JP2009075797A - Portable electronic equipment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide portable electronic equipment for surely and efficiently performing access control in a plurality of channels. <P>SOLUTION: In an IC card, an operating system 41 and an application 22A capable of performing processing by a plurality of local channels operate, wherein the operating system 41 manages information showing a channel under access to each file stored in a non-volatile memory by a channel management table 42a, and provides information indicating a logical channel under access to the file targeted as access by a received command to the application 22A which processes the command by referring to information managed by the channel management table 42a, and the application 22A decides the possibility/impossibility of the execution of processing to the command based on the information provided from the operating system. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention includes, for example, a portable electronic device such as an IC card that incorporates a module having a control element such as a non-volatile memory capable of writing and rewriting data and a CPU, and executes processing corresponding to an externally input command. Relates to the device.

  Conventionally, as a portable electronic device, for example, there is an IC card in which an IC module having functions such as a memory and a CPU is embedded in a casing made of a plastic plate or the like. In such an IC card, data is written to a rewritable nonvolatile memory in accordance with a command from an external device, and data is read from the nonvolatile memory. Such IC cards are used in various fields such as entrance / exit management, credit cards, mobile phones, and electronic commerce because of the importance of security. Furthermore, in recent years, in order to use a single IC card for various purposes, there are an increasing number of operation modes in which a plurality of applications are operated.

  In general, transmission / reception of data between an IC card and a host device (terminal) is performed via a “channel for communication” called a logical channel. Conventionally, in a general operation mode, since the IC card and the terminal often communicate one-to-one, the processing is often completed with only one channel. However, in recent years, there are an increasing number of cases where communication is performed between one IC card and a plurality of terminals. This is because the basic performance of IC cards has been improved, or the number of IC cards having a plurality of interfaces (contact type, non-contact type, high-speed type contact type, etc.) with the outside has increased. Is a factor. When communicating with a plurality of terminals, the IC card opens a plurality of channels, and each channel performs control to access each target file (or application).

However, at present, access to each file in the IC card is not managed for each of a plurality of channels. That is, in the conventional IC card, each file can be accessed unconditionally from a plurality of channels. If each file can be accessed unconditionally from a plurality of channels as described above, various problems may occur in the IC card. For example, a file being accessed on the first channel may be rewritten on the second channel. When such a phenomenon occurs, there is a problem that the processing expected in the first channel cannot be realized.
JP 2005-11147 A

  An object of the present invention is to provide a portable electronic device that can reliably and efficiently perform access control in a plurality of channels.

  A portable electronic device according to one aspect of the present invention includes a first storage unit that stores an operating system program, a second storage unit that stores an application program, and an application stored in the second storage unit. Control means for executing third storage means for storing data used in the program, an operating system program stored in the first storage means, and an application program stored in the second storage means The operating system program is managed by a management function for managing information indicating a channel being accessed for each file stored in the third storage means, and the management function. Access specific files by browsing A providing function for providing information indicating a channel that is accessing the file to an application to be executed, and the application program is based on information provided from the operating system and a channel assigned to the application program. A determination function for determining whether or not access to the file is possible, an interruption function for interrupting access to the file when the determination function determines that access to the file is impossible, and the determination function And an execution function for executing access to the file when it is determined that access to the file is permitted.

  According to the present invention, it is possible to provide a portable electronic device that can reliably and efficiently perform access control in a plurality of channels.

The best mode for carrying out the present invention will be described below with reference to the drawings.
FIG. 1 schematically shows a hardware configuration of an IC card 1 as a portable electronic device according to this embodiment.
As shown in FIG. 1, an IC card 1 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, a communication unit (UART) 14, a nonvolatile memory A memory (NV (EEPROM)) 15 and a co-processor 16.

The CPU 11, ROM 12, RAM 13, communication unit 14, coprocessor 15, and nonvolatile memory 16 are configured by a module Ca formed integrally with an IC chip or the like. The module Ca is embedded in the housing C that forms the IC card 1. That is, the IC card 1 is constituted by a casing C in which a module Ca is embedded.
The IC card 1 is activated (becomes operable) when supplied with power from the IC card processing device 2 as a host device, and responds to a command from the IC card processing device 2. It is supposed to work.

  The CPU 11 is responsible for overall management and control. The CPU 11 functions as a processing unit and a determination unit. The CPU 11 performs various processes by operating based on a control program or the like. The ROM 12 is a non-volatile memory in which a control program and control data are stored in advance. The RAM 13 is a volatile memory that functions as a working memory.

  The communication unit 14 functions as a communication unit and controls data communication with the IC card processing device 2 as a host device. The communication unit 14 also functions as a means for receiving power for operating the IC card 1. The coprocessor 15 assists operations such as encryption or decryption. The nonvolatile memory 16 is a rewritable nonvolatile memory that stores various data, applications (application programs), and the like. The structure of data stored in the nonvolatile memory 16 will be described in detail later.

  The communication unit 14 has a configuration corresponding to the communication method of the IC card 1. For example, when the communication method of the IC card 1 is a contact-type communication method, the communication unit 14 is configured by a contact portion for physically contacting the contact portion of the IC card processing device 2 as a host device. Is done. In this case, the IC card 1 receives power from the IC card processing device 2 through the communication unit 14 that is in physical contact with the IC card processing device 2. That is, when the IC card 1 is a contact IC card, the IC card 1 is activated by receiving the operation power and the operation clock from the IC card processing device 2 through the contact unit as the communication unit 14. Is done.

  When the communication method of the IC card 1 is a non-contact (wireless) communication method, the communication unit 14 includes an antenna that transmits and receives radio waves, a communication control unit that controls communication, and the like. In this case, the IC card 1 generates an operation power supply and an operation clock from a radio wave received by the communication unit 14 by a power supply unit (not shown). That is, when the IC card 2 is a non-contact IC card, the IC card 2 receives radio waves from the IC card processing device 2 via an antenna as a communication unit 14 and a communication control unit, and the radio waves Thus, an operation power supply and an operation clock are generated and activated by a power supply unit (not shown).

Next, the configuration of data stored in the nonvolatile memory 16 will be described.
Various types of data are stored in the nonvolatile memory 16 in a file structure defined in ISO / IEC7816, for example. For example, the nonvolatile memory 16 stores a file (EF: Elementary File) managed as a multi-level structure (tree structure) and a file (DF: Dedicated File) as a data folder. .

FIG. 2 is a diagram showing an example of the file structure stored in the nonvolatile memory 16.
In the example shown in FIG. 2, the highest level is a file (MF: Master File) 21 as a master file. Under the MF 21, a DF (application A) 22A as a folder and a DF (2 application B) 22B as a folder are provided. Further, under the DF (application A) 22A, an EF (file A1) 23A1 and an EF (file A2) 23A2 used for data storage and the like are provided. Further, an EF (file B1) 23B1 used for data storage and the like is provided under the DF (application B) 22B. In such a file structure, various data are stored in the EF as a data file.

Next, the software configuration in the IC card 1 will be described.
In the IC card 1, various processes are realized by the CPU 11 executing programs stored in the ROM 12 or the nonvolatile memory 16 as described above. That is, in the IC card 1, various processes are realized by controlling the ROM 12, the RAM 13, the nonvolatile memory 16, the UART 14, the coprocessor 15 and the like by software executed by the CPU 11.

FIG. 3 is a diagram schematically showing a software configuration in the IC card 1.
The software in the IC card 1 includes a hardware (H / W) layer 31, an OS (operating system) layer 32, and an application layer 33. As shown in FIG. 3, the IC card 1 has a structure in which the application layer 33 is positioned at the top and the OS layer 32 is positioned above the H / W layer 31.

  The H / W layer 31 includes hardware such as the CPU 11, ROM 12, RAM 13, UART 14, coprocessor 15, and nonvolatile memory 16. Each hardware of the H / W layer 31 executes processing in response to a processing request from the OS layer 32, and sends the result of the executed processing to the OS layer 32.

  The OS layer 32 has a card OS (operating system) 41 as a program for executing basic control in the IC card 1. The OS layer 32 may include modules such as an environment setting module and an application interface group. The software as the card OS 41 is a program for controlling the basic operation of the IC card, and controls each hardware of the H / W layer 31 and receives information such as processing results from each hardware. It is a program that operates. The software as the card OS 41 is stored in advance in a non-volatile memory in the IC card, and is stored in the ROM 23, for example.

  The card OS 41 has a logical channel management function 42 in addition to a basic function for controlling each hardware of the H / W layer for realizing the basic operation of the IC card 1. The logical channel manages a logical channel for accessing each file or each application in the nonvolatile memory 16. For example, when communication is performed using a plurality of communication methods, a logical channel is assigned to each communication method. By performing control using such logical channels, the IC card 1 can process a plurality of command groups for each channel. For example, the application A can execute a command process on a first channel, and the application B can execute a command process on a second channel. That is, the logical channel management function 42 is a function for managing each logical channel using the channel management table 42a. A configuration example of the channel management table 42a will be described in detail later.

The application layer 33 includes various applications (application A, application B,...) As programs for realizing various processes. The software as each application includes a program and data for realizing various processes according to the operation mode of the IC card 1. The software as the application is stored in advance in the nonvolatile memory 16 in the IC card 1 or downloaded from an external device as appropriate and stored in the nonvolatile memory 16 in the IC card 1.
That is, each hardware of the H / W layer 31 is controlled by the card OS 41 of the OS layer 32. The card OS 41 in the OS layer 32 controls the operation of each hardware in response to a request from each application in the application layer 33. Further, the processing results by the hardware of the H / W layer 31 are supplied to the application via the card OS 41 of the OS layer 32. For example, a command from an external device is received by the hardware of the H / W layer 31 and supplied to the card OS 41 of the OS layer 32. The card OS 41 selectively supplies the command received by the H / W layer 31 to a specific application in the application layer 33.

  For example, when the H / W layer 31 receives an application selection command from an external device, the card OS 41 sets the application specified by the application selection command from the application layer 33 in the current state. In this state, when the H / W layer 31 receives a command from an external device, the card OS 41 supplies the command to the application in the current state. Thereby, each application of the application layer 33 executes a process according to the command supplied from the card OS 41 of the OS layer 32. That is, the card OS 41 designates an application in a current state (hereinafter also referred to as a current application) and supplies a command to the current application.

Next, the logical channel management function 42 will be described.
4 and 5 are diagrams showing a configuration example of the channel management table 42a.
That is, as shown in FIGS. 4 and 5, the channel management table 42a stores the access order of each logical channel for each application and each file. That is, the access order stored in the channel management table 42a is the order of logical channels in which each file or each application is set as current (that is, the order of logical channels that have accessed each file or each application).

  Therefore, the channel management table 42a shown in FIG. 4 indicates that the application A is set in the current order of the logical channels “ch.1” and “ch.0”. Further, the channel management table 42a shown in FIG. 4 indicates that the logical channel “ch.1” is currently set to the application A and the file A1. Further, the channel management table 42a shown in FIG. 4 indicates that the application B is currently set in the logical channel “ch.2”.

  For example, in the state shown in FIG. 4, the process of selecting the file A1 of the application A on the logical channel “ch.2” (the process of setting the application A and the file A1 on the logical channel “ch.2”) is performed. Shall. In this case, the logical channel management function 42 changes the state of the channel management table 42a to the state shown in FIG.

  That is, the logical channel management function 42 deletes the logical channel “ch.2” from the access order for the application B in the channel management table 42a. At the same time, the logical channel management function 42 adds the logical channel “ch.2” to the tail of the access order for the application A and the file A1 in the channel management table 42a. As a result, the channel management table 42a is in a state as shown in FIG. 5, and is in a state indicating that the logical channel in which the application A and the file A1 are last set to current is “ch.2”. According to the channel management table 42a as shown in FIG. 5, when accessing the file A1 with the logical channel “ch.2”, the access order of the logical channel “ch.2” is next to the logical channel “ch.1”. Can be determined.

  In the logical channel management function 42 of the card OS 41, the channel management table 42a as described above notifies each application of the channel number being processed, and the priority of each logical channel for each file or each application ( Access order). Thereby, each application that receives the command can determine the processing content for the command based on the information indicating the priority provided from the card OS 41.

  In each application, a command from the IC card processing apparatus 2 is given via the card OS 41. In this case, the application determines whether or not to execute processing for the received command based on the priority of its own logical channel. Furthermore, each application may determine whether or not to execute processing for the command based on the priority of its own logical channel and the type of the received command. In other words, whether or not to execute the received command is determined by information indicating the logical channel access order (priority) provided by each application from the card OS 41.

  For example, in the application that has received the command, if the priority of its own logical channel is the highest, it is determined whether or not processing for all commands can be executed. Also, in the application that received the command, if the priority of its own logical channel is not the highest priority, it is determined that the received command cannot execute processing for a command that changes the file status (for example, a command for rewriting or deleting). Then, it is determined that the received command can execute a process for a command that does not change the file status (for example, a command such as a read command).

As described above, the processing content (executability) of the received command can be determined by the application. Accordingly, the processing realized by each application can take the following various forms regardless of the above-described example.
For example, a specific application (the application with the highest priority) may always execute processing for all commands regardless of the priority order of the logical channels. In addition, regardless of the type of received command, if it is not the highest logical channel, processing for all commands may not be executed. Furthermore, for example, a specific file that sequentially stores history information in record units may be allowed to be written regardless of the priority of the logical channel.
As described above, this IC card 1 can freely design the processing contents for commands when the current setting conflicts with another logical channel for each application, and realizes a system with a high degree of freedom according to the operation mode it can.

Next, processing for commands from the IC card processing apparatus 2 will be described.
FIG. 6 is a flowchart for explaining a processing example for a command from the IC card processing apparatus 2. The operation of the card OS 41 and each application is realized by the CPU 11. However, in the following processing example, the operation of the card OS 41 and the operation of each application 22 (22A, 22B,...) Will be described separately. Shall.
First, when a command from the IC card processing device 2 is received by the UART 14 (step S10), the card OS 41 executed by the CPU 11 notifies the received command to the application (here, the application 22A) (step S11).

When a command is acquired from the card OS 41 (step S12), the application 22A inquires of the card OS 41 about its own logical channel (step S13).
In response to this inquiry, the card OS 41 refers to the channel management table 42a by the logical channel management function 42, and determines the logical channel of the application 22A (step S14). When determining the logical channel of the application 22A, the card OS 41 notifies the application 22A of information indicating the logical channel (step S15).
Thereby, the application 22A confirms its own logical channel. Note that the method for confirming the logical channel assigned to the application that has received the command is not limited to the processing in steps S13 to S16, but may be a method for confirming directly from the CLASS byte of the received command, or depending on the card specifications. A method of acquiring with a dedicated API prepared in advance is also applicable.

When acquiring information indicating its own logical channel from the card OS 41, the application 22A determines the file to be accessed in the command, and inquires the card OS 41 about the access status of each file to be accessed by each logical channel ( Step S21).
In response to this inquiry, the card OS 41 refers to the channel management table 42a by the logical channel management function 42 and determines the access order (priority order) of each logical channel for the file to be accessed (step S22). When the access order of each logical channel for the access target file is determined, the card OS 41 notifies the application 22A of information indicating the access order of each logical channel for the file (step S23).

  When information indicating the access order of each logical channel for the file to be accessed is acquired (step S24), the application 22A performs a process of determining whether or not to execute the process for the command (steps S25 to S26). . That is, the application 22A determines whether there is another logical channel that is accessing the file to be accessed by the command (sets the file to be current) (step S25).

  When it is determined that there is no access to the file on another logical channel (step S25, NO), the application 22A executes processing for the command (step S28) and notifies the card OS 41 of the processing result (step S28). Step S29). In the process for the command in step S28, the application 22A realizes access to the memory storing the file in cooperation with the card OS 41.

  When it is determined that there is access to the file on another logical channel (step S25, NO), the application 22A determines its own access based on the information indicating the access order of each logical channel acquired from the card OS 41. It is determined whether or not the logical channel has priority for the file (step S26). For example, the application 22A determines whether or not there is a priority for the file based on whether or not its own logical channel is the highest in the access order of each logical channel acquired from the card OS 41.

  If it is determined that the logical channel has priority from the above determination (step S26, YES), the application 22A executes processing for the command (step S28) and notifies the card OS 41 of the processing result (step S28). Step S29).

  If it is determined that the logical channel has no priority (NO in step S26), the application 22A determines whether the command type is an executable command (step S27). ). The process of step S27 is determined according to the setting for each application. For example, a configuration in which a write command cannot be executed and a read command can be executed is possible. Also, it is possible to make all commands unexecutable or make all commands executable. Furthermore, it is also possible to determine whether execution is possible depending on the type of file to be accessed.

  For example, in the application 22A, it is assumed that a command that rewrites the state of a file such as rewriting is not executable, and other commands are set to be executable. In such a case, if the received command is a rewrite command, the application 22A determines that the command cannot be processed. If the received command is a read command, the application 22A determines that the command can be processed.

  When it is determined that the process of the received command is executable by the above determination (step S27, YES), the application 22A executes the process for the command (step S28) and notifies the card OS 41 of the processing result (step S28). S29). If it is determined that the received command cannot be processed (NO in step S27), the application 22A cannot execute (interrupt) the process for the command, and interrupts the process for the command. The card OS 41 is notified as a processing result (step S29).

When processing for the command received from the application 22A is acquired (step S30), the card OS 41 transmits the processing result notified from the application 22A to the IC card processing device 2 as response data for the received command (step S31).
As described above, the card OS 41 of the IC card 1 manages the channels currently set for each file and the access order of those channels, and the application tries to access according to the received command. For the file to be confirmed, “whether another channel has already set the target file as current” or “which channel has the priority to access (accessed order)” is confirmed by information provided from the card OS 41 Thus, access control according to the current setting in a plurality of channels is performed.

  With the processing as described above, the card OS 41 can confirm whether a file to be accessed is already set in another channel in command processing of a certain application, and processing for a file that is currently set in a plurality of channels. Can be managed reliably.

Next, two specific examples will be described.
First, as a first specific example, a processing example for a rewrite command by an application designed so that rewriting is disabled when there is no priority (when the access order is not the highest) will be described. Here, it is assumed that each logical channel is in a state as shown in FIG.

  In such a state, it is assumed that a command for rewriting the data of the file A1 of the application A is received by “ch.2”. Then, the application A acquires its own logical channel number from the card OS 41. Subsequently, the application A acquires information (access order of each logical channel) indicating the access status of each logical channel with respect to the file A1, which is a file to be accessed, from the card OS.

  In the example illustrated in FIG. 5, information indicating that the channel “ch.1” has already been set and the access order is “ch.1” and “ch.2” is acquired. Based on such information, the application A determines that “ch. Therefore, the application A of “ch.2” has no priority for the rewriting process for the file A1 (because “ch.1” has the priority), so the command process is executed without executing the rewriting process. finish.

  Next, as a second specific example, it is designed to permit execution of read processing that does not change the file state even when there is no priority (when the access order is not the highest). A processing example for a read command by the application will be described. Here, it is assumed that each logical channel is in a state as shown in FIG.

  In such a state, it is assumed that the command for reading the data of the file A1 of the application A is received by “ch.2”. Then, the application A acquires its own logical channel number from the card OS 41. Subsequently, the application A acquires information (access order of each logical channel) indicating the access status of each logical channel with respect to the file A1, which is a file to be accessed, from the card OS 41.

  In the example illustrated in FIG. 5, information indicating that the channel “ch.1” has already been set and the access order is “ch.1” and “ch.2” is acquired. Based on such information, the application A determines that “ch. Here, the application A of “ch.2” has no priority over the file A1, but the processing of the read command does not change the state of the file A1 (that is, it affects the processing of “ch.1”). The file A1 is read according to the read command.

