HK1066309B - Data communication apparatus and method for managing memory in the same - Google Patents
Data communication apparatus and method for managing memory in the same Download PDFInfo
- Publication number
- HK1066309B HK1066309B HK04109272.6A HK04109272A HK1066309B HK 1066309 B HK1066309 B HK 1066309B HK 04109272 A HK04109272 A HK 04109272A HK 1066309 B HK1066309 B HK 1066309B
- Authority
- HK
- Hong Kong
- Prior art keywords
- service
- pin code
- block
- pin
- data
- Prior art date
Links
Description
Technical Field
The present invention relates to a data communication device having a relatively large memory space and a method for managing a memory in the device. In particular, the present invention relates to a data communication device having a memory space in which one or more applications are allocated, and a method for managing memory in the device.
More particularly, the present invention relates to a data communication apparatus and a method for managing memory in the apparatus, in which access rights are managed and restricted for each application program allocated in a memory space. In particular, the present invention relates to a data communication device for providing a plurality of access methods to each service memory field (service memory field) allocated to an application program, and to a method for managing memory in the data communication device.
Background
A contactless IC card can be used as a wireless communication unit that can be applied only locally.
Such wireless communication is typically implemented based on the principle of electromagnetic induction. That is, this system includes an IC card having a memory function and a card reader/writer for reading out or writing data from or into the memory of the IC card. The loop coil in the IC card serving as the primary coil and the antenna in the card reader/writer serving as the secondary coil form a transformer system. In this system, the card reader/writer transmits power generated by electromagnetic induction and information to the IC card so as to cause the IC card to be driven by the supplied power, in response to an interrogation signal from the card reader/writer.
When the card reader/writer modulates the current flowing through the antenna, the induced voltage in the loop coil of the IC card is modulated. Accordingly, the card reader/writer can transmit data to the IC card. On the other hand, a change in load between the terminals of the IC card loop coil may cause a change in impedance between the antenna terminals of the IC card reader/writer, and thus a change in current and voltage in the antenna. Accordingly, the IC card responds to the card reader/writer.
Contactless short-range communication systems typified by IC cards have become popular because of their simplicity of operation. For example, by storing personal authentication information such as a PIN code and valuable information such as an electronic ticket in an IC card, a card reader/writer provided in a cash dispenser, an entrance/exit of a concert hall, or a ticket gate of a station can access the IC card held by a user in a contactless manner to thereby perform an authentication process.
Recently, the use of IC cards with a relatively large memory space, which are improved with miniaturization technology, has emerged. An IC card including a mass memory can store therein a plurality of application programs, and thus a single IC card can be used for a plurality of purposes. For example, the IC card can be applied to various uses by storing various application programs such as electronic money for electronic payment and electronic tickets for a specific concert hall in the IC card. Here, the electronic money and the electronic ticket refer to a system that performs settlement (electronic payment) by electronic data issued by money provided by a user or by electronic data itself.
Further, by providing a wired interface (not shown) for connecting with an external device and a wireless contactless interface in the IC card or the card reader/writer, one or both of the functions of the IC card and the card reader/writer can be provided in a device such as a mobile phone, a Personal Digital Assistant (PDA), or a personal computer.
In this case, the IC card technology may be used as a multipurpose bidirectional short-range communication interface. For example, when the short-range communication system is implemented by a computer or an information device, one-to-one communication is performed. Alternatively, a device may communicate with other devices such as a contactless IC card. In that case, the device may communicate with a plurality of cards.
Various application programs using the IC card, such as sending and receiving electronic valuable information including electronic money to and from an external device, can be executed in an information processing terminal. For example, the user's interaction process with the IC card may be performed in the information processing terminal using a user interface in the information processing terminal such as a keyboard and a display. When the IC card is connected to a mobile phone, data stored in the IC card can be transmitted via a telephone network. Further, by connecting the mobile phone to the internet, the fee used can be paid with the IC card.
The IC card is generally placed on a card reader/writer for use. The card reader/writer constantly polls the IC card and starts communication between them when the card reader/writer detects an external IC card.
In this case, the user has already input a Personal Identification Number (PIN) into the IC card reader/writer. The entered PIN is compared with a PIN stored in the IC card to perform identification or authentication between the IC card and the IC card reader/writer (PIN is a code for accessing the IC card). When the identification or authentication is successfully performed, the user can use the application stored in the IC card, that is, the user can access the service storage area allocated to the application (in this specification, the storage area allocated to the application is referred to as "service storage area"). By encrypting the communication in accordance with the security level of the application program, access to the service storage area can be appropriately performed.
In this specification, the use of an application, that is, the process of accessing the corresponding service storage area is referred to as "service". The services include reading or writing data from or to a memory, and include adding or subtracting value to or from valuable information such as electronic money.
As described above, when one IC card is used for a plurality of applications, it is necessary to control the access right to each application. In order to control access, a PIN code is assigned to each application program so that authentication is performed in units of application programs.
The type of service applicable to each application varies depending on the application's attribute information, such as the characteristics of the application and the required level of security. In addition to this, it is also necessary to control the service according to the access right assigned to each user of the application. For example, the need to distinguish users: user a may be allowed full access to the service storage area while only user B is allowed to perform a read operation.
However, this method of simply controlling access by assigning a PIN code to each application program causes many inconveniences. That is, after passing through the authentication process using the PIN code, anyone can use the service defined by the application program as well. In other words, even if the right to use the application should be changed from user to user in order to authenticate the user (the effective service differs from user to user: one person is allowed to read or write data from or to the service storage area, and only another person is allowed to read data), a uniform service is provided for each user.
