KR20070022737A - Information management device and information management method - Google Patents

Abstract

Make effective use of the memory space in the IC card. After dividing the memory space in the IC card, the procedure for releasing the divided memory area, the procedure for changing the size of the divided memory area, and the procedure for changing the identification number assigned to the divided memory area are set. Only unnecessary memory areas can be deleted without affecting the memory area being used. In addition, the memory size can be changed during operation without necessarily confirming in advance. In addition, since the identification number is adjustable after the dividing operation, the formats can be matched even if the issuing operation procedures are different.

Card reader / writer, IC card, Issuer communication device, Operator communication device, Manufacturer communication device, Storage area division registration device, Operation file registration device, Card issuer, Card storage area operator, Device manufacturer, Card storage area user

Description

Information management device and information management method {INFORMATION MANAGEMENT DEVICE AND INFORMATION MANAGEMENT METHOD}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information management apparatus and an information management method for managing access to information stored in a relatively large memory area. In particular, the electronic value information is stored on the memory area to exchange secure information including electronic payment. An information management apparatus and an information management method are provided.

More specifically, the present invention relates to an information management apparatus and an information management method for allocating various files on a memory area to manage information for service operation, and in particular, to release a memory area once allocated to service operation. The present invention relates to an information management apparatus and an information management method for changing the size.

Non-contact and proximity communication systems typified by IC cards have become widespread because of their operational simplicity. The general usage of the IC card is performed by the user inserting the IC card into a card reader / writer. On the card reader / writer side, the IC card is always polled, and the communication operation between the two is started by finding an external IC card. For example, by storing the authentication code, other personal authentication information, and value information such as an electronic ticket on the IC card, the authentication process for the rider and the rider can be performed at the cash dispenser, the entrance of the concert venue, the ticket gate of the station, and the like. Can be.

In recent years, with the improvement of the miniaturization technique, IC cards having a relatively large memory have emerged. For example, by storing a plurality of applications such as an electronic money for making electronic payments or an electronic ticket for entering a specific concert venue, the IC card can be used for various purposes. The electronic money and the electronic ticket referred to here refer to a structure in which payment (electronic payment) is made through electronic data issued in accordance with funds provided by the user, or such electronic data itself.

In addition to the wireless / contactless interface, IC cards and card readers / writers (card writing and reading devices) have a wired interface for connecting to external devices, and include mobile phones, PDAs (Personal Digital Assistance) and CE (Consumer). By incorporating and using in each device, such as an electronic device, a personal computer, these devices can be equipped with the function of either or both of an IC card and a card reader / writer. In such a case, IC card technology can be used as a general purpose bidirectional proximity communication interface.

For example, in the case where the proximity communication system is constituted by devices such as computers and information home appliances, contactless communication using an IC card is performed one to one. It is also possible for any device to communicate with a counterpart device other than a device such as a contactless IC card. In this case, an application that performs one-to-many communication between one device and a plurality of cards is also conceivable.

In addition, various applications using the IC card, such as electronic payment and the exchange of electronic value information with the outside, can be executed on the information processing terminal. For example, the user interaction with the IC card can be performed on the information processing terminal using a user interface such as a keyboard or a display on the information processing terminal. In addition, since the IC card is connected to the cellular phone, the contents stored in the IC card can be exchanged via the telephone network. In addition, the IC card can be used for paying the price of Internet access from a cellular phone.

In this way, a file system for any service provider is allocated to the internal memory of the IC card, and information for service operation by the service provider in the file system (for example, user identification / authentication information or the rest). By managing the value information, usage history (log), etc.), a useful service based on contactless and proximity communication, which is replaced by a conventional prepaid card or a service card for each store, can be realized.

Conventionally, an IC card is issued individually for each service provider, and provided for use by a user. For this reason, the user had to carry and carry an IC card for every service to be used. On the other hand, according to the IC card having a relatively large memory space, it is possible to ensure a sufficient capacity for recording information on a plurality of services in the internal memory of a single IC card (for example, Non-Patent Document 1). See).

In the initial state, the memory area in the IC card is managed by the IC card issuer. Service provider operators other than the IC card issuer divide the new file system from the memory area and assign each file system to an application for service operation. The division of the file system is the issuance of the virtual IC card. By repeating the division operation, the memory area in the IC card has a structure in which a plurality of file systems coexist, and it is possible to provide multi-applications, that is, various types of applications, with one IC card.

Although the IC card is originally under the management of the IC card issuer, a plurality of services can be operated by one IC card by dividing the memory space in the IC card and allocating services for each divided memory area. Memory division of an IC card corresponds to issuance of a virtual IC card.

Here, with regard to the memory division in the IC card, the size of the divided memory area is determined at the time of division, and there is a limitation such that the memory area once divided cannot be deleted.

For this reason, even when the divided memory area becomes unnecessary for some reason, there is no procedure to release the memory area and return it to the original IC card issuer. For this reason, there is a problem in that unnecessary memory areas cannot be reallocated to other services, and the finite resources become useless.

Alternatively, even if it is necessary to change (enlarge or reduce) the size of the divided memory area for some reason, there is no procedure for changing the size set during the dividing operation. For this reason, even if the area allocated at the time of registration is insufficient during service operation, the memory area cannot be expanded. On the contrary, in the case where the memory area is secured with a spare at the time of dividing, it is not possible to reduce the allocated memory area by freeing unnecessary or size later.

[Non-Patent Document 1] `` Line-less IC Tag-Sample Coded Production '' (pages 106 to 107, RFID Technology Editor, Nikkei BP, issued April 20, 2004)

<Start of invention>

Problems to be Solved by the Invention

The main object of the present invention is to provide an excellent information management apparatus and an information management method capable of appropriately managing information for service operation by allocating various files on a memory area.

It is still another object of the present invention to provide an excellent information management apparatus and information management method capable of effectively utilizing a finite resource by releasing or changing the size of a memory area once allocated for service operation.

Means for solving the problem

This invention is made | formed in view of the said subject, The 1st side is an information management apparatus which has a memory space and divides and manages into one or more memory area | region, The said memory space is the 1st memory which a division source has; And a second memory area divided from the partition source and assigned to another operator, wherein the partition releases the partition of the second memory region according to a request from the operator and returns it to the first memory region. It is an information management apparatus provided with a release means.

Access to each memory area can be controlled based on the operator's key.

The de-partitioning means receives a departition request in the form of a departition package in which a data block containing information identifying a second memory area to be departed is encrypted with a key of the partition source. Then, the partitioning package is decrypted with the partitioning source key, and partitioning of the second memory area indicated by the data block is released.

