[go: up one dir, main page]

HK1139765B - Communication device, communication method, communication system and service issuing method - Google Patents

Communication device, communication method, communication system and service issuing method Download PDF

Info

Publication number
HK1139765B
HK1139765B HK10103969.9A HK10103969A HK1139765B HK 1139765 B HK1139765 B HK 1139765B HK 10103969 A HK10103969 A HK 10103969A HK 1139765 B HK1139765 B HK 1139765B
Authority
HK
Hong Kong
Prior art keywords
data
service
unit
communication
information specifying
Prior art date
Application number
HK10103969.9A
Other languages
Chinese (zh)
Other versions
HK1139765A1 (en
Inventor
金本俊范
志贺贞一
Original Assignee
索尼公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2008126152A external-priority patent/JP4807377B2/en
Application filed by 索尼公司 filed Critical 索尼公司
Publication of HK1139765A1 publication Critical patent/HK1139765A1/en
Publication of HK1139765B publication Critical patent/HK1139765B/en

Links

Abstract

The present invention provides a communication device, communication method, communication system and service issuing method. The communication device includes an antenna for transmitting and receiving signals with a reader/writer of a service issuing terminal; a recording unit recorded with data, and also recorded with a pattern in which information specifying an authentication key and access attribute indicating whether or not a readout process or a write process on the data is possible using the authentication key are corresponded; and a control unit for, when receiving one or plural information specifying a region of the data from the reader/writer of the service issuing terminal via the antenna, holding the received one or plural information specifying the region of the data. The present invention provides a technique capable of reducing the information amount of the service definition information to be held in the recording unit of the communication device.

