JP2002324213A - Method and system for loading application program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem that there is possibility that the unauthorized loading of a card program on a card is executed by a program load organization since it is possible to freely copy a loading license for loading the card program in a conventional technology. SOLUTION: In this method for loading an application program, a load terminal for providing an application program to a portable information storage medium for a user receives a request for the loading of the application program, and acquires a public key which is previously stored in the portable information storage medium for the user, and transmits acquisition request information for acquiring the use license of the application program whose loading is requested and the public key to a program load server. The program load server for managing an formation storage medium for management in which the use license for permitting the use of the application program is stored instructs the information storage medium for management to encipher the use license by using the transmitted public key, and transmits the use license enciphered by the information storage medium for management to the load terminal.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and a system for loading an application program onto an IC card, and more particularly to a method and system for loading, storing, and using an application program on an IC card, which has a valid authority. The present invention relates to a loading method and a system provided to an IC card.

[0002]

2. Description of the Related Art At present, this is an application program which can be used by loading a card issued by a card issuer, such as a credit company or a bank, into a card capable of recording a point of visit of a department store in a card which can be used. When a card program provided by an application service organization that provides a card program is mounted, the card issuer needs to obtain a mounting permit defined by the specification of the mounted IC card. The mounting permit is necessary when a card program is mounted on a card, and is present for each card program to be mounted. The mounting permit includes information unique to the card program such as the size of the card program. Without this loading permit, the card program cannot be added to the card. The loading permit includes a single loading permit that is valid for all cards belonging to the card category specified by the card issuer (loading permit pattern 1),
Alternatively, information that is similar to the card unique number stored in the card is included in the loading permit, and loading permission is granted when the unique number in the card is equal to the card unique number in the loading permit (loading permit There is a writing pattern 2).
Since the cost required for the card issuer to obtain the installation permit is expensive for each card category in which the target card program can be installed, the application service organization does not charge the area rental fee for the number of cards installed in the card issuer,
All territory rental fees in the card category where the eligible card program can be installed must be paid. Further, since the mounting permit is unencrypted data, it is also possible to illegally copy and load the card program on a plurality of cards in the mountable card category.

[0003] As a method of loading an application onto an IC card, a plurality of object codes which are linked in advance by designating a load address are prepared, and an object code having an appropriate address is selected from the object codes upon loading. There is a program loading method described in Japanese Patent Application Laid-Open No. H11-265290 which describes a method for loading a program. As a billing method using an IC card, when a payment for content usage is received, billing data such as identification data and frequency are stored in the IC card, and the billing method using the IC card as a part of billing means is provided. Has a data billing system described in Japanese Patent Application Laid-Open No. 2000-184172, but does not describe a billing method accompanying application loading.

[0004]

In an IC card issued by a card issuing organization such as a credit company or a bank (referred to as card issuer), a certain area of the IC card issued by the card issuer is used. An application service institution that provides a card program, such as a department store visit point, on a card issued by a card issuer and provides an environment for executing the card program. In a program load service organization that provides a loading terminal such as a kiosk terminal for mounting on an IC card, the card issuer obtains a mounting license fee for the mounting request from the application service organization, and the application issuer knows the exact number of mounted Card issuer, not paying undue consideration to the program load institutions, programs load institutions it is necessary to obtain the benefits commensurate to ensure load performance.

[0005] In the prior art, when paying all lending fees in the card category that can be mounted in response to the acquisition of a mounting permit, the application service organization issues a card issuer with or without the card holder mounting the target card program. In other words, the territory lending fee for all cards classified by the card issuer as being eligible for the card program must be paid in a lump sum. Therefore, it is necessary to pay a rental fee equal to or more than the number of cards actually mounted. Further, when the mounting permit is the mounting permit pattern 1, the same card program can be mounted on all the cards belonging to the same card category with one mounting permit for mounting the card program. Therefore, by improperly copying the mounting permit and mounting it on multiple cards, the application service organization can only know the actual number of cards loaded by the declaration of the program load organization. Can be disadvantageous for

[0006]

