The present application claims priority of Japanese Application No. P2000-143119 filed May 16, 2000, the disclosure of which is hereby incorporated by reference herein.
The present invention relates to a data storage device and data storage method, an information processing apparatus and information processing method, and a program.
In an electronic money system or a security system, the use of an IC (Integrated Circuit) card has more widely been increased. The xe2x80x9cIC cardxe2x80x9d means a card-shaped device having embedded therein an IC chip. It has built therein, for example, an operation processing part such as a CPU (Central Processing Unit) for executing various kinds of processes, a memory for storing therein data necessary for executing these processes, etc. It operates with a prescribed reader/writer that has been utilized with respect thereto. Reading and writing of data with respect to the IC card are thereby executed in a state where the IC card is in electric contact with the reader/writer or in a state of non-contact therewith that uses electromagnetic waves.
For example, in ISO (International Organization for Standardization) 7816, there is defined a standard for a contact type of IC card. According to this standard, there can be managed data with use of, for example, an EF (Elementary File) (corresponding to the so-called xe2x80x9cfilexe2x80x9d) for storing therein a file and a DF for storing therein the EF and DF (Dedicated File) (corresponding to the so-called xe2x80x9cdirectory (folder)xe2x80x9d). Accordingly, if setting a certain piece of DF as a parent hierarchy and providing a DF that constitutes a said-parent""s child hierarchy, it becomes possible to manage data in the form of a hierarchical structure.
By the way, in cases using the IC card for the purpose of providing service by a plurality of managers, there can be considered as being available therefor a method of allotting the DF, serving as a hierarchy, to each of a plurality of the managers and storing with respect to this DF the EF having therein data regarding the provision of service by each manager.
Also, in cases utilizing the IC card in connection with an electronic money system or a security system, ensuring security for the concealment of data, for the prevention of forgery of the IC card, etc. is important. To this end, it is necessary to perform resources management for storage of data or to perform access control that, with respect to data, is highly flexible and yet has a high level of security.
As the technique for performing access control that, with respect to data, is highly flexible and yet has a high level of security, there is, for example, a technique that is described in an official gazette of Japanese Patent Application No. 2000-36021. According to this cited invention, there are area-definition areas corresponding to the directories of the IC cards.
Those area-definition areas store therein the ranges of codes that are the ranges of usable identification codes (each corresponding to a filename or directory name). Said area-definition areas constitute a hierarchical structure in which, according to those ranges of codes, the data in one area-definition area is used as that corresponding to a parent hierarchy and the data in another is used as that corresponding to a child hierarchy. Further, in the area-definition areas, there are also stored the capacities (empty capacities). By these empty capacities and ranges of codes, in the hierarchy that falls upon a certain area-definition area, the usable capacity and identification code therein are respectively limited.
Further, according to that cited invention, two or more a hierarchical keys are used with respect to each hierarchy corresponding to the memory area having such data stored therein, or two or more data memory area keys are used with respect to the memory area having such data stored therein. Using those keys, there are produced authentication keys that are used for authentication. According to each of those authentication keys, authentication is performed. And, the authentication key that is used when utilizing the parent""s hierarchy is made unknown to the user who uses the child""s hierarchy. Further, a right to access, the exercise of which is permitted with respect to the child""s hierarchy, is given with respect to the service-definition area that among the area-definition areas constitutes a child""s hierarchy. Therefore, the manager who manages the parent""s hierarchy becomes able to give each user the right to have access to a different service-definition area.
As electronic money becomes more diffused and as the service that uses an IC card becomes more diversified, there has been an increasing demand for the provision of more services through mutual use, by a plurality of service providers, of a single IC card.
To make mutual use of one IC card by a plurality of service providers, it must be arranged that the information or application regarding a specific service a certain service provider offers cannot be accessed when permission therefor is made by the other service providers that make mutual use of that IC card. With this security being maintained as is, it must be arranged that the information or application regarding the service that is mutually used can be possessed by each of the service providers that are performing their mutual use operation.
However, in the case data for realizing various kinds of services that are jointly use-operated or individually use-operated by a plurality of service providers has been defined within the IC card as physically specific or individual blocks, when part of the data that is being jointly use-operated has been reloaded, it becomes necessary to use, within the reader/writer and IC card, means for synchronizing the data contents in a specific block for providing its relevant service with those in another specific block for providing its relevant service. As a result of this, the cost of the reader/writer and that of the IC card have both been increased.
Further, when defining the data for realizing various kinds of services physically as specific blocks, owing to the physical blocks with respect to which a plurality of definitions have been made, the memory capacity inside the card is wasted. This has caused an impediment when supplying more points of service.
