JP2004247815A - Ic chip control system, communication terminal, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system whereby a server can efficiently control an IP chip connected to a mobile terminal via the mobile terminal with security. <P>SOLUTION: A communication control section 22 of the mobile terminal 2 acquires a control end time generated by the server 1 via the IC chip 3 and inhibits processing by a terminal application program applied to a control command transmitted from the server 1 to the IC chip 3 until the control end time so as to directly transmit the control command from the server 1 to the IC chip without causing any modification. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a technique for controlling an IC chip connected to a communication terminal by an external device via the communication terminal.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, an IC chip is connected to a communication terminal such as a mobile phone terminal, and a predetermined process is executed by controlling the IC chip based on a control command from an external device such as a predetermined server via the communication terminal. That is being done.
In such a system, for example, a user or an agent activates an application of a communication terminal to access a server. The server notifies the communication terminal of an IC chip control command. The application program of the communication terminal transmits the notified IC chip control command to the connected IC chip, and receives the control result (response data) from the IC chip. Then, a series of processes in which the application program of the communication terminal transmits the reception result from the IC chip to the server and returns the transmission result from the server to the communication terminal have been performed.
[0003]
Also, in consideration of the security and the like of the application program on the communication terminal, there are two types of modes: a program mode in which the application program operates on the communication terminal, and a packet mode in which a card number or the like is read from an IC card and transmitted to a server. There has been proposed a system for automatically switching and processing the program according to a program downloaded from a server (for example, Patent Document 1).
Also, a system has been proposed in which a client terminal does not have a process of driving an IC chip, but has a server to reduce the processing load on the client terminal (for example, Patent Document 2).
[0004]
[Patent Document 1]
JP 2001-222595 A
[Patent Document 2]
JP 2001-282528 A
[0005]
[Problems to be solved by the invention]
However, if processing is performed using an application program installed in the communication terminal as in the conventional system, the application program on the communication terminal can be replaced or rewritten, so maliciously If the application program of the communication terminal is replaced, there is a problem that control of the IC chip cannot be reliably performed.
[0006]
In addition, as in Japanese Patent Application Laid-Open No. 2001-222595, if the conditions to be changed depend on the downloaded program, it is not possible to cope with the case where this program is replaced or modified during communication, etc. There was a problem with security.
[0007]
Further, if all the programs for driving the IC chip are provided on the server side as disclosed in Japanese Patent Application Laid-Open No. 2001-282528, it is necessary to always establish a session between the IC chip and the server. There was a problem that many were required. Such a problem is not practical especially on a system with a small number of network resources such as a mobile phone terminal.
[0008]
The present invention has been made in order to solve the above-described problems, and provides a mechanism for safely and efficiently controlling an IC chip connected to a communication terminal by an external device via the communication terminal. Make it an issue.
[0009]
[Means for Solving the Problems]
In order to solve the above-described problems, an IC chip control system according to one aspect of the present invention includes an external device that generates a control command for causing an IC chip to execute a predetermined process, and is capable of communicating with the external device. And a mobile communication terminal that holds an application program for performing a predetermined process, and is configured to be connectable or communicable with the mobile communication terminal, and to respond to a control command from the external device via the mobile communication terminal. The external device generates a control end time for ending the control of the IC chip, and the portable communication terminal performs control performed by the external device. An end time is obtained, and the application to the control command transmitted from the external device to the IC chip is obtained until the control end time. Prohibits processing by Deployment program, characterized in that it transmits the control command to the IC chip.
[0010]
The IC chip may further include a storage unit configured to store a control condition for executing the control command, and determine whether a control command transmitted from the communication terminal as it is matches the control condition stored in the storage unit. And a control unit for executing a process based on a control command received from the server when the control condition is satisfied.
[0011]
A communication terminal according to one aspect of the present invention executes an external device that generates a control command for causing an IC chip to execute a predetermined process, and executes a predetermined process in response to a control command from the external device. A communication terminal configured to be able to communicate with an IC chip. The communication terminal obtains an application program for performing a predetermined process and a control end time generated by the external device. Communication control means for prohibiting processing by the application program for a control command transmitted to the IC chip and transmitting the control command to the IC chip as it is.
[0012]
Further, the communication control means may prohibit the external device from directly transmitting a control command to the IC chip when the control end time notified from the external device has elapsed. In addition, when there is an application program that is performing processing on the IC chip, the communication control unit may suspend the application program until the control end time notified from the server.
[0013]
The information processing apparatus may further include an output unit that displays the control end time notified from the external device and outputs information for confirming whether or not the user consents to the execution of the process.
[0014]
Further, when individually establishing a session with the external device or the IC chip, an authentication processing unit for authenticating the external device or the IC chip based on a hash value based on predetermined unique information may be further provided. Good.
Further, the communication terminal may be a portable communication terminal.
[0015]
A computer program according to one aspect of the present invention includes an external device that generates a control command for causing an IC chip to execute a predetermined process, and executes a predetermined process according to a control command from the external device. A computer program for causing a computer to function as a communication terminal configured to be able to communicate with an IC chip and to hold an application program for performing a predetermined process, the control program comprising: And a process of prohibiting a process by the application program for a control command transmitted from the external device to the IC chip until the obtained control end time, and transmitting the control command to the IC chip as it is. Are executed.
