JP4245959B2 - Memory management method for IC card and IC card - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a memory management method in an IC card and an IC card (IC: Integrated Circuit), and more particularly, to an ISO standard (ISO: International Organization for Standardization) file structure and command in an IC card incorporating a nonvolatile memory. The present invention relates to a memory management method in an IC card for writing to a data area shared by a plurality of files while maintaining the same, and an IC card used directly for the implementation.
[0002]
[Prior art]
The IC card is mainly equipped with a nonvolatile memory such as an EEPROM (Electronically Erasable and Programmable Read Only Memory) and a flash memory, and a rewrite unit (hereinafter referred to as a block) of the nonvolatile memory is several tens of bytes or more. The processing time required for rewriting is about several tens of milliseconds.
[0003]
The IC card has a file structure capable of holding a plurality of files defined by ISO / IEC 7816-4 (ISO: International Organization for Standardization / IEC: International Electrotechnical Commission). Data included in the file and information for management are arranged regardless of the block boundary.
[0004]
[Non-patent literature]
ISO / IEC 7816-4: 1995, “Identification cards-Integrated circuit (s) cards with contacts-Part 4: Interindustry commands for interchange”
[0005]
Furthermore, from the viewpoint of compatibility with the IC card that can be mounted on the IC card and the compatibility, the instructions stipulated in the international standard are often processed only for a small number of files or a small number of management information. I was going.
[0006]
In an application using an IC card having such properties, from the viewpoint of data properties and security, the data to be held is divided into a plurality of files and held in the IC card. By executing this command, a plurality of files can be read, written, appended, or verified, and data required for the application can be read, rewritten, appended, or authenticated / verified.
[0007]
As a form of use of an IC card, it is increasingly used for settlement of shopping at tickets for transportation, tickets for concerts, convenience stores, and the like. At that time, in order not to make the IC card user wait, it is desired to perform reading / writing processing of the memory of the IC card in as short a time as possible and to finish this processing promptly.
[0008]
Therefore, in the past, the part where the data was written was not rewritten as much as possible, the file management method not to be distributed to multiple blocks, the special command to rewrite multiple files at once, There has been a method of shortening the processing time by adjusting the characteristics to shorten the data erasing time.
[0009]
[Problems to be solved by the invention]
However, in order to perform memory read / write processing in a conventional IC card, it is necessary to execute a plurality of instructions and operate a plurality of files. Therefore, a plurality of blocks arranged in a distributed manner are rewritten, and a long processing time is required. It was necessary.
[0010]
In particular, in the case of a non-contact IC card, it is assumed that the power supply is cut off during writing. In such a case, a process for safely returning the data in the IC card to the state before writing (hereinafter referred to as writing guarantee). However, in order to realize this write guarantee function, more rewrite processing such as duplication of data is required, which is one of the causes of an increase in processing time.
[0011]
Furthermore, specialization of commands and file structure is necessary for the introduction and maintenance of the system because it is not compatible with conventional IC cards and other IC cards and requires special hardware. There is a disadvantage that the cost is high.
[0012]
Here, the main objects to be solved by the present invention are as follows.
[0013]
In other words, the first object of the present invention is to enable high-speed processing by shortening the processing time required for writing to and reading from an IC card while using instructions compatible with international standards and industry standards. A memory management method for an IC card and an IC card are provided.
[0014]
A second object of the present invention is to provide a memory management method for an IC card and an IC card that realizes a file writing guarantee while minimizing an increase in processing time in a non-contact IC card. It is.
[0015]
A third object of the present invention is to increase the processing time of an IC card in a conventional IC card that has already been distributed to users by simply adding a program to a nonvolatile memory on the IC card. A memory management method for an IC card and an IC card are provided.
[0016]
Other objects of the present invention will become apparent from the specification, drawings, and particularly the description of each claim.
[0017]
[Means for Solving the Problems]
First, in the method of the present invention, in solving the problem, a read, rewrite or append execution command with a file identifier and a record number as arguments is received and identified by the record number held by the data file. Referring to the shared record of the shared data file having the same record length as the above records, the data recorded in the referenced record can be read, rewritten, or appended according to the execution instruction. The characteristic configuration method of managing the data file is taken.
[0018]
On the other hand, in the device of the present invention, in order to solve the problem, a plurality of records that are arranged with the same length and can be identified by the record numbers are stored and held with the respective identifiable file identifiers. A memory, file reference means for referring to the shared record in the shared data file, which is the other data file having the same record length as the record in the data file, as actual data of the data file, and the file identifier Execution instruction processing means for receiving a read, rewrite or append execution instruction for the data area identified from the record number and executing the corresponding read, rewrite or append execution instruction according to the execution instruction; The characteristic constituent means is provided.
[0019]
More specifically, in order to solve the problem, the present invention achieves the above-mentioned object by adopting a novel characteristic configuration method and means ranging from the superordinate concept to the subordinate concept listed below. Is done.
[0020]
In other words, the first feature of the method of the present invention is applied to an IC card incorporating a non-volatile memory having a plurality of bytes as a rewrite unit, and each data file with an identifiable file identifier is held. And a memory management method for referring to a shared record included in a shared data file from the record held by the data file when referring to a record that is arranged in the memory with the same length and can be identified by a record number. In the IC card, an execution command for reading, rewriting or appending with the file identifier and the record number as arguments is received, and the one or more identified by the record number held by the data file A shared record of the shared data file having the same record length as the record In the IC card, the data file is managed so that the data recorded in the shared record referred to can be read, rewritten or additionally written corresponding to the execution instruction. The configuration of the memory management method is adopted.
[0021]
The second feature of the method of the present invention is that the reference to the shared record of the shared data file in the first feature of the method of the present invention is used as the reference destination for each record held in the data file. When the reference management information for storing the record identifier indicating the set record sharing state is stored so that it can be updated as needed, and the record is set to the record sharing state with the shared record as the reference destination from the record identifier Furthermore, the configuration of the memory management method in the IC card, which refers to the corresponding shared record as the data of the record, is employed.
[0022]
According to a third feature of the method of the present invention, the execution of the reading, rewriting or appending in the second feature of the method of the present invention is set in the reference management information as the reference destination of the record. The file identifier of the shared data file and the record number of the shared record of the reference destination are stored, and when the reference management information of the record indicating the shared record state is read, A configuration of a memory management method in an IC card, in which reading, rewriting or appending corresponding to the execution instruction is executed on the shared record of the shared data file identified from the file identifier and the record number. .
[0023]
According to a fourth feature of the method of the present invention, the access right to the record is managed together with the execution of the reading, rewriting or appending in the second or third feature of the method of the present invention in the reference management information. Access right information is stored, and when the reference management information of the record indicating the shared record state is read, the execution instruction received earlier is read based on the access right information. A configuration of a memory management method in an IC card, in which the access right to the record is confirmed, and only when the access right is satisfied, reading, rewriting or appending corresponding to the execution instruction for the record is executed It is in.
[0024]
A fifth feature of the method of the present invention is that the record reference in the first, second, third, or fourth feature of the method of the present invention is referred to in advance, the plurality of data files are stored in the IC card. Channel management in which the directory identifier of the directory to which the data file selected and designated as the target of the execution instruction belongs can be identified by a channel number. When the channel number, the file identifier, and the record number are received, the directory identifier is read from the channel management information specified by the channel number, and is updated as needed. Before belonging to the directory specified by The data file, identified from the file identifier from the data file, comprising with reference to the record specified by the record number, in the configuration adopting the memory management method in the IC card.
[0025]
According to a sixth feature of the method of the present invention, the execution of the execution instruction received together with the execution of the reading, rewriting or appending in the fifth feature of the method of the present invention is managed in the channel management information. Security status information is stored so as to be retained until the channel management information is updated, and when the channel management information is read, the access right information and the security of the record that is the target of the execution instruction are stored. It is in the configuration action of the memory management method in the IC card, in which the access right to the record is confirmed from the status information and the execution instruction is executed only when the access right is satisfied.
[0026]
A seventh feature of the method of the present invention is that the management of the data file in the first, second, third, fourth, fifth or sixth feature of the method of the present invention can be identified by a block group number 2 The block group specified by the latest block group number and the block group number is assigned to the data file composed of the above block groups in ascending order from the newly updated block group. When the execution command is received by holding the number and the block group length as data file management information for each data file, the data file management information of the data file to be executed is read and the execution is executed When the instruction is the read instruction,
(Latest block group number -1) x block group length
Calculating the storage position of the latest block group obtained by the above and executing reading of the latest block group recorded in the storage position, while the execution instruction is the rewrite instruction,
{(Latest block group number + number of block groups−2) mod number of block groups} × block group length
To calculate the storage position of the oldest block group obtained by the above, execute rewriting of the oldest block group recorded in the storage position, and the latest block group number of the data file management information,
{(Latest block group number + number of block groups−2) mod number of block groups} +1
The configuration of the memory management method in the IC card, which is updated to the value calculated by the above.
[0027]
The eighth feature of the method of the present invention is that the management of the data file in the seventh feature of the method of the present invention is the same as the data file management information having two generation numbers is retained for each data file. A different value is set as an initial value of the generation number of each of the two data file management information based on the data file. On the other hand, when reading out the data file management information, the data file management information having a large generation number On the other hand, when the data file management information is updated, the data file management information with the lower generation number is detected as the update target, and the generation of the data file management information with the higher generation number is included. An IC card that has a value greater than the number set as the updated generation number In the configuration adoption of the definitive memory management method.
[0028]
The ninth feature of the method of the present invention is that the management of the data file in the seventh or eighth feature of the method of the present invention is the same as that of the record at the top of the data file when the data file is created. General data file with sequential record structure numbered in ascending order from the beginning, and circular data file with circular record structure numbered in ascending order from the newly updated record number and the record length is constant for each file When the data file is managed separately and the shared data file that holds the shared record set as the reference destination of the one cyclic data file and the required general data file is referred to, The data file has multiple records set in the record sharing state of the general data file, The block group having the shared records in which one record set in the record sharing state of the circular data file is arranged in a specific order is retained for the total number of records of the circular data file, and the channel When the execution command for the additional recording is received together with the number, the additional recording data, the record number, and the file identifier of the shared data file, if the data file based on the recording number is the general data file, the latest block Calculating the storage position of the group, and performing the additional recording using the additional recording record for the block group of the storage position, while the data file based on the channel number is the circular data file, The storage position of the oldest block group is calculated, and the block at the storage position is calculated. And executes the write once by the additional data with respect to the group, consisting performs update processing of the block group number, in the configuration adopting the memory management method in the IC card.
[0029]
According to a tenth feature of the method of the present invention, the management of the data file in the ninth feature of the method of the present invention is executed. When the read by the read execution instruction fails, the oldest block group is read. Then, when the data area is updated by the execution instruction, the oldest block group is read in advance,
{(Latest block group number + number of block groups−2) mod number of block groups} × block group length + 1
The memory management method in the IC card adopts the configuration in which the read block group is duplicated in the area specified by the storage position obtained by the above.
[0030]
On the other hand, the first feature of the device of the present invention is an IC card incorporating a non-volatile memory having a plurality of bytes as a rewrite unit, and a plurality of records arranged with the same length and identifiable by record numbers. The memory for storing and holding data files each having an identifiable file identifier, and the shared record in the shared data file having the same record length as the record in the data file. From the data file reference means to be referred to as, the file identifier and the record number, read, rewrite or append execution instructions for the data specified by the data file reference means, and according to the execution instructions Executing the corresponding read, rewrite or append execution instructions Formed by including an instruction processing unit, and in the configuration adopting IC cards.
[0031]
The second feature of the device of the present invention is that the data file in the first feature of the present device is a record sharing set by the data file reference means as the reference destination for each record held The IC card configuration employs reference management information that indicates the status and stores record identifiers that can be updated as needed.
[0032]
According to a third feature of the device of the present invention, the reference management information in the second feature of the device of the present invention includes the file identifier of the shared data file at the reference destination and the record number of the shared record at the reference destination. And adopting a configuration of an IC card.
[0033]
According to a fourth feature of the device of the present invention, the reference management information in the second or third feature of the device of the present invention includes access right information stored so as to be able to confirm whether or not to permit access to the record. IC card configuration adopted.
[0034]
A fifth feature of the device of the present invention is that the memory in the first, second, third or fourth features of the device of the present invention is assigned the data file and a unique directory identifier in the IC card. The directory identifier and the channel number assigned to be identifiable are maintained and maintained until the other directory identifier is received together with the same channel number and updated. Thus, the IC card is configured to have memory management means for holding channel management information indicating the selection status of the directory to which the data file belongs.
[0035]
The sixth feature of the device of the present invention is that the channel management information in the fifth feature of the device of the present invention continues to hold security status information for managing whether or not the execution instruction can be executed until the channel management information is updated. Thus, the configuration of the IC card is adopted.
[0036]
A seventh feature of the device of the present invention is that the execution instruction processing means in the first, second, third, fourth, fifth, or sixth feature of the device of the present invention is connected to the memory management means in a block group. The latest block group number assigned in ascending order from the newly updated block group of the data file consisting of two or more block groups that can be identified by numbers, and the block group specified by the block number While holding the data file management information that holds the number and the block group length for each file, and when receiving the execution command, using the data file management information of the data file that is the target of the execution command,
(Latest block group number -1) x block group length
Processing means for calculating the storage position of the latest block group by
{(Latest block group number + number of block groups−2) mod number of block groups} × block group length
When the processing means for calculating the storage position of the oldest block group according to the above and the data area of the file are updated,
{(Latest block group number + number of block groups−2) mod number of block groups} +1
And a processing unit that updates the latest block group number to the value calculated by the above-described method.
[0037]
The eighth feature of the device of the present invention is that the data file management information in the seventh feature of the device of the present invention has two generation numbers and is retained for each data file, and is based on the same data file. A different value is set as the initial value of the generation number of each of the two file management information, and the data file management information having a smaller generation number is larger than the generation number of the other data file management information. The IC card configuration is adopted in which values are set as new generation numbers and sequentially updated.
[0038]
The ninth feature of the device of the present invention is that the memory management means in the seventh or eighth feature of the device of the present invention is assigned as the data file in ascending order from the first record fixed at the time of data file creation. A general data file having a sequential record structure, a circular data file having a circular record structure in which the record length is fixed for each data file and is assigned in ascending order from the newly updated record number; The sharing comprising: a plurality of records set as the reference destination of the general data file and set in the record sharing state of the general data file; and one record set in the record sharing state of the circular data file The block group having records is retained for the total number of records of the circular data file. A data file, and as the data file management information of the shared data file, the latest data assigned in ascending order from the newly written block group equal to the record number assignment order of the circular data file The IC card has a configuration in which a block group number, the number of block groups, the block length, and the circular record number corresponding as a reference destination by the data file reference means are provided.
[0039]
According to a tenth feature of the device of the present invention, the memory management means in the ninth feature of the device of the present invention holds the number of block groups as the number of records in the circular data file + 1, and the execution command processing means When the block group is updated, the block group read before the update by the processing means for calculating the storage position of the oldest block group,
{(Latest block group number + number of block groups−2) mod number of block groups} × block group length + 1
The IC card configuration is constructed such that the function is constructed so that the block group is copied to the storage position calculated by.
[0040]
DETAILED DESCRIPTION OF THE INVENTION
DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings, and an example of a method embodied based on the apparatus will be described in order.
[0041]
(Example of equipment)
First, FIG. 1 is a functional configuration diagram of an IC card according to an example of an apparatus of the present invention, and a functional configuration diagram of a reader / writer and an information processing terminal for operating the IC card.
[0042]
As shown in the figure, the IC card α according to the present apparatus example includes an IC chip 1 for obtaining a functional configuration of the IC card α and an external IC card α when the IC card α functions as a non-contact type. And an antenna 2 for performing wireless communication with the reader / writer β. Further, the reader / writer β is connected to the information communication terminal γ and configured to be able to input and output various data with the IC card α.
[0043]
Here, the reader / writer β has a function of communicating with the IC card α and the information processing terminal γ, and a function of transmitting and receiving data for actually communicating with the IC card α wirelessly.
[0044]
The information processing terminal γ is composed of a personal computer, a workstation, and the like, executes various programs for obtaining the functions of the IC card α and the reader / writer β, and inputs and outputs various data along with the execution of these programs. In addition, the program, data that does not need to be rewritten, data stored when the program is executed, and functions of an external input unit and an external output unit are provided.
[0045]
Further, the IC chip 1 of the IC card α implements various communication processes, data file reference means in the memory to be described later, and execution instructions for reading, rewriting or appending data files in order to realize the functions of the IC card α. A CPU 11 (CPU: Central Processing Unit) is provided as execution command processing means for receiving and inputting / outputting in accordance with the execution command.
[0046]
Further, in the IC chip 1, a ROM 12 (ROM: Read Only Memory) for holding the above program and data that does not need to be rewritten as a memory for storing and holding the data file, and data generated upon execution of the program are stored. Equipped with RAM 13 (RAM: Random Access Memory) for temporary storage and EEPROM 14 (EEPROM: Electronically Erasable and Programmable Read Only Memory) for additionally storing data generated during program execution The reader / writer β includes an RF unit 15 for communication using radio signals.
[0047]
The EEPROM 14 shown in this apparatus example has, for example, a 64-byte rewrite unit (hereinafter referred to as a block), and even when only 1 byte is rewritten, it is necessary to rewrite all 64 bytes.
[0048]
The IC card α employed in this apparatus example is shown as communicating with the reader / writer β by a non-contact method. However, the connection form of the IC card α and the reader / writer β is wired (online) as an electrical connection. Communication may be performed by a contact method using the method of
[0049]
Next, FIG. 2 is a diagram showing a data file structure adopted in the EEPROM according to this apparatus example.
As shown in the figure, in the IC card α, for example, directories d0, d1, d2, and d3 (root directory d0) are used, and data files f1, f2, f3a, and f3b belonging to the directories d1, d2, and d3, respectively. In addition, tree structures are set and managed in the key files k1, k2, k3, and the like. For example, a data file f1 and a key file k1 exist in the directory d1.
[0050]
Here, the data files f1, f2, f3a, and f3b have a record structure and store data for managing applications. The key files k1, k2, and k3 store key information for controlling the access rights of the data files f1, f2, f3a, and f3b. Further, the data files f1 and f2 are constituted by a general data file format, f3a is constituted by a circular data file format, and f3b is constituted by a shared data file format.
