JP2019028602A - Electronic information storage medium, ic card, update method by electronic information storage medium and update program - Google Patents

Abstract

To provide an electronic information storage medium and the like by which an external device can grasp data necessary to be registered additionally other than held data easily when holding data that do not need to be changed before update and after update without deletion and processing of restoration of the held data is conducted after update of an application.SOLUTION: Instance data that do not need to be changed before update and after update is held without deletion. and when the held instance data is restored after update of an application, a list of instance data lacking in the held instance data among instance data necessary for new application instance is generated, then information regarding the list is outputted to an external device.SELECTED DRAWING: Figure 5

Description

  The present invention relates to the technical field of electronic information storage media such as IC (Integrated Circuit) chips.

  Conventionally, in an IC card in which an IC chip is incorporated, a multi-application type IC card in which an IC card OS (Operating System) is stored in a ROM of the IC chip and a plurality of applications are also stored in a nonvolatile memory of the IC chip is widely used. I'm starting. In a multi-application type IC card, since an application is stored in a nonvolatile memory, it is relatively easy to add or delete an application.

  Further, there is a case where an application is updated (upgraded) for the purpose of dealing with a case where a defect is found in the application mounted on the IC chip or for the purpose of adding a function to the application. Patent Document 1 discloses a technique related to a multi-application IC chip having an application update function. Specifically, an address (for example, a page number) for the IC chip to specify an update target part in the program code and a program code for overwriting the update target part are received from the server, and the part specified by the received address A technique for overwriting the program code with the received program code is disclosed.

JP 2006-293706 A

  However, in the technique of Patent Document 1, since the update target portion is overwritten by the overwrite program, there are cases where the update cannot be performed when the data amount of the overwrite program exceeds the data amount of the update target portion.

  On the other hand, as another method of updating the application, there is a method of deleting the program and all the data used in the program and then performing a clean installation of the updated version of the application. In the case of this method, the update is possible even when the data amount of the program after the update is larger than the data amount of the program before the update.

  However, when performing a clean installation after deleting all the data related to the application, it is necessary to newly download data that does not need to be changed before and after the update, resulting in an increase in communication cost.

  In view of this, data that does not need to be changed before and after the update can be stored in the IC chip without being deleted, and a measure for associating the data stored after the application update can be considered. However, if the updated application contains additional necessary data in addition to the stored data, the application cannot be operated normally as it is, so the additional necessary data is added. There is a need. In this case, an external device such as a server that supports the update sequentially registers additional necessary data in the IC card by a registration command, but the power supply to the IC card is cut off in the middle. For example, when a series of processing for registration is interrupted, it is only possible to sequentially manage what data has been registered on the external device side or to read and confirm the registered data individually.

  Therefore, the present invention retains data that does not need to be changed before and after the update without deleting it, and retains it when performing the process of restoring the retained data after updating the application. It is an object of the present invention to provide an electronic information storage medium or the like that allows an external device to easily grasp data that needs to be additionally registered in addition to the previously stored data.

  In order to solve the above-mentioned problem, the invention according to claim 1 is stored in the storage unit, a storage unit that stores an application program, an application instance, and instance data used by the application instance. A save unit that executes save processing for saving the instance data to another storage area of the storage unit, and a deletion process that deletes the application program and application instance stored in the storage unit are executed after the save process. Deleting means, a load means for executing a load process for storing a new application program, which is a new version of the application program, in the storage means, and stored in the storage means after the deletion process and the load process New An installation unit that executes an installation process for generating a new application instance of a new version based on an application program and storing the new application instance in the storage unit; and the instance data saved by the saving unit after the loading process is stored in the new application instance A restoring means for executing a restoring process for storing the data in a usable location, and a list creating means for creating a list of instance data that is insufficient in the saved instance data among the instance data required for the new application instance; Output means for outputting the information of the list to an external device.

  A second aspect of the present invention is the electronic information storage medium according to the first aspect, wherein the save process, the delete process, the load process, the install process, or the restore process is being executed. In addition, an error return means for returning an error response when receiving a command for selecting the application instance from an external device is further provided.

  The invention according to claim 3 is the electronic information storage medium according to claim 1 or 2, wherein the output means saves the instance data necessary for a new application instance from the external device. When receiving a command for confirming whether there is insufficient instance data in the instance data, the information of the list is output to the external device.

  A fourth aspect of the present invention is an IC card including the electronic information storage medium according to any one of the first to third aspects.

  The invention according to claim 5 is an update method using an electronic information storage medium comprising storage means for storing an application program, an application instance, and instance data used by the application instance, and stored in the storage means A evacuation process for executing evacuation processing for evacuating stored instance data to another storage area of the storage unit, and deletion for deleting an application program and an application instance stored in the storage unit after the evacuation process A deletion step for executing a process; a load step for executing a load process for storing a new application program which is a new version of the application program in the storage means; An installation process for generating a new version of a new application instance based on a new application program stored in the means and storing the new application instance in the storage means; and after the loading process, the saving process saves A restoration process for executing a restoration process for storing instance data in a location where the new application instance can be used, and a list of instance data that is insufficient in the saved instance data among the instance data necessary for the new application instance And a list creating step for creating the list, and an output step for outputting the information of the list to an external device.

  According to a sixth aspect of the present invention, a computer included in an electronic information storage medium including storage means for storing an application program, an application instance, and instance data used by the application instance is stored in the storage means. Saving means for executing saving processing for saving the stored instance data to another storage area of the storage means, and deletion processing for deleting the application program and application instance stored in the storage means after the saving processing. Deletion means to be executed, load means for executing a load process for storing a new application program that is a new version of the application program in the storage means, and storage in the storage means after the deletion process and the load process An installation unit for executing an installation process for generating a new application instance of a new version based on the new application program being stored and storing the new application instance in the storage unit, and the instance data saved by the save unit after the load process Restoration means for executing restoration processing to be stored in a location where the new application instance can be used, and creation of a list for creating a list of instance data that is missing from the saved instance data among the instance data required for the new application instance And an output means for outputting the list information to an external device.

  According to the present invention, when the instance data that does not need to be changed before and after the update is retained without being deleted, and the retained instance data is restored after the application is updated, the new application instance Create a list of instance data that is missing from the instance data that is necessary for the existing instance data, and output the information in the list to the external device. Additional instance data required can be easily grasped.

It is a figure which shows the hardware structural example of IC chip 1a mounted in the IC card 1 which concerns on this embodiment. It is a block diagram which shows the function structural example of IC chip 1a. It is a sequence diagram which shows an example of the update process which concerns on this embodiment. It is a flowchart which shows an example of the saving / deleting process by the IC chip 1a according to the present embodiment. It is a flowchart which shows an example of the installation / restoration process by IC chip 1a which concerns on this embodiment. It is a figure showing an example of restoration list 501 and necessity list 502 concerning this embodiment. It is a flowchart which shows an example of the unexpected list output process by the IC chip 1a which concerns on this embodiment.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiment described below is an embodiment when the present invention is applied to an IC card on which a multi-application IC chip having an application update function is mounted.

[1. Configuration of IC chip 1a]
First, the configuration of the IC chip 1a mounted on the IC card 1 will be described with reference to FIG. FIG. 1 is a diagram illustrating a hardware configuration example of an IC chip 1 a mounted on the IC card 1. The IC card 1 of the present embodiment is a dual interface type IC card that has two communication functions of data communication by contact and data communication by non-contact. However, the type of the IC card 1 is not limited to the dual interface type IC card, and may be a contact type IC card in which the IC chip 1a is embedded in a plastic card having the same size as a cash card or a credit card. Further, it may be a non-contact type IC card that incorporates an antenna coil and wirelessly communicates with a reader / writer.

