JP2003123030A - File management method, and memory card and terminal apparatus that make use of the method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent inconsistencies between a file recorded in a memory card and file management information for a terminal without leaking the information of the file made and stored in an in-card processing system. SOLUTION: The in-card processing system 100 is provided with an area change request means 130 that requests reservation of an area of a flash memory 200, a reserve area information receiving means 140 that receives the information of a reserve area, and a management information search means 160 that holds storage position information of card-dedicated file management information 220. A terminal processing system 300 is provided with a file information processing means 330 that updates the file management information for itself, an area reserving means 350 that reserves the area of the flash memory 200 corresponding to an area reserve request, a dummy file information generation means 360 that generates dummy file information of the reserve area, and a reserve area notifying means 370 that transmits the reserve area to the in-card processing system 100.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a file management method, a memory card and a terminal device using the file management method, and more particularly, to prevent inconsistency between a file actually recorded in a memory card and file management information. Is.

[0002]

2. Description of the Related Art In recent years, IC cards have been used for commuter passes, telephone cards, cash cards, etc., and memory cards have been used for personal computers (PC), digital cameras, storage media for music players, etc. , Both are used in many ways.

A memory card is used for the purpose of supplementing a built-in storage area of a digital camera, a music player and the like and for portability. For example, by storing electronic data of an image taken by a digital camera in a mounted memory card and mounting this memory card in a PC,
You will be able to view the image above.

On the other hand, as shown in FIG. 27, memory and CP
The IC card 20 containing U and
Readable storage means 22 including an IC memory
And a storage means 22 via an interface (I / F) 23 and controls the writing / reading of data to / from the storage means 22.
It has and. The card processing system 21 includes a storage unit 22.
Is responsible for file management. In addition, the terminal 10 is an IC
When writing data to the card 20 or reading data from the IC card 20, mutual communication means 1
A request for writing or reading is sent to the in-card processing system 21 via 1, 24, and through the in-card processing system 21,
Writing data to the storage means 22 or the storage means 2
Read data from 2.

At this time, the in-card processing system 21 authenticates that the terminal 10 is a legitimate terminal that is qualified to process the data stored in the storage means 22, and then makes a write request or read from the terminal 10. On request. for that reason,
If the card is a cash card, for example,
Access to the data stored in the card is denied except for the bank terminal, and the security of the data stored in the card is maintained.

By authenticating the terminal in this way,
While IC cards that retain the security of stored data are used, recently, one card can be used for multiple purposes so that the user does not have to have many cards.
Development of a multifunctional memory card including an IC card function is in progress.

As shown in FIG. 28, this card (hereinafter referred to as “secure card”) is connected to the storage means 32 and the storage means 32 via an interface (I / F) 33, and is connected to the storage means 32. In-card processing system 31 for controlling writing / reading of the data is provided, but terminal 10 can directly access storage means 32 through interface (I / F) 34.

When the terminal 10 directly accesses the storage means 32 of the secure card 30, unlike the IC card 20 described above, authentication is not involved, so that any terminal 10 can read data. This is in line with the versatility of cards, but the security of data cannot be maintained. Therefore, it is necessary to have a mechanism to prevent direct access to confidential data.

As a mechanism for this, the in-card processing system 31 manages a file of highly confidential data, does not disclose the file management information to the terminal 10, and the writing / reading of the data of the file is performed in the card. Only the terminal 10 authenticated by the processing system 31 performs the processing via the in-card processing system 31, while the file management information regarding the file of the data with low confidentiality is disclosed to the terminal 10, and the writing / reading of the file is performed. A method in which the terminal 10 directly performs is considered.

The secure card adopting such a method has various uses. That is, memory cards such as PCs, digital cameras, audio / video players, electronic passbooks and cash cards used in bank terminals,
Settlement of credit cards, debit cards, or electronic money used at store terminals / receipt of electronic receipts / storage /
It can be applied to cards for recording usage history. Further, it is possible to store the content of music distribution and pay the fee by a payment function such as credit / david in the card.

When a secure card is used as a memory card in, for example, a PC or a digital camera within the above range of use, it is not convenient to identify the user. Therefore, in such use, the terminal 10 is allowed to directly access the memory means 32 of the card without performing authentication such as user identification.

On the other hand, it is problematic from the viewpoint of privacy protection that the electronic receipt received at one store is freely referred to at another store, or the contents of the electronic passbook are read by the terminal of the store. Therefore, the electronic receipt data is file-managed by the in-card processing system 31 of the secure card 30 so that only the owner or the issuing store can refer to it and the electronic passbook can be accessed only by the bank terminal.

In the example of music distribution, the decryption key for decrypting the encrypted content is stored in the storage means 32 via the in-card processing system 31 so as not to be illegally taken out, while The encrypted content body has no meaning without a decryption key, and is stored by direct access to the storage means 32.

FIG. 29 schematically shows data writing performed by the terminal 10 directly accessing the storage means 32 of the secure card 30 and data writing performed by the in-card processing system 31 of the secure card 30. In addition, the system that manages the file is FAT (File Allocation Ta
ble) using FAT file system and NTFS
(Windows (registered trademark) NT File System), UFS (Un
ix (registered trademark) FileSystem) is known,
Here, a case where files are managed using FAT will be described.

In FIG. 29, the secure card 30 is
Directory entry for managing files and F
The terminal 10 includes a storage unit 32 in which the AT 33 is recorded as file management information and an in-card processing system 31.
Terminal processing system 1 for controlling direct access to the storage means 32
1 and a terminal cache memory 12 for temporarily storing data
It has and.

When the secure card 30 is attached to the terminal 10 and the access to the secure card 30 is started from the terminal 10, first, the directory entry and the FAT 33 recorded in the storage means 32 are read into the terminal cache memory 12. (41). The read directory entry and FAT are set to FAT13 in FIG. When the terminal processing system 11 writes the data (DAT2) in the storage means 32 of the secure card 30, the FAT1
The file management information of DAT2 is added to 3 (42), and DAT2 is simultaneously written to the cache memory 12 (4).
3). The cache memory 12 looks at the time, and FAT3
3 is overwritten with FAT13 (44), and at the same time, FAT1
The DAT 2 is stored in the storage means 32 according to the file management information described in 3 (45).

On the other hand, the in-card processing system 31 of the secure card 30 writes the data (DAT1) in the storage means 32 of the secure card 30, the directory entry for managing the file by itself and the DAT1 in the FAT 34.
File management information is added (46) and at the same time FAT3
DAT1 is stored in the storage means 32 according to the file management information described in No. 4 (47).

In the above-mentioned music distribution example, the storage means 32 of the decryption key (corresponding to DAT1) by the in-card processing system 31.
There is a possibility that the storage of the encrypted content body (corresponding to DAT 2) in the storage means 32 by the terminal processing system 11 and the storage means 32 may be performed substantially at the same time.

As shown in FIG. 30, the in-card processing system 31 expands the directory entry and FAT for managing files by itself into the storage means 32 (Exte
It is also possible to store it as EXT-directory entry and EXT-FAT 35 which are file management information.

[0020]

However, in the case of this secure card, the storage means 32 that the terminal processing system 11 can know.
File management information (ie, FAT33 and FA
Since T13) does not include the file management information (that is, FAT34) managed by the in-card processing system 31, for example, as shown in FIG. The area in which DAT1 is stored by 31 is set as the storage area in DAT2 by FAT13.
May be specified in.

Even if the in-card processing system 31 adds or updates the information on the area in which DAT1 is written to the FAT33, the terminal 10 refers to the FAT13 read in the terminal cache memory 12, and therefore the writing of DAT1 is performed. The area cannot be known to the terminal. Furthermore, FAT
When the FAT 33 is overwritten by 13, the contents of the FAT 33 updated by the in-card processing system 31 become invalid.

In this case, F updated by the terminal processing system 11
When DAT2 is written according to the file management information of AT13, DAT1 will be erased.

Such a situation occurs because the file management information (FAT13) managed by the terminal does not match (is inconsistent) with the state of the file actually recorded in the storage means 32.

In order to prevent such inconsistency in file management information, conventionally, in a SAN (Storage Area Network) in which a storage device is shared by a plurality of hosts, a method in which a server centrally manages file management information has been adopted. Has been. In this method, each client that stores data in the shared storage device sends the file name and size to the server, requests the data area to be reserved, and when the server notifies the reserved area, the specified area is stored. After storing the data, the file structure information is transmitted to the server.

However, when this system is applied to a secure card, it is S because it is a removable medium.
The terminal corresponding to the AN server differs depending on the situation. Therefore, the file management information managed by the in-card processing system 31 becomes known to an unspecified terminal, which makes it difficult to secure the data security.

The present invention has been made in view of the above points, and a file recorded on a memory card and a terminal can be stored without leaking information of the file created and stored in the in-card processing system to the terminal. An object of the present invention is to provide a file management method capable of preventing inconsistency with file management information for management, a memory card and a terminal device using the file management method.

[0027]

A file management method of the present invention is a file management method used in a memory card having a storage means accessed from a first processing system and a second processing system. The first processing system requests the second processing system to secure an area of the storage means, and the second processing system receives the request in the request step and secures an area of the storage means. And a reflection step in which the second processing system reflects the information of the area secured in the securing step in the file management information, and the first processing system uses the second processing system in the securing step. And a writing step of writing data to the area secured by the first processing system, wherein the first processing system stores the file management information generated by the writing process in the second processing system. It was not to notify.

According to this method, the second processing system receives an area reservation request of the storage means from the first processing system, executes the area reservation process, and reflects the information of this area in the file management information. The first processing system writes the data in this area and does not notify the second processing system of the resulting file management information. Therefore, the second processing system writes in the area where only the first processing system can refer to the data. Does not write other data, and at the same time, the information of the data written by the first processing system does not leak to the second processing system, thus preventing the mismatch between the data recorded in the storage means and the file management information. can do.

A file management method of the present invention is a file management method used in a memory card having a storage means accessed from the first processing system and the second processing system, wherein the first processing system comprises: A request step for requesting the second processing system to secure the area of the storage means, and a securing step for the second processing system to carry out the processing of securing the area of the storage means in response to the request in the request step. A reflecting step in which the second processing system reflects the information of the area secured in the securing step in the file management information for itself, and the first processing system secures the second processing system in the securing step. And a writing step of performing writing processing of data of the file management system for itself in the created area.

According to this method, the second processing system receives an area reservation request of the storage means from the first processing system and performs the area reservation process, and the information of this area is used as the file management information for itself. The first processing system writes the data of the file management system for itself in this area. Therefore, the second processing system writes the data of the file management system for the first processing system in the area. Does not write other data at the same time, the data of the file management system of the first processing system does not leak to the second processing system, and the confidentiality of the data that can be referenced only by the first processing system can be improved. it can.

A file management method of the present invention is a file management method used in a memory card having a storage means accessed from a first processing system and a second processing system, wherein the first processing system comprises: A request step for requesting the second processing system to secure the area of the storage means, and a securing step for the second processing system to carry out the processing of securing the area of the storage means in response to the request in the request step. A reflecting step in which the second processing system reflects the information of the area secured in the securing step in the file management information for itself, and the first processing system secures the second processing system in the securing step. And a writing step of performing writing processing of data of the file management system for itself to the created area, wherein the first processing system is configured to perform the writing processing performed by the writing processing. Yl management information so as not to notify the second processing system.

According to this method, the second processing system receives an area reservation request of the storage means from the first processing system, executes the area reservation process, and uses the information of this area as file management information for itself. The first processing system writes the data of the file management system for itself in this area and does not notify the resulting file management information to the second processing system. Therefore, only the first processing system At the same time that the second processing system does not write other data in the reference data writing area, information of the data written by the first processing system is recorded in the storage means without leaking to the second processing system. Inconsistency between data and file management information can be prevented.

The terminal device of the present invention is a terminal device for accessing the storage means of the memory card to manage files, and receives a request for securing an area of the storage means from a processing system inside the memory card. A request receiving unit, an area reserving unit for reserving an area of the storage unit based on the request received by the request receiving unit, and a file management for the information of the area secured by the area reserving unit for itself. File information processing means to be reflected in information,
And a secured area transmitting means for transmitting information on the area secured by the area securing means to a processing system inside the memory card.

According to this structure, an area is secured in response to a request for securing the area of the storage means from the processing system inside the memory card, and the information of the secured area is reflected in the file management information for itself. Since the data is transmitted to the processing system inside the memory card, the terminal device does not write other data in the area for writing the data that can be referenced only by the processing system inside the memory card, and the data recorded in the storage means and the terminal device. It is possible to prevent inconsistency with the file management information for.

A memory card of the present invention is a memory card having a storage means accessed from a processing system inside the memory card and a processing system of the terminal device, and the processing system inside the memory card is the terminal device. The area reservation requesting means for requesting the reservation of the area of the storage means by designating a size to the processing system, the reserved area receiving means for receiving a notification of the reserved area from the processing system of the terminal device, and the storage means Writing means for writing data to the reserved area,
And a writing position information storage means for storing information on the writing position of the data written in the reserved area in a state where only the processing system inside the memory card can refer to the information.

According to this structure, the processing system of the terminal device is requested to secure the area of the storage means by designating the size, the information of the area secured as a result of this request is received, and the data is stored in this area. Since the information of the written and written position is stored in a state that only the processing system inside the memory card can refer to, the information of the area to which the data that can be referred to only by the processing system inside the memory card is written is for the terminal system processing system. Can be reflected in the file management information of the above, and at the same time, the information of the position where the above data is written can be referred only to the processing system inside the memory card, and the data recorded in the storage means and the processing system of the terminal device Therefore, it is possible to prevent inconsistency with the file management information for improving the confidentiality of data.

A memory card of the present invention is a memory card having a storage means accessed from a processing system inside the memory card and a processing system of the terminal device, and the processing system inside the memory card is the terminal device. An area reservation requesting unit that requests a reservation of an area of the storage unit by designating a size to the processing system, a reservation area receiving unit that receives a notification of the reservation area from the processing system of the terminal device, and the reservation area A free area storage unit that stores a free area that is stored by designating a write area from the reserved area that has been stored, and a writing unit that writes data to the write area that is designated by the free area storage unit. And a write position information class for storing information on the write position of the data written in the write area in a state where only the processing system inside the memory card can refer to it. A configuration having a means.

According to this structure, the processing system of the terminal device is requested to secure the area of the storage means by designating the size, and the information of the area secured as a result of this request is received and stored.
The data is written by specifying the write area from the stored reserved area, the remaining free area is stored, and the information of the position where the data was written is stored in a state where only the processing system inside the memory card can refer to it. Information in the area where data that can be referenced only by the processing system inside the card is written can be reflected in the file management information for the processing system of the terminal device, and at the same time, the information at the location where the above data is written is stored in the memory card Only this processing system can be referred to, and it is possible to prevent inconsistency between the data recorded in the storage means and the file management information for the processing system of the terminal device, and to enhance the confidentiality of the data.

