JP2024139134A - Electronic information storage medium, IC chip, method for writing issuance data, and program - Google Patents

Abstract

To provide an electronic information storage medium capable of coping with multiple versions of an application, and capable of reducing memory capacity required for an installation of the application, and also to provide an IC chip, a writing method of issuance data, and a program.SOLUTION: Upon receiving an installation command including issuance data and an identifier of the issuance data from an external device 2, an IC chip 1 identifies a version corresponding to the issuance data included in the installation command according to the identifier included in the installation command and an issuance data identifier list, and executes writing processing of the installation command issuance data according to the identified version and a corresponding version flag.SELECTED DRAWING: Figure 6

Description

The present invention relates to the technical field of IC cards equipped with applications.

In recent years, IC cards that can be equipped with multiple applications have become known. For example, Patent Document 1 describes a system that enables applications to be added to an IC card by centrally managing various applications that can be equipped on the IC card and their issuance information on a server such as the issuer of the IC card.

JP 2008-033684 A

For example, in a payment system that processes IC cards for payment, each system may comply with a different specification version, and the IC card for payment must operate according to the specifications corresponding to that system. When creating an IC card that supports multiple versions, one method is to create an individual application for each version and load it onto the IC card, but if the differences between the versions are slight, there is often duplication of processing. If applications corresponding to each version are loaded onto the IC card, there is a problem in that the memory inside the IC card is strained by the duplicated processing alone.

The present invention has been made in consideration of these points and aims to provide an electronic information storage medium, an IC chip, a method for writing issuance data, and a program that enable an application to be compatible with multiple versions and reduce the memory capacity required to install the application.

In order to solve the above problem, the invention described in claim 1 is an electronic information storage medium on which an application compatible with multiple versions is installed, characterized in that it comprises: a storage means for storing association information that associates the version with an identifier of issuance data required to execute the application for each version, and setting information for enabling the version compatible with the application; a receiving means for receiving a command including the issuance data and the identifier of the issuance data from an external device; a specifying means for specifying the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command; and a processing means for executing a write process of the issuance data included in the command based on the version specified by the specifying means and the setting information.

The invention described in claim 2 is characterized in that, in the electronic information storage medium described in claim 1, the processing means executes the writing process of the issued data when the version identified by the identification means matches the version enabled in the setting information.

The invention described in claim 3 is characterized in that in the electronic information storage medium described in claim 1, the processing means executes error processing when the version identified by the identification means does not match the version enabled in the setting information.

The invention described in claim 4 is characterized in that, in the electronic information storage medium described in claim 1, the processing means, if there is no version enabled in the setting information, enables the version identified by the identification means in the setting information and executes the writing process of the issued data.

The invention described in claim 5 is characterized in that, in the electronic information storage medium described in any one of claims 1 to 3, the receiving means receives an installation command including a parameter indicating the version from the external device before receiving the command, and the processing means enables the version indicated by the parameter in the setting information.

The invention described in claim 6 is characterized in that in the electronic information storage medium described in claim 5, the processing means executes error processing if the format of the parameters is invalid.

The invention described in claim 7 is an IC chip equipped with an application compatible with multiple versions, characterized in that it comprises: a storage means for storing association information for associating the version with an identifier of issuance data required for executing the application for each version, and setting information for enabling the version compatible with the application; a receiving means for receiving a command including the issuance data and the identifier of the issuance data from an external device; a specifying means for specifying the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command; and a processing means for executing a write process of the issuance data included in the command based on the version specified by the specifying means and the setting information.

The invention described in claim 8 is a method for writing issued data executed by an electronic information storage medium on which an application compatible with multiple versions is installed, and is characterized by including the steps of: storing, in the electronic information storage medium, association information that associates the version with an identifier of issued data required to execute the application for each version, and setting information for enabling the version compatible with the application; receiving a command including the issued data and an identifier of the issued data from an external device; identifying the version corresponding to the issued data included in the command based on the identifier and the association information included in the command; and executing a write process for the issued data included in the command based on the identified version and the setting information.

The invention described in claim 9 is characterized in that a computer included in an electronic information storage medium on which an application compatible with multiple versions is installed is made to function as a storage means for storing association information for associating the version with an identifier of issuance data required to execute the application for each version, and configuration information for enabling the version compatible with the application, a receiving means for receiving a command including the issuance data and the identifier of the issuance data from an external device, a specifying means for specifying the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command, and a processing means for executing a write process of the issuance data included in the command based on the version specified by the specifying means and the configuration information.

The present invention allows an application to be compatible with multiple versions, reducing the memory capacity required to install the application.

FIG. 2 is a diagram illustrating an example of a hardware configuration of an IC chip 1. FIG. 2 is a diagram illustrating an example of a software configuration of the IC chip 1. FIG. 13 is a diagram illustrating an example of an issued data identifier list. FIG. 13 illustrates an example of a compatible version flag. 10 is a flowchart showing an example of an installation process executed by a CPU 15. 11 is a flowchart showing an example of an issuing process executed by a CPU 15. 4 is a flowchart showing an example of an operation process executed by a CPU 15.

The following describes in detail an embodiment of the present invention with reference to the drawings. Note that the embodiment described below is an embodiment in which the present invention is applied to an IC chip equipped with an application that is compatible with multiple versions.

[1. Configuration and Function of IC Chip 1]
First, the configuration and functions of an IC chip 1 according to this embodiment will be described with reference to Fig. 1. The IC chip 1 is an example of an electronic information storage medium of the present invention. The IC chip 1 is mounted on, for example, an IC card such as a credit card, a cash card, or a My Number card, or a mobile device such as a smartphone. In the case of a mobile device such as a smartphone, the IC chip 1 may be mounted on a small IC card that is detachable from the mobile device, or may be mounted on an embedded board as an eUICC (Embedded Universal Integrated Circuit Card) so that it cannot be easily removed or replaced from the mobile device.

1 is a diagram showing an example of the hardware configuration of an IC chip 1. As shown in FIG. 1, the IC chip 1 includes an I/O circuit 11, a RAM (Random Access Memory) 12, a NVM (Nonvolatile Memory) 13, a ROM (Read Only Memory) 14, a CPU (Central Processing Unit) 15 (an example of a computer), and a coprocessor 16 that performs cryptographic operations. The I/O circuit 11 serves as an interface with an external device 2. Note that communication between the IC chip 1 and the external device 2 may be non-contact communication or contact communication. In the case of non-contact communication, the IC chip 1 and the external device 2 communicate with each other via an antenna (not shown) mounted on an IC card or a mobile device. Note that examples of the external device 2 include an IC chip issuing device (issuing terminal) in a factory and a transaction device (transaction terminal) in a store.

NVM13 (an example of a storage means) is a non-volatile memory such as a flash memory or an electrically erasable programmable read-only memory. NVM13 or ROM14 stores an operating system (hereinafter referred to as "OS"), a platform, programs such as applications that can be used in multiple versions (including the program of the present invention), and data. These programs function as software (software modules) mounted on IC chip 1 by being executed by CPU15, and function as receiving means, identifying means, processing means, and the like in the present invention. FIG. 2 is a diagram showing an example of the software configuration of IC chip 1. The platform manages applications, is configured based on, for example, Global Platform (registered trademark), and runs on the OS. The platform includes, for example, an ISD (Issuer Security Domain) and an API (Application Program Interface).

ISD is a management application that executes an installation process. Here, the installation process refers to a process of instantiating (activating) a load file (application program) recorded in NVM 13 in a state in which it can be executed as an application compatible with multiple versions in response to an installation command from the external device 2. Execution of such an application can be said to be a process of executing the instantiated program code. The application can execute various processes using an API. An example of an application is a trading application.

In addition, in response to an issued command (e.g., a STORE DATA command) from the external device 2, the application executes an issuing process (including a writing process) that stores various issued data, etc., required for executing the application in the NVM 13. Through this issuing process, a DF (Dedicated File) corresponding to the application and an EF (Elementary File) that stores the issued data and data for internal control are constructed (secured) in the NVM 13. Issued data is a data element regarded as a single data unit. Examples of issued data include setting data that determines the operation of the application, and key data required for encryption and decryption operations on data.

The issued data is basically the same across multiple different versions, but may differ from version to version. For example, an application compatible with version V1.0 uses the Rivest-Shamir-Adleman (RSA) encryption calculation method, so key data for RSA is stored as the issued data. On the other hand, an application compatible with version V1.1 uses the Elliptic Curve Cryptography (ECC) encryption calculation method, so key data for ECC is stored as the issued data. If the application according to this embodiment is compatible with version V1.0, key data compatible with version V1.0 will be stored.

In addition, an issued data identifier list (an example of correspondence information) is stored in advance in the NVM 13. The issued data identifier list is a version identification list that associates a version (version number) with an identifier of issued data for each version. FIG. 3 is a diagram showing an example of an issued data identifier list. In the example of FIG. 3, "A001(h)", "A002(h)", and "B001(h)" are shown as identifiers of issued data corresponding to version V1.0, and "A003(h)", "B002(h)", and "3F01(h)" are shown as identifiers of issued data corresponding to version V1.1. These identifiers are represented by, for example, DGI or TLV (Tag Length Value) tags. Note that the example of FIG. 3 shows an example in which one application has two versions, but one application may have three or more versions. In this case, an identifier of issued data is associated with each of the three or more versions in the issued data identifier list.

Furthermore, the NVM 13 stores a compatible version flag (an example of setting information) for enabling a version that the application can support. FIG. 4 is a diagram showing an example of a compatible version flag. In the example of FIG. 4(A), the compatible version flag is made up of 8 bits, and "10000000" indicates that version V1.0 is enabled (set). On the other hand, in the example of FIG. 4(B), the compatible version flag is made up of 8 bits, and "01000000" indicates that version V1.1 is enabled. In other words, the version is specified by the position of the bit that is set to "1" among the 8 bits (for example, b8 or b7 in the example of FIG. 4). Note that if the compatible version flag is only "00000000", it indicates that both versions are not set. In other words, in the example of FIG. 4, the compatible version flag is set to any one of "00000000", "10000000", and "01000000".

When the ISD receives an installation command including a parameter indicating a version from the external device 2 via the OS, it activates the version indicated in the parameter in the corresponding version flag during the installation process described above. If the format of the parameter is invalid, error processing is performed. Then, when the application receives an issuance command including issuance data and an identifier of the issuance data from the external device 2 via the OS after the installation process, it identifies the version corresponding to the issuance data included in the issuance command based on the identifier included in the issuance command and the issuance data identifier list, and performs a process of writing the issuance data included in the issuance command (i.e., storing the issuance data in the EF of NVM 13) based on the identified version and the corresponding version flag.

Here, if the identified version matches the version enabled in the corresponding version flag, the application executes the write process for the issued data. On the other hand, if the identified version does not match the version enabled in the corresponding version flag, the application executes error processing. On the other hand, if there is no version enabled in the corresponding version flag (for example, if the corresponding version flag is "00000000"), the application enables the identified version in the corresponding version flag and executes the write process for the issued data.

The above-mentioned install command and issue command are, for example, command APDUs (Application Protocol Data Units) defined in ISO/IEC 7816-4. The command APDU includes a header section and a body section. The header section is made up of CLA (instruction class), INS (instruction code), P1, and P2. The body section is made up of, for example, Lc, Data, and Le. Lc indicates the length of Data (data length), and Le indicates the maximum length expected for DATA in the response APDU. Data includes the issuance data, etc.

2. Operation of IC chip 1
Next, the operation of the IC chip 1 will be described.

(2.1 Processing upon receiving an install command)
First, referring to Fig. 5, the installation process executed when the IC chip 1 receives an installation command will be described. Fig. 5 is a flow chart showing an example of the installation process executed by the CPU 15. For example, in a factory where the IC chip 1 is issued, when the IC chip 1 receives an installation command from an IC chip issuing device, which is an external device 2, the process shown in Fig. 5 is started. Note that it is assumed that an ISD is selected in the IC chip 1 by a SELECT command from the IC chip issuing device before the installation command is received. Also, in the installation process shown in Fig. 5, as described above, a process of instantiating a load file to a state in which it can be executed as an application is performed, but a description of these processes will be omitted.

When the process shown in FIG. 5 starts, the CPU 15 (ISD) acquires Data from the body of the install command (step S1). Next, the CPU 15 determines whether or not a parameter of a predetermined length (e.g., 8 bits) is present in the Data acquired in step S1 (step S2). If it is determined that the parameter is not present (step S2: NO), the process proceeds to step S3. On the other hand, if it is determined that the parameter is present (step S2: YES), the process proceeds to step S4.

In step S3, the CPU 15 saves a bit string indicating that the parameter is not set (e.g., "00000000") in the corresponding version flag, and proceeds to step S7. Meanwhile, in step S4, the CPU 15 determines whether the parameter format is invalid. For example, if multiple bits (e.g., b8 and b7) of the 8 bits are set to "1", or if a bit (e.g., b1) of the 8 bits that does not indicate a version is set to "1", the parameter format is determined to be invalid.

If it is determined that the parameter format is invalid (step S4: YES), error processing is executed (step S5). In such error processing, for example, a response indicating an error is returned to the external device 2. On the other hand, if it is determined that the parameter format is not invalid (i.e., the parameter properly indicates the version) (step S4: NO), the parameter indicating the version (e.g., "10000000") is saved in the corresponding version flag (step S6), thereby enabling the version, and processing proceeds to step S7. In step S7, the CPU 15 returns a response indicating normal completion of the installation process to the external device 2, and ends processing.

(2.2 Processing upon receiving an issue command)
Next, referring to Fig. 6, an issuance process executed when the IC chip 1 receives an issuance command will be described. Fig. 6 is a flow chart showing an example of the issuance process executed by the CPU 15. For example, in a factory where the IC chip 1 is issued, when the IC chip 1 receives an issuance command from an IC chip issuing device, which is an external device 2, after an installation process, the process shown in Fig. 6 is started. Note that the issuance process shown in Fig. 6 is repeatedly executed until writing of all issuance data required for executing the application is completed. Also, it is assumed that a specific application is selected in the IC chip 1 by a SELECT command from the IC chip issuing device before the issuance command is received.

When the process shown in FIG. 6 is started, the CPU 15 (a specified application) acquires the issued data and the identifier of the issued data (e.g., represented by a DGI or a tag) from the body of the issued command (step S11). Next, the CPU 15 determines whether the identifier acquired in step S11 matches an identifier in the issued data identifier list (step S12). If it is determined that the identifiers do not match (e.g., the issued data is common between versions) (step S12: NO), a write process of the issued data is executed (step S13), and the process proceeds to step S20. On the other hand, if it is determined that the identifiers match (step S12: YES), the process proceeds to step S14.

In step S14, the CPU 15 identifies the version corresponding to the issuance data included in the issuance command based on the identifier included in the issuance command and the issuance data identifier list. For example, if the identifier included in the issuance command is "A001(h)", version V1.0 is identified from the issuance data identifier list shown in FIG. 3. On the other hand, if the identifier included in the issuance command is "A003(h)", version V1.1 is identified from the issuance data identifier list shown in FIG. 3.

Next, the CPU 15 determines whether the supported version flag indicates that it is not set (step S15). If there is no version enabled in the supported version flag, it is determined that the supported version flag indicates that it is not set (step S15: YES), and the process proceeds to step S16. In step S16, the CPU 15 enables the version identified in step S14 in the supported version flag (for example, sets "00000000" to "10000000"), and the process proceeds to step S19.

On the other hand, if it is determined that the corresponding version flag does not indicate unset (step S15: NO), the process proceeds to step S17. In step S17, the CPU 15 determines whether the version identified in step S14 (i.e., the version corresponding to the received issuance data) matches the version enabled in the corresponding version flag. For example, if version V1.0 is identified and version V1.1 is enabled ("01000000") in the corresponding version flag, it is determined that the two versions do not match (step S17: NO), and error processing is performed as in step S5 above (step S18). This makes it possible to discover a setting error on the IC chip issuing device side. On the other hand, if version V1.0 is identified and version V1.0 is enabled ("10000000") in the corresponding version flag, it is determined that the two versions match (step S17: YES), and the process proceeds to step S19.

In step S19, the CPU 15 executes a write process of the issued data included in the issued command, and proceeds to step S20. Through the write process, the issued data included in the issued command is stored in the EF of the NVM 13. In step S20, the CPU 15 returns a response indicating the successful completion of the write process to the external device 2, and ends the process.

(2.3 Processing upon receiving an operational command)
Next, referring to Fig. 7, an operation process executed when the IC chip 1 receives an operation command will be described. Fig. 7 is a flow chart showing an example of the operation process executed by the CPU 15. For example, in a store after the shipment of the IC chip 1, when the IC chip 1 receives an operation command from a transaction device which is an external device 2, the process shown in Fig. 7 is started. The operation command is various commands transmitted from the transaction device to the IC chip 1 when a transaction such as a settlement is performed using the IC chip 1. Examples of the operation command include a GPO (Get Processing Options) command, a VERIFY command, and a GENERATE AC command. It is assumed that before the operation command is received, a transaction application corresponding to versions V1.0 and V1.1 is selected in the IC chip 1 by a SELECT command from the transaction device.