[0051]
The general data file format (hereinafter referred to as general data files f1 and f2) is a data file format in which the record position is fixed, and the circular data file format (hereinafter referred to as circular data file f3a) is a record position and an additional record. A file format and a shared data file format (hereinafter referred to as a shared data file f3b) that are rearranged in order from the newest one are virtually combined with records of a plurality of general data files f1 and f2 and one circular data file f3a. One file.
[0052]
Each record of the shared data file f3b (hereinafter referred to as a shared record) includes, for example, the shared records 1 and 2 are the records 1 and 2 of the general data file f1, the shared record 3 is the record 3 of the general data file f2, and the shared record 4 is shared with the latest record of record 3 of the circular data file.
[0053]
Next, FIG. 3 is a diagram showing a logical configuration of directory and data file management information in the EEPROM according to this apparatus example. The data file applied in the IC card α according to the present apparatus example includes data area data in which actual data is stored and a file management area. First, the data file management information managed in the data file management area is described in detail. Explained.
[0054]
First, as shown in FIG. 5A, in this apparatus example, directories d0, d1 (ID = 0101h), d2 (ID = 0102h), and d3 (ID = 0103h) are directory management information for each directory. Is stored in the EEPROM 14 which is a non-volatile memory, for example, “01h” which is a 1-byte type (“h” represents hexadecimal notation, the same applies hereinafter), a 2-byte directory ID “0101h”, and a 2-byte affiliation It consists of a file address “XXXXh” and a 2-byte next directory address “XXXXh”. An arbitrary address is set for “XXXXh”, and the same applies to the following description.
[0055]
Here, the type indicates the type of management information. For example, “01h” is set as a type that uniquely indicates directory management information. The directory ID indicates an identifier of a directory that can be individually identified in the IC card. The belonging file address is one head address of a group of files belonging to this directory. The next directory address is the head address of management information indicating the next directory.
[0056]
Next, FIG. 4B shows general data file management information held in the EEPROM 14 for managing the general data files f1 and f2. The general data files f1 and f2 hold and manage data used in the application. For example, as general data file management information, a file ID that is a 2-byte identifier that does not overlap with other data files in the same directory d1. “0001h” is assigned.
[0057]
The general data files f1 and f2 are composed of a set of records having a fixed length and a fixed total number of records for each data file. Each record is a 1-byte record identifier (hereinafter referred to as a tag) excluding “00h” as reference management information. A record number having a data length of 1 byte and data contents, and a record number starting from 1 is fixedly allocated with 1 byte in order from the top.
[0058]
Further, the general data files f1 and f2 are, as general data file management information for each data file, 1-byte type “02h”, 2-byte file ID “0001h”, 2-byte data address “0000h”, 1 Byte record number “05h”, 1 byte record length “10h”, 2 byte security attribute “00000001b” (“b” represents binary notation, the same applies hereinafter), and 2 byte next file address.
[0059]
The type “02h” indicates the type of management information, and here indicates general data file management information. The file ID “0001h” indicates, for example, an identifier of a data file that is given so that there is no duplication in the directory and the data file can be individually identified. The data address “0000h” is the head address of the data block group in which the data of the general data file f1 is stored.
[0060]
The record number “05h” is the total number of records that can be held in the general data file f1, and the record length “10h” is the length of the record to be held. The security attribute “00000001b” is file access right management data for enabling access determination in combination with a security status described later. The next file address “XXXXh” is the head address of the next file management information belonging to the same directory d1, for example. Here, if the own data file, for example, the general data file f2 is the last, “FFFFh” is stored.
[0061]
Next, FIG. 5B shows management information of the circulating data file f3a in this apparatus example. The circular data file f3a retains and manages data used by the application, and is given a file ID, for example, “0004”, which is a 2-byte identifier that does not overlap with other data files in the same directory d3, for example.
[0062]
Here, the circular data file f3a is composed of a set of records having a fixed length and a fixed total number of records set for each data file. Each record consists of a 1-byte tag excluding “00h”, 1-byte data length, and data contents as reference management information, but the record of the circular data file f3a is 1 byte in order from the newest one. Record numbers starting with are dynamically allocated.
[0063]
In addition to the management information “02h” of the general data files f1 and f2, a 2-byte circulation start record such as “FFh” is added to the management information of the circulating data file f3a. The type of the circulating data file is “03h”. The circulation start record number “FFh” indicates what number among the plurality of records in the secured data block group is the newest record. The circulation start record number when this circulation data file f3a is shared with other data files is set to “FFh”.
[0064]
On the other hand, FIG. 3D shows management information of the shared data file f3b. The shared data file f3b is used when accessing a plurality of data files at once. For example, in the same directory d3, a file ID that is a 2-byte identifier that does not overlap with other data files f3a,... Is assigned as “0004h”, for example.
[0065]
Each record is composed of a shared record that is referred to by a record of a specific general data file f1, f2 or circular data file f3a. However, the lengths of the records to be referred to are all equal, and the number of circular data files f3a that refer to one shared data file f3b is limited to one. Each record consists of a 1-byte tag excluding “00h” as reference management information, a 1-byte data length, and data contents, and the record number is expressed in 1 byte from the beginning, starting from 1 and fixed. Allocated to
[0066]
Furthermore, specific record numbers are assigned to specific records in the general data files f1 and f2, and records in the cyclic data file f3a are assigned to one specific record number.
[0067]
Here, two pieces of shared data file management information are held in a continuous memory area, and the contents are one-byte circular records in addition to those used in the management information of the general data files f1 and f2. Number “04h”, 1-byte circular start block group number “01h”, 1-byte circular record number “03h”, 2-byte block group length “0040h”, 2-byte generation number “0002h”, and each record In addition, 2-byte security attributes “00000001b”, “00000001b”, “00000010b”, “00000100b”, which are paired with 2-byte directory IDs “0101h”, “0101h”, “0102h”, “0103h”. It consists of.
[0068]
The shared data file type is, for example, “04h” and “05h”. The circular record number “04h” indicates the record number of the shared data file corresponding to the circular data file f3b, the circular start block group number “01h” indicates the number of the block group including the newest record of the circular data file f1b, The number of circulating records “03h” indicates the number of circulating records.
[0069]
Further, two of the stored circular data file management information indicates that the larger generation number is the new management information, and the directory IDs “0101h”, “0101h”, “0102h”, “0103h” being referred to Indicates the directory IDs of the directories d1, d2, and d3 to which the data files shared in each record belong. Similarly, the security attributes “00000001b”, “00000001b”, “00000010b”, and “00000100b” are data shared in each record. Indicates the security attribute of the file.
[0070]
FIG. 4E shows the management information of the key files k1, k2, and k3. The key files k1, k2, and k3 are used to control access rights. For example, the key file k1 is assigned “0011h”, which is a 2-byte identifier that is not duplicated in the same directory d1, as a file ID. The The key files k1, k2, and k3 have key classifications that can create 16 different keys.
[0071]
The management information of the key file k1 includes 1-byte type “06h”, 2-byte file ID “0011h”, 2-byte data address “0050h”, 1-byte key length “10h”, and 1-byte key classification. It consists of “01h” and a 2-byte next file address “XXXXh”.
[0072]
Here, the type indicates the type of the data file management information, and the type of the key files k1, k2, and k3 is 06h. The data address “0050h” indicates the address of the data block group in which the key content is held, and the key length “10h” indicates the number of bytes of the key length to be held. The key classification includes 16 types of “01h” to “10h”, and the next file address “XXXXh” is the head address of the management information of the next data file belonging to the same directory d1.
[0073]
Next, FIG. 4 is a physical configuration diagram of the EEPROM according to this apparatus example.
First, as shown in the figure, the directories d1, d2, and d3, the data files f1, f2, f3a, and f3b and the key files k1, k2, and k3 are divided into data areas in which real data is held in the EEPROM 14, It consists of a management information area for holding each management information.
[0074]
As shown in the figure, for example, the data of the data files of the files in each directory are, from the lowest order, the directory d1 is “0000h” to “005Fh”, the directory d2 is “0060h” to “00CFh”, and the directory d3. Are arranged in “00D0h” to “023Fh”, and the pieces of management information are arranged in order from the top.
[0075]
Here, the records of the general data files f1 and f2 and the circular data file f3a are held in the data area and the management information area of the directories d1 and d2, respectively, and the records are stored in order from the lower address. The storage format consists of a tag, length, and data.
[0076]
Here, when the record including the reference management information of the general data files f1 and f2 is set in the record sharing state with the shared record stored in the shared data file f3b as a reference destination, the tag becomes “00h”. In the data, the first and second bytes are the directory ID “0103h” where the reference destination file is located, the third and fourth bytes are the reference destination file ID “0004h”, and the fifth byte is the reference destination record number “0001h”, “0002h” or “ 0003h "is stored.
[0077]
In addition, when the record of the circular data file f3a refers to the shared record stored in the shared data file f3b, the tag of the record physically located at the top is “00h”, and the data has the first and second bytes. The directory ID “0103h” in which the reference destination file exists, the third and fourth bytes become the reference destination file ID “0004h”, and other records are ignored.
[0078]
Further, the shared data file f3b has a record length of 16 bytes (10h) and a block length of 64 bytes (40h). Therefore, the data area of the shared data file f3b includes four block groups. Here, as the records 1, 2, 3, and 4 in order from the top of each block of the shared data file f3b, the records that are similarly configured for the general data file f1, f2 and the circular data file f3a are sequentially recorded from the top to the record 1, Called 2, ...
[0079]
Thereby, the shared record 1 and the shared record 2 in the data area of the shared data file f3b are the record 1 and the record 2 of the general data file f1 (file ID = 0001h), and the shared record 3 is the general data file f2 (file Record 3 and shared record 4 with ID = 0002h are referenced from each of the circular data file f3a (file ID = 0003h).
[0080]
Subsequently, the data area of the shared data file f3b is managed by configuring a plurality of continuous block groups. The block group described here is a memory area that holds the contents of each referenced record. For example, the block group is an area that is allocated from the lower boundary to the higher address starting from the block boundary.
[0081]
Here, assuming that the block length is “BlockSize”, the record length is “RecLen”, and the number of records (total number of records) is “RecNum”, the length “BlockLen” of the block group is
BlockLen = BlockSize × {(RecLen × RecNum)% BlockSize}
It is. However, X% Y is a value obtained by rounding up a value obtained by dividing X by Y.
[0082]
The shared data file f3b is managed using a plurality of block groups of the number of records of the circular data file f3a + 1 referring to this block group plus one. Each record of the general data files f1 and f2 is assigned to each block group in order from the lower order according to the record number.
[0083]
Further, the position where the record of the cyclic data file f3a is held is one record at a time according to the record number of the cyclic data file f3a referred to, with the block group starting from the circulation start block group number as the block group corresponding to the first record. It is assigned to each block group, and in the individual block group, it is assigned according to the record number referred to.
[0084]
Further, the data area of the shared data file f3b is composed of four block groups obtained by adding 1 to the number of records 3 of the circular data file f3a, and the starting record number of the circular data file f3a is 1. Each record of the circular data file f3a is assigned in order from the first block group of f3b, and the remaining one block group (here, the fourth last block group) is used for backup.
[0085]
Next, FIG. 5 is a diagram illustrating a logical configuration of a channel, management information of the temporary shared data file, and temporary file data in the RAM according to the present apparatus example. As shown in the figure, the IC card α applied to this apparatus example has a plurality of environments for holding access rights called channels as memory management means, and a directory, security for each channel held on the RAM 13. Functionally configured to manage state.
[0086]
First, as shown in FIG. 2A, the channel management information is composed of a 2-byte directory ID, a 2-byte directory address, and a 2-byte security status. The directory ID “0101h” is the ID of the directory d1 that is currently stored and held as the channel, and is held updatable. The directory address “XXXXh” indicates the head address of the management information of the directory d1 that is also stored in this channel. The security status “00000000b” indicates the security state in this channel.
[0087]
Further, the RAM 13 holds the temporary shared data file management information shown in FIG. 7B and the temporary file data shown in FIG. The temporary shared data file management information is used as a buffer when rewriting data in the management information, and the temporary file data is configured to be used as a buffer when rewriting a block group.
[0088]
(Example method)
Subsequently, in the IC card α configured as described above, the access right control method set for each of the data files f1, f2, f3a, f3b, the directory selection selection procedure for selecting the directories d1, d2, d3, A key collation procedure using the key files k1, k2, and k3 and a reading procedure of the data files f1, f2, f3a, and f3b will be described in order.
[0089]
First, the IC card α according to the present embodiment uses the security attribute held for each data file f1, f2, f3a, f3b, the security status held for each channel, and the key classification held for each key file. Access control to the files f1, f2, f3a, and f3b is performed.
[0090]
The security attributes held for each of the data files f1, f2, f3a, and f3b indicate which key is used for access, while the security status set for each channel is used for checking which key is currently used. Indicates whether or not. For example, if the key of the key classification “01h” is collated, the corresponding bit of the security status is set to “1” and becomes “00000001b”.
[0091]
In this state, when accessing the data file f1 having the security attribute “00000001b”, the logical product of the security status “00000001b” and the security attribute “00000001b” is calculated, and the result becomes “00000001b”. Judge that it is possible.
[0092]
In this state, when the data file f2 having the security attribute “00000010b” is accessed, the result of the logical product is “00000000b”. According to the security status and the key file, access control to the data files f1, f2, f3a, and f3b becomes possible.
[0093]
Next, FIG. 6 is a flowchart showing a directory selection procedure according to the method example of the present invention. A procedure for selecting directories d1, d2, and d3 for storing various data files will be described with reference to FIG.
[0094]
The IC card α according to this method example is a host device, for example, a directory selection command having a 1-byte channel number (hereinafter referred to as Ch) and a 2-byte directory ID (hereinafter referred to as DirID) as an argument from the information processing terminal γ. Receive.
[0095]
Upon receiving the directory selection command, the IC card α sequentially follows the directory d2,... From the next directory address “XXXXh” in the management information of the directory d1, which is the first directory, so that the directory ID in the directory management information is changed. Directory management information equal to the received argument “DirID” is searched (ST1).
[0096]
After ST1, the detection of the directory ID matching “DirID” is confirmed (ST2). If the desired directory ID is not detected, the information processing terminal γ is notified of the abnormal termination of the directory designation error by the reader / writer β. (ST3) to finish. If a directory ID matching the argument “DirID” is detected in ST2, the head address of the directory management information is substituted into “DirAddr” (ST4).
[0097]
When “DirAddr” is written in the directory address in the channel management information specified by the argument “Ch” (ST5) and “DirID” is written in the directory ID (ST6), and all the processes are normally completed, it is normal. An end response is transmitted to the information processing terminal γ (ST7), and the directory selection process ends.
[0098]
Next, FIG. 7 is a flowchart showing a key verification procedure according to the present method example. The IC card α applied in this method example has a 1-byte channel number “Ch” as an argument, a 2-byte key file ID (hereinafter referred to as KeyID), a multi-byte key content (hereinafter referred to as KeyValue), and a 1-byte key. Is received from the information processing terminal γ, which is the host device, via the reader / writer β.
[0099]
Therefore, first, as shown in the figure, the directory ID in the channel management information specified by “Ch” is assigned to “DirID”, the directory address is assigned to “DirAddr”, and the security status is assigned to “SS”. (ST11). Reads the directory management information starting from the assigned “DirAddr” address, traces the file address in the directory management information, and has the file ID equal to “KeyID” and the type is “06h”. (ST12).
[0100]
After ST12, it is confirmed whether or not a key file has been detected (ST13). If not detected, an abnormal response of a key file ID specification error is transmitted to the host device (ST14). Exit. On the other hand, when a desired key file is detected, the head address of the key file management information is substituted into “KeyAddr” (ST15).
[0101]
The data address in the key file management information starting from the address specified by “KeyAddr” is substituted for KeyValue ′ (ST16), and “KeyValue” received from information communication terminal γ and “KeyValue ′” are equal to each other. For example, it is confirmed from the length of “KeyLen” (ST17).
[0102]
When “KeyValue” and “KeyValue ′” are not equal, a key content mismatch abnormal end response is transmitted to the information communication terminal γ as a key verification mismatch (ST18), and the key verification processing is terminated. On the other hand, when “KeyValue” and “KeyValue ′” are equal, the key classification in the key file management information starting from the address of “KeyAddr” is set as “KeyKind” (ST19).
[0103]
Further, the “KeyKind” bit of “SS” received earlier as an argument is replaced with “1” (ST20). When all of the processing ends normally until ST20, a normal end response is transmitted to the information communication terminal γ, which is a higher-level device, via the reader / writer β (ST21), and the key verification processing ends.
[0104]
Next, FIG. 8 is a flowchart showing a data file reading procedure according to the present method example. A procedure for reading each data file f1, f2, f3a, f3b will be described with reference to FIG.
First, the IC card α applied in this method example has a 1-byte channel number “Ch”, a 2-byte data file ID (hereinafter referred to as FileID), and a 1-byte record number (hereinafter RecNo) as arguments. The read command is received from the host device information communication terminal γ.
[0105]
The directory ID in the channel management information specified by the received “Ch” is assigned to “DirID”, the directory address is set to “DirAddr”, and the security status is assigned to “SS” (ST31), and specified by “DirAddr”. The data file management information is sequentially traced from the affiliation file address stored in the directory management information starting from the address, and the type is “02h”, “03h”, “04h” or “05h” and the file ID is equal to the FileID. Search for data file management information (ST32).
[0106]
After ST32, it is confirmed whether or not data file management information has been detected (ST33). If not detected, a file ID designation error abnormal termination response is transmitted to the information communication terminal γ to read the data file. Terminate the process. On the other hand, when the desired data file management information is detected, the head address of this data file management information is set to “FileAddr” (ST35).
[0107]
Furthermore, the type in the data file management information specified by “FileAddr” is set to “FileKind” (ST36). First, the value assigned to “FileKind” is “02h” indicating the general data files f1 and f2. It is confirmed whether or not there is (ST37). If “FileKind” is “02h”, the corresponding general data file f1 or f2 is read (ST38).
[0108]
If the value of “FileKind” is not “02h”, it is further checked whether it is “03h” indicating the circulating data file f3a (ST39). If it is “03h”, reading of the circulating data file f3a is performed. Processing is performed (ST40), and if it is not “03h” indicating the circulating data file f3a, it is continuously checked whether “FileKind” is “04h” or “05h” (ST41).
