CN101231768A - Multi-application intelligent card and method for realizing intelligent card multi application - Google Patents

Multi-application intelligent card and method for realizing intelligent card multi application Download PDF

Info

Publication number
CN101231768A
CN101231768A CNA2008100568832A CN200810056883A CN101231768A CN 101231768 A CN101231768 A CN 101231768A CN A2008100568832 A CNA2008100568832 A CN A2008100568832A CN 200810056883 A CN200810056883 A CN 200810056883A CN 101231768 A CN101231768 A CN 101231768A
Authority
CN
China
Prior art keywords
application program
application
authorization message
authorization
mandate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008100568832A
Other languages
Chinese (zh)
Other versions
CN101231768B (en
Inventor
孙吉平
韩勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
SHENSILUOKE DATA PROTECTION CENTER BEIJING
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENSILUOKE DATA PROTECTION CENTER BEIJING filed Critical SHENSILUOKE DATA PROTECTION CENTER BEIJING
Priority to CN2008100568832A priority Critical patent/CN101231768B/en
Publication of CN101231768A publication Critical patent/CN101231768A/en
Application granted granted Critical
Publication of CN101231768B publication Critical patent/CN101231768B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

The invention discloses a multiple utility smart card. A license manager (LM) receives an application license resolution request sent by an application manager. The license information corresponding to an application is resolved according to the prestored license information for maintenance of each application in the multiple utility smart card. The application license resolution result is returned to the application manager, and the application manager initializes the runtime environment for the application according to the application license resolution result. As the runtime environment of the application in the multiple utility smart card is controlled by means of licensing, running of each application can be controlled, thus ensuring that only licensed applications can run in the multiple utility smart card and that applications can only use the resources of the multiple utility smart card within a dynamically configured and licensed range. The invention further discloses a method for achieving the multiple utility of the smart card.

