JP2015011498A - Sim card and access system of application program for portable terminal device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To quickly operate an application program for a portable terminal device.SOLUTION: Storage means in a SIM card provided in a portable terminal device comprises a card manager program, an issuer security domain ISD for managing communication between the portable terminal device and a communication provider side server and a security domain SDn for managing secure communication with servers other than the communication provider side server in the form of juxtaposition under the card manager program, and an application program which enables the portable terminal device to securely communicate with external apparatuses under the security domain SDn.

Description

  The present invention relates to a mobile terminal device application program access system for quickly accessing an application program in a SIM card installed in a mobile terminal device, and a SIM card used therefor.

  In recent years, mobile terminal devices such as smartphones of individual users have a near field communication (NFC) function, and the mobile terminal devices can have a function such as a credit card using the near field communication (NFC) function. It has become like this.

  When a mobile terminal device having such a proximity wireless communication (NFC) function is provided with an electronic payment function such as a credit card, the telecommunications carrier side uses the SIM card of the mobile terminal device as in Patent Document 1. An issuer security domain ISD that manages communication for performing secure communication with the server and an auxiliary security domain SD under the ISD have been set.

  Then, an application program such as an electronic payment application program under the auxiliary security domain SD under the issuer security domain ISD is stored in the storage means of the SIM card, and a portable terminal device having a near field communication (NFC) function The SIM card is mounted on the mobile terminal device and the application program is operated so that the portable terminal device has the same function as an electronic payment card such as a credit card.

Special table 2012-518350 gazette

  In the technology of Patent Document 1, an auxiliary security domain SD is installed under the SIM card issuer security domain ISD, an electronic payment application program is placed under the auxiliary security domain SD, and the application program is stored in the SIM card. I remembered.

  However, a normal SIM card and a mobile terminal device perform half-duplex serial communication, and the basic transmission rate is 9600 bits / second. Therefore, when a normal SIM card tries to communicate with an external device such as a payment accepting device in a store via a portable terminal device, there is a problem that the application program is read from the SIM card and operated at a low speed.

  An object of the present invention is to solve this problem and to promptly operate an application program for a mobile terminal device.

In order to solve the above problems, the present invention provides a card manager program in a storage means in a SIM card installed in a mobile terminal device, and a mobile terminal device and a telecommunications carrier side server under the card manager program. An issuer security domain ISD that manages the communication of the network and a security domain SDn that manages secure communication with a server other than the carrier side server are juxtaposed, and the portable terminal device is externally placed under the security domain SDn. An access system for an application program for a mobile terminal device, comprising an application program for performing secure communication with a device.

  In this way, by causing the application program under each security domain SDn to operate under the card manager program, it is not necessary to operate under the issuer security domain ISD, and the operation speed of the application program is increased. Can do.

  The present invention also provides an access system for an application program for a mobile terminal device as described above, wherein the application program is divided according to a security level, and a program portion having a high security level is stored in a storage means in the SIM card. An access system for an application program for a portable terminal device, wherein a low-level program part is stored in a storage means other than the SIM card.

  According to another aspect of the present invention, there is provided an access system for an application program for a mobile terminal device, wherein the storage means other than the SIM card is an external storage card. is there.

  Thus, by using an external storage card having a high communication speed, it is possible to increase the reading / operation speed of the application program.

  Further, the present invention is a SIM card installed in a mobile terminal device, the storage means in the SIM card, a card manager program, and under the card manager program, a mobile terminal device and a telecommunications carrier side server, An issuer security domain ISD that manages the communication of the network and a security domain SDn that manages secure communication with a server other than the carrier side server are juxtaposed, and the portable terminal device is externally placed under the security domain SDn. A SIM card characterized by comprising an application program for performing secure communication with a device.

  The present invention is also the above SIM card, wherein the application program is divided according to a security level, a program part having a high security level is stored in a storage means in the SIM card, and a program part having a low security level is stored in the SIM card. It is a SIM card characterized by being stored in a storage means other than a SIM card.

  The present invention is also the above SIM card, wherein the storage means other than the SIM card is an external storage card.

  According to the present invention, the SIM card installed in the mobile terminal device is provided with a card manager program for controlling the reading and writing of the security domain, and the issuer manages communication with the carrier side server under the card manager program. A security domain ISD and a security domain SDn that manages secure communication with other servers are juxtaposed, and an application program that performs secure communication with other servers and external devices is provided under those security domains.

  The application program under the security domain of the SIM card divides the program part according to the security level, stores the program part with a high security level in the storage means in the SIM card, and stores the program part with a low security level. The data is stored in a storage unit other than the SIM card.

  By doing so, a large-scale application program and a large number of application programs can be supplied by placing them in a storage means such as an external storage card card under the security domain of the SIM card, and secure operation can be performed. There is an effect that can be executed.

