JP2002216081A - Method for controlling ic card data browsing, information terminal equipment, computer program and server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To safely browse data in an IC card even at the time of the off-line of information terminal equipment. SOLUTION: The user of a mobile device (information terminal equipment) downloads an enciphered viewer script 90 for browsing data in an IC card built in or mounted on the mobile device from a server. This encipherment is performed based on a PIN(personal identity number) inputted by a user. The mobile device receives the compressed and enciphered viewer script 90, and stores the enciphered viewer script 90 in a non-volatile memory 14 as it is. Thereafter, at the time of browsing the IC card data off-line, a viewer script 93 obtained by decoding and defrosting the viewer script 90 based on the inputted PIN is analyzed and executed by a viewer engine so that a standard HTML(hypertext makeup language) document 95 can be generated. Immediately after the HTML document 95 is generated, the scripts 93 (and 91) are erased. The HTML document 95 is displayed at a display by a normal browser function.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an information terminal device, and more particularly to an information terminal device having an IC card function, an IC card data browsing control method, and a computer program.

[0002]

2. Description of the Related Art Generally, an IC card is obtained by embedding an IC (integrated circuit) in a plastic card.
It is expected to be widely used in the future because of its superior storage capacity and security compared to magnetic cards.

[0003] IC cards are roughly classified into contact-type and non-contact-type according to the usage form. The contact type is used by being inserted or installed inside the device and making electrical and mechanical contact with the device. On the other hand, the non-contact type is designed so that data can be transmitted and received between the outside and the other device by wireless communication such as electromagnetic waves.

[0004]

If such a contact-type or non-contact-type IC card itself or its function is mounted on a portable information terminal device (hereinafter, also simply referred to as a mobile device) such as a portable telephone. This makes it possible to extend the functions of the mobile device, and it is convenient to browse the information held in the IC card using the display of the mobile device. Further, the inconvenience of carrying the mobile device and the IC card separately is also eliminated.

However, when managing value-added information on the memory of a mobile device equipped with an IC card function,
In the Viewer function for browsing the contents of the memory, it is indispensable to secure security such as preventing illegal browsing by the finder and falsification of the display. Here, the value-added information is information stored in the IC card, and is data representing a balance or the like in the use of electronic money. Such information is referred to as a Bit Value as described later in this specification.

[0006] Due to the characteristics of the wireless communication means of a mobile device, authentication via a network (communication network) with a server or the like is not always available due to out-of-service or connection failure. You need a viewer function to access the value.

[0007] Further, the IC card function is in the direction of multi-service in which one IC card is shared for a plurality of services, and a new viewer function suitable for a new service is additionally obtained from a network after purchasing a mobile device. It is necessary. In such a case, it is necessary to guarantee the legitimacy of the viewer function downloaded for each service and to prevent the operation of illegally using the resources of the mobile device.

[0008] MULTOS (trademark) and JavaCard
(Trademarks) and other mechanisms that put programs in IC cards and execute them have also appeared, but fringe (peripheral) data (images, sounds, texts, etc., described below) related to the viewer function is being converted to multimedia. In the case of enlargement, it is unlikely that the capacity of the IC card will continue to satisfy the demand, and a mechanism for managing bit value and fringe data over a plurality of storage media will be required as a viewer function.

The present invention has been made in view of such a background, and an object thereof is to provide an IC card data browsing control method, an information terminal device, a computer program, and a server for safely browsing data in an IC card. Is to do.

[0010] Another object of the present invention is to provide an IC card data browsing control method, an information terminal device, and a computer capable of browsing data accompanying data in an IC card without increasing the amount of data in the IC card. To provide a program.

[0011]

According to the present invention, there is provided an IC card data browsing control method in an information terminal device capable of utilizing an IC card function by incorporating or mounting an IC card.
A method for controlling browsing of data in a C card, comprising the steps of: reading, from a storage device, an encrypted viewer script defining a display format for reading at least the data in the IC card and displaying the data together with other display data; Reading, decrypting the read viewer script, interpreting the decrypted viewer script, and interpreting the I
Reading the data in the C card and generating a markup language document in which the data is embedded; erasing the decrypted viewer script immediately after generating the markup language document; Displaying the document on a display of the information terminal device.

