JP2023135978A - Ic chip and integrity check method for ic chip - Google Patents

Abstract

To provide an IC chip in which a large number of integrity checks can be efficiently performed during the shipment or issuance of an information carrier such as an IC card.SOLUTION: In an IC chip, files constitute a hierarchy directory and are saved in a storage region. One directory includes: a directory management region; a file including a file header and a data division; and a check code which is calculated from data of the data division and saved in association with the file. In integrity check of one file, the check code is recalculated from the data body of the file and the recalculated check code is compared with the check code saved in association with the file, thereby performing the integrity check.SELECTED DRAWING: Figure 1

Description

The present invention relates to an IC chip built into an information carrier such as an IC card, and a consistency check method that can efficiently check the integrity of stored files, particularly when shipping or issuing an information carrier. The present invention relates to an IC chip and a checking method that can efficiently check the consistency of a large number of files, such as files.

When shipping and issuing an information carrier such as an IC card, multiple files and directories are written to the storage area of the installed IC chip, such as failure analysis after product shipment. A consistency check (also referred to as a file check) may be performed via a terminal that reads and writes commands and data. With conventional technology, it is possible to access the data part of each file by issuing a command from the terminal (binary file: ReadBinary, record file: ReadRecord, key file: InternalAuthenticate, etc.). I was able to run a file check.

For example, in the case of an IC chip having a directory structure as shown in FIG. 11, when a file check is performed on a file (EF12), the result is as shown in FIG. A file check (corruption detection) can only be performed by first executing a file selection command, then issuing an access command to the data section, and calculating a check code from the data in the readable data section. Therefore, when file checking is performed on a large number of files, such as when shipping or issuing IC cards, it is necessary to execute an access command each time, which poses a problem in that the processing time increases.

In addition, when performing a file check on a file (EF14), as shown in Figure 13, certain files may be In some cases, it took a long time to access the data, further increasing processing time.

In this way, since it is not possible to check the file until the command to access the data part of each file of the IC chip is executed from the terminal, failure analysis is performed at the time of shipment/issuance of information carriers such as IC cards, and after product shipment. When performing a file check on a large number of files such as , it is necessary to execute an access command each time, which poses a problem in that the processing time increases. Additionally, due to restrictions on access rights and execution conditions, it may take some time to access specific file data, further prolonging the processing time.

As a method for shortening this processing time, for example, Patent Document 1 discloses that the value of an error detection code given to a data file is checked, and if the value of the error detection code is a specific value, the data consistency checking means is If the write process is executed without being executed, and the error detection code is not the specific value, the data consistency check means is executed, so that the data consistency check can be performed in a situation where data consistency is not questioned. An IC card has been proposed that can reduce the processing time of write commands.

However, the invention disclosed in Patent Document 1 relates to a specific IC card having a 4-byte error detection code, and the value of the error detection code given to the data file is determined before writing to the data file. A process is required to confirm whether or not the value is a specific value, and only if it is a specific value, the subsequent confirmation process can be omitted, limiting the effect of omitting the process, and further writing to the data file. It was also necessary to provide a write command to add an error detection code calculated from the data to the data file.

Patent No. 4601968

When performing a consistency check (file check) on the installed IC chip when shipping or issuing an information carrier such as an IC card, conventionally it took time to process commands to check a large number of files. However, it is an object of the present invention to provide an IC chip and a method for checking the consistency of the IC chip, which can improve efficiency and shorten processing time.

In order to solve the above problems, the present invention
An IC chip in which files are stored in hierarchical directories in a storage area, and one directory includes:
directory management area,
A file including a file header and a data part;
a check code calculated from the data in the data section and stored in association with the file;
When checking the integrity of one file,
This IC chip is characterized in that it performs a consistency check by recalculating a check code from the data body of the file and comparing it with a check code stored in association with the file.

In the above IC chip,
A check code stored in association with the file may be stored within the file.

In the above IC chip,
The check code stored in association with the file may be stored in a directory management area of a directory that includes the file.

In the above IC chip,
The check code may be a code calculated using a cyclic redundancy check method.

Another aspect of the present invention is
An IC chip integrity check method for checking the integrity of files stored in a storage area, the method comprising:
When registering the file in the storage area, calculate a check code from the data included in the file, associate it with the file, and save it in the storage area;
A data integrity check for an IC chip, characterized in that when checking the integrity of the file, the integrity check is performed by recalculating a check code from the data included in the file and comparing it with the saved check code. It's a method.

In the above IC chip data consistency check method,
The saved check code may be saved in a linked file.

In the above IC chip data consistency check method,
The saved check code may be saved in a directory management area of a directory containing the file.

In the above IC chip data consistency check method,
The check code may be a code calculated using a cyclic redundancy check method.

According to the IC chip and IC chip consistency check method of the present invention, a file check is performed without executing an access command to the data section via a terminal that reads and writes commands and data to the IC chip. It is possible to shorten the processing time. This is particularly effective when it is necessary to perform file checks on a large number of files, such as when shipping or issuing information carriers such as IC cards.

FIG. 2 is an explanatory diagram of an example of the file structure of the IC chip of the present invention. FIG. 3 is a flowchart of the file registration of the IC chip according to the present invention. FIG. 3 is a flowchart of a file check of the IC chip according to the present invention. It is a block diagram of the file of the IC chip of this invention. FIG. 3 is a flowchart of the file registration of the IC chip according to the present invention. FIG. 3 is a diagram showing the overall flow when checking a file of an IC chip according to the present invention. FIG. 3 is a diagram illustrating an example of file check processing for an IC chip according to the present invention. It is a flowchart of the file check of file EF4 of the IC chip of this invention. FIG. 2 is an explanatory diagram of an example of a file configuration of an IC chip according to the present invention. 10 is a diagram showing the overall flow when checking a file in the example of FIG. 9. FIG. FIG. 2 is an explanatory diagram of an example of a file configuration of a conventional IC card. FIG. 12 is a flowchart for checking the file of the IC card in FIG. 11; FIG. 12 is a flowchart for checking the file of the IC card in FIG. 11;

Embodiments of the present invention will be described in detail below with reference to the drawings. Note that the present invention is not limited to the embodiments described below. Further, in the embodiments shown below, technically preferable limitations are made for carrying out the invention, but these limitations are not essential to the present invention.

FIG. 1 is an explanatory diagram of an example of a file structure of an IC chip according to the present invention. Files storing various data are written and stored in a hierarchical directory structure in the storage area of the IC chip. Specifically, for example, the directory (DF1) includes a directory management area, files (EF1), and (EF2), and further includes a directory (DF2) that is a lower layer directory. The directory (DF2) includes files (EF3) and (EF4). The file (EF4) is configured to be accessible after the verification of the file (EF1) is completed.

Although not particularly shown in the figure, it can also include lower-layer directories and files contained in those directories, and the entire structure is hierarchical. It is also assumed that the directory management area is included in an area described as a directory (DF1).

Each file has a block configuration as shown in FIG. 4, for example, and includes a file header and a data section. When registering each file on the IC chip, for example, the file (E
If F2), a check code is calculated from the data in the data section according to the procedure shown in FIG. 2, and the information is saved. In the example shown here, the check code is stored within the file header of each file. The check code can be calculated using any known method, for example, exclusive OR, cyclic redundancy check (CRC), etc. Among them, cyclic redundancy check (CRC) is preferable.

Calculation of the check code is done inside the IC chip, and can usually be done inside the operating system (OS) built into the storage area of the IC chip, so it is not possible to exchange commands etc. with the terminal side by itself. Not necessary.

When performing a file consistency check (file check), for example, when performing a file consistency check (EF2), first select the directory (DF1) using the directory selection command, as shown in the flow shown in Figure 3. , then select the file (EF2) with the file selection command, calculate the check code of the file (EF2) again in the same way, and compare it with the saved check code to check the integrity of the data of the file (EF2). can be confirmed.

In this way, since the file check can be completed within the IC chip, the file check can be performed without executing an access command from the terminal to the data section, making it possible to shorten the processing time. Needless to say, data in other files can also be checked in the same way. Specific examples of the IC chip of the present invention include, but are not limited to, an IC card, an IC chip mounted on an information carrier such as a mobile terminal, and a secure element. Therefore, it is particularly effective when it is necessary to perform file checks on a large number of files, such as when shipping or issuing information carriers such as IC cards.

<Example 1: File check for the entire configuration diagram example>
A case in which a file check is performed on the entire file in the example shown in FIG. 1 will be described in more detail.
(1) File registration using the configuration example When registering files using the configuration example shown in Figure 1, check the check codes for files (EF1), (EF2), (EF3), and (EF4) using the procedure described above. (Exclusive OR, CRC, etc.) and save the information in each file. The block configuration of the file is the same as that shown in FIG. 4, and the processing flow at the time of file registration is the same as that shown in FIG. 2, but is as shown in FIG. In FIG. 5, the symbol [*] indicates that directories and files are sequentially selected and repeated (for example, DF1, DF2, . . ., EF1, EF2, . . .), and the same applies to subsequent figures.

(2) Implementation of file check A file check is performed on all files in the configuration example shown in FIG.
In the file check flow shown in FIG. 6, files directly under each directory are checked. First, a directory containing a file for which the file check has not been completed is searched, and then a file for which the file check has not been completed is searched within that directory. For example, if the files (EF1) and (EF2) in the directory (DF1) have not been checked yet, the files (EF1) and (EF2) are checked. When the process is completed, a file check is performed in another directory, for example, files (EF3) and (EF4) directly under the directory (DF2), and so on.

FIG. 7 shows an example of file check processing. The check code recalculated in the same manner as shown in the block diagram shown in Figure 4 is compared with the check code calculated and saved when registering the file, and if they match, it is determined to be normal, and if they do not match, it is determined to be an abnormal state such as damage. . As a result, a file check can be performed without executing an access command from the terminal to the data section, and processing time can be shortened.

<Example 2: File check when access rights and execution conditions are restricted>
This is an example of file checking when some conditions are involved when accessing a file. Here, an example is given in which a file check is performed on a file (EF4) that requires verification of the file (EF1) for access in a file having the same configuration as in the first embodiment.
(1) File registration with the configuration shown in the example configuration diagram of FIG. 1 File registration can be performed using the same procedure as in the first embodiment.
(2) Implementation of File Check The basic flow is the same as that shown in FIG. 6, but FIG. 8 specifically shows the flow for the file (EF4) in this embodiment. In the conventional flow (Figure 13), it was necessary to verify the file (EF11) and read the file (EF14) to check the file, but with the present invention, neither of these is necessary. When checking, processing time can be further shortened compared to the conventional example.

<Example 3: File check for the entire configuration diagram example (when the check code is saved in a directory)>
This is an example in which a check code is saved in a directory in a file having the same configuration as in Example 1.
(1) File registration using the configuration shown in the example configuration diagram As shown in the example configuration diagram shown in Figure 9, the check code for the file directly under each directory is saved in the directory management area (for example, directory (DF1)). (Save the check code of file (EFI), (EF2)). The procedure is the same as in the second embodiment except that the check code is stored in the directory, so the flow of file registration etc. will be omitted here.
(2) Implementation of file check The flow of file check is basically the same as in the previous example, but since the check code is saved in the directory, the selection command for each file is no longer required as shown in Figure 10. , the flow is accordingly shorter than the flow of the second embodiment shown in FIG. 6, and the processing time can be further shortened.

As explained above, according to the IC chip and IC chip consistency check method of the present invention, it is possible to perform a file check without executing an access command from the terminal to the data section. IC chips and IC chips can save time and are more effective, especially when it is necessary to perform file checks on a large number of files, such as when shipping or issuing information carriers such as IC cards. can provide a consistency check method.

Claims (8)

An IC chip in which files are stored in hierarchical directories in a storage area, and one directory includes:
directory management area,
A file including a file header and a data part;
a check code calculated from the data in the data section and stored in association with the file;
When checking the integrity of one file,
An IC chip that performs a consistency check by recalculating a check code from the data body of the file and comparing it with a check code stored in association with the file. The IC chip according to claim 1, wherein a check code stored in association with the file is stored within the file. 3. The IC chip according to claim 1, wherein the check code stored in association with the file is stored in a directory management area of a directory containing the file. 4. The IC chip according to claim 1, wherein the check code is a code calculated using a cyclic redundancy check method. An IC chip integrity check method for checking the integrity of files stored in a storage area, the method comprising:
When registering the file in the storage area, calculate a check code from the data included in the file, associate it with the file, and save it in the storage area;
A data integrity check for an IC chip, characterized in that when checking the integrity of the file, the integrity check is performed by recalculating a check code from the data included in the file and comparing it with the saved check code. Method. 6. The method for checking data consistency of an IC chip according to claim 5, wherein the saved check code is saved in a linked file. 7. The data integrity checking method for an IC chip according to claim 5, wherein the saved check code is saved in a directory management area of a directory containing the file. 8. The data consistency check method for an IC chip according to claim 5, wherein the check code is a code calculated using a cyclic redundancy check method.

Images