  As shown in FIG. 1, the IC chip 1 a includes a CPU (Central Processing Unit) 10, a RAM (Random Access Memory) 11, a ROM (Read Only Memory) 12, a nonvolatile memory 13, and an I / O circuit 14. Composed. The CPU 10 is a processor (computer) that executes various programs stored in the ROM 12 or the nonvolatile memory 13. The I / O circuit 14 serves as an interface with the external device 2. As a result, the IC chip 1a can communicate with or without contact with the external device 2 including the reader / writer. In the case of the contact type IC chip 1a, the I / O circuit 14 includes, for example, eight terminals C1 to C8. For example, the C1 terminal communicates with the power supply terminal (terminal for supplying power to the IC chip 1a), the C2 terminal with the reset terminal, the C3 terminal with the clock terminal, the C5 terminal with the ground terminal, and the C7 terminal with the external device 2. Terminal. On the other hand, in the case of the non-contact type IC chip 1a, the I / O circuit 14 includes, for example, an antenna and a modulation / demodulation circuit. Examples of the external device 2 include an IC card issuing machine, ATM, ticket gate, and authentication gate. Alternatively, when the IC chip 1a is incorporated in a communication device, the external device 2 corresponds to a control unit responsible for the function of the communication device.

  For example, a flash memory, a ferroelectric memory, or “Electrically Erasable Programmable Read-Only Memory” can be applied to the nonvolatile memory 13. The nonvolatile memory 13 stores an IC card OS (hereinafter also referred to as “OS”), various applications, and data used by these.

  Here, the function of the application is realized by the CPU 10 executing an application instance generated in the nonvolatile memory 13 by installing the application program. Note that an application instance may be referred to as an application because an application function is realized by executing the application instance. As will be described later, the application program is divided by the [LOAD] command from the server, transmitted to the IC chip 1a, and stored in the nonvolatile memory 13. That is, the application program and application instance are stored in the nonvolatile memory 13.

[2. Functional configuration of IC chip 1a]
FIG. 2 is a block diagram illustrating a functional configuration example of the IC chip 1a. In the IC chip 1a, there is always at least one security domain (Security Domain, hereinafter referred to as “SD”) that is an application for managing the IC chip 1a itself and the applications in the IC chip 1a. SD includes ISSD (Issuer Security Domain) and SSD (Supplementary Security Domains). Such SD mainly supports the following functions (1) to (9).

(1) IC card life cycle management
(2) Application program life cycle management
(3) Application instance lifecycle management
(4) Loading application programs
(5) Application instance generation (installation)
(6) Deleting application programs or application instances
(7) Writing application instance data (issued data)
(8) Reading data
(9) Secure communication channel according to Secure Channel Protocol (hereinafter referred to as “SCP”)

  By supporting the functions (1) to (9) above, the ISD can manage the issuer of the IC card 1 and the security policy for the card content (application program, application instance, etc.) in the IC chip 1a. Realize. On the other hand, the SSD realizes the management and security policy of a third party that provides services on the IC card for the card content in the IC card by supporting the functions (1) to (9) above. . Here, the third party providing the service on the IC card means a person other than the IC card issuer and the IC card holder (the user who is the target of the IC card issue). In the function (9) above, the SCP allows command data confidentiality, command integrity (and guarantee of command sequence), command data (for the communication path between the SD in the IC card and the external device) Provide more confidentiality of sensitive data (eg, keys and PIN codes) in plaintext.

  As shown in FIG. 2, the OS is installed in the IC chip 1 a, and further, applications such as the above-described ISD, SSD, and applications 1 and 2 that provide various services are installed (the instance is a nonvolatile memory 13). Remembered). In addition, instance data (for example, key value for authentication, point data, and user ID) used and managed by application instances such as ISD, SSD, and Application 1 and 2 are assigned to each application instance on the nonvolatile memory 13. It is stored in the area. In addition, registry data (for example, AID and privileges) managed by the OS and associated with each application instance is stored in an area allocated to the OS on the nonvolatile memory 13.