In order to solve the above-mentioned problems, a program loading organization has a storage section for storing an application program, and is capable of accessing a user information storage medium, and a user information storage medium. A program load server that manages a management information storage medium that stores a license to use the application program in the storage device. The loading terminal receives a request to load the application program onto the user information storage medium, A public key acquisition unit for acquiring a public key stored in advance in an information storage medium, and acquisition request information for acquiring a license to use the application program requested to be loaded is transmitted to the program load server together with the acquired public key. And a transmitting unit that performs The bar indicates an instruction unit for instructing the management information storage medium to encrypt the use license using a public key, and a use permission for transmitting the use license encrypted by the management information storage medium to the load terminal. And a message transmitting unit.

[0007] A program for realizing the above-described functions and a configuration using a storage medium for storing the program may be used.

[0008] The management information storage medium is, for example, an IC card or the like, and can store a permission permitting use or use of an application program, storage or mounting for use or use, and the like. It has functions such as encryption processing. The application program can be loaded into a user's information such as a card holder card, etc., by a loading permit acquisition request instruction from a kiosk terminal or a loading terminal such as a personal computer that can access the storage medium such as a card holder card such as a card holder card. The mounting permit is encrypted with the public key sent from the storage medium, and is transmitted and output. Therefore, it is possible to prevent the program loading organization from illegally copying the loading permit. The load terminal having a storage unit for storing an application mounted on the card is a kiosk terminal, a personal computer, or the like, a terminal capable of accessing the storage unit of the card holder card, and the program load server is a network or the like. It may be connected via a. On the other hand, in order to solve the above problem, a user information storage medium is accessible to a load terminal storing a plurality of applications, and manages a public key and a secret key that is paired with the public key, An output unit that outputs a public key in response to a request for obtaining a public key from a load terminal, a receiving unit that receives a license issued using the public key, and a decryption of the received license using a secret key And a storage unit that stores the application program in accordance with information from the determination unit that determines whether the application program can be executed using the license.

[0009] The user information storage medium stores a pair of a public key and a secret key, and decrypts the use license encrypted with the public key in the card, mounts a new card program on the card, and uses the card. It has a loader-compatible card program that allows you to determine whether it can be done. The user information storage medium is typically an IC card such as a card holder card possessed by a card holder as a user or an IC chip built in a mobile phone or the like.
It does not matter whether or not it is portable.

[0010]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention provides an application service for providing a program such as a store visit point used by card issuers and department stores which issue cards such as credit companies and banks and an environment for executing the program. Institutions and program application organizations that operate and provide load terminals such as kiosk terminals for loading card programs into IC cards in card holders that are entrusted to the application service organization, and processing devices and storage issued by the card issuer. I with device
A card issuer, an application service organization, pays a price commensurate with adding a program to a card by installing the card on the IC card without being illegally used by other IC cards and the like, when using the card program on the C card. , A program load institution and the like can be surely obtained.

An embodiment of a method for installing a new card program and charging at that time will be specifically described below. The installation permit is used not only to permit installation in the card but also to be used. The license may be a use permit for permitting use.

FIG. 1 is a diagram showing a schematic configuration between three parties of this embodiment. The card issuer server 1 manages the authority to install programs that can be installed on the IC card for which the card issuer is responsible, and issues an installation permit that allows the IC card to be authorized to install programs. , Generates and manages a common key with the application service organization that has been given permission to load the program. The application service server 2 uses a part of the area of the IC card issued by the card issuer to mount a program of the application service server 2 and provide an application service environment for providing an execution environment of the program to the card holder. The program load server 3 may be entrusted to an application service organization to manage a load terminal 4 that provides a load environment for mounting the program on an IC card, or may be connectable via a network. The IC card is an IC card on which a card application such as a financial application can be mounted, and is a card holder card 5 already issued by a card issuer and held by a card holder. The mounting permit storage IC card 6 is passed to the program load organization via an application service organization by a card issuer in order to maintain the security of the mounting permit in the present embodiment, and is used when a new card program is mounted. The required loading permit can be taken out by the number set by the card issuer.

