JP2002244755A - Data processing method, semiconductor circuit and program - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To provide a data processing method for preventing data from being exchanged between application programs as needed while preventing unauthorized alteration and monitoring by a user of another application program. I do. A SAM chip (108) pre-registers a condition for permitting communication between the application programs via a firewall, and when the application program generates a communication request with another application program, the communication is performed. It is determined whether the request satisfies the registered condition. If it is determined that the request satisfies the registered condition, communication between the application programs according to the communication request is performed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an environment in which a plurality of application programs operate, and permits communication between application programs as necessary while preventing each application program from being tampered with and monitored. The present invention relates to a data processing method, a semiconductor circuit, and a program.

[0002]

2. Description of the Related Art Currently, a communication system has been developed in which an IC card is used for transactions via a network such as the Internet. In such a communication system,
The server device that performs the settlement is, for example, an IC card reader / writer.
Upon receiving a processing request using an IC card from a writer or a PC (Personal Computer), it performs processing such as user authentication and data encryption and decryption. On the server device described above, for example, a plurality of application programs respectively corresponding to a plurality of businesses such as credit card companies are operating.

[0003]

However, when the application programs of a plurality of operators operate on the server device as described above, each application program is illegally tampered with and monitored by the operators of the other application programs. Need to be prevented. On the other hand, between application programs,
There is a demand to provide various services while exchanging data.

[0004] The present invention has been made in view of the above-mentioned conventional technology. When a plurality of application programs are operated on the same semiconductor circuit, each application program is illegally operated by a user of another application program. It is an object of the present invention to provide a data processing method, a semiconductor circuit, and a program that allow data exchange between application programs as necessary while preventing tampering and monitoring.

[0005]

In order to achieve the above-mentioned object, a data processing method of the present invention is a data processing method performed by a semiconductor circuit executing an application program. When the application program is executed independently, conditions for permitting communication between the application programs performed through the firewall are registered in advance, and when the application program issues a communication request with another application program, It is determined whether or not the communication request satisfies the registered condition. If it is determined that the registered condition is satisfied, communication between the application programs according to the communication request is executed.

[0006] The data processing method of the present invention preferably comprises:
Information indicating a combination of the application program, which is the source of the communication request, and the other application program permitted to communicate through the firewall is registered as a condition for permitting the communication.

In the data processing method of the present invention, preferably, when the semiconductor circuit receives a processing request from outside the semiconductor circuit, an application program corresponding to the processing request is selected from the plurality of application programs. Then, based on the selected application program, a process according to the process request is performed.

In the data processing method according to the present invention, it is preferable that the transmission and reception of data accompanying the communication between the application programs is performed using a predetermined storage area of a semiconductor storage device external to the semiconductor circuit.

Further, in the data processing method of the present invention, preferably, the application program on the data transfer side writes data to the predetermined storage area, and notifies the application program on the data reception side that the writing has been performed. Then, in response to the notification, the application program on the data receiving side reads the data from the predetermined storage area.

In the data processing method of the present invention, preferably, when an access request to the predetermined storage area is issued, the validity of the access is determined by a firewall, and the access is determined to be valid. The access to the predetermined storage area is permitted only for the requested access.

Further, in the data processing method of the present invention, preferably, data transmitted / received along with the communication between the application programs is scrambled and then stored in the predetermined storage area.

In the data processing method according to the present invention, preferably, the semiconductor circuit requests at least a part of a process accompanying execution of the application program to another semiconductor circuit.

In addition, the semiconductor circuit of the present invention independently executes a plurality of application programs each protected by a firewall, and registers in advance conditions for permitting communication between the application programs to be performed through the firewall. When the application program generates a communication request with another application program, determines whether the communication request satisfies the registered condition, and determines that the registered condition is satisfied. In this case, the communication between the application programs according to the communication request is executed.

[0014] The program of the present invention preliminarily registers a procedure for independently executing a plurality of application programs each protected by a firewall, and a condition for permitting communication between the application programs performed through the firewall. Steps to
When the application program generates a communication request with another application program, a procedure for determining whether the communication request satisfies the registered condition, and that the registered request satisfies the registered condition And a step of performing communication between the application programs in response to the communication request when the determination is made.