Disclosure of Invention
It is an object of the present invention to provide an excellent data communication device including a memory space in which one or more applications are allocated, and a method for managing a memory in the device, in which each user is given different access rights to a service memory area allocated to each application so that a plurality of access methods can be provided.
According to a first aspect of the invention, a data communication device comprises a memory space; a service storage area in the storage space, the service storage area including one or more user blocks, each user block storing data for providing a service; two or more service definition blocks in the storage space, each service definition block comprising service definition data and access rights data defining access rights to the user block; a PIN code service definition block in the storage space for defining a PIN code service for verifying a PIN code before providing the service; and wherein the PIN code service definition block is defined as a service dedicated to PIN code service, and contents of the PIN code service are stored in a PIN code service data block so that PIN codes for respective access rights to the same user block or necessity of inputting PIN codes are different, and the one or more user blocks are accessed by using any service definition block, wherein different PIN codes are set for adding and subtracting values to and from valuable information, and a maximum allowable error is set in the PIN code service data block, and when the number of input errors reaches the maximum allowable error, the corresponding service or access to the corresponding area is prohibited.
According to a second aspect of the present invention, there is provided a method for managing memory in a data communication device comprising a memory space. The method comprises the steps of providing a service storage area in the storage space, the service storage area comprising one or more user blocks, each user block storing data for providing a service; a service definition step in which two or more service definition blocks are provided in the storage space, each service definition block including service definition data and access right data defining access rights to the user block; and a PIN code service definition step in which a PIN code service definition block is provided in the storage space for defining a PIN code service for verifying a PIN code before providing a service; wherein the PIN code service definition block is defined as a service dedicated to PIN code service, and contents of the PIN code service are stored in a PIN code service data block so that PIN codes for respective access rights to the same user block or necessity of inputting PIN codes are different, and the one or more user blocks are accessed by using any service definition block, wherein different PIN codes are set for adding and subtracting values to and from valuable information, and a maximum allowable error is set in the PIN code service data block, and when the number of input errors reaches the maximum allowable error, the corresponding service or access to the corresponding area is prohibited.
Here, the data communication apparatus is a contactless IC card including an IC chip having a wireless communication unit, a data transmission/reception function, and a data processing unit; a contact type IC card having a terminal on a surface thereof; or an information communication terminal such as a mobile phone, a Personal Handyphone System (PHS), or a Personal Digital Assistant (PDA) that includes an IC chip having the same function as the contact/noncontact IC card. The data communication device includes a memory area having a data accumulation memory such as an EEPROM; a data processing unit; and a data communication function. When a mobile phone or the like is applied, a memory medium such as an IC card including an IC chip can be detachably attached thereto. Further, a Subscriber Identity Module (SIM) function may be provided on the IC chip, in which contractor information issued by a mobile phone company is recorded. The data communication apparatus may directly perform data communication with an external terminal via an information communication network such as the internet, or in a wired or wireless manner.
According to the present invention, a service and a service storage area to which the service is applied are defined in the storage space, and a PIN code service to verify a PIN code before executing the service is defined. With this structure, the security of the IC card can be ensured.
An area may be defined that includes one or more service storage areas provided in the storage space. Further, a PIN code service may be defined that verifies the PIN code before accessing the area.
According to this structure, a PIN code can be set for each service storage area and for each area. Thus, access to the storage space can be controlled in a hierarchical system. When a general PIN code is to be set for a plurality of services, an area including the services is generated so that the general PIN code service can be applied to this area.
For example, by entering a PIN code corresponding to a certain area, the user may gain access to all service memory areas in that area (and sub-area) through a verification and authentication process. Therefore, the user can obtain access to all applications for a series of transactions by merely inputting a PIN code corresponding to a required region, and thus access control can be efficiently performed and the device is more easy to use.
Furthermore, an overlay service may be defined that is used to define other services that apply to a service store that has already been provided with services.
By defining the overlay service, a plurality of access methods such as "read only" and "read/write" can be set to the service storage area.
When defining the overlapping services, a PIN code may be set for each service. For example, when there are two services "read" and "read/write" corresponding to the service storage area, two PIN codes are set. Also, different PIN codes are set for "adding" and "subtracting" from valuable information including electronic money. Further, a restriction may be set so that a PIN code must be entered to write information to the memory area without entering a PIN code to read information from the memory area.
The verification may be controlled so as to set the PIN code verification performed by the PIN code service to be valid or invalid.
According to this structure, it is necessary to verify the PIN code before starting the service or accessing the area only when the PIN code service corresponding to the service or area is valid, and it is not necessary to verify the PIN code when the PIN code service is invalid.
As described above, the present invention can provide an excellent data communication device including a memory space in which one or more applications are allocated, and also provide a method for managing a memory in the data communication device, in which each user is given different access rights to each service memory area allocated to each application, so that a plurality of access methods can be provided.
According to the present invention, even when the access right to the storage area in the IC card is not one, the PIN code can be set according to each access right. That is, in each service storage area, a PIN code is set for each service to be applied. For example, a restriction may be set so that a PIN code must be entered to write information to the memory area, without entering a PIN code to read information from the memory area.
Other objects, features and advantages of the present invention will become more apparent from the following description of the preferred embodiments with reference to the accompanying drawings.