[0039]

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(First Embodiment) FIG. 1 shows a first embodiment of the present invention.
3 is a block diagram showing the configurations of a secure card and a terminal device according to the embodiment of FIG.

As shown in FIG. 1, the secure card according to the first embodiment of the present invention includes an in-card processing system 100 implemented by an application program installed in the card, a flash memory 200 (storage means), and Have. The in-card processing system 100 includes a communication means 110 for communicating with a terminal device, a data processing means 120 for processing data,
Notify the terminal of the size of data, and flash memory 2
Area change requesting means 130 for requesting a change such as reservation and release of the used area of 00, reserved area information receiving means 140 for receiving information on the reserved area from the terminal device, and actual data of the card dedicated file to the flash memory 200. 21
Write / delete 0 and file management information for card 2
20 includes a writing / erasing means 150 for writing 20 and a management information retrieving means 160 for holding storage location information of the flash memory 200 in which the card dedicated file management information 220 is written. The flash memory 200 has file management information 230 that can be referenced by any terminal.
And the actual data of the file, and the card processing system 10
The actual data 21 of the card dedicated file that only 0 can refer to
0 and file management information 220 of a card-dedicated file are stored. Here, the "file management information of the card-dedicated file" is file management information for the in-card processing system 100, and stores information of files that the card processing system 100 reads and writes. In this specification, “file management information for a certain processing system” does not depend on the processing system that rewrites the file management information itself or the position where the file management information is stored, and is managed by the file management information. It means file management information for the processing system that reads and writes files.

The card-specific file management information 220
The writing / erasing means 150 for writing the same and the management information searching means 160 for holding the storage position information of the card dedicated file management information 220 make the writing position of the data 210 written in the reserved area only in the in-card processing system 100. Constitutes a "writing position information storage means" for holding the same in a state where it can be referred to. In addition, the actual data 210 of the card-dedicated file that can be referenced only by the in-card processing system 100
The file management information 220 of the file dedicated to the card constitutes the “file management system” of the in-card processing system 100.

The terminal device in this embodiment has a terminal processing system 300 and a cache memory 400, as shown in FIG. The terminal processing system 300 performs communication means 310 with the in-card processing system 100, data processing means 320 for processing data, and update processing of file management information for the terminal processing system 300 held in the cache memory 400. The file information processing unit 330, the area change request receiving unit 340 that receives an area reservation request from the in-card processing system 100, and the file management information for the terminal processing system 300 are referred to to reserve an empty area of the flash memory 200. Area securing means 350 and in-card processing system 100
A fictitious file information generating means 360 for generating fictitious file information of the reserved area and a reserved area notifying means 370 for transmitting the reserved area to the in-card processing system 100. Further, the cache memory 400 has a file information holding unit 410 that holds the file management information 230 for the terminal processing system 300 read from the flash memory 200, and a file information writing unit that writes the updated file management information to the flash memory 200. And 420.

As described above, the system for managing files as in the present embodiment uses FAT (File Allocation).
Table) FAT file system, NTFS
(Windows (registered trademark) NT File System) and UF
Although S (Unix (registered trademark) File System) and the like are known, here, a case where a file is managed using FAT will be described as an example.

Here, the outline of FAT will be described.

The data stored in the flash memory 200 is recorded in cluster units as shown in FIG.
The data of a file that does not fit in one cluster is stored in multiple clusters. The arrows in the figure indicate the order of the clusters that recorded the data (connection information).
Is shown. The usage status of the cluster is recorded in the memory as file management information (also referred to as "meta information").

The FAT is a table for managing the usage status of the cluster. Part of FAT is shown in FIG.
FIG. 3B shows a directory entry that constitutes file management information together with the FAT. The directory entry includes information such as file name, size, and first cluster. The FAT has as many description frames as the number of clusters included in the storage area (in the figure, the upper row is a serial number, the lower row is a description frame, and the serial numbers are not included in the actual table). The next cluster number) is described. In FIG. 3A, the clusters 32 to 1
43 is shown. The position of the cluster in which the actual data is described can be specified from the position of each frame. When referring to a file, a directory entry is searched for from the file name to obtain the first cluster, and the FAT is referred to, and the connection is sequentially traced from the first cluster. -1 represents the end of the file. When writing a file, the file name, size, first cluster, etc. are registered in the directory entry, the concatenation information is registered in the FAT, and the data entity is written in the corresponding cluster based on the concatenation information registered in the FAT. Go out. In FIG. 1, the file management information 230 and the card-dedicated file management information 220 for the terminal processing system 300 are composed of the FAT and the directory entry as described above. Further, the file management information 230 recorded in the flash memory 200 can be read by any terminal device. The terminal device manages the file by reading and writing this.

The in-card processing system 100 newly writes or additionally writes data in the flash memory 200.
When deleting data, the size of the data is transmitted to the terminal device, and the change of the data storage area is requested.

When a request for securing a data storage area is issued from the in-card processing system 100, the terminal device secures the data storage area on the file management information 230 for itself and the file related to the data storage area is allocated. As the management information, fictitious file information in which the cluster connection information is set to fictitious is generated, and the file management information 230 is updated using the fictitious file information. Therefore, each terminal device
When the file management information 230 is read, it is possible to know that the data storage area has been used, but it is not possible to know the exact information of the data entity of the file.

On the other hand, upon receiving the notification of the secured data storage area from the terminal processing system 300, the in-card processing system 100 writes the actual data 210 of the card-dedicated file in the cluster of that area, and writes the file of the card-dedicated file. The management information 220 is written in the flash memory 200. The position information indicating the area of the flash memory 200 in which the card dedicated file management information 220 is written is held in the management information searching unit 160, and the card dedicated file management information 220 is referred to by referring to the management information searching unit 160. Is written.

The card dedicated file management information 220 does not inform the terminal device at all. Therefore, the security of the actual data managed by this card-dedicated file management information 220 is maintained.

Next, a processing procedure when the in-card processing system 100 requests the terminal processing system 300 to secure a data storage area will be described. Note that the file management information 230 of the flash memory 200 is read by the terminal device in advance and is held by the file information holding unit 410 of the cache memory 400.

First, the area change request means 130 of the in-card processing system 100 sends a use area change request including the size information of the data written by the writing / erasing means 150 to the terminal processing system 300 via the communication means 110. (1).
The area change request receiving means 340 of the terminal processing system 300 sends the received use area change request to the file information processing means 330.
The file information processing means 330 refers to the file management information for the terminal processing system 300 held in the file information holding means 410 (2), and the flash memory 2
00 free area is searched. If there is no free space,
An error is returned to the in-card processing system 100.

If there is a free area, area securing means 3
50 secures an area of the size included in the usage area change request in the file management information for the terminal processing system 300 (3), and the fictitious file information generation means 360 uses the area. To generate the fictitious file management information (4), and the file information processing means 330
This fictitious file information is stored in the file information holding means 410.
(5) is added to the directory entry and FAT of the file management information for the terminal processing system 300 held by.

In this case, the file name information of the directory entry may be random or regular (terminal identifier + number etc.). Further, the FAT connection information may be random or sequential.

The updated file management information is stored in the flash memory 20 by the file information writing means 420.
It is overwritten with 0 (6). Note that this file management information overwrite depends on the terminal processing method, so
It does not always occur at this timing.

Further, the file information processing means 330 notifies the in-card processing system 100 of the reserved area through the reserved area notifying means 370 (7).