A second aspect of the present invention is an information management apparatus including a memory space and divided into one or more memory areas, wherein the memory space is divided from a first memory area of a partition source and the partition source. And at least one second memory area allocated to another operator, and comprising partition area size changing means for enlarging or reducing the size of the second memory area after division in accordance with a request from the operator. It is a management device.

The partition area size changing means comprises: a data block including information for identifying a second memory area to be resized, information indicating whether an area is enlarged or reduced, and information about a size to be changed; Receives a split size change request in the form of a split size change package encrypted with a key. Then, the division size change package is decoded with the division source key, and the size of the second memory area indicated by the data block is changed by the designated size.

When the size of the second memory area is enlarged, an unused area of the first memory area corresponding to the size to be changed is allocated to the second memory area. When the size of the second memory area is reduced, the unused area of the second memory area corresponding to the size to be changed is returned to the first memory area.

A third aspect of the present invention is an information management apparatus including a memory space and divided into one or more memory areas, wherein the memory space is divided from a first memory area of a partition source and the partition source. And one or more second memory areas allocated to other operators, each time division is performed, identification information is assigned to each of the second memory areas, and identification information of the second memory areas is requested according to a request from the operator. An information management apparatus comprising: identification information changing means for changing.

The identification information changing means is an identification information changing package in the form of an identification information changing package obtained by encrypting a data block including identification information of the second memory area to be changed and identification information to be changed with a key of the division source. Receive the request. Then, the identification information change package is decoded with the division source key, and the identification information of the second memory area indicated by the data block is changed to the specified identification information.

The identification information changing means causes, for example, to change the identification information of the second memory area owned by any operator to the identification information lost by the division of the second memory area of another operator.

The information management apparatus referred to here includes a non-contact IC card incorporating an IC chip having a wireless communication unit and a data transmission / reception function and a data processing unit, a contact IC card having terminals on its surface, and an IC having functions similar to those of a contact / non-contact IC card. It is a device incorporating a chip into an information communication terminal device such as a cellular phone, a personal handyphone system (PHS), a PDA, and the like. In the following description, these may be collectively referred to simply as "IC card".

This information management device has a memory area including a data storage memory such as an EEPROM and a data processing unit, and has a data communication function. In the case of a mobile phone or the like, an external storage medium such as an IC card in which the IC chip is incorporated may be detachably configured. The IC chip may also include a subscriber identity module (SIM) function that records contractor information issued by a cellular phone company. The information management device may perform data communication via an information communication network such as the Internet, or may directly perform data communication with an external terminal device by wire or wirelessly.

The present invention relates to the provision of a service requiring security including the exchange of value information using the temper resistance and the authentication function of an IC card. Generally, the memory in the IC card is divided into a plurality of areas, and access control is performed by setting different encryption keys for each area. The area referred to here corresponds to a file system obtained by dividing a memory space, a directory in the file system, or an individual file. Dividing the memory space of the IC card into a plurality of file systems is a virtual IC card issuance.

The division of the memory space in the IC card is basically performed by the authority of the issuer of the IC card. The memory area once divided is allocated to the service providers serving as individual service providers, and is under the management of the service provider. Here, the size of the divided memory area is determined at the time of division, and there is a limitation such that the memory area once divided cannot be deleted. For this reason, there is a problem that even if the divided memory area becomes unnecessary, there is no procedure for releasing it, it cannot be reallocated to another service, and the effective resource becomes useless. In addition, even if the size of the memory area obtained by dividing once is insufficient or, conversely, there is no procedure for expanding or reducing the size once secured.

Therefore, in the information management apparatus according to the present invention, once the memory space in the IC card is divided, the procedure for releasing the divided memory area, the procedure for changing the size of the divided memory area, and the allocated memory area are allocated. Procedures for changing the identification number were set.

When logically dividing and operating a memory device, it is also considered that a specific memory area is unnecessary at any time. For example, when a service for a user is already registered in a memory device, and when a user holds various personal information by using the memory device already, there is conventionally only a method of initializing the memory device. Inconvenient in operation In contrast, according to the present invention, since only a specific memory area can be freed individually after the division operation, only an unnecessary memory area can be deleted without affecting the memory area in use.

In addition, in the case of logically dividing the memory device into plural, the individual area size cannot be determined at the time of dividing operation. Since the area size cannot be changed after the dividing operation conventionally, it is necessary to avoid insufficient memory by having a sufficient margin for the size of each area. For this reason, the finite memory area cannot be used effectively. On the other hand, according to the present invention, since the individual area size can be changed after the dividing operation, it can be changed during operation without necessarily determining the memory size in advance.

In addition, when logically dividing a memory device into a plurality, it cannot be said that the division operation sequence can be unified each time. When the dividing operation differs from the originally assumed procedure, since the arbitrary memory area and the identification number corresponding to it differ from the original, the format is different. In contrast, according to the present invention, since the identification number can be adjusted after the dividing operation, the formats can be matched even if the issuing operation procedures are different.

Effect of the Invention

According to the present invention, it is possible to provide an excellent information management apparatus and information management method capable of appropriately managing information for service operation by allocating various files on a memory area.

Further, according to the present invention, it is possible to provide an excellent information management apparatus and an information management method capable of effectively utilizing a finite resource by releasing or changing the size of a memory area once allocated for service operation.

Further objects, features and advantages of the present invention will become apparent from the following detailed description based on the embodiments of the present invention and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS The figure which shows typically the structure of the contactless IC card communication system to which this invention is applicable.

Fig. 2 is a diagram schematically showing the overall configuration of a service providing system for operating electronic money, electronic tickets, and other value information realized by using an IC card.

Fig. 3 shows a state of a memory area in which the original card issuer manages only his file system.

4 is a diagram showing that a card issuer can be allowed to lend (or transfer) an arbitrary range of memory to an area manager among the free areas of its file system.

Fig. 5 is a diagram showing a state in which another service provider operator divides a memory area in an area authorized by a card issuer to create a new file system.

Fig. 6 is a diagram showing a state in which the common area manager divides the memory into the system code SC0 of the common area in the area permitted by the card issuer.

Fig. 7 shows a structure in which a plurality of file systems coexist in a memory area of an IC card.

8 is a diagram schematically showing a functional configuration of firmware in an IC card.

9 is a diagram for explaining a procedure of dividing a memory area.

10 is a diagram for explaining a procedure of dividing a memory area.

11 is a diagram for explaining a procedure of dividing a memory area.

12 is a diagram for explaining a procedure of releasing a memory region once divided.

FIG. 13 is a diagram for explaining a procedure of releasing a memory region once divided. FIG.

