CN102087716B - Multi-application Java smart card - Google Patents
Multi-application Java smart card Download PDFInfo
- Publication number
- CN102087716B CN102087716B CN 201110049872 CN201110049872A CN102087716B CN 102087716 B CN102087716 B CN 102087716B CN 201110049872 CN201110049872 CN 201110049872 CN 201110049872 A CN201110049872 A CN 201110049872A CN 102087716 B CN102087716 B CN 102087716B
- Authority
- CN
- China
- Prior art keywords
- card
- virtual
- application
- virtual card
- manager
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a multi-application Java smart card which comprises a Java Card virtual machine, a smart card operating system and a smart card chip. The multi-application Java smart card is characterized by further comprising a plurality of virtual cards mutually independent; each virtual card is corresponding to one application provider for providing application; each virtual card comprises a Card Manager for independently controlling the resource of the corresponding virtual card to provide the safety verification service of a terminal access corresponding to the virtual card; and each virtual card correspondingly manages the respective Electrically Erasable Programmable Read-Only Memory (EEPROM) for the content management of the virtual card. The smart card can realize that the issuer and the application provider of the smart card coexist on one physical card mutually and independently and have mutually equal status, thereby satisfying the requirement of each issuing party of co-branded cards.
Description
Technical field
The present invention relates to field of intelligent cards, relate in particular to a kind of many application Java smart cards and distributing method thereof of realizing a plurality of virtual card applied environment functions at individual physics card that possess.
Background technology
One card for multiple uses is along with the application of IC cards field is expanded and the technical requirement of generation, such as bank and other industry, especially there is the industry (such as public transport, social security, communication etc.) of a large number of users jointly to issue multi-application card, both can increase issued volume, also bring facility to the holder, also improved the popularity of bank card brand simultaneously.In existing joint name card issuing mode, it is a kind of master slave relation between card issuing merchant and the application provider, be embodied in the card, namely be that the card issuing merchant is the effector of all resources on the card, and general application provider must could obtain corresponding resource under card issuing merchant's mandate, the card issuing merchant can unilaterally regain the resource of distributing to application provider, and what the multi-application card scheme of current main-stream such as Java (Multos) Global Platform supported is exactly this business model.Above-mentioned issuing mode can not satisfy the requirement of joint name card distribution each side sometimes, for example from security standpoint, distribution each side wishes oneself can control one's own side's application fully, that is to say, there is not the difference of card issuing merchant and application provider in distribution each side on card, all share a card, all are the application providers of equality.In this case, card issuing merchant and application provider coexist as on the physics card, but are separate in logic, and existing Java Global Platform card can not be supported this issuing mode.
Summary of the invention
For problems of the prior art, the present invention proposes a kind of smart card of using more, integrated a plurality of virtual cards on a physics card, each virtual card has comprised a virtual card manager (Card Manager), each virtual card is safeguarded the state of self separately, each virtual card carries out the card Content Management at the EEPROM under own, thereby realize that card issuing merchant and application provider coexist as on the physics card in logic independently of each other, satisfy the requirement of joint name card distribution each side.
Realize that the concrete technical scheme that purpose of the present invention adopts is:
A kind of smart card of using comprises being integrated in a plurality of separate virtual cards, JavaCard virtual machine, smart card operating system and intelligent card chip on the physics card more.
Different application providers mode with virtual card on card exists, and each virtual card carries out the card Content Management at the EEPROM under own.The corresponding application provider of each virtual card, be used for providing application, each virtual card comprises a Card Manager, the resource that is used for its corresponding virtual card of control, the safety demonstration service of the corresponding virtual card of terminal access is provided, each virtual card is the corresponding EEPROM that has separately that manages all, is used for carrying out the virtual card Content Management.
Application under the virtual card can only be downloaded, create and be deleted by virtual card, and EEPROM required in whole process can only apply for from the EEPROM resource of virtual card management, equally, the EEPROM of virtual card and affiliated application thereof release also is recovered in the EEPROM resource of virtual card management.
This programme is based on [GP2.1.1] and designs, and in the architecture of card, RTE API, GPAPI, OPEN, Runtime Environment are consistent with the description in [GP2.1.1].In the present invention, RTE API, Runtime Environment are please respectively with reference to [JCVM2.2.1] [JCRE2.2.1] [JCAPI2.2.1].Different application providers mode with virtual card on card exists, the corresponding virtual card of application provider, and different virtual cards is mutually independently.Following emphasis is described the concept of virtual card.
