CN101039318A - Individual safety token for at least two safe environments and different access conditions - Google Patents
Individual safety token for at least two safe environments and different access conditions Download PDFInfo
- Publication number
- CN101039318A CN101039318A CN 200610092726 CN200610092726A CN101039318A CN 101039318 A CN101039318 A CN 101039318A CN 200610092726 CN200610092726 CN 200610092726 CN 200610092726 A CN200610092726 A CN 200610092726A CN 101039318 A CN101039318 A CN 101039318A
- Authority
- CN
- China
- Prior art keywords
- token
- tabulation
- acl
- under
- security context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a personal security token (10) used in a mobile communication terminal (20), which includes a memorizer and a processor, wherein the memorizer stores content documents (11), an access condition list (ACL) of these content documents (11) in a first security environment and an access condition list (ACL) of these content documents (11) in a second security environment, the two access condition lists (ACL) are memorized in a certain document (12) which is divided as records. The personal security token (10) is characterized in that: the two access condition lists (ACL) are memorized in a same record (13) of the certain document (12), the personal security token (10) stores and runs a program used for recognizing that an activation of the personal security token (10) is under the first security environment or the second security environment, and reading the corresponding access condition list of the current security document.
Description
Technical field
The present invention relates to individual safety token (token), it is used for the terminal use that this token is carried in authentication when the visit mobile telecom network.
Background technology
Usually this type of known device is a SIM card, but it can be the cipher key token of USB type also, has the large-capacity memory card of security credence, and carries the token of some necessary voucher with any other kind of permission accesses network.
Typically, these tokens meet international standard ISO7816.
This individual safety token is stored one group of file, and each file division is a series of records.
Each given file is mainly protected by a group access condition specifically relevant with this document to read or write forbidding.
(access consideration tabulation) is stored this group access condition as ACL, and this tabulation is specifically relevant with this document.
When described file uses under a plurality of environment such as 2G (second generation) environment or 3G (third generation) environment, according to ISO7816, its ACL under each environment is saved and is a corresponding record in the specific file, and this document is EFARR file (being meant ISO7816-9).Record is the basic segmentation of file.Typically, each record has the TLV form, that is, and and mark-length-value (Tag-Length-Value) form.Therefore, the EFARR file comprises at the record of 2G ACL with at the record of 3G ACL.
Typically, according to 2G standard or 3G standard, ACL does not encode in an identical manner.For example, some file both can be by the 2G command access of APDU type, also can be by the 3G command access of APDU type.APDU---Application Protocol Data Unit---is the communication unit between card reader and the card.The structure of APDU has description in the ISO7816 standard.Therefore, these files have two ACL, and each ACL is corresponding to one of two kinds of security context 2G or 3G.
These two ACL are corresponding to two different records among the EFarr.Therefore, when visit EFarr in 2G environment or 3G environment, can find the record that some are unnecessary therein.
If ACL or its part are sent to portable terminal, then the 3G portable terminal can be found some non-type records in EFarr, and this can cause quality problems.
Summary of the invention
Purpose of the present invention will address the above problem exactly, that is, under the particular safety environment, have only the ACL with the current safety environmental correclation just can get.Preferably, described scheme should support to meet all portable terminals of ISO7816.
Described purpose is by obtaining as the invention of describing in the claims.
Description of drawings
Other purpose of the present invention, benefit and aspect by following description as can be seen, it is made according to additional unique accompanying drawing 1, described Fig. 1 has illustrated treatment in accordance with the present invention.
Embodiment
In the 3G standard standard, the access list condition of visiting each file is stored in the record of the specific file that is called EFarr.Indication is encoded into TLV form (mark lengths value-value is data, and length is the length of data, the type of label coding data) with the access list condition which kind of identity is which kind of privilege be endowed.The ACL form of describing among the ISO7816-9 is made of the TLV that comprises other TLV.
The EFarr file is the file that is made of record.That is, the data that are included in this document are divided into record, and these records are from start to finish numbered.
According to the 3G standard, a record of EFarr file comprises an ACL, and they can be corresponding to many files.When selecting file to conduct interviews,, can return the data of some relevant its contents by card in case selected this file.These data have comprised the numbering of record of the ACL of this file.
