Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
2002-12-06
2004-12-28
Lee, Michael G. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
C235S382500, C235S375000, C235S492000, C705S041000, C361S737000
Reexamination Certificate
active
06834799
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an IC (“integrated circuit”) card to which an application having privilege is installed.
2. Description of the Prior Art
Presently, attention is paid to an IC card as a security device. An IC card or integrated circuit card is typically a card of plastic or similar materials, such as a cash card or credit card, and includes one or more integrated circuit chips embedded therein. In the United States and Europe, the IC card is sometimes referred to as a “smart card” or “intelligent card”. For the purpose of users' convenience and decreasing the entry-barrier for a business owner who wants to provide services via the IC card, a multi-application-complied card, which is a card capable of downloading applications after issuance of the card, has been under development.
Herein, a hardware constitution of the IC card is overviewed.
FIG. 18
is a function block diagram regarding the hardware of the IC card. An IC card
1800
includes a CPU
1801
, a ROM
1802
, a RAM
1803
, an EEPROM
1804
, and an I/O IF
1805
. The CPU
1801
performs an arithmetic operation. The ROM
1802
is a read-only memory where rewriting is impossible. Contents stored in the ROM
1802
are fixed when the IC card
1800
is manufactured, and they cannot be changed later. The RAM is a readable/writable memory. The EEPROM
1804
is also a readable/writable memory. The contents of the RAM
1803
are erased when a power source is turned off, whereas the contents of the EEPROM
1804
are held even if the power source is turned off. The I/O IF
1805
is assigned to data exchange with a unit outside the IC card. A program executed in the CPU
1801
is generally referred to as an ‘application’. Codes for executing the application are stored in the ROM
1802
or the EEPROM
1804
. There are cases where the IC card
1800
includes a coprocessor for encryption, which is used for encryption control, other than the case shown in FIG.
18
.
FIG. 19
is a view explaining the relationships among applications executed in the CPU
1801
, where an application called a card manager
1902
is in a ROM
1901
of an IC card
1900
, and there also exist a privileged API (application programming interface)
1906
and a general API
1907
. The card manager
1902
is an application to control an operation of an application operating in the IC card
1900
. The operation control of the application is activation, termination, deletion, download, or the like of the application. The card manager
1902
performs the control in cooperation with a virtual machine (VM) or an OS of the IC card. The privileged API
1906
is an application interface for executing a privilege manipulation that the card manager
1902
uses. For example, an operation for control such as download, activation, and termination of the application is an example of the privilege manipulation. The general API
1907
is an application interface for executing an operation that does not need the privilege. An AP.
1
(
1903
), an AP.
2
(
1904
), and an AP.
3
(
1905
) are applications that are stored in the ROM
1802
or the EEPROM
1804
and executed under control of the card manager
1902
. Since these applications cannot execute the privilege manipulation, they can only use the general API
1907
of the application interfaces provided by the ROM
1802
. The privileged API
1906
is open only to the card manager
1902
to prevent the applications other than the card manager
1902
from performing the privilege manipulation, or confirmation described below is performed to prevent the other applications from performing the privilege manipulation even in the case where the privileged API
1906
is open to the other applications. Specifically, inside the privileged API
1906
, it checks with an identifier or a memory address indicated by a program counter of an application that tries to use the privileged API
1906
, and thus confirms that the application is the card manager
1902
.
In developing the above-described multi-application-complied card, various kinds of card managers that control downloaded applications have been examined and card managers having various kinds of specifications have been proposed. This tendency is increasing with higher demand for the IC card, and it is expected that a greater number of card manager specifications will be proposed.
However, only one card manger can be installed to a conventional IC card, and the codes of the card manager are stored in the ROM where rewriting of contents is impossible. For this reason, manufacturers have no other choice but to develop a card manger for every specification and manufacture the IC card by storing the card manger in the ROM, which is not desirable from the viewpoint of cost and man-hours. Further, this causes a general user to have many IC cards, which is inconvenient.
SUMMARY OF THE INVENTION
To solve the above-described problems, the present invention provides an IC card that has a card manager capable of downloading an application having a privilege. The application having the privilege is downloaded and operated; download, activation, termination or the like of other applications are performed under control of the application having the privilege, and thus the application having the privilege serves as the card manager. Even if the card managers having various kinds of specifications are proposed as described above, the user does not need to have a plurality of the IC cards when such card managers are downloaded as the application having the privilege. Furthermore, an operation equivalent to version upgrading of the card manager stored in the ROM can be performed as well.
When the IC card is made to be capable of downloading the application having the privilege, the application needs to be distinguished from a general application. Consequently, in the present invention, the card manager stored in the ROM has privileged AP control means that determines whether or not the downloaded application has the privilege. Further, the general application is prevented from accessing the privileged API to perform the privilege manipulation.
REFERENCES:
patent: 4454414 (1984-06-01), Benton
patent: 5408082 (1995-04-01), Takagi et al.
patent: 6005942 (1999-12-01), Chan et al.
patent: 6233683 (2001-05-01), Chan et al.
patent: 6390374 (2002-05-01), Carper et al.
patent: 6481632 (2002-11-01), Wentker et al.
patent: 0933717 (1999-08-01), None
patent: 0949595 (1999-10-01), None
patent: 00/25278 (2000-05-01), None
“Java Card(TM) 2.1.1. Runtime Environment (JCRE) Specification”, Sun Microsystems, Inc., May 18, 2000, p. 3-53.
Inoue Kazunori
Kikuchi Takafumi
Sakushima Kazuo
Tanabiki Masamoto
Kim Ahshik
Lee Michael G.
Matsushita Electric - Industrial Co., Ltd.
Pitney Hardin LLP
LandOfFree
IC card with capability of having plurality of card managers... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with IC card with capability of having plurality of card managers..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and IC card with capability of having plurality of card managers... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3336492