JP2003076663A - Data processor, and data processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data processor which can improve the security of application programs operated on a server device when providing services using an integrated circuit such as ICs. SOLUTION: An external memory 7 stores a plurality of application programs respectively constituted by a plurality of sets of application element data APE and table data for AP control. A SAM chip 8 performs the processing related to services based on the application element data APE. In the processing, key data for performing communication with other SAM chips 8a and an IC card 3 is obtained by referring to the table data for AP control in the processing.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing device used for service provision using an integrated circuit such as an IC and a method thereof.

[0002]

2. Description of the Related Art Currently, a communication system has been developed which uses an IC card to carry out transactions via a network such as the Internet. In such a communication system,
In response to a request from a service provider who provides a service using an IC card, the server device executes an application program that executes a procedure process defined by the service provider. The server device performs processing such as user authentication and data encryption / decryption based on the application program in response to a processing request from an IC card reader / writer or a PC (Personal Computer).

[0003]

Since the application program operating on the above-mentioned server device handles high-security data such as key data, billing data and history data set by the service provider, it is illegally tampered with or monitored. There is a request to protect from

The present invention has been made in view of the above-described problems of the prior art, and when providing a service using an integrated circuit such as an IC, data processing capable of enhancing the security of an application program operating on a server device. An object is to provide an apparatus and a method thereof.

[0005]

In order to solve the above-mentioned problems of the prior art and achieve the above-mentioned object, the data processing device of the first invention communicates with an integrated circuit to provide a service. A plurality of application programs each configured by a plurality of data modules including processing procedure data describing a processing procedure for providing the data are stored in a predetermined storage area, and according to the data module and the data module, Corresponding first key data used to use another data module in the processing described above and second key data used to exchange data with the integrated circuit in the processing corresponding to the data module. A storage circuit that stores management data additionally shown, and relates to the service based on the data module Performs management, in the process, by referring to the management data, the data module using the first key data corresponding to utilize the other data module, the second corresponding to the data module
The integrated circuit and a semiconductor circuit for exchanging data by using the key data.

The operation of the first data processing device of the present invention is as follows. The semiconductor circuit performs processing related to the service based on the data module read from the storage circuit. In the processing, the semiconductor circuit refers to the management data and uses the other data module by using the first key data corresponding to the data module. In the processing, the semiconductor circuit exchanges data with the integrated circuit using the second key data corresponding to the data module.

In the data processor of the first invention, preferably, the memory circuit registers history data of processing performed using the data module, and a procedure for registering the data module in the memory area. At least the program data showing the procedure, the program data showing the procedure for deleting the registration of the data module from the storage area, and the program data showing the procedure for defining the storage area for storing the application program. One is stored as the data module.

Further, in the data processing apparatus of the first invention, preferably, the semiconductor circuit is configured such that, when a process corresponding to the other data module is executed in the semiconductor circuit,
Using the management data, the first key data corresponding to the predetermined data module and the first key data corresponding to the other data module are obtained, and the obtained two first data are obtained. On condition that the key data match,
The other data module is used from the predetermined data module being executed. In this case, in the data processing device of the first invention, preferably, the storage circuit stores, for each of the data modules, usage permission data indicating a form in which the usage of the data module is licensed. When the two first key data match, the other data module is licensed based on the license data corresponding to the other data module in a form licensed by the license data. To use.

Further, in the data processing apparatus of the first invention, preferably, in the case where the semiconductor circuit executes a process corresponding to the other data module in another semiconductor circuit,
The management data is used to obtain the first key data corresponding to the predetermined data module, and the first key data is used to perform mutual authentication with the other semiconductor circuit. On the condition that the user has been authenticated, the other data module is used from the predetermined data module being executed. In this case, the data processing device of the first invention is
Preferably, the semiconductor circuit is licensed by the license data based on license data indicating a licensed form regarding the use of the other data module when the mutual validity is authenticated. To use the other data module.

The data processing method of the second invention is a data processing method in which a semiconductor circuit which performs processing for communicating with an integrated circuit and providing a service exchanges data with a memory circuit. , The storage circuit is predetermined with a plurality of application programs each configured with a plurality of data modules including processing procedure data describing processing procedures for communicating with the integrated circuit and providing a service. Stored in a storage area, the first key data used to use another data module in a process corresponding to the data module, and the integrated circuit in a process corresponding to the data module. And management data indicating the second key data used for exchanging data with each other. In this case, the semiconductor circuit performs a process related to the service based on the data module, and in the process related to the service, the semiconductor circuit refers to the management data to perform the process corresponding to the data module. The other data module is used by using the key data of No. 1, and the semiconductor circuit exchanges data with the integrated circuit by using the second key data corresponding to the data module in the process related to the service. I do.

[0011]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the accompanying drawings. FIG. 1 is an overall configuration diagram of a communication system 1 of this embodiment. As shown in FIG. 1, the communication system 1 includes a server device 2, an IC card 3, a card reader / writer 4, a personal computer 5, and an ASP (A
pplication Service Provider) server device 19, SAM
(Secure Application Module) By using the unit 9, communication is performed via the Internet 10 and the IC card 3
Procedure processing such as payment processing using the (integrated circuit of the present invention) is performed. The SAM unit 9 (data processing device of the present invention) includes an external memory 7 (memory circuit of the present invention) and an SA.
It has an M chip 8 (semiconductor circuit of the present invention).

The SAM chip 8 is provided with another S chip as needed.
Data is exchanged with the AM chip 8a (another semiconductor circuit of the present invention). The SAM chip 8a is connected to, for example, another ASP server device 19a different from the SAM chip 8 as shown in FIG. 2, or is connected to the same ASP server device 19 as the SAM chip 8 as shown in FIG. It is connected. The structure of the SAM chip 8a is basically SA
It is the same as the M chip 8.

The components shown in FIG. 1 will be described below. [IC Card 3] FIG. 4 is a functional block diagram of the IC card 3. As shown in FIG. 4, the IC card 3 includes an IC (Integrated Circui) including a memory 50 and a CPU 51.
t) has 3a. As shown in FIG. 5, the memory 50 has a storage area 55_1 used by a service provider 15_1 such as a credit card company, a storage area 55_2 used by a service provider 15_2, and a service provider 15_.
3 has a storage area 55_3 used. Further, the memory 50 determines the key data used to determine the access authority to the storage area 55_1, the key data used to determine the access authority to the storage area 55_2, and the access authority to the storage area 55_3. It stores the key data used to do this. The key data is used for mutual authentication, data encryption and decryption, and the like. The memory 50 also stores identification data of the IC card 3 or the user of the IC card 3.

The SAM unit 9 will be described in detail below. As described above, the SAM unit 9 has the external memory 7 (memory circuit of the present invention) and the SAM chip 8 (semiconductor circuit of the present invention). [Software Configuration of SAM Chip 8] SAM Chip 8
Has a software configuration as shown in FIG.
As shown in FIG. 6, the SAM chip 8 has a HW (Hardware) layer, an OS layer, a lower handler layer,
It has an upper handler layer and an AP layer in order. The lower handler layer includes a driver layer. Here, in the AP layer, application programs AP_1, AP_2, AP_3 (application programs of the present invention) that define procedures using the IC card 3 by service providers 15_1, 15_2, 15_3 such as credit card companies shown in FIG. , Is being read from the external memory 7 and is operating. In the AP layer, a firewall FW is provided between the application programs AP_1, AP_2 and AP_3 and between the upper handler layer.

[External Memory 207] FIG. 7 is a diagram for explaining a storage area of the external memory 7. As shown in FIG. 7, in the storage area of the external memory 207, the AP storage area 220_1 in which the application program AP_1 of the service provider 15_1 is stored, the service provider 15
AP storage area 220_2 in which the application program AP_2 of _2 is stored, and AP in which the application program AP_3 of the service provider 15_3 is stored
There is a storage area 220_3 and an AP management storage area 221 used by the administrator of the SAM chip 208.

The application program AP_1 stored in the AP storage area 220_1 is composed of a plurality of application element data APE (data module of the present invention) described later. The firewall FW is used to access the AP storage area 220_1.
Limited by _1. AP storage area 220_2
Application program AP_2 stored in
Is composed of a plurality of application element data APE. Access to the AP storage area 220_2 is restricted by the firewall FW_2. The application program AP_3 stored in the AP storage area 220_3 is composed of a plurality of application element data APE. Access to the AP storage area 220_3 is restricted by the firewall FW_3. In the present embodiment, the application element data APE
Is, for example, from the outside of the SAM unit 9 to the external memory 7
Is the smallest unit that can be downloaded to. The number of application element data APE forming each application program can be arbitrarily determined by the corresponding service provider.

The application programs AP_1, AP_2 and AP_3 stored in the external memory 7 are
It is scrambled and descrambled when read into the SAM chip 8. The application programs AP_1, AP_2, AP_3 are, for example, the personal computers 16_ shown in FIG. 1, respectively.
1, 16_2, 16_3, the service provider 15
_1, 15_2, 15_3, and downloaded to the external memory 7 via the SAM chip 8.

Hereinafter, the application program AP_
1, AP_2, AP_3 will be described in detail. The application program is SA for each service provider.
There is one or more in M. The application programs AP_1, AP_2, AP_3 (hereinafter, also referred to as AP) include identification data AP_ID for identifying the application program AP, as shown in FIG.
Data APE indicating the number of application element data APE included in the application program
_NUM and one or more application element data APEs. Identification data A
The P_ID is determined to be different for each service provider.

As shown in FIG. 8, the application element data APE is data APE_S indicating the data size of the application element data APE.
ISE and the application element data AP
It is composed of identification data APE_ID for identifying E and data body APE_PL. Here, the identification data APE_ID is the application element data A.
Data APE_TYPE indicating the type of PE and data INS_N indicating the identification number (instance identification number) of the application element data APE within the type.
It is composed of UM and. The data INS_NUM is managed by the end user (service provider) side. For example, if the application element data APE has a file system configuration, the data APE_
TYPE becomes “2” and data INS_NUM becomes “1”. As a result, if the SAMs are the same, the application element data APE can be uniquely specified by the identification data APE_ID.

In the external memory 7 shown in FIG. 7, the above-mentioned application programs AP (AP_1, AP_2,
AP_3) is encrypted key data K outside the SAM unit 9.
It is encrypted by _AP and stored as an application program package APP. As the encryption key data K_AP, different encryption key data is used for each application program.

The types of the application element data APE described with reference to FIG. 8 will be described below.
FIG. 9 is a diagram showing an example of the application element data APE stored in one AP area. Figure 9
As shown in FIG. 3, in the AP area, card access key data, file system configuration data, S
AM mutual authentication key data, inter-SAM key package key data, IC card operating macro command script program (processing procedure data of the present invention), memory division key package, area registration key package, area deletion key package, service registration The application key data, the service deletion key package, and the AP resource key data K_APR are stored as the application element data APE.

The application element data APE shown in FIG. 9 will be described below. -Card access key data The card access key data is stored in the memory 50 of the IC card 3.
Key data used for reading and writing data to and from. Also, key data referred to by an IC card operation macro command script program described later is also included in the application element data APE of the same type as the card access key data. File system configuration data As file system configuration data, for example, , Log data, negative data, and journal data. The log data is, for example, usage history data of the application element data APE, the negative data is, for example, revocation information of the IC card, and the journal data is, for example, SAM execution history. For example, in the file system configuration, the type of file access (record key specification / sorting / ring) is selected. In the case of record key, record size, total number of records / record signature version / record signature method type, Set the record data size and record signature key. Furthermore, when writing data to this file system from the outside, whether or not to perform signature verification is specified. Here, a record is a minimum unit of writing / reading to / from file data.

Key data for SAM mutual authentication It is also used for mutual authentication between APs in the same SAM. S
The AM mutual authentication key data is key data used when accessing the corresponding application element data APE from another AP or another SAM within the same SAM. Inter-SAM key package key The inter-SAM key package key is encryption key data used when exchanging data such as card access key data after mutual authentication between SAMs. IC card operating macro command script program The IC card operating macro command script program is generated by the service provider itself and describes the order of processing relating to the IC card 3 and the exchange with the ASP server device 19. The IC card operating macro command script program is set in the SAM unit 9 and then interpreted in the SAM chip 8 to generate corresponding IC card entity data. -Memory partitioning key package The memory partitioning key package is installed in the external memory 7 before the service operator starts the service using the IC card 3.
This is data used for dividing the storage area of the memory of the IC card 3. Area registration key package The area registration key package is data used when the service provider performs area registration in the memory area of the memory of the IC card 3 before the operation of the service using the IC card 3 is started. -Area deletion key package (internal generation) The area deletion key package is a package that can be automatically generated inside the SAM from the card access key data.・ Service registration key (internally generated) The service registration key package is provided by the service provider
It is used to register the application element data APE in the external memory 7 before the operation of the service using the card 3 is started. The service registration key package is
It is a package that can be automatically generated inside the SAM from the card access key data. Service Delete Key Package (Internal Generation) The service delete key package is used to delete the application element data APE registered in the external memory 7. The service deletion key package is a package that can be automatically generated in the SAM from the card access key data. Key data K_APE The key data K_APE is used as an encryption key when setting the application element data APE, and
Application element data APE for each P area
Different key data K_APE is assigned to set the key.

The above-mentioned IC card operating macro command script program (hereinafter, also referred to as a script program) will be described in detail below. The script program is a program for defining the application programs AP_1, AP_2, AP_3 of the service providers 15_1, 15_2, 15_3 operating on the SAM chip 8 and the procedure of the processing performed by the IC card 3 when the application program is executed. is there. In the present embodiment, as will be described later, as shown in FIG.
In the SAM chip 8, script download task 6
9 and the script interpretation task 70, and based on the AP management table data and the script program, the service providers 15_1, 15_2, 15_3.
IC card entity template data 30_1 and input data block 31 used for the procedure related to
_X1, an output data block 32_x2, a log data block 33_x3, and an operation definition data block 34_x4 are generated.

FIG. 11 is a diagram for explaining commands used to describe the IC card operating macro command script program. In the command, the first character is “S” for the command to the SAM chip 8 itself, and the first character is “C” for the command related to the operation of the IC card 3. In addition, the second character is used properly according to the purpose. For example, the issuer setting declaration of the IC card 3 is “I”, the application element data A to be used.
The PE declaration (service type element declaration) is “S”, the simple read declaration from the IC card 3 is “R”, the simple write declaration to the IC card 3 is “W”,
The operation definition between the application element data APEs is “F”.