[0015]

Embodiments of the present invention will be described below with reference to the accompanying drawings. FIG. 1 is an overall configuration diagram of a communication system 201 according to the present embodiment. As shown in FIG.
The communication system 201 includes a server device 202, an IC card 203, a card reader / writer 204, a personal computer 205, an ASP (Application Service Provide).
r) Server device 206, SAM (Secure Application Module
e) Unit 209, personal computer 216_
1,216_2,216_3 and authentication unit 2
By using 17_1, 217_2, and 217_3, communication is performed via the Internet 210 to perform procedural processing such as payment processing using the IC card 203. The SAM unit 209 includes the external memory 207 and the SAM chip 20
8 The SAM chip 208 has a software configuration as shown in FIG. As shown in FIG.
The AM chip 208 has an HW (Har
dware) layer, OS layer, lower handler layer, upper handler layer, and AP layer. The lower handler layer includes a driver layer. Here, in the AP layer, businesses 215_1 and 215 such as credit card companies shown in FIG.
_2, 215_3, an application program AP_1, A that defines a procedure using the IC card 203.
There are P_2 and AP_3. In the AP layer, a firewall FW is provided between the application programs AP_1, AP_2, and AP_3, and between the application programs AP_1, AP_2, and AP_3, and the upper handler layer.

The SAM chip 208 is a SCSI or E
It is connected to the ASP server device 206 via the Internet or the like. The ASP server device 206 is connected to the end user's personal computer 205 and the business operators 215_1, 215_2, and 215_ via the Internet 210.
3 personal computers 216_1, 216_2,
216_3 is connected to a plurality of terminal devices. The personal computer 205 is, for example, a serial or U
Dumb type card reader / writer 204 via SB
It is connected to the. If the card reader / writer 204
For example, wireless communication corresponding to a physical level with the C card 203 is realized. The operation command to the IC card 203 and the response packet from the IC card 203 are:
Generated and decrypted on the SAM unit 209 side. Therefore, the card reader / writer 204 interposed in the middle,
The personal computer 205 and the ASP server device 206 only play a role of storing and relaying commands and response contents in a data payload portion, and are involved in actual operations such as encryption and decryption of data in the IC card 203 and authentication. do not do.

Businesses 215_1, 215_2, 215_
3 is a personal computer 216_1, 216_
Application program A using 2,216_3
P_1, AP_2, and AP_3 are created, and the created application programs are sent to the SAMs via the authentication units 217_1, 217_2, and 217_3, respectively.
The data is downloaded to a pre-allocated storage area in the external memory 207 via the chip 208. At this time, since the operators 215_1, 215_2, and 215_3 are not related to each other, the application programs AP_
Storage areas in the external memory 207 from which the AP1, AP_2 and AP_3 can be downloaded are determined in advance, and it is determined whether or not the user has authority to download the storage areas.
It is verified by the M chip 208. Further, between the application programs AP_1, AP_2, and AP_3, transmission and reference of data is restricted by the firewall FW. Authentication unit 217_
The application programs AP_1, AP_2, and AP_3 are described below.
When downloading to the SAM chip 208, the SAM
Mutual authentication is performed with the chip 208 to create signature verification key information for download.

Hereinafter, the components shown in FIG. 1 will be described. [IC Card 203] FIG. 3 is a functional block diagram of the IC card 203. As shown in FIG.
3 is an IC (I) including a storage unit 250 and a processing unit 251.
integrated circuit) 203a. Storage unit 250
Has a storage area 255_1 used by the business 215_1 such as a credit card company, a storage area 255_2 used by the business 215_2, and a storage area 255_3 used by the business 215_3, as shown in FIG.
Further, the storage unit 250 stores key information used to determine whether or not the storage area 255_1 has authority, and the storage area 25_1.
The key information used to determine the access right to 5_2 and the key information used to determine the access right to the storage area 255_3 are stored. The key information is specifically used for mutual authentication, data encryption and decryption, and the like. In addition, the storage unit 250 includes an IC
The identification information of the user of the card 203 or the IC card 203 is stored.

Hereinafter, the SAM unit 209 will be described in detail. [External Memory 207] FIG. 5 is a diagram for explaining a storage area of the external memory 207. As shown in FIG. 5, in the storage area of the external memory 207, an AP storage area 220_1 in which the application program AP_1 of the provider 215_1 is stored, and an AP storage area 220 in which the application program AP_2 of the provider 215_2 is stored.
_2, an AP storage area 220_3 in which the application program AP_3 of the provider 215_3 is stored, and an AP management storage area 221 used by the administrator of the SAM chip 208.

