JP2006113747A - Portable electronic device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To inhibit re-addition of an application that cannot be re-added, by setting, during installation, re-addition inhibition information correspondingly to the name of the application program using a first installation command that declares the name of the application program. <P>SOLUTION: When the application that cannot be re-added is added to an IC card 1, a higher-level device 2 sends re-addition inhibition information to the IC card 1, along with a command to install or load the application. At the IC card 1, a check is made to see whether or not there is the re-addition inhibition information upon the command to install or load the application; if the re-addition inhibition information is included, the application is registered as the application that cannot be re-added. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention incorporates, for example, an IC chip having a control element such as a non-volatile memory capable of writing and rewriting data and a CPU, executes processing corresponding to an externally input command, and outputs the processing result to the outside The present invention relates to a portable electronic device such as an IC card that can load (or install) an application input from the outside into a non-volatile memory and execute the loaded application.

  Conventionally, as a portable electronic device, for example, there is an IC card in which an IC chip having functions such as a memory and a CPU is embedded in a casing made of a plastic plate or the like. In such an IC card, various controls are realized based on an application program stored in a nonvolatile memory. In conventional IC cards, applications (application programs) are often created in the language unique to the IC card (IC chip) manufacturer. In conventional IC cards, applications are often stored in a non-rewritable ROM. For this reason, there is a problem that it is practically difficult for anyone other than the manufacturer of the IC card (IC chip) to create an application (in a general language) or add or delete an application after operation.

  Therefore, in order to solve these disadvantages, an IC card called a so-called Java card (Java is a registered trademark of Sun Microsystems, Inc.) has been developed. The Java card is an IC card in which a virtual machine (Virtual Machine) is placed on an OS (operating system) of a general IC card. A feature of the Java card is that it is possible to create an application (hereinafter also referred to as an applet) in the Java language. For this reason, with a Java card, any person with authority such as a card issuer can easily add or delete an application in the Java card.

  For example, an application is added to a conventional Java card by two installation commands and a load command, and the sequence is as follows.

It is.
First, in the Java card, the name of the application program (Load File AID) to be added is declared by the first installation command from the host device.

This is a command for the host device to declare the name of the application program to the IC card for the Java card. Thereby, in the Java card, the name of the program of the application to be added is set.

  Next, the application program (the application program to be added) whose name (Load File AID) is declared by the first installation command is transferred to the Java card by the load command from the host device. This load command is executed a plurality of times, and the entire application program is transferred to the Java card. Thereby, in the Java card, the application program to be added is added (created) with the name declared by the first installation command.

Next, the name of the application data (Application AID) is declared on the Java card from the host device. As a result, in the Java card, the name of the application data loaded by the load command is added (created).
With these commands, an application is installed on the Java card.

  In addition, deletion of an application to a conventional Java card is performed by a deletion command or the like. In the Java card, the name of the application program (Load File AID) or the name of the application data (Application AID) to be deleted from the host device is declared. Thereby, in the Java card, the application specified by the name of the application program (Load File AID) or the name of the application data (Application AID) is deleted.

  When the Java cards as described above are widely spread, it is very difficult to completely manage all the applications in the Java cards issued by the card issuer. This is because a huge number of applications have been developed, and when the authority to add or delete applications is transferred to an organization other than the card issuer, applications can be added or deleted arbitrarily. That is, in the situation as described above, a problem may occur with respect to an application or the like for which it is desired to limit the number of uses for one Java card. For example, applications that limit the number of uses include applications that function as coupons or discount coupons. Even if such an application itself is a conventional Java card, the number of times of use can be defined (for example, Patent Document 1).

However, when an application can be arbitrarily added or deleted, the number of uses can be extended by deleting and re-adding the application. That is, there is a problem that the number of times the application is used can be made unlimited by repeating addition and deletion of the application. In particular, when the authority to add or delete an application to a Java card is increasingly delegated to a person other than the card issuer in the future, there is a demand for a technique capable of stopping the re-addition of the application to the Java card. .
JP 2003-196625 A

  The present invention solves the above-described problems, and an object thereof is to provide a portable electronic device that can limit the addition of a specific application.

  The portable electronic device according to the present invention executes an application installed in a rewritable nonvolatile memory, and cannot add an application to the nonvolatile memory from an external device and cannot re-add the application. When receiving means for receiving information indicating that there is information and information indicating that an application addition request and re-addition cannot be performed by the receiving means, data indicating that re-addition of the application is not allowed Setting means for setting, and processing means for installing the application received from the external device by the receiving means in the nonvolatile memory.

  The portable electronic device according to the present invention executes an application installed in a rewritable nonvolatile memory. In the portable electronic device according to the present invention, a request to delete the application installed in the nonvolatile memory from an external device and re-addition of the application. Receiving means for receiving information indicating that the application cannot be received, and setting means for setting data indicating that the application cannot be re-added when an application deletion request and re-addition impossible are received by the receiving means. And processing means for deleting the application that has received the deletion request by the receiving means from the non-volatile memory.

