JP6766534B2 - UIM and UIM issuing system - Google Patents

Description

The present invention relates to a UIM mounted on a mobile terminal such as a smartphone.

UIM support for NFC, which enables access to applications loaded in the UIM (User Identity Module) of mobile terminals, is advancing via the NFC (Near Field Communication) chip provided in mobile terminals. Various card contents (Card Content) were created in NVM (Non-volatile memory) of UIM compatible with NFC, and GP (Global Platform) established mainly for financial relations issued TSM (Trusted Service Manager) for UIM. ) It is stipulated to use the server. In the present invention, the card content is a concept including a load file (Executable Load File) containing the program code of the application and an application instance (Application Instance) using the program code of the application included in the load file. ..

The TSM server uses a command to output a list of card contents created in the UIM NVM when issuing the UIM, that is, when creating a new card content in the UIM NVM. The UIM that conforms to the standard of Non-Patent Document 1 established by GP is the UIM, which obtains the list of card contents from the UIM via the carrier network of the UIM and performs the process of grasping the card content created in the NVM of the UIM. For example, Get Status Command is supported as a command to output the list of card contents created in NVM.

The command to output the list of card contents created in the UIM NVM cannot output the entire list of card contents created in the UIM NVM at once, the list of card contents created in the UIM NVM. The TSM server must send this command to the UIM multiple times to get the entire list, in order to output a part of and a status word indicating that there is more data.

In particular, the UIM that supports NFC has a larger number of card contents created in the NVM of the UIM than the UIM that does not support NFC, so the data length of the list of card contents is the payload of the transmission protocol. In many cases, the length is exceeded, and the TSM server has to send this command to the UIM multiple times in order to obtain the entire list.

In this way, if the entire list of card contents created in the UIM NVM cannot be output at once, the exchange related to the command to output the list related to the card content is executed multiple times between the TSM server and UIM. ， Shortening this processing time is one of the issues.

GlobalPlatform Card Specification Version 2.2 March 2006

Therefore, the present invention presents a UIM that outputs a list related to card content and a UIM issuance using this UIM so that the issuing status of the UIM can be grasped on the TSM server side without acquiring the entire list related to the card content. The purpose is to provide a system.

In the first invention for solving the above-mentioned problems, a plurality of records for storing card content information including an identifier of the card content related to the application created in the memory are provided, and the card content information corresponding to the card content information is provided. A data table in which creation order information indicating the order in which card content is installed is added to the record that stores the card content information, and the creation that is added to the record that stores the card content information. Using the raw order information, list data that outputs the card content information stored in the data table by the LIFO (Last-In First-Out) method is generated, and the list is more than the payload length of the transmission protocol. UIM (User Identity Module) equipped with a list output command that divides the list data into a plurality of fragments so as to fit in the payload length and outputs the fragments according to the number of consecutive executions of the command when the data length of the data is long. Is.
The first invention is an invention in which the card content is used as an application instance. The UIM according to the first invention includes an instance table which is a data table that stores an application instance as the card content and stores instance information including an identifier of the application instance as the card content information. The list output command of UIM accesses the instance table and generates the list data using the instance information as the card content information when the parameter of the command APDU indicates that the list of the instance information is generated. To do.

The second invention is the load file in UIM described in the first inventions, the UIM stores the load file that contains the execution module by the application instance is used as the card content, including the identifier of the load file The load file table is provided with a load file table which is the data table that stores information as the card content information, and the list output command indicates that the list of the load file information is generated by a parameter of the command application. Is used to generate the list data using the load file information as the card content information. The second invention is an invention in which the card content is used as a load file.

The third invention is the UIM described in the first inventions, after pear wounds the application instance in NVM, from among records the instance table has a record of the records in which the instance information is not stored After searching in order and writing the instance information related to the application instance created in NVM to the searched record, the creation order information next to the largest creation order information at this time is the record. It is characterized by having an installation command to be added to. The third invention is an invention provided with a command for writing the instance information in the instance table.

In the fourth invention, in the UIM described in the third invention, the application instance indicated by the command APDU is deleted from the memory, and further, the instance information related to the application instance deleted from the memory and the instance information. After deleting the creation order information added to the record in which the above was recorded from the instance table, the creation order information added to the record held by the instance table is referred to and deleted. It is characterized by having a delete command for updating each of the creation order information, which has a large order information, to the creation order information in which the creation order is moved down by one. The fourth invention is an invention including a delete command for deleting the application instance from the memory.

In the fifth invention, in the UIM described in the second invention, after the load file is loaded into the NVM, the record in which the load file information is not stored is selected from the records held in the load file table. After searching in record order and writing the load file information related to the load file loaded in NVM to the searched record, the creation order information next to the largest creation order information at this time is described above. It is characterized by having a load command to be added to the record. The fifth invention is an invention in which a command for writing the load file information is provided in the load file table.