The reserved area information receiving means 140 of the in-card processing system 100 receives the reserved area information from the terminal processing system 300 and notifies the writing / erasing means 150. The writing / erasing means 150 uses the real data 2 according to the reserved area information.
10 is written in the flash memory 200 (8). At the same time, the recording position of the card dedicated file management information 220 is known by referring to the storage position information held in the management information retrieval means 160 (9), and the card dedicated file management information 22 is acquired.
The file management information of the actual data 210 is recorded in 0 (1
0).

The card-dedicated file management information 220 may be held in any form as long as actual data to be managed can be normally read later. In this specification, the same format as FAT is used. In the case of holding in.

Next, a processing procedure when the card processing system 100 requests the terminal processing system 300 to release the data storage area (that is, when data is deleted) will be described. In the card processing system 100, the writing / erasing means 1
50 erases the actual data and modifies the card dedicated file management information 220. The area change requesting means 130
An actual data deletion area, that is, an area change (release) request specifying the release position is transmitted to the terminal device. The release position is specified by the start address and size of the release area. Alternatively, all addresses may be designated.

In the terminal processing system 300, when the usage area change request is received, the file information processing means 330 causes the terminal processing system 30 held in the file information holding means 410.
By referring to the file management information for 0, a file using the area requested to be released is searched, and the file management information of the corresponding file is corrected.

At this time, as shown in FIG. 4, a process of removing the deletion area of the fictitious file from the connection information of the file management information is performed. When the entire fictitious file disappears by this process, the file management information of the fictitious file is deleted from the file management information for the terminal processing system 300.

Next, the details of the process in which the in-card processing system 100 secures the data storage area in the terminal processing system 300 will be described with two specific examples.

FIG. 5 schematically shows the processing when the in-card processing system 100 requests the terminal processing system 300 to secure a data storage area. Here, the card processing system 1
00, the data written in the flash memory 200 (storage means) of the card is managed by the EXT-FAT which is the extended file management information. This EXT-FAT itself is also written in the flash memory 200, and it is necessary to suppress direct access by the terminal device. Therefore, it is necessary to process the EXT-FAT area into a fictitious file and include it in the file management information for the terminal processing system 300.

FIG. 5 schematically shows the processing for securing the EXT-FAT area in the file management information for the terminal processing system 300.

First, FAT '(corresponding to the file management information 230) stored in the flash memory 200 is read as FAT "in the cache memory 400 (1). Application in card processing system (C-Ap)
p) notifies the terminal processing system 300 of the size of the EXT-FAT (2). The terminal processing system 300 performs area reservation processing, creates file management information of EXT-FAT size as a fictitious file (hereinafter referred to as "DMY") (3), and adds DMY information to FAT "( 4) The terminal processing system 300 notifies the in-card processing system 100 of the reserved area (5) C-App of the in-card processing system 100.
Creates an EXT-FAT according to the notified area information (6), and holds the storage position of the EXT-FAT in the in-card processing system 100 (7).

This EXT-FAT is the file management information FAT ″ in the cache memory 400 for the terminal device.
Looks like DMY. In addition, EXT by the terminal device
-Access to the actual data of FAT is denied due to information (access control information) indicating access control such as read / write not set for each file / block.

Although only the EXT-FAT is shown here, the area of the EXT directory entry is also made into a fictitious file and included in the file management information FAT "managed by the terminal, like the EXT-FAT. In addition, like the EXT-FAT, the EX
Regarding the T directory entry, the storage position information is held inside the card processing system 100.

The EXT-FAT and the EXT directory entry for the root directory have a fixed size and are necessary for the in-card processing system 100 to create a card-dedicated file. Depending on the machine, it may be created in a fixed area where direct access from the terminal device is impossible.

FIG. 6 shows the EXT-FAT and E held in the management information retrieval means 160 inside the in-card processing system 100.
The example of the storage position information of an XT directory entry is shown. Here, the case where the EXT-FAT area is divided into a plurality of areas is shown, and the start address and size of all the divided areas represent the EXT-FAT area. The management information retrieving means 160 cannot access these pieces of information from the terminal, and the in-card processing system 1
It is held in the TRM (tamper resistant module) area accessible only from 00.

FIG. 7 schematically shows another process when the in-card processing system 100 requests the terminal processing system 300 to secure a data storage area. Here, the data in the file dedicated to the card (hereinafter,
“DAT1”) is newly created.

First, the FAT ′ stored in the flash memory 200 is read as FAT ″ into the cache memory 400 (1). The application (C-App) of the in-card processing system 100 sets the size of DAT1 to the terminal processing system 300. (2) The terminal processing system 300 performs area reservation processing, and creates a fictitious file (hereinafter, "DMY1").
The file management information for the size of DAT1 is created (3), and the information of DMY1 is added to FAT ″ (4). The terminal processing system 300 notifies the in-card processing system 100 of the reserved area (5). The C-App adds the file management information of DAT1 to EXT-FAT according to the notified area information (6), and simultaneously writes DAT1 according to the file management information (7).

FIG. 8A shows the FAT 'before the DMY1 information is added, FIG. 8B shows the directory entry at that time, and FIG. 9A shows the DMY1 information added. FIG. 9B shows the FAT "after being written, and FIG. 9B shows the directory entry at that time.
9A and 9B, the terminal processing system 300 receives a request for securing 14 clusters from the in-card processing system 100, and adds the information of the fictitious file "dummy1" as DMY1 to FAT. There is.

In this way, by including the fictitious file of the card-dedicated file in the file management information for the terminal processing system 300, as shown in FIG. 7, the terminal processing system 300 provides information on the data (DAT2). After adding (5) to FAT "(510), write DAT2 from the terminal processing system 300 to the cache memory 400 (520), and write DAT2 to the flash memory 200 (5
30) or a process of overwriting FAT ″ with FAT ′ (54
0) occurs at any time, exclusive control for the writing area of the data (that is, DAT1) of the card-dedicated file becomes possible.

When the terminal processing system 300 notifies the in-card processing system 100 of the reserved area, if the areas are continuous, the head address and size are notified. Alternatively, since the in-card processing system 100 knows the size, only the head address may be notified. Also,
When the area is divided into a plurality of areas, the start address and size of all the divided areas are notified. Alternatively, all addresses (cluster numbers) may be notified.

Next, a method of creating a fictitious file will be described.

For example, in the processing shown in FIG.
After 1 is recorded, when an area reservation request for recording data of a new card dedicated file (hereinafter referred to as “DAT3”) is issued, the terminal processing system 300 performs the same procedure as in the case of recording DAT1. Then, the area is secured, a fictitious file is created, and the secured area is notified to the in-card processing system 100. Then, in-card processing system 100 receives the notification of area reservation, adds the information of DAT3 to EXT-FAT, and at the same time, writes DAT3 in flash memory 200 in accordance with the notified area information.

At this time, the terminal processing system 300 may use the reserved area (clusters 10 to 12) as a new virtual file, independently of the existing virtual files (clusters 1 to 7), as shown in FIG. Then, as shown in FIG. 11, new connection information may be added to the existing fictitious file to form one fictitious file. In addition, as shown in FIG.
One fictitious file may be created in units of fixed size (8 clusters in this example, that is, clusters 1 to 7 and 10).

FIG. 13A shows "FAT" when a fictitious file is created by the method shown in FIG.
Indicates the directory entries in that case, respectively. In the directory entry shown in FIG. 13B, "dummy1" is an existing fictitious file, and "dummy".
"y2" indicates a newly created fictitious file.
Further, FIG. 14A shows the FAT ″ when the fictitious file is created by the method shown in FIG. 11, and FIG. 14B shows the directory entry in that case. In FAT "shown, clusters 98-1
00 is a cluster newly connected to the existing fictitious file.

