The recording capacities of portable information recording media have improved greatly with the progress of semiconductor circuit integration, and future demands are anticipated in various fields, especially with IC cards and other portable information recording media having a built-in CPU. For example, an IC card with a built-in CPU has a function of being connected as necessary to an external device (reader/writer device) and executing specific processes in accordance with command-and-response interactions with this external device. Since the process that is executed inside the IC card when a certain command is provided is determined by an OS program or an application program installed in the IC card, dedicated application programs with processing functions for various applications are normally installed inside the IC card. For example, in a case where the same IC card is to be used as a hospital registration card and as a financial account card, both an application program for a hospital registration card and an application program for a financial account must be installed in the IC card. Thus, due to the recent significant improvements in the memory capacities incorporated in IC cards, multi-application IC cards, having a plurality of application programs installed in advance, are becoming popular. IC cards, equipped with a function of adding new application programs as necessary after issue, are also being used widely. For example, Japanese Laid-open Patent Publication No. 10-79000 discloses an IC card with a function of adding programs for upgrading, etc.
A major characteristic of a portable information medium with a built-in CPU is that an advanced form of security can be ensured. For example, in the case of a general IC card that is popularly used presently, a verification process is executed in the process of starting communication with an external device upon connection of the IC card with the external device. Normally, a verification step is performed in which a verification command with verification data is received from the external device, a judgment of the propriety of the provided verification data inside the IC card is conducted, and a verification result is stored in the internal memory of the IC card. According to the verification data provided from the external device, various verification results may be obtained, such as enabling of just reading of data inside the IC card, enabling of just adding of new data, or enabling of even rewriting of existing data. Thus normally, an arrangement is adopted wherein the above-described verification process is executed at a starting point of a communication session, the verification result is stored in the memory inside the IC card, and when various commands are provided from the external device, the verification result stored in the memory is referenced to judge whether or not the execution of a provided command is enabled, and a command is executed only when it has been judged that its execution is enabled. Since a RAM or other volatile memory is used as the memory for storing the verification result, when a single communication session is completed and the external device is disconnected, the verification result is erased from within the IC card. As the verification process is required at each communication session, adequate security can be secured even in a case of loss of the IC card, etc.
As mentioned above, with built-in CPU type portable information recording media, as represented by IC cards, the installation of a plurality of application programs in accordance with applications is becoming popular. It is thus predicted that the number of application programs that are installed in a single portable information recording medium will increase further in the future. Obviously, an application command provided from an external device is processed by one program among the plurality of application programs that are installed. Thus in providing an application command, prior preparation is necessary for specifying the application program that is to perform a process. Normally, this preparation is made by providing an application selection command, which includes information that selects a specific application.
For example, let assume the case where an IC card, in which both a hospital registration application program and a financial account application program are installed, is to be used at a hospital counter. In this case, it is necessary to carry out a preparation step after connection of the IC card to an external device installed at the hospital counter. In this preparation step, a selection command for selecting the hospital registration card application program is provided from the external device to the IC card so that such a selection state is set up and a verification process unique to the application is performed so that the verification result is stored in a memory (RAM). After the selected state, in which the hospital registration card application is selected, has been set, the normal commands provided from the external device are all processed by the hospital registration card application that is in the selected state. As mentioned above, the enabling or disabling of the execution of each command is determined based on the verification result that is stored in the memory.
In order to secure an advanced degree of security in such a multi-purpose IC card, etc., as described above, arrangements must be made to perform a verification process according to each individual application. Thus with prior-art multi-purpose IC cards, etc., each time a new application is selected, a verification program concerning the selected application program must be performed. For example, let assume the case where a diagnosis and treatment record is to be written into an IC card as a hospital registration card and a diagnosis and treatment fee is to be paid using the IC card as a financial account card. In this case, after connecting the IC card to an external device installed at a hospital counter, first, a selection command for selection of the hospital registration card application program is provided from the external device to the IC card to set up the state in which the hospital registration card application is selected, and in continuation after the execution of a diagnosis and treatment record writing process, a selection command for selection of the financial account application program is provided from the external device to the IC card to set up the state in which the financial account application is selected and a process of writing the diagnosis and treatment fee payment information is executed. It is predicted that such a form of use in which a plurality of applications are used in the same communication session to perform a series of linked process will become more popular in the future.
However, with a prior-art portable information recording medium, a selection command must be provided each time an application is switched and a verification process concerning the application must also be performed each time. Thus, when a series of linked processes are to be performed by switching among a plurality of applications in the same communication session, the internal processing load of the portable information recording medium and the load of communication with an external device become excessive.
An object of this invention is thus to provide a portable information recording medium that enables adequate security to be ensured for each individual application and yet enable a series of linked processes to be performed while switching among a plurality of application programs in the same communication session.