Drawings
Fig. 1 illustrates an electromagnetic induction based wireless communication system including a reader/writer 101 and an IC card 50;
fig. 2 is a block diagram showing a transformer system including a reader/writer 101 and an IC card 50;
fig. 3 shows a functional structure of the IC card 50;
FIG. 4 illustrates a system for applying a PIN code to a service;
FIG. 5 shows a system for applying PIN codes to regions;
fig. 6 is a flowchart showing a procedure of registering an area and a service in the memory space of the IC card 50;
fig. 7 schematically shows a data structure of a PIN code service data block;
fig. 8 is a flowchart showing a procedure of controlling the start of a service or the access right of a region according to a PIN code input by a user;
fig. 9 is a flowchart showing a process of controlling access to a service or area based on the number of PIN code input errors;
fig. 10 schematically shows a functional structure for controlling comparison/output of a PIN code in the IC card 50;
fig. 11 schematically shows a data structure transmitted/received in units of 1 byte via the communication unit 151;
fig. 12 schematically shows a packet structure including 1-byte data pieces;
fig. 13 shows a base sequence of packet exchanges between a transmitter and a receiver;
fig. 14 shows the structure of the flow control unit 155;
fig. 15 shows an example of the structure of a PIN code identification device (IC card 50) including a plurality of PIN code holding units and PIN code comparison units; and
fig. 16 shows an example of the structure of a PIN code identification device (IC card 50) in which a PIN code can be set for each memory area in the data holding unit 152.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.
A. Contactless communication system
The present invention relates to a contactless data communication system using an IC card. Such contactless data communication systems are typically implemented based on the principle of electromagnetic induction. That is, this system includes an IC card having a memory function and a card reader/writer for reading out or writing data from or into the memory of the IC card. The loop coil of the IC card serving as the primary coil and the antenna of the card reader/writer serving as the secondary coil form a transformer system. The card reader/writer transmits power and information to the IC card by electromagnetic induction so as to transmit an interrogation signal thereto. The IC card is driven by the supplied power, and changes the load between the terminals of the loop coil in accordance with a response signal to the inquiry signal. Accordingly, the IC card modulates the amplitude of a signal appearing in a receiving circuit of the reader/writer to perform communication therebetween. The IC card may be a card-type data communication device. Alternatively, an IC chip having a so-called IC card function may be incorporated into an information communication terminal such as a mobile phone (in this specification, for convenience, an IC card is referred to as an "IC card" in both cases where the IC card is incorporated into an apparatus and the IC card is detachably attached to the apparatus). An IC chip having an IC card function is mounted on a mobile terminal such as a mobile phone or a PDA, or on an information processing terminal such as a Personal Computer (PC) to perform data communication with an external device. In that case, the IC chip includes an interface for connecting with an external device in addition to an interface for connecting with a reader/writer in a wired or wireless manner.
Fig. 1 is a schematic diagram showing an electromagnetic induction based wireless communication system including a reader/writer 101 and an IC card 50. The reader/writer 101 includes an antenna L having a loop coilRW. Through an antenna LRWApplying a current IRWAt the antenna LRWA magnetic field is generated around. On the other hand, a loop coil L is provided around the IC card 50C. In the loop coil L of the IC card 50CTo generate a loop antenna L of the reader/writer 101RWInduced voltage caused by the generated magnetic field, and the induced voltage is input to a terminal of the IC card 50, the IC card 50 and the loop coil LCAre connected at their ends.
Antenna L of reader/writer 101RWAnd a loop coil L of the IC card 50CThe degree of coupling between them varies according to their position. However, it can be said that the antenna LRWAnd a loop coil LCA transformer system is formed which is modular as shown in fig. 2.
When the reader/writer 101 modulates the current flowing through the antenna LRWCurrent of (I)RWFor the loop coil L of the IC card 50CInduced voltage V0Modulation is performed. Accordingly, the reader/writer 101 can transmit data to the IC card 50. The transmitted data includes a PIN code required for obtaining access to the application or area, such as a Personal Identification Number (PIN) and a password input by a user to an external device connected to the reader/writer 101, and includes valuable information provided by the application, such as electronic money and electronic tickets.
Further, the IC card 50 includes a function of changing the loop coil L in accordance with data to be transmitted to the reader/writer 101 (load switch)CThe function of the load between the terminals. When the loop coil LCWhen the load between the terminals changes, the antenna L of the reader/writer 101RWThe impedance between the terminals also changes to change the current flowing through the antenna LRWCurrent of (I)RWAnd a voltage VRW. By demodulating the variation component, the reader/writer 101 can receive the data transmitted from the IC card 50. The data received by the reader/writer 101 from the IC card 50 includes valuable information provided by the application program, such as electronic money and electronic tickets.
Storage in B.IC cardStructure of space
One or more applications are allocated in the memory space of the IC card 50, said IC card 50 being incorporated in the mobile terminal 10. The application includes valuable information, such as electronic payments, that is sent to or received from an external device. The storage area allocated to each application is referred to as a "service storage area". An operation using an application (i.e., an operation of accessing a corresponding service storage area) is referred to as a "service". The service includes reading or writing data from or to a memory, and includes adding or subtracting a value to or from valuable information including electronic money.
In order to restrict the use of applications or the start of services according to whether the user has access rights, a PIN code is assigned to each application so as to be verified when the corresponding service is executed. Further, in accessing each service storage area, encrypted communication is appropriately performed in accordance with the security level of the corresponding application program or the like.
In the embodiment, a hierarchical structure similar to "directory" is introduced into the memory space of the IC card 50. Accordingly, each application program allocated to the storage area can be registered in the "area" of the required layer. For example, by registering a plurality of applications for a series of transactions or applications closely related to each other in a service storage area in the same region (further, by registering regions closely related to each other in the same parent region), it is possible to organically set the storage areas and the applications in those regions so that a user can efficiently classify and set the applications.
In order to control the access right to each storage area in accordance with the hierarchical system, a PIN code may be set for each area in addition to each application program. For example, by entering a PIN code corresponding to a certain region, the user may gain access to all applications in that region (and sub-region) through a verification and authentication process. Thus, the user can gain access to all applications for a series of transactions by entering the PIN code corresponding to the required region only once. Accordingly, efficiency in access control can be enhanced, and the device can be used more easily.
The embodiment also has the following features. That is, the access right to determine the service storage area is not necessarily one, but a PIN code may be set for each access right, that is, a PIN code is set for each service performed in the service storage area. For example, when two services "read" and "read/write" correspond to one service storage area, two PIN codes are set. Also, different PIN codes are set for "adding" and "subtracting" from valuable information including electronic money. Alternatively, a restriction may be set so that a PIN code must be entered to write information to the memory area without entering a PIN code to read information from the memory area. The process of setting the PIN code for each application service will be described later.
Fig. 3 shows a functional structure of the IC card 50 according to the embodiment. As shown in fig. 3, the IC card 50 includes an RF unit 51 connected to an antenna for performing radio communication with the reader/writer 101; a memory 52 (as described above) including a service storage area allocated to the corresponding application program; an authentication unit 53 for authenticating the PIN code input via the RF unit 51; and a control unit 55 for controlling these units.
The control unit 55 includes a Central Processing Unit (CPU), a Read Only Memory (ROM), and a Random Access Memory (RAM). The control unit 55 controls operations in the IC card 50 by executing program codes stored in the ROM.
The memory 52 is used to assign memory fields to each of one or more applications. Further, the memory 52 is not limited to a particular device, but is any type of readable and writable storage medium, such as a semiconductor memory and a magnetic stripe.
In the described embodiment, a hierarchy similar to a "directory" is introduced into the memory space of memory 52. Therefore, each application program allocated to the storage area can be registered as a service storage area in the area of the required layer. For example, applications that are closely related to each other (such as applications for a series of transactions) may be registered in the same region (further, regions that are closely related to each other may be registered in the same parent region).
Further, each application (service memory area) and the area allocated in the memory 52 include a PIN code definition block. According to this structure, a PIN code can be set for each application or each region. Thus, the memory 52 can be accessed in units of application programs and in units of areas.
The access right to each service storage area is not necessarily one, and a PIN code may be set for each service. For example, when two services "read" and "read/write" correspond to one service storage area, two PIN codes are set. Also, different PIN codes are set for "adding" and "subtracting" from valuable information including electronic money (described later).
The authentication unit 53 compares the PIN code transmitted via the RF unit 51 with the PIN code set in each application program, the area allocated in the directory, or the service memory area, so as to allow access to the corresponding memory area. The reader/writer 101 is capable of reading or writing information from or to a storage area accessible via the RF unit 51.
Application program of C.PIN code
As described above, the memory 52 in the IC card 50 includes different service memory areas allocated to different applications. Further, one or more applicable services are provided to each service storage area. In the embodiment, the access may be restricted in units of areas and applications. Further, a PIN code may be set for each service applied to each application program so as to restrict access in units of services.
Fig. 4 shows a basic structure of a memory space in the IC card 50. As described above, referring to fig. 3, a hierarchical structure similar to "directory" is introduced into the memory space in the IC card 50 so that each service memory area allocated to an application can be registered in the area of a required layer. In the example shown in fig. 4, one service memory area is registered in the area 0000 defined by the area 0000 definition block.
The service storage area shown in the figure comprises one or more user blocks. The user block is the minimum unit of data that ensures an access operation. The block, service 0108, is defined by service 0108, to which a service defined can be applied.
In the embodiment, the access may be restricted in units of areas and applications. In addition, a PIN code may be set for each service so that access can be restricted in units of services. PIN code setting information related to a service in which access is restricted is defined as a service dedicated to a PIN code (i.e., "PIN code service").
In the example shown in fig. 4, the PIN code associated with service 0108 is defined as a PIN code service 0128 definition block. The contents of the PIN service are stored in a PIN service data block.
When the PIN code service of the service 0108 is valid, before the service 0108 is started, verification of the PIN code must be performed with the PIN code service 0128 in order to read or write information from or to its user block. More specifically, when using encrypted read/write commands, the PIN code of the service 0108 is verified before mutual authentication. (mechanism for setting PIN code service as valid/invalid will be described later)
In the embodiment, each service storage area allocated to the application program may be registered in an area of a required layer, and the areas may be set in accordance with a hierarchical system (areas closely related to each other may be registered in the same parent area). In that case, by setting a PIN code for each region, access can be restricted in units of regions.
Fig. 5 shows a state in which areas are set in a hierarchical system in the memory space of the IC card 50. In the example shown in fig. 5, the area 1000 defined by the area 1000 definition block is registered in the area 0000 defined by the area 0000 definition block.
In the example shown in fig. 5, two service storage areas are registered in the area 1000. The service 1108 defined by the service 1108 definition block and the service 110B defined by the service 110B definition block are applicable to one of the service stores. In this way, when a plurality of different services are defined in one service storage area, that is, what is called "overlapping services" in this specification. In the overlay service, different services are provided according to PIN codes entered in the same service storage area.
