JPH09180036A - IC card system with personal identification function - Google Patents

Abstract

(57) [Abstract] [Purpose] By pressing multiple specific positions on the IC card that only the person remembers, the sensor status is detected, information processing is performed, and the data is compared with pre-registered data and matches. This is a system that allows you to use the card by recognizing yourself. [Structure] A plurality of pressure-sensitive sensors distributed around the surface of an IC card, and a card holder presses the plurality of pressure-sensitive sensors in advance so that each sensor is pressed, that is, a pressure-sensitive switch is turned on or off. The memory in the IC that holds the code data generated from the state and the data generated by pressing a plurality of specific positions on the IC card stored only by the person himself / herself by the terminal for identifying the person before using the IC card. Is a system capable of outputting a flag permitting the use of the card when the contents are compared with the contents of the memory and after the processing, the card can be used.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention has a function of enhancing the security function by using an IC card that enables identification of the owner, and a function of restricting the use of an IC card illegally obtained by another person and an IC card or a terminal. The present invention relates to a system having a function of disabling plagiarism.

[0002]

2. Description of the Related Art Conventional IC cards use passwords and IDs.
The use of numbers makes it much more difficult to illegally use than magnetic cards, etc., but it is still inferred from illegally reading the contents of IC cards, illegally obtained personal identification numbers, or data such as date of birth. There were cases of unauthorized use using the security code.

[0003]

SUMMARY OF THE INVENTION According to the present invention, a recognition means for confirming the identity of a person by pressing a plurality of specific positions on the IC card stored only by the identity of the person is provided. However, if the confidential pressing of a specific position for personal identification is not executed correctly, the function that the IC card system refuses to accept, and if the illegal use is forced, the IC card itself will be destroyed and invalidated. It is an object of the present invention to provide a system with improved security by providing a function for collecting and collecting information and providing a means for preventing unauthorized use.
Further, in the case of illegal access to the internal structure of the IC card or the terminal, it is also one of the purposes to provide a function of destroying the semiconductor circuit that controls the function of the system in order to prevent misuse. is there.

[0004]

In order to achieve this object, in the present invention, a semiconductor circuit provided in an IC card body, a plurality of pressure-sensitive switches provided in a distributed manner on the IC card, and an identity verification. Therefore, a memory for storing input data by pressing a plurality of specific positions arbitrarily selected from a plurality of pressure sensitive switches on the IC card and a newly created I
An IC card system with a personal identification function having a terminal device having a function for inputting personal identification input data to a C card is used as a means.

In another embodiment, a memory corresponding to each switch for storing an ON or OFF state by pressing a plurality of pressure sensitive switches on an IC card and a pressed state of a plurality of pressure sensitive switches are stored. After the operation, a sequential circuit for reading the storage state of the memory in a loop, and a plurality of pressure sensitive switches for determining the starting point address of the read for the sequential circuit for reading in a loop A circuit that generates a specific address by a pressure-sensitive switch that is selectively pressed to indicate the starting point, and reads the memory contents from the address specified by the specific address in response to the input of the specific address, and generates personal identification data. 2. The IC with the personal identification function according to claim 1, further comprising: a semiconductor circuit provided in the main body of the IC card. Over de system is a means.

Further, in another embodiment, data generated by an identification operation by pressing a plurality of specific positions arbitrarily selected from a plurality of pressure sensitive switches on an IC card, and card issuance or authentication data update. A circuit that compares the data that is input at that time and stored in the card,
If the comparison shows a match, a flag is set to indicate that the card is allowed to be used, and if there is a mismatch, the judgment circuit that generates a reject signal and the personal identification data that was re-input after a reject do not match and the reject signal is counted. And a circuit for destroying the memory record of the IC card when the counter reaches a preset number of times and determines that the counter is for improper use.
An IC card system with the described personal identification function.

According to the invention described in claim 3, I
When it is determined that the C card has been illegally used, the memory record of the IC card is destroyed and the internal memory record of the terminal or the like and the function of the semiconductor circuit that executes the connection function with the IC card are destroyed. IC card system with confirmation function is used as means.

The invention according to claim 3 or 4 is characterized in that the semiconductor circuit controlling the function of the system is destroyed when there is an illegal access to the internal structure of the IC card or the terminal. An IC card system with a personal identification function is a means for solving the problem.

[0009]

[Operation] Unless the IC card itself is justified by pressing the specific position on the IC card for personal identification (hereinafter referred to as input data) stored by the user just before use, The card does not work even if I insert it into the terminal.
This input is made each time it is used, and it disappears in an extremely short time, so that it cannot be used by a person who illegally obtains it by picking up or stealing the IC card.

There is a possibility that an unauthorized person may input the secret data of the person who authenticates that he is a legitimate owner of the IC card by analogy, but if it is different from the data registered in advance, By allowing only a limited number of retries such as 2 or 3 times, it is possible to prevent an illegal attempt. If you try to access the system beyond this limit, it will be judged as malicious and the system will not destroy the contents of the IC card or take the IC card into the terminal and return it. Make it possible to give an alarm. Even when the terminal device is stolen or the internal mechanism is illegally modified, the internal important semiconductor circuit is destroyed to protect the secret.

[0011]

【Example】

[Principle of Identity Confirmation Operation] FIG. 1 is a diagram showing the principle of the identity confirmation operation of the IC card of the present invention. In FIG.
Reference numeral 11 is an IC card, 111 is a semiconductor chip provided in the card, and 20 is a plurality of pressure switches provided dispersedly in the body of the card. Reference numeral 112 is provided in the semiconductor chip 111, and only the respective circuits for determining the ON / OFF state of each switch, storing the same, and executing the identity verification are specifically taken out for description. Therefore, this 112
Will be referred to as a circuit portion in the following description.
All the blocks indicated by 51 to 155 are built in the semiconductor chip 111.

In the circuit portion 112 of FIG. 1, reference numeral 151 is a memory, 152 is a buffer for reading the input confirmation data from the memory and storing the same, 153 is a circuit for reading a registered secret code, 154 is a comparator, 155. Is a judgment circuit for judging whether or not the IC card can be used by receiving a result signal indicating whether the comparators match or mismatch. Judgment circuit 15
Although not shown in FIG. 1, the output of 5 depends on the type of the IC card, that is, via the contact for external connection in the case of the contact type, and in the case of the non-contact type, the electromagnetic coupling, It is connected to an external device such as a terminal by optical coupling or radio waves, and supplies a signal indicating whether or not the IC card can be used (flag state in the IC).

FIG. 2 is a diagram showing an embodiment of the arrangement and structure of the personal identification pressure switch in the IC card of the present invention. In the embodiment of FIG. 2, a plurality of concave portions are provided around the IC card 11, and a plurality of pressure sensitive sensors 20 to 29 which are elements of the pressure sensitive switch are embedded therein. 11
Reference numeral 3 is a wiring from each sensor to a terminal of the IC 111. In the illustrated example, ten pressure-sensitive sensors are provided, but the number is not limited to this, and the number can be arbitrarily increased or decreased. In the present invention, the pressure sensitive sensor may be used as a synonym for the pressure sensitive switch.

Magnetic switches can be used instead of pressure sensitive switches. In this embodiment, a minute coil is provided instead of the pressure sensor 20 or the like, and the IC card 11
A thin layer of magnetic material is provided at a position corresponding to each coil, below the thin layer deposited on the surface. By detecting that the thin layer of the magnetic material approaches the coil when the finger is pressed at a predetermined position and the inductance of the coil is changed, the operation of pressing the specific switch is detected. By magnetizing the magnetic material, it is possible to use a technique for detecting the voltage induced in the coil.

