JP2003216914A - Ic card with shared access monitoring function - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an IC card enabling detection of illicit accesses. <P>SOLUTION: The IC card has a log file for recording a history of accesses shared among applications. When there is an access shared among the applications, the authentication information of the applications and functions called are recorded in the log file. Also, the history data of the shared accesses recorded in the log file are automatically erased in order of old to new. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an IC card having a function of managing shared access between applications.

[0002]

2. Description of the Related Art In a multi-application IC card equipped with a plurality of applications, in order to effectively use limited memory resources, applications can access each other and share functions and data, that is, shared access is possible. Has become. However, since shared access is likely to cause security problems, in order to prevent unauthorized access and maintain security, shared access was made between authorized applications in a controlled environment. . In addition, in a multi-application IC card, new applications can be added and deleted, so the previously added method cannot be pre-approved, so the above method cannot be applied. In Japanese Patent Application No. 2000-268676, a method for solving this problem was proposed, and shared access with a newly added application became possible.

[0003]

However, even if the safety measures are increased, it is impossible to completely prevent the illegal use. For example, if a software incomplete part of the security system of an IC card is found and invades, or a parameter for authenticating a user or an application, such as an ID or a PIN (Persona).
There is always a possibility that an unauthorized sharing access right can be obtained by a method such as changing (l Identification Number) and trying access repeatedly. When the sharing access authority is obtained by an unauthorized means, the unauthorized sharing access between the applications is permitted to the card OS and the card OS is normally executed. Further, an application bug may cause abnormal application-to-application access, or may cause a failure in legitimate application-to-application access. Therefore, as a result, even if it is determined that an unauthorized access has been made, there is no means for knowing what kind of access was made between which applications after the end of access.

The present invention has been made in view of the above problems, and an object thereof is an IC capable of detecting unauthorized access.
Is to provide a card.

[0005]

In order to achieve the above object, an IC card according to the present invention can be equipped with a plurality of rewritable applications and is a shared access between applications. There
A log file that records a history of shared access between the applications is provided, and when the first application of the plurality of applications accesses the second application, at least the first application and the The respective authentication information that identifies the second application is recorded in the log file. Further, preferably, when the first application accesses the second application and calls a function of the second application, the function of the second application called is recorded in the log file. To do. Further, preferably, the history data of the shared access between the applications recorded in the log file is automatically deleted from the oldest one.

As described above, a log file for recording the history of shared access between applications is provided in the IC card, and when there is shared access between both applications, authentication information for identifying both applications, for example, ID The number, PIN, etc. are recorded in the log file, and when the function is called, the function is also recorded in the log file. Therefore, if there is an unauthorized access, the unauthorized access can be detected by reading the log file from the outside and analyzing it after the access is completed. Recording all shared accesses would result in a huge log file size. Therefore, the shared access history data recorded in the log file is automatically deleted in the order of oldness.

[0007]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of an IC card of the present invention will be described below with reference to the accompanying drawings. Figure 1
FIG. 1 is a schematic configuration diagram of an IC card 10 according to an embodiment of the present invention. In FIG. 1, the IC card 10 has, for example, a CPU 11, an interface (I / F) 12, a random access memory (RAM) 14, a read-only memory (ROM) 15, and a rewritable nonvolatile memory EEPROM 16. . IC card 1 above
0 communicates with a reader / writer and a host computer which are external devices via an interface (I / F) 12, transmits / receives data, and based on an instruction from the host computer, Various processing is performed on the.

The CPU 11 has an interface (I / F) based on an application stored in the EEPROM 16 according to a command transmitted from an external device or a command preset in the IC card 10.
While performing appropriate communication with an external device via 12, a desired process is performed, for example, authentication of an owner and an IC card, and settlement of payment. Data temporarily generated when the CPU 11 performs processing is stored in the RAM 14.

Through the interface (I / F) 12,
When the IC card 10 is inserted into an external device, the IC card 10 is supplied with electric power and a clock and transmits / receives signals to / from the external device. That is, the interface (I / F) 1
2 outputs the signal received from the external device to the CPU 11, and also transmits the signal input from the CPU 11 to the external device. RAM14, ROM15, and EEPR
The OM 16 constitutes the memory system of the IC card 10. The ROM 15 stores a card OS (or a kernel part of the OS), and system programs that operate on the OS and applications that provide services.
Programs and the like are arranged in the EEPROM 16.

The software shown in FIG. 2 is installed in the IC card 10 having such a configuration. Figure 2
FIG. 3 is a schematic diagram showing an example of a software configuration of the IC card 10 according to the embodiment of the present invention.
The core of this hierarchical structure is the kernel unit 21 of the OS stored in the ROM 15. The OS kernel unit 21 manages the hardware resources of the IC card and provides an interface for accessing the hardware of the IC card from an upper layer program. Further, the OS kernel unit 21 controls the operation of the upper layer program.

Although not shown in FIG. 2, the OS kernel unit 2
In the upper layer of 1, a processing module that is OS level software is arranged. The processing module enables the application program to conveniently use various functions of the OS kernel. Examples of such a processing module include an interpreter that processes a programming language, a program loader that adds or updates a program, an application programming interface, a cryptographic processing library, and in particular, a plurality of applications installed in the IC card 10. A card manager 24 for managing is installed. The card manager 24 has, for example, authority to add and delete applications. Furthermore, the IC card 1 is managed by the card manager 24.
It has a shared access log file 25 for recording a history of shared access between a plurality of applications installed in 0. The card manager 24 can read, rewrite, and delete the shared access log file 25. These processing modules are EEPROM 16 or
It is recorded in the ROM 15. Here, the card manager 24 and the shared access log file 25 are stored in the EEPROM.
The case of being recorded in 16 is taken as an example.

Application programs, which operate while referring to the processing modules and provide various services, are arranged above the card OS 21. here,
It is assumed that two applications (application A22 and application B23) are arranged.

FIG. 3 shows the EEPROM 1 of the IC card 10.
6 shows an example of a file storage image in No. 6. In FIG. 3, the absolute address of the memory increases from the top to the bottom. In FIG. 3, the head of the EEPROM 16 is the system area, in which information such as the overall configuration of the IC card 10 is recorded, and the card manager 24 is also recorded. Subsequently, a shared access log file 25 that records a history of shared access between applications is recorded. Subsequently, the program part of the application A22, the function 1 referred to when the application A22 executes, and the data are recorded. Then, the program part of the application B23, the function 2 referred to when the application B23 executes, and the data are recorded. For example, when sharing access,
Data such as an ID or PIN for authenticating the application is stored in the data area of each application. Next, an application management table for collectively managing application information is recorded. For example, when shared access is requested among the applications installed in the IC card 10, the application management table is referred to by the calling application to obtain information about the called application.

FIG. 4 is a flowchart illustrating a process of managing shared access between applications using the IC card according to the embodiment of the present invention. The IC card 10 is processed by an external device and the application B in the IC card 10 is executed. When executing the application B, the functions and data required at a certain stage may not be possessed by the application B itself, that is, may not exist in the memory area allocated to the application B. On the other hand, the application A stored in another area of the memory of the IC card 10
Has its functions and data. In this case, the application B accesses the memory area of the application A, references the functions and data required by the application B, and by the so-called shared access between applications, even if the application B does not have the function and data, It can be executed and processing can continue.

When the program of the application B proceeds to the point where the program or function of the application A is referenced, the processing of this example starts. Step 41: The application B calls the application A from the card OS, that is, requests shared access. Step 42: In the card OS, specifically, the card manager receives the request from the application B, searches the application management table stored in the memory,
The presence of the application A in the IC card 10 is confirmed. Step 43: If the application A does not exist in the IC card 10, the card manager outputs an error message to the application B. At the same time, the card manager records the authentication information of application A and application B in the shared access log file and the content of the access failure from application B where application A does not exist and updates the content of the log file. , The process is terminated (step 47).

Step 44: Application A is IC
If it exists in the card 10, application B
Is a function of the application A to be referred to (function 1
(Referred to as)), and the function 1 is called. Step 45: Then, in the memory area of the application A, the function 1 is activated by the application A,
To be executed. Step 46: When the execution of the function 1 fails due to program compatibility or a bug, the application A outputs an error message to the card manager and the application B. Then, the card manager adds the application A to the shared access log file.
And application B authentication information and function 1, and function 1
While the execution is being performed, the content of the error is recorded, the content of the log file is updated, and the processing is terminated (step 47). Step 47: When the function 1 is executed normally, the card manager records the authentication information of the application A and the application B and the contents of reference to the function 1 in the shared access log file, and updates the contents of the log file. , The shared access processing of the application B is ended, and the processing by the application B is continued in the IC card 10.

FIG. 5 is a diagram showing an example of the contents of the shared access log file in the IC card according to the embodiment of the present invention. In FIG. 5, application A is accessed twice from application B, function 1 of application A is called twice, and application A
The application B is accessed once and the function 2 of the application B is called once. Although not shown in FIG. 5, even when an error occurs, the type and reason of the error are recorded as described above.

Next, one specific example to which the above processing method is applied will be described. In this example, for example, in the IC card 10,
An employee ID application is installed, and a network login application that logs in via a network and uses a predetermined function is also installed in the IC card. The employee ID application is, for example, an application that manages personal information such as the employee number and name of the employee. For example, the employee ID application is executed when the facility in the company is used to confirm the identity of the employee who is the card holder. The network login application is used, for example, when logging in to a PC,
After the employee's identity is confirmed, login and PC use are permitted. Further, for example, when using a service by logging in via a network in order to use a service on the Internet with a contract, it is convenient to use the network login application.

When the user logs in via the network, the identity of the employee is confirmed, so personal information such as the employee number and name of the employee is required. Since the employee ID application already has the personal information of the employee, it is a waste of the memory resource of the IC card to have the personal information of the employee in the network login application. Therefore, using shared access, the network login application does not have the employee's personal information, but the network login application accesses the employee ID application to call the employee's personal information data of the employee ID application. As a result, memory resources can be effectively used.

Next, this example will be described with reference to FIG. Figure 6
3 is a flowchart showing a specific example of the operation of the IC card according to the embodiment of the present invention. When the network login application proceeds to the point where it refers to the personal information data of the employee ID application, the shared access process of this example starts. Step 61: The network login application calls the employee ID application from the card OS, that is, requests shared access. Step 62: In the card OS, specifically, the card manager receives a request from the network login application, searches the application management table stored in the memory, and confirms that the employee ID application exists in the IC card 10. Check. Step 63: Employee ID application is IC card 1
If not present, then Card Manager will output an error message to the network login application and at the same time Card Manager will
In the shared access log file, the contents that the employee ID application does not exist and the access from the network login application has failed are recorded, the contents of the log file are updated, and the process ends (step 6).
7).

Step 64: If the employee ID application exists in the IC card 10, the network login application accesses the memory area of the function (referred to as function 1) of the employee ID application to be referred to, and the function Call 1. Step 65: Then, in the memory area of the employee ID application, the function 1 is activated and executed by the employee ID application to call the personal information data of the employee.

Step 66: If the personal information data of the employee cannot be correctly called due to the compatibility of both applications or a bug, the employee ID application is
Prints error messages to card manager and network login applications. Then, the card manager records in the shared access log file that the execution of the function 1 of the employee ID application failed and the data of the employee ID application could not be called, and updates the content of the log file. The process ends (step 67). Step 67: When the function 1 is executed normally and the personal information data of the employee is correctly called, the card manager refers to the function 1 of the employee ID application from the network login application in the shared access log file. The contents are recorded, the contents of the log file are updated, the shared access processing of the network login application is ended, and the processing by the network login application in the IC card 10 is continued.

As described above, each time a shared access is made between applications, the called application, the calling application, and the calling function are recorded in the shared access log file. If there is an unauthorized access, read this log file from the external device,
By analyzing, the unauthorized access source, the access destination, and the content of the unauthorized access can be identified. However, if all shared accesses are recorded in the shared access log file, the size of this log file will become huge. Therefore, for example, with the size of the log file fixed, the recorded shared access history data may be automatically deleted in the order of oldness.

The present invention has been described above based on the preferred embodiments, but the present invention is not limited to the embodiments described above, and various modifications can be made without departing from the gist of the present invention. Is. For example, information such as the date may be written in the shared access log file. Also,
In the case of failure, the reason for failure may be recorded, for example.

[0025]

According to the present invention, a log file for recording the history of shared access between applications is provided in the IC card, and when shared access is made between both applications, authentication information for identifying both applications,
For example, the ID number, PIN, etc. are recorded in the log file, and when the function is called, the function is also recorded in the log file. Therefore, if there is an unauthorized access, the unauthorized access can be detected by reading the log file from the outside and analyzing it after the access is completed, and the security of the IC card can be improved.

[Brief description of drawings]

FIG. 1 is a schematic configuration diagram of an IC card according to an embodiment of the present invention.

FIG. 2 shows an example of a file structure in an IC card according to an embodiment of the present invention.

FIG. 3 is an example of a memory map of the IC card according to the embodiment of the present invention.

FIG. 4 is a flowchart illustrating an operation of the IC card according to the embodiment of the present invention.

FIG. 5 shows an example of contents of a shared access log file of an IC card according to the embodiment of the present invention.

FIG. 6 is a flowchart showing a specific example of the operation of the IC card according to the embodiment of the present invention.

[Explanation of symbols]

10 ... IC card, 11 ... CPU, 12 ... I / F, 14
... RAM, 15 ... ROM, 16 ... EEPROM, 21 ...
Card OS, 22 ... Application A, 23 ... Application B, 24 ... Card manager, 25 ... Shared access log file.

Claims (3)

[Claims] 1. An IC card which can be loaded with a plurality of rewritable applications and which allows shared access between the applications, and which has a log file for recording a history of shared access between the applications, Of the plurality of applications, the first application records at least respective authentication information identifying the first application and the second application in the log file when accessing the second application. IC card to do. 2. The first application is the second application.
The IC card according to claim 1, wherein, when the function of the second application is called by accessing the application of, the function of the called second application is recorded in the log file. 3. The IC card according to claim 1, wherein history data of shared access between the applications recorded in the log file is automatically erased in the order of oldness.