Script programs 21_1, 21_
The commands used to describe 2, 21_3 are SC command, SO command, SI command, SL command,
There are SF command, CI command, CS command, CR command, and CW command. The SC command is a command that declares the maximum number of IC card entity data that the SAM chip 8 can process simultaneously.
For example, when the SAM chip 8 can process 1000 IC card entity data at the same time, "SC:
1000 "is described.

The SO command stores the data read from the IC card 3 among the data blocks prepared in the SAM chip 8 when the processing using the IC card 3 is performed based on the IC card entity data described later. Command for declaring a data block to be the output data block 32_x2. For example, when the data blocks 1 to 10 are prepared and the data read from the IC card 3 is stored in the data block 1, it is described as “SO: 1”.

The SI command stores the data to be written to the IC card 3 among the data blocks prepared in the SAM chip 8 when the processing using the IC card 3 is performed based on the IC card entity data described later. Command for declaring a data block to be the input data block 31_x1. For example, data block 1
When data to be written to the IC card 3 is stored in the data blocks 2 and 3 when 10 to 10 are prepared,
It is described as "SI: 2, 3".

The SL command is a log for storing log data related to the operation among the data blocks prepared in the SAM chip 8 when the processing using the IC card 3 is performed based on the IC card entity data described later. This is a command for declaring a data block to be the data block 33_x3 for use. For example, when the data blocks 1 to 10 are prepared, the log data is set to the data block 4
When it is stored in, it is described as “SL: 4”.

The SF command is an operation definition data block 34_x4 for describing the definition of the relationship between mutual application element data APE related to the IC card 3.
Is a command for preparing a data block that becomes The contents of the operation definition data block 34_x4 is I
It is the pre-processing data of the C card entity data.

The CI command is a command for declaring the issuer (service provider) of the IC card 3.
The data for specifying the service provider defined by the CI command is the IC card type data of the IC card entity data.

The CS command is a command that declares that a plurality of services for the IC card 3 are simultaneously operated by referring to the name APE_N of the application element data APE (service type element). C
The S command can declare a function that defines an operation between the application element data APE designated by the name APE_N. For example, "CS:" Rc "+"
Declarations such as Wc "+" Wd "" can be made. Based on the contents of the CS command, A of the IC card entity data
The PE_N designation data and the processing order data are determined.

The CR command stores the data read from the IC card 3 in the designated data block when the relationship between the application element data APEs is not defined (when the SF command is not described). To declare. For example, when storing the data read from the IC card 3 in the data block 1, it is described as “CR: SO: 1 =“ Rc ””.

The CW command declares that the data stored in the designated data block is written to the IC card 3 when the relationship between the application element data APEs is not defined. For example, when writing the data stored in the data block 2 to the IC card 3, it is described as “CW: SI: 2 =“ Wc ””.

The CF command declares a data block that describes the content of calculation across services. For example, when describing the operation content across services in the SF data block 1, CF: CES_FUNC = SF: 1 ”
And Then, in the SF data block 1, for example,
““ Wc ”= If (“ Wc ”> 10) then (“ W
c ”-10;“ Wd ”=“ Wc ”* 0.08 +“ W
d ")". In this formula, the remaining number of services Wc is 1
When it is larger than 0, the value of Wc is subtracted by 10 and Wc becomes 8
Wd as accumulated points as the number of points corresponding to
Represents the operation of adding to.

The data stored in the AP management storage area 221 of the external memory 7 shown in FIG. 7 will be described below. Access to the AP management storage area 221 is restricted by the firewall FW_4. The firewall FW_4 corresponds to the firewall FW shown in FIG. FIG. 12 is a diagram for explaining the details of the data stored in the AP management storage area 221. In the AP management storage area 221, as shown in FIG. 12, AP management table data 300_1, 30
0_2,300_3 (management data of the present invention) and APP
Table data 310_1, 310_2, 310_3
(Use permission data of the present invention) are stored. Here, AP management table data 300_1, 300_
2,300_3 and APP table data 310_1,
310_2 and 310_3 are registered in advance when the SAM chip 8 is set up, for example. In addition, AP management table data 300_1, 300_2, 300_3
And APP table data 310_1, 310_2, 3
Only the administrator of the SAM chip 8 can rewrite 10_.

AP management table data 300_1, 3
00_2 and 300_3 are defined for each application program AP. The APP table data 310_1, 310_2, 310_3 are defined for each SAM mutual authentication key data.

FIG. 13 shows AP management table data 30.
It is a figure for demonstrating 0_1. The AP management table data 300_2 and 300_3 also have the same format as the AP management table data 300_1. As shown in FIG. 13, for each name APE_N of the referenced application element data APE used in the IC card operating macro command script program, identification data APE_ID, internal / external designation data IEI, identification data SAM_ID, identification data AP_ID, key data K_CARDA (second of the present invention
Key data), key data K_SAM (first key data of the present invention), data SET_APP, data FLAG_I
P and data FLAG_STR are shown in association with each other. Name A of application element data APE
PE_N is a service provider 15_1, 15_2, 15
Services provided by the application program of _3 (application element data APE)
Is the name given to. The name APE_N is an identifier that is referenced instead of the service number of the service that can be used by the application program of each service provider.

The identification data APE_ID is identification data of the application element data APE. The internal / external designation data IEI is a flag that distinguishes whether the APE exists as an entity (internal designation) or whether it is referenced from another SAM (external designation). The identification data SAM_ID is identification data of the SAM on the other side, which exchanges data when the SAM chip 8 performs a process related to the application element data APE. FIG. 14 is a diagram for explaining the SAM_ID. SAM_ID is 4-byte data, and TCP
/ IP has a concept of netmask similar to IP. The net mask can be set in bit units. For example, as shown in FIG. 14, the net mask is classified into three types of A class, B class and C class. Then, between SAMs to which the same netmask is assigned, only one type of key data may be used for mutual authentication.
In this embodiment, for example, the same netmask is assigned to the same service provider. In FIG. 14, A
The class netmask is "255.XX.XX.X.
A predetermined value for identifying the class is assigned to the upper 1 byte, and a value for identifying each SAM belonging to the class is assigned to the lower 3 bytes. Here, an arbitrary value can be set in "XX". That is, the A class net mask can define 16777215 SAM_IDs belonging to the A class. Also, the B class net mask is "25
5.255. XX. XX ”, a predetermined value for specifying the class is assigned to the upper 2 bytes, and a value for specifying each SAM belonging to the class is allocated to the lower 2 bytes. That is, 6553 belonging to the B class by the B class net mask.
Five SAM_IDs can be defined. The C class net mask is represented by “255.255.255.25XX”, and the upper 3 bytes are assigned a predetermined value for identifying the class, and the lower 1 byte is an individual belonging to the class. A value is assigned to identify the SAM of the. That is, the C class net mask can define 255 SAM_IDs belonging to the C class.

The identification data AP_ID is stored in the SAM chip 8
Is the identification data of the application program executed by the SAM of the other party who exchanges data when performing the process related to the application element data APE. The key data K_CARDA is key data used for exchanging data with the memory 50 of the IC card 3 when the SAM chip 8 performs a process related to the application element data APE.

The key data K_SAM is key data used for exchanging data with another SAM when the SAM chip 8 performs a process related to the application element data APE. The data SET_APP is
APP table data 310_1, 310_2, 3 used (referenced) when the SAM chip 8 performs a process related to the application element data APE.
This is data for identifying 10_3.

The data FLAG_IP is stored in the SAM chip 8
Is flag data indicating whether or not the data managed (held) is disclosed to another SAM chip 8 or the like. Data FL
AG_STR is flag data indicating whether or not the data managed (held) by the SAM chip 8 is permitted to be held by another SAM chip 8 or the like.

In FIG. 13, APE_N "Servi"
"ceA" is the access key of the IC card 3 defined by the application program in the corresponding SAM 8.
Since the key data of "Service A" is set to be private, it cannot be referenced by application programs on other SAMs or other application programs on this SAM. Also, "ServiceC" is
This is the access key of the IC card 3 defined by this application program. If a C class netmask, which will be described later, is assigned to this SAM, "Ser
The key data of “viceC” is “43.17.19.XX”.
It is disclosed to the application program on the SAM having the SAM_ID of. At this time, the SAM mutual authentication key is "T
T1 ... TTn "and other SAMs are" Service
It is determined whether or not the key data of “C” can be held until the next use. If yes, another SAM will
It is not necessary to obtain the card access key again from this SAM when using "rivec" next time. Servi
The access key of ceB is not this SAM, but “43.1
3.137. Obtained from the SAM having the SAM_ID of “XX”. As a mutual authentication key between SAMs, "SS1 ... SS
n ”is used. Whether or not the access key of "Service B" can be held until the next use is determined by the availability flag designated by the other SAM. "Service BL
og ”is SAM_I of“ 43.13.137.XX ”
A file in which log data to which D is assigned is stored. "Service B Log" is "Service
Since the same SAM netmask as "ceB" is used, "SS1 ... SSn" is used as the mutual authentication key. Here, APP table data is provided for each mutual authentication key. In this example, "ServiceB log" and "Serv"
The access permission to “vice B” is defined by the APP table data 310 of the other SAM referred to by the AP management table data on the other SAM.

FIG. 15 shows the APP table data 310_.
It is a figure for demonstrating 1. APP table data 3
10_2, 310_3, and 310 have the same format as the APP table data 310_1. Figure 15
As shown in FIG. 3, the APP table data 310_1 includes identification data APE_ID for each application element data APE and another application program (other application element data AP) for the application element data APE.
E) to read (READ) and write (WRIT)
E) indicates whether or not execution and execution (EXCUTE) are possible.

For example, the APP table data 310_1 shown in FIG. 15 indicates that "ServiceB log" is readable, writable, and unexecutable (deletable).

The AP management storage area 221 of the external memory 7 shown in FIG. 7 stores, for example, AP selection data in which IC card type data and AP_ID are associated with each other. The IC card type data indicates the type of the IC card 3 shown in FIG. 1, and is, for example, identification data of a credit card company that makes payment for a transaction using the IC card 3.

In the present embodiment, the service contents in which the names APE_N of a plurality of application element data APE are combined are defined (described) in the IC card operating macro command script program, which will be described later in I.
By reflecting in the C card entity data (job management data), it is possible to provide a service in which services corresponding to a plurality of application element data APE are combined. For example, a service in which a service for reading data from the IC card 3 and a service for writing data to the server device 2 are combined can be defined in the IC card entity data.

The APE_N or its service number is an operation command that can be interpreted by the IC card 3 issued to the IC card 3 when performing the service provided by the service providers 15_1, 15_2, 15_3.

The application program AP_1 is
AP management table data 3 stored in the external memory 7
00_1 and a predetermined IC card operating macro command script program. The application program AP_2 includes the AP management table data 300_2 and the predetermined I stored in the external memory 7.
It is defined by the macro command script program for C card operation. Application program AP_
3 is defined by the AP management table data 300_3 stored in the external memory 7 and a predetermined IC card operating macro command script program.

[SAM Chip 8] The SAM chip 8 is
It is connected to the ASP server device 19 via CSI or Ethernet. The ASP server device 19 is connected to the end user's personal computer 5 and service providers 15_1, 15_2, and the Internet via the Internet 10.
15_3 personal computers 16_1 and 16_
It is connected to a plurality of terminal devices including 2, 16_3. The personal computer 5 is, for example, serial or US
It is connected to the Dumb type card reader / writer 4 via B. Card reader / writer 4, IC card 3
A wireless communication corresponding to the physical level is realized between and. Operation command to IC card 3 and IC card 3
The response packet from is generated and decrypted on the SAM unit 9 side. Therefore, the card reader / writer 4, the personal computer 5 and the ASP server device 19 which are interposed therebetween serve only to store the command and the response contents in the data payload portion and relay the data, and to store the data in the IC card 3. It is not involved in actual operations such as encryption, decryption and authentication.

Personal computers 16_1, 16_
2, 16_3 is a script program described later SA
The application programs AP_1, AP_2, and AP_3 can be customized by downloading to the M chip 8.

FIG. 16 is a functional block diagram of the SAM chip 8 shown in FIG. As shown in FIG. 16, the SAM chip 8 includes an ASPS communication interface unit 60, an external memory communication interface unit 61, and a bus scramble unit 6.
2. It has a random number generator 63, an encryption / decryption unit 64, a memory 65 and a CPU 66. The SAM chip 8 is a tamper resistant module.

The ASPS communication interface unit 60 is an interface used for data input / output with the ASP server device 19 shown in FIG. The external memory communication interface unit 61 is an interface used for data input / output with the external memory 7. The bus scramble unit 62 scrambles the output data and descrambles the input data when inputting and outputting the data via the external memory communication interface unit 61. The random number generator 63 generates a random number used when performing the authentication process. The encryption / decryption unit 64 encrypts data and decrypts the encrypted data. The memory 65 stores tasks, programs, and data used by the CPU 66, as will be described later. The CPU 66 executes tasks such as a script download task, a script interpretation task, an entity generation task (job management data creation task), and an IC card procedure management task (job management data management task) described later.

The tasks, programs and data stored in the memory 65 will be described below. FIG. 17 is a diagram for explaining the tasks, programs and data stored in the memory 65. As shown in FIG. 17, the script download task 69, the script interpretation task 70, the entity generation task 71, the IC card procedure management task 72, the IC card operation macro command script programs 21_1 to 21_3, and the AP management table data 300_1 to 300_3. , APP table data 310_1 to 310_3, IC card entity template data 30_1 to 30_3, IC card entity data 73_x, input data block 31.
_X1, an output data block 32_x2, a log data block 33_x3, and an operation definition data block 34_x4 are stored.

The script download task 69 is, as shown in FIG. 10, AP management table data 300_.
1 to 300_3 (App table data 3 as necessary
10_1 to 310_3) are downloaded from, for example, the computer of each service provider, and are downloaded into the SAM chip 8.

The script interpretation task 70 uses the service definition table data (APP table data 310_1 to 310_3 as necessary) and the script program for each service provider, and the IC card entity template data, the input data block, An output data block, a log data block and an operation definition data block are generated. The number of data blocks generated for each service provider is not particularly limited.

The entity creation task 71 is, for example,
When an entity creation request is received from the ASP server device 19, after polling with the IC card 3,
The IC card entity data used for the procedure processing between the IC card 3 and the service provider is generated using the IC card entity plate data corresponding to the service provider. At this time, the IC card entity plate data becomes a class, and the IC card entity data is generated as an instance of the class. The process of generating the IC card entity data by the entity generation task 71 will be described in detail later.

The IC card procedure management task 72 executes a procedure process between the IC card 3 and the service providers 15_1 to 15_3 by using one or a plurality of IC card entity data 73_x existing in the memory 65. . In this embodiment, a plurality of procedure processes performed between a plurality of IC cards 3 and the service providers 15_1 to 15_3 proceed at the same time. The IC card procedure management task 72 executes these plural procedure processes in parallel.
The IC card procedure management task 72 deletes the IC card entity data 73_x that has completed the series of procedures. The processing of the IC card procedure management task 72 will be described in detail later.

Script programs 21_1 to 21_2
Is input from the external memory 7 by the script download task 69 and stored in the memory 65. AP management table data 300_1 to 300_3
Is input from the external memory 7 by the script download task 69 and stored in the memory 65. The APP table data 310_1 to 310_3 are
By the script download task 69, for example,
It is input from the external memory 7 and stored in the memory 65.

The IC card entity template data 30_1 to 30_3 are generated by the script interpretation task 70 and used as a template (class) when generating the IC card entity data 73_x of the procedure related to each service provider. IC
The card entity data 73_x is generated by the entity generation task 71 using the IC card entity template data 30_1 to 30_3 as a class, for example, as an instance of the class.

Input data block 31_x1, output data block 32_x2, log data block 33
_X3 and the operation definition data block 34_x4 are
It is generated by the script interpretation task 70.

Below, the IC card entity data 73
_X will be described. The IC card entity data 73_x is, for example, an entity generated in the SAM chip 8 when the SAM chip 8 receives a processing request for processing using the IC card 3 and an application program of a predetermined service provider from the ASP server device 19. The task 71 is generated using the IC card entity plate data of the corresponding service provider that has already been generated.

FIG. 18 is a diagram for explaining the format of the IC card entity data 73_x. As shown in FIG. 18, the IC card entity data 73
_X is the management pointer data 80, entity ID
Data 81, entity status data (status data) 82, IC card type data 83, APE_
It has N designation data 84, processing order data 85, pre-processing data 86, and post-processing data 87.

The management pointer data 80 includes the memory 6
5 is a bidirectional pointer for managing the IC card entity data 73_x. The entity ID data 81 is used for a series of processes using the IC card entity data 73_x such as a request to generate the IC card entity data 73_x, confirmation of the progress status, and deletion. The entity ID data 81 also serves as a return value passed to the end user. The entity ID data 81 corresponds to a descriptor when a file is opened on a general file system.

The entity status data 82 is I
The progress status of the procedure regarding the C card 3 is shown. The basic state of the IC card entity data 73_x is, as shown in FIG. 19, a state of processing (RS) for checking services available to the IC card 3 and a state of processing for the SAM chip 8 to authenticate the IC card 3. (A1), the state of the processing in which the IC card 3 authenticates the SAM chip 8 (A2),
Status of processing for reading data from the IC card 3 (R), I
There is a state (W) of a process of writing data to the C card 3.
In this embodiment, the process of checking the service provider, the SAM
The process in which the chip 8 authenticates the IC card 3, the IC card 3
The process of authenticating the SAM chip 8, the process of reading data from the IC card 3, and the process of writing data to the IC card 3 correspond to jobs. The job is executed by the IC card procedure management task 72 as described later.
Is the unit of processing whose execution order is determined. The mutual authentication processing between the IC card 3 and the SAM chip 8 is configured by A1 and A2.

In this embodiment, the Internet 1
In consideration of the communication time at 0, the above-mentioned basic states are divided into a state after activation (after issuing a command) and a state after completion (after receiving a response), as shown in the state transition diagram of FIG. Manage. Specifically, the instance generation (IC card entity data generation) state, the state after RS activation,
RS complete state, A1 post-start state, A1 complete state, A2 post-start state, A2 complete state, R start state, R complete state, W
The processing state using the IC card entity data 73_x is managed by the activation state, the W completion state, and the instant (IC card entity data) erased state.

The IC card type data 83 is data for specifying the service provider who issued the IC card 3. The IC card type data 83 is set with data specified by the CI command in the script program described above when the IC card entity data 73_x is generated.

The service type element data 84 is
AP management table data 300_1 to 30 used in the processing using the IC card entity data 73_x
0_3 and APP table data 310_1 to 310
The application element data APE defined in _3 is shown. The service type element data 84 is set with one or more application element data APE designated by the CS command in the above-mentioned script program when the IC card entity data 73_x is generated.

The processing order data 85 indicates the order of executing the service (job) used in the processing using the IC card entity data 73_x, that is, the transition state shown in FIG. That is, the processing order data 85 is the name APE_N of the application element data APE.
Is used to indicate the job execution order corresponding to the basic operation of the IC card 3. Here, the job corresponds to RS, A1, A2, R, and W shown in FIG. 19 as described above. The specific operation on the IC card 3 is realized by the processing order designated by using the job. For example, for processing using the read-only IC card 3 without mutual authentication, “RS → R” is set in the processing order data 85. Further, in the case of reading and writing with mutual authentication, the processing sequence data 85 includes “RS → A1 → A2
→ R → W ”is set. The processing order data 85 includes I
When the C card entity data 73_x is generated, the order of jobs shown in FIG. 12 corresponding to the order of service elements specified in the CS command in the above-mentioned script program is set.

In the pre-processing data 86, management data for performing processing using the IC card entity data 73_x is set from the ASP server device 19 side. .
For example, in the unprocessed data 86, the points of the arithmetic expression of the service (application element data APE) designated in the SF data block are set. Also,
If the inter-service calculation function is not defined, the requested processing amount is set in the pre-processing data 86. For example, in the case of payment, a state relating to the charge amount, the number of points awarded, etc. is set.

The processed data 87 is the ASP server device 1
IC card entity data 73_x required on the 9 side
The data of the processing result of is set. For example, in the case of payment, data indicating whether or not the payment has been normally completed is set.

A procedure for performing processing relating to a plurality of IC cards 3 by using a plurality of IC card entity data 73_x by the IC card procedure management task 72 shown in FIG. 17 will be described below. IC card procedure management task 7
2 is, for example, the CPU 6 of the SAM chip 8 shown in FIG.
Always up on 6. FIG. 20 is a flowchart of the processing performed by the IC card procedure management task 72. Step ST1: The IC card procedure management task 72
Of the plurality of IC card entity data 73_x existing in the memory 65, one IC to execute the next processing
Select the card entity data 73_x. The I
The method of selecting the C card entity data 73_x is the IC card entity data 7 existing in the memory 65.
3_x may be selected in order, or a higher priority may be preferentially selected by prioritizing.

Step ST2: The IC card procedure management task 72 determines whether or not the job of the IC card entity data 73_x selected in step ST1 is already activated. When it is determined that the device has not been activated, the process proceeds to step ST5, and the process proceeds to step ST3.

Step ST3: From the entity status data 82 shown in FIG. 18 of the IC card entity data 73_x selected in step ST1, the IC card procedure management task 72 executes the process relating to the entity data in the state transition diagram shown in FIG. It is determined in which state the job is to be executed next from the processing order data 85. At this time, as described above, the processing order data 85 includes AP management table data 300_1 to AP management table data 300_1.
The job execution order is defined by using the service element set to 300_3.

Step ST4: The IC card procedure management task 72 activates the job selected in step ST3. The IC card procedure management task 72 includes the input data block 31_x1, the output data block 32_x2, and the log data block 33_ described above with reference to FIG.
The job is executed by using the data block related to the job out of x3 and the operation definition data block 34_x4.

At this time, the IC card procedure management task 7
When issuing a command to the IC card 3 when executing a job, 2 uses the service element corresponding to the job as a key and the AP management table data 300_.
1 to 300_3 are searched to obtain a service number (an operation command of the IC card 3 that can be interpreted by the IC card 3) corresponding to the service element. Then, the IC card procedure management task 72 issues a command to the IC card 3 using the obtained service number. Further, as described with reference to FIG. 5, the IC card procedure management task 72, when key data is required to access the storage area of the IC 3a of the IC card 3, the service element corresponding to the job is set. AP management table data 300_1 to 300_3 are searched as a key to obtain key data corresponding to the service element. Then, the IC card procedure management task 72 uses the key data to generate an IC
Mutual authentication with the card 3 and processing such as data encryption and decryption are performed to obtain the authority to access a predetermined storage area of the IC card 3.

Step ST5: Step ST5 is performed when the IC card procedure management task 72 issues a command to the IC card 3 and waits for the processing result of the IC card 3. IC card procedure management task 72
When the processing result is received from the IC card 3, the
Set to C card entity data 73_x.

Step ST6: The IC card procedure management task 72 updates the entity status data 82 of the IC card entity data 73_x shown in FIG.

As described above, in the present embodiment, the IC card procedure management task 72 sequentially selects the IC card entity data 73_x for the plurality of IC cards 3 existing in the SAM chip 8 while sequentially selecting the plurality of ICs.
The processing for the card 3 is performed in parallel. Therefore, S
Even when the AM chip 8 receives a processing request for a procedure using a plurality of IC cards 3, these processings can proceed simultaneously.

21 and 22 show the above-mentioned S when the job is executed in step ST4 of FIG.
AM chip 8 is application element data AP
FIG. 11 is a diagram for explaining processing specified by other application element data APE or processing when accessing data according to the procedure specified in E. Step ST41: The SAM chip 8 specifies the application program to be used (accessed) and the application element data APE in the application program while executing the processing according to the predetermined application element data APE. Further, the use is the application element data AP.
It also specifies whether the read, write, or execution of E is performed.

Step ST42: The SAM chip 8 judges whether or not the application element data APE specified in step ST41 exists in the SAM chip 8, and if it judges that the application element data APE does not exist, step S42.
When it is determined that the existence is present, the process proceeds to step T45.

Step ST43: The SAM chip 8 refers to the AP management table data 300_1 to 300_3 corresponding to the application program being executed,
The key data K_SAM corresponding to the corresponding service (application element data APE) is acquired, and the key data K_SAM is used to perform mutual authentication with the SAM chip 8a having the application element data APE to be used.

Step ST44: When the SAM chips 8 and 8a authenticate each other's legitimacy by the mutual authentication of step ST43, the SAM chip 8 proceeds to the process of step ST45, and otherwise proceeds to step ST50.

Step ST45: The SAM chip 8 refers to the AP management table data 300_1 to 300_3 corresponding to the application program being executed,
The key data K_SAM corresponding to the corresponding service (application element data APE) is acquired. Further, the SAM chip 8 similarly applies to the application element data APE of the use destination specified in step ST41.
AP management table data 300_1 corresponding to PE
Referring to 300_3, the key data K corresponding to the corresponding service (application element data APE)
Get _SAM. Then, the SAM chip 8 compares the two acquired key data K_SAM.

Scramble 46: When the SAM chip 8 determines in the process of step ST45 that the two key data K_SAM match, the process proceeds to step ST47, and if not, the process proceeds to step ST50.

Step ST47: The SAM chip 8 or 8a uses the AP management table data 3 corresponding to the application program specified in step ST41.
00_1 to 300_3 are referred to, and the APP table data 310_1 to 310_3 corresponding to the application element data APE to be used are specified.

Step ST48: The SAM chip 8 or 8a judges the access authority of the application element data APE to be used (accessed) based on the APP table data 310_1 to 310_3 specified in step ST47. Specifically, reading the application element data APE to be used,
Determine write and execute permissions.

Step ST49: If the SAM chip 8 or 8a determines that it has the access right in step ST48, the process proceeds to step ST50. If not, the process proceeds to step ST51.

Step ST50: The SAM chip 8 or 8a performs step ST4 on the application element data APE specified in step ST41.
Perform the use specified in 1.

Step ST51: The SAM chip 8 or 8a performs step ST4 on the application element data APE specified at step ST41.
Perform the use specified in 1.

The SAM chip 8 is the same as that shown in FIG.
At the time of executing the job in step ST4, the SAM chip 8 described above causes the application element data A
When data is exchanged with the IC card 3 according to the procedure specified by the PE, the key data corresponding to the application element data APE is referred to by referring to the AP management table data 300_1 to 300_3 shown in FIG. K_CADR is obtained and the key data K_CAR is obtained.
The memory 50 of the IC card 3 is accessed using D.

The overall operation of the communication system 1 shown in FIG. 1 will be described below. 23 and 24 are diagrams for explaining the overall operation of the communication system 1 shown in FIG.

Step ST21: Service provider 15_
1 to 15_3 or a person who receives a request from these service providers describes a script program 21_1, 21_2, 21_3 in which a process regarding a transaction performed by the service provider using the IC card 3 is described, for example, in FIG.
Personal computer 16_1, 16_2, 1 shown in
Create on 6_3. Further, the administrator of the SAM chip 8 makes the AP management table data 300_1 to 300_ corresponding to each of the service providers 15_1 to 15_3.
Create 3.

Step ST22: AP management table data 300_1 to 300 created in step ST21
_3 is stored in the external memory 7. Also, step ST
Script programs 21_1 and 21 created in 21
_2 and 21_3 are personal computers 16_1 and
16_2, 16_3, Internet 10, ASP
It is downloaded to the external memory 7 via the server device 19 and the SAM chip 8. The download process is managed by a script download task 69 in the SAM chip 8 as shown in FIG.

Step ST23: The script interpretation task 70 in the SAM chip 8 shown in FIG. 10 causes the AP management table data 300_1 for each service provider.
~ 300_3 and the script program, I
C card entity template data, an input data block, an output data block, a log data block and an operation definition data block are generated. These generated data are stored in the SAM chip 8 shown in FIG.
Stored in the memory 65.

Step ST24: IC card 3 for the user
Is issued. As shown in FIG. 5, the IC of the IC card 3
3a stores key data used for dealing with a service provider with which the user has made a contract. In addition,
The contract between the user and the service provider is IC card 3
May be performed via the Internet 10 or the like after the issuance of.

Step ST25: For example, when the user uses the personal computer 5 to access the server device 2 via the Internet 10 and tries to purchase a product, the server device 2 accesses the ASP server device via the Internet 10. A processing request is issued to 19. Upon receiving the processing request from the server device 2, the ASP server device 19 accesses the personal computer 5 via the Internet 10. Then, the processing request for the IC card 3 issued by the card reader / writer 4 is sent to the personal computer 5, the Internet 10, and the ASP.
It is transmitted to the SAM chip 8 via the server device 19.

Step ST26: ASP server device 19
Sends an entity creation request to the SAM chip 8. The entity creation request stores data indicating the issuer of the IC card 3.

Step ST27: When the SAM chip 8 receives the entity creation request, it polls the IC card 3.

Step ST28: The entity creation task 71 of the SAM chip 8 executes SA after the polling is completed.
It is determined whether or not the number of IC card entity data 73_x existing in the M chip 8 is within the maximum number specified by the SC command of the script program,
If it is within the maximum number, the process proceeds to step ST29, and if not, the process ends.

Step ST29: The entity creation task 71 specifies which service provider IC card entity template data is used, for example, based on the data indicating the issuer of the IC card 3 stored in the entity creation request. Then, the specified IC card entity plate data is used to generate the IC card entity data 73_x. This corresponds to the instance generation shown in FIG.

Step ST30: SAM chip 8 to A
In the SP server device 19, I generated in step ST29
Entity I of C card entity data 73_x
D is output.

Step ST31: IC of SAM chip 8
The card procedure management task 72 checks the services available in the IC card 3. This is a process corresponding to the job RS shown in FIG.

Step ST32: IC of SAM chip 8
The card procedure management task 72 authenticates the validity of the IC card 3. This is a process corresponding to the job A1 shown in FIG.

Step ST33: The IC card 3 is the SAM
The legitimacy of the chip 8 is verified. This is a process corresponding to the job A2 shown in FIG. Step ST32, S
Mutual authentication between the IC card 3 and the SAM chip 8 is performed by T33. At this time, as described above, S
According to the application element data APE executed in the AM chip 8, the AP management table data 300_1 to 300_3 shown in FIG. 13 is referred to, the key data K_CARD is acquired, and the key data K_CA is acquired.
Using RD, SAM chip 8 and CPU 5 of IC card 3
Mutual authentication is performed with the device 1.

Step ST34: IC of SAM chip 8
The card procedure management task 72 reads / writes data required for the procedure from / to the IC card 3. this is,
This is processing corresponding to the jobs R and W shown in FIG. Further, the IC card procedure management task 72 performs a predetermined arithmetic processing using the data read from the IC card 3 by using the arithmetic expression specified based on the pre-processing data 86 of the IC card entity data 73_x.

Step ST35: IC of SAM chip 8
The card procedure management task 72 outputs the processing result of step ST34 to the ASP server device 19.

Step ST36: For example, the IC card procedure management task 72 erases the IC card entity data 73_x.

As described above, according to the communication system 1 and the SAM unit 9, the application program AP is set to a plurality of application element data A.
By configuring using PE and using AP management table data and APP table data to define the processing content of each application element data APE, I
Various services using the C card 3 can be provided. Further, according to the communication system 1, the application element data APE is used in the same SAM by using the AP management table data and the APP table data,
In addition, the use of the application element data APE between different SAMs can be flexibly realized while maintaining high security. Further, according to the communication system 1, the application element data APE between different SAMs
When using, mutual authentication is performed between SAMs, so that the security of the application program can be enhanced. Further, according to the communication system 1, by assigning the SAM_ID of the same class to the application programs of the same service provider, complicated mutual authentication processing is not performed between the application element data APE of the application programs of the same provider. Thus, the management of the key information and the processing load of the SAM chip can be reduced.

Further, according to the communication system 1, the IC card entity data 73_x is generated for each procedure process generated with the IC card 3, and the IC card procedure management task 72 causes a plurality of IC card entity data 73_x. Using, it is possible to proceed with processing for a plurality of IC cards 3 at the same time. Further, according to the authentication system 1, since the IC card entity data 73_x actually used for the processing of the IC card 3 may be stored in the memory 65, the storage area of the memory 65 can be efficiently used. Further, according to the authentication system 1, as shown in FIG. 19, the execution state of the job processed by the IC card procedure management task 72 is managed separately by the post-startup state and the completed state. Waiting for data from the IC card 3 after the execution of
You can start processing for other jobs. Therefore, it is possible to eliminate the waiting time caused by transmitting / receiving data to / from the IC card 3 via the Internet 10.

Further, according to the authentication system 1, in the AP management table data 300_1 to 300_3, APE_N, which is the name indicating the type of service provided by each service provider, and the corresponding service used in the IC card 3 The AP management table data 300_1 to 3 for the number and the key data used for providing the service.
It is described in 00_3 and is stored in the external memory 7.
Therefore, the service providers 15_1 to 15_3 who are not developers of the SAM chip 8 create their own application programs operating on the SAM chip 8 by creating script programs 21_1, 21_2, 21_3 and
It can be customized by downloading to the external memory 7 via the M chip 8. That is, these service providers can customize their own application programs without notifying the service providers 15_1 to 15_3 of highly confidential data such as key data and operation commands for directly operating the IC card 3. In addition, the service provider does not need to know the key data or the card operation command when customizing the application program, and thus the burden on the service provider is reduced. Further, according to the authentication system 1, since the processing content over a plurality of services can be defined, a variety of services combining a plurality of services within the range of services that are permitted and executed at the same time on the IC card 3 side. Can be provided.
Further, according to the authentication system 1, by introducing the concept of the data block, it is possible to easily manage the data input / output to / from the IC card 3 and the log data.

[0112]

As described above, according to the present invention,
It is possible to provide a data processing device and a method thereof which can enhance the security of an application program operating on a semiconductor circuit when providing a service using an integrated circuit.

[Brief description of drawings]

FIG. 1 is an overall configuration diagram of a communication system of the present embodiment.

FIG. 2 is a diagram for explaining another SAM chip with which the SAM chip shown in FIG. 1 communicates.

FIG. 3 is a diagram for explaining another SAM chip with which the SAM chip shown in FIG. 1 communicates.

FIG. 4 is a functional block diagram of the IC card shown in FIG.

FIG. 5 is a diagram for explaining the memory shown in FIG. 4;

FIG. 6 is a diagram for explaining a software structure of the SAM chip shown in FIG.

FIG. 7 is a diagram for explaining a storage area of the external memory shown in FIG.

FIG. 8 is a diagram for explaining the application program AP shown in FIG. 7.

9 is a diagram for explaining the types of application element data APE shown in FIG.

FIG. 10 is a diagram for explaining processing of the SAM chip shown in FIG. 1.

FIG. 11 is a diagram for explaining commands used in the IC card operating macro command script program shown in FIG. 10;

FIG. 12 is a diagram for explaining the AP management storage area shown in FIG. 7;

FIG. 13 is a diagram for explaining the AP management table data shown in FIG. 12.

FIG. 14 is a diagram for explaining SAM_ID.

FIG. 15 is a diagram for explaining the APP table data shown in FIG.

FIG. 16 is a functional block diagram of the SAM chip shown in FIG. 1.

FIG. 17 is a diagram for explaining tasks, programs and data stored in the memory shown in FIG. 16.

FIG. 18 shows IC card entity data 7
It is a figure for demonstrating the format of 3_x.

19 is a diagram for explaining a state transition of the entity status data shown in FIG.

FIG. 20 is a flowchart of processing performed by the IC card procedure management task.

FIG. 21 is a diagram showing a process in which the SAM chip accesses a process or data specified by another application element data APE according to the procedure specified by the application element data APE when the job is executed in step ST4 of FIG. 20; It is a figure for demonstrating the process in a case.

22 is a diagram showing a process in which a SAM chip accesses a process or data specified by another application element data APE in accordance with a procedure specified by the application element data APE when the job is executed in step ST4 of FIG. 20; It is a figure for demonstrating the process in a case.

FIG. 23 is a diagram for explaining the overall operation of the communication system shown in FIG. 1.

FIG. 24 is a diagram for explaining the overall operation of the communication system shown in FIG. 1.

[Explanation of symbols]

1 ... Communication system, 2 ... Server device, 3 ... IC card,
4 ... Card reader / writer, 5 ... Personal computer, 7, 7a ... External memory, 8, 8a ... SAM chip,
9, 9a ... SAM unit, 15_1 to 15_3 ... Service provider, 19 ... ASP server device

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04L 9/10 H04L 9/00 621A 5J104 F term (reference) 2C005 MA05 NA01 SA06 SA12 SA26 5B035 BB09 BC00 5B058 CA01 KA31 YA20 5B076 FA01 FB02 FB10 5B085 AA08 AE12 5J104 KA01 MA05 NA35 PA10

Claims (22)

[Claims] 1. A plurality of application programs each constituted by a plurality of data modules including processing procedure data describing processing procedures for communicating with an integrated circuit and providing a service are predetermined. The data module, the first key data used to use another data module in a process corresponding to the data module, and the integrated circuit in a process corresponding to the data module; A storage circuit that stores management data that shows the second key data used for exchanging data in association with each other, and a process related to the service based on the data module. In the process, the management data is stored. Referring to the first key data corresponding to the data module, And a semiconductor circuit that uses the other data module and uses the second key data corresponding to the data module to exchange the data with the integrated circuit. 2. The storage circuit, history data of processing performed using the data module, program data showing a procedure for registering the data module in the storage area, the data module from the storage area 2. At least one of the program data showing the procedure for deleting the registration of the program and the program data showing the procedure for defining the storage area for storing the application program is stored as the data module. The described data processing device. 3. The semiconductor circuit uses the management data when the processing corresponding to the other data module is executed in the semiconductor circuit, and the first key corresponding to the predetermined data module is used. The data and the first key data corresponding to the other data module are obtained, and the predetermined data module being executed is provided on condition that the obtained two first key data match. The data processing device according to claim 1, wherein the other data module is used. 4. The storage circuit stores, for each of the data modules, usage permission data indicating a form in which usage of the data module is licensed, and the semiconductor circuit stores the two first key data. The data processing device according to claim 3, wherein, in the case of doing so, the other data module is used in a form licensed by the usage permission data based on the usage permission data corresponding to the other data module. 5. The semiconductor circuit uses the management data when the processing corresponding to the other data module is executed by the other semiconductor circuit, and the first data corresponding to the predetermined data module is used. The key data is obtained, mutual authentication is performed with the other semiconductor circuit using the first key data, and if the mutual validity is authenticated, the predetermined data module being executed is changed to the other one. The data processing device according to claim 1, wherein the data module is used. 6. The semiconductor circuit is licensed by the license data based on license data indicating a mode in which usage of the other data module is licensed when the mutual validity is authenticated. The data processing apparatus according to claim 5, wherein the other data module is used in a form. 7. The data processing device according to claim 1, wherein the first key data is defined so as to be the same for data modules that form the same application program. 8. The data processing apparatus according to claim 1, wherein the storage circuit stores the application program encrypted by using key data uniquely assigned to each application program. 9. The semiconductor circuit comprises, from the data module data, job execution order data indicating an execution order of a plurality of jobs constituting the processing of the application program, and a status indicating a progress status of the execution of the plurality of jobs. Data for job management including data is generated, a job to be executed next is selected based on the status data and the processing order data of the job management data, the selected job is executed, and the job is executed. The data processing apparatus according to claim 1, wherein the status data of the selected job management data is updated according to the execution of. 10. The semiconductor circuit generates template data of the job management data using the processing procedure data and the management data, and uses the template data to perform the job management in response to the processing request. The data processing device according to claim 9, wherein the data processing device generates data for use. 11. The semiconductor circuit generates the job management data for each of a plurality of processing requests, selects one job management data from a plurality of the data modules, and selects the selected job management data. The status data of the selected job management data is selected according to the execution of the selected job by selecting the job to be executed next based on the status data and the processing order data 11. The data processing apparatus according to claim 10, wherein the job management data is updated, and after the update, one job management data is selected from the plurality of data modules. 12. The data processing apparatus according to claim 11, wherein the semiconductor circuit erases the job management data when execution of all jobs constituting the processing in response to the processing request is completed. 13. A data processing method, wherein a semiconductor circuit that communicates with an integrated circuit and performs a process for providing a service exchanges data with the storage circuit to exchange data with the integrated circuit. Storing a plurality of application programs, each of which is composed of a plurality of data modules including processing procedure data describing processing procedures for performing communication between them to provide a service, in a predetermined storage area. A first key data used to use another data module in a process corresponding to the data module, and a first key data used to exchange data with the integrated circuit in a process corresponding to the data module. In the case of storing management data which is associated with the key data of No. 2, the semiconductor circuit is A process related to the service based on a data module, the semiconductor circuit refers to the management data in the process related to the service, and uses the first key data corresponding to the data module to execute the other process. A data processing method using a data module, wherein the semiconductor circuit exchanges data with the integrated circuit by using the second key data corresponding to the data module in a process related to the service. 14. The first key corresponding to the predetermined data module, wherein the management data is used by the semiconductor circuit when processing according to the other data module is executed by the semiconductor circuit. The data and the first key data corresponding to the other data module are obtained, and the predetermined data module being executed is provided on condition that the obtained two first key data match. 14. The data processing method according to claim 13, wherein the other data module is used. 15. The semiconductor circuit stores, for each of the data modules, use permission data indicating a form of permitting the use of the data module, wherein the semiconductor circuit has the two first 15. The other data module is used in a form licensed by the usage permission data based on the usage permission data corresponding to the other data module when the key data match. Data processing method. 16. The semiconductor circuit, wherein when the processing according to the other data module is executed in the other semiconductor circuit, the first data corresponding to the predetermined data module is used by using the management data. The key data is obtained, mutual authentication is performed with the other semiconductor circuit using the first key data, and if the mutual validity is authenticated, the predetermined data module being executed is changed to the other one. The data processing method according to claim 13, wherein the data module is used. 17. The semiconductor circuit is licensed by the license data based on the license data indicating a mode in which the semiconductor circuit is licensed to use the other data module when the legitimacy of each other is authenticated. The data processing method according to claim 16, wherein the other data module is used in a form. 18. The data processing method according to claim 13, wherein the first key data is defined to be the same for the data modules forming the same application program. 19. The semiconductor circuit, based on the data module data, job execution order data indicating an execution order of a plurality of jobs constituting the processing of the application program, and a status indicating a progress status of execution of the plurality of jobs. And generating job management data including data, the semiconductor circuit selects a job to be executed next based on the status data and the processing order data of the job management data, and the semiconductor circuit, 14. The data processing method according to claim 13, wherein the selected job is executed, and the semiconductor circuit updates the status data of the selected job management data according to the execution of the job. 20. The semiconductor circuit uses the processing procedure data and the management data to generate template data of the job management data, and the semiconductor circuit generates the template data in response to the processing request. 20. The data processing method according to claim 19, wherein the job management data is generated by using the job management data. 21. The semiconductor circuit generates the job management data for each of a plurality of processing requests, the semiconductor circuit selects one job management data from the plurality of data modules, The circuit selects a job to be executed next based on the status data and the processing order data of the selected job management data, and the semiconductor circuit executes the selected job and executes the job. 21. The data according to claim 20, wherein the status data of the selected job management data is updated in accordance with the above, and the semiconductor circuit selects one job management data from the plurality of data modules after the update. Processing method. 22. The data processing method according to claim 21, wherein the semiconductor circuit erases the job management data when execution of all jobs constituting the processing in response to the processing request is completed.