The application program AP_1 stored in the AP storage area 220_1 is composed of a plurality of program modules. Access to the AP storage area 220_1 is performed by the firewall FW_1
Limited by The application program AP_2 stored in the AP storage area 220_2 is
It is composed of a plurality of program modules.
Access to the AP storage area 220_2 is restricted by the firewall FW_2. AP storage area 2
The application program AP_3 stored in 20_3 is composed of a plurality of program modules. Access to the AP storage area 220_3
Limited by firewall FW_3. In the present embodiment, the program module is, for example,
This is the minimum unit downloaded from the outside of the SAM unit 209 to the external memory 207. The number of program modules constituting each application program can be arbitrarily determined by the corresponding business operator.

The application programs AP_1, AP_2, AP_3 stored in the external memory 207
Have been scrambled, and are descrambled when read into the SAM chip 208. Also, application programs AP_1, AP_2, AP_3
Are created by the operators 215_1, 215_2, and 215_3 using the personal computers 216_1, 216_2, and 216_3 shown in FIG. 1, respectively, and downloaded to the external memory 207 via the SAM chip 208.

Access to the AP management storage area 221 is restricted by the firewall FW_4. Note that the firewalls FW_1, FW_2, and FW
_3 and FW_4 correspond to the firewall FW shown in FIG. As shown in FIG. 5, AP selection data 231 and inter-AP communication data 232 are stored in the AP management storage area 221. Here, the AP selection data 231 and the inter-AP communication data 232 are registered in advance when the SAM chip 208 is set up, for example. The rewriting of the AP selection data 231 and the inter-AP communication data 232 is performed by the SAM chip 208.
Only administrators can do this.

FIG. 6 is a diagram for explaining the AP selection data 231. As shown in FIG. 6, the AP selection data 231 indicates IC card type information and AP identification information in association with each other. The IC card type information indicates the type of the IC card 203 shown in FIG. 1, and is, for example, identification information of a credit card company that performs transaction settlement using the IC card 203. The AP identification information is identification information of an application program that operates in the AP layer on the SAM chip 208, as shown in FIG.

FIG. 7 is a diagram for explaining the inter-AP communication data 232. The inter-AP communication data 232 includes the application programs AP_1 and AP_
2 indicates whether or not communication between AP_3 is possible. Specifically, it indicates whether a communication request to the application program in the row item issued by the application program in the column item shown in FIG. 7 is permitted. For example, a communication request to the application program AP_1 by the application program AP_3 is permitted, but a communication request to the application program AP_2 is rejected.

As shown in FIG. 5, the AP management storage area 221 is an inter-AP communication storage area 2 used for communication (data transfer) between application programs.
33.

[SAM Chip 208] FIG. 8 is a functional block diagram of the SAM chip 208 shown in FIG. As shown in FIG. 8, the SAM chip 208 includes an ASPS communication interface 260, an external memory communication interface 261, a bus scrambler 262, and a signature processor 26.
3. Authentication processing unit 264, encryption / decryption unit 265, storage unit 2
66 and a CPU 267. The SAM chip 208
It is a tamper-resistant module.

The ASPS communication interface unit 260
This is an interface used for data input / output with the ASP server device 206 shown in FIG. The external memory communication interface unit 261 is an interface used for inputting and outputting data to and from the external memory 207. The bus scramble unit 262 scrambles data to be output and descrambles the input data when inputting and outputting data via the external memory communication interface unit 261. That is, data is stored in the external memory 207 in a scrambled state.

The signature processing unit 263 performs signature creation and signature verification when downloading an application program to the external memory 207 via the Internet 210 and executing the application program, as described later. The authentication processing unit 264 performs mutual authentication with the other party when downloading an application program to the external memory 207 via the Internet 210 as described later. Encryption / decryption unit 265
Performs encryption of data and decryption of the encrypted data. The storage unit 266 stores data necessary for the processing of the CPU 267. The CPU 267 executes a task as described later, and executes the designated application program according to the execution of the task.

FIG. 9 is a diagram for explaining a task executed by the CPU 267. As shown in FIG.
67 is a download task 270, a system task 2
71, AP task 272, settlement procedure task 27
3. The task 274 for communication between APs and the task 275 for communication between SAMs are executed.

The download task 270 performs a process of downloading an application program from outside the SAM unit 209 to the external memory 207 via the SAM chip 208, as described later. The system task 271 is a task that performs processes such as driver management and operations unique to the IC card 203.

