[go: up one dir, main page]

HK1099821B - Information management device and information management method - Google Patents

Information management device and information management method Download PDF

Info

Publication number
HK1099821B
HK1099821B HK07107050.5A HK07107050A HK1099821B HK 1099821 B HK1099821 B HK 1099821B HK 07107050 A HK07107050 A HK 07107050A HK 1099821 B HK1099821 B HK 1099821B
Authority
HK
Hong Kong
Prior art keywords
storage area
storage
area
capacity
card
Prior art date
Application number
HK07107050.5A
Other languages
Chinese (zh)
Other versions
HK1099821A1 (en
Inventor
俊治 竹村
Original Assignee
索尼株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 索尼株式会社 filed Critical 索尼株式会社
Priority claimed from PCT/JP2005/010600 external-priority patent/WO2005124560A1/en
Publication of HK1099821A1 publication Critical patent/HK1099821A1/en
Publication of HK1099821B publication Critical patent/HK1099821B/en

Links

Description

Information management apparatus and information management method
Technical Field
The present invention relates to an information management apparatus and an information management method for managing access to information stored in a storage area having a relatively large capacity; and more particularly, to an information management apparatus and an information management method for securely managing access to valuable electronic information stored in a storage area in an information processing application such as electronic settlement.
More particularly, the present invention relates to an information management apparatus and an information management method for allocating different files in a storage area and managing information used for providing services; and more particularly, to an information management apparatus and an information management method for releasing a storage area allocated to provide a service or changing the capacity of the allocated storage area.
Background
A noncontact near field communication system typified by an IC card is widely used because of its ease of operation. In typical use, a user places an IC card in the vicinity of a card reader/writer. The card reader/writer constantly performs polling to detect the IC card placed in the neighborhood. If the IC card is detected, a communication operation is started between the card reader/writer and the IC card. For example, valuable information such as electronic ticket information and personal authentication information such as a password code are stored in an IC card, whereby an IC holder is authenticated at an automatic teller machine, a concert hall entrance, a station ticket gate, or the like.
Recent developments in microfabrication technology make it possible to realize an IC card with a relatively large memory capacity. This makes it possible to store a plurality of applications on the IC card, so that the same IC card can be used for different purposes such as electronic money used in electronic settlement or electronic tickets for a specific concert. Here, the term "electronic money" or "electronic ticket" is used to mean a mechanism for (electronic) settlement of accounts by electronic data issued from funds supplied by a user or to mean the electronic data itself.
It is known that one or both of an IC card and a card reader/writer may be installed in a portable telephone, a PDA (personal digital assistant) device, a CE (consumer electronics) device, a personal computer, or the like, so that such devices have the functionality of one or both of an IC card and a card reader/writer each having a wireless noncontact communication interface and a wired communication interface for connecting with an external device. In such devices, an IC card may be used as a general near field communication interface.
In the case of a near field communication system including a device such as a computer or a home information tool, contactless communication using an IC card is realized in a one-to-one manner. The device may communicate with another type of device other than the contactless IC card. In this case, there is a possibility that one device communicates with a plurality of cards in a one-to-many manner depending on the application.
Various applications using the IC card, such as electronic settlement or processing of valuable electronic information, may be executed on the information processing terminal. For example, the user's interaction with the IC card may be performed on the information processing terminal using a user interface such as a keyboard or a display on the information processing terminal. In the case where the IC card is connected to a portable telephone, the content stored in the IC card can be transmitted through the portable telephone. Further, it is also possible to pay by using an IC card through a mobile phone connected to the internet.
By establishing a file system used by a specific service provider in the built-in memory of the IC card and by managing information (such as user identification/authentication information, valuable balance information, usage log information, etc.) used by the service provider to provide services and processed in the file system, it is possible to realize a useful service based on contactless near field communication, which can be used instead of a dedicated conventional prepaid card or service card in a specific store or the like.
Conventionally, IC cards are issued individually by each service provider and used by users. Therefore, the user must acquire IC cards for various required services and must carry these IC cards. In contrast, an IC card having a relatively large memory space can store information used for a plurality of services in a built-in memory of a single IC card (see, for example, non-patent document 1).
In the initial state, the entire memory area of the IC card is managed by the IC card issuer. A service provider other than the IC card issuer is allowed to create a new file system by dividing a storage area and assign an application for providing a service to the file system. Such creation of a file system by dividing a storage area can be regarded as virtual issuance of an IC card. If the division of the memory area is performed a plurality of times, a plurality of file systems reside in the memory area of the IC card, and therefore, the single IC card can provide different applications.
As described above, although the entire memory area of the IC card is managed by the IC card issuer in the initial state, it is possible to use a single IC card for a plurality of services by dividing the memory space of the IC card into a plurality of memory areas and allocating dedicated memory areas for the respective services. Therefore, the division of the IC card can be regarded as virtual issuance of the IC card.
However, the capacity of the new memory area created by dividing the original memory area of the IC card is determined when the original memory area is divided. Once a new storage area is created, deletion of the created new storage area is not allowed.
Even if the created new memory area is not used for some reason, the useless memory area is not allowed to be released and returned to the IC card issuer. That is, the garbage area is not allowed to be reallocated to another service, and thus the limited resources cannot be fully utilized.
Even if it is necessary to change (increase or decrease) the capacity of the allocated storage area for some reason, a program that changes the capacity of the storage area at the initial capacity determined when the storage area is created by dividing the original storage area is not allowed. That is, once a memory area is allocated, it is not allowed to expand the allocated memory area even if a larger memory capacity is required for providing services. On the contrary, if an excessive capacity including a margin is allocated when creating a memory area by dividing the original memory area, it is not allowed to reduce the capacity of the allocated memory area by releasing the useless portion of the memory area.
Non-patent document 1: "Wireless IC tag in the form of a top small exchanging Business systems" (pp.106-107, RFID Technology Section, Nikkei Business Publications, Inc., April 20, 2004).
Disclosure of Invention
A main object of the present invention is to provide an information management apparatus and an information management method capable of allocating storage areas to different files and correctly managing information used for providing services.
It is another object of the present invention to provide an information management apparatus and an information management method capable of releasing a storage area allocated to a service for provision and/or changing its capacity, thereby making it possible to efficiently utilize limited resources.
In view of the above, in a first aspect, the present invention provides an information management apparatus having a storage space and adapted to manage the storage space in the form of dividing the storage space into one or more storage areas, the storage space including a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers, the information management apparatus including allocated area releasing means for releasing a designated second storage area in accordance with a request issued by a service provider and returning the released second storage area to the first storage area.
Access to each storage area may be controlled according to the service provider's respective key.
The allocated area release means receives a data block containing information identifying the second storage area to be released in the form of an allocated area release packet encrypted with the key of the first storage area owner. The allocated area release means decrypts the allocated area release packet using the key of the first storage area owner, and releases the second storage area designated by the data block.
In a second aspect, the present invention provides an information management apparatus having a storage space and adapted to manage the storage space in the form of dividing the storage space into one or more storage areas, the storage space including a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers, the information management apparatus comprising allocated area capacity changing means for expanding or reducing a capacity of the second storage area divided from the first storage area in accordance with a request issued by a service provider.
The allocated area capacity change means receives a data block containing the following information in the form of an allocated area capacity change packet encrypted with a key of the first storage area owner: information identifying the second storage area whose capacity is to be changed, information indicating whether the capacity of the second storage area is to be enlarged or reduced, and information indicating how much the capacity of the second storage area is to be enlarged or reduced. The allocated area capacity change means decrypts the received allocated area capacity change packet using the key of the first storage area owner, and changes the capacity of the second storage area by an amount specified by the data block.
