WO2006049224A1 - セキュアデバイスおよび中継端末 - Google Patents
セキュアデバイスおよび中継端末 Download PDFInfo
- Publication number
- WO2006049224A1 WO2006049224A1 PCT/JP2005/020237 JP2005020237W WO2006049224A1 WO 2006049224 A1 WO2006049224 A1 WO 2006049224A1 JP 2005020237 W JP2005020237 W JP 2005020237W WO 2006049224 A1 WO2006049224 A1 WO 2006049224A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- secure
- relay terminal
- card
- instruction information
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
Definitions
- the present invention relates to a secure device having a tamper-resistant region and a relay terminal that writes data to the secure device.
- a method using an IC card has been used as a method for securely storing digital contents.
- the IC card can only be accessed from the tamper-resistant module and cannot be read by unauthorized means. It has a secure memory area, but the secure memory area has a small capacity.
- the decryption key is stored in the secure memory area, and the encrypted digital content is stored in the normal memory area of the terminal or on the memory card.
- a key for decrypting a digital content is distributed to a secure memory using an encrypted communication path, The encrypted digital content is later distributed to the normal memory area. Disclosure of the invention
- an object of the present invention is to provide a secure device and a relay terminal that can safely and reliably write data to a secure memory area regardless of the situation of the tamper-resistant module. .
- the secure device of the present invention is a secure device that receives data transmitted from a service terminal via a relay terminal having an information writing function, and controls one or more applications and the operation of the secure device.
- a tamper-resistant module having a device control unit, and a secure memory accessible only from the tamper-resistant module;
- a communication unit for communicating with the service terminal wherein the device control unit is a secure memory address indicating the data write destination and a method for coping with a case where data cannot be written to the secure memory.
- Storage instruction information including information on the storage information is generated and stored, and the communication unit transmits the storage instruction information to the service terminal.
- the information on the countermeasure when the writing is impossible is as follows: the address of the normal memory of the secure device or the relay terminal indicating the storage destination for temporarily storing the data, and the normal memory And having an identifier for the application that moves the data stored in the secure memory to the secure memory.
- the information on how to deal with the case where the writing is impossible is to secure at least one of a storage destination for temporarily storing the data or a memory area to which the data is written.
- the communication unit receives attribute information of data transmitted from the service terminal, and the device control unit is transmitted from the service terminal based on the attribute information.
- a relay terminal that relays data to be stored may be determined, and the address of the determined relay terminal may be included in the storage instruction information.
- the communication unit receives attribute information of data transmitted from the service terminal, and the device control unit performs a connection between the relay terminal and the service terminal based on the attribute information.
- the communication method may be determined and included in the storage instruction information.
- the relay terminal of the present invention is a relay terminal that writes data transmitted from the service terminal to a secure device that is communicably connected, and the secure terminal indicating the data and a destination to which the data is written
- a data receiving unit that receives the storage instruction information including an address of a secure memory included in the device and information on a countermeasure when data cannot be written to the secure memory, and the storage instruction information
- An instruction transmitting unit that transmits an instruction to write to the address of the secure memory designated by the secure device to the secure device and receives a response from the secure device to the instruction, and data to the secure memory based on the response Determine whether or not writing is possible, and if it is determined that writing is impossible, the corrective action specified in the storage instruction information
- a control unit that writes the data into the normal memory of the secure device or relay terminal.
- a relay terminal is a relay terminal that writes data transmitted from a service terminal to a secure device that is communicably connected to the data, and a destination to which the data is written.
- a data receiving unit that also receives the storage terminal information including the address of a secure memory included in the secure device and information regarding a countermeasure when data writing to the secure memory is impossible, The management state of the secure device is managed, and based on the processing state, whether or not data can be written to the secure memory is determined.
- the handling method specified by the storage instruction information A controller that writes the data to a normal memory of the secure device or the relay terminal based on the information. It has a configuration.
- a relay terminal includes a deletion unit that deletes the storage instruction information in response to completion of writing of data to an address of a normal memory specified by the storage instruction information.
- the information on the above countermeasure includes the address of the normal memory of the secure device or the relay terminal that temporarily indicates a storage destination for storing the data, and the data stored in the normal memory. Including the identifier of the application to be moved to the secure memory.
- the information related to the above-mentioned countermeasures includes a storage destination securing time limit indicating a time limit for securing at least one of a storage destination for temporarily storing the data or a memory area to which the data is written. Including /!
- the command transmission unit Based on the application identifier specified by the storage instruction information, the command transmission unit outputs an application activation command corresponding to the application identifier to the relay terminal, A data movement command for moving the data temporarily stored in the normal memory to the address of the secure memory may be output to the activated application.
- the command transmission unit Based on the application identifier designated by the storage instruction information, the command transmission unit outputs an application activation command corresponding to the application identifier to the relay terminal,
- the activated application may refer to the storage instruction information and move data temporarily stored in the normal memory to the address of the secure memory.
- the relay terminal further includes a data reading unit that accesses an address of a normal memory specified by the storage instruction information and reads data temporarily stored in the normal memory, and the command transmission unit includes: Based on the identifier of the application specified by the storage instruction information, an application activation command corresponding to the application identifier is output, and the data read unit reads the data of the preceding data for the activated application. You may output a write command to write to the secure memory address.
- the secure device operation method of the present invention is an operation method of a secure device that receives, via a relay terminal having an information writing function, data that is also transmitted by a service terminal.
- the address of the secure memory of the secure device indicating the write destination and the data that cannot be written to the secure memory.
- the storage device includes a step of generating storage instruction information including information regarding a countermeasure for a case where the security device has occurred, and a step of the secure device transmitting the storage instruction information to the service terminal.
- a program of the present invention is an operation program for a secure device that receives data transmitted by a service terminal via a relay terminal having an information writing function, and is a secure memory indicating a write destination of the data
- FIG. 1 is a diagram showing a configuration of an IC card system according to a first embodiment.
- FIG. 2 is a diagram showing an outline of the operation of the IC card system of the first embodiment.
- Fig.3 is a diagram showing details of processing of IC card and service terminal
- FIG. 4 is a diagram showing an operation of generating storage instruction information.
- FIG. 5 is a diagram showing an example of a table used for transmission destination determination.
- FIG. 6 is a diagram showing an example of a table used for transmission destination determination.
- FIG. 7 is a diagram showing an example of storage instruction information.
- FIG. 8 is a diagram showing an example of transmission destination information included in the storage instruction information
- FIG. 9 is a diagram showing an example of storage instruction information
- FIG. 10 is a diagram showing processing of a relay terminal and a service terminal
- FIG. 11A is a diagram showing a format of data transmitted from the service terminal to the relay terminal.
- Fig. 11B shows the contents of the header.
- Figure 12 shows the data write operation to the IC card.
- Figure 13 shows the flow of data when writing data to an IC card.
- Figure 14 shows the data write operation when the IC card is busy.
- Figure 15 shows the data flow when writing data when the IC card is busy.
- Figure 16 shows the operation of moving data to the secure memory area in the normal memory area as well.