FIG. 3 is a diagram for explaining a terminal device used to execute an initial setting process of data for authenticating the user and its operation. The terminal 31 is an IC
This is a terminal device that can be used to record necessary information in the card, for example, fingerprint or fundus retina information when issuing the card. Reference numeral 32 is a slot for inserting an old IC card when updating the IC card, and 33 is a slot for inserting a new IC card to be issued when updating the IC card. The image capturing device 34 is means for capturing and recording an image of the fundus retina. It is also possible to register a fingerprint by using the camera device 34 having a camera structure suitable for registering a fingerprint.

Although not shown in FIG. 3, when fingerprint information is recorded, a device therefor can be added. To issue a new card, simply insert the new card into the slot 33 and enter the necessary information. However, when updating the card, it is necessary to copy the information stored in the old IC card inserted in the slot 32 to the new card in the slot 33. In particular, from the standpoint of confidentiality, it is safer to transfer the personal identification information from the old card rather than from the database of the center computer. The terminal 35 shown on the right side of FIG.
The terminal is used for processing the input data for personal identification, and the input / output unit 36 of the IC card 37 is provided on the upper part. 38 is
Keyboard, 39 is a connection code with the terminal 31, 30
Is a display screen provided on the front surface of the terminal 35.

FIG. 4 shows a portable terminal device suitable for confirming the identity of the IC card holder. In this case, a battery is incorporated and operated in consideration of portability.
As another embodiment, when the IC card is used for leisure equipment (eg, pachinko), it is used together with the leisure equipment. In any case, the structure will be small and lightweight because it will be installed side by side with portable or leisure equipment. FIG.
In the figure, 40 is a terminal device main body, 41 is a press input portion for identifying the user provided on the upper surface, 42 is a slot for inserting an IC card, and 43 is an interface portion for connecting to a leisure device (not shown). Although it is provided on the side surface for convenience of explanation, it can be installed at any place such as a rear part.
While the apparatus of the present invention has been described above, an overview of its use utilizing the present invention will now be described followed by individual operations,
The functions and effects will be described in detail.

[1. Authentication data setting process for new card]
At the time of issuing or purchasing a card, the terminal shown in FIG. 3 installed in a separate room invisible to another person is used to execute an initial setting process of data for authenticating the person. Since a plurality of pressure-sensitive sensors 20 on the IC card shown collectively in FIG. 1 or a plurality of pressure-sensitive sensors 20 to 29 as shown in FIG. Decides two or more locations of pressure-sensitive sensors to be pressed when using an IC card in the future, and simultaneously presses a plurality of sensors. A single sensor may be pressed, but a plurality of sensors are desirable because they can be easily detected by others. The pressed position set as described above is read by the terminal device, and the combination becomes the initial value of the authentication for confirming the person, and is set in the card.

The present invention is characterized in that two or more places of pressure-sensitive sensors to be pressed are determined and a plurality of sensors are simultaneously pressed to generate data for authenticating the user. The technical means for reading this data is that the AND circuit in the semiconductor chip detects that a plurality of pressure-sensitive sensors have been pressed through the wiring to the terminal of the IC 111 indicated by 113, and the pressed state of the plurality of sensors is predetermined. The fact that it was kept for a long time, IC
It is detected by the timer built in. This is because it takes a certain amount of time for the operator to accurately execute the confirmation operation. The operator may start the reading operation by pressing another sensor that requests reading, but since the operation becomes complicated, the reading is automatically started at the timing when the pressed state continues for a predetermined time. Is preferable.

The pressing operation may take some time to reach a stable state, for example, in an elderly person who has a physical failure. Therefore, if the pressing state with a plurality of fingers is unstable, that is, if it fluctuates without continuing for a predetermined time, it means that it is not confirmed, so that the circuit that monitors the state previously provided in the semiconductor circuit indicates that it has continued for a predetermined time. It is desirable to monitor and to detect when the state is maintained for a predetermined time by a pulse output from a timer to start a read operation to the memory. By this means, it is possible to reliably detect the sensor pressing state by a plurality of fingers for identifying the person.

