1. Field of the Invention
The present invention relates to an IC (xe2x80x9cintegrated circuitxe2x80x9d) card to which an application having privilege is installed.
2. Description of the Prior Art
Presently, attention is paid to an IC card as a security device. An IC card or integrated circuit card is typically a card of plastic or similar materials, such as a cash card or credit card, and includes one or more integrated circuit chips embedded therein. In the United States and Europe, the IC card is sometimes referred to as a xe2x80x9csmart cardxe2x80x9d or xe2x80x9cintelligent cardxe2x80x9d. For the purpose of users"" convenience and decreasing the entry-barrier for a business owner who wants to provide services via the IC card, a multi-application-complied card, which is a card capable of downloading applications after issuance of the card, has been under development.
Herein, a hardware constitution of the IC card is overviewed. FIG. 18 is a function block diagram regarding the hardware of the IC card. An IC card 1800 includes a CPU 1801, a ROM 1802, a RAM 1803, an EEPROM 1804, and an I/O IF 1805. The CPU 1801 performs an arithmetic operation. The ROM 1802 is a read-only memory where rewriting is impossible. Contents stored in the ROM 1802 are fixed when the IC card 1800 is manufactured, and they cannot be changed later. The RAM is a readable/writable memory. The EEPROM 1804 is also a readable/writable memory. The contents of the RAM 1803 are erased when a power source is turned off, whereas the contents of the EEPROM 1804 are held even if the power source is turned off. The I/O IF 1805 is assigned to data exchange with a unit outside the IC card. A program executed in the CPU 1801 is generally referred to as an xe2x80x98applicationxe2x80x99. Codes for executing the application are stored in the ROM 1802 or the EEPROM 1804. There are cases where the IC card 1800 includes a coprocessor for encryption, which is used for encryption control, other than the case shown in FIG. 18.
FIG. 19 is a view explaining the relationships among applications executed in the CPU 1801, where an application called a card manager 1902 is in a ROM 1901 of an IC card 1900, and there also exist a privileged API (application programming interface) 1906 and a general API 1907. The card manager 1902 is an application to control an operation of an application operating in the IC card 1900. The operation control of the application is activation, termination, deletion, download, or the like of the application. The card manager 1902 performs the control in cooperation with a virtual machine (VM) or an OS of the IC card. The privileged API 1906 is an application interface for executing a privilege manipulation that the card manager 1902 uses. For example, an operation for control such as download, activation, and termination of the application is an example of the privilege manipulation. The general API 1907 is an application interface for executing an operation that does not need the privilege. An AP.1 (1903), an AP.2 (1904), and an AP.3 (1905) are applications that are stored in the ROM 1802 or the EEPROM 1804 and executed under control of the card manager 1902. Since these applications cannot execute the privilege manipulation, they can only use the general API 1907 of the application interfaces provided by the ROM 1802. The privileged API 1906 is open only to the card manager 1902 to prevent the applications other than the card manager 1902 from performing the privilege manipulation, or confirmation described below is performed to prevent the other applications from performing the privilege manipulation even in the case where the privileged API 1906 is open to the other applications. Specifically, inside the privileged API 1906, it checks with an identifier or a memory address indicated by a program counter of an application that tries to use the privileged API 1906, and thus confirms that the application is the card manager 1902.
In developing the above-described multi-application-complied card, various kinds of card managers that control downloaded applications have been examined and card managers having various kinds of specifications have been proposed. This tendency is increasing with higher demand for the IC card, and it is expected that a greater number of card manager specifications will be proposed.
However, only one card manger can be installed to a conventional IC card, and the codes of the card manager are stored in the ROM where rewriting of contents is impossible. For this reason, manufacturers have no other choice but to develop a card manger for every specification and manufacture the IC card by storing the card manger in the ROM, which is not desirable from the viewpoint of cost and man-hours. Further, this causes a general user to have many IC cards, which is inconvenient.
To solve the above-described problems, the present invention provides an IC card that has a card manager capable of downloading an application having a privilege. The application having the privilege is downloaded and operated; download, activation, termination or the like of other applications are performed under control of the application having the privilege, and thus the application having the privilege serves as the card manager. Even if the card managers having various kinds of specifications are proposed as described above, the user does not need to have a plurality of the IC cards when such card managers are downloaded as the application having the privilege. Furthermore, an operation equivalent to version upgrading of the card manager stored in the ROM can be performed as well.
When the IC card is made to be capable of downloading the application having the privilege, the application needs to be distinguished from a general application. Consequently, in the present invention, the card manager stored in the ROM has privileged AP control means that determines whether or not the downloaded application has the privilege. Further, the general application is prevented from accessing the privileged API to perform the privilege manipulation.