On the other hand, FIG. 15A shows the EXT-FAT which is the file management information of the file dedicated to the card.
(B) shows the EXT-directory entry which is the file management information of the card dedicated file. Here, the configuration information of the actual file dedicated to the card is stored. This information is stored in the card processing system 100.
Can only be seen from the outside. EX shown in FIG.
T-FAT and F shown in FIG. 13 (A) or FIG. 14 (A)
Compared with AT ", the connection information is different.
One fictitious file does not necessarily correspond to one card-only file. Therefore, it is difficult for a terminal device that can only see FAT "to correctly understand the data even if it can read the card-dedicated file. This further enhances the security of the data in the card-dedicated file. .

Next, the appending process to the card-dedicated file by the in-card processing system 100 and the process for deleting or reducing the card-dedicated file will be described.

FIG. 16 schematically shows an appending process (additional writing) to a card-dedicated file by the in-card processing system 100. Using the same figure, of the data (DAT1) of the file dedicated to the card, new data (hereinafter, "DAT1") is added to the data already recorded by the in-card processing system 100 (hereinafter, "DAT1 (1)"). A case of additionally writing DAT1 (2) "will be described.

First, FAT ′ stored in the flash memory 200 is read as FAT ″ into the cache memory 400 (1). The application (C-App) of the in-card processing system 100 sets the size of DAT1 (2) to the terminal. Notify the processing system 300 (2). Terminal processing system 300
Performs area reservation processing, and creates a fictitious file (hereinafter "DM
The file management information for the size of DAT1 (2) is created as (Y2 ″) (3), and the information of DMY2 is added to FAT ″ (4). The terminal processing system 300 notifies the in-card processing system 100 of the reserved area (5). C-App
Updates the information of DAT1 recorded in EXT-FAT according to the notified area information (6), and at the same time, DA
Write T1 (2) (7).

As described above, even in the append processing to the card-dedicated file, the processing in the terminal processing system 300 is as shown in FIG.
Is no different from the case of. Regarding the relationship of additional writing to the file dedicated to the card, only the in-card processing system 100 can refer to EX
It is recorded only in T-FAT.

FIG. 17 schematically shows the processing for deleting DAT1 (2) added to DAT1 (1) in the above processing.

First, the FAT ′ stored in the flash memory 200 is read as FAT ″ into the cache memory 400 (1). The application (C-App) of the in-card processing system 100 erases DAT1 (2) ( 2) At the same time, the information of DAT1 recorded in EXT-FAT is updated (3) C-App is DAT1 (2)
Notify the position of (4). The terminal processing system 300 searches for the corresponding file from the position information, and hits DMY2 (5). Then, the terminal processing system 300 corrects (reduces / deletes) the file management information of DMY2 (6).

FIG. 18A shows the FA shown in FIG.
18 shows the FAT state when the size of the fictitious file “dummy1” is reduced by 3 clusters in response to the release request for the 3 clusters 87 to 89 from the T state.
(B) shows the states of the directory entries at that time.

As described above, according to the present embodiment, by setting the fictitious file in the reserved area for the card-dedicated file, the file management information for the terminal processing system 300 and the actual data recording on the flash memory are recorded. It is possible to eliminate inconsistency with the above, and it is possible to perform exclusive control so that other files are not stored in the area where the card-dedicated file is stored.

In the present embodiment, the fictitious file is set in the reserved area for the card-dedicated file.
As shown in (A), even if a defective sector (indicated by "-2" in FIG. 19 (A)) is set in the reserved area of FAT, exclusive control for the card-dedicated file is possible. In this case, no information is added to the directory entry (see FIG. 19 (B)). However, EXT-FAT and EX
The T directory is the same as when the reserved area is made into a fictitious file.

(Second Embodiment) FIG. 20 is a block diagram showing configurations of a secure card and a terminal device according to a second embodiment of the present invention. In addition, in FIG.
The same reference numerals are given to the same portions as, and detailed description will be omitted.

The in-card processing system 100a of the secure card shown in FIG. 20 has a free area storage means 170 and a writing order determination means 180 added to the in-card processing system 100 of the secure card shown in FIG.
Instead of this, a configuration including the extended file management information search means 190 is adopted. The secure card flash memory 200a shown in FIG. 20 has extended file management information 240 instead of the card dedicated file management information 220 of the secure card flash memory 200 shown in FIG.

The feature of this embodiment is that the card processing system 10 is used.
0 indicates that an area larger than the data size required for writing is used as a file (in the present embodiment, this is called a “fictitious file”), for example, 128 kilobytes as one unit and an area for n units. It is a point to reserve for one fictitious file.

The free area storage means 170 stores a reserved area for a fictitious file and designates an area to be used for writing from this reserved area.

The writing order determining means 180 determines the order of writing data in the area (cluster connecting order).

Further, the extended file management information retrieval means 19
0 holds the storage position information of the card-dedicated file management information (hereinafter referred to as “extended file management information”) 240 written in the order determined by the writing order determination means 180.

In-card processing system 10 of this secure card
As shown in FIG. 20, 0a stores a reserved area, and a free area storage unit 170 for designating a writing area from the stored reserved area, and a flash memory 200a by designating a fictitious file size to the terminal device. The area change request means 130 for requesting the area reservation, the reserved area information receiving means 140 for receiving information about the reserved area and the fictitious file name registered in the area from the terminal device, and the free area storage means 170 are designated. Actual data to write area 2
10 write / delete and extended file management information 240
Writing / erasing means 150 for executing writing, a writing order determining means 180 for designating a writing order of data to the writing / erasing means 150, and an extended file management information searching means for holding storage location information of the extended file management information 240. And 190.

This extended file management information search means 19
0, the write / erase means 150, and the extended file management information 240 constitute "write position information storage means" in the in-card processing system 100a.

Writing / writing in this card processing system 100a
The erasing means 150 notifies the free area storage means 170 of the size of the data to be written. Free space storage means 170
When the writing / erasing means 150 does not hold a free area corresponding to the size of the data to be written, the area change requesting means 130 is used to secure an area larger than the difference between the size of the data and the size of the current free area. Processing system 3
Request to 00. The area change requesting means 130 of the in-card processing system 100a transmits a use area change request including the size information requested by the free area storing means 170 to the terminal device.

The area change request receiving means 340 of the terminal processing system 300 transmits the received use area change request to the file information processing means 330, and the file information processing means 330
Terminal processing system 3 held in the file information holding means 410
00 for the free area of the flash memory 200a.

If there is a free area, area securing means 3
It is assumed that 50 secures an area of the size included in the usage area change request in the file management information for the terminal processing system 300, and the fictitious file information generation means 360 uses the area. To generate the fictitious file management information, and the file information processing means 330 registers the fictitious file information in the file management information for the terminal processing system 300.

The file information processing means 330 notifies the in-card processing system 100a of the reserved area and the name of the corresponding fictitious file through the reserved area notifying means 370.

The reserved area information receiving means 140 of the in-card processing system 100a transmits the reserved area information including the reserved area and the fictitious file name received from the terminal processing system 300 to the free area storage means 170, and the free area storage means 170 , Secure area information is stored.

The free area storage means 170 notifies the write order determining means 180 of the area to be written.

FIG. 21A shows a free area storage means 170.
2 shows an example of a data entity managed by. In the cluster 44, which is the first cluster of the fictitious file, the fictitious file name “dummy1.dmy” and the number of used clusters 13 excluding the first cluster are stored. In FIG. 21A, “Data” indicates that a card-dedicated file is stored, and “Null” indicates that no data is stored, that is, an empty area.

The writing order determining means 180, which has been notified of the area to be written from the free area storing means 170, determines the order of writing data in the notified area.

At this time, the writing order determining means 180
Determines an irregular writing order for the area to be written, and notifies the writing / erasing means 150 of the determined order. Here, "anomalous" means not sequential, and includes any order, such as completely disjointed arrangements or only reversed order.

The writing / erasing means 150 writes the data entity in the flash memory 200a in the order determined by the writing order determining means 180. At the same time, the storage location information of the extension file management information 240 held in the extension file management information searching means 190 is referred to, and the location where the data entity is written is recorded in the extension file management information 240.

As described in the first embodiment, the extended file management information 240 for recording the position where the data entity is written is also the flash memory 200a.
It is recorded in. Therefore, the extended file management information 240 has been written in the already secured area of the flash memory 200a as a result of the area securing requesting unit 130 requesting the securing of the area. Here, the "already secured area" is an area secured by the terminal processing system 300 in response to a request from the area change requesting unit 130 immediately before the extended file management information 240 is written, and the terminal processing system 300 before that. Means an area reserved by the file, and includes all areas reserved when the extended file management information 240 is written in the flash memory 200a.

This extended file management information search means 190
The extended file management information 240 will be described later in detail.

FIG. 22 schematically shows the processing when a file relating to DAT1 is newly created when the in-card processing system 100a is provided with the free area storage means 170 and the writing order determination means 180. The processing on the terminal side is the same as in FIG.

The application (C-App) of the in-card processing system 100 checks whether the in-card processing system holds an empty area of the size of DAT1 (1), DA
If there is no free area for the size of T1, the secured size requested to the terminal is determined (2). This size is DAT1
It is desirable that the size is equal to or larger than the size that is insufficient to store, and is the same size each time, or a multiple length of a certain fixed size (for example, based on 32 kbytes, 64 kbytes are added to the shortage, It is a multiple of 32 kbytes, such as 96 kbytes).

C-App is the terminal processing system 300.
Is notified of the size determined in (2) (3), and secure area information and a fictitious file name corresponding to the secure area are received from the terminal processing system 300 (4). After that, C-App temporarily stores the reserved area information received from the terminal processing system 300 in the free area storage means 170 (5), and the free area storage means 170 determines the area to write DAT1, and C-App
Notify App (6). Further, the writing order determination unit 180 determines the order of writing DAT1 in the writing area and notifies the C-App (7), and the C-App writes the file management information of DAT1 to the EXT-FAT according to the notified order. Add (8) and simultaneously write DAT1 according to the file management information (9).

By doing so, the card processing system 100a
The effect that there is no need to disclose the size information of the file created in 1. to the terminal device is obtained. Also, DAT1
If a free area corresponding to the size of
Since DAT1 can be written without issuing a reservation request to 0, the file write timing and the area reservation request timing do not completely match, and the file creation operation of the in-card processing system 100a is performed by the terminal processing system 300.
There is an effect that it becomes difficult to be known. There is also an effect that the number of securing processes is reduced and the process becomes light.

Further, in this secure card, the writing order determining means 180 is provided, and unless special processing is added, the writing order that is normally selected (probably sequential from the younger address) is intentionally changed. Have been converted to the standard order. In this way, by explicitly making the writing order irregular, even if the terminal device illegally reads the actual data of the card-dedicated file, it becomes difficult to guess the connection information and the data is It cannot be read correctly. That is, there is an effect of increasing confidentiality.

In this example, the card processing system 100a is used.
In addition, the free space storage means 170 and the writing order determination means 1
Although the case where both 80 and 80 are provided has been described, the configuration may be provided only with one of them.

Next, the processing procedure when the in-card processing system 100a requests the terminal processing system 300 to release the data storage area (that is, when the data is deleted) will be described.

FIG. 23 schematically shows the release processing when the in-card processing system 100a is provided with the free area storage means 170.

The in-card processing system erases the data substance of DAT1 (1), updates EXT-FAT (2), and DA
The area where T1 is erased is set as an unused area in the processing system in the card (3).

At this time, if the empty area includes the area of one entire fictitious file, the fictitious file name is designated (4) and an area release request is issued to the terminal (5). In response to this, the terminal device deletes the file management information of the designated fictitious file (6).

A method for determining whether or not the empty area includes the area of one fictitious file is as follows:
24 (A) and FIG. 2 showing EXT-FAT and EXT directory entries, respectively, when equipped with 70.
4 (B) and FIGS. 21 (A), 21 (B) and 21 (C) showing the data held in the free area storage means 170, respectively.

The EXT-FAT shown in FIG.
In addition to the concatenation information, the top cluster information of the fictitious file at the time of securing is recorded. That is, in FIG. 24A, the upper part is the serial number, the middle part is the connection information description frame, and the lower part is the top cluster number description frame. Areas managed by EXT-FAT shown in FIG. 24A, that is, clusters 44 to 47, clusters 64 to 67, and cluster 86.
˜89, and 17 clusters of clusters 96 to 100 are secured as one fictitious file “dummy1.dmy”. The fictitious file "d
ummy1. 9 out of the area secured as "dmy"
8 to 100 are free areas.

FIG. 21 (A) shows the data entity corresponding to FIG. 24 (A). In the 44th cluster, which is the first cluster of the fictitious file, this fictitious file name "du
mmy1. "dmy" and the number of used clusters excluding the first cluster are stored 13. Note that "Data" indicates that a file created in the card processing system 100a, here "sfile3" is stored, "Nu
"ll" represents that no data is stored, that is, it is a free area.

FIG. 21B shows a state in which the last two clusters of the file "sfile3", that is, the cluster 87 and the cluster 47 are deleted from this state. At this time, the number of used clusters in the cluster 44 is reduced by 2 to 11.

Further, FIG. 21C shows a state in which the entire "sfile3" is erased. At this time, the number of used clusters in the cluster 44 is reduced by 11 to 0. When the number of used clusters stored in the cluster 44 becomes 0, the fictitious file name “dummy1.dmy” also stored in the cluster 44 is taken out, and the data in the cluster 44 is erased to obtain one fictitious file. It is possible to determine that the entire area has become a free area.

As a result, since the terminal device collectively releases the areas that are viewed as one fictitious file, there is an effect that the release work can be performed by the same processing as when the normal file is deleted.

Further, there is an effect that the timing of erasing the data entity and the timing of the release request to the terminal processing system 300 do not completely match, and the data erasing operation of the in-card processing system 100a becomes difficult to be known to the terminal device. .

Although the case of setting a fictitious file to secure the area has been described here, as described in the first embodiment, a defective sector is set in the secure area of the file management information for the terminal processing system 300. The secure card having the free space storage means 170 can also be used in the method of setting and performing exclusive control on the card dedicated file.

However, in this case, since the terminal device secures the area not in units of fictitious files but in units of clusters, it is necessary to set the used / unused flag in units of clusters also in the free area storage means 170. There is. Also, since there is no concept of a file unit at the time of release, a release request is issued when a certain fixed amount of continuous area becomes free, or when a certain fixed amount (not limited to continuous area) becomes free. I do.

Next, the extended file management information 240 will be described.

Data and directory entries other than EXT-FAT are written by the write order determining means 180.
Even if the writing order is randomly determined, the reading can be performed without any problem. Because the storage position and the order are stored in the EXT-FAT, even if they are randomly arranged, E
This is because it is possible to read out in the correct order with reference to XT-FAT.

However, when the EXT-FATs are randomly arranged, information indicating the order of the EXT-FATs is required.

Information indicating the order of the EXT-FAT is held by the extended file management information searching means 190.

FIG. 25A shows the EXTs arranged in the normal order.
-Shows an example of FAT. This EXT-FAT is
Fixed size (in this example, the size of one cluster,
The data is divided into 32 clusters (which is the size for holding the connection information), rearranged by the writing order determining unit 180, and stored in an irregular order like the cluster numbers shown in (x) in the figure.

At this time, in the extended file management information searching means 190, as shown in FIG. 26, the EXT-FAT storage order (the storage cluster number shown in (x) in FIG. 25A) and the EXT-FAT1 cluster. EXT-FAT order information including the number of pieces of connection information held per hit is held.

When a file is read from the EXT-FAT stored in an irregular order as shown in FIG. 25 (A), it is performed as follows. Note that FIG. 25A shows EXT-
This is an extract of the first 16 clusters of FAT (connection information of Nos. 0 to 511).

First, the file name "sfile" to be referenced
1 "is searched from the EXT directory entry in FIG. 25B to obtain the first cluster (cluster 322) of the file. Next, in order to obtain the number of the next cluster connected to the first cluster, EXT-FAT The number of linked information per cluster (32 clusters in this example) is acquired, and the cluster 322 is obtained from the cluster number and the number of linked information per cluster in EXT-FAT.
Next cluster information is (322 + 1) / 32 + 1 = 1
Since 1.09375, it exists in the 11th cluster of EXT-FAT, that is, in the 527th cluster, and (322+
From 1)-(11-1) × 32 = 3, it is possible to derive what is described in the third frame.

As a result, the storage cluster of the next data is acquired. After that, the entire "sfile1" can be referred to by repeating until the end of the file (-1 is stored in the connection information).

The information of the newly created file is sent to EXT-F.
Even when adding to the AT, the writing order determination unit 180
From the cluster number storing the file designated by, the number of the next cluster connected to the cluster, that is, the position where the connection information should be stored can be derived in the same manner as when the file is referenced.

In the present embodiment, the extension file management information search means 190 is used as the extension file management information 2
The storage positions of 40 are held, and the metadata such as the storage position of the data in the flash memory 200a is supposed to be collectively managed. However, such metadata is secured for recording the data entity. It may be recorded in the created area together with the data entity.

Although the FAT file system has been described as an example in each of the above embodiments, it is of course possible to use other file management systems such as NTFS and UFS.

As described above, according to the present invention, in the file management method of the present invention, it is possible to realize the exclusive control for eliminating the direct access of the terminal to the use area of the card-dedicated file recorded by the processing in the card. it can.

Further, it is possible to conceal the information of the card-dedicated file.

Further, for this memory card, the terminal can use the file system applied to the conventional memory card as it is, and the compatibility with the conventional model of the terminal is maintained.

The usable area of the card-dedicated file is variable, and the functions of the memory card can be efficiently used.

[0145] In addition, the inconsistency between the file recorded in the memory card and the file management information for the terminal processing system is prevented without leaking the information of the file created and stored in the card processing system to the terminal. In order to do so, it is conceivable to create a directly inaccessible area with a fixed size in advance when creating a card. Compared to this method, the present invention has a variable inaccessible area size. Therefore, it is difficult to predict the size of the area used in advance in the usage history or the electronic receipt, and therefore, it can be applied even when the method of fixing the size is not appropriate.

Further, in order to protect the actual data stored in the flash memory by the in-card processing system, an access control method may be considered so that the area in which the in-card processing system has written data cannot be directly accessed by the terminal processing system. However, in this case, although the writing attempt of the terminal processing system for the data writing area is processed as an error, the data writing area looks like an usable area to the terminal, so It is expected that write attempts will be repeated and errors will occur frequently. However, according to the present invention, since the terminal processing system recognizes the reserved area of the in-card processing system, such a write try does not occur.

[0147]

As described above, according to the present invention,
It is possible to prevent inconsistency between the file management information managed by the terminal device and the file actually recorded in the storage means of the memory card. Exclusive control that eliminates the direct access of

[Brief description of drawings]

FIG. 1 is a block diagram showing configurations of a secure card and a terminal device according to a first embodiment of the present invention.

FIG. 2 is a diagram showing an example of a recording form of actual data on a secure card.

FIG. 3 is a diagram showing an example of a FAT and a directory entry.

FIG. 4 is a diagram showing a method of reducing a fictitious file according to the first embodiment.

FIG. 5 is a diagram showing an exclusive control procedure of an EXT-FAT area in the first embodiment.

FIG. 6 is a diagram showing an example of data held by a management information search unit according to the first embodiment.

FIG. 7 is a diagram showing a procedure for creating a card-dedicated file according to the first embodiment.

FIG. 8 is a diagram showing an example of a FAT and a directory entry according to the first embodiment.

FIG. 9 is a diagram showing an example of a FAT and a directory entry in a state in which a fictitious file is created in the first embodiment.

FIG. 10 is a first fictitious file according to the first embodiment.
Figure showing how to create

FIG. 11 is a second fictitious file according to the first embodiment.
Figure showing how to create

FIG. 12 is a third fictitious file according to the first embodiment.
Figure showing how to create

FIG. 13 is a diagram showing an example of a FAT and a directory entry in a state in which a fictitious file is newly provided in the first embodiment.

FIG. 14 is a diagram showing an example of a FAT and a directory entry in a state of being additionally written in a fictitious file in the first embodiment.

FIG. 15 is a diagram showing an example of EXT-FAT and EXT directory entries in the first embodiment.

FIG. 16 is a diagram showing an append processing procedure according to the first embodiment.

FIG. 17 is a diagram showing an area release processing procedure in the first embodiment.

FIG. 18 is a diagram showing an example of a FAT and a directory entry in a state in which a part of a fictitious file is released in the first embodiment.

FIG. 19 is a diagram showing an example of a FAT and a directory entry in which a reserved area is a defective sector in the first embodiment.

FIG. 20 is a block diagram showing configurations of a secure card and a terminal device according to a second embodiment of the present invention.

FIG. 21 is a diagram showing an example of data stored in a free area storage unit according to the second embodiment.

FIG. 22 is a diagram showing a data writing procedure of a card dedicated file according to the second embodiment.

FIG. 23 is a diagram showing a data deletion procedure according to the second embodiment.

FIG. 24 is a diagram showing an example of an EXT-FAT and an EXT directory entry in the second embodiment.

FIG. 25 is a diagram showing another example of the EXT-FAT and the EXT directory entry in the second embodiment.

FIG. 26 is a diagram showing an example of data held by a management information search means according to the second embodiment.

FIG. 27 is a diagram showing an example of the configuration of an IC card.

FIG. 28 is a diagram showing an example of the configuration of a secure card.

FIG. 29 is a diagram for explaining an example of a data writing process to a secure card.

FIG. 30 is a diagram for explaining another example of the data writing process to the secure card.

FIG. 31 is a diagram for explaining problems with a secure card.

[Explanation of symbols]

130 Area Change Request Means 140 Reserved area information receiving means 150 writing / erasing means 160 Management information search means 170 Free space storage means 180 Writing order determining means 190 Extended file management information search means 220 Card-only file management information 230 File management information 240 Extended file management information 330 File information processing means 340 Area Change Request Receiving Means 350 Area securing means 360 fictitious file information generation means 370 Reserved area notification means 410 File information holding means 420 File information writing means

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Osamu Osamu             1006 Kadoma, Kadoma-shi, Osaka Matsushita Electric             Sangyo Co., Ltd. (72) Inventor Tsutomu Sekibe             1006 Kadoma, Kadoma-shi, Osaka Matsushita Electric             Sangyo Co., Ltd. F term (reference) 5B017 AA07 BA06 BB10 CA16                 5B035 AA00 BB09 BB11 CA11 CA29                 5B058 CA23 CA26 KA01 KA04 KA40                 5B082 CA01 EA11 JA06

Claims (22)

[Claims] 1. A file management method used in a memory card having a storage means accessed from a first processing system and a second processing system, wherein the first processing system stores an area of the storage means. A request step for requesting the second processing system to secure; a securing step for the second processing system to secure the area of the storage means in response to the request in the request step; and the second processing system Includes a step of reflecting the information of the area secured in the securing step in the file management information, and the first processing system performs a process of writing data to the area secured by the second processing system in the securing step. And a writing step to be performed, wherein the first processing system does not notify the second processing system of file management information generated by the writing process. Law. 2. The first processing system conveys the size of the used area to the second processing system, and the second processing system corresponds to the size transmitted from the first processing system. The file management method according to claim 1, further comprising: 3. The first processing system transmits a size larger than the size of the used area to the second processing system, and the second processing system stores the memory corresponding to the size transmitted from the first processing system. 2. The file management method according to claim 1, wherein an area for the means is reserved, and the first processing system determines an area to be used in the reserved area. 4. The second processing system registers a fictitious file as the file management information of the area secured in the securing step, and the first processing system uses the information of the write position of the data written in the area itself. The file management method according to claim 1, wherein the file is stored in a place where only the user can refer to it. 5. The second processing system registers the area secured in the securing step as a defective area in the file management information, and the first processing system uses the information of the write position of the data written in the area itself. The file management method according to claim 1, wherein the file is stored in a place where only the user can refer to it. 6. The first processing system deletes a part of the data stored in the used area of the storage means, requests the second processing system to release the area of the deleted data, and makes the request. In response to this, the second processing system performs release processing of the area of the storage means in which the data has been deleted, and reflects the information of the released area in the file management information for itself. The file management method according to claim 1. 7. The first processing system is a processing system inside a memory card, and the second processing system is a processing system of a terminal device that can directly access the storage means. File management method described. 8. A file management method used in a memory card having a storage means accessed from a first processing system and a second processing system, wherein the first processing system is an area of the storage means. A request step for requesting the second processing system to secure; a securing step for the second processing system to secure the area of the storage means in response to the request in the request step; and the second processing system And a reflecting step of reflecting the information of the area secured in the securing step in the file management information for itself, and the first processing system controls the area secured by the second processing system in the securing step. And a writing step of performing a data writing process of a file management system for the file management method. 9. A file management method used in a memory card having a storage means accessed from a first processing system and a second processing system, wherein the first processing system is an area of the storage means. A request step for requesting the second processing system to secure; a securing step for the second processing system to secure the area of the storage means in response to the request in the request step; and the second processing system And a reflecting step of reflecting the information of the area secured in the securing step in the file management information for itself, and the first processing system controls the area secured by the second processing system in the securing step. Writing step for writing data of the file management system for
The first processing system does not notify the second processing system of file management information generated by the writing process. 10. A terminal device for accessing a storage unit of a memory card to manage files, the request receiving unit receiving a request for securing an area of the storage unit from a processing system inside the memory card, Area securing means for securing the area of the storage means based on the request received by the request receiving means, and a file for reflecting information of the area secured by the area securing means in the file management information for itself A terminal device comprising: an information processing unit; and a reserved area transmitting unit for transmitting information on the area secured by the area securing unit to a processing system inside the memory card. 11. The terminal device according to claim 10, wherein the file information processing unit registers a fictitious file as file management information of the area secured by the area securing unit. 12. The terminal device according to claim 10, wherein the file information processing unit registers the area secured by the area securing unit as a defective area in the file management information. 13. A memory card having storage means accessed from a processing system inside the memory card and a processing system of the terminal device, wherein the processing system inside the memory card is different from the processing system of the terminal device. An area reservation requesting unit that requests a reservation of the area of the storage unit by specifying a size, a reservation area receiving unit that receives a notification of the reservation area from the processing system of the terminal device, and a data in the reservation area of the storage unit. And a write position information storage unit for storing information on the write position of the data written in the reserved area in a state where only the processing system inside the memory card can refer to the write position information. A memory card characterized by that. 14. A memory card having storage means accessed from a processing system inside the memory card and a processing system of the terminal device, wherein the processing system inside the memory card is different from the processing system of the terminal device. An area reservation requesting unit that requests a reservation of an area of the storage unit by specifying a size, a reservation area receiving unit that receives a notification of the reservation area from the processing system of the terminal device, and the reservation area is stored and stored. A free area storage unit that stores a remaining free area by designating a write area from the reserved area; a writing unit that performs data writing processing to the write area designated by the free area storage unit; Write position information storage means for storing the write position information of the data written in the memory card in a state in which only the processing system inside the memory card can refer to it. Memory card, characterized in that. 15. The free area storage means, when the area of the storage means required to newly write data is smaller than the free area, designates the free area as a write area, 15. The memory card according to claim 14, wherein, when the area is larger than the free area, a new area is requested to the processing system of the terminal device through the area reservation requesting means. 16. The free space storage means, when a part of the data stored in the area of the storage means is deleted, stores the deleted area of the data as a free space, and the free space is fixed. 15. The memory card according to claim 14, wherein the processing system of the terminal device is requested to release the empty area through the area reservation requesting means when the condition of is satisfied. 17. The write position information storage means writes position information of the data in a previously secured area of the storage means, and the position information write means writes the write position. 15. A management information searching means for storing a storage position in which the information of (1) is written, and
A memory card according to any one of. 18. A writing order determining means for determining a writing order of data to the reserved area is further provided, and the writing means performs a data writing process in accordance with the writing order determined by the writing order determining means. 15. The memory card according to claim 13, wherein the memory card is executed. 19. A position information writing unit for writing information of a writing position of the data, further comprising a writing order deciding unit for deciding a writing order of data in the reserved area.
18. The memory card according to claim 17, wherein the information of the writing position is written in the writing order determined by the writing order determining means, and the management information searching means stores the writing order. 20. A computer program for a terminal device for accessing a storage unit of a memory card to perform file management, the request receiving procedure for receiving a request to secure an area of the storage unit from the memory card to a computer. An area reservation procedure for reserving an area of the storage unit based on a request received in the request reception procedure, and file information processing for reflecting information of the area reserved in the area reservation procedure in self-owned file management information A program for executing a procedure, and a reserved area notification procedure for transmitting information on the area secured in the area securing procedure to the memory card. 21. A computer program for a memory card having storage means accessed from a processing system inside a memory card and a processing system of a terminal device, the computer program specifying a size for the terminal device. Area reservation requesting procedure for requesting an area reservation of the storage means, a reserved area receiving procedure for receiving a notification of the reserved area from the terminal device, and a data writing procedure for writing data in the reserved area of the storage means. A write position information writing procedure for writing information on the write position of the data written in the reserved region to the already secured region of the storage means, and a write region recording for recording the storage position where the write position information is written A program that causes you to perform steps and. 22. A computer program for a memory card having a storage means accessed from a processing system in the card and a terminal device, wherein the storage means specifies to a computer a size for the terminal device. An area reservation request procedure for requesting an area reservation, a reserved area reception procedure for receiving a notification of a reserved area from the terminal device, and a data writing procedure for writing data to a write area selected from the reserved area, A write position information writing procedure for writing information on the write position of the data written in the write region to the already secured region of the storage means, and a write region record for recording the storage position where the information on the write position is written A program that causes you to perform steps and.