Description

Communication device, communication method, communication system, and service distribution method
CROSS-REFERENCE TO RELATED APPLICATIONS
This application comprises the subject matter of the disclosure of Japanese priority patent application JP 2008-126152 filed on 13.5.2008 to the present patent office, the entire contents of which are incorporated herein by reference.
Technical Field
The present invention relates to a communication apparatus, a communication method, a communication system, and a service distribution method, and particularly to a communication apparatus, a communication method, a communication system, and a service distribution method for reducing the amount of data recorded in the communication apparatus.
Background
Various techniques for issuing an IC (integrated circuit) card serving as one example of a communication device or a security device have been disclosed (for example, see japanese patent application laid-open No. 2007 and 317093). For example, in an application-generic OS in which an IC chip embedded in a communication device is FeliCa (registered trademark) and a loaded OS (operating system) is FeliCa OS, issuing a service to the communication device of the related art is performed by transmitting a plurality of issue commands from a terminal on the issuing side to the communication device (IC chip) and executing processing on the commands in the communication device.
Here, the service refers to a range of managing data entities such as electronic money data itself in a file system of the communication apparatus. For example, the service corresponds to "file" in Windows (registered trademark). In order to access data managed in a specific service, the same key as the authentication key assigned to the service as necessary is prepared on the terminal side where access is made.
The distribution of the service refers to creating a new service in a file system of the communication apparatus by securing a storage area for storing user data such as information defining the service and electronic money data itself and storing such information in a memory.
When a service issue command is executed in the communication apparatus, predetermined access attributes (defining the type of data structure, method for accessing user data, and the like) defined for each OS and an authentication key used in authentication when accessing are set. A data structure is represented by a combination of these services, thereby implementing the corresponding application. The application refers to a service provided by a provider, and includes, for example, a prepaid electronic money application, a credit application, a ticket application, and the like.
The communication apparatus may receive the distribution of the service corresponding to the application desired to be provided by being placed on a non-contact reader/writer arranged at a predetermined position of the service distribution terminal, or by being connected to a communication unit of the contact reader/writer such as with a wired interface.
If the communication apparatus is a function integrated in a mobile phone or the like, services can be issued without using a reader/writer by a method of connecting an IC chip and a controller within the mobile phone with a wired interface and inputting a service issuance command to the IC chip via the wired interface. In this case, the service issuance system can be installed at a remote location by transmitting the service issuance command through the mobile phone network.
[ patent document 1] Japanese patent application laid-open No. 2007 and 317093
Disclosure of Invention
However, when access control information on a data block (data storage area) is issued (signaled) in a communication apparatus (security apparatus), an address range, an access attribute, and an authentication key of the data block are set in units of the access control information. Therefore, it is necessary to store the address range of the data block, the access attribute, the authentication key, and the like in units of access control information with respect to the definition information area of the recording unit in the communication apparatus, and thus the amount of the necessary storage area increases.
The present invention addresses the above and other issues related to the methods and apparatuses of the related art, and it is desirable to provide a novel and improved technique capable of reducing the amount of information of service definition information to be held in a recording unit of a communication device (security device).
According to an embodiment of the present invention, there is provided a communication apparatus including: a communication unit for transmitting and receiving signals with the service distribution terminal; a recording unit that records data, and also records information specifying an authentication key and a pattern corresponding to an access attribute indicating whether or not read processing or write processing can be performed on the data using the authentication key; and a control unit for holding the received one or more pieces of information specifying the data area when the one or more pieces of information specifying the data area are received from the service distribution terminal via the communication unit.
According to the embodiments of the present invention described above, it is possible to provide a technique capable of reducing the amount of information of service definition information held in the recording unit of a communication device (security device).
Drawings
Fig. 1 is a diagram for describing a related art service issuing method targeted at a communication apparatus (e.g., an IC card) loaded with an application-generic type OS;
FIG. 2 is a diagram showing one example of a command used in a service issuance method of the related art;
FIG. 3 is a diagram illustrating one example of a prior art service publication sequence;
FIG. 4 is a diagram showing a configuration example of service definition information and data of the related art;
FIG. 5 is a diagram showing one example of commands used in a prior art data read and write process;
fig. 6 is a diagram showing one example of a flow chart of an authentication processing flow of the related art;
fig. 7 is a diagram showing one example of a flow chart of a data read-out processing flow of the related art;
FIG. 8 is a diagram showing one example of a flow chart of a data write processing flow of the related art;
fig. 9 is a diagram illustrating an example of service definition information according to an embodiment of the present invention;
FIG. 10 is a diagram illustrating one example of a system according to an embodiment of the invention;
fig. 11 is a block diagram showing a functional configuration of a reader/writer according to an embodiment of the present invention; and
fig. 12 is a block diagram showing a functional configuration of a communication apparatus according to an embodiment of the present invention.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Note that in the present specification and the drawings, structural elements having substantially the same function and structure are denoted by the same reference numerals, and repeated explanation of these structural elements is omitted.
Fig. 1 is a diagram for describing a related art service issuing method targeted at a communication device (e.g., an IC card) loaded with an application-generic type OS.
As shown in fig. 1, a service distribution system 1 distributes services. The service delivery system 1 is a system prepared by an application provider, and is constituted by a service delivery terminal 11 and a service definition database 12. A reader/writer 11A serving as one example of a communication unit for transmitting/receiving a signal with the communication device 2 is arranged at a predetermined position of the housing of the service distribution terminal 11. The service distribution system 1 may be constituted by one device, or may be constituted by a plurality of devices.
The communication apparatus 2 is a contactless communication apparatus owned by a user desiring to be provided with a predetermined application, and a service distribution function 21 and a file system 22 are implemented in the communication apparatus 2. The service issuing function 21 is a function realized by executing a predetermined program with an IC chip, and interprets a service issuing command transmitted from the service issuing terminal 11 and issues a service. The file system 22 is a file system for managing data stored in the memory of the IC chip. When the distribution of the service is received, the communication apparatus 2 is placed on the reader/writer 11A of the service distribution terminal 11.
As shown in fig. 1, when the communication apparatus 2 is placed on the reader/writer 11A, the service issuing terminal 11 inquires the service definition database 12 about a command parameter added to the service issuing command to issue the command to the communication apparatus 2 (as processing P1).
When receiving the query from the service distribution terminal 11, the service definition database 12 responds to the service distribution information specifying the data structure corresponding to the distribution service type, the method for accessing the user data, and the like (as processing P2).
When receiving the response from the service definition database 12, the service issuing terminal 11 transmits a service issuing request (RegisterService _ Req) command to which the service issuing information obtained by querying the service definition database 12 is added as a command parameter to the communication apparatus 2 (as in the process P3). The transmission of the service issuance command and the command parameter is performed by the reader/writer 11A (fig. 2C shows an example of the service issuance request command, and fig. 3 shows an example of the service issuance order).
Upon receiving the service issuance command and the command parameter transmitted from the service issuance terminal 11, the service issuance function 21 of the communication apparatus 2 interprets the service issuance command and executes the internal processing of the communication apparatus (such as processing P4). According to the internal processing of the communication apparatus, the service definition information 22A (see fig. 4) is generated based on the service issuance information contained in the command parameter transmitted together with the service issuance command from the service issuance terminal 11. The service publishing function 21 maps the service data structure onto the file system 22 according to the service definition information 22A, thereby performing publishing of the service.
After the termination of the issuance of the service, the service issuing function 21 transmits information (result code (SF)) indicating that the issuance of the service is terminated in the parameter of the service issuing response (RegisterService _ Res) to the service issuing terminal 11 in the process P5.
Fig. 2 is a diagram showing one example of a command used in a related art service issuance method. Commands used in the related art service issuance method will be described with reference to fig. 2.
As shown in fig. 2A, the authentication request (Auth1_ Req) is configured to contain a request identifier for identifying a command, a device identifier (IDm) for identifying a communication device, a service code (SID) for identifying a service, an authentication challenge message (M1c), and the like.
Fig. 3 is a diagram showing one example of a service publishing sequence of the related art. A related art service publishing sequence will be described with reference to fig. 3.
As shown in fig. 3, in generating service definition information defining a desired service data structure, it may not be possible to implement with one exchange of the process P3 (see fig. 1) and the process P5 (see fig. 1). In this case, the exchange of the process P3 and the process P5 is repeated a plurality of times.
Fig. 4 is a diagram showing a configuration example of service definition information and data of the related art. The configuration of the service definition information and data of the related art will be described with reference to fig. 4.
More specifically, as shown in fig. 4, the service definition information 22A is recorded in the recording unit 106 (provided by a nonvolatile memory or the like) of the communication apparatus 200. As shown in fig. 4, the recording unit 106 of the communication apparatus 200 is mainly divided into a service definition information area and a data area, wherein the service definition information area is generally defined by a predetermined access attribute defined for each OS and an authentication key for authentication when access is made. In the example shown in fig. 4, five types of service identifiers or SID1 to SID5 called service codes (SID) are defined for each service unit, and the presence of access attributes (AA1 to AA5), authentication keys (K1, K2) (hyphen when absent) and object user data addresses (AD1 to AD5) are stored as a set in the respective service identification units.
In operation, when an arbitrary user data address is accessed, a corresponding service code (SID) is specified in the parameters, and an authentication command is executed. The authentication process is performed by an authentication key stored in a corresponding service code (SID). After the authentication is completed, control is performed using a read command, a write command, or the like so that the execution of the command is permitted according to the Access Attribute (AA) stored in the corresponding service code (SID) and only when the subject user data Address (AD) is specified.
In the system thus configured, an area for storing an access attribute AA for each service code (SID), an authentication key K, and a target user data address AD are required in the recording unit of the communication apparatus.
Fig. 5 is a diagram showing one example of commands used in the data read and write process of the related art. Commands used in the related art data read and write process will be described with reference to fig. 5.
As shown in fig. 5A, the Read request (Read _ Req) is configured to contain a request identifier for identifying a command, a session ID for identifying a session, a Read target address (R _ AD) indicating an address of a data Read source, an access attribute (R _ AA) indicating an access method, and the like.
As shown in fig. 5B, the Read response (Read _ Res) is configured to contain a request identifier for identifying a command, a session ID for identifying a session, a result code (SF) indicating a processing result, Read target DATA (DATA) as Read DATA, and the like.
As shown in fig. 5C, the Write request (Write _ Req) is configured to contain a request identifier for identifying a command, a session ID for identifying a session, a Write target address (W _ AD) indicating an address of a DATA Write destination, an access attribute (R _ AA) indicating an access method, Write target DATA (DATA) as DATA to be written, and the like.
As shown in fig. 5D, the Write response (Write _ Res) is configured to contain a response identifier for identifying a command, a session ID for identifying a session, a result code (SF) indicating a processing result, and the like.
Fig. 6 is a diagram showing one example of a flow chart of the flow of the authentication process of the related art. The related art authentication process will be described with reference to fig. 6 (see other figures as appropriate).
When an authentication request (Auth1_ Req) (see fig. 2A) is transmitted from the reader/writer to the communication apparatus, the authentication process is started by the control unit of the communication apparatus, and the authentication process is normally terminated when the communication apparatus returns an authentication response (Auth1_ Res) (see fig. 2B).