The 2G standard does not define the mode of ACL that acquisition will be visited the file of its content.Undefined EFarr in the 2G standard.But the 3G standard allows some EFarr records that indicate mark, and this means: this record has proprietary form.According to the 3G standard, these records are allowed to and should be abandoned by the mobile terminal.
Below, will use " channel (channel) " speech, its meaning is: described card this card of identification of having the ability is to be associated with 2G or 3G portable terminal, that is, terminal is to realize the row communication that sticks under (that is channel) with 2G or 3G." 2G channel " is meant and selected the 2G application.
This area is well-known, and APDU is the elementary instruction at the standardized instruction common group of IC-card.
In fact, the APDU that is used for access file is 2G APDU, and it can be understood from the rank of APDU, that is, and and the A0 shown in its header.The rank of 3G APDU equals 0x, and wherein x is a logic channel.
" channel " is actually by differentiating the data (that is the SE id in the memorandum) that transfer in the APDU in the card the simple identification to the security context (2G or 3G) of current use.
It is 2G request or 3G request that the operating system of generic card 10 is programmed with the identification request.Therefore, in typical OS, programmed and be used to discern mechanism as the security context on the basis of request.In fact, according to standard criterion, be 2G or the fact of 3G APDU and different from the data based APDU of the card 10 that receives 2G " selection " APDU or 3G " selection " APDU.
For this purpose, operating system is sought it and whether is comprised the rank data of " AO " or " Ox " in the header of the APDU 15 that is sent by portable terminal 20.
In other words, card 10 storages and the operation request that can easily discern access file is 2G or 3G requested operation system.
" channel " but-it causes the detection technique difference of any other type in the message of visit to this or this type ACL-can be and card 10 exchanges, that is, and the current use of any reflection be 2G or the technological disparity of 3G.
In by the optional example the rank byte (A0 or 0x), current security context can be identified by selecting application instruction.In this case, if the rank of instruction is A0, it is under the 2G environment that operating system identifies it, because undefined " selecting to use " 2G instruction.If instruction-level is 0x, then operating system can use ' selecting to use ' APDU (definition in 102.221) to select " 2G application ", in this case, although the APDU rank is the 0x that is used for the read record instruction, program can think that it is to be under the 2G security context.
If instruction-level is 0x, the short of selection of carrying out the 2G application is used, and operating system just thinks that it is in the 3G security context.
According to the selection that realizes, be used for determining program is currently located at the algorithm complexity or can change more which SEI under.
Any entity, for example terminal use or remote server or portable terminal can attempt visiting the file of this card.
Suppose that portable terminal attempts access file 11.
The following file that carries out is selected.Portable terminal 20 at first sends the apdu instruction 15 as " select File ".The APDU instruction comprises APDU header and file ID.If operate successfully (OK), then stick into row and reply, and the quantity of the information byte that will provide finally is provided to portable terminal 20.
Then, portable terminal 20 sends " meeting with a response " APDU instruction 16.This instruction also comprises the APDU header.Blocking 10 pairs of data replys.
In the 2G standard, specific form is arranged for the data of replying.In the 3G standard, form is different, and meets 7816-9, and these data are called as FCP.
Therefore, the operating system of card must be taken out these data, is simplified illustration, after this these data is called the FCP data.
Some ACL information corresponding to FCP data and indication ACL present position is stored in the file self that comprises the FCP data, and its information has following TLV form:
8B+04+EFARR_FILEID+SEID+RecordNO
EFARR_FILEID is the title of employed EFARR file 12, and this document has wherein been stored the ACL of the file 11 that comprises the FCP data with two byte codes.
SEID is current security context, and it is coded on the byte.When the operating system of card read these information, operating system knew that security context is 2G or 3G, and this is that when first APDU was received in clamping, SEID was determined because after powering on.
Record NO is the numbering of record 13, and it has comprised the ACL of current file 11 (that is the file that, has comprised the FCP data).
Have following content with the record of this record number sign according to the TLV form:
SEID 1; Length; ACL under the SEID 1; SEID 2; Length; ACL under the SEID2
In EFARR file 12, can not specify SEID (security context identifier).But can find two class forms: have the proprietary format of mark 9C, referring to the 11st page of 7816-9, the 8.5.2 part perhaps has the 7816-9 form of mark 80.In this case, if the rank of " read record " APDU instruction is A0, operating system reads the ACL of proprietary format (9C) so.Otherwise operating system reads the ACL of 7816-9 form.
