JP4184751B2 - IC card and application program selection method in IC card - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an IC card capable of executing a plurality of application programs (hereinafter simply referred to as applications), and more particularly to switching of a plurality of applications.
[0002]
[Prior art]
Conventionally, an IC card capable of executing a plurality of application programs such as JavaCard (registered trademark of Sun Microsystems) and Multis attaches a unique identifier of 5 to 16 bytes called AID for each application in accordance with ISO 7816-4. After selecting an application by AID, a procedure for instructing subsequent processing is taken.
[0003]
For example, to perform a credit payment process, first select a credit application as “SELECT FILExxxx” (xxx is the AID of the credit application), and then send an authentication command or payment command from the terminal to the card. The command is passed to the selected credit application
The AID is an identifier of 5 to 16 bytes given by a registration system so that there is no duplication in the country and the world, and the application can be uniquely specified by the AID.
[0005]
IC cards connect to networks, especially the Internet, via various devices such as mobile phones, personal digital assistants (PDAs), and information appliances, and communicate using TCP / IP, the standard Internet protocol. By doing so, it is possible to widen the application range.
[0006]
However, in order for an IC card capable of executing a plurality of applications to perform communication using TCP / IP, it is necessary to specify an application using an IP address and a port number used in TCP / IP.
[0007]
In TCP / IP, a device such as a computer or a mobile phone is specified by an IP address, and an application operating on the device is specified by a port number. A single application may use multiple ports.
[0008]
Since a conventional IC card performs communication with a terminal device such as an IC card reader / writer in accordance with ISO 7816, communication using TCP / IP cannot be performed. Therefore, the terminal device interprets TCP / IP and uses a dedicated IC card. You have to add software that translates into commands.
[0009]
For this reason, proposals for placing TCP / IP on ISO 7816-3, which is a lower layer of ISO 7816, have been made for the Internet Engineering Task Force (IETF) (see Non-Patent Document 1, for example).
[0010]
However, in the above proposal, since the communication protocol is mainly implemented, there is a problem that switching of a plurality of applications by AID defined by ISO7816-4 which is an upper layer of ISO7816 is not considered.
[0011]
Also, an experimental protocol called SmartTP that simplifies TCP / IP on ISO7816 and further considers application switching has been proposed to the IETF (see, for example, Non-Patent Document 2).
[0012]
However, in SmartTP, each application is called an agent and is distinguished by attaching a 2-byte agent number. Unlike ISO 7816-4, which can be distinguished by an AID of 5 to 16 bytes, it is not compatible. There is a problem.
[0013]
[Non-Patent Document 1]
Mobile-Mind, “IP and ARP over ISO 7816”, [online], January 2001, [October 12, 2002 search], Internet <URL http://www.scdk.com/draft-guthery -ip7816-01.txt>
[Non-Patent Document 2]
Schlumberger CP8, “SmartTP Smart Transfer Protocol”, [online], June 2001, [October 12, 2002 search], Internet <URL: http://www.satersprings.org/pub/id/draft- urien-smarttp-00.txt>
[0014]
[Problems to be solved by the invention]
The present invention has been made in view of the above-described problems, and provides a function capable of selecting a plurality of applications using either the TCP / IP protocol or the ISO7816-4 protocol in an IC card that can be used by switching a plurality of applications. For the purpose.
[0015]
[Means for Solving the Problems]
In order to achieve the above object, according to a first aspect of the present invention, there is provided an IC card that exchanges data with a terminal device and that can be executed by a CPU provided with each of a plurality of application programs. Before execution, the correspondence table for storing the TCP / IP protocol port number and the application program in association with each other and the communication procedure determination information included in the command received from the terminal device are executed through different selection paths. An application selection unit that selects an application program, a determination unit that determines a communication procedure based on a CLA at the head of an APDU command received from the terminal device, and the correspondence based on a determination result of the determination unit App via table Selection means for selecting an application program in either of the following procedure: selecting an application program, or selecting an application program according to CLA and INS at the beginning of an APDU command and an application ID, The CLA at the head of the APDU command in the command received from the terminal apparatus determines whether the communication procedure is TCP / IP or ISO. When the determination result of the determination means is TCP / IP, the TCP / IP The port number is acquired from the / IP data, the corresponding application program stored in the correspondence table is selected based on the port number, and when the determination result of the determination means is ISO, the head of the APDU command CLA, INS and Application I The IC card is characterized in that an application program in the IC card is selected by D.
[0019]
According to a second aspect of the present invention, there is provided a method for selecting an application program to be executed in an IC card that exchanges data with a terminal device and executes each of a plurality of application programs by an internal CPU. Before selecting the application program to be executed via a different selection route according to the communication procedure determination information included in the command received from the terminal device, and when selecting the application, the terminal device is connected to the IC card. A step of describing which communication procedure of TCP / IP or ISO is described with respect to the CLA at the head of the APDU command in the command to be issued, and the CLA at the head of the APDU command in the command received from the terminal device Makes the communication procedure TCP / IP and A step of determining whether it is a ISO, if the determination result is TCP / IP, to retrieve the port number from the TCP / IP data, based on the port number, and port number of the TCP / IP protocol The step of selecting the corresponding application program stored in the correspondence table storing the application program in association, and if the determination result of the determination means is ISO, the CLA and INS at the head of the APDU command and the application ID are stored in the IC card. And selecting an application program.
[0021]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, the present invention will be described based on the illustrated embodiments. FIG. 1 is a schematic configuration diagram of the inside of an IC card according to the present invention. The IC card 1 includes an I / O control unit 2, a CPU 3, a storage unit 4, a program storage unit 5, and a work memory 6.
[0022]
The I / O control unit 2 is an interface for the IC card 1 to communicate with the IC card reader / writer 7.
[0023]
The CPU 3 executes various processing programs recorded in the program storage unit 5. When executing the processing program, the storage means 4 and the working memory 6 are used as necessary.
[0024]
The storage means 4 is an EEPROM (Electrically Erasable Programmable Read-Only Memory) which is actually a nonvolatile memory, and is used to store and hold various data. The storage means 4 has an area for storing the correspondence table 8 in a part thereof.
[0025]
FIG. 2 shows an embodiment of the correspondence table 8. FIG. 2 shows an application corresponding to each TCP / IP port number. When one application uses a plurality of ports, the same AID is stored, such as port numbers “10” and “30”.
[0026]
The correspondence table 8 can also be configured as shown in FIG. In the correspondence table 8 of FIG. 3, the TCP / IP port to be used is stored for one AID. When the application uses a plurality of ports, the AID stores a plurality of port numbers such as “0x00 01 02 03 01 (“ 0x ”indicates hexadecimal notation. The same applies hereinafter).
[0027]
The format of the correspondence table 8 is not limited to the format shown in FIGS. 2 and 3 as long as the association between the AID and all the port numbers used by the application is possible.
[0028]
The correspondence between the communication procedure and the AID in the correspondence table 8 may be any time before the selection and execution of the application, such as when the card is manufactured, when the application is downloaded to the IC card, or after installation (initialization) after downloading. .
[0029]
In addition, the application may dynamically register and delete such as instructing the OS of the IC card 1 to register or delete at the time of execution.
[0030]
The program storage unit 5 stores a processing program that can be executed by the CPU 3. There is a ROM (Read Only Memory) that is recorded when a card is manufactured, or an EEPROM that can be used by loading a processing program.
[0031]
The program storage unit 5 stores an application selection unit 9 in addition to a plurality of applications.
[0032]
The application selection unit 9 includes a determination unit 10 and a selection unit 11, and is included in an APDU (Application Protocol Data Unit) command sent from the terminal device defined by ISO 7816-4 to the IC card 1. According to the procedure determination information, an application program to be executed through different selection paths is selected.
[0033]
Next, according to the flowchart of FIG. 4, a procedure in which two applications of credit processing and entrance / exit management can be executed and the IC card 1 having an IP address selects an application will be described as an example.
[0034]
FIG. 5 shows a correspondence table 8 for two applications of credit processing and entry / exit management that can process both TCP / IP communication and ISO 7816-4 commands.
[0035]
The credit processing (AID “0x01 02 03 04 05 01”) has a payment function as a credit card and a point management function, and uses TCP / IP port numbers 10 and 11.
[0036]
The entrance / exit management (AID is “0x01 02 03 04 05 02”) has an authentication process that opens and closes some door gates and a function that saves a record of which doors are opened and closed, and TCP / IP port numbers 20 shall be used.
[0037]
In the following description, the process in which the TCP / IP or APDU command arrives at the IC card is a process of a network device such as a terminal device or a router, and the description thereof will be omitted.