[0016]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, an embodiment of a system to which an IC chip control system, an IC chip, a communication terminal, and a computer program according to the present invention are applied will be described with reference to the drawings.
FIG. 1 shows an outline of the overall configuration of a system according to the present embodiment. In FIG. 1, a system according to the present embodiment includes a server 1 and a mobile terminal 2 configured to be connectable to the server 1 via a mobile phone network, the Internet, a wired or wireless LAN (Local Area Network), or the like. And an IC chip 3 connected to the portable terminal 2 and configured to be communicable.
[0017]
The server 1 forms an external device according to the present invention. The server 1 includes a computer having a CPU (Central Processing Unit) and a storage unit such as an internal memory such as a RAM and a ROM capable of storing a computer program executed by the CPU and predetermined data, and an external storage device such as a hard disk drive. Can be configured.
When the CPU executes a predetermined computer program, the server 1 performs, for example, authentication processing of authentication data generated by the IC chip 3 using key data corresponding to the IC chip 3, A process for issuing a control command can be performed. Further, an error of the mobile terminal 2 and the IC chip 3 may be detected, and a predetermined error process may be performed.
Further, in the storage unit of the server 1, for example, as shown in FIG. 3, a server ID, a server random number generated by the server 1, and an error list (negative list) of the portable terminal 2 and the IC chip 3 can be stored. . As the negative list of the IC chip 3, for example, information such as a chip ID of the IC chip 3 in which an error has occurred, a secret key of the IC chip 3, an error occurrence date and time, an error count cumulative value, and a control history can be stored. In addition, as the negative list of the mobile terminal 2, a terminal ID, the date and time of occurrence of an error, a cumulative number of errors, and the like can be stored.
Further, as shown in FIG. 3, the storage unit of the server 1 can store the control content and the control end time at which the control was performed.
[0018]
The mobile terminal 2 constitutes a communication terminal according to the present invention. The mobile terminal 2 can be configured by, for example, a mobile phone terminal, a PDA (Personal Digital Assistance) terminal having a communication function, a mobile so-called personal computer having a communication function, or the like.
As shown in FIG. 1, the mobile terminal 2 includes a communication unit 201 for performing communication processing with the server 1 via an antenna or the like, a display unit 202 such as a display, an input unit 203 such as a keyboard or a pointing device, a computer program or predetermined data. And a memory 204 such as a RAM or a RAM for storing data, a reader / writer (R / W) 205 that is electrically connected to the IC chip 3 or wirelessly performs data read / write processing, executes a computer program, and performs predetermined processing. Can be configured from the CPU 206.
Note that the communication unit 201 may perform a communication process via an optical medium such as an infrared ray. Further, a plurality of CPUs 206 may be provided, and the communication processing and the application processing may be respectively performed by different CPUs 206.
With these configurations, the storage unit 20 illustrated in FIG. 2 and the terminal OS (Operating System) can realize functional blocks such as a session management unit 21, a communication control unit 22, and a clock unit 23 that manages time. it can.
[0019]
As shown in FIG. 4, the storage unit 20 includes a plurality of application programs (AP) 1 to N for performing predetermined processing in the terminal 2 and a terminal OS (Operating System).
The storage unit 20 can store a terminal ID, a terminal PIN (Personal Identification Number), a terminal random number, a terminal timer, an external node access condition table, an AP state table, and terminal state information.
The external node access condition table can store which server 1 can be accessed by executing each application program and the conditions at that time. The external node access condition can include, for example, data such as a server IP address, a server domain name, and a terminal PIN for each application program.
The AP status table is a table that indicates the status of the application program, and is capable of storing, for example, information indicating the status of each application such as inactive, not activated, or activated.
The terminal status information is information indicating whether the terminal 2 is in the client mode or the server mode. The client mode is a state in which a session is established between the terminal 2 and the server 1 or the IC chip 3 and a predetermined application program is executed to perform processing. The server mode is designated by the server 1. Until the end time of the control, data such as a control command exchanged between the server 1 and the IC chip 3 is prohibited from being processed by the application program of the portable terminal 2 and communicates as it is. .
[0020]
During communication between the server 1 and the mobile terminal 2 and between the IC chip 3 and the mobile terminal 2, the session management unit 21 exchanges session information using unique information such as a random number and an ID generated by each node, and performs a session. Perform processing for establishing
When a session is established, the session management unit 21 generates a hash value based on specific information such as a predetermined random number and a terminal ID, and performs authentication processing using the hash value to prevent impersonation due to eavesdropping. In addition, it is possible to easily detect tampering of communication data.
Further, the session management unit 21 performs a transmission / reception process of a control command to the server 1 or the IC chip 3.
[0021]
The communication control unit 22 prohibits processing of the control command exchanged between the server 1 and the IC chip 3 by the application program in the communication terminal 2 until the control end time notified from the server 1, Control is performed so that communication can be performed without change. In addition, when there is a terminal application program that uses the application program in the IC chip 3, the communication control unit 22 controls to temporarily suspend the terminal application program.
Further, when the control end time notified from the server 1 is exceeded, the communication control unit 22 automatically switches the state of the mobile terminal 2 to the client mode without passing the control command from the server 1. , The communication between the server 1 and the mobile terminal 2 or only the communication between the IC chip 3 and the mobile terminal 2 is controlled.
[0022]
As shown in FIG. 1, the IC chip 3 includes a RAM 301 for storing a computer program and the like, a memory 301 such as a ROM, a CPU 302, and a communication unit 303 that is electrically connected to the portable terminal 2 or wirelessly exchanges data. Have been.
With these configurations, the functional blocks of the storage unit 30, the authentication / session management unit 31, and the control management unit 32 shown in FIG. 2 can be realized.
[0023]
The storage unit 30 can store information as shown in FIG. 5 in the security domain.
The application information shown in FIG. 5 is information of an IC chip application corresponding to an application program of the portable terminal 2 or the like that can perform processing on the IC chip 3, and includes an application ID (AID), its data, and an application. Key data and history information used by the program are included.
In addition, as information set in the IC chip 3, IC chip secret keys 1 to n for performing authentication, a chip ID as identification information of the IC chip 3, a temporarily generated IC chip random number, a PIN, The information includes control condition information, user confirmation information indicating information that needs to be confirmed by the user, a controllable flag indicating whether each application program is in a controllable state, and downloaded application program list information.
The control condition information is information indicating a control condition for the control content, and is a control content for the IC chip 3 and a control condition for executing the control content (for example, key data to be authenticated, the number of control commands, a controllable server). ID, etc.). These pieces of control condition information are set in the IC chip 3 in advance, and are referred to when determining the control content of the control command.
[0024]
The authentication / session management unit 31 can generate session information for establishing a session with the mobile terminal 2 or the like, perform a decoding process of session information or the like input from the mobile terminal 2 or the like, and perform an authentication process.
[0025]
The control management unit 32 performs control processing such as changing, erasing, and rewriting application programs and data in the IC chip 3 in response to external inputs.
Before performing control processing based on the control command transmitted via the mobile terminal 2, the control management unit 32 determines the control method (the number of control commands, the specified command, the specified data, It performs processing to confirm whether the command matches the command order, the specified data, or the hash value of the command. In this process, after the authentication / session management unit 31 checks the external node, the control management unit 32 temporarily sets the control method for the external node in the IC chip 3 so that the control process can be performed. To Then, when the control according to the specified control method is completed, the control management unit 32 clears the set control method, and in this state, control processing of application programs and data in the IC chip 3 is disabled. be able to.
In this example, an example in which the control method is set to the IC chip 3 is described. However, flag information indicating whether the control method set in the IC chip 3 can be used in advance may be set. .
[0026]
Next, an IC chip control method according to the present embodiment will be described.
First, the flow of processing of the entire system will be described with reference to FIG. In the initial state, the mobile terminal 2 is in the client mode state.
6, first, the session management unit 21 of the mobile terminal 2 acquires the terminal time information with reference to the clock unit 23, generates a random number (terminal random number), stores it in the storage unit 20, and stores the generated terminal random number. And the terminal time information is notified to the IC chip 3 via the reader / writer 205 (S101).
[0027]
In the IC chip 3, the authentication / session management unit 31 receives the information transmitted from the mobile terminal 2 via the communication unit 303, and stores the received terminal time information in the storage unit 30 (S102).
The authentication / session management unit 31 generates digital signature data (C1) obtained by encrypting the data obtained by combining the generated chip random number, terminal time information, terminal random number, and chip ID with the IC chip secret key 1, and generates the generated digital signature. The data (C1) and the chip ID are transmitted to the mobile terminal 2 via the communication unit 303 (S103).
[0028]
When the mobile terminal 2 receives the information transmitted via the reader / writer 205, the session management unit 21 generates a hash value (H1) of data obtained by combining the terminal time information, the terminal random number, and the terminal ID as session information, The generated session information, the electronic signature data (C1) received from the IC chip 3, the chip ID, and the terminal ID are transmitted to the server 1 via the communication unit 201 (S104).
[0029]
The server 1 verifies the digital signature data using the predetermined key data, and determines whether the received digital signature data and session information are appropriate (S105). The verification process of the digital signature data (C1) can be performed by the server 1 decrypting the digital signature data (C1) with the IC chip secret key corresponding to the chip ID. The session information of the mobile terminal 2 is confirmed by the server 1 generating a hash value (H1 ′) of data obtained by combining the received terminal time information, terminal random number, and terminal ID, and generating the hash value (H1 ′). And whether the hash value (H1) received from the portable terminal 2 matches.
[0030]
As a result of the discrimination, if the electronic signature data is not proper, the server 1 clears the session information, stores the error history information of the portable terminal 2 and the IC chip 3, and the IC chip 3 and the portable terminal 2 return to the server 1 again. A process for prohibiting access is performed (S106), and the process ends.
[0031]
If the authentication result shows that the electronic signature data is appropriate, the server 1 sets the terminal ID of the mobile terminal 2 to be processed and generates new session information to be transmitted to the mobile terminal 2. And stores the generated session information, the server random number, and the server ID to the portable terminal 2 (S107). As the new session information, a server random number generated by the server 1, a server ID, acquired terminal time information, and a hash value (H2 ″) of data obtained by combining the terminal random numbers can be used.
[0032]
When the session management unit 21 of the mobile terminal 2 receives the session information transmitted from the server 1 via the communication unit 201, it determines whether the session information is appropriate (S108). In this process, the session management unit 21 generates a hash value (H2) of combination data of the received server ID and server random number, the terminal time information stored in the storage unit 20, and the terminal random number. This can be performed by determining whether the hash value (H2) matches the hash value (H2 ″) received from the server 1.
[0033]
If the result of the determination is not proper, the session management unit 21 notifies the server 1 of an error and clears the session information, the terminal time information, and the terminal random number stored in the storage unit 20 (S109). . When the error is notified from the mobile terminal 2, the server 1 performs the process of S106 described above and ends the process.
[0034]
When the session information is correct as a result of the determination, the session management unit 21 sets the server ID of the server 1 to be processed, generates new session information, stores the new session information in the storage unit 20, and generates the new session information. The new session information, the terminal random number, the request command for requesting the control command, and the terminal ID are transmitted to the server 1 via the communication unit 201, and the control command is requested to the server 1 (S110).
The session information generated at this time is composed of, for example, a hash value (H3) generated based on data combining unique information such as a terminal ID, terminal time information, a received server random number, a request command, and a generated terminal random number. can do.
[0035]
The server 1 that has received the session information from the mobile terminal 2 authenticates the received session information (S111). In this authentication processing, the server 1 confirms the transmitted terminal ID, and generates a hash value (H3 ″) from a combination of the terminal ID, the terminal timer, the server random number, the request command, and the terminal random number. The processing can be performed by determining whether or not the hash value (H3 ″) obtained and the hash value (H3) received from the server 1 match.
[0036]
If the session information is not proper as a result of the authentication, the process shifts to the above-described error processing in S106 and ends.
If the session information is correct as a result of the authentication, the server 1 checks whether an IC chip control command for performing predetermined control on the IC chip 3 is necessary, and generates the necessary IC chip control command. Then, it is encrypted (S112). This IC chip control command can be composed of, for example, a chip ID of the IC chip 3 to be controlled, the number of control commands, a control end time, a chip random number, a server ID, and the like. 3 is encrypted with the secret key 2.
[0037]
Then, the server 1 newly generates session information and transmits the encrypted IC chip control command, the generated session information, the server random number, and the server ID to the mobile terminal 2 (S113). At this time, the server 1 stores the generated session information and the server random number in a predetermined storage unit. As the session information, for example, the server 1 generates a random number, and can use a hash value (H4 ″) generated based on a combination of the generated server random number, server ID, and terminal time information.
The setting of the control end time can be set by adding an approximate value of the control end time necessary for executing the specified process to the terminal time received by the server 1 for calculation.
[0038]
Upon receiving the information transmitted from the server 1 via the communication unit 201, the session management unit 21 of the mobile terminal 2 determines whether the received session information is appropriate (S114). In this process, the session management unit 21 checks the server ID, generates a hash value (H4) based on a combination of the received server random number, server ID, and terminal time information, and generates the generated hash value (H4). Is determined by determining whether or not the hash value (H4 ″) received from the server 1 conforms to the above.
Then, when it is determined as inappropriate as a result of the authentication, the processing shifts to the above-described error processing in S109 and thereafter, and the processing ends.
[0039]
With reference to FIG. 7, when the communication control unit 22 detects the IC chip control command included in the response data from the server 1 when it is determined that the session information is appropriate as a result of the authentication, The application program of the communication terminal 2 that is performing processing with the IC chip 3 to be controlled is temporarily suspended (S115).
Then, the session management unit 21 transmits the encrypted IC chip control command information, the server ID, and the terminal random number to the IC chip 3 via the reader / writer 205 (S116).
[0040]
The IC chip 3 receives the information transmitted via the communication unit 303, and the authentication / session management unit 31 transmits the encrypted IC chip control command using the secret key 1 stored in the storage unit 30. The decryption is performed (S117).
[0041]
The authentication / session management unit 31 determines whether the chip-specific information such as the chip random number included in the decrypted IC chip control command matches the previously generated chip random number stored in the storage unit 30 (S118). ).
If the result of the determination is that they do not match, the authentication / session management unit 31 clears the stored chip-specific information such as the IC chip random number and notifies the portable terminal 2 of an error (S119).
As a result, the session management unit 21 of the mobile terminal 2 that has received the error notification performs the above-described error processing of S106 and ends the processing.
[0042]
If the result of the determination in S118 is affirmative, the authentication / session management unit 31 determines whether the control end time has not yet passed by comparing the terminal time stored in the storage unit 30 with the terminal time. (S120).
If it has already passed, the authentication / session management unit 31 performs the above-described error processing of S119 and thereafter, and ends the processing.
[0043]
If the time has not passed yet, the authentication / session management unit 31 determines whether the control content based on the IC chip control command can be set in the IC chip 3 (S121).
Specifically, the authentication / session management unit 31 refers to the control condition information in the storage unit 30, and determines whether the received server ID is registered, whether the number of control commands satisfies the condition of the control condition information, or the like. Also, it is determined whether or not an application program corresponding to the received application program ID exists in the IC chip 3.
If these conditions are not satisfied, the authentication / session management unit 31 performs the above-described error processing of S119 and thereafter, and ends the processing.
[0044]
If the condition is satisfied, the authentication / session management unit 31 newly generates session information and stores it in the storage unit 30. The session information and the decrypted control end time are transmitted via the communication unit 303. To the mobile terminal 2. At the same time, the control management unit 32 turns on the controllable flag of the application program in the IC chip 3 corresponding to the IC chip control command, thereby making the control state change to a controllable state (S122).
As the session information to be transmitted at this time, the authentication / session management unit 31 generates a hash value (H5) based on a combination of the control end time, the terminal random number, and the chip ID, and uses the generated hash value as the session information. Can be.
[0045]
When the portable terminal 2 receives the session information and the control end time via the reader / writer 205, the session management unit 21 determines whether the received session information is appropriate (S123).
In this determination, the session management unit 21 generates a hash value (H5 ″) based on the combination of the control end time received and the terminal random number and the chip ID stored in the storage unit 20, and the generated hash value This can be performed by determining whether the received hash value (H5) matches the value (H5 ″).
[0046]
If the result of the determination is that they do not match, the processing shifts to the above-described error processing in S109 and ends.
If the result of the determination is that the communication is compatible, the communication control unit 22 stores and sets the control end time in the storage unit 20 and sets the terminal state of the storage unit 20 to the server mode. (S124).
At this time, the communication control unit 22 may display the control end time on the display unit 202 of the mobile terminal 2 so that the user can confirm the control end time and the like. If no IC chip control command is received from the IC chip 3 within a predetermined time, the communication control unit 22 may automatically return the mode to the client mode.
[0047]
In FIG. 8, when the mobile terminal 2 transmits the IC chip control command from the server 1 in the server mode, the session management unit 21 prohibits the processing of the application program in response to the chip control command and transmits the chip control command to the IC. The data is transmitted to the chip 3 as it is (S125).
Upon receiving the IC chip control command, the control management unit 32 executes a predetermined application program in the IC chip 3 to execute data processing according to the control command from the server 1 (S126).
Note that the control management unit 32 may determine whether the IC chip control command from the server 1 satisfies a control condition such as the number of designated commands, and may execute a process based on the control command only when the command is satisfied.
[0048]
Then, the control management unit 32 returns an access response to the server 1 via the mobile terminal 2 (S127). Also at this time, since the portable terminal 2 is in the server mode, this response data is passed through and the server 1 is notified as it is.
The server 1 that has received the access response transmits a control command of the IC chip 3 corresponding to the response (S128), and executes a predetermined process of returning an access response from the IC chip 3 (S129). Do as many times as necessary to do so.
During this time, since the mobile terminal 2 is in the server mode, the mobile terminal 2 transmits control commands and response data between the server 1 and the IC chip 3 through them.
[0049]
Then, the communication control unit 22 of the mobile terminal 2 refers to the clock unit 23 and, when the control end time specified by the server 1 has come, changes the terminal state of the storage unit 20 from the server mode to the client mode. Then, the process proceeds to the client mode process after S101 described above.
[0050]
Next, a detailed process flow when the mobile terminal 2 is in the client mode will be described with reference to FIG.
In FIG. 9, when a predetermined application program held by the terminal 2 is started, and execution of a predetermined process is notified (S201), the session management unit 21 determines whether the specified process is a process for the predetermined server 1. It is determined whether the processing is for the IC chip 3 or for terminating the application program (S202).
[0051]
If the result of the determination is that the application program has ended, the session management unit 21 ends the running application program (S203).
If it is determined that the process is for the predetermined server 1, the session management unit 21 determines whether the address of the server 1 to which data can be transmitted is determined from the address of the designated server 1 by an external node of the storage unit 20. The determination is made with reference to the access condition table (S211).
If there is no information on the server 1 corresponding to the external node address condition table, that is, if the server 1 cannot be accessed, a predetermined error process is performed, and the process returns to S201 to wait for the next process from the application program and execute it (S212). .
[0052]
If it is determined that the server 1 can transmit data, the session management unit 21 transmits data according to the address or the like stored in the external node access condition table (S213), and receives data from the server 1. It is determined whether or not is within the designated time (S214).
When data cannot be transmitted to the server 1, the session management unit 21 may retry the data transmission process to the server 1 at a predetermined interval.
[0053]
If data has not been received from the server 1 within the designated time, the session management unit 21 notifies the application program of an error, returns to the above-described process S201, and repeats the process (S215).