On the other hand, the service 110C defined by the service 110C definition block may be applied to another service storage area.
The user can start the service set in each service storage area to read or write information from or to his user block. Of course, as described above with reference to fig. 4, a PIN code service may be defined for each service. In this case, when a PIN code service corresponding to the service is valid, the service may be started after the PIN code is verified using the PIN code service.
In order to set a universal PIN code for a variety of services, an area including these services may be generated so that the universal PIN code service can be applied to this area.
In the example shown in fig. 5, the PIN code associated with the region 1000 is defined as a PIN code service 1020 definition block. The contents of the PIN service are stored in a PIN service data block.
When the PIN code service of the area 1000 is valid (described later), verification of the PIN code is performed using the PIN code service 1020, and then each service in the area 1000 can be started to read or write information from or into its user block.
Here, when the PIN code service is applied to the service in the area 1000, and when the PIN code service is valid, PIN code verification must be performed with the PIN code service before information is read from or written to its user block.
As shown in fig. 4 and 5, a unique PIN code service is given to each area and a service to be a PIN code verification target.
Registration of PIN services
The PIN code service is registered in the IC card 50 as a general service with a registration service command.
However, before registering the PIN code service, the area or service as the object of PIN code verification must be registered in the IC card 50. That is, when any area or service for PIN code verification is not registered, an error occurs when a PIN code service is registered.
Further, in the PIN code service, the number of PIN code service data blocks corresponding to the user block in the general service is only one. Therefore, when registering a service, if a value other than 1 is set to the number of specified user blocks by the registration service command, an error occurs.
Fig. 6 is a flowchart showing a procedure of registering an area or service in the storage space of the IC card 50.
First, an area is defined in the storage space (step S1).
Then, a service storage area is allocated to the application program in the area with a registration service command, and a service applied to this service storage area is defined (step S2). In the register service command, the number of user blocks in the service storage area is specified. When a plurality of applications are allocated into the area, step S2 is repeated.
When the PIN code is applied to the service defined in the area, registration of the PIN code service is performed using a registration service command of the service (step S3).
When the general PIN codes are to be set for all the services defined in the area, the general PIN code service is registered to the area with a registration service command of the service (step S4).
The order of steps S3 and S4 may be reversed.
Further, when a plurality of different services are defined for one service storage area, the overlay service (see fig. 5) is registered with the registration service command of the service (step S5).
When the PIN code is applied to the overlay service, the PIN code service is registered with a registration service command of the service (step S6).
In the example shown in fig. 4, a service storage area is allocated in the area 0000 of the root directory, and the service 0108 provided thereto is registered, and then the PIN code service applied to the service 0108 is registered.
In the example shown in fig. 5, two service storage areas are allocated in an area 1000 under an area 0000 of the root directory, and services 1108 and 110C provided thereto are registered, respectively. Further, the other service 110B is registered as an overlapping service in one of the two service storage areas. Although not shown, when a PIN code is to be provided thereto, a PIN code service is registered. When the universal PIN codes are set for the registered services 1108, 110B, and 110C, the universal PIN code service is registered for the area 1000.
Application of E.PIN code
As shown in fig. 4 and 5, by applying the PIN code to the area and the service registered in the memory space of the IC card 50, access control can be performed in units of area or service. Further, a plurality of services (overlay services) may be registered in one service storage area. In this case, by providing a PIN code to each service, a plurality of access methods can be defined for one service storage area.
The contents of the application of the PIN code are described in the form of a PIN code service data block of a PIN code service definition block. Fig. 7 schematically shows a data structure of the PIN code service data block. As shown in the figure, the PIN code service data block includes a PIN code field; inputting an error number storage field; a maximum allowed error set field; a PIN code selection field; and an access permission flag.
Only when the PIN code input by the user matches the registration code, the access permission flag in the PIN code service data block of the corresponding service or area is set so as to allow access thereto.
The access permission flag indicates accessibility/inaccessibility to the corresponding application or directory. When the access permission flag is set, the user can access the corresponding service or area. The access permission flag in the service or area where the PIN code is set represents "inaccessible" in a default state, but represents "accessible" after verification and authentication of the PIN code have been successfully performed using the key. However, if the access permission flag remains valid, and if the IC card 50 or the mobile terminal 10 is lost or stolen, the user suffers because the service or area is not allowed to be used or unauthorized access is made thereto. To avoid such a problem, the IC card 50 may have a function of automatically shifting to an inaccessible state when the RF unit 51 determines that it cannot receive a radio wave.
When an erroneous code is input, the record in the erroneous-input-times storage field is updated. Then, when the number of input errors reaches the maximum allowable error setting in the maximum allowable error setting field, the start of the corresponding service or the access to the corresponding area is prohibited.
Generally, once an input is successfully performed, the number of input errors should be cleared. In this way, malicious users can be prevented from trying PIN codes one by one. If the authorized user erroneously inputs the error code so that the maximum allowable number of errors is reached, the administrator of the IC card 50 may clear the error input number storage field. To authenticate the administrator, a key may be used, as will be described later.
Fig. 8 is a flowchart showing a procedure of controlling the start of a service or access to an area according to a PIN code input by a user.
When the user inputs a PIN code (step S11), the authentication unit 53 accesses the PIN code service data block of each PIN code service definition block to determine whether the input PIN code matches its PIN code (step S12).
If the PIN code of any one of the PIN code service data blocks matches the PIN code input by the user, the access permission flag in the PIN code service data block is set so as to allow access to the corresponding service or area (step S13).
