Recently, various types of electronic information services for distributing music content and moving image content through a network such as the Internet have become prevalent. Examples of such electronic information services are a content distributing service and a mobile EC service.
Such electronic information services necessitate a content protection technology for preventing unauthorized use of content, and an EC protection technology such as an authentication technology and a billing technology at the mobile ECs. Accordingly, secure devices equipped with such technologies have already been developed and are in use.
Users, for example, mount such secure a device to their mobile telephone, to securely perform content distribution services and mobile EC services, for example, from the road.
For detailed information on the secure devices, “Secure multimedia card for content distribution and mobile commerce” The Hitachi Hyoron October, 2001, an extra issue, by MIYAKE Jun, ISHIHARA Harutsugu, and TSUNEHIRO Takashi, describes a secure multimedia card (hereinafter abbreviated as “SMMC”) equipped with a content protection technology and an EC protection technology.
There are SMMCs that are equipped with a program download function, one example of which is a JAVA Card (JAVA is a registered trademark). Programs to be downloaded here are such as a new application program and an updated version of the program already implemented on the card.
An SMMC equipped with a program download function includes, in its TRM (tamper resistant module), a cryptographic processing engine, security key information, a CPU, a RAM, a ROM, and an EEPROM. The SMMC further includes, outside the TRM, a flash memory that is large in capacity (e.g. in the range of 8 MB and 256 MB). In the SMMC, the CPU controls authentication processes and cryptographic processes, for example, using the cryptographic processing engine and the security key information. Further, the CPU acquires programs to be downloaded from an external device, and stores the acquired programs in the EEPROM mounted in the TRM, for performing the programs.
Here, the TRM is a module equipped with measures preventing external devices from performing unauthorized references, tampering, and the like, directed to data stored in the module.
Further, in the flash memory, various types of digital data such as music content and moving image content that are content of distribution are stored.
The EEPROM mounted in the TRM is an expensive device in terms storage capacity costs, compared to other memories. Accordingly, an increase in capacity of the EEPROM will have a great impact on the cost of the SMMC. In addition, from the characteristics of the device, the capacity of the EEPROM mountable to the TRM is limited; the standard capacity of EEPROM according to the current structure is about 64 KB.
Meanwhile, the application programs to be downloaded to the SSMC are expected to increase greatly in the future. In light of these factors, it will certainly become impossible to store the necessary application programs in the EEPROM of the TRM with the current structure.
There is a method of storing application programs that the EEPROM of the TRM cannot accommodate onto the flash memory outside the TRM. However, indiscriminate use of this method is not practical from a security point of view, and at least an approval from an administrator of each program is essential. To implement such a system, a new technology is desired for assuring security.
The object of the present invention is to provide a secure device that downloads a program exceeding the capacity of the storage area implemented on the TRM, while assuring security desired by the administrator of the program.