14 is a diagram for explaining a procedure for changing the size of a memory region once divided.

15 is a diagram for explaining a procedure for changing the size of a memory region once divided.

Fig. 16 is a diagram for explaining a procedure of changing an identification number assigned to a memory area once divided.

Fig. 17 is a view for explaining a procedure for changing an identification number assigned to a memory area once divided.

18 is a diagram for explaining preprocessing when dividing a file system.

Fig. 19 is a sequence diagram showing a procedure in which a card issuer polls an IC card.

Fig. 20 is a view for explaining a procedure in which a card issuer makes a division request for an IC card.

Fig. 21 shows how a memory area on the IC card is divided so that a new file system is created.

Fig. 22 is a diagram showing a reset procedure of the issuer key KI _i and the system code SC _{i performed} after a new service provider acquires its file system on the memory area of the IC card.

Fig. 23 is a diagram for explaining preprocessing when deleting a file system obtained by dividing.

Fig. 24 is a diagram showing a procedure in which a card issuer makes a division release request for an IC card.

Fig. 25 is a diagram showing a state where a memory area obtained by dividing on an IC card is released and returned to the file system of the IC card issuer.

Fig. 26 is a diagram for explaining preprocessing when changing the size of a file system obtained by dividing.

Fig. 27 is a diagram showing a procedure in which a card issuer makes a division size change request for an IC card.

Fig. 28 is a diagram showing how the size of the memory area obtained by dividing on the IC card is changed.

29 is a diagram schematically showing a hardware configuration of an IC card according to one embodiment of the present invention.

<Description of the symbols for the main parts of the drawings>

1: card reader / writer

2: IC card

3: controller

111: Publisher device

112: communication device for the operator

113: manufacturer's communication device

114: storage area partition registration device

115: operation file registration device

116: IC card

117: network

121: card issuer

122: card storage area operator

123: device manufacturer

124: card storage area user

1001: antenna unit

1002: analogue

1003: digital control unit

1004: memory

1005: external interface

1006: carrier detector

1100: mobile terminal

1110: program control unit

1120: display unit

1130: user input unit

1140: power control unit

<Best mode for carrying out the invention>

EMBODIMENT OF THE INVENTION Hereinafter, embodiment of this invention is injured, referring drawings.

A. IC  Contactless data communication system by card

Fig. 1 schematically shows the configuration of a contactless IC card communication system to which the present invention can be applied.

This non-contact card system includes a card reader / writer 1, an IC card 2, and a controller 3, and uses electromagnetic waves between the card reader / writer 1 and the IC card 2 by using electromagnetic waves. Non-contact, data transmission and reception are performed. That is, the card reader / writer 1 transmits a predetermined command to the IC card 2, and the IC card 2 performs a process corresponding to the received command. The IC card 2 then transmits response data corresponding to the processing result to the card reader / writer 1.

The card reader / writer 1 is connected to the controller 3 via a predetermined interface (for example, the one conforming to the standard of RS-485A or the like). The controller 3 causes the predetermined processing to be performed by supplying a control signal to the card reader / writer 1.

In addition, the IC card 2 may be provided with a wired interface such as USRT or I ² C in addition to the illustrated non-contact IC card interface.

B. IC  Card operation

Fig. 2 schematically shows the overall configuration of a service providing system for operating electronic money, electronic tickets, and other value information realized by using an IC card.

The illustrated system 100 includes, for example, an issuer communication device 111 used by the IC card issuer 121, an operator communication device 112 used by the card storage area operator 122, and an apparatus. A manufacturer communication device 113 used by the manufacturer 123, a storage area divider 114, and an operation file registration device 115 used by the card storage area user 124 are constituted.

In the case where the IC card issuer 121 issues the IC card 116 to the card holder 126, the IC stores file data relating to a service provided by the card storage area user 124 based on a predetermined condition. The card 116 is registered. Thereby, the card holder 126 can receive the service of both the IC card issuer 121 and the card storage area user 124 using the IC card 116 of a group.

As shown in FIG. 2, in the system 100, the issuer communication device 111, the operator communication device 112, the manufacturer communication device 113, the storage area dividing device 114, and the operating file registration device. 115 is connected via the network 117.

The IC card issuer 121 is a person who issues the IC card 116 and provides its own service using the IC card 116.

The card storage area operator 122 receives a request from the IC card issuer 121 and, among the memory areas configured in the storage unit (semiconductor memory) in the IC card 116 issued to the IC card issuer 121, A person who performs a service of lending a storage area not used by the IC card issuer 121 to the card storage area user 124.

The device manufacturer 123 receives a request from the card storage area operator 122, manufactures the storage area dividing device 114, and delivers it to the card storage area user 124.

The card storage area user 124 makes a request to the card storage area operator 122 and provides a service of its own using the storage area of the IC card 116. The card storage area user 124 divides the memory area into new files. It corresponds to a service provider company (described above) that creates a system, and provides its own service using its own file system.

The card holder 126 is a person who receives the issuance of the IC card 116 from the IC card issuer 121 and receives a service provided by the IC card issuer 121. When the cardholder 126 wishes to receive a service provided by the card storage area user 124 after issuing the IC card 116, the storage area partitioning device 114 and the operating file registration device 115 By using the above, file data relating to the service of the card storage area user 124 can be stored in the IC card 116, and then the service of the card storage area user 124 can be received.

When the system 100 provides the service of the IC card issuer 121 and the service of the card storage area user 124 using the IC card 116 of a group, the IC card issuer 121 and the card storage area are provided. The storage area in which the file data related to the service of the user 124 is stored has a configuration that makes it difficult to illegally write, rewrite, or the like, by a non-authorized person.

In addition, although FIG. 2 illustrated the case where there exists a single IC card issuer 121, the card storage area user 124, and the card holder 126, respectively, two or more may be sufficient.

The IC card 116 may be a card-type data communication device as desired, and may be embodied as a cellular phone (or other portable terminal or CE device) incorporating a so-called semiconductor chip on which an IC card function is mounted. .

29 schematically shows a hardware configuration of the IC card unit according to the embodiment of the present invention. As shown in FIG. 29, the IC card portion is composed of an analog portion 1002 connected to the antenna portion 1001, a digital control portion 1003, a memory 1004, and an external interface 1005. It is embedded in the terminal 1100. The IC card portion may be constituted by a single-chip semiconductor integrated circuit, or may be constituted by a two-chip semiconductor integrated circuit by separating the RF analog front end and the logic circuit portion.