When the capacity of the second storage area is enlarged, the allocated area capacity changing means additionally allocates the free area of the first storage area to the second storage area by a specified amount of enlarging the capacity of the second storage area. On the other hand, when the capacity of the second storage area is reduced, the allocated area capacity changing means returns the free area of the second storage area to the first storage area by a specified amount of reduction in the capacity of the second storage area.
In a third aspect, the present invention provides an information management apparatus having a storage space and adapted to manage the storage space in such a manner that the storage space is divided into one or more storage areas, the storage space including a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers, each of the second storage areas having identification information allocated when the second storage area is divided from the first storage area, the information management apparatus including identification information changing means for changing the identification information allocated to the second storage area in accordance with a request issued by a service provider.
The identification information changing means receives a data block containing identification information of the second storage area whose identification information is to be changed and identification information to which the current identification information is changed, in the form of an identification information change packet encrypted with a key of the owner of the first storage area. The identification information change means decrypts the received identification information change packet using the key of the first storage area owner, and changes the identification information of the second storage area to the identification information specified by the data block.
The identification information changing means changes, for example, the identification information of the second storage area owned by one service provider to the identification information that has been released as a result of releasing the second storage area owned by another service provider.
Specific examples of the information management apparatus include: a noncontact IC card including a wireless communication unit and an IC chip having a data transmission/reception function and a data processing function; a contact type IC card having a terminal on a surface thereof; and an information communication terminal realized by mounting an IC chip having a function similar to that of a contact/noncontact IC card in a portable telephone, a PHS (personal handyphone system) device, a PDA device, or the like. Hereinafter, these devices are also collectively referred to as "IC cards".
The information management apparatus has a storage area such as an EEPROM including a data memory, a data processing unit, and a data communication unit. In the case of a portable telephone, an external storage medium such as an IC card having a built-in IC chip can be removably connected to the portable telephone. A SIM (subscriber identity module) that a portable telephone company issues subscriber information may be mounted on the IC chip. The information management apparatus may perform data communication through an information communication network such as the internet and/or direct data communication with an external terminal through a wired or wireless communication channel.
The present invention relates to a technique of providing a service such as transmission of valuable information requiring high security using an IC card having high tamper resistance and having an authentication capability. In general, a memory arranged in an IC card is divided into a plurality of areas, and access to the IC card is controlled according to passwords uniquely assigned to the respective areas. Here, the areas correspond to a file system created by dividing a storage space or directories or individual files in the file system. Note that dividing the storage space of the IC card into a plurality of file systems can be regarded as virtual issuance of the IC card.
The division of the storage space of the IC card is basically performed under the authorization of the IC card issuer. The storage areas created by the division are allocated to and managed by the respective service providers. However, the capacity of the memory areas created by the division is determined at the time of the division, and once the memory areas are created by the division, deletion of the memory areas is not allowed. This means that even when a specific memory area becomes unnecessary, the unnecessary memory area is not allowed to be released and the memory area is not allowed to be reallocated for another service use. Therefore, the resource is not efficiently utilized. Further, when the capacity of the storage area created by the division is insufficient or excessive, it is not allowed to expand or reduce the capacity.
In order to avoid the above problem, the information management apparatus according to the embodiment of the present invention has the following capabilities: dividing the storage space of the IC card into a plurality of storage areas; releasing the memory area created by the division; changing the capacity of the storage area created by dividing; and changing the identification number assigned to the memory area created by the division.
When a memory device is logically divided into a plurality of memory areas and used individually, there is a possibility that a specific memory area becomes unnecessary. In the case of a conventional storage device, when a user's service has been registered in the storage device and various personal information is stored in the storage device, the only permitted method for deleting information associated with the service is to initialize the storage device. However, initialization causes all information containing personal information to be lost. This is inconvenient for the user. In contrast, the information management apparatus according to the present invention allows it to independently release only a specific specified storage area created by division. That is, it is possible to delete only an unnecessary memory area without affecting other memory areas currently used.
When a memory device is logically divided into a plurality of memory areas, it is not necessarily possible to explicitly determine the capacity of each memory area when the division is performed. However, in the conventional memory device, since the change of the capacity of the area is not allowed after the division is performed, the capacity of each memory area must be determined so as to have a margin large enough to avoid the essence of insufficient storage capacity occurring when the memory device is used in the future. However, this would result in an inefficient use of the storage area. In contrast, in the information management apparatus according to the present invention, since the capacity of an arbitrary specified storage area created by division is allowed to be changed, it is not necessary to explicitly determine the storage capacity.
When a memory device is logically divided into a plurality of memory regions by a plurality of dividing operations, it is not necessarily possible to perform the dividing operations in the correct order. If the dividing operation is performed in an order different from the correct order, the identification numbers assigned to the respective memory areas become different from the expected numbers, and hence the formats thereof also become different from the expected formats. In contrast, in the information management apparatus according to the present invention, since the identification number is allowed to be reassigned after the division is performed, it is possible to correct the format to a desired format.
The present invention provides an information management apparatus and an information management method capable of allocating storage areas to various files and correctly managing information used for providing services.
The present invention also provides an information management apparatus and an information management method that are capable of releasing a storage area allocated to the provision of a service and/or changing the capacity thereof, thereby making it possible to efficiently utilize limited resources.
Other objects, features and advantages of the present invention will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
Fig. 1 is a schematic diagram showing a configuration of a noncontact IC card communication system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram showing a general configuration of a service providing system that provides a service associated with electronic money, an electronic ticket, or similar valuable information using an IC card.
Fig. 3 shows a storage area in a state where an original card issuer manages only a file system of the original card issuer.
FIG. 4 illustrates allowing a card issuer to lend (or transfer) certain free storage space in the card issuer's file system to a storage area manager.
Fig. 5 shows the state where a particular service provider has established a new file system in the allocated area that the card issuer has permission to use.
Fig. 6 shows a state in which the common storage area manager manages the allocated common storage area under the permission of the card issuer, wherein the common storage area is allocated a system code SC 0.
Fig. 7 shows the structure of a plurality of file systems in a storage area including an IC card.
Fig. 8 schematically shows a functional structure of firmware of the IC card.
Fig. 9 illustrates a process of dividing a memory area.
Fig. 10 shows a process of dividing a memory area.
Fig. 11 illustrates a process of dividing a memory area.
Fig. 12 shows a process of releasing the allocated memory area.
Fig. 13 shows a process of releasing the allocated memory area.
Fig. 14 shows a process of changing the capacity of the allocated storage area.
Fig. 15 shows a process of changing the capacity of the allocated storage area.
Fig. 16 shows a process of changing the identification numbers assigned to the storage areas.
Fig. 17 shows a process of changing the identification numbers assigned to the storage areas.
FIG. 18 illustrates the pre-processing performed prior to partitioning the file system.
Fig. 19 shows a process of polling an IC card performed by an IC card issuer.
Fig. 20 shows a process performed by an IC card issuer to issue a file system division request to an IC card.
Fig. 21 shows a manner of dividing the memory area of the IC card and generating a new file system.
FIG. 22 shows resetting of the issuer Key K performed by the new service provider after the file system specific to the new service provider is established in the storage area of the IC cardIiAnd system code SCiAnd (4) processing.
Fig. 23 shows preprocessing performed before deleting a file system created by the division processing.
Fig. 24 shows a process performed by the IC card issuer to issue an allocated area release request to the IC card.
Fig. 25 shows a manner in which the storage area allocated by the division processing on the IC card is released and returned to the file system of the IC card issuer.
Fig. 26 shows preprocessing performed before changing the capacity of the file system established by the division processing.
Fig. 27 shows a process performed by the IC card issuer to issue an allocated area capacity change request to the IC card.
Fig. 28 shows a manner in which the capacity of the memory area allocated by the division processing on the IC card is changed.
Fig. 29 schematically shows a hardware configuration of an IC card according to an embodiment of the present invention.
Reference numerals
1: card reader/writer
2: IC card
3: controller
111: issuer communication device
112: operator communication device
113: producer communication device
114: storage area dividing/registering apparatus
115: operation document registration apparatus
116: IC card
117: network
121: card issuer
122: card storage area operator
123: equipment producer
124: card storage area user
1001: antenna unit
1002: analog unit
1003: digital control unit
1004: memory device
1005: external device interface
1006: carrier detector
1100: portable terminal
1110: program control unit
1120: display unit
1130: user input unit
1140: power supply controller
Detailed Description
The present invention will be described in detail below with reference to embodiments in conjunction with the accompanying drawings.
A. Non-contact data communication system using IC card
Fig. 1 is a schematic diagram showing a noncontact IC card communication system according to an embodiment of the present invention.
The noncontact IC card system includes a card reader/writer 1, an IC card unit 2, and a controller 3. In this noncontact IC card system, data is allowed to be transmitted between the card reader/writer 1 and the IC card unit 2 without direct contact using electromagnetic waves. Specifically, if the card reader/writer 1 issues a command to the IC card unit 2, the IC card unit 2 performs processing according to the received command. The IC card unit 2 transmits response data to the card reader/writer 1 according to the processing result.
The card reader/writer 1 is connected to the controller 3 through a specific interface (e.g., an interface according to the RS-485A standard). The controller 3 controls the operation of the card reader/writer 1 by supplying a control signal to the card reader/writer 1.
In addition to the noncontact IC card interface shown in fig. 1, the IC card unit 2 may include a cable communication interface such as a USRT interface or I2And C, interface.
Operation of IC card
Fig. 2 schematically shows a general configuration of a service providing system that provides a service associated with electronic money, an electronic ticket, or similar valuable information using an IC card.
The system 100 shown in fig. 2 includes, for example: an issuer communication device 111 for the IC card issuer 121; an operator communication device 112 for the card storage area operator 122; a producer communication device 113 for the device producer 123; memory area dividing device 114 used by card memory area user 124; and an operation file registration device 115.
When the IC card issuer 121 issues the IC card unit 116 to the card owner 126, file data associated with a service provided by the card storage area user 124 is registered in the IC card unit 116 according to a predetermined condition, so that the card owner 126 is allowed to receive services from both the IC card issuer 121 and the card storage area user 124 using a single IC card unit 116.
In the system 100, as shown in fig. 2, an issuer communication device 111, an operator communication device 112, a producer communication device 113, a storage area dividing device 114, and an operation file registration device 115 are connected to each other through a network 117.
The IC card issuer 121 issues the IC card unit 116 and provides services using the IC card unit 116.
If the card storage area operator 122 receives a request from the IC card issuer 121, the card storage area operator 122 lends a specific storage area selected from the storage areas (semiconductor memories) of the IC card unit 116 issued by the IC card issuer 121 and not used by the IC card user 121 to the card storage area user 124.
If the device producer 123 receives a request from the card storage area operator 122, the device producer 123 generates the storage area dividing device 114 according to this request and delivers the generated storage area dividing device 114 to the card storage area user 124.
The card storage area user 124 is a service provider that requests the card storage area operator 122 so that the card storage area user 124 may use a specific storage area of the IC card unit 116 in order to provide a service. The card storage area user 124 corresponds to a service provider (as described above), and creates a sub storage area by dividing an original storage area, and creates a new file system in the sub storage area to provide a service using the created file system.
The card owner 126 is a person who receives the IC card unit 116 issued by the IC card issuer 121 and receives the service provided by the IC card issuer 121. After the card owner 126 acquires the IC card unit 116, when the card owner 126 wants to receive the service provided by the card storage area user 124, the card owner 126 stores the file data associated with the service provided by the card storage area user 124 into the IC card unit 116 using the storage area dividing device 114 and the operation file registering device 115. The storage of this file data makes it possible for the card owner 126 to receive the service provided by the card storage area user 124.
The system 100 is configured such that: an IC card issuer 121 and a card storage area user 124 are made to provide services by using a single IC card unit 116, and it is made difficult for an unauthorized person to write data in a storage area in which file data associated with services provided by the IC card issuer 121 or the card storage area user 124 is stored or to overwrite existing data therein.
Although in the example shown in fig. 2, a single IC card issuer 121, a single card storage area user 124, and a single card owner 126 are shown, the number thereof is not particularly limited.
The IC card unit 116 may be a data communication device in the form of a card, or may be a portable telephone (or other type of portable terminal or CE device) in which a semiconductor chip that realizes the IC card function is mounted.
Fig. 29 schematically shows a hardware configuration of an IC card according to an embodiment of the present invention. As shown in fig. 29, the IC card unit includes an analog unit 1002 connected to an antenna unit 1001, a digital control unit 1003, a memory 1004, and an external device interface 1005, and is arranged inside the portable terminal 1100. The IC card unit may be constructed on a single semiconductor circuit chip; or may be constructed using two semiconductor circuit chips, one of which serves as an RF analog front end and the other of which serves as a logic circuit.
The antenna unit 1001 is used to perform noncontact transmission of data to and from a card reader/writer (not shown). The analog unit 1002 performs processing such as detection, modulation/demodulation, clock extraction, and the like on an analog signal to be transmitted from the antenna unit 1001 or an analog signal received by the antenna unit 1001. The antenna unit 1001 and the analog unit 1002 constitute a noncontact connection interface between the IC card unit and the card reader/writer.
The digital control unit 1003 generally controls various operations of the IC card such as processing of transmitting/receiving data. The digital control unit 1003 has an addressable local memory 1004 for storing applications such as electronic money or electronic tickets, loading program code executed by the digital control unit 1003, and/or storing work data that is executed. As will be described in detail later, the storage area of the allowed memory 1004 is divided into file systems used by the respective service providers. The digital control unit 1003 performs various processes, such as: the method includes dividing a first storage area owned by an original owner into a plurality of second storage areas and allocating the second storage areas to another service provider, releasing allocation of the second storage areas and returning them to the first storage area, expanding or reducing capacity of the allocated second areas, and changing identification information associated with the allocated second areas.
The external device interface 1005 is a functional module adapted to connect the digital control unit 1003 with a device such as the portable terminal 1100 using an interface protocol different from that of a contactless interface connecting the digital control unit 1003 with a card reader/writer (not shown). Data written in the memory 1004 can be transferred to the portable terminal 1100 through the external device interface 1005.
In communication with the card reader/writer, data received from the card reader/writer is transmitted to the portable terminal 1100 directly through the external device interface 1005, or transmitted to the portable terminal 1100 after being converted into an appropriate data format or another packet structure. On the contrary, data received from the portable terminal 1100 through the external device interface is directly transmitted to the card reader/writer through the contactless interface or transmitted after being converted into an appropriate data format or another packet structure.
In the present embodiment, it is assumed that an IC card unit is arranged inside the portable terminal 1100, and a wired connection interface such as a UART (universal asynchronous receiver transmitter) interface is used as the external device interface 1005. However, in the present invention, the specification of the external device interface 1005 is not particularly limited, and other wired/wireless connection interfaces may be employed. For example, a wireless communication interface such as a bluetooth communication interface or an ieee.802.11 interface may be employed.
The IC card unit is driven by radio waves received from the card reader/writer through the antenna unit 1001. Alternatively, a part or all of the IC card unit may operate using power supplied from the portable terminal 1100.
As the portable terminal 1100, an information processing terminal such as a portable phone, a PDA device, or a Personal Computer (PC) is employed. The portable terminal 1100 includes a program control unit 1101, a display unit 1102, and a user input unit 1103.
