The present invention relates to a method of loading an application program into a smart card, to smart cards, to a method of loading scripts into a smart card, a terminal device capable of operating with smart cards, and to a storage medium holding an application program; and, more particularly, the invention relates to a computer system with highly-reliable security, especially, to a system having its kernel built on an IC card, wherein an application program stored into its nonvolatile storage can run inside the card.
IC cards (termed smart cards) furnished with a built-in CPU (Central Processing Unit) that enables operations to be carried out inside the card are expected to be used in various application fields, particularly, in financial applications, such as the those involving electronic money, and their introduction into use has been advancing positively in late years because of their information storage capability and their highly-reliable security characteristics.
Recently, operating systems (OSs) for such cards, enabling the safe coexistence of multiple applications on a single card, have been generally used. Examples of these OSs for such cards, that support multiple applications on the card, include xe2x80x9cMULTOSxe2x80x9d supplied by Mondex International and xe2x80x9cJava Cardxe2x80x9d (TM) supplied by Sun Microsystems, Inc. Smart cards with this kind of multi-application OS are controlled so that the application programs installed on the card will be highly independent of each other when running. Not only can a plurality of programs safely coexist on these cards, but also a new application can be added to these cards after a card is issued, or an unnecessary application program can be removed from them. Thus, these cards can be regarded as safe computers, rather than as simple information storage devices. From the viewpoint of active use of their highly-reliable security feature, or as new cards that supercede the conventional magnetic card function, smart cards are expected to have applications in the financial field, such as credit cards or electronic money, especially, as an implementation of the interlinking of a plurality of applications.
Conventionally, a point system or a customer-loyalty system (hereinafter referred to as a point system) has been generally used as a means of getting more customers. This system is defined as xe2x80x9ca system in which a customer""s points increase by the use of the customer IC card and the customer can be granted a predetermined service according to the accumulated points.xe2x80x9d On the basis that customers expect to be granted some privilege by getting points, shop managers and card issuers aim at the effect of promotion in the use of cards for shopping at their shops. Examples of such a system are stamp cards that are valid only in a shopping district, department stores point systems, or airlines"" mileage programs. As one example, a department stores point system will be explained below. Customer members have their cards issued from the department store. Whenever a member as a customer makes a purchase at the store and presents his or her card to the clerk, the customer gets points according to how much he or she paid (for example, 20 points are added per each ten dollars of payment) and the points are accumulated and recorded in the customer""s purchase log. When a predetermined amount of points have been accumulated, the customer can exchange the points for a gift certificate. For example, the customer can exchange 1,000 points for a gift certificate of ten dollars. In other words, customers who are members of the program gain by a discount rate that is ten dollars per purchase amount of five hundred dollars, according to the calculation in this case. Department stores may offer an additional discount in such a manner that the points are added at a double rate during a special holiday period or if the amount a customer has paid for a purchase or service at the department store per year reaches a certain amount, his or her discount rate rises. In this way, department stores usually stimulate the desire for a customer to buy more.
For airlines"" mileage programs, as another example, the flight distance of travel per customer instead of the amount the customer has paid is accumulated. In a system of this kind, if the total distance that a customer has traveled by using an airline reaches a predetermined flight distance, the airline grants the customer some privilege, such as a free airline ticket or a seat upgrading. In this case, similarly, the airline offers a service in accordance with the log of a customer who has used the airline, thereby motivating customers to select the same airline again. By installing such a point system on a smart card, points of the card user can be correctly managed by means of the card. For a smart card with a multi-application OS, linking with electronic money or with credit card facilities can make use of the point system more effectively.
As one application that utilizes the feature of the above-described smart card supporting the compatibility of multiple applications, a xe2x80x9cpoint system with a game on smart cardsxe2x80x9d has been proposed. In this system, a game program is integrated with a point system on the card and the point value may increase according to the result of the game stored in the card. Patents regarding this system were applied for in Japanese Patent Application No. Hei 10-239812 and Japanese Patent Application No. Hei 10-321684. In this system, the count of user-playable games is defined as xe2x80x9crights to play a gamexe2x80x9d, and a method in which the smart card program can implement a game application safely by managing the rights to play a game and the points given as a result of playing the games has been proposed.
Moreover, another system in which a plurality of specific programs can be incorporated into a point management program has been propose as a method of managing a point system on smart cards. A patent regarding this system was applied for in Japanese Patent Application No. Hei 10-307216. According to this method, by embedding shop-specific programs into the point management program, points from a plurality of shops can be managed on a shop-by-shop basis by running a single program of point application.
The multi-application smart card OSs such as xe2x80x9cMULTOS; have a predetermined loading mechanism in view of security. The loading mechanism is used to check that the downloaded application is not falsified, that an authorized programmer has programmed the application, and that the card is granted the necessary permission to download the application program. For example, checking to see whether the application program is falsified is performed as follows. As signature data, a hash value of the application program, encrypted in the secret-key crypt system of the Certificate Authority (CA) is attached to the application program. This hash value as the signature is compared with a hash value recalculated on the card for a match and thereby verification can be performed. Checking the above matters is important, since the safety of the smart card is dependent on these procedures. Thus, a strict procedure for each card type is prescribed and the mechanism is designed so that the application program transferred to the card cannot be downloaded unless it is coded in a predetermined data format. This regulation is called an xe2x80x9capplication issue scheme.xe2x80x9d
Accordingly, in order to load an application program into a smart card in which the multi-application OS is installed, a predetermined application authentication and registration procedure must be carried out, according to the above application issue is scheme. Consequently, the actual operation of replacing an application program installed op the card by another program requires considerable time and labor, though this is, in principle, possible after the card is issued. This is inevitable for maintaining the safety of the smart card. Notwithstanding, this problem is not considered significant for ordinary financial applications for which the program contents do not change very frequently.
For game applications, however, frequent updating of their contents is required, because users may tend to lose interest in playing a game unless varieties of games are available. Considering that the application authentication and registration procedure must be carried out each time a new game is loaded, while frequent game exchange is desirable, such complex procedure would deter us from taking full advantage of game application features.
Another problem arises with separately developing and distributing different application programs for different types of games. When points acquired by playing an old type of game are transferred into a new type of game, some procedure is required and point management in view of this transfer becomes complex. In the application development phase, separately programming applications with similar facilities by each request is a very time-consuming process. During the developing and distributing of many types of game applications, management of issues and management of distribution when applications are loaded into the cards are required.
Furthermore, in the current situation, where different OS types for smart cards such as xe2x80x9cMULTOSxe2x80x9d and xe2x80x9cJava Cardxe2x80x9d coexist, an OS incompatibility problem further increases the reprogramming time. Game applications that run on smart cards is under different OS types must be rebuilt separately on a plurality of platforms that use different OS types whenever game exchange occurs.
These problems are not limited to game applications, but similar problems are expected to occur with applications designed to run on smart cards for which frequent update of the contents for processing is desirable.
An object of the present invention is to provide a game application program designed to run on a smart card, which makes it possible to increase game variations to be run in the program without being burdened by a complex procedure of application program replacement, whereby the card user can readily play one of a plurality of types of games on the card and new games can be developed independent of the difference between the OSs under which they are to be run.
If the present invention is extended to general applications beside game applications, another object of the present invention is to provide an application program designed to run on a smart card, which makes it possible to increase the process variations to be run in the program without being burdened by a complex procedure of application program replacement, whereby the card user can readily request one of a plurality of types of processes on the card and new processes can be developed independent of the difference between the OSs under which they are to be run.
In order to attain the above objects, means to run one of a plurality of types of games in a single application program installed on a smart card are proposed. A conceivable way that is considered a primary feature is sharing the entities (data storage and processor) for the point data obtained as a result of playing games and the rights to play a game with a plurality of games. Once the entities of managing the point data and the rights to play a game have been set to commonly run in the game program processing, virtually, it can be considered that only the algorithm for judging a game result differs depending on the game that is requested to be run.
Through close examination of the types of games to be primarily run on smart cards that are not regarded as having a complicated calculation capability, it is obvious that processes required to execute games are xe2x80x9creceiving data sent from the user via the terminal,xe2x80x9d xe2x80x9cgenerating a random number,xe2x80x9d xe2x80x9csimple addition/subtraction,xe2x80x9d xe2x80x9cstoring data,xe2x80x9d and xe2x80x9cdata comparison and branchingxe2x80x9d in combinations that are iterated. If part of an application program is made modular, that is, if it is made up of xe2x80x9ccomponentsxe2x80x9d that independently implement the above processes, games can be defined in xe2x80x9cscriptsxe2x80x9d like a representation that defines a sequence in which these components are called. Specifically, preparing processing modules, namely xe2x80x9ccomponentsxe2x80x9d to implement the processes required to execute games and an xe2x80x9cinterpreterxe2x80x9d for interpreting and executing scripts in a single application program is essential. This makes it possible to run one of a plurality of different games by selectively executing the game definition xe2x80x9cscriptsxe2x80x9d generated outside the program.
If such scripts are permitted to be loaded from outside or unloaded if necessary as part of an application program through a terminal, it becomes possible for a single game application program on a smart card to offer a plurality of games of different types that can be selectively executed.
Exchanging or adding scripts, if assumed feasible, however, means that any script can be stored into an application program, and there is a possibility of including a game in ill-intentioned scripts, which may result in the possibility that some user could get points by foul play with such a game. The security of smart cards is satisfactory, but becomes useless for such foul play. As a substitution for the application program issue scheme defined as the card OS security mechanism, a pseudo issue scheme must be provided within an application program installed on the card to control the storing of scripts and to prevent ill-intentioned scripts from being stored. Specifically, a controller must be provided to control loading and unloading of scripts so that ill-intentioned scripts will be shut out from the application.
The present invention assures safety in the loading of scripts by providing the application program installed on the smart card with a pseudo issue scheme instead of the application program issue scheme that the OS of the card has. The invention also prepares the processing entity for interpreting and executing scripts within the application program, so that a single application program can offer types of games which have different features, though are limited.
Points may increase, according to the result of playing a game, and the player can later be granted a predetermined service (for example, exchanging points for a commodity), according to the points. Data of these points, of course, can be processed commonly for a plurality of games and, in addition, can be managed for each game issuer by adding game issuer information to the game definition scripts stored into the card.
Therefore, as a means to solve the above-mentioned problems, the present invention comprises the following six major components.
As the means to be provided on the smart card side.
(1) An application program consisting of the following elements:
(a) Game executing components: A set of modules for implementing the processes programmed in the card, required to execute the game application;
(b) Storage for game definition scripts: Area for storing scripts that define a sequence in which the components are to be executed;
(c) Script interpreter: Interpreter for interpreting and executing game definition scripts;
(d) Storage and processor for point data: Area for storing points that may increase according to the result of playing a game, and the processor for point data management;
(e) Storage and processor for rights to play game: Area for storing the count of rights to play a game and the processor for managing the rights to play a game; and
(f) Command analyzer: Processor to analyze commands from a terminal and call the appropriate process within the program.
The above are necessary. In addition,
(2) Processor for storing game definition scripts: The processor has the function of managing the storing of game definition scripts and of exchanging scripts. Processing by this processor is based on the game issue scheme prescribed in the application program.
(3) Function of point management per issuer: Manages points and rights to play a game per issuer.
The above two functional entities are prepared as required.
The following are required for a terminal device for operating with the smart card in question:
(4) Function of issuing a game: Issues game definition scripts and/or rights to play game to the smart card by performing data communication with the smart card under a predetermined protocol. Game definition scripts and rights to play game may be separately managed or put under integrated management.
(5) Function of executing a game: Executes a game by sending user-input commands for playing a game to the card and by receiving responses from the card by performing data communication with the smart card under a predetermined protocol. A user interface that allows the user to play games is also required.
(6) Function of calculating points: Obtains the point count stored in the card and sets a new point count (by subtraction, primarily) by performing data communication with the smart card under a predetermined protocol. Point calculation is executed with an issuer identifier if point data-management per issuer is performed.
A single terminal may be provided with all of the above functions in items (4) to (6) or separate terminals may take, part of the functions.
Other and further objects, features and advantages of the invention will appear more fully from the following description.