The antenna unit 1001 transmits and receives noncontact data with a card writing and reading device (not shown). The analog unit 1002 processes analog signals transmitted and received from the antenna unit 1001, such as detection, modulation and demodulation, and clock extraction. These constitute a contactless interface between the IC card unit and the card writing and reading device.

The digital control unit 1003 collectively controls the processing of transmission / reception data and other operations in the IC card. The digital control unit 1003 connects the addressable memory 1004 locally. The memory 1004 is constituted by a nonvolatile memory device such as an electrically erasable programmable read only memory (EEPROM), and stores user data such as electronic money or an electronic ticket, or writes program code executed by the digital control unit 1003. It can be used to save running data. As later injured, the memory area in the memory 1004 can be divided into file systems for each service provider. According to a request from the operator, the digital controller 1003 divides the first memory area of the divided source into a plurality of second memory areas and allocates the same to other operators, or releases the division of the second memory area so as to release the first memory. The process of returning to the area, dividing or dividing the size of the second memory area, or changing the identification information allocated to the second memory area is performed.

The external interface 1005 is a function module for the digital control unit 1003 to connect with a device such as the mobile terminal 1100 by a non-contact interface connected to a card writing and reading device (not shown) by a different interface protocol. . Data written in the memory 1004 can be transmitted to the mobile terminal 1100 via the external interface 1005.

Here, when communicating with the card writing and reading device, the received data from the card writing and reading device is converted as it is, or converted into an appropriate conversion rule, or converted into another packet structure to be carried through the external interface 1005. Transmit to terminal 1100. On the contrary, the data received from the mobile terminal 1100 through the external interface is converted as it is, or converted into an appropriate conversion rule, or converted into another packet structure, and transmitted to the card reading and writing device through the contactless interface.

In the present embodiment, the IC card unit is assumed to be incorporated in the portable terminal 1100 and used. The external interface 1005 uses a wired interface such as a universal asynchronous receiver transmitter (UART). However, the interface specification of the external interface 1005 is not particularly limited, and may be a wired interface or a wireless interface such as Bluetooth communication or IEEE.802.11.

The IC card unit can be driven by energy obtained from, for example, a received signal from a card writing and reading device received via the antenna unit 1001. Of course, you may be comprised so that one part or all may operate by the supply power from the portable terminal 1100 side.

The portable terminal 1100 corresponds to an information processing terminal such as a mobile phone, a PDA, a personal computer (PC), or the like. The portable terminal 1100 includes a program control unit 1101, a display unit 1102, and a user input unit 1103.

The program control unit 1101 is composed of, for example, a microprocessor, a RAM, and a ROM (anything is not shown in FIG. 29), and the microprocessor uses the RAM for a work area in accordance with program codes stored in the ROM. To execute various processing services. The processing service includes processing for the IC card unit in addition to the functions inherent to the portable terminal 1100 such as a cellular phone. Of course, the program control unit 1101 may be provided with an external storage device such as a hard disk or other peripheral device.

The program control unit 1101 can access the IC card unit via the external interface 1005.

The display part 1102 is comprised with a liquid crystal display display, for example, and can output a screen etc. of the processing result in the program control part 1101, and can notify a user.

The user input unit 1103 is composed of a keyboard, a jog dial, a touch panel superimposed on a display screen of the display unit 1102, and is used for a user to input a command or data to the portable terminal 1100.

The program control unit 1101 in the mobile terminal 1100 is driven by power supply from a main power source (not shown) such as a battery.

When the user of the portable terminal 1100 with the IC card is inserted into the predetermined card writing and reading device, the wireless communication between the IC card and the card writing and reading device is started, and the antenna unit serves as a wireless interface. Through the 1001 and the analog unit 1002, data exchange is performed between the digital unit 1003 and the card writing and reading apparatus.

C. File System

By utilizing the temper resistance and the authentication function of the IC card, it is possible to provide a service requiring security including the exchange of value information. Furthermore, in the present embodiment, a file system for each service provider provider is allocated on a single memory area so that a single IC card is shared by a plurality of providers and a plurality of services are provided by a single IC card. It was.

In the initial state, the memory area in the IC card is managed by the IC card issuer. When a service provider other than the IC card issuer divides a new file system from the memory area, both the division authority of the memory area and the authentication for the IC card issuer are required.

Once the memory area is divided, access to the file system requires authentication to the service provider of the file system itself, not the IC card issuer. Thus, the boundary between file systems can serve as a firewall, and can appropriately exclude unauthorized access from other file systems. In addition, for the user, it is possible to ensure the ease of use as if it were an IC card issued by the company itself at the time of using each service. By repeating the division operation, the memory area in the IC card has a structure in which a plurality of file systems coexist. The division of the file system is the issuance of the virtual IC card.

Here, the operation mode of the memory area in the IC card will be described with reference to FIGS. 3 to 6.

3 shows a state of the memory area in which the original card issuer manages only his file system. The system code SC1 of the original card issuer is assigned by the system code management mechanism. When an external device or program accesses the card issuer's file system, SC1 is an identification code (that is, an argument of a request command).

Fig. 4 shows that the card issuer can permit to lease (or transfer) an arbitrary range of memory to an area manager among the free areas of his file system. At this stage, partitioning is not yet performed on the file system on the memory area. The card issuer can allow a plurality of area managers to rent a memory as long as there is a free area in their file system. For example, in the implementation of identifying a file system by 4-bit system code, a maximum of 16 divisions (up to 15 divisions) can be performed.

FIG. 5 shows a state in which another service provider operator divides a memory area in an area permitted by a card issuer to create a new file system. System code SC2 is assigned to this new file system from the system code management mechanism. When an external device or program accesses a file system operated by the memory area manager (service provider company), SC2 is used as an identification code (argument of a request command).

FIG. 6 shows a state in which the common area manager divides the memory by the system code SC0 of the common area in the area permitted by the card issuer. When an external device or program accesses the file system that is the operation area of this common area manager, the system code SC0 is used as an identification code (argument of a request command).

The memory area of the IC card has a structure in which a plurality of file systems coexist as shown in FIG. 7 by repeating the division operation. The original card issuer and the service provider who acquired his file system on the IC card with the permission of the card issuer each use their file system to arrange an area or a service (described later) to develop their own business. Can be used for

Here, the operation mode in one file system will be described. Basically, the same operation is realized in any file system.

In the file system, one or more files are arranged to realize applications such as electronic payment and the exchange of electronic value information with the outside. The memory area allocated to the application is called a "service memory area". In addition, the use of an application, that is, a processing operation for accessing a corresponding service memory area is called a "service." Examples of the service include adding or subtracting a value to value information such as read access to a memory, write access, or electronic money.

In order to restrict the use of the application, i.e. the start of the service, depending on whether the user has the access right, an encryption code, or PIN, is assigned to the application, and the PIN collation process is performed when the service is executed. In addition, the access to the service memory area is appropriately performed according to the security level of the application or the like.

In this embodiment, a hierarchical structure similar to "directory" is introduced into each file system set in the memory area in the IC card. Each application allocated to the memory area can be registered in the "area" of the desired hierarchy.

For example, by registering a plurality of applications or related applications that are used in a series of transactions as service memory areas within the same area (and registering related areas in the same parent area), The arrangement of applications and areas is neat, and the user can efficiently sort and organize the applications.

In addition, in order to hierarchically control the access right to the file system, a PIN can be set for each application as well as a PIN can be set for each area. For example, by inputting a PIN corresponding to an arbitrary area, it is possible to grant access to all applications (and sub-areas) in the area through a matching process and a mutual authentication process. Therefore, the access right of all the applications used in a series of transactions can be obtained only by inputting the PIN to the corresponding area once, so that not only the access control is efficient but also the convenience of use of the device is improved.

It is also possible to allow access rights to any service memory area to be not single, and to set an encryption code for each access right, i.e., for the contents of a service running in the service memory area. For example, in a service to be activated for the same service memory area in "read" and "read and write", each PIN is set. In addition, in "increase" and "decrease" about electronic money and other value information, each PIN is set. In addition, input of a PIN is not required for reading into any memory area, but it is possible to make input of a PIN mandatory when writing.

Fig. 8 schematically shows the functional configuration of the firmware in the IC card which can set a plurality of file systems in the internal memory.

The interface (I / F) control unit controls protocol control such as communication with a card reader / writer by a contactless IC card interface, communication as a card reader / writer, communication via a wired interface, and communication through other I / O interfaces. Do it.

The command control unit processes a command received from the outside via the interface control unit, issues a command to the outside, inspects the command, and the like.

The security control unit realizes security processing such as authentication processing when accessing a memory area or each file system in the memory area, and PIN verification when using a directory or a service in the file system.

The file system control unit performs file system management such as division (and elimination of division) from the memory area as described above, management of directory structure in the file system, and the like.

The mode management unit manages modes of the entire file system and the individual file systems. The mode here includes states such as suspension of use of the file system, resumption of use, and the like.

In addition, firmware for each hardware control in the IC card is also included, such as start control, ROM management, parameter management, nonvolatile memory management, and patch control.

D. Partitioning, Unpartitioning, and Resizing a File System

In this embodiment, a structure in which a plurality of file systems coexist by dividing a memory space in an IC card is adopted. The division of the file system is a virtual IC card issuance, and one IC card can function as a plurality of IC cards.

In this embodiment, the procedure for releasing the divided memory areas is introduced to free up unnecessary memory areas and reallocate them to other services. In addition, a procedure for changing the size of the memory area set at the time of division is introduced, so that it can be adapted to the lack of size or surplus.

9 to 11 illustrate the procedure for dividing the memory area.

9 shows a state where the memory space in the IC card is undivided. The memory at this point is set to "memory area 0", the identification number is 0, and the memory size is N. By performing the division operation by specifying the size from this state, as shown in the right side of Fig. 9, "memory region 1" having an identification number of 1 is generated from the memory region 0 serving as the division source. In addition, when the memory size specified at the time of division operation is n1, the memory size of memory area 0 as the division source is N-n1.

The right side of FIG. 10 shows a state in which only one division operation is performed again from the memory area generated by the procedure shown in FIG. 11 shows a state in which the division operation is performed only 15 times in total from the "division procedure 0".

In the division procedure from the undivided memory to the state shown in the right side of Fig. 11, the size of the region specified in each division operation is divided by n1, n2, n3,... When n14 and n15 are set, the area size of the memory area 0 serving as the division source is N- (n1 + n2 + n3 + ... + n14 + n15) after 15 division operations in total. In addition, identification numbers are assigned in the order of the divided areas generated by the splitting operation, and 1, 2, 3,... , 14, and 15. Details of the processing operation for dividing the memory area will be described later.

12 to 13 illustrate the procedure of releasing the memory region once divided. Here, in the memory division procedure described above, it is assumed that the memory region 1 and the memory region 2 are generated by division from the memory region 0 in the IC card.

12 shows how the memory area 2 is released. The authority to release the memory area 2, that is, to release the division, has the IC card issuer who is the division source. When the partition is released, the partition is released without including information that cannot be managed by the partition source, such as key information of the memory area 2. FIG. In other words, the division is canceled by using information obtained by packaging the identification number and the memory size of the region to be divided into key information of the division source. After completion of the split release operation, the released memory belongs to the IC card issuer, i.e., memory area 0, that is the division source. The details of the processing procedure for performing division cancellation will be described later.

In addition, Fig. 13 shows how the memory area 1 is released. After completing the split release operation in the same manner as in the case shown in Fig. 12, the released memory belongs to the IC card issuer, i.e., memory area 0, which is the split source. In the illustrated example, even after the memory area 1 is released, there is no change in information such as the identification number of the memory area 2.

14 to 15 illustrate the procedure of changing the size of the memory area once divided.

FIG. 14 shows how the memory size of the memory area 1 is expanded. The authority to expand the memory size of the memory area 1 has the IC card issuer which is the division source.

When the size of the memory area 1 is expanded, the memory size can be extended without including information that cannot be managed by the division source, such as key information of the memory area 1. In other words, memory expansion is performed using information in which the identification number of the memory area for expanding the size and the size of the memory are packaged as key information of the division source. Details of the processing procedure for changing the size of the memory area will be described later.

In addition, in the size expansion of the memory area, it is a prerequisite that there is an unused area in the division source, that is, memory area 0, which is larger than the memory size required for size expansion.

In addition, FIG. 15 shows a mode in which the memory size of the memory area 1 is reduced. The authority to reduce the memory size of the memory area 1 has the IC card issuer which is the division source.

When the size of the memory area 1 is reduced, the memory size can be reduced without including information that cannot be managed by the division source, such as key information of the memory area 1. That is, memory reduction is performed by using information obtained by packaging the identification number and the memory size of the reduced memory area into key information of the division source. Details of the processing procedure for changing the size of the memory area will be described later.

In the reduction of the size of the memory area, it is a prerequisite that there is an unused area in the memory area that is larger than the memory size required for the reduction in the reduced memory area.

16 to 17 illustrate a procedure for changing an identification number assigned to a memory area once divided. Here, in the memory division procedure described above, it is assumed that the memory region 1 and the memory region 2 are generated by division from the memory region 0 in the IC card.