The program control unit 1101 includes, for example, a microprocessor, RAM, and ROM (not shown in fig. 29). According to program codes stored in the ROM, the microprocessor executes various business processes using the RAM as a work area. The business process includes processes associated with various functions of the portable terminal 1100 such as a portable telephone, and also includes processes associated with an IC card. The program control unit 1101 may include an external storage device such as a hard disk and/or other peripheral devices.
The program control unit 1101 can access the IC card unit through the external device interface 1005.
The display unit 1102 is realized by, for example, a liquid crystal display, and is capable of displaying the result of processing performed by the program control unit 1101 so that the user will be notified of the result.
The user input unit 1103 is realized by a keyboard, a scroll dial (jog dial), or a touch panel provided on the screen surface of the display unit 1102, and is used by the user to input commands or data to the portable terminal 1100.
The program control unit 1101 in the portable terminal 1100 is driven with power supplied from a main power supply such as a battery (not shown).
If the user of the portable terminal 1100 having the IC card unit brings the portable terminal 1100 close to a position of a specific card reader/writer, wireless communication is started between the IC card unit and the card reader/writer, and data transmission is performed between the digital control unit 1003 and the card reader/writer through the analog unit 1002 and the antenna unit 1001 as wireless connection interfaces.
C. File system
The IC card is suitable for high tamper resistance and has authentication capability. This capability or feature of the IC card unit allows it to provide services that require high security, such as processing of valuable information. In the present embodiment, a specific memory area is allocated for the file system for use by each service provider, whereby a single IC card is shared by a plurality of service providers to provide a plurality of services using a single IC card.
In the initial stage, the entire memory area in the IC card is managed by the IC card issuer. If the authorized service provider having the divided storage area passes the authentication check of the IC card issuer, the service provider is allowed to divide the current storage area to create a new file system.
After the storage area has been divided and a new file system has been created therein, in order to access the new file system, it is necessary to pass an authentication check performed not by the IC card issuer but by a service provider who manages the file system. This means that the boundaries between file systems act as firewalls that protect each file system from illegal accesses from other file systems. The user of the IC card is allowed to receive various services using a single IC card in a manner similar to the manner in which a specific service is received using a dedicated IC card issued by a service provider. By dividing the storage area multiple times to create a plurality of sub-storage areas, it is possible to establish a plurality of file systems in the respective sub-storage areas in the IC card. Therefore, establishing a file system by dividing a storage area can be regarded as virtual issuance of an IC card.
Next, with reference to fig. 3 to 6, a mode of using a memory area in an IC card is described.
Fig. 3 shows a storage area in a state where an original card issuer manages only a file system of the original card issuer. The system code SC1 of the original card issuer is assigned through a system code management mechanism. When an external device or program accesses the card issuer's file system, the SC1 is used as the identification code (that is, the request command includes the SC1 as an argument).
FIG. 4 illustrates allowing a card issuer to lend (or transfer) certain free storage space in the card issuer's file system to a storage area manager. At this stage, the file system in the storage area has not been divided. The card issuer is allowed to lend a particular storage area to multiple storage area managers as long as the card issuer's file system contains free storage areas. For example, in the case where a file system is identified by a 4-bit systematic code, the original storage area may be divided into up to 16 sub-storage areas (division is performed 15 times).
Fig. 5 shows a state in which another service provider has established a new file system in the area under the permission of the IC card issuer. This new file system is assigned a system code SC2 through the system code management mechanism. When an external device or program accesses a file system managed by a storage area manager (service provider), the SC2 is used as an identification code (that is, the request command includes the SC2 as an argument).
Fig. 6 shows a state in which the common storage area manager manages a sub storage area which is a common storage area permitted by the card issuer. This common storage area is allocated a system code SC 0. When an external device or program accesses a file system in this storage area managed by the common storage area manager, the SC0 is used as the identification code (that is, the request command includes the SC0 as an argument).
After performing the multiple division operation, a plurality of file systems reside in the memory area of the IC card as shown in fig. 7. The original card issuer and the service provider who has acquired its own file system on the IC card from the original card issuer are allowed to allocate some areas or services using their own file system and use them in their business.
The manner in which the storage area in the single file system is used is described above. Note that storage areas may be used in a similar manner in other file systems.
In the file system, one or more files are stored to realize applications such as electronic settlement or transmission/reception of valuable electronic information to/from the outside. The particular storage area allocated to a particular application is referred to as a "service storage area". The use of an application, i.e., the processing operation of accessing a service storage area corresponding to the application, is referred to as a "service". Specific examples of the service include access to a memory area to read data, access to a memory area to write data, and addition/subtraction of value information such as electronic money.
In order to restrict the service, i.e. the use of authorized applications depending on whether the user has access to the application, each application is assigned a password called PIN and the PIN is verified when the service is requested to be executed. Upon accessing the service storage area, the data is encrypted depending on the required security level of the application.
In the present embodiment, each file system established in the storage area in the IC card is organized in a hierarchical structure similar to a "directory" structure. Each application assigned to a particular storage area is allowed to register in the particular area at a particular hierarchical level.
For example, multiple applications used in a series of transactions or multiple applications that are closely related to each other may be registered in a particular business storage (while storage that are closely related to each other may be registered in a particular parent storage). The registration of applications in the storage area in the above-described system manner makes it possible for the user to easily manage these applications.
In order to control access to the file system in a hierarchical manner, a PIN may be assigned to each respective storage area in addition to the PIN assigned to each respective application. For example, access may be granted in this manner: when the user enters a PIN corresponding to a particular memory area, authentication and mutual authentication are performed, and if the authentication and mutual authentication are successfully passed, the user is granted access to all applications in this memory area (and the sub-memory area). This makes it possible to obtain access permission to all applications used in a series of transactions simply by entering a PIN corresponding to a particular memory area, and thus it is possible to effectively control access. It is possible for the user to easily use the device.
Permission to access a particular service storage area may be given on a service-by-service basis and a passcode may be assigned to each service executed in the service storage area. For example, when the services in a particular service storage area include "read" and "read-write", different PINs are assigned to these respective services. In the example of the value information such as electronic money, different PINs are assigned for "increase" and "decrease". Permission to access a particular service storage area may also be given in such a way that: reading is allowed without having to enter a PIN, but the PIN is required to be entered to obtain write permission.
Fig. 8 schematically shows a functional structure of firmware of an IC card in which a plurality of file systems are allowed to be established in an internal memory.
An interface (I/F) control unit controls protocols in the following communications: communication with the card reader/writer through the noncontact IC card interface, communication as the card reader/writer, communication through the wired connection interface, and communication through other I/O interfaces.
The command control unit processes a command received from the outside through the interface control unit, issues the command to the outside, and checks the command.
The security control unit performs security-related processing such as: authentication to determine whether a user is allowed to access the storage area or the file system in each storage area, and verification of a PIN to determine whether a user is allowed to use a directory or service in the file system.
The file system control unit controls the file system according to allocation and deallocation of the storage area of the file system, and manages a directory structure of the file system.
The schema management unit manages schemas of all file systems as a whole and manages schemas of the respective file systems separately. Specific examples of the mode include a mode in which use of the file system is prohibited and a mode in which use of the file system is permitted.
In addition to the above-described units, the firmware includes units for controlling hardware in the IC card, such as a start control unit, a ROM control unit, a parameter management unit, a nonvolatile memory management unit, and a fragmentation control unit.
D. File system allocation and de-allocation and change of area capacity
In the present embodiment, the storage space in the IC card is divided into sub-storage spaces, and a plurality of file systems are established in the respective sub-storage spaces. Establishing a file system in a sub-storage space created by dividing an original storage space can be regarded as virtual issuance of an IC card. That is, this makes it possible to provide various services, which originally require a plurality of separate IC cards, using a single IC card.
Further, in the present embodiment, it is allowed to release the allocated memory area and to reallocate the released memory area to another service. It also allows the capacity of the allocated storage area to be changed to handle insufficient or excessive storage capacity.
Fig. 9 to 11 show a process of dividing a memory area.
The left part of fig. 9 shows a state in which the memory space in the IC card has not been divided. In this state, the memory area is denoted by "memory area 0", and the memory area 0 is assigned with the identification number 0. The storage capacity of the storage area 0 in this state is assumed to be N. The memory area 0 in this state allows division to create "memory area 1" having a specified memory capacity with an identification number of 1, as shown on the right side of fig. 9. If the designated storage capacity of storage area 1 is N1, the storage capacity of original storage area 0 becomes N-N1.
The right part of fig. 10 shows a state in which the memory area 0 is divided again in the state shown on the right in fig. 9. The right part of fig. 11 shows a state in which the memory area 0 has been divided a total of 15 times in the state shown on the right in fig. 9.
When a memory area is created by dividing the original memory area until the state shown on the right side of fig. 11 is reached after the original memory area 0 is divided a total of 15 times, if the capacity of the created memory area is given by N1, N2, N3,.., N14, and N15 in the order of creating a new memory area by division, then the memory capacity of the original memory area 0 is equal to N- (N1+ N2+ N3+. + -. + N14+ N15). The memory areas created by the division are successively assigned identification numbers 1, 2, 3.., 14, 15 in the order in which new memory areas are created by the division. The process of dividing the memory area will be detailed later.
Fig. 12 to 13 show a procedure of releasing the memory area created by the division. Here, as an example, it is assumed that the release is performed for an IC card in a state where the memory area 1 and the memory area 2 have been created by dividing the memory area 0.
Fig. 12 shows the way of releasing the memory area 2. The IC card issuer as the original storage area owner has the authority to release the storage area 2, i.e., the authority to release the allocation. Note that the original storage area owner is allowed to release the storage area 2 without using information that cannot be managed by the original storage area owner, such as key information associated with the storage area 2. Specifically, the release of the allocated storage area is performed using information packaged with key information of the original storage area owner, including, for example, the identification number and storage capacity of the storage area to be released. If the release is completed, the resulting released storage area is returned to the original storage area owner, i.e., the IC card issuer. Specifically, the released memory area becomes belonging to the memory area 0. The process of releasing the allocated memory area will be described later in detail.
Fig. 13 shows the way of releasing the memory area 1. After the storage area 1 is released in a manner similar to that described above with reference to fig. 12, the released storage area is returned to the IC card issuer as the original storage area owner, so that the released storage area becomes to belong to the storage area 0. Note that in the example shown in fig. 12, it is assumed that information associated with the storage area 2, such as an identification number, remains unchanged when the storage area 1 is released.
Fig. 14 and 15 show a process of changing the capacity of the memory area created by the division.
Fig. 14 shows a manner of enlarging the capacity of the storage area 1. An IC card issuer as an original storage area owner has an authority to expand the storage capacity of the storage area 1.
Note that the original storage area owner is allowed to expand the storage capacity of the storage area 1 without using information that cannot be managed by the original storage area owner, such as key information associated with the storage area 1. Specifically, expansion of the storage capacity of the specified storage area is performed using information packaged with the key information of the original storage area owner, the package information including, for example, the identification number and the storage capacity of the storage area to be expanded. The process of changing the storage capacity of the storage area will be described later in detail.
In enlarging the storage capacity of the storage area, it is required that the original storage area 0 should have a free storage area whose capacity is equal to or larger than the specified capacity of the enlarged storage area.
Fig. 15 shows a manner of reducing the capacity of the storage area 1. An IC card issuer as an original storage area owner has an authority to reduce the storage capacity of the storage area 1.
Note that the original storage area owner is allowed to reduce the storage capacity of the storage area 1 without using information that cannot be managed by the original storage area owner, such as key information associated with the storage area 1. Specifically, the reduction of the storage capacity of the specified storage area is performed using information packaged with the key information of the original storage area owner, including, for example, the identification number and the storage capacity of the storage area to be reduced. The process of changing the capacity of the storage area will be described later in detail.
When reducing the storage capacity of the storage area, it is required that the storage area to be reduced should have a free storage area whose capacity is equal to or larger than the specified capacity of the reduced storage area.
Fig. 16 and 17 show a process of changing the identification number assigned to the memory area created by the division. Here, as an example, it is assumed that the change of the identification number is performed for the IC card in a state where the memory area 1 and the memory area 2 have been created by dividing the memory area 0.
Fig. 16 shows a manner of interchanging the storage identification numbers between the storage area 1 and the storage area 2.
An IC card issuer as an original storage area owner has authorization to exchange the storage identification numbers. Note that the original storage area owner is allowed to interchange the storage identification numbers between the storage areas without using information that cannot be managed by the original storage area owner, such as key information associated with the storage area 1 and the storage area 2. Specifically, the exchange of the storage identification numbers is performed using information packaged with the key information of the original storage area owner, wherein the package information includes, for example, the identification numbers and storage capacities of the storage areas whose identification numbers are to be exchanged.
Note that, in interchanging the storage identification numbers, the identification number 0 assigned to the original storage area does not allow interchanging the storage identification numbers.
Fig. 17 shows a manner of changing the storage identification number of the storage area 2 to 1 which is not used in any existing storage area.
An IC card issuer as an original storage area owner has authorization to change the storage identification number. Note that the original storage area owner is allowed to change the storage identification number of the storage area 2 without using information that cannot be managed by the original storage area owner, such as key information associated with the storage area 2. Specifically, the change of the storage identification number is performed using information packaged with the key information of the original storage area owner, where the package information includes, for example, the identification number and the storage capacity of the storage area whose identification number is to be changed.
Note that the identification number is allowed to be changed to a new identification number that is not assigned to any existing storage area. When a new identification number is designated, a minimum identification number is selected from the identification numbers that are not currently used, and is used as the new identification number. Note that, when the storage identification number is changed, the identification number 0 assigned to the original storage area does not allow the change of the storage identification number.
E. Process for partitioning memory area
Next, a process of creating a new file system by dividing the storage area will be described.
Fig. 18 shows preprocessing performed before creating a file system by dividing a storage area. When a new service provider wants to divide a file system in a memory area of an IC card, such preprocessing is performed: the new service provider requests the IC card issuer to give permission to use a specific storage area. If the IC card issuer decides to allow the new service provider to use the storage area, i.e., create a new file system, the IC card issuer acquires a "master distribution package" necessary for creating the new file system from the distribution manager "
The distribution manager corresponds to a card storage area operator 122 that manages storage areas of generated or generated and shipped IC cards. The new service provider corresponds to the card storage area user 124 (see fig. 2).
The distribution manager has authority to distribute system codes of respective file systems on the memory of the IC card, and manages a distribution authority key K stored in an operating system providing an execution environment of the IC cardd. The allocation manager allocates a zone key KI by partitioning the file system to be createdi(issuer key of new service provider (i.e., virtual IC card issuer) to be used for the area) and system code SCi(wherein i is oneSubscript, indicating that this systematic code was created by the ith division). The distribution manager then generates a distribution authorization key KdThe encrypted main distribution package is such that the main distribution package comprises a key KI containing the partitioniAnd system code SCiThe data block of (1). The generated master distribution package is provided to an IC card issuer.
Since the IC card issuer does not have the distribution authorization key KdTherefore, the IC card issuer cannot read or modify the received master distribution package.
IC card issuer generating key K using issueriThe allocation packet is encrypted such that the allocation packet includes a data block containing the acquired main allocation packet and the capacity (number of blocks) of the area to be allocated to the new service provider.
Since the distribution package utilizes a card issuer key K managed by an IC card issuer using a file system of the IC card issueriEncryption is performed, and therefore, anyone other than the IC card issuer cannot read the allocation packet and cannot modify the capacity or other parameters of the storage area to be allocated.
After the IC card issuer obtains the allocation package through the above-described preprocessing, the IC card issuer issues a request for dividing the file system of the storage area in the IC card using the obtained allocation package. Here, in order to access the file system, the area ID of the file system needs to be an argument. However, the IC card issuer knows only the system code, and therefore, the IC card issuer polls the IC card to acquire the area ID of the file system of the IC card issuer.
Fig. 19 shows a process of polling an IC card performed by an IC card issuer. In this polling process, communication between the IC card issuer (or another external device) and the IC card is performed through a noncontact IC card interface using electromagnetic induction, or through a communication interface such as a UART interface or I2A C interface, etc. is performed (this is also valid for other communications described elsewhere below).
Specifically, the IC card issuer polls an operating system providing an execution environment of the IC card and issues a request command containing a system code SC of the IC card issuer as an argument to acquire the area ID of the file system.
In response to this request message, bidirectional multi-communication processing is started between the requester (i.e., the IC card issuer) and the operating system that provides the execution environment of the IC card. Through this communication, mutual authentication is performed, and as a response to the request, the area ID is returned to the IC card issuer. The details of the authentication process vary from one IC card specification to another. However, the details of the authentication process are not important to the present invention, and thus, further description thereof is omitted here.
Note that, after the new service provider (i.e., virtual IC card issuer) acquires the file system newly generated by division, the polling process is performed in a similar manner as when the new service provider acquires the area ID of the file system of the new service provider.
If the IC card issuer has acquired the zone ID, the IC card issuer requests the operating system of the IC card to divide the file system. The file system division request issued by the IC card issuer includes the area ID of the IC card issuer and the allocation packet as arguments. Since the distribution package utilizes the key K of the IC card issueriEncrypted so that no third party can modify the distribution package. Fig. 20 shows a process performed by an IC card issuer to issue a file system division request to an IC card. Fig. 21 shows a manner of dividing the memory area of the IC card and generating a new file system. In this process, communication between the IC card issuer and the IC card is performed by a noncontact IC card interface using electromagnetic induction, or by a communication interface such as a UART interface or I2A wired connection interface such as a C interface.
If the operating system of the IC card receives a file system division request, an allocation packet is transmitted to the file system of the IC card issuer in accordance with the area ID contained as an argument in the request. Using a key K of an IC card issueriThe encrypted allocation packet is decoded to extract the main allocation packet and the capacity (number of blocks) of the storage area to be allocated to the new file system.
If the operating system of the IC card receives a main distribution package and the capacity of a storage area to be distributed from a file system of an IC card issuer, the operating system of the IC card uses a distribution authorization key KdDecoding the main allocation packet to extract a region key K of a region to be allocatedIi(issuer key of new service provider (virtual IC card issuer) that is to use the area) and system code SCi. Then, the operating system of the IC card divides an area owned by an IC card issuer to generate a sub-storage area having a designated capacity, and assigns an issuer key KIiAnd system code SCiIs allocated to this child storage area, thereby creating a new file system.
If the process of dividing the file system is completed, the status thereof is returned to the requester, i.e., the IC card issuer.
Therefore, the new service provider can acquire the file system specific to the new service provider in the memory area of the IC card issued by the IC card issuer. This allows the new service provider to provide services in substantially the same manner as services are provided using a separate IC card issued by the new service provider. In this sense, the new service provider may appear as a virtual IC card issuer.
In the initial state of the file system immediately after creation, the assigned issuer Key KIiAnd system code SCiIs set by the distribution manager. In other words, the security of the file system of the new service provider is dependent on the distribution manager, and thus the new service provider is not allowed to analyze, manage, and process security.
In order to avoid the above problem, it is desirable that the new service provider reset the issuer key K after acquiring the file system specific to the new service provider established in the storage area of the IC cardIiAnd system code SCi. The adjustment of the capacity of the allocated area may also be performed when the resetting is performed.
FIG. 22 shows a memory in an IC cardResetting of the issuer Key K performed by the New service provider after the File System specific to the New service provider has been established in the zoneIiAnd system code SCiAnd (4) processing. In this process, communication between the service provider and the IC card is performed by a noncontact IC card interface using electromagnetic induction, or by a communication interface such as a UART interface or I2A wired connection interface such as a C interface.
The new service provider polls the operating system providing the execution environment of the IC card and issues a request message including the system code SC allocated at the point in time immediately after the acquisition of the file system specific to the new service provider to the operating system to acquire the area ID of the file systemiAs an argument.
In response to this request message, bidirectional multi-transfer communication processing is started between the service provider and the operating system that provides the execution environment of the IC card. Through this communication, mutual authentication is performed, and then, as a response to the request, the default area ID assigned by the allocation manager when the file system is divided is returned to the service provider. The details of the authentication process vary from one IC card specification to another. However, the details of the authentication process are not important to the present invention, and thus, further description thereof is omitted here.
After the authentication process, the service provider requests the operating system of the IC card to assign the issuer key KIiChange from the default value. This key change request includes a default zone ID and a key change package as arguments. Note that the Key Change Package utilizes a default issuer Key KIiEncryption is performed so that a third party cannot modify the key change package.
If the operating system of the IC card receives a key change request, a key change package is transmitted to the file system of the service provider based on the area ID contained as an argument in the request. Using a card issuer key KIiThe encryption key change packet is decoded to obtain an original key change packet. Keying a card issuer of a file system from KIiTo become KIi', then willIts status is returned to the requestor, i.e. the service provider.
Subsequently, the service provider requests the operating system of the IC card to apply the system code SCiChange from the default value. This system code change request includes a default zone ID and a system code change packet as arguments. Note that the System code Change Package utilizes a New issuer Key KIi' encrypted so that a third party cannot modify the system code change package.
If the operating system of the IC card receives a system code change request, a key change package is transmitted to the file system of the service provider based on the area ID contained as an argument in the request. Using a card issuer key KIi' decoding the encrypted system code change packet to extract an original system code change packet. Then, the system code of the file system is changed from the default value SCiBecome SCi', and returns its status to the requestor, i.e., the service provider.
Subsequently, the service provider requests the operating system of the IC card to identify the area IDiChange from the default value. This system code change request includes a default zone ID and a zone code change packet as arguments. Note that the zone ID change packet utilizes a new issuer key KIi' encrypted so that a third party cannot modify the zone ID change packet.
If the operating system of the IC card receives the area ID change request, an area ID change packet is transmitted to the file system of the service provider based on the area ID contained in the request as an argument. Using a card issuer key KIi' decoding the encrypted precinct ID change packet to extract an original precinct ID change packet. Then, the area ID of the file system is changed from the default value IDiBecome IDi', and returns its status to the requestor, i.e., the service provider.
The new service provider then obtains the issuer key K of the security settings of the file system specific to the new service provider in the manner described aboveIi' and System code SCi', so that the new service provider may not be dependent onThe security is analyzed, managed and processed at the original IC card issuer.
F. Processing to release allocation of storage
When the memory space of the IC card is logically divided and used, there is a possibility that a specific memory area becomes unnecessary, for example, due to stopping providing a specific service. In this case, after a memory area is allocated by the division processing described in the preceding paragraph E above, such a specific memory area that has become unnecessary may be released only, so that it is possible to reuse this memory area for another service without affecting other memory areas that are currently used.
