Background technology
Java Card is a kind of smart card that can move Java Applet, it has obtained fast development with advantages such as its supports of using, good security feature, Object oriented programming environment, application program dynamic download more, in the application in fields such as SIM/USIM application, authentication and finance more and more widely.Java Card is a kind of embedded system, java runtime environment of operation on the extremely limited smart card of resource, its maximum advantage is can be after card issuing dynamically to download and the application program on the neocaine more, has realized multi-application card flexibly.Yet, because the storage characteristics of present Java Card platform, system component (comprises the java runtime environment, system API, card operating system etc.) behind hair fastener, be cured among the ROM, just can only solve if occur system component fault or leak behind the hair fastener, because the issued volume of smart card is very big by the method for change card more, this method will be brought tremendous loss to the card issuer, so be necessary to develop the replacement problem that a kind of new framework or method solve system component behind the hair fastener.
At present, both at home and abroad the research that the class of the object-oriented program of standard is dynamically updated is very many, 1), by JVM (Java Virtual Machine) is made amendment realization to dynamic class mainly contains three kinds of methods:, make JVM can support the operation that dynamically updates of java class; 2), utilize the support of built-in function, as the related realization among the C++; 3), some mechanism by Java language, write rational algorithm and the class load mechanism supports class to dynamically update.
For dynamically updating of Java, Alessandro has proposed a kind of technology based on class rename and code rewriting and has realized that java class dynamically updates, use one to make the instrument of DUSC when operation, dynamically switch class, but this method is very consuming time, and serious to waste of storage space, be not suitable for calculating the Java Card environment extremely limited with storage resources; Another one supports that the JVM of online updating is JVOLVE, it utilizes related tool to find the class tabulation of required renewal, then the dynamic loading class and utilize the JIT technology with its compiling in order to replace existing class, utilize the garbage collector revised that former object reference is revised as new object reference at last.Because Java Card platform is not supported class dynamic loading and JIT mechanism, so must make amendment to this method, Agnes C. Noubissi has proposed a kind of similar method, and be used for Java Card platform, outside card, obtain upgrading tabulation by corresponding instrument, search the class that all need be replaced by software in the card, by importing new class of data creation and example into, and revise all quoting of former example realized dynamically updating, it uses the method for pure software to realize searching, replace and the renewal operation, cause efficiency ratio lower, and the safety problem that smart card is depended on for existence is difficult to be guaranteed.
Summary of the invention
The present invention is directed to above-mentioned technological deficiency, propose a kind of Java Card system component update method based on the MMU framework.
In order to solve the problems of the technologies described above, technical scheme of the present invention is as follows:
Java Card system component update method based on the MMU framework is characterized in that, comprises operation in outer operation of card and the card,
The outer operation steps of described card is as follows:
1) by amended engineering code of contrast and original engineering code, provides the code revision bulleted list;
2) search virtual address inlet and the scale-of-two length of project in file destination in the code revision bulleted list, provide the tabulation of system component updating task;
3) the approaching project of virtual address in the described system component updating task tabulation is merged, generate interior MMU modification information table of card and code actual binary and revise information table;
Operation steps is as follows in the described card:
4) transmission code is revised data, and the code data after upgrading is write EEPROM space in the card, and with the new address in the EEPROM space in card of the code data after the described renewal as parameter processing carry out system call afterwards;
5) the card internal operating system authenticates, and as then revising the TLB initial table of MMU by authentication, and restarts the card internal operating system and carries out initialization.
As possibility, described step 2) provide in the tabulation of system component updating task comprise to former project revise, to former deletion of items and newly-increased to former project,
Described as follows to former project retouching operation step:
If revise the length that consequent purpose binary code length is not more than former project, then find the virtual address entry address of former project, newly-increased list item in the TLB of MMU table, described virtual address entry address is mapped among the EEPROM, and keep byte length to equate, write amended project binary code in the position that EEPROM newly opens up, mend into blank operation unnecessary position, if new modification item purpose binary code length greater than the length of former project, then can be divided into this modification the newly-increased combination of former deletion of items and former project;
Described as follows to former deletion of items operation steps:
The code of the deleted project of all references is made amendment;
Described newly-increased operation steps to former project is as follows:
The new projects code only may be cited in amended code, can divide two steps to its processing: divide a zone in EEPROM, new projects' code is write; Utilize reverse-engineering will revise the address of quoting new projects in the code then and change to new address.
As possibility, the twice that takes up room less than new projects' actual address more when the virtual address span of a plurality of more new projects, when promptly upgrading space availability ratio and be higher than 50%, can be with new projects more at storage space performing step 3) in the approaching project of virtual address in the described system component updating task tabulation is merged.
As possibility, the TLB initial table of revising MMU described in the step 5) adopts the virtual address space with certain-length to be mapped in the isometric physical address space, described TLB initial table form is divided into logic_addr_base, Length and physical_addr_base, described logic_addr_base represents the base address of the virtual address section that MMU will shine upon, described Length represents the length of this logical address section, and described physical_addr_base represents the base address of the physical address that this section logical address is mapped to.
Beneficial effect of the present invention is:
1. the present invention is divided into upgrade operation outside the card and operation in the card, and a large amount of being operated in outside the card finished, and by means of common PC or the workstation performance that many more powerful than Java Card, updating task done enough optimization, improved update efficiency greatly.
2. the present invention proposes design and the initial method of MMU in a kind of the card, adopt the method for software and hardware combining to realize dynamically updating of system component, simplified index word in the card, method is simple to be implemented easily.
3. the present invention has guaranteed the security that Java Card system component upgrades, by design to processor and operating system, three kinds of processor operating modes are provided, when having only processor to be operated in the highest weight limiting mode, the MMU initial table could visit, undertaken by system call, to carry out the card issuer authentication this moment, guarantee security.
Embodiment
Below with the present invention is described further with specific embodiment with reference to the accompanying drawings.
Based on a kind of card stored framework of MMU mechanism, and utilize MMU to solve the scheme of Java Card system component upgrading.This scheme needs outside a series of card and the interior operation of card realizes, the outer modification by the contrast code of card is located its location revision in the system binary file destination, form a updating task tabulation, and adopt this tabulation of certain algorithm optimization to upgrade the item number and the traffic to reduce; In the card amended code snippet is stored among the EEPROM, and the method that adopts modification TLB (Translation Lookaside Buffer) to show, change the mapping of virtual address to physical address, former virtual address map is arrived the consequent purpose of modification memory location, the code reorientation reaches the purpose of update system assembly.
In the present invention, the Java Card framework that is proposed comes control card stored resource by a simple MMU, realize the conversion of virtual address to physical address, segmented virtual address also is mapped on one section isometric physical storage statically, corresponding TLB mapping item of each physical storage under the original state, it is invalid that unnecessary TLB inlet item is made as, and increases map entries when upgrading for system component and use.The fundamental purpose of the outer operation of card is to find out modification information all in the system component, and with its accurate location in final binary file (.bin), imports in the card and upgrades so that will revise content and positional information.Positional information can obtain its virtual address inlet and scale-of-two length by checking the .map file (engineering is used IAR Embedded Workbench compiling) that project file when compiling generate, by project entry address, length and modification back content, can set up a updating task, all updating task are formed a updating task table.1), merge the task list item optimization to the updating task table is embodied in two aspects:, reduce MMU mapping number in the card, updating task that can the address is close merges, and when reducing MMU mapping number, is unlikely to waste too much storage space; 2), the mapping of project actual modification content, reduce volume of transmitted data, actual modification to the contents of a project often is the sub-fraction of its address space, can be transmission information with actual modification value and side-play amount thereof, unmodified part is direct original position copy the ROM in block then, with raising speed and reduce transinformation.
Manipulate more new data and address mapping table that the outer operation of card obtains in the card, in EEPROM, write more fresh code, and revise the TLB mapping of MMU, reach the purpose of update system assembly.A service routine reception is provided in the card and handles more new data, call the modification that card operating system is finished the MMU initial table.The MMU initial table is deposited in specific region among the EEPROM, the system call sysMmuModify that only provides the MMU initial table to revise can visit this zone, and when this system call took place, system at first carried out the card issuer authentication, call by then providing as authentication, otherwise log off.If system call completes successfully, then system restart is to finish initialization, and so far Java Card system component upgrades successfully, and the card that has new system component can normally use.
Specific as follows described:
As shown in Figure 1, the storage architecture that has shown Java Card platform, smart card operating system (COS), Java Card runtime environment (JCRE), system components such as system API and some built-in applets leave among the ROM, this process is burned when card is produced, can not change in case write promptly, this just upgrades for later upgrading and has brought trouble, in case system component starts a leak, just must reclaim all hair fasteners, and system is sent out neocaine, smart card often issued volume is huge, will bring greater loss to card issuer.
Fig. 2 has shown overall operation flow process of the present invention, mainly is divided into following step:
201, DIFF Generator: amended engineering and original engineering code are compared, provide the tabulation (DIFF List) of code concrete modification project;
202, DIFF Mapper: according to the code concrete modification bulleted list that step 201 provides, search virtual address inlet and the scale-of-two length of these projects in file destination, provide the task list (Mapped List) that system component need upgrade;
203, List Optimization: need upgrade tabulation to system component and be optimized, reduce the interior MMU mapping amount of card and block inside and outside volume of transmitted data, produce interior MMU modification information table (MMU map Info) of card and code actual binary and revise information table (Changed Data Info);
204, Data Processing ﹠amp; Provide program that system update is operated in the System Call:Java Card card and handle, and call the modification that card operating system carries out MMU initial table data;
205, Authentication ﹠amp; MMU TLB Modify: operating system provides the system call of revising the MMU initial table and carries out the card issuer authentication, as revise the TLB initial table of MMU by the authentication service of then calling, system restarts after finishing, enter user model after finishing initialization, the TLB table of MMU has been revised as new mapping, the code reorientation is finished, and the Java Card card that moves new system component can normally use.
Fig. 3 has provided through step 202 and handled the typical updating task tabulation of afterwards one (Mapped List), and is specific as follows:
By the engineering .map file of checking that IAR Embedded Workbench compiling generates, can clearly find each function and constant virtual address inlet and the scale-of-two length thereof in system, by .map file that contrasts two version engineerings and the modification information list (DIFF List) that previous step obtains, can obtain the task list (Mapped List) of a required renewal, for the difference before and after the display systems code revision more clearly, unmodified project is ignored, only list the modification of project, deletion and increase, as shown in Figure 3, wherein old map and new map have shown the Memory Allocation situation of code revision front and back respectively, use letter and number representative function and constant name, revised a in the new version of code as can be seen, b, c, d, five functions of e; Deleted f, g, h, four functions of i; Increased j newly, two functions of k; Revised the mask array of constant cons.2 and the API of system class.Take following diverse ways to handle for the different operating that the source code project is upgraded:
(1) to the modification of former project
If new modification item purpose binary code length is not more than former project, then find the entry address of former project, newly-increased list item in the TLB table, this entry address is mapped among the EEPROM, and keep byte length to equate, write amended project binary code at reposition, mend into blank operation unnecessary position.If new modification item purpose binary code length then is divided into this modification the combination of former project of deletion and new projects greater than former project.So should make as far as possible that revising back project code length is not more than former code, can save card stored space like this.
(2) to the deletion of former project
The code of the deleted project of all references is made amendment, and deleted code promptly lost efficacy, so will can not quote the delete code in the former project in new projects' code, can disregard deletion action.
(3) project is newly-increased
The new projects code only may be cited in amended code, can divide two steps to its processing: at first, divide a zone in EEPROM, new projects' code is write; Utilize reverse-engineering will revise the address of quoting new projects in the code then and change to new address.
Fig. 4 has provided task list shown in Figure 3 and revised information table (MMU map Info) through MMU in the card that produces after step 203 optimization, and is specific as follows:
Merging for list item, be similar to the merging of memory fragmentation, more the address of new projects is very approaching for some, especially continuous distribution is often approached in its address of the function in the same file destination, also very little at interval even the centre has, it can be merged fully, unification is mapped to new address, a method of compromise reduce the item number that needs mapping, but the method will cause the waste of the storage space of a part, so must be arranged.Provide formula (1) for this reason, expression when the address span of a plurality of more new projects less than the twice that new projects' actual address more takes up room, when promptly upgrading space availability ratio and be higher than 50%, new projects more can be merged on storage space.
(1)
Utilize above-mentioned rule that the project among Fig. 3 is handled, can get the result as shown in Figure 4.Logical address represents the virtual address range of more new projects in former engineering that merged among Fig. 4, address realm and the content of more new projects in engineering after physical address represents to merge, wherein new address is illustrated in newly assigned physical address among the EEPROM, and items represents the stored renewal contents of a project in the new address space of this section.Each bar record among the figure has just formed a MMU map entries.As article one record among Fig. 4, be that first three bar amendment record among Fig. 3 is merged into an amendment record, because function a in first three bar record among Fig. 3, b, the continuous distribution spatially of c, can be mapped to new space and carry out the code reorientation the code memory space of three functions is whole, can reduce the mapping amount of TLB table among the MMU like this.
Fig. 5 has provided MMU and storage architecture in the Java Card card, and is specific as follows:
The strictness restriction of storage architecture that present smart card is special and resource has determined that the working mechanism of the interior MMU of card can not be identical with common embedded MMU.The working mechanism of the MMU that this method is designed and tlb entry form are different, system does not adopt the mode of paging, but take the mode of direct segmentation, the virtual address space of certain-length is mapped in the isometric physical address space, designed tlb entry form is shown in Fig. 5 center section, wherein logic_addr_base represents the base address of the virtual address section that MMU will shine upon, Length represents the length of this logical address section, and physical_addr_base represents the base address of the physical address that this section logical address is mapped to.TLB is the core component that MMU realizes the actual situation address translation, its storing virtual address is to the conversion and the access control information of physical address, when processor sends memory requests, what produce is virtual address, MMU searches this address from the TLB table, because the actual situation address all is a correspondence mappings among the design, do not allow to visit non-specific virtual address space, so there is not the situation of TLB disappearance, TLB always searches and hits, and then MMU can return the virtual address physical address corresponding of being asked after confirming access control logic.
Therefore design card stored framework as shown in Figure 5: have four physical storages in the card: two ROM, a slice EEPROM, a slice RAM, size is 256K, under the original state, marking off the long virtual address section of four sections 256K in virtual address space is mapped to respectively in the isometric physical storage, shown in solid arrow among Fig. 5, then under the situation of unmodified system component, the MMU system only needs 4 TLB map entrys, when system component is revised, revise among the former TLB map information about ROM, make its corresponding modification section be mapped to the memory block of fresh code in EEPROM, the code reorientation reaches the purpose that system component upgrades.Below with upgrading operating process in the example instruction card.
With the updating task of article one shown in Fig. 4 is example, upgrades operating process in the instruction card, revises back ROM mapping result shown in dotted arrow among Fig. 5, specific as follows:
1) in EEPROM, distributes the 0x352 byte space, suppose that physical address is 0x0000B000;
2) content replication in the former ROM address is advanced in the EEPROM institute allocation space, and the actual modification information that passes in the card is write the relevant position;
3) system call sysMmuModify revises data with TLB and imports into as parameter, and access control bit is set, and the space segment that is mapped to from ROM among the EEPROM is read only attribute to all programs;
4) system carries out the card issuer authentication, if by then revising the TLB initial table, restarts system after finishing and carries out initialization, and Java Card upgrades and promptly finishes.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, without departing from the inventive concept of the premise; can also make some improvements and modifications, these improvements and modifications also should be considered within the scope of protection of the present invention.