FIG. 16 shows a state in which memory identification numbers are exchanged between memory areas 1 and 2.

The authority to exchange the memory identification number has the IC card issuer which is the division source. When the memory identification numbers are exchanged between the memory areas, the memory identification numbers can be exchanged even if they do not contain information that cannot be managed by the division source, such as key information of both the memory areas 1 and 2. That is, memory identification number exchange is performed using the information which packaged each identification number or memory size of the memory area | region which exchanges identification numbers into the key information of a division source.

In the memory identification number exchange, however, it is assumed that the identification number 0 used by the division member cannot be the target of the exchange.

In addition, Fig. 17 shows how the memory identification number of the memory area 2 is changed to the memory identification number 1 that does not exist.

The authority to change the memory identification number has the IC card issuer which is the division source. When the memory identification number is changed, the memory identification number can be changed without including information that cannot be managed by the division source, such as key information of the memory area 2. FIG. That is, the memory identification number is changed by using the information of packaging the identification number and the memory size of the memory area for changing the identification number into the key information of the division source.

However, the changeable identification number is limited to an unused one. In addition, when the identification number after a change is not specified, it is assumed that the earliest number among the unused identification numbers is covered. In the memory identification number change, it is assumed that the identification number 0 used by the division member cannot be changed.

E. Processing to Divide Memory Areas Procedure

In this section, the procedure for dividing the memory area to create a new file system is injured.

Fig. 18 illustrates the preprocessing when dividing the file system. When a new service provider wants to divide a file system on the memory area of the IC card, as a preprocess, the service provider asks the card issuer for permission to use the memory area. When the card issuer permits the use of the memory area, that is, the division of the file system, the card issuer obtains a "divisional subpackage" required for division of the file system from the division description manager.

The division technology manager corresponds to the card storage area operator 22 responsible for management of the memory area in the IC card after the IC card is manufactured or manufactured and shipped, and the new service provider is assigned to the card storage area user 14. Substantial (see FIG. 2).

The division technology manager has the authority to change the system code of each file system on the memory area in the IC card, and manages the division authority key K _d stored in the operating system providing the execution environment of the IC card. Then, the division technology manager assigns the area key (issuance key of the new service provider company (that is, the issuer of the virtual IC card) that uses the area) KI _i and the system code SC _i to be newly created. (Where i is the subscript identifying the i-th partitioned file system), the data block consisting of these is encrypted with the partition authority key K _d to create a partition package, and handed it to the card issuer.

Since the card issuer himself does not hold the split authority key K _d , the card issuer cannot decrypt or alter the split sub package.

Card issuer, encrypts the acquired division small package, and permits to use a new service source provider data block composed of a (number of blocks), the size of the partition to back to one's issuer key, K _I, to create the divided package.

Since the divided package is encrypted with the card issuer key K _I managed in the card issuer and the card issuer's file system, the third party cannot decrypt the divided package, change the size of the divided region, or the like.

 Through such a preliminary procedure, the card issuer acquires a split package and uses this to make a split request for a file system of a memory area in the IC card. Here, the access to the file system is performed by taking the area ID of the file system as an argument, but since the card issuer only knows the system code, the area ID of his file system can be obtained by polling the IC card. have.

In Fig. 19, a card issuer illustrates a procedure for polling an IC card. However, communication between the card issuer (or other external device) and the IC card may be performed using a non-contact IC card interface based on electromagnetic induction, or by using a wired interface such as UART or I ² C. It may be (hereinafter, also the same).

The card issuer polls the operating system, which is the execution environment of the IC card, and makes an area ID request of the file system with its system code SC as an argument.

Using this request message as a trigger, an area ID is used as a return value for the request between the card issuer as the request source and the operating system as the execution environment of the IC card. It is returned to the publisher. In addition, the structure of mutual authentication procedure differs for every specification of an IC card, and since it is not directly related to the summary of this invention, detailed description is abbreviate | omitted here.

In the case of a new service provider (ie, a virtual card issuer) newly obtaining a file system by division, the area ID is obtained through the same polling procedure.

The card issuer makes a division request of the file system to the operating system of the IC card. This division request is made with the card issuer's area ID and the division package as arguments. Since the split package is encrypted with the card issuer key K _I , it is not modified from the third party. 20 shows a procedure where a card issuer makes a division request for an IC card. 21 shows how the memory area on the IC card is divided to create a new file system. The communication between the card issuer and the IC card is performed using a non-contact IC card interface based on electromagnetic induction, or using a wired interface such as UART or I ² C.

When the division request reaches the operating system of the IC card, based on the area ID included in the argument, the division package is passed to the card issuer's file system, decrypted with the card issuer key K _I , and the division package and partition area are divided. The size (number of blocks) is taken out.

When the operating system of the IC card receives the size of the divided small package and the divided region from the card issuer's file system, the divided small package is decrypted with the divided authority key K _d, and the area key immediately after the division (a new area using the corresponding region). The issuer key K _Ii of the service provider (i.e., the issuer of the virtual IC card) and the system code SC _i are taken out. Then, only the area owned by the card issuer is divided into an area corresponding to the size of the requested partition area, and the issuer key K _Ii and the system code SC _i are set in this area to make a new file system.

After the division processing of the file system is completed, the status is returned to the card issuer who is the requesting source.

In this way, the new service provider operator can secure his own file system on the memory area of the IC card issued by another card issuer, as if he issued the IC card himself, that is, as a virtual IC card issuer. It becomes possible to develop a service providing business.

However, in the initial state of the file system immediately after the division, the set issuer key K _Ii and the system code SC _i are in the state as set by the division technology manager. In other words, a new service provider may not be able to independently analyze, manage, and operate a security threat because the security of his file system may be left to the divisional technology manager.

Therefore, the new service provider must perform the reset procedure of the issuer key K _Ii and the system code SC _i after acquiring his file system on the memory area of the IC card. In addition to this resetting procedure, the size of the divided region may be adjusted.

Fig. 22 shows a procedure for resetting the issuer key K _Ii and the system code SC _i , which is performed after a new service provider operator acquires his file system on the memory area of the IC card. However, the communication between the service provider and the IC card is performed by using a non-contact IC card interface based on electromagnetic induction or by using a wired interface such as UART or I ² C.

The service provider operator polls the operating system, which is the execution environment of the IC card, and requests the area ID of the file system with the system code SC _i immediately after the split as an argument.

