Registers – Records
Reexamination Certificate
1998-06-16
2002-04-16
Frech, Karl (Department: 2876)
Registers
Records
C235S382000
Reexamination Certificate
active
06371377
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a card type recording medium such as an IC card used, for example, as an electronic money carrier, credit card, ID card, autonomy card, etc., further to an access control method for such a card type recording medium, and a computer-readable recording medium on which an access control program for the card type recording medium is recorded.
Recently, as IC cards have widely been used, information that need security, such as electronic money information, credit card information, clinical chart information, etc., have been stored in the IC cards. Accordingly, the IC cards are being required to securely store such information. In order to comply with such requirement, it is strongly requested to enhance security when the access control is performed by means of the command in conformity with the international standard (ISO 7816).
2. Description of the Related Art
The technique to perform the access control of a card type recording medium have been disclosed in the Japanese Patent Application Laid-open No. (hereunder, referred to simply as JP-A) 60-160491 (IC card), JP-A-60-205688 (portable medium), JP-A-60-205689 (portable medium), JP-A-60-205690 (portable medium), JP-A-60-207939 (recording system by an electronic device), and the like, which have been considered as effective means to enhance security for the card type recording medium.
The technique disclosed in the JP-A-60-160491 (IC card) will be described as an example with reference to FIG.
46
(
a
),
46
(
b
), and FIG.
47
.
As shown in FIG.
46
(
a
), an IC card
100
contains files
101
-
1
,
101
-
2
to store data being access objects. The files
101
-
1
,
101
-
2
are given an access authority information (security management information)
102
-
1
,
102
-
2
, respectively.
Further, a client
103
A is given a password pin: “a”, a client
103
B is given a password pin: “a, c”, and a client
103
C is given a password pin: “a, b”. Here, the access authority information
102
-
1
,
102
-
2
given to the files
101
-
1
,
101
-
2
both are “a, b”. Therefore, only the client
103
C having the password “a, b” can read the file
101
-
1
,
101
-
2
.
Under such an assumption, let's consider a method to newly give the authority to read the file
101
-
1
to the client
103
A. However, the client
103
A is not given the authority to access the file
101
-
2
, and the client
103
B is not given the authority to access the file
101
-
1
. Further, the client
103
C is assumed not to be given any influence.
In this case, as shown in FIG.
46
(
b
), further giving a password “d” to the client
103
A to change the password of the client
103
A into “a, d”, and changing the setting of the access authority information
102
-
1
given to the file
101
-
1
into the one as shown by the symbol
102
-
1
′ will be able to newly give an authority to read the file
101
-
1
to the client
103
A.
Further, let's consider a method to newly give the authority to read the file
101
-
1
to a client
103
D having the password “b, c”.
In this case, as shown in
FIG. 47
, further giving a password “d” to the client
103
D to change the password of the client
103
D into “b, c, d”, and changing the setting of the access authority information
102
-
1
′ given to the file
101
-
1
into the one as shown by the symbol
102
-
1
″ will be able to newly give an authority to read the file
101
-
1
to the client
103
D.
Incidentally, the file
101
-
2
and the access authority information
102
-
2
are not illustrated in FIG.
46
(
b
) and FIG.
47
.
However, in the foregoing method of controlling an access to the card type recording medium, the method of setting and modifying the access authority and the method of using and maintaining/managing the security system are not easy for a user to understand; and the work to set and modify the access authority and the work to use and maintain/manage the security system become rather a nuisance for a designer of the security system, which is a problem.
In other words, when expanding or shrinking the access authorities of the clients
103
A to
103
D, the access authority information
102
-
1
,
102
-
2
given to the files
101
-
1
,
101
-
2
have to be reviewed, and the work to set and modify the access authority will give an influence to the entire system. That is, to change the access authority after having defined the security system as mentioned above will require to review the whole security system in advance, which makes the work to set and modify the access authority considerably complicated.
The techniques disclosed in the other applications laid open holds the similar problems.
Further, when considering a multi-purpose use in which an electronic money information, credit card information, autonomy information, etc., are stored in one card type recording medium, it is considered necessary to be able to control the security at one place and to be able to maintain the independence of information among applications, for the operation of the security system.
SUMMARY OF THE INVENTION
The present invention has been made in view of the foregoing problems, and an object of the present invention is to provide a card type recording medium and an access control method for the card type recording medium, whereby the management and operation of the security system can reliably be performed while the work to set and modify the access authority can be simplified even in a multi-purpose use, and a computer-readable recording medium on which an access control program for the card type recording medium for controlling accesses of data by access subjects is recorded.
In order to accomplish the foregoing object, the card type recording medium relating to the present invention contains storage units to store data being access objects and an access control unit to control an access to the data by an access subject, in which the access control unit is designed to comprise an access subject identification information generating unit to generate an access subject identification information for identifying the access subject, an access authority information read-in unit to read access authority information for obtaining an access authority set in correspondence with the data that the access subject requests to access, and a control unit to obtain an access authority in correspondence with the access subject identification information from the access subject identification information and the access authority information, and to control an access to the data by the access subject on the basis of the access authority obtained.
And, in the card type recording medium relating to the invention, the access subject identification information is comprised of an information relating to at least more than two conditions for accessing.
Further, in the card type recording medium relating to the invention, the access subject identification information is comprised of a collating access subject identification information for collating an operator and an authenticating access subject identification information for authenticating an application.
And, in the card type recording medium relating to the invention, the collating access subject identification information corresponds to an access subject collating information that indicates a status of the operator, and the authenticating access subject identification information corresponds to an access subject authenticating information for identifying the application.
Further, in the card type recording medium relating to the invention, the collating access subject identification information and the authenticating access subject identification information are expressed by a matrix of at least one category information and a level information having hierarchies.
And, in the card type recording medium relating to the invention, the access authority information are comprised of access authority elements determined on the condition of the collating access subject identification information and
Asoh Izumi
Tsubura Shuichi
Arent Fox Kintner & Plotkin & Kahn, PLLC
Frech Karl
LandOfFree
Card type recording medium and access control method for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Card type recording medium and access control method for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Card type recording medium and access control method for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2895469