JP2003196624A - Dual function card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a DF (dual function) card eliminating any room for intervening a fraudulent action by a terminal, preventing fraudulent writing/reading of data from the outside, and retaining the secrecy and the completeness of the stored data. <P>SOLUTION: This DF card 10 incorporating a terminal communication interface with the terminal 20, an external communication interface with the outside, and data storage means 13 is provided with a command execution means 11 executing a command received from the terminal, a storage control means 11 receiving the command of the command execution means and controlling the writing reading of transmission data from the external communication interface, and an external communication control means 14 for receiving the command of the command execution means and controlling the input output of the communication data from the external communication interface. Under the command of the terminal, this DF card outputs internal data to the outside without intervention of the terminal and storing the external data without intervention of the terminal so a to prevent the fraudulent action by the terminal and retain the secrecy and the completeness of the internal data of the card. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a memory card, and more particularly to a dual function card having a memory for storing data and an external communication interface in addition to a contact with a terminal.

[0002]

2. Description of the Related Art (Prior Art Example 1) In recent years, IC cards are
Both are used in various fields such as commuter passes, telephone cards, cash cards, and memory cards are used as storage media for PCs (personal computers), digital cameras, music players, and the like.
Memory cards are used to supplement the internal storage areas of digital cameras and music players, and for portability. For example, image data taken by a digital camera is stored in a mounted memory card, and the memory card is mounted in the PC, so that the image can be viewed on the PC. The interface card that has an external communication interface with terminals other than terminals is PMCIA standard P
It is connected to C and used as a modem card / LAN card. As a result, even a PC that does not have a built-in function such as a modem or LAN can perform data communication with the outside.

A conventional dual-function card (hereinafter referred to as DF) having a memory and an external communication interface built-in.
As shown in FIG. 14, the hardware structure of the card) is a flash memory 33 for storing data and a terminal 20.
A memory controller 31 that controls reading / writing of data in the flash memory 33 according to an instruction from the terminal, and an IO controller 34 that controls input / output of data to the outside according to an instruction from the terminal 20. As shown in FIG. 15, the functional block of the DF card 30 includes a terminal communication interface Z-15 for communicating with a terminal, an instruction executing means Z-11 for executing an instruction received from the terminal, and a storage means for holding data. Read data to Z-13, storage means Z-13
Storage control means Z-12 for writing, external communication interface Z-16 for performing data communication with a card external device other than the terminal, and external communication control means Z-14 for reading / writing communication data to / from the external communication interface. Composed of.

Of these, the instruction execution means Z-11 and the storage control means Z-12 are functions that the memory controller 31 has,
The storage means Z-13 corresponds to the flash memory 33, and the external communication control means Z-14 corresponds to the IO controller 34. First, in this DF card, when the data held in the storage means Z-13 is to be output from the external communication interface Z-16, the order shown by the arrows in FIG. 16 (Y-01) to (Y-05) Follow (Y-01): The command issuing means Z-21 of the terminal issues a command and D
Send to F card. (Y-02) / (Y-03): The command execution means Z-11 that has received the command from the terminal requests the storage control means Z-12 for processing and retrieves data from the storage means Z-13. (Y-04): The instruction executing means Z-11 transmits the data fetched from the storing means Z-13 to the terminal as a reply to the instruction from the terminal. (Y-05): The command issuing means Z-21 outputs the data received from the DF card to the outside of the card from the external communication control means Z-14. Further, FIG. 17 shows the flow of instructions to the memory (-) and the flow of data read from the memory (-) on the hardware configuration. As mentioned above, D
If you want to output the data inside the F card to the outside of the card,
Corresponding data must once be retrieved from inside the card to the terminal.

(Prior Art Example 2) Further, in this DF card, when the data received from the external communication interface Z-16 is to be stored in the storage means Z-13, FIG.
Follow the order indicated by the arrows from 01) to (X-06). (X-01): The external communication control means Z-14 of the DF card receives data from the outside. (X-02): The external communication control means Z-14 transmits the received data to the terminal. (X-03): The terminal which has received the data from the DF card by the command issuing means Z-21 displays the received data to the user of the terminal or the DF card, and the next operation by the user (the received data storage means Z -Whether to store in -13) or not. (X-04): User's next operation (Reception data storage means)
In the terminal which has received (can be stored in Z-13), the command issuing means Z-21 issues a command and sends it to the DF card. The command here includes the received data from the DF card inside. (X-05): Command execution means Z-11 that received a command from the terminal
Requests the storage control means Z-12 for processing, and stores the received data from the outside of the DF card included in the command.
Store in Z-13. (X-06): The instruction executing means Z-11 transmits the result of the data storage processing as a response to the instruction from the terminal. In (X-03) and (X-04), it is possible that the user of the terminal or the DF card is automatically operated without giving the operation authority to execute the next operation. Also,
FIG. 19 shows an instruction and data flow (to) to the memory on the hardware configuration. The data flow (-) on the hardware configuration at this time is shown.

As described above, when it is desired to store data from the outside of the DF card to the inside of the card, the data received from the outside must once pass through the terminal. In addition, (X-0
3) In (X-04), if all is automated as described above, it becomes possible to store data that the user of the terminal or DF card does not want to store in the card.

(Prior Art Example 3) Further, in this DF card, a storage means is provided in response to a request from the outside, not the terminal.
Data stored in Z-13 is external communication interface Z-16
If you try to output from the (W-01) ~ (W-06)
Follow the order indicated by the arrow. (W-01): External communication control means Z-14 receives a request notification from outside the DF card. (W-02): The external communication control means Z-14 sends a request notification to the terminal. (W-03): The command issuing means Z-21 that has received the request notification issues a command for outputting the corresponding data and sends it to the DF card. (W-04 / W-05): The command execution means Z-11 that has received the command from the terminal requests the storage control means Z-12 to perform processing,
Retrieve data from Z-13. (W-06): The instruction executing means Z-11 transmits the data fetched from the storing means Z-13 to the terminal as a reply to the instruction from the terminal. (W-07): The command issuing means Z-21 outputs the data received from the DF card from the external communication control means Z-14 to the outside of the card.

[0008] In (W-03), the user of the terminal or the DF card may be prompted to perform the next operation. In addition, in FIG. 21, in the hardware configuration,
The flow of instructions to the memory (-) and the flow of data read from the memory (-) are shown. As described above, even when it is desired to output the data inside the card in response to a request from the outside of the DF card, the corresponding data must once pass through the terminal. Furthermore, it becomes possible to output data that the user of the terminal or DF card does not want, to the outside of the card.

(Prior Art Example 4) Next, in a conventional IC card (whether a contact interface or a non-contact interface is used here), a case where data in the card is taken out to a terminal will be described. As shown in FIG. 22, the IC card includes a terminal communication interface V-14 for communicating with a terminal, an instruction executing means V-11 for executing an instruction received from the terminal, a storage means V-13 for holding data, and a storage means. Z-13
Storage control means V- for reading / writing data to / from
It consists of 12 and. In this IC card, when the terminal attempts to read the data held in the storage unit V-13, the terminal follows the order shown by the arrows in (V-01) to (V-04) of FIG. (V-01): The command issuing means V-21 of the terminal issues a command, and I
Send to C card. (V-02) and (V-03): The command execution means V-11 that has received the command from the terminal requests the storage control means V-12 for processing and retrieves data from the storage means V-13. (V-04): The instruction executing means V-11 transmits the data fetched from the storing means V-13 to the terminal as a response to the instruction from the terminal. As described above, when the data in the IC card is taken out to the terminal, once the command is issued by the terminal, the card user grasps the contents of the taken out data and interrupts the operation (reading of the data) until the processing ends. It cannot be judged.

[0010]

In the case of the DF card in (Prior Art Example 1), important data (eg, important data (eg, When dealing with credit card numbers and electronic money, etc., it must be guaranteed that the terminal does not operate improperly. The illegal operation of the terminal here includes illegal tampering / accumulation / deletion of data.

Also, in the case of the DF card in (prior art example 2), the data received from the outside of the card cannot be output to the terminal until it is once passed to the terminal. There are challenges. Further, there is a risk that data that the user of the terminal or the DF card does not want is stored inside the card.

Similarly, in the case of the DF card in (Prior Art Example 3), the request and storage means Z-13 from the outside of the card are also provided.
Since both of the internal data have to be passed to the terminal once, the same problem as in (Prior Art Example 1) is raised. Furthermore, there is a risk that data that the user of the terminal or the DF card does not want is output to the outside of the card. Further, in the case of the IC card in (Prior Art Example 4), the card user does not know until the end of the processing which data is to be taken out by the command issued by the terminal, so it is guaranteed that the terminal does not operate improperly. Must be

The present invention solves these problems, eliminates the possibility of an illegal operation by a terminal intervening, prevents unauthorized writing and reading of data from the outside, and ensures the confidentiality and integrity of stored data. It is an object of the present invention to provide a DF card capable of maintaining the property, and to provide a data output method and a data storage method of the DF card.

[0014]

Therefore, in the present invention, in a DF card having a terminal communication interface with a terminal, an external communication interface with the outside, and a data storage means, a terminal communication interface or an external communication interface is provided. From the external communication interface, which receives the instruction of the instruction execution means, controls the writing and reading of data to and from the storage means, and receives the instruction of the instruction execution means. An external communication control means for controlling input / output of communication data is provided.

In this DF card data output method, the data output instruction from the terminal is received, and the data stored in the storage means is output to the outside without passing through the terminal. Further, in the data storage method of this DF card, content presentation data representing the content of data input from the external communication interface is presented to the terminal, a storage instruction from the terminal is received, and the data to be stored in the storage means is passed through the terminal. I'm trying to store without. Further, in this DF card data output method, when a data request for data stored in the storage means is input from the external communication interface, content presentation data representing the content of the corresponding data is presented to the terminal, and the data from the terminal is presented. Upon receiving a data output instruction, this data is output to the outside without going through the terminal.

As a result, it is possible to construct a DF card which prevents unauthorized operation by the terminal, and it is possible to maintain the confidentiality and integrity of the card internal data. Also, DF
The confidentiality / integrity of the output data is maintained by outputting the data stored in the card to the outside without passing through the terminal. Moreover, the confidentiality / integrity of the input data is maintained by storing the input data inside the DF card without passing through the terminal. In addition, the data stored in the DF card is output to the outside without going through the terminal when the input from the outside other than the DF card / terminal is used as a trigger, so that the confidentiality and integrity of the output data is maintained. It

[0017]

BEST MODE FOR CARRYING OUT THE INVENTION (First Embodiment) In the first embodiment, the overall configuration and operation of the secure DF card according to the present invention will be described. The secure DF card according to the embodiment of the present invention has, as a hardware configuration, a flash memory 13 for storing data and a DFIO controller 14 for controlling input / output of data with the outside, as shown in FIG.
And a DF controller 11 for controlling reading / writing of data in the flash memory 13 and data input / output operation of the DFIO controller 14 in response to an instruction from the terminal 20.
It has and.

Functionally, this DF card is, as shown in FIG. 2, a terminal communication interface A-15 for performing data communication with the terminal A-20, and an instruction execution for executing an instruction received from the terminal A-20. Means A-11, storage means A-13 for holding data, storage control means A-12 for reading / writing data to / from the storage means A-13, and data communication with a card external device other than the terminal A-20. An external communication interface A-16 for executing and an external communication control means A-14 for reading / writing communication data to / from the external communication interface A-16. Of these, the instruction execution means A-11 and the storage control means A-12 are DFs.
This is a function of the controller 11, and also the storage means A-
13 is the flash memory 13, and external communication control means A-14 is D
It corresponds to the FIO controller 14.

The instruction executing means A-11 and the storage controlling means A-
Each of 12 is configured as a software module inside one IC chip to have tamper resistance in terms of hardware. By doing so, the storage means A-13
However, even if the flash memory has no tamper resistance, the data to be written in the storage means A-13 can be written in the instruction execution means A-11.
By encrypting with, the confidentiality of the data written in the storage unit A-13 can be maintained.

Further, the instruction execution means A-11 and the storage control means
When the A-12 is integrated into an IC, the external communication control means A-14 may be configured as a software module inside the same IC chip. In this case, the instruction executing means A-11, the memory control means A-
The 12 and the external communication control means A-14 can be configured as one IC chip having tamper resistance in terms of hardware. In addition, each of the instruction execution means A-11, the storage control means A-12 and the external communication control means A-14 as hardware,
It may be configured inside one chip having tamper resistance. The instruction executing means A-11 is configured as software on the tamper resistant IC chip, and the memory control means A-12 and the external communication control means A-14 are mounted as hardware so as to have tamper resistance. May be. By adopting this configuration, the hardware constituting the storage control means and the external communication control means used in the conventional card can be diverted to the secure DF card of the present invention.

In this secure DF card, the command executing means A-11 interprets the card control command issued by the command issuing means A-21, and depending on the contents, the storage control means A-12 or the external communication control means A-14. Request processing. Also,
A card control response to the card control command is returned to terminal A-20. The storage control means A-12 reads / writes data to / from a designated area in the storage means A-13 based on a processing request from the instruction execution means A-11.

The external communication control means A-14 is the instruction execution means A-
Based on the processing request from 11, the designated data is output to the external communication interface A-16, or the data received by the external communication interface A-16 is input to the instruction executing means A-11. The terminal communication interface A-15 has a contact with the card communication interface A-22 of the terminal A-20, and the terminal A-20
And serial communication between secure DF card A-10.
The external communication interface A-16 is an external communication control means A-14.
Under the control of, data communication with external devices other than the terminal A-20 is performed. This interface is infrared / Bluetoot
It supports wireless communication standards such as hISO14443 and wired communication standards such as IEEE1394 / USB, and the external communication control means A-14 is a module for controlling based on the communication standard supported by the external communication interface A-16. Has become.

Further, the terminal A-20 in the embodiment of the present invention
As shown in FIG. 2, a card communication interface A-22 for performing data communication with the secure DF card A-10 and an instruction issuing means A-21 for issuing a card control instruction to the secure DF card A-10. Composed of. The terminal A-20 is, for example, a personal computer, a mobile phone, a television remote controller, or the like. Secure DF card A-10 is terminal A-20
Of the card control command issued by the command issuing means A-21 of the card communication interface A-22 and the terminal communication interface A-
The operation is performed by receiving the instruction via 15 and executing the instruction by the instruction executing means A-11.

Here, the card control command issued by the command issuing means A-21 is the data held in the <card control command 1> storage means A-13, without passing through the terminal A-20 to the external communication interface A-. Output from 16 to the outside <Card control command 2> Input the data received from the outside by the external communication interface A-16 to the storage means A-13 without passing through the terminal A-20 <Card control command 3> Terminal A Secure DF card other than -20 A-10 External communication interface for storing data stored in the storage unit A-13 without an intermediary of the terminal A-20 in response to a request from the outside.
It is assumed that there are three types of output from A-16 to the outside.

The operation when the secure DF card A-10 receives <card control command 1> will be described in detail below. In FIG. 3, the basic format of the instruction issued by the instruction issuing means A-21 and instruction executing means A-11 is (A).
The basic format of the response issued by the command execution means A-11, the storage control means A-12, and the external communication control means A-14 is (B).
Is shown in. In FIG. 3A, the instruction identifier C-01 is the type of instruction, the instruction length C-02 is the data length of the instruction, and the instruction content C-
03 is the data required to execute the instruction, instruction end identifier C-
04 represents an identifier indicating that the instruction is completed. In FIG. 3B, the response identifier C-11 is the type of response, the response length C-12 is the response data length, and the response content C-
Reference numeral 13 represents data indicating the execution result of the instruction, and response end identifier C-14 represents an identifier indicating that the response ends.