The AP task 272 is, for example, an application program AP_1, AP_2, AP_2 executed when the SAM chip 208 receives a processing request from outside the SAM chip 208 such as the ASP server device 206.
3 is managed in a comprehensive manner.

As shown in FIG. 10, the payment processing procedure task 273 is executed when the SAM chip 208
6, when a processing request for the IC card 203 is received, based on the AP selection data 231 shown in FIG. 6, A corresponding to the IC card type information included in the processing request
P identification information is obtained, and application programs AP_1, AP_2, AP_3 corresponding to the AP identification information are obtained.
Select and execute.

The inter-AP communication task 274 manages communication between application programs. FIG.
It is a flowchart for demonstrating the process of the task 274 for intercommunications. Here, a case where a communication request for writing data to AP_2 is issued from the application program AP_1 will be described as an example. Step ST201: When the running application program AP_1 issues a communication request indicating data writing to AP_2, the process of step ST202 is performed.

Step ST202: Step ST201
Is transmitted to the inter-AP communication task 274.

Step ST203: The inter-AP communication task 274 refers to the inter-AP communication data 232 shown in FIG.
It is determined whether communication can be performed with respect to.

Step ST204: If the inter-AP communication task 274 determines in step ST203 that communication can be performed, it executes the processing of step ST205, and otherwise ends the processing. In this example,
From FIG. 7, the application program AP_1 is AP
_2, so that the process of step ST205 is performed.

Step ST205: The application program A is controlled by the control of the inter-AP communication task 274.
P_1 writes data in the inter-AP communication storage area 233 shown in FIG.

Step ST206: The inter-AP communication task 274 notifies the application program AP_2 that data has been written.

Step ST207: The application program AP_2 reads data from the inter-AP communication storage area 233 in response to the notification received in step ST206. This completes the communication between the application programs AP_1 and AP_2 that have relayed through the firewall.

As shown in FIG. 12, the inter-SAM communication task 275 is, for example,
8 starts the inter-SAM communication task 275 of the SAM chip 208x other than the SAM chip 208x.
A remote command can be issued to the inter-communication task 275. Such a remote command is, for example,
When the processing load on the SAM chip 208 increases and the processing cannot be performed properly, the inter-SAM communication task 275 of the SAM chip 208 issues a remote command to the inter-SAM communication task 275 of the SAM chip 208x, and the SA
The SAM chip 208x is requested to execute at least a part of the processing assigned to the M chip 208.

Hereinafter, the overall operation of the communication system 201 shown in FIG. 1 will be described. FIG. 13 is a diagram for explaining the overall operation of the communication system 201 shown in FIG. Step ST231: Application programs AP_1 and A for the businesses 215_1 to 215_3 or those who have received the requests of these businesses to perform the processing for the transactions performed by the businesses using the IC card 203.
P_2 and AP_3 are created on the personal computers 216_1, 216_2 and 216_3 shown in FIG.

Step ST232: The application programs AP_1, AP_2, AP_3 are transmitted to the personal computers 216_1, 216_2, 216 via the authentication units 217_1, 217_2, 217_3.
_3 to the SAM chip 208.

Step ST233: The IC card 203 is issued to the user. As shown in FIG.
The IC 203a of 03 stores key information used for dealings with a business operator with whom the user has made a contract. Note that the contract between the user and the operator is based on the IC card 203.
May be performed via the Internet 210 or the like.

Step ST234: For example, the user uses the personal computer 205 to connect to the Internet 2.
When the user accesses the server device 202 via the server 10 and tries to purchase a product, the server device 202 issues a processing request to the ASP server device 206 via the Internet 210. The ASP server device 206 is a server device 2
When a processing request is received from the personal computer 205, the personal computer 205 is accessed via the Internet 210. Then, the IC issued by the card reader / writer 204
A processing request for the card 203 is transmitted to the SAM chip 208 via the personal computer 205, the Internet 210, and the ASP server device 206.

Step ST235: SAM chip 208
However, according to the processing request received in step ST234,
An application program is selected by the payment processing procedure task 273, and the selected application program is executed. In the execution of the application program, when communication between the application programs is performed, the communication is performed by the inter-AP communication task 274 as illustrated in FIG. 11 described above.

Step ST236: SAM chip 208
Outputs the execution result of the application program to the ASP server device 206.

