JPWO2005122070A1 - IC card module - Google Patents

Abstract

The IC card module (1) includes a controller chip (2) that performs data processing and a rewritable first nonvolatile memory (3) that is accessed by the controller chip. The controller chip includes an IC card interface unit (5) capable of interfacing with the outside, a USB interface unit (6) capable of interfacing with the outside, and a storage area (13) for personal identification information. The authentication needs to be established when performing predetermined data processing via any of the interface units, and the determination of the establishment of the authentication is performed regardless of whether the IC card interface unit or the USB interface unit is used. Use password information. It is possible to interface with a terminal, a PC, or the like without taking out an IC card module in the terminal and without causing a decrease in security.

Description

  The present invention relates to an IC card module compliant with a standard such as a plug-in UICC (Universal Integrated Circuit Card) or USIM (Universal Subscriber Identity Module).

  Patent Document 1 describes a multi-function memory card in which a SIM (Subscriber Identity Module) card unit and a memory card unit are mounted on an MMC card (MultiMediaCard) or SD card standard card substrate. The connector terminals provided on the card substrate are arranged in two rows in a staggered manner so as to be compatible with MMC cards and SD cards. Note that MultiMediaCard is a registered trademark of Infineon Technologies AG. Also simply abbreviated as “MMC”.

  In Patent Document 2, an IC card microcomputer is mounted on a base card, and an IC card in which contact terminals for accessing the IC card microcomputer are formed on the surface of the base card. There is a description of an IC card to which a contact terminal for access is added. In this IC card, the base card is a large credit card of 37 mm × 45 mm × 0.75 mm, and the contact terminals for accessing the IC card microcomputer satisfy the terminal position and function standards according to ISO / IEC 7816-2, The contact terminal for accessing the flash memory has a size and arrangement conforming to the standard of a memory card such as a smart card.

International Publication No. 01/84490 Pamphlet Japanese Patent Laid-Open No. 10-334205

  The inventor examined an IC card module suitable for a mobile communication system represented by a third-generation mobile phone compliant with standards such as plug-in UICC and USIM. This type of IC card module allows a telephone number and billing information to be used as they are by replacing a common IC card module even when using a different type of telephone. Try to target all generations of mobile phones. This type of card substrate is 15 mm × 25 mm × as in the SIM card, as in the plug-in UICC standard in European Telecommunications Standardization Institute Technical Specification (ETSI TS) 102 221 V4.4.0 (2001-10). The external interface terminals of the microcomputer are arranged on the surface in a pattern that conforms to the ISO / IEC 7816-2 terminal position and function standards. In particular, the present inventor has examined the compatibility with a PC (Personal Computer) as the IC card module becomes more multifunctional.

  In other words, if the PIN information, personal information, and mail communication environment setting information necessary for authentication are stored in the IC card module, the same communication environment and application program execution environment can be configured on any telephone. Thus, the present inventor further promoted this, and studied to improve the convenience for enhancing the functionality of the IC card module by making it possible to share the mail communication environment and the program execution environment with the PC. In that case, in order to guarantee the security function of the IC card module that prevents illegal use, falsification, force majeure, etc. of the data, it is considered necessary to perform the required authentication process when interfacing with the PC. . At this time, it is possible to use another IC card microcomputer for the authentication process with the PC side, but in that case, two IC card microcomputers must be mounted on a limited size card substrate. This is disadvantageous in terms of space, and when the file memory is to be mounted on the IC card module, there is a possibility that the storage capacity may be limited, which is contrary to the enhancement of functionality. Further, when two IC card microcomputers each having a security function are mounted, the possibility of unauthorized access is doubled, and security is also a problem.

  An object of the present invention is to provide an IC card module capable of interfacing with a terminal, a PC, or the like without taking out an IC card module in the terminal and without causing a decrease in security.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  The following is a brief description of an outline of typical inventions disclosed in the present application.

  [1] The IC card module (1) includes a controller chip (2) that performs data processing and a rewritable first nonvolatile memory (3) that is accessed by the controller chip. The controller chip includes an IC card interface unit (5) capable of interfacing with the outside, a USB interface unit (6) capable of interfacing with the outside, a data processing unit (4), and a storage area (13) for password information. The data processing unit requires authentication to be established when predetermined data processing is performed in response to a data processing request from either the IC card interface unit or the USB interface unit. Use the secret information of the area. In this application, the password information means secret numbers and characters registered in advance.

  As described above, authentication is required for data processing via any interface unit, and a single controller chip is used to determine whether authentication has been established. Therefore, it is possible to suppress a decrease in security in these respects. Since the number of controller chips is one, the storage capacity of the first nonvolatile memory mounted on the IC card module can be increased compared to the case of two, and the usability is also good. When two controller chips are employed, individual information management for security is required for each controller chip.

  In a specific form of the present invention, the interface function by the IC card interface unit conforms to the plug-in UICC interface standard. The plug-in UICC interface standard is described in ETSI TS 102 221 V4.4.0 (2001-10). The interface function of the IC card interface unit conforms to the SIM interface standard. Examples of SIM interface standards include GSM 11.11 standard, GSM 11.14, and ETSI TS 101 267 V8.3.0 (2000-08). The interface function by the USB interface unit conforms to the USB mass storage interface standard. Examples of USB mass storage interface standards include Universal Serial Bus Specification 1.1, USB Mass Storage Class Specification Overview, USB Mass Storage Class Bilk-Only Transport, and USB Mass Storage Class CBI Transport.

  In a more specific form of the invention, the controller chip has a second nonvolatile memory, and the first nonvolatile memory has a larger storage capacity than the second nonvolatile memory. The controller chip randomly accesses the second non-volatile memory in units of addresses, and performs file access of the first non-volatile memory in units of sectors. The first nonvolatile memory is, for example, a flash memory. The controller chip is a single-chip microcomputer for an IC card.

  [2] The IC card module includes a controller chip that can execute a program and has a security function for executing the program, and a rewritable nonvolatile memory that is accessed by the controller chip. The controller chip includes an IC card interface unit, a USB interface unit, and a data processing unit. The data processing unit is a predetermined program in response to a data processing request from either the IC card interface unit or the USB interface unit. When executing the above, it is necessary to establish authentication.

  The controller chip has a password information storage area, and the password information in the storage area is used to determine whether the authentication has been established.

