JP2008299416A - Portable electronic device, file access method in portable electronic device, and ic card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a portable electronic device controlling access in more detail than when setting an access condition for each conventional file by setting the access condition for each data object. <P>SOLUTION: This IC card has a non-volatile memory holding data, the memory has at least one file set thereto, and the file stores a plurality of data objects. The IC card accesses the file by interpreting and executing a command inputted from the outside. In the IC card, the condition for executing the command inputted from the outside is set in each of the plurality of data objects, and each data object in the file is accessed by executing the command inputted from the outside based on the set condition. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention has, for example, a non-volatile memory for holding data, and at least one file is set in the memory, and a plurality of data objects are stored in the file, and a command ( The present invention relates to a portable electronic device such as an IC card that accesses the file by interpreting and executing the command, a file access method in the portable electronic device, and an IC card.

  In this type of IC card, file management in units of files, such as a dedicated file (DF) and an elementary file (EF), for data stored in a nonvolatile memory inside the IC card. Is generally performed (see, for example, Patent Document 1).

  The data stored in the file in the nonvolatile memory includes an identifier (Tag) indicating the type of the data, length information (Length) indicating the length of the data, and a data portion (Value) indicating the data itself. ) Are concatenated with each other (a data string having a TLV structure), that is, a so-called data object structure.

In an IC card that stores such a data object in a file, an access condition is set for each file, and access control by a command (instruction) is performed based on the set access condition (for example, Patent Document 2). And Patent Document 3).
Japanese Patent No. 2695857 JP-A-8-263353 JP 11-65938 A

  However, recently, there are cases where a plurality of data objects are stored in one file. In such a case, in the conventional access control method, access control is performed on a file basis, so that access control for each data object is not possible. There is a problem that you can not.

  Therefore, the present invention provides a portable electronic device and a portable electronic device that can perform finer access control than the conventional case where an access condition is set for each file by setting an access condition for each data object. It is an object to provide a file access method and an IC card in an apparatus.

  The portable electronic device of the present invention has a memory, and at least one file is set in the memory. The file indicates an identifier indicating the type of the data, length information indicating the length of the data, and the In a portable electronic device that accesses the file by interpreting and executing a command input from the outside, in which a plurality of data objects configured by connecting a data portion indicating data itself are stored, Condition setting means for setting a condition for executing a command input from the outside corresponding to each identifier of the plurality of data objects, and when a command input from the outside is received, specified by the command By referring to the setting contents of the condition setting means based on the identifier, a search for searching for a condition having an identifier corresponding to the identifier is performed. Based on means and, conditions retrieved by the retrieval means, by executing the instruction thus received, and an access control means for accessing the data object units to said file.

  The file access method in the portable electronic device according to the present invention has a memory, and at least one file is set in the memory. The file indicates an identifier indicating the type of the data and a length indicating the length of the data. A plurality of data objects configured by connecting information and a data part indicating the data itself are stored, and the file can be accessed by interpreting and executing an externally input command. A method for accessing a file in an electronic device, wherein a condition for executing a command input from the outside is set in correspondence with each identifier of the plurality of data objects, and a command input from the outside is received. Then, by referring to the setting contents of the condition based on the identifier specified by the instruction, the identifier Search criteria with the corresponding identifier, on the basis of the search conditions, by executing the instruction thus received, characterized in that access to the data object units to said file.

  The IC card of the present invention has a memory, and at least one file is set in the memory. The file indicates an identifier indicating the type of the data, length information indicating the length of the data, and the data itself. A plurality of data objects configured by linking the data portion indicating the file are stored, and an IC card that accesses the file by interpreting and executing a command input from the outside is input from the outside. A condition setting means for setting a condition for executing the instruction to be associated with each identifier of the plurality of data objects, and when receiving an instruction input from the outside, based on the identifier specified by the instruction By referring to the setting contents of the condition setting means, search means for searching for a condition having an identifier corresponding to the identifier, and this An IC module having an access control means for accessing the file in units of data objects by executing the received command based on the condition searched by the search means, and an IC card main body containing the IC module It is equipped with.

  According to the present invention, by setting an access condition for each data object, a portable electronic device and a portable electronic device that can perform finer access control than when a conventional access condition is set for each file. A file access method and an IC card in the apparatus can be provided.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 shows a configuration example of an IC card system that handles an IC card as a portable electronic device according to the present invention. In this IC card system, an IC card 101 can be connected to a terminal device 103 via a card reader / writer 102 as an external device, and a keyboard 104, a CRT display unit 105, and a printer 106 are connected to the terminal device 103. Composed.

  The IC card 101 becomes operable by supplying power from the card reader / writer 102, and executes various processes in accordance with commands supplied from the card reader / writer 102. The card reader / writer 102 supplies operating power to the IC card 101 and commands for requesting various processes.

