Conventionally, a memory card is inserted into a terminal and used by the terminal to store data. An example of conventional memory cards will be described below (for example, Japanese Patent Application No. 2003-91704).
The card has a command terminal (CMD line) that receives various commands from a terminal and that returns a response to a command, and a data terminal (DAT line) that receives an input of data and that outputs data.
In an example of conventional memory card as shown in FIG. 1, terminal 4602 is the CMD line, while terminals 4607, 4608 and 4609 are DAT lines and DAT0, DAT1 and DAT2, respectively. Terminal C2-01 is CD/DAT3 that operates for data input/output and card detection (CD). With respect to DAT0 to DAT3, there exist a mode to use only DAT0, and another mode to concurrently use DAT0 to DAT3 to implement transfer speed four times higher than in the case of using only DAT0.
An intra-card module structure of the conventional card will be described below with reference to FIG. 2.
The intra-card module is comprised of processing command receiving section 4701 that is connected CMD line 4602 and that performs command reception and response transmission, data transmitting/receiving section 4702 that is connected to DAT lines 4607, 4608, 4609 and C2-01 and that transmits and receives data, storage area 4704, and storage area access section 4703 that reads and writes data from/in storage area 4704 corresponding to a received command.
The processing operation in reading data in the conventional card will be described below. It is herein assumed that data output is set for a mode to use only DAT0 terminal 4607, but a mode may be possible to use DAT1 terminal 4608, DAT2 terminal 4609 and DAT3 terminal 4610 together.
The terminal transmits a data read command to CMD line 4602 of the card. The read command has a format as shown in FIG. 9, and is comprised of command code 401 with 6 bits and command argument 402 with 32 bits. The command argument in the data read command stores a read start address.
Processing command receiving section 4701 having received the command from the terminal recognizes the command as a data read command by referring to command code 401.
Then, processing command receiving section 4701 refers to command argument 402 to check whether a designated address is correct, i.e. whether the designated address is within a range corresponding to the card, and when the address is not correct, returns a response code indicative of an error as a response, while returning a response code indicative of normal when the address is correct.
After sending back the response to the terminal, processing command receiving section 4701 outputs a read request together with the designated address to storage area access section 4703.
Storage area access section 4703 reads data from the designated address in storage area 4704 and transmits the data to data transmitting/receiving section 4702.
Data transmitting/receiving section 4702 outputs read data to the terminal via DAT0 line 4607.
In such a memory card, it is possible for a terminal to read and write card freely by designating an address.
In the aforementioned memory card, in the case of imposing access restriction on a specific area of flash memory as a security protection area to enable access thereto only from a specific terminal permitted to gain access, using an smart card command enables the card described in the above-mentioned document to perform flexible authentication. However, In APDU (Application Protocol Data Unit) that is a standard command format of smart card, for reasons that data of 256 bytes is only transmitted and received, and that response reception is necessary whenever a host transmits a command because of half-duplex protocol, fast data transfer is difficult. Therefore, a method is considered for performing authentication processing using an smart card command in a system flexibly adapted to the security policy, and then, performing data transfer using a memory card command. However, it is difficult to check whether an application in an issuer of the smart card command is the same that on a host that issues the memory card command.
Hence, when information generated in the process of authentication processing using a smart card command is included in a memory card command as verification data to verify the identity of issuers of the smart card command and memory card command, a command argument includes access area designation information (address to access) and verification data for authentication. However, as described above, command argument 402 of the data read command is fixed in size and 32 bits, and therefore, when the size of verification data for authentication is increased to improve the security, the access area designation information is decreased in length, and an accessible area is limited. Meanwhile, when the size of verification data is decreased, the degree of security is decreased.
When the conventional format of data read command is changed to solve this problem, there is a risk for disabling access to conventional memory cards.
Further, when different commands exist, the conventional data read command and data read command for a memory card provided with a security protection area, the need arises for a terminal to switch between commands according to the type of a memory card, access to memory cards is thus complicated, and the cards become hard to use to terminals. Therefore, it is necessary to separately define a command to transmit verification data and a memory card command to read or write data, and gain access to a security protection area combining two commands, but it is not possible to verify the identity of command issuers between two commands.