For example, a PIN code, which has been input using a user interface of an external device (not shown) connected to the reader/writer 101, may be transmitted to the IC card 50 via the RF unit 51 by placing the IC card 50 above the reader/writer 101.
When controlling access rights to an application or directory using a PIN code, as shown in fig. 8, security may be breached if a malicious user tries passwords one by one (especially if the PIN code includes a small number of digits). Therefore, in the embodiment, the maximum allowable number of inputs is set in the PIN code definition field. Accordingly, when the number of input errors reaches a maximum value, the user cannot access the corresponding application or directory. In this way, access can be controlled.
Fig. 9 is a flowchart showing a procedure of controlling access to a service or area in accordance with the number of PIN code input errors.
When the user inputs a PIN code (step S21), the authentication unit 53 accesses each PIN code service definition block to determine whether the input PIN code matches its PIN code (step S22).
If the PIN code of any of the PIN code service definition blocks matches the PIN code entered by the user, an access permission flag in the PIN code service data block is set so as to allow access to the corresponding service or area (step S23).
On the other hand, if the PIN code entered by the user does not match the PIN code of any of the PIN code service definition blocks, the number of input errors in the PIN code definition field is updated (step S24). If the PIN code entered by the user matches the PIN code of any of the PIN code service definition blocks so that the verification is successfully performed, the number of input errors is cleared, i.e., set to 0.
Then, in step S25, it is determined whether the number of updates of the input error has reached the maximum allowable error, which will be set in the PIN code definition field.
If the number of input errors has reached the maximum value, the access permission flag in the PIN code definition field is canceled to prohibit access to the corresponding service or area (step S26). In this way, malicious behavior of an unauthorized user attempting a PIN code can be sanctioned.
If the authorized user erroneously inputs the error code so that the maximum allowable error is reached, the administrator of the IC card 50 may clear the input error number storage field. To authenticate the administrator, a key or the like may be used.
Control of comparison/output of F.PIN code
As described above, the verification of the PIN code is required before the corresponding service is initiated or the corresponding zone is accessed only when the PIN code service of the service or zone is valid. That is, when the PIN code service is invalid, verification of the PIN code is not required.
Hereinafter, a process of controlling the comparison/output of the PIN code by setting the validity/invalidity of the PIN code service will be described.
Fig. 10 schematically shows a functional structure for controlling PIN code comparison/output in the IC card 50.
As shown in the figure, the IC card 50 includes a communication unit 151 having a contactless wireless interface or the like; a data holding unit 152 for holding data such as valuable information; a PIN code holding unit 153 for holding a PIN code for controlling access to the data holding unit 152; a PIN code comparison unit 154 for comparing the PIN code input via the communication unit 151 with the PIN code held in the PIN code holding unit 153; and a flow control unit 155 for controlling the comparison/output of the PIN codes in accordance with the condition for comparing the PIN codes. Accordingly, the IC card 50 functions as a PIN code recognition device.
As shown in fig. 11, data is transmitted/received in the communication unit 151 in units of 1 byte. In fig. 11, the start bit is always present in the header of 1-byte data. Then, 8 bits of data follow, and the end bit is at the end. The length of each bit is predetermined by the transmitter and the receiver.
Fig. 12 schematically shows a packet structure including 1-byte data pieces. As shown, the front of the packet is the code portion and the back is the data portion (payload). Data representing the meaning of the packet is described in the code section. When data (main data) related to the code is required, a data section is attached.
Fig. 13 shows a base sequence of packet exchange between a transmitter and a receiver. In the embodiment, the external device 100 is a transmitter side, and the IC card 50 serving as a PIN code identification device is a receiver side.
The packet includes a command for requiring some action from the sender to the receiver, and includes a response sent from the receiver to the sender as a result of the action corresponding to the command. Table 1 shows the commands and responses for the described embodiment.
[ Table 1]
The command "code portion 10 h" refers to inputting the PIN code set in the data portion to the IC card 50, the IC card 50 serving as a PIN code identification device. When the communication unit 151 interprets the code portion, the attached data portion is sent to the PIN code comparison unit 154.
The PIN code comparison unit 154 compares the transmitted data portion with the PIN codes stored in the PIN code storage unit 153, and outputs "match" when the two PIN codes match. The flow control unit 155 has a function of controlling data transfer between the data holding unit 152 and the communication unit 151.
Fig. 14 shows the structure of the flow control unit 155.
The valid/invalid flag 155A indicates whether: whether the transmission line between the comparison/output data holding unit 152 and the communication unit 151 according to the PIN code comparison unit 154 is brought into a connected state or a disconnected state.
When the valid/invalid flag 155A is set to "1" and is on the valid terminal, the switch 2 is on the comparison output terminal. Further, when the PIN code comparison unit 154 outputs "match", this output is sent to the switch 1 and the switch 1 is turned on. Accordingly, the transmission line between the data holding unit 152 and the communication unit 151 is brought into a connected state, so that the external device 100 can access the data holding unit 152 via the communication unit 151. On the other hand, when the PIN code comparison unit 154 outputs "mismatch", this output is sent to the switch 1 and the switch 1 is turned off. Accordingly, the transmission line between the data holding unit 152 and the communication unit 151 is brought into a disconnected state, so that the external device 100 cannot access the data holding unit 152 via the communication unit 151.
On the other hand, when the valid/invalid flag 155A is set to "0" and is located on the invalid terminal, the switch 2 is located on the "constantly on" terminal. In this case, the switch 1 is constantly turned on regardless of the comparison output of the PIN code comparing unit 154 so as to keep the transmission line between the data holding unit 152 and the communication unit 151 in a connected state.