The present invention has been made in view of the above-described circumstances. That is, the present invention is intended, in an IC card by the use of which, for example, a plurality of enterprises provide a plurality of services, to cause a specific-usable service and a commonly usable service to co-exist while ensuring the security of the applications or data that are used to provide the respective enterprises"" services.
A data storage device of the present invention includes a first memory that has a first recording area for recording first data and first authentication information with respect to the first data and a second recording area for recording second data and second authentication information with respect to the second data; a data input/output controller operable to control the input/output of data with respect to the information-processing apparatus; determination means that, based on the first and second authentication information, determines whether the transmission/reception of the first data and second data recorded in the first memory should be performed with respect to the information-processing apparatus; and calculation-process execution means that executes calculation processes based on the first data and second data where the determination means determines that the transmission/reception of the data should be performed by the data storage device with respect to the information-processing apparatus, whereby the first memory causes third data of the first data recorded in the first recording area to be stored therein in association with fourth data of the second data recorded in the second recording area, and the calculation-process execution means, in case it has been determined by the determination means that the information-processing apparatus performs data transmission/reception on the third data, executes a calculation process with respect to the fourth data.
Each of the first authentication information and second authentication information may include information indicating whether read-out, write-in, addition, or subtraction processes with respect to the first data and the second data can be executed, and the determination means may determine, according to the authentication information input from the information-processing apparatus and the first authentication and second authentication information, which one of the read-out, write-in, addition, or subtraction processes included in the calculation processes the calculation-process execution means executes can be executed.
Each of the first data and second data may include an application for providing a prescribed service, the application being defined by a corresponding different code information; the calculation-process execution means may execute the calculation process according to the application; and the determination means may determine, according to the code information contained in the authentication information input from the information-processing apparatus, according to which application the calculation-processing execution means should execute calculation process.
The data storage device may further include a second memory that, in case the data transmission/reception with respect to the information-processing apparatus has been performed, separately records the first authentication information or second authentication information, according to which one of the first authentication information or second authentication information has been used for the data transmission/reception.
A data storage method of the present invention includes providing a data storage device having a first recording area for recording first data and first authentication information with respect to the first data and a second recording area for recording second data and second authentication information with respect to the second data, mounting the data storage device in an information-processing apparatus, controlling the recording of data into the first and second recording areas of the data storage device, controlling the input/output of data with respect to the information-processing apparatus, according to the authentication information whose input from the information-processing apparatus is controlled by the data input/output control step and the first authentication information and second authentication information, determining whether the transmission/reception of the first data and second data the recording of which has been controlled by the recording control step should be performed with respect to the information-processing apparatus, and executing a calculation process according to the first data and second data of the first data recorded in the first recording area and the second data recorded in the second recording area when the determination step determines that the transmission/reception of the data should be performed by the data storage device with respect to the information-processing apparatus, wherein the recording control step causes third data of the first data recorded in the first recording area to be recorded therein in association with fourth data of the second data recorded in the second recording area, and the calculation-process execution step, in case it has been determined by the determination step that the information-processing apparatus performs data transmission/reception on the third data, executes a calculation process with respect to the fourth data.
A first information-processing apparatus of the present invention includes a data input/output controller operable to control the input/output of the data with respect to the data storage device, a first memory that records at least one authentication information used for performing the transmission/reception of a prescribed item of data that is included in the data recorded in the data storage device, and a second memory that, in case the data transmission/reception to/from the data storage device has been performed, separately records information indicating the contents of the data transmission/reception every authentication information used for the data transmission/reception.
The first information-processing apparatus may further include a selector that, among the information recorded in the second memory and indicating the contents of the data transmission/reception, selects information indicating the data transmission/reception that has been performed using a prescribed authentication information, and an output controller operable to control the output to another information-processing apparatus of the information indicating the contents of the data transmission/reception the data of which has been selected by the selector.
A first information-processing method of the present invention includes controlling the input/output of the data with respect to the data storage device, controlling the recording of at least one authentication information that is performed for performing the transmission/reception of a prescribed item of data that is included in the data recorded in the data storage device, and, in case the data transmission/reception to/from the data storage device has been performed, controlling the separate recording of information indicating the contents of the data transmission/reception for every authentication information used for the data transmission/reception.
A storage medium is recorded with a first computer readable program of the present invention. The program includes controlling the input/output of the data with respect to the data storage device, controlling the recording of at least one authentication information that is performed for performing the transmission/reception of a prescribed item of data that is included in the data recorded in the data storage device, and, in case the data transmission/reception to/from the data storage device has been performed, controlling the separate recording of information indicating the contents of the data transmission/reception for every authentication information used for the data transmission/reception.
A second information-processing apparatus of the present invention includes a memory that records first authentication and second authentication information that are used when the data storage device and a second information-processing apparatus perform data transmission/reception therebetween, and code information defining each of a plurality of data stored in the data storage device, an encoder operable to encode the first authentication information, and an output controller operable to control the output to the second information-processing apparatus of the first authentication information encoded by the encoder, the second authentication information, and a prescribed item of the code information.
A second information-processing method of the present invention includes controlling the recording of first authentication and second authentication information that are used when the data storage device and the second information-processing apparatus perform data transmission/reception therebetween, and the recording of code information defining each of a plurality of data stored in the data storage device, encoding the first authentication information, and controlling the output to the second information-processing apparatus of the first authentication information encoded by the encoding step, the second authentication information, and a prescribed item of the code information.
A storage medium is recorded with a second computer readable program of the present invention. The program includes controlling the recording of first authentication and second authentication information that are used when the data storage device and the second information-processing apparatus perform data transmission/reception therebetween, and the recording of code information defining each of a plurality of data stored in the data storage device, encoding the first authentication information, and controlling the output to the second information-processing apparatus of the first authentication information encoded by the encoding step, the second authentication information, and a prescribed item of the code information.
A third information-processing apparatus of the present invention includes an input controller operable to control the input of first information regarding the data transmission/reception executed by a corresponding one of the other information-processing apparatus with respect to the data storage device, a production unit operable to produce second information regarding the data transmission/reception that corresponds to a plurality of the other information-processing apparatus, according to the first information the input of which has been controlled by the input controller, and an output controller operable to control the output to the corresponding other information-processing apparatus of the second information produced by the production unit.
A third information-processing method of the present invention includes controlling the input of first information regarding the data transmission/reception executed by a corresponding one of the other information-processing apparatus with respect to the data storage device, producing second information regarding the data transmission/reception that corresponds to a plurality of the other information-processing apparatus according to the first information, the input of which has been controlled by the input control step, and controlling the output to the corresponding other information-processing apparatus of the second information produced by the production step.
A storage medium is recorded with a third computer readable program of the present invention. The program includes controlling the input of first information regarding the data transmission/reception executed by a corresponding one of the other information-processing apparatus with respect to the data storage device, producing second information regarding the data transmission/reception that corresponds to a plurality of the other information-processing apparatus according to the first information, the input of which has been controlled by the input control step, and controlling the output to the corresponding other information-processing apparatus of the second information produced by the production step.
In the data storage device and data storage method of the present invention, data is recorded in a first recording area for recording therein first data and first authentication information with respect to the first data and in a second recording area for recording therein second data and second authentication information with respect to the second data; the input/output of the data with respect to the information-processing apparatus is controlled; according to the authentication information that has been input from the information-processing apparatus and the first authentication information and second authentication information, it is determined whether the transmission/reception of the first data and second data should be performed with respect to the information-processing apparatus; of the first data and second data, according to the first data and second data with regard to which it has been determined that the transmission/reception of the data should be performed by the data storage device with respect to the information-processing apparatus, a calculation process is executed; third data of the first data recorded in the first recording area is recorded in association with fourth data of the second data recorded in the second recording area; and in case the information-processing apparatus performs data transmission/reception on the third data, a calculation process is executed with respect to the fourth data.
In a first information-processing apparatus, first information-processing method, and a first program recorded in a storage medium of the present invention, there is controlled the input/output of the data with respect to the data storage device; there is recorded at least one authentication information used for performing the transmission/reception of a prescribed item of data that is included in the data recorded in the data storage device; and in case the data transmission/reception of the data storage device with respect to the information-processing apparatus has been performed, there is separately recorded information indicating the contents of the data transmission/reception for every authentication information used for the data transmission/reception.
In a second information-processing apparatus, second information-processing method, and a second program recorded in a storage medium of the present invention, there are recorded first authentication and second authentication information that are used when the data storage device and a second information-processing apparatus perform data transmission/reception therebetween, and code information defining each of a plurality of data stored in the data storage device; there is encoded the first authentication information; and there are output to the second information-processing apparatus the encoded first authentication information, the second authentication information, and a prescribed item of the code information.
In a third information-processing apparatus, third information-processing method, and a third program recorded in a storage medium of the present invention, there is input first information regarding the data transmission/reception executed by a corresponding one of the other information-processing apparatus with respect to the data storage device; there is produced second information regarding the data transmission/reception that corresponds to a plurality of the other information-processing apparatus according to the first information that has been input; and there is output to the corresponding other information-processing apparatus the second information that has been produced.