JP5221266B2 - Electronic device mounted on portable terminal device, portable terminal system, and application control method in electronic device - Google Patents

Description

  The present invention provides, for example, an electronic device such as an IC card in which network information for realizing a communication function by a mobile terminal device is stored, a mobile terminal system as a mobile terminal device in which the electronic device is mounted, and The present invention relates to a method for controlling an application in the electronic device.

  Conventionally, in many countries overseas including Europe, a GSM (Global System for Mobile Communications) system exists as a mobile phone system system. In the GSM system, it is essential to install a SIM (Subscriber Identity Module) card, which is a kind of IC card, in a mobile phone. Furthermore, in recent years, mobile phone systems that employ 3GPP (3rd Generation Partnership Project) standards have become widespread in regions such as Japan and Europe. According to the 3GPP standard, it is indispensable to attach an IC card called a USIM (Universal Density Module) card to a mobile phone like a SIM card.

  The SIM card or USIM card used in the GSM or 3GPP is an IC card mounted on a mobile phone. The SIM card or USIM card stores information such as key information necessary for connection to the mobile communication system, encryption algorithm, various network parameters, and user personal information. In such a mobile phone, information stored in the SIM card or the USIM card is transmitted to a server of a communication carrier and authenticated with these servers. A mobile phone that has been successfully authenticated with the server can receive the communication service of the carrier.

  In addition, various applications provided by each telecommunications carrier are stored in the USIM used in the 3GPP standard mobile phone. In addition, unique information customized for each user is often stored in the USIM. For example, personal information such as address book information stored in an internal memory of a mobile phone or an external memory (for example, a memory card) attached to the mobile phone is also increasingly stored in a USIM with high security. . Thus, there is an increasing need for USIM that can store a large amount of information unique to each user.

While mobile phones using USIM as described above have become commonplace, globalization technology has also been developed. For example, when traveling abroad, a form in which roaming is performed by a business operator at a destination (overseas) using a USIM currently in use has been realized. As described above, as mobile phone systems that can use various communication methods or mobile phone systems that can be used overseas also become widespread, services provided by mobile phones or IC cards attached to mobile phones Has also become seamless.
JP 2004-133848 A

  An object of one aspect of the present invention is to provide an electronic device, a portable terminal system, and an application control method for the electronic device that are mounted on a portable terminal device that can use an appropriate application according to the situation.

An electronic device mounted on a mobile terminal device as one aspect of the present invention includes a communication unit that communicates with an external system via the mobile terminal device, a storage unit that stores an application, and communication with the external system. Roaming information database for storing roaming information, immigration information database for storing immigration data for the user of the electronic device , roaming information stored in the roaming information database, and immigration data stored in the immigration information database And determining means for determining whether or not the application is in an effective state, and control means for activating the application when the determining means determines that the application is in an effective state .

A portable terminal system according to one aspect of the present invention includes a portable terminal device and an electronic device attached to the portable terminal device, wherein the portable terminal device communicates with the electronic device. Means, an external communication means for communicating with an external system in a state in which the electronic device is mounted on the first internal interface, and a roaming information database for storing roaming information indicating a communication state with the external system by the external communication means; An entry information database for storing entry data for the user of the electronic device, the electronic device having a second communication means for communicating with the mobile terminal device, a storage means for storing an application, Roaming information stored in the roaming information database of the portable terminal device and the portable Judgment means for judging whether or not the application is in a valid state based on the entry data stored in the entry information database of the terminal device, and the judgment means has judged that the application is in a valid state A control means for activating the application .

An application control method in an electronic device as an aspect of the present invention is a method in an electronic device connected to a mobile terminal device having a communication function with an external system, and communicates with the external system via the mobile terminal device. The roaming information in communication with the external system is stored in the roaming information database, the departure and entry history data for the user of the electronic device is stored in the immigration information database, and stored in the roaming information database. It is determined whether the application is in a valid state based on whether the combination of the roaming information and the departure and entry history data stored in the immigration information database is valid. When it is determined to be valid If the current state departure stored in the immigration information database, de-activation of the application.

  According to one aspect of the present invention, it is possible to provide an electronic device, a portable terminal system, and an application control method for the electronic device that are mounted on a portable terminal device that can use an appropriate application according to the situation.

The best mode for carrying out the present invention will be described below with reference to the drawings.
FIG. 1 is a diagram showing an outline of a configuration example of a communication system according to an embodiment of the present invention.
The communication system according to the present embodiment is assumed to be realized by a communication service (mobile communication such as voice call and data communication) in a mobile communication system provided by an operator (operator) in each country in a plurality of countries. doing.

  As shown in FIG. 1, mobile communication systems 1A and 1B provided by operators (operators) A and B in each country provide communication services (mobile communication such as voice call and data communication) using a mobile phone 11. is there. Furthermore, the mobile phone 11 is used in a state in which the IC card 10 issued by the operator contracted by each user is attached. That is, in the mobile communication systems 1A and 1B provided by the respective operators, the information is provided to the mobile phone 11 having the IC card 10 issued by the operator contracted by each user.

  In addition, operators in each country provide services that can be used in the mobile phone 11 in other countries in cooperation with operators in other countries. For example, when operator A has a partnership with operator B in another country, a user who has contracted with operator A (a user who has a mobile phone equipped with an IC card issued by operator A) is provided by operator B in another country. Mobile communication using the mobile phone 11 can also be used in the mobile communication system. That is, when the operator B who has contracted with the operator A travels to another country where the mobile communication is provided, the mobile communication system provided by the operator B in the destination country. Roaming by 1B is possible.

  The IC card 10 is, for example, an IC card that is attached to a mobile phone 11 called USIM or SIM. The IC card 10 includes a control element (LSI or the like), various memories (working memory, program memory, rewritable nonvolatile memory, etc.), an interface, and the like. In such an IC card 10, the control element uses the working memory to execute various control programs stored in the program memory or the non-volatile memory, thereby performing various functions executable in the IC card. Realized.

  The IC card 10 has a mutual authentication function with the mobile phone (terminal device) 11, a mutual authentication function with each operator's mobile communication systems 1 </ b> A and 1 </ b> B, or a mutual authentication function with various modules in the mobile phone 11. have. The IC card 10 executes various authentication processes using authentication data by executing an authentication program stored in advance in an internal memory. For example, when the mutual authentication with the mobile communication system 1 (1A, 1B) is successful, the mobile phone 11 to which the IC card 10 is attached is a service provided by the operators A and B (voice call, and Data communication, etc.) can be used.

  Further, a part or all of the nonvolatile memory of the IC card 10 has tamper resistance. The tamper-resistant memory area in the non-volatile memory of the IC card 10 stores authentication data for each business operator, an authentication control program, user personal information, and the like. Thereby, the IC card 10 securely stores authentication information, personal information, and the like for mutual authentication. That is, information such as authentication information and personal information stored in the IC card 10 cannot be easily read or analyzed.

  Each of the mobile communication systems 1 (1A, 1B,...) Includes a communication facility 12 (12A, 12B,...), An operator server 13 (13A, 13B,. . The communication facility 12 is a facility for communicating with the mobile phone 11. The provider server 13 functions as, for example, an OTA (Over The Air) server, an authentication server, a management server, or the like. The OTA server controls communication with the mobile phone 11 via the communication facility 12. The authentication server performs authentication with the mobile phone 11 (an IC card attached to the mobile phone). In addition, the management server manages various data such as information on a mobile phone or a user contracted with the business operator.

  The provider server 13 has a control unit for controlling the entire apparatus, a communication interface for communicating with the communication facility 12 or each server, a storage unit for storing data, and the like. Further, the provider server 13 manages data (authentication data) related to the mobile phone 11 or the IC card 10 attached to the mobile phone 11.

  The mobile communication systems 1A and 1B are connected via a wide area network, for example. The wide area network also enables communication between the operator server 13A and the operator 13B between a plurality of countries. As a result, data communication is possible between operators in a tie-up relationship, and mobile communication services can be provided by operators in other countries that are partners. Further, a service provider system is also connected to the network to which the circumstance server 13A, 13B is connected. Thereby, the above-mentioned circumstance server 13A, 13B can also receive information from the service provider via the network. As a result, based on information from the service provider, the IC card 10 in the mobile phone 11 is requested to write information, or a specific application is activated (activated) or deactivated (deactivated). ) Can be requested.

Next, the configuration of the mobile phone 11 will be described.
FIG. 2 is a block diagram illustrating a configuration example of the mobile phone 11.
As shown in FIG. 2, the mobile phone 11 includes a control unit 31, a RAM 32, a ROM 33, a nonvolatile memory 34, an IC card interface (also referred to as a first interface) 35, and a memory card interface (also referred to as a second interface). ) 36, an antenna 37, a communication unit 38, an audio unit 39, a vibration unit 40, a display unit 41, an operation unit 42, a power supply unit 43, and the like.

  The control unit 31 controls the entire mobile phone 11. The control unit 31 includes a CPU, an internal memory, various interfaces, and the like. The control unit 31 has, as its basic functions, a display control function for controlling the display of the display unit 41, a PLL (Phase Locked Loop) circuit, a data stream path switching, a DMA (Direct Memory Access) controller, an interrupt controller, It has functions such as timer, UART (Universal Asynchronous Receiver Transmitter), secrecy, HDLC (High-level Data Link Control procedure) framing, device controller, and the like.

  The RAM 32 is a volatile memory for storing work data. The ROM 33 is a non-volatile memory that stores control programs, control data, and the like. The ROM 33 is a nonvolatile memory. For example, the ROM 33 stores a control program and control data for performing basic control of the mobile phone 11 in advance. That is, the control unit 31 realizes control of the mobile phone 11 by executing a control program stored in the ROM 33.

  The nonvolatile memory 34 is a rewritable nonvolatile memory that stores various data. The nonvolatile memory 34 stores various application programs (applications), control data, user data, and the like. For example, the control unit 31 realizes various functions by executing application programs stored in the nonvolatile memory 34.

The first interface 35 is an interface to which the IC card 10 is attached. The first interface 35 is connected to the control unit 31. Thus, the control unit 31 can perform data communication with the IC card 10 via the first interface 35. Further, the IC card 10 connected to the first interface 35 can communicate with the outside via an antenna provided in the mobile phone 11.
The second interface 36 is an interface to which the memory card M can be attached and detached. The second interface 36 is connected to the control unit 31. Accordingly, the control unit 31 can access (write or read data) the memory card M mounted on the second interface 36.

  A communication antenna 37 is connected to the communication unit 38. The communication unit 38 transmits and receives call data or data for data communication via the antenna 37 by radio waves. The audio unit 39 has an analog front end unit and an audio unit, and inputs and outputs audio. The audio unit 39 is connected to a speaker, a receiver, a microphone, and the like (not shown). The vibration unit 40 is configured by a vibration mechanism that vibrates the entire mobile phone 11. The display unit 41 is configured by, for example, a liquid crystal display device. The display unit 41 is configured to control display on / off, display contents, and the like by the control unit 31. When the mobile phone 11 has a shell shape or the like, the display unit 41 includes a main display unit that appears when the housing is opened and a sub display unit provided on the back of the housing. You may make it. The operation unit 42 is configured by a keyboard or the like, and an operation instruction from the user is input.

  The power supply unit 43 is constituted by, for example, a rechargeable battery. The power supply unit 43 supplies power to each unit in the mobile phone 11. The power supply unit 43 also has a function of supplying power to the IC card 10 connected via the first interface 35 and the memory card M connected via the second interface 36.

Next, the configuration of the IC card 10 as an electronic device mounted on the mobile phone 11 as the mobile terminal device as described above will be described.
The IC card 10 is configured to be detachable from the mobile phone 11 as the mobile terminal device as described above. The IC card 10 satisfies, for example, the ISO / IEC7816 specification as a basic specification.
FIG. 3 is a block diagram showing a hardware configuration example of the IC card 10. As shown in FIG. 3, the IC card 10 includes a CPU 51, a ROM 52, a RAM 53, a nonvolatile memory 54, an interface 55, and the like.

  The CPU 51 controls the entire IC card. The CPU 51 realizes various functions by executing various processes based on programs recorded in the ROM 52 or the nonvolatile memory 54. The ROM 52 stores a control program and control data for realizing basic operations of the IC card 10. The RAM 53 functions as a working memory that temporarily stores data.

  The non-volatile memory 54 is composed of, for example, an EEPROM or a flash ROM. The nonvolatile memory 54 stores various types of authentication data, user data, application programs, and the like. The nonvolatile memory 54 also stores data downloaded from an external server. Further, a part or all of the non-volatile memory 54 has tamper resistance. As a result, the nonvolatile memory 54 can store data securely. The interface 55 is a unit for communicating with the mobile phone 11.

Next, functions realized by the IC card 10 will be schematically described.
FIG. 4 is a diagram conceptually showing functions of the IC card 10 and information stored in the IC card 10.
As shown in FIG. 4, the IC card 10 has a validity confirmation function (legitimacy confirmation unit) 61 and an application control function (application control unit) 62. The validity confirmation function 61 and the application control function 62 are functions realized by the CPU 51 executing a program stored in the ROM 52 or the nonvolatile memory 54.

As shown in FIG. 4, the non-volatile memory 54 of the IC card 10 stores a roaming information database 63, an immigration information database 64, and an ID application (IDAP) 65.
The roaming information database 63 stores roaming information 63a, 63b,... Acquired by the IC card 10 as history data every time roaming processing with the communication system 1 is performed. Each roaming information is information indicating a mutual authentication result with the communication system or a connection location with the communication system.
The entry / exit information database 64 stores entry / exit history data such as entry data or entry data 64a, 64b,... Obtained by the IC card 10 every time a user enters / exits.
The roaming process and the immigration information acquisition process will be described in detail later.

The ID application 65 is an application for using information (ID information) recorded on an ID medium such as a passport of the user who owns the IC card 10. The ID application 65 is installed in the IC card 10 when an ID medium is issued, for example. The process of installing the ID application 65 on the IC card 10 will be described in detail later.
The ID application 65 installed in the IC card 10 is activated or deactivated by the control by the application control function 62 according to the result of the validity confirmation by the validity confirmation function 61.

  The validity confirmation function 61 confirms whether or not the ID application 65 is a valid execution environment. For example, the validity checking function 61 includes an issuing country certificate (described later) given to the ID application 65, roaming information 63a, 63b,... Stored in the roaming information database 63, and the immigration information database 64. It is determined whether or not the ID application is a valid execution environment based on the immigration information 64a, 64b,.

  The application control function 62 activates or deactivates the ID application 65. For example, in a situation where the ID application 65 is to be activated, when the validity confirmation function 61 confirms the validity, the application control function 62 activates the ID application 65. In a situation where the ID application 65 is to be deactivated, when the validity confirmation function 61 confirms the validity, the application control function 62 deactivates the ID application 65.

  The roaming information database 63 and the immigration information database 64 may be stored in a storage unit on the mobile phone 11 side. For example, the roaming information database 63 and the immigration information database 64 may be provided in the nonvolatile memory 34 in the mobile phone 11. In this case, the IC card 10 may access the roaming information database 63 or the immigration information database 64 in the mobile phone 11 as necessary. According to such a form, it is possible to save the memory capacity in the IC card 10 for storing roaming information or immigration data.

Next, a mode for the IC card 10 mounted on the mobile phone 11 to use the ID application 65 will be described.
FIG. 5 is a diagram for explaining the flow of processing for installing the ID application 65 in the IC card 10 attached to the mobile phone 11.
The process of issuing the ID application 65 is executed by the IC card 10 mounted on the portable terminal 11, the communication system 1A of the operator A, the ID management system 72 (72A) provided by the service provider, and the ID medium 71.

The ID medium (for example, ID booklet or ID card) 71 is a certificate for personal authentication issued by a specific organization such as a country or a public organization. For example, the ID medium 71 is composed of a storage medium with a built-in IC chip. As the ID medium 71, a passport or a driver's license is assumed. Here, the description will be mainly made on the assumption that the ID medium is a passport.
The service provider is an issuer of the ID medium 71. The service provider issues the ID medium 71 and manages the ID medium 71. That is, the ID management system 72 (72A, 72B) provided by the service provider is a system for issuing and managing the ID medium 71 operated by a specific organization such as a country or a public organization.

  First, the IC card 10 attached to the mobile phone 11 performs a roaming process with the communication system 1A of the operator A (step S10). The roaming process is a process for enabling mobile communication between the mobile phone 11 on which the IC card 10 is mounted and the mobile communication system 1 (for example, the communication system 1A of the operator A). For example, in the roaming process, mutual authentication with the communication system based on the contract contents of the user is performed. The roaming process is executed, for example, when the mobile phone 11 is turned on.

  The IC card 10 attached to the mobile phone 11 stores the roaming information X1 (63a) acquired from the mobile communication system 1A via the mobile phone 11 in the roaming process in the nonvolatile memory 54. In the configuration example as shown in FIG. 4, the roaming information X1 (63a) is held in the roaming information database 63 provided in the nonvolatile memory 54. The roaming information X1 (63a) is information necessary for the mobile phone 11 on which the IC card 10 is mounted to perform mobile communication with the communication system 1A, for example. The roaming information X1 (63a) is information including a mutual authentication result between the IC card 10 and the mobile communication system 1A (operator A) or information indicating a place where the connection is established.

  Here, it is assumed that the owner (user) of the IC card 10 holding the roaming information X1 (63a) has applied for the issuance of a passport as the ID medium 71 to the service provider. In this case, the service provider performs an examination to determine whether or not the ID medium can be issued to the user. If the examination is passed, the service provider performs the process of issuing the ID medium 71 for the user by the ID management system 72 (72A) (step S11). Here, it is assumed that the ID management system 72A for the issuing country provides the operator A with the entry / exit data for the user of the operator A.

In the issuing process of the ID medium 71, the ID management system 72A performs a registration process for registering the user information. When the user information is registered, the ID management system 72A creates issuance data to be written in the storage medium as the ID medium 71. When the issuance data is created, the ID management system 72A performs processing for installing the issuance data and a predetermined application (ID application for the ID medium) 81 in a storage medium as the ID medium 71. Here, a passport is assumed as the ID medium 71. For this reason, the ID management system 72A performs a process of writing the issuing country certificate 82 in the ID medium 71 in addition to the issuing data and the application 81.
By the ID medium issuance process as described above, the ID application 81 for the ID medium is installed, and the ID medium 71 in which the issuing country certificate 82 is written is issued.

  The ID application 81 for the ID medium may be installed in advance on a storage medium issued as the ID medium 71. In this case, the installation process of the ID medium application 81 can be omitted. When the ID application 81 for the ID medium is installed in the storage medium in advance, the ID management system 72 of the service provider writes the issuance data and the issuing country certificate 82 in the ID medium 71 in the ID medium issuance process. Process.

  When the process for issuing the ID medium 71 as described above is completed, the ID management system 72A issues an ID medium issue notification indicating that the ID medium 71 has been issued to the server 13A in the communication system 1A of the operator A. This issuance notification includes information regarding the issued ID medium 71 such as information indicating a user who has issued the ID medium 71. Such an ID medium issuance notification to the operator A may be performed in response to an application from the user.

  Upon receiving an ID medium issuance notification from the ID management system 72A, the server 13A of the mobile communication system 1A issues an ID application (hereinafter also referred to as IDAP) 65 to the IC card 10 possessed by the user of the ID medium 71. (Installation processing) is performed (step S13). In the IDAP 65 issuing process, the server 13A downloads the data of the ID application 65 to the IC card 10 via the mobile communication system 1A and the mobile phone 11, and further issues the ID country that issues the ID medium issuing country. Have the certificate written.

  That is, the server 13A specifies the user from the ID medium issue notification, and distributes the data of the ID application 65 to the specified user's IC card 10. On the other hand, the IC card 10 receives the data of the ID application 65 via the mobile communication system 1A and the mobile phone 11. When the downloading of the data of the ID application 65 is completed, the IC card 10 installs the ID application 65. Further, the server 13A distributes the data of the issuing country certificate 66 to the IC card 10 in which the ID application 65 is installed. When the data of the issuing country certificate 66 is received, the IC card 10 holds the ID application 65 and the issuing country certificate 66 in the nonvolatile memory 54.

  As will be described later, the ID application 65 installed in the IC card 10 is activated when the validity is confirmed in a state where the mobile phone 11 can receive a service from the application. For example, in this embodiment, a passport is assumed as the ID medium 71. For this reason, the ID application 65 is activated or deactivated according to the state of immigration or immigration of the user.

  The validity confirmation function 61 confirms the validity of whether or not the ID application 65 is in a valid state. For example, the validity confirmation function 61 confirms the validity based on roaming information, entry / exit information, and IDAP issuing country certificate. That is, the validity checking function 61 determines whether the information stored in the roaming information database 63, the information stored in the immigration information database 64, and the issuing country certificate 66 of the IDAP 65 match. Judging. For example, if it is assumed that the user exists in the issuing country when the ID medium 71 is issued, there is no entry / exit information in the entry / exit information database 63 in the IC card 10 in the state shown in FIG. Therefore, the validity confirmation function 61 confirms the validity based on the roaming information X1 and the issuing country certificate 66 (step S15). That is, the validity checking function 61 checks whether the roaming country and the issuing country of the IDAP 65 are both the issuing country of the ID medium 71 based on the roaming information X1 and the issuing country certificate 66. .

  When the validity cannot be confirmed by the validity confirmation function 61 (step S16, NO), the application control function 62 notifies the server 13A of the operator A that the validity for executing the IDAP 65 cannot be confirmed. (Step S17). In this case, the ID application 65 is not activated because it is determined to be in an invalid state. In this case, the IC card 10 is in a state where the service by the ID application 65 cannot be received.

  When the validity can be confirmed by the validity confirmation function 61 (step S16, YES), the application control function 62 activates the ID application 65 (step S18). When the activation of the ID application 65 is completed, the application control function 62 notifies the server 13A of the operator A that the activation of the IDAP 65 has been successful (step S19). Thereby, in the IC card 10, the ID application 65 can be executed, and various services provided using the ID application 65 can be used (step S21).

  Further, the server 13A that has received the information related to the activation of the IDAP 65 from the IC card 10 performs a process of notifying the service provider of the status of the ID application 65 in the IC card 10 (step S20). That is, when receiving a notification that the validity is NG from the IC card 10, the server 13A notifies the service provider that the ID application 65 in the IC card 10 is invalid. In addition, when the notification that the activation of IDAP 65 is successful is received from the IC card 10, the server 13A informs the service provider that the activation of IDAP 65 in the IC card 10 has succeeded (or by IDAP 65). Notification that service is being provided).

  In response to the status notification from the operator A, the ID management system 72A of the service provider uses the IDAP 65 in the IC card 10 of each user in the database 72a that manages information related to each user who issued the ID medium 71. Information indicating the situation is stored. For example, when a notification that the IDAP 65 in the IC card 10 is in an invalid state is received from the server 13A, the service provider database 72a indicates that the IDAP 65 in the IC card 10 is in an unusable state. Information is stored. Further, when the notification that the activation of the IDAP 65 in the IC card 10 is successful is received from the server 13A, the service provider database 72a indicates that the IDAP 65 in the IC card 10 is available. Information to be stored is stored.

  The above processing is an example of processing when the ID medium 71 is issued. According to the above process, when the ID medium 71 is issued, the IDAP 65 can be installed in the IC card 10 mounted in the user's mobile phone 11. Further, the IC card 10 confirms validity based on the consistency of information such as roaming information, immigration information and IDAP 65 issuing country information, and activates or deactivates the IDAP 65 if the validity is confirmed. As a result, the IDAP 65 installation process associated with the issuance of the ID medium 71 can be easily and reliably performed on the IC card 10. Further, the IC card 10 can activate the IDAP 65 in accordance with the confirmation of validity, and can provide a service using the IDAP 65 with high convenience and security.

Next, the flow of processing in the IC card 10 when the user leaves the country from which the ID medium 71 is issued will be described.
FIG. 6 is a diagram for explaining a processing flow when the user who owns the IC card 10 in which the IDAP 65 is installed leaves the IDAP 65 issuing country.
Here, roaming between the operator A in the issuing country and the IC card 10 has been completed, and the roaming information X1 (63a) as described above is written in the nonvolatile memory 54 in the IC card 10. It shall be. In this state, it is assumed that the user of the IC card 10 leaves the issuing country.

  In this case, the user receives an immigration examination from the issuing country by the immigration office of the issuing country as a service provider. When the departure examination is passed, the service provider performs departure processing for writing departure information indicating departure from the issuing country in the passport as the ID medium 71 of the user by the ID management system 72A (step S30). According to this departure processing, departure information from the issuing country is written in the ID medium 71 of the user. When such departure processing is completed, the ID management system 72A of the service provider sends departure data relating to the user (information indicating that the user leaves the issuing country) to the operator server 13A of the operator A. Notification is made (step S31).

  When departure data relating to a specific user is received from the service provider, the operator server 13A of the operator A requests the IC card 10 owned by the user to write departure data. For example, the operator server 13A specifies the user's IC card 10 or the mobile phone 11 on which the IC card 10 is mounted by searching the user information database (not shown) for the departure data received from the service provider. To do. When the IC card 10 or the mobile phone 11 on which the IC card 10 is mounted is specified, the operator server 13A requests the user to write departure data to the IC card 10 using mobile communication using the communication facility 12A or the like. To do.

When receiving the write request for the departure data 64a from the provider server 13A, the IC card 10 in the mobile phone 11 writes the received departure data 64a into the departure / arrival information database 64 in the nonvolatile memory 54 (step S32). .
When the departure data 64a is written in the immigration information database 64, the CPU 51 of the IC card 10 confirms the validity by the validity confirmation function 61 (step S33). That is, the validity confirmation function 61 determines whether the roaming information, the immigration information, and the IDAP issuing country certificate held by the IC card 10 are consistent. For example, here, the IC card 10 holds roaming information X1 (63a), departure data 64a, and issuing country certificate 66. In this case, since each data matches the conditions for leaving the issuing country, the validity confirmation function 61 determines that the data is valid.

  When the validity cannot be confirmed by the validity confirmation function 61 (step S34, NO), the application control function 62 cannot confirm the validity as the usage environment of the IDAP 65, and performs error processing for the IDAP 65 (step S34). S35). In this error processing, for example, processing for disabling the IDAP 65 is performed. In the error process, the operator A server 13A is notified that the validity cannot be confirmed (or information indicating invalid data).

  When the validity can be confirmed by the validity confirmation function 61 (step S34, YES), the application control function 62 deactivates the ID application 65 (step S36). This deactivation is a process for temporarily suspending or normally ending the ID application 65. When the deactivation of the ID application 65 is completed, the application control function 62 notifies the server 13A of the operator A that the deactivation of the IDAP 65 has been successful (step S37). As a result, in the IC card 10, the ID application 65 is suspended (step S39).

  Further, the server 13A that has received the information related to the deactivation of the IDAP 65 from the IC card 10 performs a process of notifying the service provider of the status of the ID application 65 in the IC card 10 (step S38). That is, when receiving a notification that the validity is NG from the IC card 10, the server 13A notifies the service provider that the ID application 65 in the IC card 10 is invalid. When the server 13A receives a notification from the IC card 10 that the deactivation of the IDAP 65 is successful, the server 13A informs the service provider that the deactivation of the IDAP 65 in the IC card 10 is successful (or That the service by IDAP 65 is being suspended).

  In response to the status notification from the operator A, the ID management system 72A of the service provider writes information indicating the usage status of the IDAP 65 in the user's IC card 10 in the database 72a. For example, when a notification that the IDAP 65 in the IC card 10 is in an invalid state is received from the server 13A, the service provider database 72a indicates that the IDAP 65 in the IC card 10 is in a use-prohibited state. Information is stored. Further, when the notification that the deactivation of the IDAP 65 in the IC card 10 is successful is received from the server 13A, the IDAP 65 in the IC card 10 is temporarily stopped in the service provider database 72a. Information indicating this is stored.

  The above processing is a processing example when the user of the IC card 10 leaves the issuing country. According to the above processing, the departure data is written to the IC card 10 mounted in the mobile phone 11 of the user carrying the ID medium 71 when leaving the issuing country, and the service by the IDAP 65 is provided. Temporarily stopped. Thereby, in the said IC card 10, the deactivation of IDAP65 can be set easily and reliably according to the said user's departure.

Next, a processing flow in the IC card 10 when the user enters a destination country other than the issuing country will be described.
FIG. 7 is a diagram for explaining a processing flow when a user who owns the IC card 10 in which the IDAP 65 is installed enters the destination country.
Here, when the user turns on the mobile phone 11 after arriving in the destination country, the IC card 10 roams with the mobile communication system of the operator capable of mobile communication. Here, it is assumed that the operator A is in an affiliated relationship with the operator B, and the user who has contracted with the operator A can receive the communication service by the mobile communication system 1B of the operator B. Further, it is assumed that the user's travel destination is a country in which operator B provides a communication service.

  That is, when a user having an IC card 10 contracted with an operator A in the country where the ID medium 71 is issued (that is, his / her own country) enters the destination country (that is, a foreign country), the IC card 10 is an operator as a communicable operator. A roaming process with the B mobile communication system 1B is performed. In this roaming process, the operator server 13B of the operator B communicates with the operator server 13A of the operator A to perform user authentication and the like. When such a roaming process is successful, the roaming information database 63 in the nonvolatile memory 54 of the IC card 10 stores the roaming information Y1 (63b) that enables mobile communication with the operator B.

  On the other hand, when entering the travel country, the user uses the passport as the ID medium 71 to undergo an immigration examination by the immigration authority of the travel country. In this case, it is assumed that the immigration bureau of the travel country operates the management system 72B as a service provider. The management system 72B has the same configuration as the management system 72A, and is supposed to provide entry / exit data to the operator B. When the immigration by the immigration office (service provider) of the travel country passes the service provider, the ID management system 72B provides the immigration information indicating entry into the travel country in the passport as the ID medium 71 of the user. The entry process for writing is performed (step S40). According to this entry process, entry information for the destination country is written in the ID medium 71 of the user. When such entry processing is completed, the ID management system 72B of the service provider sends the entry data relating to the user (information indicating that the user enters the travel country) to the operator server 13B of the operator B. Notification is made (step S41).

  When the entry data relating to a specific user is received from the service provider, the operator server 13B of the operator B, if roaming with the IC card 10 owned by the user has been completed, Requesting the entry data 64b. When receiving the write request for the entry data 64b from the provider server 13B, the IC card 10 in the mobile phone 11 writes the received entry data 64b in the entry / exit information database 64 in the nonvolatile memory 54 (step S42). .

  When the entry data 64b is written in the entry / exit information database 64, the CPU 51 of the IC card 10 confirms the validity by the validity confirmation function 61 (step S43). That is, the validity confirmation function 61 determines the validity based on whether or not the roaming information, the entry / exit information, and the IDAP issuing country certificate held by the IC card 10 are consistent. For example, here, the IC card 10 holds roaming information X1 (63a), roaming information Y1 (63b), departure data 64a, entry data 64b, and IDAP issuing country certificate 66. In this case, since each data matches the conditions for entering the destination country from the issuing country, the validity confirmation function 61 determines that the data is valid.

  When the validity cannot be confirmed by the validity confirmation function 61 (step S44, NO), the application control function 62 notifies the server 13B of the operator B that the validity for executing the IDAP 65 cannot be confirmed. (Step S45). In this case, the ID application 65 is determined to be invalid and is not activated. As a result, the IC card 10 is in a state where the service by the ID application 65 is not received.

  When the validity can be confirmed by the validity confirmation function 61 (step S44, YES), the application control function 62 activates the ID application 65 (step S46). When the activation of the ID application 65 is completed, the application control function 62 notifies the server 13B of the operator B that the activation of the IDAP 65 has been successful (step S47). As a result, in the IC card 10, the ID application 65 can be executed, and various services provided using the ID application 65 can be used (step S49).

  Further, the server 13B that has received the information related to the activation of the IDAP 65 from the IC card 10 performs a process of notifying the service provider of the status of the ID application 65 in the IC card 10 (step S48). That is, when receiving a notification that the validity is NG from the IC card 10, the server 13B notifies the service provider that the ID application 65 in the IC card 10 is invalid. In addition, when the notification that the activation of IDAP 65 is successful is received from the IC card 10, the server 13A informs the service provider that the activation of IDAP 65 in the IC card 10 has succeeded (or by IDAP 65). Notification that service is being provided).

  In response to the status notification from the operator A, the ID management system 72B of the service provider stores information indicating the usage status of the IDAP 65 in the IC card 10 in the database 72a managed by the ID management system 72A. To do. In this case, it is assumed that the ID management system 72A and the ID management system 72B can communicate with each other. However, information indicating the usage status of the IDAP 65 in the IC card 10 may be stored in a database managed by the ID management system 72B of the service provider.

  The above processing is a processing example when the user of the IC card 10 enters the destination country. According to the processing as described above, the entry data is written to the IC card 10 mounted in the mobile phone 11 of the user having the ID medium 71 when entering the travel country, and roaming information and entry / exit data. And the legitimacy by the information such as the IDAP 65 issuing country is confirmed. When the validity is confirmed, the IDAP 65 is activated and the service by the IDAP 65 can be received. As described above, in the IC card 10, when the user enters the destination country, the IDAP 65 can be easily and reliably activated based on the roaming information or the like.

Next, the flow of processing in the IC card 10 when the user leaves the destination country other than the issuing country will be described.
FIG. 8 is a diagram for explaining a processing flow when the user who owns the IC card 10 in which the IDAP 65 is installed leaves the country of the destination country.
Here, roaming between the operator B in the destination country and the IC card 10 has been completed, and the above-described roaming information Y1 (63b) is written in the nonvolatile memory 54 in the IC card 10. It shall be included. In this state, it is assumed that the user of the IC card 10 leaves the country of the destination.

  In this case, the user receives an immigration examination from the destination country by the immigration office of the destination country as a service provider. When the departure examination is passed, the service provider performs departure processing for writing departure information indicating departure from the destination country in the passport as the ID medium 71 of the user by the ID management system 72B (step S50). ). According to this departure processing, departure information from the destination country is written in the ID medium 71 of the user. When such departure processing is completed, the ID management system 72B of the service provider sends departure data relating to the user (information indicating that the user leaves the destination country) to the operator server 13B of the operator B. ) Is notified (step S51).

When the departure data relating to a specific user is received from the service provider, the operator server 13B of the operator B requests the IC card 10 owned by the user to write the departure data 64c. When receiving the write request for the departure data 64c from the provider server 13B, the IC card 10 in the mobile phone 11 writes the received departure data 64c in the departure / arrival information database 64 in the nonvolatile memory 54 (step S52). .
When the departure data 64c is written in the entry / exit information database 64, the CPU 51 of the IC card 10 confirms the validity using the validity confirmation function 61 (step S53). Here, the IC card 10 holds roaming information X1 (63a), roaming information Y1 (63b), departure data 64a, entry data 64b, departure data 64c, and IDAP issuing country certificate 66. In this case, since each data coincides with the condition of leaving from the destination country, the validity confirmation function 61 determines that there is validity.

  When the validity cannot be confirmed by the validity confirmation function 61 (step S54, NO), the application control function 62 performs error processing for the IDAP 65 because the validity cannot be confirmed as the usage environment of the IDAP 65 (step S55). ). In this error processing, for example, processing for prohibiting the use of IDAP 65 is performed. Further, in the error processing, the server 13B of the operator B is notified that the validity cannot be confirmed (or information indicating invalid data).

  When the validity can be confirmed by the validity confirmation function 61 (step S54, YES), the application control function 62 deactivates the ID application 65 (step S56). This deactivation is a process for temporarily suspending or normally ending the ID application 65. When the deactivation of the ID application 65 is completed, the application control function 62 notifies the server 13B of the operator B that the deactivation of the IDAP 65 has been successful (step S57). Thereby, in the IC card 10, the ID application 65 is suspended (step S59).

In addition, the server 13B that has received the information regarding the deactivation of the IDAP 65 from the IC card 10 performs a process of notifying the service provider of the status of the ID application 65 in the IC card 10 (step S58).
In response to the status notification from the operator A, the ID management system 72B of the service provider writes information indicating the usage status of the IDAP 65 in the IC card 10 in the database 72a managed by the ID management system 72A. . However, information indicating the usage status of the IDAP 65 in the IC card 10 may be stored in a database managed by the ID management system 72B of the service provider.