- FIG. 17 is a diagram showing the data flow when the normal memory area is also moved to the secure memory area.
- Figure 18 shows the operation of moving data to the secure memory area in the normal memory area as well.
- FIG. 19 is a diagram showing the data flow when the normal memory area is also moved to the secure memory area.
- FIG. 20 is a diagram showing a configuration of an IC card used in the second embodiment.
- FIG. 21 is a diagram showing data movement operation in the second embodiment.
- FIG. 22 is a diagram showing a data flow of data movement in the second embodiment.
- FIG. 23 is a diagram showing an operation of data movement in the second embodiment.
- FIG. 24 is a diagram showing a data flow of data movement in the second embodiment.
- FIG. 25 is a diagram showing an operation of writing data to an IC card in a modified example.
- FIG. 26 is a diagram showing an operation of writing data to an IC card in a modified example.
- FIG. 27 is a diagram showing an operation of deleting data when the storage destination securing deadline has been reached.
- the secure device of the present embodiment is a secure device that receives data transmitted from a service terminal via a relay terminal having an information writing function, and controls the operation of one or more applications and the secure device.
- a tamper-resistant module having a device control unit, a secure memory accessible only from the tamper-proof module, and a communication unit for communicating with a service terminal.
- the device control unit determines a data write destination. The address of the secure memory indicated and the data cannot be written to the secure memory.
- the storage unit generates and stores storage instruction information including information on how to deal with the case, and the communication unit transmits the storage instruction information to the service terminal.
- the secure device By generating the storage instruction information and transmitting it to the service terminal in this way, data can be received via the relay terminal designated by the secure device. Also, by including information on how to deal with the case where writing is impossible in the storage instruction information, when data cannot be written to the secure memory, the secure device refers to the information on the above countermeasure, Measures can be taken to store the received data in an emergency evacuation at a predetermined location.
- the information on how to deal with the case where writing is impossible is stored in the normal memory of the secure device or relay terminal indicating the storage destination for temporarily storing data and in the normal memory. You may have an application identifier that moves the stored data to secure memory.
- the information on how to deal with the case where the writing is impossible is a time limit for securing at least one of a storage destination for temporarily storing data and a memory area to which the data is written. It may have a storage destination securing deadline shown.
- the communication unit receives attribute information of data transmitted from the service terminal, and the device control unit determines a relay terminal that relays the data transmitted by the service terminal based on the attribute information.
- the determined relay terminal address may be included in the storage instruction information.
- an appropriate relay terminal can be determined according to the attribute information received by the service terminal.
- the attribute information includes, for example, the amount of data to be transmitted, the extension, and the type of relay terminal. For example, according to the attribute of the data amount, if the data amount is large, it is determined that the PC is a home PC when the data amount is large, and the relay terminal that receives the mobile terminal when the data amount is small. It is possible to avoid the inconvenience that processing cannot be performed on the mobile terminal until it is received.
- the communication unit receives attribute information of data transmitted from the service terminal, and the device control unit communicates between the relay terminal and the service terminal based on the attribute information.
- a method may be determined and included in the storage instruction information.
- an appropriate communication method can be determined according to the attribute information received by the service terminal.
- the relay terminal is a relay terminal that writes data transmitted from a service terminal to a secure device that is communicably connected.
- the relay terminal includes data and a secure device that indicates a data write destination.
- a data receiver that receives storage instruction information consisting of the address of the secure memory and information on how to deal with the case where data cannot be written to the secure memory, and the secure data specified by the storage instruction information. Sends an instruction to write to the memory address to the secure device and receives a response from the secure device to the instruction, and determines whether or not data can be written to the secure memory based on the response! If the device is determined to be secure device or medium based on the information on the countermeasure specified in the storage instruction information And it has a configuration in which a control unit for writing data to the normal memory included in the terminal.
- the relay terminal is a relay terminal that writes data transmitted from a service terminal to a secure device that is communicably connected.
- a data receiving unit that receives from the service terminal storage instruction information that includes the address of the secure memory that the secure device indicates and information on how to deal with the case where data cannot be written to the secure memory; Manages the processing status of the device, determines whether data can be written to the secure memory based on the processing status, and if it is determined that writing is impossible, based on the information on the countermeasure specified in the storage instruction information And a control unit that writes data to a normal memory of the secure device or the relay terminal.
- control unit manages the processing state of the secure device and determines that writing is impossible based on the processing state, data is written in the normal memory later.
- data can be written to secure memory, data can be moved from normal memory to secure memory. As a result, even if data cannot be temporarily written to the secure memory, the data can be reliably written to the secure memory.
- the relay terminal has a configuration including a deletion unit that deletes storage instruction information in response to completion of data writing to an address of a normal memory specified by the storage instruction information.
- the information related to the above-mentioned countermeasure is the address of the normal memory of the secure device or relay terminal indicating the storage destination for temporarily storing the data, and the data stored in the normal memory is moved to the secure memory. Including the application identifier.
- the data can be written to the normal memory when the data cannot be written to the secure memory. . Therefore, after the data can be written to the secure memory, the data can be read from the normal memory and the data can be written to the secure memory. As a result, even when data cannot be temporarily written to the secure memory, the data can be reliably written to the secure memory.
- the information on the above countermeasures is a storage location for temporarily storing data, or It may include a storage destination reservation deadline that indicates a deadline for securing at least one of the memory areas to which data is written.
- the command transmission unit Based on the application identifier specified in the storage instruction information, the command transmission unit outputs an application activation command corresponding to the application identifier to the relay terminal, and A data movement command for moving data temporarily stored in the normal memory to an address in the secure memory may be output.
- the secure device transmits the data transfer command from the normal memory to the secure memory to the secure device together with the application identifier specified by the read storage instruction information.
- Data can be read from normal memory, and the read data can be stored in secure memory.
- data temporarily stored in the normal memory can be moved to the secure memory.
- the command transmission unit Based on the application identifier specified by the storage instruction information, the command transmission unit outputs an application activation command corresponding to the application identifier to the relay terminal.
- the data temporarily stored in the normal memory may be moved to the address of the secure memory.
- the secure device starts the designated application by transmitting the identifier of the application designated by the storage instruction information thus read to the secure device. Then, the activated application refers to the storage instruction information held by the secure device itself, reads the data stored in the normal memory and stores it in the secure memory, so it is temporarily stored in the normal memory, Data can be moved to secure memory.
- the relay terminal further includes a data reading unit that accesses the address of the normal memory specified by the storage instruction information and reads data temporarily stored in the normal memory, and the command transmission unit stores the data Based on the identifier of the application specified by the instruction information, an application activation command corresponding to the application identifier is output, and the address of the secure memory of the data read by the data reading unit for the activated application You may output a write command to instruct the write to.
- the data stored in the normal memory is read, and a data write command to the secure memory is issued together with the read data.
- the data temporarily stored in the normal memory can be moved to the secure memory.
- An operation method of a secure device is an operation method of a secure device that receives data transmitted from a service terminal via a relay terminal having an information writing function. Generating a storage instruction information including an address of a secure memory of the secure device indicating a data writing destination and information on a countermeasure when the data cannot be written to the secure memory, and the secure device And a step of transmitting storage instruction information to the service terminal.
- the program according to the present embodiment is an operation program for a secure device that receives data transmitted by a service terminal via a relay terminal having an information writing function, and is a secure memory that indicates a data write destination.
- the secure device is caused to execute a step of generating storage instruction information including an address and information on a countermeasure when data cannot be written to the secure memory, and a step of transmitting the storage instruction information to the service terminal.
- FIG. 1 is a diagram showing an IC card system including an IC card and a relay terminal according to the first embodiment of this invention.
- the IC card system includes an IC card 10, a service terminal 60 that provides information to the IC card 10, and a relay terminal 40 that writes information to the IC card 10.
- the IC card 10 includes a tamper resistant module (hereinafter referred to as “TRM”) 12, a memory 22 including a secure memory area 18 and a normal memory area 20.
- TRM tamper resistant module
- the secure memory area 18 is an area accessible only by the TRM 12.
- the normal memory area 20 is an area accessible from the TRM 12 and the contact interface 26.
- the TRM 12 includes a card control unit 14 that controls the operation of the IC card 10 and a single or multiple card application (hereinafter referred to as “card application”) 16.
- card application a single or multiple card application
- the TRM12 hardware is a single module with a CPU and ROM.
- the card application 16 is stored in the ROM, and the CPU controls the operation of the IC card 10 by reading the card application 16 and executing it.
- the IC card 10 has a non-contact interface 24 and a contact interface 26.
- communication with the service terminal 60 is performed by the non-contact interface 24, and communication with the relay terminal 40 is performed by the contact interface 26.
- the contact interface 26 is connected to the TRM 12 and the normal memory area 20.
- the contact interface 26 accesses the normal memory area 20 when receiving a memory access command from the outside, and accesses the secure memory area 18 via the TRM 12 when receiving an IC card access command. While the memory access command is always received by the contact interface 26, the IC card access command is not received when the IC card 10 is busy, and an error is returned to the contact IZF 52.
- IC card Examples of the 10 busy state include the case where the non-contact interface 24 and the contact interface 26 cannot operate at the same time when the non-contact interface 24 is processing in the IC card 10 or the single-channel IC card 10! /, Etc. May be processed! /.
- the IC card 10 is starting contactless processing in the card access control unit 54 of the relay terminal 40 that does not detect busy by sending an IC card access command to the IC card 10 and receiving an error. It is also possible to manage that the contact processing is being started, and not to send the request for starting the other communication processing to the IC card 10 when one of the processing is being performed. Also, even when connections are made up to the maximum number of channels during the contact process, the card access control unit 54 determines that it is busy and does not send a further access request to the IC card 10! Why!
- the non-contact interface 24 is connected to the TRM 12.
- the non-contact interface 24 transmits information input also from an external force to the TRM 12 and transmits information passed from the TRM 12 to the outside.
- ISO / IEC 14443 Type A, Type B, JICSAP 2.0, infrared communication, Bluetooth, and other interfaces can be used.
- the non-contact I / F 24 is assumed to be in the IC card 10.
- a part or all of the non-contact IZF is on the relay terminal 40 side.
- the IC card 10 may be configured to perform non-contact communication with the service terminal 60 via the contact I / Fs 26 and 52.
- the relay terminal 40 includes a terminal control unit 42, a RAM 44, a ROM 46, a display unit 48, and a communication unit 50 included in a general computer, and a contact interface 52 for reading and writing information on the IC card 10.
- the card access control unit 54 is provided.
- a mobile terminal with a mobile phone function for example, a PC connected to the Internet, a TV connected to the Internet, or the like can be used.
- the service terminal 60 includes a control unit 62, a RAM 64, a ROM 66, a communication control unit 68, and a communication interface 70 included in a general computer, and a non-contact interface 72 for wireless communication with the IC card 10.
- a control unit 62 a RAM 64, a ROM 66, a communication control unit 68, and a communication interface 70 included in a general computer, and a non-contact interface 72 for wireless communication with the IC card 10.
- the ROM 66 of the service terminal 60 content data to be transmitted to the IC card 10 is stored.
- the operation of the IC card system according to the first embodiment will be described. First, the operation when the IC card 10 is not busy and data can be normally written to the secure memory area 18 will be described, and then the operation when the TRM 12 is busy will be described.
- FIG. 2 is a diagram showing a flow of data transmitted / received among the IC card 10, the service terminal 60 and the relay terminal 40.
- contactless communication is performed between the IC card 10 and the service terminal 60 to connect a session (S10).
- FIG. 3 is a diagram showing in detail the processing of the IC card 10 and the service terminal 60.
- the IC card 10 and the service terminal 60 activate the card application 16 (S40).
- mutual authentication is performed between the IC card 10 and the service terminal 60 (S42), a secure communication path is generated, and a session key is shared (S44).
- S12 the common session key storage shown in FIG. 2
- settlement processing is performed between the IC card 10 and the service terminal 60 (S 46).
- a purchase request for content data is transmitted to the IC card 10-power service terminal 60, and the service terminal 60 determines distribution of the content data in response to the purchase request.
- settlement processing for content data purchase is performed between the IC card 10 and the service terminal 60.
- the service terminal 60 transmits the attribute information of the content data to the IC card 10 (S48).
- the IC card 10 Upon receiving the attribute information transmitted from the service terminal 60 (S50), the IC card 10 generates storage instruction information 30 based on the received attribute information (S52). Here, the storage instruction information 30 generated by the IC card 10 will be described.
- FIG. 4 is a diagram showing an operation in which the IC card 10 generates the storage instruction information 30 and transmits it to the service terminal 60.
- the service terminal 60 transmits data attribute information to the IC card 10 (S60).
- the data attribute information includes data amount, data type, and the like.
- the card application 16 of the IC card 10 receives the attribute information transmitted from the service terminal 60, it passes the received attribute information to the card control unit 14 (S62). Based on the attribute information, the card control unit 14 determines the transmission destination and transmission path of the data transmitted from the service terminal 60 (S64).
- the processing from S64 to S74 of the card controller is stored in the card OS in the form of a library. It can be integrated, or it can be stored in the TRM in the form of a card application! /.
- FIG. 5 is a diagram showing an example of a table held by the card control unit for determining a transmission destination and a temporary storage destination at the time of a write error when a data size is received as attribute information.
- the table has destination information associated with the data size and information indicating how to deal with an error.
- the device address of the mobile terminal is specified as the relay terminal, and when it is 100 KB or more, the device address of the home server is specified as the relay terminal.
- the attribute information received from the service terminal 60 is not limited to the data size.
- the data type may be received as the attribute information. In this case, for example, a table as shown in FIG. 6 is provided, and the transmission destination is determined according to the data type.