In accordance with the viewer script, a viewer engine as display control means, which will be described later, reads out data in the IC card and determines a display format for browsing in a display format suitable for presentation to a user. is there. Since the viewer script is stored in the storage device in the information terminal device while being encrypted, unauthorized viewing of the script itself is prevented. In addition, the decrypted viewer script is deleted immediately after the display markup language document is generated based on the decrypted viewer script, so that the viewer script is prevented from being illegally accessed.

The viewer script is described in, for example, a markup language including extended tags. This makes it possible to define in advance a desired operation of data in the IC card and the like.

The viewer script can be downloaded from an external device to the storage device via a network. At that time, the user is requested to input personal identification information prior to the download, a viewer script encrypted by the server based on the personal identification information is received, and when browsing data in the IC card, the user is asked to input the personal identification information. Preferably, the input is requested, and in the decrypting step, the viewer script is decrypted based on the input password information. Thus, only the user himself / herself can safely use the viewer script without storing the password information in any device.

In the step of generating a markup language document, when data in a storage medium other than the IC card in the information terminal device is specified in the viewer script, the data is read and the markup language document is read. Or a link to the data can be set. As a result, a storage medium in the information terminal device other than the ICC card can be effectively used as a data storage area associated with the IC card function.

According to the present invention, there is provided an information terminal device capable of utilizing an IC card function by incorporating or mounting an IC card, and a display for displaying a text or an image, and displaying data stored in the IC card on the display. A display control means for reading out data in the IC card and storing an encrypted viewer script which defines a display format for display together with other display data. Is
Reading and decrypting the encrypted viewer script from the storage device, interpreting the decrypted viewer script, reading data in the IC card according to the viewer script, and embedding the data in a markup language; Generating a document, deleting the decrypted viewer script immediately after the generation of the markup language document, and displaying the generated markup language document on the display.

The present invention also provides a computer program for executing the IC card data browsing control method, and
We will also charge for a server that provides the viewer script via a network.

[0018]

Embodiments of the present invention will be described below in detail with reference to the drawings.

(1) System Configuration FIG. 1 is a block diagram showing a schematic configuration of an IC card function utilization system according to the present invention. This system is
A mobile device 100, a service provider 200 connected to the mobile device 100 via a network, which is located in a cyber world such as the Internet, and an IC card in the mobile device 100 connected via a wireless interface;
An IC card compatible device 300 in the real world. In this specification, a mobile device refers to a mobile phone having wireless communication means or a PDA (Personal) which can be equipped with wireless / wired (via a modem or the like) detachable communication means.
Digital Assistant), a portable information terminal such as a game machine, particularly a device provided with a display device.

In FIG. 1, a mobile device 100 has a liquid crystal display (LCD) 10 as a display device for displaying text, images, and the like under the control of a central processing unit (CPU) 15 which controls the entire operation. An operation key unit (input means) 11 for receiving an input of a PIN or the like described later, a memory (RAM) 12 for temporarily storing programs and data and providing a work area by the CPU 15, and a fixed such as a viewer engine described later Memory (MEM) 1 as a writable non-volatile memory for storing data such as fringe data to be described later, which stores a typical control program and data.
4, and an RF unit 17 for performing wireless communication with the service provider 200 via a base station (not shown)
(Download means). The mobile device 100 further includes an IC card (ICC) 20. This ICC2
0 is a USIM (Us Usable) used in a GSM digital cellular system in addition to a general IC card.
er Subscriber Identity Module) and a flash memory. Further, it may be a form that can be attached to and detached from the mobile device, or a device that is fixedly mounted inside the mobile device. Furthermore, I, especially in the latter case,
The form of the CC 20 does not necessarily need to be in the form of a “card”, but may be any functional unit that is provided fixedly inside the mobile device 100 and realizes an IC card function.