It should be noted that the function of comparing PIN codes can be avoided, that is, PIN code servicing can be avoided by the valid/invalid flag 155A when the comparison of PIN codes does not have to be performed.
The invalid → valid flag 155B may be changed by the opcode 50 h. When the valid/invalid flag 155A is changed from the invalid state "0" to the valid state "1" by the operation code 40h, the invalid → valid flag 155B is used to determine whether the PIN codes must match, which will be described later. That is, this operation is performed when the invalid → valid flag 155B is "1". When the valid/invalid flag 155A is "0", that is, when the PIN code comparison is invalid, and when the comparison output indicates "match", the switch 3 is turned on to allow the valid/invalid flag 155A to be changed via the communication unit 151. On the other hand, when the invalid → valid flag 155B is "0", the output of the flag determining unit 155D allows the switch 3 to be constantly turned on so as to constantly allow the valid/invalid flag 155A to be changed via the communication unit 151.
When the invalid → valid flag 155B is "1", this means that the PIN code must match when the valid/invalid flag 155A changes from invalid to valid. On the other hand, when the invalid → valid flag 155B is "0", this means that the PIN code may not match when the valid/invalid flag 155A changes from invalid to valid.
The valid → invalid flag 155C may be changed by the opcode 60 h. When the valid/invalid flag 155A is changed from the valid state "1" to the invalid state "0" by the opcode 40h, the valid → invalid flag 155C is used to determine whether the PIN codes must match, which will be described later. That is, this operation is performed when the valid → invalid flag 155C is "1". When the valid/invalid flag 155A is "1", that is, when the PIN code comparison is valid, and when the comparison output indicates "match", the switch 3 is turned on to allow the valid/invalid flag 155A to be changed via the communication unit 151. On the other hand, when the valid → invalid flag 155C is "0", the output of the flag determining unit 155D allows the switch 3 to be constantly turned on so as to constantly allow the valid/invalid flag 155A to be changed via the communication unit 151.
When the valid → invalid flag 155C is "1", this means that the PIN code must match when the valid/invalid flag 155A changes from valid to invalid. On the other hand, when the valid → invalid flag 155C is "0", this means that the PIN code may not match when the valid/invalid flag 155A changes from valid to invalid.
The above-described operation for controlling the valid/invalid flag change is performed by the flag determination unit 155D. By logically representing this operation, the output of the flag determination unit 155D can be shown as table 2.
[ Table 2]
The opcode 40h is used to change the valid/invalid flag 155A. The flag 155A can be changed via the communication unit 151 by the above-described operation only when the switch 3 is on.
In this mechanism, when changing the state of the PIN code, there is no need to enter the PIN code to change the PIN code from the invalid state to the valid state. However, the PIN code needs to be input in order to change the PIN code from the valid state to the invalid state. In this way, the entry condition of the PIN code can be set in different ways.
After the above operation, when the switch 1 is turned on, the data holding unit 152 and the communication unit 151 are connected. After that, the reader/writer 101 can read data from a predetermined position of the data holding unit 152 by the operation code 20h and write predetermined data to the data holding unit 152 by the operation code 30 h.
In order to rewrite the PIN code that has already been written in the PIN code holding unit 153, the operation code 18h is used. Rewritable or non-rewritable can be controlled by the switch 4.
In the example shown in fig. 14, the flag determination unit 155D performs control in accordance with the state of each of the invalid → valid flag 155B, the valid → invalid flag 155C, the valid/invalid flag 155A, and the PIN code comparison unit 154. That is, the control condition of the switch 4 may be changed in accordance with the state of each flag. For example, when the invalid → valid flag 155B is converted from "0" to "1", the PIN code in the PIN code holding unit 153 may be changed. Accordingly, when the determination of the PIN code is validated, a new PIN code is set regardless of whether the PIN code has already been set. The settings can be changed by a simple command operation and the level of security is also increased by providing a mutual authentication unit between the communication unit 151 and the reader/writer 101.
As shown in fig. 3 to 5, when the memory space in the IC card 50 is enlarged and a plurality of application programs (service memory areas) are allocated, or when the access right is controlled by a plurality of PIN codes, the PIN code comparison/output mechanism shown in fig. 10 may be employed.
Fig. 15 shows an example of the structure of a PIN code identification device (IC card 50) including a plurality of PIN code holding units and PIN code comparison units. In the example shown in fig. 15, the data holding unit 152 and the communication unit 151 can be connected only when all the PIN code comparison units 154 output "match". Accordingly, by assigning a part of the reader/writer 101, into which the PIN code is input, to an individual user, and by assigning the other part of the reader/writer 101 to an administrator (for example, a card service administrator), it is possible to control the function of the PIN code at the administrator's intention. For example, a function may be provided so that a PIN code must be entered regardless of the user's intention.
Fig. 16 shows an example of the structure of a PIN code identification device (IC card 50) in which a PIN code can be set for each memory area in the data holding unit 152.
The PIN code comparison unit 154 includes a lookup table showing the relationship between the memory area allocated in the data holding unit 152 and the PIN code. By using this lookup table, it can be determined whether the PIN code input via the communication unit 151 matches the PIN code of the corresponding storage area. When the PIN codes match, access to the corresponding memory area is allowed. Table 3 shows an example of the structure of the lookup table managed in the PIN code comparison unit 154.