Next, FIG. 4 shows <command 1 in this embodiment.
> And the structure of <Response 1> to it,
It shows in (A)-(F). FIG. 4A shows an instruction issuing means A-
It represents <card control instruction 1> issued by 21. D-01
Corresponds to the instruction identifier C-01, and is <00001001> in <card control instruction 1>. D-02 corresponds to the instruction length C-02 and indicates the length of <card control instruction 1>. The start address D-03 and data length D-04 correspond to the instruction content C-03. The head address D-03 is stored in the storage means A-13 by <card control instruction 1>.
Indicates the start address (logical address) of the data output from the external communication interface A-16, which is held internally. The data length D-04 indicates the length of the data output from the external communication interface A-16, which is held inside the storage unit A-13. D-05 corresponds to the command end identifier C-04, and becomes "10001001" in <card control command 1>.

FIG. 4B shows <card control response 1> issued by the instruction executing means A-11. D-11 corresponds to the response identifier C-11, and is "0000101" in <card control response 1>.
It becomes 0 ”. D-12 corresponds to the response length C-12 and indicates the length of <card control response 1>. The processing result D-13 corresponds to the response content C-13 and <card control command 1 > Execution result of success (“00
A number sequence indicating "000000") or failure ("11111111") is entered.D-14 corresponds to the response end identifier C-14, and becomes "10001010" in <card control response 1>.

FIG. 4C shows <storage control instruction 1> issued by the instruction executing means A-11. D-21 is the instruction identifier
Corresponding to C-01, it becomes "00001011" in <memory control instruction 1>. D-22 corresponds to instruction length C-02, <memory control instruction 1>
Indicates the length of. The start address D-23 and data length D-24 correspond to the instruction content C-03. Start address D-23, data length
The meaning of D-24 is the same as that of head address D-03 and data length D-04 in <card control instruction 1>. D-25 corresponds to the instruction end identifier C-04, and is 10 in <memory control instruction 1>.
001011 ”.

FIG. 4D shows <storage control response 1> issued by the storage control means A-12. D-31 is the response identifier
Corresponding to C-11, <00001100> in <Memory control response 1>. D-32 corresponds to response length C-12, <memory control response 1>
Indicates the length of. The data length D-33 and data body D-34 correspond to the response content C-13. The data length D-33 indicates the length of the data body D-34 that follows. The data body D-34 is designated by the <storage control command 1> and contains the body of the data retrieved from the storage means A-13. D-35 corresponds to the response end identifier C-14, and is "10001100" in <memory control response 1>.

FIG. 4E shows <communication control command 1> issued by the command execution means A-11. D-41 is the instruction identifier
Corresponding to C-01, it becomes "00001101" in <communication control command 1>. D-42 corresponds to command length C-02, <Communication control command 1>
Indicates the length of. Data length D-43 and data body D-44 correspond to the instruction content C-03. Data length D-43, data body D-44
Has the meaning of the data length D- in <memory control response 1>
33 ・ Same as data body D-34. D-45 corresponds to the command end identifier C-04, and is "10001101" in <communication control command 1>
Becomes

FIG. 4F shows <communication control response 1> issued by the external communication control means A-14. D-51 corresponds to the response identifier C-11, and is "0000111" in <communication control response 1>.
It becomes 0 ”. D-52 corresponds to the response length C-12 and indicates the length of <communication control response 1>. The processing result D-53 corresponds to the response content C-13 and <communication control command 1 > Success of execution result (“000000
Enter a sequence that indicates 00 ") or failure (" 11111111 ").
D-54 corresponds to the response end identifier C-14, <communication control response 1
> Indicates “10001110”.

Next, the operation inside the secure DF card A-10 will be described. FIG. 5 shows the flow of instructions to the memory 13 when the data held in the memory 13 of the secure DF card 10 is output to the outside based on the instruction from the terminal 20 (-) and is read from the memory 13. The data flow (-) is shown in simplified form on the hardware configuration of the secure DF card.

FIG. 6 shows this detail. In Fig. 6, the numbers surrounded by arrows and parentheses are secure DF cards.
The processing procedure when A-10 receives <card control command 1> from terminal A-20 is schematically shown. (B-01): Terminal
The command issuing means A-21 of A-20 issues <card control command 1> and sends it to the secure DF card A-10.

(B-02): The command executing means A-11 of the secure DF card A-10, which has received the <card control command 1>, interprets the <card control command 1> (here, D-01 Check that the part of "00001001" is "00001001", check the length of <card control command 1> from the part of D-02, read the start address D-03 / data length D-04, and the part of D-05 Confirm that it is "10001001"). Next, the instruction executing means A-11
The storage control command 1> is generated and transmitted to the storage control means A-12.

(B-03 / B-04): The storage control means A-12 having received the <storage control command 1> interprets <storage control command 1> (here, the part of D-21 is Confirm that it is "00001011", confirm the length of <storage control instruction 1> from D-22, read the start address D-23 / data length D-24, D-
Confirm that the 25 part is "10001011").
Next, the storage control means A-12 takes out the designated data from the storage means A-13 from the start address D-23 and the data length D-24 described in <storage control instruction 1>.

(B-05): Storage control means A-12 is storage means
<Memory control response 1> is generated from the data fetched from A-13 and transmitted to the instruction executing means A-11. (B-06): Instruction execution means that received <memory control response 1>
A-11 interprets <memory control response 1> (here,
Confirm that D-31 part is "00001100", confirm the length of <memory control response 1> from D-32 part, data length D-33
・ Reading data body D-34, D-35 part is "1000110"
Confirm that it is 0 ".) Next, the instruction execution means A-1
1 generates <communication control command 1> from the data length D-33 and the data body D-34, and sends it to the external communication control means A-14. At this time, the instruction executing means A-11 may encrypt the data body D-44 and include it in the <communication control instruction 1>.

(B-07): The external communication control means A-14 which has received <communication control command 1> interprets <communication control command 1> (here, D-41 is "00001101"). Confirm that it is, confirm the length of <communication control command 1> from the D-42 portion, read the data length D-43 / data body D-44, and confirm that the D-45 portion is “10001101” Confirm,). Next, the external communication control means A-14 sets the data body D-44 included in <communication control command 1> to the external communication interface A-16.
From the secure DF card A-10. In addition,
When the data body D-44 is encrypted by the instruction executing means A-11, the decryption is performed at the destination where the data body D-44 is received.

(B-08): When the output of the target data to the outside is completed, the external communication control means A-14 sets <communication control response 1
> Is generated and transmitted to the instruction executing means A-11. (B-09): Command execution means that received <communication control response 1>
A-11 interprets <communication control response 1> (here,
Confirm that D-51 part is "00001110", confirm the length of <communication control response 1> from D-52 part, processing result D-53
And confirm that the D-54 part is “10001110”). Next, the command execution means A-11 generates <card control response 1> based on the processing result D-53 included in <communication control response 1>, and transmits it to the terminal A-20.
The processing result of the card control command 1> is notified to the terminal A-20.

(B-10): The command issuing means A-21 having received the <card control response 1> interprets <card control response 1> (here, D-11 is "00001010". Confirm that there is, confirm the length of <card control response 1> from the part of D-12, read the processing result D-13, and confirm that the part of D-14 is “100010”.
It is confirmed that it is 10 ".) The instruction issuing means A-21 verifies the content of this processing result D-13, and the terminal A-
20 confirms the execution result of <card control instruction 1>.

The point to be noted here is that this secure DF
The instruction executing means A-11 of the card A-10 receives one instruction from the instruction issuing means A-21 of the terminal A-20 and executes a plurality of operations. That is, when <card control command 1> is received from the command issuing means A-21 of the terminal A-20, <memory control command 1>
> Is generated and data is read from the storage means A-13, and <communication control command 1> is generated and data is output from the external communication interface A-16 to the outside.

In the conventional card that operates passively, it is normal to perform only one operation when receiving one command, but the command execution means A-11 of this secure DF card A-10.
Performs a plurality of operations with respect to one command, whereby the data stored in the storage unit A-13 can be output to the outside of the secure DF card A-10 without intervening the terminal A-20. It will be possible. Note that the format of the above-mentioned instruction is one example, and other formats may be used.

The above processing is performed by the secure DF card A-
10 By performing this internally, the terminal A-20 can secure DF
When outputting the data recorded in the memory of the card to the outside, there is no fear of the data being illegally operated by the terminal. For this reason, this secure DF card can be attached to a remote controller of a mobile phone or digital TV to secure the secure DF card.
Electronic money and credit card numbers in the memory of the card,
It becomes possible to store confidential data such as personal information and perform electronic commerce on the Internet while watching the screen of a mobile phone or a television.

If the card itself does not perform such processing and there is a possibility that the data is illegally manipulated at the terminal, the terminal is required to ensure that such illegality is not performed. Will be done. This complicates the function of the terminal and forces the cost to rise. But,
By using this secure DF card, the terminal can be spared such responsibility.

FIG. 7 shows an example of such a mobile terminal A-.
The processing procedure in the case of paying for the purchased product is shown by the credit card information in the secure DF card A-10 attached to the 20. First, the user who purchased the product at the store
Receive a payment request from the store (1). User is a mobile terminal
From A-20, confirm the possessed card (2). In response to this, from the command issuing means A-21 of the terminal, the secure DF card
The possessed card information confirmation command is issued to the command execution means A-11 of A-10 (3). The command execution means A-11 issues a command to the storage control means A-12 to read all the owned card information (4), and the command execution of all the owned card information read from the storage means A-13. It is sent to the command issuing means A-21 of the terminal through the means A-11 (5) and displayed on the screen of the terminal A-20 (6).

The user who sees the screen decides a card to be used from the possessed cards (7) and performs a card specification operation (8). In response to this, the command issuing means A-21 of the terminal issues an output command of the used card number to the command executing means A-11 of the secure DF card A-10 (9). When the instruction execution means A-11 instructs the storage control means A-12 to read the specified use card number, and acquires the use card number read from the storage means A-13 (10). , External communication control means
Instruct A-14 to output the card number used (1
1). The external communication control means A-14 sends the used card number to the store from the external communication interface A-16 according to the instruction (12). At the store, the validity of the card is confirmed (13), payment is executed, and a payment completion notification is issued (14).

Thus, this secure DF card A-10
When the data stored in the storage unit A-13 is output to the outside via the external communication interface A-16, can do so without intervening the terminal A-20.

In this embodiment, the command issuance by the terminal and the card internal operation are performed seamlessly, but the command issuance and the card internal operation may be realized with a time lag. This allows, for example, contact /
In an IC card having both contactless interfaces, a mobile phone issues an electronic money output command from the contact interface, removes the IC card, and carries it around.
It becomes possible to perform processing such as performing payment processing for a payment machine having a contactless interface. Further, this IC card can be restricted so that the payment machine can only perform the payment process which is the command that has been received in advance.

(Second Embodiment) In the second embodiment,
About the secure DF card A-10 receiving <card control command 2> from the terminal A-20 and the operation when receiving
Details will be described. FIG. 10 shows the structures of <command 2> and <response 2> and other transmitted / received data in the present embodiment as (A) to (G), respectively.

FIG. 10A shows <reception data 1> received by the external communication interface A-16 from the outside of the secure DF card A-10. G-01 corresponds to the header, and it is different for each received data. Received data length G-02 indicates the length of <received data 1>. Data body G-03
Indicates the main body of data to be stored in the storage means A-13. The end identifier G-04 is an identifier indicating that <reception data 1> ends.

FIG. 10B shows <data reception notification 1> issued by the external communication control means A-14. G-11 corresponds to the command identifier C-01, and is "00" in <Data reception notification 1>.
100111 ". The message length G-12 corresponds to the instruction length C-02 and indicates the length of <data reception notification 1>. The data G-13 corresponds to the instruction content C-03 and <reception data 1 > Is the data body G-03. G-14 corresponds to the command end identifier C-04, and is <10100111> in <Data reception notification 1>.

FIG. 10C shows <data reception notification 2> issued by the instruction executing means A-11. G-21 corresponds to the instruction identifier C-01, and is "001010" in the <data reception notification 2>.
00 ”. Message length G-22 corresponds to instruction length C-02,
The length of <data reception notification 2> is shown. Index G-23
-Data body length G-24 corresponds to the instruction content C-03. The index G-23 is index data generated from the data body G-03 in <reception data 1>. The data body length G-24 is the data body G- in <Received data 1>.
Indicates the length of 03. G-25 corresponds to the instruction end identifier C-04,
<Data reception notification 2> is “10101000”.

FIG. 10D shows <card control command 2> issued by the command issuing means A-21. G-31 corresponds to the command identifier C-01, and is <001000 in <Card control command 2>.
01 ”. G-32 corresponds to the instruction length C-02 and indicates the length of <card control instruction 2>. Start address G-33, data length G-
34 corresponds to the instruction content C-03. Start address G-33
Indicates the start address (logical address) of the storage position of the data body G-04, which is stored in the storage means A-13 by <card control command 2>. Data length G-34 is the data body
The size of the area reserved in the storage means A-13 for storing G-04 is shown. G-35 corresponds to the command end identifier C-04,
It becomes “10100001” in the <card control command 2>.

FIG. 10E shows <card control response 2> issued by the instruction executing means A-11. G-41 corresponds to the response identifier C-11, and is "001000" in <card control response 2>.
10 ". G-42 corresponds to the response length C-12 and indicates the length of <card control response 2>. Processing result G-43 corresponds to the response content C-13, <card control command 2 > Execution result of success (“00
000000 ”) or failure (“ 11111111 ”) is entered. G-44 corresponds to the response end identifier C-14, and is <10100010> in <card control response 2>.

FIG. 10F shows <storage control instruction 2> issued by the instruction executing means A-11. G-51 corresponds to the instruction identifier C-01, and is "00100011" in <memory control instruction 2>.
Becomes G-52 corresponds to instruction length C-02, <Memory control instruction 2
> Indicates the length. The start address G-53 and data length G-54 correspond to the instruction content C-03. The head address G-53 is stored in the storage means A-13 by <storage control command 2>,
Indicates the start address (logical address) of the storage location of data body G-04. The data length G-54 indicates the size of the area secured in the storage means A-13 for storing the data body G-04. The G-55 corresponds to the instruction end identifier C-04, and is "10100011" in the <storage control instruction 2>.

FIG. 10G shows <storage control response 2> issued by the storage control means A-12. G-61 corresponds to the response identifier C-11, and is "00100100" in <memory control response 2>.
Becomes G-62 corresponds to response length C-12, <Memory control response 2
> Indicates the length. The processing result G-63 corresponds to the response content C-13, and the execution result of the <storage control instruction 2> is successful (“0000000
Enter a sequence that indicates 0 ") or failure (" 11111111 ").
-64 corresponds to the response end identifier C-14, <memory control response 2
> Indicates “10100100”.

Next, the operation inside the secure DF card A-10 will be described. FIG. 8 shows a flow of data (,,) when storing data input from the outside in the memory 13 of the secure DF card 10 and a flow of waiting for a user's instruction through the terminal 20 (,) of the secure DF card. It is shown in a simplified manner on the hardware configuration.

FIG. 9 shows this procedure in detail. In FIG. 9, the numbers enclosed by arrows and parentheses are the secure DF.
The processing procedures until and after the card A-10 receives <card control command 2> from the terminal A-20 are schematically shown. (E-01): The external communication control means A-14 receives <reception data 1> from outside the secure DF card A-10. (E-02): The external communication control means A-14 that has received <reception data 1> interprets <reception data 1> (here,
Check header G-01, check the length of <Received data 1> from G-02, read data body G-03, end identifier G-
Check 04). Next, the external communication control means A-14
The data reception notification 1> is generated and transmitted to the instruction executing means A-11.

(E-03): The command execution means A-11 that has received the <data reception notification 1> interprets <data reception notification 1> (here, the G-11 part is "00100111"). Confirmation of existence, confirmation of length of <Data reception notification 1> from G-12 portion, reading of data G-13, G-14 portion is “1010011”.
Confirm that it is 1 ”.) Next, the instruction execution means A-1
1 generates an index G-23 as content presentation data representing the content of the data from the data body G-03, generates <data reception notification 2> based on it, and transmits it to the terminal A-20.
The index G-23 can be generated, for example, by the data body.
This is done by extracting a part of G-03.

(E-04): The command issuing means A-21 having received the <data reception notification 2> interprets <data reception notification 2> (here, G-21 is "00101000". Confirm that there is, confirm the length of <Data reception notification 2> from G-22, read index G-23 / data body length G-24, confirm that G-25 is “10101000” Confirm, do). Next, the terminal A-20 displays the index G-23 to the user of the terminal A-20 or the secure DF card A-10, and the next operation by the user (for storing the received data in the storage means A-13) is performed. Enter the waiting state.

(E-05): In the terminal A-20, which has received the next operation from the user (storing the received data in the storage means A-13),
The command issuing means A-21 issues <card control command 2> and sends it to the secure DF card A-10. (E-06): The command execution means A-11 that has received <card control command 2> interprets <card control command 2> (here, the part of G-31 is “00100001”). Confirmation, G-32
Confirm the length of <Card control command 2> from the part of, read the start address G-33 and data length G-34, and confirm that the part of G-35 is "10100001"). Next, the command execution means A-11 generates <storage control command 2> from the data body G-03 received from the external communication control means A-14 and sends it to the storage control means A-12. At this time, the instruction executing means A-11
May encrypt the data body G-03.

(E-07): The storage control means A-12 which has received the <storage control command 2> interprets <storage control command 2> (here, G-51 is "00100011"). Confirm that there is, confirm the length of <memory control command 2> from the part of G-52,
Start address G-53, data length G-54, read data body G-55, check that G-56 is "10100011",
I do). Next, the storage control means A-12 secures an area having a length of the data length G-54 from the head address G-53 in the storage means A-13 and stores the data body G-55.

(E-08): The storage control means A-12 generates <storage control response 2> and sends it to the instruction execution means A-11. (E-09): Instruction execution means that received <memory control response 2>
A-11 interprets <memory control response 2> (here,
Confirm that the G-61 part is "00100100", confirm the length of <memory control response 2> from the G-62 part, processing result G-63
Read, and confirm that the G-64 part is "10100100"). Next, the command execution means A-11 generates <card control response 2> based on the processing result G-63 included in <memory control response 2>, and transmits it to the terminal A-20.
The processing result of the card control command 2> is notified to the terminal A-20.

(E-10): The command issuing means A-21 having received <card control response 2> interprets <card control response 2> (here, G-41 is "00100010". Confirm that there is, confirm the length of <card control response 2> from the part of G-42, read the processing result G-43, the part of G-44 is “101000
Confirm that it is 10 ”).

In this case, the command execution means A-11 generates the index G-23 from the data body G-03 as an operation corresponding to one <card control command 2> output from the terminal <data reception notification 2>> Is generated and presented to the terminal A-20, and an operation of generating <storage control command 2> and storing data in the storage means is performed. Note that the format of the above-mentioned instruction is one example, and other formats may be used.

The above process is performed by the secure DF card A-
10 External communication interface
When the data is received from A-16, only the index is transmitted to the terminal A-20, the intention of the user is confirmed, and then the data is stored in the storage means A-13. Therefore, the data received from the external communication interface A-16 is transferred to the terminal A-20.
Can be stored in the storage means A-13 without mediation.

For example, when receipt data for electronic commerce is sent from an electronic store through the external communication interface A-16, the command execution means A-11 is the data up to the second line of the data "○ ×". Store Receipt January 1, 2002 "
And send it to the terminal. When the user confirms this on the screen of the terminal and gives an instruction to save the receipt, the instruction executing means A-11
Stores the receipt data sent from the outside in the storage means A-13. If the user does not need to save the receipt, the receipt data is discarded. In this case, the terminal
Since the receipt data itself is not sent, it is possible to prevent fraud such as the user falsifying and holding the receipt.

In this embodiment, the command issuance of the terminal and the card internal operation are performed seamlessly, but the command issuance and the card internal operation may be realized with a time lag. As a result, for example, in an IC card having a contact / non-contact interface, a mobile phone issues an electronic money filling command from the contact interface, removes the IC card and carries the electronic money filling machine with the non-contact interface. It becomes possible to perform processing such as filling processing. further,
This IC card can also be restricted so that the filling machine can only perform the filling process which is a command that has been received in advance.

Further, in this embodiment, only the case where the input data from the outside is stored in the storage means has been described, but the instruction execution means compares the input data with another data in the storage means and There is also a form in which only the result is transmitted to the terminal. As a result, for example, in a memory card having both a contact interface with a mobile phone and an interface to a CCD camera, the command executing means stores the regular data stored in the storing means for the image data input from the CCD camera interface. It becomes possible to say that the image data is collated and only the judgment result is displayed on the mobile phone from the contact interface.

(Third Embodiment) In the third embodiment,
The secure DF card A-10 receives the <card control command 3> from the terminal A-20 and the operation at the time of reception.
Details will be described.

FIG. 13 shows <Instruction 3> in this embodiment.
And <Response 3>, and other structures of transmitted and received data are shown as (A) to (I), respectively. FIG. 13 (A)
Indicates <reception data 2> received by the external communication interface A-16 from outside the secure DF card A-10. J-01 corresponds to the header, and for each received data,
Different every time. Received data length J-02 indicates the length of <received data 2>. Output request J-03 is a secure DF card
It shows which data you want to output from the data that A-10 has. The end identifier J-04 is an identifier indicating that <reception data 2> ends.

FIG. 13B shows <data reception notification 3> issued by the external communication control means A-14. J-11 corresponds to the instruction identifier C-01, and is "01" in <Data reception notification 3>.
000111 ”. The message length J-12 corresponds to the instruction length C-02 and indicates the length of <data reception notification 3>. The data J-13 corresponds to the instruction content C-03 and <reception data 2 > Is the same as the output request J-03 in J. J-14 corresponds to the command end identifier C-04, and is “11000111” in <Data reception notification 3>.

FIG. 13C shows <data reception notification 4> issued by the instruction executing means A-11. J-21 corresponds to the instruction identifier C-01, and is "010010" in <Data reception notification 4>.
00 ”. Message length J-22 corresponds to instruction length C-02,
The length of <data reception notification 4> is shown. Index J-23
・ Data length J-24 corresponds to the instruction content C-03. The index J-23 is index data generated by the instruction execution means A-11 for the data fetched from the storage means A-13 by <storage control instruction 3><storage control response 3> based on the output request J-03. is there. The data length J-24 indicates the length of the data extracted from the storage means A-13 by <storage control command 3><storage control response 3>. J-25 is the instruction end identifier C-
Corresponding to 04, it becomes "11001000" in <Data reception notification 4>.

FIG. 13D shows <card control command 3> issued by the command issuing means A-21. J-31 corresponds to the command identifier C-01, and in <Card control command 3>, “010000
01 ”. J-32 corresponds to the instruction length C-02 and indicates the length of <card control instruction 3>. The data length J-33 corresponds to the instruction content C-03 and the storage means A-13. Indicates the length of the data to be output to the outside from J. The command J-34 corresponds to the command end identifier C-04, and is "11000001" in the <card control command 3>.

FIG. 13E shows <card control response 3> issued by the instruction executing means A-11. J-41 corresponds to the response identifier C-11, and in <card control response 3>, “010000
10 ". J-42 corresponds to the response length C-12 and indicates the length of <card control response 3>. Processing result J-43 corresponds to the response content C-13, <card control command 3 > Execution result of success (“00
000000 ”) or failure (“ 11111111 ”) is entered. J-44 corresponds to the response end identifier C-14, and becomes <11000010> in <card control response 3>.

FIG. 13F shows <storage control instruction 2> issued by the instruction executing means A-11. G-51 corresponds to the instruction identifier C-01, and is "01000011" in <memory control instruction 3>.
Becomes J-52 corresponds to command length C-02, <memory control command 3
> Indicates the length. The start address J-53 and data length J-54 correspond to the instruction content C-03. The start address J-53 indicates the start address (logical address) of the data designated by the output request J-03, which is held inside the storage unit A-13. The data length J-54 indicates the length of the data designated by the output request J-03, which is held inside the storage unit A-13. J-55 corresponds to the command end identifier C-04, and is "11000011" in <storage control command 3>.

FIG. 13G shows <storage control response 3> issued by the storage control means A-12. J-61 corresponds to the response identifier C-11, and is "01000100" in <Memory control response 3>.
Becomes J-62 corresponds to response length C-12, <memory control response 3
> Indicates the length. Data length J-63 ・ Data body J-64 corresponds to response content C-13. The data length J-63 indicates the length of the data body J-64 that follows. The data body J-64 is designated by the <storage control instruction 3>, and the data body retrieved from the storage means A-13 is stored therein. J-64 is the response end identifier C-14
In response to <memory control response 3>, the value is “11000100”.

FIG. 13H shows <communication control command 3> issued by the command execution means A-11. J-71 corresponds to command identifier C-01, and is "01000101" in <communication control command 3>
Becomes J-72 corresponds to command length C-02, <Communication control command 3
> Indicates the length. Data length J-73 and data body J-74 correspond to the instruction content C-03. Data length J-73 / Data body J-
The meaning of 74 is the data length in <memory control response 3>
J-63 • Data body Same as J-64. J-75 corresponds to the command end identifier C-04, and is "1100010" in <communication control command 3>.
1 ”.

FIG. 13I shows <communication control response 3> issued by the external communication control means A-14. J-81 corresponds to the response identifier C-11, and "010001" in <Communication control response 3>.
10 ". J-82 corresponds to the response length C-12 and indicates the length of <communication control response 3>. Processing result J-83 corresponds to the response content C-13 and <communication control command 3 > Success of execution result (“000000
Enter a sequence that indicates 00 ") or failure (" 11111111 ").
J-84 corresponds to the response end identifier C-14, <communication control response 3
> Indicates “11000110”.

Next, the operation inside the secure DF card A-10 will be described. FIG. 11 shows a secure DF card 10 after confirming the user's intention in response to a request from the outside.
The flow of instructions to the memory 13 when outputting the data held in the memory 13 to the outside (~), the flow of waiting for the instruction of the terminal (~), and the flow of the data read from the memory 13 (, ~) Are simplified and shown on the hardware configuration of the secure DF card.

FIG. 12 shows this procedure in detail.
In FIG. 12, the numbers enclosed by arrows and parentheses schematically show the processing procedure until and after the secure DF card A-10 receives the <card control command 3> from the terminal A-20. (H-01): The external communication control means A-14 receives <reception data 2> from outside the secure DF card A-10. (H-02): The external communication control means A-14 that has received <reception data 2> interprets <reception data 2> (here,
Check header J-01, check the length of <received data 2> from J-02, read output request J-03, end identifier J-04
Confirm,). Next, the external communication control means A-14 generates <data reception notification 3> and sends it to the instruction execution means A-11.

(H-03): The command execution means A-11 that has received <data reception notification 3> interprets <data reception notification 3> (here, the part of J-11 is “01000111”). Confirmation of existence, confirmation of the length of <Data reception notification 3> from J-12 portion, reading of data J-13, J-14 portion is “1100011”.
Confirm that it is 1 ”.) Next, the instruction execution means A-1
1 generates <storage control instruction 3>, and the storage control means A-12
Send to. (H-04 / H-05): The storage control means A-12 that has received the <storage control command 3> interprets <storage control command 3> (here, the portion of J-51 is “01000011”). Confirmation, J-
From the part 52, check the length of <storage control command 3>, read the start address J-53 and the data length J-54, and check that the part J-55 is "11000011"). Next, the storage control means A-12 takes out the designated data from the storage means A-13 from the start address J-53 and the data length J-54 described in <storage control instruction 3>.

(H-06): Storage control means A-12 is storage means
<Memory control response 3> is generated from the data fetched from A-13 and transmitted to the instruction executing means A-11. (H-07): Command execution means that received <memory control response 3>
A-11 interprets <memory control response 3> (here,
Confirm that the J-61 part is "01000100", confirm the length of <memory control response 3> from the J-62 part, data length J-63
・ Data body J-64 reading, D-35 part is "1100010"
Confirm that it is 0 ".) Next, the instruction execution means A-1
1, the index J-23 is generated from the data body J-64 as content presentation data representing the content of the data.

(H-08): Next, the instruction execution means A-11 uses the data length J-63 and the index J-23 to <data reception notification 4
> Is generated and transmitted to the terminal A-20. (H-09): The command issuing means A-21 that has received <data reception notification 4> interprets <data reception notification 4> (here, the part of J-21 is “01001000”). Confirmation, J-22
Confirm the length of <Data reception notification 4> from the part of, read the index J-23 / data length J-24, and confirm that the part of J-25 is “11001000”). Then terminal A-
20, the index G-23 is displayed to the user of the terminal A-20 or the secure DF card A-10, and the next operation by the user (whether the corresponding data can be output from the storage means A-13 to the outside)
Enters the waiting state.

(H-10): Terminal A-which has received the following operation from the user (possible to output the corresponding data from the storage means A-13 to the outside)
At 20, the command issuing means A-21 issues <card control command 3> and sends it to the secure DF card A-10. (H-11): The command execution means A-11 that has received <card control command 3> interprets <card control command 3> (here, the part of J-31 is “01000001” Confirmation, J-32
Confirm the length of <Card control command 3>, read the data length J-33, and confirm that the J-34 portion is “11000001” from the part of. Next, the command execution means A-11 generates <communication control command 3> from the data length J-33 and the data body J-64, and sends it to the external communication control means A-14. At this time, the command execution means A-11 may encrypt the data body and include it in the <communication control command 3>.

(H-12): The external communication control means A-14 that has received <communication control command 3> interprets <communication control command 3> (here, the part of J-71 is “01000101”). Confirm that it is, confirm the length of <communication control command 3> from J-72 part, read data length J-73 / data body J-74, J-75 part is “11000101” Confirm,). Next, the external communication control means A-14 sets the data body J-74 included in <communication control command 3> to the external communication interface A-16.
From the secure DF card A-10. (H-13): When output of the target data to the outside is completed,
The external communication control means A-14 generates <communication control response 3>,
Send to the instruction executing means A-11.

(H-14): The command execution means A-11 that has received <communication control response 3> interprets <communication control response 3> (here, the part of J-81 is “01000110”). Confirm that there is, confirm the length of <communication control response 3> from J-82,
Read the processing result J-83 and confirm that the J-84 part is "11000110"). Next, the instruction executing means A-11
By generating <Card control response 3> based on the processing result J-83 included in <Communication control response 3> and transmitting it to the terminal A-20, the processing result of <Card control instruction 3> is displayed on the terminal. A-20
Notify.

(H-15): The command issuing means A-21 having received <card control response 3> interprets <card control response 3> (here, the part of J-41 is “01000010”). Confirm that there is, confirm the length of <card control response 3> from the part of J-42, read the processing result J-43, the part of J-44 is “110000
It is confirmed that it is 10 ”.) The instruction issuing means A-21 verifies the content of this processing result J-43, and the terminal A-
20 confirms the execution result of <card control command 3>.

In this case, the instruction executing means A-11 generates an <storage control instruction 3> and reads data from the storage means as an operation corresponding to one <card control instruction 3> output from the terminal. , Data body J-64 to index J-
The operation of generating 23 and generating <Data reception notification 4> and presenting it to the terminal A-20, and the operation of generating <Communication control command 3> and transmitting data to the outside are performed. Note that the format of the above-mentioned instruction is one example, and other formats may be used.