  In addition, this makes it possible to use an external storage card with a high communication speed, so that a process that has conventionally required a lot of time for communication with a SIM card with a low communication speed can be performed. There is an effect that the operation speed of the application program can be increased by switching to the communication with the card for the fast external storage card.

It is a figure which shows schematic structure of the access system of the application program for portable terminal devices of embodiment of this invention. It is a figure which shows schematic structure of the portable terminal device of embodiment of this invention. It is a figure which shows schematic structure of the SIM card | curd of embodiment of this invention. It is a figure which shows schematic structure of the application provision server of embodiment of this invention. It is a flowchart which shows the procedure in which the communication carrier side server of embodiment of this invention issues a SIM card. It is a flowchart which shows an example of the procedure of the purchase price payment process in the case of purchasing goods in a shop using the portable terminal device carrying the SIM card of embodiment of this invention.

<First Embodiment>
Hereinafter, an access system for an application program for a mobile terminal device according to the first embodiment will be described with reference to FIGS. 1 to 6.

(Schematic configuration of an access system for application programs for portable terminal devices)
FIG. 1 is a diagram showing a schematic configuration of an access system for an application program for a mobile terminal device according to the present embodiment.

  The mobile terminal device application program access system of the present embodiment shown in FIG. 1 is such that an individual user uses the mobile terminal device 3 to perform secure communication with the telecommunications carrier server 1, and the mobile terminal device. 3 has a function of performing electronic payment by performing secure communication with the deposit management server 2a of the financial institution used by the individual user.

  In particular, the mobile terminal device 3 is provided with a proximity wireless communication (NFC) function, and the proximity wireless communication (NFC) function is used to purchase the product by performing secure communication with the payment accepting device 4 of the product sales store. Provide electronic payment functions such as credit card functions.

  A SIM card 33 and an external storage card 34 are installed in the mobile terminal device 3. The carrier 1 issues a SIM card 33 for the portable terminal device 3 and the carrier 1 server 1 manages the deposit of a financial institution used by an individual user in order to give the SIM card 34 an electronic payment function. A message requesting arrangement for setting of the electronic settlement function is transmitted to the server 2a.

  Upon receiving the request, the deposit management server 2a of the financial institution creates an application program for electronic settlement and a program of the security domain SD1 for storing and managing the application program for the application providing server 2, and the carrier side server Request to send to 1.

  The application providing server 2 is not limited to a server that provides an application program for electronic payment, and the application providing server 2 that provides other application programs to the SIM card 33 of the mobile terminal device 3 can also be used.

  The application providing server 2 performs secure messaging with the telecommunications carrier side server 1 and performs mutual authentication, and then the security domain SD1 for storing the electronic payment application program in the telecommunications carrier side server 1 and the electronic payment side server 1 An application program is transmitted, and a command for personalizing the security domain SD1 is transmitted to the carrier side server 1.

  The telecommunications carrier server 1 issues a SIM card 33 storing an electronic payment application program received from the application providing server 2 and an external storage card 34 to the mobile terminal device 3 of the individual user.

  Then, the telecommunications carrier server 1 delivers the SIM card 33 to which the electronic settlement function is provided and the portable terminal device 33 in which the external storage card 34 is installed to the individual user to be used by the individual user.

(Mobile terminal device)
FIG. 2 shows the mobile terminal device 3 of the present embodiment. As shown in FIG. 2, the mobile terminal device 3 includes a communication unit 31, a control unit 32, a SIM card 33, an external storage card 34, a random access memory (RAM) 35, a read only memory (ROM) 36, and a nonvolatile memory. Internal memory 37.

  The portable terminal device 3 operates with a control program stored in a read only memory (ROM) 36 and a nonvolatile internal memory 37. The mobile terminal device 3 operates under the control of a main program that operates under the operating system OS (the main program may be named UIApplicationMain depending on the type of smartphone).

  When the mobile terminal device 3 performs communication processing, the issuer security domain ISD program stored in the nonvolatile storage means 13 of the SIM card 33 is operated and stored in the storage means under the issuer security domain ISD. The communication program server 1 communicates with the application program.

  In addition, the storage means under the program of the security domain SD1 stored in the nonvolatile storage means 13 of the SIM card 33 so that the mobile terminal device 3 can be used for processing to perform secure communication such as electronic payment by communicating with an external device. In addition, an application program such as an electronic payment application program is stored.

  The application program such as the electronic payment application program is operated under the security domain SD1. An application program for electronic settlement can be operated by communicating with an external device such as the deposit management server 2a of the financial institution. In that case, the deposit management server 2a of the financial institution to which the individual user of the mobile terminal device 3 subscribes and the security domain SD1 of the SIM card 33 of the mobile terminal device 3 perform secure communication and perform mutual authentication.

