Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1998-12-23
2002-11-19
Nguyen, Cuong H. (Department: 3625)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S075000, C705S076000, C235S382000
Reexamination Certificate
active
06484154
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a safe for electronic money and an electronic money system for managing electronic money indicating a value of currency with electronic information monolithically, and more specifically to a safe for electronic money used in business transactions using an IC card and an electronic money system using the safe for electronic money.
BACKGROUND OF THE INVENTION
In recent years, hot social attentions are concentrating on a so-called electronic money system. In this system electronic digital data is used as money for a means of clearance in place of the traditional bills or coins because of the safety and convenience in clearance for business transaction. Therefore, financial institutions such as banks are required to install a safe for electronic money (hereafter abbreviated as safe) for batch management of electronic money, and safes with high reliability are in demand.
When a customer loads electronic money in an IC card using a load terminal of a bank, it is necessary to directly exchange electronic money between the customer's IC card and a safe in the bank. For this purpose, a storage section with data for electronic money stored therein is provided in the safe. This makes it possible to directly exchange electronic money upon a load request from a customer between the customer's IC card and the storage section of the safe.
Strong security is required for a safe, and a technology of multiplexing is known for transferring electronic money to enable verification of validity of the transaction.
Description is made for a conventional type of safe.
FIG. 24
shows functional configuration of a conventional type of safe. This safe has, as shown in
FIG. 24
, mainly three command control sections
201
,
202
and
203
each connected to a communicating section
100
. The command control sections
201
,
202
and
203
are connected to the communicating section
100
via bus interfaces
301
,
302
and
303
respectively. The communicating section
100
has a comparator
101
which compares the results of execution by the command control sections
201
to
203
to each other. The communicating section
100
is connected to an upper device, which is not shown herein, via a bus interface
400
, and receives a command for processing via the bus interface
400
from the upper device.
Next, operations of the safe having the configuration as described above is explained. To improve the reliability, the safe in
FIG. 24
has, for instance, three command control sections
201
,
202
and
203
. The communicating section
100
instructs the command control sections
201
to
203
to execute the same processing according to an instruction from the upper device, and receives a result from each of the command control sections
201
to
203
. The communicating section
100
compares the results sent from the command control sections
201
to
203
using the comparator
101
, and executes processing for multiplexing such as confirmation of normality in the processing. Also each of the command control sections
201
to
203
stores a value for the electronic money therein, and manages the value by processing commands from the communicating section
100
.
However, in the safe based on the conventional technology as described above, identical processing is executed in each of the command control sections
201
to
203
under controls by the communicating sections
100
, so that an identical value is stored as electronic money in each of the command control sections
201
to
203
and physically a value three times larger than the actual value is stored in the system.
Therefore, illegal modification of the system using the multiplexing technology allows, for instance, the case as shown in FIG.
25
.
FIG. 25A
shows a case where an interface between the communicating section
100
and command control section
201
has been modified. In the case shown in
FIG. 25A
, only the command control section
201
is connected via the bus interface
304
to the communicating section
100
and the other two terminals of the communicating section
100
are connected to the bus interface
304
.
FIG. 25B
shows a case where an interface between the communicating section
100
and command control section
202
has been modified. In the case shown in
FIG. 25B
, only the command control section
202
is connected via the bus interface
305
to the communicating section
100
and the other two terminals of the communicating section
100
are connected to the bus interface
305
. Although not shown herein, a case where an interface between the communicating section and command control section
203
is modified is conceivable.
A safe modified in a manner described above can be obtained through reverse engineering. When the safe is modified as above, only one command control section is connected to the communicating section
100
. In such a case, when a value is drawn through the connection as shown in
FIG. 25A
, namely through the connection between the communicating section
100
and command control section
201
, then a value is dawn through the connection shown in
FIG. 25B
, namely through the connection between the communicating section
100
and command control section
202
, and further a value is dawn through the connected between the communicating section
100
and command control section
203
although not shown, a value three times larger than the original value can illegally be drawn.
As shown by the example of multiplexing described above, there has been the problem that an actual value is easily multiplied and the multiplexed drawing is possible.
SUMMARY OF THE INVENTION
To solve the problem in the conventional technology, it is an object of the present invention to provide a safe for electronic money and an electronic money system capable of preventing multiplex drawing of a value by way of controls for multiplexing.
With the invention, a command from an upper device is transferred from a communicating section to a command control section and a result of the command processing is transferred from the command control section to the communicating section through a first interface, and a command for diagnosis is transferred from the communicating section to the command control section and a result of the diagnosis is transferred from the command control section to the communicating section through a second interface. Therefore, even if a path for command processing is illegally operated, the illegal operation can easily be detected from the path for diagnosis, whereby it is possible to prevent multiplex drawing of a value by multiplexing control.
With the invention, paths for command processing and diagnosis are physically independent from each other, so that an illegal operation can easily be detected for each path, whereby it is possible to prevent multiplex drawing of a value by multiplexing control.
With the invention, a command from an upper device is transferred from a communicating section to a command control section and a result of the command processing is transferred from the command control section to the communicating section and a command for diagnosis is transferred from the communicating section to the command control section and a result of the diagnosis is transferred from the command control section to the communicating section through a single interface. Therefore, even if a path for command processing illegally operated, the illegal operation can easily be detected from the path for diagnosis during the data processing, whereby it is possible to prevent multiplex drawing of a value by multiplexing control.
With the invention, command processing to a plurality of command control sections is executed at the same timing, so that it is possible to prevent an illegal operation performed at different timing.
With the invention, the communicating section controls the processing for diagnosis to a plurality of command control sections at the same timing, so that it is possible to prevent an illegal operation performed at different
Higashiura Yasuyuki
Ibi Toshiaki
Kishino Takumi
Mitsuishi Kazuyuki
Yamamoto Koken
Armstrong Westerman & Hattori, LLP.
Fujitsu Limited
Nguyen Cuong H.
LandOfFree
Safe for electric money and an electric money system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Safe for electric money and an electric money system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Safe for electric money and an electric money system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2917256