The sixth invention is the UIM described in the fifth invention, in which the delete command deletes the load file indicated by the command APDU from the NVM, and further, the load file information related to the load file deleted from the NVM. After deleting the creation order information added to the record in which the load file information was recorded from the instance table, the creation order information added to the record held by the load file table is added. It is characterized in that each of the creation order information, which is referred to and deleted and has a large creation order information, is updated to the creation order information in which the creation order is moved down by one. The sixth invention is an invention including a delete command for deleting the load file from the memory.

The seventh invention is composed of at least the UIM described in the second invention , a mobile terminal on which the UIM is mounted, and a TSM server that issues the UIM, and the mobile terminal is a command transmitted by the TSM server. When the APDU is transmitted to the UIM and the response output by the UIM is transmitted to the TSM server, the TSM server issues the command APDU of the list output command included in the UIM when issuing the UIM. When the response of the list output command output by the UIM is acquired via the mobile terminal and the UIM divides the list data into a plurality of fragments and outputs the list data, the identifier of the predetermined application instance is used. When the corresponding instance information or the load file information corresponding to the identifier of the predetermined load file is in the fragment included in the response of the list output command, the command APDU of the list output command for acquiring the next fragment It is a UIM issuing system characterized by performing a process of canceling transmission. The seventh invention is an invention in which the TSM server determines the transmission of the command APDU of the list output command for acquiring the next fragment.

The eighth invention is composed of at least the UIM described in the second invention, the mobile terminal on which the UIM is mounted, and the TSM server that issues the UIM, and the TSM server is used when issuing the UIM. When a card content inquiry request including an identifier of a predetermined application instance or an identifier of a predetermined load file is transmitted to the mobile terminal, and the mobile terminal receives the card content inquiry request from the TSM server, the UIM When the command APDU of the list output command provided in the above is input to the UIM, the response of the list output command is acquired from the UIM, and the UIM divides the list data into a plurality of fragments and outputs the list data, the predetermined application instance When the instance information corresponding to the identifier or the load file information corresponding to the identifier of the predetermined load file is in the fragment included in the response of the list output command, the command of the list output command for acquiring the next fragment. The UIM issuing system is characterized in that the transmission of the application is stopped and the TSM server is notified that the card content included in the card content inquiry request has been created in the UIM. The eighth invention is an invention in which the mobile terminal determines the transmission of the command APDU of the list output command for acquiring the next fragment.

Since the UIM according to the present invention described above generates list data that outputs the card content information stored in the data table by the LIFO method, the issuing status of the UIM can be checked without acquiring the entire list related to the card content. It can be grasped on the TSM server side.

The figure which showed the UIM which concerns on this embodiment, and the apparatus used for issuing a service. Explain the relationship between load files and application instances. A diagram illustrating the process of installing an application instance. The figure explaining the data table which stores the card content information. The figure explaining the operation of the delete command provided in UIM. The figure explaining the operation of the list output command provided in UIM. The figure explaining the operation which outputs the list data which exceeds the payload length. The figure explaining the 1st example of the operation of the UIM issuing system. The figure explaining the 2nd example of the operation of the UIM issuing system.

From here, preferred embodiments of the present invention will be described. The following description does not constrain the technical scope of the present invention, but is described to aid understanding.

FIG. 1 is a diagram showing a UIM 1 according to the present embodiment and a device included in the UIM issuing system 5 that issues the UIM1. FIG. 1 illustrates the UIM 1 according to the present embodiment, the mobile terminal 2 equipped with the UIM 1, and the TSM server 3 connected to the mobile terminal 2 via the carrier network 4.

As illustrated in FIG. 1, the UIM1 according to the present embodiment corresponds to NFC, and the mobile terminal 2 equipped with the UIM1 according to the present embodiment is a baseband which is a circuit necessary for functioning as a terminal such as a smartphone. In addition to the circuit 20, it includes an NFC chip 21 that provides a short-range wireless communication function and the like. The UIM1 that supports NFC includes a processor 1c, an NVM1d, an ISO7816I / F (InterFace) 1b, and a SWP / HCI1a (Single Wire Protocol / Host Controller Interface). The processor 1c included in the UIM1 is an IC chip having a function of executing a computer program. The ISO7816I / F1b included in the UIM1 is a circuit that processes a transmission protocol used for communication with the baseband circuit 20 of the mobile terminal 2. The SWP / HCI1a included in the UIM1 is a circuit that processes a transmission protocol used for communication with the NFC chip 21 of the mobile terminal 2.

In the UIM 1 according to the present embodiment, the I / F used for communication with the processor 1c of the mobile terminal 2 is ISO7816I / F1b. Basically, the mobile terminal 2 inputs the command EPA (Application Protocol Data Unit) transmitted by the TSM server 3 to the UIM 1, and transmits the response EPADU output by the UIM 1 to the TSM server 3.

As illustrated in FIG. 1, the UIM1 according to the present embodiment includes a load command 10, an installation command 11, a delete command 12, and a list output command 13 as commands realized by a computer program that operates the processor 1c included in the UIM1. Store in NVM1d or ROM (not shown). Further, the UIM1 according to the present embodiment stores the load file 14 and the application instance 15 configured by using the load file 14 in the NVM1d as the card content related to the application. Further, the UIM1 according to the present embodiment is a record-format data table for storing the card content information related to the card content stored in the UIM 1, the load file table 16 used for managing the load file 14, and the application instance 15. The instance table 17 used for management is stored in NVM1d.

FIG. 2 is a diagram illustrating the relationship between the load file 14 and the application instance 15. The load file 14 includes at least one execution module 140 that is the program code of the application, and the load file 14 illustrated in FIG. 2 includes the execution modules 140 (execution modules A and B). The application instance 15 is composed of one execution module 140 included in the load file 14 that can be used by the application and application data 150. The application instance 15 illustrated in FIG. 2 is configured to use the execution module 140 (execution module A) from the execution modules 140 (execution modules A and B) included in the load file 14. An application identifier (AID: Application IDentifier) is added to each of the load file 14 and the application.

FIG. 3 is a diagram illustrating a process of installing the application instance 15. The process of installing the application instance 15 on the UIM1 is an application that uses the load file P1 that loads the load file 14 including the execution module 140 used by the application instance 15 into the NVM1d of the UIM1 and the load file 14 that is loaded in the load phase P1. Includes installation phase P2 to install instance 15 on NVM1d of UIM1.

The load command 10 included in the UIM1 is a command for loading the load file 14 into the NVM1d of the UIM1. When loading the load file 14 into the NVM1d of the UIM1, the load command 10 is used to notify the UIM1 of the AID of the load file 14 to be loaded into the UIM1, and then the load command 10 is used to display a plurality of main bodies of the load file 14. It is transmitted to UIM1 in batches, and the load file 14 is loaded into NVM1d of UIM1. Although the load command 10 according to the present embodiment can be realized by one command, the load command 10 according to the present embodiment may be realized by a plurality of commands. In the standard of Non-Patent Document 1, Install [for Load] Command and Load Command are used to load the load file 14.

The installation command 11 included in UIM1 is a command for creating an application instance 15 in NVM1d of UIM1. When the application instance 15 is created in NVM1d of UIM1 by using the installation command 11, the AID of the application instance 15 to be created in UIM1 is notified to UIM1 by using the installation command 11, and the application instance 15 is notified to NVM1d of UIM1. To generate. In the standard of Non-Patent Document 1, the Install [for Install] Command is used to install the application instance 15. When an application is created in NVM1d of UIM1, a process of writing application data is performed.

The load file table 16 included in the UIM1 is a data table operated by a load command 10 or the like, and the instance table 17 is a data table operated by an installation command 11 or the like.

When the load file 14 is successfully loaded, the load command 10 searches the load file table 16 for records that are free (does not store load file information) in the order of records from the record number # 1, and first. A process of writing the load file information related to the load file 14 loaded in NVM1d of UIM1 is performed in the searched empty record. The content of the load file information stored in the load file table 16 is arbitrary, but the AID (Application IDentifier) of the load file 14 and the expiration date of the load file 14 can be included in the load file information.

Similarly, when the creation of the application instance 15 is completed normally, the installation command 11 searches the instance table 17 for empty records in the order of records from the record number # 1, and sets the empty record searched first. A process of writing the instance information related to the application instance 15 created in NVM1d of UIM1 is performed. The content of the instance information stored in the instance table 17 is arbitrary, but the AID (Application IDentifier) of the application instance 15 and the expiration date of the application instance 15 can be included in the instance information.

The delete command 12 included in the UIM1 is a command for deleting the load file 14 and the application instance 15 in the NVM1d of the UIM1. The delete command 12 included in the UIM1 relates to the load file 14 indicated by the command APDU of the delete command 12 when the load file 14 in the NVM1d of the UIM1 is deleted, and further deleted from the NVM1d. After deleting the load file information and the creation order information added to the record that recorded this load file information from the load file table 16, the creation order information added to the record held by the load file table 16 is deleted. The creation order information that is referred to and deleted is also large. Each creation order information is updated to the creation order information that is one step down from the creation order. Similarly, the delete command 12 deletes the application instance 15 indicated by the command APDU of the delete command 12 from the NVM1d when deleting the application instance 15 in the NVM1d of the UIM1, and further relates to the application instance 15 deleted from the NVM1d. After deleting the instance information and the creation order information added to the record that recorded this instance information from the instance table 17, the creation order information added to the record held by the instance table 17 is referred to and deleted. The creation order information is also large. Each creation order information is updated to the creation order information that is one step down from the creation order. The load file 14 and the application instance 15 to be deleted are indicated by the command APDU of the delete command 12.

FIG. 4 is a diagram illustrating a data table that stores card content information. As described with reference to FIG. 3, in the process of installing the application instance 15 in the UIM1, the load phase P1 for loading the load file 14 into the NVM1d of the UIM1 and the installation phase P2 for generating the application instance 15 in the NVM1d of the UIM1 are performed. Since it is executed, the UIM1 according to the present embodiment has a load file table 16 that stores the load file information of the load file 14 loaded in the load phase P1 and the instance information of the application instance 15 created in the installation phase P2. The instance table 17 for storing the file is provided.

FIG. 4A is a diagram illustrating the load file table 16. The load file table 16 is a data table provided with a plurality of records (here, 10 records) used for storage in the load file information. The record number used for identifying the record (described by adding "#") is added to the record held by the load file table 16, and the record storing the load file information is added to the load file information. Creation order information (listed with "N" added), which is information indicating the order in which the corresponding load files 14 are loaded, is added.

In FIG. 4A, load file information is stored in the records # 0 and # 1. By loading the two load files 14 (load files A and B) in this order using the load command 10, the load file information A, which is the load file information of the load file A, is added to the record # 0 stored. The creation order information is N0, and the creation order information added to the # 1 record in which the load file information B, which is the load file information of the load file B, is stored, is N1.

When the load file table 16 is in the state of FIG. 4A and the load file 14 (load file C) is loaded into NVM1d of UIM1 by using the load command 10, the load command 10 is executed in order from the record whose record number is # 0. A free record is searched from the load file table 16, and the first searched free record (here, the record of # 3) is loaded with the load file 14 (load file C) loaded into NVM1d of UIM1. Write information. Next, the load command 10 specifies the maximum creation order information (here, N1) at this point, and the creation order information next to this creation order information (here, N2). To this record.

FIG. 4B is a diagram illustrating an instance table 17. The instance table 17 is a data table provided with a plurality of records (here, 10 records) used for storing instance information. The record number used for identifying the record (described by adding "#") is added to the record held in the instance table 17, and the application instance 15 is created in the record storing the instance information. Creation order information (listed with "N" added), which is information indicating the creation order, is added.

In FIG. 4A, the instance information is stored in the records # 0, # 1, # 2, # 4, and # 6, and the instance information stored in the records # 3 and # 5 is deleted. ing. After creating 7 application instances 15 (application instance A to application instance G) in order by using the install command 11, 2 application instances 15 (application instances D and F) are created by using the delete command 12. By deleting, the creation order information added to the # 0 record in which the instance information A, which is the instance information of the application instance A, is stored is N0, and the instance information B, which is the instance information of the application instance B, is stored. The creation order information added to the # 1 record is N1, and the creation order information added to the # 2 record in which the instance information C, which is the instance information of the application instance C, is stored, is N2. ， The creation order information added to the record of # 4 where the instance information E which is the instance information of the application instance E is stored is N3, and the instance information G which is the instance information of the application instance G is stored # The creation order information added to the record of 6 is N4.

When the instance table 17 is in the state of FIG. 4B and the installation command 11 is used to load a new application instance 15 (application instance H) into NVM1d of UIM1, the installation command 11 starts from the record whose record number is # 1. Empty records are searched in order from the instance table 17, and the first searched empty record (here, the record of # 4) is the instance information related to the application instance 15 (application instance H) loaded into NVM1d of UIM1. Write H. Next, the load command 10 identifies the maximum creation order information (here, N4) added to the record of the instance table 17, and the creation order information (which is next to this creation order information). Here, it becomes N5) is added to this record.

FIG. 5 is a diagram illustrating the operation of the delete command 12 included in the UIM1. FIG. 5A is an instance table 17 after seven application instances 15 (application instance A to application instance G) are created in order by using the installation command 11. By creating seven application instances 15 in order, the instance information of each of application instance A to application instance G is stored in the records # 0 to # 6. For example, the instance information A of the application instance A is stored in the record # 0, and the instance information G of the application instance G is stored in the record # 6.