Description

A kind of multi-application smart card and the realization smart card methods of using more
Technical field
The present invention relates to smart card application technologies, particularly a kind of multi-application smart card and the realization smart card methods of using more.
Background technology
Along with E-Government and Development of E-business, the application of smart card more and more widely.All need the support of smart card techniques as business such as the safe authentication of Web bank's height, electronic transaction, E-Passports.Along with the increasing and popularize of application of IC cards, the smart card that the user needs is also more and more, as Web bank payment smart card, electronic transaction smart card and E-Passport smart card etc.So not only improved the cost that the user uses smart card, also inconvenient user is to the management of smart card.
In order to overcome above-mentioned defective, prior art proposes a kind of multi-application smart card, and promptly a card can be supported the multiple different application of user, and for example, a multi-application smart card can be supported business such as Web bank's payment, electronic transaction, E-Passport simultaneously.The many application that realize smart card are to be installed in the same card by the application program with a plurality of business, in installation process, multi-application smart card can be controlled the installation of each business application or not install, and the authority of configuring application program access system resources and service when mounted, after installing, the user just can use the application of the application program correspondence of installation, just application program corresponding service.
Therefore, existing multi-application smart card uses the cost of smart card and makes things convenient for the management of user though can effectively reduce the user to smart card, but it is not strong to the security control of using, for example, can only carry out security control in the installation process of application program, for the application program of having installed, the operation of this application program no longer is subjected to the control of multi-application smart card, just in a single day application program installs, and does not need to carry out security certificate again and just can directly move; Further, can only be when application program be installed the authority of access system resources during the static configuration operation.
Summary of the invention
In view of this, the invention provides a kind of multi-application smart card, can control application program and dynamic-configuration application program operation authority in the multi-application smart card.
The present invention also provides a kind of smart card methods of using that realize more, can control application program and dynamic-configuration application program operation authority in the multi-application smart card.
For achieving the above object, the technical scheme of the embodiment of the invention specifically is achieved in that
A kind of multi-application smart card, this multi-application smart card comprises: application manager and Authorization Manager, wherein,
Described application manager is used for sending application program mandate analysis request to described Authorization Manager; Whether decision allows this application program operation according to the application program mandate analysis result that returns, and the application builds runtime environment for being allowed to move, and loads and starts this application program;
Described Authorization Manager is used for resolving the authorization message of this application program, and returning application program mandate analysis result according to the described application program mandate analysis request that receives.
Preferably, described Authorization Manager comprises authorizes resolution unit and authorizes storage unit, wherein,
Described mandate resolution unit is used for according to the mandate analysis request that receives, and inquires about and obtain the authorization message of corresponding application program from described mandate storage unit, resolves the authorization message and the return authorization information analysis result that are obtained;
Described mandate storage unit is used to preserve the authorization message of application program.
Preferably, the authorization message of described application program comprises the application license grant clause, or, use license grant clause and module license grant clause.
Preferably, described mandate resolution unit receives the application mandate analysis request from application manager, inquiry and obtain the corresponding license grant clause of using from described mandate storage unit is resolved the license grant clause that obtained and to the analysis result of application manager return authorization clause;
Preserve the application license grant clause of this application program in the described mandate storage unit.
Preferably, when described mandate resolution unit does not inquire the application license grant clause of corresponding application program in described mandate storage unit, further return the undelegated sign of this application program of expression to application manager;
Described application manager is forbidden the operation of corresponding application program according to described sign.
Preferably, described mandate resolution unit further receives the module mandate analysis request of the designated module that described application program sends by application runtime, from described mandate storage unit query and obtain the module license grant clause of the correspondence of this application program, resolve this module license grant clause and return module license grant clause analysis result to corresponding application program;
Described mandate storage unit is preserved the module license grant clause of this application program designated module.
Preferably, when described mandate resolution unit fails to inquire the module license grant clause of respective modules in described mandate storage unit, further return the sign that does not find the module license grant clause to using journey.
Preferably, described Authorization Manager further comprises: authorize load units, be used for verifying from the authorization message installation kit of outside to receiving, if the verification passes, from the authorization message installation kit, obtain authorization message, and the authorization message after will verifying is sent to described mandate cell stores.
Preferably, described authorization message installation kit comprises: authorization message, card image and authorization information.
Preferably, described mandate load units further receives the authorization message unload request from the outside, inquires the authorization message and the deletion of corresponding application program from authorize storer;
Further preserve the summary of the authorization message of being deleted in the described mandate storage unit.
Preferably, described Authorization Manager further comprises the authorization query unit, is used to receive the authorization query request from the outside, and the authorization message of described authorization query request corresponding application program is obtained in inquiry, and the authorization message of described application program is exported.
Preferably, described application license grant clause/module license grant clause comprises the combination in any of access times, service time and system resource access authority of access times, service time or system resource access authority or this application program of the designated module of this application program/this application program.
A kind of smart card methods of using that realize more, this method comprises:
Application manager sends application program mandate analysis request to Authorization Manager, and Authorization Manager is resolved the authorization message of this application program and returned application program mandate analysis result to application manager;
Application manager determines whether to allow the operation of this application program according to application program mandate analysis result, and the application builds runtime environment for being allowed to move, and loads and starts this application program.
Preferably, the authorization message of described this application program of parsing comprises:
According to the application program mandate analysis request that receives, the application license grant clause that is obtained is resolved in inquiry and obtain the application license grant clause of corresponding application program from the authorization message of each application program of preserving.
Preferably, the authorization message of described application program comprises the application license grant clause, or, use license grant clause and module license grant clause.
Preferably, receive the application mandate analysis request from application manager, inquiry and obtain the corresponding license grant clause of using from authorize storage unit is resolved the license grant clause that obtained and to the analysis result of application manager return authorization clause.
Preferably, the described inquiry from the authorization message of each application program of preserving further comprises: if do not inquire the application license grant clause of corresponding application program, return to application manager and to represent the undelegated sign of this application program;
Described application manager is forbidden the operation of corresponding application program according to described sign.
Preferably, the authorization message of described this application program of parsing further comprises: receive the module mandate analysis request that sends from described application program, from the authorization message of each application program of preserving, search the module license grant clause of the designated module of this application program, obtain and resolve the module license grant clause that finds and return module license grant clause analysis result to corresponding application program.
Preferably, further comprise: when failing in the authorization message of each application program of described preservation, to find the module license grant clause of designated module of this application program, return the sign that does not find the module license grant clause to using journey.
Preferably, further comprise: Authorization Manager is verified from the authorization message installation kit of outside receiving, and if the verification passes, obtains authorization message from the authorization message installation kit, and preserves the authorization message after the checking.
Preferably, described authorization message installation kit comprises: authorization message, card image and authorization information.
Preferably, further comprise: Authorization Manager receives the authorization message unload request from the outside, inquires the authorization message of corresponding application program from the authorization message of preserving, and deletes this authorization message and preserves the summary of the authorization message of being deleted.
Preferably, further comprise: Authorization Manager receives the authorization query request from the outside, and the authorization message of described authorization query request corresponding application program is obtained in inquiry, and the authorization message of described application program is exported.