  The controller chip has a storage information encryption / decryption function as one of the security functions. The interface function by the USB interface unit conforms to the USB mass storage interface standard.

  The IC card interface function of the IC card module not only conforms to the plug-in UICC interface standard, but also has an interface function based on non-contact communication in addition to the plug-in UICC interface standard. It may be a thing. An IC card module conforming to a standard such as plug-in UICC or USIM usually has a contact type interface because it is installed in a device such as a mobile phone, but as an interface means between the IC card module and the device. There are other interface means by non-contact communication. In this case, since the IC card module has a non-contact communication function, communication with a mobile phone or the like is performed using a contact interface, communication with other devices is performed using a non-contact interface, or a mobile phone or the like. It is possible to perform communication using a non-contact interface with a device including the.

  As one typical embodiment of the present invention, the controller chip (2) has a power supply control section (9), and the power supply control section is supplied from the outside via the IC card interface section (5). Can be generated based on a first external power supply (VCEX1) or a second external power supply (VCEX2) supplied from the outside via the USB interface unit, and the second external power supply is supplied. If so, the second external power supply is preferentially used to generate the internal power supply. Considering that the USB interface unit side is used for selective connection while the IC card interface unit side is exclusively used as a constant connection side, the second external power source is given priority in generating the internal power source. By using the first external power supply and avoiding the conflict between the first external power supply and the second external power supply, the power supply control can be simplified.

  As another typical embodiment of the present invention, the controller chip has a clock frequency dividing circuit (8), and the clock frequency dividing circuit receives a first clock (externally supplied to the IC card interface unit). CK1) or an internal clock (CKIT) can be generated based on a second clock (CK2) generated in the IC card module, and the power control unit generates an internal power based on the second external power In response to this, an internal clock is generated based on the second clock. Even when a USB interface that does not require external clock input is used, the clock synchronization operation of the data processing unit can be guaranteed.

  At this time, it is preferable that the IC card interface unit is operable by using the first external power supply when the second external power supply is used to generate the internal power supply. Even when the data processing unit performs data processing via the USB interface, it is possible to secure a room for responding to a processing request from the IC card interface unit. For example, it is preferable that the data processing unit can accept an interrupt request supplied from outside via the IC card interface unit.

  As still another typical embodiment of the present invention, the USB interface unit requests an interrupt to the data processing unit when the second external power is supplied from the outside, and the data processing unit is requested to perform the interrupt. And a transition to an operation stop state based on a predetermined interrupt process and an instruction to switch the first power supply to the power supply control unit, and the power supply control unit is based on the first external power supply in response to the first power supply switching instruction. Switching from the generation of the internal power supply to the generation of the internal power supply based on the second external power supply and instructing the release of the operation stop state of the data processing unit. According to the above procedure, when a USB host is connected to the USB interface unit afterward in a state where data processing is possible exclusively through the IC card interface unit, normal switching of the internal state accompanying power switching or the like is normally controlled. Is possible.

  The USB interface unit requests an interrupt to the data processing unit when a connection release command is supplied from the outside, and the data processing unit transitions to an operation stop state based on a predetermined interrupt processing when the interrupt is requested. And instructing the power supply control unit to switch the second power supply, and the power supply control unit responds to the second power supply switching instruction to generate an internal power supply based on the second external power supply and to generate an internal power supply based on the first external power supply. In addition to switching to generation of power, the data processing unit is instructed to cancel the operation stop state, and a response response to the connection release command is output from the USB interface unit to the outside. According to the above procedure, when the USB interface unit is later disconnected from the USB host in a state where data processing is possible exclusively through the USB interface unit, it is possible to normally control the switching of the internal state accompanying the power switching or the like. .

  The USB interface unit instructs the power supply control unit to switch the third power supply when it detects the forced cutoff of the second external power supply, and the power supply control unit responds to the third power supply switching instruction, The generation is switched from the generation of the internal power supply based on the external power supply to the generation of the internal power supply based on the first external power supply, and the data processing unit is instructed to perform an error process of forced power cut-off. According to the above procedure, when the USB interface unit is forcibly cut off from the USB host, an error process is scheduled, so that the influence of the forcible cutoff can be minimized.

  [3] An IC card module according to another aspect can execute a program, and has a controller chip (2) having a security function for executing the program and a rewritable nonvolatile memory accessed by the controller chip. (3), and the controller chip includes an IC card interface unit (5), a memory card interface unit (30), and a data processing unit (4), and the data processing unit includes the IC card interface unit or When a predetermined program is executed in response to a data processing request from any of the memory interface units, authentication needs to be established. It is preferable that the controller chip has a password information storage area and the password information in the storage area is used to determine whether the authentication is established.

  Since it is necessary to establish authentication for data processing via any interface unit, and a single controller chip is used to determine whether the authentication is established, it is possible to suppress a decrease in security in these respects. Since the number of controller chips is one, the storage capacity of the first nonvolatile memory mounted on the IC card module can be increased compared to the case of two, and the usability is also good. When two controller chips are employed, individual information management for security is required for each controller chip.

  As one typical embodiment of the present invention, the controller chip has a power control unit, and the power control unit is a first external power source supplied from the outside via the IC card interface unit or from the outside. An internal power source can be generated based on a second external power source supplied via the memory card interface unit. When the second external power source is supplied, the second external power source is used to generate the internal power source. Is used preferentially. In consideration of the fact that the IC card interface side is exclusively connected always, whereas the memory card interface side is used for selective connection, the second external power supply has priority in generating the internal power supply. By using the first external power supply and avoiding the competition between the first external power supply and the second external power supply, the power supply control can be simplified.

  As another typical embodiment of the present invention, the controller chip has a clock frequency dividing circuit, and the clock frequency dividing circuit is supplied to the IC card interface unit from the outside by the first clock or the IC card module. An internal clock can be generated based on a second clock generated within the power supply, and the power control unit can generate an internal power based on the second external power based on the second clock. An operation mode for generating an internal clock is provided. Even when a memory card interface that does not require an external system clock input is used, the clock synchronization operation of the data processing unit can be guaranteed.

  At this time, it is preferable that the IC card interface unit is operable by using the first external power supply when the second external power supply is used to generate the internal power supply. Even when the data processing unit performs data processing via the memory card interface, it is possible to secure a room for responding to a processing request from the IC card interface unit. For example, it is preferable that the data processing unit can accept an interrupt request supplied from outside via the IC card interface unit.

  As another typical embodiment of the present invention, the memory card interface unit requests an interrupt to the data processing unit when the second external power is supplied from the outside, and the data processing unit is requested to perform the interrupt. Then, a transition to an operation stop state is made based on a predetermined interrupt process, and a power supply control unit is instructed to switch the first power supply. The power supply control unit responds to the first power supply switching instruction, and the first external power supply Is switched from the generation of the internal power supply based on the internal power supply to the generation of the internal power supply based on the second external power supply, and the release of the operation stop state of the data processing unit is instructed. According to the above procedure, when a memory card host is connected to the memory card interface unit in a state where data processing is possible exclusively through the IC card interface unit, switching of the internal state accompanying power switching or the like is normally controlled. It becomes possible to do.

  The memory card interface unit requests an interrupt to the data processing unit when a connection release command is supplied from the outside, and the data processing unit enters an operation stop state based on a predetermined interrupt processing when the interrupt is requested. The power supply control unit is instructed to switch the second power supply, and the power supply control unit is responsive to the second power supply switching instruction to generate the internal power supply based on the second external power supply based on the first external power supply. Switching to the generation of the internal power supply and instructing the release of the operation stop state of the data processing unit, and outputting a response response to the connection release command from the memory card interface unit to the outside. According to the above procedure, when the data can be processed exclusively through the memory card interface unit, when the memory card interface unit is later disconnected from the memory card host, it is possible to normally control the switching of the internal state accompanying the power switching or the like. It becomes possible.

  In addition, when the memory card interface unit detects the forced cutoff of the second external power source, the memory card interface unit instructs the power source control unit to switch the third power source, and the power source control unit responds to the third power source switching command in response to the third power source switching command. (2) The generation is switched from the generation of the internal power supply based on the external power supply to the generation of the internal power supply based on the first external power supply, and the data processing unit is instructed to perform an error process of forced power supply cutoff. According to the above procedure, when the memory card interface unit is forcibly cut off from the memory card host, an error process is scheduled, so that the influence of the forcible cutoff can be minimized.

  The effects obtained by the representative ones of the inventions disclosed in the present application will be briefly described as follows.

  That is, the IC card module can be interfaced with a terminal, a PC, or the like without causing a decrease in security.

It is a block diagram which shows an example of the IC card module which concerns on this invention. It is explanatory drawing which illustrates the connection form of an IC card module. It is explanatory drawing which illustrates the authentication procedure for the telephone call using an IC card module. It is explanatory drawing which illustrates the execution procedure of the application program between a mobile terminal and an IC card module. It is explanatory drawing which illustrates the procedure in which PC authenticates an IC card module as a USB memory. It is explanatory drawing which illustrates the connection terminal of an IC card module. It is explanatory drawing which illustrates the connection terminal and antenna connection terminal of an IC card module. 3 is an explanatory diagram illustrating an operation mode related to an internal power supply and an internal clock in the IC card module 1. FIG. It is a block diagram which illustrates an IC card module provided with an MMC interface part as a memory interface instead of a USB interface part. It is explanatory drawing which illustrates the connection terminal of the IC card module of FIG. It is explanatory drawing which illustrates the operation | movement aspect regarding the internal power supply and internal clock in IC card module 1 of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 IC card module 2 Controller chip 3 Flash memory 4 Processor core 5 IC card interface part 6 USB interface part 7 Flash memory controller part 10 CPU
11 Mask ROM
12 RAM
13 EEPROM
14 coprocessor 15 system controller 16 PC
17 mobile terminal 18 base station CK1 first clock CK2 second clock CKIT1, CKIT2, CKIT3 internal clock CKEX external clock VCEX1 first external power supply VCEX2 second external power supply VCIT internal power supply 20 transmitter 30 MMC interface section

  FIG. 1 shows an example of an IC card module according to the present invention. The IC card module (ICCMDL) 1 includes a controller chip (CNT) 2 that performs data processing, and a rewritable first nonvolatile memory such as a flash memory (FLASH) 3 that is accessed by the controller chip 2. The controller chip 2 is composed of, for example, a single-chip microcomputer for an IC card, and includes a processor core (PCORE) 4, an IC card interface unit (ICCIF) 5 that can interface with the outside, and a USB interface unit (USBIF that can interface with the outside). ) 6, a flash memory controller unit (FMCNT) 7 that can interface with the flash memory 3, a clock generation unit (CLKGEN) 8 having an oscillator 20, and a power supply control unit (PWCNT) 9. In FIG. 1, a thick solid line indicated by a double arrow means a signal line for data and control signals. A solid line indicated by a unidirectional arrow means a power supply line. A broken line indicated by a unidirectional arrow means a clock supply line.

  The processor core 4 includes a central processing unit (CPU) 10, a mask ROM 11 that holds an operation program for the CPU 10, a RAM 12 that is used for a work area of the CPU 10, an electrically rewritable EEPROM 13 that is used for a data memory, an encryption A coprocessor (COPRO) 14 used for encoding / decoding operations, a system controller (SYCNT) 15 for controlling the operation mode of the controller chip 2, and the like are connected to an internal bus (not shown). The IC card interface unit 5, USB interface unit 6, and flash memory controller unit 7 are connected to an internal bus (not shown).

  The IC card interface unit 5 includes, as external connection terminals, a power supply terminal (Vcc), a ground terminal (GND), a reset terminal (RST), a clock terminal (CLK), an input / output terminal (I / O), and a non-standard reserve. Has terminals and the like. The arrangement and function of these external connection terminals conform to ISO / IEC 7816-2 and GSM11.11 standards. FIG. 6 shows an example of external terminals in the IC card interface unit 5. Vcc is a power supply terminal, GND is a circuit ground terminal, RST is a reset terminal, CLK is a clock terminal, and I / O is a data input / output terminal for data and commands.

  The CPU 10 executes a program for realizing a SIM (Subscriber Identity Module) function possessed by the ROM 11 to control a communication protocol for mobile communication, a subscriber authentication process, and the like via the IC card interface unit 5. Details of this SIM function are standardized in GSM 11.14, ETSI TS 101 267 V8.3.0 (2000-08), and the like. Further, when the ROM 11 is compatible with the third generation mobile phone, the ROM 10 can hold a program for realizing the USIM function or a program for realizing the Plug-in UICC function and cause the CPU 10 to execute the program. These programs also have control functions such as a communication protocol and a subscriber authentication process, but support a communication protocol that enables a common IC card module to be used by replacing even a different type of telephone. The details of the function are standardized by, for example, ETSI TS 102 222 V4.4.0 and ETSI TS 32 102 V4.2.0. Note that the microcomputer may be one that has or has not been certified by an ISO / IEC 15408 evaluation / certification organization.

  The USB interface unit 6 has a USB mass storage interface function, and allows the IC card module 1 to be accessed from the PC side connected to the USB interface unit 6. The USB mass storage function conforms to standards such as Universal Serial Bus Specification 1.1, USB Mass Storage Class Specification Overview, USB Mass Storage Class Bilk-Only Transport, and USB Mass Storage Class CBI Transport. FIG. 6 shows an example of an external terminal in the USB interface unit 6. VBUS is a power supply terminal, GND is a circuit ground terminal, and D + and D- are serial input / output terminals for data and commands.

  The flash memory controller 7 controls access to the flash memory 3 as a file storage. For example, when an access target logical address (logical sector address) is designated from the processor core 4, a corresponding physical address is generated, and the flash memory 3 A memory access command according to the specification is issued to the flash memory 3 to control access to the flash memory 3.

《Security function》
A security function provided in the processor core 4 will be described. Here, the security function is to prevent leakage, falsification, and unauthorized use of information held by the IC card module 1. The first of the security functions is the subscriber authentication process in the SIM function or the Plug-in UICC function. The second is authentication processing for enabling the application program held by the IC card module 1 to be executed. The application program may be, for example, a decryption / playback program for copyright data stored in the flash memory 3, or a program that performs credit approval or bank account approval. In executing such an application program, processing using highly confidential data held by the IC card module 1 is allowed. During execution of the application program, communication processing or the like may be performed as necessary. The third is authentication of the IC card module 1 as a USB client. If the IC card module 1 is authenticated as a USB client to the PC 16, the flash memory 3 of the IC card module 1 can be accessed from the PC 16. At this time, highly confidential data or programs on the flash memory 3 are usually encrypted. Therefore, even if the IC card module 1 is used as a USB client of the PC 16, it is not permitted that data and programs on the IC card module 1 can be used directly immediately. Decrypting encrypted data and programs and making them accessible as USB clients are considered at different levels in terms of security. Therefore, in order to decrypt the data read from the IC card module 1 that can be accessed as a USB client on the PC 16, it is premised that another license for permitting the operation is acquired. If the accessed data is environment setting data such as mail setting data, the mail application program can be executed on the PC 16 using the environment setting data.

  For example, the EEPROM 13 holds the password information used for the subscriber authentication, the authentication process for enabling execution of the application program, and the authentication for the USB client. The semiconductor region in which the ROM 11 and the EEPROM 13 are formed is a tamper resistant region. When the surface protective film or the like is separated, the circuit pattern is also destroyed and the stored information is hardly leaked by the disassembly investigation. Yes.

  FIG. 2 illustrates a connection form of the IC card module 1. When the IC card module 1 is connected to the PC 16 via the USB interface cable, the IC card module 1 is recognized by the PC 16 as, for example, a USB memory. At this time, the IC card module 1 is a USB client and the PC 16 is a USB master. When the IC card module 1 is installed in a slot of a mobile terminal 17 such as a mobile phone, mobile communication is enabled via a base station (BASE) 18. Further, the mobile terminal 17 can execute application programs such as reproduction of distribution data online or offline via the IC card module 1.

  FIG. 3 illustrates an authentication procedure for a call using the IC card module 1. First, when a subscriber starts a call, a link is established with the base station 18 via the mobile terminal 17, and an IMSI (subscriber specific number) or TMSI (stored in the EEPROM 13 of the IC card module 1) is established. (Temporary ID) is transmitted to the base station 18 (S1). When the transmitted subscriber's IMSI or TMSI is registered in the base station 18, a 128-bit random number (RAND) is sent to the mobile terminal 17 via the wireless interface, and this value is transferred to the IC card module 1. (S2). When the RAND is transferred to the IC card module 1, a response with a signature (SRES) is output by the A3 algorithm from the value of the RAND and the key (Ki: subscriber password) (S3). The secret response information stored in the EEPROM 13 is used for generating the signed response. The output SRES is sent from the mobile terminal 17 to the base station 18 via the wireless interface in the form of a ciphertext block (S4). The network subsystem linked to the base station 18 derives a card-specific key from the IMSI, performs the same calculation as the IC card module 1 performs, and generates a SRES (S5). The network subsystem authenticates the subscriber by comparing the SRES sent from the mobile terminal 17 in step S4 with the SRES calculated in step S5, and if the authentication is successful, the start of the call is permitted (S6). ). The IC card module 1 calculates a temporary encryption key (Kc: key unique to the mobile terminal) from the RAND value and Ki using the A8 algorithm (S7). This Kc is used for encryption when data moves on the wireless interface. The key Kc obtained in step S7 is sent from the IC card module 1 to the mobile terminal 17. The mobile terminal 17 encrypts and decrypts communication data using the A5 algorithm.

  FIG. 4 illustrates an execution procedure of an application program between the mobile terminal 17 and the IC card module 1. The application program to be executed is a program downloaded from the ROM 11 or the flash memory 3 to the RAM 12 or the EEPROM 13. The execution subject of the program is the CPU 10. First, a reset signal is applied from the mobile terminal 17 to the IC card module 1. In response to this, the IC card module 1 returns an initial response, whereby the mobile terminal 17 selects an application and returns a response to the selection instruction. Accordingly, for example, the mobile terminal 17 supplies the IC card module 1 with an authentication command and authentication data for an authentication operation necessary for executing the application program. The authentication data is stored in the EEPROM 13 as one piece of password information. The IC card module 1 performs authentication using these, and returns an authentication result to the mobile terminal 17. In this example, a result of authentication establishment is returned, and in response to this, the mobile terminal 17 inputs a command or data for executing the application program to the IC card module 1, and based on this, the IC card module 1 has a predetermined value. The application program is executed, a response or data of the execution result is returned to the mobile terminal 17 as necessary, and communication is performed via the base electrode 18 as necessary. If authentication is not established, the mobile terminal 17 cannot execute the application program of the IC card module.

  FIG. 5 illustrates a procedure in which the PC 16 authenticates the IC card module 1 as a USB memory. First, when the IC card module 1 is connected to the PC 16 with a USB interface cable, power is supplied from the PC 16 to the IC card module 1 and an initial response is returned to the PC 16. Thereafter, the PC 16 issues an authentication request command, and the IC card module 1 returns an authentication request acceptance response. As a result, the PC 16 issues a challenge (data) command to the IC card module, and the IC card module 1 performs a signature process and returns a signed response to the PC 16. The password information used for the signature processing is held in the EEPROM 13. The PC 16 performs signature verification processing, that is, authentication processing on the response with the signature, a signature verification end command is given to the IC card module, and a response to the response is returned to the PC 16. In response to the signature verification processing result, a command for enabling the IC card module 1 to operate as a USB memory is given as the signature verification end command. Thereby, the flash memory 3 in the IC card module 1 is made accessible by the PC 16. When the authentication is not established, the recognition of the IC card module 1 from the PC 16 is cancelled.

  According to the IC card module 1, authentication is required for data processing via either the IC card interface unit 5 or the USB interface unit 6, and one controller chip 2 is required to receive the authentication. Therefore, it is possible to suppress a decrease in security in these respects. When two controller chips are used corresponding to the respective interface parts 5 and 6, there is a possibility that each of them may be individually accessed illegally, such as physical disassembly or electrical separation. This is because it is considered desirable to ensure security. Further, since the number of controller chips 2 is one, the storage capacity of the flash memory 3 mounted on the IC card module 1 can be increased as compared with the case of two, and the usability is also good.

  Also, when communicating with other non-contact communication devices with the IC card module installed inside the mobile phone, for example, the non-contact IC card is brought into contact with or close to the card reader / writer. In a system that performs cash settlement, a mobile phone is brought into contact with or in close proximity to a non-contact IC card, and the IC card module in the mobile phone performs communication using a non-contact interface, thereby enabling cash settlement in such a system. Can be done.

  When the non-contact interface is supported, the IC card interface unit 5 includes a high frequency unit (RF) 21 as illustrated in FIG. The high-frequency unit 21 has an antenna terminal connected to an external antenna. When the non-contact interface is selected by the system controller 15 via the internal bus, the high-frequency unit uses the induced electromotive force generated when the antenna crosses a predetermined electromagnetic wave (for example, high-frequency fluctuating magnetic flux or microwave) to operate the power supply. appear. The high-frequency unit generates an internal clock signal and a reset signal based on the induced current generated corresponding to the frequency of the predetermined radio wave, reproduces the data superimposed on the predetermined radio wave, and contacts the antenna without contact. Input / output information.

  As shown in FIG. 7, the IC card module is provided with contact terminals (antenna terminals) LA and LB for connecting an antenna in addition to ISO / IEC7816-2, or an internal antenna (not shown) inside the IC card module. ) Should be installed. The mobile phone is provided with a contact terminal for the IC card module and an antenna for communication with the outside of the mobile phone, and the antenna for communication with the outside of the mobile phone is electromagnetically connected to the communication antenna in the IC card module. Or contact terminals LA and LB for connecting the antenna of the IC card module. With such a configuration, the IC card module can perform non-contact communication with an external device via a mobile phone.

<Internal power supply / internal clock switching function>
An internal power supply and internal clock switching function in the IC card module 1 will be described. The power control unit 9 is supplied from the outside via the first power supply VCEX1 supplied via the power supply terminal Vcc of the IC card interface unit 5 or from the outside via the power supply terminal VBUS of the USB interface unit 6. An internal power supply VCIT can be generated based on the external power supply VCEX2. The first external power supply VCEX1 is supplied by connecting the IC card interface unit 5 to the MBL 17. The second external power supply VCEX2 is supplied by connecting the USB interface unit 6 to the PC 16. When the second external power supply VCEX2 is supplied, the power supply control unit 9 preferentially uses the second external power supply VCEX2 to generate the internal power supply VCIT. In consideration of the fact that the IC card interface unit 5 is always connected to the MBL 17 such as a mobile phone at all times, the USB interface unit 6 is used for selective connection with the PC 16, so that the internal power supply VCIT is generated. The power supply control can be simplified by preferentially using the second external power supply VCEX2 and avoiding the competition between the first external power supply VCEX1 and the second external power supply VCEX2. The internal power supply VCIT is not limited to a single power supply, and the internal power supply supplied to the flash memory 3 may be higher than the internal power supply supplied to the processor core 4.

  The clock generation unit 8 is a clock frequency dividing circuit, and is based on the first clock CK1 supplied from the outside to the clock terminal CLK of the IC card interface unit 5 or the second clock CK2 obtained by the natural frequency of the oscillator 20. The internal clocks CKIT1, CKIT2, and CKIT3 can be generated. In FIG. 1, for convenience, a connection line between the oscillator 20 and the clock generator 8 is illustrated as a second clock CK2. The clock generator 8 generates internal clocks CKIT1, CKIT2, and CKIT3 based on the second clock CK2 in response to the power controller 9 generating the internal power supply VCIT based on the second external power supply VCEX2. To do. The clock synchronization operation of the processor core 4 and the like can be guaranteed even when using a USB interface that does not require external clock input. Hereinafter, CKIT1, CKIT2, and CKIT3 are collectively referred to as CKIT.

  The IC card interface unit 5 is enabled to operate using the first external power supply VCEX1 when the second external power supply VCEX2 is used to generate the internal power supply VCIT. Even when the processor core 4 performs data processing via the USB interface 6, a room for responding to a processing request from the IC card interface unit 5 can be secured. For example, when a predetermined signal is supplied from the MBL 17 to the IC card interface unit 5, the IC card interface unit 5 outputs an interrupt signal to the processor core 4, and the processor core 4 that receives the interrupt signal executes a predetermined interrupt processing routine. Made possible.

  FIG. 8 illustrates an operation mode related to the internal power supply and the internal clock in the IC card module 1. The IC card mode is a state in which the MBL 17 is connected to the IC card interface unit 5 and the PC 16 is not connected to the USB interface unit 6. In the IC card mode, the internal power supply and the internal clock are generated as follows. That is, the USB interface unit 6 stops operating because no operating power is supplied from the outside. The power supply control unit 9 generates an internal power supply VCIT based on the first external power supply VCEX1 supplied from the MBL 17 via the IC card interface unit 5, and supplies it to CLKGEN8, PCORE4, FMCNT7, and FLASH3. The clock generation unit 8 generates internal clocks CKIT1, CKIT2, and CKIT3 based on the first clock CK1 supplied from the MBL 17 via the IC card interface unit 5, and supplies them to the PCORE4, FMCNT7, FLASH3, and USBIF6. The USB mode is a state in which the MBL 17 is connected to the IC card interface unit 5 and the PC 16 is connected to the USB interface unit 6. In short, the USB mode can be switched from the IC card mode. Switching from the USB mode to the IC card mode is also possible.

  A switching control procedure from the IC card mode to the USB mode will be described. When the PC 16 is connected to the USB interface unit 6 and the second power supply VCEX2 is supplied, the USB interface unit 6 requests an interrupt to the processor core 4 in response to the supply of the second external power supply VCEX2. When the interrupt is requested, the processor core 4 executes a predetermined interrupt process, shifts to an operation stop state, and instructs the power control unit 9 to switch the first power. The operation stop state is a stop state of instruction execution obtained by the CPU 10 executing a sleep instruction, for example. In response to the first power supply switching instruction, the power supply controller 9 switches from the generation of the internal power supply VCIT based on the first external power supply VCEX1 to the generation of the internal power supply VCIT based on the second external power supply VCEX2, and the first clock After switching from the generation of the internal clock CKIT based on CK1 to the generation of the internal clock CKIT based on the second clock CK2, an instruction to cancel the operation stop state of the processor core 4 is given by an interrupt or the like. When the PC 16 (USB host) is connected later to the USB interface unit 6 in a state where data processing is possible exclusively through the IC card interface unit 5 according to the above procedure, the internal state associated with the switching of the power source and clock source Can be controlled normally.

  Next, a switching control procedure from the USB mode to the IC card mode will be described. The USB interface unit requests an interrupt to the processor core 4 when a disconnection command is supplied from the PC 16, and the processor core 4 executes a predetermined interrupt process when the interrupt is requested, and stops operation based on the interrupt processing. The state is changed and the power supply control unit 9 is instructed to switch the second power supply. In response to the second power supply switching instruction, the power supply controller 9 switches from the generation of the internal power supply VCIT based on the second external power supply VCEX2 to the generation of the internal power supply VCIT based on the first external power supply VCEX1, and the second After switching from the generation of the internal clock CKIT based on the clock CK2 to the generation of the internal clock CKIT based on the first clock CK1, an instruction to release the operation stop state of the processor core 4 is given, and a response response to the connection release command is sent to the USB Return to the PC 16 from the interface. According to the above procedure, when data processing is possible exclusively through the USB interface unit 6, when the USB interface unit 6 is later disconnected from the PC 6 (USB host), switching of the internal state accompanying switching of the power source or clock source is normal. It becomes possible to control.

  Next, a control procedure when the USB interface unit 6 and the PC 16 are forcibly cut off in the USB mode will be described. When the USB interface unit 6 detects the forced cutoff of the second external power source VCEX2, the USB interface unit 6 instructs the power source control unit 9 to switch the third power source. In response to the third power supply switching instruction, the power supply controller 9 switches from the generation of the internal power supply VCIT based on the second external power supply VCEX2 to the generation of the internal power supply VCIT based on the first external power supply VCEX1 and the second clock. The generation is switched from the generation of the internal clock CKIT based on CK2 to the generation of the internal clock CKIT based on the first clock CK1, and then the processor core 4 is instructed to perform an error process of forced power shutdown. According to the above procedure, when the USB interface unit 6 is forcibly blocked from the USB host (PC) 16, an error process is scheduled, so that it is possible to minimize the influence of the forcible blocking.

《Memory card interface》
The interface with the PC in the IC card module 1 may be a memory interface. FIG. 9 shows an example of an IC card module including an MMC interface unit 30 as a memory interface instead of the USB interface unit. The MMC interface unit (MMCIF) 30 has an external interface function conforming to the interface specification of the MMC card. FIG. 10 shows an example of external terminals in the MMC interface unit 30. Vdd is a power supply terminal, GND is a circuit ground terminal, CMD is a command terminal, CLK2 is a clock terminal, and DAT [0] is a data input / output terminal. A second external power supply VCEX2 is supplied from the PC 16 to the power supply terminal Vdd. An external clock CKEX is supplied from the PC 16 to the clock terminal CLK2. Unlike the USB interface unit 6, the MMCIF 30 receives the external clock CKEX, but the external clock CKEX is only defined as a synchronous clock for input / output with the outside in the MMC interface specification. Therefore, whether or not to use this external clock CKEX as an operation reference clock for data processing for the MMC interface by the processor core 4 is arbitrary. In FIG. 9, the operation mode in which the internal clock CKIT is formed using the oscillator 20 in a state where the MMCIF 30 is connected to the PC 16 as in FIG. 1, and the clock generator 8 generates the internal clock CKIT based on the external clock CKEX. The operation form to be formed can be selected. The selection is made according to the value of control data set from the MBL 17 in a control register (not shown) of the clock generator 8.

  Other configurations are basically the same as those in FIG. That is, the processor core 4 needs to be authenticated when executing a predetermined program in response to a data processing request from either the IC card interface unit 5 or the MMC interface unit 30. In addition, when the second external power supply VCEX2 is supplied, the power supply controller 9 preferentially uses the second external power supply VCEX2 for generating the internal power supply VCIT. The clock generator 8 generates an internal clock CKIT based on the second clock CK2 in response to the power controller 9 generating the internal power VCIT based on the second external power VCEX2. Has a mode. Even when an MMC interface that does not require an external system clock input is used, the clock synchronization operation of the data processing unit can be guaranteed.