Virtual card in this programme is similarly with a multi-application card in logic, has all comprised a Card Manager.This Card Manager is the same with Card Manager in [GP2.1.1], has controlled the resource of virtual card, and the safety demonstration service of terminal access virtual card is provided.In this programme, there is not the card mode of definition in [GP2.1.1] in the physics card, the substitute is the state of virtual card, and virtual card has been realized the card mode of definition in [GP2.1.1] and changed the mechanism, every virtual card maintenance state separately is not subjected to the impact of other virtual card states.
In the card that meets [GP2.1.1], after resetting, card only have the basic logic passage to activate, mean that a default application is only arranged is selected at the basic logic passage.In this programme, after card resets, only have a virtual card to be activated, each virtual card can configure a default application, if this virtual card is configured to the virtual card of default activation, then the default application of this virtual card can be chosen by the basic logic passage when card resets.Virtual card can also choose should be used under it to be activated by select command, this means the application that different virtual cards is managed, and its AID is unique at whole card (many virtual cards).
The EEPROM of physics card distributes to different virtual cards when pre-individualizing.For virtual card, most important resource is EEPROM, when card individualizes in advance, can create as required many virtual cards, can configure the EEPROM resource of specified quantity in the virtual card constructive process.Virtual card can not be deleted after creating, and the EEPROM resource of its management is managed alone use by it.
Order and mechanism that virtual card carries out the card Content Management meet [GP2.1.1].
The present invention also provides a kind of distributing method of this smart card, specifically comprises:
(1) card is individualized in advance
According to service needed, for each application provider creates a virtual card, and the EEPROM resource of size is specified in application.The EEPROM resource of this virtual card full powers management oneself.
(2) application provider is individualized
Each application provider downloads the application of oneself, creates to use, and finishes individualized to what use.
Smart card of the present invention can realize that card issuing merchant and application provider coexist as on the physics card in logic independently of each other, has coequal status, satisfies the requirement of joint name card distribution each side.
Description of drawings
Fig. 1 is for having now based on GP architecture system schematic diagram.
Fig. 2 is the smart card planar structure block diagram of integrated many virtual cards of the present invention.
Fig. 3 is the smart card three-dimensional structure diagram of integrated many virtual cards of the present invention.
Fig. 4 is the Content Management schematic diagram of virtual card.
Fig. 5 is the distribution schematic flow sheet of card.
Embodiment
Below by by embodiment and accompanying drawing the present invention being described in further detail, but following examples only are illustrative, and protection scope of the present invention is not subjected to the restriction of these embodiment.
Shown in Fig. 2 and 3, a kind of smart card of using more, comprise and be integrated in a plurality of separate virtual cards and JavaCard virtual machine, smart card operating system and intelligent card chip on the physics card, the JavaCard virtual machine is explained the bytecode of carrying out application of IC cards, and smart card operating system is in charge of the various hardware resources of intelligent card chip.
The corresponding application provider of each virtual card, be used for providing application, each virtual card comprises a Card Manager, the resource that is used for its corresponding virtual card of control, the safety demonstration service of the corresponding virtual card of terminal access is provided, each virtual card is the corresponding EEPROM that has separately that manages all, is used for carrying out the virtual card Content Management.
For EEPROM management, the Card Manager of each virtual card increases a record attribute size1, and size1 records this Card Manager maximum can be with how many EEPROM spaces, the appointment when this Card Manager creates of this value.After selecting certain related security domain to be the application of this Card Manager, if apply for the EEPROM space of a size size, the EEPROM partition function is when distributing EEPROM, can find its record attribute size1 according to the Card Manager of current application association, if size1>=size, then be allocated successfully, and revise size1=size1-size; Otherwise, apply for unsuccessfully.When needs discharge the EEPROM space of size size, in like manner, after EEPROM release function is finished EEPROM release, can find its record attribute size1 according to the Card Manager of current application association, revise size1=size1+size.
Get the order in residue EEPROM space for GP, can directly find the record attribute size1 of this Card Manager, return size1.
Fig. 4 is the Content Management of virtual card, and the application of each virtual card and bag are that oneself is managed independently, comprises download, installs and deletion.After creating certain virtual card, can under the root directory of EEPROM allocation list, form bag and an application table that belongs to this virtual card, when each increase or delete a new bag or new the application, will at first find bag and the application table of the virtual card management of this bag or association, then doing in this table increases or deletion action.
When the information of bag or application is got in order for GP, can directly find bag and the application table that belongs to this virtual card at the EEPROM allocation list, and find bag or application wherein and return corresponding information.
Fig. 5 is the distribution flow process of card, has comprised the following step:
● card is individualized in advance
According to service needed, for each application provider creates a virtual card, and application is specified the EEPROM resource of size, the EEPROM resource of this virtual card full powers management oneself.The constructive process of virtual card is actual to be exactly the process that creates its Card Manager, in the constructive process of Card Manager, its authority byte is 9E, in the installation parameter territory, and the size in the EEPROM space that needs appointment Card Manager manages and initial escape way authenticate key.
