JP2018147345A - Electronic device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an electronic device excellent in prevention of deterioration of data reliability.SOLUTION: An electronic device of an embodiment includes storage means, receiving means, and control means. The storage means includes a plurality of regions. The receiving means receives a command that instructs writing of data. In accordance with reception of the command and properties of the data, processing means selectively executes a first mode of writing the data into first and second regions among the plurality of regions and a second mode of writing the data into the first region.SELECTED DRAWING: Figure 11

Description

  Embodiments described herein relate generally to an electronic device.

  There is an electronic device capable of writing and rewriting data, such as an IC card having an IC (integrated circuit) chip. In such an electronic device, as the number of data rewrites increases, a data write error or the like easily occurs. For this reason, some electronic devices have a guaranteed number of times as a guide for the number of times they can be rewritten.

JP 2012-164121 A

If the number of data rewrites exceeds the guaranteed number, the reliability of the rewritten data may be reduced. Generally, when the IC card is used for a long period, the number of rewrites increases, and the reliability of data decreases. That is, the guarantee period tends to be short for data with a large number of rewrites. There is a demand for a technique for preventing such a decrease in data reliability, in other words, extending the guarantee period.
The problem to be solved by the embodiments of the present invention is to provide an electronic device that is excellent in preventing deterioration of data reliability.

  The electronic apparatus according to the embodiment includes a storage unit, a reception unit, and a control unit. The storage means includes a plurality of areas. The receiving means receives a command for instructing data writing. The processing means includes a first mode in which the data is written in the first and second areas of the plurality of areas according to the reception of the command and the characteristics of the data, and the data in the first area. Is selectively executed in the second mode.

The block diagram which shows the principal part circuit structure of the IC card system which concerns on embodiment, and the communication apparatus contained in the said IC card system. The block diagram which shows the principal circuit structure of the IC card which concerns on embodiment. The figure which shows an example of the file structure of the file memorize | stored in the non-volatile memory in FIG. The figure shown about the area | region division of the non-volatile memory in FIG. The figure which shows the data memorize | stored in the non-volatile memory in FIG. The figure which shows an example of the command format used with the IC card system in FIG. The sequence diagram which shows the flow of the information in the IC card system in FIG. The flowchart of the control processing by CPU of the communication apparatus in FIG. The flowchart of the control processing by CPU of the IC card in FIG. The flowchart of the control processing by CPU of the IC card in FIG. The flowchart of the control processing by CPU of the IC card in FIG. The figure which shows the data memorize | stored in the non-volatile memory in FIG. The flowchart of the control processing by CPU of the IC card in FIG. The flowchart of the control processing by CPU of the IC card in FIG.

DESCRIPTION OF EMBODIMENTS Hereinafter, an IC card system according to an embodiment will be described with reference to the drawings. FIG. 1 is a block diagram showing a main circuit configuration of each device included in the IC card system 1 according to the embodiment. The IC card system 1 includes a communication device 10 and an IC card 20.

  The communication device 10 has a function of transmitting a command to the IC card 20 and receiving a response transmitted from the IC card 20. The communication device 10 includes a central processing unit (CPU) 11, a read-only memory (ROM) 12, a random-access memory (RAM) 13, a nonvolatile memory 14, a reader / writer 15, a display device 16, an input device 17, and a communication interface. 18 and bus 19 are included.

  The CPU 11 corresponds to a central part of a computer that performs processing and control necessary for the operation of the communication device 10. The CPU 11 controls each unit to implement various functions of the communication device 10 based on a program such as an OS (operating system) or application software stored in the ROM 12 or the nonvolatile memory 14.

  The ROM 12 is a read-only nonvolatile memory corresponding to the main storage portion of the computer. The ROM 12 stores a program such as an operating system or application software. The ROM 12 stores data used when the CPU 11 performs various processes.

  The RAM 13 is a volatile memory corresponding to the main storage portion of the computer. The RAM 13 is used as a so-called work area that stores data temporarily used when the CPU 11 performs various processes.

  The nonvolatile memory 14 corresponds to an auxiliary storage part of the computer. The nonvolatile memory 14 is, for example, an EEPROM (electrically erasable programmable read-only memory), an HDD (hard disk drive), or an SSD (solid state drive). The nonvolatile memory 14 may store a program such as the above operating system or application software. Further, the nonvolatile memory 14 stores data used when the CPU 11 performs various processes, data generated by the processes in the CPU 11, and the like. Note that the communication device 10 may include an interface such as a card slot into which a storage medium such as a memory card can be inserted instead of or in addition to the nonvolatile memory 14. The memory card corresponds to an auxiliary storage part of the computer.

  The program stored in the ROM 12 or the non-volatile memory 14 includes a control program described regarding control processing described later. As an example, the communication device 10 is transferred to a user or the like with the control program stored in the ROM 12 or the nonvolatile memory 14. However, the communication device 10 may be transferred to a user or the like in a state where a control program described regarding control processing described later is not stored in the ROM 12 or the nonvolatile memory 14. The communication device 10 may be transferred to a user or the like with another control program stored in the ROM 12 or the nonvolatile memory 14. Then, a control program described regarding control processing described later may be separately transferred to a user or the like and written into the nonvolatile memory 14 under the operation of the user or a serviceman. The transfer of the control program at this time can be realized, for example, by recording on a removable recording medium such as a magnetic disk, a magneto-optical disk, an optical disk, a semiconductor memory, or by downloading via a network.

  The reader / writer 15 communicates with a magnetic card (magnetic stripe card), a contact IC card or a non-contact IC card. The reader / writer 15 communicates with a non-contact type IC chip mounted on an electronic device (for example, a portable electronic device such as a mobile phone, a smartphone, or a tablet PC (personal computer)). The reader / writer 15 transmits a command to the IC card 20 using the communication. Further, the reader / writer 15 receives a response transmitted from the IC card 20 using the communication.

The display device 16 displays a screen for notifying the operator of the communication device 10 of various information. The display device 16 is, for example, a display such as a liquid crystal display or an organic EL (electro-luminescence) display.
The input device 17 receives an operation by an operator of the communication device 10. The input device 17 is, for example, a keyboard, a keypad, a touch pad, or a mouse. In addition, as the input device 17, a touch pad disposed on the display panel of the display device 16 can be used. That is, the display panel included in the touch panel can be used as the display device 16, and the touch pad included in the touch panel can be used as the input device 17.

  The communication interface 18 is an interface for the communication device 10 to communicate with other devices. The communication interface 18 is configured to be connectable to a network (not shown), for example. The communication interface 18 communicates with other devices (not shown) via a network.

