JP6039036B2 - IC card, portable electronic device, and control method of IC card - Google Patents

Description

  Embodiments described herein relate generally to an IC card, a portable electronic device, and an IC card control method.

  The IC card manages a plurality of files stored in the memory in a hierarchical structure. The IC card accesses each file according to the established security status. Conventionally, when security status is established for a higher-level file, the IC card can inherit the established security status for each lower-level file belonging to the file. However, in the conventional IC card, the security status cannot be inherited to a file higher in the hierarchy than the file having established security status or a file in the same hierarchy.

JP 2002-312741 A

  An object of the embodiments of the present invention is to provide an IC card, a portable electronic device, and an IC card control method capable of efficiently operating security status.

  According to the embodiment, the IC card includes communication means, data storage means, selection means, and inheritance means. The communication means performs data communication with an external device. The data storage means stores a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, and information related to inheritance of keys used for secure messaging between a plurality of folders. When the selection unit receives a command requesting the selection of the second folder by the communication unit while the first folder is selected, the selection unit sets the second folder specified by the command to a selected state. The inheritance unit uses the first folder for secure messaging established during selection when there is information in the data storage unit that inherits a key used for secure messaging from the first folder to the second folder. The key is inherited also to the second folder selected by the selection means.

FIG. 1 is a diagram illustrating a configuration example of an IC card processing apparatus that communicates with an IC card according to the present embodiment. FIG. 2 is a block diagram illustrating a configuration example of the IC card according to the present embodiment. FIG. 3 is a diagram showing an example of a file stored in the data memory of the IC card according to the present embodiment. FIG. 4 is a diagram illustrating a configuration example of a selection command supplied to the IC card according to the present embodiment. FIG. 5 is a diagram illustrating a configuration example of a response output as a response to the selection command by the IC card according to the present embodiment. FIG. 6 is a diagram showing an example of information indicating the DF selection state and security status stored in the RAM of the IC card according to the present embodiment. FIG. 7 is a flowchart for explaining a first processing example in the IC card according to the present embodiment. FIG. 8 is a flowchart for explaining a second processing example in the IC card according to the present embodiment.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram schematically showing a configuration example of an IC card (portable electronic device) 2 according to the present embodiment and an IC card processing device 1 as an external device having a communication function with the IC card 2. It is.
First, the configuration of the IC card processing apparatus 1 will be described.
As shown in FIG. 1, the IC card processing device 1 includes a terminal device 11, a card reader / writer 12, a keyboard 13, a display 14, a printer 15, and the like.

The terminal device 11 controls the operation of the entire IC card processing device 1. The terminal device 11 includes a CPU, various memories, various interfaces, and the like. For example, the terminal device 11 is configured by a personal computer (PC).
The terminal device 11 has a function of transmitting a command to the IC card 2 by the card reader / writer 12 and a function of performing various processes based on data received from the IC card 2. For example, the terminal device 11 performs control to write data to the nonvolatile memory in the IC card 2 by transmitting a data write command to the IC card 2 via the card reader / writer 12. In addition, the terminal device 11 performs control to read data from the IC card 2 by transmitting a read command to the IC card 2.

  The card reader / writer 12 is an interface device for communicating with the IC card 2. The card reader / writer 12 is configured by an interface corresponding to the communication method of the IC card 2. For example, when the IC card 2 is a contact type IC card, the card reader / writer 12 is configured by a contact portion for physically and electrically connecting with a contact portion of the IC card 2. When the IC card 2 is a non-contact type IC card, the card reader / writer 12 includes an antenna for performing wireless communication with the IC card 2 and communication control. The card reader / writer 12 performs power supply, clock supply, reset control, and data transmission / reception with respect to the IC card 2. With such a function, the card reader / writer 12 performs activation (activation) of the IC card 2, transmission of various commands, reception of responses to the transmitted commands, and the like based on control by the terminal device 11.

  The keyboard 13 functions as an operation unit operated by an operator of the IC card processing apparatus 1, and various operation instructions and data are input by the operator. The display 14 is a display device that displays various information under the control of the terminal device 11. The printer 15 is for printing out various data such as processing results.