The ICC 20 according to the present embodiment includes a dedicated CPU 21 and a flash memory (MEM) 2 which is a nonvolatile memory for storing bit values and programs.
2. Antenna for wireless communication of non-contact type IC card
4 and a reader / writer (R / W) module 23 for exchanging data (including bit value) with an external ICC 31 or IC card compatible device 300 having the same configuration via the antenna 24, It has an interface that does not. The antenna 24 is connected to the mobile device 10.
0 is different from the antenna for mobile communication.
The antenna of mobile device 100 is included in RF unit 17 in FIG.

Note that the bit value in this specification refers to value information such as electronic money and electronic tickets read and written by the CPU 15 and the R / W module 21, credit card information, and various types of media data such as texts and images. Is a generic term for These various types of information can have security attributes that can selectively control the read / write authority.

Service Provider 20 on Cyber World
0 provides a service related to a predetermined application to the mobile device 100, and provides a predetermined content 43 to the mobile device 100 via the RF unit 41.
The content also includes a viewer script (described later) relating to the application.

IC card compatible device 300 in the real world
Is an automatic ticket gate at a railway station that can use commuter pass data stored in an IC card, for example.
It is a terminal device in a real shop where electronic money stored in a card can be used. In the figure, the IC card compatible device 3
Reference numeral 00 includes a processing unit 53 that performs a predetermined process according to the function of the device, and a reader / writer (R / W) module 51 that performs wireless communication with an external ICC.

In some cases, the present system may use an IC
The card corresponding device 300 may be omitted. If the script can be obtained from a service provider other than 200,
It is also conceivable that the service provider 200 is missing.

(2) Service Model As a service model using ICC, which is a premise of the present invention, the following can be considered. The circled number of each service model corresponds to the flow of bit value between the double arrows with circled numbers shown in FIG. A service that directly uses the bit value in the ICC in the mobile device. In the form of using bit value in the real world, payment of electronic money to a store R / W terminal,
The use of commuter pass value in railway ticket gates and the like is conceivable. A service that replenishes bit value from service providers via networks such as the Internet and uses bit value in the cyber world. Online shopping and replenishment of electronic money are possible. A viewer service for bit values stored in the ICC in the mobile device. Use such as checking the balance of electronic money and the expiration date of the commuter pass value on a display screen is conceivable. A service that supplements the bit value from the service provider to the ICC outside the mobile device. A viewer service by a mobile device for a bit value stored in an ICC outside the mobile device.

The combination of the mobile device and the ICC, which was conventionally limited to a single service initially provided in the ICC, can be changed by a single ICC by connecting with various service providers. Of the application can be realized. In particular, when considering the service model of
A service for an ICC outside the mobile device having the same interface other than the ICC mounted on the mobile device and beyond the range of the issuer of the mobile device is also conceivable. ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 3ofoften, the mutual authentication between the mobile device and the service provider of the cyber world or the real world R / W module
After securing a secure communication path, bit value operations can be performed within the range of the conventional technology.

FIG. 2 shows a configuration of the mobile device 100 as viewed from a functional aspect.

The mobile station resources and the IC are provided so that the viewer program introduced from the outside does not illegally use the resources of the mobile station or take out the bit value to the outside.
The viewer engine 63 that directly operates the bit value in C and the declaratively described viewer scripts 61a to 61d (to be collectively referred to as 61) interpreted and executed by the viewer engine 63 are clearly distinguished. In the present specification, a viewer script defines at least a display format for reading data in the IC card and displaying the read data together with other display data. It is a document written in a language. Since the content of the program for realizing the viewer engine 63 is fixed, it can be stored in the ROM 13. On the other hand, since the viewer script 61 is added afterward to the mobile device, it is stored in a flash memory which is a rewritable nonvolatile memory. However, the viewer script of the application provided in the mobile device from the beginning may be initially stored in the ROM 13. Conversely, the viewer engine 63 may be stored in the flash memory in order to cope with the version upgrade or the like.