FIG. 5B is an instance table 17 after the application instance D is deleted. When the delete command 12 deletes the application instance D, the application instance D is deleted from the NVM1d, and the instance information D related to the application instance D and the creation added to the record in which the instance information D is recorded are added. After deleting the order information from the instance table 17, the creation order information added to the record held by the instance table 17 is referred to, and the deleted creation order information is also large. Update to the deferred creation order information. In FIG. 5A, since the instance information D related to the application instance D is stored in the record # 3, the instance information D is deleted from the record # 3 and further added to the record # 3. The creation order information is also deleted. The creation order information larger than the deleted creation order information (here, it becomes N3) becomes N4 to N6, and the delete command 12 moves down the creation order of each deleted creation order information by one. By updating to the creation order information, in FIG. 5B, the creation order information added to the record # 4 is changed from N4 to N3, and the creation order information added to the record # 5 is changed to the creation order information. The creation order information added to the record of # 6 is updated from N5 to N4, and from N5 to N4, respectively.

The list output command 13 included in the UIM1 will be described. The list output command 13 included in UIM1 is a command that outputs a list of card content information, and uses all or part of the list of card content information as response data, and provides a response APDU containing a 2-byte status word indicating the processing result. Perform the process of generating.

FIG. 6 is a diagram illustrating the operation of the list output command 13 included in the UIM1. When the command APDU (Application Protocol Data Unit) of the list output command 13 transmitted by the TSM server 3 is input to the UIM1 via the mobile terminal 2 (S1), the list output command 13 included in the UIM1 is activated. The command APDU of the list output command 13 transmitted by the TSM server 3 is a parameter indicating the card content information (here, either load file information or instance information) for outputting the list, and the continuity of the list output command 13 (““ Contains parameters that indicate "First" or "next").

The list output command 13 determines whether or not the "first" is indicated by the parameter of the command APDU indicating the continuity of the list output command 13 (S2).

When the first is indicated by the command APDU of the list output command 13 transmitted by the TSM server 3, the list output command 13 refers to the parameter of the command APDU indicating the card content information for outputting the list, and the card content information for outputting the list. Is specified (S3).

Next, the list output command 13 accesses the data table that stores the card content information indicated by the command APDU of the list output command 13, and the creation order information added to the record in which the card content information is stored. Is used to generate list data that outputs the card content information stored in the data table by the LIFO (Last-In First-Out) method (S4).

When the load file information is indicated by the parameter indicating the card content information that outputs the list, the list output command 13 accesses the load file table 16 and displays the list data of the load file information stored in the load file table 16. Perform the process of generating. When the instance information is indicated by this parameter, the list output command 13 accesses the instance table 17 and performs a process of generating the list data of the instance information stored in the instance table 17.

When the list data is generated, the list output command 13 of UIM1 confirms whether the data length of the list data exceeds the payload length of ISO7816I / F1b (S5), and if it is less than or equal to the payload length, all the list data is set as response data. The response APDU with the status word set to "normal end" ('90', '00' in Non-Patent Document 1) is requested to ISO7816I / F1b (S6), and UIM1 returns to the state of waiting for command reception (S6). S10).

When the data length of the list data exceeds the payload length of ISO7816I / F1b, the list output command 13 executes a process of dividing the list data into a plurality of fragments (fragments) so as to fit in the payload length of ISO7816I / F1b. Later (S7), ISO7816I / F1b is requested to output the response APDU with the first fragment as the response data and the status word "with the next fragment" ('63', '10' in Non-Patent Document 1). (S8), UIM1 returns to the state of waiting for command reception (S10).

Further, in the step, when "next" is indicated by the command APDU of the list output command 13 transmitted by the TSM server 3, the list output command 13 includes the response APDU that includes the fragment next to the last output fragment as the response data. Is requested to ISO7816I / F1b (S9), and UIM1 returns to the state of waiting for command reception (S10). If there is a fragment next to the output fragment, the status word of the response APDU is set to have the next fragment. If there is no fragment next to the output fragment, the status word of the response APDU is terminated normally.

FIG. 7 is a diagram illustrating an operation of outputting list data 5 exceeding the payload length. The list data 5 illustrated in FIG. 7 is data obtained after the application instance 15 (application instance H) is installed in the instance table 17 illustrated in FIG. 4 (b). As described above, the list output command 13 generates the list data 5 that outputs the instance information stored in the instance table 17 by the LIFO method. Therefore, the list data 5 illustrated in FIG. 7 is stored in the instance table 17. The structure is such that the stored instance information is arranged in descending order of the creation order information added to the record in which the instance information is stored.

As shown in FIG. 7, since the data length of the list data 5 shown in FIG. 7 exceeds the payload length, the list output command 13 divides the list data 5 into a plurality of fragments 50 so as to fit in the payload length. The list data 5 in FIG. 7 is divided into five fragments 50. The first fragment 50 (fragment _1) is the first output fragment 50, and the fragment 50 (fragment _1) is the instance information (here) of the record to which the largest creation order information (here, N7) is added. Then, the instance information of the record to which the last installed application instance H instance information and the second largest creation order information (here, N6) are added (here, the penultimately installed application). Includes a part of instance information of instance G). The fragment 50 (fragment _1) following the fragment 50 (fragment _1) is the fragment 50 output next to the fragment 50 (fragment _1), and is the second largest creation order information (here, N6). In the instance information of the record to which is added (here, the instance information of the application instance G), the part not included in the fragment 50 (fragment _1) and the third largest creation order information (here, N4) are included. A part of the instance information of the added record (here, the instance information of the application instance E) is included.

According to the procedure illustrated in FIG. 6, the fragment 50 output by UIM1 when "first" is indicated by the parameter of the command APDU of the list output command 13 is the application instance 15 (application instance H) created last. It becomes fragment 50 (fragment _1) containing the instance information of. Further, after the fragment 50 (fragment_1) is output, the fragment 50 output by UIM1 when the command APDU of the list output command 13 indicating "next" is received becomes the fragment 50 (fragment_1).

As described above, the list output command 13 of the UIM1 according to the present embodiment generates list data for outputting the card content information stored in the data table by the LIFO method, and the list data is more than the payload length of the transmission protocol. When the data length is long, the list data is divided into a plurality of fragments so as to fit in the payload length, and the fragments are output according to the number of consecutive executions of the command. Therefore, the TSM server 3 acquires all the list data from the UIM1. You can grasp the issuance status of UIM1 without it.

From here, the first example of the operation of the UIM issuing system 5 will be described. FIG. 8 is a diagram illustrating a first example of the operation of the UIM issuing system 5. In the first example of the operation of the UIM issuing system 5, the TSM server 3 transmits the command APDU of the list output command 13 to the UIM1. Then, the mobile terminal 2 inputs the command APDU of the list output command 13 transmitted by the TSM server 3 to the UIM 1, and transmits the response APDU of the list output command 13 output by the UIM 1 to the TSM server 3.

When issuing UIM1, that is, when creating a new card content in NVM1d of UIM1, the TSM server 3 uses the carrier network 4 to transfer the command APDU of the list output command 13 included in UIM1 to the mobile terminal 2. Send (S1). The value of the parameter included in the command APDU of the list output command 13 and indicating the continuity of the list output command 13 is a value indicating "First" in step S1.

When the mobile terminal 2 receives the command APDU of the list output command 13 transmitted by the TSM server 3, the mobile terminal 2 inputs the command APDU of the list output command 13 transmitted by the TSM server 3 to the UIM1 using ISO7816I / F1b (S2). ).

When the command APDU of the list output command 13 is input, the UIM1 executes the list output command 13 (S3) and outputs the response APDU of the list output command 13 (S4). The response APDU of the list output command 13 includes response data that is all or part of the list data of the card content information, and a 2-byte status word indicating the processing result. As described above, when the data length of the list data is longer than the payload length of the transmission protocol, the list output command 13 divides the list data into a plurality of fragments so as to fit in the payload length, and the command is continuous. Outputs fragments according to the number of executions. When outputting a fragment of list data, the status word when there is the next fragment becomes the value indicating "with the next fragment", and the status word when there is no next fragment becomes the value indicating "normal end". .. In addition, the status word when the list data is output without dividing into fragments is a value indicating "normal end".

When the UIM 1 outputs the response APDU of the list output command 13, the mobile terminal 2 uses the carrier network 4 to transfer the response APDU of the list output command 13 output by the UIM 1 to the TSM server 3 (S5).

When the TSM server 3 receives the response APDU of the list output command 13 output by the UIM1 from the mobile terminal 2, the TSM server 3 becomes either all the list data (all the list data or a fragment of the list data) included in the response APDU of the list output command 13. ) Includes card content information having a predetermined card content identifier (S6).

When the list data included in the response APDU of the list output command 13 includes the card content information having the identifier of the predetermined card content, the TSM server 3 has already issued the predetermined card content to the UIM1. That is, it is determined that it is created in NVM1d of UIM1 (S9), and this procedure is terminated.

If the list data included in the response APDU of the list output command 13 does not include the card content information having the identifier of the predetermined card content, the TSM server 3 has the status included in the response APDU of the list output command 13. Confirm the word (S7).

When the status word included in the response APDU of the list output command 13 indicates "normal end", the TSM server 3 determines that the predetermined card content has not been created in NVM1d of UIM1 (S10), and this procedure. To finish. If the status word included in the response APDU of the list output command 13 indicates "there is a next fragment", the TSM server 3 sets the parameter indicating the continuity of the list output command 13 to "Next". The command APDU of the output command 13 is transmitted to the mobile terminal 2 (S8). When the TSM server 3 sends the command APDU of the list output command 13 with the parameter indicating the continuity of the list output command 13 set to "Next" to the mobile terminal 2, the procedure after S2 in FIG. 8 is executed. Will be done.

In FIG. 8, the condition for the TSM server 3 to stop the process of transmitting the command APDU of the list output command 13 is either the list data (all list data or a fragment of the list data) included in the response APDU of the list output command 13. ) Contains card content information having a predetermined card content identifier, or the status word included in the response APDU of the list output command 13 indicates "normal end". become. Therefore, if the predetermined card content is set to the card content to be issued to UIM1, the issuance status of UIM1 can be confirmed from the response APDU of the list output command 13 first output by UIM1 without acquiring all the list data.

From here, a second example of the operation of the UIM issuing system 5 will be described. FIG. 9 is a diagram illustrating a second example of the operation of the UIM issuing system 5. In the second example of the operation of the UIM issuing system 5, the device for transmitting the command APDU of the list output command 13 to the UIM 1 is the mobile terminal 2. Therefore, the function of the TSM server 3 described with reference to FIG. 8 is provided to the mobile terminal 2.

When issuing UIM1, that is, when creating a new card content in NVM1d of UIM1, the TSM server 3 uses the carrier network 4 to make a card content inquiry request including a predetermined card content identifier on the mobile terminal. It is transmitted to 2 (S20).

When the mobile terminal 2 receives the card content inquiry request from the TSM server 3, the mobile terminal 2 uses ISO7816I / F1b to input the command APDU of the list output command 13 included in the UIM1 to the UIM2 (S21). The value of the parameter indicating the continuity of the list output command 13 included in the command APDU of the list output command 13 input to the UIM1 by the mobile terminal 2 is a value indicating "First" in step S21.

When the command APDU of the list output command 13 is input, the UIM1 executes the list output command 13 (S22) and outputs the response APDU of the list output command 13 (S23). The response APDU of the list output command 13 includes response data that is all or part of the list data of the card content information, and a 2-byte status word indicating the processing result. As described above, when the data length of the list data is longer than the payload length of the transmission protocol, the list output command 13 divides the list data into a plurality of fragments so as to fit in the payload length, and the command is continuous. Outputs fragments according to the number of executions. When outputting a fragment of list data, the status word when there is the next fragment becomes the value indicating "with the next fragment", and the status word when there is no next fragment becomes the value indicating "normal end". .. In addition, the status word when the list data is output without dividing into fragments is a value indicating "normal end".

When the UIM1 outputs the response APDU of the list output command 13, the mobile terminal 2 has a card in the list data (either all the list data or a fragment of the list data) included in the response APDU of the list output command 13. It is confirmed whether there is card content information having the identifier included in the content inquiry request (S24).

If the list data included in the response APDU of the list output command 13 contains the card content information having the identifier included in the card content inquiry request, the mobile terminal 2 has the identifier included in the card content inquiry request. It is determined that the card content corresponding to the above has already been created in NVM1d of UIM1, and this is notified to the TSM server 3 (S27), and this procedure is terminated.

The mobile terminal 2 is included in the response APDU of the list output command 13 when the list data included in the response APDU of the list output command 13 does not include the card content information having the identifier included in the card content inquiry request. Check the status word (S25).

When the status word included in the response APDU of the list output command 13 indicates "normal end", the mobile terminal 2 has a card content corresponding to the identifier included in the card content inquiry request created in NVM1d of UIM1. It is determined that there is no such thing, and this is notified to the TSM server 3 (S28), and this procedure is terminated. If the status word included in the response APDU of the list output command 13 indicates "there is the next fragment", the mobile terminal 2 sets the parameter indicating the continuity of the list output command 13 to "Next". The command APDU of the output command 13 is input to UIM2 (S26). When the mobile terminal 2 inputs the command APDU of the list output command 13 in which the parameter indicating the continuity of the list output command 13 is “Next” to UIM2, the procedure after S21 in FIG. 9 is executed. ..

In FIG. 9, the condition for the mobile terminal 2 to stop the process of transmitting the command APDU of the list output command 13 is either the list data (all list data or a fragment of the list data) included in the response APDU of the list output command 13. ) Contains the card content information corresponding to the specified card content, or the status word included in the response APDU of the list output command 13 indicates "normal end". Become. Therefore, if the identifier included in the card content inquiry request is the identifier of the card content issued to UIM1, the response APDU to UIM1 of the list output command 13 first output by UIM1 does not have to acquire all the list data from UIM1. You can check the issuance status.

1 UIM
10 Load command 11 Install command 12 Delete command 13 List output command 14 Load file 15 Application instance 16 Load file table 17 Instance table 2 Mobile terminal 3 TSM server 5 UIM issuing system

Claims (8)

A plurality of records for storing card content information including an identifier of the card content related to the application created in the memory are provided, and a creation indicating the order in which the card content corresponding to the card content information is created is provided. A data table in which forward information is added to the record in which the card content information is stored, and
Using the creation order information added to the record that stores the card content information, the card content information stored in the data table is converted to the LIFO (Last-In First-Out) method. When the list data to be output is generated and the data length of the list data is longer than the payload length of the transmission protocol, the list data is divided into a plurality of fragments so as to fit in the payload length, and the number of consecutive executions of the command is determined. A list output command that outputs the fragment and
A UIM (User Identity Module) with a,
It is provided with an instance table which is the data table that stores the application instance as the card content and stores the instance information including the identifier of the application instance as the card content information.
When the parameter of the command APDU indicates that the list of the instance information is generated, the list output command accesses the instance table and generates the list data using the instance information as the card content information. UIM you, characterized in that. A load file table, which is a data table that stores a load file including an execution module used by the application instance as the card content and stores load file information including an identifier of the load file as the card content information, is provided.
When the parameter of the command APDU indicates that the list output command generates a list of the load file information, the list output command accesses the load file table and uses the load file information as the card content information for the list data. Characterized by generating,
The UIM according to claim 1 . After creating the application instance in the memory, the records in which the instance information is not stored are searched in the record order from the records held in the instance table, and the instance information related to the application instance created in the memory is searched. It is characterized by having an installation command for adding the creation order information next to the creation order information, which is the largest at this time, to the record after writing to the searched record.
The UIM according to claim 1 . The application instance indicated by the command APDU is deleted from the memory, and the instance information related to the application instance deleted from the memory and the creation order information added to the record in which the instance information is recorded are added. After deleting from the instance table, the creation order information added to the record held by the instance table is referred to, and the creation order information for which the deleted creation order information is also large is changed to the creation order. The UIM according to claim 3 , wherein a delete command for updating the creation order information that has been moved down by one is provided. After loading the load file into the memory, the records in which the load file information is not stored are searched in the record order from the records held in the load file table, and the load related to the load file loaded into the memory is searched. It is characterized by having a load command for adding the creation order information next to the creation order information, which is the largest at this time, to the record after writing the file information to the searched record.
The UIM according to claim 2 . The load file indicated by the command APDU is deleted from the memory, and the load file information related to the load file deleted from the memory and the creation order added to the record in which the load file information is recorded are added. After deleting the information from the load file table, the creation order information added to the record held by the load file table is referred to, and the deleted creation order information is also large. The UIM according to claim 5 , further comprising a delete command for updating the creation order information in which the creation order is moved down by one. The UIM according to claim 2 , a mobile terminal on which the UIM is mounted, and a TSM server that issues the UIM are at least configured, and the mobile terminal transmits a command application transmitted by the TSM server to the UIM. , The response output by the UIM is transmitted to the TSM server, and when the TSM server issues the UIM, the command APDU of the list output command included in the UIM is transmitted to the mobile terminal. When the response of the list output command output by the UIM is acquired via the terminal and the UIM divides the list data into a plurality of fragments and outputs the list data, the instance information corresponding to the identifier of the predetermined application instance or the predetermined When the load file information corresponding to the identifier of the load file is in the fragment included in the response of the list output command, the process of canceling the transmission of the command APDU of the list output command for acquiring the next fragment is performed. ， A UIM issuing system characterized by that. The UIM according to claim 2 , a mobile terminal on which the UIM is mounted, and a TSM server that issues the UIM are at least configured, and the TSM server is an identifier of a predetermined application instance or an identifier when issuing the UIM. A process of transmitting a card content inquiry request including an identifier of a predetermined load file to the mobile terminal is performed, and when the mobile terminal receives the card content inquiry request from the TSM server, the command of the list output command included in the UIM is provided. When the APDU is input to the UIM, the response of the list output command is acquired from the UIM, and the UIM divides the list data into a plurality of fragments and outputs the list data, the instance information corresponding to the identifier of the predetermined application instance or When the load file information corresponding to the identifier of the predetermined load file is in the fragment included in the response of the list output command, the transmission of the command Application of the list output command for acquiring the next fragment is stopped. A UIM issuing system characterized in that a process of notifying the TSM server that the card content included in the card content inquiry request has been created in the UIM is performed.

Images