  Here, the content of the command supplied from the card reader / writer 102 to the IC card 101 is, for example, access to a data object, and at least one of reading, writing, deleting, and adding a data object to / from the data object. One.

  The terminal device 103 is constituted by, for example, a personal computer, and executes various processes by executing various control programs stored in a memory (not shown), and also performs an IC via the card reader / writer 102. Data is input to and output from the card 101.

  FIG. 2 shows the configuration of the IC card 101. The CPU 201 is a control element, the data memory 202 is a storage means (memory) whose contents can be rewritten, the working memory 203, the program memory 204, and the card reader The communication unit 205 is configured to communicate with the writer 102. Of these, the portion within the broken line (CPU 201, data memory 202, working memory 203, program memory 204) is composed of one (or a plurality) of IC chips 206, and further this IC chip 206 and communication unit 205. Are integrated into an IC module and embedded in the IC card main body 101a.

  The CPU 201 is a control unit that performs various determination processes, determination processes, and various data processes such as writing to and reading from a memory.

  The data memory 202 is composed of an erasable (rewritable) non-volatile memory such as an EEPROM (Electrical Eraseable and Programmable Read Only Memory), and various data such as various application data are files. Stored in structure.

  The working memory 203 is a working memory for temporarily storing processing data when the CPU 201 performs processing. For example, the working memory 203 includes a volatile memory such as a RAM (Random Access Memory).

  The program memory 204 is configured by a non-rewritable fixed memory such as a mask ROM (read only memory), for example, and stores a control program of the CPU 201 and the like.

  The communication unit 205 is configured as an antenna unit when the IC card 101 is a non-contact (wireless) IC card, and receives the modulated wave transmitted from the card reader / writer 102 in a non-contact manner or transmits the modulated wave to the outside. Or to send. Further, a power supply and a clock for supplying to the internal circuit are generated from the modulated wave received by the communication unit 205. In the case of a contact type IC card, it is configured as a contact portion, and a power source and a clock are obtained by contacting with an IC card terminal portion (not shown) provided in the card reader / writer 102.

FIG. 3 shows an example of the internal structure of the data memory 102. In this example, two data objects are stored in one file.
In the data memory 102, for example, verification key EF definition information 301 for defining a verification key EF for storing a verification key, authentication key EF definition information 302 for defining an authentication key EF for storing an authentication key, and an authenticator generation key are stored. Stored is an authenticator generation key EF definition information 303 that defines an authenticator generation key EF to be stored, a data encryption key EF definition information 304 that defines a data encryption key EF that stores a data encryption key, and data Data encryption key EF305 defined by encryption key EF definition information 304, authenticator generation key EF306 defined by authenticator generation key EF definition information 303, authentication key EF307 defined by authentication key EF definition information 302, verification Matching key EF308 defined in key EF definition information 301, tag list table for data object 309, the data object (2) for the tag list table 309 310, the data object (1) 311 is stored.

  As described above, the data object (2) 310 and the data object (1) 311 include the identifier (Tag) indicating the type of the data, the length information (Length) indicating the length of the data, and the data itself. Is a data string (a data string having a TLV structure) configured by linking a data part (Value) indicating the above.

  FIG. 4 shows an example of the internal structure of the working memory 203. The working memory 203 has an area 203a for storing the verification state of the verification key and an area 203b for storing the authentication status of the authentication key and the authenticator.

FIG. 5 shows details of the tag list table 309. In this example, two data objects are stored in one file.
In the tag list table 309, 401 is table length information 401 indicating the length of one tag (Tag) table, tag table number information 402 indicating the number of tag tables in the tag list table 309, and one. A tag table 403 of the second data object (data object (2) 310 in FIG. 3) and a tag table 404 of the second data object (data object (1) 311 in FIG. 3) are configured. .

  The tag tables 403 and 404 include a tag value 501 which is an identifier of the data object, length information 502 indicating the length of the data part (Value) of the data object, detailed control information (Location Data) 503 of the data object, A file ID (DID) 504 that is identification information of a file storing a data object and an access condition 505 for a target tag (data object) are configured.

  Here, as the access condition 505 for the data object, for example, an access condition for the data read process, an access condition for the data write process, an access condition for the secure messaging process, and the like can be considered.

  As access conditions for data reading processing, reading prohibition prohibiting reading, verification reading that enables reading when verification of the verification key succeeds, and authentication reading that enables reading when authentication of the authentication key succeeds are possible. Yes, collation / authentication readout that enables reading when the verification of the verification key is successful or when the authentication of the authentication key is successful, and can be read when the verification of the verification key is successful and the authentication of the authentication key is successful Possible verification / authentication readout is possible, read-out is possible, and so on.