First, in P91, the communication apparatus receives a command (Auth1_ Req). In P92, the communication device analyzes (extracts) the command parameter (device identifier (IDm)), the service code (SID), and the authentication challenge message (M1C). In P93, the communication apparatus reads out the service definition information held in the recording unit of the communication apparatus, specifies the service definition information corresponding to the service code (SID) obtained in P92, and develops (holds) the content on the RAM. In P94, the communication apparatus specifies the authentication key (K) based on the specified service definition information obtained in P93. If the authentication key is not set, the process proceeds to P99, and terminates the process without a response without returning an authentication response (Auth _ Req). In P95, the communication apparatus reads out the authentication key (K) specified in P94 from the recording unit. In P96, the communication apparatus performs authentication processing using the command parameters and the authentication key (K) obtained in P92 and P95. In P97, the communication device generates a response packet based on the response parameters (the authentication challenge message (M2c) and the authentication challenge message (M3c)) obtained in P96, and returns the response packet to the reader/writer.
Fig. 7 is a diagram showing one example of a flow chart of a data read-out processing flow of the related art. The data readout process of the related art will be described with reference to fig. 7 (see other figures as appropriate).
First, in P101, the communication device receives a command (Read _ Req). In P102, the communication device analyzes (extracts) the command parameters (session ID, read target address (R _ AD), access attribute (R _ AA)). In P104, the communication device specifies the target user data Address (AD) based on the service definition information specified in the authentication process, and checks whether or not the read target address (R _ AD) is included. If no check is made, processing proceeds to P108, and processing terminates by returning an error response. In P105, the communication apparatus specifies the Access Attribute (AA) based on the service definition information specified in the authentication process, and checks whether the Access Attribute (AA) is in the corresponding range. If no check is made, processing proceeds to P108, and processing terminates by returning an error response. In P106, the communication apparatus executes the readout process using the command parameter obtained in P102. In P107, the communication device generates a response packet based on the response parameter (result code (SF)) obtained in P106 and the read-out object DATA (DATA), and returns the response packet to the reader/writer.
Fig. 8 is a diagram showing one example of a flow chart of a data writing processing flow of the related art. A data write process of the related art will be described with reference to fig. 8 (see other figures as appropriate).
First, in P111, the communication device receives a command (Write _ Req). In P112, the communication device analyzes (extracts) the command parameters (session ID, write target address (W _ AD), access attribute (R _ AA), write target DATA (DATA)). In P114, the communication apparatus specifies the target user data Address (AD) based on the service definition information specified in the authentication process, and checks whether or not the write target address (W _ AD) is included. If no check is made, processing proceeds to P118 and processing terminates by returning an error response. In P115, the communication apparatus specifies the Access Attribute (AA) based on the service definition information specified in the authentication process, and checks whether the Access Attribute (AA) is within the corresponding range. If no check is made, processing proceeds to P118 and processing terminates by returning an error response. In P116, the communication apparatus performs the write process using the command parameters obtained in P112. In P117, the communication device generates a response packet based on the response parameter (result code (SF)) obtained in P116, and returns the response packet to the reader/writer.
Fig. 9 is a diagram illustrating an example of service definition information according to an embodiment of the present invention. An example of the service definition information according to an embodiment of the present invention will be described with reference to fig. 9.
The service release information table describes a data structure stored in the service definition information 220A.
An example of a service release information table is shown in which five types of access attribute value patterns represented by pattern (pattern) number entries are defined.
The pattern PT1 shows the access attribute that enables reading/writing regardless of the presence or absence of authentication.
The pattern PT2 shows an access attribute that enables reading/writing after authentication using the authentication key K1/K2 or only reading if authentication is not performed.
The pattern PT3 shows an access attribute that enables reading/writing after authentication using the authentication key K1/K2 but prohibits access if authentication is not performed.
The pattern PT4 shows access attributes that enable reading/writing after authentication using the authentication key K1, enable reading only after authentication using the authentication key K2, and prohibit access if authentication is not performed.
The pattern PT5 shows an access attribute that enables reading/writing but otherwise prohibits access only after authentication using the authentication key K1.
The correspondence of the pattern number and the access attribute and the order of the pattern number are specifications fixed according to the communication device product, and installation is carried out so that the interpretation in compliance with the specifications is performed by the control unit.
As shown in fig. 9, the (defined) access attribute information is composed of a combination of: the information specifying the authentication key corresponds to information (pattern) indicating whether or not the data area can be read out or written in using such an authentication key. Any number of such combinations may be used, as long as there is more than one. As shown in fig. 9, a pattern number may be assigned to each combination. Such access attribute information is recorded in the recording unit 106 (see fig. 12) of the communication apparatus 200.
FIG. 10 is a diagram illustrating one example of a system according to an embodiment of the invention. One example of a system according to an embodiment of the present invention will be described with reference to fig. 10.
As shown in fig. 10, the service delivery system 100 delivers services. The service delivery system 100 is a system prepared by an application provider or the like, and is composed of a service delivery terminal 110C and a service definition database 120. The reader/writer 110A serving as one example of a communication unit that transmits/receives a signal with the communication device 200 is arranged at a predetermined position of the housing of the service distribution terminal 110C. The service distribution terminal 110C includes a processing unit 110B for executing control of the reader/writer 110A and control processing inside the service distribution terminal 110C. The processing unit 110B is constituted by a CPU (central processing unit) or the like, and its function is realized by executing a program stored in a memory (not shown). The service distribution system 100 may be constituted by one device or may be constituted by a plurality of devices.
The communication apparatus 200 is a contactless communication apparatus owned by a user desiring to be provided with a predetermined application, and a service distribution function 210 and a file system 220 are implemented in the communication apparatus 200. The service issuing function 210 is a function realized by executing a predetermined program with an IC chip, and interprets a service issuing command transmitted from the service issuing terminal 110C and issues a service. The service publishing function 210 is part of the functionality of the control unit 104 shown in fig. 12. The file system 220 is a file system for managing data stored in the memory of the IC chip. When the distribution of the service is received, the communication apparatus 200 is placed on the reader/writer 110A of the service distribution terminal 110C.