Next, a configuration example of the IC card 2 will be described.
The IC card 2 is activated (becomes operable) upon receiving power supply from a host device such as the IC card processing device 1. For example, when the IC card 2 is connected to the IC card processing device 1 by contact-type communication, that is, when the IC card 2 is a contact-type IC card, the IC card 2 passes through a contact portion as a communication interface. The IC card processing apparatus 1 is activated upon receipt of an operation power supply and an operation clock.

  Further, when the IC card 2 is connected to the IC card processing apparatus 1 by a non-contact type communication method, that is, when the IC card 2 is a non-contact type IC card, the IC card 2 is an antenna as a communication interface. Then, a radio wave from the IC card processing apparatus 1 is received via a modem circuit and the like, and an operation power and an operation clock are generated from the radio wave by a power supply unit (not shown) and activated.

FIG. 2 is a block diagram schematically showing a hardware configuration example of the IC card 2 according to the present embodiment.
The IC card 2 includes a module M in a card-like casing (main body) B formed of plastic or the like. The module M is integrally formed in a state where one or a plurality of IC chips C and a communication external interface (communication interface) are connected, and is embedded in the main body B. As shown in FIG. 2, the module M of the IC card 2 includes a control element 21, a data memory 22, a working memory 23, a program memory 24, a communication unit 25, and the like.

  The control element 21 controls the entire IC card 2. The control element 21 realizes various functions by operating based on the control program and control data stored in the program memory 24 or the data memory 22. For example, the control element 21 performs basic operation control of the IC card 2 by executing an operating system program. Further, the control element 21 performs various operation controls according to the operation mode of the IC card 2 by executing an application program corresponding to the purpose of use of the IC card 2.

  The data memory 22 is configured by a nonvolatile memory capable of writing and rewriting data, such as an EEPROM (registered trademark) (Electrically Erasable Programmable Read-Only Memory) or a flash ROM. In the data memory 22, a control program or various data corresponding to the usage application of the IC card 2 is written. In the data memory 22, various files corresponding to the standard of the IC card 2 are defined, and various data are written in these files. An example of the file stored in the data memory 22 will be described later.

  The working memory 23 is a volatile memory such as a RAM. The working memory (RAM) 23 functions as a buffer for temporarily storing data being processed by the control element 21. The working memory 23 is provided with various tables indicating the access status to each file, the usage status of the communication channel, and the processing status. An example of a table provided in the working memory 23 will be described later.

  The program memory 24 is a non-volatile memory such as a mask ROM in which a control program and control data are stored in advance. The program memory (ROM) 24 is incorporated in the IC card 2 in a state where a control program or control data is stored in the manufacturing stage of the IC card. That is, the control program or control data stored in the program memory 24 governs the basic operation of the IC card, and is incorporated in advance according to the specifications of the IC card 2.

  The communication unit 25 is an interface for communicating with the card reader / writer 12 of the IC card processing apparatus 1. When the IC card 2 is realized as a contact type IC card, the communication unit 25 performs communication control for transmitting and receiving signals in physical and electrical contact with the card reader / writer 12 of the IC card processing device 1. Part and a contact part. When the IC card 2 is realized as a non-contact type IC card, the communication unit 25 includes a communication control unit such as a modulation / demodulation circuit for performing wireless communication with the card reader / writer 12 of the IC card processing device 1 and It consists of an antenna for transmitting and receiving radio waves.

Next, the management structure of files stored in the data memory 22 will be described.
Files stored in the data memory 22 of the IC card are managed in a hierarchical structure. For example, in ISO / IEC 7816-4 which is one of IC card standards, the file stored in the data memory 22 is any of MF (Master File), DF (Dedicated File), and EF (Elementary File). Is defined as MF corresponds to a root directory. In the lower hierarchy of MF, DF (folder) and EF (data file) are defined. The DF corresponds to a directory and functions as a folder. DF and EF can be included in the lower hierarchy of DF. With this configuration, the IC card can manage files in a hierarchical structure with MF as the highest level. MF, DF, and EF are selected and used.

FIG. 3 is a diagram illustrating an example of a file managed in a hierarchical structure.
In the example shown in FIG. 3, MF301, DF (DF (A)) 302, EF (EF (A)) 304, DF (DF (B)) 305, EF (EF (B)) 307, DF (DF (C )) The management form of the hierarchical structure for each file of 305, EF (EF (C)) is shown. In the example shown in FIG. 3, DF (A) 302, DF (B) 305, and DF (C) 308 exist in the next layer after the master file (MF) 301 in the top layer.

  Further, DF (A) 302 is under DF (A) 302, EF (B) 307 is under DF (B) 305, and EF (C) 310 is under DF (C) 308. There is. For example, each DF stores data for realizing one application included in the IC card 2. A C card that realizes a plurality of functions by a plurality of applications may be provided with a plurality of DFs corresponding to each application in the data memory 22.

  Each DF 302, 305, and 308 is provided with FCI (File Control Information) 303, 306, and 309, respectively. FCIs 303, 306, and 309 are control information related to the corresponding DFs 302, 305, and 308, respectively. For example, information such as the security status (security condition) in the corresponding EF is stored in the FCIs 303, 306, and 309. Note that FCI may also be defined by ISO / IEC 7816-4, which is one of the IC card standards.

Next, a configuration example of command data (simply referred to as a command) supplied to the IC card 2 will be described.
FIG. 4 is a configuration example of a selection command (SELECT command) for requesting file selection. FIG. 4 shows a configuration example of a selection command defined in ISO / IEC 7816-4. The selection command shown in FIG. 4 conforms to the Command Application Protocol Data Unit format defined in ISO / IEC 7816-3.

  In the example shown in FIG. 4, the commands are “Class byte (CLA)” 401, “Instruction byte (INS)” 402, “P1” 403, “P2” 404, “Lc” 405, “Data”. ”Section 406 and“ Le ”section 407. The CLA unit 401 and the INS unit 402 store information indicating the type of command. The P1 unit 403 and the P2 unit 404 store parameters for command processing. The Lc unit 405 stores information indicating the length of the Data unit 406. The Data unit 406 stores data used for commands. The Le unit 407 stores information for checking a command.

  For example, in the selection command, information as shown in FIG. 4 is stored in each part. In the Data section 406 in the selection command, a file name to be selected is stored. In the example shown in FIG. 4, “A0 00 01” is stored as the DF name in the “Data” portion.

Next, the structure of response data (also simply referred to as a response) for a command will be described.
FIG. 5 is a diagram illustrating a configuration example of a response to the selection command.
The response has a data part and a status part. The data part in the response stores data indicating the execution result of the command and the like, and the status part stores a status indicating success or failure of processing for the command.

  In the example shown in FIG. 5, the data portion of the response is a TLV in which an identifier (tag) 501, length information (length) 502, and a data portion (Value) 503 are sequentially connected. It is structured object data. Furthermore, data (child data) including a tag 511, a length 512, and a value 513 is stored in the data portion (parent data value) 503 shown in FIG. Further, the value 513 of the child data shown in FIG. 5 includes first data (first grandchild data) including a tag 521, a length 522, and a value 523, and second data including a tag 531, a length 532, and a value 533. (Second grandchild data) are stored. Note that the data structure shown in 501 to 533 is a structure of a structured data object (Constructed Data Object) defined in ISO / IEC 7816-4.

  FIG. 5 shows a specific example of a response to the selection command. Data portions 501 to 533 shown in FIG. 5 are FCIs of the file selected by the selection command. That is, in the example shown in FIG. 5, the tag 501 is the identifier of the FCI of the selected file, the length 502 indicates the length of the entire FCI of the selected file, and the value 503 is actual data in the FCI of the selected file. In the example shown in FIG. 5, the value 503 includes data indicating inheritance of the security status for the selected file.

  For example, the data (first grandchild data) indicated by the tag 521 is TLV data that stores information indicating a file that is the inheritance source of the security status or the inheritance destination of the security status for the selected file. In the example shown in FIG. 5, the tag 521 is an identifier of the first grandchild data. The length 522 is information indicating the length of the value 523 that follows. Value 523 is information (DF name tag) indicating a file that is a security status inheritance source or a security status inheritance destination.

  Data (second grandchild data) indicated by the tag 531 is TLV data 531, 532, and 533 storing data indicating the inheritance condition of the security status. In the example shown in FIG. 5, the tag 531 is an identifier of the second grandchild data. The length 532 is information indicating the length of the value 533 that follows. The value 533 identifies whether to inherit the security status at the time of verification, the security status at the time of authentication, or the session key and condition of secure messaging in the inheritance of the security status. This is information indicating “security status inheritance condition”. For example, the value 533 may be composed of 1-byte data, with bit 8 indicating authentication, bit 7 indicating verification, and bit 6 indicating inheritance of a session key for secure messaging.

Next, information stored in the working memory 23 after the command is executed will be described.
FIG. 6 is a diagram illustrating an example of information stored in the working memory 23 after executing the selection command. FIG. 6 shows an example of information indicating the DF selection state and security status stored in the RAM of the IC card according to the present embodiment.

  In the example shown in FIG. 6, data 602 to 608 are stored in the working memory (RAM) 23 as the execution result of the selection command. Data 602 stores information indicating the file selected by the selection command (the file name of the file being selected (DF name of DF)). The information stored in the data 602 is information (DF identification information including the DF name) indicating the file selected by the selection command.

  The data 603 stores information indicating a security status such as authority established by collation with an external device (IC card processing device). The data 604 stores information indicating a security status such as authority established by authentication with an external device. The data 605 stores information indicating a session key (key information) used in secure messaging as a security status. The data 606 stores a status (secure messaging execution condition) indicating whether or not secure messaging can be performed as a security status.

  The data 607 stores information (DF identification information including the DF name) indicating the DF (folder) that has been selected before performing the selection process by the selection command. Data 608 indicates FCI information of a DF (folder) that has been in a selected state before performing a selection process by a selection command.

Next, a first processing example for the selection command in the IC card 2 will be described.
FIG. 7 is a flowchart for explaining the flow of selection processing for a selection command in the IC card 2.
When receiving a command from the IC card processing apparatus 1, the control element 21 checks the format of the received command (step S702). If it is determined that the format of the received command is abnormal (step S702, NG), the control element 21 outputs a response indicating that the format of the command is abnormal as an error response (step S710). Exit.

  If it is determined that the format of the received command is normal (step S702, OK), the control element 21 checks the command parameter (step S703), and determines the processing content by the received command. For example, the control element 21 of the IC card 2 determines the type of the received command based on the received commands “CLA” and “INS”, and determines the processing content based on “P1”, “P2”, and “Data”. If it is determined that the parameter of the received command is abnormal (step S703, NG), the control element 21 outputs a response indicating that the parameter of the command is abnormal as an error response (step S710). Exit.

  Here, it is assumed that the IC card 2 has received a selection command for requesting selection of a certain DF from the IC card processing apparatus 1 by the communication unit 25. When a normal parameter selection command is received (step S703, OK), the control element 21 of the IC card 2 recognizes that the received command is a selection command based on the received commands “CLA” and “INS”. , “P1”, “P2”, and “Data” to start selecting processing for setting the DF designated by “Data”.

  As a selection process for the received selection command, the control element 21 performs a process of searching for a DF designated by the selection command (step S704). When determining that the designated DF does not exist in the data memory 22 (step S705, NO), the control element 21 outputs a response indicating that the file designated by the command does not exist as an error response (step S705). S710), the process ends.

  When the designated DF is detected (step S705, YES), the control element 21 performs a process of replacing the selected DF as a process of setting the designated DF to the selected state (step S706). That is, the control element 21 updates the selected DF as shown in FIG. 6 to deselect the currently selected DF and set the DF designated by the command to the selected state. .