  Applications such as ISD, SSD, and Applications 1 and 2 are updated when a defect is found or a function is added. Here, because the main purpose of application updates is to update application programs and application instances, instance data and registry data (in some cases, instance data and registry data are collectively referred to as “application data”) Many data will be the same before and after (if the algorithm or key length is changed due to compromised encryption, etc., the data may be different). Therefore, when updating the application, the IC chip 1a of the present embodiment saves the application data in a temporary area on the nonvolatile memory 13 assigned to the OS, deletes the application program and the application instance, and then creates a new one. A version of the application program is loaded, a new version of the application instance is generated by the installation process, and then the saved application data is restored. Hereinafter, a process (update process) when updating the application will be described in detail.

[3. Update process]
Hereinafter, an operation example of the update process of the IC chip 1a will be described with reference to FIGS. FIG. 3 is a sequence diagram illustrating an example of an update process, FIG. 4 is a flowchart illustrating an example of a save / delete process performed by the IC chip 1a, and FIG. 5 illustrates an example of an install / restore process performed by the IC chip 1a. FIG. 6 is a diagram for explaining an unexpected check of instance data.

  FIG. 3 shows an IC chip 1a and a server (point application) for updating a point application (an application that enables point addition / use at affiliated facilities, etc .; hereinafter referred to as “point application”). The flow of command and response of the provider server) is shown.

  First, the server transmits a [SELECT ISD] command to the IC chip 1a in order to form a communication path with an ISD that is an SD that manages the point application in the IC chip 1a (step S1). The [SELECT] command includes an AID that is an ID for identifying an application that is a communication path partner, and a logical channel number that identifies a communication path (logical channel) with the application. In response to this, the IC chip 1a executes a process for forming a communication path in response to the command and transmits an OK response (step S2). However, if the process according to the command cannot be completed normally, a response indicating that an error has occurred is transmitted to the server (hereinafter, the same applies to steps S4, S6, S9, S11, S13, and S16). As a result, a communication channel (logical channel) identified by the logical channel number is formed, and thereafter, the server includes the logical channel number in the command, thereby allowing the command to be passed through the communication channel identified by the logical channel number. Can communicate with ISD.

  Next, the server executes secure processing (mutual authentication processing for protecting commands by SCP) that makes the communication channel (logical channel) formed so far secure to improve the confidentiality of the communication channel. .

  The mutual authentication process is a process in which the server and the IC chip 1a authenticate each other on the premise that they know each other the key that is the source of the cryptographic operation according to the algorithm determined by the protocol. Specifically, the server transmits an [INITIALIZE UPDATE] command and an [EXTERNAL AUTHENTICATE] command, which are mutual authentication commands, to the IC chip 1a (steps S3 and S5), and the IC chip 1a responds to each command. The process is executed, and when the process is completed normally, an OK response is transmitted (steps S4 and S6). In FIG. 3, the mutual authentication is completed by transmitting an OK response by the process of step S6.

  Next, the server transmits a [save / delete process] command for causing the IC chip 1a to execute a save / delete process (step S7). The save / delete process is a part of the process for updating the application. On the other hand, the IC chip 1a executes a save / delete process (step S8). The save / delete process will be described later. When the saving / deleting process ends normally, the IC chip 1a transmits an OK response (step S9).

  Next, the server transmits a [LOAD (0)] command to the IC chip 1a (step S10). The [LOAD] command is a command for dividing the application program of the new point application into n pieces and transmitting it. The [LOAD (0)] command is a command for transmitting the first part of the n divided parts and storing it in the IC chip 1a. The IC chip 1a performs a process of storing a part of the application program included in the [LOAD] command in the nonvolatile memory 13, and transmits an OK response to the server when the process ends normally (step S11). Similarly, the server sends the [LOAD (1)] command, [LOAD (2)] command,..., [LOAD (n-1)] command to send the remaining part of the division, Each time, the IC chip 1a performs a process of storing a part of the application program included in the [LOAD] command in the nonvolatile memory 13, and transmits an OK response to the server when the process ends normally. When the [LOAD (n-1)] command is transmitted (step S12) and the OK response is transmitted (step S13), the entire application program of the new point application is stored in the nonvolatile memory 13 of the IC chip 1a. It is memorized (load complete). Note that the processing in steps S10 to S13 may be collectively referred to as “load processing”. Note that the loading process may be performed after the mutual authentication is completed and before the processes in steps S7 to S9.