  The portable electronic device according to the present invention executes an application installed in a rewritable nonvolatile memory, and includes a registration unit in which a function group including a function that disables addition of an application is registered. Execution means for executing an application installed in the nonvolatile memory using a function group registered in the registration means, and re-addition of the applications installed in the nonvolatile memory by the execution means is impossible. And a setting unit that sets data indicating that re-addition of the application is prohibited by using a function that disables addition of the application registered in the registration unit.

  The portable electronic device according to the present invention executes an application installed in a rewritable nonvolatile memory, and includes setting means in which data indicating an application that cannot be added is set; and the external device A receiving unit that receives a request for adding an application to the nonvolatile memory, and whether or not the application is set as an application that cannot be added by the setting unit when the receiving unit receives an application addition request. A determination means for determining; a first processing means for disallowing addition of the application when the determination means determines that the application is set as an application that cannot be added; and the application by the determination means Added If it is judged not to be set as an application to disable, and a second processing means for installing the application that has received the additional request by the receiving means in the nonvolatile memory.

  An object of the present invention is to provide a portable electronic device that can limit the addition of a specific application.

The best mode for carrying out the present invention will be described below with reference to the drawings.
FIG. 1 schematically shows a hardware configuration of an IC card 1 as a portable electronic device according to this embodiment. In the embodiment described below, description will be made assuming that the IC card 1 is a Java card.

  The IC card 1 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, a communication unit (UART) 14, a non-volatile memory (NV (EEPROM) )) 15, a coprocessor (Co-Pro) 16, a timer 17, and the like.

  The CPU 11 is responsible for overall management and control. The CPU 11 operates based on a control program or the like and functions as a processing unit or a determination unit that performs various processes. The ROM 12 is a non-volatile memory in which a control program for the CPU 11 is stored. The RAM 13 is a volatile memory that functions as a working memory. The communication unit 14 functions as transmission / reception means, and controls communication with the host device (such as a card reader / writer) 2.

  The nonvolatile memory 15 is a rewritable nonvolatile memory that stores various data and applications (application programs). The nonvolatile memory 15 is provided with a data table 15a. The data table 15a functions as a setting unit and stores re-addition non-permission information described later. The coprocessor (Co-Pro) 16 assists operations such as encryption or decryption. The timer 17 performs a time measuring operation.

FIG. 2 schematically shows a software configuration in the IC card 1 when the above-described hardware configuration IC card 1 is used as a Java card.
The software configuration of the IC card 1 includes a hardware (H / W) layer 21, an OS (operating system) layer 22, and an application (applet) layer 23. The application layer 23 is positioned at the top, and the OS layer 22 is positioned above the H / W layer 21.

The H / W layer 21 is composed of hardware such as the communication unit 14, the nonvolatile memory 15, and the coprocessor 16. The (H / W) layer 21 is controlled by the card OS 31 of the OS (operating system) layer 22.
The OS layer 22 includes a virtual machine 32, ISD. Modules such as (Issor Security Domain) 33 and API (Application Interface) group 34 are on the card OS 31.

The virtual machine 32 is a module that indicates environment settings for operating the Java card 1. The ISD 33 is a module that manages each application (applet) in the application layer 23. The API group 34 is a module that indicates an API as a function used in an application, and functions as a registration unit that registers various functions used by the application.
The application layer 23 has, for example, a plurality of applications (application A, application B). Each application in the application layer 23 implements various processes using the API 34, and the substance of each application is stored in the nonvolatile memory 15 or the like.

  Next, operations for adding, executing, and deleting an application in the IC card 1 configured as described above will be described.

  In the IC card 1, re-addition non-permission information for prohibiting re-addition is registered in order to make it impossible to re-add a specific application, and re-addition of a specific application is performed based on the re-addition non-permission information. It is supposed to be impossible. That is, the IC card 1 performs a process for registering re-addition non-permission information and a process for controlling addition of an application based on the re-addition non-permission information.

  In the process of registering the re-addition non-permission information, for example, the program name (Load File AID) of the application that is not permitted to re-add or the data name (Application AID) of the application is used as the re-addition non-permission information. Register in the data table 15a. The data table 15a is managed by the card OS 31 of the OS layer 22.

  Note that the application program name (Load File AID) indicates the name of the program for executing the application, for example, a program code (or ROM code). The application data name (Application AID) indicates the name of the application itself.

  In the process of controlling the addition of an application based on the re-addition non-permission information, for example, when an application is added, the program name of the application (Load File AID) or the data name of the application (Application AID) and the data table Compared to the re-addition non-permission information registered in 15a, if the application completely matches or partially matches, the addition of the application is abnormally terminated.

Next, the process of registering the re-addition non-permission information in the IC card 1 will be described with a specific example of operation.
The re-addition non-permission information needs to be registered between the start of application addition (installation) and the deletion of the application. For example, the re-addition non-permission information can be registered in a process of adding (installing) an application, a process of executing an application, or a process of deleting an application. In the present embodiment, as a process for registering the re-addition non-permission information, for example, five patterns as shown in FIGS. 3 to 7 will be described.

First, a first pattern as an example of a process for registering the re-addition non-permission information will be described.
FIG. 3 is a flowchart for explaining a first pattern as an example of a process for registering the re-addition non-permission information.
In the first pattern shown in FIG. 3, the re-addition non-permission information of the application is registered in the IC card 1 in the first install command for declaring the program name (Load File AID) of the application.

  That is, when an application that cannot be re-added is added to the IC card 1, the upper device 2 sends a first installation command for declaring a program code as a program name (Load File AID) of the application to be added to the IC card. Send to 1. This first installation command includes re-addition non-permission information. That is, for the application that cannot be re-added, the higher-level device 2 transmits a first installation command including re-addition disapproval information of the application to the IC card 1. In this case, the re-addition non-permission information is associated with the application program name (Load File AID).

  On the other hand, in the IC card 1, the first install command is received by the UART 14 of the H / W layer 21, and the received first install command is given to the card OS 31 of the OS layer 22 (step S1). When the first install command is received, the card OS 31 defines the program name (Load File AID) of the application and determines whether or not the re-addition non-permission information is included in the first install command. (Step S2).

  When it is determined that the re-addition non-permission information is included in the first install command received by this determination (Yes in step S2), the card OS 31 uses the re-addition non-permission information as the program name (Load File AID) of the application. ) And register (step S3). The re-addition non-permission information is stored in the card OS 31 in terms of software, but is stored in the nonvolatile memory 15 in terms of hardware.

  When the registration of the definition of the program name of the application corresponding to the first installation command and the re-addition non-permission information of the application is completed, the card OS 31 confirms that the processing for the first installation command has been completed normally. The status shown is returned to the host device 2.

  The host device 2 that has received the status indicating that the first installation command has been normally completed transmits a load command for loading the actual program (data constituting the program) of the application to the IC card 1. The load command is executed a plurality of times according to the data amount of the application, the communication capability between the host device and the IC card, and the like. In response to such a load command, the IC card 1 stores (loads) the application program in the non-volatile memory 15 each time it receives a load command from the host device 2, and displays the processing result. Return to the host device 2 (step S4).

  When loading of the application program is completed by such an operation, the application program loaded by the plurality of load commands is added to the application layer 23 as one application having the program name defined by the first installation command. (Created) (Step S5). This indicates that the application is stored in the nonvolatile memory 15 in terms of hardware.

  The host device 2 that has received the notification that the processing for the plurality of load commands has been normally completed further transmits a second install command for declaring the data name (Application AID) of the loaded application to the IC card 1.

On the other hand, in the IC card 1, the second install command is received by the UART 14 of the H / W layer 21, and the received second install command is given to the card OS 31 of the OS layer 22 (step S6). In the card OS 31 of the IC card 1, the data of the application added to the application layer 23 in step S5 is added, and the name (Application AID) is defined (step S7).
When the addition of the data name of the application corresponding to the second installation command is completed, the card OS 31 returns a status indicating that the processing for the second installation command has been completed normally to the higher-level device 2.

  As described above, according to the first pattern, in a host device that adds an application that cannot be re-added to the IC card, the first installation command that declares the name of the application program (Load File AID) to the IC card. If the re-addition non-permission information is included in the IC card, the re-addition non-permission information is confirmed with respect to the first installation command. The application program (named “Load File AID”) is registered as an application that cannot be added again.

  Thus, according to the first pattern, for an application that cannot be re-added, the first install command that declares the program name of the application is re-corresponding to the program name of the application at the time of installation. Addition non-permission information can be set, and re-addition of the application can be disabled.

Next, a second pattern as an example of processing for registering the re-addition non-permission information will be described.
FIG. 4 is a flowchart for explaining a second pattern as an example of a process for registering the re-addition non-permission information.
In the second pattern shown in FIG. 4, the re-addition non-permission information of the application is registered in the IC card in the load command for transferring (loading) the application program.

  That is, when an application that cannot be re-added is added to the IC card 1, the upper device 2 first declares the code of the program to be loaded as the name of the program of the application to be added (Load File AID). An installation command is transmitted to the IC card 1.

  On the other hand, in the IC card 1, the first install command is received by the UART 14 of the H / W layer 21 and the received first install command is given to the card OS 31 of the OS layer 22. The card OS 31 defines a program name (Load File AID) of the application (step S11). When the definition of the program name of the application according to the first installation command is completed, the card OS 31 A status indicating that the processing for the first installation command has been completed normally is returned to the host device 2.

  The host device 2 that has received the status indicating that the first install command has been normally completed transmits a load command for loading the application program (data constituting the program) to the IC card 1. The load command is executed a plurality of times according to the data amount of the application, the communication capability between the host device and the IC card, and the like.

  In addition, any one of these load commands includes re-addition non-permission information. That is, for the application that cannot be re-added, the host device 2 sends a load command including re-addition disapproval information for the application (any one load command when executing a load command multiple times) to the IC. Send to card 1. Further, the re-addition non-permission information included in the load command is associated with the application program name (Load File AID). The re-addition non-permission information may be included in any load command among a plurality of load commands. For example, it may be included in the first load command or the last load command.

  When the re-addition non-permission information is not included in the load command received from such a host device (step S13, none), the IC card 1 receives the load command from the host device 2 every time the load command is received. The application program is stored (loaded) in the nonvolatile memory 15, and the processing result is returned to the host device 2 (step S12).

  If the load command received from the host device includes re-addition non-permission information (Yes in step S13), the card OS 31 stores the application program in the nonvolatile memory 15 by the received load command. (Reload) and register the re-addition non-permission information included in the load command in association with the program name (Load File AID) of the application (step S14). The re-addition non-permission information is stored in the card OS 31 in terms of software, but is stored in the nonvolatile memory 15 in terms of hardware.

  When the loading of the application program by the plurality of load commands as described above is completed, the card OS 31 indicates that the application program loaded by the plurality of load commands is one application having the program name defined by the first installation command. Is added (created) to the application layer 23 (step S15). This indicates that the application is stored in the nonvolatile memory 15 in terms of hardware.

The host device 2 that has received the notification that the processing for the plurality of load commands has been normally completed further transmits a second install command for declaring the data name (Application AID) of the loaded application to the IC card 1.
On the other hand, the IC card 1 adds the data of the application added to the application layer 23 based on the received second installation command (step S16), as in steps S6 and S7. (Application AID) is defined (step S17), and a status indicating that the processing for the second installation command has been completed normally is returned to the host device 2.

  As described above, according to the second pattern, the host device that adds an application that cannot be re-added to the IC card transmits re-addition non-permission information to the IC card in the load command that loads the application program. The IC card confirms the presence / absence of re-addition non-permission information in response to the load command. If re-addition non-permission information is included, the application program (name is Load File AID) cannot be re-added. It is intended to be registered as an application to be used.

  As a result, according to the second pattern described above, for an application that cannot be re-added, re-addition disapproval information is set corresponding to the program name of the application with the load command at the time of installation. And re-addition of the application can be disabled.

Next, a third pattern as an example of processing for registering the re-addition non-permission information will be described.
FIG. 5 is a flowchart for explaining a third pattern as an example of a process for registering the re-addition non-permission information.
In the third pattern shown in FIG. 5, the re-addition non-permission information is registered in the IC card 1 in the second installation command for declaring the data name (Application AID) of the loaded application.

  That is, when an application that cannot be re-added is added to the IC card 1, the host device 2 declares a file name of data to be loaded as a program name of the application to be added (data constituting the application program). Is sent to the IC card 1. On the other hand, the card OS 31 of the IC card 1 defines the program name (Load File AID) of the application based on the received first install command (step S21), as in step S11. A status indicating that the processing for the install command of 1 is normally completed is returned to the higher-level device 2.

  In the host device 2 that has received the status indicating that the first installation command has been normally completed, a plurality of load commands for loading the application program (data constituting the program) are sequentially received in the same manner as in step S4. Send to IC card 1. In response to such a load command, the IC card 1 stores (loads) the application program in the non-volatile memory 15 each time it receives a load command from the host device 2, and displays the processing result. It returns to the higher order apparatus 2 (step S22).

  An application program loaded by a plurality of load commands is added (created) to the application layer 23 as one application having a program name defined by the first installation command (step S23). This indicates that the application is stored in the nonvolatile memory 15 in terms of hardware.

  In the host device 2 that has received from the IC card 1 that processing for a plurality of load commands has been normally completed, a second install command for declaring the data name (Application AID) of the loaded application is further sent to the IC card 1. Send to. This second installation command includes re-addition non-permission information. That is, for the application that cannot be re-added, the higher-level device 2 transmits a second installation command including re-addition disapproval information of the application to the IC card 1. In this case, the re-addition non-permission information is associated with an application data name (Application AID).

  On the other hand, in the IC card 1, the second install command is received by the UART 14 of the H / W layer 21, and the received second install command is given to the card OS 31 of the OS layer 22 (step S24). The card OS 31 adds the data of the application to define the data name (Application AID) of the application and determines whether the second installation command has re-addition non-permission information (step S25). ).

  When it is determined that the re-addition non-permission information is included in the first installation command received by this determination (Yes in step S25), the card OS 31 uses the re-addition non-permission information as the data name (Application AID) of the application. Is registered in association with (step S26). The re-addition non-permission information is stored in the card OS 31 in terms of software, but is stored in the nonvolatile memory 15 in terms of hardware.

  When the addition of application data (name is Application AID) in accordance with the second install command and the registration of the re-addition disapproval information for the application are completed, the card OS 31 performs normal processing for the second install command. The status indicating completion is returned to the host device 2.

  As described above, according to the third pattern, in the host device that adds an application that cannot be re-added to the IC card, in the second install command that declares the name of the application data (Application AID) to the IC card. The re-addition non-permission information is transmitted to the IC card, and the IC card confirms the presence / absence of the re-addition non-permission information with respect to the second installation command. Application data (name is Application AID) is registered as an application that cannot be added again.

  Thus, according to the third pattern, for an application that cannot be re-added, the second install command that declares the data name of the application is re-corresponding to the program name of the application at the time of installation. Addition non-permission information can be set, and re-addition of the application can be disabled.

Next, a fourth pattern as an example of processing for registering the re-addition non-permission information will be described.
FIG. 6 is a flowchart for explaining a fourth pattern as an example of a process for registering the re-addition non-permission information.
In the fourth pattern shown in FIG. 6, the application itself registers re-addition non-permission information in the IC card 1 during execution of the application.

  Here, it is assumed that the host device 2 transmits a command requesting execution of an application that cannot be added again to the IC card 1. On the other hand, the IC card 1 receives a command for requesting execution of the application from the host device 2 (step S31), and the card OS 31 instructs the application in the application layer 23 to execute. Thereby, the application of the application layer 23 is started (step S32).

  When the application of the application layer 23 cannot be re-added, the application layer 23 performs registration processing of re-addition non-permission information. In the re-addition non-permission information registration process, the application calls the API 34a for performing the re-addition non-permission information registration process of the application itself to the API group 34 of the OS layer 22 (step S33). It is assumed that the API group 34 includes APIs indicating functions used in the application, and an API 34a for performing re-addition non-permission information registration processing is set in advance.

  The API 34a called by the application refers to the program name (Load File AID) or the data name (Application AID) of the application in which the re-addition non-permission information is registered in the data table 15a. Check whether additional disapproval information has already been registered. If it is determined that the re-addition non-permission information of the application has been registered, the process proceeds to step S36 and the application is executed (step S36).

  Upon confirming that the re-addition non-permission information of the application has not been registered, the API 34a re-associates the card OS 31 with the program name (Load File AID) of the application or the data name (Application AID) of the application. Request registration of additional non-permission information. In the card OS 31, re-addition disapproval information of the program name (Load File AID) or application data name (Application AID) designated by the API 34a is registered in the data table 15a.

  When this registration is completed normally, the card OS 31 notifies the application that the registration of the re-addition non-permission information has been completed normally via the API 34a. When receiving the notification that the registration of the re-addition non-permission information has been normally completed, the application executes the remaining program serving as the main body of the application (step S36).

  As described above, in the fourth pattern, the application installed in the IC card uses the program name (Load File AID) of the application itself or the data name (Application AID) of the application as re-addition non-permission information to the card OS. It is intended to be registered.

  Thus, according to the fourth pattern, for an application that cannot be re-added, the program name of the application (Load File AID) for disallowing re-adding of its own application when the application is executed ) Or re-addition non-permission information associated with an application data name (Application AID), and re-addition of the application can be disabled.

  Further, according to the fourth pattern, the process of registering the re-addition non-permission information is not required in the process of application installation or deletion, and it is not necessary to instruct the registration of the re-addition non-permission information from the host device. In other words, since re-addition non-permission information registration processing can be performed as one of the application processes, re-addition non-permission information can be registered by processing within the IC card, and addition and deletion of applications from the host device It can be executed by a conventional procedure. Furthermore, as a result, the above operation can be performed even if the operation of the system composed of the host device and the IC card is the same as the conventional one.

  In the fourth pattern, the re-addition non-permission information is registered so that the application cannot re-add its own application. However, the addition non-permission that prohibits addition of any application is prohibited. Information may be registered. That is, in the fourth pattern, since re-addition non-permission information is registered as processing executed by the application, information that makes it impossible to add (install) any application other than the application itself is displayed. You can register. In this case, for example, an application that cannot be added can be specified by an argument definition of the API 34a called by the application that executes the process.

Next, a fifth pattern as an example of a process for registering the re-addition non-permission information will be described.
FIG. 7 is a flowchart for explaining a fifth pattern as an example of processing for registering the re-addition non-permission information.
In the fifth pattern shown in FIG. 7, re-addition non-permission information for the application is registered in the IC card 1 in the delete command for deleting the application.

  That is, when an application that cannot be re-added is deleted from the IC card 1, the higher-level device 2 transmits a delete command that declares the name of the application to be deleted (Application AID) to the IC card 1. This deletion command includes re-addition non-permission information. That is, for the application that cannot be re-added, the host device 2 transmits a delete command including re-addition disapproval information of the application to the IC card 1. In this case, the re-addition non-permission information is associated with an application program name (Load File AID) or an application data name (Application AID).

  On the other hand, in the IC card 1, the delete command is received by the UART 14 of the H / W layer 21, and the received delete command is given to the card OS 31 of the OS layer 22 (step S41). When receiving the deletion command, the card OS 31 determines whether or not the deletion command includes re-addition non-permission information (step S42).