  Such DF replacement processing is realized, for example, by updating information on the RAM 23 as shown in FIG. In the example shown in FIG. 6, the control element 21 updates the DF identification information to be selected in the data 602 indicating the DF in the selected state in the RAM 23 with the DF identification information designated by the selection command. The DF specified by the command is selected. In addition, the control element 21 writes the identification information of the DF that has been selected so far into the data 607 indicating the DF that has been selected before the selection process, so that the DF that has been selected is set to the non-selected state. To do. Furthermore, in the example illustrated in FIG. 6, the control element 21 writes the FCI information of the DF that was in the selected state before the selection process in the data 608.

  When the DF replacement process corresponding to the selection command is completed, the control element 21 determines whether or not the security status can be inherited even after replacement of the selected DF (step S707). In this first processing example, it is assumed that information indicating a DF as a security status inheritance source is stored in the FCI of each DF. In addition, a plurality of pieces of information (for example, DF names) indicating DFs as security status inheritance sources may be set in the FCI of each DF. Therefore, in the first processing example, when the DF replacement processing according to the selection command is completed, the control element 21 selects the DF that was in the selection state before the selection processing by the FCI of the DF that has been in the selection state. It is determined whether or not the security status established therein can be inherited (step S707). The control element 21 confirms whether the information indicating the DF as the security status inheritance source stored in the FCI of the DF in the selected state matches the DF in the selected state before the selection process.

  When the inheritance source of the security status in the FCI of the selected DF matches the DF that was selected before the selection process, that is, when it is determined that the security status can be inherited (YES in step S707). Then, the control element 21 performs security status inheritance processing based on the security status inheritance conditions stored in the FCI of the DF that has been selected (step S708). When the security status inheritance process ends, the control element 21 sets the FCI of the selected DF in the data part as a response to the received selection command, and completes the status part (SW1, SW2) normally. Create response data with the status shown. The control element 21 outputs the created response data to the IC card processing apparatus 1 (step S709), and ends the process.

  If the inheritance source of the security status in the FCI of the selected DF does not match the DF that was selected before the selection process, that is, if it is determined that the security status cannot be inherited (step S707, NO), the control element 21 invalidates the security status established before the selection process (for example, clears the data 603-606 in the RAM 23) (step S712). When the security status is invalidated, the control element 21 sets the FCI of the selected DF in the data part as a response to the received selection command, and indicates normal termination to the status part (SW1, SW2). Create response data with status set. The control element 21 outputs the created response data to the IC card processing apparatus 1 (step S709), and ends the process.

Next, a second processing example for the selection command in the IC card 2 will be described.
FIG. 8 is a flowchart for explaining the flow of the selection process for the selection command in the IC card 2.
When receiving a command from the IC card processing apparatus 1, the control element 21 checks the format of the received command (step S802). When it is determined that the format of the received command is abnormal (step S802, NG), the control element 21 outputs a response indicating that the format of the command is abnormal as an error response (step S810). Exit.

  If it is determined that the format of the received command is normal (step S802, OK), the control element 21 checks the command parameter (step S803) and determines the processing content by the received command. For example, the control element 21 of the IC card 2 determines the type of the received command based on the received commands “CLA” and “INS”, and determines the processing content based on “P1”, “P2”, and “Data”. If it is determined that the parameter of the received command is abnormal (step S803, NG), the control element 21 outputs a response indicating that the parameter of the command is abnormal as an error response (step S810). Exit.

  Here, it is assumed that the IC card 2 has received a selection command for requesting selection of a certain DF from the IC card processing apparatus 1 by the communication unit 25. When a normal parameter selection command is received (step S803, OK), the control element 21 of the IC card 2 recognizes that the command received by the received commands “CLA” and “INS” is a selection command. , “P1”, “P2”, and “Data” to start selecting processing for setting the DF designated by “Data”.

  As a selection process for the received selection command, the control element 21 performs a process of searching for a DF designated by the selection command (step S804). If it is determined that the specified DF does not exist in the data memory 22 (NO in step S805), the control element 21 outputs a response indicating that the file specified by the command does not exist as an error response (step S805). S810), the process ends.