The mobile station also has an ICC application programming interface (ICCAP).
I) 65, security engine 67, communication module 69, user interface (UI) 71, mobile device O
An S (Operationg System) 75, an ICC reader / writer 77, an ICC 79, and mobile device hardware 81 are provided.
The security engine 67 uses a PIN (Personal Ident
ity Number), encryption (crypt), and authentication. In this embodiment, the communication module 69 supports communication using the TCP / IP protocol and encryption communication protocol using SSL. A user interface unit (UI) 71 controls an interface between the user and the mobile device, such as a screen display of the LCD 10 and key input by the operation key unit 11. The mobile device OS 75 has a CP
This is a basic control program of the mobile device 100 that functions on U15. The ICC reader / writer 77 is a part that reads and writes the ICC 79, and corresponds to a part of the ICC 20 in FIG. The mobile device hardware 81 is various types of hardware of the mobile device 100.

The operation of this embodiment will be described below.

(3) Safe Viewer Operation The above service model is a service form specific to a mobile device, and the mobile device must be operated in a disconnected state from the service provider 200 or the R / W module 51 in the real world. Must. (In this specification, a state in which the ICC is in communication with an external device regardless of the cyber world or the real world is called an online state, and a state in which the ICC is not connected to an external device is called an offline state.)
A viewer program for browsing data in the CC and its execution must be secured. In the present embodiment, in order to realize this, the viewer program takes (a) a secure description format, (b) is securely installed on the mobile device, and (c)
Runs in a secure environment.

(A) Secure description format of viewer program As described above, in the present invention, the viewer program is used to directly operate the mobile device resources and the bit value, and a declaration interpreted and executed by the viewer engine 63. This is separated from the viewer script described in a general manner (see FIG. 2), and only the viewer script 61 is supplied from a service provider or the like via a network. Viewer script 61 is HTML
(HyperText Markup Language) or other general expression description of a markup language, and has no function of accessing the resources of the mobile station itself. By describing the logical location of the bit value on the mobile device, the read target, the processing method of the read bit value, and the like in the viewer script, the viewer engine 63 searches for the bit value and calculates the value as necessary. And the like to generate an HTML document in which the obtained bit value is embedded. The extension of the markup language is a so-called tag extension, and a new function is added by introducing a new tag. The viewer engine 63 is configured to interpret and execute these new tags so as to achieve the function. The extension of the tag will be described later with a specific example. As described above, the viewer script 61 cannot perform more operations on ICC data than can be realized by the prepared tag group. The secure management of the viewer script and the extended HTML document in the mobile device will be described later.

(B) Secure installation of the viewer script When obtaining the viewer script 61 from the service provider, as shown in FIG. 3, first, in response to a user's instruction operation (S10), the mobile device connects to the service provider. , Mutual authentication is performed by a known method such as SSL (Secure Socket Layer) or the like to establish a secure communication path (S21).
Thereafter, the mobile device requests the user to input a PIN as personal identification information and accepts the input (S1).
1). The PIN is, for example, a number having a predetermined number of digits or a combination with a number, a character, or a symbol. The PIN entered by the user is sent to the service provider. In response, the service provider generates a prepared viewer script corresponding to the requested service (application) and necessary fringe data (these are called viewer script packages),
After the compression, this is encrypted with the PIN provided by the user (S22). However, compression is not essential in the present invention. The encrypted viewer script package is transmitted to the mobile device. In the mobile device, an IC stored in a flash memory (MEM) 14 which is a non-volatile memory and also prepared in the flash memory 14
In a new entry in the C control information table 80 (see FIG. 6), a service ID 81, a viewer script (pointer) 83, and fringe data 84 are stored as a set (S12).

FIG. 4 shows a viewer script package 8.
2 shows a schematic configuration. Viewer Script Package 8
2 includes a service ID 81, a viewer script 83, and fringe data groups 84a, b, c,... Attached to the application corresponding to the viewer script 83.
Consists of For example, in the case of an electronic ticket, the fringe data is information such as a venue name, a seat number, and the like, which require relatively little security. Gate IDs for gateways requiring high security are stored in the ICC.
Although the fringe data is used together with the viewer script at the time of display, the fringe data is not always downloaded together with the viewer script.

Here, with reference to FIG. 5, the encryption at the time of transferring the viewer script package from the server of the service provider to the mobile device will be described. Although any encryption means can be used for the encryption, for example, a known public key encryption technique or the like can be used. The PIN 99 input by the user at the mobile device is transmitted to the server,
The server compresses and encrypts the script 83 to be transmitted based on this PIN, and
Generate 0. On the other hand, the server generates the collation information 96 based on the script 83 by using a known hashing algorithm or the like. Encrypted script 90
And the collation information 96 are transmitted from the server to the mobile device. Since the script is encrypted, even if the transfer contents are intercepted, the possibility of recognizing the contents is extremely low.
The mobile device receives these and stores them in the nonvolatile memory.
Note that the verification information may also be encrypted.

Thereafter, the mobile device is set off-line to the IC
At the time of executing the script for controlling the browsing of the data in C, the user is again required to input the same PIN 99 used at the time of the script request, and the script 90 encrypted by the PIN 99 is decrypted. If the PIN is different from the previous PIN 99, the script cannot be decrypted. Therefore, only the user who knows the correct PIN can use the viewer of the script. In addition, collation information 98 is generated from the decrypted script 83 in the same manner as the collation information 96 performed on the server side, and the collation information 98 is collated with the collation information 96 received from the server. Check that they match. Since the script 90 is encrypted, it cannot be seen by a third party, but the possibility of tampering remains. However, by checking the matching of the collation information 96, 98, it is possible to confirm that the script 83 prepared in the server has not been tampered with during or after the transfer to the mobile device.

In this way, the confidentiality and integrity of the viewer script and fringe data transferred from the server to the mobile device are guaranteed. Further, since the viewer script and the fringe data received by the mobile device are managed in an encrypted state on the nonvolatile memory, an unauthorized user cannot decrypt and execute the viewer script.

(C) Safe execution of the viewer script FIG. 6 schematically shows the storage and movement of data in the mobile device under the control of the CPU 15 (FIG. 1) in the mobile device. FIG. 7 shows an operation model of the viewer engine 63 (FIG. 2).

As described above, the viewer script is interpreted and executed by the viewer engine. As shown in FIG. 7, when the viewer is started off-line, the user is requested to enter a PIN (S31), and the viewer engine operates the encrypted viewer script 90 (actually, the non-volatile memory 14). The viewer script package is decrypted with the PIN (S32), and is expanded in the RAM 12 (FIG. 6). In the figure, the encryption is indicated by hatching for convenience. In order to increase the strength of personal authentication, authentication using other password information using biometric technology such as a fingerprint, iris, voice, and face image may be used in addition to the PIN. After the decrypted viewer script 91 is decompressed and decompressed (S33), the viewer engine analyzes the tag structure and, based on the analysis result, IC
Complete HTML from bit value reading from C, operation, character string manipulation (concatenation of characters, repetition of specified number of times, mutual data type conversion between text and numeric values, etc.)
A document is generated on the RAM 12 (S34) (FIG. 6)
). The fringe data in the non-volatile memory 14 is correctly embedded in the HTML document by the viewer engine,
Or L (see FIG. 6) of a mobile device such as an LCD.
It is displayed on the CD 10 (FIG. 6). After the HTML document is generated on the RAM 12, the decrypted viewer scripts 91 and 93 are immediately deleted from the RAM 12 (S35). Therefore, the scripts 91 and 93 are instantaneously present in the mobile device, and it is extremely difficult to illegally browse or retrieve them.

The viewer engine can set various security policies for mobile device resources or bit values, thereby restricting various operations of the mobile device, such as reading and writing and communication functions for bit values.

Next, FIG. 8, FIG. 9, and FIG. 10 show an example of a viewer script (FIG. 8) for browsing the bit value in the ICC for the electronic money application of the ICC, which is generated based on the viewer script. An example of the HTML document (FIG. 9) and an example of the display screen of the HTML document (FIG. 10) will be described. However, this is only to help understanding of the present invention, and is not intended to limit the present invention.