  As described above, in the IC card according to the present embodiment, the operating system manages information indicating the channel being accessed for each file stored in the nonvolatile memory by the channel management table, and the channel management table The information received by referring to the information managed in the command is provided to the application that processes the command, and the application is provided from the operating system. Whether to execute the process for the command is determined based on the information.

  That is, a portable electronic device as one aspect of the present invention performs processing for a command given from an external device, and stores communication means for communicating with the external device through a plurality of channels and a plurality of files. Storage means, management means for managing information indicating a channel being accessed for each file stored in the storage means, and the communication means by referring to the information managed by the management means Providing means for providing information indicating a channel that is being accessed to a file to be accessed by the command received to the application that processes the command, and the application is assigned to the information provided by the providing means and to itself Determining means for determining whether to execute the processing of the command based on the channel; When it is determined that the application does not execute the process of the command, an interruption unit that interrupts the process for the command; and when the application determines that the process of the command is executed, an execution unit that executes the process for the command Have.

  According to the IC card as a portable electronic device as described above, access control in multiple channels can be realized, and the processing contents for the command when another logical channel and the current setting (file being accessed) compete with the application Each can be designed according to the operation mode.

1 is a block diagram schematically showing a hardware configuration of an IC card as a portable electronic device according to an embodiment of the present invention. The figure which shows the file structural example of the data memorize | stored in a non-volatile memory. The schematic diagram for demonstrating the software structure in an IC card. The figure which shows the structural example of the channel management table for managing the access order of a channel. The figure which shows the structural example of the channel management table for managing the access order of a channel. The flowchart for demonstrating the process example with respect to the command in an IC card.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... IC card, 2 ... IC card processing apparatus, 11 ... CPU, 12 ... ROM, 13 ... RAM, 14 ... Communication unit (UART), 15 ... Coprocessor, 16 ... Non-volatile memory, Ca ... Module, C ... Main body 31 ... Hardware layer, 32 ... OS layer, 33 ... Application layer, 41 ... Card OS, 42 ... Logical channel management function, 42a ... Channel management table.

Claims (5)

First storage means for storing an operating system program;
Second storage means for storing an application program;
Third storage means for storing data used in the application program stored in the second storage means;
A portable electronic device comprising: an operating system program stored in the first storage means; and a control means for executing an application program stored in the second storage means,
The operating system program is
A management function for managing information indicating a channel being accessed for each file stored in the third storage unit;
A function for providing information indicating a channel that is accessing the file to an application that attempts to access the specific file by referring to the information managed by the management function;
The application program is
A determination function for determining whether or not the file can be accessed based on information provided from the operating system and a channel assigned to the operating system;
When it is determined that access to the file is impossible by this determination function, an interruption function for interrupting access to the file;
An execution function for executing access to the file when it is determined that access to the file is permitted by the determination function;
A portable electronic device characterized by that. The management function manages information indicating a channel being accessed for each file stored in the second storage unit and an access order of the files to the files,
The providing function is an application that processes the command with information indicating the channel being accessed to the file to be accessed and the access order for each channel by referring to the information managed by the management function To provide,
The portable electronic device according to claim 1, wherein the portable electronic device is a portable electronic device. The determination function determines that access to the file is permitted if the head of the access order for the file to be accessed is a channel assigned to the application.
The portable electronic device according to claim 1, wherein the portable electronic device is a portable electronic device. When the determination function is a process of changing the state of the file to be accessed, if there is another channel that is already being accessed for the file to be accessed, it is determined that access to the file is impossible To
The portable electronic device according to any one of claims 1 to 3, wherein the portable electronic device is any one of the above. When the determination function is a process that does not change the state of the file to be accessed, it is determined that access to the file is permitted regardless of the presence or absence of a channel that is accessing the file to be accessed.
The portable electronic device according to any one of claims 1 to 4, wherein the portable electronic device is any one of the above.

Images