  When the designated DF is detected (step S805, YES), the control element 21 performs a process of replacing the selected DF as a process of setting the designated DF (step S806). That is, the control element 21 updates the selected DF as shown in FIG. 6 to deselect the currently selected DF and set the DF designated by the command to the selected state. .

  Such DF replacement processing is realized, for example, by updating information on the RAM 23 as shown in FIG. In the example shown in FIG. 6, the control element 21 updates the DF identification information to be selected in the data 602 indicating the DF in the selected state in the RAM 23 with the DF identification information designated by the selection command. The DF specified by the command is selected. In addition, the control element 21 writes the identification information of the DF that has been selected so far into the data 607 indicating the DF that has been selected before the selection process, so that the DF that has been selected is set to the non-selected state. To do. Furthermore, in the example illustrated in FIG. 6, the control element 21 writes the FCI information of the DF that was in the selected state before the selection process in the data 608.

  When the DF replacement process corresponding to the selection command is completed, the control element 21 determines whether or not the security status can be inherited even after the selected DF is replaced (step S807). In this second processing example, it is assumed that information indicating the DF as the inheritance destination of the security status is stored in the FCI of each DF. In addition, a plurality of pieces of information (for example, DF name) indicating the DF as the inheritance destination of the security status may be set in the FCI of each DF. For this reason, in the second processing example, when the DF replacement process corresponding to the selection command is completed, the control element 21 uses the FCI of the DF that was in the selected state before the selection process even after the replacement of the selected DF. Then, it is determined whether or not the security status established during the selection of the DF that has been selected before the selection process can be inherited (step S807). The control element 21 checks whether or not the information indicating the DF as the inheritance destination of the security status stored in the FCI of the DF that has been selected before the selection process matches the DF that has been selected.

  When it is determined that the inheritance destination of the security status in the FCI of the DF that has been selected prior to the selection process matches the selected DF, that is, it is determined that the security status can be inherited (YES in step S807). The control element 21 performs a security status inheritance process based on the security status inheritance condition stored in the FCI of the DF that has been selected (step S808). When the security status inheritance process ends, the control element 21 sets the FCI of the selected DF in the data part as a response to the received selection command, and completes the status part (SW1, SW2) normally. Create response data with the status shown. The control element 21 outputs the created response data to the IC card processing apparatus 1 (step S809), and ends the process.

  If the inheritance source of the security status in the FCI of the selected DF does not match the DF that was selected before the selection process, that is, if it is determined that the security status cannot be inherited (step S807, NO), the control element 21 invalidates the security status established before the selection process (for example, clears the data 603-606 in the RAM 23) (step S812). When the security status is invalidated, the control element 21 sets the FCI of the selected DF in the data part as a response to the received selection command, and indicates normal termination to the status part (SW1, SW2). Create response data with status set. The control element 21 outputs the created response data to the IC card processing apparatus 1 (step S709), and ends the process.

  As described above, in the present embodiment, when a DF is replaced by executing a selection command, it is determined whether or not the security status of the IC card can be inherited based on information on inheritance of a preset security status. To do. If it is determined that inheritance is possible, the IC card inherits the security status that has been established even after the DF has been replaced.

  In addition, information regarding inheritance of security status is set in FCI as control information for DF. In the DF FCI, a DF (s) that is a security status inheritance source is designated, or a DF (s) that is a security status inheritance destination is designated. As a result, the security status can be shared even between DFs in the same hierarchy or the like, and the security status can be inherited even when the selection command is executed.

  In addition, inheritance conditions can be specified for inheritance of security status. For example, the inheritance condition of the security status can be set in the FCI of the DF. In addition, the security status to be inherited includes the status of whether or not secure messaging is enabled, the authority obtained by successful verification with the external device, and the verification with the external device. Authority to be used, a key used for secure messaging, or an execution condition of secure messaging.

Although several embodiments of the present invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.
Hereinafter, the description of the scope of the claims at the beginning of the application in the application (parent application) immediately before the division of the present application will be appended.
[1]
A communication means for performing data communication with an external device;
Data storage means for storing files managed in a hierarchical structure, folders that are upper layers of files, and information on inheritance of security status among a plurality of folders;
When a command requesting selection of the second folder is received by the communication means while the first folder is selected, the first folder is set to a non-selected state and the second folder designated by the command is selected. A selection means for setting a state;
Inheritance that inherits the security status established during selection of the first folder even during selection of the second folder when there is information to inherit the security status from the first folder to the second folder Means,
IC card having
[2]
The data storage unit stores information on inheritance of security status in the control information of each folder,
The inheriting means also sets the security status established during the selection of the first folder based on the information regarding the inheritance of the security status included in the control information of the second folder during the selection of the second folder. Inherit,
The IC card according to [1].
[3]
The data storage unit stores information indicating the inheritance source of the security status in the control information of each folder,
The inheritance means, when the control information of the second folder includes information that uses the first folder as a security status inheritance source, the inheritance means sets the security status established during selection of the first folder to the second folder. Inherit while selecting a folder,
The IC card according to [2].
[4]
The data storage unit stores information on inheritance of security status in the control information of each folder,
The inheriting means also sets the security status established during the selection of the first folder based on the information related to the inheritance of the security status included in the control information of the first folder even during the selection of the second folder. Inherit,
The IC card according to [1].
[5]
The data storage unit stores information indicating the inheritance destination of the security status in the control information of each folder,
The inheritance means, when the control information of the first folder includes information that uses the second folder as the inheritance destination of the security status, indicates the security status established while selecting the first folder. Inherit while selecting a folder,
The IC card according to [4].
[6]
The security status is an authority obtained by successful authentication or verification from an external device.
The IC card according to any one of [1] to [5].
[7]
The security status is a key used for secure messaging.
The IC card according to any one of [1] to [5].
[8]
The security status is a state of whether or not secure messaging can be performed.
The IC card according to any one of [1] to [5].
[9]
The inheritance means executes inheritance processing based on a security status inheritance condition included in the information on inheritance of the security status;
The IC card according to any one of [1] to [8].
[10]
A communication means for performing data communication with an external device, a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, a data storage means for storing information on inheritance of security status among a plurality of folders, When a command requesting selection of the second folder is received by the communication means while selecting one folder, the first folder is set to a non-selected state and the second folder specified by the command is selected. And selecting the second folder with the security status established during the selection of the first folder when there is information that inherits the security status from the first folder to the second folder. A module having inheritance means for inheriting inside,
A main body comprising the module;
IC card having
[11]
A communication means for performing data communication with an external device;
Data storage means for storing files managed in a hierarchical structure, folders that are upper layers of files, and information on inheritance of security status among a plurality of folders;
When a command requesting selection of the second folder is received by the communication means while the first folder is selected, the first folder is set to a non-selected state and the second folder designated by the command is selected. A selection means for setting a state;
Inheritance that inherits the security status established during selection of the first folder even during selection of the second folder when there is information to inherit the security status from the first folder to the second folder Means,
A portable electronic device.
[12]
A control method used for an IC card having a communication unit that performs data communication with an external device, and a data storage unit that stores a file managed in a hierarchical structure and a folder that is an upper layer of the file,
Information related to inheritance of security status between a plurality of folders is stored in the data storage means,
When a command requesting selection of the second folder is received while the first folder is being selected, the selection is made so that the first folder is not selected and the second folder specified by the command is selected. Process
If there is information that inherits the security status from the first folder to the second folder, the security status established while selecting the first folder is also inherited while selecting the second folder.
IC card control method.

  DESCRIPTION OF SYMBOLS 1 ... IC card processing apparatus (external device), 2 ... IC card (portable electronic device), 11 ... Control part, 12 ... Display, 13 ... Keyboard, 14 ... Card reader / writer, 15 ... Authentication information input part, B ... Main body, M ... IC module, 21 ... control element, 22 ... data memory (EEPROM), 23 ... working memory (RAM), 24 ... program memory (ROM), 25 ... communication unit.

Claims (12)

A communication means for performing data communication with an external device;
Data storage means for storing a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, and folder control information including information indicating the inheritance source of the security status;
A selection means for selecting a second folder designated by the command when a command requesting selection of the second folder is received by the communication means during selection of the first folder;
If the control information of the second folder stored in the data storage means includes information that uses the first folder as a security status inheritance source, the security status established while the first folder is selected is displayed. Inheritance means for inheriting to the second folder selected by the selection means;
IC card having A communication means for performing data communication with an external device;
Data storage means for storing a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, and folder control information that includes information indicating the inheritance destination of the security status;
A selection means for selecting a second folder designated by the command when a command requesting selection of the second folder is received by the communication means during selection of the first folder;
If the control information of the first folder stored in the data storage means includes information having the second folder as the inheritance destination of the security status, the security status established while selecting the first folder is displayed. Inheritance means for inheriting to the second folder selected by the selection means;
IC card having The security status is an authority obtained by successful authentication or verification from an external device.
The IC card according to any one of claims 1 and 2. The security status is a key used for secure messaging.
The IC card according to any one of claims 1 and 2. The security status is a state of whether or not secure messaging can be performed.
The IC card according to any one of claims 1 and 2. The inheritance means executes inheritance processing based on a security status inheritance condition included in the information on inheritance of the security status;
The IC card according to any one of claims 1 to 5. A communication means for performing data communication with an external device;
Data storage means for storing a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, and information on inheritance of a key used for secure messaging between a plurality of folders;
A selection means for selecting a second folder designated by the command when a command requesting selection of the second folder is received by the communication means during selection of the first folder;
If there is information in the data storage means that inherits a key used for secure messaging from the first folder to the second folder, the key used for secure messaging established during selection of the first folder is selected. Inheriting means for inheriting also to the second folder selected by means;
IC card having The data storage means further stores information on inheritance of authority obtained by successful authentication or verification from an external device,
The inheritance means inherits the authority to the second folder when there is information that inherits the authority from the first folder to the second folder.
The IC card according to claim 7. The data storage means further stores information relating to inheritance of a state as to whether or not secure messaging can be implemented;
The inheriting means determines whether the secure messaging can be performed or not when there is information that inherits the state of whether or not the secure messaging can be performed from the first folder to the second folder. Inherit to the second folder selected by the selection means;
The IC card according to any one of claims 7 and 8. Data storage means for storing communication means for performing data communication with an external device, files managed in a hierarchical structure, folders that are upper layers of files, and information relating to inheritance of keys used for secure messaging between a plurality of folders And selecting means for selecting the second folder designated by the command when the command for requesting selection of the second folder is received by the communication means while the first folder is selected, and the data When there is information in the storage means that inherits the key used for secure messaging from the first folder to the second folder, the key used for secure messaging established during selection of the first folder is selected by the selection means. Inheritance means for inheriting also to the selected second folder;
A main body comprising the module;
IC card having A communication means for performing data communication with an external device;
Data storage means for storing a file managed in a hierarchical structure, a folder that is an upper hierarchy of the file, and information on inheritance of a key used for secure messaging between a plurality of folders;
A selection means for selecting a second folder designated by the command when a command requesting selection of the second folder is received by the communication means during selection of the first folder;
If there is information in the data storage means that inherits a key used for secure messaging from the first folder to the second folder, the key used for secure messaging established during selection of the first folder is selected. Inheriting means for inheriting also to the second folder selected by means;
A portable electronic device. A control method used for an IC card having a communication unit that performs data communication with an external device, and a data storage unit that stores a file managed in a hierarchical structure and a folder that is an upper layer of the file,
Information related to inheritance of keys used for secure messaging between a plurality of folders is stored in the data storage means,
When a command requesting the selection of the second folder is received while the first folder is being selected, a selection process for selecting the second folder designated by the command is performed.
If there is information in the data storage means that inherits a key used for secure messaging from the first folder to the second folder, the key used for secure messaging established during selection of the first folder is selected. Inherited to the second folder,
IC card control method.