The viewer script in FIG. 8 uses the extended tag “<＄...>”.
This is an ML document. Therefore, the data amount of the viewer script is considered to be relatively small, depending on the application. As a result, a relatively large number of viewer scripts can be incorporated even within the limited storage capacity of the terminal device. The viewer engine performs a process corresponding to the extended tag information, and delivers the generated HTML document to the web browser. This web browser may be a browser that browses a standard HTML document. Of course,
The viewer engine may have the function of a web browser.

In FIG. 8, a description 800 provided in the HTML header is a portion of an extension tag that defines the storage location, size, structure, data type, and the like of various data as bit values in the ICC. . Specifically, the description 801 therein defines a service ID (this is an example of electronic money), an ICC address of the balance of electronic money in the ICC, the number of blocks, and a data type. The description 802 includes a service ID and an IC of an expiration date of electronic money.
The address in C, the number of blocks, the number of bytes of year, month and day, and the data type are defined. The description 803 specifies a data name (file name) of image information as fringe data. By including the service ID for the data in the ICC as described above, when the viewer engine executes the viewer script, the service ID attached to the script package is compared with the service ID described in the script. Can be used as a condition for execution. Thereby, the possibility that the data area in the ICC of another service can be read can be reduced. In the HTML body, the I defined in the header
Various data in CC are referenced where necessary. For example, the description 805 refers to the balance and instructs to convert bit value data into a character string and embed the character string at that position. The description 806 refers to the expiration date, performs an operation (subtraction) for converting the year data from the Christian calendar to the Japanese calendar, and instructs to embed each date data in the corresponding position. The description 805 is shown in FIG.
901 shows that a specific balance (10,000 yen) in the ICC is embedded in a position (a variable position) where the tag exists in the corresponding sentence. As for the description 806 in FIG. 8, the specific date read from the ICC, January 31, 2001 (the actual description format in the ICC is not limited to this) is read out. Then, as shown in the description 902 of FIG. 9, after the year data is converted to 2001, it is embedded in the corresponding position of the corresponding sentence. Further, as for the description 807, as shown in the description 903 of FIG. 9, the file of the image information is embedded as an inline image. Of course, instead of using an inline image, it is also possible to embed in a link format using an anchor tag. What kind of fringe data is embedded or linked can be automatically determined, for example, based on the content type of the fringe data.

When the viewer script of FIG. 8 is interpreted and executed by the viewer engine, a screen as shown in FIG. 10 is displayed on the display. From this figure, it can be seen that the read balance in the ICC, the expiration date, and the inline image 911 as fringe data are displayed in a form embedded in the template document.

Finally, the effects of the present embodiment will be summarized below. (1) Since the viewer script is transferred from the service provider in an encrypted state, it is possible to prevent the contents from being stolen during the transfer. In addition, since it is stored as encrypted in the information terminal and decrypted and executed only when personal authentication using personal identification information such as a PIN is successful, it is possible to prevent an unauthorized user from executing a script. Can be. Further, by using the collation information, it is possible to check for falsification of the viewer script. (2) Since the personal identification information (PIN) does not need to be stored anywhere in the information terminal, the server, or the like, there is no possibility that the personal identification information (PIN) is illegally read. (3) Since the decrypted (and decompressed) viewer script finishes execution and is immediately deleted from the RAM based on which the target HTML document is generated, the decrypted viewer script is saved as a file. It cannot be browsed, and information such as the storage location of the bit value is not leaked or inferred. (4) The viewer script is clearly distinguished from the viewer engine and is interpreted and executed by the viewer engine. Therefore, the viewer script cannot add or rewrite the function of the viewer engine. Therefore, an unauthorized viewer script can prohibit or suppress the act of illegally reading and writing information terminal resources such as files, screens, communication and call functions, and taking them out via a network. (5) Methods and procedures for accessing bit values existing on different storage media such as an IC card, USIM, and flash memory are hidden in the viewer engine. (6) As described above, since multiple security protection measures are taken, unauthorized access to, or browsing of, the bit value value in the information terminal such as IC card data is strongly prevented. (7) Since the viewer script is distinguished from the viewer engine, it is only necessary to add the viewer script for browsing the ICC data when adding the application to the ICC. The size of the script is relatively small. (8) Since the viewer script is supplied from the service provider via the network, the updated script can be downloaded at any time according to the bit value, the change of the script, the expiration date, and the like. (9) Since the viewer script is a format in which a general markup language such as HTML or WML is extended, it can be learned, produced, and easily modified at low cost. In addition, the reading and calculation of the bit value can be embedded as an extension tag in the viewer script, and the bit value value can be dynamically searched, calculated and displayed offline. (10) Since the viewer engine generates a document corresponding to the unextended markup language as a result of executing the script, it can be displayed and operated as it is on a normal browser of the information terminal. (11) Various types of fringe data such as text (Text), music (Music), and images (Graphics) are associated with the bit value, and in an HTML document generated by the viewer engine, the fringe data stored in the information terminal is used. Embedding and link settings are also resolved and can be displayed and played. That is, such fringe data need not be stored in the IC card, but may be stored in another storage medium in the information terminal.

Although the preferred embodiment of the present invention has been described above, various modifications and changes other than those described above are possible. For example, in the above description, the distinction between the own ICC and the ICC of another person is not described, but this is a problem of the authentication of the information terminal (including the viewer) and the ICC, and can be separately dealt with. For example, each ICC
May be used together with the PIN to encrypt and decrypt both data. The card ID can be automatically read from the ICC by the mobile device when necessary.

[0048]

According to the present invention, when an IC card function is added to an information terminal having a display, illegal browsing and display falsification by a finder can be prevented, and browsing of data in the IC card can be prevented even when offline. It is possible to perform the operation safely, and it is possible to eliminate a problem in the spread of the information terminal with the IC card function. Further, by combining the data in the storage medium in the information terminal with the memory in the IC card so that the data can be browsed, the data storage capacity of the IC card can be complemented.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a schematic configuration of an IC card function utilization system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of the mobile device shown in FIG. 1 from a functional aspect.

FIG. 3 is a diagram showing a procedure for installing a viewer script according to the embodiment of the present invention.

FIG. 4 is a diagram showing a schematic configuration of a viewer script package according to the embodiment of the present invention.

FIG. 5 is an explanatory diagram of encryption at the time of transferring a viewer script package according to the embodiment of the present invention.

FIG. 6 is a diagram schematically showing storage and movement of data in the mobile device according to the embodiment of the present invention.

FIG. 7 is a diagram showing an operation model of a viewer engine (FIG. 2) in the embodiment of the present invention.

FIG. 8 is a diagram illustrating an example of a viewer script when browsing a bit value in ICC for an electronic money application of ICC.

FIG. 9 is a diagram illustrating an example of an HTML document generated based on the viewer script of FIG. 8;

FIG. 10 is a diagram illustrating an example of a display screen of the HTML document in FIG. 9;

[Explanation of symbols]

10: display (LCD), 11: operation keys, 12
... RAM, 13 ... ROM, 14 ... Flash memory (M
EM), 15 CPU, 17 RF unit, 20 IC card (ICC), 21 CPU, 22 flash memory (MEM), 23 reader / writer module (R /
W), 24: Antenna (ANT), 31: IC card (ICC), 41: RF unit, 43: Content (CN)
T), 51 ... Reader / writer module (R / W), 5
3. Processing unit.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 17/60 242 G06F 17/60 432A 432 9/06 650D H04L 9/32 H04L 9/00 673A F term ( Reference) 2C005 MA05 NA02 NA06 5B019 DB10 HF10 JA10 5B058 CA23 CA25 CA27 KA06 5B076 BB06 5J104 AA07 KA01 NA05

Claims (14)