As shown in fig. 10, when the communication apparatus 200 is placed on the reader/writer 110A, the processing unit 110B of the service issuing terminal 110C inquires the service definition database 120 about a command parameter added to the service issuing command to issue the command to the communication apparatus 2 (as processing P10).
The service definition database 120 responds to the service delivery information when receiving the query from the service delivery terminal 110C (as in process P20). Here, the service delivery information is constituted by a combination of information specifying the data area recorded in the recording unit 106 of the communication apparatus 200 and the pattern number. The information specifying the data area is configured to have a start address indicating a start position of the data area and an end address indicating an end position of the data area corresponding to each other. The number of combinations of the information specifying the data area and the pattern number may be any number as long as it is one or more.
The service announcement information may not contain a pattern number. Further, if data is continuously recorded in the recording unit 106 of the communication apparatus 200, the information specifying the data area may not contain a start address indicating the start position of the data area. That is, the information specifying the data area includes only the end address indicating the end position of the data area.
When receiving the response from the service definition database 120, the service issuing terminal 110C transmits a service issuing request (RegisterService _ Req) command to which the service issuing information obtained by querying the service definition database 120 is added as a command parameter to the communication apparatus 200 (as in the process P30). The transmission of the service issuance command and the command parameter is performed by the reader/writer 110A.
Upon receiving the service issuance command and the command parameter transmitted from the service issuance terminal 110C, the service issuance function 210 of the communication apparatus 200 interprets the service issuance command and executes the internal processing of the communication apparatus (such as processing P40). According to the internal processing of the communication apparatus, the service issuance information included in the command parameter transmitted from the service issuance terminal 110C together with the service issuance command is recorded in the recording unit 106 managed by the control unit 104 of the communication apparatus 200.
After the termination of the distribution of the service, in the process P50, the service distribution function 210 transmits information (result code (SF)) indicating that the distribution of the service is terminated in the parameter of the service distribution response (RegisterService _ Res) to the service distribution terminal 110C.
Therefore, the user of the communication device 200 (communication device issuer) assigns an address range of user data with respect to the pattern number according to the use application. Therefore, the service delivery information is determined by determining the address range of the user data. The order of the pattern numbers is the same order as the address value of the user data, and therefore, the service release information held in the service definition information area of the communication apparatus may be only the boundary value of the address range of the user data, or four bytes in total in this example. In the service issuance request (RegisterService _ Req) shown in fig. 2C, the service issuance information excluding the authentication key (K) may be omitted by up to four bytes.
Further, regarding the processing logic, in the authentication request (Auth _ Req) command, the processing executed in P93 for specifying the authentication key (K) from the service code (SID) using the service definition information may be omitted. In the read/write command, the check of the target user data Address (AD) and the check of the Access Attribute (AA) can be omitted using the service definition information executed in P104, P105/P114, P115, and thus high-speed processing is realized under the same use case.
Fig. 11 is a block diagram showing a functional configuration of a reader/writer according to an embodiment of the present invention. A reader/writer according to an embodiment of the present invention will be described with reference to fig. 11.
The reader/writer 300 is configured to include a control unit 31, a recording unit 32, an SPU (signal processing unit) 33, a modulation unit 34, an oscillation circuit 35, an antenna 36 serving as one example of a communication unit, a demodulation unit 37, and a driver 38.
The control unit 31 generates a request signal requesting rewriting of data containing predetermined data. The control unit 31 also generates a request signal requesting transmission of predetermined data.
The control unit 31 generates data stored in a request signal requesting rewriting of the data. The control unit 31 is constituted by a CPU (central processing unit) or the like, for example, and reads a program supplied from a driver 38 (installed as needed), and executes the read program. If the program and data are supplied from the driver 38, the control unit 31 supplies the supplied program and data to the recording unit 32, reads the program recorded in the recording unit 32, and executes the read program as necessary. The control unit 31 is integrated with a memory so that data can be held therein.
The recording unit 32 is a so-called nonvolatile storage medium or recording medium that can rewrite and hold recorded content even if power is turned off, and is configured of, for example, a hard disk, a flash memory, or the like. The recording unit 32 records various data. The recording unit 32 supplies the recorded data to the control unit 31 as necessary.
The recording unit 32 supplies the recorded authentication key to the control unit 31. The recording unit 32 also records data supplied from the control unit 31.
SPU 33 encodes the request signal supplied from control unit 31 by a predetermined method and supplies the encoded request signal to modulation unit 34. SPU 33 decodes the response signal supplied from demodulation unit 37 by a method corresponding to the encoding method of the response signal, and supplies the decoded response signal to control unit 31.
For example, when a request signal to be transmitted for the communication apparatus 200 is supplied from the control unit 31, the SPU 33 performs encoding processing such as encoding into a manchester code on the relevant request signal, and outputs the obtained signal to the modulation unit 34. When the response signal from the communication apparatus 200 is supplied from the demodulation unit 37, the SPU 33 performs decoding processing such as decoding of a manchester code on the correlation data, and supplies the obtained signal to the control unit 31.
The modulation unit 34 generates a carrier wave based on a clock signal of a predetermined frequency supplied from the oscillation circuit 35. The modulation unit 34 modulates the request signal supplied from the SPU 33 by a predetermined method based on the carrier to generate a request signal, and supplies the modulated request signal to the antenna 36. For example, the modulation unit 34 generates a modulated request signal by changing the phase, amplitude, frequency, and the like of the carrier based on the request signal supplied from the SPU 33.