Like this, operating system turns to the tram in the record.
In case identify the position of the record 13 of storage ACL, operating system must check whether ACL allows request entity access file 11.This request entity can be the terminal use of visit telephone directory file or PIN (Personal Identification Number) file, can be the remote server that visit is provided with file, perhaps can be the portable terminal as for example other necessary file of terminal/cartoon letters of visit in this example.
For this purpose, operating system is compared the reading of content of access consideration tabulation with a side's of the described content file of request visit attribute, to permit or to refuse the visit of a described side to this content file.
When OS obtained comprising the record of ACL, it only was ACL under the current safety environment that OS is programmed with the data that read.Under some situation, for example when ACL needed portable terminal 20 to require other voucher Tathagata self terminal user's PIN code or password, OS then sent the content of ACL to portable terminal.
Under these situations, OS sends the size (length) of record and only corresponding to some record data (value) of the record of current safety environment.Therefore,, an available ACL is only arranged, can't obtain other ACL under what its security context in office in portable terminal 20 these sides.
The several A CL of the file 11 under different security contexts is stored in the record 13 of EFARR 12, but under given security context, has only an ACL to be read by OS.
Like this, identical record number is used to store and several ACL that file is relevant.Have only when by a channel (mainly being 2G channel or 3G channel) when reading the EFarr file, the data that read hereof are different (mainly being 2G form or 3G form).
Present embodiment provides more fail safe for card, therefore makes product more competitive.
It meets ISO 7816 and need not to revise portable terminal.
Additional benefit of the present invention is to have avoided the 3G portable terminal to read some 2G records that it can't be understood.According to the 3G standard, even these 2G records comprise making the 3G portable terminal ignore their specific markers, when running into this record, some portable terminal may have some faults, therefore they only refuse this card when running into this content.
Claims (6)
1. individual safety token (10) that is used for mobile telecommunication terminal (20), described individual safety token (10) comprises memory and processor, described memory stores content file (11), the access consideration tabulation (ACL) of this document (11) under first security context, and the access consideration tabulation (ACL) of this document (11) under second security context, described two access considerations tabulation all is stored in the given file (12), this given file is split into record, it is characterized in that: access consideration tabulation (ACL) under first security context and the access consideration tabulation (ACL) under second security context are stored in the identical recordings (13) of described given file (12), a program is stored and moved to described token (10), it is to be activated under first security context or under second security context that this program is used to discern this token (10) current, and only reads and the corresponding access consideration tabulation of current safety environment.
2. according to the individual safety token of claim 1, it is characterized in that: being used to discern this token (10) current is to be the operating system of individual safety token (10) in the program that is activated under first security context or under second security context and only read with the corresponding access consideration tabulation of current safety environment, described operating system is compared the reading of content of access consideration tabulation with a side's (20) of the described content file of request visit attribute, to permit or to refuse the visit of a described side (20) to described content file.
3. according to the individual token of claim 1 or 2, it is characterized in that: this operating system only sends the data of access consideration tabulation to mobile telecommunication terminal (20) according to the current safety environment.
4. according to the individual token of aforementioned any one claim, it is characterized in that: the record (13) of storing these two access consideration tabulations comprises at least two corresponding parts, and each part has TLV-mark lengths value-configuration.
5. according to the individual token of aforementioned any one claim, it is characterized in that: this operating system is programmed with the header content identification current safety environment based on the APDU instruction (15,16) that receives from portable terminal (20).