In addition, the security domain SD1 of the SIM card 33 of the mobile terminal device 3 can communicate with an external device such as the payment accepting device 4 of the store where the product is sold, and can operate an application program for electronic settlement. In that case, the SIM card 33 operates an application program for electronic payment stored in the storage means under the security domain SD1, and performs secure communication with the payment accepting apparatus 4 of the store by the program of the security domain SD1. The electronic payment processing related to the purchase of the product is performed after mutual authentication with the payment accepting apparatus 4 of FIG.

(SIM card)
FIG. 3 is a diagram showing the configuration of the SIM card 33 of this embodiment. The SIM card 33 includes an interface unit 11 for exchanging data and messages with the mobile terminal device 3, a control unit 12 such as a microprocessor, a volatile memory RAM, a read only memory ROM, an EEPROM (Electrically Erasable and Programmable ROM) and non-volatile storage means 13 including a non-volatile memory group such as a flash memory.

  As an example of the SIM card 33, there is a USIM (Universal Subscriber Identity Module) card adopted in a third generation mobile phone. The SIM card 33 performs secure authentication processing and mutual authentication processing between external devices and processing operations of other application programs by the control means 12 executing a program stored in the storage means.

  The SIM card 33 is installed in the mobile terminal device 3 by a communication carrier such as a telephone carrier and provided to an individual user. Further, the control means 12 of the SIM card 33 operates a card OS control program which is an operating system (OS). The control program of the card OS is stored in the nonvolatile storage means 13 of the SIM card 33.

(Security domain)
Further, the non-volatile storage means 13 of the SIM card 33 stores an issuer security domain ISD (Issuer Security Domain) that is an application program that mainly manages storage of functions for individual users to use the telephone.

(Issuer security domain ISD)
The issuer security domain ISD manages a storage area in the SIM card 33, and stores SIM card attribute information and an authentication processing program for recording an authentication method for ensuring security under the management.

  In the SIM card attribute information, identification information such as a card name and a card ID number for identifying the SIM card 33 of the mobile terminal device 3 unique to the SIM card 33 associated with the telephone number and the SIM card 33 are mounted. The identification information such as the OS name and version number for identifying the card OS is recorded.

  Further, in response to a request from the card manager program CM, the issuer security domain ISD notifies the card manager program CM of secret data necessary for the card manager program CM to prove its validity.

(Card manager program CM)
The card manager program CM is stored in the nonvolatile storage means 13 of the SIM card 33. The card manager program CM is an application management program higher than the issuer security domain ISD that personalizes communication of the mobile terminal device 3, and controls the access to the ISD under the issuer security domain ISD.

Furthermore, the card manager program CM places security domains SD1, SD2, and SDn other than the issuer security domain ISD under the control of the card manager program CM, and controls access to the security domain SDn, and the SIMs of the security domains SD1, SD2, and SDn. Management of addition / deletion to / from the card 33. Hereinafter, matters common to the security domains SD1, SD2, and SDn will be described by using the security domain SDn or SD1 as a representative.

  The issuer security domain ISD and each security domain SDn under the card manager program CM manage the application for which they are responsible, and the processing when the application program is stored in the mobile terminal device 3 is processed in the security domain SDn. Under supervision.

  Among these application management programs, the card manager program CM and the issuer security domain ISD are installed in the SIM card from the time when the SIM card 33 is issued.

(Security domains SD1, SD2, SDn)
The security domains SD1, SD2, and SDn under the card manager program CM other than the issuer security domain ISD have a function of performing management for adding / deleting application programs under those security domains. Has a function of causing the external device to perform secure messaging processing and performing mutual authentication between the external device and the security domain.

  The security domains SD1, SD2, and SDn are used, for example, as functional units that perform electronic settlement based on ISO / IEC14443typeA or typeB, or as functional units that operate as IC identification cards.

  Each of the security domains SD1, SD2, and SDn is an application management program that securely manages the application program loading, deletion, and access to the mobile terminal device 3, but is similar to the card manager program CM and the issuer security domain ISD. The SIM card 33 can be mounted on the SIM card 33 from the time it is issued.

  Further, after the SIM card 33 is issued and the SIM card 33 is installed in the mobile terminal device 3 and delivered to the individual user, any one of the security domains SD1, SD2, and SDn is stored in the nonvolatile storage of the SIM card 33. It can also be stored in the means 13.

  For example, the application providing server 2 can create a new security domain SDn in the SIM card 33 in the mobile terminal device 3 via the mobile terminal device 3 by wireless communication (OTA: over the air). For example, the security domain SD1 can be mounted on the SIM card 33 from the time of issuing the SIM card 33, and the SDn can be written to the SIM card 33 from the security domain SD2 after the SIM card 33 is issued.

  Each security domain ISD and SD1 to SDn are provided with a secure messaging processing program 301 which is an authentication processing program for creating a secure environment with the application providing server 2. In the secure messaging processing program 301, a secure messaging key 301a for performing secure messaging with the application providing server 2 is recorded.

  The secure messaging processing program 301 encrypts a communication message between the mobile terminal device 3 and the application providing server 2 with the secure messaging key 301a, and stores a program for performing secure communication with the application providing server 2. To do.

Further, an application addition / deletion processing program 302 is provided in each security domain SD1 to SDn. The program of the application addition / deletion processing program 302 receives application program data transmitted from the application providing server 2 to the portable terminal device 3 from the control means 32 of the portable terminal device 3 based on a command (command) of the application providing server 2. A process of writing to the security domain SDn of the SIM card 33 and a process of deleting application program data from the security domain SDn are performed.

  In the present embodiment, the SIM card 33 has an issuer security domain ISD and security domains SD1, SD2, and SDn juxtaposed thereto under the card manager program CM. Therefore, for example, the payment accepting device 4 of the store that is going to access the electronic payment security domain SD1 of the SIM card 33 does not obtain the approval of the carrier side server 1 having the authority to access the issuer security domain ISD. The security domain SD1 of the SIM card 33 of the mobile terminal device 3 can be accessed.

  Accordingly, there is an effect that the electronic payment processing can be quickly performed by operating the application program for electronic payment under the security domain SD1 of the SIM card 33 without going through the issuer security domain ISD.

(Division by application program security level)
Here, the program of each security domain SDn receives from the application providing server 2 a program group obtained by dividing the application program according to the security level.

  Next, the security domain SDn stores the application program portion 303 with a high security level in the nonvolatile storage means 13 of the SIM card 33. The program portion having a low security level is stored in the nonvolatile internal memory 37 or the external storage card 34 of the mobile terminal device 3.

(App provision server)
FIG. 4 shows a schematic configuration of the application providing server 2 of the present embodiment. As shown in FIG. 4, the application providing server 2 of this embodiment includes an external interface unit 23 that performs data communication with a control unit 21, a storage device 22, and a line such as the Internet.

  The storage device 22 of the application providing server 2 stores a server OS of an operating system program of the application providing server, a secure messaging processing program 221, an application personalization information storage table 222, and an application program storage unit 223.

  The application providing server 2 shares key information for secure messaging for the security domains with the security domains ISD, SD1, SDn, etc. of the SIM card 33 of the mobile terminal device 3. The secure messaging processing program 221 of the application providing server 2 is a processing program that performs secure messaging with the mobile terminal device 3 using the secure messaging key information.

  Further, the secure messaging processing program 221 of the application providing server 2 acquires key information for secure messaging with the telecommunications carrier server 1 from the issuer security domain ISD of the SIM card 33, so that the telecommunications carrier server 1 and secure messaging can be performed.

The application personalization information storage table 222 of the application providing server 2 stores the SIM of the mobile terminal device 3 for each application program provided to the SIM card 33 of the mobile terminal device 3.
The key information used when performing secure messaging with the security domain SDn in the card 33, the card OS operating system name and version number of the SIM card 33, and the card application such as the name of the individual user and its subordinates. Information for personalizing the security domain SDn to be managed.

(Division by application program security level)
The application program storage unit 223 of the application providing server 2 stores an application program that the application providing server 2 provides to the SIM card 33 of the mobile terminal device 3. In particular, the application providing server 2 divides an application program to be provided to the SIM card 33 of the mobile terminal device 3 according to the security level to create a group of application program parts.

  That is, the application providing server 2, for example, divides the application program of the mobile terminal device 3 to be managed by the security domain SD1 of the SIM card 33 into a plurality of parts according to the security level and stores it in the application program storage unit 223. In addition, information on the security level associated with the program group divided according to the security level is also stored in the application program storage unit 223.

The security levels can be classified into the following levels in ascending order of security levels, for example:
(Level 1) Public information.
(Level 2) Personal privacy information, credit card expiration date information.
(Level 3) Personal information, financial institution account information.

  Information on the security level of level 1 is scheduled to be stored in the external storage card 34 of the mobile terminal device 3 after being transmitted from the application providing server 2 to the carrier server 1, and information on the security level of level 2 or higher. Is scheduled to be stored in the nonvolatile storage means 13 of the SIM card 33. In particular, the security management of the level 3 is scheduled to be tightened by incorporating it into the program of the security domain SD1 of the SIM card 33.

  The application providing server 2 performs secure messaging with the telecommunications carrier server 1 that issues the SIM card 33 of the mobile terminal device 3, and after mutual authentication with the telecommunications carrier server 1, from the telecommunications carrier server 1, The SIM card attribute information related to the issuer security domain ISD under the card manager program CM of the SIM card 33 is received.

  The SIM card attribute information is stored in the issuer security domain ISD of the SIM card 33 for identifying the SIM card 33 to be added or personalized when the application program is added or personalized to the SIM card 33. Information including identification information such as a card name and a card ID and identification information such as an OS name and a version number for identifying a card OS mounted on the SIM card 33.