More specifically, the modulation unit 34 ASK (amplitude shift keying) modulates data supplied from the SPU 33 with a clock signal having a frequency of 13.56MHz supplied from the oscillation circuit 35 as a carrier wave, and outputs the generated modulated wave to the antenna 36 as an electromagnetic wave.
The oscillation circuit 35 generates a clock signal of a predetermined frequency to be a reference, and supplies the generated clock signal to the modulation unit 34.
The antenna 36 transmits the request signal supplied from the modulation unit 34 to the communication apparatus 200 by wireless communication. In other words, the antenna 36 emits an electric wave for transmitting the request signal supplied from the modulation unit 34. The antenna 36 receives the response signal transmitted from the communication apparatus 200 and supplies the received response signal to the demodulation unit 37.
The demodulation unit 37 demodulates the response signal supplied from the antenna 36 by a demodulation method corresponding to the modulation method of the modulation unit 109 (see fig. 3), and supplies the demodulated response signal to the SPU 33. For example, the demodulation unit 37 demodulates a modulated wave (ASK modulated wave) acquired through the antenna 36, and outputs the demodulated response signal to the SPU 33.
When a magnetic disk 71, an optical disk 72, a magneto-optical disk 73, or a semiconductor memory 74 is attached, the drive 38 drives it to acquire recorded programs, data, and the like. The acquired program and data are transmitted to the control unit 31 or the communication device 200. The program transmitted (transmitted) to the communication apparatus 200 is recorded or executed by the communication apparatus 200 as necessary.
Fig. 12 is a block diagram showing a configuration of functions of a communication apparatus according to the present embodiment. A communication apparatus according to an embodiment of the present invention will be described with reference to fig. 12.
The communication apparatus 200 is configured to include an antenna 101 serving as one example of a communication unit, a demodulation unit 102, an SPU 103, a control unit 104, a recording unit 106, a RAM (random access memory) 107, an oscillation circuit 108, a modulation unit 109, and a power generation unit 110.
The antenna 101 receives the request signal transmitted from the reader/writer 300, and supplies the received request signal to the demodulation unit 102. The antenna 101 transmits the response signal supplied from the modulation unit 109 to the reader/writer 300 by wireless communication. In other words, the antenna 101 emits an electric wave for transmitting the response signal supplied from the modulation unit 34. In the antenna 101, resonance occurs by an electric wave of a predetermined frequency emitted from the reader/writer 300, thereby generating an electromotive force.
The demodulation unit 102 demodulates the request signal supplied from the antenna 101 by a demodulation method corresponding to the modulation method of the modulation unit 34 (see fig. 11), and supplies the demodulated request signal to the SPU 103. For example, demodulation section 102 envelope-detects and demodulates a request signal or ASK modulation wave received via antenna 101, and outputs the demodulated request signal to SPU 103.
The SPU 103 decodes the request signal supplied from the demodulation unit 102 by a predetermined method, and supplies the decoded request signal to the control unit 104. The SPU 103 encodes the response signal supplied from the control unit 104 by a predetermined encoding method and supplies the encoded response signal to the modulation unit 109. For example, if the data demodulated in the demodulation unit 102 is encoded by the manchester method, the SPU 103 decodes the data (decodes manchester codes) based on a clock signal supplied from a PLL (phase locked loop) circuit (not shown), and supplies the decoded data to the control unit 104. For example, the SPU 103 encodes the response signal supplied from the control unit 104 by the manchester method, and supplies the encoded response signal to the modulation unit 109.
The control unit 104 is constituted by a CPU (central processing unit) or the like, and its function is realized by executing a program stored in the RAM 107.
The recording unit 106 is constituted by a nonvolatile memory such as a flash memory, an EEPROM, an MRAM, an FeRAM, or the like. The recording unit 106 records various data such as confidential data to be transmitted to the reader/writer 300 and data necessary for executing a program.
The RAM 107 appropriately stores data and the like necessary for executing programs. The RAM 107 supplies the stored data to the control unit 104.
The oscillation circuit 108 generates a clock signal having the same frequency as that of the request signal received by the antenna 101, and supplies the generated clock signal to the modulation unit 109. The oscillation circuit 108 integrates a PLL circuit and generates a clock signal having the same frequency as that of the request signal.
The modulation unit 109 generates a carrier wave based on a clock signal of a predetermined frequency supplied from the oscillation circuit 108. The modulation unit 109 modulates the response signal supplied from the SPU 103 by a predetermined method based on the carrier to generate a response signal, and supplies the modulated response signal to the antenna 101. For example, the modulation unit 109 also ASK-modulates a response signal encoded by the manchester method supplied from the SPU 103, and transmits the modulated response signal to the reader/writer 300 via the antenna 101.
The modulation unit 109 turns on/off a predetermined switching element (not shown) with respect to a response signal supplied from the SPU 103, and connects a predetermined load in parallel to the antenna 101 only when the switching element is in an on state, so that the load of the antenna 101 fluctuates. The ASK-modulated response signal is transmitted to the reader/writer 300 via the antenna 101 (terminal voltage of the antenna 36 of the reader/writer 300 is fluctuated) by the load fluctuation of the antenna 101.
The power generation unit 110 generates Direct Current (DC) power based on Alternating Current (AC) electromotive force generated in the antenna 101, and supplies the generated DC power to each unit of the communication apparatus 200.
As described above, in the present embodiment, when issuing (transmitting) access control information with respect to a data block in a communication device (for example, an IC card) as a security device for securely storing information, instead of storing an address range, an access attribute, an authentication key, and the like of the data block in units of access control information with respect to a recording unit, use is made in such a manner as to be assigned to a pattern represented by a combination of an access attribute value and an authentication key defined in advance for each product according to a use application.
As for the operation processing logic, reading the service definition information from the recording unit, specifying the authentication key, specifying and checking the access attribute value, and specifying and checking the address range may be performed without using the pattern defined for each product. Therefore, the reading and searching process of the service distribution information from the recording unit can be omitted. Further, in the issue processing, only the address boundary values of the data blocks may be specified together instead of being transmitted by the command of each unit of the access control information. Therefore, since service issuance (signaling) is completed with shorter command parameters and fewer command/response times, higher speed service issuance is achieved. Thus, the issue/operation process is simplified and the process is completed at a higher speed under the same use case.
It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and improvements may be made in accordance with design requirements and other factors, and are intended to be included within the scope of the appended claims or equivalents.

Claims (7)

1. A communication device comprises
A communication unit for transmitting and receiving signals with the service distribution terminal;
a recording unit recorded with data, and further recorded with a pattern: wherein the information specifying an authentication key corresponds to an access attribute indicating whether or not the data can be subjected to a read process or a write process using the authentication key, wherein an address range of a recording area of the data corresponds to the pattern; and
a control unit configured to, when one or more pieces of information specifying a recording area of the data are received from the service distribution terminal via the communication unit, record the received one or more pieces of information specifying the recording area of the data in the recording unit.
2. The communication device as set forth in claim 1,
wherein the control unit receives, as the information specifying the recording area of the data, information corresponding to a start address indicating a start position of the recording area of the data and an end address indicating an end position of the recording area of the data.
3. The communication device as set forth in claim 1,
wherein the recording unit continuously records the data; and
the control unit receives an end address indicating an end position of a recording area of the data as information specifying the recording area of the data.
4. A communication device, comprising:
a communication unit for transmitting and receiving signals with the service distribution terminal;
a recording unit recorded with data, and further recorded with a pattern: wherein the information specifying the authentication key corresponds to an access attribute indicating whether or not the data can be subjected to a read-out process or a write-in process using the authentication key, and further a pattern number as a number specifying the pattern is recorded, wherein an address range of a recording area of the data corresponds to the pattern number; and
a control unit configured to, when receiving, from the service distribution terminal via the communication unit, information specifying a recording area of the data and one or more combinations of the pattern numbers as numbers specifying the patterns, record the received one or more combinations in the recording unit.
5. A communication method performed by a control unit of a communication apparatus including a recording unit that records data and also records a pattern of: wherein the information specifying the authentication key corresponds to an access attribute indicating whether or not the data can be subjected to a read-out process or a write-in process using the authentication key, and wherein an address range of a recording area of the data corresponds to the pattern, the method comprising the steps of:
receiving one or more pieces of information specifying a recording area of the data from a service distribution terminal via a communication unit for transmitting and receiving signals with the service distribution terminal; and
recording the received one or more pieces of information specifying the recording area of the data in the recording unit.
6. A communication system, comprising:
a communication device, comprising:
a first communication unit for transmitting and receiving signals with a service distribution terminal;
a recording unit recorded with data, and further recorded with a pattern: wherein the information specifying the authentication key corresponds to an access attribute indicating whether or not the data can be subjected to a read-out process or a write-in process using the authentication key, and wherein an address range of a recording area of the data corresponds to the pattern; and
a control unit configured to, when one or more pieces of information specifying a recording area of the data are received from the service distribution terminal via the first communication unit, record the received one or more pieces of information specifying the recording area of the data in the recording unit; and
the service issuing terminal includes:
a second communication unit for transmitting and receiving signals with the communication device, an
A processing unit configured to transmit, via the second communication unit, one or more pieces of information specifying a recording area of the data recorded in the recording unit of the communication apparatus.
7. A service publishing method of a communication system, the communication system comprising: a communication device including a first communication unit for transmitting and receiving a signal with a service distribution terminal, and a recording unit recorded with data and also recorded with a pattern of: wherein the information specifying the authentication key corresponds to an access attribute indicating whether or not the data can be subjected to a read-out process or a write-in process using the authentication key, and wherein an address range of a recording area of the data corresponds to the pattern; and the service distribution terminal including a second communication unit for transmitting and receiving signals with the communication apparatus,
wherein, the processing unit of the service issuing terminal executes the following steps:
transmitting, via the second communication unit, one or more pieces of information specifying a recording area of the data recorded in the recording unit of the communication apparatus; and
the control unit of the communication device performs the steps of:
receiving one or more pieces of information specifying a recording area of the data from the service distribution terminal via the first communication unit; and
recording the received one or more pieces of information specifying the recording area of the data in the recording unit.
HK10103969.9A 2008-05-13 2010-04-22 Communication device, communication method, communication system and service issuing method HK1139765B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008126152A JP4807377B2 (en) 2008-05-13 2008-05-13 COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, AND SERVICE ISSUING METHOD
JP2008-126152 2008-05-13