Using this request message as a trigger, the service provider and the operating system which is the execution environment of the IC card undergo a mutual authentication procedure consisting of a communication operation over a plurality of round trips. The default area ID given by the division technology manager is returned to the service provider. In addition, the structure of mutual authentication procedure differs for every specification of an IC card, and since it is not directly related to the summary of this invention, detailed description is abbreviate | omitted here.

Subsequent to this authentication procedure, the service provider provides a change request for the default issuer key K _Ii to the operating system of the IC card. This key change request is made with a default area ID and a key change package as arguments. Since the key change package is encrypted with the default issuer key K _Ii , it is not modified from the third party.

When the key change request reaches the operating system of the IC card, based on the area ID included in the argument, the key change package is passed to the file provider's file system of the corresponding service provider, decrypted with the card issuer key K _Ii , and the key. The change package is taken out. And, if the card issuer key of the file system changes to K _Ii 'from K _Ii, its status will be returned to the request source causes service providers.

Subsequently, the service provider performs a request for changing the default system code SC _i to the operating system of the IC card. This system code change request is made with a default area ID and a system code change package as arguments. Because the system code change package is encrypted with the new issuer key K _Ii ', the alteration is not from the third character.

Changing the system code required to reach the operating system of the IC card based on the area ID included in the acquisition, key change package is passed to the file system of providing that service personnel carriers, it is decrypted by the card issuer key K _Ii ' The system code change package is extracted. When the default system code SC _i of the file system is changed to SC _i ', the status is returned to the service provider that is the requesting source.

Subsequently, the service provider performs a request for changing the default area ID _i to the operating system of the IC card. This system code change request is made with a default area ID and an area ID change package as arguments. Since the area ID Change Package is encrypted with the new issuer key K _Ii ', the alteration is not from the third character.

If the area ID change request reaches the operating system of the IC card based on the area ID included in the argument is the area ID change package is passed to the file system of the service providing source providers, decrypted by the card issuer key K _Ii ' Then, the area ID change package is taken out. When the default area ID _i of the file system is changed to the area ID _i ', the status is returned to the service provider that is the request source.

In this way, the new service provider operator sets up the secure issuer key K _Ii and system code SC _{i for} his file system, thereby analyzing the security threats independently of the original IC card issuer. Management and operation.

F. Processing to Release Partitioned Memory Area Procedure

When a memory space in the IC card is logically divided into a plurality of operations, it is conceivable that a particular memory area becomes unnecessary at any point in time, such as stopping the use of some services. By releasing only a specific memory area individually after the division operation described in the above paragraph E, it is possible to delete another unnecessary memory area and reuse another service without affecting other memory areas in use.

In this section, the procedure for releasing the memory area, that is, deleting the file system obtained by dividing the memory area, and releasing the memory area is injured.

Fig. 23 illustrates the preprocessing when deleting the file system obtained by dividing. When the service provider wants to delete the file system assigned to him on the memory area of the IC card, as the preprocess, the service provider asks the card issuer for permission to release the memory area.

When the card issuer permits the release of the memory area, that is, the release of the file system, the card issuer encrypts the data block including the system code SC _i of the memory area to be released with its own issuer key K _I , thereby separating the package. Write. Since the split release package is encrypted with the card issuer key K _I managed in the card issuer and the card issuer's file system, a third party cannot decrypt the split release package, change the size of the partition, or the like.

Through such a preliminary procedure, the card issuer acquires a split release package and uses this to make a split release request of a file system of a memory area in the IC card. Here, access to the file system is performed by taking the area ID of the file system as an argument, but since the card issuer only knows his / her system code, the area ID of his file system is obtained by polling the IC card. (See FIG. 19).

The card issuer makes a division release request of the file system to the operating system of the IC card. This split release request is made with the card issuer's area ID and the split release package as arguments. The split release package is encrypted with the card issuer key K _I , and therefore cannot be modified from a third party. Fig. 24 shows a procedure in which the card issuer makes a division release request for the IC card. In addition, Fig. 25 shows how the memory area obtained by the division on the IC card is released and returned to the file system of the IC card issuer. The communication between the card issuer and the IC card is performed using a non-contact IC card interface based on electromagnetic induction, or using a wired interface such as UART or I ² C.

When the split release request reaches the operating system of the IC card, based on the area ID included in the argument, the split release package is passed to the card issuer's file system, decrypted with the card issuer key K _I , and is to be released. The system code SC _i of the memory area (file system) is taken out.

When the operating system of the IC card receives the system code SC _i of the file system to be released, the corresponding file system is released and integrated into the original file system owned by the IC card issuer.

When such file system departition processing is completed, the status is returned to the card issuer who is the requesting source.

In this way, the service provider can release its own file system that has become unnecessary. Therefore, it is possible to delete only the unnecessary memory area and reuse another service without affecting the other memory area in use, thereby effectively utilizing a finite resource called a memory in the IC card.

G. Processing Procedure to Enlarge or Reduce the Size of the Divided Memory Area

In the case where the memory space in the IC card is logically divided into plural operations, the size of the individual memory areas cannot be determined at the time of division. After the division operation described in the preceding paragraph E, by admitting the size change of the divided memory area, it is not necessary to set a sufficient margin at the time of division to avoid the memory shortage. In addition, it is possible to reduce the memory size which becomes unnecessary. By these, a finite memory area can be effectively used.

In this section, procedures for changing the size of the memory area, that is, expanding or reducing the size of the file system obtained by dividing are injured.

Fig. 26 illustrates the preprocessing when changing the size of the file system obtained by dividing. When the service provider wants to enlarge or reduce the size of the file system allocated to him on the memory area of the IC card, as a preliminary process, the service provider gives the card issuer permission to change the size of the memory area. Requires.

When the card issuer permits the change of the size of the memory area, the card issuer stores a data block including the system code SC _i of the memory area to be released, the size expansion or contraction information, and the change size information. Encrypt with K _I to create a split resize package. The split resize package is encrypted with the card issuer key K _I , which is managed in the card issuer and the card issuer's file system, so that a third party can decrypt the split resize package, change the size of the partition, or the like. There is no.

Through such a preliminary procedure, the card issuer obtains a division size change package and uses this to make a division size change request of a file system of a memory area in the IC card. Here, access to the file system is performed using the area ID of the file system as an argument, but since the card issuer only knows his / her system code, the area ID of his file system is obtained by polling the IC card. (See FIG. 19).

The card issuer makes a division size change request of the file system to the operating system of the IC card. This divisional size change request is made with the card issuer's area ID and the divisional size change package as arguments. Since the dividing resizing package is encrypted with the card issuer key K _I , it is not modified from the third party. Fig. 27 shows a procedure in which the card issuer makes a division size change request to the IC card. 28 shows how the size of the memory area obtained by dividing on the IC card is changed (reduced in the illustrated example). The communication between the card issuer and the IC card is performed using a non-contact IC card interface based on electromagnetic induction, or using a wired interface such as UART or I ² C.