(Procedure for issuing SIM card with security domain SD1)
Before the mobile terminal device 3 in which the SIM card 33 is installed is distributed to the individual users, the carrier side server 1 creates a security domain SD1 in the SIM card 33, and the SIM card 33 and the dedicated external storage card 34 Can be issued.

  In this case, as shown in the flowchart of FIG. 5, the communication carrier side server 1 communicates with the deposit management server 2a and the application providing server 2 of the financial institution, so that the SIM card 33 and the dedicated external storage card 34 are Issue.

Issuer security domain ISD issue processing (step S101)
First, the telecommunications carrier side server 1 creates the program data of the issuer security domain ISD unique to each SIM card 33, and associates the program data with the personal user data of the individual user who reserved the issuance of the SIM card. At the same time, it is stored in the storage means of the carrier side server 1.

  The program data of the issuer security domain ISD includes a security domain key 302a of the issuer security domain ISD and a secure messaging key 301a of the ISD.

  The carrier side server 1 later records the data of the issuer security domain ISD on the SIM card 33 together with the card manager program CM of the SIM card 33, and issues the SIM card 33.

Electronic payment function setting request (step S102)
When the communication carrier has received a reservation for giving an electronic payment function to the mobile terminal device 3 from a partner individual user who supplies the SIM card 33 storing the issuer security domain ISD, the following processing is performed. Do.

  That is, the telecommunications carrier server 1 notifies the secure management key 301a of the issuer security domain ISD of the SIM card 33 of the individual user to the deposit management server 2a of the financial institution used by the individual user. Then, a message requesting the deposit management server 2a to arrange for setting of the electronic payment function to the SIM card 33 having the ISD is transmitted.

Arrangement for creation of security domain SD1 (step S103)
The deposit management server 2a of the financial institution entrusts the application providing server 2 with a service for creating a program for the security domain SD1 by the following processing.

  The application providing server 2 receives this request from the deposit management server 2a, authenticates the carrier side server 1, and creates a program for the security domain key 302a and the security domain SD1 as follows. Then, the application providing server 2 transmits the data of the program of the security domain SD1 and the data of the application program such as the application program for electronic settlement under the security domain SD1 to the carrier side server 1.

(Step S104)
The application providing server 2 requests the personal user data of the SIM card 33 from the carrier side server 1 by secure messaging using data encrypted using the shared secret method. The personal user data can include, for example, the name of a personal user, a personalization code, or a PIN, telephone number, and the like.

(Step S105)
In response to the request from the application providing server 2, the communication carrier side server 1 transmits the personal user data of the SIM card 33 to the application providing server 2. Then, the telecommunications carrier-side server 1 sends application program data such as the security domain SD1 program, the security domain key 302a, and the application program for electronic settlement under the security domain SD1 to the application providing server 2. Request to be sent.

(Step S106)
Further, the application providing server 2 uses the data of the issuer security domain ISD unique to the SIM card 33, the ID information of the SIM card 33, the ID information of the security domain SD1 stored in the SIM card 33, and the security An application personalization information storage table 222 in which the security domain key 302a created for the domain SD1 and the operating system name and version number of the processing program of the SIM card 33 are registered is created and stored in the storage device 22.

  The security domain key 302a of the security domain SD1 is used to create and personalize the security domain SD1, which is an application program for installing and managing application software such as an electronic payment function provided by the application providing server 2 in the mobile terminal device 3. Is done.

  Further, the application providing server 2 notifies the deposit management server 2a that will communicate with the SIM card 33 later on, in the data of the application personalization information storage table 222.

(Step S107)
Next, the application providing server 2 sends the security domain key 302a for the security domain SD1 and application programs such as electronic payment application data and electronic payment personalization data managed by the security domain SD1 to the communication carrier side server 1. Send.

  The application providing server 2 notifies the telecommunications carrier server 1 of the program part for each security level obtained by dividing the application program according to the security level, together with the security level information associated therewith, and transmits it.

(Step S108)
The carrier side server 1 writes the card manager program CM to the medium of the SIM card 33, writes the issuer security domain ISD program under the card manager program CM, and receives the security domain key received from the application providing server 2 302a and the program of the security domain SD1 are written.

(Step S109) Processing Procedure for Writing Application Program Next, the carrier server 1 manages the personalized security domain SD1 in the storage means under the security domain SD1 of the SIM card 33 as follows. Write application programs such as electronic payment application data and electronic payment personalization data.

  The storage means under the security domain SD1 includes the non-volatile storage means 13 in the SIM card 33, the external storage card 34, and the non-volatile internal memory 37 of the mobile terminal device 3, of which the SIM card 33 If the non-volatile storage means 13 and the external storage card 34 are created, the card in which the application program is written can be quickly obtained independently of the preparation of the portable terminal device 3 provided to the individual user by the communication carrier. There is an effect that can be created and provided.