The above processing is performed by the secure DF card A-
10 By performing it internally, the data stored in the storage unit A-13 can be confirmed by the user based on a request from the outside, but the data itself does not go through the terminal A-20, and the secure DF card A-10 It becomes possible to output to the outside.

For example, when this secure DF card is applied to a cafeteria system that deducts the card fee from the shape of the plate placed on the tray of the cafeteria, the external communication interface
A screen for confirming the user's intention is displayed on the terminal based on the charge bill input from A-16, and when the user approves, electronic money corresponding to the billed amount is output from the external communication interface A-16. In this case, the user can select the number of dishes placed on the tray by looking at the billed amount.

In each of the embodiments, the data stored in the storage means is output from the external communication interface or the data input from the external communication interface is stored in the storage means based on the instruction of the terminal without the intervention of the terminal. The operation of the secure DF card has been described, but in the case where the command of the terminal instructs to output the data read from the storage means to the terminal or store the data input from the terminal in the storage means. According to its command,
It is possible to input / output data via the terminal. In other words, depending on whether or not there is information that means "not through the terminal" in the instruction executed by the instruction execution means, whether or not through the terminal is determined when data is input / output with this card. The switching can be controlled by the instruction description.

On the other hand, as the mechanism of the card, all the data read from the storage means or the data to be written in the storage means are input / output without going through the terminal (that is, in the command, is “through the terminal”). Data is input / output uniformly without passing through the terminal even if it is not distinguished whether it is “intermediate”. In other words, input / output of data via the terminal communication interface or terminal Data that is scheduled to be input / output to / from the communication interface will not be read / written from the storage means at all, and the terminal will have at most an index generated by the instruction execution means, confirmation data at the time of writing, and information. It is also possible to configure such that only information other than the actual data to be read / written from the storage means, such as data for presentation, is sent.

[0093]

As is apparent from the above description, in the secure DF card of the present invention, when outputting the data in the card, the confidentiality / integrity of the output data is protected against the possibility of unauthorized operation of the terminal. Achieve retention.

Further, when inputting data from the outside of the card / terminal to the inside of the card, the confidentiality / integrity of the input data is maintained against the possibility of unauthorized operation of the terminal. Further, when inputting data from the outside of the card / terminal to the inside of the card, it becomes possible to prompt the card / terminal user to judge the validity of the data.

Further, when outputting data inside the card by a trigger from the outside other than the card / terminal, the confidentiality / integrity of the output data is maintained against the possibility of unauthorized operation of the terminal.

Further, when the data inside the card is output by a trigger from the outside other than the card / terminal, it becomes possible to prompt the card / terminal user to judge the validity of the operation.

[Brief description of drawings]

FIG. 1 is a hardware configuration diagram of a DF card according to an embodiment of the present invention.

FIG. 2 is a configuration diagram of a secure DF card and a terminal according to the embodiment of the present invention.

FIG. 3 is a diagram showing a basic format of a command and a response in the embodiment of the present invention.

FIG. 4 is a diagram showing the contents of each command and response in the first embodiment of the present invention.

FIG. 5 is a secure DF according to the first embodiment of the present invention.
Diagram showing the outline of how to output the internal data of the card

FIG. 6 is a secure DF according to the first embodiment of the present invention.
Figure showing how to output data inside the card

FIG. 7 is a specific example of using credit card information of a DF card according to the first embodiment of the present invention.

FIG. 8 is a secure DF according to the second embodiment of the present invention.
Diagram showing the outline of how to store external data in the card

FIG. 9 is a secure DF according to the second embodiment of the present invention.
Diagram showing how to store external data on a card

FIG. 10 is a diagram showing transmission / reception data and contents of respective commands and responses according to the second embodiment of the present invention.

FIG. 11 is a secure D according to the third embodiment of the present invention.
The figure which shows the outline of the output method of the F card internal data

FIG. 12 is a secure D according to the third embodiment of the present invention.
Diagram showing how to output F card internal data

FIG. 13 is a diagram showing the contents of transmission / reception data and each command and response according to the third embodiment of the present invention.

FIG. 14 is a hardware configuration diagram of a DF card of Prior Art Examples 1 to 3.

FIG. 15 is a configuration diagram of a DF card and a terminal in Prior Art Examples 1 to 3.

FIG. 16 is a diagram showing a method of outputting internal data of a DF card in Prior Art 1;

FIG. 17 is a diagram showing an outline of a method of outputting internal data of a DF card in Prior Art 1;

FIG. 18 is a diagram showing a method of storing external data in a DF card according to Prior Art 2;

FIG. 19 is a diagram showing an outline of a method of storing external data in a DF card in Prior Art 2;

FIG. 20 is a diagram showing a method of outputting internal data of a DF card in Prior Art Example 3;

FIG. 21 is a diagram showing an outline of a method of outputting internal data of a DF card in Prior Art Example 3.

FIG. 22 is a diagram showing a configuration of an IC card and a terminal and a method of reading out card internal data in Prior Art 4;

[Explanation of symbols]

10 Secure DF card 11 DF controller 13 Flash memory 14 DFIO controller 20 Terminal 30 Card 31 Memory controller 33 Flash memory 34 IO controller A-10 Secure DF card A-11 Instruction execution means A-12 Storage control means A-13 Storage means A -14 External communication control means A-15 Terminal communication interface A-16 External communication interface A-20 Terminal A-21 Command issuing means A-22 Card communication interface B-01 to B-10 Command / response in the first embodiment -Data / Flow of processing C-01 Command identifier C-02 Command length C-03 Command content C-04 Command end identifier C-11 Response identifier C-12 Response length C-13 Response content C-14 Response end identifier D- 01 <Card control command 1> command identifier D-02 Command length D-03 Start address D-04 Data length D-05 <Card control command 1> Command end identifier D-11 <Card control response 1> Response identifier D-12 Response length D-13 Processing result D-14 Response end identifier of card control response 1> D-21 Command identifier of <storage control command 1> D-22 Command length D-23 Start address D-24 Data length D-25 Command end identifier of <storage control command 1> D -31 <Memory control response 1> response identifier D-32 Response length D-33 Data length D-34 Data body D-35 <Memory control response 1> Response end identifier D-41 <Communication control instruction 1> command Identifier D-42 Command length D-43 Data length D-44 Data body D-45 <Communication control command 1> command end identifier D-51 <Communication control response 1> response identifier D-52 Response length D-53 Processing Result D-54 Response end identifier of <Communication control response 1> E-01 to E-10 Command / Response / Data / Processing flow in the second embodiment G-01 Received header G-02 of <received data 1> Data length G-03 Data body G-04 <Reception data 1> end identifier G-11 <Data reception notification 1> identifier G-12 Message length G-13 Data G-14 <Data reception communication>1> End identifier G-21 <Data reception notification 2> identifier G-22 Message length G-23 Index G-24 Data body length G-25 <Data reception notification 2> end identifier G-31 <Card control instruction 2> Command identifier G-32 Command length G-33 Start address G-34 Data length G-35 <Card control command 2> Command end identifier G-41 <Card control response 2> Response identifier G-42 Response length G-43 Processing result G-44 <Card control response 2> response end identifier G-51 <Memory control command 2> instruction identifier G-52 Command length G-53 Start address G-54 Data length G-55 Data body G-56 <Memory control command 2> command end identifier G-61 <Memory control response 2> response identifier G-62 Response length G-63 Processing result G-64 <Memory control response 2> response end identifier H- 01 to H-15 Command / Response / Data / Processing flow in the third embodiment J-01 <Received data 2> header J-02 Received data length J-03 Output request J-04 End identifier of received data 2> J-11 <Data reception notification 3> identifier J-12 Message length J-13 Data J-14 <Data reception notification 3> end identifier J-21 <Data reception notification 4> identifier J-22 Message length J-23 Index J-24 Data length J-25 <Data reception notification 4> end identifier J-31 <Card control instruction 3> instruction identifier J-32 Instruction length J-33 Data length J- 34 <Card control command 3> command end identifier J-41 <Card control response 3> response identifier J-42 Response length J-43 Processing result J-44 <Card control response 3> response end identifier J-51 < Memory control command 3> Command identifier J-52 Command length J-53 Start address J-54 Data length J-55 <Memory control command 3> Command end identifier J-61 <Memory control response 3> Response identifier J- 62 Response length J-63 Data length J-64 Data body J-65 <Memory control response 3> Response end identifier J-71 <Communication control instruction 3> Command identifier J-72 Commander J-73 Data length J-74 Data body J-75 <Communication control command 3> command end identifier J-81 <Communication control response 3> response identifier J-82 Response length J-83 Processing result J-84 Response end identifier of <Communication control response 3> Z-11 Command execution means Z-12 Storage control means Z-13 Storage means Z-14 External communication control means Z-15 Terminal communication interface Z-16 External communication interface Z-21 Command Issuing means Z-22 Card communication interface Y-01 to Y-05 Command / Response / Data / Processing flow in Prior Art Example 1 X-01 to X-06 Command / Response / Data / Processing flow in Prior Art Example 2 W-01 to W-06 Command / Response / Data / Processing Flow in Prior Art 3 V-01 to V-04 Command / Response / Data / Processing Flow in Prior Art 4 V-11 Command Execution Means V- 12 Storage control means V-13 Storage means V-14 Terminal communication interface V-21 Instruction issuing means V-22 Card communication interface

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Yoshihiko Takagi             1006 Kadoma, Kadoma-shi, Osaka Matsushita Electric             Sangyo Co., Ltd. F-term (reference) 2C005 MA05 MB03 NA02 NA06 SA05                       SA21 SA26                 5B035 AA13 BB09 BC00 CA11 CA38                 5B065 BA09 CA13 CC08

Claims (28)

[Claims] 1. A dual function card having a terminal communication interface with a terminal, an external communication interface with the outside, and a data storage means, which executes a command received from the terminal communication interface or the external communication interface. Command execution means, storage control means for controlling writing and reading of data to and from the storage means in response to the command of the command execution means, and communication data from the external communication interface in response to the command of the command execution means A dual function card, comprising: external communication control means for controlling input / output of the device. 2. The dual function card according to claim 1, wherein the storage control unit and the external communication control unit operate by receiving only an instruction from the instruction executing unit. 3. The instruction executing means and the storage control means,
The dual function card according to claim 1, wherein the dual function card is mounted as software on a tamper resistant IC chip. 4. The dual function card according to claim 3, wherein the external communication control means is mounted on the tamper resistant IC chip as software together with the instruction execution means and the storage control means. 5. The instruction execution means is implemented as software on a tamper resistant IC chip, and the storage control means and the external communication control means are each implemented as tamper resistant hardware. Claim 1
Dual function card described in. 6. The dual according to claim 1, wherein the instruction execution unit outputs the data read from the storage unit through the storage control unit from the external communication interface through the external communication control unit. Function card. 7. The instruction executing means receives an instruction from a terminal to output the data stored in the storage means to the outside without passing through the terminal, and reads the data from the storage means through the storage control means. The dual function card according to claim 1, further comprising: an operation of outputting the data from the external communication interface through the external communication control means. 8. The dual function card according to claim 1, wherein the instruction executing unit presents the content of the data input from the external communication interface to the terminal. 9. The dual function card according to claim 8, wherein the instruction executing means creates content presentation data representing the content of the data and presents the content presentation data to a terminal. 10. The instruction execution means, in response to an instruction from the terminal, stores the data input from the external communication interface in the storage means through the storage control means. Dual function card described in. 11. The command executing means, when data is input from the external communication interface, creates content presentation data representing the content of the data and presents the content presentation data to a terminal, and from the terminal to the external communication interface. 2. The operation of storing the received data in the storage means through the storage control means upon receiving an instruction to store the received data in the storage means without passing through a terminal. Dual function card. 12. The dual according to claim 1, wherein the instruction executing means creates content presentation data representing the content of the data read from the storage means through the storage control means and presents it to the terminal. Function card. 13. The command executing means, when a data request is made from the outside through the external communication interface, creates content presentation data representing the content of the corresponding data and presents it to the terminal. Item 12. The dual function card according to item 12. 14. The dual function card according to claim 13, wherein the instruction executing means outputs the data from the external communication interface through the external communication control means in response to an instruction from the terminal. 15. The dual function card according to claim 6 or 14, wherein the instruction executing unit encrypts the data output through the external communication control unit. 16. The instruction execution means, when a data request is input from the external communication interface, an operation of reading the requested data from the storage means through the storage control means, and content presentation data representing the content of the data. Is generated and presented to the terminal, and an instruction to output the data stored in the storage means to the outside in response to an external data request is received from the terminal, and the data is transmitted to the external device. The dual function card according to claim 1, wherein the dual function card performs an operation of outputting from the external communication interface through a communication control unit. 17. The instruction executing means or the storage means,
2. The dual function according to claim 1, wherein data input from the terminal communication interface is not stored in the storage unit, and / or data read from the storage unit is not sent to the terminal communication interface. card. 18. A terminal communication interface with a terminal,
It is a command issued from a terminal to a dual function card that has an external communication interface with the outside and a data storage means, and outputs the data held in the storage means to the outside without going through the terminal. Instructions to direct. 19. A terminal communication interface with a terminal,
An instruction issued from a terminal to a dual function card having an external communication interface with the outside and a data storage means, the data received by the external communication interface is stored in the storage means without passing through the terminal. An instruction to store. 20. A terminal communication interface with a terminal,
A command issued from a terminal to a dual function card having an external communication interface with the outside and a data storage means, which is stored in the storage means in response to a data request input from the external communication interface. An instruction to output data to the outside without going through the terminal. 21. A terminal communication interface with a terminal,
A command issued from a terminal to a dual function card having an external communication interface with the outside and a data storage means, which allows the dual function card to perform a plurality of operations based on one command. Command to. 22. A terminal communication interface with a terminal,
A method for outputting internal data of a dual function card having an external communication interface with the outside and a data storage means, wherein the data stored in the storage means is received in response to a data output instruction from the terminal. A data output method characterized in that the data is output to the outside without going through. 23. An operation of receiving data from the terminal to output the data stored in the storage means to the outside without passing through the terminal and reading the data from the storage means, and outputting the data from the external communication interface. 23. The data output method according to claim 22, further comprising: 24. A terminal communication interface with a terminal,
A method for storing external data of a dual function card having an external communication interface with the outside and a data storage means, wherein content presentation data representing the content of data input from the external communication interface is presented to a terminal, A data storage method comprising receiving a storage instruction from a terminal and storing the data to be stored in the storage means without going through the terminal. 25. When data is input from the external communication interface, an operation of creating the content presentation data and presenting the content presentation data to a terminal, and data received from the terminal via the external communication interface are transmitted via the terminal. 25. The data storage method according to claim 24, further comprising the step of storing the data in the storage means in response to an instruction to store the data in the storage means. 26. A terminal communication interface with a terminal,
A method of outputting internal data of a dual function card having an external communication interface with the outside and a data storage means, wherein a data request for the data stored in the storage means is input from the external communication interface. A data output method, which presents content presentation data representing the content of corresponding data to a terminal, receives a data output instruction from the terminal, and outputs the data to the outside without passing through the terminal. 27. When a data request is input from the external communication interface, an operation of reading the requested data from the storage means, an operation of creating the content presentation data and presenting the content presentation data to a terminal, and an external operation from the terminal 8. An operation of outputting the data from the external communication interface in response to a data request, receiving an instruction to output the data stored in the storage means to the outside without passing through a terminal. 26. A data output method according to 26. 28. The data output method according to claim 22, wherein the data is encrypted and output to the outside.