CN115576522A - GP (GP) architecture implementation method of JAVA card and electronic equipment - Google Patents
GP (GP) architecture implementation method of JAVA card and electronic equipment Download PDFInfo
- Publication number
- CN115576522A CN115576522A CN202211101726.5A CN202211101726A CN115576522A CN 115576522 A CN115576522 A CN 115576522A CN 202211101726 A CN202211101726 A CN 202211101726A CN 115576522 A CN115576522 A CN 115576522A
- Authority
- CN
- China
- Prior art keywords
- security domain
- domain
- class
- auxiliary
- objects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/10—Requirements analysis; Specification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
- G06F8/24—Object-oriented
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a GP architecture implementation method of a JAVA card and electronic equipment. The method comprises the following steps: creating a main security domain class and an auxiliary security domain class in JAVA code; setting the main security domain class and the auxiliary security domain class to obtain a first setting result; in JAVA code, domain objects of the main security domain and the auxiliary security domain are set to obtain a second setting result; and realizing the first setting result and the second setting result in the C code of the native method. Compared with the prior art, the GP architecture implementation method of the JAVA card and the electronic equipment provided by the embodiment of the invention carry out various settings in JAVA, and implement the setting conditions in C codes of a native method; namely, the embodiment of the invention can not only reduce bug by using the object mechanism of java language, but also run GP function in native environment, thereby improving the running performance of the program and facilitating the debugging of the program.
Description
Technical Field
The invention relates to the technical field of COS (chip operating system) design of JAVA intelligent cards, in particular to a GP (GP) architecture implementation method of a JAVA card and electronic equipment.
Background
Java card is an open standard developed by Sun microsystems for smart card development platforms. A smart card created using the Java card platform has a Java applet stored thereon. Applets may also be added to the card or existing application applets may be modified on the card after issuance. They store data in an integrated microprocessor chip. The applet is then downloaded into the microprocessor's memory and run by the Java virtual machine.
The Java card has definite definitions in the aspects of downloading, deleting, personalizing, managing the life cycle of the card, and the like, which is the content of GP (Global Platform) specification. But the specification only specifies what the GP needs to do and does not show how to do, such as how to implement the security domain, how to implement the security capabilities of the security domain, and so on. Therefore, different GP architecture implementations are developed by each card vendor around the characteristics of the COS of the JAVA card.
Currently, there are two main GP architectures:
the first is the JAVA architecture, which includes command distribution, security management, and card content management, among others. These are all implemented using the JAVA language. In the pre-mask stage of the JAVA COS, all the implementations of the GP are converted into byte codes, and in the operation stage of the JAVA COS, the functions of the GP are realized by operating the JAVA byte codes.
The second is a pure Native architecture, and the functions of the GP are realized by C language. And compiling the GP function into the JAVA COS when compiling. These functions are implemented by running binary code while the JAVA COS is running.
Both of the above architectures suffer from different drawbacks:
the disadvantages of the first architecture are: the java byte code has low running speed, low efficiency and inconvenient tracking and debugging, and is inconvenient to patch when bug occurs;
the disadvantages of the second architecture are: the C language itself lacks an object mechanism, and is prone to memory buffer overflow and memory space bugs.
Disclosure of Invention
In view of the technical defects mentioned in the background art, an embodiment of the present invention is directed to providing a GP architecture implementing method for a JAVA card and an electronic device.
In order to achieve the above object, in a first aspect, an embodiment of the present invention provides a GP framework implementing method for a JAVA card, including:
creating a main security domain class and an auxiliary security domain class in JAVA code; the main security domain class and the auxiliary security domain class are both inherited from an applet class of the java card;
setting the main security domain class and the auxiliary security domain class to obtain a first setting result;
setting domain objects of the main security domain and the auxiliary security domain in the JAVA code to obtain a second setting result;
and realizing the first setting result and the second setting result in a code C of a native method.
As a specific implementation manner of the present application, the main security domain class and the auxiliary security domain class are set, specifically:
only native call relations are reserved for select () and deselect () methods in the main security domain class, and the select () and deselect () methods are specifically implemented in C codes of the native methods;
and only preserving native call relation for select () and deselect () methods in the auxiliary security domain, wherein the select () and deselect () methods are specifically realized in C codes of the native methods.
Further, as a preferred implementation manner of the present application, setting the main security domain class and the auxiliary security domain class further includes:
and adding exception capture processing to the processes of the main security domain class and the auxiliary security domain class.
As a specific implementation manner of the present application, the domain objects of the main security domain and the auxiliary security domain are set, which specifically includes:
defining a class object, wherein the class object comprises an application list entry class, a secure channel sequence counter class, a secure domain key list class and a secure domain storedata data class;
defining domain objects of a plurality of main security domains and domain objects of a plurality of auxiliary security domains; the number of the domain objects of the main security domain is not less than that of the domain objects of the auxiliary security domain, and the sequence of the domain objects of the main security domain is the same as that of the domain objects of the auxiliary security domain;
in the compiled configuration file of the JAVA code, object offset definitions of the newly added class objects and the domain objects of the auxiliary security domain are defined.
The domain objects of the main security domain comprise an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object and a security domain CGM variable;
the domain objects of the auxiliary security domain comprise an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object, a security domain CGM variable and an auxiliary security domain parameter variable.
In a second aspect, an embodiment of the present invention further provides an electronic device, including a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method according to the first aspect.
Compared with the prior art, the GP architecture implementation method of the JAVA card and the electronic equipment provided by the embodiment of the invention carry out various settings in JAVA, and implement the setting conditions in C codes of a native method; namely, the embodiment of the invention can not only reduce bugs by using the object mechanism of the java language, but also run GP functions in native environment, thereby improving the running performance of the program and facilitating the debugging of the program.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below.
Fig. 1 is a flowchart of a GP framework implementation method of a JAVA card according to an embodiment of the present invention;
FIG. 2 is an interface diagram for creating a master security domain class;
FIG. 3 is an interface diagram for setting a master security domain class;
FIGS. 4a and 4b are interface diagrams defining class objects;
FIG. 5 is an interface diagram for creating a secondary security domain class;
FIG. 6 is an interface diagram for setting up secondary security domain classes;
fig. 7 is a block diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The technical terms involved in this example are described below:
GP: global platform for global platform
Security domain: the applet with management function defined in Security Domain, GP, includes two types, one is a main Security Domain (also called Issuer Security Domain), which is a representative of a card merchant, can completely manage all card contents, and has the capability of loading, installing, and deleting applications belonging to card issuers or other application providers; the other is an auxiliary Security Domain (complementary Security Domain), which is generally an application provider Security Domain, and as an auxiliary management for the main Security Domain, only part of the card content can be managed, and Security services (including key processing, data encryption, data decryption, generation and verification of digital signatures, etc.) provided for all or part of applications on the card are provided.
The disadvantages are evident for the two prior GP structures mentioned in the background, but each has advantages. Embodiments of the present invention are directed to a third technical architecture that retains the advantages of the two existing GP architectures and minimizes the disadvantages thereof.
Referring to fig. 1, a GP architecture implementation method for a JAVA card according to an embodiment of the present invention includes:
s1, in JAVA code, a main security domain class and an auxiliary security domain class are created.
And S2, setting the main security domain class and the auxiliary security domain class to obtain a first setting result.
And S3, setting the domain objects of the main security domain and the auxiliary security domain in the JAVA code to obtain a second setting result.
And S4, realizing the first setting result and the second setting result in a C code of a native method.
The GP architecture implementation method is described in detail below with specific examples, and the specific steps are as follows:
(1) In JAVA code, a main security domain class is created, which inherits from the applet class of JAVA card. The specific interface diagram for this step is shown in fig. 2.
(2) Only native calls are reserved for methods such as select () and deselect () in the main security domain, exception capture is performed on a process () method, and specific implementation of the process () method, the exception processing content and the exception processing content, and the methods such as select () and deselect () are all in C codes of the native methods. The specific interface diagram of this step is shown in fig. 3. Abnormal Capture is represented in FIG. 3
(3) Defining an application list entry class, a secure channel sequence counter class, a secure domain key list class, a secure domain storedata data class and the like. The specific interface diagram for this step is shown in fig. 4a and 4 b.
(4) In the domain object definition of the main security domain, an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object, a security domain CGM variable, and the like are defined. The specific interface diagram of this step is shown in fig. 2.
(5) In JAVA code, a secondary security domain class is created that inherits from the applet class of javacard. The specific interface for this step is shown in fig. 5.
(6) And only native calls are reserved for methods such as select () and deselect () in the auxiliary security domain, exception capture is performed on the process () method, and specific implementation of the process () processing content and exception processing content and the methods such as select () and deselect () are all in the C code of the native method. The specific interface diagram for this step is shown in fig. 6.
(7) In the domain object definition of the auxiliary security domain, an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object, a security domain CGM variable, an auxiliary security domain parameter variable, etc. are defined. The sequence of the objects and variables defined in this step must be the same as that in step 4, and additional parameter variables and the like of the auxiliary security domain need to be placed at the end of the definition.
(8) And adding the domain object offset definition of the auxiliary security domain in the step 7 and the object offset of the class object defined in the step 3 into a compiling configuration file of java code. For example, a variable a is defined in the configuration item, and the compilation tool automatically generates an offset value (which is a constant) that is assigned to the variable a.
(9) The setting of the steps (1) - (8) is realized in the C code of the native method.
As can be known from the above description, the GP architecture implementation method for the JAVA card according to the embodiment of the present invention performs various settings in JAVA, and implements the setting conditions in the C code of a native method; namely, the embodiment of the invention can not only reduce bug by using the object mechanism of java language, but also run GP function in native environment, thereby improving the running performance of the program and facilitating the debugging of the program.
In addition, the GP architecture implementation method is described as follows:
(1) Two security domain classes, a main security domain class and an auxiliary security domain class are realized; if necessary, the domain objects of the two security domains are coincident, the auxiliary security domain can additionally add domain objects, so in a native implementation, the domain objects of the auxiliary security domain class and the main security domain class can be accessed with the same auxiliary security domain object offset.
(2) Most method implementation of the security domain is in native code, and java only reserves calling relation.
(3) The process method for the security domain uses exception capture, which enables flexible handling of exceptions in native implementations.
(4) Some class definitions are made for domain objects of the security domain, but there is no method implementation in the class definitions, and the specific access implementation is in native code.
Based on the same inventive concept, the embodiment of the invention provides electronic equipment. As shown, the electronic device may include: one or more processors 101, one or more input devices 102, one or more output devices 103, and memory 104, the processors 101, input devices 102, output devices 103, and memory 104 being interconnected via a bus 105. The memory 104 is used for storing a computer program comprising program instructions, the processor 101 is configured for invoking the program instructions to perform the steps of:
creating a main security domain class and an auxiliary security domain class in JAVA code; wherein the main security domain class and the auxiliary security domain class both inherit from an applet class of javacard;
setting the main security domain class and the auxiliary security domain class to obtain a first setting result;
setting domain objects of the main security domain and the auxiliary security domain in the JAVA code to obtain a second setting result;
and realizing the first setting result and the second setting result in a code C of a native method.
As a specific implementation manner, the processor 101 is configured to invoke the program instructions to execute the following steps:
only preserving native call relation for select () and deselect () methods in the main security domain, wherein the select () and deselect () methods are specifically realized in C codes of the native methods;
and only preserving native calling relation for select () and deselect () methods in the auxiliary security domain class, wherein the select () and deselect () methods are specifically realized in C codes of the native methods.
Further, the processor 101 is further configured to call the program instruction to perform the following steps:
and adding exception capture processing to the processes of the main security domain class and the auxiliary security domain class.
As a specific implementation manner, the processor 101 is configured to call the program instruction to perform the following steps:
defining a class object, wherein the class object comprises an application list entry class, a secure channel sequence counter class, a secure domain key list class and a secure domain storedata data class;
defining domain objects of a plurality of main security domains and domain objects of a plurality of auxiliary security domains; the number of the domain objects of the main security domain is not less than that of the domain objects of the auxiliary security domain, and the sequence of the domain objects of the main security domain is the same as that of the domain objects of the auxiliary security domain;
in the compiled configuration file of the JAVA code, object offset definitions of the newly added class objects and the domain objects of the auxiliary security domain are defined.
The domain object of the main security domain comprises an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object and a security domain CGM variable;
the domain objects of the auxiliary security domain comprise an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object, a security domain CGM variable and an auxiliary security domain parameter variable.
It should be understood that, in the embodiment of the present invention, the Processor 101 may be a Central Processing Unit (CPU), and the Processor may also be other general processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The input device 102 may include a keyboard, etc., and the output device 103 may include a display (LCD, etc.), speakers, etc.
The memory 104 may include read-only memory and random access memory, and provides instructions and data to the processor 101. A portion of the memory 104 may also include non-volatile random access memory. For example, the memory 104 may also store device type information.
In specific implementation, the processor 101, the input device 102, and the output device 103 described in the embodiments of the present invention may execute the implementation manner described in the embodiments of the GP architecture implementation method for a JAVA card provided in the embodiments of the present invention, and details are not described herein again.
It should be noted that, for a more specific workflow description of the electronic device portion, please refer to the foregoing method embodiment portion, which is not described herein again.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (7)
1. A GP architecture implementation method of a JAVA card is characterized by comprising the following steps:
creating a main security domain class and an auxiliary security domain class in JAVA code;
setting the main security domain class and the auxiliary security domain class to obtain a first setting result;
in JAVA code, domain objects of the main security domain and the auxiliary security domain are set to obtain a second setting result;
and realizing the first setting result and the second setting result in a code C of a native method.
2. The GP architecture implementation method of claim 1, wherein the primary security domain class and the secondary security domain class are each inherited from applet classes of javacard.
