CN103150125A - Method for prolonging service life of power-down protection date buffer memory and smart card - Google Patents

Abstract

The invention relates to a method for protecting data in an order execution process and prolonging service life of a power-down protection date buffer memory and a smart card when the smart card is in the working state, the power is accidentally cut and the card is maliciously pulled out. A power-down protection sub-system in a smart card operation system comprises a random number generating module, a power-down protection control item, a power-down protection control register, a power-down protection data buffer memory block, a power-down protection data buffer memory control method and a power-down protection data recovery control method, which work cooperatively together; by randomly selecting different power-down protection data buffer memory blocks and a transferring sequence of controlled protection states, the purpose of either storing unchangeable date in a date memory in the smart card before executing the order or integrally storing all obtained new data after executing the order is realized to enable the read-write operation times of all power-down protection data blocks, a control register and a parameter register are almost equal, so as to efficiently prolonge the service life of the power-down protection date buffer memory in the smart card and enhance the fault tolerance of the power-down protection data buffer memory.

Description

Improve power down protection Data Buffer Memory method and the smart card in serviceable life

Technical field

The invention belongs to smart card and smart card operating system design field; be specifically related to the unexpected power down in the course of the work of a kind of smart card, malice when plugging card, carry out method and the smart card in raising power down protection Data Buffer Memory serviceable life of data protection in the command execution process.

Background technology

Smart card be integrated CPU and control module, safety function module (comprising randomizer), memory module, contact and (or) non-contact interface module and smart card operating system (COS) be in the embedded system of one.The program storage of random access memory ram when the accumulator system of smart card can be divided into CPU work, storage COS and EEPROM or the FLASH data-carrier store of storing subscriber information, the capacity of each storer is according to the type of CPU and specifically use differently, but the data-carrier store of the common smart card in market is general all more than or equal to 32KB.CPU in smart card and control module are stored in COS in the program storage module by operation, receive the command sequence that read write line is sent, under the supervision of COS security strategy and safety function module, realize safe storage and the access control function of user profile, for the user provides authentication, associated safety service function, the controlled access of data and the various application function services of user.Consistance in order to ensure data in the reliability of storing information and date and command execution process; open up a suitably memory block of size in the data storage area of smart card; Data Buffer Memory as the power-down protection use; as long as the write operation that relates to the data storer all must carry out power down protection; the data that namely first will write (data of perhaps being rewritten) data writing memory buffer; then according to the command execution situation, the data in the data buffering memory block are written in target memory, perhaps the data in memory buffer are abandoned.Therefore, the power down protection Data Buffer Memory is the highest storer of usage frequency in smart card, and directly affect the serviceable life of smart card its serviceable life, is one of gordian technique that must solve in any COS design.

present power down protection scheme based on smart card, generally to open up the data buffering storage space (more than or equal to 256 bytes) that just satisfies the power down protection needs in the intelligent card data memory block, need to be written to the data of preserving in the data storage area in the command execution process, be first written to the power down protection Data Buffer Memory and begin the zone, then copy to again in the target data memory block according to the command execution situation, so just there is the own much bigger target data memory block of corresponding ratio, power down protection data buffering memory block, the frequency of utilization that makes the storage area that power down protection Data Buffer Memory first address begins is greatly higher than the frequency of utilization of target data memory block, thereby shorten the serviceable life of power down protection Data Buffer Memory, final damage due to the power down protection Data Buffer Memory, and cause scrapping of whole smart card card.Improving power down protection Data Buffer Memory serviceable life, can effectively extend intelligent card data storer whole service life, is also the key that solves smart card card whole service life.

Summary of the invention

the object of the invention is to overcome existing power down protection Data Buffer Memory short deficiency in serviceable life and a kind of power down protection Data Buffer Memory method and smart card in serviceable life of improving is provided, the power failure data buffer storage of its (N * (256+16+2)) byte, this memory partitioning is the control item of N 16 bytes, the power down protection piece number storage control item of the data buffering storage block of N piece 256 bytes and 2N byte, when carrying out the power down protection operation at every turn, choose at random one of them control item and a blocks of data buffer-stored piece as the power down protection Data Buffer Memory, complete data and the operation of control item buffer-stored of power down protection, make the read-write number of times of each power down protection data buffering storage block and control item be tending towards equal, thereby improve the serviceable life of power down protection Data Buffer Memory.

Technical scheme of the present invention is:

A kind of power down protection Data Buffer Memory method in serviceable life that improves, it is characterized in that: the method comprises the random buffer system of model power down protection data, then formulates power down protection data buffering storage means and power down protection data reconstruction method on the random buffer system of power down protection data;

The random buffer system of described power down protection data comprises randomizer, power down protection control item, power down protection control register, power down protection data buffering storage block, be specially: the power down protection data buffering memory block of (N * (256+16+2)) byte is set, and this memory partitioning is the control item of N 16 bytes, the data buffering storage block of N piece 256 bytes and the power down protection piece numerical control register processed of N two bytes; N control item numbering from 0 to (N-1) and respectively 0 of corresponding power down protection data buffering storage block to (N-1) piece; N control register is used for the control parameter of storage power down protection system, and each control register deposits that in an execution process instruction, all need to carry out the data block number that power down protection recovers, and height two bytes equate; No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form; The byte number of source address and destination address is determined according to intelligent card data memory addressing space size, source address records the address of corresponding data buffering storage block number after address translation, and destination address memory protection data are written to the first address in data-carrier store; The data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection, when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block;

Described power down protection data buffering storage means is based on the random buffer system of described power down protection data, and implementation step is:

The first step: produce one more than or equal to 0, less than or equal to the random number m between N-1;

Second step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in state working properly, if be not in normal operating conditions, repeats the first step and second step, otherwise carries out for the 3rd step;

The 3rd step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in the protection ready state, if be not in the protection ready state, repeat the first step, second step and the 3rd step, otherwise carries out for the 4th step;

The 4th step: the information that needs protection is written to m piece power down protection data buffering storage block;

The 5th step: the length of the source address in modification m control item, destination address, these power down protection data, and will protect ready state to be rewritten as the wait guard mode, update mode is arranged to effective status;

The 6th step: judge whether also have other need to carry out the information that power down protection is processed in the command execution process, to repeat for the first to the 6th step if having, otherwise carried out for the 7th step;

The 7th step: travel through No. 0 to the N-1 control item, when if in control item, update mode is effective status, to wait for that guard mode is rewritten as guard mode, calculate the CRC code of this control item, be in the data buffering storage block of guard mode and count X and add 1, at last the relevant control item is written in the power down protection Data Buffer Memory;

The 8th step: produces one more than or equal to 0, less than or equal to the random number m between N-1, two byte datas that XX is formed are filled up in the m control register, the end of power down protection process;

The performing step of described power down protection data reconstruction method is:

The first step: read the power down protection control item and check each control item of normal operating conditions CRC code whether correct, carried out for the 5th step if the CRC code is incorrect, otherwise carry out next step;

Second step: search two non-vanishing byte XX of parameter in control register, if XX does not exist or two bytes are unequal, carried out for the 5th step, otherwise carry out next step;

The 3rd step: in the statistics control item, guard mode is the quantity M of guard mode, if M ≠ X carried out for the 5th step, otherwise carries out next step;

The 4th step: travel through all power down protection control items, the source address data copy that guard mode control item is indicated is to the indicated data-carrier store of destination address, its copy length is determined by data length parameter in the power down protection control item, after data copy is completed, the guard mode in this control item is revised as the protection completion status;

The 5th step: travel through all power down protection control items, if this control item CRC code mistake or guard mode are that non-protection ready state or update mode are effective status, guard mode is rewritten as the protection ready state, update mode is set to disarmed state, calculate the CRC code of this control item, at last the relevant control item is written in corresponding power down protection data buffering memory block;

The 6th step: not being that 0 byte exists if having in control register, is not 0 byte zero clearing in this control register, and is written in smart card power down protection data buffering memory block, and the power down protection data recovery procedure finishes.

a kind of power down protection Data Buffer Memory smart card in serviceable life that improves, comprise the random buffer system of power down protection data, it is characterized in that: the random buffer system of power down protection data comprises randomizer, the power down protection control item, the power down protection control register, power down protection data buffering storage block, be specially in the random buffer system of power down protection data and be provided with the power down protection data buffering memory block of (N * (256+16+2)) byte, this memory partitioning is the control item of N 16 bytes, the power down protection piece numerical control register processed of the data buffering storage block of N piece 256 bytes and N two bytes, N control item numbered 00 of arriving in (N-1) corresponding power down protection data buffering storage block of difference and arrived (N-1) piece, N control register is used for the control parameter of storage power down protection system, each control register is deposited in an execution process instruction all need to carry out the data block number that power down protection recovers, and height two bytes equate, No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form, the byte number of source address and destination address determines according to intelligent card data memory addressing space size, and source address records corresponding buffer-stored piece and number obtains through address translation, and destination address storage power down protection data are written to the first address in data-carrier store, the data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection, when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block,

article one, in the command execution process when needs carry out power-down data protection, obtain a random number between 0 to N-1 by randomizer and modulo operation, choose the power down protection data buffering storage block and the corresponding power down protection control item that meet the demands, the data that will be written to the target data memory block are first written to power down protection data buffering storage block, to should data address in the target data memory block be destination address, the physical address of this buffer-stored piece is as source address, the data length that needs protection, the state of current power down protection, update mode, duty and CRC code are written to corresponding control item, needs data cut-off protection process of being written to the internal object data storage area is completed,

If there are a plurality of data blocks need to be written in data-carrier store in the command execution process, repeat and select control item and data buffering storage block, the data that need protection are written to power down protection data buffering storage block, organize the relevant control parameter and are written to corresponding control item; Last random select one 0 will complete to the control register between (N-1) the data buffering storage block number that power-down data protection operates and be written in the control register of choosing;

again power up after power down, smart card reinserts read write line or carry out next command before, at first whether COS check the CRC code that is in the normal operating conditions control item correct, whether whether the parameter of N control register be 0 or be not to equate in 0 o'clock, if CRC is incorrect, parameter be 0 or be not 0 o'clock unequal, do not carry out any data restore operation, if when satisfying controlled condition data needs power loss recovery being arranged, travel through all power down protection control items, the data buffering storage block number that statistics needs the power down protection data to recover, and be stored in the power loss recovery data block number of controlling in depositing and compare, if both are unequal, need to carry out power loss recovery without data block, if both equate, from first control item, determine according to guard mode whether the corresponding data of this control item are written in the data storage area, if having data need to carry out power down protection, this control item guard mode indication recovers, according to existing source address, destination address and data length in the power down protection control item, in the destination data memory block of appointment, guard mode is rewritten as the protection completion status simultaneously with the data copy in power down protection data buffering storage block, after completing successively the recovery of all power down protection data, to be correlated with power down protection control item and control register carries out initialization before power down protection, so far before carrying out a new instruction, completed the power-down protection in the execution process instruction of front, in order to guarantee that power down protection data buffering storage area data writes the correctness with read operation, at every turn to control item, when carrying out read-write operation, control register and power down protection data buffering storage block all carry out corresponding memory read/write function verifying correctness, after if the read-write operation mistake being detected, the duty in corresponding control item is arranged to error condition, forbid control item, control register participates in power down protection work with corresponding power down protection data buffering storage block.

The invention has the beneficial effects as follows: by a plurality of power down protection data buffering storage blocks and control item and control register are set, and select at random a certain power down protection data buffering storage block, control item and control register to realize power-down protection, make each power down protection data buffering deposit storage block identical with the control item frequency of utilization, effectively improved the serviceable life of power down protection memory buffer, and the piece number that the power down protection Data Buffer Memory is set was directly proportional to its serviceable life, approximated (N-1) doubly; After power down protection Data Buffer Memory piece and the inefficacy of corresponding control item memory function; this control item and data buffering storage block are set to error flag; stop this control item and data buffering storage block and participate in power down protection; do not affect the normal operation of other control item and data buffering storage block power-down protection, effectively strengthened the fault-tolerance of power down protection Data Buffer Memory.Wait guard mode by power down protection data buffering storage block is set, four kinds of guard modes such as guard mode, protection completion status and protection ready state and power down protection system are controlled the corresponding relation of parameter, solved one or more data or enter simultaneously guard mode of needing protection in the command execution process, data all copy respectively each specific data memory block to when recovering; One can not or partly enter guard mode; but do not carry out the problem of any data restore operation; guarantee integrality, availability and the consistance of power down protection data; this programme provides practicable solution to the serviceable life that extends smart card, the reliability that strengthens fault-tolerance and power down protection data, and pay with low cost.This scheme can adapt to any type of intelligent card chip, has good hardware system universality.

Description of drawings

Fig. 1 is power down protection control item data structure of the present invention and control register schematic diagram.

Fig. 2 is power down protection state transfer flow of the present invention.

Fig. 3 is power down protection fundamental diagram of the present invention.

Fig. 4 is power down protection data buffering Stored Procedure figure of the present invention.

Fig. 5 is power down protection Data Recovery Process figure of the present invention.

Embodiment

A kind of power down protection Data Buffer Memory method in serviceable life that improves, the method comprises the random buffer system of power down protection data, power down protection data buffering storage means and power down protection data reconstruction method.

The random buffer system of described power down protection data comprises randomizer, power down protection control item, power down protection data buffering storage block and power down protection control register, is specially:

The power down protection data buffering memory block of (N * (256+16+2)) byte is set, and this memory partitioning is the control item of N 16 bytes, the data buffering storage block of N piece 256 bytes and the power down protection piece numerical control register processed of N two bytes; N control item numbering 0 arrives (N-1) piece to (N-1) and respectively corresponding power down protection data buffering storage block 0, N control register is used for the control parameter of storage power down protection system, each control register is deposited in an execution process instruction all need to carry out the data block number that power down protection recovers, and height two bytes equate; No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form; The byte number of source address and destination address should be determined according to intelligent card data memory addressing space size; source address records the address of corresponding buffer-stored piece number after address translation; destination address storage power down protection data are written to the first address in data-carrier store; the data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection, when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block.

Described power down protection data buffering storage means is based on the above-mentioned random buffer system of power down protection data, and implementation step is:

The first step: produce one more than or equal to 0, less than or equal to the random number m between N-1;

Second step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in state working properly, if be not in normal operating conditions, repeats the first step and second step, otherwise carries out for the 3rd step;

The 3rd step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in the protection ready state, if be not in the protection ready state, repeat the first step, second step and the 3rd step, otherwise carries out for the 4th step;

The 4th step: the information that needs protection is written to m piece power down protection data buffering storage block;

The 5th step: the length of the source address in modification m control item, destination address, these power down protection data, and will protect ready state to be rewritten as the wait guard mode, update mode is arranged to effective status;

The 6th step: judge whether also have other need to carry out the information that power down protection is processed in the command execution process, to repeat for the first to the 6th step if having, otherwise carried out for the 7th step;

The 7th step: travel through No. 0 to the N-1 control item, when if in control item, update mode is effective status, to wait for that guard mode is rewritten as guard mode, calculate the CRC code of this control item, be in the data block of guard mode and count X and add 1, at last the relevant control item is written in the power down protection Data Buffer Memory;

The 8th step: produces one more than or equal to 0, less than or equal to the random number m between N-1, two byte datas that XX is formed are filled up in the control register that is numbered m, the end of power down protection process.

The performing step of described power down protection data reconstruction method is:

The first step: read the power down protection control item and check each control item of normal operating conditions CRC code whether correct, carried out for the 5th step if the CRC code is incorrect, otherwise carry out next step;

Second step: search two non-vanishing byte XX of parameter in N control register, if XX does not exist or two bytes are unequal, carried out for the 5th step, otherwise carry out next step;

The 3rd step: in the statistics control item, guard mode is the quantity M of guard mode, if M ≠ X carried out for the 5th step, otherwise carries out next step;

The 4th step: travel through all power down protection control items, the source address data copy that guard mode control item is indicated is to the indicated data-carrier store of destination address, its copy length is determined by data length parameter in the power down protection control item, after data copy is completed, the guard mode in this control item is revised as the protection completion status;

The 5th step: travel through all power down protection control items, if this control item CRC code mistake or guard mode are that non-protection ready state or update mode are effective status, guard mode is rewritten as the protection ready state, update mode is set to disarmed state, calculate the CRC code of this control item, at last the relevant control item is written in corresponding power down protection data buffering memory block;

The 6th step: be not that 0 byte exists if having in N control register, corresponding control in depositing is not 0 byte zero clearing, and is written in smart card power down protection data buffering memory block the end of power down protection data recovery procedure.

A kind of power down protection Data Buffer Memory smart card in serviceable life that improves, this smart card operating system is realized power down protection function of smart card based on above-mentioned ultimate principle, thereby effectively improves the serviceable life of smart card.

The invention discloses a kind of the use and improve the power down protection Data Buffer Memory smart card in serviceable life, the power down protection scheme in this smart card comprises power down protection Data Buffer Memory system, power down protection data buffering storage means and the power down protection data reconstruction method three basic part of random selection.Method for power fail safeguard of data of the present invention is applied in smart card operating system; have extremely widely in China and use; in the embedded OSs such as bank IC card, social security card, SIM card, Citizen Card Item, I.D., residents ' health card, USBKey, it is one of function indispensable in smart card operating system.

1, power down protection is controlled parameter and buffer memory structure

As shown in Figure 1, No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form.The byte number of source address and destination address should be determined according to intelligent card data memory addressing space size; source address records the address of corresponding data buffering storage block number after address translation, and destination address storage power down protection data are written to the first address in data-carrier store.Control register is deposited in an execution process instruction all need to carry out the data block number that power down protection recovers, and height two bytes equate.No. 0 to (N-1) number control item corresponding 0 to (N-1) piece power down protection data buffering storage block; the data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection; when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block, and its mutual relationship as shown in Figure 3.Guard mode is divided into the protection ready state, waits for guard mode, four kinds of guard mode and protection completion statuses; as shown in Figure 2; the protection ready state represents that control item and the indicated power down protection data buffering storage block of control item are in ready state, can receive the data that need to carry out power down protection.Wait for that guard mode represents that control item and the indicated power down protection data buffering storage block of control item have write relevant information, but whether the data of preserving in power down protection data buffering storage block are written to data-carrier store also need to determine according to the continuation implementation of order.After guard mode has represented that the data that need protection in command execution all are written to power down protection data buffering storage block, will be etc. that state to be protected is rewritten as guard mode in control item.The protection completion status represents that control item is that the indicated data of guard mode have been written to the destination data storer; and guard mode has been rewritten as the protection completion status; after all data that need protection all are written to data-carrier store; the protection completion status is rewritten as the protection ready state, prepares to receive new power down protection data.Any state in four kinds of guard modes can directly be transferred to the protection ready state; but the transfer of other states must be carried out state conversion according to the order of " protection ready state → waits guard mode → guard mode → protection completion status → protection ready state "; with the data guaranteeing not need protection in the same time in the command execution process or all be written in data-carrier store; data do not allow to be written in data-carrier store yet, thereby guarantee integrality and the consistance of storage data in the intelligent card data storer.Update mode is used for the power down protection process and determines whether control item writes the power down protection Data Buffer Memory, carries out the corresponding control item operation that writes when this state is effective, and when this state is invalid, corresponding control item is forbidden writing.Duty is used for controlling the data buffering storage block and whether corresponding control item participates in data cut-off protection work, and when the duty work was normal, corresponding control item and data buffering storage block participated in power down protection work, otherwise forbids that it participates in data cut-off protection work.It is standby when the reserve bytes standby function further improves.The CRC code is the school test code of front 14 bytes in control item, the correctness when guaranteeing to read and write each parameter of control item.All parameters in control item are foundations that the power down protection program is carried out, and only have the normal realization of the correct guarantee power-down protection of each parameter in control item.

during power down protection, randomizer produces a random number, obtain any one piece number in power down protection memory buffer piece number by modulo operation, and corresponding unique power down protection control item, the probability of use of each power down protection control item and power down protection data buffering storage block is equated, thereby improve the serviceable life of power down protection Data Buffer Memory, if N is power down protection Data Buffer Memory piece number, when the value of N is larger, the serviceable life of power down protection Data Buffer Memory is longer, its life-span approximate use a power down protection Data Buffer Memory (N-1) doubly.The value of N is grasped according to the space of data-carrier store in smart card and the flexible in size of application of IC cards data; general value principle is on the basis of satisfying application of IC cards data space needs; the value of N is the bigger the better, and the serviceable life of its smart card power down protection Data Buffer Memory is also longer.

2, the realization of random power down protection data buffering storage means

As shown in Figure 4, before command execution, power down protection system is in the protection ready state, and when needing to carry out data cut-off protection in the command execution process, COS power down protection program is carried out following flow process:

The first step: produce one more than or equal to 0, less than or equal to the random number m between N-1;

Second step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in state working properly, if be not in normal operating conditions, repeats the first step and second step, otherwise carries out for the 3rd step;

The 3rd step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in the protection ready state, if be not in the protection ready state, repeat the first step, second step and the 3rd step, otherwise carries out for the 4th step;

The 4th step: the information that needs protection is written to m piece power down protection data buffering storage block;

The 5th step: the length of the source address in modification m control item, destination address, these power down protection data, and will protect ready state to be rewritten as the wait guard mode, update mode is arranged to effective status;

The 6th step: judge whether also have other need to carry out the information that power down protection is processed in the command execution process, to repeat for the first to the 6th step if having, otherwise carried out for the 7th step;

The 7th step: travel through No. 0 to the N-1 control item, when if in control item, update mode is effective status, to wait for that guard mode is rewritten as guard mode, calculate the CRC code of this control item, be in the data block of guard mode and count X and add 1, at last the relevant control item is written in the power down protection Data Buffer Memory;

The 8th step: produces one more than or equal to 0, less than or equal to the random number m between N-1, two byte datas that XX is formed are filled up in the control register that is numbered m, the end of power down protection process.

In the data cut-off protection process, owing to pulling out suddenly the unscheduled events such as card or power down when occuring, following several situation may appear:

The first: instruction is not complete; partial data has write in the power down protection Data Buffer Memory; because the power down protection control item does not write in smart card power down protection Data Buffer Memory; can not recover the data in writing the power down protection Data Buffer Memory when carrying out the recovery of power down protection data, therefore keep the data in the front intelligent card data storer of command execution constant.

The second: instruction is complete when carrying out power down protection work; the data that partly or entirely need protection have write in the power down protection Data Buffer Memory, carry out power down protection control item and control register when writing smart card power down protection Data Buffer Memory unexpected termination of system carry out.Because writing smart card power down protection Data Buffer Memory, power down protection control item or control register do not complete; carrying out power down protection data CRC code mistake due to control item when recovering; perhaps N control register be all 0 or control register height two bytes unequal; perhaps statistics need piece number that the power down protection data are recovered to be not equal to the piece that records in control register to count the time; can not recover the data that write in the power down protection Data Buffer Memory, therefore keep the data in the front intelligent card data storer of command execution constant.

the third: during the complete power down protection work of instruction, the data that all need protection and power down protection control item have write in the power down protection Data Buffer Memory, when relevant completion status code is returned in instruction, unexpected termination of system do not carried out, due to the data block that needs protection, power down protection control item and control register correctly have been written in smart card power down protection Data Buffer Memory, can recover the data in writing the power down protection Data Buffer Memory when carrying out the recovery of power down protection data, therefore the data after the power down protection data are recovered in smart card correctly are updated to the result after command execution is completed.

In sum, no matter unexpected when stopping command execution in which kind of situation, power down protection data buffering storage operation can not affect the buffer-stored of data in the command execution process and recover with correct.

3, the realization of random power down protection data reconstruction method:

As shown in Figure 5; before smart card inserts read write line or smart card system and again powers up or carry out a new order; at first COS power down protection program carries out the power down protection Data Recovery Process; just begin to wait for or carry out new instruction after the power down protection Data Recovery Process is complete, random power down protection Data Recovery Process is as follows:

The first step: read the power down protection control item and check each control item of normal operating conditions CRC code whether correct, carried out for the 5th step if the CRC code is incorrect, otherwise carry out next step;

Second step: search two non-vanishing byte XX of parameter in N control register, if XX does not exist or two bytes are unequal, carried out for the 5th step, otherwise carry out next step;

The 3rd step: in the statistics control item, guard mode is the quantity M of guard mode, if M ≠ X carried out for the 5th step, otherwise carries out next step;

The 4th step: travel through all power down protection control items, the source address data copy that guard mode control item is indicated is to the indicated data-carrier store of destination address, its copy length is determined by data length parameter in the power down protection control item, after data copy is completed, the guard mode in this control item is revised as the protection completion status;

The 5th step: travel through all power down protection control items, if this control item CRC code mistake or guard mode are that non-protection ready state or update mode are effective status, guard mode is rewritten as the protection ready state, update mode is set to disarmed state, calculate the CRC code of this control item, at last the relevant control item is written in corresponding power down protection data buffering memory block;

The 6th step: be not 0 byte existence if having in N control register; it is not 0 byte zero clearing in this control register; and after revising, control register is written in smart card power down protection data buffering memory block together, and the power down protection data recovery procedure finishes.

In the power down protection data recovery procedure, owing to pulling out suddenly the unscheduled events such as card or power down when occuring, following several situation may appear:

The first: part needs data that power down protection recovers correctly to recover or part is recovered and unexpected when stopping the recovery of power down protection data; because the control item parameter that is stored in the intelligent card data memory buffer is not modified; therefore can restart the power down protection data when again power up next time recovers; the data that just will recover cover again, do not affect integrality and the consistance of normally completing and recover data that the power down protection data are recovered.

The second: need data full recovery that power down protection recovers to complete and unexpected when stopping the power down protection data and recovering; because the control item parameter that is stored in the intelligent card data memory buffer is not modified; therefore can restart the power down protection data when again power up next time recovers; just the data with full recovery cover again, do not affect integrality and the consistance of normally completing and recover data that the power down protection data are recovered.

The third: the data full recovery that needs power down protection to recover is completed; write the power down protection control item and unexpected when stopping the power down protection data and recovering; because the control item parameter that is stored in the intelligent card data buffer-stored is modified; therefore when again powering up the recovery of beginning power down protection data next time; stop the power down protection data recovers because power down protection control item parameter is incorrect; directly power down protection control item parameter is carried out initialization; the data full recovery that needs power down protection to recover is completed, therefore do not affect the correctness that the power down protection data are recovered.

In sum, no matter in which kind of situation, the power down protection process is unexpected when stopping, and can not affect the correct execution of power down protection data recovery function, so the power down protection data recovery procedure is safe and reliable.

A kind of power down protection Data Buffer Memory smart card in serviceable life that improves, the operating system of this smart card realizes the power-down protection of smart card based on above-mentioned ultimate principle, thereby effectively improves serviceable life and the fault-tolerance of smart card.

Claims (2)

1. one kind is improved the power down protection Data Buffer Memory method in serviceable life, it is characterized in that: the method comprises the random buffer system of model power down protection data, then formulates power down protection data buffering storage means and power down protection data reconstruction method on the random buffer system of power down protection data;

The random buffer system of described power down protection data comprises randomizer, power down protection control item, power down protection control register, power down protection data buffering storage block, be specially: the power down protection data buffering memory block of (N * (256+16+2)) byte is set, and this memory partitioning is the control item of N 16 bytes, the data buffering storage block of N piece 256 bytes and the power down protection piece numerical control register processed of N two bytes; N control item numbering from 0 to (N-1) and respectively 0 of corresponding power down protection data buffering storage block to (N-1) piece; N control register is used for the control parameter of storage power down protection system, and each control register deposits that in an execution process instruction, all need to carry out the data block number that power down protection recovers, and height two bytes equate; No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form; The byte number of source address and destination address is determined according to intelligent card data memory addressing space size, source address records the address of corresponding data buffering storage block number after address translation, and destination address memory protection data are written to the first address in data-carrier store; The data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection, when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block;

Described power down protection data buffering storage means is based on the random buffer system of described power down protection data, and implementation step is:

The first step: produce one more than or equal to 0, less than or equal to the random number m between N-1;

Second step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in state working properly, if be not in normal operating conditions, repeats the first step and second step, otherwise carries out for the 3rd step;

The 3rd step: judge that whether m control item corresponding to m piece power down protection data buffering storage block is in the protection ready state, if be not in the protection ready state, repeat the first step, second step and the 3rd step, otherwise carries out for the 4th step;

The 4th step: the information that needs protection is written to m piece power down protection data buffering storage block;

The 5th step: the length of the source address in modification m control item, destination address, these power down protection data, and will protect ready state to be rewritten as the wait guard mode, update mode is arranged to effective status;

The 6th step: judge whether also have other need to carry out the information that power down protection is processed in the command execution process, to repeat for the first to the 6th step if having, otherwise carried out for the 7th step;

The 7th step: travel through No. 0 to the N-1 control item, when if in control item, update mode is effective status, to wait for that guard mode is rewritten as guard mode, calculate the CRC code of this control item, be in the data buffering storage block of guard mode and count X and add 1, at last the relevant control item is written in the power down protection Data Buffer Memory;

The 8th step: produces one more than or equal to 0, less than or equal to the random number m between N-1, two byte datas that XX is formed are filled up in the m control register, the end of power down protection process;

The performing step of described power down protection data reconstruction method is:

The first step: read the power down protection control item and check each control item of normal operating conditions CRC code whether correct, carried out for the 5th step if the CRC code is incorrect, otherwise carry out next step;

Second step: search two non-vanishing byte XX of parameter in control register, if XX does not exist or two bytes are unequal, carried out for the 5th step, otherwise carry out next step;

The 3rd step: in the statistics control item, guard mode is the quantity M of guard mode, if M ≠ X carried out for the 5th step, otherwise carries out next step;

The 4th step: travel through all power down protection control items, the source address data copy that guard mode control item is indicated is to the indicated data-carrier store of destination address, its copy length is determined by data length parameter in the power down protection control item, after data copy is completed, the guard mode in this control item is revised as the protection completion status;

The 5th step: travel through all power down protection control items, if this control item CRC code mistake or guard mode are that non-protection ready state or update mode are effective status, guard mode is rewritten as the protection ready state, update mode is set to disarmed state, calculate the CRC code of this control item, at last the relevant control item is written in corresponding power down protection data buffering memory block;

The 6th step: not being that 0 byte exists if having in control register, is not 0 byte zero clearing in this control register, and is written in smart card power down protection data buffering memory block, and the power down protection data recovery procedure finishes.

2. one kind is improved the power down protection Data Buffer Memory smart card in serviceable life, comprise the random buffer system of power down protection data, it is characterized in that: the random buffer system of power down protection data comprises randomizer, the power down protection control item, the power down protection control register, power down protection data buffering storage block, be specially in the random buffer system of power down protection data and be provided with the power down protection data buffering memory block of (N * (256+16+2)) byte, this memory partitioning is the control item of N 16 bytes, the power down protection piece numerical control register processed of the data buffering storage block of N piece 256 bytes and N two bytes, N control item numbered 00 of arriving in (N-1) corresponding power down protection data buffering storage block of difference and arrived (N-1) piece, N control register is used for the control parameter of storage power down protection system, each control register is deposited in an execution process instruction all need to carry out the data block number that power down protection recovers, and height two bytes equate, No. 0 to (N-1) number control item by data length, 1 byte guard mode, 1 byte update mode, 1 byte duty, 1 byte reserved word and the 2 byte CRC codes of 4 byte power down protection memory buffer source addresses, 4 byte data storer destination addresses, 2 these protections of byte totally 16 bytes form, the byte number of source address and destination address determines according to intelligent card data memory addressing space size, and source address records corresponding buffer-stored piece and number obtains through address translation, and destination address storage power down protection data are written to the first address in data-carrier store, the data length of this power down protection is indicated the data length that is written to power down protection data buffering storage block when power down protection, when the power down protection data are recovered, indication copies data length data-carrier store to from power down protection data buffering storage block,

article one, in the command execution process when needs carry out power-down data protection, obtain a random number between 0 to N-1 by randomizer and modulo operation, choose the power down protection data buffering storage block and the corresponding power down protection control item that meet the demands, the data that will be written to the target data memory block are first written to power down protection data buffering storage block, to should data address in the target data memory block be destination address, the physical address of this buffer-stored piece is as source address, the data length that needs protection, the state of current power down protection, update mode, duty and CRC code are written to corresponding control item, needs data cut-off protection process of being written to the internal object data storage area is completed,

If there are a plurality of data blocks need to be written in data-carrier store in the command execution process, repeat and select control item and data buffering storage block, the data that need protection are written to power down protection data buffering storage block, organize the relevant control parameter and are written to corresponding control item; Last random select one 0 will complete to the control register between (N-1) the data buffering storage block number that power-down data protection operates and be written in the control register of choosing;

again power up after power down, smart card reinserts read write line or carry out next command before, at first whether COS check the CRC code that is in the normal operating conditions control item correct, whether whether the parameter of N control register be 0 or be not to equate in 0 o'clock, if CRC is incorrect, parameter be 0 or be not 0 o'clock unequal, do not carry out any data restore operation, if when satisfying controlled condition data needs power loss recovery being arranged, travel through all power down protection control items, the data buffering storage block number that statistics needs the power down protection data to recover, and be stored in the power loss recovery data block number of controlling in depositing and compare, if both are unequal, need to carry out power loss recovery without data block, if both equate, from first control item, determine according to guard mode whether the corresponding data of this control item are written in the data storage area, if having data need to carry out power down protection, this control item guard mode indication recovers, according to existing source address, destination address and data length in the power down protection control item, in the destination data memory block of appointment, guard mode is rewritten as the protection completion status simultaneously with the data copy in power down protection data buffering storage block, after completing successively the recovery of all power down protection data, to be correlated with power down protection control item and control register carries out initialization before power down protection, so far before carrying out a new instruction, completed the power-down protection in the execution process instruction of front, in order to guarantee that power down protection data buffering storage area data writes the correctness with read operation, at every turn to control item, when carrying out read-write operation, control register and power down protection data buffering storage block all carry out corresponding memory read/write function verifying correctness, after if the read-write operation mistake being detected, the duty in corresponding control item is arranged to error condition, forbid control item, control register participates in power down protection work with corresponding power down protection data buffering storage block.

Images