JP2013080397A - Ic chip, processing method in ic chip, processing program for ic chip, and ic card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an IC chip, a processing method in the IC chip, a processing program for the IC chip, and an IC card which reduces processing time by a protection function of data, by protecting the data with an appropriate protection function.SOLUTION: A CPU 6 comprises a "protection function of a non-update region by a card OS" and a "protection function of an update region by a transaction". The "protection function of an update region by a transaction" writes all data stored in a page, to which an update region before update and a non-update region belong, in a backup region regarding all regions in the page as the update region, notifies the card OS that there is no non-update region in the page, and thus inhibits the "protection function of a non-update region by a card OS" from functioning.

Description

  The present invention relates to a technical field such as an apparatus and a method for managing data.

  In a commercial transaction using an IC card, various important data (for example, personal information used for payment processing) stored in a non-volatile memory of an IC chip mounted on the IC card is stored as necessary. It is read, erased, or rewritten with new data.

  This non-volatile memory has the characteristic of retaining data even when power is lost. However, during processing of the IC card, for example, while data is being written to the non-volatile memory, the data being written Can not be guaranteed.

  Specifically, when the IC card is forcibly removed from the reader / writer device by the user while the IC card is inserted into the reader / writer device and data is being written to the nonvolatile memory (so-called “so-called”). In the case of a momentary interruption such as when a contact failure occurs between the terminals of the IC card and the reader / writer device, the processing in the IC card is interrupted and important data in the card May be destroyed.

  For this reason, a general IC card is equipped with a protection function (dedicated protection function) in consideration of instantaneous interruption in order to prevent data destruction due to instantaneous interruption.

  And the protection function which considered the instantaneous interruption mentioned above is provided as a basic function of card | curd OS as a memory manager. Hereinafter, this protection function taking into account the instantaneous interruption is simply referred to as a “non-update area protection function by the card OS”.

  The outline of the “non-update area protection function by the card OS” is to protect the data in the non-update area, which is data other than the data to be updated. After the data is written in the backup area set in the memory), the data is actually updated (including writing). When the update operation is completed, information indicating the successful update is added to the backup area. On the other hand, if the processing is interrupted (instant interruption) during the update, the contents of the backup area are examined immediately after the next activation of the card, and the actual data area ( In this case, data is written back to the non-update area.

  Patent Document 1 discloses a technique for copying only data in a non-update area to another area in advance as a backup target from the viewpoint of reducing the write area and shortening the backup processing time.

  On the other hand, the protection of the update area is provided in the function of the JAVA (registered trademark) card.

  The JAVA card is a well-known technique, and thus detailed description is omitted. However, a JAVA card is an IC card in which a virtual machine is placed on an OS of a general IC card. This makes it possible to create an IC card application. This platform is standardized by JAVA CARD 3.0, for example.

  In the JAVA card, a mechanism called transaction is used to protect the update area. A transaction refers to a mechanism that can take only a state before or after the start of a specific series of processes.

  The “non-update area protection function in the card OS protection function” described above is effective for one update (for example, writing of one data), whereas in the update area protection by this transaction, In one or a plurality of predetermined writings (hereinafter simply referred to as “continuous writing”), it is possible to guarantee continuous writing. This guarantee of continuous writing means that either the state of the update area before the update or the state of the update area after the update can be taken. Hereinafter, protection of an update area in a transaction is simply referred to as “update area protection function by transaction”.

  As an example of the "update area protection function by transaction", in order to be able to take the state of the update area before the update, it is already stored in the area to be updated among the data stored in the nonvolatile memory. Write the stored data to the backup area. If the processing is interrupted during the update, the contents of the backup area are examined immediately after the next activation of the card, and the data written to the backup area is compared with the data that has not been updated. The data is written back to the actual data area (in this case, the update area).

  Further, in the conventional IC card, data is updated in units of pages in the nonvolatile memory, but the capacity (unit) of data stored per page is as small as 1 byte, 2 bytes, or 4 bytes. However, the update (data writing and erasing etc.) time is also short.

  For this reason, the conventional IC card has a “non-update area protection function by the card OS” (function to protect the update area of the storage area) and a “update area protection function by transaction” (a function to protect the non-update area). They are defined separately, and when the IC card updates data, the “non-update area protection function by the card OS” and the “update area protection function by the transaction” function respectively.

JP 2008-134945 A

  However, in recent years, the capacity of the nonvolatile memory has been increased, and the capacity of data stored per page has increased to 128 bytes or 256 bytes. As the capacity of data stored per page increases, the data in the update area and the non-update area to be backed up also expand, and the processing time required for updating and backup increases.

  Furthermore, when the “non-update area protection function by card OS” and the “update area protection function by transaction” function, the processing time required for updating and backup further increases, which impairs user convenience. There is.

  Therefore, the present invention has been made in view of the above points and the like, and in an IC chip having a plurality of data protection functions, the data is protected by an appropriate protection function, so that the processing time by the data protection function is increased. An object of the present invention is to provide an IC chip, an IC chip processing method, an IC chip processing program, and an IC card.

  In order to solve the above problem, the invention described in claim 1 includes a storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and based on an update request, An IC chip that updates data stored in a specified area of a specified page, and is a non-update area that is an area other than the update area of a page to which an update area that is an area for updating the data belongs. First protection means for protecting the data stored in the storage area, and second protection means for protecting the data stored in the update area before the update, wherein the second protection means includes the pre-update Assuming that all the areas of the page to which the update area and the non-update area belong are used as the update area, all the data stored in the page is stored in the storage unit, and there is no non-update area in the page, 1 Wherein the not function safeguards.

  A second aspect of the present invention is the IC chip according to the first aspect, wherein the first protection means is a basic function provided in an operating system that manages the basic operation of the IC chip. The second protection means operates on the operating system and controls the operating system in response to a request from an application that causes the IC chip to execute a predetermined function. It is performed based on.

  The invention according to claim 3 is the IC chip according to claim 1 or 2, wherein the search means for searching whether the page to which the update area belongs is already stored in the storage unit, and When it is not found that the page to which the update area belongs has already been stored in the storage unit, the second protection means stores all the data stored in the page to which the update area belongs. It is characterized in that it is stored and protected in a storage unit.

  The invention according to claim 4 is the IC chip according to any one of claims 1 to 3, and is stored in the storage unit either before or after the start of a specific series of update processing. Monitoring means for monitoring an execution state of a transaction that can protect data, wherein the second protection means updates all areas of the page to which the update area before the update belongs during execution of the transaction. Storing all data stored in the page in the storage unit, notifying the operating system that there is no non-update area in the page, and not causing the first protection means to function. And

  According to a fifth aspect of the present invention, there is provided an IC chip according to any one of the first to fourth aspects, and an IC card base.