  The above processing is a processing example in the case where the user of the IC card 10 leaves the destination country. According to the processing as described above, the departure data is written to the IC card 10 mounted in the mobile phone 11 of the user carrying the ID medium 71 when leaving the destination country, and the service provided by the IDAP 65 Is temporarily stopped. Thereby, in the said IC card 10, the deactivation of IDAP65 can be set easily and reliably according to the departure from the destination of the said user.

Next, a process flow in the IC card 10 when the user enters (returns to) the issuing country will be described.
FIG. 9 is a diagram for explaining a processing flow when the user who owns the IC card 10 in which the IDAP 65 is installed reenters the issue country (that is, returns) from the destination country.
Here, when the user who has returned from the destination country to the issuing country turns on the power of the mobile phone 11, the IC card 10 roams with the mobile communication system of the operator A as an operator capable of mobile communication. When such a roaming process is successful, the roaming information database 63 in the non-volatile memory 54 of the IC card 10 stores the roaming information X2 (allowing communication service in the mobile communication system 1A provided by the operator A ( 63c) is stored.

  On the other hand, when re-entering the issuing country, the user uses the passport as the ID medium 71 to undergo immigration by the immigration authority of the issuing country. When the immigration by the immigration authority (service provider) of the issuing country has passed, the service provider uses the ID management system 72A to enter immigration information indicating entry into the issuing country in the passport as the ID medium 71 of the user. Is entered (step S60). According to this entry processing, entry information for the issuing country is written in the ID medium 71 of the user. When such entry processing is completed, the ID management system 72A of the service provider sends entry data relating to the user (information indicating that the user enters the issuing country) to the operator server 13A of the operator A. Notification is made (step S61).

  When the entry data relating to a specific user is received from the service provider, the operator server 13A of the operator A, if roaming with the IC card 10 owned by the user has been completed, Requesting the entry data 64d. When receiving the write request for the entry data 64d from the provider server 13A, the IC card 10 in the mobile phone 11 writes the received entry data 64d in the entry / exit information database 64 in the nonvolatile memory 54 (step S62). .

  When the entry data 64d is written in the entry / exit information database 64, the CPU 51 of the IC card 10 confirms the validity by the validity confirmation function 61 (step S63). That is, the validity confirmation function 61 determines whether the roaming information, the immigration information, and the IDAP issuing country certificate held by the IC card 10 are consistent. For example, here, the IC card 10 issues roaming information X1 (63a), roaming information Y1 (63b), roaming information X2 (63c), departure data 64a, entry data 64b, departure data 64c, entry data 64d and IDAP. A national certificate 66 is held. In this case, since each data matches the conditions for re-entering the issuing country, the validity confirmation function 61 determines that the data is valid.

  When the validity cannot be confirmed by the validity confirmation function 61 (step S64, NO), the application control function 62 notifies the server 13A of the operator A that the validity for executing the IDAP 65 cannot be confirmed. (Step S65). In this case, the ID application 65 is determined to be invalid and is not activated. As a result, the IC card 10 is in a state where the service by the ID application 65 is not received.

  When the validity can be confirmed by the validity confirmation function 61 (step S64, YES), the application control function 62 activates the ID application 65 (step S66). When the activation of the ID application 65 is completed, the application control function 62 notifies the server 13A of the operator A that the activation of the IDAP 65 has been successful (step S67). Thereby, in the IC card 10, the ID application 65 can be executed, and various services provided using the ID application 65 can be used (step S69).

Further, the server 13A that has received the information related to the activation of the IDAP 65 from the IC card 10 performs a process of notifying the service provider of the status of the ID application 65 in the IC card 10 (step S68).
In response to the status notification from the operator A, the ID management system 72A of the service provider stores information indicating the usage status of the IDAP 65 in the IC card 10 in the database 72a.

  The above processing is a processing example when the user of the IC card 10 re-enters the issuing country. According to the processing as described above, the entry data is written in the IC card 10 mounted in the mobile phone 11 of the user who owns the ID medium 71 at the time of re-entry into the issuing country, and roig information The legitimacy is confirmed by information such as the immigration data and the IDAP 65 issuing country. When the validity can be confirmed, the IDAP 65 is activated and a service by the IDAP 65 can be received. As described above, in the IC card 10, when the user enters the destination country, the IDAP 65 can be easily and reliably activated based on the roaming information or the like.

The figure which shows the outline | summary of the structural example of the communication system which concerns on embodiment of this invention. The block diagram which shows the structural example of a mobile telephone. The block diagram which shows the hardware structural example of an IC card. The figure which shows notionally the structural example for implement | achieving the various functions of an IC card. It is a figure for demonstrating the flow of the process for installing ID application in an IC card. It is a figure for demonstrating the flow of a process when the user who owns an IC card leaves from the issuing country of ID application. It is a figure for demonstrating the flow of a process in case the user who owns an IC card enters the country of a destination. It is a figure for demonstrating the flow of a process when the user who owns an IC card leaves a country from a destination country. It is a figure for demonstrating the flow of a process in case the user who owns an IC card re-enters the ID application issue country.

Explanation of symbols

  A, B ... Operator (operator), 1 (1A, 1B) ... Communication system, 10 ... IC card (electronic device), 11 ... Mobile phone (mobile terminal device), 12 (12A, 12B) ... Communication equipment, 13 (13A, 13B) ... business server, 31 ... control unit, 34 ... non-volatile memory, 35 ... interface, 37 ... antenna, 38 ... communication unit, 41 ... display unit, 42 ... operation unit, 43 ... power supply unit, 61 Validity checking function 62 Application control function 63 Roaming information database 64 Immigration information database 65 ID application (IDAP) 66 Issuing country certificate 71 ID medium 72A 72B ID management system.

Claims (12)

A communication means for communicating with an external system via a portable terminal device;
Storage means for storing the application;
A roaming information database for storing roaming information in communication with the external system;
An entry information database for storing entry data for the user of the electronic device;
Determining means for determining whether or not the application is valid based on roaming information stored in the roaming information database and immigration data stored in the immigration information database ;
Control means for activating the application when the determining means determines that the application is in a valid state ;
An electronic device to be attached to a portable terminal device. A communication means for communicating with an external system via a portable terminal device;
Storage means for storing the application;
A roaming information database for storing roaming information in communication with the external system;
Departure information database storing departure data for users of the electronic device ;
Determining means for determining whether or not the application is valid based on roaming information stored in the roaming information database and departure data stored in the departure information database ;
Control means for deactivating the application when the determining means determines that the application is in a valid state ;
An electronic device to be attached to a portable terminal device. A communication means for communicating with an external system via a portable terminal device;
Storage means for storing the application;
A roaming information database for storing roaming information in communication with the external system;
Immigration information database for storing the departure and entry history data for the user of the electronic device ,
The determination means determines whether the application is valid depending on whether the combination of roaming information stored in the roaming information database and departure / entry history data stored in the immigration information database is valid. A determination means for determining whether there is,
If it is determined by the determination means that the application is in a valid state, if the current state stored in the immigration information database is entry, control means for activating the application ;
An electronic device to be attached to a portable terminal device. A communication means for communicating with an external system via a portable terminal device;
Storage means for storing the application;
A roaming information database for storing roaming information in communication with the external system;
Immigration information database for storing the departure and entry history data for the user of the electronic device ,
Whether the application is in a valid state depending on whether the combination of the roaming information stored in the roaming information database and the departure and entry history data stored in the immigration information database is valid. A judging means for judging;
If the determination means determines that the application is in a valid state, if the current state stored in the immigration information database is departure, the control means for deactivating the application ;
An electronic device to be attached to a portable terminal device. In a mobile terminal system having a mobile terminal device and an electronic device mounted on the mobile terminal device,
The portable terminal device is:
First communication means for communicating with the electronic device;
External communication means for communicating with an external system in a state where the electronic device is mounted on the first internal interface;
A roaming information database for storing roaming information indicating a communication state with an external system by the external communication means;
An entry information database for storing entry data for the user of the electronic device ,
The electronic device is
A second communication means for communicating with the portable terminal device;
Storage means for storing the application;
It is determined whether or not the application is valid based on roaming information stored in the roaming information database of the mobile terminal device and entry data stored in the entry information database of the mobile terminal device. A means to determine,
Control means for activating the application when the determination means determines that the application is in a valid state ;
Mobile terminal system. The portable terminal device is:
First communication means for communicating with the electronic device;
External communication means for communicating with an external system in a state where the electronic device is mounted on the first internal interface;
A roaming information database for storing roaming information indicating a communication state with an external system by the external communication means;
A departure information database for storing departure data for the user of the electronic device ,
The electronic device is
A second communication means for communicating with the portable terminal device;
Storage means for storing the application;
Determining whether the application is a valid state based on the departure data stored in said departure information database of the mobile terminal device the roaming information roaming information and the mobile terminal device stored in the database Judgment means,
Control means for deactivating the application when the determining means determines that the application is in a valid state .
Mobile terminal system. The portable terminal device is:
First communication means for communicating with the electronic device;
External communication means for communicating with an external system in a state where the electronic device is mounted on the first internal interface;
A roaming information database for storing roaming information indicating a communication state with an external system by the external communication means;
An entry / exit information database that stores departure and entry history data for the user of the electronic device , and
The electronic device is
A second communication means for communicating with the portable terminal device;
Storage means for storing the application;
The application depends on whether a combination of roaming information stored in the roaming information database of the mobile terminal device and departure / entry history data stored in the immigration information database of the mobile terminal device is valid. Determining means for determining whether or not is in a valid state ;
Control means for activating the application if the current state stored in the immigration information database is immigration when the determining means determines that the application is in a valid state ;
Mobile terminal system. The portable terminal device is:
First communication means for communicating with the electronic device;
External communication means for communicating with an external system in a state where the electronic device is mounted on the first internal interface;
A roaming information database for storing roaming information indicating a communication state with an external system by the external communication means;
An entry / exit information database that stores departure and entry history data for the user of the electronic device , and
The electronic device is
A second communication means for communicating with the portable terminal device;
Storage means for storing the application;
The application depends on whether a combination of roaming information stored in the roaming information database of the mobile terminal device and departure / entry history data stored in the immigration information database of the mobile terminal device is valid. Determining means for determining whether or not is in a valid state ;
Control means for deactivating the application if the determination means determines that the application is in a valid state if the current state stored in the immigration information database is departure .
Mobile terminal system. An application control method in an electronic device connected to a mobile terminal device having a communication function with an external system,
Perform communication with an external system via the mobile terminal device,
Store roaming information in communication with the external system in a roaming information database;
Storing the entry data for the user of the electronic device in the entry information database;
And determining whether the application is a valid state based on the entry data stored in the entry information database and roaming information stored in the roaming information database,
If the application by the determining determines that a valid state, the activation of the application,
Application control method in electronic device. An application control method in an electronic device connected to a mobile terminal device having a communication function with an external system,
Perform communication with an external system via the mobile terminal device,
Store roaming information in communication with the external system in a roaming information database;
Storing departure data for the user of the electronic device in the departure information database;
And determining whether the application is a valid state based on the departure data stored in said departure information database and roaming information stored in the roaming information database,
If the application by the determining determines that a valid state, the deactivation of the application,
Application control method in electronic device. An application control method in an electronic device connected to a mobile terminal device having a communication function with an external system,
Perform communication with an external system via the mobile terminal device,
Store roaming information in communication with the external system in a roaming information database;
Store the departure and entry history data for the user of the electronic device in the immigration information database,
Whether the it application is in a valid state by whether the or the combination of the roaming information database in the stored roaming information and the immigration information departure stored in a database and entry of historical data is valid Judgment
If it is determined by the determination that the application is in a valid state, the application is activated if the current state stored in the immigration information database is entry .
Application control method in electronic device. An application control method in an electronic device connected to a mobile terminal device having a communication function with an external system,
Perform communication with an external system via the mobile terminal device,
Store roaming information in communication with the external system in a roaming information database;
Store the departure and entry history data for the user of the electronic device in the immigration information database,
Whether the it application is in a valid state by whether the or the combination of the roaming information database in the stored roaming information and the immigration information departure stored in a database and entry of historical data is valid Judgment
If it is determined by the determination that the application is in a valid state, if the current state stored in the immigration information database is departure, the application is deactivated.
Application control method in electronic device.

Images