[ Table 3]
| PIN code | Allowed memory start address | Allowed memory termination address |
| PIN code 1 | 100h | 180h |
| PIN code 2 | 300h | 3A0h |
| PIN code 3 |
According to this structure, the PIN code input via the communication unit 151 is compared with each PIN code held in the lookup table by the PIN code comparison unit 154. Then, the memory area corresponding to the matched PIN code is allowed to be accessed among the memory areas in the data holding unit 152.
The invention has been described in detail with reference to specific embodiments thereof. It is apparent that those skilled in the art can implement modifications or substitutions of the embodiments without departing from the scope of the present invention. That is, the present invention is disclosed by way of example and should not be construed as limited in this specification. For determining the scope of the invention, reference should be made to the appended claims.
Claims (12)
1. A data communication device, comprising:
a storage space;
a service storage area in the storage space, the service storage area including one or more user blocks, each user block storing data for providing a service;
two or more service definition blocks in the storage space, each service definition block comprising service definition data and access rights data defining access rights to the user block;
a PIN code service definition block in the storage space for defining a PIN code service for verifying a PIN code before providing the service; and is
Wherein the PIN code service definition block is defined as a service dedicated to PIN code services, and the contents of the PIN code services are stored in a PIN code service data block such that PIN codes for respective access rights for the same user block or the necessity of inputting PIN codes are different, and the user block or user blocks are accessed by using any service definition block,
wherein different PIN codes are set for adding and subtracting values to and from valuable information, and a maximum allowable error is set in a PIN code service data block, and when the number of input errors reaches the maximum allowable error, the corresponding service or access to the corresponding area is prohibited.
2. The data communication device of claim 1, further comprising an area definition block for defining an area including one or more service storage areas provided in the storage space.
3. The data communication device of claim 2, wherein the PIN code service definition block defines a PIN code service that verifies a PIN code before accessing the area.
4. The data communication device of claim 1, further comprising an overlay service definition block for defining other services applied to the service storage area that has been provided by the service definition block.
5. The data communication device of claim 4, wherein the PIN code service definition block defines a PIN code service that verifies a PIN code before execution of the overlapping other services.
6. The data communication device according to claim 1, further comprising authentication control means for setting authentication of the PIN code performed by the PIN code service to be valid or invalid.
7. A method for managing memory in a data communication device comprising a memory space, the method comprising:
a step of providing a service storage area in the storage space, the service storage area including one or more user blocks, each user block storing data for providing a service;
a service definition step in which two or more service definition blocks are provided in the storage space, each service definition block including service definition data and access right data defining access rights to the user block; and
a PIN code service definition step, wherein a PIN code service definition block is arranged in the storage space and is used for defining a PIN code service for verifying the PIN code before providing the service; and is
Wherein the PIN code service definition block is defined as a service dedicated to PIN code services, and the contents of the PIN code services are stored in a PIN code service data block such that PIN codes for respective access rights for the same user block or the necessity of inputting PIN codes are different, and the user block or user blocks are accessed by using any service definition block,
wherein different PIN codes are set for adding and subtracting values to and from valuable information, and a maximum allowable error is set in a PIN code service data block, and when the number of input errors reaches the maximum allowable error, the corresponding service or access to the corresponding area is prohibited.
8. The method of claim 7, further comprising a region defining step for defining a region including one or more service storage regions provided in the storage space.
9. The method of claim 8, wherein in the PIN code service defining step, a PIN code service for verifying the PIN code before accessing the area is defined.
10. The method of claim 7, further comprising an overlapping service definition step for defining other services applied to the service storage area already provided by the service definition step.
11. The method of claim 10, wherein in the PIN code service defining step, a PIN code service for verifying the PIN code before performing the overlapped other services is defined.
12. The method according to claim 7, further comprising an authentication control step of setting authentication of the PIN code performed by the PIN code service to be valid or invalid.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP104706/2003 | 2003-04-09 | ||
| JP2003104706A JP4682498B2 (en) | 2003-04-09 | 2003-04-09 | Communication device and memory management method for communication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1066309A1 HK1066309A1 (en) | 2005-03-18 |
| HK1066309B true HK1066309B (en) | 2010-02-05 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7194591B2 (en) | Data communication apparatus and method for managing memory in the same | |
| CN100449508C (en) | Data communication device and method for managing memory of data communication device | |
| US6747546B1 (en) | Data communication transponder and communications system employing it | |
| EP1256104B1 (en) | Method and device for identification and authentication | |
| US6932269B2 (en) | Pass-code identification device and pass-code identification method | |
| EP1770533A1 (en) | Information management device and information management method | |
| CN101755291A (en) | Method, system and trusted service manager for securely transmitting an application to a mobile phone | |
| JP2006155045A (en) | Electronic value information transmission system and electronic value information transmission method | |
| EP1703408B1 (en) | Data communicating apparatus and method for managing memory of data communicating apparatus | |
| US7066385B2 (en) | Information processing terminal or control method therefor | |
| HK1066309B (en) | Data communication apparatus and method for managing memory in the same | |
| JP4799058B2 (en) | IC card and computer program | |
| KR100614128B1 (en) | How to handle terminal card and RF card | |
| JP2005196409A (en) | Data communication apparatus and memory management method for data communication apparatus | |
| HK1097613B (en) | Data communicating apparatus and method for managing memory of data communicating apparatus | |
| Nieto | HCE-oriented payments vs. SE-oriented payments. Security Issues | |
| HK1097612B (en) | Data communicating apparatus and method for managing memory of data communicating apparatus |