  That is, the telecommunications carrier server 1 writes the application program under the security domain SD1 of the SIM card 33 into the SIM card 33 with a highly confidential program part, and writes the less confidential program part into a dedicated external storage card. 34 is written.

  First, the telecommunications carrier side server 1 designates a predetermined security domain SD1 of the SIM card 33, performs secure message communication with the program of the secure messaging processing program 301 of the security domain SD1, and the SIM card 33 And mutual authentication.

  Then, the telecommunications carrier-side server 1 changes the processing of the application program to be written to the SIM card 33 and the dedicated external storage card 34 for each security level, and changes the application program portion 303 with a high security level. The data is stored in the nonvolatile storage means 13 in the SIM card 33 under the security domain SD1 of the SIM card 33.

  Then, the telecommunications carrier server 1 writes the application program portion having a lower security level in a predetermined storage area of the external storage card 34 associated with the security domain SD1.

  As a result, the application program managed by the program of the security domain SD1 is divided and written into the SIM card 33 and the external storage card 34.

  That is, the telecommunications carrier-side server 1 writes the application program portion 303 having a high security level by performing data communication with a normal SIM card 33 through half-duplex serial communication with a basic transmission rate of 9600 bits / second.

  Then, the telecommunications carrier-side server 1 converts the application program portion having a lower security level into high-speed data such as an SD card having communication of 10 Mbyte / second to 104 Mbyte / second, or 2 Gbit / second, for example. Write to a dedicated external storage card 34 that can communicate.

  As a result, there is an effect that the speed of writing the application program to the SIM card 33 or the like that the carrier side server 1 should deliver to the individual user can be greatly improved.

  The communication carrier installs the SIM card 33 in which the application program is stored and the external storage card 34 in the mobile terminal device 3, and delivers the mobile terminal device 3 to the individual user.

  In the present embodiment, the carrier side server 1 divides and stores application programs in the SIM card 33 and the external storage card 34, stores them in the mobile terminal device 3, and supplies them to the individual user. Thus, it is possible to provide a plurality of large-capacity application programs with a short writing time.

  In addition, the application program portion written in the external storage card 34 has a communication speed at which the mobile terminal device 3 reads the program portion from the external storage card 34, which is much higher than the time required for reading the data in the SIM card 33. Since the reading speed is high, an application program under the security domain SD1 can be quickly operated.

(Execution of application program managed by security domain SD1)
A mobile terminal equipped with a SIM card 33 storing a security domain SD1 and an application program part managed by the user, and an external storage card 34 storing an application program part managed by the security domain SD1 Device 3 is used.

  That is, the mobile terminal device 3 operates an application program for electronic settlement under the security domain SD1 and communicates with the payment accepting device 4 in the store via near field wireless communication (NFC), such as a credit card or a debit card. The payment process for the purchase price for purchasing goods or services is performed in the same manner as described above.

  Or the portable terminal device 3 can also perform the payment process of the purchase price of a public transport ticket.

  Here, the card manager program CM stands up above the security domain SD1 in the process of paying for the purchase of the product by executing the application program for electronic settlement under the security domain SD1 of the SIM card 33, Control and control the execution of the program.

  FIG. 6 shows an example of the procedure of purchase price payment processing when purchasing a product at a store using the mobile terminal device 3 equipped with the SIM card 33 in which an application program for electronic payment is set under the security domain SD1. It is a flowchart to show.

(Step S201) Deposit withdrawal process The individual user of the portable terminal device 3 can use the application program for electronic payment stored in the external storage card 34 and the SIM card 33 under the security domain SD1 of the SIM card 33. Is read and operated.

(Step S202)
Then, the application program for electronic settlement operates the issuer security domain ISD program of the SIM card 33 from the card manager program CM of the SIM card 33 in the deposit withdrawal process to communicate with the carrier side server 1. Do what you want to do

  That is, the issuer security domain ISD program of the SIM card 33 performs secure messaging with the carrier side server 1 using the secure messaging key 301a of the ISD, and sends it to the deposit management server 2a of the financial institution to the carrier. By making communication from the side server 1, the deposit management server 2a is made to authenticate its own SIM card 33.

  Then, the card manager program CM of the SIM card 33 accesses the deposit management server 2a of the financial institution via the carrier side server 1.

(Step S203)
Next, the deposit management program of the application program for electronic settlement under the security domain SD1 of the SIM card 33 shares the security domain key 302a of the security domain SD1 of the SIM card 33 with the deposit management server 2a, and the deposit management server Secure messaging with 2a and deposit withdrawal processing.

That is, the security domain SD1 of the SIM card 33 transmits a message encrypted with the security domain key 302a to the deposit management server 2a, and the encrypted data received from the deposit management server 2a is decrypted with the security domain key 302a. By performing the messaging process, the security domain SD1 is changed to the deposit management server 2a.
Let them authenticate.