3. The GP architecture implementation method of claim 2, wherein the main security domain class and the auxiliary security domain class are set, specifically:
only native call relations are reserved for select () and deselect () methods in the main security domain class, and the select () and deselect () methods are specifically implemented in C codes of the native methods;
and only preserving native calling relation for select () and deselect () methods in the auxiliary security domain class, wherein the select () and deselect () methods are specifically realized in C codes of the native methods.
4. The GP architecture implementation method of claim 3, wherein setting the primary security domain class and the secondary security domain class further comprises:
and adding exception capture processing to the processes of the main security domain class and the auxiliary security domain class.
5. The GP architecture implementation method of claim 4, wherein setting the domain objects of the main security domain and the auxiliary security domain specifically includes:
defining a class object, wherein the class object comprises an application list entry class, a secure channel sequence counter class, a secure domain key list class and a secure domain storedata data class;
defining domain objects of a plurality of main security domains and domain objects of a plurality of auxiliary security domains; the number of the domain objects of the main security domain is not less than that of the domain objects of the auxiliary security domain, and the sequence of the domain objects of the main security domain is the same as that of the domain objects of the auxiliary security domain;
in the compiled configuration file of the JAVA code, object offset definitions of the newly added class objects and the domain objects of the auxiliary security domain are defined.
6. The GP architecture implementation method of claim 5, wherein the domain objects of the main security domain comprise an application list entry object, a secure channel sequence counter object, a security domain key list object, a secure channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object and a security domain CGM variable;
the domain objects of the auxiliary security domain comprise an application list entry object, a security channel sequence counter object, a security domain key list object, a security channel default key version, a security domain RAM data object, a security domain NVM data object, a security domain storedata data object, a security domain CGM variable and an auxiliary security domain parameter variable.
7. An electronic device, comprising a processor, an input device, an output device, and a memory, the processor, the input device, the output device, and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211101726.5A CN115576522A (en) | 2022-09-09 | 2022-09-09 | GP (GP) architecture implementation method of JAVA card and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211101726.5A CN115576522A (en) | 2022-09-09 | 2022-09-09 | GP (GP) architecture implementation method of JAVA card and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115576522A true CN115576522A (en) | 2023-01-06 |
Family
ID=84580358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211101726.5A Pending CN115576522A (en) | 2022-09-09 | 2022-09-09 | GP (GP) architecture implementation method of JAVA card and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115576522A (en) |
-
2022
- 2022-09-09 CN CN202211101726.5A patent/CN115576522A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6651186B1 (en) | Remote incremental program verification using API definitions | |
| US6986132B1 (en) | Remote incremental program binary compatibility verification using API definitions | |
| US9891900B2 (en) | Generation of specialized methods based on generic methods and type parameterizations | |
| US6883163B1 (en) | Populating resource-constrained devices with content verified using API definitions | |
| US6981245B1 (en) | Populating binary compatible resource-constrained devices with content verified using API definitions | |
| US6880155B2 (en) | Token-based linking | |
| KR100713740B1 (en) | Object-oriented instruction set for resource-constrained devices | |
| EP1236080A2 (en) | Language subset validation | |
| WO2018032653A1 (en) | Function implementing method and apparatus for java card application | |
| WO2024045382A1 (en) | Implementation of reflective mechanism in blockchain | |
| US6996802B2 (en) | Method and apparatus for deployment of high integrity software using initialization order and calling order constraints | |
| CN115576522A (en) | GP (GP) architecture implementation method of JAVA card and electronic equipment | |
| CN111045746A (en) | Code expansion method and framework | |
| CN115629795A (en) | Configuration method and device of executable file and electronic equipment | |
| CN115291839A (en) | Localization method of virtual method type API of JAVA card, electronic equipment and medium | |
| CA2422634A1 (en) | Populating binary compatible resource-constrained devices with content verified using api definitions | |
| CN114996128B (en) | Script processing method, device and equipment based on ASM framework and storage medium | |
| AU2001289078B2 (en) | Method for remote incremental program verification and installation on resource-constrained devices | |
| AU2001290842B2 (en) | Remote incremental program binary compatibility verification using API definitions | |
| AU2001290892B2 (en) | Method for remote incremental program verification and installation on resource-constrained devices | |
| EP1417573A2 (en) | Method for remote incremental program verification and installation on resource-constrained devices | |
| AU2001290842A1 (en) | Remote incremental program binary compatibility verification using API definitions | |
| AU2001289078A1 (en) | Method for remote incremental program verification and installation on resource-constrained devices | |
| AU2001290892A1 (en) | Method for remote incremental program verification and installation on resource-constrained devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |