Smart cards, which have been increasingly used in electronic commerce in recent years, have a CPU on board and can perform intelligent processing, unlike simple memory cards. The smart cards have a memory area within a module having tamper resistance (tamper resistant module: TRM); therefore, they can securely keep data confidential and have strict resistance to forgery and duplication. However, the memory capacity of the smart cards is about several ten kilobytes, and they cannot store as much data as can memory cards that are intended for data storage.
A process performed by a smart card commences by staring up a card application that is incorporated in the smart card, using a terminal application program (hereafter, the term “application program” is abbreviated as “application”). The process proceeds while making communication in which the terminal application transmits a command and the card application sends back a response thereto. The international standard ISO/IEC 7816 specifies an international standard concerning the exchange of command and response, which specifies that commands take the form referred to as APDU (Application Protocol Data Unit). (See Non-Patent Reference 1: “Interface” March 2003, CQ Shuppansha, pp. 49-50.)
Applicant previously developed a memory card (hereinafter this card is referred to as a “secure memory card”) that has both intelligent characteristics of smart cards and memory capacity comparable to memory cards (Japanese Patent Application No. 2003-042288). This secure memory card comprises a first non-tamper resistant memory having a normal area that is accessible from a terminal and a secure area that cannot be directly accessed from a terminal, and a second tamper resistant memory that cannot be directly accessed from a terminal; and it is configured so that the secure area of the first memory can be accessed only through a secure control section that manages access to the second memory.
Thus, the secure area can be utilized as a confidential area having a large capacity even though the configuration of the memory area is non-tamper resistant, and this secure area can handle large data of several ten megabytes, far larger than that can be handled by the second tamper resistant memory.
Nevertheless, the following problem arises when writing large capacity data that a card application uses into the secure area according to the APDU, specified by ISO/IEC 7816. The amount of data that can be transferred from a terminal to a card at a time is restricted to at most about 64 KB (about 256 bytes with many smart cards) by the standard; therefore, when writing a data amount of several ten megabytes, the data must be divided and handled several hundred to several thousand times, so it takes several minutes to several hours until the writing finishes. Such a lengthy write time becomes a great obstacle when the same data are written into a large number of secure memories, for example, over 1000 memories, before shipment.