  Here, collation of the collation key refers to collation of the collation key added to the collation command from the card reader / writer 102 with the collation key in the collation key EF308, and when both collation keys match, the collation is successful. This means that collation is unsuccessful when the collation keys do not match, and the collation result is stored in the collation state storage area 203a of the working memory 203. This collation processing is performed prior to execution of actual processing commands such as writing and reading.

  The authentication of the authentication key means that the encrypted authentication data added to the authentication command from the card reader / writer 102 is decrypted with the authentication key in the authentication key EF307, and the authentication is successful when correctly decrypted. This means that the authentication is unsuccessful when decryption is not successful, and the authentication result is stored in the authentication state storage area 203b of the working memory 203. This authentication process is also performed prior to executing an actual processing command such as writing or reading.

As access conditions for the secure messaging process, there may be no secure messaging, an authenticator is required, data encryption is required, an authenticator and data encryption is required, and the like.
Here, the fact that an authenticator is necessary means that the data of a specific part (for example, a header part or a data part) of the received command is encrypted by using the authenticator generation key in the authenticator generation key EF306. The generated authenticator is compared with the authenticator attached to the received command. If both authenticators match, authentication is successful, and if both authenticators do not match, authentication fails. The authentication result is stored in the authentication state storage area 203b of the working memory 203. Command processing is performed when authentication of the authenticator is successful.

  The necessity of data encryption means that command processing is performed after the data is decrypted (encrypted) using the data encryption key in the data encryption key EF305. For example, in the case of a data write command, the write data added to the command is decrypted using the data encryption key in the data encryption key EF 305, and then the data memory 102 is written. Further, for example, in the case of a data read command, the data object specified by the command is read from the data memory 102, and the read data object is encrypted using the data encryption key in the data encryption key EF305. The data is output to the card reader / writer 102.

  In addition, the authentication code and data encryption are required. The authentication code and data encryption are necessary. As described above, the authentication of the authentication code is successful and the data part is decrypted (encrypted). This means that command processing is performed.

FIG. 6 shows a format example of a command sent from the card reader / writer 102 to the IC card 101. This example shows, for example, a read command for reading a data object, and includes a classification unit (CLA: class) 701, a command unit (INS: instruction) 702, and parameter data having a function for identifying the command. (P1, P2) 703 and 704.
The parameter data (P1, P2) 703, 704 stores, for example, a tag value of the data object that designates a data object to be read.

  Next, an access process for a command from the card reader / writer 102 in such a configuration will be described with reference to a flowchart shown in FIG. In this example, for example, processing for a read command for reading a data object will be described.

  When the CPU 201 receives a read command input from the card reader / writer 102 (step S1), the CPU 201 checks the command format to confirm the validity of the read command (step S2). In this format check, for example, it is confirmed whether or not the classification unit 701 and the instruction unit 702 of the read command indicate a regular command, and whether or not the parameter data 703 and 704 are set outside the function.

  As a result of the format check in step S2, if an abnormality is found in the format, the CPU 201 sets a status word indicating a format error, executes the status word output process (step S3), and ends the process. .

  If no abnormality is found in the format as a result of the format check in step S2, the CPU 201 checks whether the tag values stored in the parameter data 703 and 704 of the read command are correct (step S4). If not, a status word indicating a processing error is set, the status word output process is executed (step S3), and the process ends.

  If the tag values stored in the parameter data 703 and 704 are correct as a result of the check in step S4, the CPU 201 determines that the tag list table 309 in FIG. 5 is based on the tag values stored in the parameter data 703 and 704 of the read command. , The tag table 403 (404) having the tag value (the tag value of the data object to be read) 501 corresponding to the tag value is searched (step S5).

  If the tag table 403 (404) having the tag value 501 of the data object to be read does not exist as a result of the search in step S5, the CPU 201 sets a status word indicating a processing error and outputs the status word. Is executed (step S3), and the process ends.

  If the tag table 403 (404) having the tag value 501 of the data object to be read exists as a result of the search in step S5, the CPU 201 is the same as the file ID (DID) 504 in the tag table 403 (404). A file having the file ID (file to be read) is searched from the data memory 102 (step S6).

  If the file to be read does not exist as a result of the search in step S6, the CPU 201 sets a status word indicating a processing error, executes the status word output process (step S3), and ends the process. .

  If there is a file to be read as a result of the search in step S6, the CPU 201 refers to the access condition 505 in the tag table 403 (404) searched in step S5 and the collation state and authentication state in FIG. Thus, it is determined whether or not the data object for which the read command processing is targeted is acceptable (step S7).

  If the result of determination in step S7 is that processing is not allowed for the target data object, the CPU 201 sets a status word indicating a processing error, executes output processing of the status word (step S3), and executes the processing. finish.