  When it is determined that the re-addition non-permission information is included in the delete command received by this determination (Yes in step S42), the card OS 31 uses the re-addition non-permission information as the program name (Load File AID) or application of the application. Are registered in association with the data name (Application AID) (step S43). The re-addition non-permission information is stored in the card OS 31 in terms of software, but is stored in the nonvolatile memory 15 in terms of hardware.

  Further, the card OS 31 performs a process of deleting the application (named Application AID) designated by the received delete command from the nonvolatile memory 15. As a result, when the registration of the re-addition non-permission information for the application and the deletion of the application in accordance with the deletion command are completed, the card OS 31 displays a status indicating that the processing for the deletion command has been completed normally. Return to.

  As described above, according to the fifth pattern, when deleting the application that cannot be re-added, the host device 2 re-adds the data name (Application AID) of the application to be deleted to the delete command that declares to the IC card. The non-permission information is added and transmitted to the IC card. In the IC card, the presence / absence of re-addition non-permission information is confirmed in response to the delete command. A program name (Load File AID) or an application data name (Application AID) is registered as an application that cannot be added again.

  As a result, according to the fifth pattern, for an application that cannot be re-added, the program name (Load File AID) or application data of the application is deleted by a deletion command that requests deletion of the application at the time of deletion. Re-addition non-permission information associated with a name (Application AID) can be set, and re-addition of the application can be disabled.

  In this case, the process of registering the re-addition non-permission information is not required in the process of application installation and execution. That is, for applications that are not deleted, the number of uses can be limited by limiting the number of uses of the application itself, and there is no need to register re-addition non-permission information as described above for limiting re-addition of the application. For example, if the operation mode of the IC card is such that the application is not easily deleted, useless processing such as registration of re-addition non-permission information at the time of installation becomes unnecessary.

Next, a specific operation example when an application is added to the IC card 1 will be described.
The process for restricting the addition of an application based on the re-addition non-permission information as described above is executed when the application is installed. In the present embodiment, for example, three patterns as shown in FIGS. 8 to 10 will be described as specific examples of processing for restricting addition of applications.

First, a sixth pattern as an example of processing for restricting addition of an application will be described.
FIG. 8 is a flowchart for explaining a sixth pattern as an example of processing for restricting addition of an application.
In the sixth pattern shown in FIG. 8, when the first install command for declaring the program name (Load File AID) of the application is received, it is determined whether or not the application can be added.

  Here, it is assumed that the first installation command for declaring the program name (Load File AID) of the application to be added is transmitted from the host device 2 to the IC card 1. When the first install command is received from the host device 2 (step S61), the card OS 31 of the IC card 1 firstly executes the above-mentioned based on the program name (Load File AID) of the application designated by the first install command. The program name (Load File AID) of the application registered in the data table 15a is searched (step S62).

  Based on the result of this search, the card OS 31 matches the program name (Load File AID) of the application specified by the first installation command completely or partially matches the program name of the application ( It is determined whether or not (Load File AID) is registered in the data table 15a (step S63).

  Here, “partial match” means that a part of the program name of the application specified by the first installation command and a part of the program name of the application registered in the data table 15a match each other. This is a case where it can be determined that the applications are the same. For example, if the upper part of the program name of the application specified by the first installation command uniquely matches the upper part of the program name of the application registered in the data table 15a, it is determined that the two match. It is to make.

  If it is determined by the above determination that a program name that completely or partially matches the program name of the application specified by the first install command is registered in the data table 15a (step S63, none), the card OS 31 Executes the installation process of the application. The application installation process is executed by, for example, the first pattern or the second pattern.

  If it is determined by the above determination that a program name that completely or partially matches the program name of the application specified by the first installation command is registered in the data table 15a (step S63, present), The card OS 31 disallows the addition (re-addition) of the application, and notifies the host device 2 of a status indicating that the process for the first installation command has ended abnormally (step S64). As a result, it is not permitted to add the application to the IC card 1.

  As described above, in the sixth pattern, when the first install command for declaring the program name of the application to be added is received from the host apparatus, the program name of the application is registered as the program name of the application that cannot be added again. If it is determined that the program name of the application is registered as the program name of an application that cannot be added again, the installation of the application is disabled.

  As a result, for an application having a program name that matches the program name registered as an application that cannot be added again, installation can be disabled when an installation command that declares the program name is received. Further, since the program name of the application cannot be easily changed, according to the sixth pattern, it is impossible to re-add an application composed of the same program even if the data name (Application AID) of the application is changed. It becomes possible.

Next, a seventh pattern as an example of processing for restricting addition of applications will be described.
FIG. 9 is a flowchart for explaining a seventh pattern as an example of processing for restricting addition of an application.
In the seventh pattern shown in FIG. 9, when a load command for loading an application program (named Load File AID) is received, it is determined whether or not the application can be added.

  Here, it is assumed that the first installation command for declaring the program name (Load File AID) of the application to be added is transmitted from the host device 2 to the IC card 1. When the first install command is received from the host device 2, the card OS 31 of the IC card 1 first sets the program name (Load File AID) of the application designated by the first install command, and the processing result is displayed. Notify the host device 2.

  In response to the notification that the processing for the first installation command has been completed normally, the host device 2 transmits a load command for loading the application program. This load command is executed a plurality of times according to the data amount of the program of the application and the communication capability with the IC card 1.

  When the load command is received from the host device 2, the card OS 31 of the IC card 1 performs a process of loading the application program in accordance with the received load command (step S72). At this time, the card OS 31 searches for the program name (Load File AID) of the application registered in the data table 15a based on the program name (Load File AID) of the application to be loaded (Step S73).

  When the load command is executed a plurality of times, the card OS 31 performs a search process when any one of the plurality of load commands is received. For example, a search based on the program name may be performed when the first load command is received, or a search based on the program name may be performed when the final load command is received.

  Based on the result of this search, the card OS 31 matches the program name (Load File AID) of the application specified by the first installation command completely or partially matches the program name of the application ( It is determined whether or not (Load File AID) is registered in the data table 15a (step S74).

  When it is determined by the above determination that a program name that completely or partially matches the program name of the application specified by the first install command is registered in the data table 15a (step S64, none), the card OS 31 Executes the installation process of the application. The application installation process may be executed by the second pattern, for example.

  If it is determined by the above determination that a program name that completely or partially matches the program name of the application specified by the first installation command is registered in the data table 15a (step S74, yes), The card OS 31 disallows the addition (re-addition) of the application, and notifies the host device 2 of a status indicating that the process for the load command has been terminated abnormally (step S75). As a result, it is not permitted to add the application to the IC card 1.

  As described above, in the seventh pattern, when the load command for loading the application program to be added is received from the higher-level device, the program name of the application is registered as the program name of the application that cannot be added again. If it is determined that the program name of the application is registered as the program name of an application that cannot be added again, installation of the application is disabled.

  As a result, an application having a program name that matches the program name registered as a non-re-addable application can be prohibited from being installed when an installation command for loading the program is received. Further, since the program name of the application cannot be easily changed, according to the seventh pattern, the same program is formed even if the data name (Application AID) of the application is changed according to the seventh pattern. It becomes possible to make it impossible to add the application again.

Next, an eighth pattern will be described as an example of processing for restricting addition of an application.
FIG. 10 is a flowchart for explaining an eighth pattern as an example of processing for restricting addition of an application.
In the eighth pattern shown in FIG. 10, when a second install command for declaring a data name (Application AID) of an application is received, it is determined whether or not the application can be added.

  Here, it is assumed that the first installation command for declaring the program name (Load File AID) of the application to be added is transmitted from the host device 2 to the IC card 1. When the first install command is received from the host device 2, the card OS 31 of the IC card 1 sets the program name (Load File AID) of the application designated by the first install command, and the processing result is sent to the host device. 2 is notified (step S81).

  In response to the notification that the processing for the first installation command has been completed normally, the host device 2 transmits a load command for loading the application program. This load command is executed a plurality of times according to the data amount of the program of the application and the communication capability with the IC card 1. Each time a load command is received from the host device 2, the card OS 31 of the IC card 1 performs a process of loading an application program in accordance with the received load command (step S82). An application program loaded by a plurality of load commands is added (created) to the application layer 23 as one application having a program name defined by the first installation command (step S83).

The host device 2 that has received the notification that the processing for the plurality of load commands has been normally completed further transmits a second install command for declaring the data name (Application AID) of the loaded application to the IC card 1. .
When the second installation command is received from the host device 2 (step S84), the card OS 31 of the IC card 1 uses the data table (Application AID) specified by the second installation command to execute the data table. The data name (Application AID) of the application registered in 15a is searched (step S85).

  Based on the result of this search, the card OS 31 determines whether the data name (Application AID) of the application specified by the second installation command completely matches or partly matches the data name (Application) of the application. It is determined whether or not (AID) is registered in the data table 15a (step S86).

  When it is determined by the above determination that an application having a data name that completely or partially matches the data name of the application specified by the second installation command is registered in the data table 15a (No in step S86), The card OS 31 executes installation processing for the application. The application installation process may be executed by the third pattern, for example.

  If it is determined by the above determination that an application having a data name that completely or partially matches the data name of the application specified by the second installation command is registered in the data table 15a (Yes in step S86). The card OS 31 disallows the addition (re-addition) of the application, and notifies the host device 2 of a status indicating that the process for the second installation command has ended abnormally (step S87). As a result, it is not permitted to add the application to the IC card 1.

  As described above, in the eighth pattern, when the second install command for declaring the data name of the application to be added is received from the host device, the data name of the application is registered as the data name of the application that cannot be added again. If it is determined that the data name of the application is registered as the data name of an application that cannot be added again, the application cannot be installed.

  As a result, for an application having a data name that matches the data name registered as a non-re-addable application, the installation can be disabled when the second installation command for declaring the data name of the application is received. . Since the data name of the application cannot be easily changed, according to the eighth pattern, the data name of the application is stored in the data table 15a in order to determine whether or not installation is possible based on the data name of the application. (Application AID) may be registered. Furthermore, in the eighth pattern, it is possible not to prohibit addition of other applications having the same program name.

  Note that the sixth pattern, the seventh pattern, and the eighth pattern determine whether or not an application can be added based on whether or not the application is registered in advance. For this reason, not only in the case of re-adding an application, it is also possible to make it impossible to add (install) a specific application by registering an application that cannot be added in advance.

  For the sixth pattern for determining whether or not an application can be added based on the program name of the application when the first installation command is received, the program name of the application is set as re-addition permission information. It can be implemented in combination with the second, fourth or fifth pattern.

  As for the seventh pattern for determining whether or not an application can be added based on the program name of the application when the load command is received, the second and fourth of setting the program name of the application as re-addition permission information. Or in combination with the fifth pattern.

  For the eighth pattern in which whether or not an application can be added is determined based on the data name of the application when the second installation command is received, the data name of the application is set as re-addition permission information. , 4th or 5th pattern can be used in combination.

1 is a diagram schematically showing a hardware configuration of an IC card 1 as a portable electronic device according to an embodiment of the present invention. The figure which shows typically the software structure in an IC card in case an IC card is used as a Java card. The flowchart for demonstrating the 1st pattern as an example of the process which registers re-addition nonpermission information. The flowchart for demonstrating the 2nd pattern as an example of the process which registers re-addition nonpermission information. The flowchart for demonstrating the 3rd pattern as an example of the process which registers re-addition prohibition information. The flowchart for demonstrating the 4th pattern as an example of the process which registers re-addition nonpermission information. The flowchart for demonstrating the 5th pattern as an example of the process which registers re-addition nonpermission information. The flowchart for demonstrating the 6th pattern as an example of the process which restrict | limits the addition of an application. The flowchart for demonstrating the 7th pattern as an example of the process which restrict | limits the addition of an application. The flowchart for demonstrating the 8th pattern as an example of the process which restrict | limits the addition of an application.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... IC card (portable electronic device), 2 ... Host device, 11 ... CPU, 12 ... ROM, 13 ... RAM, 14 ... Communication unit (UART), 15 ... Non-volatile memory, 15a ... Data table, 21 ... Hardware Wear layer, 22 ... OS layer, 23 ... Application layer, 31 ... Card OS, 32 ... Virtual machine, 33 ... ISD, 34 ... API group, 34a ... API

Claims (6)

In a portable electronic device that executes an application installed in a rewritable non-volatile memory,
Receiving means for receiving an application addition request from the external device to the nonvolatile memory and information indicating that the application cannot be added again;
A setting means for setting data indicating that re-addition of the application is not allowed when receiving an application addition request and information indicating that re-addition is impossible by the receiving means;
Processing means for installing the application received from the external device by the receiving means into the nonvolatile memory;
A portable electronic device comprising: Information indicating that re-addition of an application received by the receiving means is impossible is a command for specifying the program name of the application, a command for specifying the data name of the application, or a command for loading the program of the application. The portable electronic device according to claim 1, wherein the portable electronic device is added information. In a portable electronic device that executes an application installed in a rewritable non-volatile memory,
Receiving means for receiving a request to delete an application installed in the nonvolatile memory from an external device and information indicating that the application cannot be re-added;
A setting means for setting data indicating that re-addition of the application is disabled when receiving information indicating that the application deletion request and re-addition are impossible by the receiving means;
Processing means for deleting the application that has received the deletion request by the receiving means from the nonvolatile memory;
A portable electronic device comprising: In a portable electronic device that executes an application installed in a rewritable non-volatile memory,
A registration means in which a function group including a function for disabling addition of an application is registered;
Execution means for executing an application installed in the non-volatile memory using a function group registered in the registration means;
When executing an application that cannot be re-added among the applications installed in the non-volatile memory by the execution unit, the application is registered using a function for setting the addition of the application registered in the registration unit to be disabled. A setting means for setting data indicating that re-addition of the URL cannot be re-added,
A portable electronic device comprising: In a portable electronic device that executes an application installed in a rewritable non-volatile memory,
A setting means in which data indicating an application that cannot be added is set;
Receiving means for receiving an application addition request to the nonvolatile memory from an external device;
A determination unit that determines whether or not the application is set as an application that cannot be added by the setting unit when an application addition request is received by the receiving unit;
A first processing unit that disables addition of the application when the determination unit determines that the application is set as an application that cannot be added;
A second processing unit that installs the application that has received the addition request by the receiving unit in the non-volatile memory when the determining unit determines that the application is not set as an application that cannot be added;
A portable electronic device comprising: The determination unit is set as an application that cannot be added by the setting unit when the program name of the application is specified, the data name of the application is specified, or the program of the application is loaded. The portable electronic device according to claim 5, wherein it is determined whether or not it is present.

Images