  Next, the server transmits an [install / restore process] command for executing the install / restore process to the IC chip 1a (step S14). The installation / restoration process is a part of the process for updating the application. On the other hand, the IC chip 1a executes an installation / restoration process (step S15). The installation / restoration process will be described later. When the IC chip 1a completes the installation / restoration process normally, an OK response is transmitted (step S16), and the application update process ends.

[4. Backup / deletion process]
Next, saving / deleting processing by the IC chip 1a will be described with reference to FIG. The save / delete process is a process executed in response to a [save / delete process] command from the server.

  First, the OS of the IC chip 1a (which executes the CPU 10) saves the instance data related to the point application in a temporary area assigned to the OS (step S101). At this time, the OS receives the instance data from the point application and stores it in the temporary area.

  Next, the OS saves the registry data related to the point application in a temporary area assigned to the OS (step S102). Note that the processing in step S101 and the processing in step S102 may be collectively referred to as “evacuation processing”.

  Next, the OS deletes the application instance of the point application (step S103).

  Next, the OS deletes the application program of the point application (step S104), and ends the saving / deleting process. Note that the processing in step S103 and the processing in step S104 may be collectively referred to as “deletion processing”.

[5. Installation / Restore Processing]
Next, installation / restoration processing by the IC chip 1a will be described with reference to FIG. The install / restore process is a process executed in response to an [install / restore process] command from the server.

  First, the OS of the IC chip 1a (the CPU 10 that executes) performs installation processing of a new version of the application program stored in the point application based on the [LOAD] command in steps S10 to S12 in FIG. A version application instance is generated) and stored in the nonvolatile memory 13 (step S201).

  Next, the OS restores the instance data saved in step S101 of FIG. 4 (step S202). Specifically, the OS delivers instance data to a new version of the application instance, and the application instance (the CPU 10 that executes the application instance) stores the received instance data in an area on the nonvolatile memory 13 assigned to the OS. Thus, the instance data is restored. That is, the saved instance data is associated with the application instance so that it can be used. At this time, as shown in FIG. 6, the application instance acquires a restoration list 501 that is a list of restored instance data. The restoration list 501 describes a data identifier for identifying each restored instance data. For example, if the instance data is TLV format data, TAG information or a combination of TAG information and LENGTH information can be adopted as the data identifier. However, if the information is not unique, additional information is added or a new identifier is used. The restoration list 501 may be received by the OS together with the application instance generated by the OS, or may be created by the application instance based on the application instance received from the OS.

  Next, the OS restores the registry data saved in step S102 of FIG. 4 (step S203). Specifically, the OS executes processing for associating the saved registry data with the new point application so that the OS can use it. Note that the processing in step S202 and the processing in step S203 may be collectively referred to as “association processing”.

  Next, the new version of the application instance of the point application (the CPU 10 executing the application) is added to the instance data restored in step S202 (instance data saved in step S101 of FIG. 4) for the new version of the application instance. It is checked whether necessary instance data is insufficient (step S204). For example, a necessary list 502 (see FIG. 6) that is a list of instance data necessary for the application instance is described in a new version of the application instance, and the application instance is acquired by the necessary list 502 and the process of step S202. By comparing the restored lists 501, it is checked whether there is any missing instance data. It is preferable to share items described in the necessary list 502 and the restoration list 501. In the example of FIG. 6, the instance data having data identifiers “789012,” “890123,” and “901234” are insufficient.