[0038]
FIG. 6 shows the structure of an APDU command sent from the terminal device defined by ISO 7816-4 to the IC card 1.
[0039]
The CLA at the head of the APDU command is called a class byte and indicates how much the content of the command complies with ISO7816-4. For example, when CLA is “0x00”, the command and response coding method and structure conform to ISO 7816-4, and when “0x90”, the command and response structure conforms to ISO 7816-4. The coding of is dependent on the vendor implementation and is optional. When CLA is “0xD0”, it indicates that the coding method and structure of the command and response are arbitrary, and the communication procedure is distinguished by defining this as TCP / IP or the like.
[0040]
INS indicates the type of command, P1 and P2 indicate parameters given to the command, and Lc is the length of data.
[0041]
In addition to the format shown in FIG. 6, the APDU command can use a plurality of structures such as omitting Lc and below, adding a reply length from an IC card called Le after the data portion, and not attaching it. is there.
[0042]
The IC card 1 is supplied with power from the terminal device, activates the OS unit, and waits for reception of an APDU command.
[0043]
When selecting a credit process conforming to ISO7816-4, a selection command (SELECT FILE: “0xA4”) is specified in INS and an object to be selected is specified in P1 and P2 as shown in FIG. 7A. An APDU command in which “0x0400” indicating this, AID “0x01 02 03 04 05 01” in the data part, and the length of the data part, that is, the AID length “6 bytes” is stored in Lc.
[0044]
When the IC card 1 receives the APDU command shown in FIG. 7A, the determination means 10 refers to the CLA of the APDU command received from the terminal device, and since the CLA is “0x00”, the APDU command is ISO7816− 4 is determined to be compliant.
[0045]
Next, since the INS is a selection command, the selection unit 11 refers to the AID “0x01 02 03 04 05 01” stored in the data part by P1, P2, and Lc, and the credit processing is performed by the program storage part 5 To check if it exists.
[0046]
When the credit processing exists in the program storage unit 5, the selection unit 11 selects the credit processing and puts the selected mark.
[0047]
Next, the selection means 11 passes a command to the selected credit process and transfers control.
[0048]
The processing result of the credit processing (for example, a code indicating “selection OK”) is transmitted to the terminal device, and the process returns to the command reception waiting state.
[0049]
Next, when a payment command (for example, 0x90 01...) Is received in the selected credit processing, the determination unit 10 conforms to ISO 7816-4, not TCP / IP, because CLA is “0x90”. It is determined that it is a command.
[0050]
Since the INS is a payment command (“0x01”), the selection unit 11 passes the payment command to the selected credit processing without selecting an application, and transfers control.
[0051]
The credit process performs a payment process, for example, transmits a balance to the terminal device, and returns to the command reception state.
[0052]
When referring to the latest log in entry / exit management compliant with TCP / IP, a command (for example, “0x00”) that executes “0xD0” in CLA and application selection means 9 in INS shown in FIG. ), A protocol number (for example, “0x00 21” defined as an IP protocol) in P1 and P2, an IP datagram that is communication data in TCP / IP format in the data portion, and Lc in the data portion Issue an APDU command that stores the length, ie, the length of the IP datagram.
[0053]
Here, the IP datagram is composed of an IP header, a TCP header, and application data as shown in FIG. 8, and is a data format itself defined in TCP / IP.
[0054]
The TCP header and application data are collectively referred to as a TCP segment, but as shown in FIG. 9, the TCP segment port number is described in the TCP segment, so the port used by the latest log reference process The number “20” is stored.
[0055]
When the IC card 1 receives the APDU command shown in FIG. 7B, the determination means 10 refers to the CLA of the APDU command received from the terminal device, and since the CLA is “0xD0”, the APDU command is TCP / Judged to be IP compliant.
[0056]
Next, the selection unit 11 refers to the IP datagram stored in the data part by P1, P2, and Lc, and acquires the port number “20” from the TCP destination port number in the header of the TCP segment.
[0057]
The selection unit 11 refers to the correspondence table using the acquired port number “20”, acquires the application using the port number “20”, that is, the AID “0x01 02 03 04 05 02” of the entrance / exit management, It is confirmed whether or not entrance / exit management exists in the program storage unit 5.
[0058]
When entry / exit management exists in the program storage unit 5, the selection unit 11 selects entry / exit management and puts a mark on the selection.
[0059]
Next, the selection unit 11 passes the application data of the TCP segment to the selected entrance / exit management, and transfers control.
[0060]
The entrance / exit management transmits the latest log as a processing result to the terminal device in accordance with the latest log reference request, and returns to the command reception waiting state.
[0061]
In addition, the credit processing performed by the communication of ISO7816-4 has a function of inquiring the accumulated points from the Web screen, for example, using the TCP / IP port number “10”. Can do.
[0062]
In this case, similarly to the selection of the application for entering / leaving management, it is determined that the communication is based on TCP / IP by the CLA of the APDU command, the credit processing is selected by referring to the correspondence table by the port number “10”. It is possible to inquire about the accumulated points for credit processing.
[0063]
As described above, the present invention has been described in detail based on the embodiments. However, the IC card and the application program selection method in the IC card according to the present invention are not limited to the above-described embodiments. Naturally, various changes can be made without departing from the spirit of the invention.
[0064]
【The invention's effect】
As described above, according to the IC card and the application program selection method in the IC card according to the present invention, the communication procedure is determined and the correspondence table is referred to, so that the Internet standard protocol TCP / IP and the IC card It is possible to select both applications of the standard protocol ISO 7816-4.
[0065]
In addition, since a system using an IC card that can be loaded with an application that can be accessed using both TCP / IP and ISO7816 protocols can be provided, an IC card that can be used for various purposes can be provided.
[Brief description of the drawings]
FIG. 1 is a schematic structural diagram inside an IC card of the present invention.
FIG. 2 is an example of a configuration of a correspondence table according to the present invention.
FIG. 3 is an example of a different configuration of the correspondence table of the present invention.
FIG. 4 is a flowchart for selecting an application program in the IC card of the present invention.
FIG. 5 is an example in which two applications are stored in the correspondence table of the present invention.
FIG. 6 is an explanatory diagram showing a configuration of an APDU command in ISO 7816-4.
FIG. 7 is an example of an APDU command of the present invention.
FIG. 8 is an explanatory diagram showing a configuration of a TCP segment and an IP datagram transmitted on ISO7816.
FIG. 9 is an explanatory diagram showing a configuration of a TCP segment.
[Explanation of symbols]
1 IC card 2 I / O control unit 3 CPU
4 Storage means 5 Program storage section 6 Work memory 7 IC card reader / writer 8 Corresponding table 9 Application selection means 10 Determination means 11 Selection means

Claims (2)

An IC card that exchanges data with a terminal device and that can be executed by a CPU provided with each of a plurality of application programs,
Before executing the application program, a correspondence table for storing the TCP / IP protocol port number and the application program in association with each other,
Application selection means for selecting an application program to be executed through different selection paths in accordance with communication procedure determination information included in the command received from the terminal device;
The application selection means is
A determination means for determining a communication procedure by CLA at the head of the APDU command received from the terminal device;
Application program in either procedure of selecting an application program via the correspondence table based on the determination result of the determination means, or selecting an application program by CLA, INS and application ID at the head of the APDU command And a selection means for selecting
The determination means determines the communication procedure of TCP / IP or ISO by the CLA at the head of the APDU command in the command received from the terminal device,
When the selection means obtains a port number from TCP / IP data when the determination result of the determination means is TCP / IP, the corresponding application program stored in the correspondence table based on the port number Select
When the determination result of the determination means is ISO, the application program in the IC card is selected by the CLA and INS at the head of the APDU command and the application ID.
IC card characterized by that. A method of selecting an application program to be executed in an IC card that exchanges data with a terminal device and executes each of a plurality of application programs by an internal CPU,
Before running the application program
Selecting an application program to be executed through different selection paths according to communication procedure determination information included in the command received from the terminal device;
A step of describing either TCP / IP or ISO communication procedure for the CLA at the head of the APDU command in the command issued to the IC card by the terminal device when selecting an application;
Determining whether the communication procedure is TCP / IP or ISO based on CLA at the head of the APDU command in the command received from the terminal device;
When the determination result is TCP / IP, a port number is acquired from the TCP / IP data and stored in a correspondence table that stores the port number of the TCP / IP protocol in association with the application program based on the port number. Selecting the corresponding application program that is running ,
If the determination result of the determination means is ISO, selecting an application program in the IC card by the first CLA and INS of the APDU command and the application ID;
An application program selection method in an IC card, characterized in that

Images