  Here, the deposit management server 2a sends the ID information of the SIM card 33 and the ID of the security domain SD1 to be stored in the SIM card 33 from the application personalization information storage table 222 notified and stored from the application providing server 2. Information, the security domain key 302a created for the security domain SD1, and the operating system name and version number of the processing program of the SIM card 33 are read out.

  The deposit management server 2a performs secure messaging processing with the security domain SD1 of the SIM card 33 of the portable terminal device 3 using the security domain key 302a, and authenticates the security domain SD1 of the SIM card 33.

(Step S204)
Next, the deposit management program of the application program for electronic settlement withdraws the scheduled usage amount from the deposit account of the individual user managed by the deposit management server 2a as the deposit withdrawal process. Then, the scheduled usage amount is stored in the scheduled usage amount storage means of the security domain SD1 of the SIM card 33 of the mobile terminal device 3.

(Step S205)
The deposit management server 2a pays out the scheduled usage amount of the individual user from the customer account to the security domain SD1 of the SIM card 33, and stores the payout amount in the storage means of the deposit management server 2a.

  Further, the deposit management server 2a can receive and store the updated part of the electronic payment application program from the electronic payment application providing server 2 in advance as necessary. Then, when the deposit management server 2a communicates the SIM card 33 with the scheduled usage amount of the individual user, the updated portion of the electronic payment application program may be transmitted to the mobile terminal device 3 in addition to the data. good.

  The deposit management server 2a divides the update part of the electronic payment application program according to the security level, and the program part for each security level is stored together with the security level information associated with the portable terminal device. 3 to send.

  The application program portion for each security level received by the mobile terminal device 3 is managed by the program in the security domain SD1 of the SIM card 33. That is, the security domain SD1 writes the application program portion 303 with a high security level in the nonvolatile storage means 13 in the subordinate SIM card 33. Then, the application program portion having a low security level is written into the external storage card 34 or the nonvolatile internal memory 37 of the mobile terminal device 3.

(Product purchase processing)
Next, the customer's mobile terminal device 3 communicates with the payment accepting device 4 of the store using the proximity wireless communication (NFC) function, and purchases a product within the range of the scheduled usage amount stored in the scheduled usage amount storage means. Process the purchase price.

(Step S301)
When purchasing a product, an individual user of the mobile terminal device 3 downloads an application program for electronic payment stored in the external storage card 34 and the SIM card 33 under the security domain SD1 of the SIM card 33. Read and operate.

(Step S302)
Then, the electronic payment application program causes the card manager program CM of the SIM card 33 mounted on the mobile terminal device 3 to control data transmission / reception processing by near field communication (NFC) in the product purchase processing.

  When receiving a request from the application program, the card manager program CM of the SIM card 33 performs a process of performing secure messaging with the payment accepting apparatus 4 in the store.

  The SIM card 33 transmits the secure messaging key 301a of the security domain SD1 for electronic settlement and the deposit account information of the customer's encrypted transaction financial institution to the payment accepting apparatus 4 at the store.

  The store payment accepting apparatus 4 communicates with the deposit management server 2a of the financial institution using the secure messaging key 301a received from the SIM card 33 by the secure messaging, and the customer's encrypted transaction financial institution's deposit account The information is authenticated by the deposit management server 2a of the financial institution.

  That is, the store payment acceptance apparatus 4 transmits a message encrypted with the secure messaging key 301a of the security domain SD1 of the SIM card 33 to the deposit management server 2a of the financial institution, and from the deposit management server 2a of the financial institution. A secure messaging process for decrypting the received encrypted data with the secure messaging key 301a is performed.

  Then, the store payment accepting apparatus 4 receives information indicating that the SIM card 33 has been authenticated from the deposit management server 2a of the financial institution, so that the store payment accepting apparatus 4 confirms the validity of the customer's deposit account information. Then, the SIM card 33 of the mobile terminal device 3 is authenticated.

(Step S303)
Then, the security domain SD1 of the SIM card 33 of the portable terminal device 3 is stored in the store payment acceptance device 4 from the deposit management server 2a of the financial institution according to the information received by the store payment acceptance device 4 from the deposit management server 2a of the financial institution. It is confirmed that the normal communication can be performed, and the payment acceptance device 4 in the store is authenticated.

  In this way, the SIM card 33 of the portable terminal device 3 and the store payment acceptance device 4 perform mutual authentication via the deposit management server 2a of the financial institution.

  In the mutual authentication between the SIM card 33 of the mobile terminal device 3 and the payment acceptance device 4 of the store, the security domain SD1 of the SIM card 33 mainly reads the program portion stored in the external storage card 34 and performs processing. Do. Therefore, in this mutual authentication process, there is an effect that the operation speed of this mutual authentication can be increased by using the high-speed communication operation of the external storage card 34.