  The internal power supply / internal clock switching function is the same as in FIG. That is, the power control unit 9 is supplied from the first external power supply VCEX1 supplied from the outside through the power supply terminal Vcc of the IC card interface unit 5 or from the outside through the power supply terminal Vdd of the MMC interface unit 30. An internal power supply VCIT can be generated based on the second external power supply VCEX2. The first external power supply VCEX1 is supplied by connecting the IC card interface unit 5 to the MBL 17. The second external power supply VCEX2 is supplied by connecting the MMC interface unit 30 to the PC 16. When the second external power supply VCEX2 is supplied, the power supply control unit 9 preferentially uses the second external power supply VCEX2 to generate the internal power supply VCIT. In consideration of the fact that the IC card interface unit 5 is always connected to the MBL 17 such as a mobile phone at all times while the MMC interface unit 30 is used for selective connection with the PC 16, the generation of the internal power supply VCIT is considered. The power supply control can be simplified by preferentially using the second external power supply VCEX2 and avoiding the competition between the first external power supply VCEX1 and the second external power supply VCEX2.

  The clock generation unit 8 is a clock frequency dividing circuit, and is based on the first clock CK1 supplied from the outside to the clock terminal CLK of the IC card interface unit 5 or the second clock CK2 obtained by the natural frequency of the oscillator 20. The internal clocks CKIT1, CKIT2, and CKIT3 can be generated. Depending on the setting of the control register (not shown) of the clock generator 8, the first clock CK1 supplied to the clock terminal CLK of the IC card interface 5 or the external clock supplied to the clock terminal CLK2 of the MMC interface 30 An operation mode for generating the internal clocks CKIT1, CKIT2, and CKIT3 based on CKEX can also be selected. In the following description, the case where the former clock mode is selected will be mainly described. The IC card interface unit 5 is enabled to operate using the first external power supply VCEX1 when the second external power supply VCEX2 is used to generate the internal power supply VCIT. Even when the processor core 4 performs data processing via the MMC interface 30, a room for responding to a processing request from the IC card interface unit 5 can be secured.

  FIG. 11 illustrates an operation mode related to the internal power supply and the internal clock in the IC card module 1 of FIG. The IC card mode is a state in which the MBL 17 is connected to the IC card interface unit 5 and the PC 16 is not connected to the MMC interface unit 30. In the IC card mode, the generation of the internal power supply and the internal clock is the same as in FIG. The MMC mode is a state where the MBL 17 is connected to the IC card interface unit 5 and the PC 16 is connected to the MMC interface unit 30. In short, the MMC mode can be switched from the IC card mode. Switching from the MC mode to the IC card mode is also possible.

  A procedure for switching from the IC card mode to the MMC mode will be described. When the PC 16 is connected to the MMC interface unit 6 and the second power supply VCEX2 is supplied, the MMC interface unit 30 requests an interrupt from the processor core 4, and the processor core 4 performs predetermined interrupt processing when the interrupt is requested. The power supply control unit 8 is instructed to switch to the first power supply while making a transition to the operation stop state based on the above. In response to the first power supply switching instruction, the power supply control unit 8 switches from the generation of the internal power supply VCIT based on the first external power supply VCEX1 to the generation of the internal power supply VCIT based on the second external power supply VCEX2, and the processor core 4 To cancel the operation stop state. When the PC 16 as a memory card host is connected to the MMC interface unit 30 in a state where data can be processed exclusively through the IC card interface unit 5 by the above procedure, the internal state is switched due to power switching or the like. Can be controlled normally.

  Next, the switching control procedure from the MMC mode to the IC card mode will be described. The MMC interface unit 30 requests an interrupt to the data processing unit when a connection release command is supplied from the outside, and the data processing unit transitions to an operation stop state based on a predetermined interrupt processing when the interrupt is requested. In addition, the power supply control unit is instructed to switch the second power supply, and the power supply control unit responds to the second power supply switching instruction to generate an internal power supply based on the first external power supply from generation of the internal power supply based on the second external power supply. And a command to release the operation stop state of the data processing unit, and a response response to the connection release command is output from the memory card interface unit to the outside. According to the above procedure, when the data can be processed exclusively through the memory card interface unit, when the memory card interface unit is later disconnected from the memory card host, it is possible to normally control the switching of the internal state accompanying the power switching or the like. It becomes possible.

  Next, a control procedure when the MMC interface unit 30 and the PC 16 are forcibly cut off in the MMC mode will be described. When the MMC interface unit 30 detects the forced cutoff of the second external power source, the MMC interface unit 30 instructs the power source control unit to switch the third power source, and the power source control unit responds to the third power source switching command in response to the second external power source. Is switched from the generation of the internal power supply based on the internal power supply to the generation of the internal power supply based on the first external power supply, and the data processing unit is instructed to perform an error process of forced power shutdown. According to the above procedure, when the memory card interface unit is forcibly cut off from the memory card host, an error process is scheduled, so that the influence of the forcible cutoff can be minimized.

  Although the invention made by the present inventor has been specifically described based on the embodiments, it is needless to say that the present invention is not limited thereto and can be variously modified without departing from the gist thereof.

  For example, the circuit modules constituting the controller chip can be changed as appropriate limited to those described with reference to FIG. The connection with the USB interface unit is not limited to a PC. The connection with the IC card interface unit is not limited to a mobile terminal represented by a mobile phone. In the case of a non-contact interface, it may be a railway ticket gate, a highway toll gate, or the like. In the case of a contact interface, another terminal device may be used. The memory card interface unit is not limited to the MMC interface unit, and may conform to a memory card interface of another standard.

  The present invention is suitable for an IC card module conforming to a standard such as plug-in UICC or USIM.

Claims (28)

A controller chip for performing data processing, and a rewritable first nonvolatile memory accessed by the controller chip;
The controller chip has an IC card interface unit that can interface with the outside, a USB interface unit that can interface with the outside, a data processing unit, and a storage area for password information,
The data processing unit requires authentication to be established when predetermined data processing is performed in response to a data processing request from either the IC card interface unit or the USB interface unit. An IC card module that uses password information in a storage area.   2. The IC card module according to claim 1, wherein an interface function by the IC card interface unit conforms to a plug-in UICC interface standard.   2. The IC card module according to claim 1, wherein an interface function by the IC card interface unit conforms to a SIM interface standard.   2. The IC card module according to claim 1, wherein an interface function by the USB interface unit conforms to a USB mass storage interface standard.   5. The IC card according to claim 2, wherein the controller chip has a second nonvolatile memory, and the first nonvolatile memory has a larger storage capacity than the second nonvolatile memory. 6. module.   6. The IC card module according to claim 5, wherein the controller chip randomly accesses the second non-volatile memory in units of addresses and performs file access of the first non-volatile memory in units of sectors.   7. The IC card module according to claim 6, wherein the first nonvolatile memory is a flash memory.   8. The IC card module according to claim 7, wherein the controller chip is a single-chip IC card microcomputer. A controller chip capable of executing a program and having a security function for the execution of the program; and a rewritable nonvolatile memory accessed by the controller chip,
The controller chip has an IC card interface unit, a USB interface unit and a data processing unit,
An IC card module that requires authentication to be established when the data processing unit executes a predetermined program in response to a data processing request from either the IC card interface unit or the USB interface unit.   The IC card module according to claim 9, wherein the controller chip has a password information storage area, and the password information of the storage area is used to determine whether the authentication is established.   11. The IC card module according to claim 10, wherein the controller chip has a storage information encryption / decryption function as one of the security functions.   12. The IC card module according to claim 11, wherein the IC card interface unit has one or both of a contact interface and a non-contact interface. The controller chip has a power control unit,
The power control unit can generate an internal power source based on a first external power source supplied from the outside via the IC card interface unit or a second external power source supplied from the outside via the USB interface unit. 10. The IC card module according to claim 9, wherein when the second external power source is supplied, the second external power source is preferentially used for generating the internal power source. The controller chip has a clock divider circuit;
The clock divider circuit can generate an internal clock based on a first clock supplied from the outside to the IC card interface unit or a second clock generated in the IC card module, and the power control unit 14. The IC card module according to claim 13, wherein an internal clock is generated based on the second clock in response to generating an internal power supply based on the second external power supply.   15. The IC card module according to claim 14, wherein the IC card interface unit is enabled to operate using the first external power supply when the second external power supply is used to generate the internal power supply.   15. The IC card module according to claim 14, wherein the data processing unit can accept an interrupt request supplied from outside via the IC card interface unit. The USB interface unit requests an interrupt to the data processing unit when the second external power is supplied from the outside,
When the interrupt is requested, the data processing unit transitions to an operation stop state based on a predetermined interrupt process and instructs the power control unit to switch the first power source,
In response to the first power supply switching instruction, the power supply control unit switches from the generation of the internal power supply based on the first external power supply to the generation of the internal power supply based on the second external power supply, and cancels the operation stop state of the data processing unit. 15. The IC card module according to claim 14, wherein The USB interface unit requests an interrupt to the data processing unit when a connection release command is supplied from the outside,
When the interrupt is requested, the data processing unit shifts to an operation stop state based on a predetermined interrupt process and instructs the power control unit to switch the second power,
In response to the second power supply switching instruction, the power supply control unit switches from generation of the internal power supply based on the second external power supply to generation of the internal power supply based on the first external power supply, and cancels the operation stop state of the data processing unit The IC card module according to claim 17, wherein a response response to the connection release command is output from the USB interface unit to the outside. When the USB interface unit detects the forced shutdown of the second external power supply, it instructs the power supply control unit to switch the third power supply,
In response to the third power supply switching instruction, the power supply control unit switches from the generation of the internal power supply based on the second external power supply to the generation of the internal power supply based on the first external power supply, and an error of forced power cut-off in the data processing unit 19. The IC card module according to claim 18, which instructs processing. A controller chip capable of executing a program and having a security function for the execution of the program; and a rewritable nonvolatile memory accessed by the controller chip,
The controller chip has an IC card interface unit, a memory card interface unit and a data processing unit,
An IC card module that requires authentication to be established when the data processing unit executes a predetermined program in response to a data processing request from either the IC card interface unit or the memory interface unit.   21. The IC card module according to claim 20, wherein the controller chip has a password information storage area, and the password information of the storage area is used to determine whether the authentication is established. The controller chip has a power control unit,
The power control unit can generate an internal power source based on a first external power source supplied from outside via the IC card interface unit or a second external power source supplied externally via the memory card interface unit. 21. The IC card module according to claim 20, wherein when the second external power supply is supplied, the second external power supply is preferentially used for generating the internal power supply. The controller chip has a clock divider circuit;
The clock divider circuit can generate an internal clock based on a first clock supplied from the outside to the IC card interface unit or a second clock generated in the IC card module, and the power control unit 23. The IC card module according to claim 22, further comprising an operation mode of generating an internal clock based on the second clock in response to generating an internal power supply based on a second external power supply.   24. The IC card module according to claim 23, wherein the IC card interface unit is enabled to operate using the first external power supply when the second external power supply is used to generate the internal power supply.   25. The IC card module according to claim 24, wherein the data processing unit is capable of accepting an interrupt request supplied from outside via the IC card interface unit. The memory card interface unit requests an interrupt to the data processing unit when the second external power is supplied from the outside,
When the interrupt is requested, the data processing unit transitions to an operation stop state based on a predetermined interrupt process and instructs the power control unit to switch the first power source,
In response to the first power supply switching instruction, the power supply control unit switches from the generation of the internal power supply based on the first external power supply to the generation of the internal power supply based on the second external power supply, and the operation stop state of the data processing unit 24. The IC card module according to claim 23, which instructs release. The memory card interface unit requests an interrupt to the data processing unit when a connection release command is supplied from the outside,
When the interrupt is requested, the data processing unit shifts to an operation stop state based on a predetermined interrupt process and instructs the power control unit to switch the second power,
In response to the second power supply switching instruction, the power supply control unit switches from generation of the internal power supply based on the second external power supply to generation of the internal power supply based on the first external power supply, and cancels the operation stop state of the data processing unit 27. The IC card module according to claim 26, wherein a response response to the connection release command is output from the memory card interface unit to the outside. When the memory card interface unit detects the forced cutoff of the second external power supply, it instructs the power supply control unit to switch the third power supply,
In response to the third power supply switching instruction, the power supply control unit switches from the generation of the internal power supply based on the second external power supply to the generation of the internal power supply based on the first external power supply, and an error of forced power cut-off in the data processing unit 28. The IC card module according to claim 27, which instructs processing.

Images