The processing of releasing the storage area, that is, the processing of deleting the file system established in the storage area allocated by the division processing and releasing this allocation will be described in detail below.
Fig. 23 shows preprocessing performed before deleting a file system established in a specific storage area allocated by the division processing. When a service provider decides to delete a file system specific to the service provider in an allocated storage area of an IC card, the service provider performs preprocessing to request an IC card issuer to give permission to release the storage area.
If the IC card issuer decides to give permission to release the storage area, i.e., delete the file system, the IC card issuer generates an issuer key K using the IC card issueriThe encrypted allocation release packet is such that it comprises the system code SC containing the memory area to be releasediThe data block of (1). Since the distribution release package utilizes the card issuer key K managed by the IC card issuer using the file system of the IC card issueriEncryption is performed so that a third party cannot read the allocation release packet and also cannot modify the capacity or other parameters of the storage area to be released.
After the IC card issuer obtains the allocation release packet through the above-described preprocessing, the IC card issuer issues a request for releasing the file system in the storage area in the IC card using the obtained allocation release packet. Here, the access to the file system is performed using the zone ID of the file system as an argument. However, the IC card issuer knows only the system code, and therefore, the IC card issuer polls the IC card to acquire the area ID of the file system of the IC card issuer (see fig. 19).
If the IC card issuer has acquired the area ID, the IC card issuer requests the operating system of the IC card to release the file system. This file system release request includes the area ID of the IC card issuer as an argument and an allocation release packet. Note that the distribution release package utilizes a card issuer Key KiEncryption is performed so that a third party cannot modify the allocation release packet. Fig. 24 shows a process performed by the IC card issuer to issue a file system release request to the IC card. Fig. 25 shows a manner in which the storage area allocated by the division processing on the IC card is released and returned to the file system of the IC card issuer. In this process, communication between the IC card issuer and the IC card is performed by a noncontact IC card interface using electromagnetic induction, or by a communication interface such as a UART interface or I2A wired connection interface such as a C interface.
If the operating system of the IC card receives the assignment release request, the assignment release packet is transmitted to the file system of the IC card issuer in accordance with the area ID contained as an argument in the request. Using a key K of an IC card issueriThe encrypted allocation release packet is decoded and the system code SC of the storage area (file system) to be released is extractedi
If the operating system of the IC card receives the system code SC of the memory area (file system) to be releasediThen, the operating system of the IC card releases the specified file system and incorporates it into the original file system owned by the IC card issuer.
If the process of releasing the file system is completed, its status is returned to the requestor, i.e. the service provider.
The service provider can release unnecessary file systems dedicated to the service provider in the manner described above, thereby making it possible to reuse this storage area for another service without affecting other storage areas currently used. In this way, it is made possible to effectively utilize the memory in the IC card which is a limited resource.
G. Process for enlarging or reducing the capacity of allocated storage areas
When the memory space of the IC card is logically divided and used, it is not necessarily possible to definitely determine the capacity of each memory area at the time of dividing the original memory area. In order to solve the above problem, it is permissible to change the capacity of each storage area allocated by the division processing described in the above paragraph E. This makes it unnecessary to allocate memory so as to have a large capacity with margins to avoid shortage of memory space in future use. When the storage capacity is excessively large, the storage capacity may also be reduced. This ability to change storage capacity makes it possible to efficiently utilize limited storage space.
The process of enlarging or reducing the capacity of the file system established in the storage area allocated by the division process will be described in detail below.
Fig. 26 shows preprocessing performed before changing the capacity of the file system established in the specific storage area allocated by the division processing. When a service provider decides to expand or reduce the capacity of a file system dedicated to the service provider in an allocated storage area of an IC card, the service provider performs preprocessing to request an IC card issuer to give permission to change the storage area capacity.
If the IC card issuer decides to give permission to change the storage area capacity, the IC card issuer generates an issuer key K using the IC card issueriThe encrypted allocated area capacity change packet is such that the allocated area capacity change packet includes a data block containing the following information: system code SC of memory area to be releasediCapacity enlargement/reduction information, and information specifying a new capacity. Since this allocated area capacity change packet utilizes a card issuer key K managed by an IC card issuer using a file system of the IC card issueriEncrypted, and therefore, cannot be read by a third partyThe allocated area capacity changes the packet and also the capacity or other parameters of the storage area to be changed cannot be modified.
After the IC card issuer has obtained the allocated area capacity change package through the above-described preprocessing, the IC card issuer issues a request to change the allocated area capacity of the file system in the storage area in the IC card using the obtained allocated area capacity change package. Here, the access to the file system is performed using the zone ID of the file system as an argument. However, the IC card issuer knows only the system code, and therefore, the IC card issuer polls the IC card to acquire the area ID of the file system of the IC card issuer (see fig. 19).
If the IC card issuer has acquired the area ID, the IC card issuer requests the operating system of the IC card to change the allocated area capacity of the file system. This allocated area capacity change request includes an area ID of the IC card issuer as an argument and an allocated area capacity change packet. Note that the allocated area capacity change packet utilizes the card issuer key KiEncryption is performed so that a third party cannot modify the allocated area capacity change packet. Fig. 27 shows a process performed by the IC card issuer to issue an allocated area capacity change request to the IC card. Fig. 28 shows a manner in which the capacity of the memory area allocated by the division processing on the IC card is changed. In this process, communication between the IC card issuer and the IC card is performed by a noncontact IC card interface using electromagnetic induction, or by a communication interface such as a UART interface or I2A wired connection interface such as a C interface.
If the allocated area capacity change request is received by the operating system of the IC card, an allocated area capacity change packet is transmitted to the file system of the IC card issuer in accordance with the area ID contained as an argument in the request. Using a card issuer key KiThe allocated area capacity change packet is decoded, and the system code SC of the storage area (file system) whose capacity is to be changed is extractedi
If the operating system of the IC card receives the system code SC of the file system whose capacity is to be changediThen, the operating system of the IC card is changedThe capacity of the file system is specified. Note that when the capacity of the file system is enlarged, a part of the storage area owned by the IC card issuer is additionally allocated to enlarge the capacity of the file system. Therefore, the storage area possessed by the IC card issuer is required to have a free space whose capacity is equal to or larger than a specified capacity to be additionally allocated. Conversely, when the capacity of the file system is reduced, the file system is required to have a free space whose capacity is equal to or larger than the specified capacity to be subtracted.
If the process of changing the allocated area capacity of the file system is completed, its status is returned to the requestor, i.e. the service provider.
The service provider can change the capacity of the file system dedicated to the service provider in the manner described above. This makes it unnecessary to allocate memory so as to have a large capacity with margins to avoid shortage of memory space in future use. When the storage capacity is excessively large, the storage capacity may also be reduced. This ability to change storage capacity makes it possible to efficiently utilize limited storage space.
Industrial applicability
The invention has been described above with reference to some specific embodiments. It will be understood by those skilled in the art that various modifications and alternatives are possible without departing from the spirit and scope of the invention.
In the above description of the present invention with reference to the specific embodiments, it is assumed that the present invention is applied to, for example, a portable terminal equipped with an IC card or an IC chip. Specifically, the discussion focuses on the following techniques: dividing the storage space of the IC card into a plurality of storage areas; releasing the memory area generated by the division to release the memory resource; and increasing or decreasing the capacity of the memory area generated by the division. It is noted that the invention is not restricted to the details of these embodiments. For example, the present invention can also be applied to other types of memory devices other than an IC card or an IC chip, so that such memory devices can also be used in a similar manner as described above.
That is, the embodiments are described above by way of example and not limitation, and the scope of the present invention can only be determined by the claims.