[0109]
If this “FileKind” is “04h” or “05h” set as the type of the shared data file f3b, the shared data file f3b is read (ST42), and “FileKind” is more than “02h” to If none of “05h” is applicable, an abnormal termination is transmitted to the information processing terminal γ as a data file type designation error (ST43), and the reading process is terminated.
[0110]
Furthermore, the reading process of the general data files f1, f2, the circulation data file f3a, and the shared data file f3b performed in ST38, ST40, and ST42 will be described in order.
[0111]
FIG. 9 is a flowchart showing a general data file read procedure according to this method example. As shown in the figure, in executing the process of reading the general data files f1 and f2 in ST38, first, general data file management information starting with “FileAddr” is specified and stored in the general data file management information. The logical product of the assigned security attribute and “SS” into which the security status in the channel management information previously specified by “Ch” is assigned is calculated, and the result is assigned to “Ans” (ST51).
[0112]
After ST51, it is checked whether or not the result “Ans” of this logical product is “00000000b” (ST52). If “Ans” is “00000000b”, an access right error abnormal end is detected as an insufficient access right. The data is transmitted to the information processing terminal γ (ST53), and the general data file reading process is terminated.
[0113]
On the other hand, if the result of logical product “Ans” is not “00000000b” in ST52, the data address in the general data file management information specified by the address of “FileAddr” is “DataAddr”, and the record length is “RecLen”. Each is substituted (ST54).
[0114]
Subsequently, the address “RecAddr” of the record to be read is
RecAddr = DataAddr + RecLen × (RecNo−1)
(ST55), the first byte of the data starting from “RecAddr” is set as a “tag” (hereinafter referred to as “Tag”) (ST56), and it is confirmed whether or not this “Tag” is “00h”. (ST57).
[0115]
Here, when “Tag” is not “00h”, the data from “RecAddr” to “RecLen” as a normal record and the notification of normal completion of reading of the general data file are sent together to the information processing terminal γ. (ST58), the reading of the general data file is normally terminated.
[0116]
On the other hand, if “Tag” is “00h”, it is determined that the record is a reference from the shared data file f3b, and the record starting from the address specified by “RecAddr”, for example, from the third byte The fourth byte is a directory ID (hereinafter, LDirID) of the directory d3 to which the shared data file f3b belongs, the fifth byte and the sixth byte are the file ID (hereinafter, LFileID) of the shared data file f3b, and the seventh byte is the shared data file f3b. The reference destination record number (hereinafter referred to as LRecNo) (ST59).
[0117]
After ST59, the shared record is read from the general data file (ST60). The read process of the shared record from the general data file will be described in more detail below.
FIG. 10 is a flowchart showing a procedure for reading a shared record from a general data file according to this method example. ST60 will be described with reference to FIG.
[0118]
First, the directory management information having “LDirID” as the directory ID is searched in order from the next directory address in the directory management information having “DirAddr” as the head address, and the head address of the detected directory management information is “LDirAddr”. (ST61).
[0119]
Next, the affiliated file address in the directory management information starting with “LDirAddr” is traced, and the shared data file management information identified by the type “04h” or “05h” and the file ID “LFFileID” is searched. As a result, it is confirmed that the management information of the two shared data files has been detected (ST63).
[0120]
When only one shared data file management information is detected in ST63, the head address of the detected shared data file management information is set to “LFileAddr” (ST64). When the information is detected, the head address of the shared data file management information whose type is “04h” is “LFileAddr1”, and the head address of the shared data file management information whose type is “05h” is “LFileAddr2” (ST65). ).
[0121]
Next, the generation numbers in the two shared data file management information starting with “LFFileAddr1” and “LFFileAddr2” are compared, and the leading address of the larger management information is set to “LFFileAddr” (ST66), thereby “LFFileAddr”. Is determined.
[0122]
After “LFileAddr” is determined in ST64 or ST66, the data address in the shared data file management information having the address of “LFileAddr” as the head address is “LDataAddr”, the circulation start block group number is “LStartBlock”, and the record length Is “LRecLen”, the number of records is “LRecNum”, the block group length is “LBlockLen”, and the number of circular records is “LRRecNum” (ST67).
[0123]
Using the value substituted in ST67, first, the head address “LBlockAddr” of the latest block group is
LBlockAddr = LDataAddr + LBlockLen × (LStartBlock-1)
(ST68).
[0124]
Subsequently, the start address “LRecAddr” of the record indicated by the record number “LRecNo”
LRecAddr = LBlockAddr + LRecLen × (LRecNo−1)
(ST69)
[0125]
Here, it is confirmed whether or not a record having the address of “LRecAddr” obtained from ST69 can be actually read (ST70). If the record can be actually read, data from “LRecAddr” to “LRecLen” is checked. The data for the length is read, and the normal end notification is returned to the information processing terminal γ (ST71).
[0126]
On the other hand, when the record starting from “LRecAddr” obtained by calculation from the memory as real data cannot be read, the head address “LBBlockAddr” of the backup block group is set to
LBBlockAddr = LDataAddr + BlockLen × {(LSStartBlock + LRRecNum−1) mod (LRRecNum + 1)} is calculated and obtained (ST72).
[0127]
Furthermore, the start address “LRecAddr” of the record indicated by the record number “LRecNo”
LRecAddr = LBBlockAddr + LRecLen × (LRecNo−1)
(ST73).
[0128]
Read the data for the length of “LRecLen” from the record having the address of “LRecAddr” as the top address, send it to the information processing terminal γ together with the normal end notification, and respond (ST74). The record reading process ends.
[0129]
Next, FIG. 11 is a flowchart showing a procedure for reading a circular data file according to this method example. As shown in the figure, in executing the process of reading the circular data file f3a in the above-mentioned ST40, first, the security attribute in the data file management information starting with “FileAddr” and the first identified by “Ch” are shown. The logical product with the security status “SS” in the channel management information is calculated and the result is set to “Ans” (ST81).
[0130]
Next, it is confirmed whether or not “Ans” is “00000000b” (ST82). If it is “00000000b”, the information communication terminal γ responds with an abnormal termination of an access right error as an insufficient access right. (ST83), and the reading process of the circular data file is completed.
[0131]
On the other hand, if “Ans” is not “00000000b”, the circulation start record number in the circulation data file management information starting with “FileAddr” is set to “RecStart”, the data address is set to “DataAddr” (ST84), and this “RecStart” is set. Is not “FFh”, and if it is not “FFh”, the record length in the cyclic data file management information starting with “FileAddr” is set to “RecLen” and the number of records is set to “RecNum”. (ST86).
[0132]
Subsequently, the start address “RecAddr” of the desired record to be read is set to RecAddr = DataAddr + RecLen × (RecStart−1)
(ST87), and reads the length indicated by “RecLen” of the record starting from the calculated “RecAddr”, and transmits this to the information processing terminal γ together with the normal end response to read The process ends (ST88).
[0133]
On the other hand, if “RecStart” is “FFh” in ST85, the third byte to the fourth byte of the record having “DataAddr” as the head address are set as the directory ID (hereinafter referred to as LDirID) to which the shared data file belongs. The fifth byte and the sixth byte are used as the file ID (hereinafter referred to as LFileID) of the shared data file (ST89).
[0134]
Thereafter, the shared record is read from the circular data file (ST90). The details of the shared record read procedure from the circular data file are sequentially executed as follows.
FIG. 12 is a flowchart showing a procedure for reading a shared record from a circular data file according to this method example. ST90 will be described with reference to FIG.
[0135]
First, the head address “FileAddr” of the shared data file management information is determined by the process of ST91 to ST96 shown in the figure. For this procedure, the shared record in the general data file shown in FIG. 10 is read. The procedure is the same as ST61 to ST66, and a description thereof is omitted here to avoid repeated description.
[0136]
After “LFileAddr” is determined through the process up to ST94 or ST96, the data address in the shared data file management information starting from the address indicated by “LFileAddr” is “LDataAddr”, and the circulation start block group number is “LStartBlock”. The record length is “LRecLen”, the number of records is “LRecNum”, the number of circular records is “LRRecNum”, the block group length is “LBlockLen”, and the circular record number is “LRRecNo” (ST97).
[0137]
Using the above substituted values, the head address “LBlockAddr” of the latest block group is
LBlockAddr = LDataAddr + LBlockLen × (LStartBlock-1)
(ST98).
[0138]
Furthermore, the head address “LRecAddr” of the record indicated by the record number “LRRecNo”
LRecAddr = LBlockAddr + LRecLen × (LRRecNo−1)
(ST99), and it is confirmed whether the data starting with the calculated “LRecAddr” can be read on the actual memory (ST100).
[0139]
Here, when the data starting from “LRecAddr” can be actually read, the data starting from “LRecAddr” is read for “LRecLen” and transmitted to the information processing apparatus γ together with the normal end notification to perform the reading process. The process ends (ST101).
[0140]
On the other hand, when the data starting from “LRecAddr” cannot be read, the head address “LBBlockAddr” of the backup block group is set to
LBBlockAddr = LDataAddr + LBlockLen × {(LSStartBlock + LRRecNum−1) mod (LRRecNum + 1)}
(ST102).
[0141]
Subsequently, the start address “LRecAddr” of the record indicated by the record number “LRRecNo”
LRecAddr = LBBlockAddr + LRecLen × (LRRecNo−1)
(ST103), the data starting from the head address of “LRecAddr” is read for “LRecLen”, is transmitted as a response to the information processing terminal γ together with a normal end notification (ST104), and the reading process is terminated.
[0142]
Next, FIG. 13 is a flowchart showing a procedure for reading a shared data file according to this method example. As shown in the figure, in executing the process of reading the shared data file f3b in the above-described ST42, first, the data file management information is traced from the belonging file address in the directory management information having “DirAddr” as the head address. The shared data file management information having “FileAddr” as the head address, the type “04h” or “05h”, and “FileID” as the file ID is searched (ST111).
[0143]
Here, it is confirmed whether or not the shared data file management information is detected (ST112), and when the shared data file management information is detected, the head address of the detected shared data file management information is set to “FileAddr ′” ( ST113).
[0144]
The generation number held in the shared data file management information having “FileAddr” as the top address and the shared data file management information having “FileAddr ′” as the top address are compared, and the shared data file management with the larger generation number is compared. The head address of the information is changed to “FileAddr” (ST114).
[0145]
Next, when the shared data file management information is not detected in ST112, or after “FileAddr” is uniquely determined through ST114, the “FileAddr” is included in the shared data file management information having the head address. The directory ID of the record number “RecNo” is assigned to “LDirID”, and the security attribute is assigned to “SA” (ST115).
[0146]
Subsequently, the channel management information is searched for a directory ID equal to “LDirID”, and the logical product of the security status in the searched channel management information and “SA” is calculated to be “Ans”. (ST116), it is confirmed whether this "Ans" is "00000000b" (ST117).
[0147]
Here, if “Ans” is “00000000b”, an access right error abnormal termination is returned to the information processing terminal γ as a lack of access right for this shared data file (ST118), and the process is terminated.
[0148]
On the other hand, when “Ans” is not “00000000b”, the circulation start block group number in the shared data file management information having “FileAddr” as the head address is “StartBlock”, the data address is “DataAddr”, and the number of records Is “RecNum”, the record length is “RecLen”, the block group length is “BlockLen”, and the number of circular records is “RecNum” (ST119).
[0149]
As described above, using the assigned value, the start address “BlockAddr” of the block group to be read is
BlockAddr = DataAddr + BlockLen × (StartBlock-1)
(ST120), and it is confirmed whether or not a block group having the calculated “BlockAddr” address as the head address can be read (ST121).
[0150]
When a block group having “BlockAddr” as the head address can be read, the head address “RecAddr” of the record indicated by the record number “RecNo” delivered earlier is
RecAddr = BlockAddr + RecLen × (RecNo−1)
(ST122).
[0151]
Using this calculated “RecAddr” as the head address, data for the length “RecLen” is read, the read data is transmitted to the information processing terminal γ, and a normal end response is sent (ST123), and the shared data file f3b is read. The reading process ends.
[0152]
On the other hand, when the data starting from “BlockAddr” cannot be read in ST121, the head address “BBlockAddr” of the backup block group is set to
BBlockAddr = DataAddr + BlockLen × {(StartBlock + RRecNum−1) mod (RRecNum + 1)}
(ST124).
[0153]
Subsequently, the head address “RecAddr” of the record indicated by the record number “RecNo” delivered earlier is
RecAddr = BBlockAddr + RecRen × (RecNo−1) is calculated using the formula (ST125), “RecAddr” is used as a head address, data of “RecLen” length is read, and a normal end notification and response to the information processing terminal γ (ST126) and the reading process is terminated.
[0154]
Next, FIG. 14 is a flowchart showing a procedure for adding / rewriting a data file according to this example method. A procedure for adding or rewriting the data files f1, f2, f3a, and f3b will be described with reference to FIG.
First, the IC card α in this method example has a 1-byte channel number (hereinafter referred to as Ch) as an argument, a 2-byte data file ID (hereinafter referred to as FileID), a 1-byte record number (hereinafter referred to as RecNo), and a plurality of bytes. Of the rewriting data (hereinafter referred to as “WriteData”) is received from the information processing terminal γ.
[0155]
In the following, the process shown in the figure is performed, but the process of ST131 to ST143 corresponds to each process of ST31 to ST43 shown in FIG. 8, and the read command is replaced with an append or rewrite command. There is no explanation to avoid repetition. In addition, each process of ST138, ST140, and ST142 will be described in order below.
[0156]
FIG. 15 is a flowchart showing a procedure for adding and rewriting a general data file according to this method example. As shown in the figure, when the general data files f1 and f2 are added or rewritten in ST138, the processes of ST151 to ST157 corresponding to ST51 to ST57 shown in FIG. 9 are sequentially performed.
[0157]
After that, when “Tag” is not equal to “01h” in ST157, “WriteData” is written in the length of “RecLen” with “RecAddr” as the head address, and a normal end notification is sent to information processing terminal γ as a response. (ST158), and the procedure for appending or writing the general data files f1 and f2 is completed.
[0158]
On the other hand, if “Tag” is “01h” in ST157, the third to fourth bytes of the record starting with “RecAddr” are replaced with the directory ID of the directory d3 to which the shared data file f3b belongs, as in ST59. The file ID and the record number are extracted and set as “LDirID”, “LFileID”, and “LRecNo”, respectively (ST159).
[0159]
Next, the process of adding or rewriting the shared record from the general data file (ST160) will be described.
FIG. 16 is a flowchart showing a procedure for adding / rewriting a shared record from a general data file according to this method example. ST160 will be described with reference to the same figure, but ST161 to ST167 in FIG. 10 correspond to ST61 to ST67 in FIG.
[0160]
After ST167, the head address “LBlockAddr” of the latest block group is
LBlockAddr = LDataAddr + LBlockLen × (LStartBlock-1)
In addition, the top address “LBBlockAddr” of the backup block group is calculated by
LBBlockAddr = LDataAddr + LBlockLen × {(LSStartBlock + LRRecNum−1) mod (LRRecNum + 1)}
(ST168).
[0161]
Thereafter, the start address “LTRecData” of the record indicated by the record number “LRecNo” in the temporary file data is
LTRecData = LRecLen × (LRecNo-1)
(ST169), it is confirmed whether or not the block group having “LBlockAddr” calculated in ST168 as a start address can be read (ST170).
[0162]
Here, when the block group starting from “LBBlockAddr” cannot be read, the block group starting from “LBBlockAddr” is copied to the temporary file data (ST171). Along with the temporary file data, the data is copied to a block group starting from “LBBlockAddr” (ST172).
[0163]
After copying to the temporary file data through ST171 or ST172, “WriteData” is written for the record length “LRecLen” from “LTRecData” of this temporary file data (ST173), and the contents of the temporary file data are stored in “LBlockAddr”. It duplicates (ST174), transmits a normal end response to the information processing terminal γ (ST175), and ends the appending or rewriting process.
[0164]
Next, FIG. 17 is a flowchart showing a procedure for rewriting a circulating data file according to this method example. As shown in the figure, when executing the rewriting process of the circular data file f3a in the above-described ST140, first, ST181 to ST185 are the same as ST81 to ST85 shown in FIG. To do.
[0165]
If “RecStart” is not “FFh” in ST185, the record length in the circular data file management information having “FileAddr” as the head address is set to “RecLen”, and the number of records is set to “RecNum” (ST186). Set the start address of the desired record to be rewritten to “RecAddr”
RecAddr = DataAddr + RecLen × {(RecStart + RecNum + RecNo−1) mod RecNum}
(ST188).
[0166]
For the record having the calculated “RecAddr” as the head address, “WriteData” is written in the area of the length “RecLen”, and after the above process is normally completed, a rewrite normal end notification is sent to the information processing terminal γ. As a response (ST189).
[0167]
On the other hand, when “RecStart” is “FFh” in ST185, the rewrite processing of the shared record in the circular record is executed. First, from the third byte of the record starting with “DirAddr” The 4 bytes are set as the directory ID (hereinafter referred to as LirID) of the directory d3 to which the shared data file belongs, and the 5th and 6th bytes are set as the file ID of the shared data file (hereinafter referred to as LFileID) (ST190).
[0168]
Here, it is confirmed whether or not the record number “RecNo” delivered first is “01h” (ST191). If “RecNo” is not “01h”, an abnormal response is transmitted as a record number designation error. (ST192), the circular file rewriting process is terminated. On the other hand, if “RecNo” is “01h” in ST191, the shared record is rewritten from the circular data file (ST193).
[0169]
FIG. 18 is a flowchart showing the shared record rewriting procedure from the circular data file according to this method example.
Subsequently, the rewriting procedure of the circular data file in ST193 will be described in detail, but ST201 to ST206 shown in the figure are the same as the processing procedure of ST91 to ST96 shown in FIG. Is omitted.
[0170]
After “LFileAddr” is uniquely determined in ST204 or ST206, the data address in the shared data file management information having “LFFileAddr” as the head address is “LDataAddr”, the circulation start block group number is “LStartBlock”, and the record The length is set to “LRecLen”, the block length is set to “LBlockLen”, and the number of circular records is set to “LRRecNum” (ST207).
[0171]
Subsequently, for example, the head address “LBlockAddr” of the latest block group indicated by the record number 1 is
LBlockAddr = LDataAddr + LBlockLen × (LStartBlock-1)
It is calculated from the following formula.
[0172]
In addition, the head address “LBBlockAddr” of the backup block group is
LBBlockAddr = LDataAddr + LBlockLen × {(LSStartBlock + LRRecNum−1) mod (LRRecNum + 1)}
It calculates using the value previously substituted in the equation (ST208).
[0173]
Here, it is confirmed whether the data area having the calculated “LBBlockAddr” as the head address is actually readable (ST209). If the data area cannot be read, the block having “LBBlockAddr” as the head address is checked. The contents of the group are copied to temporary file data (ST210). On the other hand, when the block group starting from “LBBlockAddr” can be read, the contents of this block group are copied to the temporary file data and the block group starting from “LBBlockAddr” (ST211).
[0174]
After replicating new data to the temporary file data through ST210 or ST211, the start address “LTRecData” of the record indicated by the record number “LRecNo” in the temporary file data is
LTRecData = LRecLen × (LRecNo-1)
(ST212).
[0175]
After that, “WriteData” is written from the “LTRecData” in the temporary file data to the record length “LRecLen” (ST213), and then the contents of the temporary file data are copied to a block group having “LBlockAddr” as the head address (ST214). ) A normal end response is transmitted to the information processing terminal γ (ST215), and the rewriting process is ended.
[0176]
Subsequently, FIG. 19 is a flowchart showing a rewrite procedure of the shared data file according to the present method example. As shown in the figure, in executing the process of rewriting the shared data file f3b in the above-described ST142, first, the steps from ST221 to ST229 are the same as the steps ST111 to ST119 shown in FIG. Is omitted.
[0177]
Using the value substituted in ST229, the head address “BlockAddr” of the latest block group is
BlockAddr = DataAddr + BlockLen × {(StartBlock + RRecNum−1) mod (RRecNum + 1)}
It is calculated from the following formula.
[0178]
Furthermore, the head address “BBlockAddr” of the backup block group is set to
BBlockAddr = DataAddr + BlockLen × {(StartBlock + RRecNum−1) mod (RRecNum + 1)}
(ST230). Here, it is confirmed whether or not a block group having “BlockAddr” obtained by calculation as a leading address can be read (ST231).
[0179]
If the block group starting from “BlockAddr” cannot be read in ST231, the block group starting from “BBlockAddr” is copied to temporary file data (ST232). The contents are copied to the temporary file data and the area having “BBlockAddr” as the head address (ST233).
[0180]
After copying to the temporary file data via ST232 or ST233, the start address “TRecData” of the record indicated by the record number “RecNo” in the temporary data file is
TRecData = RecLen × (RecNo−1)
(ST234).
[0181]
Subsequently, “WriteData” is written from the “TRecData” in the temporary file data to the record length “RecLen” (ST235), the contents of the temporary file data are copied to “BlockAddr” (ST236), and after the processing of ST236 is completed Then, a normal termination response is transmitted to the information processing terminal γ (ST237), and the rewriting process is terminated.
[0182]
Next, the procedure for appending data files f1, f2, f3a, and f3b according to the present method example will be described. The procedure for specifying a predetermined data file after receiving the append command is the same as the procedure shown in FIG. The description is omitted. In particular, the additional recording procedure for the general data files f1 and f2 is to follow the procedures shown in FIGS. Here, additional writing of the circulating data file f3a and the shared data file f3b will be described in order.
[0183]
FIG. 20 is a flowchart showing a procedure for adding a circular data file according to this method example. As shown in the figure, when executing the additional recording process of the circular data file f3b in the above-described ST140, first, it is confirmed whether or not the record number “RecNo” delivered as an argument is “01h” (ST241). ), If not “01h”, an abnormal response is transmitted as a record number error (ST242), and the additional writing process is terminated.
[0184]
On the other hand, if “RecNo” is “01h” in ST241, the following steps ST243 to ST247, that is, steps similar to ST81 to ST85 shown in FIG. 11 or ST181 to ST185 shown in FIG. Therefore, the description here is omitted.
[0185]
Subsequently, if “RecStart” is not “FFh” in ST247, first, the record length in the circular data file management information having “FileAddr” as the head address is “RecLen”, and the number of records is “RecNum”. (ST248).
[0186]
Next, the address “RecAddr” of the record to be added is
RecAddr = DataAddr + RecLen × {(RecStart + RecNum−2) mod RecNum}
(ST249), “WriteData” is written in an area from “RecAddr” to the length “RecLen” (ST250).
[0187]
After that, a new circulation start record number “RecNum ′” for newly updating
RecNum ′ = (RecStart + RecNum−2) mod RecNum−1
(ST251).
[0188]
Subsequently, the circulation start record number in the circulation data file management information starting from “FileAddr” is updated and rewritten to “RecNum ′” (ST252), and a response is sent to the information processing terminal γ as a normal end notification after completion of ST252. Then, the additional recording process is terminated.
[0189]
On the other hand, if “RecStart” is “FFh” in ST247, first, the 3rd to 4th bytes of the record starting with “DataAddr” are set to the directory ID of the directory to which the shared data file belongs, “LDirID”, The file ID of the shared data file is set as “LFileID” in the fifth byte and the sixth byte (ST254), and the process of adding the shared record from the circular data file is executed (ST255).
[0190]
FIG. 21 is a flowchart showing a procedure for adding a shared record from a circular data file according to this method example.
Subsequently, the procedure for adding a circular data file in ST255 will be described in detail. However, ST261 to ST269 shown in the figure are the same processing as ST201 to ST209 shown in FIG. 18, and the description thereof is omitted. However, when the generation numbers are compared in ST266, the head address of the shared data file management information with the smaller generation number is set to “LFileAddr ′”.
[0191]
After ST269, if the block group starting with “LBBlockAddr” cannot be read, the contents of the block group starting with “LBBlockAddr” are copied to the block group starting with “LBBlockAddr” and the temporary file data. On the other hand, if it can be read, the contents of the block group starting from “LBlockAddr” are copied to the temporary file data (ST271).
[0192]
After being copied to the temporary data file through ST270 or ST271, the head address “LTRecAddr” of the record indicated by the record number “LRRecNo” in the temporary file data is
LTRecAddr = LRecLen × (LRRecNo−1)
(ST272).
[0193]
Thereafter, “WriteData” is written in an area corresponding to the record length “LRecLen” with “LTRecAddr” calculated in ST272 in the temporary file data as the start address (ST273), and the contents of this temporary data file are changed from “LBBlockAddr”. In addition to copying to the starting block group (ST274), the shared data file management information starting from “LFFileAddr” is copied to the temporary shared data file management information (ST275).
[0194]
Subsequently, a new circulation start block number “LStartBlock ′” for newly updating
(LStartBlock + LRRecNum-1) mod (LRRecNum + 1)
This is calculated using the following formula.
[0195]
In addition, a new generation number “LHNum ′” is assigned to the existing generation number “LHNum” in the shared data file management information.
LHNum '= LHNum + 1
The cycle start block group number in the temporary shared data file management information is changed to “LStartBlock ′” and the generation number is changed to “LHNum ′” (ST277).
[0196]
Thereafter, the temporary shared data file management information is copied to a block group having “LFFileAddr ′” determined in ST266 as the head address (ST278), and after the processing up to ST278 is completed, the information processing terminal γ A response is transmitted as a notification of normal termination (ST279), and the shared record appending process in the circular data file is terminated.
[0197]
Next, FIG. 22 is a flowchart showing a procedure for appending a shared data file according to this method example. As shown in the figure, in executing the process of additionally writing the shared data file f3b in the above-described ST142, the procedure from ST281 to ST287 is the same as the procedure from ST221 to ST227 shown in FIG. Although the description thereof is omitted, when the generation numbers are compared in ST284, the head address of the shared data file management information with the smaller generation number is set to “LFileAddr ′”.
[0198]
When the logical product solution “Ans” is “00000000b” in ST287, a response is made to notify the information processing terminal γ of abnormal termination due to insufficient access right as in ST228 (ST288). On the other hand, if it is not “00000000b”, the circulation start block group number in the shared data file management information having “FileAddr” as the head address is “StartBlock”, the data address is “DataAddr”, the number of records is “RecNum”, The record length is “RecLen”, the block group length is “BlockLen”, the number of circular records is “RRecNum”, and the circular record number is “RRecNo” (ST289).
[0199]
Subsequently, it is checked whether or not “RecNo” indicating the target of additional recording previously passed as an argument is equal to the circular record number “RRecNo” (ST290). Is executed (ST291), and if they are equal, a circular record is additionally written (ST292). Here, the procedure of ST291 can be executed according to the procedure of ST230 to ST237 shown in FIG.
[0200]
FIG. 23 is a flowchart showing a procedure for adding a circular record of a shared data file. ST292 shown in FIG. 22 will be described with reference to FIG. As shown in the figure, first, the head address “BlockAddr” of the latest block group is set to
BlockAddr = DataAddr + BlockLen × (StartBlock-1)
It is calculated from the following formula.
[0201]
Furthermore, the head address “BBlockAddr” of the backup block group is set to
BBlockAddr = DataAddr + BlockLen × {(StartBlock + RRecNum−1) mod (RRecNum + 1)}
(ST301).