Preferably, described application license grant clause/module license grant clause comprises the combination in any of access times, service time and system resource access authority of access times, service time or system resource access authority or this application program of the designated module of this application program/this application program.
As seen from the above technical solution, in the embodiment of the invention, Authorization Manager (LM, LicenseManager) receive the application program mandate analysis request that application manager sends, according to storage in advance is the authorization message of each application maintenance in the multi-application smart card, resolve the authorization message of corresponding application program, and return application program mandate analysis result to application manager, application manager is the application initialization runtime environment according to application program mandate analysis result.Further, application program can also inquire about and obtain the module license grant clause of corresponding application program by LM when operation, resolve the module license grant clause obtained and return module license grant clause analysis result, be used for the operation authority that application program is provided with corresponding application module to corresponding application program.Because the runtime environment of the application program in the multi-application smart card has been implemented authorization control, thereby can control the operation of each application program, the application program that assurance only is authorized to can be moved in multi-application smart card, and guarantees that application program can only be in the resource of using multi-application smart card within the scope of authority of dynamic-configuration.
Description of drawings
Fig. 1 is multi-application smart card structural representation among the present invention.
Fig. 2 is LM structural representation among the present invention.
Fig. 3 is the structural representation of authorization message installation kit of the present invention.
Fig. 4 is kept at the structural representation of authorizing the authorization message form in the storage unit for the present invention.
Fig. 5 is the structural representation of a preferred embodiment of multi-application smart card of the present invention.
Fig. 6 realizes the smart card method flow synoptic diagram of using for the present invention more.
Fig. 7 the present invention is based on Fig. 6 to realize the smart card method idiographic flow synoptic diagram of using more.
Fig. 8 resolves the schematic flow sheet of authorization message for mandate resolution unit of the present invention.
Fig. 9 is an authorization message installation kit installation procedure synoptic diagram of the present invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is further elaborated.
In the embodiment of the invention, LM receives the application program mandate analysis request that application manager sends, according to storage in advance is the authorization message of each application maintenance in the multi-application smart card, resolve the authorization message of corresponding application program, return application program mandate analysis result to application manager, application manager is the application initialization runtime environment according to application program mandate analysis result, authority when realizing the operation of controlling application program and dynamic-configuration application program.
Fig. 1 is multi-application smart card structural representation among the present invention.As shown in Figure 1, dotted line is represented control relation among the figure, and solid line is represented dependence, and this multi-application smart card comprises: application manager and LM, wherein,
Application manager is used to receive the startup application request that the user imports, and generates application program mandate analysis request, sends to LM; The application program mandate analysis result that returns according to LM is provided with the runtime environment of corresponding application program, loads also to start application program;
In the practical application, application manager can also be when creating runtime environment for application program, and the application mandate analysis result that returns according to LM is provided with the mapping that the system resource in the runtime environment is served.On this runtime environment, start application program then.Runtime environment by application programs applies authorization control, thus the operation of controlling application program.The runtime environment of application program is the mapping of application providing system resource service, make that its system resource service that provides was provided environment when application program can be by the runtime environment utilization and operation, application program can be called the interface that LM provides the application module mandate to resolve by runtime environment, wherein
System resource map of services module is used to shine upon system resource and service that application program and system resource service provide.
The system resource service is used to application program to provide operation required system resource and service, and uses these resources and service method and interface.
LM, be used to store, manage and resolve the authorization message of application program, receive the application program mandate analysis request that application manager sends, according to the authorization message that is used for maintenance applications that sets in advance, resolve the authorization message of corresponding application program, return application program mandate analysis result to application manager.
In the practical application, can upgrade the authorization message that is used for maintenance applications that sets in advance.
In the embodiment of the invention, application manager is meant that to the control relation of runtime environment application manager can create, and destroys runtime environment, and some parameters of runtime environment are set.
Application manager is meant that to the control of working procedure application manager can start, and stops application program.
Dependence is meant that the work of a module depends on the another one module and provides service to it, and for example: the operation of application program depends on runtime environment its environment that provides is provided.
Fig. 2 is LM structural representation among the present invention.As shown in Figure 2, this LM comprises the mandate resolution unit, authorizes load units, authorizes storage unit and authorization query unit, wherein,
Authorize resolution unit, be used to application manager to provide and authorize the parsing interface, resolve the application program mandate analysis request that interface receives the application manager transmission by authorizing, from authorize storage unit, inquire about and obtain the corresponding license grant clause of using, the license grant clause that parsing is obtained, and to the analysis result of application manager return authorization clause;
In the practical application, if authorize resolution unit from authorize storage unit, not inquire the application license grant clause that comprises in the authorization message of corresponding application program, judge that then this application program is not authorized to, return the undelegated sign of this application program of expression to application manager, application manager is forbidden the operation of corresponding application program according to the sign that receives.
The application license grant clause that comprises in the authorization message of application program is used to retrain the operation authority of the corresponding application program of this authorization message.
Use the combination in any that license grant clause can comprise access times, service time and the system resource access authority of information such as the access times of this application program or service time or system resource access authority or this application program.
Authorize resolution unit, also be used to application program to provide and authorize the interface of resolving, resolve the module license grant clause in the authorization message of application program: resolve the module mandate analysis request that interface receives the designated module that application program sends by application runtime by authorizing, from authorize storage unit, inquire about and obtain the authorization message of this application module corresponding application program, resolve the module license grant clause of this module that comprises in the authorization message of this application program, and return module license grant clause analysis result to corresponding application program, application program can be provided with the operation authority of corresponding application module according to the module license grant clause analysis result that returns, also can be according to actual needs or configuration in advance decide the operation authority or the disabled module operation of module.
In the practical application,, then return the sign that does not find the module mandate to application program if authorize resolution unit from authorize storage unit, not inquire the module license grant clause of respective modules in the authorization message of corresponding application program.Application program can be according to actual needs or configuration in advance decide the operation authority or the disabled module operation of module, correspondingly,
License grant clause in the authorization message of application program can also comprise the module license grant clause, is used to application program that the foundation of the operation authority of the corresponding module of this module license grant clause in the constraint applies program is provided.
In the practical application, application program also can be according to the actual needs or configuration in advance decide the operation authority of application module in its sole discretion, for example, application program can be provided with the operation authority of corresponding application module by application runtime to the module mandate analysis request of authorizing resolution unit transmission designated module according to the module license grant clause analysis result that returns; Also can directly determine the operation authority of application module, and not need to send the module mandate analysis request of designated module according to configuration in advance.Therefore, authorizing resolution unit in fact just for application program provides the approach that can conveniently manage application module operation authority, is not a necessary process.
In the practical application, application module is the part of application program, so the operation action of the module of application program also is subjected to the constraint of the application license grant clause in the authorization message.
Using license grant clause is the license grant clause that is used to control whole application behavior.
The module license grant clause is the license grant clause that is used for the module behavior of controlling application program.
Authorize load units, be used to application program to provide and authorize installation and unloading interface, by authorizing mounting interface to receive application program authorization message installation kit, legitimacy, integrality and the validity of checking authorization message installation kit, if the verification passes, from the authorization message installation kit, obtain authorization message, and the authorization message after will verifying is sent to and authorizes storage unit to store; By authorizing the unloading interface to receive application program authorization message unload request, from authorize storer, inquire the authorization message and the deletion of this application program correspondence;