  The bus 19 includes an address bus, a data bus, and the like, and transmits signals transmitted and received by each unit of the communication device 10.

FIG. 2 is a block diagram showing a main circuit configuration of the IC card 20. The IC card 20 is a magnetic card, a contact IC card, a non-contact IC card, or the like. The IC card 20 is portable. The IC card 20 includes, for example, a card-like main body 21 and an IC module 22 built in the main body 21. The IC module 22 includes an IC chip 23 and a communication circuit (not shown) connected to the IC chip 23. The communication circuit is configured as an antenna or a contact terminal (contact pattern), for example. The communication circuit is electrically or magnetically connected to the reader / writer 15 of the communication device 10. The IC card 20 is an example of a possible electronic device.
The IC chip 23 includes a CPU 231, ROM 232, RAM 233, nonvolatile memory 234, communication unit 235, power supply unit 236, Co-Pro 237, and bus 238. The IC chip 23 is an example of an electronic device.

  The CPU 231 corresponds to a central part of a computer that performs processing and control necessary for the operation of the IC card 20. The CPU 231 controls each unit to realize various functions of the IC card 20 based on a program such as an operating system or application software stored in the ROM 232 or the nonvolatile memory 234.

  The ROM 232 is a read-only nonvolatile memory corresponding to the main storage portion of the computer. The ROM 232 stores a program such as an operating system or application software. The ROM 232 stores data used when the CPU 231 performs various processes.

  The RAM 233 is a volatile memory corresponding to the main storage portion of the computer. The RAM 233 is used as a so-called work area that stores data temporarily used when the CPU 231 performs various processes.

  The nonvolatile memory 234 corresponds to an auxiliary storage part of the computer. The nonvolatile memory 234 is, for example, an EEPROM. The non-volatile memory 234 may store programs such as the above operating system or application software. The non-volatile memory 234 stores data used when the CPU 231 performs various processes, data generated by the processes in the CPU 231, and the like. Further, the ROM 232 or the nonvolatile memory 234 stores the value Limit. As an example, the value Limit is determined in advance by a seller, a designer, or an administrator of the IC card 20.

  The program stored in the ROM 232 or the non-volatile memory 234 includes a control program described regarding control processing described later. As an example, the IC card 20 is transferred to a user or the like with the control program stored in the ROM 232 or the nonvolatile memory 234. However, the IC card 20 may be transferred to a user or the like in a state where a control program described regarding control processing described later is not stored in the ROM 232 or the nonvolatile memory 234. The IC card 20 may be transferred to a user or the like in a state where another control program is stored in the ROM 232 or the nonvolatile memory 234. Then, a control program described regarding control processing described later may be separately transferred to a user or the like and written into the nonvolatile memory 234 under the operation of the user or a serviceman. The transfer of the control program at this time can be realized, for example, by recording on a removable recording medium such as a magnetic disk, a magneto-optical disk, an optical disk, a semiconductor memory, or by downloading via a network.

  The communication unit 235 is a circuit for the IC card 20 to communicate with the communication device 10. The communication unit 235 transmits / receives data to / from the communication device 10 by contact communication or non-contact communication via the communication circuit described above. For example, the communication unit 235 obtains data such as a command transmitted by the communication device 10 by performing signal processing on the signal transmitted from the communication device 10. The communication unit 235 passes the acquired data to the CPU 231. The communication unit 235 generates a signal based on data such as a response passed from the CPU 231 and transmits the generated signal to the communication device 10. As an example, the communication unit 235 includes a UART (Universal Asynchronous Receiver Transmitter).

  The power supply unit 236 supplies power to each unit of the IC card 20. The power supply unit 236 converts the power supplied from the communication device 10 through the communication circuit described above into the rated voltage of each unit and supplies it to each unit. Note that the power supply unit 236 may include a battery and supply the power of the battery to each unit.

  The Co-Pro 237 is a processor that assists the CPU 231 and the like. Co-Pro is, for example, a processing mechanism dedicated to public key encryption processing, and performs processing related to data encryption and decryption.

  The bus 238 includes an address bus, a data bus, and the like, and transmits signals transmitted and received by each unit of the IC card 20.

  Next, the file structure of the file stored in the nonvolatile memory 234 will be described. FIG. 3 is a diagram illustrating an example of a file structure of a file stored in the nonvolatile memory 234. As an example, the nonvolatile memory 234 includes an MF (master file), a DF (dedicated file), and an EF (elementary file) defined by ISO (International Organization for Standardization) / IEC (International Electrotechnical Commission) 7816-4. MF, DF, and EF form a tree-shaped hierarchical structure. The MF is located at the root. DF is located under MF. EF is located under MF or DF. Each DF corresponds to a different application. The DF is associated with an APL as a unique DF name so that the corresponding application can be identified. The EF under each DF stores data used by an application corresponding to the DF. In FIG. 3, the nonvolatile memory 234 includes MF, EF under MF, DF1 to DF4 under MF, EF1-1 to EF1-2 under DF1, EF2-1 to EF2-2 under DF2, and EF3 under DF3. -1 to EF3-2 and EF4-1 to EF4-2 under DF4. APL1 to APL4 are assigned to DF1 to DF4, respectively.

  FIG. 4 is a diagram showing area division of the nonvolatile memory 234. The nonvolatile memory 234 includes a system area and an application area. The data stored in the system area includes a table (registered application table) configured by a DF Name of an application registered in the IC card 20 and a pointer indicating the position of the DF. The data stored in the application area includes files used by each application. For example, the IC card 20 manages a DF corresponding to an application folder and an EF corresponding to a data file in a hierarchical structure as described above.

FIG. 5 is a diagram showing data written in the application area. The application area starts with the address “App Start addr” and ends with the address “App End addr”. The address “App Start addr” is a lower address, and the address “App End addr” is a higher address. The application area includes an original area and a mirror area. The data written in the application area is stored in the original area as an example. Alternatively, the data written in the application area, for example, stores the same data in two places, the original area and the mirror area. As an example, the original area is provided as an area for storing data to be written to the application area. As an example, the mirror area is provided for storing data to be multiplexed to the application area. In the mirror area, for example, the same data as the data written in the original area is written. The data written in the original area is called original data, and the data written in the mirror area is called mirror data. In the original area, data is written from the lowest address. The address where the mirror area starts is referred to as “Mirror Start addr”. The mirror area is an area from the address “Mirror Start addr” to the address “App End addr”. In addition, the last address in the mirror area in which data has been written is referred to as “Mirror End addr”. That is, the area from the address “Mirror End addr” to the address “App End addr” is an empty area, which is the remaining memory capacity in the mirror area. The data written in the application area includes “Object Header” and “Data section” regardless of the original data and the mirror data. “Object Header” is a header portion of data, and includes “ID”, “Data Len”, “TYPE”, “Count”, and “Reserve”. “ID” indicates a unique ID number (IDN (identifier number)) associated with each data. “Data Len” indicates the length of the “Data portion”. “TYPE” indicates a short length of write guarantee. For this reason, “TYPE” takes a value indicating either “TYPE_NORMAL” or “TYPE_LONG” as an example. “TYPE_NORMAL” is used for data with low update frequency. “TYPE_LONG” is used for data with a high update frequency. Therefore, the value of “TYPE” indicates the characteristics of data to be written. “Count” indicates the number of times data has been written or rewritten, that is, the number of updates. The initial value of “Count” is 0 as an example. Alternatively, for example, the initial value is a value at the time of factory shipment. Note that “Count” is not reset even when data is deleted. When data is newly written, the number of times is continued. In addition, the update frequency of the written data can be estimated based on the value of “Count”. Therefore, the value of “Count” indicates the characteristics of data to be written. “Reserve” indicates the reservation status of the memory. The “Data part” is the data body.
As described above, the nonvolatile memory 234 is an example of a storage unit including a plurality of areas.

  FIG. 6 is a diagram illustrating an example of a command format used in the IC card system 1. The command is, for example, “CLA (class byte)”, “INS (instruction byte)”, “P1 (parameter byte 1)”, “P2 (parameter byte 2”) defined by ISO / IEC 7816-4. ), “Lc (length field for coding the number Nc) field”, “data field”, and “Le (length field for coding the number Ne) field”. “CLA” indicates a command class. “INS” indicates the type of command. “P1-P2” obtained by connecting “P1” and “P2” constitutes a parameter byte. The “Lc field” indicates the length Nc of the command data field. The “command data field” is an additional record. The “Lc field” and the “command data field” do not exist when Nc = 0. The “Le field” indicates the maximum length Ne of response data returned as a response to the command. The “Le field” does not exist when Ne = 0.

Hereinafter, the operation of the IC card system 1 according to the embodiment will be described with reference to FIGS. Note that the content of the processing in the following description of the operation is an example, and various processing that can obtain the same result can be used as appropriate. FIG. 7 is a sequence diagram showing the information flow of the IC card system 1. Note that FIG. 7 does not cover the information flow in the IC card system 1, and an information flow (not shown) may exist. FIG. 8 is a flowchart of control processing by the CPU 11 of the communication apparatus 10. The CPU 11 executes this control process based on a control program stored in the ROM 12 or the nonvolatile memory 14. 9 to 11, 13 and 14 are flowcharts of control processing by the CPU 231 of the IC card 20. The CPU 231 executes this control process based on a control program stored in the ROM 232 or the nonvolatile memory 234.
In the following description of the operation, the operation of the IC card system 1 according to the embodiment will be described taking as an example the case of generating an encryption key in AES (Advanced Encryption Standard).

  In step ST <b> 1 of FIG. 8, the CPU 11 of the communication device 10 determines a process to be performed on the IC card 20. As an example, the communication device 10 determines the content of the processing based on an operation by an operator of the communication device 10. Or the communication apparatus 10 performs the said determination by reading the data in which the content about the said process was memorize | stored from ROM12 or the non-volatile memory 14. The read data is predetermined by an operator or administrator of the communication device 10. Alternatively, the default content of the read data may be determined by the designer of the communication device 10 or the like. Then, when the read data is not defined by the operator or administrator of the communication device 10, the default content is used for the processing performed on the IC card 20. The processing determined as described above includes the type of command to be transmitted to the IC card 20 and parameters included in the command. Here, the CPU 11 determines to perform processing for transmitting a “STORE DATA” command to the IC card 20. The “STORE DATA” command is a command for instructing the IC card 20 to write data. After the process of step ST1, the CPU 11 proceeds to step ST2.

In order to transmit a command from the communication device 10 to the IC card 20, the owner of the IC card 20 and the like takes the IC card 20 to the communication device 10 when the IC card 20 is a non-contact IC card. Get closer. Alternatively, the operator of the communication device 10 receives the IC card 20 from the owner of the IC card 20 or the like, and brings the IC card 20 close to the communication device 10.
In step ST2, the CPU 11 waits for the IC card 20 to approach. If the IC card 20 comes close, the CPU 11 determines Yes in step ST2 and proceeds to step ST3.

  In step ST <b> 3, the CPU 11 performs an activation process for activating the IC card 20 by supplying power to the IC card 20 via the reader / writer 15. Since the well-known process can be applied to the activation process, a detailed description is omitted. By the activation process, the IC card 20 becomes ready to execute the command process. At this time, the CPU 231 of the IC card 20 starts the control process shown in FIG. After the process of step ST3 in FIG. 8, the CPU 11 proceeds to step ST4.

  In step ST <b> 4, the CPU 11 confirms whether or not the process to be performed on the IC card 20 is to transmit a “STORE DATA” command. If the process performed on the IC card 20 is not to transmit a “STORE DATA” command, the CPU 11 determines No in step ST4 and performs a process according to the process content. If the process performed on the IC card 20 is to transmit a “STORE DATA” command, the CPU 11 determines Yes in step ST4 and proceeds to step ST5.

  In step ST5, the CPU 11 generates a “SELECT” command that is a command for designating application software. As an example, the “SELECT” command includes an APL associated with application software to be designated. Here, in order to designate application software for processing the “STORE DATA” command, the CPU 11 generates a “SELECT” command as including the APL associated with the application software. Then, the CPU 11 instructs the communication interface 18 to transmit the generated “SELECT” command to the IC card 20. Upon receiving this instruction, the communication interface 18 transmits the “SELECT” command to the IC card 20. The transmitted “SELECT” command is received by the communication unit 235 of the IC card 20. The “SELECT” command transmitted to the IC card 20 is shown in step S1 in FIG. The CPU 11 proceeds to step ST6 after the processing of step ST5 in FIG.

  On the other hand, in step ST <b> 21 of FIG. 9, the CPU 231 of the IC card 20 waits for a command to be received by the communication unit 235. If a command such as a “SELECT” command is received, the CPU 231 determines Yes in step ST21 and proceeds to step ST22.

  In step ST22, the CPU 231 confirms whether or not the command confirmed to be received in step ST21 is a “SELECT” command. If the command is not a “SELECT” command, the CPU 231 performs processing according to the command. If the command is a “SELECT” command, the CPU 231 determines Yes in step ST22 and proceeds to step ST23.

  In step ST23, the CPU 231 inputs the “SELECT” command confirmed to be received in step ST21 to the application software specified by the ID included in the “SELECT” command. After the process of step ST23, the CPU 231 proceeds to step ST24. The “SELECT” command input to the application software is shown in step S2 in FIG.

  In step ST24 of FIG. 9, if the process of step ST23 is normally performed, the CPU 231 generates a response including SW (status word) indicating normal termination. The SW indicating normal termination is 9000 as an example. In addition, CPU231 produces | generates the response containing SW which shows that the error generate | occur | produced, when the process of step ST23 cannot be performed normally. Thereafter, the CPU 231 inputs the generated response from the application software to the OS. After the process of step ST24, the CPU 231 proceeds to step ST25. The response input from the application software to the OS is shown in step S3 in FIG.

  In step ST25 of FIG. 9, the CPU 231 instructs the communication unit 235 to transmit the response input to the OS in step ST24 to the communication device 10. Upon receiving this instruction, the communication unit 235 transmits the response to the communication device 10. The transmitted response is received by the communication interface 18 of the communication device 10. The response is shown in step S4 in FIG. After the process of step ST25 in FIG. 9, the CPU 231 proceeds to step ST26.

  On the other hand, in step ST <b> 6 of FIG. 8, the CPU 11 of the communication device 10 waits for a response to be received by the communication interface 18. If a response is received, CPU11 will determine Yes in step ST6, and will progress to step ST7.

  In step ST7, the CPU 11 confirms whether or not the response confirmed to be received in step ST6 indicates normal termination. If the response does not indicate normal end, the CPU 11 performs error processing according to the content of the response. A detailed description of error processing is omitted. On the other hand, if the response indicates normal termination, the CPU 11 determines Yes in step ST7 and proceeds to step ST8.

  In step ST8, the CPU 11 generates a “STORE DATA” command. At this time, the CPU 11 generates a “STORE DATA” command that includes either “TYPE_NORMAL” or “TYPE_LONG” as a value indicating the characteristics of the data to be written. Further, the CPU 11 has a “STORE DATA” command as including IDN indicating a position to write data. Note that the sequence diagram of FIG. 7 illustrates the flow of information when the “STORE DATA” command includes a value indicating “TYPE_LONG”. Thereafter, the CPU 11 instructs the communication interface 18 to transmit the generated “STORE DATA” command to the IC card 20. Upon receiving this instruction, the communication interface 18 transmits the write command to the IC card 20. The transmitted “STORE DATA” command is received by the communication unit 235 of the IC card 20. The “STORE DATA” command is shown in step S5 in FIG. After proceeding to step ST8 in FIG. 8, the CPU 11 proceeds to step ST9.

  On the other hand, in step ST <b> 26 of FIG. 9, the CPU 231 of the IC card 20 waits for a command to be received by the communication unit 235. If a command such as a “STORE DATA” command is received, the CPU 231 determines Yes in step ST26 and proceeds to step ST27.

  In step ST27, the CPU 231 checks whether or not the command confirmed to be received in step ST26 is a “STORE DATA” command. If the command whose reception is confirmed in step ST26 is not the “STORE DATA” command, the CPU 231 performs processing according to the command. If the command confirmed to be received in step ST26 is the “STORE DATA” command, the CPU 231 determines Yes in step ST27 and proceeds to step ST28.

  In step ST28, the CPU 231 inputs the “STORE DATA” command confirmed in step ST26 to the application software designated by the APL included in the “SELECT” command confirmed in step ST21. After the process of step ST28, the CPU 231 proceeds to step ST29.

  In step ST29, the CPU 231 inputs a command for instructing to generate an encryption key from the application software to the OS. The command is shown in step S7 in FIG. After the process of step ST29 in FIG. 9, the CPU 231 proceeds to step ST30. As shown in step S7, as an example, the CPU 231 passes TYPE_AES, LENGTH_128, and TYPE_LONG to the OS as arguments of KeyBuilder.buildKey. These arguments are for the case where the “STORE DATA” command includes TYPE_LONG. When the “STORE DATA” command includes TYPE_NORMAL, the argument of KeyBuilder.buildKey includes TYPE_NORMAL instead of TYPE_LONG.

  In step ST30, the CPU 231 executes KeyBuilder.buildKey in cooperation with the OS. After the process of step ST30, the CPU 231 proceeds to step ST31 in FIG.

In step ST31, the CPU 231 performs a writing process shown in FIG. 11 in order to write the generated encryption key into the nonvolatile memory 234. The CPU 231 starts the writing process with an IDN (hereinafter, referred to as “IDN_AES”) indicating the position to write the encryption key included in the “STORE DATA” command as an argument. Further, when starting the writing process shown in FIG. 11, the CPU 231 assigns the variable F1 to the RAM 233 as an example.
In step ST51 of FIG. 11, the CPU 231 sets the value of the variable F1 to True.

  In step ST <b> 52, the CPU 231 confirms whether or not TYPE_LONG is included in the argument of KeyBuilder.buildKey. If TYPE_LONG is not included in the argument, that is, if TYPE_NORMAL is included in the argument, CPU 231 determines No in step ST52 and proceeds to step ST53.

  In step ST53, the CPU 231 writes the generated encryption key into the area indicated by IDN_AES in the original area. If the area indicated by IDN_AES does not exist, it is written in the empty area of the original area. Then, IDN of the area is IDN_AES. After the process in step ST53, the CPU 231 proceeds to step ST67. Here, the area indicated by IDN_AES in the original area is an example of the first area.

On the other hand, if the argument of KeyBuilder.buildKey includes TYPE_LONG, the CPU 231 determines Yes in step ST52 and proceeds to step ST54.
In step ST54, the CPU 231 checks whether or not “Count” in the header portion of the area indicated by IDN_AES in the original area exceeds the value Limit. If “Count” does not exceed the value Limit, the CPU 231 determines No in step ST54 and proceeds to step ST55.

  In step ST55, the CPU 231 writes the generated encryption key into the area indicated by IDN_AES in the original area. If the area indicated by IDN_AES does not exist, it is written in the empty area of the original area. Then, IDN of the area is IDN_AES. After the process of step ST55, the CPU 231 proceeds to step ST56.

  In step ST56, the CPU 231 checks whether or not the value of “Count” is an initial value. If the value of “Count” is the initial value, the CPU 231 determines Yes in step ST56 and proceeds to step ST57.

  In step ST57, the CPU 231 confirms whether or not a free area necessary for writing data including the generated encryption key exists in the mirror area. If the necessary free area is in the mirror area, the CPU 231 determines Yes in step ST57 and proceeds to step ST58.

  In step ST58, the CPU 231 writes a value indicating that a mirror area has been reserved in the mirror area in “Reserve” of the header portion of the area indicated by IDN_AES in the original area.

  In step ST59, the CPU 231 writes the generated encryption key in the free area of the mirror area. At this time, the CPU 231 sets IDN of the area as IDN_AES which is the same IDN as the original area. Here, the region is an example of a second region. Further, the CPU 231 updates “Mirror End addr”. After the process of step ST59, CPU 231 proceeds to step ST60. If the value of “Count” is not the initial value, the CPU 231 determines No in step ST56 and proceeds to step ST60.

  In step ST60, the CPU 231 adds 1 to the value of “Count” in the header portion of the area indicated by IDN_AES in the original area. Furthermore, when performing the process of step ST60 after performing the process of step ST59 or step ST65, the CPU 231 also adds 1 to the value of “Count” in the header portion of the area indicated by IDN_AES in the mirror area.

On the other hand, if the necessary free area is not in the mirror area, the CPU 231 determines No in step ST57 and proceeds to step ST61.
In step ST <b> 61, the CPU 231 makes a reservation by writing a priority order for waiting for the storage area of the mirror area to be freed in the reserve area. When the CPU 231 has a free area necessary for the mirror area, the CPU 231 performs the same processing as step ST58 and step ST59 in order from the data written in the original area in the descending order of priority. Do. In addition, when the application software is deleted from the application area, the free area of the mirror area increases. After the process of step ST61, the CPU 231 proceeds to step ST62.
The above reservation will be further described with reference to FIG. Assume that data 1 to data N are written in the original area and data up to data M is written in the mirror area as shown on the left side of FIG. The remaining mirror area is up to data M and no remaining amount is left. In this case, the CPU 231 cannot write the mirror data of the data N in the mirror area even if the TYPE of the data N is TYPE_LONG. In this case, the CPU 231 writes the priority in the Reserve of the header portion of the data N in the original area. Here, when the data M is deleted, an empty area is created in the mirror area. Then, the CPU 231 writes the data N to the mirror area at the timing when an empty area is created in the mirror area. The state after the data N is written in the mirror area is shown on the right side of FIG.

  In step ST62, the CPU 231 sets the value of the variable F1 to False. That is, the variable F1 indicates that there is no free space necessary for the mirror area when the value is False.

On the other hand, if the value of “Count” exceeds the value Limit, the CPU 231 determines Yes in step ST54 and proceeds to step ST63.
In step ST63, the CPU 231 checks whether or not a mirror area has been secured. That is, the CPU 231 checks whether or not the value of “Reserve” in the header portion of the area indicated by IDN_AES in the original area is a value indicating that the mirror area has been secured. If the mirror area has been secured, the CPU 231 determines Yes in step ST63 and proceeds to step ST64.

  In step ST64, the CPU 231 writes the generated encryption key into the area indicated by IDN_AES in the original area. After the process of step ST64, the CPU 231 proceeds to step ST65.

  In step ST65, the CPU 231 searches the IDN of the mirror area with IDN_AES from the highest address. If the CPU 231 detects an area whose IDN is IDN_AES, the CPU 231 writes the generated encryption key by rewriting and updating the data in the area. Here, the area indicated by IDN_AES in the mirror area is an example of the second area.

On the other hand, if the mirror area has not been secured, the CPU 231 determines No in step ST63 and proceeds to step ST60.
After the process in step ST60, the CPU 231 ends the write process shown in FIG. At this time, the CPU 231 uses the value of the variable F1 as the return value of the writing process. After completing the writing process, the CPU 231 proceeds to step ST32 in FIG. Note that the flow of information in the processing of step ST30 to step ST31 is shown in step S8 in FIG.
As described above, the CPU 231 writes data based on the command confirmed to be received in step ST26. Therefore, by performing the process of step ST26, the computer having the CPU 231 as a center functions as a receiving unit that receives a command for instructing data writing in cooperation with the communication unit 235.
As described above, when the CPU 231 determines Yes in step ST52 and step ST54, the CPU 231 writes data in the original area and the mirror area. That is, the CPU 231 executes the first mode. If the CPU 231 determines No in step ST52 or step ST54, the CPU 231 writes the data in the original area and does not write the data in the mirror area unless it is determined Yes in step ST56. That is, the CPU 231 executes the second mode. Here, in step ST52, the CPU 231 performs determination based on TYPE_NORMAL or TYPE_LONG indicating data characteristics. Further, in step ST54, the CPU 231 makes a determination based on Count indicating the data characteristic. Therefore, by performing the writing process, the computer having the CPU 231 as a center functions as a processing unit that selectively executes the first mode or the second mode according to command reception and data characteristics.

  In step ST32, the CPU 231 checks whether or not the return value of the writing process in step ST31 is True. If the return value of the writing process is True, the CPU 231 determines Yes in step ST32 and proceeds to step ST33.

  In step ST33, the CPU 231 returns a return from the OS to the application software to indicate that the OS has completed the writing process normally. After the process of step ST33, the CPU 231 proceeds to step ST35.

On the other hand, if the return value of the writing process is False, the CPU 231 determines No in step ST32 and proceeds to step ST34.
In step ST34, the CPU 231 returns a return from the OS to the application software in order to indicate that the OS has finished the writing process but there is no free space required in the mirror area. After the process of step ST34, the CPU 231 proceeds to step ST35. The return in step ST33 or step ST34 is indicated by step S9 in FIG.

  In step ST35, the CPU 231 inputs a command to set the encryption key from the application software to the OS. After the process of step ST35, the CPU 231 proceeds to step ST36. The command is shown in step S10 in FIG.

  In step ST36, the CPU 231 sets an encryption key. After the process of step ST36, the CPU 231 proceeds to step ST37.

  In step ST37, the CPU 231 returns a return from the OS to the application software to indicate that the OS has finished setting the encryption key. After the process of step ST37, the CPU 231 proceeds to step ST38. The return is shown in step S11 in FIG.

  In step ST38, if the processing of step ST28 to step ST37 is normally performed, the CPU 231 generates a response including SW indicating normal termination. Note that the CPU 231 also assumes that the processing of step ST28 to step ST37 has been performed normally even if it is determined No in step ST32. As an example, SW is 9000. Note that the CPU 231 generates a response including SW indicating that an error has occurred when the processing of step ST28 to step ST37 cannot be performed normally. Thereafter, the CPU 231 instructs the communication unit 235 to transmit the generated response to the communication device 10. Thereafter, the CPU 231 inputs the generated response from the application software to the OS. After the process of step ST38, the CPU 231 proceeds to step ST39. The response input to the OS is shown in step S12 in FIG.