With the above-described configuration, the card issuer and the application service organization can use the card issuer which is conventionally held by the card issuer in order to prevent the application service organization from illegally copying and using the installation permit. Permit certificate storage IC
It is stored in an IC card as a card and provided to an application service organization. The mounting permit storage IC card has a mounting permit and a mounting permit access program for extracting the mounting permit, and the mounting permit access program retrieves only the mounting permit for the number set in advance by the card issuer. In addition, when the loading permit is taken out, it is encrypted with the public key in the card holder card sent from the card holder card and taken out. You can receive the area rental fee for the number set in the document access program. The application service organization gives in advance the IC card for loading permit storage received from the card issuer to the program load organization entrusted with the addition of the program. When a new program is added to a card holder card at a loading terminal such as a kiosk terminal of the program loading organization, the program loading organization obtains the public key in the card from the card holder card. The obtained public key is sent to the mounting permit storing IC card, the mounting permit in the mounting permit storing IC card is encrypted with the public key, and the encrypted mounting permit is encrypted in the card holder card. Decrypt and add a new program. This processing prevents the program loading organization from illegally copying the loading permit.

Further, the mounting permit storage IC card has a mounting number counter for counting the taken out mounting permit. The card issuer in the mounting permit storage IC card and the common key held by the application service organization. It has a function to encrypt and output the mounted number counter. By encrypting with the common key possessed by the card issuer and the application service organization, it is possible to prevent the program loading organization from improperly increasing the load record. The program load organization sends the actual load count counted by itself and the encrypted loading counter to the application service organization, and the application service organization decrypts the encrypted use number with the common key possessed by the card issuer and the application service organization. By knowing the actual load results, the load for the load results is paid to the program load organization.

FIG. 2 shows the structure of the mounting permit storing IC card 6 of this embodiment shown in FIG. The IC card 6 for storing a loading permit according to the present embodiment includes a processing device 61 such as a microprocessor, a storage device 62 such as an EEPROM and a flash memory, and a device such as a reader / writer. It has an interface unit 63 for performing the transfer. The storage device 62 stores an application program storage unit 64 for storing application programs for implementing various functions, and a control program 65 corresponding to a so-called operating system (OS). The processing device 61 includes a control program 65
Under the management of the application program stored in the application program storage unit 64, and realizes various functions achieved by these application programs. The application program storage unit 64 can store a plurality of programs at the same time.

The mounting permit storage IC card 6 has a mounting permit access program 66 for storing the mounting permit 665 created by the card issuer 1. The loading permit access program 66 outputs the loading permit 666 from the loading permit access program 66 and the loading permit output processing 661 and the loading permit 666 is output from the card holder card 5 via the loading terminal and the program load server. There is a mounting license encryption process 662 that encrypts the mounting license with the public key transmitted by the public key.

The loading permit access program 66 includes a loading permit 666 used for mounting the program on the card holder card 5, a card issuer used for encryption when outputting the number of mounted cards, and an application service organization. Card issuer / application common key issuer / application service agency has a common key 668, a loading permit 663 that can be used with this card, a loading counter 667 that counts the number loaded by this program, and a loading counter 667. It has a loading counter encryption process 664 for encrypting with the service organization common key 668. The card issuer / application service institution common key 668 is a key associated with each card issuer and application service institution that issued the mounting permit. The medium for storing the mounting permit is not limited to an IC card, and when outputting from a storage unit of a certain medium to the outside, encryption processing is performed on the mounting permit, the mounting number counter, and the like. Any media having various functions may be used.

FIG. 3 shows the structure of the card holder card 5 of this embodiment shown in FIG. The card holder card 5 of the present embodiment includes a processing device 5 such as a microprocessor.
1, a storage device 52 such as an EEPROM or a flash memory,
An interface unit 53 for transferring data, messages, and the like to and from a device such as a reader / writer is provided. The storage device 52 stores an application program storage unit 54 for storing applications for realizing various functions, and a control program 55 corresponding to a so-called operating system (OS). The processing device 51 executes the application processing stored in the application program storage unit 54 under the control of the control program, and realizes various functions achieved by these applications. A plurality of applications can be stored in the application program storage unit 54 at the same time, and can be used.