When the split size change request reaches the IC card operating system, based on the area ID included in the argument, the split size change package is passed to the card issuer's file system, decrypted with the card issuer key K _I , The system code SC _i of the target memory area (file system) is taken out.

When the operating system of the IC card receives the system code SC _i of the file system to be resized, the size of the corresponding file system is changed. However, when enlarging the size of the file system, since the memory area of the IC card issuer is added and allocated, it is essential that there is an unused area larger than the change size required in the memory area of the IC card issuer. On the contrary, when reducing the size of the file system, it is essential that there is an unused area in the file system that is larger than the requested change size.

When the divisional size change processing of the file system is completed, the status is returned to the card issuer which is the requesting source.

In this way, the service provider can change the size of the file system dedicated to the service provider as necessary. Therefore, it is not necessary to set a sufficient margin at the time of division to avoid running out of memory. In addition, it is possible to reduce the memory size which becomes unnecessary. By these, a finite memory area can be effectively used.

As mentioned above, the present invention has been injured with reference to specific embodiments. However, it will be apparent to those skilled in the art that modifications and substitutions of the embodiments can be made without departing from the spirit of the invention.

In the present specification, an IC card or a portable terminal incorporating an IC chip is used as an example. For each of the memory areas obtained by dividing the memory space in the IC card, the release of resources by dividing release, expansion or reduction of the divided memory area, and the like are made. Although the size change of was demonstrated, the summary of this invention is not limited to this. For example, when the same type of operation is taken on a memory device other than an IC card or an IC chip, the same effect can be obtained by applying the present invention.

In summary, the present invention has been disclosed in the form of illustration, and the description of the present specification should not be interpreted limitedly. In order to judge the summary of this invention, description of a claim should be considered.

Claims (16)

An information management apparatus having a memory space and divided into one or more memory areas for management; The memory space includes a first memory area of the division source and at least one second memory area divided from the division source and allocated to another operator. Partition releasing means for releasing division of the second memory area and returning to the first memory area in response to a request from an operator. An information management apparatus comprising: a. The method of claim 1, Access control means for controlling access to each memory area based on a corresponding operator's key, The dividing means receives a dividing package that encrypts a data block containing information identifying a second memory area to be subjected to dividing with a key of the dividing source, and decrypts the dividing package with a key of the dividing source. And dividing the second memory area indicated by the data block. An information management apparatus having a memory space and divided into one or more memory areas for management; The memory space includes a first memory area included in the partition source and at least one second memory area divided from the partition source and allocated to another operator. Partition size changing means for enlarging or reducing the size of the second memory area after the division in accordance with a request from the operator. An information management apparatus comprising: a. The method of claim 3, When the size of the second memory area is enlarged, the divided area size changing means allocates an unused area of the first memory area corresponding to the size to be changed to the second memory area, and reduces the size of the second memory area. And returning the unused area of the second memory area corresponding to the size to be changed to the first memory area. The method of claim 3, Access control means for controlling access to each memory area based on a corresponding operator's key, The dividing area size changing means divides the data block including information for identifying the second memory area to be resized, information indicating an enlargement or reduction of the size of the area, and information on information for changing the size. Receiving a partition resizing package encrypted with the original key, decrypting the partition resizing package with the partition original key, and changing the size of the second memory area indicated by the data block by a specified size Information management device. An information management apparatus having a memory space and divided into one or more memory areas for management; The memory space includes a first memory area included in the division source and at least one second memory area divided from the division source and assigned to another operator, and each piece of identification information is divided into each of the second memory areas. Is assigned, And identification information changing means for changing identification information of the second memory area in response to a request from a business operator. The method of claim 6, And the identification information changing means changes the identification information of the second memory area owned by any operator into identification information missing by dividing the second memory area of another operator. The method of claim 6, Access control means for controlling access to each memory area based on a corresponding operator's key, The identification information changing means receives the identification information changing package which encrypts the data block including the identification information of the second memory area to be changed and the identification information to be changed with the key of the division source, And decoding the corresponding identification information change package with a key, and changing the identification information of the second memory area indicated by the data block to the designated identification information. An information management method for managing a memory space by dividing it into one or more memory areas. The memory space includes a first memory area of the division source and at least one second memory area divided from the division source and allocated to another operator. A partition release step of canceling division of the second memory area and returning to the first memory area according to a request from an operator. Information management method comprising the. The method of claim 9, An access control step of controlling access to each memory area based on a corresponding operator's key, In the dividing step, the dividing package obtained by encrypting a data block containing information identifying a second memory area to be subjected to dividing with the key of the dividing source is received, and decrypting the dividing package with the key of the dividing source. And dividing the second memory area indicated by the data block. An information management method for managing a memory space by dividing it into one or more memory areas. The memory space includes a first memory area of the division source and at least one second memory area divided from the division source and allocated to another operator. And a division area size changing step of enlarging or reducing the size of the second memory area after division in accordance with a request from a business operator. The method of claim 11, In the divided area size changing step, when the size of the second memory area is enlarged, an unused area of the first memory area corresponding to the size to be changed is allocated to the second memory area, and the size of the second memory area is reduced. And returning the unused area of the second memory area equal to the size to be changed to the first memory area. The method of claim 11, And an access control step of controlling access to each memory area based on a corresponding operator's key, In the dividing area size changing step, a data block including information for identifying a second memory area to be resized, information indicating an enlargement or reduction of the size of the area, and information on information for changing the size is selected. Information for receiving a partition size change package encrypted with a key of the key, decrypting the partition size change package with a key of the partition source, and changing the size of the second memory area indicated by the data block by a specified size; How to manage. An information management method for managing a memory space by dividing it into one or more memory areas. The memory space includes a first memory area included in the division source and at least one second memory area divided from the division source and assigned to another operator, and each piece of identification information is divided into each of the second memory areas. Is assigned, And an identification information changing step of changing identification information of the second memory area in response to a request from a business operator. The method of claim 14, And wherein the identification information changing step changes the identification information of the second memory area of an operator to the identification information missing by the division of the second memory area of another operator. The method of claim 14, And an access control step of controlling access to each memory area based on a corresponding operator's key, In the identification information changing step, an identification information changing package obtained by encrypting a data block including identification information of the second memory area to be changed and identification information to be changed with a key of the division source is received. Decrypting the identification information change package with a key, and changing the identification information of the second memory area indicated by the data block to the specified identification information.

Images