● application provider is individualized
Each application provider downloads the application of oneself, creates to use, and finishes individualized to what use.Certain bag and application under the virtual card environment is installed, and security domain that should specified associations is the virtual card manager (Card Manager) of this virtual card.Like this, the unified thus CardManager of the resource of this bag and application manages, and other virtual card haves no right to manage.
Card is accepted the new business that above-mentioned application provider provides in user's hand, download application corresponding to new business, creates newly to use and finish the individualized of new application.
Should be clear and definite, described embodiment only is a part of embodiment of the present invention, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the new work prerequisite of creation.
Claims (5)
1. use the Java smart card one kind more, comprise the JavaCard virtual machine, smart card operating system and intelligent card chip, it is characterized in that, this smart card also comprises a plurality of separate virtual cards, the corresponding application provider of each virtual card, be used for providing application, described each virtual card comprises a virtual card manager (Card Manager), the resource that is used for virtual card corresponding to independent control, so that the safety demonstration service of the corresponding virtual card of terminal access to be provided, and each virtual card is corresponding management EEPROM separately all, and this EEPROM is used for the Content Management of virtual card;
Wherein, generate under the root directory of the EEPROM allocation list of each virtual card bag table and the application table that belongs to corresponding virtual card arranged, application and the bag of each virtual card are managed independently by it, wherein said managing independently comprises download, installs and deletes, increasing or deleting a new bag or when newly using, at first find bag table and the application table of the virtual card management of this new bag or new association, the management of using and wrapping is finished in the operation of doing increase or deletion bag again or use in respective table.
2. smart card according to claim 1, it is characterized in that, comprise a record attribute size1 in the virtual card manager of described each virtual card (Card Manager), be used for the maximum available EEPROM spatial value of this virtual card manager of record (Card Manager), this value is specified when being created at described virtual card manager (Card Manager).
3. smart card according to claim 1 and 2 is characterized in that, comprises the virtual card of a default activation in described a plurality of virtual cards, and after described smart card card resetted, the virtual card of this default activation was activated.
4. smart card according to claim 3, it is characterized in that, described each virtual card disposes default application, default application in the virtual card of default activation can be chosen by the basic logic passage when card resets, in addition, virtual card can also choose should be used under it to be activated by select command.
5. the distributing method of the described smart card of one of claim 1-4 may further comprise the steps:
(1) card is individualized in advance
According to service needed, for each application provider creates a virtual card, and the EEPROM resource of size is specified in application;
(2) application provider is individualized
Each application provider downloads the application of oneself, creates to use, and finishes individualized to what use.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110049872 CN102087716B (en) | 2011-03-02 | 2011-03-02 | Multi-application Java smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110049872 CN102087716B (en) | 2011-03-02 | 2011-03-02 | Multi-application Java smart card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102087716A CN102087716A (en) | 2011-06-08 |
| CN102087716B true CN102087716B (en) | 2013-02-13 |
Family
ID=44099513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110049872 Active CN102087716B (en) | 2011-03-02 | 2011-03-02 | Multi-application Java smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102087716B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8464938B2 (en) * | 2007-06-22 | 2013-06-18 | Intelispend Prepaid Solutions, Llc | Client customized virtual or physical card for use with selected merchants |
| CN102254119B (en) * | 2011-07-15 | 2013-08-07 | 华南理工大学 | Safe mobile data storage method based on fingerprint U disk and virtual machine |
| CN102629215A (en) * | 2012-02-28 | 2012-08-08 | 东信和平智能卡股份有限公司 | Communication method and communication device of virtual smart cards |
| CN103514050B (en) * | 2012-06-19 | 2016-12-21 | 蔡毓芬 | Formula method of calling and running gear |
| CN102760326A (en) * | 2012-07-10 | 2012-10-31 | 武汉天喻信息产业股份有限公司 | Java virtual machine-based multi-application card swiping method and terminal |
| CN103778448B (en) * | 2012-10-25 | 2017-10-27 | ***股份有限公司 | Multi-application smart card management system and method |
| CN103106090B (en) * | 2013-01-31 | 2015-10-28 | 北京大唐智能卡技术有限公司 | The installation method of a kind of smart card and application thereof |
| US9052891B2 (en) | 2013-05-14 | 2015-06-09 | International Business Machines Corporation | Declarative configuration and execution of card content management operations for trusted service manager |
| CN103559073B (en) * | 2013-10-28 | 2016-05-25 | 飞天诚信科技股份有限公司 | A kind of data managing method based on Java card |
| FR3014226A1 (en) * | 2013-12-03 | 2015-06-05 | Toudie Roger Gbohou | UNIT OF SYSTEMS AND TECHNOLOGIES FOR DIGITAL MODEL OF ECONOMIC DEVELOPMENT COMMUNITY |
| CN103617440B (en) * | 2013-12-04 | 2014-08-20 | 武汉天喻信息产业股份有限公司 | Multi-application smart card achieving multi-way independent control and issuing method thereof |
| CN103744965A (en) * | 2014-01-07 | 2014-04-23 | 东信和平科技股份有限公司 | Simple multi-platform intelligent card personalization method |
| CN103793644B (en) * | 2014-02-28 | 2017-09-19 | 天地融科技股份有限公司 | Information safety devices realize method, information safety devices and the system of many applications |
| CN106598551B (en) * | 2016-12-16 | 2019-01-29 | 大唐微电子技术有限公司 | A kind for the treatment of method and apparatus of smart card, smart card |
| CN108665045A (en) * | 2018-05-02 | 2018-10-16 | 北京中电华大电子设计有限责任公司 | A method of realizing that more publishers' applies Java card more |
| CN110366162A (en) * | 2019-04-22 | 2019-10-22 | 上海华申智能卡应用***有限公司 | The method of digital certificate authentication function is realized on the sim card |
| EP4060588A1 (en) * | 2021-02-05 | 2022-09-21 | Shenzhen Goodix Technology Co., Ltd. | Virtual electronic card management method and system, security chip, terminal, and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516052A (en) * | 2003-01-06 | 2004-07-28 | 李之彦 | Opened function dynamic integrated intelligent card system |
| CN101853416A (en) * | 2010-06-02 | 2010-10-06 | 东信和平智能卡股份有限公司 | Physical smart card with virtual smart cards and configuration method of virtual smart card |
| CN101908120A (en) * | 2009-06-02 | 2010-12-08 | 上海复旦微电子股份有限公司 | Method for realizing all-in-one function of single intelligent card |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1839282A1 (en) * | 2004-12-07 | 2007-10-03 | Philips Intellectual Property & Standards GmbH | System and method for application management on multi-application smart cards |
-
2011
- 2011-03-02 CN CN 201110049872 patent/CN102087716B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516052A (en) * | 2003-01-06 | 2004-07-28 | 李之彦 | Opened function dynamic integrated intelligent card system |
| CN101908120A (en) * | 2009-06-02 | 2010-12-08 | 上海复旦微电子股份有限公司 | Method for realizing all-in-one function of single intelligent card |
| CN101853416A (en) * | 2010-06-02 | 2010-10-06 | 东信和平智能卡股份有限公司 | Physical smart card with virtual smart cards and configuration method of virtual smart card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102087716A (en) | 2011-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102087716B (en) | Multi-application Java smart card | |
| CN103617440B (en) | Multi-application smart card achieving multi-way independent control and issuing method thereof | |
| CN103430222B (en) | Local trusted services manager for contactless smart card | |
| CN105900104B (en) | Applet migration in safety element | |
| CN103415874B (en) | Writing application data to secure element | |
| CN101853416B (en) | Physical smart card with virtual smart cards and configuration method of virtual smart card | |
| CN106201613A (en) | Preheating software is installed | |
| CN103280020A (en) | Information processing apparatus, IC chip, information processing method, program, and information processing system | |
| US7117012B1 (en) | Method for operating a portable data carrier configured for executing reloadable functional programs | |
| CN106155568A (en) | A kind of method of partition holding and terminal | |
| CN102760084B (en) | Management method of application data, method for partitioning application storage space, on-line application system and application device | |
| CN102122248B (en) | Method for managing wire clip software of communication equipment | |
| CN105809064A (en) | Smart card safety control method and smart card | |
| CN104272273A (en) | Dynamic memory allocation | |
| CN103761118A (en) | Intelligent card and method for deploying applications in same | |
| CN109543415A (en) | A kind of secure operating system framework | |
| CN103309696A (en) | Method and device for updating Java card extended library, and Java card | |
| CN103595573A (en) | Method and device for issuing strategy rules | |
| US9413755B2 (en) | Method for managing identifiers in an integrated circuit board and corresponding integrated circuit board | |
| AU2018218498B2 (en) | Cash processing system | |
| CN103778448B (en) | Multi-application smart card management system and method | |
| CN103309758B (en) | A kind of mthods, systems and devices blocking application and download | |
| CN103699451B (en) | The data sharing method and device of application software and plug-in unit | |
| CN105607938A (en) | Method for allocating interface elements of security applications | |
| CN105303377A (en) | Smart card slave security domain key updating method and electronic payment system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |