JP3004236B2 - Portable electronic device and access management method in portable electronic device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable electronic device called an IC card having a built-in IC (integrated circuit) chip having a control element such as a nonvolatile memory and a CPU, and a portable electronic device. The present invention relates to an access management method in a possible electronic device.

[0002]

2. Description of the Related Art In recent years, a so-called IC having a built-in erasable nonvolatile memory and an IC chip having a control element such as a CPU has been developed as a new portable data storage medium.
Cards are being developed.

In this type of IC card, a password as authentication information is stored in a built-in memory, and when a password is input from the outside, a registered password stored in the memory is collated internally. Then, it is determined whether or not the subsequent access to the memory area is possible according to the collation result.

[0004]

For a multipurpose use of an IC card, a plurality of passwords are stored in a memory so that various types of passwords required for accessing an area of the memory are stored. Combinations can be set for each area,
And, as access to the area, for example, read,
If it is set for each command data such as writing, flexibility can be obtained in the construction of the IC card system. But,
This was not possible with conventional IC cards. For this reason, access conditions to the area cannot be set finely,
There is a drawback that the flexibility of the construction of the IC card system is lacking.

As a method of determining whether or not access to an area is possible, a plurality of personal identification numbers are stored in a memory, and identification information indicating which personal identification number can be accessed when each area is collated. Is stored in association with each area, and it is conceivable that the access result is determined by comparing the collation result of the personal identification number with the above-mentioned identification information at each access. However, if the identification information is used in common for all the access instruction data, the access conditions for all the instruction data become the same and operation becomes difficult.

Therefore, the present invention can use different authentication information for each file, change access conditions for each file and each area, and prevent leakage of authentication information. It is an object to provide a portable electronic device and an access management method in the portable electronic device.

[0007]

SUMMARY OF THE INVENTION A portable electronic device according to the present invention has a memory unit having a plurality of files and a control unit for accessing the memory unit. In the portable electronic device for inputting and outputting data, each file is given a file name, and each file has a plurality of areas and a plurality of authentication information used for accessing an area in the file. An authentication information storage unit for storing is provided, and in each area, verification state confirmation information indicating authentication information necessary for accessing the area, and authentication information indicated by the verification state confirmation information The identification information of whether the combination of AND logic or OR logic is stored, and when a file selection command specifying a file name is received from outside,
File selection means for selecting a file based on the file name given to each file, and when an authentication information collation command is received from outside, the file is stored in the file selected by the selection means. Collating means for collating the authentication information and the authentication information supplied from the outside together with the collating command; holding means for retaining the result of the collation by the collating means for each of the plurality of authentication information; First determining means for determining whether the combination of the authentication information indicated by the collation state confirmation information is AND logic or OR logic based on the identification information; When it is determined that the logic is AND logic, the holding method determines whether or not the matching result for all the authentication information indicated by the matching state confirmation information is positive. Second determining means for determining based on the verification result held in the verification information, and when the second determining means determines that the OR logic is obtained, the authentication information indicated by the verification status confirmation information A third determining unit that determines whether any one of the two is affirmative based on the comparison result held in the holding unit, and a determination result by the second determining unit and the third determining unit. Means for accessing the area when is affirmative.

The access management method for a portable electronic device according to the present invention includes a memory unit having a plurality of files, and a control unit for accessing the memory unit, and selectively communicates with an external device. In the access control method in a portable electronic device for inputting and outputting data, each file is given a file name, and each file is provided with a plurality of areas, and is used to access an area in the file. A plurality of authentication information to be used is stored, and in each area, verification state confirmation information indicating authentication information necessary for accessing the area, and a combination of the authentication information indicated by the verification state confirmation information When the identification information of whether to use AND logic or OR logic is stored, and a file selection command specifying a file name is received from outside When a file is selected based on the file name given to each of the files and a verification command for authentication information is received from outside, the authentication information and verification command stored in the selected file are received from the outside together with the verification command. The supplied authentication information is compared with the supplied authentication information, and the result of this comparison is held for each of the plurality of authentication information, and when accessing the plurality of areas, the information matching state confirmation information is used based on the identification information. A first determining step of determining whether the combination of the indicated authentication information is AND logic or OR logic, and if the first determining step determines that the combination is AND logic, the matching state A second determination step of determining whether the verification result for all of the authentication information indicated by the confirmation information is positive based on the stored verification result; And if the first determination step determines that the logic is OR logic, the stored collation determines whether any one of the authentication information indicated by the collation state confirmation information is positive. A third determining step for determining based on a result, and a step of accessing the area when the determination results of the second determining step and the third determining step are positive. Features.

According to the present invention, a plurality of pieces of authentication information are stored in the inside, these pieces of authentication information are selectively collated with authentication information input from the outside, and the collation result is stored for each piece of the above-mentioned authentication information. In addition, when accessing the area, if any one of the stored collation results is positive, the access is enabled, and all of the stored collation results are positive. It is accessible when it is targeted.

[0010] With this, it is possible to arbitrarily set a combination of authentication information necessary for access to the area for each area, and to set the combination with AND logic or OR logic. Therefore, access conditions to each area can be set finely, and flexibility in system construction can be obtained.

That is, according to the present invention, since authentication information is stored for each file, different authentication information can be used for each file. Further, since the access condition of each area in the file is stored using the authentication information for each file, the access condition can be changed for each file and each area. further,
If the file is not selected, the authentication information cannot be collated, so that the leakage of the authentication information can be prevented.

[0012]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 14 shows a configuration example of a terminal device that handles an IC card as a portable electronic device according to the present invention. That is, this terminal device
CPU of IC card 1 via card reader / writer 2
The control unit 3 can be connected to the control unit 3, and a keyboard 4, a CRT display device 5, a printer 6, and a floppy disk device 7 are connected to the control unit 3.

The IC card 1 is held by the user and, for example, refers to a personal identification number known only to the user at the time of product purchase or the like and stores necessary data. For example, FIG. As shown in the functional blocks, a part for executing basic functions such as a read / write unit 11, a password setting / password collating unit 12, and an encryption / decryption unit 13, and a supervisor 14 for managing these basic functions are provided. It is composed of

The read / write unit 11 includes a data memory 1
6 is a function of reading, writing, or erasing data with respect to the data No. The password setting / password collation unit 12 has a function of performing storage and reading prohibition processing of a password set by the user, collating the password after setting the password, and giving permission for the subsequent processing.

The encryption / decryption unit 13 performs, for example, encryption for preventing leakage or forgery of communication data when data is transmitted from the control unit 3 to another terminal device via a communication line, or encryption / decryption. The DES (Data Encryptio) is used to decode the encrypted data.
n Standard) for performing data processing in accordance with an encryption algorithm having a sufficient encryption strength.

The supervisor 14 decodes a function code input from the card reader / writer 2 or a function code to which data is added, and selects and executes a necessary function among the basic functions.

In order to exhibit these various functions, an IC
For example, as shown in FIG. 12, the card 1 obtains a control element (control unit) 15 such as a CPU, a data memory 16 as a memory unit, a program memory 17, and electrical contact with the card reader / writer 2. Control section 15, data memory 16, and program memory 1.
Reference numeral 7 denotes a single IC chip (or a plurality of IC chips), which is embedded in the IC card body.

The program memory 17 is formed of, for example, a mask ROM, and stores a control program of the control element 15 having a subroutine for realizing each of the basic functions.

The data memory 16 is used for storing various data, and is composed of an erasable non-volatile memory such as an EEPROM. For example, as shown in FIG. 4, the data memory 16 stores one common data file 21 operated by all applications.
And multiple applications that operate individually (2 in the figure)
Application data files 221 and 222)
Each of the data files 21, 221, 222 stores a plurality of key data (passwords) as authentication information and a plurality of areas.

The application data files 221,
A data file name (DFN) is assigned to each of the data files 222. By specifying the data file name by using data file selection command data described later, an application data file to be subsequently accessed is recognized. It has become.

For example, as shown in FIG. 5, identification information (KID) for designating key data is given to each key data, and the identification information is designated using key data collation instruction data described later. By doing so, key data to be collated is recognized.

In the example of FIG. 4, the common data file 21
KI for key data 1, 2, 3 belonging to
D01, KID02, and KID03 are assigned. The key data X4, X5, and X6 belonging to the application data file 221 are respectively KID0
4, KID05 and KID06 are assigned. Further, the key data Y4, Y5, and Y6 belonging to the application data
04, KID05 and KID06 are assigned.

Each key data includes, for example, FIG.
As shown in (1), collation state designation information is individually given, and is used to identify whether key data required for subsequent access has been collated.

Information on whether or not the key data has been verified is stored in the verification status storage units 231 and 232 shown in FIG. The collation state storage units 231 and 232 are provided, for example, in a RAM incorporated in the control element 15. In the case of key data belonging to the common data file 21, the collation state storage unit 231 and the application data In the case of key data belonging to the files 221 and 222, they are stored in the collation state storage section 232, respectively.

As shown in FIG. 7, a data file name storage section 24 is provided together with the collation state storage sections 231 and 232, and the data file name storage section 24 stores data file selection command data described later. The data file name of the data file selected as the access target is stored.

On the other hand, for example, as shown in FIG. 6, identification information (AID) for designating an area is given to each area.
By specifying this identification information, an area to be subjected to area processing is recognized.

In the example of FIG. 4, the common data file 21
AIDgg, for areas G and H belonging to
AIDhh is assigned. AIDaa, AIDbb, and AIDcc are assigned to the areas A, B, and C belonging to the application data file 221, respectively. Further, AIDdd, AIDee, and AIDff are assigned to the areas D, E, and F belonging to the application data file 222, respectively.

As shown in FIG. 6, for example, each area is individually provided with first and second collation state confirmation information, and these first and second collation state confirmation information are respectively provided. Logical information (A or O) is provided. The first and second collation state confirmation information requests the collation state of key data required at the time of area access. The logic information is identification information indicating whether the combination of the collation state confirmation information is an AND (AND) logic or an OR (OR) logic.
In the case of OR logic, it is "O".

FIG. 8 shows a data table for selecting two pieces of collation state confirmation information assigned to each area for each instruction code, and for selecting collation state confirmation information corresponding to various instruction codes. This data table is provided, for example, in the data memory 16.

Next, the operation in such a configuration will be described with reference to the flowcharts shown in FIGS. In the flowchart, the common data file 21 is a CDF, and the application data file 22
1, 222 are abbreviated as ADF.

First, a data file selection process will be described. In the steady state, a command data waiting state is set. When command data is input in this state, the control element 15 determines whether or not the data file selection command data is as shown in FIG. If the result of this determination is not data file selection instruction data, control element 15 performs another process.

As a result of the judgment of the command data, if the command data is the data file selection command data, the control element 15 finds the application data file having the same data file name as the data file name in the command data from the data memory 16. . If not found, control element 1
5 outputs response data indicating that the data file is undefined, and returns to the instruction data waiting state.

If found, the control element 15 stores the data file name in the instruction data in the data file name storage section 24 of FIG. 7 and changes the contents of the collation state storage section 232 to the uncollated state. That is, all bits are set to “0”. Then, the control element 15 outputs response data indicating completion of data file selection, and returns to the instruction data waiting state.

When the IC card is activated, the contents of the respective storage units 231, 232, 24 in FIG. 7 are all "0", and at this time, for example, the data file name "xxx"
Is input to the data file name storage unit 24, the value "xxx" is stored.

Next, the collation processing of key data will be described.
If the result of the determination as to whether or not the data is the data file selection command data is not data file selection command data, the control element 15 next determines whether or not the data is key data verification command data as shown in FIG. If the result of this determination is not key data collation command data, control element 15 performs another process.

As a result of the determination of the command data, if the command data is the key data collation command data, the control element 15 first determines whether or not the content of the data file name storage section 24 is “0” (the data file is selected). Is determined). If the result of this determination is "0", no data file has been selected. Therefore, the control element 15 refers to the common data file 21 to determine the identification information (KI
Key data having the same identification information (KID) as D) is found.

If the result of the above determination is that the data file is not "0", it means that the data file has been selected.
Therefore, the control element 15 has the common data file 2
1, and by referring to the selected application data file 221 or 222, the key data having the same identification information as the identification information in the instruction data is similarly found. If not found, control element 15
Outputs response data indicating that key data is undefined,
Return to the instruction data waiting state.

If found, the control element 15 checks the key data with the key data in the present instruction data.
As a result of this collation, if they match, the control element 15
Is the key data belonging to the common data file 21 or the application data files 221 and 222?
Judge whether it belongs to.

As a result of this judgment, the common data file 2
If it belongs to 1, the control element 15 refers to the collation state designation information given to the key data,
The same collation state storage unit 23 as the bit set to “1”
Set the bit of 1 to "1".

The application data file 2
If the control element 15 belongs to 21 or 222, the control element 15
Similarly, the same bit in the collation state storage section 232 is set to "1". Then, response data indicating key data match is output, and the process returns to the command data waiting state.

As a result of the collation of the key data, if the two do not match, the control element 15 similarly sets the same bit of the collation state storage unit 231 or 232 to "0". . Then, response data indicating that the key data does not match is output, and the process returns to the instruction data waiting state.

For example, after the application data file 222 is selected by the data file selection command data and the key data 1 and the key data Y5 and Y6 are collated, the content of the collation state storage section 231 is "10000000".
00 ”and the contents of the collation state storage section 232 are“ 0000011 ”.
00 ", and the content of the data file name storage section 24 is" YYY ". Thereafter, when the application data file 221 is selected, the content of the collation status storage unit 231 does not change, and the content of the collation status storage unit 232 becomes "00".
000000 ”, and the content of the data file name storage unit 24 is“ xxx ”.

Next, the area processing (reading, writing, and erasing of data in the area) will be described. As a result of the determination as to whether or not the data is the key data collation command data, if it is not the key data collation command data, the control element 15 reads the read command data as shown in FIG. It is determined whether such write command data or erase command data as shown in FIG. As a result of this judgment, FIG.
If the data is not the area processing command data such as
5 performs another processing.

As a result of the determination of the command data, if the data is the area processing command data, the control element 15 first determines whether or not the content of the data file name storage section 24 is "0". If the result of this determination is "0", no data file has been selected. Therefore, the control element 15 refers to the common data file 21 to find an area having the same identification information (AID) as the identification information (AID) in the instruction data.

If the result of the above determination is that the data file is not "0", it means that the data file has been selected.
Therefore, the control element 15 has the common data file 2
1. By referring to the selected application data file 221 or 222, an area having the same identification information as the identification information in the instruction data is similarly found. If not found, the control element 15
The response data indicating that the area is undefined is output, and the process returns to the instruction data waiting state.

If found, the control element 15 takes the logical sum of the contents of the collation state storage unit 231 and the contents of the collation state storage unit 232, and sets the result as "result 1". Next, the control element 15 selects two pieces of collation state confirmation information assigned to each area by searching the data table of FIG. 8 for the same instruction code as the instruction code in the present instruction data. For example, if the area processing instruction data is read instruction data, the instruction code is “zz”
Therefore, the first collation state confirmation information is selected by the corresponding selection information “1”, and if it is write instruction data, the instruction code is “ww”, and the second collation state is selected by the corresponding selection information “2”. If the state confirmation information is selected and is the erase instruction data, the instruction code is “vv”, and the second verification state confirmation information is selected by the corresponding selection information “2”.

When the first or second collation state confirmation information is selected in this way, the control element 15 refers to the selected collation state confirmation information, and the logical information attached thereto becomes AND logic. It is determined whether or not. As a result of this determination, if it is not AND logic (OR logic), the control element 15 determines whether all bits of the collation state confirmation information are “0”. As a result of this decision,
If all bits are “0”, the control element 15
Processing is performed on the area without checking the collation state.

As a result of the determination, if any bit is "1", the control element 15 determines whether any of the bits in the result 1 corresponding to the "1" bit is It is determined whether or not it is "1". As a result of this judgment, if none of the bits is “1”,
The control element 15 outputs response data indicating that access is not allowed, and returns to the command data waiting state. As a result of the above judgment,
If any one bit is "1", the control element 15 performs a process on the area.

As a result of the determination of the logic information, if the logic is an AND logic, the control element 15 similarly determines whether or not all the bits of the collation state confirmation information are “0”. As a result of this determination, if all the bits are “0”, the control element 15 determines that access to the area is prohibited, and outputs response data indicating that access is not possible,
Return to the instruction data waiting state.

As a result of the above-mentioned judgment, if any one of the bits is "1", the control element 15 compares the actual collation state confirmation information with the result 1. As a result of the comparison, if the two do not match, the control element 15 similarly outputs response data indicating that access is not possible, and returns to the instruction data waiting state. As a result of the comparison, if they match, the control element 15 performs processing for the area, and after the processing is completed, outputs the processing result as response data and returns to the command data waiting state.

Here, specifically, in the example of FIG. 4, for example, for area B, the logical information of the first collation state confirmation information given to it is AND logic (A), The status confirmation information report is "1,000,000
0 ". Therefore, the read access to the area B becomes possible in a state where only the collation of the key data 1 has been completed. The second collation state confirmation information is “00000”.
000 ", the logical information is OR logic (O). Therefore, writing and erasing accesses to area B indicate that collation of key data is unnecessary.

In the area C, the first collation state confirmation information is "00000000", and its logical information is AND logic (A). Therefore, read access to area C becomes impossible. The second collation state confirmation information is “00001100”, and its logical information is OR logic (O). Therefore, key data X5
Alternatively, if either of the key data X6 has been verified, writing and erasing access to the area C becomes possible.

The key data Y5 and key data Y
After the collation of No. 6, when the application data file 221 is selected and write access to the area C is executed, the collation state of the key data Y5 and the key data Y6 is cleared at the time of the selection, so that access is disabled.

That is, from this, the collation state of the key data in the application data files 221 and 222 becomes valid only for access to the area in the same application data file.

The application data file 2
The key data X4 of 21 and the key data Y4 of the application data file 222 have the same identification information (KI
D) is given, but when specifying the identification information, only one of the application data files is to be accessed, so there is no confusion.
However, the same identification information (KID) is not used between the common data file and another application data file. The same applies to the identification information (AID) given to the area.

Further, in the same application data file, the identification information (AID) and the identification information (KID) use the same values because the access to the instruction data is uniquely determined. You may.

Further, the number of pieces of collation state confirmation information given to each area can be changed according to the number of instructions and processes for the area. As described above, a plurality of key data (personal identification numbers) are stored in the data memory, and these key data are selectively collated with key data inputted from the outside. In the case of accessing an area of the data memory, when any one of the stored collation results is affirmative, the access is enabled and the stored collation result is stored. Are accessible when all are positive, and they can be set for each instruction data for accessing each area of the data memory.

Thus, a combination of key data necessary for accessing the area can be arbitrarily set for each area of the data memory, and the combination can be set particularly by AND logic or OR logic. The combination can be set for each instruction data for accessing each area of the data memory. Therefore, access conditions to each area of the data memory can be set finely,
Flexibility can be obtained in the construction of the C card system.

That is, since key data (personal identification number) is stored for each file, different key data can be used for each file. Further, since the access condition of each area in the file is stored using the key data of each file, the access condition can be changed for each file and each area. Further, if no file is selected, key data collation becomes impossible, so that leakage of key data can be prevented.

[0060]

As described in detail above, according to the present invention, different authentication information can be used for each file, and access conditions can be changed for each file and each area. And a portable electronic device capable of preventing the leakage of data, and an access management method in the portable electronic device.

[Brief description of the drawings]

FIG. 1 is a flowchart illustrating each processing operation.

FIG. 2 is a flowchart illustrating each processing operation.

FIG. 3 is a flowchart illustrating each processing operation.

FIG. 4 is a diagram showing a file structure of a data memory.

FIG. 5 is a view for explaining various information for key data.

FIG. 6 is a view for explaining various information for an area.

FIG. 7 is a diagram illustrating a collation state storage unit and a data file name storage unit.

FIG. 8 is a view for explaining a data table in which selection information for selecting collation state confirmation information corresponding to various instruction codes is stored.

FIG. 9 is a diagram showing a format example of data file selection instruction data.

FIG. 10 is a diagram showing a format example of key data collation instruction data.

FIG. 11 is a view showing a format example of read command data, write command data, and erase command data for an area.

FIG. 12 is a block diagram showing a configuration of an IC card.

FIG. 13 is a diagram showing functional blocks of an IC card.

FIG. 14 is a block diagram showing a configuration of a terminal device.

[Explanation of symbols]

1 ... IC card (portable electronic device), 15 ... control element (control unit), 16 ... data memory (memory unit),
17 Program memory, 21 Common data file, 221, 222 Application data file, 231, 232 Verification state storage unit.

Claims (7)

(57) [Claims] 1. A portable electronic device having a memory unit having a plurality of files and a control unit for accessing the memory unit and selectively inputting / outputting data to / from the outside, Each file is provided with a file name, each file is provided with a plurality of areas, and an authentication information storage unit for storing a plurality of authentication information used for accessing areas in the file, and In each area, a combination of verification state confirmation information indicating authentication information necessary for accessing the area and authentication information indicated by the verification state confirmation information is set to AND logic or OR logic. Identification information is stored, and when a file selection command that specifies a file name is received from outside, the file is determined based on the file name given to each of the files. File selecting means for selecting, and when receiving a verification command for authentication information from the outside, the authentication information stored in the file selected by the selection means and the authentication information supplied from the outside together with the verification command. Collating means for collating, retaining means for retaining a result of collation by the collating means for each of the plurality of pieces of authentication information, and indicating the collation state confirmation information based on the identification information when accessing the plurality of areas. First determining means for determining whether the combination of the authentication information being performed is AND logic or OR logic; and when the first determining means determines that the combination is AND logic, checking the collation state A second determining means for determining whether or not the verification result for all of the authentication information indicated by the information is affirmative based on the verification result held in the holding unit; When the second determination unit determines that the OR is embedded, the storage unit stores whether any one of the authentication information indicated by the collation state confirmation information is positive. A third determination unit that determines based on the comparison result that has been performed, and a unit that accesses the area when the determination results by the second determination unit and the third determination unit are positive. A portable electronic device comprising: 2. A method according to claim 1, wherein said plurality of areas include first collation state confirmation information indicating a first set of authentication information required for accessing said area, and a second set required for accessing said area. Second authentication state confirmation information indicating the authentication information is stored, and when accessing any of the plurality of areas based on a command received from outside, the first collation state confirmation information is stored.
A correspondence table storing, for each instruction data, whether to use the collation state confirmation information of the second or the second collation state confirmation information. 2. The portable electronic device according to claim 1, further comprising a selection unit for selecting whether to use the first collation state confirmation information or to use the second collation state confirmation information based on the correspondence table. apparatus. 3. When no authentication information is indicated in the collation state confirmation information and the identification information is AND logic, access to an area is prohibited without determining the collation result. The access prohibition means and the verification state confirmation information do not indicate authentication information,
2. The portable electronic device according to claim 1, further comprising: access permitting means for permitting access to an area without referring to the collation result when the identification information is OR logic. . 4. The portable electronic device according to claim 1, wherein the portable electronic device comprises one IC chip including a data memory constituting the memory unit, a control element constituting the control unit, and a program memory. Item 6. A portable electronic device according to Item 1. 5. An access control in a portable electronic device having a memory unit having a plurality of files and a control unit for accessing the memory unit and selectively inputting / outputting data to / from the outside. In the method, each file is given a file name, each file is provided with a plurality of areas, and a plurality of authentication information used for accessing an area in the file is stored; Is the verification state confirmation information indicating the authentication information necessary for accessing the area and the identification of whether the combination of the authentication information indicated by the verification state confirmation information is AND logic or OR logic The information is stored, and when a file selection command for designating a file name is received from outside, the file is determined based on the file name given to each file. Is selected, and when an authentication information collation instruction is received from outside, the authentication information stored in the selected file is collated with the authentication information supplied from the outside together with the collation instruction. A result is retained for each of the plurality of pieces of authentication information, and when accessing the plurality of areas, the combination of the authentication information indicated by the information collation state confirmation information based on the identification information is AND logic. A first determination step of determining whether there is an OR logic, and if the first determination step determines that the logic is AND logic, all of the authentication information indicated by the collation state confirmation information A second judgment step of judging whether the collation result is affirmative based on the held collation result, and judging that the logic is OR by the first judgment step A third determination step of determining whether any one of the pieces of authentication information indicated by the matching state confirmation information is positive based on the held matching result; Performing an access to the area when the determination results of the second determination step and the third determination step are affirmative, and the access management method for a portable electronic device. 6. A method according to claim 6, wherein said plurality of areas include first collation state confirmation information indicating a first set of authentication information required for accessing said area, and second collation status information required for accessing said area.
Second collation state confirmation information indicating a set of authentication information is stored, and when accessing any of the plurality of areas based on a command received from outside, the first collation state confirmation information is stored in the first collation state confirmation information. A correspondence table that stores whether to use the second collation state confirmation information in correspondence with each command data, and when accessing an area, based on the received command data and the correspondence table. 6. The access management method for a portable electronic device according to claim 5, further comprising a selecting step of selecting whether to use the first collation state confirmation information or the second collation state confirmation information. 7. If the authentication information is not indicated in the collation state confirmation information and the identification information is AND logic, access to the area is disabled without determining the collation result, When the authentication information is not indicated in the collation state confirmation information and the identification information is OR logic, access to the area is permitted without referring to the collation result. The access management method in a portable electronic device according to claim 5, wherein