).

The same applies not only to banks but also to other financial institutions and medical institutions.

As described above, if the initially given password is incorrect, the execution procedure in the automatic transaction device 230 and the IC card 210 is temporarily interrupted. It remains unresponsive until a predetermined period of time has elapsed, and after the elapse of the predetermined period of time, it accepts the password input again and attempts verification again. This determines whether the legal holder is actually operating the automatic transaction device 230 using the IC card 210.

Therefore, if the password (X1) is determined to be invalid,
Since the legitimacy is determined by waiting for a predetermined period of time, unauthorized access by anyone other than the legitimate holder is completely prevented.

In this way, even if you attempt to verify the password by simply changing the numbers normally used as the PIN using a personal computer as an external device by providing a predetermined interruption, it will not be possible to find a match between the passwords. Moreover, it cannot be transferred to trading.

In this way, if the predetermined time during which the CPU 211 of the IC card 210 does not respond is made undisclosed, it becomes virtually impossible to search for the PIN by continuously changing the numbers, so security against unauthorized access is extremely high. Become. Further, the automatic transaction device 230.
If it is changed depending on the system formed by the combination of other transaction devices etc. and the IC card 210, and furthermore, it can be made variable depending on the state of use, time of use, etc.
Security against unauthorized access becomes even more perfect.

■1.8 Mr. Nozen In addition, in the embodiment of the present invention described above, in the procedure shown in Fig. 7, it is possible to repeat an incorrect password any number of times, so the number of consecutive password verifications is For example, if you limit the number of times to 3 times, security will further increase. In that case, in the operation sequence shown in FIG. 7, after the negative determination in step 714,
An execution step may be provided that forcibly terminates the operation when the password verification loop is repeated four times.

Further, although the case of accessing bank account information has been described, the same applies to writing and reading of various other types of personal information.

Although a four-digit PIN is used as the password, the PIN is not limited to this, and the number of digits may be increased, and letters and numbers mixed with kanji and kana may also be used.

In short, it is sufficient to use personal data that is not known to anyone other than the legitimate owner and to write it in advance in a specific area of the memory 213.

The personal information storage means is not limited to the plastic IC card 210, but may be any tangible object that is convenient to carry.

Furthermore, in "I. Correspondence between Examples and FIG. 1",
Although the correspondence relationship between the embodiments of the present invention and FIG. Will.

〔Effect of the invention〕

As described above, according to the unauthorized access prevention method of the present invention, when the result of password verification is negative, the leakage and destruction of personal information is prevented by waiting for a predetermined period of time.
This method is extremely useful in practical terms, especially in the future information society.

[Brief explanation of drawings]

1 (A) and (B) are a principle block diagram and an explanatory diagram of the principle operation of the unauthorized access prevention method of the present invention; FIG. 2 is a configuration block diagram of the unauthorized access prevention method in an embodiment of the present invention; 3. Figures (A) and (B) are explanatory diagrams of the configuration of an IC card used in the unauthorized access prevention method according to the embodiment of the present invention, Q Figure 4 is a conceptual diagram of filing in the embodiment of the present invention, and Figure 5 is a diagram showing the implementation of the present invention. An explanatory diagram showing the information storage state in the memory used in the example unauthorized access prevention method, FIG. 6 is an operational explanatory diagram schematically showing the execution operation in the embodiment of the present invention, and FIG. 7 is an embodiment of the present invention. FIG. 8 is an explanatory diagram of a conventional IC cart, and FIG. 9 is an explanatory diagram of the operation of a conventional example. In the figure, 111 is a password storage means, 113 is a storage means, 113 is an information storage means, 115 is an external password No. 13, 117 is a test password signal, 119 is an external access signal, 121 is an access control means, and 123 is an access permission. Control signal, Otsu0 125 is a procedure continuation control signal, 127 is a decoding means, 210.810 is an IC card, 211.241, 811 is a CPU (central processing unit),
213.813 is memory (EEPROM), 215.
815 is ROM. 230.930 is an automatic transaction device, 231.931 is a system control unit, 233.933 is a keyboard unit, and 235 is an IC card reader/writer. Fig. 1 (A) A schematic diagram of the principle of this defense. Fig. 1 (B) An illustration of the operation of the Noe C card. Fig. 3. Conceptual diagram of filing. Fig. 4.

Claims (1)

[Scope of Claims] (1) A password storage means (111) in which a password (X1) is stored in advance, and an information storage means (113) that can store and access information.
) and an external password signal (1) representing the password (X) given from the outside.
15) and outputs a test password signal (117) based on the input password (X), and also outputs a test password signal (117) based on the input password (X).
3) access control means (for receiving an external access signal (119) from the outside for desired access to the
121) and the PIN (X) based on the test PIN signal (117).
) stored in the password storage means (111).
X1) to determine whether it is valid or not, and if it is valid, it outputs an access permission control signal (123), and if it is invalid, it outputs a procedure continuation control signal (125). means (comprising access control means (
The access control means (121) permits access to the information storage means (113) by the external access signal (119) in response to the access permission control signal (123), and the access control means (121) receives the procedure continuation control signal (12).
5), an unauthorized access prevention system characterized by being configured to perform control such as to wait a predetermined period of time for the proceeding of subsequent procedures in response to item 5). (2) Procedure continuation control signal (125
), the control of the access control means (121) to wait for a predetermined period of time for the subsequent procedure to proceed is to prohibit the response operation to the input password (X) of the external password signal (115) that will be input from now on. An unauthorized access prevention system according to claim 1, characterized in that it is configured as follows. (3) Password storage means (111), storage means (113),
Information storage means (113), access control means (121)
2. The unauthorized access prevention system according to claim 1, wherein the decoding means (127) are included in one portable card.