(Step S304)
Next, the security domain SD1 receives the billed amount of the purchased product from the payment accepting device 4 in the store, and calculates the remaining amount obtained by subtracting the billed amount from the scheduled use amount stored in the planned use amount storage unit of the security domain SD1. Then, the purchase price payment processing stored in the usage plan amount storage means as the new usage plan amount is performed.

(Step S305)
The store payment accepting apparatus 4 performs merchandise sales processing by purchase price payment processing performed with the security domain SD1 of the SIM card 33.

(Step S306)
Thereafter, the store payment accepting apparatus 4 charges the amount of the product from the customer's deposit account to the deposit management server 2a of the customer's transaction financial institution received from the security domain SD1 of the customer's SIM card 33. I do.

(Step S307)
The deposit management server 2a of the financial institution performs a settlement process of subtracting the amount charged from the store payment accepting apparatus 4 from the customer's deposit account balance and transferring it to the transfer account designated by the store payment accepting apparatus 4.

  As described above, in this embodiment, the security domain SD1 of the SIM card 33 is created, and the scheduled usage amount is previously extracted from the deposit account of the financial institution and stored in the scheduled usage amount storage unit of the security domain SD1.

  When the individual user uses the mobile terminal device 3 to communicate with the store payment accepting device 4 and purchases a product, within the range of the scheduled usage amount of the scheduled usage amount storage means of the security domain SD1 of the SIM card 33 To process the payment for the purchase of the product.

  As described above, in this embodiment, the electronic payment application program that is operated at the time of purchase of a product reads much less than the time required to read the data of the SIM card 33 when the security level is low. There is an effect that the application program can be promptly operated by being stored in the external storage card 34 having a high speed and being read and executed by the portable terminal device 3. Thereby, there is an effect that the purchase price payment processing can be performed promptly.

  In addition, this invention is not limited to the above embodiment, The application program 2 can also provide application programs other than the application program for electronic payments.

  In addition, the security domain SDn is newly set via the mobile terminal device 3 by wireless communication (OTA: over the air) to the SIM card 33 of the mobile terminal device 3 after being delivered from the application providing server 2 to the individual user. The application program part created and divided by the security level can be stored in the storage means under the security domain SDn.

  Further, when the application program is divided into information to be stored in the nonvolatile storage means 13 of the SIM card 33 and information to be stored in the external storage card 34 according to the security level, the communication speed is slowed because the application program is stored in the SIM card 33. The program can be divided and stored in the external storage card 34 so as to increase the communication speed by storing the program portion in the external storage card 34.

DESCRIPTION OF SYMBOLS 1 ... Carrier side server 2 ... Application provision server 2a ... Deposit management server 3 ... Mobile terminal device 4 ... Payment acceptance device 11 ... Interface part 12 ... Control means 13 ... Non-volatile storage means 21 ... Control means 22 ... Storage device 23 ... External interface unit 31 ... Communication means 32 ... Control means 33 ... SIM card 34 ... External storage Card 35 ... RAM
36 ... ROM
37... Nonvolatile internal memory 221... Secure messaging processing program 222... Application personalization information storage table 223... Application program storage unit 301... Secure messaging processing program 301 a. 302 ... Application addition / deletion processing program 302a ... Security domain key 303 ... Application program part CM ... Card manager program SD1, SD2, SDn ... Security domain application program

Claims (6)

  In the storage means in the SIM card installed in the mobile terminal device, a card manager program, an issuer security domain ISD for managing communication between the mobile terminal device and the carrier side server under the card manager program, A security domain SDn that manages secure communications with servers other than the carrier side server is juxtaposed, and an application program is provided that allows the mobile terminal device to perform secure communications with external devices under the security domain SDn. An access system for an application program for a portable terminal device.   2. The access system for an application program for a portable terminal device according to claim 1, wherein the application program is divided according to a security level, and a program part having a high security level is stored in a storage means in the SIM card, so that the security level is low. An access system for an application program for a portable terminal device, wherein the program portion is stored in a storage means other than the SIM card.   3. The access system for an application program for a mobile terminal device according to claim 2, wherein the storage means other than the SIM card is an external storage card.   A SIM card installed in a portable terminal device, in which a card manager program is stored in a storage means in the SIM card, and issuance for managing communication between the portable terminal device and a telecommunications carrier server under the card manager program Network security domain ISD and security domain SDn for managing secure communications with servers other than the carrier server, and secure communication with external devices under the security domain SDn. A SIM card comprising an application program to be executed.   5. The SIM card according to claim 4, wherein the application program is divided according to a security level, a program part with a high security level is stored in a storage means in the SIM card, and a program part with a low security level is stored in a part other than the SIM card. A SIM card stored in the storage means.   6. The SIM card according to claim 5, wherein the storage means other than the SIM card is an external storage card.

Images