- the card control unit 14 secures the secure memory area 18. Is checked (S66), and a data storage area is secured (S68). As a result, writing of other data to the reserved data storage area can be prevented, and data can be securely stored in the secure memory area 18. Subsequently, the card control unit 14 confirms an empty area in the normal memory area 20 (S70), and secures an area for temporary storage of data (S72). This prevents other data from being written to the reserved temporary storage area, and ensures that the normal memory area 20 can be used even when the IC card 10 is busy and data cannot be stored in the secure memory area 18. Can store data.
- step S72 may be omitted.
- the card control unit 14 creates storage instruction information 30 (S74).
- FIG. 7 is a diagram illustrating an example of the storage instruction information 30.
- the storage instruction information 30 includes information on “transmission destination information”, “card application ID”, “storage destination address”, “storage destination in case of error”, and “data size”.
- the destination information is the destination address determined in the destination determination step.
- the destination information includes the device address of the mobile terminal as the relay terminal of the destination, and information “blt” indicating that the communication method is Bluetooth.
- the communication method is infrared, IP, file transfer, etc.
- the information shown in Fig. 8 is included in the destination information.
- the card application ID is information for identifying the card application 16 that executes data reception processing.
- the storage destination address is information indicating the address of the storage destination area secured in step S68.
- the storage location at the time of the error is information indicating the address of the storage location area secured in step S72.
- the data size is information indicating the data size of the secured area. If the storage area at the time of error is not secured, specify only the normal memory area as the storage destination at the time of error.
- the storage instruction information 30 may include a “storage destination securing deadline”.
- the “storage destination reservation deadline” is a date and time indicating a deadline for securing the area secured in step S68 and step S72.
- the card control unit 14 of the IC card 10 transmits the storage instruction information 30 to the generated card application 16 (S76).
- the card application 16 stores the received storage instruction information 30.
- the storage instruction information 30 is transmitted to the service terminal 60 (S78, S80).
- the transmission destination information is information for the service terminal 60 to grasp the relay terminal 40 to which the data is to be transmitted, and therefore may not be included in the data transmitted from the service terminal 60 to the relay terminal 40.
- the storage instruction information has been described above.
- the IC card 10 transmits the storage instruction information 30 to the service terminal 60 (S54).
- the service terminal 60 receives the storage instruction information 30 transmitted from the IC card 10, and the communication between the IC card 10 and the service terminal 60 is completed (S56).
- service terminal 60 when service terminal 60 receives storage instruction information 30 transmitted from IC card 10 (S20), content data requested from IC card 10 is stored in storage instruction information 30. Transmit to the specified relay terminal 40 (S22 to S28).
- FIG. 10 is a diagram showing in detail the processing of service terminal 60 and relay terminal 40.
- the service terminal 60 encrypts the data to be transmitted with the session key and generates encrypted data (S90).
- the service terminal 60 deletes the session key used for encryption (S92).
- the service terminal 60 adds a header to the encrypted data and transmits it to the relay terminal 40 (S94).
- FIG. 11A and FIG. 11B are diagrams showing examples of data transmitted from the service terminal 60 to the relay terminal 40.
- a header is added to the encrypted data in the data transmitted here. It is preferable to adopt the TLV format for the header.
- Figure 11B shows the contents of the data contained in the header.
- the header includes a terminal middleware (MW) ID that identifies the relay terminal 40 and storage instruction information 30.
- MW terminal middleware
- the header may include a session ID, data ID, and R / W ID.
- the communication unit 50 of the relay terminal 40 receives the encrypted data transmitted from the service terminal 60 (S96). Then, the middle terminal 40 transmits a response signal regarding the reception process of the encrypted key data to the service terminal 60 (S98). The service terminal 60 receives the response signal, and the service terminal 60 and the relay terminal Communication with 40 is completed (S100). The operation up to this point completes the transmission of the encryption key data and the response shown in FIG. 2 (S26, S28).
- the relay terminal 40 writes the received encrypted data to the IC card 10 (S30).
- FIG. 12 is a diagram showing in detail the processing of relay terminal 40 and IC card 10
- FIG. 13 is a diagram showing the flow of data when data is written to IC card 10.
- the card when the relay terminal 40 receives the storage instruction information 30 and the encryption key data transmitted from the service terminal 60 (S 110), the card is designated with an application ID for the IC card 10. Instruct to start application 16 (S 112). Specifically, the card access control unit 54 of the middle I terminal 40 transmits an IC access command for starting the card application 16.
- the card control unit 14 of the IC card 10 activates the designated card application 16 and transmits the processing result to the relay terminal 40 (S114).
- the card access control unit 54 of the relay terminal 40 transmits the encrypted data to the IC card 10 and at the same time encrypts the encrypted data to the storage destination address specified by the storage instruction information 30.
- Data storage is instructed (S116).
- the card application 16 of the IC card 10 decrypts the received encrypted data with the session key (S118), and passes the decrypted data to the card control unit 14 (S120).
- the card control unit 14 encrypts the decrypted data with the storage key (S122), and stores the encrypted data in the secure memory area 18 (S124).
- the card control unit 14 Upon receiving the OK notification indicating the result of correctly storing the encryption key data (S126), the card control unit 14 notifies the card application 16 of the storage processing result (S128).
- the card application 16 When the card application 16 receives an OK notification indicating the result of correctly storing data, the card application 16 deletes the session key (S130) and transmits the result to the card control unit 14 (S132). Upon receiving an OK notification from the card application 16, the card control unit 14 releases the storage destination memory secured as a temporary storage destination at the time of error (S133). Then, the storage instruction information 30 is deleted (S134), and the result of the data storage process is transmitted to the relay terminal 40 (S136). When receiving the OK notification indicating the result of correctly storing the data, the relay terminal 40 deletes the storage instruction information 30 (S138). Note that the processing order of the session key deletion process (S128 to S132) and the storage destination memory release process (S133) is not limited to the above, and may be switched.
- step S133 may be omitted.
- the operation of writing data normally when the IC card 10 is busy has been described.
- an operation when the TRM 12 of the IC card 10 is busy when data is written to the secure memory area 18 will be described.
- the outline of the operation will be described.
- the relay terminal 40 temporarily stores the encryption key data in the normal memory area 20, and stores the storage instruction information 30 at a suitable timing. From the normal memory area 20 to the secure memory area 18 based on the storage instruction information 30.
- the busy state of the IC card 10 may be detected by an error notification when the IC card 10 is accessed, or may be determined by the card access control unit 54 of the relay terminal 40.
- FIG. 14 is a diagram showing processing of the relay terminal 40 and the IC card 10
- FIG. 15 is a diagram showing a data flow when the IC card 10 is busy when data is written to the secure memory.
- the card application 16 is activated by specifying an application ID for the IC card 10. Is instructed (S142). Specifically, the IC access command for starting the card access control unit 54 power card application 16 of the terminal 40 is transmitted. Since the IC card 10 is busy, the IC card 10 transmits an NG processing result indicating that the application has failed to start to the relay terminal 40 (S144).