As described above, the communication system 201
According to FIG. 2, as shown in FIGS. 2 and 5, the application programs AP_1, AP_2, and AP_3 are restricted from being accessed by a firewall, thereby preventing the application programs from being illegally monitored and falsified. it can. Further, the confidentiality of each application program can be improved.

According to the communication system 201, FIG.
The inter-AP communication task 274 shown in FIG. 11 uses the AP management storage area 221 of the external memory 207 shown in FIG.
By performing the processing shown in (1), communication between application programs is permitted within a previously permitted range. Therefore, various services can be provided by synchronizing and coordinating a plurality of application programs. As such various services, for example, there is an automatic selection of an application program by a settlement processing procedure task 273 shown in FIG. In other words, if the type of the IC card 203 is known, the corresponding application program can be automatically determined for the settlement processing in which the processing protocol differs depending on the issuer of the IC card 203 even though the processing contents are the same level. Therefore, the payment processing procedure task 273
By registering payment processing at the level of IC card 2
03 and the corresponding application program can be automatically determined. Thereby, the burden on the developer of the application program can be reduced.

According to the communication system 201, the information stored in the external memory 207 is scrambled by the bus scramble unit 262 of the SAM chip 208 shown in FIG. There is.

According to the communication system 201, FIG.
By providing the inter-SAM communication task 275 shown in FIG.
The processing load of the AM chip 208 can be distributed to other SAM chips. Therefore, when the SAM chip 208 is mounted on a server device of a store or the like that needs to simultaneously handle processing requests for settlement processing from a plurality of terminal devices, a plurality of SAMs are used by using the function of the inter-SAM communication task 275. The chip 208 can be used to increase payment processing capability.

FIG. 14 shows the SAM chip 208 shown in FIG.
FIG. 3 is a functional block diagram in which the functional blocks of FIG. As shown in FIG. 14, the SAM chip 208 is connected to the ASPS communication interface unit 26 via the internal bus 90.
0, external memory communication interface unit 261, bus scramble unit 262, encryption / decryption unit 265, storage unit 266
And a CPU 267 are connected. The signature processing unit 263 and the authentication processing unit 264 shown in FIG.
U267 realizes some of its functions.

In the SAM chip 208 shown in FIG. 14, for example, as shown in FIG. 15, the card I / F unit 91 connected to the internal bus 90 is connected to an RF signal outside the SAM chip 208.
The antenna 9 of the RF transceiver 92 is connected to the transceiver 92.
Data may be transmitted and received between the IC card 203 and the IC card 203 in a non-contact manner via 2a.

[0053]

As described above, according to the present invention,
When operating a plurality of application programs on the same semiconductor circuit, while preventing each application program from being tampered with and monitored by another application program user or the like,
It is possible to provide a data processing method, a semiconductor circuit, and a program that allow data transfer between application programs as necessary.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of a communication system according to an embodiment of the present invention.

FIG. 2 is a diagram for explaining a software configuration of the SAM chip shown in FIG. 1;

FIG. 3 is a functional block diagram of an IC of the IC card shown in FIG. 1;

FIG. 4 is a diagram for explaining information stored in a storage unit illustrated in FIG. 3;

FIG. 5 is a diagram for explaining an external memory of the SAM unit shown in FIG. 1;

FIG. 6 is a diagram for explaining the AP selection data shown in FIG. 5;

FIG. 7 is a diagram for explaining the inter-AP communication data shown in FIG. 5;

FIG. 8 is a functional block diagram of the SAM chip shown in FIG. 1;

FIG. 9 is a diagram for explaining a task executed by the CPU shown in FIG. 8;

FIG. 10 is a diagram for explaining functions of a settlement processing procedure task shown in FIG. 9;

FIG. 11 is a flowchart for explaining processing of an inter-AP communication task shown in FIG. 9;

FIG. 12 is a diagram for explaining the inter-SAM communication task shown in FIG. 9; is there.

FIG. 13 is a diagram for explaining an overall operation of the communication system shown in FIG. 1;

FIG. 14 is a more specific functional block diagram of the functional blocks of the SAM chip shown in FIG. 8;

FIG. 15 is a diagram for explaining another usage form of the SAM chip.

[Explanation of symbols]

201: communication system, 202: server device, 203:
IC card, 204 ... Card reader / writer, 205 ...
Personal computer, 206 ... ASP server device,
207: external memory, 208: SAM chip, 209 ...
SAM unit, 210 ... Internet, 215_
1,215_2, 215_3 ... Credit card company, 216_1, 216_2, 216_3 ... Personal computer, 217_1, 217_2, 217_3 ...
Authentication unit

────────────────────────────────────────────────── ─── of the front page continued (51) Int.Cl. ⁷ identification mark FI theme Court Bu (reference) G06K 19/00 R F-term (reference) 5B035 AA13 BB09 BC00 CA38 5B076 FA00 FB00 5B089 GB02 GB03 JA33 KA17 KB09 KB13 KC47 KC58 5B098 AA10 GC16

Claims (17)

[Claims] 1. A data processing method performed by a semiconductor circuit executing an application program, wherein the plurality of application programs each protected by a firewall are independently executed, and a plurality of application programs are executed through the firewall. Registering conditions for permitting communication in advance, and when the application program generates a communication request with another application program, determine whether the communication request satisfies the registered condition, and If we determine that the conditions are met,
A data processing method for executing communication between the application programs in response to the communication request. 2. The communication apparatus according to claim 1, wherein information indicating a combination of the application program which is the source of the communication request and the other application program which is permitted to communicate through the firewall is registered as a condition for permitting the communication. The data processing method described in 1. 3. When the semiconductor circuit receives a processing request from outside the semiconductor circuit, an application program corresponding to the processing request is selected from the plurality of application programs, and based on the selected application program,
2. The data processing method according to claim 1, wherein the processing is performed according to the processing request. 4. The data processing method according to claim 1, wherein transmission and reception of data accompanying communication between said application programs is performed using a predetermined storage area of a semiconductor memory device external to said semiconductor circuit. 5. An application program on the data transfer side writes data to the predetermined storage area, notifies the application program on the data reception side that the writing has been performed, and in response to the notification, receives the data on the data reception side. The data processing method according to claim 4, wherein the application program on the side reads the data from the predetermined storage area. 6. When a request for access to said predetermined storage area is issued, the validity of said access is determined by a firewall, and said predetermined storage is performed only for an access request determined to be valid. 5. The data processing method according to claim 4, wherein access to the area is permitted. 7. The data processing method according to claim 4, wherein data transmitted and received along with communication between said application programs is scrambled and then stored in said predetermined storage area. 8. The data processing method according to claim 1, wherein the semiconductor circuit requests another semiconductor circuit to perform at least a part of a process accompanying execution of the application program. 9. A program for independently executing a plurality of application programs each protected by a firewall, pre-registering conditions for permitting communication between the application programs through the firewall, and When a communication request with the application program is generated, it is determined whether the communication request satisfies the registered condition.If it is determined that the registered condition is satisfied,
A semiconductor circuit that executes communication between the application programs in response to the communication request; 10. The information indicating a combination of the application program that has generated the communication request and the other application program that is permitted to communicate through the firewall is registered as a condition for permitting the communication. 3. The semiconductor circuit according to claim 1. 11. When a processing request is received from the outside, an application program corresponding to the processing request is selected from the plurality of application programs, and based on the selected application program,
The semiconductor circuit according to claim 9, wherein the semiconductor circuit performs processing according to the processing request. 12. The semiconductor circuit according to claim 9, wherein transmission and reception of data accompanying communication between said application programs is performed using a predetermined storage area of a semiconductor memory device external to said semiconductor circuit. 13. An application program on the data transfer side writes data to the predetermined storage area, and notifies the application program on the data reception side that the writing has been performed. 13. The semiconductor circuit according to claim 12, wherein a receiving-side application program reads the data from the predetermined storage area. 14. When an access request to the predetermined storage area is issued, the validity of the access is determined by a firewall, and only the access request determined to be valid is stored in the predetermined storage area. 13. The semiconductor circuit according to claim 12, wherein access to the area is permitted. 15. The semiconductor circuit according to claim 12, wherein data transmitted / received along with the communication between the application programs is scrambled and then stored in the predetermined storage area. 16. The semiconductor circuit according to claim 9, wherein at least a part of a process accompanying the execution of the application program is requested to another semiconductor circuit. 17. A procedure for independently executing a plurality of application programs each protected by a firewall, a procedure for registering in advance a condition for permitting communication between the application programs through the firewall, When the program generates a communication request with another application program, a procedure for determining whether the communication request satisfies the registered condition, and when determining that the registered condition is satisfied, ,
Executing a communication between the application programs in response to the communication request.