When the process shown in FIG. 6 is started, the CPU 15 (transaction application) checks the corresponding version flag and determines the version (step S31). For example, if version V1.0 is enabled in the corresponding version flag, it is determined that the version is V1.0. On the other hand, if version V1.1 is enabled in the corresponding version flag, it is determined that the version is V1.1. Next, if the CPU 15 determines that the version is V1.0 in step S31 (step S31: V1.0), it executes a process (command process) corresponding to the operation command corresponding to version V1.0 (step S32) and proceeds to step S34. On the other hand, if the CPU 15 determines that the version is V1.1 in step S31 (step S31: V1.1), it executes a process corresponding to the operation command corresponding to version V1.1 (step S33) and proceeds to step S34. In step S34, the CPU 15 returns a response indicating the normal end of the command process to the external device 2 and ends the process.

As described above, according to the above embodiment, when the IC chip 1 receives an install command including issuance data and an identifier for the issuance data from the external device 2, it identifies the version corresponding to the issuance data included in the install command based on the identifier included in the install command and the issuance data identifier list, and executes a write process for the install command issuance data based on the identified version and the corresponding version flag. This allows an application to be compatible with multiple versions, and reduces the memory capacity required to install the application. In addition, it is possible to issue an IC chip 1 that operates only with the target version.

1 IC chip 2 External device 11 I/O circuit 12 RAM
13 NVM
14 ROM
15 CPU
16 Coprocessor

Claims (9)

An electronic information storage medium having an application program compatible with multiple versions installed thereon,
a storage means for storing association information for associating the version with an identifier of issuance data required for executing the application for each version, and setting information for validating a version compatible with the application;
A receiving means for receiving the issuance data and a command including an identifier of the issuance data from an external device;
a specification unit that specifies the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command;
a processing unit that executes a write process of the issuance data included in the command based on the version identified by the identifying unit and the setting information;
An electronic information storage medium comprising: The electronic information storage medium according to claim 1, characterized in that the processing means executes the writing process of the issued data when the version identified by the identification means matches the version enabled in the setting information. The electronic information storage medium according to claim 1, characterized in that the processing means executes error processing when the version identified by the identification means does not match the version enabled in the setting information. The electronic information storage medium according to claim 1, characterized in that, if there is no version enabled in the setting information, the processing means enables the version identified by the identification means in the setting information and executes the writing process of the issued data. The receiving means receives an installation command including a parameter indicating the version from the external device before receiving the command,
4. The electronic information storage medium according to claim 1, wherein the processing means validates the version indicated by the parameter in the setting information. The electronic information storage medium according to claim 5, characterized in that the processing means executes error processing if the format of the parameters is invalid. An IC chip equipped with an application compatible with multiple versions,
a storage means for storing association information for associating the version with an identifier of issuance data required for executing the application for each version, and setting information for validating a version compatible with the application;
A receiving means for receiving the issuance data and a command including an identifier of the issuance data from an external device;
a specification unit that specifies the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command;
a processing unit that executes a write process of the issuance data included in the command based on the version identified by the identifying unit and the setting information;
An IC chip comprising: A method for writing issuance data executed by an electronic information storage medium having an application compatible with multiple versions installed therein, comprising:
storing, in the electronic information storage medium, association information for associating the version with an identifier of issuance data required for executing the application for each version, and setting information for validating a version compatible with the application;
receiving a command from an external device, the command including the issuance data and an identifier of the issuance data;
identifying the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command;
Executing a write process of the issuance data included in the command based on the specified version and the setting information;
A method for writing issuance data, comprising: A computer including an electronic information storage medium on which an application compatible with multiple versions is installed,
a storage means for storing association information for associating the version with an identifier of issuance data required for executing the application for each version, and setting information for validating a version compatible with the application;
A receiving means for receiving the issuance data and a command including an identifier of the issuance data from an external device;
a specification unit that specifies the version corresponding to the issuance data included in the command based on the identifier and the association information included in the command;
a program causing the program to function as a processing means for executing a write process of the issuance data included in the command based on the version specified by the specifying means and the setting information.

Images