- the relay terminal 40 When receiving the NG processing result from the IC card 10, the relay terminal 40 stores the encrypted data in the normal memory area 20 of the IC card 10 (S146). Specifically, the card access control unit 54 of the relay terminal 40 specifies the temporary storage destination address specified in the storage instruction information 30 and transmits a memory access command. Since the memory access command is always accepted by the IC card 10 and an area for storing data is secured in the normal memory area 20, the encrypted data can be reliably stored in the normal memory area 20. Here, as shown in FIG. 15, the encrypted data received by the relay terminal 40 is stored in the normal memory area 20 as it is. If only the normal memory is specified as the storage location at the time of error in the storage instruction information 30, the address of the storage location is dynamically set by the card controller.
- the card control unit adds the address where the data is stored to the storage location at the time of the error in the storage instruction information 30 held inside.
- the card application 16 activation instruction S14
- the direct encryption key data is directly stored in the normal memory area 20 of the IC card 10 (S146) without receiving the processing result of 2) and NG (S144).
- the relay terminal 40 When the relay terminal 40 receives the OK processing result indicating that the encryption key data storage into the normal memory area 20 is successful from the IC card 10 (S148), it deletes the storage instruction information 30. (S150). With the above operation, data can be temporarily stored in the normal memory area 20 when the IC card 10 is busy.
- FIG. 16 is a diagram showing processing of the relay terminal 40 and the IC card 10
- FIG. 17 is a diagram showing a data flow when data stored in the normal memory area 20 is moved to the secure memory area 18. is there.
- relay terminal 40 transmits an acquisition request for storage instruction information 30 to IC card 10 (S160).
- the timing to send the acquisition request for the storage instruction information 30 may be when a certain time has elapsed after detecting the busy state of the IC card 10, or an IC card access command for monitoring the state of the IC card 10 is sent to the IC card. It can be sent to card 10 and an OK response is received.
- the card control unit 14 of the IC card 10 When the card control unit 14 of the IC card 10 receives the acquisition request for the storage instruction information 30 from the relay terminal 40, the card control unit 14 transmits the storage instruction information 30 to the relay terminal 40 (S162). Next, the relay terminal 40 designates the application ID designated by the acquired storage instruction information 30, and transmits an IC access command for starting the powerful application 16 to the IC card 10 (S164). Upon receiving the IC access command, the card control unit 14 of the IC card 10 performs the activation process of the designated card application 16, and transmits the processing result to the relay terminal 40 (S166). In the example shown in FIG. 16, the card application 16 is normally activated, and OK is transmitted to the relay terminal 40 as a processing result.
- Relay terminal 40 transmits an instruction to move data from normal memory area 20 to secure memory area 18 to IC card 10 after activation of card application 16 (S168). Specifically, the address where the encrypted data is temporarily stored and the address of the secure memory area 18 that is the storage destination are extracted from the storage instruction information 30, and the IC access command including the extracted address information is transmitted to the IC card 10. To do. Card application 16 of IC card 10 receives data from relay terminal 40 When the move command is received, the data is moved based on the received data move command. That is, the card application 16 accesses the normal memory area 20 based on the designated storage address, and reads out the encrypted data stored in the normal memory area 20 (S170, SI 72). Subsequently, the card application 16 decrypts the read encrypted data with the session key (S174), and passes the decrypted data and the storage address of the data to the card control unit 14 (S176).
- the card control unit 14 encrypts the data passed from the card application 16 with the storage key (S178), and stores the encrypted data in the secure memory area 18 indicated by the designated storage destination address. Store (S180).
- the card control unit 14 receives an OK response indicating that the encryption key data has been successfully stored (S182)
- the card control unit 14 transmits an OK response to the card application 16 (S184).
- the card application 16 deletes the session key (S186), and transmits an OK response to the card control unit 14 (S188).
- the card control unit 14 deletes the storage instruction information 30 (S190), and transmits an OK response to the relay terminal 40 (SI 92).
- the relay terminal 40 When the relay terminal 40 receives from the IC card 10 an OK notification indicating that the data movement has been completed successfully, the relay terminal 40 deletes the storage instruction information 30 (S194). Note that the memory area of the temporary storage destination of the data secured in step 72 is released by this data movement (S170, SI72). As described above, the data temporarily stored in the normal memory area 20 can be moved to the secure memory area 18 by the operations shown in FIGS.
- FIG. 27 is a diagram showing processing of the relay terminal 40 and the IC card 10 when the storage destination reservation time limit has come.
- the card access control unit 54 of the relay terminal 40 notifies the card control unit 14 that the date and time indicated in the “storage location securing deadline” has been reached, or the relay terminal 40 enters the card control unit 14. It is detected by acquiring the stored instruction information 30.
- the relay terminal 40 When detecting by a notification from the card control unit 14, the relay terminal 40 immediately acquires the storage instruction information 30 from the IC card 10.
- the acquisition of the storage instruction information 30 is the same as the procedure shown in FIG. 16, and is omitted in FIG.
- the card access control unit 54 of the relay terminal 40 detects that the date and time indicated in the "storage destination securing deadline" has been reached (S271), the data stored in the normal memory area 20 is again stored in the secure memory. Process to move to area 18. Specifically, the application ID specified by the storage instruction information 30 is specified, and an IC access command for starting the card application 16 is transmitted to the IC card 10 (S272). If the card application 16 fails to start (S273), or if an error occurs during data movement processing as shown in Fig. 16 54 sends a clear command to the card controller 14 (S274).
- the card control unit 14 Upon receiving the clear command, the card control unit 14 deletes data temporarily stored in the normal memory (S275 to S277), removes the session key stored in the card application IJ (S278 to S280), step 68. Release secure memory area 18 secured in (S281). Then, the storage instruction information 30 is deleted (S282), and the relay terminal 40 is notified of the success (S283). The relay terminal 40 receives the notification and deletes the storage instruction information 30 acquired in advance (S284). Note that the processing order of the deletion process of the data temporarily stored in the normal memory, the deletion process of the session key stored in the card application, and the release process of the secure memory area 18 is not limited to the above, and the order may be changed. Good.
- the operation shown in FIG. 27 can prevent the remaining memory from becoming small even though no data is stored while the secure memory area is secured.
- the card access control unit 54 of the relay terminal 40 is always connected to the card control unit 14 when the IC card 10 is inserted into the relay terminal 40 and the initial processing of the IC card is performed.
- the storage instruction information 30 is saved and a check is performed. If the storage instruction information 30 has been stored, the storage data transfer process described above is performed. In addition, when the storage location reservation period has expired, clear processing shown in Fig. 27 is performed.
- the IC card 10 of the first embodiment stores the storage instruction information 30 specifying the data storage destination and the temporary storage destination, and stores it in the card control unit 14.
- the data in the secure memory area 18 of the IC card 10 is written from the relay terminal 40 and the TRM12 of the IC card 10 is busy, the data is temporarily stored in the normal memory area 20 of the temporary storage destination. The data is later moved to the secure memory area 18 which is the final storage destination. As a result, data can be reliably stored in the secure memory area 18 of the IC card 10 even when the TRM 12 is busy.
