JP2002279379A - Memory control method of ic card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a memory control method of an IC card, capable of further reducing information to be controlled and effectively using the memory, when conrolling a memory area of the IC card. SOLUTION: The authorization of a subject with a memory area allocated is divided into the authorization common to all subjects and the authorization specific predetermined subjects, the common authorization is regulated as authorization rules common to all subjects, and the authorization specific to the predetermined subjects is stored individually as customized information in a control table. As a result, a large number of authorization rules, which have been stored in a duplicate manner are considerably reduced and the memory can be effectively used thereby. In addition, the man-hours for area-allocating procedures are also reduced, and the area allocation work can also be significantly simplified.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a memory management method for an IC card, and more particularly to a memory management method suitable for multi-applications.

[0002]

2. Description of the Related Art With the development of IC cards, there is a strong demand for the development of multi-applications in which a plurality of applications are mounted on one IC card. In this multi-application IC card, the effective use of the memory area is an important issue together with the development of a general-purpose OS. In other words, in the case of a multi-application, the memory is divided into a plurality of memory areas, an entity is assigned to each memory area, and authority is defined for each entity, so that management of each memory area is an important issue. ing. Further, when the memory area has a hierarchical structure having a plurality of sub-memory areas, the main body of the memory area is further increased, and many management tables are required for the management.

As a method of managing the memory of an IC card, a memory management method described in Japanese Patent Application Laid-Open No. 6-222980 is known. In this known memory management method, a directory that stores information for accessing the memory area, that is, a management table is set for each memory area, and the authority information of the entity assigned to each memory area is set for each entity. Each is stored in the directory.

[0004]

SUMMARY OF THE INVENTION In an IC card having a multi-application function in which a memory of an IC card is divided into a plurality of memory areas and a main body is assigned to each memory area, the memory is allocated to each memory area and a sub memory area. If the authority information of the subject is individually stored in each area management table, there is too much information to be managed, and a problem occurs that the table size required for the management table becomes too large. That is, since the memory capacity that can be mounted on the IC card is limited, an excessive amount of memory required for the management table becomes a major obstacle from the viewpoint of effective use of the memory. In addition, when storing applications, it is necessary to individually set the authority of each subject, which not only requires too much information to lend the memory area, but also increases the work for allocating the memory area. Would.

Accordingly, an object of the present invention is to manage a memory area of an IC card having a multi-application function, wherein information to be managed is further reduced, and an IC card memory management method capable of effectively using a memory. It is to realize.

Another object of the present invention is to provide a memory management method for an IC card which can further reduce the work of allocating a memory area.

[0007]

A memory management method for an IC card according to the present invention divides a memory into a plurality of memory areas,
A main body is assigned to each memory area, a management area is allocated to each memory area, and information necessary for accessing each memory area is stored in the management area for each memory area. In the memory management method for an IC card sharing a memory, a common authority is set as a common authority rule with respect to an authority of an entity assigned to the memory area, and an entity of a specific memory area is included in the common authority rule. If the user has the unique authority, the unique authority is stored in the management area as customization information.

An IC having a multi-application function
In the case of a card, since the area management information and the management information relating to the authority of the subject increase, it is important to reduce the management information. Therefore, in the present invention, the authority of a subject assigned to a memory area is divided into a right common to each subject and a right unique to a specific subject, and the right common to each subject is set as a common privilege rule. Then, it is stored in an authority management area different from the management table. Then, the authority unique to the specific subject is stored as customization information in the management table. In this way, by setting the common authority as one common authority rule, a large number of authority rules that have been conventionally stored in duplicate are greatly reduced,
As a result, the capacity of the management area of the IC card can be further reduced. Further, since only the authority unique to a specific subject that is not included in the common authority rule is stored in the management table, it is possible to avoid an increase in the table size of the management table. These effects become more remarkable as the number of applications mounted on the IC card increases.

By setting the common authority as described above, when one memory area has a hierarchical structure having a plurality of sub-memory areas, both the common authority and the common authority in the parent-child relationship are defined as the common authority rule as the authority management area. For example, in the case of a hierarchical structure in which one parent entity and a plurality of child entities exist, such as a relationship between a bank head office and a plurality of branches, the problem of overlappingly storing the authority of a child entity is solved. Thus, the effective use of the memory becomes more remarkable. Further, in the case of having a hierarchical structure, the hierarchical relationship, that is, the parent-child relationship
Since only D and child IDs need to be stored in the management table, the amount of information for displaying the hierarchical relationship is reduced.

[0010]

DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 is a diagram showing the configuration of a partial area of an IC card used for implementing a memory management method for an IC card according to the present invention. IC cards are
Memory 10 divided into a plurality of memory areas, area management unit 20 having a table of area management information for accessing each memory area, and authority information storing authority rules common to each memory area and sub-memory area It includes a management unit 30 and an instruction execution control unit 40 that controls execution of instructions.

In this example, it is assumed that the memory 10 is divided into four memory areas. And memory area 2
Has a hierarchical structure and two sub-memory areas 3 and 4. That is, the memory area 2 is divided into the sub memory areas 3 and 4
, And regions 3 and 4 are child regions lower than region 2.

The area management unit 20 stores, as management information, information for accessing each memory area and sub-memory area, and information regarding a parent-child relationship between the areas. FIG. 2 shows an example of this management information. As the management information, for example, the ID of the area, the parent ID in the case of a parent-child relationship, and the child I
D, subject ID, size of the area, free area, customization information including authority information unique to the subject, and the like.

The authority information management unit 30 stores, as a common authority rule, the authority common to the authority information of the subject assigned to each memory area and sub-memory area. This common authority rule can be defined as follows as an example. (A) Each subject can write information in a memory area or a sub-memory area allocated to itself or read information written in the sub-memory area. (B) Each subject cannot access another memory area unless a hierarchical relationship exists. (C) If there is a hierarchical relationship, the parent can read the information stored in the child sub-area, but is prohibited from writing the information. (D) If there is a hierarchical relationship, the child subject cannot read the information stored in the parent area.

The instruction execution control unit 40 performs execution control of area allocation, execution control of various instructions, authentication of a subject, execution control of customization, and the like.

Next, the procedure for allocating an area will be described with reference to FIG. In this example, it is assumed that an area is allocated to the sub area 4. First, an area allocation request is made. This area allocation request can include the area ID (4), the requested size, the parent ID (2), and the subject ID.
In response to this request, the execution control unit 40 checks the free area in the area 2 that is the parent area, subtracts the request size from the free area in the area 2, and if the request size is larger than the free area, Reject. If the requested size is smaller than the free area, an entry of the management information of the sub area 4 is generated in the management table. When setting the management information of the sub area 4, an ID, a parent ID, a child ID (but no child), a subject ID, a size (request size), an empty area, and the like of the area are set. In this way, by merely storing the parent ID, it is possible to have a hierarchical relationship with the area 2 and to indicate that it is a child area, and the procedure of area allocation is further simplified.

Next, with reference to FIG. 4, the execution control of the instruction for the sub-region 4 will be described. Execution control unit 40
Authenticates the entity that executes the command. Next, using the parent ID and the subject ID, the management table is searched for management information of the area ID targeted by the command. In this search, the subject ID of the parent area is searched using the parent ID, and then the subject ID is searched.
Is used to search the sub-memory area. Next, it checks with the authority information management unit 40 whether or not the instruction is an instruction corresponding to an entity defined as a common authority rule. If the instruction does not correspond to the subject, the execution of the instruction ends. In the case of an instruction corresponding to the subject, the instruction is executed on the sub-area 4.

As described above, according to the present invention, the authority of the subject is divided into the authority common to the subject assigned to each area and the authority unique to the specific subject which is not included in the common authority rule. The authority unique to a specific subject is stored in the corresponding area management information of the area management unit 20 as customization information. The customization setting procedure will be described with reference to FIG. For example, a part of the authority of the subject in the area 3 is set as a unique authority. When a customization request including the area ID (3) and the customization information is made, the customization information is written in the table of the area 3 of the management table stored in the area management unit 20 under the control of the execution control unit. When the area 3 is accessed, it is checked with reference to the written customization information whether this instruction request is included in the customization information.

