CA2397711C - Method and apparatus for delivering program to storage module of mobile terminal - Google Patents

Method and apparatus for delivering program to storage module of mobile terminal Download PDF

Info

Publication number
CA2397711C
CA2397711C CA002397711A CA2397711A CA2397711C CA 2397711 C CA2397711 C CA 2397711C CA 002397711 A CA002397711 A CA 002397711A CA 2397711 A CA2397711 A CA 2397711A CA 2397711 C CA2397711 C CA 2397711C
Authority
CA
Canada
Prior art keywords
program
mobile terminal
identification module
user identification
uim
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002397711A
Other languages
French (fr)
Other versions
CA2397711A1 (en
Inventor
Takeshi Natsuno
Takatoshi Itagaki
Atsushi Moriguchi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Publication of CA2397711A1 publication Critical patent/CA2397711A1/en
Application granted granted Critical
Publication of CA2397711C publication Critical patent/CA2397711C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/54Link editing before load time
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal

Abstract

A UIM 12 having a plurality of storage areas is built into or mounted in a mobile terminal 11. A contents server 19, upon receipt of a distribution request from the mobile terminal 11, distributes a program or data used at the time of program execution or the program itself through a network including a radio network. This program and the data or the program itself are stored in the storage area of the UIM 12 and not through the control unit of the mobile terminal 11.

Description

SPECIFICATION
Method and Apparatus for Delivering Program to Storage Module of Mobile Terminal TECHNICAL FIELD
The present invention relates to a technique for distributing a program (application or applet) to a storage module built or mounted in a mobile terminal.
BACKGROUND ART
In recent years, a mobile terminal has been developed which has a program executing environment. An example of a mobile terminal of this type is one which has a Java virtual machine. The user installs a program in the mobile terminal and thus can add a desired function to the mobile terminal.
However, even if desirable functions are added to a mobile terminal, a user is liable to become tired of using the same mobile terminal after a protracted period. On the other hand, the mobile terminal industry suffers fierce competition and various new products, attractive to users, have been successively placed on the market. A user may want to change his mobile terminal with a new desirable product placed on the market. Once the mobile terminal is replaced, however, the functions that have hitherto been added to the old mobile terminal cannot be used any longer. If the same functions are to be used even after the change of a mobile terminal, the programs that have been installed in the old mobile terminal have to be installed in the new mobile terminal. This is a troublesome job.
DISCLOSURE OF THE INVENTION
This invention has been achieved in view of the situation described above, and the object thereof is to provide a system in which even after a mobile terminal is changed, the programs that could be used before the change of the mobile terminal, can be continuously used after the change.
In order to achieve this object, the present inventors have taken notice of a certain type of a mobile terminal, that is to say, a mobile terminal capable of being mounted or having fitted therein a module for storing the subscriber information including the subscriber number and the memory dial information (hereinafter referred to as the user ID module or UIM). The user of this type of the mobile terminal, whenever desirous of changing it with a new mobile terminal, can use the new mobile terminal in similar manner simply by mounting or building into the new mobile terminal the UIM which he may have. In connection with.this, the present inventors have come up with the following idea. Specifically, once a program is stored in this UIM, the program used with the old mobile terminal can be easily transferred to the new mobile terminal for an improved operating convenience of the user.
Nevertheless, the problem of security has been an obstacle to realizing such a novel mobile terminal.
First, as long as no limit is set on the operation of writing a program in the UIM, the inherent functions of the mobile terminal may be undesirably destroyed intentionally or negligently.
Also, the subscriber information stored in the UIM may include the personal information or data having monetary value. From the viewpoint of security, therefore, careful consideration is necessary not to cause the leakage of this information in writing a program in the UIM.
In order to solve this security problem and improve the operating convenience for the user, according to the present invention, there is provided a program distribution system comprising a mobile terminal 3' having means for transmitting a program distribution request, a storage module built in or connected to the mobile terminal, a contents server for receiving the distribution request and transmitting a program to be distributed, and a distribution management server for receiving the program .5 from the contents server and, as long as the contents server is authorized, transmitting the program received from the contents server to the storage module built in or connected to the mobile terminal, characterized in that the storage module includes a storage unit, and a control unit for storing in the storage unit the program received from the distribution management server through the mobile terminal and executing the program stored in the storage unit in response to a request.
Also, according to the present invention, there is provided a program distribution system comprising a mobile terminal having means for transmitting a program distribution request, a storage module built in or connected to the mobile terminal, and a distribution management server for receiving the distribution request; and in the case where the program to be distributed is provided by the authorized contents server, acquiring and transmitting the program to the storage module built in or connected to the mobile terminal, characterized in that the storage module includes a storage unit, and a control unit for receiving the information through the mobile terminal, storing the information in the storage unit only in the case where the information is the program received from the distribution management server and executing the program stored in the storage unit in response to a request.
With these systems, only a program supplied through the distribution management server from an authorized contents server is written in the storage module and therefore, the user can write a new program in the storage module with guaranteed security.

3a In accordance with one aspect of the present invention there is provided a program distribution system for distribution of a program, the program distribution system comprising: a mobile terminal configured to receive a program wirelessly transmittable to the mobile terminal in a non-activated and encrypted condition, the mobile terminal comprising a user identification module and a first operational control unit configured to control operation of the mobile terminal, the first operational control unit further configured to transfer the program in the non-activated and encrypted condition to the user identification module in response to receipt of the program at the mobile terminal; and the user identification module comprising a plurality of memory blocks, and a second operational control unit configured to control operation of the user identification module, the second operational control unit further configured to decrypt the program and store the program in a non-activated condition in one of the memory blocks.

In accordance with another aspect of the present invention there is provided a mobile terminal for use in distributing a program, the mobile terminal comprising: a first operational control unit and a storage unit, the operational control unit configured to control operation of the mobile terminal based on a control program included in the storage unit; a communication unit configured to receive a program wirelessly transmittable to the mobile terminal in a non-activated and encrypted condition; a user identification module interface unit in communication with the communication unit, the communication unit configured to transfer the program in the non-activated and encrypted condition to the user identification module interface unit; a user identification module 3b coupled with the user identification module interface unit, the user identification module interface unit is configured to transfer the program in the non-activated and encrypted condition to the user identification module; and the user identification module comprises a plurality of memory blocks and a second operational control unit configured to control operation of the user identification module, the second operational control unit further configured to decrypt the program and store the program in a non-activated condition in one of the memory blocks.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a block diagram showing a configuration of a program distribution system according to a first embodiment of the invention.
Fig. 2 shows the external appearance of a mobile terminal according to the same embodiment.
Fig. 3 is a block diagram showing a configuration of the same mobile terminal.
Fig. 4 is a diagram showing a configuration of the same mobile terminal and the UIM built in or connected to it.
Fig. 5 is a sequence diagram showing the process from program distribution to activation according to the same embodiment.
Fig. 6 is a sequence diagram showing the program distribution operation according to the same embodiment.
Fig. 7 is a diagram showing a display screen of the mobile ternvnal at the time of program distribution.
Fig. 8 is a sequence diagram showing the program activation operation according to the same embodiment.
Fig. 9 is a sequence diagram showing the processes of the program deactivation in compliance with a request from the contents server according to the same embodiment.
Fig. 10 is a sequence diagram showing the process of the program delete operation in compliance with a request from the contents server according to the same embodiment.
Fig. 11 is a sequence diagram showing the process of the program deactivate operation and the program delete operation in compliance with a request from the distribution management server according to the same embodiment.
Fig. 12 is a sequence diagram of the UIM exchanging the version information according to the same embodiment.

Fig. 13 is a sequence diagram showing the process ending in a program distribution failure due to a memory shortage.

Fig. 14 is a sequence diagram showing the process ending in a program distribution failure due to a memory error.
5 Fig. 15 is a diagram showing a display screen provided to the user at the time of program deletion.

Fig. 16 is a diagram showing a display screen provided to the user at the time of account settlement for an electronic commercial transaction.
Fig. 17 is a diagram showing a display screen provided to the user at the time of commodity purchase in male order sale.
Fig. 18 is a diagram showing a display screen for setting the automatic program start.
Figs. 19 and 20 are diagrams showing a display screen at the time of using a commutation pass.
Fig. 21 is a block diagram showing a configuration of a program distribution system according to a second embodiment of the invention.
Fig. 22 is a diagram showing a configuration of a memory in the UIM according to the same embodiment.
Fig. 23 is a block diagram showing a configuration of a distribution management server 16A according to the same embodiment.
Fig. 24 is a sequence diagram showing the process for registration in a user information storage unit.

Figs. 25 and 26 are sequence diagrams showing the operation of registering a program registered in the user information storage unit, in any of the basic blocks of the UIM 12.

Figs. 27 and 28 are sequence diagrams showing the operation of registering a program registered in the user information storage unit, in any of the basic blocks of the UIM.

Fig. 29 is a sequence diagram showing the operation of deleting a program registered in the user information storage unit 51.
Fig. 30 is a sequence diagram showing the operation of deleting a program registered in the basic blocks of the UIM.
Fig. 31 is a sequence diagram showing the deactivation process for the user information storage unit.
Fig. 32 is a sequence diagram showing the deactivation process for the basic blocks.

BEST MODE FOR CARRYING OUT THE INVENTION
Now, preferred embodiments of the invention will be explained with reference to the drawings.
[1] First embodiment [1.1] General configuration of program distribution system Fig. 1 is a block diagram showing a configuration of a program distribution system according to a first embodiment of the invention.
A program distribution system 10 roughly comprises a mobile terminal 11, a radio base station 13, a switching station 14, a network mobile communication service control unit 15, a distribution management server 16, a distribution service control unit 17, an authentication server 18, a contents server 19 and a public network 20.
The mobile terminal 11 is an information processing unit, for example, having communication functions such as a portable telephone or a PHS (Personal Handyphone System (registered trade name)). Further, the mobile terminal 11 has mounted or built therein a UIM (User Identification Module) 12 capable of storing various programs or data.
The radio base station 13 communicates with the mobile terminal 11 through a radio link.
The switching station 14 controls the switching operation between the mobile terminal 11 and a common channel interoffice signal network 20 constituting a wire network, connected to each other through the radio base station 13.

The network mobile communication service control unit 15 controls the communication in the case where a program is distributed to the mobile terminal 11 through the public network 20.

The contents server 19 distributes various contents on the one hand and distributes a program as requested from the mobile terminal 11 on the other.

The distribution management server 16 relays and manages the distribution of a program from the contents server 19 to the UIM 12. The distribution of a program to the UIM 12 and access to a program stored in the UIM 12 are carried out always through the distribution management server 16. This is the most significant feature of this embodiment.
The distribution service control unit 17 operates like an interface between the distribution management server 16 and the public network 20 in the case where a program is distributed through the public network 20.
The authentication server 18 is a device for issuing a certificate required for program distribution to the contents server 19. This certificate includes a UIM public key having the function of explaining, for the benefit of the UIM 12, that the contents server 19 is duly authorized to distribute a program to the UIM 12, and a distribution management server public key having the function of certifying, for the benefit of the distribution management server 16, that the contents server 19 is similarly authorized.

The contents server 19, the distribution management server 16 and the authentication server 18 according to this embodiment have the following functions, respectively.

(a) According to this embodiment, the contents server 19 sends a program addressed to the UIM 12, to the distribution management server 16, which in turn distributes the program to the UIM 12. The contents server 19 never distributes the program directly to the UIM 12.

(b) The contents server 19 distributes a program to the UIM 12 by encrypted communication of a public-key type with the distribution management server 16 as an intermediary. The UIM 12 of each user is equipped with a PKI (public key infrastructure), and each UIM 12 has a UIM private key unique to the particular UIM 12. For distributing a program addressed to a given UIM 12, the contents server 19 acquires a UIM public key paired with a UIM private key for the particular UIM 12, whereby the program is encrypted.
(c) According to this invention, only an authorized contents server 19 can distribute a program addressed to the UIM 12. The authorized contents server 19 is assigned a distribution management server public key. The contents server 19, upon receipt of a distribution request from the mobile terminal 11, further encrypts, by the distribution management server public key, the program already encrypted by the UIM public key and addressed to the UIM 12, and sends it to the distribution management server 16.
[1.2] Configuration of mobile terminal Fig. 2 shows the external appearance of the mobile terminal 11.
The mobile terminal 11 includes a display section 21 and an operating section 22.
As shown in Fig. 2, various processing menu items, the screen being browsed, the telephone number screen, etc. are displayed on the display section 21.

The operating section 22 has a plurality of operating buttons for inputting various data and displaying menu item screens. One of the operating buttons of the operating unit 22 is a UIM button 23. The UIM
button 23 is operated by the user for utilizing a program stored in the UIM
12.
Fig. 3 is a block diagram showing a configuration of a mobile terminal.
The mobile terminal 11 includes a display section 21, an operating section 22, a control unit 31, a storage unit 32, an external equipment interface (I/F) unit 33, a communication unit 34, a UIM interface (I/F) unit 35 and an voice input/output unit 36.
The control unit 31 controls the various parts of the mobile terminal 11 based on the control data and the control program stored in the storage unit 32.
The storage unit 32 is configured of a ROM, a RAM, etc., and has a plurality of storage areas including a program storage area for storing various programs such as a browser for accessing an internet and a data storage area for storing various data.
The external equipment I/F unit 33 is an interface utilized by the control unit 31 and the UIM 12 for exchanging information with an external device.
The communication unit 34 transmits various data including audio and text messages to the radio base station 13 through the antenna 34A
under the control of the control unit 31 on the one hand, and receives various data sent to the mobile terminal 11 through the antenna 34A on the other hand.
The UIM I/F unit 35 inputs/outputs data from and to the control unit 31. The UIM I/F unit 35 also outputs the output data from the communication unit 34 or the external equipment I/F unit 33 to the UIM 12 without the intermediation of the control unit 31. Also, the output data of the UIM 12 is output directly to the external equipment I/F unit 33 or the communication unit 34 directly without the intermediation of the control unit 31. The reason why the data are input/output from and to the external equipment I/F 33 or the communication unit 34 without the intermediation of the control unit 31, is in order to prevent an illegal access to the data on the UIM 12 by the alteration of the control program of the control unit 31 and thus to maintain security.
[1.3] Configuration of UIM
5 Fig. 4 shows a configuration of the UIM 12. In Fig. 4, a part of the component elements of the mobile terminal 11 are shown together with the component elements of the UIM 12 to clarify the relation with the mobile terminal 11. As shown in Fig. 4, the UIM 12 includes a memory 12M, which in turn, roughly, has a system area 12A and an application area 10 12B.
The system area 12A has stored therein personal information data unique to each user such as subscriber number data, outgoing call history information data, incoming call history information data, speech time information data and a UIM private key. The mobile terminal 11 communicates with other communication units using the subscriber number data in the system area 12A as a calling line identity.
The application area 12B is for storing the program distributed and the data used at the time of execution of the program, and divided into a plurality of basic blocks. In the case shown in Fig. 4, the application area 12B is divided into six basic blocks 40-1 to 40-6.
The basic blocks 40-1 to 40-6 each include a program area 41 and a data area 42. The program area 41 of each basic block 40-k has stored therein a program (an application or an applet). The data area 42 of each basic block 40-k, on the other hand, has stored therein the data used at the time of executing the program in the program area 41 of the same basic block 40-k.
The basic blocks 40-1 to 40-6 are independent of each other, and are basically so managed that the application or the applet stored in the program area 41 of a given basic block 40-j cannot access the data area 42 of another basic block 40-k ($ j). By employing this configuration, the security of each program is maintained. Even in the case where data having a monetary value (what is called "a value") are recorded in the data area 42 of a given basic block 40 j, therefore, the particular data is never rewritten, intentionally or incidentally, by a program stored in another basic block 40-k (# j).
The application or the applet constituting a program stored in the program area 41, on the other hand, cannot be distributed or deleted without the intermediary of the distribution management server 16. The data area 42, however, can be operated directly through the distribution management server 16 or a local terminal as in the case where the electronic money is downloaded from an ATM.
Further, the application area 12 has a storage area for an activation flag indicating whether the program in the program area 41 of each of the basic blocks 40-1 to 40-6 can be executed or not.
The control unit 30 is a means for writing a program for the basic block of the application area 12B, setting or resetting the activation flag corresponding to each basic block or executing a program in a designated basic block, in response to a request given through the mobile terminal 11.
Upon arrival of a program encrypted by the UIM public key from the distribution management server 16, the control unit 30 decrypts the program using the UIM private key in the system area 12 and writes it in a basic block. Also, the control unit 30 can execute the program in the basic block. In the process, the information required by the program in execution is acquired from the other party of the communication in the network or from the user of the mobile terminal 11 through the browser executed by the mobile terminal 11. The control unit 30.can also send the result of program execution to the other party of communication in the network or send it to the user of the mobile terminal 11 through the browser.
Also, the control unit 30 can exchange information with external devices through the hardware resources of the mobile terminal 11 without the intermediary of the browser in accordance with the program in the basic block. An example of a program available for this purpose is an application program for causing the mobile terminal 11 to function as a commutation pass. In executing this program, the control unit 30 can exchange the pass information with the card reader/writer at the gates of a railway station utilizing a short-range radio unit (not shown) connected to the external equipment I/F of the mobile terminal 30. The program for the control unit 30 to perform the various processes described above, including the execution and control of the program in the application area is stored in the system area 12A...
[1.4] Operation of first embodiment Now, the operation of the first embodiment will be explained taking the distribution of the commutation pass applet as an example.
Fig. 5 is a sequence diagram showing the process of program distribution, write operation and activation.
As shown in Fig. 5, these series of processes are roughly configured of the step of distributing an inactive program (applet) as a memory module to the UIM 12 and writing it in the UIM 12 (step S 1), and an activation step for activating the program written (step S2).
[1.4.1] Issue of certificate to distribution management server Fig. 6 is a sequence diagram showing the process of distributing a program and writing it in the UIM 12. As shown in Fig. 6, the authentication server 18 issues a certificate to the contents server 19 permitted to distribute the program addressed to the UIM 12 (step S11).
The certificate is issued to enable the contents server 19 and the distribution management server 16 to perform the encryption communication based on the public key encryption method. Specifically, in order to make possible the encryption communication using a public key, a distribution management server private key and a distribution management server public key, constituting a pair, are generated. The distribution management server private key is stored in the distribution management server 16, while the distribution management server public key is transmitted from the authentication server 18 to the contents server 19 as a certificate identifying a person permitted to distribute a program.
The contents server 19, upon receipt of the distribution management server public key, stores it in preparation for program distribution.
[1.4.2] Program distribution request The user can cause the control unit 31 to execute the browser and thus can access the home phge of the contents provider by operating the operating section 22 of the mobile terminal 11. As a result of this access, a distribution menu screen D1 indicating the program distribution performed by the contents server 19 of the contents provider is displayed, as shown in Fig. 7, on the display section 21 of the mobile terminal 11.
Under this condition, the user transmits a program (applet) distribution request from the mobile terminal 11 through the network to the contents server 19 by operating the operating section 22 of the mobile terminal 11 (step S12).
[1.4.3] Certificate issue request to UIM
The contents server 19, upon receipt of a distribution request from the mobile terminal 11, sends a certificate issue request to the authentication server 18 (step S 12). This certificate issue request contains the information for specifying the UIM 12 of the mobile terminal 11. The certificate issue is requested in order to enable the contents server 19 to conduct the encryption communication of public key type with the UIM 12.
More specifically, in order to make possible the encryption communication of public key type, the UIM private key and the UIM public key paired with the former are generated in advance, and the UIM private key is stored in the UIM 12 in advance, while the UIM public key is stored in the authentication server 18 in advance. In step S12, the UIM public key stored in the authentication server 18 is requested as a certificate of a person permitted to distribute a program addressed to the UIM 12.
[1.4.4] Issue of certificate and distribution of program with certificate to UIM
The authentication server 18, upon receipt of a certificate issue request from the contents server 19, issues to the contents server 19 a UIM
public key as a certificate corresponding to the UIM 12 specified by the particular issue request (step S 14).
The contents server 19 encrypts the program of which distribution is requested, by use of the UIM public key corresponding to the UIM 12.
The program obtained by the encryption is considered a program with a certificate for a legitimate person authorized to access the UIM 12.
Then, the program encrypted by the UIM public key is further encrypted by the contents server 19 using the distribution management server public key received from the authentication server 18 in advance.
The program obtained by this encryption can be considered a program having attached thereto both a certificate showing a legitimate person authorized to access the UIM 12 and a certificate showing a legitimate person authorized to distribute a program through the distribution management server 16.
[1.4.5] Program distribution The contents server 19 distributes the program obtained by the aforementioned two encryption sessions, to the distribution management server 16 through the network (step S15).
The distribution management server 16 decrypts the encrypted program distributed from the contents server 19, using the distribution management server private key. Once this decryption succeeds, the program encrypted only by the UIM public key can be obtained. In this case, the contents server 19 can be considered a legitimate person authorized to distribute a program addressed to the UIM 12. The 5 distribution management server 16 transmits the data on the screen D2 shown in Fig. 7 to the mobile terminal 11, and causes the data to be displayed on the display section 21. This screen D2 is for making an inquiry at the user as to whether the program can be distributed or not.
[1.4.6] Writing in UIM
10 After the user confirms the screen D2 and performs the operation through the operating section 22 for permitting the program distribution, a notice to permit distribution is sent to the distribution management server 16. The distribution management server 16, upon receipt of the notice, distributes to the UIM 12 the program obtained by decryption, i.e. the 15 program encrypted by the UIM public key (step S 16).
This encrypted program is delivered as it is to the control unit 30 of the UIM 12 through the mobile terminal ll. Specifically, the mobile terminal 11 simply provides the UIM 12 with the communication function.
This operation by the mobile terminal 11 guarantees the secure transmission to and the secure write operation into the UIM 12.
If the distribution management server 16 is to send a program to the UIM 12 in the aforementioned manner, it is necessary for the distribution management server 16 to establish a link with the UIM 12. This in turn requires the acquisition of the telephone number of the mobile terminal 11 with the UIM 12 connected thereto or built therein.
In one conceivable method to achieve this, at the time of issuing a distribution request from the mobile terminal 11 to the contents server 19, the telephone number of the mobile terminal 11 is caused to be transmitted to the contents server 19 which sends this telephone number to the distribution management server 16. In this way, the distribution management 'server 16 can access the mobile terminal 11 using the telephone number sent to it, and thus can distribute the program addressed to the UIM 12.
Another available method is described below. Specifically, in advance of issuing a distribution request from the mobile terminal 11 to the contents server 19, an identifier is determined between the mobile terminal ll and the distribution management server 16 in place of the telephone number of the mobile terminal 11, so that the distribution management server 16 stores the telephone number and the identifier as information corresponding to each other. The mobile terminal 11 sends a distribution request containing the identifier. to the contents server 19, which in turn attaches the identifier to a program when sending the program to the distribution management server 16. The distribution management server 16 determines the telephone number of the mobile terminal 11 from the identifier, and based on this telephone number, calls the mobile terminal 11 and distributes the program addressed to the UIM 12. This method has the advantage that the need is eliminated of notifying the telephone number of the mobile terminal 11 to the contents server 19.
The control unit 30 of the UIM 12, upon receipt of a program encrypted by the UIM public key in the manner described above, decrypts the program using a UIM private key paired with the particular UIM public key. Once this decryption ends in success, a program is obtained in the form of an ordinary text not encrypted. In this case, the contents server 19 making up the origin is considered a person duly authorized to distribute a program to the UIM 12. The UIM 12 writes the program obtained by decryption, in the appropriate one of the basic blocks 40-1 to 40-6 of the memory.
During this write operation, the screen D3 shown in Fig. 7 is displayed by the mobile terminal 11.
[1.4.7] Write completion response At the end of the program write operation, the control unit 30 of the UIM 12 transmits a write completion notice to the distribution management server 16 together with the information specifying the basic block having the particular program written therein (step S 17).
In the process, the screen D4 indicating that the write operation is complete (the registration is over) is displayed, as shown in Fig. 7, on the display section 21 of the mobile terminal 11. After that, the screen is again turned to D1 by the user operation.
[1.4.8] Distribution completion notice The distribution management server, upon receipt of a program write completion notice from the UIM 12, registers the information specifying the written program in a data base as information corresponding to the information indicating the basic block of the UIM 12 in which the particular program is written.
By accessing to the data base, the distribution management server 16 can easily grasp the program stored in each of all the basic blocks 40-1 to 40-6 of the UIM 12.
The distribution management server 16, upon distribution of a program into the UIM 12, starts the charge process against the contents provider of the contents server 19 from which the program is distributed.
The timing of starting the charge process is not limited to this, but may be coincident with the timing of activation described later.
The contents provider are charged against the following items.
(a) Rental charge for basic blocks in UIM 12 Upon distribution of a program from the contents server 19 to the UIM 12, the particular program is stored in one of the basic blocks 40-1 to 40-6 in the UIM 12. The particular basic block can be considered to be rented to the contents provider owning the contents server 19 for storing the program. Thus, a charge corresponding to the rental period, i.e. the period during which the program is stored in the basic block is made against the contents provider as a rental charge.

(b) Transaction fee The program transmitted from the contents server 19 is distributed to the UIM 12 through the process in the distribution management server 16. A consideration for the process performed by the distribution management server 16 is charged against the contents provider as a transaction fee.
The user of the UIM 12 receives the service in terms of the distribution of a program from the contents server 19, and therefore is required to pay the charge in consideration of the service. The distribution management server 16 may collect the service charge from the user on behalf of the contents provider together with the communication charge for the user, and delivers the collected service charge to the contents provider in the character of what might be called a "factor". In this case, the charge made against the contents provider may contain the factoring fee.
Upon complete program distribution, the distribution management server 16 notifies the contents server 19 (step S 18).
[1.4.9] Activation The program distributed to the UIM 12 and stored in the basic block cannot be executed by the user before activation.
The -user only receives the distribution but is not permitted to execute the program distributed to him, in order to enable the contents provider to control the program execution start time.
The activation is effectively utilized, for example, in the case where the time to start the use of a newly marketed game program is determined.
By use of the activation, the release date (program distribution date) and the date to start to use (activation date) can be set separately from each other, thereby making it possible to reduce the load on the contents server 19.
Another example is a case in which the program for using the mobile terminal 11 as a commutation pass is distributed to the UIM 12. In this case, the activation is utilized to make the program executable from the first date of the term of validity of the commutation pass.
The operation for activation will be explained below with reference to Fig. 8.
[1.4.9.1] Activation request to distribution management server Whenever the activation becomes necessary for a given program, the contents server 19 sends an activation request to the distribution management server 16 (step S21). This activation request contains the information specifying a program to 'be activated. Also, in the case where only the program stored in the UIM 12 of a specific user is activated, the activation request contains the identifier (the telephone number of the mobile terminal 11 or an alternative identifier) of the particular user.
[1.4.9.2] Activation request to UIM
The distribution management server 16, upon receipt of an activation request, issues an activation request to the UIM 12 of the mobile terminal I1 (step S22). As already described, the information specifying the written program is registered in the data base of the distribution management server 16 as information corresponding to the information indicating the basic block of the UIM 1-2 in which the program is written.
The distribution management server 16, upon receipt of the activation request, refers to the particular data base and determines the UIM 12 to which the program to be activated is distributed and the basic block in which the program is written. In the case where the same program stored in a plurality of UIMs 12 is activated, as many activation processes as the UIMs 12 are performed. Each mobile terminal 11 in which the corresponding UIM 12 is mounted or built is accessed, and an activation request is sent to the UIM 12. The activation request sent to each mobile 5 terminal 11 contains the information specifying the basic block having stored therein the program to be activated.

This activation request, when received by the mobile terminal 11, is directly sent to the UIM 12. The control unit 30 of the UIM 12 executes the activation in accordance with the activation request. Specifically, the 10 UIM 12 sets the activation flag from "0" to "1" for the basic block specified by the activation request. The control unit 30 of the UIM 12 responds to a request, if any, to execute the program stored in the basic block with the activation flag turned "1". A request, if any, to execute the program in the basic block with the activation flag "0", however, is 15 rejected.
[ 1.4.9.3] Activation end response The UIM 12, upon complete program activation, transmits an activation end notice to the distribution management server 16 (step S23).
This notice contains the information specifying the program of which the 20 activation is ended, or more specifically, the information specifying the basic block storing the particular program.
[1.4.9.4] Activation completion notice The distribution management server 16, upon receipt of the activation completion notice from the UIM 12, determines the basic block of the UIM 12 in which the completely activated program is stored. The information to the effect that the activation is completed is registered in the storage area in the data base prepared for the particular basic block.
As the result of this registration, the distribution management server 16 can grasp, by accessing the data base, whether each program in the basic blocks 40-1 to 40-6 is activated or not for all the UIMs 12.
Upon registration of activation completion for all the UIMs to which the program of which the activation is requested are distributed, the distribution management server 16 notifies the contents server 19 that the program activation is complete (step S24). This notice contains the information specifying the program that has been activated.
[1.4.10] Deactivation The program distributed to the UIM 12 and activated may require deactivation. This requirement occurs, for example, in a case where a program for the mobile terminal Il to function as a credit card is stored in the UIM 12, and the user has lost the particular UIM 12. In such a case, the deactivation is started in response to the request from the user informed of the loss. Other examples include a case in which the user that has received a service has failed to pay the service charge before the due date.
In such a case, at the request of the contents provider providing such a service, the deactivation of the program for receiving the particular service can be started.
The deactivation process will be explained below with reference to Fig. 9.
[1.4.10.1] Deactivation request to distribution management. server The contents server 19, whenever required to deactivate a program distributed to a UIM 12, sends a deactivation request to the distribution management server 16 specifying the particular UIM 12 and the program to be deactivated (step S31).
[ 1.4.10.2] Deactivation request to UIM
The distribution management server 16, upon receipt of this deactivation request, accesses the data base and determines that basic block in the UIM 12 specified by the deactivation request which stores the program to be deactivated. Then, the distribution management server 16 sends a deactivation request to the mobile terminal 11 in which the particular UIM 12 is mounted or built (step S32). This deactivation request contains the information specifying the basic block storing the program to be deactivated.

The deactivation request is sent to the UIM 12 through the mobile terminal 11. The activation flag prepared for the basic block specified by the deactivation request is reset from "1" to "0" by the UIM 12. After that, the execution of the program in this particular basic block is prohibited.
[1.4.10.3] Deactivation end response The UIM 12, upon termination of the program deactivation, notifies the distribution management server 16 (step S33). This notice contains the information specifying the program which has been deactivated, or specifically, the information specifying the basic block storing the program.
[1.4.10.4] Deactivation completion notice The distribution management server 16, upon receipt of a program deactivation end notice from the UIM 12, determines, based on the notice, the basic block of the UIM 12 storing the program of which the deactivation has been completed. The information to the effect that the deactivation is complete is registered in the storage area of the data base prepared for the particular basic block.
Upon registration of completion of the deactivation, the distribution management server 16 notifies the contents server 19 of the completion of the deactivation (step S34).
[1.4.11J Deletion (only when desired by user) A deactivated program wastefully occupies a memory area in the UIM 12. It is desirable for both the user and the contents provider to delete such an unnecessary program. The deletion of the program, however, cannot be left to the user. If the user arbitrarily deletes the program in the UIM 12, the rent charging process for the UIM would continue to proceed in spite of the program deletion, unless the fact of deletion is notified to the distribution management server 16 immediately.
According to this embodiment, therefore, whenever the user desires to delete a program, the program is deleted under the control of the distribution management server 16.

A deletion, based on a reason on the side of the contents provider, is basically not permitted due to the resulting complication of the charging process.
The operation of deleting a program in response to the desire of the user will be explained below with reference to Figs. 10 and 15.
[1.4.11. 1] Program deletion request The user accesses a predetermined home page of the contents provider by operating the operating section 22 of the mobile terminal 11.
A distribution menu screen D 11 shown in Fig. 15 is displayed on the display screen of the display section 21 of the mobile terminal 11. This distribution menu screen D11 is provided by the contents server 19 of the contents provider distributing the program. When the user selects a menu item meaning the deletion of a program, a screen D12 asking the user whether the deletion can be carried out is displayed on the display section 21 of the mobile terminal 1 l, as shown in Fig. 15.
The user performs the operation permitting the deletion. The mobile terminal 11 transmits a program (applet) deletion request to the contents server 19 through the network (step S41). This request contains the information specifying the program to be deleted.
With the transmission of a program deletion request, a screen D13 indicating that the deletion is going on, is displayed as shown in Fig. 15 on the display section 21 of the mobile terminal 11.
[1.4.11.2] Deactivation request to distribution management server The contents server 19, upon receipt of a program deletion request, sends a deactivation request to the distribution management server 16 (step S42). This deactivation request contains the information specifying the mobile terminal 11 of the user requesting the program deletion and the information specifying the program to be deleted.
[1.4.11.3] Deactivation request to UIM

The distribution management server 16, upon receipt of a deactivation request, accesses the database and determines a basic block storing the program to be deleted. Then, the distribution management server 16 sends a deactivation request containing the information specifying the particular basic block to the mobile terminal 11 of the user requesting the program deletion (step S43).
This deactivation request is sent to the UIM 12 through the mobile terminal 11. The UIM 12resets, from "1" to "0" the activation flag prepared for the basic block specified by the deactivation request. After that, the execution of the program in the particular basic block is prohibited.
[1.4.11.4] Deactivation end response The UIM 12, at the end of the program deactivation, transmits a deactivation end notice to the distribution management server 16 (step S44).
This notice contains the information specifying the basic block storing the program deactivated.
[1.4.11.5] Deactivation end notice The distribution management server 16, upon receipt of the program deactivation end notice from the UIM 12, registers the information to the effect that the deactivation is complete, in the area of the data base corresponding to the basic block of the UIM 12 specified by the deactivation end notice.

The distribution management server 16 sends a program deactivation end notice to the contents server 19 (step S45).

[1.4.11.6] Deletion request to distribution management server The contents server 19, upon receipt of the deactivation end notice for the program to be deleted, from the distribution management server 16, requests the distribution management server 16 to delete the particular 5 program (step S51).
[1.4.11.7] Deletion request to UIM
The distribution management server 16, upon receipt of the program deletion request, sends a program deletion request to the UIM 12 of the user who requests the program deletion (step S52). This program 10 deletion request contains the information specifying the basic block storing the program to be deleted.
The program deletion request is sent to the UIM 12 through the mobile terminal 11. The UIM 12 deletes the program in the basic block specified by the program deletion request.
15 [1.4.11.8] Deletion end response The UIM 12, at the end of the program deletion, transmits a deletion end notice indicating the program deletion to the distribution management server 16 (step S53). This deletion end notice contains the information specifying the basic block from which the program is deleted 20 and the program deleted. At the same time, a screen D14 indicating the end of deletion is displayed, as shown in Fig. 15, on the display section 21 of the mobile terminal 11.
[1.4.11.9] Deletion completion notice The distribution management server 16, upon receipt of the deletion 25 end notice from the UIM 12, registers the information to the effect that the program has been deleted in the storage area in the data base corresponding to the combination of the user requesting the deletion and the program deleted.

Then, the distribution management server 16 sends to the contents server the notice that the program deletion is complete (step S54).

In the case where the charge process against the contents provider has been made for the program deleted, the distribution management server ceases to charge the contents provider thereafter.
[1.4.12] Deletion (only when desired by distribution management server) According to this embodiment, a program may be deleted by other than the intention of the user. An example is the expiry of a predetermined term during which a program can be used.
The operation for deleting a program under the guidance of the distribution management server in such a case will be described below with reference to Fig. 11.
[1.4.12.1] Deactivation request to UIM
If the usable term of a program has expired and the program is required to be deleted, the distribution management server 16, by accessing the data base, determines all the UIMs 12 to which the program to be deleted has been distributed and the basic blocks storing the program to be deleted in each of the UIMs 12, and sends a deactivation request to each of the UIMs 12 (step S61). Each deactivation request contains the information specifying the basic block storing the program to be deleted.
The deactivation request is sent to each UIM 12 through the mobile terminal 11. The UIM 12 resets, from "1" to "0", the activation flag corresponding to the basic block specified by the deactivation request.
After that, the execution of the program in the particular basic block is prohibited.
[1.4.12.2] Deactivation end response At the end of the deactivation, the UIM 12 transnvts a deactivation end notice to the distribution management server 16 (step S62).
[1.4.12.3] Deactivation completion notice The distribution management server 16, upon receipt of the deactivation end notice from the party to which the program to be deleted has been distributed, registers the information indicating the completion of the deactivation in the storage area of the data base formed for the particular program.

The distribution management server 16 sends a program deactivation completion notice to the contents server 19 (step S63).
[1.4.12.4] Notification of deactivation completion notice receipt to distribution management server The contents server 16, upon receipt of the deactivation completion notice from the distribution management server 16, sends a deactivation receipt notice to the distribution management server 16 (step S64).
[1.4.12.5] Deletion request to UIM
The distribution management server 16, upon receipt of the deactivation receipt notice, sends a program deletion request to the mobile terminal 11 that has transmitted the deactivation completion notice corresponding to the deactivation receipt notice (step S71). The deletion request sent to the mobile terminal 11 contains the information specifying the basic block storing the program to be deleted.
The UIM 12, upon receipt of the deletion request through the mobile terminal 11, deletes the program in the basic block specified by the request.
[1.4.12.6] Deletion end response The UIM 12, at the end of the program deletion, transmits a deletion end notice to the distribution management server 16 (step S72).
This notice contains the information specifying the basic block from which the program has been deleted.
[1.4.12.7] Deletion completion notice The distribution management server 16, upon receipt of the deletion end notice from all the parties to which the program to be deleted has been distributed, registers the information to the effect that the program has been deleted, in the storage area of the data base formed for the particular program to be deleted.
The distribution management server 16 sends a deletion completion notice to the contents server 19 (step S73).
At the same time, the distribution management server ceases the charging process which may have hitherto been made against the contents provider for the deleted program.
[1.4.12.8] Deletion result receipt notice to distribution management server The contents server 19, upon receipt of the deletion completion notice from the distribution management server 16, sends a deletion result receipt notice to the distribution management server 16 (step S74).
[1.4.13] Program distribution process for UIM version management The contents server 19 may be required to distribute a program voluntarily regardless of the desire on the part of the user. An upgrade of the program that has been distributed is a case in point.
In such a case, the distribution of the program of a new version to the UIMs 12 of all the users to which the particular program has been distributed gives rise to an inconvenience. This is by reason of the fact that the mobile terminals 11 are of various models, and the UIM
specifications have various versions. It may happen, therefore, that a program of a new version, if sent to all the UIMs, can be executed normally only by the UIMs having a version issued at a certain time point or thereafter.
According to this embodiment, at each time of an upgrade of a program, a version notice request is sent to the UIMs and based on the response to the request, it is determined whether the program is to be distributed or not to a given UIM. This operation is shown in Fig. 12.
Some of the UIMs 12 support the function of notifying the version thereof in response to the version notice request, and others do not. Fig. 12 shows the operation performed in the case where a version notice request has been sent to a UIM supporting such a function and the operation performed in the case where a version notice request has been sent to a UIM not supporting the function.
[1.4.13.1] Operation for UIM supporting version notice function [1.4.13.1.1] Program distribution request to distribution management server Prior to distribution of a program after upgrade, the contents server 19 sends to the distribution management server 16 a program distribution request containing the information specifying the program and the version information indicating the version of the UIM 12 that can execute the particular program (step S81).
[1.4.13.1.2] Version notice request to UIM
The distribution management server 16, upon receipt of the program distribution request, accesses the data base, determines all the mobile terminals 11 to which the program specified by the program distribution request has been distributed, and sends a version notice request to the mobile terminals 11 thus determined (step S82).
[1.4.13.1.3] Version notice The version notice request is sent to each UIM 12 through the mobile terminal 11. The UIM 12, upon receipt of the version notice request, notifies the version thereof to the distribution management server 16 (step S83).
[1.4.13.1.4] No program distribution notice The distribution management server 16 receives a version notice from each UIM 12. In the case where the version notice received from a given UIM 12 fails to meet the conditions indicated by the version information from the contents server 19, the contents server 19 is notified that the program cannot be distributed to the particular UIM 12 (step S84).

In the case where the version notice received from another given UIM 12 meets the conditions indicated by the version information from the contents server 19, on the other hand, the distribution management server 16 distributes the program to the particular UIM 12. This operation is 5 described above with reference to Figs. 6 and 8.
[1.4.13.2] Operation for UIM not supporting version notice function [1.4.13.2.1] Program distribution request to distribution management server The contents server 19 sends a program distribution request to the distribution management server 16 in the same manner as described above 10 (step S91).
[1.4.13.2.2] Version notice request to UIM
__ The distribution management server 16 sends a version notice request to the UIM 12 of the mobile terminal 11 (step S92).
[1.4.13.2.3] Timer count 15 In this case, the UIM 12 does not support the version notice function, and therefore makes no response.
Thus, the distribution management server 16 monitors the timer, and upon expiry of a predetermined time-out period (step S93), sends a version notice request again to the UIM 12 of the mobile terminal 11 (step 20 S94). Then, the value on the retry counter is incremented by one.
In a similar fashion, the distribution management server 16 monitors the timer, and upon expiry of a predetermined time-out period (step S95), sends a version notice request again to the UIM 12 of the mobile terminal 11 (step S96). Then, the value of the retry counter is 25 incremented by one.
[1.4.13.2.4] No program distribution notice Once again, the distribution management server 16 monitors the timer, and upon expiry of a predetermined time-out period (step S97), sends a version notice request again to the UIM 12 of the mobile terminal 11 (step S98). Then, the value on the retry counter is incremented by one.
In the case where the figure on the retry counter reaches a predetermined value (3 in this case), the distribution management server 16 determines that the version of the UIM 12 fails to meet the conditions for the version notified from the contents server 19, and sends a no-program distribution notice to the contents server 19 (step S84).
As a result, the contents server 19 confirms that the program of which distribution is desired, cannot be distributed.
[1.4.14] Program distribution process based on UIM memory capacity limitation The limitation of the memory capacity of the UIM 12 may make the program distribution impossible, even if desired by the contents server 19.
An example of the operation performed in such a case is shown in Fig. 13.
This operation will be explained below.
[1.4.14.1] Rejection by distribution management server The contents server 19 requests the distribution management server 16, by attaching the program to be distributed, to send a program distribution request to the UIM 12 (step S101).
The information indicating the memory state of each UIM is registered in the database of the distribution management server 16. The distribution management server 16, upon receipt of the program distribution request to a given UIM 12, accesses the data base, and determines whether the basic block for the particular UIM 12 is available for storage, or if available, is too small in capacity to store the program (the capacity may vary from one version to another of UIM) or whether there is any other stumbling block to the program distribution.
In the case where the program cannot be distributed, the distribution management server 16 sends a notice to the contents server 19 that the program cannot be distributed due to the shortage of the memory capacity (step S 102).

As a result, the contents server 19 confirms that the program for which distribution is desired, cannot be distributed.
[1.4.14.2] Rejection by UIM

The memory capacity and the current occupancy state of each UIM
12 are registered in the database of the distribution management server 16.
For some reason or other, however, the actual UIM memory state may differ from the memory state registered in the database of the distribution management server 16. The operation performed in such a case is described below.
First, the contents server 19 sends a program distribution request together with a program to the distribution management server 16 (step Sill).
The distribution management server 16 accesses the data base and determines whether the basic block of the destination UIM 12 is available for storage and has a sufficient capacity.
In the case where the determination is YES, the distribution management server 16 sends a write request together with the program to the UIM 12 (step S 112).
The UIM 12 that has received the write request determines whether the program attached to the write request can be stored in any one of the basic blocks or not. In the case where the determination is NO, the UIM
12 sends a no-program distribution notice to the distribution management server 16 due to lack of memory capacity (step S 113).
The distribution management server 16, upon receipt of the no-program distribution notice due to lack of memory capacity, sends it to the contents server 19 (step S 114).

From this notice, the contents server 19 can confirm that the program cannot be distributed to the UIM to which the distribution is desired.
It may also happen that a program cannot be stored in a basic block due to a write error in the memory of the UIM 12 or the malfunction of the memory device. In such a case, exactly the same operation as described above is performed. Fig. 14 shows such an operation. In Fig. 14, steps S 121 to S 124 correspond to steps S 111 to S 114 in Fig. 13 and represent exactly the same operation, respectively.
[1.4.15] Specific example of operation Now, a specific example of the operation according to this embodiment will be explained.
[1.4.15.1] Execution of program stored in UIM
In this example of an operation, assume that a program called " 0 0 RAILWAY" is stored in the basic block 40-1 of the UIM 12.
The user operates the operating section 22 of the mobile terminal 11 and thus accesses the home page of the contents provider that has distributed the " 00 RAILWAY" program. A distribution menu screen D21 as shown in Fig. 16 is displayed on the display screen of the display section 21. This distribution menu screen D21 is provided by the contents server 19 of the contents provider. The user performs the operation for selecting an item concerning the purchase of a commutation pass from the menu displayed on the distribution menu screen D21. A purchase request for the commutation pass is transmitted from the mobile terminal 11 to the contents server 19 through the network.
As a result, a download screen D22 is sent from the contents server, 19 to the mobile terminal 11 and displayed on the display section 21. The download screen D22 contains a menu of several value data having the same monetary value as the commutation pass.
Once the user selects the desired value data, the information requesting the selected value data is sent to the contents server 19 from the mobile terminal 11.

After that, the contents server 19 sends to the mobile terminal 11 the screen data for selecting a method of account settlement. As a result, a screen D23 is displayed by the mobile terminal 11. The user selects "SELECT FROM UIM MENU" from the menu items in the screen D23, and thus can settle the account by use of the program in the UIM 12.
Specifically, once this select operation is performed, the UIM 12 is notified of the fact. Upon receipt of this notice, the control unit of the UIM 12 returns to the mobile terminal 11 the list of the programs stored in the basic blocks 40-1 to 40-6. The screen D24 containing this list is displayed on the display section 21 of the mobile terminal 11. The user selects a settlement program from the list. The selected program is executed by the UIM 12 thereby to settle the account.
Assume that the account is settled by executing the program in the program area 41 of the basic block 40-2. The data area 42 of the same basic block 40-2 is used for settling the account.
The contents server 19, upon detection that the account has been settled, sends the value data of the commutation pass included in the commutation pass purchase request described above, to the mobile terminal 11. This value data contains the information such as the names of the two stations involved, the validity term, the name of the user and the age of the user and are sent from the mobile terminal 11 to the UIM 12. The value data, which are to be used for the " 00 RAILWAY" program, are stored in the data area 42 of the basic block 40-1 corresponding to the same data in the UIM 12.
[1.4.15.2] Mail order sale using network In this example of an operation, a program for a mail order sale is stored in the basic block 40-2 of the UIM 12.
The user accesses the home page of the contents provider by operating the operating section 22 of the mobile terminal 11, so that a distribution menu screen D31 shown in Fig. 17 is displayed on the display section 21 of the mobile terminal 11. This distribution menu screen D31 is provided by the contents server 19 of the contents provider which in turn 5 provides the mail order sale (what is called "e-commerce") service utilizing the network. The user selects the desired commodity (MATSUZAKA
BEEF FOR SUKIYAKI, Y5000/KGS in Fig. 17) from the commodities listed in the distribution menu screen D31. Then, a purchase request is transrnitted from the mobile terminal 11 to the contents server 19 through 10 the network.
The contents server 19 that has received the purchase request returns a settlement method screen D32 to the mobile terminal 11. As a result, a select screen D32 is displayed on the display section 21.
From the settlement methods listed in the select screen D32, the 15 user is assumed to have selected "XX BANK". The settlement program for XX Bank stored in the basic block 40-3 of the UIM 12 is started by the control unit 30 of the UIM 12 and a settlement screen D34 is displayed.
The user inputs the personal identification (ID) number as settlement information. The mobile terminal 11 tries to connect the 20 settlement server for XX Bank through a communication unit 34 and the network, so that the screen D35 being accessed is displayed.
Upon complete authentication, a purchase amount confirmation screen D36 is displayed.
The user confirms the amount to be paid and inputs the 25 confirmation. The mobile terminal 11 displays a payment confirmation screen D37 of the contents provider, i.e. the mail order house, together with the delivery date, etc.
[1.4.15.3] Use of commutation pass (check gate passage, manual start) According to this embodiment, the mobile terminal 11 can be used as a commutation pass by storing an appropriate program in the UIM 12.
An example of operation will be explained below.

First, the user depresses a button 23. A UIM menu screen D41 shown in Fig. 18 is displayed on the display section 21. The user selects " 00 RAILWAY" for which the commutation pass is used. As a result, the control unit 30 of the UIM 12 executes the 00 RAILWAY
program in the basic block 40-1, so that a menu screen D42 is displayed on the display section 21.

When the screen D42 is displayed, the user selects "4. SET
APPLICATION AUTO. START". An automatic start set confirm screen D43 is displayed thereby prompting the user to select.
In the case where the user selects "YES", the automatic start is set.
In the case where the user selection is "NO", on the other hand, the automatic start is not set.
The gate of the railway company is equipped with a ticket check reader/writer. Before passing through the gate, the user performs the following operation.
First, the user depresses the U button 23. The UIM menu screen D41 shown in Fig. 19 is displayed on the display section 21. The user then selects " 00 RAILWAY" for which the pass is used. As a result, the control unit 30 of the UIM 12 executes the 00 RAILWAY program in the basic block 40-1, and displays the menu screen D42 on the display section 21. The user selects " 1. PASS" . The pass program constituting a part of the 00 RAILWAY program is started by the control unit 30.
In accordance with this pass - program, the control unit 30 begins communication with the ticket reader/writer for pass check. In the case where this communication is carried out by the common key cryptosystem, for example, the pass check process is performed following the steps described below.

(1) Each party checks the other party.
(2) The ticket check reader/writer requests the mobile terminal 11 to transmit information on the commutation pass.
(3) The mobile terminal 11 encrypts the pass information by the common key and transmits it to the ticket check reader/writer. The pass information display screen D53 is displayed on the display section of the mobile terminal 11.
(4) The ticket check reader/writer decrypts the received commutation pass information, and, in the case where the user is found to be legitimate, the gate is opened to allow him in.
At the same time, a message screen D54 for expressing gratitude to the user is displayed on the display section 21.
The foregoing description deals with the commutation pass. In the case where the mobile terminal 11 is used to function as a private card, however, the data area 42 is updated to indicate the value data corresponding to the amount after subtracting the actual charge in the process of (4) above.
[1.4.15.4] Use of commutation pass (gate passage: auto. start) When the screen D43 shown in Fig. 18 is displayed, the user can select "YES" and the automatic start is set. The following operation is performed. Specifically, when the mobile terminal 11 set to the automatic start mode approaches the gate of the station, a polling signal transmitted from the ticket check reader/writer is received by the mobile terminal 11.
As a result, the pass program constituting a part of the 00 RAILWAY
program is automatically started by the control unit 30 in the UIM 12, and the pass check similar to the manual start is carried out.
[1.5] Effect of first embodiment As described above, according to this embodiment, even in the case where the storage area of the storage module is divided to store each program, the mobile terminal simply provides the communication function to the UIM, and no extra burden is imposed on the mobile terminal.
Therefore, the inherent function of the mobile terminal is not adversely affected Also, the program storage, the activation, the deactivation and the deletion are not carried out by the mobile terminal, but under the control of the distribution management server. Thus, the user convenience is improved while at the same time maintaining security.

[2] Second embodiment According to the first embodiment described above, the program executed by the UIM 12 is stored in the basic blocks 40-1 to 40-6 in the same UIM. In the second embodiment, however, all the programs executed are not necessarily stored in the basic blocks.
[2.1] Configuration of second embodiment Fig. 21 is a block diagram showing a configuration of a program distribution system according to a second embodiment of the invention.
A UIM 12, contents servers 19-1 to 19-6 and 19X and a distribution management server 16A are shown in Fig. 21. The distribution management server 16A corresponds to the distribution management server 16 of the first embodiment plus the functions unique to this embodiment.
The contents servers 19-1 to 19-6 and 19X have similar functions to the contents server 19 of the first embodiment. The system according to this embodiment has an authentication server, as in the first embodiment, not shown in Fig. 21.

The UIM 12 according to this embodiment includes an application area 12C shown in Fig. 22 in place of the application area 12B of the first embodiment. The program storage area 12C is divided into seven basic blocks 40-1 to 40-7 and one free basic block 40-1.

The basic blocks 40-1 to 40-7 and the free basic block 40-Fl each have a program area 41 and a data area 42. A program (application or applet) is stored in the program area 41. The data area 42, on the other hand, has stored therein the data used by the program stored in the program area 41 of the same basic block or the free basic block.
In this case, the basic blocks 40-1 to 40-7 and the free basic block 40-Fl are independent of each other, and basically, the program stored in the program area 41 of a given block cannot access the data area 42 of other blocks. This is also the case with the first embodiment. The program stored in the program area 41 cannot be distributed or deleted without intermediary of the distribution management server 16A. The data area 42, however, can be directly operated through the distribution management server 16A or a local terminal as in the case where electronic money is downloaded from the ATM. This point is also similar to the first embodiment.
According to this embodiment, the distribution of the programs stored in the basic blocks 40-1 to 40-7 is controlled by the distribution management server 16A. The program stored in the free basic block 40-Fl, however, is controlled not by the distribution management server 16A but on the user's own responsibility.
According to the first embodiment, the program transnnitted from the contents server 19, in accordance with the distribution request from the mobile terminal 11, is sent to the UIM 12 by the distribution management server 16. The distribution management server 16A according to this embodiment, on the other hand, accepts the program distribution request from the mobile terminal 11, and on acquiring the program by accessing the contents server as required, distributes it to the UIM 12 of the mobile terminal 11. The distribution management server 16A according to this embodiment is similar to the distribution management server 16 of the first embodiment in that the program distribution from the contents server to the UIM 12 is relayed and managed. This operation, however, is not the only function of the distribution management server 16A according to this embodiment. Specifically, the distribution management server 16A has 5 means for storing a program or the information indicating the location of the program for the benefit of the user of the UIM 12, and any of the programs stored in this means can be acquired by the user through the distribution management server 16A. In this sense, the distribution management server 16A exhibits a function similar to a cache memory for 10 the UIM 12.

In order to manage the program distribution to the UIM 12 and exhibit the function like a cache memory, the distribution management server 16A includes a distribution management unit 50. The distribution management unit 50 has a user information storage unit 51 and a program 15 information storage unit 52.
The program information storage unit 52 has stored therein a program proper or a URL corresponding to the program that can be distributed to the UIM 12. The URL is the information indicating the address of a specific one of the contents servers 19-1 to 19-6 and the very 20 contents server where a particular program is located. Which is to be stored in the program information storage unit 52 for a given program, the URL information or the program proper, can be determined based on the storage capacity of the program information storage unit 52, or in the case where the storage capacity is sufficient, can be selected as desired by the 25 contents provider operating the distribution server.

The chance of storing a new program or the URL thereof in the program information storage unit 52 is given, for example, in the case where the mobile terminal 11 of a given user sends a program distribution request, and a program or the URL thereof meeting the particular distribution request is not stored in the program information storage unit 52.
In such a case, the program information storage unit 52 accesses the contents server and acquires and stores the program desired by the user, in compliance with the request from the mobile terminal 11.
The user information storage unit 51 includes n (n > 1) individual user information storage units 53-1 to 53-n corresponding to n persons to which the system, according to the invention, is applicable. Each individual user information storage unit 53-k has a real distribution information storage unit 54 and a virtual distribution information storage unit 55.
The real distribution information storage unit 54 of the individual user information storage unit 53-k has stored therein pointer data corresponding to the program actually distributed to the UIM 12 of the user k. The pointer data is for indicating a particular area in the program information storage unit 52 where the program or the URL thereof is stored.
The availability of the real distribution information storage unit 54 makes it possible for the distribution management server 16A to immediately redistribute any program, if erased, in the basic blocks 40-1 to 40-7 of the UIM 12.
The virtual distribution information storage unit 55 of the individual user information storage unit 53-k, on the other hand, stores the pointer data corresponding to an available program, though not actually distributed to the UIM 12 of the user k, that can be immediately distributed to the UIM
12 of the user k who is desirous of having such a program. The user of the UIM 12 can receive the following services by use of the virtual distribution information storage unit 55.
(a) The pointer data of a program of which distribution to the UIM 12 is desired is provisionally stored in the virtual distribution information storage unit 55. The user, whenever the distribution of the program with the pointer data thereof stored in the virtual distribution information storage unit 55 is required, sends a request to the distribution management server 16A using the mobile terminal 11. The distribution management server 16A reads the pointer data of the requested program from the virtual distribution information storage unit 55, and acquires and distributes the program specified by the particular pointer data to the UIM 12. In this case, the pointer data of the program distributed to the UIM 12 is moved from the virtual distribution information storage unit 55 to the real distribution information storage unit 54.
(b) The number of the basic blocks in the UIM 12 is limited. Therefore, it may happen that all the basic blocks are occupied and no basic block is available for storing the program to be distributed. In such a case, the distribution management server 16A reads the pointer data from the storage area corresponding to a given basic block 40-X in the UIM 12, from among the storage areas in the real distribution information storage unit 54, and transfers it to the virtual distribution information storage unit 55. The program to be distributed is sent to the UIM 12, where it is written in the basic block 40-X, and the pointer data of the program is written in the storage area corresponding to the basic block 40-X in the real distribution information storage unit 54. This process makes it possible to acquire a program by a distribution request and store it in a basic block even in the case where the basic blocks are fully occupied. In the process, with regard to the program driven away from the basic block, a request may be given again, if required, to the distribution management server 16A and the process described in (a) above can be carried out.

Now, an explanation will be given of the function of the distribution management server 16A corresponding to the free basic block 40-Fl. As already described, as for the free basic block 40-Fl, the distribution management server 16 does not manage the program distribution. The user, by operating the mobile terminal 11, can freely register or delete a program in the free basic block 40-Fl.

The real distribution information storage unit 54 of the individual user information storage unit 53 has a storage area corresponding to the basic block 40-Fl of the UIM 12. In this area, however, no pointer data of a program is stored, but the data including the number of times a program is registered in or deleted from the basic block 40-Fl or the URL
information thereof. In the case where nothing is stored in the free basic block 40-F1, the data indicating the fact ("Null" data, etc.) may be stored in this area.
The program in the free basic block 40-Fl of the UIM 12, should it be deleted, unlike the programs stored in the basic blocks 40-1 to 40-7, remains as it is until registered again by the user himself.
In the case where the user is desirous of changing the program in the free basic block 40-Fl temporarily to another program, on the other hand, such a change can be made always by the user himself rewriting it.
In such a case, the distribution management server 16A cannot carry out the charging process even if a program is stored in the free basic block 40-Fl.
The free basic block 40-Fl can be changed so that it can be handled the same way as the basic blocks 40-1 to 40-7 as desired by the user.
Specifically, before the change, seven basic blocks 40-1 to 40-7 and one free basic block 40-Fl can be used as eight basic blocks 40-1 to 40-8.
In such a case, the information to the effect that the free basic block 40-Fl has been changed to the basic block 40-8 is written by the distribution management server 16A in the system area 12A (Fig. 4) of the UIM 12. Also, the area in the real distribution information storage unit 54 that has hitherto been handled as an area corresponding to the free basic block 40-Fl can be handled by the distribution management server 16A as an area corresponding to the basic block 40-8, and using this area, the same management as that of the basic blocks 40-1 to 40-7 is started.

The basic block that has been changed to the basic block 40-8 by the user in this way can be restored to the free basic block 40-Fl again.
The basic blocks 40-1 to 40-7 cannot be changed to free basic blocks.
[2.2] Configuration of distribution management server A configuration of the distribution management server is shown in Fig. 23.
The distribution management server 16A is roughly configured of a transmission control unit 61, the user information storage unit 51 described above, the program information storage unit 52 described above and a secure communication control unit 62.
The transmission control unit 61 controls the transmission between the external contents servers 19-1 to 19-6 or between the mobile terminals 11 (including the transmission between the contents servers 19-1 to 19-6 and the mobile terminals 11). The transmission control unit 61 also controls the transmission between the user information storage unit 51, the program information storage unit 52 and the secure communication control unit 63 to each other. Further, the transmission control unit 61 controls the distribution management unit 50, the user information storage unit 51, the program information storage unit 52 and the secure communication control unit 63 on the one hand, and requests the execution of various processes in the distribution management unit 50, the user information storage unit 51, the program information storage unit 52 and the secure communication control unit 63 on the other hand:

The program information storage unit 52 substantially functions as a portal site for the program permitted to be distributed to the basic blocks 40-1 to 40-7 of the UIM 12.

The secure communication control unit 63 authenticates the information (an encrypted program, etc.) sent from the contents servers 19-1 to 19-6, holds the public key paired with the private key held by each UIM, and manages the issue of the public keys for the contents servers 19-1 to 19-6.
5 [2.3] Operation of second embodiment [2.3.1] Registration in user information storage unit In the example shown in Fig. 21, the contents servers 19-1 to 19-6 are under the control of the distribution management server 16A. The user desirous of using a program (applet) stored in any of the contents 10 servers is required to register the particular program in the user information storage unit 51 of the distribution management server 16A. The registration process will be explained below with reference to Fig. 24.
First, the user sends a request for a menu list of the programs that can be registered, to the distribution management server 16A from the 15 mobile terminal 11. This request is sent to the program information storage unit 52 through the transmission control unit 61 of the distribution management server 16A (step S 131).
The program information storage unit 52 that has received the request prepares a menu list of all the programs that can be registered or, 20 specifically, all the programs of which the program proper or the URL is stored in the program information storage unit 52, and transmits the menu list through the transmission control unit 61 to the mobile terminal 11 (step S132).

This menu list is received by the mobile terminal 11 and displayed 25 on the display section 21. Under this condition, the user can acquire, by operating the operating section 22, a comment on the desired program from the distribution management server 16A and display it on the display section 21.

Once the program of which distribution is requested is determined by the user operating the operating section 22, the mobile terminal 11 transmits a registration request containing the information specifying the particular program to the program information storage unit 52 of the distribution management server 16A (step S 133).

The program information storage unit 52, based on the program registration request, registers the program requested by the user in the user information storage unit 51 (step S 134).
The operation in step S 134 will be described in detail. First, assume that the registration request is issued from the mobile unit 11 in which the UIM 12 of a given user k is built or mounted. In this case, the program information storage unit 52, based on the registration request, identifies the program requested by the user, and determines the pointer data for specifying the internal area of the program information storage unit 52 in which the URL information indicating the location of the program or the program proper thereof is stored. Once the pointer data of the program requested by the user is obtained in this way, the program information storage unit 52 accesses the contents stored in each area of the real distribution information storage unit 54 of the individual user information storage unit 53-k corresponding to the user k, and thus determines the basic block 40-X (1 X:-5 7) available for storage among the basic blocks of the UIM 12 of the user k. The pointer data of the program requested by the user is registered in the area of the real distribution information storage unit 54 corresponding to the basic block 40-X (step S134). It may be that the UIM 12 of the user k has no basic block 40-X (1 S X< 7) available for storage. In such a case, the program information storage unit 52 registers the pointer data in the virtual distribution information storage unit 55 designated by the user or set automatically. `

In step S 141, the menu list may not have any desired program. In such a case, the user can request the program information storage unit 54, by operating the mobile terminal 11, to access to the desired contents server.
In this case, the program information storage unit 54, in compliance with the user request, acquires the program or the URL thereof from the contents server desired by the user, and holds it in the unoccupied area in the program information storage unit 54. In the process, the pointer data indicating the location of the acquired program or the URL thereof is registered in the real distribution information storage unit 54 in the same manner as the procedure mentioned above.
Upon complete registration of the program requested by the user in this way, the distribution management server 16A starts the charge process for the user or the contents provider that has distributed the particular program.
Then, the user information storage unit 51 sends a registration notice to the mobile terminal 11 through the transniission control unit 61 (step S 135).
The mobile terminal 11, upon receipt of the registration notice, sends a registration acknowledgment to the distribution management server 16A (step S 136).
The user information storage unit 51, upon receipt of the registration acknowledgment through the transmission control unit 61 from the mobile terminal 11 having the UIM 12 of the user k built therein or connected therewith, determines the contents provider 19 storing the program of which the pointer data has been registered for the user k, and sends an activation permission request to the contents server 19 (step S 137).

The contents server 19 that has received the activation permission request, in order to approve a program utilization contract, sends the activation permission to the user information storage unit 51 (step S 138).

As a result, the user information storage unit 51 considers that the use is permitted of the pointer data stored in that area of the real distribution information storage unit 54 of the individual user information storage area 53-k for the user k which corresponds to the basic block 40-X.
The user information storage unit 51 sends a registration completion notice indicating that the registration in the mobile terminal 11 is completed (step S 139). This registration completion notice contains a registration list providing a list of the programs with the pointer data thereof registered in the user information storage unit 51.
The user can confirm the registration list from the display section 21 of the mobile terminal 11.
[2.3.1.1] Registration of UIM in basic block (the contents server holding the program) The user k who has received the registration list can request the program for which he has requested registration, to be distributed and written in the UIM 12. With reference to Fig. 25, this operation will be explained.
The user k performs the operation for selecting a program of which distribution is desired from the registration list. Then, a distribution request containing the pointer in the registration list, indicating the position number in the registration list where the particular program is located, is sent to the user information storage unit 51 of the distribution management server 16A from the distribution terminal 11 (step S141).
The user information storage unit 51, upon receipt of a distribution request from the mobile terminal 11 of the user k, reads the pointer data specifying the place of storing the program proper or the URL of the program requiring distribution, from that area of the real distribution information storage unit 54 of the individual user information storage unit 53-k which corresponds to the pointer in the registration list contained in the particular distribution request. The distribution request containing the pointer data is sent to the program information storage unit 52 (step S 142).
The program information storage unit 52 accesses the area specified by the pointer data in the particular distribution request. In the case where the URL of the program is stored in the area, the program distribution is requested from the contents server 19 using the URL (step S 143).
The contents server 19, upon receipt of this distribution request, requests the authentication server 18 to issue a public key for the distribution management server (step S 144).
In the case where the contents server 18 is permitted to write in the UIM 12, the authentication server 18 issues the public key for the distribution management server to the contents server 19 (step S 145).
The contents server 19 encrypts the program using the public key for the distribution management server, and distributes it as a program, with a certificate, to the secure communication control unit 62 of the distribution management server 16A (step S146).
The secure communication control unit 62 has stored therein a distribution management server private key paired with the distribution management server public key, and using this private key, decrypts the program with a certificate. In the case where this decryption is successful, a program written in a common text is obtained.
The secure communication control unit 62 acquires the UIM public key corresponding to the destination UIM 12 from the authentication server (refer to the first embodiment), and encrypting the program by the UIM
public key, sends it to the UIM 12. In the UIM 12, the program is decrypted using the UIM private key paired with the UIM public key.
Once the decryption is successful, a program in a common text is obtained.
The UIM 12 writes this program in the basic block 40-X (step S 147). The UIM 12 determines the basic block 40-X by the same algorithm as used by the program information storage unit 52 in the distribution management server 16A. In step S 147, therefore, the same basic block 40-X is obtained as determined in step S134 of Fig. 24. Alternatively, the registration completion notice transmitted from the distribution 5 management server 16A in step S139 of Fig. 24 may contain the information specifying the unoccupied basic block 40-X determined in step S 134, and in step S147 of Fig. 25, the program is stored in the basic block 40-X specified by the particular information.
The UIM 12, at the end of the program write operation, transmits a 10 write end notice to the secure communication control unit 62 of the distribution management server 16 (step S148). This write end notice contains the information for specifying the basic block 40-X in which the program is written.
When the secure communication control unit 62 of the distribution 15 management server 16 receives the write end notice, the user information storage unit 51 sends an activation request to the contents server 19 in order to request the permission for execution of the program written in the UIM
12 (step S 149).
The contents server 19 that has received this activation request 20 sends an activation permission to the user information storage unit 51 (step S 150).
The user information storage unit 51 that has received the activation permission sends an activation instruction to the UIM 12 (step S151).
In the UIM 12, upon receipt of the activation instruction, the 25 activation flag corresponding to the basic block 40-X in which the program is written turns from "0" to "1", after which the execution of the program in the particular basic block becomes possible.
The UIM 12, at the end of the program activation, transmits an activation acknowledgment notice indicating the end of the program activation to the user information storage unit 51 of the distribution management server 16A, together with the information specifying the program (for example, the information specifying the basic block 40-X) (step S 152).

The user information storage unit 51, upon receipt of the activation acknowledgment notice from the UIM 12 of the user k, determines an area of the real distribution information storage unit 54 of the individual user information storage unit 53-k corresponding to the basic block 40-X. In this area, the pointer data corresponding to the program written in the basic block 40-X is already written in the UIM 12 of the user k. In this area, the information to the effect that the activation is complete is written in such a form that a.given pointer coexists. As the result of this operation, the distribution management server 16A can grasp whether the activation has been performed for the basic blocks 40-1 to 40-7 of all the UIMs 12 by accessing each area of the user information storage unit 51.
The user information storage unit 51, at the end of the operation for writing the information to the effect that the activation is complete, notifies the mobile terminal 11 that the registration is complete as a program list, and subsequently, notifies that the program can be executed, while at the same time ending the process (step S 153).
The distribution management server 16A notifies the contents server 19 that the activation of the program is completed (step S 154).
[2.3.1.2] Registration of in UIM basic block (in the case where the distribution management server holds the program proper) In the example of operation shown in Fig. 25, the program proper, of which the distribution is desired by the user, is not stored in the distribution management server 16A but in the contents server 19. In the operation example shown in Fig. 26, in contrast, the program proper of which the distribution is desired by the user is stored in the distribution management server 16A. The operation example shown in Fig. 26 will be explained below.

The user accesses the registration list received from the distribution management server 16A, and performs the operation for selecting the desired program. A distribution request containing the pointer in the registration list corresponding to the particular program is sent from the mobile terminal 11 to the user information storage unit 51 of the distribution management server 16A (step S161).
The user information storage unit 51, upon receipt of the distribution request from the mobile terminal 11 of the user k, reads the pointer data for specifying the place of storage of the URL of the program or the program proper of which the distribution is requested, from that area of the real distribution information storage unit 54 of the individual user information storage unit 53-k which corresponds to the pointer in the registration list contained in the distribution request. The distribution request containing this pointer data is sent to the program information storage unit 52 (step S162).
The program information storage unit 52 accesses the area designated by the pointer data in the distribution request. In the case where the program proper is stored in the particular area, the secure communication control unit 62 requests the authentication server 18 to issue a certificate, i.e. sends a request for the UIM public key required for encrypting the program proper and sending it to the UIM 12 of the user k (step S163).
In the case where the program corresponding to the distribution request is a program permitted to write in the UIM 12, the authentication server 18 sends the UIM public key to the secure communication control unit 62 (step S164).
The secure communication control unit 62 receives this UIM public key, and upon determination that the key is legitimate, encrypts the program to be distributed, using the UIM public key, and thus generates a program with certificate.
When the user performs the operation at the mobile terminal 11 to permits the program distribution, the secure communication control unit 62 of the distribution management server 16A sends a program with certificate to the UIM 12 of the mobile terminal 11 (step S 165).
The UIM 12 has stored therein a UIM private key paired with the UIM public key, and using this UIM private key, decrypts the program.
The same program is written in the basic block 40-X.
The subsequent operation is similar to the corresponding operation shown in Fig. 25. In Fig. 26, steps S166 to S171 correspond to steps S148 to S153 in Fig. 25.
[2.3.1.3] Registration in UIM basic block (In the case where the distribution management server holds the program proper, and the secure communication control unit holds the UIM public key) It may happen that when the mobile terminal 11 sends a distribution request to the distribution management server 16A, the secure communication control unit.62 of the distribution management server 16A
holds the UIM public key of the UIM 12 to which the program is to be distributed. Such a phenomenon may occur, for example, in the case where programs are distributed to the same UIM 12 within a short time.
Fig. 27 shows an example of the operation performed in such a case. In this operation example, when a program proper corresponding to the distribution request is found, the program is encrypted using the UIM
public key held in the secure communication control unit 62 and written in the UIM 12. The operation shown in Fig. 27 is similar to the operation shown in Fig. 26, except that the operation corresponding to steps S 163 and S 164 for acquiring the UIM public key from the authentication server 18 is lacking. Steps S 181, S 182, S183 to S 189 in Fig. 27 correspond to steps S 161, S 162, S 165 to S 171, respectively, in Fig. 26.
[2.3.1.4] Registration in UIM free basic block The user, by operating the mobile terminal 11, can register a program in the free basic block 40-Fl of the UIM 12. This operation is shown in Fig. 28.
In the case where a program is registered in the free basic block 40-Fl of the UIM 12, the user operates the mobile terminal 11 so that the desired contents server 19X is accessed and a request for distributing the desired program is sent to it (step S 191).
The contents server 19X that has received this distribution request distributes the requested program to the secure communication control unit 62 of the distribution management server 16A (step S 192).
The user performs the operation to permit the distribution to the free basic block 40-Fl, and the information indicating the particular operation is sent from the mobile terminal 11 to the distribution management server 16A. Then, the secure communication control unit 62 distributes the program to the UIM 12 of the mobile terminal 11 (step S 193). This program may be sent in encrypted form or without encryption. The UIM 12 writes this program in the free basic block 40-Fl.
The UIM 12, at the end of the program write operation, transmits a write end notice to the distribution management server 16 (step S 184).
The user information storage unit 51 of the distribution management server 16 receives the write end notice from the UIM 12 of the user k, and updates the information including the number of distribution sessions stored in the area of the user individual information storage unit 53-k corresponding to the free basic block 40-Fl (step S 195).
Once this update operation is completed, the user information storage unit 51 sends to the UIM 12 an activation instruction for the program written in the free basic block 40-F1 (step S 196).

The UIM 12, in compliance with this instruction, completes the program activation, and transmits to the user information storage unit 51 of 5 the distribution management server 16 an activation response notice indicating that the activation of the program in the free basic block 40-Fl is completed (step S 197).
The user information storage unit 51, upon receipt of the activation response notice from the UIM 12 of the user k, registers the information 10 that the activation is complete, in the area of the individual user information storage unit 53-k corresponding to the free basic block 40-Fl.
The user information storage unit 51 notifies, in the form of program list, the mobile terminal 11 that the registration is complete, thereby terminating the process (step S198).
15 [2.3.1.5] Program deletion from user information storage unit Now, the process for deleting the program registered in the user information storage unit 51 will be explained with reference to Fig. 29.
The user, by performing a predetermined operation, can display the registration program list received from the distribution management server 20 16A, on the display unit 21. Under this condition, the user specifies the desired program and instructs. to delete the program in the distribution management server 16A. A program registration delete request containing the information for specifying what is to be deleted is sent to the user information storage unit 51 of the distribution management server 16A
25 (step S201).

In the case where the program to be deleted is already deleted from any one of the basic blocks 40-1 to 40-7 of the UIM 12, the user information storage unit 51 sends a cancel request indicating the desire of the user to cancel the utilization of the program, to the contents server 19 from which the particular.program is distributed (step S202). In the case where a program to be deleted remains undeleted in any one of the basic blocks 40-1 to 40-7 of the UIM 12, on the other hand, the process for deletion of the program from the basic blocks 40-1 to 40-7, described later, is carried out at the same time under the guidance of the distribution management server 16A.
The contents server 19, upon receipt of the cancel request, sends a cancel permission notice to the user information storage unit 51 of the distribution management server 16A (step S203).
The user information storage unit 51, upon receipt of the cancel permission notice, deletes the information on the program of which the deletion is requested in step S201, and sends the registered program list after deletion to the mobile terminal 11 (step S204).
[2.3.16] Program deletion from UIM basic block Now, the process for deleting a program from the basic blocks 40-1 to 40-7 of the UIM 12 will be explained with reference to Fig. 30.
The user, by performing a predetermined operation, can display on the display unit 21 the registered program list transmitted already to the mobile terminal 11. Under this condition, assume that the user specifies the desired program and gives an instruction to delete it. One of the basic blocks 40-1 to 40-7 of the UIM 12 where the program to be deleted is stored is determined, and a deletion request containing the information specifying the particular basic block is transmitted from the mobile terminal 11 to the user information storage unit 51 of the distribution management server 16A (step S211).
The user information storage unit 51, upon receipt of the deletion request, sends a deletion permission notice to the UIM 12 (step S212).
The UIM 12, upon receipt of the deletion permission notice, deletes the program specified by the user in step S211 from the basic block, and sends a deletion end notice to the user information storage unit 51 (step S213).

As a result, the user information storage unit 51 deletes the information on the corresponding program under the control of the transmission control unit 61, and gives a deletion notice to the contents server 19 (step S214).
Also, the user information storage unit 51 notifies the mobile terminal 11 that the deletion is complete in the form of a program list, thereby ending the process.
[2.3.1.6.1] The case in which the program deletion from basic block is carried out at the same time under the guidance of distribution management server.
As described above, if the process for deleting a program from the basic blocks 40-1 to 40-7 is carried out at the same time as the deletion of the program from the user information storage unit 5 under the guidance of the distribution management server, the user information storage unit 51 of the distribution management server sends a deletion instruction to the UIM
by specifying the program of which deletion is requested, in place of the process of steps S211 and S212 described above.
[2.3.1.7] The case in which use of user information storage unit is prohibited.
According to this embodiment, a deactivation process for the user information storage unit can be executed for preventing the user from using the user information storage unit 51. This deactivation process for the user information storage unit is carried out, for example, in the case where the distribution management server 16A stops the service temporarily, or the service of the distribution management server 16A to the user is temporarily suspended at the request of the contents provider holding the contents server 19. Once this deactivation process for the user information storage unit is carried out, the distribution of the programs registered in the user information storage unit 51 to the UIM 12 is prohibited and so is the deletion of the programs registered in the UIM 12.
Now, with reference to Fig. 31, the deactivation process for the user information storage unit will be explained. The following description concerns the case in which the contents server 19 requests the deactivation process for the user information storage unit.
First, the contents server 19 sends a user information storage unit deactivation request to the user information storage unit 51 of the distribution management server 16A (step S221).
The user information storage unit 51, upon receipt of the user information storage unit deactivation request, is _prohibited from use (deactivated state), and sends a user information storage unit deactivation permission notice to the contents server 19 (step S222).
Then, the user information storage unit 51 sends to the mobile terminal 11 a user information storage unit deactivation notice to the effect that the use of the user information storage unit 52 has been prohibited (step S223).
As a result, the user of the mobile terminal 11 can confirm that the use of the user information storage unit 51 has been prohibited.
[2.3.1.7.1] The case in which the user information storage unit is deactivated by distribution management server In the case where the user information storage unit is deactivated by the distribution management server 16A by itself, the user information storage unit 51 is prohibited from use (deactivated), and sends a user information storage unit deactivation notice to the mobile terminal 11 indicating that the use of the user information storage unit 51 is prohibited (step S223).

[2.3.1.8] The case in which the use of the program stored in UIM basic block is prohibited Now, the process for deactivation of basic block for prohibiting the use of a program stored in the basic blocks 40-1 to 40-7 or the free basic block 40-Fl of the UIM 12 will be explained with reference to Fig. 32.
This process is carried out in the case where the mobile terminal 11 is stolen or the contents provider requests the user to prohibit the use thereof. Once this process is carried out, the user is prohibited from using the programs stored in the basic blocks (including the free basic block) involved. The description that follows deals with the case in which the user service server 65 in charge of user services, taking an appropriate measure such as when the mobile terminal 11 is stolen, requests the process for deactivating the basic blocks based on the report from the user.
Fig. 32 shows a sequence of the deactivation process for the basic blocks.
First, the user service server 65 sends a basic block deactivation request to the user information storage unit 51 of the distribution management server 16A (step S231).
The user information storage unit 51, upon receipt of the basic block deactivation request, sends a deactivation instruction to the UIM 12 (step S232).
As a result, the UIM 12 deactivates the basic blocks meeting the basic block deactivation request, and gives a basic block deactivation response indicating that the use of the basic blocks has been prohibited (step S233).
Then, the user information storage unit 51 gives a basic block deactivation end notice to the user service server 65 indicating that the use of the basic blocks of the UIM 12 has been prohibited (step S234).
Further, the user information storage unit 51 gives a user information storage unit list to the mobile terminal 11 indicating that the use of the basic blocks (which may include the free basic block) is prohibited, thereby ending the process (step S235).
[2.4] Effects of second embodiment As described above, according to the second embodiment, programs 5 can be distributed beyond the limit of the number of the storage areas of the storage module (UIM), and the operating convenience on the part of the user is improved.
Also, the distribution management server can easily manage the activation/deactivation of the program distributed, and the distribution and 10 the activation/deactivation of the program ready for distribution.
[3] Modifications of embodiments [3.11 First modification The foregoing description deals with the case in which a single distribution management server is involved. Nevertheless, a plurality of 15 distribution management servers can be provided for distributed processing.
In such a case, the programs stored in each UIM and the information on the storage area of each program can be stored in a common database.
20 [3.2] Second modification Apart from the foregoing description, dealing with the case in which the distribution management server is connected directly to a line switching network, the distribution management server can be connected to the line switching network through an internet making up a packet 25 switching network and an internet gateway.
[3.3] Third modification Although only the UIM is described above as a storage module, the invention is also applicable to various IC card memories with equal effect.
In this case, the storage module can be arranged at a fixed terminal as well as at a mobile terminal.

Claims (22)

1. A program distribution system for distribution of a program, the program distribution system comprising:

a mobile terminal configured to receive a program wirelessly transmittable to the mobile terminal in a non-activated and encrypted condition, the mobile terminal comprising a user identification module and a first operational control unit configured to control operation of the mobile terminal, the first operational control unit further configured to transfer the program in the non-activated and encrypted condition to the user identification module in response to receipt of the program at the mobile terminal; and the user identification module comprising a plurality of memory blocks, and a second operational control unit configured to control operation of the user identification module, the second operational control unit further configured to decrypt the program and store the program in a non-activated condition in one of the memory blocks.
2. The program distribution system of claim 1, wherein the user identification module is configured to receive location information indicative of the one of the memory blocks the program is to be stored within, the location information transmittable to the mobile terminal and transferable to the user identification module.
3. The program distribution system of claim 1, wherein the mobile terminal is configured to transmit a request for distribution of the program to the mobile terminal.
4. The program distribution system of claim 1, wherein the program storable by the user identification module is only activatable by the user identification module in response to receipt by the user identification module of a program activation request that is transmittable to the mobile terminal.
5. The program distribution system of claim 1, wherein the program storable by the user identification module is only deactivatable by the user identification module in response to receipt by the user identification module of a program deactivation request transmittable to the mobile terminal.
6. The program distribution system of claim 1, wherein the program storable by the user identification module is only deleteable by the user identification module in response to receipt by the user identification module of a program deletion request transmittable to the mobile terminal.
7. The program distribution system of claim 1, wherein the one of the memory blocks is configured to securely store value data in conjunction with the program, wherein the user identification module is directable to execute the program to apply the value data to a monetary debt that is incurred with the mobile terminal.
8. The program distribution system of claim 1, wherein each of the memory blocks comprises a program area and a data area, the user identification module configured to store the program in the program area of the one of the memory blocks and data associated with the program in the data area of the same one of the memory blocks.
9. The program distribution system of claim 8, wherein the user identification module is configured to selectively make at least one of the program and the associated data storable in the one of the memory blocks accessible by another program storable and executable in another memory block.
10. A mobile terminal for use in distributing a program, the mobile terminal comprising:

a first operational control unit and a storage unit, the operational control unit configured to control operation of the mobile terminal based on a control program included in the storage unit;

a communication unit configured to receive a program wirelessly transmittable to the mobile terminal in a non-activated and encrypted condition;

a user identification module interface unit in communication with the communication unit, the communication unit configured to transfer the program in the non-activated and encrypted condition to the user identification module interface unit;

a user identification module coupled with the user identification module interface unit, the user identification module interface unit is configured to transfer the program in the non-activated and encrypted condition to the user identification module; and the user identification module comprises a plurality of memory blocks and a second operational control unit configured to control operation of the user identification module, the second operational control unit further configured to decrypt the program and store the program in a non-activated condition in one of the memory blocks.
11. The mobile terminal of claim 10, wherein the communication unit is further configured to receive location information that is wirelessly transmittable to the mobile terminal, the location information is indicative of the one of the memory blocks the program is to be stored within, and wherein the location information is transferable from the communication unit to the user identification module via the user identification module interface unit to indicate to the user identification module where the decrypted program is to be stored.
12. The mobile terminal of claim 10, further comprising a display section in communication with the first operational control unit and the communication unit, wherein a request for distribution of the program to the mobile terminal is transmittable with the communication unit as directed by the first operational control unit in conjunction with the display section.
13. The mobile terminal of claim 10, wherein the user identification module interface unit is configured to communicate directly with the operational control unit to transmit and receive data, and wherein the user identification module interface unit is further configured to communicate directly with the communication unit to transmit and receive data without intermediation of the first operational control unit.
14. The mobile terminal of claim 13, further comprising an external equipment interface configured to exchange information with a communication device that is external to the mobile terminal, wherein the user identification module interface unit is further configured to communicate directly with the external equipment interface to exchange information with the communication device without intermediation of the first operational control unit.
15. The mobile terminal of claim 10, wherein the program storable by the user identification module is only activatable by the user identification module in response to receipt by the user identification module of a program activation request that is transmittable to the communication unit and receivable by the user identification module via the user identification module interface unit.
16. The mobile terminal of claim 10, wherein the program storable by the user identification module is only deactivatable by the user identification module in response to receipt by the user identification module of a program deactivation request that is transmittable to the communication unit and receivable by the user identification module via the user identification module interface unit.
17. The mobile terminal of claim 10, wherein the program storable by the user identification module is only deleteable by the user identification module in response to receipt by the user identification module of a program deletion request that is transmittable to the communication unit and receivable by the user identification module via the user identification module interface unit.
18. The mobile terminal of claim 10, wherein the one of the memory blocks is configured to securely store value data in conjunction with the program, and wherein the user identification module is directable to execute the program to apply the value data to a monetary debt that is incurred with the mobile terminal.
19. The mobile terminal of claim 10, wherein each of the memory blocks comprises a program area and a data area, and the user identification module is further configured to store the program in the program area of the one of the memory blocks and data associated with the program in the data area of the same one of the memory blocks.
20. The mobile terminal of claim 19, wherein the user identification module is further configured to selectively make at least one of the program and the associated data storable in the one of the memory blocks accessible by another program storable and executable in another one of the memory blocks.
21. The mobile terminal of claim 10, wherein the user identification module is configured to decrypt the program with a user identification module private key stored in the user identification module.
22. The mobile terminal of claim 10, wherein the user identification module is configured to control access by the program to other memory blocks.
CA002397711A 2001-01-31 2002-01-30 Method and apparatus for delivering program to storage module of mobile terminal Expired - Fee Related CA2397711C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP2001024738 2001-01-31
JP2001-24738 2001-01-31
JP2001083567 2001-03-22
JP2001-83567 2001-03-22
PCT/JP2002/000699 WO2002061572A1 (en) 2001-01-31 2002-01-30 System for delivering program to storage module of mobile terminal

Publications (2)

Publication Number Publication Date
CA2397711A1 CA2397711A1 (en) 2002-08-08
CA2397711C true CA2397711C (en) 2008-12-23

Family

ID=26608713

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002397711A Expired - Fee Related CA2397711C (en) 2001-01-31 2002-01-30 Method and apparatus for delivering program to storage module of mobile terminal

Country Status (15)

Country Link
US (1) US7269445B2 (en)
EP (1) EP1248188B1 (en)
JP (1) JP3910915B2 (en)
KR (2) KR20020079922A (en)
CN (2) CN1455894A (en)
AU (1) AU2002228370B2 (en)
BR (1) BR0202291A (en)
CA (1) CA2397711C (en)
HK (1) HK1047642A1 (en)
NO (1) NO330991B1 (en)
NZ (2) NZ536782A (en)
PL (1) PL358713A1 (en)
SG (1) SG145548A1 (en)
TW (1) TWI221585B (en)
WO (1) WO2002061572A1 (en)

Families Citing this family (89)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8077679B2 (en) 2001-03-28 2011-12-13 Qualcomm Incorporated Method and apparatus for providing protocol options in a wireless communication system
US8121296B2 (en) 2001-03-28 2012-02-21 Qualcomm Incorporated Method and apparatus for security in a data processing system
US9100457B2 (en) 2001-03-28 2015-08-04 Qualcomm Incorporated Method and apparatus for transmission framing in a wireless communication system
US7693508B2 (en) 2001-03-28 2010-04-06 Qualcomm Incorporated Method and apparatus for broadcast signaling in a wireless communication system
US7185362B2 (en) * 2001-08-20 2007-02-27 Qualcomm, Incorporated Method and apparatus for security in a data processing system
US7352868B2 (en) 2001-10-09 2008-04-01 Philip Hawkes Method and apparatus for security in a data processing system
US7649829B2 (en) 2001-10-12 2010-01-19 Qualcomm Incorporated Method and system for reduction of decoding complexity in a communication system
KR100447064B1 (en) * 2001-11-14 2004-09-04 에스케이텔레텍주식회사 Method for Limiting Authority to use Application Programming Interface of Contents Application Program for Mobile Communication Device
JP2003152698A (en) * 2001-11-15 2003-05-23 Nippon Hoso Kyokai <Nhk> Contents utilization control transmitting method, contents utilization control receiving method, contents utilization control transmitting device, contents utilization control receiving device, contents utilization control transmitting program and contents utilization control receiving program
JP4045805B2 (en) * 2002-01-11 2008-02-13 日本電気株式会社 Television receiver and television application control method
JP4051968B2 (en) * 2002-03-07 2008-02-27 日本電気株式会社 Digital broadcast receiver
JP3742029B2 (en) * 2002-04-15 2006-02-01 埼玉日本電気株式会社 Mobile phone
US20050101309A1 (en) * 2002-05-29 2005-05-12 Martin Croome Method and apparatus for selective configuration based upon expansion card presence
US20040194027A1 (en) * 2002-12-27 2004-09-30 Akira Suzuki Computerized electronic document producing, editing and accessing system for maintaining high-security
US7599655B2 (en) 2003-01-02 2009-10-06 Qualcomm Incorporated Method and apparatus for broadcast services in a communication system
US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US7308573B2 (en) 2003-02-25 2007-12-11 Microsoft Corporation Enrolling / sub-enrolling a digital rights management (DRM) server into a DRM architecture
US8098818B2 (en) 2003-07-07 2012-01-17 Qualcomm Incorporated Secure registration for a multicast-broadcast-multimedia system (MBMS)
US8718279B2 (en) 2003-07-08 2014-05-06 Qualcomm Incorporated Apparatus and method for a secure broadcast system
US8006309B2 (en) * 2003-08-11 2011-08-23 Sony Corporation Information processing device and communication method
US8724803B2 (en) 2003-09-02 2014-05-13 Qualcomm Incorporated Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
FI20035235A0 (en) * 2003-12-12 2003-12-12 Nokia Corp Arrangement for processing files at a terminal
US7257583B2 (en) * 2004-01-09 2007-08-14 Microsoft Corporation System and method for updating an on-device application catalog in a mobile device receiving a push message from a catalog server indicating availability of an application for download
JP4593156B2 (en) * 2004-04-07 2010-12-08 株式会社エヌ・ティ・ティ・ドコモ COMMUNICATION DEVICE AND PROGRAM DOWNLOAD METHOD
JP4722408B2 (en) * 2004-04-07 2011-07-13 株式会社エヌ・ティ・ティ・ドコモ Information processing apparatus and program deletion method
JP4763332B2 (en) 2004-09-03 2011-08-31 株式会社エヌ・ティ・ティ・ドコモ Mobile terminal device, contactless card function management system, and contactless card function acquisition system
JP3703098B1 (en) * 2004-11-11 2005-10-05 株式会社エヌ・ティ・ティ・ドコモ Mobile terminal device
JP2006178912A (en) * 2004-12-24 2006-07-06 Fujitsu Ltd Information processing method and program
JP4704045B2 (en) 2005-01-12 2011-06-15 株式会社エヌ・ティ・ティ・ドコモ Communication apparatus, digital signature verification method, and digital signature generation method
US9275052B2 (en) 2005-01-19 2016-03-01 Amazon Technologies, Inc. Providing annotations of a digital work
FR2882835B1 (en) * 2005-03-01 2007-09-07 Softway Sa SECURE TRANSFER METHOD WITH SECURE MEDIA CARD
US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
US7483416B2 (en) * 2005-04-01 2009-01-27 Cml Emergency Services Inc. Internet protocol radio dispatch system and method
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
DE112006000536T5 (en) * 2005-04-21 2008-06-05 Mitsubishi Electric Corp. Program delivery device, storage medium and information system mounted on a motor vehicle
US20060265758A1 (en) 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
KR100663498B1 (en) * 2005-10-11 2007-01-02 삼성전자주식회사 Apparatus and method for improving web service using a user identity module of terminal , and the system thereof
FR2892261A1 (en) * 2005-10-17 2007-04-20 France Telecom METHOD AND SYSTEM FOR MANAGING APPLICATIONS OF A MOBILE TERMINAL
JP2007243773A (en) * 2006-03-10 2007-09-20 Fujitsu Ltd 4g access point type communication system
US8352449B1 (en) 2006-03-29 2013-01-08 Amazon Technologies, Inc. Reader device content indexing
US8260278B2 (en) * 2006-05-12 2012-09-04 The Mitre Corporation Framework for agile mobile applications
CN101449579B (en) * 2006-07-05 2011-10-19 艾格瑞系统有限公司 Systems and methods for enabling consumption of copy-protected content across multiple devices
KR100791764B1 (en) * 2006-07-20 2008-01-03 (주) 엘지텔레콤 Traffic information management system for mobile terminal having eletronic card and method therefore
US7676615B2 (en) * 2006-08-21 2010-03-09 Panasonic Corporation Contents data storage device and contents data update system
JP2008077440A (en) * 2006-09-21 2008-04-03 Sony Corp Information processing apparatus, information processing method, and information processing program
US8725565B1 (en) 2006-09-29 2014-05-13 Amazon Technologies, Inc. Expedited acquisition of a digital item following a sample presentation of the item
US9672533B1 (en) 2006-09-29 2017-06-06 Amazon Technologies, Inc. Acquisition of an item based on a catalog presentation of items
US7865817B2 (en) 2006-12-29 2011-01-04 Amazon Technologies, Inc. Invariant referencing in digital works
US7751807B2 (en) 2007-02-12 2010-07-06 Oomble, Inc. Method and system for a hosted mobile management service architecture
US8024400B2 (en) 2007-09-26 2011-09-20 Oomble, Inc. Method and system for transferring content from the web to mobile devices
US7716224B2 (en) 2007-03-29 2010-05-11 Amazon Technologies, Inc. Search and indexing on a user device
US9665529B1 (en) 2007-03-29 2017-05-30 Amazon Technologies, Inc. Relative progress and event indicators
JP2008269292A (en) * 2007-04-20 2008-11-06 Sony Corp Information processing method and terminal device
US7921309B1 (en) 2007-05-21 2011-04-05 Amazon Technologies Systems and methods for determining and managing the power remaining in a handheld electronic device
KR101398908B1 (en) * 2007-05-22 2014-05-26 삼성전자주식회사 Method and system for managing mobility in mobile telecommunication system using mobile ip
JP2008294976A (en) 2007-05-28 2008-12-04 Nec Corp Portable terminal, portable terminal management system and data storing method
US8391837B2 (en) 2007-07-24 2013-03-05 Nxp B.V. Method, system and trusted service manager for securely transmitting an application to a mobile phone
JP5286714B2 (en) 2007-08-23 2013-09-11 ソニー株式会社 Electronic wallet device, electronic value utilization method and program
JP5018339B2 (en) 2007-08-23 2012-09-05 ソニー株式会社 Signal processing apparatus, signal processing method, and program
JP4403433B2 (en) 2007-08-23 2010-01-27 ソニー株式会社 Electronic wallet device, communication method and program
JP2009053766A (en) * 2007-08-23 2009-03-12 Sony Corp Electronic wallet device, communication method and program
CN101119387B (en) * 2007-09-10 2012-11-14 北京网秦天下科技有限公司 Method and system with convenience to customize, configure and transfer handset software service
EP2043060A1 (en) 2007-09-27 2009-04-01 Nxp B.V. Trusted service manager managing reports of lost or stolen mobile communication devices
JP5651473B2 (en) * 2007-11-06 2015-01-14 ジエマルト・エス・アー Sharing or reselling NFC applications between mobile communication devices
CN101159488B (en) * 2007-11-12 2013-06-05 中兴通讯股份有限公司 Physical broadcasting channel transmitting method of TDD system
KR100958108B1 (en) * 2007-11-12 2010-05-17 한국전자통신연구원 Method and apparatus for protecting illegal program copy of mobile communication terminals
US8831220B2 (en) * 2007-11-30 2014-09-09 Battelle Energy Alliance, Llc Processing module operating methods, processing modules, and communications systems
WO2009113017A1 (en) 2008-03-10 2009-09-17 Nxp B.V. Method and devices for installing and retrieving linked mifare applications
KR101437446B1 (en) 2008-03-31 2014-09-05 삼성전자주식회사 Display apparatus, control method thereof and control method of external device
US8769656B2 (en) 2008-05-29 2014-07-01 Nxp B.V. Method and trusted service manager for providing fast and secure access to applications on an IC card
US8423889B1 (en) 2008-06-05 2013-04-16 Amazon Technologies, Inc. Device specific presentation control for electronic book reader devices
US9087032B1 (en) 2009-01-26 2015-07-21 Amazon Technologies, Inc. Aggregation of highlights
US8378979B2 (en) 2009-01-27 2013-02-19 Amazon Technologies, Inc. Electronic device with haptic feedback
US9946848B2 (en) 2009-02-26 2018-04-17 International Business Machines Corporation Software protection using an installation product having an entitlement file
US8832584B1 (en) 2009-03-31 2014-09-09 Amazon Technologies, Inc. Questions on highlighted passages
EP2464158A1 (en) * 2009-08-07 2012-06-13 Fujitsu Limited Base station device, data processing device and mobile communication system
FR2950172B1 (en) * 2009-09-14 2011-11-11 Oberthur Technologies METHOD AND DEVICE FOR INSTALLING A MIFARE APPLICATION IN A MIFARE MEMORY
US8692763B1 (en) 2009-09-28 2014-04-08 John T. Kim Last screen rendering for electronic book reader
US8537004B2 (en) * 2009-09-30 2013-09-17 Carefusion 303, Inc. Verification of dispensed items
US10878404B2 (en) * 2010-06-29 2020-12-29 Feitian Technologies Co., Ltd. Method for operating an e-purse
US9495322B1 (en) 2010-09-21 2016-11-15 Amazon Technologies, Inc. Cover display
JP5522075B2 (en) * 2011-02-15 2014-06-18 コニカミノルタ株式会社 Image forming apparatus, image forming system, image forming apparatus control method, and image forming apparatus control program
US9158741B1 (en) 2011-10-28 2015-10-13 Amazon Technologies, Inc. Indicators for navigating digital works
KR102081012B1 (en) * 2012-10-08 2020-02-24 패트릭 순-시옹 Distributed storage systems and methods
CN102984204B (en) * 2012-10-31 2015-09-09 广东欧珀移动通信有限公司 A kind of method and mobile intelligent terminal obtaining application program
CN103279708A (en) * 2012-12-28 2013-09-04 武汉安天信息技术有限责任公司 Method and system for monitoring and analyzing mobile terminal malicious code behaviors
JP5862586B2 (en) * 2013-03-22 2016-02-16 カシオ計算機株式会社 Content distribution system and content distribution method
CN105204442A (en) * 2015-09-02 2015-12-30 华中科技大学 Numerical control system internal instruction marking, real-time modulation and sending method
JP7331714B2 (en) 2020-01-27 2023-08-23 富士通株式会社 Information processing device, information processing method and program

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0687220B2 (en) 1988-10-31 1994-11-02 株式会社日立製作所 Program distribution device
JPH06195217A (en) * 1992-12-24 1994-07-15 Nippon Telegr & Teleph Corp <Ntt> Software addition function providing method
JPH08249312A (en) 1995-03-13 1996-09-27 Ekushingu:Kk Information providing system and information providing terminal used for the same
JP3688356B2 (en) 1995-08-31 2005-08-24 富士通株式会社 Licensee notification system
US6067575A (en) 1995-12-08 2000-05-23 Sun Microsystems, Inc. System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs
JPH09244900A (en) 1996-03-11 1997-09-19 Taito Corp Communication karaoke sing-along machine, host computer for communication karaoke, and communication karaoke system
US5887254A (en) * 1996-04-26 1999-03-23 Nokia Mobile Phones Limited Methods and apparatus for updating the software of a mobile terminal using the air interface
TW313642B (en) 1996-06-11 1997-08-21 Ibm A uniform mechanism for using signed content
US5825877A (en) 1996-06-11 1998-10-20 International Business Machines Corporation Support for portable trusted software
JPH1078867A (en) 1996-09-03 1998-03-24 Hitachi Ltd Software flow system
US6023620A (en) * 1997-02-26 2000-02-08 Telefonaktiebolaget Lm Ecrisson Method for downloading control software to a cellular telephone
JPH10301772A (en) 1997-04-30 1998-11-13 Sony Corp Information processor and method therefor and recording medium
JPH11170752A (en) 1997-12-15 1999-06-29 Nippon Shinpan Co Ltd Card equipped with validating means or invalidating means
JP3994518B2 (en) * 1998-05-11 2007-10-24 ソニー株式会社 Data distribution device and terminal device for data distribution
JPH11338946A (en) * 1998-05-25 1999-12-10 Glory Ltd Deposit processing method in electronic wallet system using ic card
JP3565715B2 (en) * 1998-07-02 2004-09-15 松下電器産業株式会社 Broadcast system and broadcast transceiver
FI105966B (en) * 1998-07-07 2000-10-31 Nokia Networks Oy Authentication in a telecommunications network
JP2000184085A (en) * 1998-12-18 2000-06-30 Fujitsu Ltd Portable equipment, attachment for portable terminal and system using portable equipment
IT1305084B1 (en) 1998-12-28 2001-04-10 Tim Telecom Italia Mobile S P MOBILE TERMINAL FOR TELECOMMUNICATIONS AND RELATED SYSTEM.
AU1889699A (en) 1999-01-13 2000-08-01 Hitachi Limited Method and system for executing mobile code
JP2000293584A (en) * 1999-04-09 2000-10-20 Nec Software Chugoku Ltd Contents distribution system and method for managing contract
GB2349548A (en) 1999-04-27 2000-11-01 Roke Manor Research Downloading software to mobile telecommunication users
JP4404415B2 (en) 1999-05-11 2010-01-27 三洋電機株式会社 Information distribution system and music distribution system
JP4149636B2 (en) 1999-05-21 2008-09-10 株式会社ディジティ・ミニミ Service providing system, service providing method, and portable terminal
US6941270B1 (en) 1999-06-21 2005-09-06 Nokia Corporation Apparatus, and associated method, for loading a mobile terminal with an application program installed at a peer device
JP2001117885A (en) 1999-10-18 2001-04-27 Ntt Comware Corp Client server system

Also Published As

Publication number Publication date
NO20024672D0 (en) 2002-09-30
US20020194474A1 (en) 2002-12-19
KR100749690B1 (en) 2007-08-17
SG145548A1 (en) 2008-09-29
EP1248188A1 (en) 2002-10-09
NZ519177A (en) 2005-04-29
US7269445B2 (en) 2007-09-11
NO20024672L (en) 2002-11-29
KR20020079922A (en) 2002-10-19
BR0202291A (en) 2003-06-10
PL358713A1 (en) 2004-08-09
JP3910915B2 (en) 2007-04-25
AU2002228370B2 (en) 2004-06-24
KR20040091717A (en) 2004-10-28
CA2397711A1 (en) 2002-08-08
CN1455894A (en) 2003-11-12
JPWO2002061572A1 (en) 2004-06-03
HK1047642A1 (en) 2003-02-28
EP1248188A4 (en) 2009-12-23
NO330991B1 (en) 2011-09-05
NZ536782A (en) 2005-10-28
EP1248188B1 (en) 2017-09-20
TWI221585B (en) 2004-10-01
WO2002061572A1 (en) 2002-08-08
CN1592187A (en) 2005-03-09

Similar Documents

Publication Publication Date Title
CA2397711C (en) Method and apparatus for delivering program to storage module of mobile terminal
EP1193986B1 (en) Method and system of remotely controlling a portable terminal and a computer product
CN100377027C (en) System for managing program
US6237093B1 (en) Procedure for setting up a secure service connection in a telecommunication system
US20010013020A1 (en) Service providing system and method used therefor
JP2002044731A (en) Apparatus for model changing, method therfor and recording medium recorded with program therefor
WO2001043004A1 (en) Electronic commerce contract mediation method and mobile communication network
JP2006309489A (en) System, server and terminal for settlement, value management unit, mobile communication terminal, settlement method and program
JP2002032692A (en) Method for providing information service
JP2003516574A (en) Electronic payment system via telecommunications network
KR20030083999A (en) Method for IC Card management and personalization using wireless communication network
JP2001237989A (en) Charging acting system to owner of information display type portable telephone
US20050108105A1 (en) Contract server
CN101827347A (en) Communication method, communication system and access method to service provider base
JP2001168980A (en) Method for inhibiting use of mobile communication terminal, mobile communication network and mobile communication terminal
JP4071271B2 (en) Personal electronic payment system
JP2003157366A (en) Personal information management method, management device, physical distribution device, and goods physical distribution system
KR20030041754A (en) Electronic money processing method and program and recording medium
AU2004203674A1 (en) System for program delivery to a storage module of a mobile terminal
JP2002207895A (en) Method for using ic card, information providing method with privilege, information providing method and pay information providing method
KR20030029987A (en) Method and device for co-ordinating telecommunication services
CN101329634B (en) Program dispensing system for dispensing program and mobile terminal
JP7402294B1 (en) Information processing system, information processing method, and information processing program
US20050132218A1 (en) Service processing device and processing support device
KR20070086284A (en) Method of and system for communicating liability data in a telecommunications network

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20170130