- the relay terminal 40 deletes the storage instruction information 30 after temporarily storing the data in the normal memory area 20, and reads the storage instruction information 30 from the IC card 10 when the data is moved later. Therefore, it is possible to reduce the risk of reading the storage instruction information 30 including the address of the temporary storage destination of data from the relay terminal 40, and to improve the security.
- the relay terminal 40 of the data transmission destination is determined according to the data attribute information, and the storage instruction information 30 including the transmission destination information for specifying the relay terminal 40 is transmitted to the service terminal 60,
- the service terminal 60 can transmit data to the appropriate relay terminal 40.
- the card control unit 14 secures a storage destination in the secure memory area 18, data can be stored in the secure memory area 18 without causing a memory shortage, and according to the storage destination securing deadline.
- the relay terminal 40 executing the clear process, it is possible to prevent the memory from being secured and reducing the available area of the secure memory area.
- the relay terminal 40 since the relay terminal 40 always checks for the storage instruction information 30 when the IC card 10 is newly inserted, the data to be securely stored remains stored in the normal memory area 20. It is possible to prevent a situation from occurring and improve security.
- the basic configuration of the IC card system according to the modification is the same as that of the IC card system of the first embodiment.
- the operation when moving data from the normal memory area 20 to the secure memory area 18 is different.
- FIG. 18 is a diagram showing the processing of the relay terminal 40 and the IC card 10, and FIG. 19 shows the data flow when the data stored in the normal memory area 20 is moved to the secure memory area 18. It is a figure.
- the operation of moving data from the normal memory area 20 to the secure memory area 18 is basically the same as that of the first embodiment, but the data move command transmitted by the IC card 10 is used. Is different in that the temporary storage address and the storage address are not included.
- the card application 16 of the IC card 10 reads the storage instruction information 30 stored in the card control unit 14 (S210, S212), and stores the temporary storage destination address and the storage destination. Get the address.
- the operation after acquiring the temporary storage destination address and the storage destination address is the same as that of the IC card system of the first embodiment.
- IC card system according to a second embodiment of the present invention.
- the basic configuration of the IC card system of the second embodiment is the same as that of the IC card system of the first embodiment, but the configuration of the IC card 10 used in the second embodiment is the same. This is different from the first embodiment. Accordingly, the procedure for moving data temporarily stored in the normal memory area 20 to the secure area is also different from that in the first embodiment.
- FIG. 20 is a diagram showing a configuration of the IC card 10 used in the second embodiment. Unlike the first embodiment, the IC card 10 of the second embodiment cannot access the normal memory area 20 by the TRM 12. With this configuration, it is possible to further improve security by separating the TRM 12 and the secure memory area 18 from the normal memory area 20.
- FIG. 21 is a diagram showing processing of the relay terminal 40 and the IC card 10
- FIG. 22 is a diagram showing a data flow when the data stored in the normal memory area 20 is moved to the secure memory area 18. is there.
- the operation until the relay terminal 40 acquires the storage instruction information 30 from the IC card 10 at an appropriate timing and activates the card application 16 is the first operation. It is the same as the embodiment.
- the relay terminal 40 accesses the normal memory area 20 of the IC card 10 and reads the temporarily stored data. Specifically, the relay terminal 40 transmits a memory access command for reading the encrypted data from the storage destination address specified in the storage instruction information 30 (S248), and receives the data from the IC force 10 ( S250).
- the relay terminal 40 transmits the encrypted data read from the normal memory area 20 to the IC card. 10 and an IC access command for storing the encrypted data is transmitted (S252).
- the card application 16 of the IC card 10 decrypts the received encrypted data with the session key (S254), and passes the decrypted data to the card control unit 14 (S256).
- the card control unit 14 encrypts the data passed from the card application 16 with the storage key (S258), and stores the encrypted data in the secure memory area 18 (S260).
- the operation after the card control unit 14 stores data in the secure memory area 18 (S262 to S274) is the same as that in the first embodiment.
- the relay terminal 40 reads data temporarily stored in the normal memory area 20 of the IC card 10 and writes the read data in the secure memory area 18.
- the TRM 12 cannot access the normal memory area 20, and the type IC card 10 has an effect that data can be reliably received as in the first embodiment.
- the IC card system according to the modified example is different from the second embodiment in that the terminal memory area (RAM) 44 temporarily stores data received by the relay terminal 40.
- RAM terminal memory area
- FIG. 23 is a diagram showing processing of the relay terminal 40 and the IC card 10, and FIG. 24 is the terminal memory area 4
- FIG. 4 is a diagram showing a data flow when data stored in 4 is moved to the secure memory area 18.
- FIG. 4 is a diagram showing a data flow when data stored in 4 is moved to the secure memory area 18.
- the operation until the relay terminal 40 acquires the storage instruction information 30 from the IC card 10 at an appropriate timing and activates the card application 16 is the second operation. It is the same as the embodiment.
- the card access control unit 54 of the relay terminal 40 accesses the terminal memory area 44 after starting the powerful application 16 (S288), and reads the temporarily stored data (S290).
- the operation after reading the temporarily stored data is the same as that of the second embodiment.
- the received data is temporarily stored in the terminal memory area 44, and the data in the terminal memory area 44 force secure memory area 18 is moved.
- Normal memory area 20 remaining capacity is not limited. That is, even when the remaining capacity of the normal memory area 20 is small, the IC card 10 can reliably receive data.
- signature verification may be performed with a session key when data is written from the relay terminal 40 to the IC card 10.
- FIG. 25 is a diagram showing a data writing process including a signature verification step S330 using a session key. As shown in FIG. 25, the security can be further improved by performing signature verification using the session key after the IC card 10 receives the encrypted data.
- a configuration may be adopted in which a session key is managed for each session ID.
- FIG. 26 is a diagram showing a data write process including step S332 of selecting a session key according to the session ID.
- the header ID also reads out the session ID and selects a session key corresponding to the session ID. Then, the IC card 10 decrypts the data using the selected session key.
- an appropriate session key can be selected according to the session ID, data can be appropriately processed even when there are multiple sessions for transmitting data from the service terminal 60 to the IC card 10.
- the IC card 10 has been described as an example of the secure device, but the present invention can also be applied to a secure device other than the IC card.