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
HK13106801.1A Division HK1179075B (en) 2008-05-13 2010-04-22 Communication device, communication method, communication system and service issuing method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
HK13106801.1A Addition HK1179075B (en) 2008-05-13 2010-04-22 Communication device, communication method, communication system and service issuing method

Publications (2)

Publication Number Publication Date
HK1139765A1 HK1139765A1 (en) 2010-09-24
HK1139765B true HK1139765B (en) 2013-08-23

Family

ID=

Similar Documents

Publication Publication Date Title
EP2183728B1 (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
US7797537B2 (en) Mobile terminal, data communication method, and computer program
US10291398B2 (en) Communication device, communication method, reader/writer, and communication system
US10769284B2 (en) Information processing apparatus and method, recording medium, and program
US9729530B2 (en) Communication device, communication method, communication system and service issuing method
KR101164450B1 (en) System and Method for Assigning Dynamic ID to RFID Tag, RFID Tag, RFID Terminal and Recording Medium
HK1139765B (en) Communication device, communication method, communication system and service issuing method
HK1179075B (en) Communication device, communication method, communication system and service issuing method
KR101077867B1 (en) RFID Terminal
KR101077864B1 (en) RFID tag
HK1140039B (en) Communication device, communication method, reader/writer, and communication system
KR20140142566A (en) NFC tag supporting hybrid mode and generating method thereof
JP2013211061A (en) Communication device