  Next, the application instance determines whether there is insufficient instance data as a result of the check in step S204 (step S205). At this time, if the application instance determines that there is no insufficient instance data (step S205: NO), the installation / restoration process ends. On the other hand, when it is determined that there is insufficient instance data (step S205: YES), the application instance creates a shortage list 503 (see FIG. 6), which is a list of lacking instance data (step S205). S206), the installation / restoration process is terminated. The deficiency list 503 includes identification information that can identify deficient instance data, such as a data identifier described in the necessary list 502, for example.

[6. Missing list output process]
Next, the shortage list output process by the IC chip 1a will be described with reference to FIG. FIG. 7 is a flowchart showing an example of the shortage list output process by the IC chip 1a. The shortage list output process is a process executed after the shortage list is created by the process of step S206 in FIG.

  The application instance of the IC chip 1a (which executes the CPU 10) determines whether or not an insufficient data confirmation command (an example of a “confirmation command”) has been received from the external device 2 such as a server (step S301). Then, the application instance stands by until it receives the missing data confirmation command (step S301: NO), and when it is determined that the missing data confirmation command has been received (step S301: YES), step S206 in FIG. The information of the shortage list 503 created by the process is output to the transmission source of the shortage data confirmation command (step S302). Specifically, the identification information that can identify the missing instance data such as TAG information and LENGTH information in the TLV of the missing instance data so that the external device 2 can identify the missing instance data. Output. When the application instance finishes the process of step S302, the application instance proceeds to the process of step S301.

  As described above, the IC chip 1a (an example of the “electronic information storage medium”) of the present embodiment is used by the nonvolatile memory 13 (an example of the “storage unit”) by the application program, the application instance, and the application instance. The CPU 10 (an example of “save means”, “delete means”, “load means”, “install means”, “restoration means”, “list creation means”, “output means”). , A save process for saving the instance data stored in the nonvolatile memory 13 to a temporary area (an example of “another storage area”) of the OS of the nonvolatile memory 13 is executed, and after the save process, the nonvolatile memory 13 Delete the application program and application instance stored in the An application program that is a new version of the application program (an example of a “new application program”) is stored in the non-volatile memory 13 and the application stored in the non-volatile memory 13 after the deletion process and the load process is executed. A new version of the application instance (an example of “new application instance”) is generated based on the program and is stored in the non-volatile memory 13. After the load process, the saved instance data is stored in the new version of the application. The restoration process for storing the instance in a usable location is executed, and the shortage list 503 (“the saved instance of the instance data necessary for the new version application instance is saved. Create an example) of the list "of instance data that are missing in Sudeta, and outputs the information of the shortage list 503 to the server, or the like (an example of the" external device ").

  Therefore, according to the IC chip 1a of the present embodiment, the instance data that does not need to be changed before and after the update is retained without being deleted, and the retained instance data is restored after the application is updated. In this case, since the shortage list 503 is created and the information of the shortage list 503 is output to the server or the like, the server or the like can easily grasp additional necessary instance data in addition to the held data.

[7. Modified example]
Next, a modification of the above embodiment will be described. Note that the modifications described below can be combined with the above-described embodiment and other modifications as appropriate.

[7.1. Modification 1]
In the above embodiment, when a lack data confirmation command is received from the external device 2 (server or the like) (step S301: YES), the information of the lack list 503 is output to the transmission source of the lack data confirmation command (step S302). However, instead of or in addition to this, when the shortage list 503 is created in the process of step S206, the [install / restore process] command received in the process of step S14 in the process of step S16 of FIG. The information of the shortage list 503 may be transmitted as a response or a part thereof.