When data is transmitted from the server 1, the session management unit 21 receives data from the server (S216).
[0054]
Subsequently, in FIG. 10, the session management unit 21 determines whether or not the transmission data from the server 1 includes control request information (S217).
If there is control request information, the application program is temporarily suspended (S218).
Then, after suspending the application program, or when there is no control request information in the data from the server 1 in the process of S217, the session management unit 21 determines whether there is data for the IC chip 3 in the data from the server 1. It is determined whether or not it is (S219).
[0055]
When it is determined that there is data for the IC chip 3 as a result of the determination, the processing shifts to processing for the IC chip 3 described later.
If there is no data for the IC chip 3, the data is returned to the application program as a process for the communication terminal 2 (S220), and the process returns to S211 to wait for the execution of the process from the application program.
[0056]
In FIG. 9, when the process from the application program is a process for the IC chip 3, the session management unit 21 transmits the input data to the IC chip (S231).
The session management unit 21 determines whether the data reception from the IC chip 3 has occurred within the designated time (S232).
When data cannot be transmitted to the IC chip 3, the session management unit 21 may retry the data transmission processing to the IC chip 3 at a predetermined interval.
[0057]
If there is no reply from the IC chip 3 within the designated time, the session management unit 21 notifies the application program of an error (S233), and returns to the above-described processing of S201 to wait for an instruction from the application program.
[0058]
When predetermined data is returned from the IC chip 3, the session management unit 21 receives the data transmitted from the IC chip 3 (S 234), and notifies the data from the IC chip 3 from the server 1. Then, it is determined whether the control end time information is included (S235).
As a result of the determination, if the control end time information is not included, the session management unit 21 notifies the application program of the data received from the IC chip 3 (S236), and returns to the processing of S201.
Further, as a result of the determination, when the control end time information is included, the communication control unit 22 makes a transition to a server mode process described later (S237).
[0059]
Next, a detailed process when the mobile terminal 2 enters the server mode will be described with reference to FIG.
11, when control end time information is received from the server 1 via the IC chip 3, the communication control unit 22 stores and sets the control end time in the storage unit 20, and starts counting down the control end time (S301). ).
The communication control unit 22 determines whether the current time has exceeded the control end time with reference to the clock unit 23 (S302).
[0060]
If the result of the determination is that the control end time has passed, the communication control unit 22 initializes the control end time stored in the storage unit 20 and ends the timer (S303).
Then, the communication control unit 22 releases the suspension of the application program and shifts to the client mode (S304).
[0061]
If the result of determination in S302 is that the control end time has not passed, the communication control unit 22 determines whether data reception from the server 1 is within a specified time (S305).
As a result of the determination, if no data is received within the designated time, the communication control unit 22 notifies the server 1 of an error (S306), and proceeds to the above-described processes of S303 and S304.
[0062]
Also, as a result of the determination in S305, when data is transmitted from the server 1, the communication control unit 22 receives the data from the server 1 (S307), and determines whether the received data is received from the specified server 1. It is determined whether or not it is (S308).
If the result of the determination is that the data is not data from the specified server 1, the process proceeds to the above-described step S309 to perform error processing.
[0063]
If the result of the determination is that the data is from the designated server 1, the communication control unit 22 displays the control end time and the like notified from the server 1 to the user on the display unit 202, and Determine whether the user agrees with the process (S310).
If the user does not agree as a result of the determination, the communication control unit 22 notifies the server 1 of an error as in the processing of S309, and performs the error processing of S303 and S304.
[0064]
If it is determined in step S310 that the user has agreed, the communication control unit 22 determines whether the data such as the control command notified from the server 1 includes the end identification data of the server mode. It is determined (S311).
The server mode end identification data is data for instructing the end of the server mode of the mobile terminal 2 from the server 1 side.
[0065]
As a result of the determination, when the server mode end identification data is included, the communication control unit 22 performs the above-described processing of S303 and S304, and performs processing for transitioning from the server mode to the client mode.
If the result of the determination indicates that the server mode end identification data is not included, the processing of the application program for the data received from the server 1 is prohibited, and this data is passed through to the IC chip 3 as it is (S312). ).
[0066]
Then, the communication control unit 22 determines whether data reception from the IC chip 3 is within the designated time (S313).
When there is no data from the IC chip 3, the communication control unit 22 may retry data transmission to the IC chip 3 at predetermined time intervals.
[0067]
If it is determined in step S313 that no data has been received from the IC chip 3 within the designated time, the above-described error processing in step S309 is performed.
Further, as a result of the determination, when reply data is transmitted from the IC chip, the communication control unit 22 receives the transmitted data (S314).
[0068]
In FIG. 12, when receiving data from the IC chip 3, the communication control unit 22 determines whether or not the data from the IC chip 3 includes the server mode end identification data (S315).
As a result of the determination, if the server mode end identification data is included, the communication control unit 22 performs the processing for transitioning to the client mode in S303 and S304 described above.
Also, as a result of the determination, if the server mode end data is not included, the communication control unit 22 transmits the data transmitted from the IC chip 3 as response data to the server 1 (S316), Repeat the process.
As a result, the data from the IC chip 3 can be transmitted to the server 1 as it is.
[0069]
Next, detailed processing of the IC chip 3 when the mobile terminal 2 is in the server mode state will be described with reference to FIG.
In FIG. 13, when the mobile terminal 2 transmits a control command encrypted with the IC chip secret key 3 to the IC chip in the server mode, the control management unit 32 of the IC chip 3 receives the control command. Then, the encrypted control command is decrypted (S401).
At this time, the server 1 may transmit a combination of the IC chip control command data, the IC chip random number, and the server ID.
[0070]
Upon receiving the control command, the control management unit 32 determines whether the application program corresponding to the control command is in a controllable state, that is, whether the application program can be directly controlled via the security domain (S402). .
If the result of the determination is that control is not possible, an error is notified to the portable terminal 2 and the process is terminated (S403). Thereby, the portable terminal 2 automatically switches from the server mode to the client mode, and is notified to the server 1 to that effect.
[0071]
On the other hand, when the control is possible, the control management unit 32 determines whether the received control command corresponds to the control content set in advance in the control condition information (S404).
If the result of the determination is that the control content is not the preset control content, the mobile terminal 2 is notified of the control end, and the process ends (S405).
[0072]
When the result of the determination indicates that the control content is a preset control content, the control management unit 32 refers to the control condition information stored in the storage unit 30 and controls the notified IC chip control command. It is determined whether or not the condition is satisfied (S406). This process can be performed by the control management unit 32 determining whether or not it conforms to a control method such as the number of control commands, designated commands, designated data, and command order stored in the control condition information.
[0073]
As a result of the determination, when the control condition is not satisfied, the control management unit 32 counts up the reception of the illegal control command (S407).
Then, the control management unit 32 determines whether or not the counter value after the counter increment has exceeded a preset upper limit value (S408).
If the result of the determination is that the value does not exceed the upper limit value, the control management unit 32 proceeds to the above-described processing of S403 and notifies the portable terminal 2 of an error.
If the counter value exceeds the upper limit value, the control management unit 32 locks the control of the IC chip application program to disable the control (S409), shifts to the process of S403, and issues an error message to the portable terminal 2. Notify.
[0074]
When it is determined that the control command received in the above-described processing of S406 matches the control condition, a predetermined application program of the IC chip 3 executes a processing according to the control command (S410).
Then, the control management unit 32 determines whether or not all processing by the application program has been completed (S411).
As a result of the determination, if all the processes have not been completed, the control result is notified to the portable terminal 2 (S412). Thereby, the portable terminal 2 transmits the notified control result to the server 1 without any change.
When all the processes are completed as a result of the determination, the control management unit 32 returns the application program to an uncontrollable state (S413), and sends the control result to the portable terminal 2 as in the process of S412 described above. To end the process.
[0075]
In this way, the communication control unit 22 of the mobile terminal 2 acquires the control end time generated by the server 1 via the IC chip 3 and transmits the control end time from the server 1 to the IC chip 3 until this control end time. Since the control command is prohibited from being processed by the terminal application program and the control command is transmitted as it is to the IC chip as it is, even if the application program of the mobile terminal 2 is modified, etc. It is possible to prevent the control command from being changed into an unauthorized control command by an application program of the mobile terminal 2 and to perform an unauthorized process on the IC chip 3, thereby improving security.
In addition, since the control time can be safely set on the server 1 side, the control time can be appropriately changed according to the content of the processing, the type of the mobile terminal 2, and the like, and the security is enhanced.
Further, by dividing the time when the mobile terminal 2 is set to the server mode, it is possible to apply the time to the service that lends the time.
[0076]
Further, it is not necessary to always establish a session between the server 1 and the IC chip 3, and it is sufficient to establish a session between the server 1 and the IC chip 3 only until the control end time. However, even small network resources such as the mobile terminal 2 can be efficiently processed.
[0077]
In addition, the control end time notified from the server 1 is displayed on the display unit 202 of the mobile terminal 2, and information for confirming whether or not to consent to the execution of the process is output to the user, and the consent of the user is output. If the processing is performed after obtaining the information, it is possible to prevent the server 1 from arbitrarily accessing the IC chip 3 and performing the processing, for example, when the user information is stored in the IC chip 3. Thus, the privacy of the user can be protected.
Alternatively, the processing may be automatically performed by setting the consent of the user in the IC chip 3 or the portable terminal 2 in advance.
[0078]
When the session management unit 21 individually establishes a session with the server 1 or the IC chip 3 in the client mode, the server 1 or the IC chip 3 is authenticated based on a hash value based on predetermined unique information. As a result, authentication processing for easily establishing a session can be performed using the hash value. In addition, the mobile terminal 2 can easily authenticate a hash value of predetermined unique information such as a random number or an ID without the need for the mobile terminal 2 to constantly hold secret information, and establish a session without reducing the load on the mobile terminal 2. be able to.