[Claims] 1. A method for controlling browsing of data in an IC card in an information terminal device having a built-in or mounted IC card and capable of using an IC card function, the method comprising: reading at least the data in the IC card; Reading an encrypted viewer script from a storage device that defines a display format to be displayed together with the display data, decrypting the read viewer script, and interpreting the decrypted viewer script. Reading the data in the IC card in accordance with the viewer script to generate a markup language document in which the data is embedded, and erasing the decrypted viewer script immediately after the generation of the markup language document. An information terminal IC card data browsing control method characterized by comprising the step of displaying on a location of the display, the. 2. The IC card data browsing control method according to claim 1, wherein the viewer script is described in a markup language including an extended tag. 3. A step of downloading the viewer script from the outside to the storage device via a network, a step of requesting a user to input password information prior to the download, and encrypting the password by the server based on the password information. Receiving the received viewer script, and requesting the user to input the password when browsing the data in the IC card. In the decoding, the decryption is performed based on the input password. 2. The IC card data browsing control method according to claim 1, wherein the script is decrypted. 4. A step of generating a markup language document, wherein when data in a storage medium other than an IC card in the information terminal device is specified in the viewer script, the data is read out and the markup is performed. 2. The IC card data browsing control method according to claim 1, wherein the method is embedded in a language document or a link to the data is set. 5. An information terminal device capable of using an IC card function by incorporating or mounting an IC card, wherein a display for displaying a text or an image, and data stored in the IC card are displayed on the display. A display control means for reading the data in the IC card and storing a encrypted viewer script that defines a display format for displaying the data together with other display data. Means for reading and decrypting the encrypted viewer script from the storage device, interpreting the decrypted viewer script, reading data in the IC card according to the viewer script, and embedding the data. Generate a markup language document, and then Wherein erases the decoded viewer script, the information terminal apparatus and displaying the generated markup language document on the display. 6. The information terminal device according to claim 5, wherein said viewer script is described in a markup language including an extended tag. 7. The information according to claim 5, wherein said display control means includes a download means for accessing a network for loading said viewer script from outside and downloading said viewer script from a server via said network. Terminal device. 8. An input means for receiving an input of personal identification information from a user at the time of said download and at said decryption, wherein said viewer script is encrypted by said personal identification information at said server, and said personal identification information is encoded at an information terminal device. The information terminal device according to claim 7, wherein the information terminal device is decoded by the following. 9. A wireless communication device for performing wireless communication with an external IC card, wherein the display control device is configured to execute the viewer script for data in the external IC card obtained via the wireless communication device. 6. A markup language document is generated based on the information, and is displayed on the display.
Information terminal device as described in the above. 10. A means for performing wireless communication with an external IC card compatible device, and means for reading and writing data in the IC card through the means for communicating with the IC card compatible device. The information terminal device according to claim 5, further comprising: 11. A computer program for controlling browsing of data in an IC card in an information terminal device having a built-in or mounted IC card and capable of using an IC card function, wherein at least data in the IC card is stored. A step of reading an encrypted viewer script from a storage device, the display script defining a display format to be read and displayed together with other display data; a step of decoding the read viewer script; and a step of decoding the decrypted viewer script. Reading the data in the IC card in accordance with the viewer script and generating a markup language document in which the data is embedded, and immediately deleting the decrypted viewer script immediately after the generation of the markup language document Steps to perform and Computer program. 12. The method according to claim 12, further comprising: downloading the viewer script from the outside to the storage device via a network; requesting a user to input password information prior to the download; and encrypting the password by the server based on the password information. Receiving the encrypted viewer script; and requesting the user to input the password when browsing the data in the IC card. In the decoding, the decryption is performed based on the input password. The computer program according to claim 11, wherein the viewer program is decrypted. 13. In the step of generating a markup language document, when data in a storage medium other than the IC card is specified in the viewer script, the data is read and embedded in the markup language document. 12. The computer program according to claim 11, wherein a link to the data is set. 14. A display format for reading at least data in the IC card and displaying it together with other display data for an information terminal device which can use an IC card function by incorporating or mounting an IC card. Was
A server for providing an encrypted viewer script via a network, comprising: receiving a viewer script download request from the information terminal device, requesting input of password information, and based on the input password information. A server for encrypting the viewer script and transmitting the encrypted viewer script to the information terminal device.