Further, in another embodiment described later, when a pressing state by a plurality of fingers is detected, one switch is pressed again in order to determine which switch is to be the head of the code. , Thereby generating a confirmation signal from the position designated. Also in this case, the data determined in the pressed state which is the basis for stably generating the confirmation code in the pressed state by the plurality of fingers must be temporarily stored in the memory. The timing of starting this storage operation is the same as above.

In the terminal 35 shown in FIG. 3, if the keyboard 38 for inputting characters is not installed, the new I
The C card 37 is placed on the input / output unit 36, a pressing place for personal identification is selected, and a code is set. The initial value of the confirmation input data is set by the function of the personal identification input data processing terminal 35. Keyboard 3 for character input
8 is installed, the new IC card 37 is placed on the input / output unit 36 of the terminal device 35, the pressing place is designated on the IC card 37, and the character input keyboard 38 is used to input the required data. To do.

When a new IC card is issued, it is necessary to set the valid time of the personal identification input data. Even if the IC card is stolen if the time is shorter, the IC card will be invalidated before it is abused, so it is safe, but it is necessary to operate the IC card in a short time and with good operation. When the character input keyboard 38 is installed, the holder of the IC card can specify the desired holding time of the confirmation code. In the case of a terminal that does not have the keyboard 38 for inputting characters, this designation cannot be made. Therefore, the holding time and the number of retries that are preset in the terminal, for example, 20 seconds for the holding time and the retry counter It is automatically specified as 3 times.
However, even if such designation is carried out, if the cardholder desires, it can be changed later by using the terminal equipped with the character input keyboard 38.

When used for purposes such as a license or entry ID card, it is necessary to enter data such as a personal identification number or personal attributes, and it is also necessary to capture fingerprint or fundus retina information as data. In this case, the terminal 31 shown in FIG. 3 is installed, connected to those devices, and loaded into the IC card. The terminal device 31 is provided with a photographing device 34 for photographing information of the fundus retina and capturing it as video information.

[2. Card Authentication Data Change Processing] I
When the C card is frequently used, there is a possibility that another person may judge the C card due to dirt on the pressing place. It is necessary to change the initial value according to the wishes of the person. Insert the card currently in use into the slot 32 shown in FIG.
By pressing the current authentication position on 7, the cooperation between the person and the card is found. While checking the OK sign while viewing the screen 30 or by turning on the OK display lamp, the initial value of the new authentication is pressed on 37 to set the initial value, and the updated message is output.

[3. Card reissue (update) processing] With a license, etc., it is necessary to copy the data contents of the old IC card to the new IC card and input the updated part (eg, deadline, name, address, etc.). Insert the old IC card at 32 and the new IC card at 33 in FIG.
Input from 8. When the initial pressing value of the new IC card is the same as that of the old IC card, the fact is input from the keyboard.
When changing the initial value, the pressing position is designated by 37. At this time,
The new IC card is created by copying the fingerprints, fundus retina data, etc. in the old IC card. New IC for old IC card
Processing such as writing the message that the card has been issued and the expiration date on the memory, or deleting or invalidating old data in the memory is performed.

At the time of use, the IC card functions by pressing the initial value set in the above procedure. At this time, I
A C card with a built-in battery operates with the battery. In an IC card that does not have a built-in battery, power is supplied to the IC card by supplying power by radio waves or by supplying power from a terminal. When the pressing location matches the initial value during use, the memory becomes available or used O
The K flag is set. This flag of OK to use (it operates when put in a terminal or the like) is disabled within a specified holding time (about 20 seconds) by a software timer. This time can be changed depending on the use of the IC card.

In the present invention, it is necessary to consider not only the security of identity verification but also the consistency with the terminal.
When the IC card is inserted into the terminal, it is requested to issue a telegram for each function of the terminal, and if the compatibility does not match, the card does not function. The terminal must have the following functions.
Confirm the owner. (License, identification, etc.),
Request personal identification information (name, date of birth, permanent register, personal identification number, name of child, fingerprint or image of fundus retina). Leisure card usage range (identity confirmation, leisure type, balance (usable fee), etc.
The IC card cannot be used unless the input data (code) for personal identification in the terminal and the memory and the received message from the terminal match.

When a leisure device (eg, a pachinko machine) is used, it is possible to use the leisure device by setting an OK flag in the IC card. Since forgery is easy to counterfeit, the IC card does not have a battery or electric double layer capacitor, only the memory and contacts are retained as shown in Fig. 1, and the cardholder's attributes and memos are entered at the time of initial value setting. , It is also necessary to use only the area for playing (eg, card transaction software and amount) together with these initial values and attributes in the memory. At this time, I would like to play by setting the OK switch to be used on the card by the modified device of FIG. 4 attached to each play table. Further, in the leisure store, it is possible to prolong the holding time of the switch OK by the store number code or the like.

When the card is illegal, the buzzer and caution lamp are turned on. It is also necessary to have a mechanism to turn on the suction warning lamp in the leisure equipment when making a further effort. Next, the relationship between these used terminals and the IC card will be described. When confirming the owner of the card as described above, or when the pressed part of the card cannot be confirmed due to a failure of the battery in the IC card or the electric double layer capacitor described below, etc. A confirmation terminal is required.
After operating the card in this terminal, the battery or electric double layer capacitor can be charged.

[4. Countermeasures against terminal alteration / counterfeiting] In addition to the above, we also prepare terminal destruction software. When an IC card is used to illegally obtain a portable terminal or attempt to make a copy of leisure equipment, a strong current or high voltage is generated to control the main functions of the terminal C
The main parts such as PU, memory or chip control unit are integrated into IC
It is destroyed by the circuit built in the card. As a concrete technical means, if it is possible to prevent misuse of the terminal, it is normal to reach the purpose, so it is not the entire terminal,
It suffices to stop the function of the semiconductor circuit, which is the central part of the function, and erase or change the program, data, etc. so that they cannot be copied. Therefore, when an unauthorized access without permission occurs, a high voltage can be selectively applied to the terminals of the main part of the terminals of the IC chip to destroy the internal functions and data.

[5. Exceptional Function of Using Deposit Terminal] When the income of using a bank terminal device or leisure machine such as a pachinko machine is recorded in the IC card, it is not necessary to press the identification as an exceptional function.

[6. Other Embodiments of Personal Identification Data Setting Processing] In the present invention, the operation of coding the pressing position of the switch is performed by pressing three positions, for example, 20, 22, and 24 of the switches 20 to 29 in FIG. The simplest is to generate a code 10101000000 with the pressed state as 1 and the non-pressed state as 0. However, if the card is used for a long period of time or frequently and the pressing position is dented or soiled and the card is stolen by another person, the pressing position may be easily determined, which may lead to unauthorized use. Therefore, instead of simply reading from the first position by associating the position of the switch with the memory content, after deciding the pressing position and storing the personal identification data, in order to decide which switch is to be the beginning of the code, It is possible to press one switch previously selected by oneself and code it based on the stored data according to the designation. The hardware and software that read out the memory and code it will be slightly more complicated, but the fraud prevention effect will be great. The pressing of the pressing sensor with a plurality of fingers and the reading of data by the pressing have been described above.

As a concrete technical means of the above embodiment, a plurality of pressing positions are pressed and a stable state is maintained for a predetermined time, that is, a state in which a plurality of pressing position data are held without change is a predetermined time. The fact that it has continued for a while is measured by a timer, and when the predetermined time has elapsed, the data is stored in the memory by the output of the timer. Next, in order to specify the head address when the data is generated as a code, the owner of the card presses one predetermined pressing switch. By this operation, the head address from which the memory is read is designated, and the stored data is sequentially read from that address to generate a code.

Therefore, even if a plurality of pressing positions are fixed, the data generated by the operation selected in the subsequent operation of the pressing switch will be different. Even if there are habits on multiple pressing positions after long-term use, it is difficult to determine which is the first multiple pressing positions, and an unauthorized user may change the combination several times to confirm the identity. Even if you try, you can reach the limit of retries unless you accidentally give the correct answer once or twice, and the probability of securing the right to use the card is extremely low. Therefore,
Although it is a simple operation, the certainty of identity verification is high.
As a technical means, if a plurality of pressed position data are stored in a memory in which addresses are assigned in a ring shape, a designated operation of the leading address of the memory to be read is detected, and an address determination and a code generation operation start signal are generated. Good. This may be set by hardware or may be operated by setting a program.

The IC card of the present invention cannot be accepted even if it is directly inserted into the slot of the terminal as usual.
In order to prove that the IC card is a legitimate holder, input data for personal identification is first input to the chip in the IC card by a combination of pressing methods of a plurality of pressure switches stored only by the person. . This input terminal and input method are described in [1. As described in detail in the section of “Authentication data setting process for new card”, the data input for personal identification is shown in the circuit portion 112 of the chip 111 in the IC card as described in the description of FIG. Stored in the memory 151. Although the storage time is a relatively short time of 10 to 20 seconds, this storage time is merely an example, and the storage time is not limited to this and can be arbitrarily set according to the user's request. However, it is not preferable that the time is too long in order to guarantee security.

When the decision circuit outputs a signal that the use is approved, the system takes an action for executing the next step. However, if the judgment circuit outputs a signal to refuse the use of the IC card, the operator is not the legal holder of the IC card and the secret codes do not match, and the operator is the legal holder but the principal. There is a possibility that the confirmation password is entered incorrectly. Therefore, the message that the identity verification was not correctly performed is displayed by voice, image, or both, and the IC card is ejected from the slot.

In the latter case, even a legitimate holder may make an erroneous operation, so retry is permitted once or twice. The operator repeats the password input operation for personal identification,
The above operation is repeated again. However, if there is a mistake more than three times, there is a high probability that an unauthorized holder will try to press the IC card.
Instead of rejecting the card, it can be taken into the terminal. In this state, the IC card is not returned to the holder, so a message is output to contact the staff.

After the operator intervenes to confirm the operator through the contact, if the cause of the erroneous operation can be judged to be justified, the operator returns it through a predetermined procedure. Also, try the input again in the presence of the attendant. However, if the IC card is stolen or picked up and is illegally owned, there is a high possibility that the staff will escape because the clerk has a suspicion. If you are a legitimate holder but you cannot verify your identity due to some malfunction of the card or terminal during the hours when the clerk is not working, enter the information to that effect on the IC card for future use. Can be returned in a prohibited state. If this operation is unsuccessful, the nearest contact point will be displayed to inform you that it cannot be returned.

When the system receives the personal identification signal, the user of the IC card may determine that the user is a legitimate holder, and may request the password or another personal identification number. If this procedure is performed correctly, the service using the IC card is executed, and if necessary, the fee is settled.

A normal IC card can be used even by an unauthorized person if he / she operates by knowing the personal identification number itself. In addition, since there are many examples of using the date of birth or a simple combination of numbers, even in such a case, there are cases in which the information is accidentally matched and abused. However, in the present invention, the procedure for first authenticating the validity as the holder of the IC card is a simple operation of simultaneously pressing a plurality of switches by the fingers of one hand or both hands, so that it can be guessed or discovered by another person. There is little sex.

In one embodiment of the present invention, the storage time of the personal identification data input before use is limited to a short time,
The storage time in the card is set so that the stored content of the input secret code disappears when this time elapses. By adopting this configuration, even if the IC card is stolen immediately before use, the security disappears because the secret code disappears before the criminal misuses it. However, although it has been explained that the time limit is 10 seconds to 20 seconds as an example, the time limit is not limited to this, and the system operator,
Alternatively, the holder of the IC card can set any time as required. In another embodiment, it is possible to erase the stored contents of the secret code input when the use of the IC card is finished. The longer the memory retention time is, the more handling is possible, but the shorter the memory retention time is preferable in order to prevent abuse.

[Principle of personal identification registration and confirmation] The above is the basic principle of the present invention, but the way of operating the input means that enables the initial authentication differs depending on the specifications and structure of the IC card. If the IC card itself is not equipped with a power source (for example, a battery), it is necessary to operate the pressure switch provided on the front surface or the back surface of the card while the IC card is powered. In a normal terminal, the card inserted from the card slot is taken into the terminal and the contact of the card is brought into contact with the terminal part, or the power and signals of the terminal and the card are contactlessly contacted by electromagnetic induction or the like. Many transmit.

[Countermeasures for malicious use of IC card] The operation of confirming the identity of the owner of a valid card is as follows.
It is highly probable that a person who learns by stealing the selective pressure of the pressure switch memorized only by the person himself or herself can illegally obtain the result of the person confirmation by operating the person's card. Low but possible. To further increase security, it is possible that a person other than the principal can access the system by repeating the confirmation operation together with the input result of a secret code such as an ID number and a personal identification number, which is executed after the personal identification operation. ,almost none.

However, it must be assumed that there may be a situation in which all the secrets must be taught due to crime. Although such cases are extremely rare from the whole, it is necessary to take measures to prevent them. As the means, when using an IC card for an important purpose of use, for example, a retinal blood vessel image of the fundus of the eye is registered in advance and collated with the person's eyeball. You can add the operation to certify that.

When a malicious person is forced to use an IC card by means of intimidation or the like, when blinking is repeated at a high speed for a predetermined number of times or more while using the terminal device for reading a retinal blood vessel image, the system is It becomes possible for the user to determine that the terminal is in an emergency and inform the government agency such as the police of information such as the place where the terminal is installed and the read code. Although it is possible to intimidate the terminal by issuing a loud alarm sound from the terminal by the operation of the victim, knowing that the crime prevention agency has been notified, there is a danger that the criminal may inflict harm. May be. Therefore, a means for reporting an emergency so as not to be noticed by a criminal or the like is useful, and there is a great merit in providing a means for secretly reporting to the system administrator. Further, if the contents of such a system are publicized, a countermeasure may be devised, but it is extremely effective in crime prevention because it involves a great risk in the execution of a crime.

The connecting means between the IC card and the mounting table is IC
It is determined according to the card format. For example, when connecting through a contact provided on the card, a connection contact terminal is provided above the mounting table, and the IC card contact is placed on the contact terminal, that is, the surface with the contact faces downward. Is convenient.

Functions such as calculation and storage of the IC card are
It is realized by a chip, but it has only limited operations and information processing as long as it is used properly. In order to illegally acquire the software and information therein, the IC card must be disassembled to access the IC chip. This is impossible for an amateur, but possible for a person with a high level of knowledge and skill. Therefore, the security cannot be ensured without the function of maliciously preventing the internal reading. To achieve this goal, I
If you break the C card case and try to look inside, the IC
Provide a function to destroy the chip itself.

As a concrete means for this, a thin sense line is provided in the IC card, and when this connection is cut due to the destruction of the card, this is detected to erase all the stored contents in the IC chip. Can be achieved with. Further, in a card of a type that does not include a battery as a power source in an IC card, a small-sized and large-capacity power storage device such as an electric double layer capacitor is provided, and the power storage device is charged each time it is used.
It can be used for the operation of the protection circuit. In the case of an IC card of a type having a built-in battery having a sufficient capacity, an overcurrent can be applied to the active element in the IC chip by using the battery to thermally destroy it.

[0050]

As described above, according to the present invention, the recognition means for confirming the person by pressing a plurality of specific positions on the IC card stored only by the person is provided.
The function that the IC card system refuses to accept unless the C-card is illegally obtained and the pressing of the secret specific position for identification is not executed correctly. It is possible to provide a system with enhanced security by providing a function of destroying itself and invalidating or collecting it, and providing means for preventing unauthorized use. Also, I
In the case where there is an illegal access to the internal structure of the C card or the terminal, a function of destroying the semiconductor circuit that controls the function of the system can be provided to prevent misuse. Therefore, there is an effect that the security of the IC card is significantly improved at a low cost.

[Brief description of the drawings]

FIG. 1 is a diagram showing a principle of an identification operation of an IC card of the present invention.

FIG. 2 is a diagram showing an embodiment of the arrangement and structure of a pressure switch for personal identification in the IC card of the present invention.

FIG. 3 is a diagram for explaining a terminal device used for personal identification registration and confirmation and its operation.

[Fig. 4] When using an IC card for leisure equipment,
It is an explanatory view of a terminal device suitable for carrying.

[Explanation of symbols]

11 IC card 111 Semiconductor chip (IC) 113 Wiring from each sensor to the terminal of IC111 151 Memory 152 Buffer 153 Password reading circuit 154 Comparator 155 Judgment circuit 20 to 29 Pressure sensor or switch 31 Terminal 32 Old IC card Slot for inserting 33 Slot for inserting new IC card to be issued 34 Image capturing device of fundus retina 35 Terminal for input data processing for personal identification 36 Input / output section 37 IC card 38 Keyboard 39 Connection code 30 Display screen 40 Portable Or terminal device body for leisure equipment 41 Press input section for identity verification 42 Slot for inserting IC card 43 Interface section for connecting to leisure equipment

Claims (5)

[Claims] 1. A semiconductor circuit provided in an IC card body,
A plurality of pressure-sensitive switches distributed on the IC card,
Input the personal identification input data to the memory that stores the input data by pressing a plurality of specific positions arbitrarily selected from the plurality of pressure sensitive switches on the IC card for personal identification, and to the newly created IC card. An IC card system with a personal identification function having a terminal equipped with a function for performing 2. A memory corresponding to each switch for storing an ON or OFF state by pressing a plurality of pressure sensitive switches on the IC card, and a memory after an operation of storing the pressed states of the plurality of pressure sensitive switches. Circuit for reading the memory state of the loop in a loop operation, and a plurality of pressure-sensitive switches for instructing the start point after completion of pressing of a plurality of specific positions in order to determine a read start point address for the loop circuit A circuit for generating a specific address by the pressure switch that is selectively pressed, and a circuit for receiving the input of the specific address and reading the memory contents from the address specified by the specific address to generate the personal identification data. The IC card system with a personal identification function according to claim 1, wherein the IC card system is provided in a semiconductor circuit provided in the IC card body. 3. Data generated by an identification operation by pressing a plurality of specific positions arbitrarily selected from a plurality of pressure-sensitive switches on an IC card, and data input when the card is issued or authentication data is updated, A circuit that compares the stored data, a judgment circuit that sets a flag indicating that the card is allowed to be used when the comparison is a match, and a reject signal is generated when there is a mismatch, and the identity confirmation re-input after the reject A counter that counts reject signals when the data for use do not match, and a circuit that destroys the memory record of the IC card when the counter reaches a preset number of times and determines that it is due to unauthorized use An IC card system with a personal identification function according to claim 1. 4. When it is determined that the IC card is illegally used,
4. The IC card system with a personal identification function according to claim 3, wherein a semiconductor circuit for executing the memory recording and the connection function with the IC card inside the terminal device is destroyed together with the destruction of the memory record of the IC card. 5. A means for externally storing a signal in an internal circuit, which enables a person who has a right of rightful processing for repair or the like to open the inside of the IC card or the terminal, and this signal is stored. 5. The IC with the personal identification function according to claim 3 or 4, wherein the semiconductor circuit that controls the function of the system is destroyed when an action is made to modify the inside without opening without proper permission. Card system.