[0079]
The control condition for executing the control command is stored in the storage unit 30 of the IC chip 3, and the control management unit 32 determines that the control command notified from the server 1 through the mobile terminal 2 becomes the control condition. Since the process based on the control command is executed after determining whether or not the command matches, even if the portable terminal 2 is operated improperly to always be in the server mode and an improper control command is input, By checking this on the IC chip 3 side, execution of an unauthorized command that is not set in advance can be prohibited, and security can be further improved.
[0080]
In the above-described embodiment, an example in which the server 1 is used as an external device has been described. However, the external device of the present invention is not limited to this. For example, a terminal equipped with a predetermined security module, A mobile terminal may be used.
[0081]
The computer program for the server 1, the mobile terminal 2, or the IC chip 3 of the present embodiment may be stored in a computer-readable medium (FD, CD-ROM, etc.) and distributed, or may be superimposed on a carrier wave for communication. Distribution via a network is also possible.
[0082]
【The invention's effect】
According to the present invention, an IC chip connected to a communication terminal can be safely and efficiently controlled by an external device via the communication terminal.
[Brief description of the drawings]
FIG. 1 is a schematic configuration diagram of an embodiment of a system to which an IC chip control system, a communication terminal, and a computer program according to the present invention are applied.
FIG. 2 is a functional block diagram of the system according to the embodiment;
FIG. 3 is an exemplary view showing an example of data stored in a storage unit of the server according to the embodiment.
FIG. 4 is an exemplary view showing an example of data stored in a storage unit of the mobile terminal according to the embodiment.
FIG. 5 is a view showing an example of data stored in a storage unit of the IC chip according to the embodiment.
FIG. 6 is a processing flow chart showing the overall processing flow of the system according to the embodiment;
FIG. 7 is a processing flow showing the entire processing flow of the system according to the present embodiment following FIG. 6;
FIG. 8 is a processing flow showing the overall processing flow of the system according to the present embodiment, following FIG. 7;
FIG. 9 is a processing flow showing a detailed processing flow when the portable terminal according to the embodiment is in a client mode.
FIG. 10 is a processing flow showing a detailed processing flow of the portable terminal according to the present embodiment following FIG. 9;
FIG. 11 is a processing flow showing a detailed processing flow when the portable terminal according to the embodiment is in the server mode.
FIG. 12 is a processing flow showing a detailed processing flow when the portable terminal according to the present embodiment is in the server mode, following FIG. 11;
FIG. 13 is a processing flow showing a detailed processing flow of the IC chip when the portable terminal according to the embodiment is in the server mode.
[Explanation of symbols]
1 server
2 Mobile terminals
3 IC chip
20 storage unit
21 Session Management Department
22 Communication control unit
23 Clock section
30 storage unit
31 Authentication / Session Management Department
32 Control management unit
201 Communication unit
202 Display
203 input section
204 memory
205 Reader / Writer
206 CPU
301 memory
302 CPU
303 communication unit

Claims (7)

An external device that generates a control command for causing the IC chip to execute a predetermined process, a portable communication terminal configured to be able to communicate with the external device, and holding an application program for performing the predetermined process; An IC chip configured to be connected or communicable with a mobile communication terminal, and to execute a predetermined process in response to a control command from the external device via the mobile communication terminal,
The external device generates a control end time for ending the control on the IC chip,
The portable communication terminal obtains a control end time generated by the external device, and prohibits processing by the application program on a control command transmitted from the external device to the IC chip until the control end time. Transmitting the control command to the IC chip as it is,
An IC chip control system, characterized in that: A storage unit configured to store a control condition for executing a control command;
The control command transmitted from the communication terminal as it is is determined whether or not the control condition matches the control condition stored in the storage unit. If the control command matches the control condition, a process based on the control command received from the server is performed. Having control means to execute
The IC chip control system according to claim 1. An external device that generates a control command for causing the IC chip to execute a predetermined process, and a communication terminal configured to be able to communicate with the IC chip that executes the predetermined process in response to the control command from the external device. So,
An application program for performing predetermined processing;
Obtaining the control end time generated by the external device, prohibits processing of the control program transmitted from the external device to the IC chip by the application program until the control end time, and transmits the control command to the IC. Communication control means for directly transmitting to the chip;
A communication terminal comprising: The communication control unit, when the control end time notified from the external device has elapsed, prohibits the external device from directly transmitting a control command to the IC chip,
The communication terminal according to claim 3. An output unit that displays the control end time notified from the external device and outputs information for confirming whether or not the user has consented to execution of the process,
The communication terminal according to claim 3. When individually establishing a session with the external device or the IC chip, further comprising an authentication processing unit that performs authentication of the external device or the IC chip based on a hash value based on predetermined unique information,
The communication terminal according to claim 3. An external device that generates a control command for causing the IC chip to execute a predetermined process; and an IC device that executes a predetermined process in response to a control command from the external device, and is configured to be communicable with the IC chip. A computer program for causing a computer to function as a communication terminal holding an application program for performing
Against the computer
A process of acquiring a control end time generated by the external device;
Until the acquired control end time, prohibiting processing by the application program for a control command transmitted from the external device to the IC chip, and transmitting the control command to the IC chip as it is,
A computer program that executes

Images