[0202]
Next, it is confirmed whether or not the block group having the calculated “BlockAddr” as the head address can be read (ST302). If the block group cannot be read, the contents of the block group having the “BBlockAddr” as the head address are changed to “BlockAddr”. Are copied to the block group starting with "and temporary file data" (ST303). On the other hand, if it can be read, the contents of the block group starting from “BlockAddr” are copied to the temporary file data (ST304).
[0203]
The head address “TRecAddr” of the record indicated by the record number “RRecNo” in the temporary file data duplicated in ST303 or ST304,
TRecAddr = RecLen × (RRecNo−1)
(ST305), “WriteData” is written in an area corresponding to the record length “RecLen” from “TRecAddr” (ST306).
[0204]
Further, after copying the contents of the temporary shared data file management information to a block group starting from “BBlockAddr” (ST307), the contents of the shared data file management information starting from “FileAddr” are copied to the temporary shared data file management information (ST308). ).
[0205]
Subsequently, a new circulation start block group number “StartBlock ′” to be newly updated is
StartBlock ′ = (StartBlock + RRecNum−1) mod (RRecNum + 1)
This is calculated using the following formula.
[0206]
In addition, a new generation number “LHNum ′” is added to the existing generation number “LHNum”.
LHNum '= LHNum + 1
(ST309), the circulation start block group number in the temporary shared data file management information is updated to “StartBlock ′”, and the generation number is updated to “LHNum ′” (ST310).
[0207]
Thereafter, the temporary shared data file management information is duplicated in a block group having “LFFileAddr ′” determined in ST284 as the top address (ST311), and after completing up to ST311, a response is sent as a normal end notification to the information processing terminal γ. (ST312), and the appending process is terminated.
[0208]
As described above, the embodiments of the present invention have been described with reference to apparatus examples and method examples, but the present invention is not necessarily limited only to the above-described means and methods, and within the scope of the effects described below. Changes can be made as appropriate.
[0209]
【The invention's effect】
As described above in detail, according to the present invention, in an IC card equipped with a general non-volatile memory such as EEPROM, by reading and writing data dispersed in a plurality of files as one shared data file, The processing time can be greatly shortened, and data can be distributed and managed in multiple files according to the read / write frequency of data stored in the card and the data length without extending the processing time. .
[0210]
In addition, services of multiple operators can be provided on a single IC card, such as a ticket for a transportation system in which multiple operators are sharing on an IC card, or a private sector sharing an ID card issued by a public institution. Even in the case of loading, the processing time can be shortened by using the common data as a shared data file.
[0211]
In addition, when power is lost while writing data to a non-contact IC card, when the required write guarantee function is realized for the shared data file, it can be used as a ticket for transportation, etc. Even when the power supply is unstable, such as when an IC card is passed over a reader / writer, data can be rewritten with peace of mind.
[0212]
In addition, data files other than the shared data file can be compatible with an IC card conforming to the international standard ISO / IEC7816. For example, a program based on the present invention is added to the nonvolatile memory of the IC card. Thus, it becomes possible to expand the conventional function.
[Brief description of the drawings]
FIG. 1 is a functional configuration diagram of an IC card according to an apparatus example of the present invention, and a functional configuration diagram of a reader / writer and an information processing terminal for operating the IC card.
FIG. 2 is a diagram showing a data file structure adopted in the EEPROM shown in FIG. 1;
FIG. 3 is a diagram showing a logical configuration of directory and data file management information in the EEPROM.
FIG. 4 is a diagram showing the physical configuration of the EEPROM.
FIG. 5 is a diagram showing a logical configuration of a channel, temporary shared data file management information, and temporary file data in the RAM.
FIG. 6 is a flowchart showing a directory selection procedure according to an example method of the present invention.
FIG. 7 is a flowchart showing a key collating procedure.
FIG. 8 is a flowchart showing a procedure for reading a data file.
FIG. 9 is a flowchart showing a procedure for reading a general data file.
FIG. 10 is a flowchart showing a procedure for reading a shared record from a general data file.
FIG. 11 is a flowchart showing a procedure for reading a circular data file.
FIG. 12 is a flowchart showing a procedure for reading a shared record from a circular data file.
FIG. 13 is a flowchart showing a shared data file read procedure;
FIG. 14 is a flowchart showing a procedure for adding / rewriting a data file.
FIG. 15 is a flowchart showing a general data file additional recording / rewriting procedure.
FIG. 16 is a flowchart showing a procedure for appending and rewriting a shared record from a general data file.
FIG. 17 is a flowchart showing the rewrite procedure of the circulating data file.
FIG. 18 is a flowchart showing a shared record rewrite procedure from a circular data file.
FIG. 19 is a flowchart showing a shared data file rewrite procedure.
FIG. 20 is a flowchart showing a procedure for adding a circular data file to the above.
FIG. 21 is a flowchart showing a procedure for adding a shared record from a circular data file.
FIG. 22 is a flowchart showing a procedure for appending a shared data file to the above.
FIG. 23 is a flowchart showing a procedure for adding a circular record of a shared data file to the above.
[Explanation of symbols]
α ... IC card
β… Reader / Writer
γ ... Information processing terminal
1 ... IC chip
2 ... Antenna
11 ... CPU
12 ... ROM
13 ... RAM
14… EEPROM
15 ... RF section
d0 ... directory (root directory)
d1, d2, d3 ... directory
f1, f2 ... General data file
f3a ... Circular data file
f3b ... Shared data file
k1, k2, k3 ... key file

Claims (10)

Applied to an IC card containing a non-volatile memory with multiple bytes as a rewrite unit, each of which holds a data file with an identifiable file identifier and is arranged in the memory with the same length And a memory management method for referring to a shared record included in a shared data file from the record held by the data file when referring to a record that can be identified by a record number,
In the IC card,
Receiving a read, rewrite or append execution command with the file identifier and the record number as arguments,
With reference to the shared record of the shared data file having the same record length as the one or more records identified by the record number held by the data file,
The data file is managed so that the data recorded in the referenced shared record can be read, rewritten or additionally written corresponding to the execution instruction.
A memory management method in an IC card. The reference to the shared record of the shared data file is
In the data file, for each record to be held, reference management information for storing a record identifier indicating a record sharing state set with the shared record as a reference destination is updated as needed,
From the record identifier, when the record is set to a record sharing state with the shared record as a reference destination,
Refer to the corresponding shared record as the data of the record,
The memory management method for an IC card according to claim 1. The execution of the reading, rewriting or appending is as follows:
In the reference management information, the file identifier of the shared data file set as the reference destination of the record and the record number of the shared record of the reference destination are stored in advance.
When the reference management information of the record indicating the shared record state is read, the execution instruction is supported for the shared record of the shared data file identified from the file identifier and the record number The memory management method for an IC card according to claim 2, wherein the read, rewrite, or additional writing is performed. The execution of the reading, rewriting or appending is as follows:
In the reference management information, holding access right information for managing the access right to the record together,
When the reference management information to the record indicating the shared record state is read,
For the execution instruction received earlier, based on the access right information, confirm the access right to the record,
Only when the access right is satisfied, read, rewrite or append corresponding to the execution instruction for the record is executed.
4. The memory management method for an IC card according to claim 2, wherein the memory management method is used. The record reference is
The plurality of data files are stored in advance as a tree structure belonging to a directory to which a unique directory identifier is assigned in the IC card, and the data file to which the data file selected and designated as the target of the execution instruction belongs The directory identifier of the directory is held so that it can be updated at any time as channel management information that can be identified by the channel number,
When the channel number, the file identifier, and the record number are received, the directory identifier is read from the channel management information specified by the channel number,
Identifying the data file belonging to the directory identified from the directory identifier from the file identifier;
5. The memory management method for an IC card according to claim 1, wherein the record specified by the record number is referred to from the data file. An IC card containing a non-volatile memory having multiple bytes as a rewrite unit,
A plurality of memories arranged and stored in the same length, each of which includes a record that can be identified by a record number, each storing a data file with an identifiable file identifier;
Data file reference means for referencing a shared record in a shared data file having the same record length as the record in the data file as data of the data file;
From the file identifier and the record number, an execution instruction for reading, rewriting or appending to the data specified by the data file reference means is received, and the corresponding reading, rewriting or appending corresponding to the execution instruction is received An execution command processing means for executing an execution command;
IC card characterized by that . The data file is
For each of the records to be held, the data file reference means indicates a record sharing state set with the shared record as a reference destination, and includes reference management information for storing a record identifier that can be updated at any time.
The IC card according to claim 6 . The reference management information is
Including the file identifier of the shared data file of the reference destination and the record number of the shared record of the reference destination;
The IC card according to claim 7 . The reference management information is
Including access right information stored so as to be able to confirm whether or not to allow access to the record,
The IC card according to claim 7 or 8 , wherein The memory is
Holding and managing the data file as a tree structure belonging to a directory with a unique directory identifier in the IC card;
Selection of the directory to which the data file belongs by continuously holding the directory identifier and an identifiable channel number until the other directory identifier is newly received and updated together with the same channel number. Holds channel management information indicating the situation,
Comprising memory management means;
The IC card according to claim 6, 7, 8, or 9 .

Images