Next, the execution of an instruction when customization information has been written will be described with reference to FIG.
In this example, it is assumed that an instruction for the sub area 3 is executed. When a command is input, the execution control unit 40 authenticates the subject of execution of the command. Next, the management table stored in the area management unit 20 is searched for management information of the area ID to be commanded. In this search, the parent ID of the parent area is searched from the parent ID included in the request using the parent ID (2), the subject ID (3), and the customization information, and then the sub area is searched using the subject ID (3). Search for. Next, referring to the customization information stored in the management table and the common authority information stored in the authority information management unit 30, it is checked whether the instruction is an instruction according to the subject. First, the customization information stored in the management table is checked, and if the instruction exists in the customization information, the instruction is executed. If it is not included in the customization information, the common authority rule stored in the authority information management unit is checked, and if the instruction is in accordance with the subject, the instruction is executed. If the order is not for the subject, the order is rejected.

[0019]

According to the present invention, the authority of a subject to which a memory area is allocated is divided into a privilege common to all subjects and a privilege unique to a specific subject, and the common privilege is shared by all subjects. Authorization rules are specified, and authorizations specific to a specific subject are individually stored as customization information in the management table. It can be used. Furthermore, the procedure for area allocation can be greatly simplified.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of an example of a partial area of an IC card for implementing an IC card memory management method according to the present invention.

FIG. 2 is a diagram showing an example of management information.

FIG. 3 is a diagram showing a procedure of an example of area allocation.

FIG. 4 is a diagram showing execution control of an accessed instruction.

FIG. 5 is a diagram showing a procedure for processing a customization request.

FIG. 6 is a diagram showing execution control of an instruction for a customized memory area.

[Explanation of symbols]

 Reference Signs List 10 memory 20 area management unit 30 authority information management unit 40 execution control unit

 ────────────────────────────────────────────────── ─── Continuing on the front page (72) Inventor Yuji Hiura 2-3-1 Otemachi, Chiyoda-ku, Tokyo F-term in Nippon Telegraph and Telephone Corporation (reference) 2C005 MB01 SA22 SA25 5B035 AA00 BB09 BC00 CA11 CA29 5B060 AA06 AA11

Claims (5)

[Claims] 1. A memory is divided into a plurality of memory areas,
A main body is assigned to each memory area, a management area is allocated to each memory area, and information necessary for accessing each memory area is stored in the management area for each memory area. In the memory management method for an IC card sharing a memory, the authority common to the authority of the subject assigned to the memory area is defined as an authority rule common to all the subjects, and the subject of a specific memory area is shared by the common subject. A memory management method for an IC card, characterized in that when having a unique right not included in the right rule, the unique right is stored as customization information in the management area. 2. At least one memory area of the memory area has one or more sub-memory areas having a hierarchical relationship, and the management area assigned to the memory area and the sub-memory area has a hierarchical structure. 2. The memory management method for an IC card according to claim 1, wherein the relationships are stored. 3. A parent ID and a child ID as the hierarchical relationship.
3. The memory management method for an IC card according to claim 2, wherein 4. A memory having one or more divided memory areas, at least one specific memory area having one or more sub-memory areas in a hierarchical relationship, and each memory An area management unit having a management area storing information for accessing the area and the sub memory area for each memory area and sub area, and a common authority for the authority of the subject assigned to the memory area and the sub memory area. An authority information management unit stored as a common authority rule, and an instruction execution control unit for controlling execution of an instruction, wherein a specific authority that a subject of a specific memory area or a sub memory area is not included in the common authority rule is included. In the case of having the specific authority, the unique authority is stored in the management area allocated to the memory area or the sub memory area of the area management unit, and the hierarchical relationship is stored. An IC card system for storing a hierarchical relationship between a memory area and a sub-memory area in a management area of the area management unit. 5. When any one of the memory areas or the sub-memory areas is accessed, the customization information stored in the management area and the common authority rule stored in the authority information management unit are referred to. The method according to claim 4, wherein the validity of the access is determined by using
C card system.