  As a result of the determination in step S7, if the process is permitted for the target data object, the CPU 201 executes the read process for the data object (step S8, and if the process ends normally, the process ends normally. Is set, a status word output process is executed (step S9), and the process ends.

  In step S8, when the reading process does not end normally and a reading abnormality occurs, the CPU 201 sets a status word indicating a processing error, executes the output process of the status word (step S3), and the processing Exit.

  As described above, according to the above-described embodiment, the nonvolatile memory that holds data is provided, at least one file is set in the memory, and a plurality of data objects are stored in the file. In the IC card that accesses the file by interpreting and executing the command input from the outside, a condition for executing the command input from the outside is set for each of the plurality of data objects, Based on this set condition, by executing an externally input command, the file is accessed in the data object unit, thereby performing finer access control than when the access condition is set in the conventional file unit. It becomes possible.

  In the above-described embodiment, the case where the present invention is applied to an IC card as a portable electronic device has been described. However, the present invention is not limited to this, and for example, a portable terminal device called PDA, a cellular phone, etc. However, the shape is not limited to the card type, but may be a booklet type, a block type, or a tag type.

The block diagram which shows the structural example of the IC card system which handles the IC card as a portable electronic device concerning the present invention. 1 is a block diagram schematically showing the configuration of an IC card. The schematic diagram which shows the internal structure example of a data memory. The schematic diagram which shows the example of an internal structure of a working memory. The block diagram which shows the detail of a tag list table. The schematic diagram which shows the example of a format of the read command sent to an IC card. The flowchart explaining the access process with respect to a read command.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 ... IC card (portable electronic device), 101a ... IC card main body, 102 ... Card reader / writer, 103 ... Terminal device, 104 ... Keyboard, 105 ... CRT display part, 106 ... Printer, 201 ... CPU (control element) 202 ... Data memory (storage means) 203 ... Working memory 204 ... Program memory 205 ... Communication unit 206 ... IC chip 309 ... Tag list table 403,404 ... Tag table 501 ... Tag value 505 ... Access conditions.

Claims (7)

The memory has at least one file, and an identifier indicating the type of the data, length information indicating the length of the data, and a data portion indicating the data itself are connected to the file. In a portable electronic device that accesses the file by interpreting and executing a command input from the outside, a plurality of data objects configured as described above are stored,
Condition setting means for setting a condition for executing an instruction input from the outside in correspondence with each identifier of the plurality of data objects;
When receiving an instruction input from the outside, referring to the setting content of the condition setting means based on the identifier specified by the instruction, search means for searching for a condition having an identifier corresponding to the identifier;
Access control means for accessing the file in units of data objects by executing the received command based on the conditions searched by the search means;
A portable electronic device comprising:   2. The portable electronic device according to claim 1, wherein the content of the instruction is an access to a data object, and is at least one of reading, writing, deleting, and adding a data object to the data object. apparatus.   The condition set by the condition setting means is an execution result of a specific instruction executed before execution of an instruction that determines whether or not a data object is accessible according to the condition, or an instruction itself that accesses a data object. The portable electronic device according to claim 1, wherein the portable electronic device is in a format or the like.   4. The portable electronic device according to claim 3, wherein the execution result of the specific command is a verification result of a verification key based on a verification command, an authentication result based on an authentication key based on an authentication command, or the like.   4. The portable electronic device according to claim 3, wherein the format of the command itself is presence / absence of secure messaging processing. The memory has at least one file, and an identifier indicating the type of the data, length information indicating the length of the data, and a data portion indicating the data itself are connected to the file. A file access method in a portable electronic device that accesses the file by interpreting and executing a command input from the outside, wherein a plurality of data objects configured are stored;
Conditions for executing an instruction input from the outside are set in correspondence with each identifier of the plurality of data objects, and when an instruction input from the outside is received, the identifier specified by the instruction is set. By referring to the setting contents of the condition based on this, a condition having an identifier corresponding to the identifier is searched, and based on the searched condition, the received command is executed, so that a data object unit is obtained for the file. A method for accessing a file in a portable electronic device, characterized in that: The memory has at least one file, and an identifier indicating the type of the data, length information indicating the length of the data, and a data portion indicating the data itself are connected to the file. In an IC card that accesses the file by interpreting and executing a command input from the outside, a plurality of data objects configured as described above are stored,
Condition setting means for setting a condition for executing a command input from the outside corresponding to each identifier of the plurality of data objects, and when a command input from the outside is received, specified by the command By referring to the setting contents of the condition setting means based on the identifier, a search means for searching for a condition having an identifier corresponding to the identifier, and the received instruction is executed based on the condition searched by the search means An IC module having access control means for accessing the file in units of data objects;
An IC card body containing the IC module;
An IC card comprising:

Images