The present invention relates to a data processing method, its apparatus, its program, a semiconductor circuit, and an authentication apparatus useful in the case of conducting a transaction through a network using an IC (integrated circuit) built into a card or a mobile terminal apparatus.
At the present time, communication systems using IC cards etc. for transactions through the Internet and other networks are being developed.
In such a communication systems, a server receives from for example reader/writers of IC cards or PCs (personal computers) processing requests using the IC cards and performs user authentication, data encryption and decryption, and other processing.
In the above explained communication system, however, it is envisioned that processing requests for a large number of IC cards will be received simultaneously or in short time periods.
In this case, the server has to be able to efficiently handle such processing requests.
Further, a server sometimes executes a plurality of application programs for processing for procedures relating to a plurality of settlement businesses and performs processing using selected application programs in accordance with the processing requests. Such processing requests also have to be efficiently handled.
Further, in the above explained communication system, the application program executed by the server has to describe codes using key information for accessing IC cards and operational commands for operating the IC cards. Here, the key information and operational commands can be known only by the manager of the server if expecting security of transactions using the IC cards.
Therefore, in the past, the manager of the server produced and customized the application programs upon request from the above service providers.
With the manager of the server producing and customizing application programs in this way, however, there is the problem that the load on the manager becomes great.
Further, in the above explained server, for example, application programs of a plurality of credit card companies or other businesses run. Such application programs are produced by the individual businesses and downloaded to the server using personal computers etc.
As explained above, however, when the above explained server runs application programs of a plurality of businesses, it is necessary to ensure that the processing of each application program not be monitored or tampered with by another application program.
On the other hand, there is a demand for providing diverse services while transferring data between application programs.
Further, individual businesses download their application programs to the server, then debug them in accordance with need.
When individual businesses download application programs to the server or debug those application programs in this way, however, it is necessary to prevent programs in the server from being illicitly tampered with.
As a technique for realizing this, for example, there is the technique of authentication processing using key information when accessing the server. Usually, such key information is stored in the memory of a terminal apparatus (personal computer), however, so there is the possibility of illicit use and there is a problem in security.
Further, the LSI forming the above explained server has a built-in CPU. The CPU sometimes accesses a memory outside of the LSI chip.
In such a case, data flows over the bus provided between the LSI chip and external memory, so that data can be viewed by probing the bus.
When the above explained server performs e-commercial transactions, personal authentication, and other highly confidential processing, however, as explained above, there is a problem in security if the data is probed.
Further, the above explained server is sometimes comprised of a single computer.
In this case, a single computer runs a plurality of programs relating to a plurality of services provided by different businesses. When those services handle highly confidential data such as with settlements, there is the problem that there is a possibility of the highly confidential data owned by each business being illicitly acquired or tampered with by another business.
Further, there have been the following problems when using a conventional general computer as the above explained computer.
FIG. 133 shows the basic configuration of a general computer 601.
In the computer 601 shown in FIG. 133, a CPU 602 performs processing using the instructions and data of a program read from a memory 603.
The CPU 602 outputs an address for access in the memory 603 to an address bus 604.
Further, the CPU 602 reads from the memory 603 or writes in it according to a control signal S602.
The module A, module B, and module C stored in the memory 603 are processing units of a program having specific functions.
A debugger 605 checks the operation of the CPU 602 at the time of development of a program. It uses a HALT signal to temporarily halt the operation of the CPU 602, read internal information of the CPU 602, and inform that information to the program developer.
Here, in FIG. 133, it is assumed that the module A has a basic function used by the module B or the module C.
Here, assume that the routine of the basic function included in the module A is highly confidential. In such a case, since the module A is a basic function, it is necessary to provide an environment enabling the developer of the module B or module C to develop its program. As one means for this, there is the method of distributing a library.
This is expressed in an intermediate language between a higher language and machine language (normally called an “assembly language”), but analysis is relatively easy. There is a high possibility that the processing routine of a program desired to be kept confidential will end up becoming known.
Further, as another means, the basic module (in this example, the module A) is stored in the memory 603 in advance and, rather than using it as a library, the developer develops the software assuming that the basic module is present at a specific location.
Even with this means, however, there is the problem that it is not that hard for the developers of the modules B and C to read the module A stored in the memory 603. At this time, the read content is in a machine language of a level which the CPU 602 executes, but there are tools for converting this machine language to an assembly language. The routine can be analyzed relatively easily.
Further, there is the problem that the developers of the modules B and C can temporarily halt the execution by the CPU 602 in the middle of execution of the module A at the development stage of their programs so as to learn the data handled or the content of the same and thereby learn the entire processing routine of the program of the module A.
Further, an application program running on the above explained server handles key data, charging data, log data, and other high security data set by the service provider, so there has been a demand for protecting it from illicit tampering or monitoring.