Further, the card holder card 5 has a loader-compatible program 56 which can acquire a mounting permit 666 necessary for adding a card program to its own card in an encrypted state and add the card program. I do. The loader compatible program 56 stores the mounting permit encryption public key 563 for encrypting the mounting permit 666 from the mounting permit storing IC card 6 when taking out the mounting permit 666, and the encrypted mounting permit 666 in its own card. It has an on-board license decryption private key 565 for decryption. Further, the loader-compatible program 56 includes a card program addition process 561 for mounting a new card program on its own card, and a loading permit decryption process 56 for decrypting the encrypted loading permit 666.
4. There is a mounting key encryption public key output process 562 that outputs a public key necessary for encrypting the mounting permit 666 from the loader corresponding program 56. The newly installed card program is stored in the application program storage unit 54.

FIG. 4 shows the structure of the load terminal 4 of this embodiment shown in FIG. The load terminal 4 is an external interface unit between the processing device 41, the storage device 42, and a line such as a dedicated line.
43, a reader / writer 44 for communicating with the card holder card 5, and a user I / O unit 45 for performing data communication with an external output device such as a display. An application program storage unit for storing a program such as an application for realizing this processing in the storage device 42
46, an application data storage unit 47 for storing data used by the application, and a control program 48 functioning as a so-called OS are stored. The application program storage unit 46 has a loading permit request processing 461 for requesting the loading permit 666 from the program load server 3 and a loading permit for transmitting the loading permit 666 obtained from the program load server 3 to the card holder card 5. A transmission process 462, a mounting license encryption public key obtaining process 463 for obtaining the mounting license encryption public key 563 from the card holder card 5, and a card program transmission process 464 for transmitting a card program to the card holder card are provided. The application data storage unit 47 has a card program 471 that can be mounted on a card holder card.

FIG. 5 shows the structure of the program load server 3 of this embodiment. The program load server 3 includes a processing device 31, a storage device 32, an external interface unit 33 for connection with a line such as a dedicated line, an IC card 6 for storing a mounting permit
It has a reader / writer 34 for an IC card for storing a loading permit and a user I / O unit 35 for exchanging with the user. The storage device 32 includes an application program storage unit 36 for storing a program such as an application for realizing the present process, an application data storage unit 37 for storing data used by the application, and a so-called OS.
Is stored. The application program storage unit 36 has a loading permit transmission process 361 for transmitting the loading permit 666 to the load terminal 4, and a public key 563 for loading permit encryption transmitted from the load terminal 4.
Is transmitted to the application service server 2. The instruction to encrypt the mounting permit 666 using the mounting permit public key 563 may be issued by a control program or the like. Also, a load result transmission process 362 for transmitting the load result to the application service server 2, a load result acquisition process 365 for obtaining the encrypted load counter from the mounting permit storage IC card 6, a program load server 3. It has a load result update process 364 for updating its own load result number 371. The application data storage unit 37 has the number of load records 371 of the program load server 3 itself. Note that the program load server and the load terminal do not need to be connected via an external network or the like, or may be an integrated device having the functions of the respective devices.

FIG. 6 shows the structure of the application service server 2 of this embodiment. The application service server 2 has a processing device 21, a storage device 22, and an external interface unit 23 to a line such as a dedicated line. An application program storage unit 24 for storing an application for realizing this processing is stored in the storage device 22.
And an application data storage unit 25 for storing data used by the application, and a control program 26 functioning as a so-called OS. In the application program storage unit 24, a load result request process 241 for requesting a load result to the program load server 3 of the program load organization, and the load result obtained from the program load server 3 are stored in the card issuer / application service organization shared key 251. And a mounted number counter decryption process 243 for decrypting the data. In addition, the loading permit request processing 242 for requesting the loading permit 666 necessary for loading the card program on the card issuer server 1 of the card issuer, and the encrypted load record transmitted from the program load server 3 are stored. There is a common key acquisition process 244 for acquiring a shared key for decryption from a card issuer. Application data storage unit 25
The card issuer / application service organization common key 2 required to decrypt the encrypted load record
Have 51.