  In step ST39, the CPU 231 instructs the communication unit 235 to transmit the response input to the OS in step ST38 to the communication device 10. Upon receiving this instruction, the communication unit 235 transmits the response to the communication device 10. The transmitted response is received by the communication interface 18 of the communication device 10. The response is shown in step S13 in FIG.

  On the other hand, in step ST <b> 9 of FIG. 8, the CPU 11 of the communication device 10 waits for a response to be received by the communication interface 18. If a response is received, CPU11 will determine Yes in step ST9, and will progress to step ST10.

  In step ST10, the CPU 11 confirms whether or not the response confirmed to be received in step ST9 indicates normal termination. If the response does not indicate normal end, the CPU 11 performs error processing according to the content of the response. A detailed description of error processing is omitted. On the other hand, if the response indicates normal termination, the CPU 11 determines Yes in step ST10 and returns to step ST1.

  Next, a process in which the IC card 20 receives a command from the communication device 10 and transmits data stored in the nonvolatile memory 14 to the communication device 10 will be described with reference to FIGS. 13 and 14. Note that the CPU 231 of the IC card 20 assigns the variable i and the variable F2 to the RAM 233 as an example when starting the control processing shown in FIG.

The communication device 10 determines the processing to be performed on the IC card 20 in the same manner as in step ST1 of FIG. At this time, the communication device 10 determines to perform processing for reading data from the IC card 20.
The CPU 11 of the communication device 10 generates a command for reading data from the IC card 20 (hereinafter referred to as “read command”). Note that the CPU 11 generates a read command on the assumption that the IDN of the data to be read is included. Thereafter, the CPU 11 instructs the communication interface 18 to transmit the generated read command to the IC card 20. Upon receiving this instruction, the communication interface 18 transmits the read command to the IC card 20. The transmitted read command is received by the communication unit 235 of the IC card 20.

  On the other hand, in step ST71 of FIG. 13, the CPU 231 of the IC card 20 waits for a command to be received by the communication unit 235. If a command such as a read command is received, CPU 231 determines Yes in step ST71 and proceeds to step ST72.

  In step ST72, the CPU 231 checks whether or not the command confirmed to be received in step ST71 is a read command. If the command is not a read command, the CPU 231 performs processing according to the command. If the command is a read command, the CPU 231 determines Yes in step ST72 and proceeds to step ST73.

  In step ST <b> 73, the CPU 231 substitutes an address “App Start addr” for the variable i. After the process of step ST73, CPU 231 proceeds to step ST74.

  In step ST74, the CPU 231 compares the IDN associated with the data at the address indicated by the value of the variable i with the IDN included in the read command. Then, the CPU 231 confirms whether the two compared IDNs match. If the two IDNs do not match, CPU 231 determines No in step ST74 and proceeds to step ST75. Note that the CPU 231 also determines No in step ST74 when there is no data at the address indicated by the value of the variable i. The CPU 231 also determines No in step ST74 when the IDN cannot be read from the address indicated by the value of the variable i. Here, the case where the IDN cannot be read includes the case where the nonvolatile memory 234 is out of order.

  In step ST75, the CPU 231 substitutes an address associated with the next page of the page indicated by the variable i for the variable i. After the process of step ST75, the CPU 231 proceeds to step ST76.

  In step ST76, the CPU 231 confirms whether or not the value of the variable i is equal to or greater than the address “Mirror Start addr”. If the value of variable i is less than the address “Mirror Start addr”, CPU 231 determines No in step ST76 and returns to step ST74. Thus, the CPU 231 repeats steps ST74 to ST76 until the value of the variable i becomes equal to or greater than the address “Mirror Start addr” or the two compared IDNs match.

If the two IDNs match in the repeated state of step ST74 to step ST76, CPU 231 determines Yes in step ST74 and proceeds to step ST77.
In step ST77, the CPU 231 reads the original data included in the page at the address indicated by the variable i. Then, the CPU 231 stores the read original data in the RAM 233. After the process of step ST77, CPU 231 proceeds to step ST78.

  In step ST78, the CPU 231 checks whether or not the data has been successfully read in the process of the previous step ST77. If the data has been successfully read, the CPU 231 determines Yes in step ST78 and proceeds to step ST79.

  In step ST79, the CPU 231 sets the value of the variable F2 to True. Note that when the value of the variable F2 is True, the variable F2 indicates that the original data can be read. After the process in step ST79, CPU 231 proceeds to step ST81 in FIG.

On the other hand, if the CPU 231 fails to read data in the process of step ST77 in FIG. 13, the CPU 231 determines No in step ST78 and proceeds to step ST80. Note that the case where data reading fails may be caused by a failure of the nonvolatile memory 234.
On the other hand, if the value of the variable i is equal to or greater than the address “Mirror Start addr” in the repeated state of step ST74 to step ST76, the CPU 231 determines Yes in step ST76 and proceeds to step ST80.
In step ST80, the CPU 231 sets the value of the variable F2 to False. When the value of the variable F2 is False, the variable F2 indicates that the original data could not be read. After the process in step ST80, CPU 231 proceeds to step ST81 in FIG.

  In step ST81, the CPU 231 substitutes an address “Mirror Start addr” for the variable i. After the process of step ST81, the CPU 231 proceeds to step ST82.

  In step ST82, the CPU 231 compares the IDN associated with the data at the address indicated by the value of the variable i with the IDN included in the read command. Then, the CPU 231 confirms whether the two compared IDNs match. If the two IDNs do not match, CPU 231 determines No in step ST82 and proceeds to step ST83. Note that the CPU 231 also determines No in step ST82 when there is no page indicated by the value of the variable i. The CPU 231 also determines No in step ST82 when the IDN cannot be read from the page indicated by the value of the variable i. Here, the case where the IDN cannot be read includes the case where the nonvolatile memory 234 is out of order.

  In step ST83, the CPU 231 substitutes an address associated with the next page of the page indicated by the variable i for the variable i. After the process of step ST83, CPU 231 proceeds to step ST84.

  In step ST84, the CPU 231 confirms whether or not the value of the variable i is equal to or greater than the address “Mirror End addr”. If the value of variable i is less than the address “Mirror End addr”, CPU 231 determines No in step ST84 and returns to step ST85. Thus, the CPU 231 repeats steps ST82 to ST84 until the value of the variable i becomes equal to or greater than the address “Mirror End addr” or the two compared IDNs match.

If the two IDNs match in the repeated state of step ST82 to step ST84, CPU 231 determines Yes in step ST82 and proceeds to step ST85.
In step ST85, the CPU 231 reads the mirror data included in the page at the address indicated by the value of the variable i. Then, the CPU 231 stores the read mirror data in the RAM 233. After the process of step ST85, CPU 231 proceeds to step ST86.

  In step ST86, the CPU 231 checks whether or not the value of the variable F2 is True. If the value of variable F2 is True, CPU 231 determines Yes in step ST86 and proceeds to step ST87.

  In step ST87, the CPU 231 compares the original data stored in step ST77 with the mirror data stored in step ST85, and confirms whether the two data are the same. The comparison method is not limited, but is performed as follows, for example. That is, the CPU 231 calculates a hash value for each of the two data. Then, if the calculated two hash values are the same, the CPU 231 considers the two data to be the same. If the two data are the same, CPU 231 determines Yes in step ST87 and proceeds to step ST88.

  In step ST88, the CPU 231 generates a response to transmit the original data stored in step ST77 to the communication device 10. The CPU 231 generates the response as including the original data. Then, the CPU 231 instructs the communication unit 235 to transmit the generated response to the communication device 10. Upon receiving this instruction, the communication unit 235 transmits the response to the communication device 10. The transmitted response is received by the communication interface 18 of the communication device 10. The communication device 10 acquires the data requested by the read command by receiving the response.

On the other hand, if the two data are not identical, CPU 231 determines No in step ST87 and proceeds to step ST89.
In step ST89, the CPU 231 generates a response to transmit the mirror data stored in step ST85 to the communication device 10. Note that the CPU 231 generates the response as including the mirror data. Then, the CPU 231 instructs the communication unit 235 to transmit the generated response to the communication device 10. Upon receiving this instruction, the communication unit 235 transmits the response to the communication device 10. The transmitted response is received by the communication interface 18 of the communication device 10. The communication device 10 acquires the data requested by the read command by receiving the response. When the original data stored in step ST77 and the mirror data stored in step ST85 are different, the mirror data is transmitted to the communication device 10 because the mirror data is broken rather than the original data. This is because the possibility is low. This is because the mirror data is written in the mirror area where the number of times of writing is smaller than the original data.

On the other hand, when the value of the variable i is equal to or greater than the address “Mirror End addr” in the repeated state of step ST82 to step ST84, the CPU 231 determines Yes in step ST84 and proceeds to step ST90.
In step ST90, the CPU 231 checks whether or not the value of the variable F2 is False. If the value of variable F2 is True, CPU 231 determines No in step ST90 and proceeds to step ST88. On the other hand, if the value of variable F2 is False, CPU 231 determines Yes in step ST90 and proceeds to step ST91.

  In step ST91, the CPU 231 generates a response to notify the communication device 10 that an error has occurred due to the failure to read data. Note that the CPU 231 generates the response as including information indicating the content of the error. Then, the CPU 231 instructs the communication unit 235 to transmit the generated response to the communication device 10. Upon receiving this instruction, the communication unit 235 transmits the response to the communication device 10. The transmitted response is received by the communication interface 18 of the communication device 10. When the communication device 10 receives the response, the communication device 10 performs processing according to the content of the error included in the response.

  After the process of step ST89, step ST90, or step ST92, CPU 231 returns to step ST71 of FIG. When returning to step ST71, if the original data is stored in the RAM 233, the CPU 231 deletes the original data from the RAM 233. When returning to step ST <b> 71, when the mirror data is stored in the RAM 233, the CPU 231 deletes the mirror data from the RAM 233.

  According to the IC card 20 of the embodiment, when a command for writing data is received, it is determined whether to write the original data or the original data and the mirror data in the nonvolatile memory 234 according to the characteristics of the data. To do. When the IC card 20 writes not only the original data but also the mirror data, the mirror data can be read even if the original data cannot be read due to failure of the non-volatile memory 234 due to repeated rewriting. . Therefore, the number of times data can be rewritten increases compared to the case where original data is written.

  Further, according to the IC card 20 of the embodiment, it is determined whether to write the original data or the original data and the mirror data in the nonvolatile memory 234 according to the data update frequency. Therefore, the IC card 20 can write original data and mirror data for data with high update frequency, and can write only original data for data with low update frequency. Since it is less necessary to write mirror data for data with low update frequency, the data capacity of the nonvolatile memory 234 can be saved by doing so.

  Further, according to the IC card 20 of the embodiment, the writing position of the original data is specified according to the IDN included in the command for commanding data writing. If the count of the original data exceeds the value Limit, the mirror data is also written. In this way, for example, when the guaranteed write count is 200,000 times and the value Limit is 180,000, the IC card 20 writes the original data for the first approximately 180,000 times. The IC card 20 also writes mirror data in addition to the original data from about 180,000 times. From then on, mirror data is within the guaranteed range of writing until 200,000 times of data rewriting. Therefore, when the guaranteed write count is 200,000, the guaranteed write count can be extended to approximately 380,000 times in total in the original area and the mirror area. That is, the IC card 20 can increase the number of times data can be rewritten compared to the case where mirror data is not written. In general, when the IC card is used for a long period of time, the number of rewrites increases and the reliability of the data decreases, but writing of mirror data can prevent a decrease in the reliability of the data. In other words, the guarantee period can be extended by writing mirror data.

  Further, according to the IC card 20 of the embodiment, the number of updates is counted for each data. Therefore, the guaranteed number of times of writing (or the guarantee period) can be extended for each data.

  Further, according to the IC card 20 of the embodiment, it is determined whether to write only the original data or to write the original data and the mirror data depending on whether the command for writing data includes TYPE_LONG or TYPE_NORMAL. Here, TYPE_LONG is used for data with a high update frequency. TYPE_NORMAL is used for data with low update frequency. Therefore, the IC card 20 can easily determine whether the data is frequently updated data or low data. In addition, it can be determined on the communication device 10 side whether TYPE_NORMAL or TYPE_LONG is set. Therefore, the communication device 10 can instruct the IC card 20 to write only the original data or write the original data and the mirror data.

  Further, according to the IC card 20 of the embodiment, when a read command is received, mirror data may be transmitted to the command transmission source. Since the mirror data has a smaller number of rewrites than the original data, the possibility of data corruption is low. Therefore, when mirror data is transmitted, it is highly possible that unbroken data can be transmitted as compared with the case where original data is transmitted.

  Further, according to the IC card 20 of the embodiment, the original data is written in the original area and the mirror data is written in the mirror area. By dividing the memory space of the nonvolatile memory 234 into the original area and the mirror area, the addresses of the original data and the mirror data can be separated. Thereby, it is possible to reduce the possibility that a failure in the area where the original data is written will spread to the area where the mirror data is written. Also, by dividing the original data into the mirror data, it is easy to distinguish the original data from the mirror data when searching from the original data or when searching from the mirror data.