Authorization message is corresponding with application program, each authorization message corresponding an application program, the i.e. authorization message of application program.
In the practical application, authorize load units can also authorize the binding of application program, and the Unloading Control strategy that when the unloading authorization message, can implement this authorization message, for example, in authorizing storage unit, keep or write down the summary of this authorization message, be used to prevent reusing of this authorization message.
Authorize storage unit, be used to preserve summary and other information of the authorization message of application program, deleted authorization message, the version relevant as authorization message;
In the practical application, can be as required the authorization message of the application program of preserving be upgraded.
The authorization query unit, be used to provide the authorization message query interface, receive the authorization query request by the authorization message query interface, the authorization message of this authorization query request corresponding application program is obtained in inquiry from authorize storage unit, and the authorization message of application program all or part of returned to the inquiry.
Fig. 3 is the structural representation of authorization message installation kit of the present invention.Referring to Fig. 3, this authorization message installation kit comprises: authorization message, card image and authorization information, wherein,
The authorization message form comprises the header of mandate and authorizes concrete clause.
The mandate sequence number that includes this authorization message corresponding application program information and this authorization message in the header of authorizing, wherein,
Application information is used to identify this authorization message corresponding application program;
The policy control of authorizing sequence number to be used to authorize for example, prevents the repeated use of authorization message, and authorizing sequence number can be the issuing time of authorization message; Also can be authorize the publisher and authorize that load units consults one group data clocklike.
In the practical application,, show that then this authorization message is effective if authorization message to be installed does not have the mandate sequence number of corresponding mounted application program.
Card image is used to identify corresponding one or more multi-application smart card of authorization message.
Below legitimacy, integrality and the validity of authorizing load units checking authorization message installation kit is described.
The legitimacy of authorization message installation kit and completeness check are meant by the authorization information in the cryptographic algorithm check authorization message installation kit, verify whether publisher's identity of authorization message installation kit is legal, and whether the authorization message installation kit are correct and complete.
Cryptographic algorithm can be Message Authentication Code (MAC, a Message Authentication Code) algorithm, also can be ashed information identifying code (HMAC, Keyed-Hash Message AuthenticationCode) algorithm, can also be asymmetric arithmetic.
If utilize MAC algorithm or hmac algorithm that the legitimacy and the integrality of authorization message installation kit are carried out verification, need in advance the publisher of authorization message installation kit and authorize and share a key K between the load units, key K can be obtained by existing method, does not repeat them here.The publisher of authorization message installation kit uses key K to calculate the card image in the authorization message installation kit and the MAC value or the HMAC value M of authorization message, as the authorization information of authorization message installation kit.Authorize load units to receive also to use behind the authorization message installation kit key K to calculate card image and authorization message in the authorization message installation kit, obtain MAC or HMAC value M ', and compare M and M '.If M is identical with M ', show that then the data that the publisher of authorization message installation kit has in legal identity and this authorization message installation kit are correct and complete.
If use the legitimacy and the integrality of asymmetric arithmetic verification authorization message installation kit, need in the publisher of authorization message installation kit, preserve a private key Ks, in authorizing load units, preserve corresponding PKI Kp.Similar ground, PKI Kp and private key Ks also can obtain by prior art.The publisher of authorization message installation kit uses private key Ks that the card image in the authorization message installation kit and authorization message are signed and obtains signature S, as the authorization information of authorization message installation kit.After authorizing load units to receive the authorization message installation kit, the Kp that uses public-key verifies signature S, if the verification passes, show that then the data that the publisher of authorization message installation kit has in legal identity and this authorization message installation kit are correct and complete.
In the practical application, key management for convenience, the infrastructure that can also use public-key (PKI, PublicKey Infrastructure) system is carried out the legitimacy and the completeness check of authorization message installation kit.In the PKI system, the authorization information of authorization message installation kit is partly formed by two, and a part is publisher's certificate of authorization message installation kit, and another part is the signature S of the publisher of authorization message installation kit to card image and authorization message.The legitimacy verification of authorization message installation kit is meant that the publisher's certificate that utilizes the authorization message installation kit that carries in the authorization message installation kit verifies whether publisher's identity of authorization message installation kit is legal; The completeness check of authorization message installation kit is to use publisher's certificate of authorization message installation kit to verify the signature S of the publisher of authorization message installation kit to card image and authorization message, guarantees the correct and complete of authorization message installation kit.
The validity check of authorization message installation kit is meant whether the checking authorization message can be applied on the multi-application smart card, for example, if this authorization message is subjected to the constraint of certain strategy, for instance, under the situation that does not allow authorization message to be repeated to use, and this authorization message was mounted, and then this authorization message is subjected to policy constraints, can not be applied on this multi-application smart card; Or verify whether this authorization message corresponding application program installs.
Specifically, authorize the load units can be according to the mandate sequence number of the mandate sequence number of mounted application program in the multi-application smart card and corresponding application program to be installed, whether the mandate sequence number of judging application program to be installed is effective: if the mandate sequence number of application program to be installed is after the mandate sequence number of mounted application program, the authorization message that shows application program to be installed is effectively, otherwise thinks that this authorization message is invalid.
Fig. 4 is kept at the structural representation of authorizing the authorization message form in the storage unit for the present invention.Referring to Fig. 4,, comprising with authorization message structure similar in Fig. 3 authorization message installation kit: the header of mandate, application license grant clause and module license grant clause, wherein,
The mandate sequence number and other information that comprise this authorization message corresponding application program information, this authorization message in the header of authorizing, wherein, application information and authorize among sequence number and Fig. 3 application information identical with mandate sequence number content does not repeat them here.
Use license grant clause, comprise the one or more license grant clauses of same application and the application license grant clause of different application.
The module license grant clause comprises the one or more license grant clauses of the module in the same application and the license grant clause of different application module.
In the practical application, can comprise one or more application modules in the application program, the license grant clause of application module is subjected to the constraint of its respective application license grant clause.
Fig. 5 is the structural representation of a preferred embodiment of multi-application smart card of the present invention.Referring to Fig. 5, this multi-application smart card comprises: external interface, application manager and LM, wherein,
External interface is used for carrying out alternately with the outside, for external call provides interface, receives the startup application request of user's input, sends to application manager; Receive authorization message installation kit or application program authorization message unload request, send to LM; Receive the application program operation result, send to the outside;
Application manager is used for receiving the startup application request, generates application program mandate analysis request, sends to LM; According to the application program mandate analysis result that receives, the runtime environment of application program is set, load and start this application program;
In the practical application, application manager can also be when creating runtime environment for application program, and the application mandate analysis result that returns according to LM is provided with the mapping that the system resource in the runtime environment is served.On this runtime environment, start application program then.Runtime environment by application programs applies authorization control, thus the operation of controlling application program.The runtime environment of application program is the mapping of application providing system resource service, make that its system resource service that provides was provided environment when application program can be by the runtime environment utilization and operation, and operation result is sent to external interface, application program can be called the interface that LM provides the application module mandate to resolve by runtime environment;
System service and resource are used to application program to provide operation required system resource and service, and use these resources and service method and interface.
LM is used to install, unload, store, manage and resolve the authorization message of application program, receives the authorization message installation kit, set up applications, or receive application program authorization message unload request, the unloading application program; Receive the application program mandate analysis request that application manager sends,, resolve the authorization message of application program, return application program mandate analysis result to application manager according to the authorization message that is used for maintenance applications that sets in advance.Because application program moves in runtime environment, so the operation action that runtime environment can controlling application program.In addition, the analysis result of the runtime environment application license grant clause that to be application manager return according to LM is set up, so the operation action of application program also is controlled by the application license grant clause.
By as seen above-mentioned, the header that in LM, comprises mandate in advance for each application storage in the multi-application smart card, the authorization message of application program license grant clause and module license grant clause, when receiving the application program mandate analysis request of application manager transmission, according to storage is the authorization message inquiry of application maintenance and the authorization message of obtaining corresponding application program, resolve the application program license grant clause that comprises in the authorization message of this correspondence application program, return application program mandate analysis result to application manager, application manager is the application initialization runtime environment according to application program mandate analysis result, loads and the startup application program.Further, in service in application program, can also and call LM and authorize resolution unit by the service of runtime environment access system resources, authorize resolution unit to inquire about and obtain the authorization message of corresponding application program, resolve the module license grant clause that comprises in the authorization message of this correspondence application program, application program can be determined the operation authority of corresponding application module in the application program according to analysis result.Realized the application implementation authorization control in the multi-application smart card, thereby control each application program operation, and operation authority that can application programs and the operation authority of application module carry out dynamic-configuration, in the resource of using multi-application smart card within the scope of authority of dynamic-configuration.
Fig. 6 realizes the smart card method flow synoptic diagram of using for the present invention more.Referring to Fig. 6, this flow process comprises:
Step 601, application manager receives the user starts application request;
In this step, each uses corresponding application program, and application manager receives the user starts application request, inquires about this application corresponding application program, generates application program mandate analysis request.
Step 602, application manager sends the application program mandate analysis request that generates to LM;
Step 603, LM receives application program mandate analysis request, according to the authorization message that is used for maintenance applications that sets in advance, returns application program mandate analysis result to application manager;
In this step, the authorization message that is used for maintenance applications that sets in advance comprises the header and the application program license grant clause of mandate, and the application program license grant clause is used to retrain the operation action of the authorization message corresponding application program of this application program.
LM obtains and gets the authorization message of corresponding application program according to the authorization message inquiry that is used for maintenance applications that is provided with, resolve the application license grant clause that comprises in the authorization message of this correspondence application program, return application program license grant clause analysis result to application manager.
Step 604, the application program license grant clause analysis result that application manager returns according to LM determine whether to allow this application program operation, and the application initialization runtime environment for being allowed to move.
In this step, the initialization runtime environment comprises, application manager is provided with the runtime environment of application program according to the application program license grant clause analysis result that receives, and loads also to start application program.
Application manager is when creating runtime environment for application program, and the application mandate analysis result that returns according to LM is provided with the mapping that the system resource in the runtime environment is served.On this runtime environment, start application program then.Runtime environment by application programs applies authorization control, thus the operation of controlling application program.After starting application program, application program is obtained required system resource and service by the service of runtime environment access system resources, makes that its system resource service that provides was provided environment when application program can be by the runtime environment utilization and operation,
In the practical application, when application program is moved, can also call the interface that LM provides the application module mandate to resolve, execution in step 605 by runtime environment.
Step 605, application program sends application module mandate analysis request by runtime environment to LM, and can determine the operation authority of application module according to the module license grant clause analysis result that returns.
In this step, authorize resolution unit among system resource that application program provides by runtime environment and the service call LM, authorize resolution unit to receive application module mandate analysis request, the authorization message of corresponding application program is obtained in inquiry from authorize storage unit, resolve the module license grant clause that comprises in the authorization message of this correspondence application program, and return module license grant clause analysis result to application program.
If the module license grant clause that the authorization message of authorizing resolution unit not inquire corresponding application program from authorize storage unit comprises, be application program before receiving module license grant clause analysis result, application program can be decided the operation action of application module according to setting in advance in its sole discretion.
Fig. 7 the present invention is based on Fig. 6 to realize the smart card method idiographic flow synoptic diagram of using more.There are two kinds of relations in flow process among the figure, and a kind of is dependence between the flow process, and another kind is the data stream relation between the flow process, and referring to Fig. 7, this flow process comprises:
Step 701, application manager receives the user starts application request;
Step 702, application manager generate application program mandate analysis request according to the user starts application request that receives, to authorizing resolution unit to send;
Step 703 authorizes resolution unit to receive application program mandate analysis request, and the authorization message of corresponding application program is obtained in inquiry from authorize storage unit;
Step 704 is resolved the application license grant clause that comprises in the authorization message of this correspondence application program of obtaining;
Step 705 generates application program license grant clause analysis result;
Step 706, application manager receive application program license grant clause analysis result;
Step 707, application manager are judged application program license grant clause analysis result, if application program license grant clause analysis result is correct, and execution in step 708; Otherwise, do not allow this application program operation;
Environment when step 708, application manager are the application program generating run that can move according to application program license grant clause analysis result;
Step 709 loads in runtime environment and the startup application program;
Step 710, the application program operation is to authorizing resolution unit to send application module mandate analysis request;
In this step, application program operates in the runtime environment of setting, and the service of runtime environment access system resources is also obtained system resource and service.
Step 711 authorizes resolution unit to receive application module mandate analysis request, and the authorization message of corresponding application program is obtained in inquiry from authorize storage unit;
Step 712 is resolved the module license grant clause that comprises in the authorization message of this correspondence application program of obtaining;
Step 713, generation module license grant clause analysis result;
Step 714, application program are determined the operation action of application module according to the module license grant clause analysis result that returns.
Step 710 is optional to step 714, if application program need use LM to assist it that operation action of the module of application program is set, then these steps need, if application program is determined the operation action of the module of application program according to actual conditions or configuration in advance, then these steps can be omitted.
Fig. 8 resolves the schematic flow sheet of authorization message for mandate resolution unit of the present invention.Referring to Fig. 8, this flow process comprises:
Step 801 receives to use and authorizes analysis request;
In this step, use and authorize analysis request to comprise application program mandate analysis request and application module mandate analysis request.
Step 802, corresponding authorization message is used in inquiry, if inquire, execution in step 803, otherwise, return corresponding error information;
Step 803, definite authorization message type of resolving is if be application program, execution in step 804; If be application module, execution in step 814;
Step 804 judges whether to exist and uses license grant clause, if there is execution in step 805; If there is no, then return corresponding error information;
Step 805 is resolved and is used license grant clause;
Step 806 is returned application program license grant clause analysis result to application manager;
Step 814 judges whether to exist the module license grant clause of this module, if there is execution in step 815; If there is no, then return corresponding error information;
Step 815, the parsing module license grant clause;
Step 816 is returned module license grant clause analysis result to application program.
Fig. 9 is an authorization message installation kit installation procedure synoptic diagram of the present invention.Referring to Fig. 9, this flow process comprises:
Step 901 authorizes load units to receive the authorization message installation kit;
Step 902, the legitimacy of checking authorization message installation kit, if the verification passes, execution in step 903, otherwise, do not preserve authorization message, and return corresponding error information;
Step 903, the integrality of checking authorization message installation kit, if the verification passes, execution in step 904, otherwise, do not preserve authorization message, and return corresponding error information;
Step 904, the validity of checking authorization message installation kit, if the verification passes, execution in step 905, otherwise, do not preserve authorization message, and return corresponding error information;
Step 905 stores authorization message into the mandate storage unit, and returns successful installation information;
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to and replace and improvement etc., all should be included within protection scope of the present invention.

Claims (24)

1. a multi-application smart card is characterized in that, this multi-application smart card comprises: application manager and Authorization Manager, wherein,
Described application manager is used for sending application program mandate analysis request to described Authorization Manager; Whether decision allows this application program operation according to the application program mandate analysis result that returns, and the application builds runtime environment for being allowed to move, and loads and starts this application program;
Described Authorization Manager is used for resolving the authorization message of this application program, and returning application program mandate analysis result according to the described application program mandate analysis request that receives.
2. multi-application smart card as claimed in claim 1 is characterized in that, described Authorization Manager comprises authorizes resolution unit and authorize storage unit, wherein,
Described mandate resolution unit is used for according to the mandate analysis request that receives, and inquires about and obtain the authorization message of corresponding application program from described mandate storage unit, resolves the authorization message and the return authorization information analysis result that are obtained;
Described mandate storage unit is used to preserve the authorization message of application program.
3. multi-application smart card as claimed in claim 2 is characterized in that the authorization message of described application program comprises the application license grant clause, or, use license grant clause and module license grant clause.
4. multi-application smart card as claimed in claim 3, it is characterized in that, described mandate resolution unit receives the application mandate analysis request from application manager, inquiry and obtain the corresponding license grant clause of using from described mandate storage unit is resolved the license grant clause that obtained and to the analysis result of application manager return authorization clause;
Preserve the application license grant clause of this application program in the described mandate storage unit.
5. multi-application smart card as claimed in claim 4, it is characterized in that, when described mandate resolution unit does not inquire the application license grant clause of corresponding application program in described mandate storage unit, further return the undelegated sign of this application program of expression to application manager;
Described application manager is forbidden the operation of corresponding application program according to described sign.
6. multi-application smart card as claimed in claim 4, it is characterized in that, described mandate resolution unit further receives the module mandate analysis request of the designated module that described application program sends by application runtime, from described mandate storage unit query and obtain the module license grant clause of the correspondence of this application program, resolve this module license grant clause and return module license grant clause analysis result to corresponding application program;
Described mandate storage unit is preserved the module license grant clause of this application program designated module.
7. multi-application smart card as claimed in claim 6, it is characterized in that, when described mandate resolution unit fails to inquire the module license grant clause of respective modules in described mandate storage unit, further return the sign that does not find the module license grant clause to using journey.
8. as any described multi-application smart card in the claim 2 to 7, it is characterized in that, described Authorization Manager further comprises: authorize load units, be used for verifying from the authorization message installation kit of outside to receiving, if the verification passes, from the authorization message installation kit, obtain authorization message, and the authorization message after will verifying is sent to described mandate cell stores.
9. multi-application smart card as claimed in claim 8 is characterized in that, described authorization message installation kit comprises: authorization message, card image and authorization information.
10. multi-application smart card as claimed in claim 9 is characterized in that, described mandate load units further receives the authorization message unload request from the outside, inquires the authorization message and the deletion of corresponding application program from authorize storer;
Further preserve the summary of the authorization message of being deleted in the described mandate storage unit.
11. as any described multi-application smart card in the claim 2 to 7, it is characterized in that, described Authorization Manager further comprises the authorization query unit, be used to receive authorization query request from the outside, the authorization message of described authorization query request corresponding application program is obtained in inquiry, and the authorization message of described application program is exported.
12. as the described multi-application smart card of claim 3 to 7, it is characterized in that described application license grant clause/module license grant clause comprises the combination in any of access times, service time and system resource access authority of access times, service time or system resource access authority or this application program of the designated module of this application program/this application program.
13. realize the smart card methods of using more, it is characterized in that this method comprises for one kind:
Application manager sends application program mandate analysis request to Authorization Manager, and Authorization Manager is resolved the authorization message of this application program and returned application program mandate analysis result to application manager;
Application manager determines whether to allow the operation of this application program according to application program mandate analysis result, and the application builds runtime environment for being allowed to move, and loads and starts this application program.
14. method as claimed in claim 13 is characterized in that, the authorization message of described this application program of parsing comprises:
According to the application program mandate analysis request that receives, the application license grant clause that is obtained is resolved in inquiry and obtain the application license grant clause of corresponding application program from the authorization message of each application program of preserving.
15. method as claimed in claim 14 is characterized in that, the authorization message of described application program comprises the application license grant clause, or, use license grant clause and module license grant clause.
16. method as claimed in claim 15, it is characterized in that, reception is from the application mandate analysis request of application manager, and inquiry and obtain the corresponding license grant clause of using from authorize storage unit is resolved the license grant clause that obtained and to the analysis result of application manager return authorization clause.
17. method as claimed in claim 15, it is characterized in that, the described inquiry from the authorization message of each application program of preserving further comprises: if do not inquire the application license grant clause of corresponding application program, return to application manager and to represent the undelegated sign of this application program;
Described application manager is forbidden the operation of corresponding application program according to described sign.
18. method as claimed in claim 15, it is characterized in that, the authorization message of described this application program of parsing further comprises: receive the module mandate analysis request that sends from described application program, from the authorization message of each application program of preserving, search the module license grant clause of the designated module of this application program, obtain and resolve the module license grant clause that finds and return module license grant clause analysis result to corresponding application program.
19. method as claimed in claim 18, it is characterized in that, further comprise: when failing in the authorization message of each application program of described preservation, to find the module license grant clause of designated module of this application program, return the sign that does not find the module license grant clause to using journey.
20. as any described method in the claim 15 to 19, it is characterized in that, further comprise: Authorization Manager is verified from the authorization message installation kit of outside receiving, if the verification passes, from the authorization message installation kit, obtain authorization message, and preserve the authorization message after the checking.
21. method as claimed in claim 20 is characterized in that, described authorization message installation kit comprises: authorization message, card image and authorization information.
22. method as claimed in claim 20, it is characterized in that, further comprise: Authorization Manager receives the authorization message unload request from the outside, from the authorization message of preserving, inquire the authorization message of corresponding application program, delete this authorization message and preserve the summary of the authorization message of being deleted.
23. as any described method in the claim 15 to 19, it is characterized in that, further comprise: Authorization Manager receives the authorization query request from the outside, the authorization message of described authorization query request corresponding application program is obtained in inquiry, and the authorization message of described application program is exported.
24. method as claimed in claim 15, it is characterized in that described application license grant clause/module license grant clause comprises the combination in any of access times, service time and system resource access authority of access times, service time or system resource access authority or this application program of the designated module of this application program/this application program.
CN2008100568832A 2008-01-25 2008-01-25 Multi-application intelligent card and method for realizing intelligent card multi application Expired - Fee Related CN101231768B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100568832A CN101231768B (en) 2008-01-25 2008-01-25 Multi-application intelligent card and method for realizing intelligent card multi application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100568832A CN101231768B (en) 2008-01-25 2008-01-25 Multi-application intelligent card and method for realizing intelligent card multi application

Publications (2)

Publication Number Publication Date
CN101231768A true CN101231768A (en) 2008-07-30
CN101231768B CN101231768B (en) 2010-09-08

Family

ID=39898212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100568832A Expired - Fee Related CN101231768B (en) 2008-01-25 2008-01-25 Multi-application intelligent card and method for realizing intelligent card multi application

Country Status (1)

Country Link
CN (1) CN101231768B (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101840526A (en) * 2010-04-19 2010-09-22 深圳达实智能股份有限公司 Intelligent card and intelligent card encrypting system and method
CN101866435A (en) * 2010-06-23 2010-10-20 深圳市江波龙电子有限公司 System, method and handheld device for realizing multiple application functions of smart card
WO2011029266A1 (en) * 2009-09-11 2011-03-17 ***股份有限公司 Multi-application smart card, and system and method for multi-application management of smart card
CN102186167A (en) * 2011-04-11 2011-09-14 中兴通讯股份有限公司 Method and system for monitoring applications
CN102546172A (en) * 2011-12-16 2012-07-04 北京握奇数据***有限公司 Access control method of intelligent card, intelligent card, terminal and system
CN102917346A (en) * 2012-10-17 2013-02-06 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
CN103095482A (en) * 2011-11-07 2013-05-08 上海宝信软件股份有限公司 Program development maintenance system
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card
CN103605545A (en) * 2013-11-21 2014-02-26 武汉天喻信息产业股份有限公司 Method and system for updating mobile payment card pair and application programs
CN103617389A (en) * 2013-11-08 2014-03-05 上海天奕达网络科技有限公司 Terminal rights management method and terminal device
WO2014063632A1 (en) * 2012-10-25 2014-05-01 ***股份有限公司 Multi-application smart card management system and method
CN104657683A (en) * 2013-11-20 2015-05-27 上海华虹集成电路有限责任公司 Intelligent card COS (chip operating system) multi-application isolation safety testing method
CN105635198A (en) * 2014-10-27 2016-06-01 ***通信集团公司 Consistency management method and device
CN105787548A (en) * 2014-12-25 2016-07-20 北京数码视讯科技股份有限公司 Intelligent card, intelligent card physical interface control method, and intelligent card physical interface control device
CN105825134A (en) * 2016-03-16 2016-08-03 中国联合网络通信集团有限公司 Intelligent card processing method, intelligent card management server and terminal
CN105893837A (en) * 2016-03-31 2016-08-24 北京智能果技术有限公司 Application program installation method, security encryption chip and terminal
CN105933358A (en) * 2016-07-11 2016-09-07 福建方维信息科技有限公司 Application Internet on-line real-time authorization method and system
CN106130730A (en) * 2016-06-21 2016-11-16 ***股份有限公司 The data sharing method of a kind of smart card and smart card
CN106874733A (en) * 2016-12-29 2017-06-20 北京握奇智能科技有限公司 A kind of many application Net silver Key and its control method with UI functions
CN107229490A (en) * 2016-12-02 2017-10-03 天地融科技股份有限公司 A kind of multi-application smart card method of commerce and multi-application smart card
CN107392592A (en) * 2016-05-16 2017-11-24 Lg电子株式会社 Mobile terminal and its control method
CN109450620A (en) * 2018-10-12 2019-03-08 阿里巴巴集团控股有限公司 The method and mobile terminal of security application are shared in a kind of mobile terminal
WO2021136216A1 (en) * 2019-12-31 2021-07-08 华为技术有限公司 Anti-cracking method and apparatus