Claims (16)

1. An information management apparatus having a storage space and adapted to manage the storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers,
the information management apparatus includes allocated area releasing means for releasing the specified second storage area and returning the released second storage area to the first storage area in accordance with a request issued by a service provider,
wherein the allocated area release means receives the data block containing the information identifying the second storage area to be released in the form of an allocated area release packet encrypted with the key of the first storage area owner; decrypting the allocated zone release packet using a key of the first storage zone owner; and releases the second storage area specified by the data block.
2. The information management apparatus according to claim 1, further comprising access control means for controlling access to each storage area in accordance with a corresponding key of a service provider.
3. An information management apparatus having a storage space and adapted to manage the storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers,
the information management apparatus includes:
allocated-area capacity changing means for enlarging or reducing the capacity of the second storage area divided from the first storage area in accordance with a request issued by a service provider,
wherein the allocated area capacity change means receives the data block containing the following information in the form of an allocated area capacity change packet encrypted with the key of the first storage area owner: information identifying a second storage area whose capacity is to be changed, information indicating whether the capacity of the second storage area is to be enlarged or reduced, and information indicating how much the capacity of the second storage area is to be enlarged or reduced; decrypting the allocated zone capacity change packet using a key of the first storage zone owner; and changes the capacity of the second storage area by an amount specified by the data block.
4. The information management apparatus according to claim 3, wherein when the capacity of the second storage area is enlarged, the allocated area capacity changing means additionally allocates a free area of the first storage area to the second storage area by a specified amount of enlarging the capacity of the second storage area; and when the capacity of the second storage area is reduced, the allocated area capacity changing means returns the free area of the second storage area to the first storage area by a specified amount of reduction in the capacity of the second storage area.
5. The information management apparatus according to claim 3, further comprising access control means for controlling access to each storage area in accordance with a corresponding key of a service provider.
6. An information management apparatus having a storage space and adapted to manage the storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers, each of the second storage areas having identification information allocated when the second storage area is divided from the first storage area,
the information management apparatus includes identification information changing means for changing the identification information allocated to the second storage area in accordance with a request issued by a service provider,
wherein the identification information changing means receives the data block containing the following information in the form of an identification information change packet encrypted with a key of the first storage area owner: identification information of the second storage area whose identification information is to be changed, and identification information to which the current identification information is changed; decrypting the identification information change packet using a key of the first storage area owner; and changes the identification information of the second storage area to the identification information specified by the data block.
7. The information management apparatus according to claim 6, wherein the identification information changing means changes the identification information of the second storage area owned by one service provider to the identification information that has been released as a result of releasing the second storage area owned by another service provider.
8. The information management apparatus according to claim 6, further comprising access control means for controlling access to each storage area in accordance with a corresponding key of a service provider.
9. An information management method for managing a storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers,
the method comprises the following steps: the specified second storage area is released and the released second storage area is returned to the first storage area according to a request issued by the service provider,
wherein the second storage area releasing step includes: receiving a data block containing information identifying a second storage area to be released in the form of an allocated area release packet encrypted with a key of a first storage area owner; decrypting the allocated zone release packet using a key of the first storage zone owner; and releases the second storage area specified by the data block.
10. The information management method according to claim 9, further comprising the steps of: access to each storage area is controlled according to the service provider's respective key.
11. An information management method for managing a storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers,
the method comprises the following steps: the capacity of the second storage area which has been divided from the first storage area is enlarged or reduced according to a request issued by a service provider,
wherein the allocated area capacity changing step includes: receiving a data block containing the following information in the form of an allocated zone capacity change packet encrypted with a key of a first storage zone owner: information identifying a second storage area whose capacity is to be changed, information indicating whether the capacity of the second storage area is to be enlarged or reduced, and information indicating how much the capacity of the second storage area is to be enlarged or reduced; decrypting the allocated zone capacity change packet using a key of the first storage zone owner; and changes the capacity of the second storage area by an amount specified by the data block.
12. The information management method of claim 11, wherein in the allocated area capacity changing step: when the capacity of the second storage area is enlarged, additionally allocating a free area of the first storage area to the second storage area by a specified amount of enlarging the capacity of the second storage area; and when the capacity of the second storage area is reduced, the free area of the second storage area is returned to the first storage area by a specified amount by which the capacity of the second storage area is reduced.
13. The information management method according to claim 11, further comprising the steps of: access to each storage area is controlled according to the service provider's respective key.
14. An information management method for managing a storage space in the form of dividing the storage space into one or more storage areas,
the storage space includes a first storage area owned by an original owner and one or more second storage areas divided from the first storage area owned by the original owner and respectively allocated to one or more service providers, each of the second storage areas having identification information allocated when the second storage area is divided from the first storage area,
the method comprises the following steps: the identification information assigned to the second storage area is changed according to a request issued by the service provider,
wherein the identification information changing step includes: receiving a data block containing the following information in the form of an identification information change packet encrypted with a key of a first storage area owner: identification information of the second storage area whose identification information is to be changed, and identification information to which the current identification information is changed; decrypting the identification information change packet using a key of the first storage area owner; and changes the identification information of the second storage area to the identification information specified by the data block.
15. The information management method of claim 14, wherein the identification information changing step comprises: the identification information of the second storage area owned by one service provider is changed to the identification information that has been released as a result of releasing the second storage area owned by another service provider.
16. The information management method according to claim 14, further comprising the steps of: access to each storage area is controlled according to the service provider's respective key.
HK07107050.5A 2004-06-15 2005-06-09 Information management device and information management method HK1099821B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP177524/2004 2004-06-15
JP2004177524 2004-06-15
PCT/JP2005/010600 WO2005124560A1 (en) 2004-06-15 2005-06-09 Information management device and information management method

Publications (2)

Publication Number Publication Date
HK1099821A1 HK1099821A1 (en) 2007-08-24
HK1099821B true HK1099821B (en) 2009-09-25

Family

ID=

Similar Documents

Publication Publication Date Title
CN100454276C (en) Information management device and information management method
US7886970B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
CA2847942C (en) Writing application data to a secure element
AU2011343474B2 (en) Local trusted services manager for a contactless smart card
US7516479B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
CN1820260B (en) Information management device and information management method
JP4599899B2 (en) Information management apparatus and information management method
HK1099821B (en) Information management device and information management method
KR20070022737A (en) Information management device and information management method
JP2005196410A (en) Data communication apparatus and memory management method for data communication apparatus
HK1097613B (en) Data communicating apparatus and method for managing memory of data communicating apparatus
HK1097612B (en) Data communicating apparatus and method for managing memory of data communicating apparatus
HK1089833B (en) Information management device and information management method