  The invention according to claim 6 includes a storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and the specified page of the storage unit is designated based on an update request A processing method in an IC chip for updating data stored in an area, and data stored in a non-update area that is an area other than the update area among pages to which an update area that is an area for updating the data belongs And a second protection step for protecting data stored in the update area before the update, wherein the second protection process includes the update area before the update and The first protection step is based on the assumption that all areas of the page to which the non-update area belongs are set as update areas, all data stored in the page is stored in the storage unit, and no non-update area exists in the page. Wherein the not function.

  The invention according to claim 7 includes a storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and the specified page of the storage unit is designated based on an update request A computer included in an IC chip that updates data stored in an area is stored in a non-update area that is an area other than the update area, out of the pages to which the update area that is the data update area belongs. The first protection means for protecting and the second protection means for protecting the data stored in the update area before the update function. The second protection means includes the update area before the update and the non-update area. All areas of the page to which the page belongs are stored as update areas, all data stored in the page is stored in the storage unit, and there is no non-update area in the page, the first protection Wherein the not function stage.

  The invention according to claim 8 includes a storage unit that is partitioned into one or a plurality of pages, with a predetermined area as one page, and based on an update request, the specified page of the storage unit is specified An IC chip for updating data stored in an area, comprising: search means for searching whether or not a page to which the update area belongs is already stored in the storage unit, and the page to which the update area belongs However, if it is not found that the data is already stored in the storage unit, all data stored in the page to which the update area belongs is stored and protected in the storage unit. .

  According to the present invention, in an IC chip having a plurality of data protection functions, it is possible to reduce the processing time by the data protection function by protecting the data with an appropriate protection function.

It is a block diagram which shows the structure and function outline | summary of the IC card concerning this embodiment. It is a figure which shows typically the software structure of an IC card. It is a flowchart which shows the outline | summary of operation | movement of CPU6 when the protection function of the non-update area | region by card | curd OS is applied. 3 is a conceptual diagram showing a state in which data is stored in a data area of a nonvolatile memory 5. FIG. It is a conceptual diagram which shows the state in which data are memorize | stored in the data area of the non-volatile memory 5 per page. It is a flowchart which shows the outline | summary of operation | movement of CPU6 when the protection function of the update area by a transaction is applied. It is a figure which shows notionally the data updated with an IC card. It is a figure which shows notionally the data updated with an IC card, when the capacity | capacitance of the data memorize | stored per page is large capacity. It is a figure which shows notionally the data structure written in the backup area | region in 1st Embodiment of this application.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the embodiment described below, the present invention is applied to the above-described JAVA card as an example of an IC card. Hereinafter, an IC card corresponding to a JAVA card is simply referred to as an IC card.

[1. IC card hardware configuration and function overview]
First, with reference to FIG. 1, the hardware configuration and functional outline of the IC card of the present application will be described. It is a block diagram which shows the structure and function outline | summary of the IC card concerning this embodiment.

  FIG. 1 is a block diagram showing an outline of the configuration and functions of the IC card according to the present embodiment.

  As shown in FIG. 1, the IC card 8 includes an IC chip 1 on a card base 7.

  The IC chip 1 includes an I / O circuit 2, a ROM (Read Only Memory) 3, a RAM (Random Access Memory) 4, and a non-volatile memory (for example, an EEPROM (Electrically Erasable and Programmable Read) as an example of a storage unit of the present application. Only Memory)) 5, CPU (Central Processing Unit) 6 and the like. Note that data communication with an external device via the I / O circuit 2 may be either a contact method or a non-contact method. The I / O circuit 2 is a processing circuit for data communication with an external device (not shown). The ROM 3 stores a program to be executed by the CPU 6, and the CPU 6 comprehensively controls the IC chip 1 based on this program.

  The programs stored in the ROM 3 include a card OS (an example of the operating system of the present application), a plurality of types of application programs, and an IC chip processing program of the present invention. The IC chip processing program of the present invention may be incorporated as a function of the card OS or application program. Further, these programs may be stored in the nonvolatile memory 5.

  The RAM 4 is a storage area used as a work area for the CPU 6 to control the IC chip 1 in an integrated manner.

  The non-volatile memory 5 is a kind of non-volatile semiconductor memory, and is a PROM (Programmable Rom) that can erase data stored in a storage area and re-store it any number of times.

  In the nonvolatile memory 5 according to the present embodiment, each area is assigned an address, and the predetermined area is defined as one page, and is partitioned into one or a plurality of pages. Based on this address, the CPU 6 can update the data stored in the specified area of the specified page of the storage unit based on the update request.

  The nonvolatile memory 5 has a data area where various data are written (stored) by the CPU 6 and a backup area where backup data is written, as will be described in detail later.

  The CPU 6 comprehensively controls the operation of the entire IC chip 1 based on the program as described above, and updates the data of the designated area of the designated page of the data area as a part of the function, Furthermore, it functions as the first protection means, the second protection means, the search means, the monitoring means, etc. of the present application.

  Note that the update includes not only rewriting data stored at least in the data area but also writing new data.

[2. IC card software configuration and function overview]
Next, the software configuration of the IC card will be described with reference to FIG.

  FIG. 2 is a diagram schematically showing the software configuration of the IC card.

  As shown in FIG. 2, the hardware layer 21 such as the RAM 4, the nonvolatile memory 5, and the CPU 6 constituting the hardware of the IC card is controlled by the card OS of the OS (operating) layer 22.

  The OS layer 22 manages I.I., which manages a virtual machine and an application (applet) including an environment for operating a JAVA card. S. D. Modules such as (Issuer Security Domain) and API that is an applet function are on the card OS, and the application (applet) layer 23 is positioned at the top.

  This card OS is a program for managing the basic operation of the IC card, and is a program that controls each hardware of the hardware layer 21 and operates by receiving information such as processing results from each hardware. is there.

  The above-described “non-update area protection function by the card OS” is provided as a basic function of the card OS as a memory manager.

  This “non-update area protection function by the card OS” causes the CPU 6 to function as the first protection means of the present application, and updates the data stored in the nonvolatile memory 5 based on the control of the card OS of the present application. Of the pages to which the update area that is the area belongs, the data stored in the non-update area that is an area other than the update area is protected.

  The application layer 23 operates on the card OS and includes various applications (application A, application B, etc., which are examples of the application of the present application, hereinafter simply referred to as “applications”) for causing the CPU 6 to execute predetermined functions. Is done.

  The above-described “update function for protecting update area by transaction” is provided as an application function of the application layer 23.

  This "update area protection function by transaction" causes the CPU 6 to function as the second protection means of the present application, and is stored in the update area before update based on the control of the card OS according to the request of the application. Data is protected.

  Here, the details of the “non-update area protection function by the card OS” and the “update area protection function by the transaction” will be described.

  First, an outline of the operation of the CPU 6 when the “non-update area protection function by the card OS” is applied will be described with reference to FIG.

  FIG. 3 is a flowchart showing an outline of the operation of the CPU 6 when the non-update area protection function by the card OS is applied.

  Note that a function (for example, a protection function operation described later) included in the card OS and a function (for example, command processing described later) included in the application are executed by the CPU 6 based on the control of the card OS or application. That is, the operation subject when the function of the card OS and the function of the application are executed is the CPU 6 of the IC card. However, in this embodiment, for convenience of explanation, the operating subject when the function provided in the card OS is executed is the card OS, and the operating subject when the function provided in the application is executed is the application.

  First, when the card OS (CPU 6) receives a command, for example, via the I / O circuit 2 (step S101), the card OS determines to which application the received command is to be passed (step S102). Then, the card OS passes the received command to the determined application. Upon obtaining the command (step S103), the application (CPU 6) processes the command (for example, command interpretation) (step S104), and updates data in the nonvolatile memory 5 if necessary (nonvolatile memory 5). (Step S105).

  Updating the data in the nonvolatile memory 5 (writing to the nonvolatile memory 5) is a part of the function provided by the card OS, so in fact, the card OS is requested to update (step). To S106).

  Here, with reference to FIG. 4 and FIG. 5, the update of the data memorize | stored in the general non-volatile memory 5 is demonstrated.

  4 is a conceptual diagram showing a state where data is stored in the data area of the nonvolatile memory 5, and FIG. 5 is a conceptual diagram showing a state where data is stored in the data area of the nonvolatile memory 5 in units of pages. .

  In general, the data in the nonvolatile memory of the IC card is updated after initialization.

  Specifically, this update refers to writing the value of data stored in the data area of the nonvolatile memory in one direction from 0 to 1, or from 1 to 0. In the nonvolatile memory, the initial value is always determined to be 0 or 1. That is, this update means writing a value to 1 when the initial state is 0, and writing a value to 0 when the initial state is 1.

  If you want to write a value of 0 for something that is not in the initial state value, for example, the value of the initial state is 0 and the value of 1 is written in the area, it is more initial than writing The concept is to return (clear) the state.

  Here, this writing will be described with reference to FIG. 4. When a value of 0xAA is written in the data area (storage area) of the nonvolatile memory (FIG. 4A), a value of 0x55 is written. Is written (FIG. 4C), initialization is performed and the initial value is returned to 0xFF (FIG. 4B). In addition, since a value of 0 is written to a place where the value must be set to 0 again, the writing operation involves a two-stage operation of erasing and writing data once. .

  At this time, assuming that the area initialized at one time is one page, when the update area X (area in which data is written) covers three pages as shown in FIG. 5, the data in the nonvolatile memory is updated as described above. Since initialization is performed once, all data of page A, page B, and page C are erased once.

  This page A and page C include data Y (non-update area) other than update data, but are erased only on a page basis, so the data stored in this non-update area is subject to erasure, Data that originally existed will be erased.

  If an instantaneous interruption occurs during this process, that is, when the non-update area is erased, the data in the non-update area remains erased (0xFF). The above-mentioned “non-update area protection function by the card OS” is to protect such a non-update area, that is, to restore the state before being erased.

  Specifically, in FIG. 5, data Y in the non-update area is stored in page A and page C. Therefore, the data to be protected is data Y. Accordingly, page A and page C are written as protection targets (backup targets) in page units, for example, in a backup area. Hereinafter, data written in the backup area as a protection target is referred to as backup data.

  In this way, the non-update area is protected by the “non-update area protection function by the card OS”.

  Returning to the description of the flowchart of FIG. 3, the card OS uses this protection function to perform an update in preparation for an instantaneous interruption (step S106).

  If there is remaining processing, the application processes the command (step S107), and the response data is transmitted to the card OS, so the response data is notified to the card OS (step S108). When the card OS acquires the response data (step S109), for example, the card OS transmits the response data to an external device (such as a reader / writer device) (step S110).

  Next, with reference to FIG. 6, an outline of the operation of the CPU 6 in the case where the “update area protection function by transaction” is applied will be described.

  FIG. 6 is a flowchart showing an outline of the operation of the CPU 6 in the case where the “update area protection function by transaction” is applied.

  As described above, the “update area protection function by transaction” is realized by a transaction, and this transaction is provided as a function of the application, for example.

  Explaining this "transaction area protection function by transaction", consider a case where three consecutive writes (write 1, write 2, write 3) are performed to a nonvolatile memory in a certain command process. . It is assumed that writing 1 and writing 2 are defined as continuous writing.

  In this case, as the “update area protection function by transaction”, the write 1 and the write 2 are the states of the update area before updating both the write 1 and the write 2 or the write 1 Any state of the update area after updating both write 2 is guaranteed.

  Specifically, when an interruption such as extraction occurs in the middle of writing 2, the state is returned to the state of the update area of writing 1 and writing 2 before writing 1 is performed. On the other hand, the write 3 is not defined as a predetermined write and is not included in the guarantee of continuous writing. Therefore, even if a momentary interruption such as drawing occurs in the middle of the writing 3, it only returns to the state before the writing 3 is written.

  Here, the flowchart of FIG. 6 will be described.

  In the flowchart shown in FIG. 6, it is assumed that writing 1 and writing 2 are defined as continuous writing. This continuous writing can be assumed, for example, in the case of registering the card OS with a name and a member number having a relevance in member registration. Registration of name and member number in member registration can be assumed to be related processing, and is defined as continuous writing in order to manage these registrations in an integrated manner.

  As an explanation of the flowchart shown in FIG. 6, first, when the card OS receives a command via, for example, an interface (step S201), the card OS determines to which application the received command is to be passed. Then, the card OS passes the received command to the determined application (step S202). When the application acquires the command (step S203), the application processes the command (for example, interprets the command) (step S204).

  If the application determines that the acquired command is a write command defined as continuous writing, the application instructs the card OS to start a transaction function called “Begin transaction” (step S205). ).

  This transaction function refers to the update area protection function by the above-described transaction, and guarantees the above-mentioned continuous writing to the card OS. Hereinafter, the state in which continuous writing is guaranteed by the card OS is referred to as “transaction start”.

  In the state of “transaction start” by the card OS (step S206), the data in the area (update area) in which writing 1 (step S207) and writing 2 (step S209) as continuous writing are written is backed up. (Copied in advance to another area). When the transaction function is in a “Commit transaction” state (step S211), the card OS stops the transaction function (step S212).

  As an example of the processing of the application and the card OS in steps S205 to S212, if a momentary interruption such as withdrawal occurs during writing 1 (step S207) and writing 2 (step S209), “transaction start” If the transaction function is in the “Commit transaction” state before the transaction function is completed, the transaction function is terminated (transaction function / protection in steps S208 and S209). Functional operation.)

  Here, the state before “transaction start” means that the data in the area to which the backed-up writing 1 and writing 2 are written is read, for example, written in the data area. The state before “transaction start” means that data written in the data area is maintained after writing 1 and writing 2 are written (that is, after updating).

  Next, if there is another received command, the application processes the command (step S213). Here, a case where a write command not defined as continuous writing is executed as the command processing B will be described.

  In this case, the “update area protection function by transaction” does not work, and the normal “non-update area protection function by card OS” works.

  Then, the application requests the card OS to write (step S214). The card OS uses this protection function to perform writing in preparation for an instantaneous interruption (protection function operation in step S215).

  Then, when the processing is completed, the application notifies the card OS of response data (step S216). When the card OS acquires the response data (step S217), for example, the card OS transmits the response data to an external device (a reader / writer device or the like) (step S218).

  As described above, in the conventional IC card, “a function for protecting the non-update area by the card OS” (function for protecting the update area of the storage area) and “a function for protecting the update area by the transaction” (function for protecting the non-update area) ) Was defined separately.

  In the conventional IC card, when the IC card updates data, the “non-update area protection function by card OS” and the “update area protection function by transaction” function, respectively.

  Here, with reference to FIG. 7, the details of the operation of the CPU 6 when the “non-update area protection function by the card OS” and the “update area protection function by the transaction” function respectively will be described.

  FIG. 7 is a diagram conceptually showing data updated by the IC card.

  In FIG. 7, the data area of the nonvolatile memory 5 is conceptually shown. In FIG. 7, the data area of the non-volatile memory 5 of the IC card divided into a plurality of pages, where an area divided into two blocks with 1 byte as one block is defined as one page (for example, Page-a). It is shown. In FIG. 7, Page-a to Page-e are shown as an example of a plurality of pages.

  A case where A) Write 1, B) Write 2, and C) Write 3 are performed as updates to the nonvolatile memory 5 will be described.

  These writings are to update data stored in a specified area (first block or second block) of a specified page (Page-a or the like) of the nonvolatile memory 5. Further, it is assumed that writing 1 and writing 2 are defined as the continuous writing described above.

  Specifically, write 1 is a 2-byte area write (see 11 and 12 in FIG. 7) over two pages from the second block of Page-a to the first block of Page-b, and write 2 is Page-c Write the 2-byte area for the whole (see 21 and 22 in FIG. 7), and write 3 writes the 3-byte area for 2 pages from the second block of Page-d to the entire Page-e (see FIG. 7). 31, 32, and 33).

A) About Write 1 A-1) About “Protection Function for Update Area by Transaction” Since Write 1 and Write 2 are defined as continuous writes, the above-mentioned “Protect function for update area by transaction” operates. In this case, the application can acquire the state of the update area of the write 1 and the write 2 before the write 1 is executed. Therefore, the page is started from the second block of the page-a before the write 1 is executed. The data stored up to the first block of -b is backed up.

  Specifically, for example, the application stores data (refer to 11 and 12 in FIG. 7) stored in the RAM 4 from the second block of Page-a to the first block of Page-b before writing 1 is performed. Is temporarily stored, and then the data is written to the card OS in the backup area.

A-2) “Protection function of non-update area by card OS” Next, “Protection function of non-update area by card OS” works. Specifically, the card OS performs the following operations a) to j).

  a) First, the card OS writes the data stored in the Page-a to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-a. For convenience of explanation, the data written in the RAM 4 is referred to as Page-aR.

  b) Next, the card OS backs up the Page-aR. Specifically, the card OS writes Page-aR into the backup area set in the nonvolatile memory 5.

  c) Next, the card OS writes the data to be written in the write 1 in the second block of Page-aR (updates the data 11 in FIG. 7). That is, the card OS updates the Page-aR stored in the RAM 4.

  d) Next, the card OS writes the updated Page-aR into the Page-a of the nonvolatile memory 5. That is, the card OS updates Page-a stored in the nonvolatile memory 5.

  e) Next, the card OS erases the Page-aR written in the backup area.

  f) Next, the card OS writes the data stored in the Page-b to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-b. For convenience of explanation, the data written in the RAM 4 is referred to as Page-bR.

  g) Next, the card OS backs up the Page-bR. Specifically, the card OS writes Page-bR into the backup area.

  h) Next, the card OS writes the data to be written in the write 1 in the first block of the Page-bR (updates the data 12 in FIG. 7). That is, the card OS updates the Page-bR stored in the RAM 4.

  i) Next, the card OS writes the updated Page-bR into the Page-b of the nonvolatile memory 5. That is, the card OS updates Page-b stored in the nonvolatile memory 5.

  j) Next, the card OS erases the Page-bR written in the backup area.

  Thus, writing 1 is performed.

B) Regarding Write 2 B-1) “Protection Function for Update Area by Transaction” Similarly, since Write 2 is also defined as continuous write, the above-mentioned “Protection Function for Update Area by Transaction” operates. In this case, the application can store the states of the update areas of the write 1 and the write 2 before the write 1 is executed, so that it is stored in all of the Page-c before the write 2 is executed. Back up your data.

  Specifically, for example, the application temporarily stores the data (data 21 and 22 in FIG. 7) stored in Page-c before the writing 1 is performed in the RAM 4, and stores the data in the backup area. Are written in the card OS.

B-2) “Protection function of non-update area by card OS” Since all data stored in Page-c is to be updated in Write 2, there is no non-update area in Page-c. Therefore, the “non-update area protection function by the card OS” does not work. In this case, the card OS performs the following operations a) to c).

  a) First, the card OS writes the data stored in the Page-c to the RAM 4 in units of pages. For convenience of explanation, the data written in the RAM 4 is referred to as Page-cR. Here, for example, Page-aR and Page-bR are not backed up in “A-2)“ Protection function of non-update area by card OS ”, and Page-cR is not backed up.

  b) Next, the card OS writes the data to be written in the write 2 to the Page-cR (updates the data 21 and 22 in FIG. 7). That is, the card OS updates the Page-cR stored in the RAM 4.

  c) Next, the card OS writes the updated Page-cR into the Page-c of the nonvolatile memory 5. That is, the card OS updates Page-c stored in the nonvolatile memory 5.

  Thus, writing 2 is performed.

  Then, when the writing 2 is performed, the “update area protection function by transaction” is completed. Therefore, the card OS deletes the data (11, 12, 21, and 22 in FIG. 7) stored in the page-c from the page-a before the writing 1 stored in the backup area is performed. To do.

C) About Write 3 C-1) “Protection Function for Update Area by Transaction” Since Write 3 is not defined as a continuous write, the above-mentioned “Protection Function for Update Area by Transaction” does not work, and “Card Only the OS non-update area protection function "works.

C-2) “Protection function of non-updated area by card OS” Specifically, the card OS performs the following operations a) to h).

  a) First, the card OS writes the data stored in the Page-d to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-d. For convenience of explanation, the data written in the RAM 4 is referred to as Page-dR.

  b) Next, the card OS backs up the Page-dR. Specifically, the card OS writes Page-dR into the backup area set in the nonvolatile memory 5.

  c) Next, the card OS writes the data to be written in the write 2 in the second block of Page-dR (updates the data 21 and 22 in FIG. 7). That is, the card OS updates the Page-dR stored in the RAM 4.

  d) Next, the card OS writes the updated Page-dR into the Page-d of the nonvolatile memory 5. That is, the card OS updates Page-d stored in the nonvolatile memory 5.

  e) Next, the card OS erases the Page-dR written in the backup area.

  Further, when updating the data stored in Page-e in Write 3, all data stored in Page-e are to be updated, and therefore there is no non-update area in Page-e. Therefore, the “non-update area protection function by the card OS” does not work. In this case, the card OS performs the following operations f) to h).

  f) First, the card OS writes the data stored in the Page-e to the RAM 4 in units of pages. For convenience of explanation, the data written in the RAM 4 is referred to as Page-eR.

  g) Next, the card OS writes the data to be written in the write 3 to the Page-eR. That is, the card OS updates the Page-eR stored in the RAM 4.

  Here, Page-eR is not backed up.

  h) Next, the card OS writes the updated Page-eR into the Page-e of the nonvolatile memory 5. That is, the card OS updates Page-e stored in the nonvolatile memory 5.

  Thus, writing 3 is performed.

  In addition, the capacity of data stored per page of the nonvolatile memory 5 may be as large as 128 bytes or 256 bytes. As the capacity of data stored per page increases, the number of cases in which updates within the same page continue or updates across a plurality of pages increase.

  Here, referring to FIG. 8, when the capacity of data stored per page is large, “non-update area protection function by card OS” and “update area protection function by transaction” are provided. Details of the operation of the CPU 6 in the case of functioning will be described.

  FIG. 8 is a diagram conceptually showing data updated by the IC card when the capacity of data stored per page is large.

  In FIG. 8, the area | region of the non-volatile memory 5 is shown notionally. In FIG. 8, the non-volatile memory 5 of the IC card divided into a plurality of pages is shown with an area divided into 256 blocks with 1 byte as one block and one page (for example, Page-x etc.). ing. In FIG. 8, Page-x and Page-y are shown as an example of a plurality of pages.

  A case where A) Write 1, B) Write 2, and C) Write 3 are performed as updates to the nonvolatile memory 5 will be described.

  These writings are to update data stored in a specified area (first block or second block) of a specified page (Page-x, etc.) of the nonvolatile memory 5. Further, it is assumed that writing 1 and writing 2 are defined as the continuous writing described above.

  Specifically, the write 1 is a 2-byte area write (see 11 and 12 in FIG. 8) with respect to two consecutive blocks in the Page-x area, and the write 2 is a Page-x 256 block. The writing of 2 bytes area (see 21 and 22 in FIG. 8) over two pages from the first to the first block of Page-y is performed, and the writing 3 is 3 bytes for 3 consecutive blocks in the Page-y area. It is assumed that the writing of these areas (see 31, 32 and 33 in FIG. 8) is performed, respectively.

A) About Write 1 A-1) About “Protection Function for Update Area by Transaction” Since Write 1 and Write 2 are defined as continuous writes, the above-mentioned “Protect function for update area by transaction” operates. In this case, the application can obtain the state of the update areas of the write 1 and the write 2 before the write 1 is executed, so that the page-x area, which is the data before the write 1 is executed, can be obtained. Data stored in two consecutive blocks (see 11 and 12 in FIG. 8) is backed up.

  Specifically, for example, the application temporarily stores the data stored in two consecutive blocks in the area of Page-x before the writing 1 is performed in the RAM 4, and stores the data in the backup area. Write to the card OS.

A-2) “Protection function of non-update area by card OS” Next, “Protection function of non-update area by card OS” works. Specifically, the card OS performs the following operations a) to j).

  a) First, the card OS writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-x. For convenience of explanation, the data written in the RAM 4 is referred to as Page-xR.

  b) Next, the card OS backs up the Page-xR. Specifically, the card OS writes Page-xR into the backup area set in the nonvolatile memory 5.

  c) Next, the card OS writes the data to be written in the write 1 in two consecutive blocks in the Page-xR area (updates the data 11 and 12 in FIG. 8). That is, the card OS updates Page-xR stored in the RAM 4.

  d) Next, the card OS writes the updated Page-xR into the Page-x of the nonvolatile memory 5. That is, the card OS updates Page-a stored in the nonvolatile memory 5.

  e) Next, the card OS erases the Page-xR written in the backup area.

  Thus, writing 1 is performed.

B) Regarding Write 2 B-1) “Protection Function for Update Area by Transaction” Similarly, since Write 2 is also defined as continuous write, the above-mentioned “Protection Function for Update Area by Transaction” operates. Therefore, the application stores the data (updates data 21 and 22 in FIG. 8) stored in the RAM 4 from the 256th block of Page-x to the first block of Page-y before writing 1 is performed. Is temporarily stored, and then the data is written to the backup area set in the nonvolatile memory 5.

B-2) “Protection function of non-update area by card OS” Next, “Protection function of non-update area by card OS” works. Specifically, the card OS performs the following operations a) to i).

  a) First, the card OS writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-x. For convenience of explanation, the data written in the RAM 4 is referred to as Page-xR.

  b) Next, the card OS backs up the Page-xR. Specifically, the card OS writes Page-xR into the backup area set in the nonvolatile memory 5.

  c) Next, the card OS writes the data to be written in the write 2 in the 256 block of Page-xR (updates the data 21 in FIG. 8). That is, the card OS updates Page-xR stored in the RAM 4.

  d) Next, the card OS writes the updated Page-xR into the Page-x of the nonvolatile memory 5. That is, the card OS updates Page-a stored in the nonvolatile memory 5.

  e) Next, the card OS erases the Page-xR written in the backup area.

  f) Next, the card OS writes the data stored in Page-b to the RAM 4 in units of pages in order to protect the data in the non-update area in Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  g) Next, the card OS backs up the Page-yR. Specifically, the card OS writes Page-yR in the backup area.

  h) Next, the card OS writes the data to be written in the write 2 in the first block of Page-yR (updates the data 22 in FIG. 8). That is, the card OS updates the Page-yR stored in the RAM 4.

  i) Next, the card OS writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the card OS updates Page-y stored in the nonvolatile memory 5.

  Thus, writing 2 is performed.

  Then, when the writing 2 is performed, the “update area protection function by transaction” is completed. Accordingly, the card OS erases the data (11, 12, 21, and 22 in FIG. 8) in the update area stored in Page-y from Page-x before the execution of Write 1 stored in the backup area. To do.

C) About Write 3 C-1) “Protection Function for Update Area by Transaction” Since Write 3 is not defined as continuous write, the above-mentioned “Protection Function for Update Area by Transaction” does not work, and “Card Only the OS non-update area protection function "works.

C-2) “Protection function of non-updated area by card OS” Specifically, the card OS performs the following operations a) to e).

  a) First, the card OS writes the data stored in the Page-y to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  b) Next, the card OS backs up the Page-yR. Specifically, the card OS writes Page-yR into the backup area set in the nonvolatile memory 5.

  c) Next, the card OS writes the data (31, 32, and 33 in FIG. 8) to be written in the write 3 in the second block of Page-yR. That is, the card OS updates the Page-yR stored in the RAM 4.

  d) Next, the card OS writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the card OS updates Page-y stored in the nonvolatile memory 5.

  e) Next, the card OS erases the Page-yR written in the backup area.

  Thus, writing 3 is performed.

[3. First embodiment]
As described above, in the “non-update area protection function by the card OS” and the “update area protection function by transaction”, the update target is set for each update (for example, for each write 1 or write 2). The data in the non-update area and the update area of the page to which the data belongs is backed up. Accordingly, when continuous individual updates are performed on the data stored in the same page, the same page is backed up redundantly. In addition, when one update (for example, only the above-described write 1) is performed on data stored in adjacent pages, the data in the non-update area and the update area for two pages are backed up. . When the capacity of data stored per page in the nonvolatile memory is a large capacity of 128 bytes or 256 bytes, processing for page operations such as writing to the RAM 4 and the nonvolatile memory 5, backup, and erasing are very heavy. (Increases the processing load on the CPU 6 and the like).

  Therefore, in the present embodiment, in the IC card 8 in which the “non-update area protection function by the card OS” and the “update area protection function by the transaction” work, the “non-update area protection function by the card OS” and the “transaction” "Update area protection function by".

  As described above, in the “non-update area protection function by the card OS”, when there is no non-update area in the page (when all data of the page is updated), the “non-update area protection function by the card OS” Does not work. Further, in the “update area protection function by transaction”, the data to be backed up is only the data in the update area in the page.

  Therefore, paying attention to the above points, the application notifies the card OS that all the data stored in the page is to be updated in the page to be updated, and the “non-update area protection function by the card OS” "Will not work. The application backs up all data (all pages) stored in the page to be updated.

  Specifically, under the control of the IC chip processing program of the present invention, the CPU 6 as the second protection means uses all areas of the page to which the update area and the non-update area before update belong as the update area. All data stored in the memory is written (stored) in the nonvolatile memory 5 and the card OS is notified that there is no non-update area in the page, and the “non-update area protection function by the card OS” function It is supposed not to let you. Hereinafter, this operation is referred to as “transaction function / protective writing”.

  As a result, only one backup process is performed, so that the processing time by the data protection function can be shortened.

  Here, with reference to FIG. 8, the details of the operation of the CPU 6 when “transaction function / protective writing” is applied will be described.

  Here, the operation subject when the function of the above-described IC chip processing program of the present invention is executed will be described as the CPU 6.

  In the example described here, A) Write 1, B) Write 2, and C) Write 3 are performed as updates to the nonvolatile memory 5 defined in FIG. It is assumed that the same conditions as those defined in FIG. 8 are applied (for example, defined as continuous writing described above).

A) Write 1 “Transaction function / protective write” works. Specifically, the CPU 6 performs the following operations a) to d).

  a) First, the CPU 6 writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect all the data stored in the Page-x. For convenience of explanation, the data written in the RAM 4 is referred to as Page-xR.

  In this case, the CPU 6 writes all the data stored in the Page-x to be updated in the writing 1 to the RAM 4 and then writes it in the nonvolatile memory 5, so that all the data stored in the Page-x is written. And the card OS is notified that there is no non-update area.

  Upon receiving this notification, the card OS does not allow the “non-update area protection function by the card OS” to function.

  b) Next, the CPU 6 backs up the Page-xR. Specifically, the CPU 6 writes Page-xR into the backup area set in the nonvolatile memory 5.

  c) Next, the CPU 6 writes the data to be written in the write 1 into two consecutive blocks in the Page-xR area (updates the data 11 and 12 in FIG. 8). That is, the CPU 6 updates the Page-xR stored in the RAM 4.

  d) Next, the CPU 6 writes the updated Page-xR into the Page-x of the nonvolatile memory 5. That is, the CPU 6 updates the Page-x stored in the nonvolatile memory 5.

  Thus, writing 1 is performed.

B) Write 2 "Transaction function / Protected write" works. Specifically, the CPU 6 performs the following operations a) to h).

  a) First, the CPU 6 writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect all the data stored in the Page-x.

  Note that the data stored in the page-x written here is the data updated by the above-described writing 1 (the data 11 and 12 in FIG. 8 are updated). Therefore, the above-mentioned A) Write 1 is data different from Page-x written in the RAM 4 in a). Hereinafter, for convenience of explanation, B) Write 2 is referred to as “page-x ′” as all data stored in Page-x in a), and “Page-x′R” as data written to the RAM 4.

  b) Next, the CPU 6 backs up the Page-x′R. Specifically, the CPU 6 writes Page-x′R to the backup area set in the nonvolatile memory 5.

  c) Next, the CPU 6 writes the data to be written in the write 2 in the 256 block of Page-x′R (updates the data 21 in FIG. 8). That is, the card OS updates Page-x′R stored in the RAM 4.

  d) Next, the card OS writes the updated Page-x′R into the Page-x ′ of the nonvolatile memory 5. That is, the card OS updates Page-a stored in the nonvolatile memory 5.

  e) Next, the CPU 6 writes the data stored in the Page-b to the RAM 4 in units of pages in order to protect the data in the non-update area in the Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  f) Next, the CPU 6 backs up the Page-yR. Specifically, the CPU 6 writes Page-yR in the backup area.

  g) Next, the CPU 6 writes the data to be written in the write 2 in the first block of Page-yR (updates the data 22 in FIG. 8). That is, the CPU 6 updates the Page-yR stored in the RAM 4.

  h) Next, the CPU 6 writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the CPU 6 updates the Page-y stored in the nonvolatile memory 5.

  Thus, writing 2 is performed.

  Then, when the writing 2 is performed, the “update area protection function by transaction” is completed.

  Therefore, the CPU 6 stores in the Page-xR, which is all data stored in the Page-x before the writing 1 stored in the backup area, and the Page-x ′ before the writing 2 is performed. All of the data, Page-x′R, which is all data, and Page-yR, which is all the data stored in Page-y before execution of writing 2, are deleted.

C) Write 3 “Transaction function / Protected write” works. Specifically, the CPU 6 performs the following operations a) to e).

  a) First, the CPU 6 writes the data stored in the Page-y to the RAM 4 in page units in order to protect all the data stored in the Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  b) Next, the CPU 6 backs up the Page-yR. Specifically, the CPU 6 writes Page-yR to the backup area set in the nonvolatile memory 5.

  c) Next, the CPU 6 writes the data (31, 32, and 33 in FIG. 8) to be written in the write 3 in the second block of Page-yR. That is, the CPU 6 updates the Page-yR stored in the RAM 4.

  d) Next, the CPU 6 writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the CPU 6 updates the Page-y stored in the nonvolatile memory 5.

  e) Next, the CPU 6 erases the Page-yR written in the backup area.

  Thus, writing 3 is performed.

  It should be noted that the above-described “transaction function / protective writing” may be performed during writing defined as continuous writing (that is, while the transaction is being executed).

  In this case, the CPU 6 as the monitoring unit monitors the execution state of the transaction, that is, whether or not writing defined as continuous writing is being performed.

  Then, the CPU 6 operates the “transaction function / write with protection function” while the write defined as the continuous write is being performed.

  As described above, the IC chip 1 according to the present embodiment includes the nonvolatile memory 5 that is partitioned into one or a plurality of pages with a predetermined area as one page, and the nonvolatile memory 5 is based on the update request. Is a basic function of the card OS that updates the data stored in the specified area of the specified page and manages the basic operation of the IC chip, based on the control of the card OS, Of the pages to which the update area, which is an area for updating the data, belongs, a “non-update area protection function by the card OS” for writing data stored in a non-update area, which is an area other than the update area, Based on the control of the card OS in response to a request from an application that operates on the card OS and causes the CPU 6 to execute a predetermined function, the update before update is performed. The "update area protection function by transaction" that writes the data stored in the area to the backup area, and the "update area protection function by transaction" are all the pages to which the update area and the non-update area before the update belong As an update area, all data stored in the page is written into the backup area, and the card OS is notified that there is no non-update area in the page. Since the “protection function” is configured not to function, unnecessary backup processing is not performed by backing up the data with an appropriate protection function, so that the processing time by the data protection function can be shortened.

  In the above-described example, the “transaction function / protection function write” has been described as being executed by the CPU 6 under the control of the IC chip processing program. However, the present invention is not limited to this. “Write” may be executed by an application that causes the CPU 6 to execute the “protection function of update area by transaction”.

[4. Second Embodiment]
Next, Example 2 of the present application will be described with reference to FIGS.

  The second embodiment is different from the first embodiment in that it is searched whether or not the backup data of the same page as the page to be updated is already written. It is a point that a configuration not writing backup data of pages to be updated is added. Hereinafter, this configuration is referred to as a “backup search function”.

  First, data written to the backup area in the first embodiment of the present application will be described with reference to FIG.

  FIG. 9 is a diagram conceptually showing a data structure written in the backup area in the first embodiment of the present application.

  In addition, the part which fulfill | performs at least the same function as 1st Embodiment already demonstrated is attached | subjected the same code | symbol, and the overlapping description and drawing are abbreviate | omitted.

  As shown in FIG. 9, the data written in the backup area in the first embodiment is referred to as b) for Page-xR (A) writing 1 as the backup data of Page-x) and Page-x ′ (FIG. 9). 8 and 11 and 12 are updated) (see b) for page-x′R (B) write 2 as backup data) and page-yR (B) write 2 as page-y backup data b) see 3).

  Here, what is guaranteed as the “update area protection function by transaction” is the state of the update area before both writing 1 and writing 2 are updated, as a guarantee of continuous writing.

  For example, when an interruption occurs in writing 1, Page-xR and Page-yR are written in the nonvolatile memory 5 as the state of the update area before updating both writing 1 and writing 2. It becomes.

  Here, it is noted that Page-xR is the same page as Page-xR, and that Page-x′R is backup data that can be omitted when the “function for protecting update area by transaction” is performed.

  Therefore, in the second embodiment of the present application, the CPU 6 serving as a search unit refers to whether or not the page to which the update area belongs has already been written (stored) in the backup area with reference to the backup management area. If it is not found that the page to which the update area belongs has already been written in the backup area, the CPU 6 as the second protection means stores it in the page to which the update area belongs. All data is stored in the backup area.

  Details of the operation of the CPU 6 when the “backup search function” is applied will be described with reference to FIGS. 8 and 9.

  In the example described here, A) Write 1, B) Write 2, and C) Write 3 are performed as updates to the nonvolatile memory 5 defined in FIG. It is assumed that the same conditions as those defined in FIG. 8 are applied (for example, defined as continuous writing described above).

A) Write 1 “Transaction function / protective write” works. Specifically, the CPU 6 performs the following operations a) to d).

  a) First, the CPU 6 writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect all the data stored in the Page-x. For convenience of explanation, the data written in the RAM 4 is referred to as Page-xR.

  In this case, the CPU 6 writes all the data stored in the Page-x to be updated in the writing 1 to the RAM 4 and then writes it in the nonvolatile memory 5, so that all the data stored in the Page-x is written. As in the first embodiment, the card OS is notified that the non-update area does not exist.

  Upon receiving this notification, the card OS does not allow the “non-update area protection function by the card OS” to function.

  b) Next, the CPU 6 backs up the Page-xR. Specifically, the CPU 6 writes Page-xR into the backup area set in the nonvolatile memory 5.

  c) Next, the CPU 6 writes the data to be written in the write 1 into two consecutive blocks in the Page-xR area (updates the data 11 and 12 in FIG. 8). That is, the CPU 6 updates the Page-xR stored in the RAM 4.

  d) Next, the CPU 6 writes the updated Page-xR into the Page-x of the nonvolatile memory 5. That is, the CPU 6 updates the Page-x stored in the nonvolatile memory 5.

  Thus, writing 1 is performed.

B) Write 2 "Transaction function / Protected write" works. Specifically, the CPU 6 performs the following operations a) to g).

  a) First, the CPU 6 writes the data stored in the Page-x to the RAM 4 in units of pages in order to protect all the data stored in the Page-x.

  Here, the CPU 6 refers to the backup management area and searches whether Page-x as a page to which the update area belongs is already stored in the backup area.

  Here, it is shown that Page-x backup data is already stored in the backup management area in b) for A) Write 1.

  Therefore, the CPU 6 does not write the backup data of Page-x ′ updated by writing 1 (data updated in 11 and 12 in FIG. 8) which is data stored in the current Page-x. .

  b) Next, the CPU 6 writes the data to be written in the write 2 in the 256 block of Page-x′R (updates the data 21 in FIG. 8). That is, the CPU 6 updates Page-x′R stored in the RAM 4.

  c) Next, the card OS writes the updated Page-x′R into the Page-x ′ of the nonvolatile memory 5. That is, the card OS updates Page-a stored in the nonvolatile memory 5.

  d) Next, the CPU 6 writes the data stored in the Page-b to the RAM 4 in page units in order to protect the data in the non-update area in the Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  e) Next, the CPU 6 backs up the Page-yR. Specifically, the CPU 6 writes Page-yR in the backup area.

  f) Next, the CPU 6 writes the data to be written in the write 2 in the first block of Page-yR (updates the data 22 in FIG. 8). That is, the CPU 6 updates the Page-yR stored in the RAM 4.

  g) Next, the CPU 6 writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the CPU 6 updates the Page-y stored in the nonvolatile memory 5.

  Thus, writing 2 is performed.

  Then, when the writing 2 is performed, the “update area protection function by transaction” is completed.

  Therefore, the CPU 6 stores in the Page-xR, which is all data stored in the Page-x before the writing 1 stored in the backup area, and the Page-x ′ before the writing 2 is performed. All of the data, Page-x′R, which is all data, and Page-yR, which is all the data stored in Page-y before execution of writing 2, are deleted.

C) Write 3 “Transaction function / Protected write” works. Specifically, the CPU 6 performs the following operations a) to e).

  a) First, the CPU 6 writes the data stored in the Page-y to the RAM 4 in page units in order to protect all the data stored in the Page-y. For convenience of explanation, the data written in the RAM 4 is referred to as Page-yR.

  b) Next, the CPU 6 backs up the Page-yR. Specifically, the CPU 6 writes Page-yR to the backup area set in the nonvolatile memory 5.

  c) Next, the CPU 6 writes the data (31, 32, and 33 in FIG. 8) to be written in the write 3 in the second block of Page-yR. That is, the CPU 6 updates the Page-yR stored in the RAM 4.

  d) Next, the CPU 6 writes the updated Page-yR into the Page-y of the nonvolatile memory 5. That is, the CPU 6 updates the Page-y stored in the nonvolatile memory 5.

  e) Next, the CPU 6 erases the Page-yR written in the backup area.

  Thus, writing 3 is performed.

  As described above, the IC chip 1 according to the present embodiment refers to the backup management area to search whether the page to which the update area belongs has already been written in the backup area, and the page to which the update area belongs. However, if it is not found that the data has already been written in the backup area, the CPU 6 is configured to store all data stored in the page to which the update area belongs in the backup area. Since backup processing is not performed, the processing time can be shortened by the data protection function.

  In the above-described example, the “backup search function” is applied in “transaction function / write with protection function”. However, the present invention is not limited to this, and the “backup search function” is made to function independently. May be.

  Specifically, when a normal update request is input, the CPU 6 searches whether the page to which the update area indicated in the update request belongs is already stored in the backup area, and the page to which the update area belongs. However, if it is not found that the data is already stored in the backup area, all data stored in the page to which the update area belongs may be stored in the backup area.

  In the above-described example, the “update area protection function by transaction” that causes the CPU 6 to function as the second protection function of the present application has been described as a function included in the application. Can take form. For example, the above-mentioned “update function for updating area by transaction” may be a function provided in the card OS, or newly provided in the virtual machine (see FIG. 2) or the OS layer 22 (see FIG. 2). You may make it prepare for a module.

  Similarly, the “non-update area protection function by the card OS” that causes the CPU 6 to function as the first protection function of the present application has been described as a function provided in the card OS. Can be taken. For example, the above-mentioned “function for protecting the non-update area by the card OS” may be a function provided by the application, or newly provided in the virtual machine (see FIG. 2) or the OS layer 22 (see FIG. 2). It may be provided for a module to be provided.

  In the above embodiment, the IC card 8 corresponding to the JAVA card is applied. However, the present invention is not limited to this, and various IC cards can be used as long as the application can execute an application that executes a predetermined function on the card OS. can do.

1 IC chip 2 I / O circuit 3 ROM
4 RAM
5 Nonvolatile memory 6 CPU
7 Card base 8 IC card

Claims (8)

A storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and updates data stored in a specified area of a specified page of the storage unit based on an update request An IC chip,
A first protection unit that protects data stored in a non-update area that is an area other than the update area of a page to which an update area that is an area for updating the data belongs;
Second protection means for protecting data stored in the update area before the update;
With
The second protection means includes
Assume that all areas of the page to which the update area and the non-update area before the update belong are set as update areas, all data stored in the page is stored in the storage unit, and there is no non-update area in the page The IC chip does not function the first protection means. The IC chip according to claim 1,
The first protection means is a basic function of an operating system that manages basic operations of the IC chip, and is executed based on control of the operating system,
The second protection means operates on the operating system, and is executed based on the control of the operating system in response to an application request that causes the IC chip to execute a predetermined function. . The IC chip according to claim 1 or 2,
Search means for searching whether or not the page to which the update area belongs is already stored in the storage unit;
When it is not found that the page to which the update area belongs is already stored in the storage unit,
The second protection means stores and protects all data stored in a page to which the update area belongs in the storage unit. The IC chip according to any one of claims 1 to 3,
Monitoring means for monitoring the execution state of a transaction that enables protection of data stored in the storage unit either before or after the start of a specific series of update processing;
The second protection means stores all data stored in the page in the storage unit as an update area, with all areas of the page to which the update area before the update belongs during execution of the transaction, An IC chip characterized by notifying the operating system that a non-update area does not exist on the page and causing the first protection means not to function.   An IC card comprising the IC chip according to any one of claims 1 to 4 and an IC card substrate. A storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and updates data stored in a specified area of a specified page of the storage unit based on an update request A processing method in an IC chip,
A first protection step that protects data stored in a non-update area that is an area other than the update area of the page to which the update area that is an area for updating the data belongs;
A second protection step for protecting data stored in the update area before the update;
Have
The second protection step includes
Assume that all areas of the page to which the update area and the non-update area before the update belong are set as update areas, all data stored in the page is stored in the storage unit, and there is no non-update area in the page A processing method in an IC chip, wherein the first protection step is not allowed to function. A storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and updates data stored in a specified area of a specified page of the storage unit based on an update request The computer included in the IC chip
A first protection means for protecting data stored in a non-update area, which is an area other than the update area, of a page to which an update area that is an area for updating the data belongs;
Second protection means for protecting data stored in the update area before the update;
Function as
The second protection means includes
Assume that all areas of the page to which the update area and the non-update area before the update belong are set as update areas, all data stored in the page is stored in the storage unit, and there is no non-update area in the page An IC chip processing program that does not cause the first protection means to function. A storage unit that is partitioned into one or a plurality of pages with a predetermined area as one page, and updates data stored in a specified area of a specified page of the storage unit based on an update request An IC chip,
Search means for searching whether the page to which the update area belongs is already stored in the storage unit,
If it is not found that the page to which the update area belongs is already stored in the storage unit, all data stored in the page to which the update area belongs is stored and protected in the storage unit An IC chip characterized by:

Images