FIG. 7 shows the structure of the card issuer server 1 of this embodiment. The card issuer server 1 has a processing device 11, a storage device 12, and an external interface unit 13 for connection with a line such as a dedicated line. The storage device 12 includes an application program storage unit 14 for storing an application for realizing the present process, an application data storage unit 15 for storing data used by the application, and a control program that functions as a so-called OS.
16 is stored. Application program storage unit 14
In response to the request for the mounting permit 151 of the application service server 2 possessed by the application service organization, a mounting permit storing IC card 6 for transmitting the mounting permit 151 is created. Processing 141, a card issuer / application service organization common key generation processing 142 for generating a card issuer / application service organization common key 152 which is shared between the card issuer stored in the loading permit storage IC card 6 and the application service organization, Sends the generated card issuer / application service organization common key to the application service organization Card issuer / application service organization common key transmission processing 143, sets the counter of the installation permit stored in the installation permit storage IC card, and uses the installation permit Possible number of sheets It has a fixed process 144. The application data storage unit 15 has a card issuer / application service organization common key 152 possessed by both the card issuer and the application service organization for each application service organization, and stores a mounting permit 151 necessary for installing the card program in each application service organization. Have for each card program.

FIG. 8 shows the details when a new card program is mounted on the card holder card 5. In response to the card program addition request (90) from the card holder, the load terminal 4 performs the mounting permit encryption public key acquisition process 463 on the card holder card 5 (91). In response to the acquisition process, the card holder card 5 acquires the mounting permit encryption public key 563 in the card (92), and outputs the same through the mounting permit encryption public key output process 562 (93). The loading terminal 4
The acquired mounting permit encryption public key 563 is transmitted to the program load server 3, and the mounting permit request processing 461 requests a mounting permit necessary for adding a card program (94). The program load server 3 transmits the received mounting permit encryption public key 563 to the mounting permit storage IC card 6 by the mounting permit encryption public key transmission processing 363 (95).

The mounting permit storage IC card 6 obtains the received public key (96), compares the mounting permit usable number 663 with the mounting number counter 667 (97), and determines the mounting permit usable range. If it is within, the mounting permit encryption 666 is encrypted by the mounting permit encryption public key 563 received by the mounting permit encryption processing 662 (98). If the comparison result is out of the range, the loading permit is encrypted by notifying or sending to the loading terminal via the program server that the loading of the card program is not permitted or that the loading permit cannot be output. The processing ends without performing any processing or output processing. On the other hand, if it is within the range, the mounted number counter 667 in the card is incremented by 1 (99), and the mounting permit written by the mounting permit output processing 665 is output (100). In addition, the mounting number counter is increased by one count to a predetermined value every time the encryption is performed. However, every time the mounting license is encrypted from a certain set value, the number of usable mounting licenses is encrypted. The count may be reduced, and when the count reaches 0, the mounting permit may not be output and may not be encrypted. The program load server 3 updates the load record 3
The loading result number 371 is updated by 64 (101), and the loading permit encrypted by the loading permit transmission processing 361 is loaded onto the loading terminal 4
(102). In particular, when it is not necessary to manage the number of outputs, the load results, and the like, the comparison process (97)
Alternatively, the mounting permit may be encrypted and output without performing the above operation.

The load terminal 4 transmits the mounting permit encrypted by the mounting permit transmitting process 462 to the card holder card 5 (103). The card holder card 5 decrypts the mounting permit which has been encrypted with the mounting permit decryption secret key 565 held in the card by the mounting permit decryption processing 564 (104). The load terminal transmits the card program (471) to the card holder card by the card program transmission processing (464)
(105). The card holder card 5 adds, in the card, the mounting permit which has been decrypted with the card program 471 by the card program addition processing 561 (106). Note that the loading permit may be stored and decrypted in the card first, and after referring to the permit, it may be determined whether to add the card program. This allows the card holder card
IC card for loading permit storage using 5 unique public key 6
Since the loading permit is encrypted in the device, it is possible to prevent the loading permit from being used illegally by other cards.

FIG. 9 shows details when the application service server 2 obtains the actual number of loads from the program load server 3. The application service server 2 requests the load result number 371 from the program load server 3 by the load result request processing 241 (8
1). In response to the request, the program load server 3 performs load result acquisition processing 365 on the loading permit storage IC card 6 (82). The mounting permit storage IC card 6 obtains the mounting number counter 667 (83), and mounts the mounting number counter 667 by the mounting number counter encryption process 664. The card issuer / application service organization common key 668 in the mounting permit storing IC card 6 is stored. (84), output processing of number of mounted 6
The mounted number counter encrypted by 65 is output (85).

The program load server 3 obtains the load result number 371 obtained by the program load server 3 (86), and stores the encrypted mounted number counter and the load result number 371 obtained by the load result transmission process 362. The data is transmitted to the application service server 2 (87). The application service server 2 stores the encrypted mounted number counter acquired by the load result decryption process 243 in the card issuer / application service institution common key 2
Decryption is performed in 51 and the loaded number counter is obtained (88), and compared with the transmitted load result number 371 transmitted at the same time (89), and if the comparison result is correct, the load result fee is paid to the program load organization, etc. (90), the application load server knows the accurate load record and can prevent improper payment.

Finally, FIG. 10 additionally shows an example of a method of obtaining a mounting permit stored in a mounting permit storing IC card previously acquired from the card issuer by the application service organization in FIG. The application service server 2 requests the card issuer server 1 for a mounting permit by the mounting permit request processing 242 to the card issuer server 1 (71). In response to the request, the card issuer server 1 obtains the mounting permit 151 for the requested number (7
2), the card issuer / application service organization common key 152 generated by the card issuer / application service organization common key generation processing 142 is installed. Processing for setting the number of usable licenses 144
, And is stored in the mounting permit storage IC card 6 and sent to the application service organization.

The card issuer / application service organization common key transmission process 143 causes the card issuer /
The application service institution common key 152 is transmitted to the application service server 2 (73, 74, 75). The application service server 2 stores the card issuer / application service organization common key 152 by the common key storage processing 244 (76). The common key may be stored before sending the mounting permit storage IC card 6 to the application service organization. In addition, the application service organization pays the card issuer for the acquisition number of the mounting permit for the acquisition of the mounting permit storage IC card 6 (77), and the application service organization entrusts the addition of a card program. The loading permit storage IC card 6 is transmitted to the program load organization. As a result, the application service organization pays the loading permit fee for the requested number.

In this embodiment, a card issuer having a card issuer server, an application service organization having an application program server,
Although the description has been given of the case where there are three program load institutions having a program load server, even when all three are integrated, the method of loading an application program onto a card holder card prevents unauthorized use of a loading permit. And the same effect can be obtained. Also,
When the application service organization and the program load organization perform the application program load service together, an improper report is made when reporting the loading results and area usage status to the card issuer who issued the card on which the program is loaded. And the same effect can be obtained.

In the present embodiment, the mounting permit has been described as indicating that the card program is permitted to be mounted on the card holder card. However, the mounting permit is not a mounting permission but a usage permitting the use of the card program in the card holder card. Permits have the same effect.

[0033]

According to the present invention, it is possible to prevent a program loading organization from duplicating a loading permit and forging the usage status of the loading permit, and to pay a price corresponding to mounting the program on a card holder card. Ensure issuers, application service agencies and program loading agencies are available.

[Brief description of the drawings]

FIG. 1 is a diagram showing a schematic configuration between three persons of an embodiment.

FIG. 2 is a diagram illustrating a structure of a mounting permit storing IC card 6 according to the embodiment.

FIG. 3 is a diagram illustrating a structure of a card holder card 5 of the embodiment.

FIG. 4 is a diagram illustrating a structure of a load terminal 4 according to the embodiment.

FIG. 5 is a diagram illustrating a structure of a program load server 3 according to the embodiment.

FIG. 6 is a diagram illustrating a structure of an application service server 2 according to the embodiment.

FIG. 7 is a diagram illustrating a structure of a card issuer server 1 according to the embodiment.

FIG. 8 is a diagram showing details when a new card program is mounted on the card holder card 5.

FIG. 9 is a diagram showing details when the application service server 2 acquires the number of load records 371 from the program load server 3.

FIG. 10 is a diagram showing details when an application service organization acquires a loading permit 666 for a card issuer.

[Explanation of symbols]

1: Card issuer server 2: Application service server 3: Program load server 4: Load terminal 5: Card holder card 6: IC card for storing loading permit 56: Loader compatible program 371: Load record 561:
Card program addition processing 562: Mounting license encryption public key output processing 563: Mounting permission encryption public key 564: Mounting permission decryption processing 565: Mounting permission decryption private key 662: Mounting permission encryption processing 666: Mounting License 667: Installed number counter

 ──────────────────────────────────────────────────の Continued on the front page (72) Inventor Akiko Sato 1-280 Higashi Koigakubo, Kokubunji-shi, Tokyo Inside Central Research Laboratory, Hitachi, Ltd. F-term in business solution business (reference) 5B017 AA03 AA06 BA07 CA15 5B035 AA13 BB09 BC00 CA11 CA38 5B058 CA27 KA02 KA04 KA08 KA35 YA20 5B076 BB06 FC10

Claims (5)

[Claims] 1. A load terminal having a storage unit for storing an application program and capable of accessing a portable information storage medium for a user, and a use license permitting use of the application program in the portable information storage medium for a user. And a program load server for managing a management information storage medium,
The load terminal receives a request for mounting the application program on the user portable information storage medium,
A public key acquisition unit for acquiring a public key stored in advance in the user portable information storage medium, and the acquired public key for acquiring request information for acquiring a license to use the application program that has received the loading request. A transmission unit for transmitting to the program load server together with the program load server, wherein the program load server instructs the management information storage medium to encrypt the license using the public key, A load certificate transmitting unit for transmitting a license code encrypted by the management information storage medium to the load terminal. 2. The load system according to claim 1, wherein the management information storage medium includes a number management unit that manages the number of times the license is encrypted, and an encryption unit that encrypts the license. A license agreement encryption control unit that controls whether to perform processing based on the number of times of encryption that is managed, and an application service server that provides the application program via the program load server A load processing unit that, when a history acquisition request managed by a history management unit is received, encrypts the application using a key associated with each application service server. . 3. The load system according to claim 1, wherein the load terminal includes an output unit that outputs the application program requested to be mounted and the encrypted use permit to the user portable information storage medium. The use license is decrypted in the user portable information storage medium with a secret key that is paired with the encrypted public key, and the application is stored in an executable state using the license. A load system characterized by that: 4. A portable information storage medium for a user which is accessible to a load terminal storing a plurality of applications, wherein the management unit manages a public key and a secret key paired with the public key. An output unit for outputting the public key in response to a request for obtaining the public key, a receiving unit for receiving a license for use encrypted with the public key, and the received license for use with the secret key. A decryption processing unit for decrypting, a determination unit for determining whether or not to execute the application program using the license, and a storage unit for storing the application program according to information from the determination unit. Portable information storage medium for users. 5. A load terminal capable of providing an application program to a portable information storage medium for a user, and a management information storage medium for storing a license to use the application program in the portable information storage medium for a user. And a load terminal for loading the application program on the user portable information storage medium, wherein the load terminal receives the application program loading request on the user portable information storage medium, and loads the application program on the user portable information storage medium. Acquiring a public key stored in advance, transmitting acquisition request information for acquiring a license to use the application program that has received the loading request, and the acquired public key to the program load server; server Instructing the management information storage medium to encrypt the use license using the public key, and transmitting the use license encrypted by the management information storage medium to the load terminal. A method for loading an application program.