- the present invention has an effect that data can be reliably written to a secure memory, and is useful as a secure device having a tamper resistant area.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/597,953 US8184810B2 (en) | 2004-11-08 | 2005-11-02 | Secure device and relay terminal |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-323873 | 2004-11-08 | ||
JP2004323873 | 2004-11-08 | ||
JP2005-300832 | 2005-10-14 | ||
JP2005300832A JP4794269B2 (ja) | 2004-11-08 | 2005-10-14 | セキュアデバイスおよび中継端末 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006049224A1 true WO2006049224A1 (ja) | 2006-05-11 |
Family
ID=36319229
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/020237 WO2006049224A1 (ja) | 2004-11-08 | 2005-11-02 | セキュアデバイスおよび中継端末 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8184810B2 (ja) |
JP (1) | JP4794269B2 (ja) |
WO (1) | WO2006049224A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008519478A (ja) * | 2004-11-02 | 2008-06-05 | ノキア コーポレイション | メッセージ・コンテント・プロパティの情報受信者装置 |
US9900559B2 (en) | 2011-05-23 | 2018-02-20 | Olympus Corporation | Endoscope system |
JP2021043517A (ja) * | 2019-09-06 | 2021-03-18 | 株式会社東芝 | 携帯可能電子装置、及びicカード |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8479288B2 (en) * | 2006-07-21 | 2013-07-02 | Research In Motion Limited | Method and system for providing a honeypot mode for an electronic device |
JP2008102861A (ja) * | 2006-10-20 | 2008-05-01 | Dainippon Printing Co Ltd | Icカード及びicカード用プログラム |
FR2910666B1 (fr) * | 2006-12-26 | 2013-02-08 | Oberthur Card Syst Sa | Dispositif electronique portable et procede de securisation d'un tel dispositif |
WO2009031065A1 (en) * | 2007-09-03 | 2009-03-12 | Nxp B.V. | Mobile communication device and method for swapping mifare applications |
FR2925968B1 (fr) * | 2007-12-26 | 2011-06-03 | Ingenico Sa | Procede de securisation d'un microprocesseur, programme d'ordinateur et dispositif correspondants |
KR101714108B1 (ko) * | 2009-12-04 | 2017-03-08 | 크라이프토그라피 리서치, 인코포레이티드 | 검증가능 누출 방지 암호화 및 복호화 |
DE102010013202A1 (de) * | 2010-03-29 | 2011-09-29 | Giesecke & Devrient Gmbh | Verfahren zum sicheren Übertragen einer Anwendung von einem Server in eine Lesegeräteinheit |
JP5552870B2 (ja) * | 2010-04-01 | 2014-07-16 | ソニー株式会社 | メモリ装置、ホスト装置、およびメモリシステム |
JP5280402B2 (ja) * | 2010-05-25 | 2013-09-04 | 日本電信電話株式会社 | アプリケーションダウンロード方法、及びそのシステム |
US9152505B1 (en) * | 2012-03-29 | 2015-10-06 | Amazon Technologies, Inc. | Verified hardware-based erasure of data on distributed systems |
JP2014186367A (ja) * | 2013-03-21 | 2014-10-02 | Toshiba Corp | Icカード及び携帯可能電子装置 |
JP6397200B2 (ja) * | 2014-03-31 | 2018-09-26 | フェリカネットワークス株式会社 | 管理サーバ、およびデータ処理方法、並びにプログラム |
DE102014221956A1 (de) * | 2014-10-28 | 2016-05-12 | Bayerische Motoren Werke Aktiengesellschaft | Vorrichtung, Fahrzeug, Verfahren und Computerprogramm für einen Relay-Sendeempfänger und eine Netzwerkkomponente |
KR20170001221A (ko) * | 2015-06-26 | 2017-01-04 | 에스프린팅솔루션 주식회사 | 화상형성장치, 그의 데이터 기록 방법 및 비일시적 컴퓨터 판독가능 기록매체 |
US9830099B1 (en) | 2015-09-17 | 2017-11-28 | Amazon Technologies, Inc. | Secure erase of storage devices |
US10338845B1 (en) | 2016-09-01 | 2019-07-02 | Amazon Technologies, Inc. | Self-erasing portable storage devices |
WO2019183459A1 (en) * | 2018-03-23 | 2019-09-26 | Micron Technology, Inc. | Storage device authenticated modification |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06502271A (ja) * | 1991-08-07 | 1994-03-10 | アダプテック・インコーポレイテッド | 計算機バスとディスクドライブ間のデータの複数のセクタの自動読み出し及び自動書き込みインテリジェントハードウェア |
JPH0895715A (ja) * | 1994-09-21 | 1996-04-12 | Seiko Epson Corp | 外部記憶制御装置及び情報処理装置 |
JPH08101751A (ja) * | 1994-09-30 | 1996-04-16 | Mitsubishi Electric Corp | Pcカード及びpcカードシステム |
JP2000040138A (ja) * | 1998-07-23 | 2000-02-08 | Mitsui High Tec Inc | Icカード及びicカードの認証システム |
JP2002124960A (ja) * | 2000-10-16 | 2002-04-26 | Link Evolution Corp | 通信装置、通信システム、及び、通信方法 |
JP2003085034A (ja) * | 2001-09-12 | 2003-03-20 | Hitachi Ltd | 不揮発性記憶装置およびデータ格納方法 |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5590306A (en) * | 1992-09-08 | 1996-12-31 | Fuji Photo Film Co., Ltd. | Memory card management system for writing data with usage and recording codes made significant |
KR970008188B1 (ko) * | 1993-04-08 | 1997-05-21 | 가부시끼가이샤 히다찌세이사꾸쇼 | 플래시메모리의 제어방법 및 그것을 사용한 정보처리장치 |
US6708274B2 (en) * | 1998-04-30 | 2004-03-16 | Intel Corporation | Cryptographically protected paging subsystem |
US6575372B1 (en) * | 1997-02-21 | 2003-06-10 | Mondex International Limited | Secure multi-application IC card system having selective loading and deleting capability |
US6317832B1 (en) * | 1997-02-21 | 2001-11-13 | Mondex International Limited | Secure multiple application card system and process |
JP3233079B2 (ja) * | 1997-09-30 | 2001-11-26 | ソニー株式会社 | データ処理システム及びデータ処理方法 |
US7870239B1 (en) * | 1998-06-30 | 2011-01-11 | Emc Corporation | Method and system for securing network access to dynamically updateable data stored in a data storage system |
CA2338634C (en) * | 1999-05-28 | 2007-06-26 | Matsushita Electric Industrial Co., Ltd. | A semiconductor memory card, playback apparatus, recording apparatus, playback method, recording method, and computer-readable recording medium |
WO2001016821A2 (en) * | 1999-09-01 | 2001-03-08 | Matsushita Electric Industrial Co., Ltd. | Distribution system, semiconductor memory card, receiving apparatus, computer-readable recording medium and receiving method |
US6986052B1 (en) * | 2000-06-30 | 2006-01-10 | Intel Corporation | Method and apparatus for secure execution using a secure memory partition |
JP2002229861A (ja) * | 2001-02-07 | 2002-08-16 | Hitachi Ltd | 著作権保護機能つき記録装置 |
JP2002342164A (ja) * | 2001-05-22 | 2002-11-29 | Hitachi Ltd | 記憶装置及びデータ処理装置並びに記憶部制御方法 |
EP1402372B1 (en) * | 2001-07-05 | 2017-09-20 | Panasonic Intellectual Property Management Co., Ltd. | Recording apparatus, medium, method, and related computer program |
US7426644B1 (en) * | 2001-12-05 | 2008-09-16 | Advanced Micro Devices, Inc. | System and method for handling device accesses to a memory providing increased memory access security |
US6854039B1 (en) * | 2001-12-05 | 2005-02-08 | Advanced Micro Devices, Inc. | Memory management system and method providing increased memory access security |
JP4268367B2 (ja) * | 2002-03-18 | 2009-05-27 | 博幸 荻野 | 半導体メモリの検査および欠陥救済方法、並びに半導体メモリの検査および欠陥救済回路 |
JP2004030102A (ja) * | 2002-06-25 | 2004-01-29 | Sony Corp | 情報記憶装置、およびメモリアクセス制御システム、および方法、並びにコンピュータ・プログラム |
JP2004079138A (ja) * | 2002-08-22 | 2004-03-11 | Renesas Technology Corp | 不揮発性半導体記憶装置 |
JP2004199138A (ja) * | 2002-12-16 | 2004-07-15 | Matsushita Electric Ind Co Ltd | メモリデバイスとそれを使用する電子機器 |
JP4242682B2 (ja) * | 2003-03-26 | 2009-03-25 | パナソニック株式会社 | メモリデバイス |
EP1521162A3 (en) * | 2003-09-30 | 2008-02-27 | Matsushita Electric Industrial Co., Ltd. | Method of managing file structure in memory card |
JP2005122402A (ja) * | 2003-10-15 | 2005-05-12 | Systemneeds Inc | Icカードシステム |
US7814554B1 (en) * | 2003-11-06 | 2010-10-12 | Gary Dean Ragner | Dynamic associative storage security for long-term memory storage devices |
KR101037006B1 (ko) * | 2003-11-28 | 2011-05-25 | 파나소닉 주식회사 | 데이터 처리장치 |
JP2005332221A (ja) * | 2004-05-20 | 2005-12-02 | Renesas Technology Corp | 記憶装置 |
JP2006039966A (ja) * | 2004-07-27 | 2006-02-09 | Toshiba Corp | メモリカードおよびメモリカードに搭載されるカード用コントローラ並びにメモリカードの処理装置 |
JP4856400B2 (ja) * | 2005-07-06 | 2012-01-18 | ルネサスエレクトロニクス株式会社 | 記憶装置及び情報処理端末 |
US8090939B2 (en) * | 2005-10-21 | 2012-01-03 | Hewlett-Packard Development Company, L.P. | Digital certificate that indicates a parameter of an associated cryptographic token |
-
2005
- 2005-10-14 JP JP2005300832A patent/JP4794269B2/ja not_active Expired - Fee Related
- 2005-11-02 US US11/597,953 patent/US8184810B2/en not_active Expired - Fee Related
- 2005-11-02 WO PCT/JP2005/020237 patent/WO2006049224A1/ja active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06502271A (ja) * | 1991-08-07 | 1994-03-10 | アダプテック・インコーポレイテッド | 計算機バスとディスクドライブ間のデータの複数のセクタの自動読み出し及び自動書き込みインテリジェントハードウェア |
JPH0895715A (ja) * | 1994-09-21 | 1996-04-12 | Seiko Epson Corp | 外部記憶制御装置及び情報処理装置 |
JPH08101751A (ja) * | 1994-09-30 | 1996-04-16 | Mitsubishi Electric Corp | Pcカード及びpcカードシステム |
JP2000040138A (ja) * | 1998-07-23 | 2000-02-08 | Mitsui High Tec Inc | Icカード及びicカードの認証システム |
JP2002124960A (ja) * | 2000-10-16 | 2002-04-26 | Link Evolution Corp | 通信装置、通信システム、及び、通信方法 |
JP2003085034A (ja) * | 2001-09-12 | 2003-03-20 | Hitachi Ltd | 不揮発性記憶装置およびデータ格納方法 |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008519478A (ja) * | 2004-11-02 | 2008-06-05 | ノキア コーポレイション | メッセージ・コンテント・プロパティの情報受信者装置 |
US8321954B2 (en) | 2004-11-02 | 2012-11-27 | Core Wireless Licensing S.A.R.L. | Informing recipient device of message content properties |
US9369306B2 (en) | 2004-11-02 | 2016-06-14 | Microsoft Technology Licensing, Llc. | Informing recipient device of message content properties |
US9900559B2 (en) | 2011-05-23 | 2018-02-20 | Olympus Corporation | Endoscope system |
JP2021043517A (ja) * | 2019-09-06 | 2021-03-18 | 株式会社東芝 | 携帯可能電子装置、及びicカード |
JP7446746B2 (ja) | 2019-09-06 | 2024-03-11 | 株式会社東芝 | 携帯可能電子装置、及びicカード |
Also Published As
Publication number | Publication date |
---|---|
JP2006155589A (ja) | 2006-06-15 |
US8184810B2 (en) | 2012-05-22 |
US20070223696A1 (en) | 2007-09-27 |
JP4794269B2 (ja) | 2011-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4794269B2 (ja) | セキュアデバイスおよび中継端末 | |
JP4856400B2 (ja) | 記憶装置及び情報処理端末 | |
CN113726875B (zh) | 一种基于区块链一体机的交易处理方法及装置 | |
US8000755B2 (en) | Information-communication terminal device and automatic backup system including the same | |
US7716522B2 (en) | Information processing system and method for executing process during communication error | |
JP5353707B2 (ja) | 電子バリュー交換システム、端末装置、及び復旧装置 | |
WO2008009095A1 (en) | Method, system and smart card reader for management of access to a smart card | |
WO2007119594A1 (ja) | セキュアデバイス及び読み書き装置 | |
JP6111427B2 (ja) | 携帯型記録媒体、携帯型記録媒体を含むシステム、携帯型記録媒体のデータ復旧方法 | |
JP4853462B2 (ja) | 権限委譲システム、id管理サーバ、権限委譲方法および権限委譲プログラム | |
EP1793313B1 (en) | External memory management apparatus and external memory management method | |
JP2008015783A (ja) | 電子バリュー交換システム、端末装置、復旧装置及びそれらに用いる電子バリュー交換方法 | |
JP4684775B2 (ja) | 記憶装置 | |
JP4506647B2 (ja) | 計算機システム | |
CN113704773B (zh) | 继电保护安全芯片操作系统及其通信方法 | |
CN100474327C (zh) | 安全设备、中继终端及操作安全设备的方法 | |
KR101722159B1 (ko) | 보안 메모리 카드 | |
JP4914958B2 (ja) | コンピュータ端末装置に記憶されたデータを保護するためのデータセキュリティシステム | |
JP3674201B2 (ja) | 通信システム、及び通信機能を有するデータ処理装置 | |
JP4529508B2 (ja) | 情報記憶媒体システム、情報記憶媒体、命令形式変換方法及び命令形式変換プログラム | |
EP1802033A1 (en) | Exchanging configuration information between a configurator and a device | |
CN108846300B (zh) | 一种信息处理方法及第一电子设备 | |
JP3949341B2 (ja) | エンタテインメント装置及び記録媒体 | |
US11068426B2 (en) | Portable storage device capable of transferring data to a portable storage device | |
JP5883424B2 (ja) | 可搬型半導体記憶装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11597953 Country of ref document: US Ref document number: 2007223696 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 200580037241.2 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 11597953 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05805403 Country of ref document: EP Kind code of ref document: A1 |