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011029266A1 (en) * 2009-09-11 2011-03-17 ***股份有限公司 Multi-application smart card, and system and method for multi-application management of smart card
US9009476B2 (en) 2009-09-11 2015-04-14 China Unionpay Co., Ltd. Multi-application smart card, and system and method for multi-application management of smart card
CN101840526B (en) * 2010-04-19 2012-12-26 深圳达实智能股份有限公司 Intelligent card and intelligent card encrypting system and method
CN101840526A (en) * 2010-04-19 2010-09-22 深圳达实智能股份有限公司 Intelligent card and intelligent card encrypting system and method
CN101866435A (en) * 2010-06-23 2010-10-20 深圳市江波龙电子有限公司 System, method and handheld device for realizing multiple application functions of smart card
CN102186167A (en) * 2011-04-11 2011-09-14 中兴通讯股份有限公司 Method and system for monitoring applications
CN102186167B (en) * 2011-04-11 2016-02-10 中兴通讯股份有限公司 A kind of to applying the method and system monitored
CN103095482A (en) * 2011-11-07 2013-05-08 上海宝信软件股份有限公司 Program development maintenance system
CN103095482B (en) * 2011-11-07 2015-10-21 上海宝信软件股份有限公司 Program development maintenance system
CN102546172A (en) * 2011-12-16 2012-07-04 北京握奇数据***有限公司 Access control method of intelligent card, intelligent card, terminal and system
CN103368735A (en) * 2012-04-06 2013-10-23 中兴通讯股份有限公司 Authentication method, device and system of accessing application into intelligent card
CN102917346A (en) * 2012-10-17 2013-02-06 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
CN102917346B (en) * 2012-10-17 2015-01-07 浙江大学城市学院 Security policy management system and method for Android-based application program during operation
WO2014063632A1 (en) * 2012-10-25 2014-05-01 ***股份有限公司 Multi-application smart card management system and method
CN103778448A (en) * 2012-10-25 2014-05-07 ***股份有限公司 Multi-application smart card management system and method
CN103617389A (en) * 2013-11-08 2014-03-05 上海天奕达网络科技有限公司 Terminal rights management method and terminal device
CN104657683A (en) * 2013-11-20 2015-05-27 上海华虹集成电路有限责任公司 Intelligent card COS (chip operating system) multi-application isolation safety testing method
CN104657683B (en) * 2013-11-20 2017-12-19 上海华虹集成电路有限责任公司 The method for testing security of smart card COS application isolation more
CN103605545B (en) * 2013-11-21 2017-02-08 武汉天喻信息产业股份有限公司 Method and system for updating mobile payment card pair and application programs
CN103605545A (en) * 2013-11-21 2014-02-26 武汉天喻信息产业股份有限公司 Method and system for updating mobile payment card pair and application programs
CN105635198A (en) * 2014-10-27 2016-06-01 ***通信集团公司 Consistency management method and device
CN105635198B (en) * 2014-10-27 2019-09-13 ***通信集团公司 A kind of consistency management method and device
CN105787548A (en) * 2014-12-25 2016-07-20 北京数码视讯科技股份有限公司 Intelligent card, intelligent card physical interface control method, and intelligent card physical interface control device
CN105787548B (en) * 2014-12-25 2019-03-29 北京数码视讯科技股份有限公司 The physical interface control method and device of a kind of smart card, smart card
CN105825134A (en) * 2016-03-16 2016-08-03 中国联合网络通信集团有限公司 Intelligent card processing method, intelligent card management server and terminal
CN105893837A (en) * 2016-03-31 2016-08-24 北京智能果技术有限公司 Application program installation method, security encryption chip and terminal
CN105893837B (en) * 2016-03-31 2019-04-30 北京智能果技术有限公司 Application program installation method, security encryption chip and terminal
CN107392592A (en) * 2016-05-16 2017-11-24 Lg电子株式会社 Mobile terminal and its control method
CN106130730A (en) * 2016-06-21 2016-11-16 ***股份有限公司 The data sharing method of a kind of smart card and smart card
CN105933358B (en) * 2016-07-11 2019-09-10 福建方维信息科技有限公司 A kind of online real-time authentication method in application program internet and system
CN105933358A (en) * 2016-07-11 2016-09-07 福建方维信息科技有限公司 Application Internet on-line real-time authorization method and system
CN107229490A (en) * 2016-12-02 2017-10-03 天地融科技股份有限公司 A kind of multi-application smart card method of commerce and multi-application smart card
CN107229490B (en) * 2016-12-02 2020-08-21 天地融科技股份有限公司 Multi-application smart card transaction method and multi-application smart card
CN106874733A (en) * 2016-12-29 2017-06-20 北京握奇智能科技有限公司 A kind of many application Net silver Key and its control method with UI functions
CN109450620A (en) * 2018-10-12 2019-03-08 阿里巴巴集团控股有限公司 The method and mobile terminal of security application are shared in a kind of mobile terminal
WO2021136216A1 (en) * 2019-12-31 2021-07-08 华为技术有限公司 Anti-cracking method and apparatus

Also Published As

Publication number Publication date
CN101231768B (en) 2010-09-08

Similar Documents

Publication Publication Date Title
CN101231768B (en) Multi-application intelligent card and method for realizing intelligent card multi application
JP4410821B2 (en) Verifying the binding of the initial trusted device to the protected processing system
US8171295B2 (en) Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable process
CA2923740C (en) Software code signing system and method
CN112887160B (en) Block chain all-in-one machine, multi-node deployment method and device thereof, and storage medium
US8775808B2 (en) System and method for performing a management operation
CN102027480B (en) System and method for providing a system management command
CN102244656A (en) Domain access system
CN111526111B (en) Control method, device and equipment for logging in light application and computer storage medium
CN103034789B (en) Bundle deployment method and device and security framework
EP3292495B1 (en) Cryptographic data
CN111881483B (en) Resource account binding method, device, equipment and medium based on blockchain
WO2014150753A2 (en) Method and system for restricting the operation of applications to authorized domains
WO2014150737A2 (en) Method and system for enabling the federation of unrelated applications
KR102063033B1 (en) User terminal for using cloud service, integrated security management server of user terminal and method thereof
CN108400875B (en) Key value-based authorization authentication method, system, electronic device and storage medium
CN107358118B (en) SFS access control method and system, SFS and terminal equipment
CN106576239B (en) Method and device for managing content in security unit
KR100639992B1 (en) Security apparatus for distributing client module and method thereof
CN115278671A (en) Network element authentication method, device, storage medium and electronic equipment
CN108885651B (en) Credential licensing services
CN114329534A (en) Authority determination method and device, computer equipment and computer readable storage medium
Zheng et al. Secure distributed applications the decent way
CN105429807A (en) Local area network resource access method and device
CN105825116A (en) Methods for managing content, and secure element

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT

Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD.

Effective date: 20150115

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100086 HAIDIAN, BEIJING TO: 100872 HAIDIAN, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20150115

Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing

Patentee after: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd.

Address before: 100086 Beijing City, Haidian District Zhongguancun South Street No. 6 Zhucheng building block B room 1201

Patentee before: Beijing Senselock Software Technology Co.,Ltd.

C56 Change in the name or address of the patentee
CP03 Change of name, title or address

Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510

Patentee after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.

Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing

Patentee before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100908

CF01 Termination of patent right due to non-payment of annual fee