[7.2. Modification 2]
In the above embodiment, when a lack data confirmation command is received from the external device 2 (server or the like) (step S301: YES), the information of the lack list 503 is output to the transmission source of the lack data confirmation command (step S302). However, instead of or in addition to this, when the shortage list 503 is created in the process of step S206, the application instance holds shortage state information indicating whether or not it is in a data shortage state. To do. Then, when the external device 2 (server or the like) causes the application instance to perform processing, it outputs a state confirmation command for confirming whether the data instance is in a data shortage state. When it is determined that there is a shortage state, the shortage list 503 information may be transmitted as a response to the state confirmation command.
[7.3. Modification 3]

  The OS (the CPU 10 that executes the program) is being updated (for example, during the execution of the processes in steps S7 to S16 in FIG. 3), and the update target application (application instance) is selected from the external device 2 by the [SELECT] command. In this case, the IC chip 1a may return a response (status word) indicating an error to the external device 2. Thereby, the external device 2 can grasp that the application cannot be selected.

1 IC card 1a IC chip 10 CPU
11 RAM
12 ROM
13 Nonvolatile Memory 14 I / O Circuit 2 External Device

Claims (6)

Storage means for storing an application program, an application instance, and instance data used by the application instance;
Saving means for executing saving processing for saving the instance data stored in the storage means to another storage area of the storage means;
A deletion unit that executes a deletion process for deleting the application program and the application instance stored in the storage unit after the saving process;
Load means for executing a load process for storing a new application program which is a new version of the application program in the storage means;
An installation unit for executing an installation process for generating a new application instance of a new version based on a new application program stored in the storage unit and storing the new application instance in the storage unit after the deletion process and the load process;
A restoring means for executing a restoring process for storing the instance data saved by the saving means in a location where the new application instance can be used after the loading process;
List creation means for creating a list of instance data that is insufficient in the saved instance data among the instance data necessary for the new application instance,
Output means for outputting the information of the list to an external device;
An electronic information storage medium comprising: The electronic information storage medium according to claim 1,
An error response is returned when a command for selecting the application instance is received from an external device during execution of the save process, the delete process, the load process, the install process, or the restore process An electronic information storage medium further comprising error return means. The electronic information storage medium according to claim 1 or 2,
When the output means receives a confirmation command for confirming whether there is insufficient instance data in the saved instance data among the instance data necessary for the new application instance, from the external device, the list The information is output to the external device.   An IC card comprising the electronic information storage medium according to any one of claims 1 to 3. An update method using an electronic information storage medium comprising storage means for storing an application program, an application instance, and instance data used by the application instance,
Saving c for executing saving processing for saving the instance data stored in the storage means to another storage area of the storage means;
A deletion step of executing a deletion process for deleting the application program and the application instance stored in the storage unit after the saving process;
A load step of executing a load process for storing a new application program which is a new version of the application program in the storage unit;
After the deletion process and the load process, an installation step of executing an installation process for generating a new version of a new application instance based on a new application program stored in the storage unit and storing the new application instance in the storage unit;
After the loading process, a restoration process for executing a restoration process for storing the instance data saved in the saving process in a location where the new application instance can be used;
A list creation process for creating a list of instance data that is insufficient in the saved instance data among the instance data necessary for the new application instance,
An output step of outputting the information of the list to an external device;
An update method using an electronic information storage medium. A computer included in an electronic information storage medium comprising storage means for storing an application program, an application instance, and instance data used by the application instance;
A saving unit for executing a saving process for saving the instance data stored in the storage unit to another storage area of the storage unit;
A deletion unit that executes a deletion process for deleting the application program and the application instance stored in the storage unit after the saving process;
Load means for executing a load process for storing a new application program which is a new version of the application program in the storage means;
An installation means for executing an installation process for generating a new application instance of a new version based on a new application program stored in the storage means and storing the new application instance in the storage means after the deletion process and the load process;
A restoring means for executing a restoring process for storing the instance data saved by the saving means in a location where the new application instance can be used after the loading process;
List creation means for creating a list of instance data that is insufficient in the saved instance data among the instance data necessary for the new application instance,
Output means for outputting information of the list to an external device;
An update program characterized by functioning as

Images