  Further, according to the IC card 20 of the embodiment, when the free space in the mirror area is insufficient, the process waits until the free space in the mirror area increases. The IC card 20 writes data in the mirror area when the free space in the mirror area increases due to data deletion or the like. Therefore, even when the free space in the mirror area is insufficient, it is not necessary to stop writing data to the mirror area, and writing can be resumed when the free space increases.

The embodiment described above can be modified as follows.
In the above embodiment, the encryption key in AES has been described as an example of data to be written in the nonvolatile memory 234. However, the data written to the nonvolatile memory 234 is not limited to the encryption key, and the content of the data is not limited.
In the above embodiment, the “STORE DATA” command has been described as an example. However, the present embodiment can also be applied to other commands that involve data writing.

  The “STORE DATA” command may not include either TYPE_NORMAL or TYPE_LONG. In this case, whether the CPU 231 determines Yes or No in the process of step ST52 is determined in advance by the designer of the IC card 20 as an example.

The CPU 231 may determine whether to write to the mirror area based on the value of Count regardless of TYPE. That is, as an example, after the process of step ST51, the CPU 231 may skip the process of step ST52 and proceed to step ST54.
The CPU 231 may determine whether to write to the mirror area by TYPE regardless of the value of Count. That is, if CPU 231 determines Yes in step ST53 as an example, it may skip step ST54 and proceed to step ST63.

  In the above embodiment, KeyBuilder. Shown in step S7 of FIG. The argument of buildKey is assumed to include the same TYPE as the TYPE included in “STORE DATE”. However, the CPU 231 is not compatible with KeyBuilder. The TYPE included in the argument of buildKey may be different from “STORE DATE”. In addition, the CPU 231 determines whether or not KeyBuilder. The TYPE included in the buildKey may be determined.

  In the above embodiment, when the count of the original data exceeds the value Limit, the data is written in both the original area and the mirror area in step ST64 and step ST65. However, when the count of the original data exceeds the value Limit, the CPU 231 may write the data in the mirror area without writing the data in the original area.

  The IC card 20 may write data to the mirror area without writing to the original area after the writing to the original area is not successful. Here, the case where writing into the original area is not successful may be caused by the failure of the nonvolatile memory 234.

  The IC card 20 may read the mirror data without reading the original data when the read command is received. That is, if CPU 231 determines Yes in step ST72 as an example, it may proceed to step ST81. In this case, after the process of step ST85, the CPU 231 skips the processes of step ST86 and step ST87, and proceeds to step ST89. If the CPU 231 determines Yes in step ST84, it skips step ST90 and proceeds to step ST91.

  In the above embodiment, the IC card 20 attempted to read the mirror data in steps ST81 to ST85 after attempting to read the original data in steps ST73 to ST77. However, the IC card 20 may attempt to read the original data after attempting to read the mirror data. At this time, if the IC card 20 succeeds in reading the mirror data, the IC card 20 may not attempt to read the original data. When the IC card 20 succeeds in reading the mirror data, the IC card 20 transmits the mirror data to the communication device 10.

  When the original data and the mirror data are compared and the two data are the same, the IC card 20 may transmit the mirror data instead of the original data. That is, if CPU 231 determines Yes in step ST87 in FIG. 14, CPU 231 may proceed to step ST89 instead of step ST88.

  The value Limit may be rewritable. If the value Limit is rewritable, the extension number of the write guarantee count can be changed later.

  Each of the processes shown in FIGS. 9 to 11, 13, and 14 in the above embodiment is performed by the CPU 231. However, the Co-Pro 237 may perform some or all of these processes in place of the CPU 231. Alternatively, some or all of these processes may be performed by the CPU 231 and the Co-Pro 237 working together.

In the above embodiment, the original data is written from the low address side to the high address side, and the mirror data is written from the Mirror Start addr to the high address side. However, the position where the original data and the mirror data are written and the order of writing are not limited. For example, the original data may be written from the higher address side to the lower address side. Further, for example, the mirror data may be written from the high address side to the low address side, or from the low address side to the high address side.
In the above embodiment, the application area is divided into the original area and the mirror area. However, the original data and the mirror data may be mixed without dividing the area.

  In the above embodiment, the IC card 20 writes one mirror data corresponding to the original data in the nonvolatile memory 234. However, the IC card 20 may write two mirror data corresponding to the original data in the nonvolatile memory 234. In this case, the second mirror data is written, for example, when the count of the first mirror data exceeds a predetermined threshold. That is, the second mirror data corresponds to the mirror of the first mirror data. Similarly, the IC card 20 may write three or more mirror data in the nonvolatile memory 234. By writing two or more mirror data, the IC card 20 can further increase the number of times data is rewritten as compared with the case of one mirror data.

  The above embodiment has been described for the case of an IC card. However, other electronic devices equipped with an IC chip may be used. Further, the above-described embodiment can be applied to various electronic devices that can store data.

  Although several embodiments of the present invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

  DESCRIPTION OF SYMBOLS 1 ... IC card system, 10 ... Communication apparatus, 11, 231 ... CPU, 12,232 ... ROM, 13,233 ... RAM, 14,234 ... Nonvolatile memory, 15 ... Reader / writer, 16 ... Display device, 17 ... Input Device, 18 communication interface, 19, 238 ... bus, 20 ... IC card, 21 ... main body, 22 ... IC module, 23 ... IC chip, 235 ... communication unit, 236 ... power supply unit, 237 ... Co-Pro

Claims (8)

Storage means comprising a plurality of areas;
Receiving means for receiving a command to write data;
A first mode in which the data is written in the first and second areas of the plurality of areas, and a second mode in which the data is written in the first area according to the reception of the command and the characteristics of the data. Processing means for selectively executing the mode.   The electronic device according to claim 1, wherein the characteristic of the data is an update frequency.   The electronic device according to claim 1, wherein the processing unit selectively executes the first mode and the second mode based on the number of updates of the first region.   The electronic device according to claim 3, wherein the processing unit counts the number of times data is updated in each area.   The electronic device according to claim 1, wherein the command includes information that identifies a characteristic of the data. The electronic device according to claim 1, wherein the processing unit outputs the data in the second area in response to a data request. The storage means includes an original area including a predetermined number of areas of the plurality of areas, and a mirror area including a predetermined number of areas of the plurality of areas,
The original area includes the first area,
7. The processing unit according to claim 1, wherein the processing unit reserves the second area in the mirror area, and sets the second area in the mirror area based on the reservation and a free capacity of the mirror area. The electronic device according to item 1.   In response to the selection of the first mode, the processing means writes the data in the first area when the second area is not set, and the timing at which the second area is set The electronic device according to claim 7, wherein the data is written to the second area based on the data.