The present invention relates to an IC card and a method of using an IC card. Particularly, the present invention relates to an IC card and an IC card usage method improved in security.
A communication system using a non-contact type IC card is employed in the automatic examination for lifts in skiing grounds and railroads, automatic sorting of parcels, and the like. An example of a conventional non-contact type IC card is shown in FIG. 16. An IC card 2 shown in FIG. 16 is a one-coil type IC card, including a coil 4 functioning as an antenna, capacitors C1 and C2, and an IC chip 8.
Capacitors C1, C2 and IC chip 8 are mounted on a film-like synthetic resin substrate. The substrate mounted with capacitors C1, C2 and IC chip 8 is referred to as a tab (tape automated bonding) 10.
FIG. 17A is a sectional view of IC card 2 taken along S1xe2x80x94S1 of FIG. 16. A core member 12 formed of synthetic resin is sandwiched by a pair of surface layer members 14 and 16. Tab 10 mounted with capacitors C1, C2 and IC chip 8 is fixed at surface layer member 14 exposed within a cavity 18 provided in core member 12. The junction portion of tab 10 and IC chip 8 is covered with an encapsulant 9 such as of epoxy resin.
Coil 4 is located between surface layer member 14 and core member 12. Coil 4 and tab 10 are connected by a wire 20.
FIG. 17B shows a circuit diagram of IC card 2. IC card 2 receives an electromagnetic wave sent from a reader/writer (an interrogator not shown) by a resonant circuit 22 formed by coil 4 and capacitor C1 as the power source. Capacitor C2 is the capacitor for smoothing power.
The information sent in an overlapping manner with the electromagnetic wave is decoded by a control unit (not shown) provided in IC chip 8, whereby the contents of a nonvolatile memory (not shown) provided in IC chip 8 is rewritten, and a response is sent back to the reader/writer. This response is effected by altering the impedance of resonant circuit 22. The reader/writer identifies the contents of the response by detecting change in impedance (impedance reflectance) of its own resonant circuit (not shown) corresponding to the impedance change of resonant circuit 22 of IC card 2.
By using such an IC card 2, data can be transmitted/received without requiring a power source in the card and in an non-contact manner.
A communication system using the above-described conventional IC card has problems set forth in the following. In a communication system using a conventional IC card, security is sought by encrypting the communication data between the reader/writer and the IC card. However, the data can be decoded and rewritten if the encryption is decoded. It is therefore difficult to ensure the security of the system by means of only the encryption.
There is an approach of preventing improper reproduction of an IC card of no further use by completely disabling data rewriting of the IC card of no further use. However, this will prevent recycling of the IC card, resulting in increase in the cost of IC cards.
An object of the present invention is to provide an IC card of high security and low cost, and a method of using an IC card, solving the above problems.
To achieve the above object, an IC card according to an aspect of the present invention includes a data communication unit for data communication with an interrogator, a data storage unit storing data, and an access control unit controlling access of the data storage unit according to the data obtained from the data communication unit. The access control unit includes a data initialization unit initializing the data storage unit according to a predetermined data initialization instruction obtained from the data communication unit, and a particular data write control unit providing control to allow predetermined particular data of card application to be written only once into the data storage unit that is initialized by the data initialization unit.
The IC card of the present invention is characterized in that the data storage unit is initialized according to a predetermined data initialization instruction to allow predetermined particular data of card application to be written only once onto the initialized data storage unit.
Therefore, the particular data once written into the data storage unit cannot be rewritten unless the data storage unit is initialized. Furthermore, the data storage unit can be initialized by only the person who knows the predetermined data initialization instruction. Therefore, unauthorized rewriting of particular data can be substantially prevented by distinguishing the person who can write in the particular data and the person who can initialize the data storage unit. Thus, the security of the card can be improved.
Since the card can be initialized in addition to prevent improper rewriting, recycling of the card is allowed. Therefore, the cost of the card can be reduced.
Preferably, the IC card further includes a private key storage unit to store a private key to access the particular data stored in the data storage unit. The access control unit further includes a particular data read out control unit to provide control to allow particular data to be read out only when the private key is input.
The IC card of the present invention is characterized by including a private key storage unit storing a private key to access particular data stored in the data storage unit to allow the particular data to be read out only when the private key is input.
The particular data can be read out only by the person who knows the private key for that particular data. By keeping this private key confidential, leakage of the particular data can be prevented. In other words, the security of the card is further improved.
Further preferably, a particular data write control unit provides control to allow particular data to be written only once into the data storage unit that is initialized by the data initialization unit only when the private key is input.
The IC card of the present invention is characterized in that the particular data can be written only once into the initialized data storage unit only when the private key is input.
Particular data can be written only by the person who has knowledge of the private key for the particular data. Therefore, writing of particular data other than an authorized person can be prevented by keeping the private key confidential.
Further preferably, the access control unit further includes a private key initialization unit initializing the private key storage unit according to a predetermined private key initialization instruction obtained from the data communication unit, and a private key write control unit providing control to allow the private key to be written only once into the private key storage unit that is initialized by the private key initialization unit.
The IC card of the present invention is characterized in that the private key can be written only once into the initialized private key storage unit according to a predetermined private key initialization instruction.
Therefore, the private key once written into the private key storage unit cannot be rewritten unless the private key storage unit is initialized. Only the person who has knowledge of the predetermined private key initialization instruction can initialize the private key storage unit. Unauthorized rewriting of the private key can be substantially prevented by distinguishing the person who can write in a private key and the person who can initialize the private key storage unit. Thus, the security of the card is further improved.
Since the card can be initialized in addition to preventing improper rewriting, recycling of the card is allowed. Therefore, the cost of the card can be further reduced.
Further preferably, the IC card is configured to allow the private key to be written only once into the private key storage unit.
According to the present invention, a private key once written cannot be erased. Therefore, improper usage of the card by rewriting the private key can be prevented.
Further preferably, the data storage unit can store a flag corresponding to particular data. The data initialization unit initializes the flag to a write enable state according to a data initialization instruction. The particular data write control unit provides control to allow particular data to be written into the data storage unit only when the flag is at a write enable state. The flag is set to a write disable state when particular data is written into the data storage unit.
The IC card of the present invention initializes each flag to a write enable state according to an initialization instruction corresponding to particular data. Particular data can be written into the data storage unit only when the relevant flag is at a write enable state. The relevant flag is set to a write disable state when particular data is written into the data storage unit.
By manipulating the flag corresponding to the particular data, the data storage unit can be initialized. Also, rewriting of particular data can be inhibited. Therefore, the security of the card can be easily improved. Also, the cost of the card can be reduced.
Further preferably, the data storage unit is characterized in that open data not limited in the number of reading or writing times can also be stored therein.
According to the present invention, data not critical of secrecy can also be stored.
The private key storage unit preferably stores a private key to access the open data stored in the data storage unit. The access control unit provides control to allow the open data to be rewritten only when the private key to access the open data is input.
The IC card of the present invention can have the open data rewritten only when the private key corresponding to the access of the open data stored in the data storage unit is input.
The open data can be rewritten only by the person who has knowledge of the private key for the open data. By keeping that private key confidential, the open data can be prevented from being rewritten by an unauthorized person.
Further preferably, the data initialization instruction is encrypted by a predetermined method. The data initialization unit is characterized in that the data storage unit is initialized only when the encrypted data is recognized as the data initialization instruction.
The data initialization instruction of the IC card is data encrypted by a predetermined method. The data storage unit is initialized only when the encrypted data is recognized as the data initialization instruction.
Only the person who has knowledge of the encrypted data encrypted by the predetermined method can initialize the data storage unit. The security of the card can be improved by using the relatively simple method of encryption to reduce the cost of the card.
Further preferably, the data communication unit carries out data communication with an interrogator via an electromagnetic wave in an electrically non-contact manner.
According to the present invention, the security of the so-called non-contact type IC card can be improved to reduce the cost of the card.
Preferably, the data initialization instruction is data having a predetermined frequency. The data initialization unit is characterized in that the data storage unit can be initialized only when the data having the predetermined frequency is recognized as the data initialization instruction.
According to the present invention, the data storage unit can be initialized only by the person who can apply the data having the predetermined frequency. In other words, initialization of the data storage unit becomes more difficult for one other than the predetermined authorized person.
Further preferably, the data communication unit is characterized in that data communication is carried out with an interrogator electrically in contact.
According to the present invention, the security of the so-called contact-type IC card can be improved to reduce the cost of the card.
According to another aspect of the present invention, a method of using an IC card that carries out data communication with an interrogator and that stores data is characterized in that initialization of an IC card is allowed only when a predetermined initialization condition is satisfied, predetermined particular data can be written only once into the initialized IC card, and the person effecting initialization and the person writing the particular data are distinguished.
According to the present invention, the particular data once written into an IC card cannot be rewritten unless the IC card is initialized. The IC card can be initialized only by the person who has knowledge of the predetermined initialization condition. The person effecting initialization and the person writing the particular data are distinguished from each other. Therefore, improper rewriting of the particular data can be substantially prevented. In other words, the security in the application of a card can be improved.
Furthermore, recycling of the card is allowed since the card can be initialized as well as preventing improper rewriting. Therefore, the cost in the application of cards can be reduced.
Further preferably, the person carrying out initialization is the manufacturer of the IC card. The person writing in the particular data is the manufacturer of the interrogator and the provider of the IC card. The manufacturer of the interrogator and the provider of the IC card are limited in the number of writing the predetermined particular data, i.e., only once, into the initialized IC card. The manufacturer of the IC card, the manufacturer of the interrogator and the provider of the IC card are respectively distinguished from each other.
According to the present invention, the manufacturer of the IC card that carries out initialization, the manufacturer of the interrogator that writes in particular data, and the provider of the IC card are distinguished from each other. Therefore, the security with respect to secrecy in the application of cards can be further improved.
Further preferably, the present invention is characterized in that a private key to access the particular data stored in the IC card can be read out only when the private key is applied from the interrogator.
According to the present invention, the particular data can be read out only by the person who has knowledge of the private key for that particular data. By keeping that private key confidential, leakage of the particular data can be prevented. The security in the application of the card can further be improved.