6. method that is used to visit the file of individual safety token (10), wherein, token (10) is accommodated in the mobile telecommunication terminal (20), said method comprising the steps of: file (11) access consideration tabulation (ACL) under second security context in the tabulation of the access consideration under first security context (ACL) and this document (11) is provided, it all is stored in the individual safety token (10), described two access considerations tabulation all is stored in the given file (12) that is divided into record, described method is characterised in that: access consideration tabulation (ACL) under first security context and the access consideration tabulation (ACL) under second security context are stored in the identical recordings (13) of described given file (12), and said method comprising the steps of: discerning this token (10) current by described token (10) is to be activated under first security context or under second security context, and only reads and the corresponding access consideration tabulation of current safety environment.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610092726 CN101039318A (en) | 2006-03-17 | 2006-03-17 | Individual safety token for at least two safe environments and different access conditions |
| PCT/IB2007/000626 WO2007107829A2 (en) | 2006-03-17 | 2007-03-02 | A personal security token for at least two security environments and different access conditions thereupon |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610092726 CN101039318A (en) | 2006-03-17 | 2006-03-17 | Individual safety token for at least two safe environments and different access conditions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101039318A true CN101039318A (en) | 2007-09-19 |
Family
ID=38472940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610092726 Pending CN101039318A (en) | 2006-03-17 | 2006-03-17 | Individual safety token for at least two safe environments and different access conditions |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101039318A (en) |
| WO (1) | WO2007107829A2 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015096593A1 (en) * | 2013-12-25 | 2015-07-02 | 飞天诚信科技股份有限公司 | Method for secure execution of entrusted management command |
| WO2015117323A1 (en) * | 2014-07-16 | 2015-08-13 | 中兴通讯股份有限公司 | Method and device for achieving remote payment |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2075735A1 (en) * | 2007-12-27 | 2009-07-01 | Gemalto SA | Selection of access conditions for portable tokens |
| US8478339B2 (en) * | 2011-07-01 | 2013-07-02 | Gemalto Sa | Method for accessing at least one service and corresponding system |
| CN102999729B (en) * | 2011-09-13 | 2017-04-19 | 联想(北京)有限公司 | File management method and file management system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2820848B1 (en) * | 2001-02-13 | 2003-04-11 | Gemplus Card Int | DYNAMIC MANAGEMENT OF LIST OF ACCESS RIGHTS IN A PORTABLE ELECTRONIC OBJECT |
| WO2004091165A1 (en) * | 2003-04-11 | 2004-10-21 | Nokia Corporation | A user identification module for access to multiple communication networks |
| WO2005086000A2 (en) * | 2004-03-04 | 2005-09-15 | Axalto Sa | A secure sharing of resources between applications in independent execution environments in a retrievable token (e.g smart card) |
-
2006
- 2006-03-17 CN CN 200610092726 patent/CN101039318A/en active Pending
-
2007
- 2007-03-02 WO PCT/IB2007/000626 patent/WO2007107829A2/en active Application Filing
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015096593A1 (en) * | 2013-12-25 | 2015-07-02 | 飞天诚信科技股份有限公司 | Method for secure execution of entrusted management command |
| CN103729179B (en) * | 2013-12-25 | 2017-02-15 | 飞天诚信科技股份有限公司 | Method for securely executing entrusted management commands |
| WO2015117323A1 (en) * | 2014-07-16 | 2015-08-13 | 中兴通讯股份有限公司 | Method and device for achieving remote payment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007107829A3 (en) | 2007-12-06 |
| WO2007107829A2 (en) | 2007-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1764721B1 (en) | Apparatus and method for controlling access to an external memory | |
| US8190206B2 (en) | Dual channel smart card data storage | |
| US20100240413A1 (en) | Smart Card File System | |
| CN1113284C (en) | Electronic data processing device and system | |
| CN102073634B (en) | Smart card file system and file selection method thereof | |
| CN101039318A (en) | Individual safety token for at least two safe environments and different access conditions | |
| CN102037499A (en) | NFC mobile communication device and NFC reader | |
| CN102422256A (en) | Method for accessing a portable data storage medium with auxiliary module and portable data storage medium | |
| CN1168051C (en) | Checking of right to access | |
| CN101042723A (en) | Blood management system based on radio frequency recognizing technology and read-write equipment thereof | |
| CN101039480A (en) | Method for accessing quickly USIM card basic document of user terminal | |
| CN1235227C (en) | Portable readable and writable memory with USB interface and its data management method | |
| JP4612398B2 (en) | Verification device and verification method | |
| CN109753837B (en) | Anti-copying and anti-tampering method for IC card | |
| CN101055623A (en) | Method and device for implementing multiple operation software intelligent card chip | |
| CN112131202B (en) | Distributed file storage and reading method, terminal device and storage medium | |
| CN111913890A (en) | Non-volatile memory random read-write method based on security module | |
| CN107423804B (en) | Smart card, smart card management system and management method | |
| EP1793313A1 (en) | External memory management apparatus and external memory management method | |
| CN1321538C (en) | Short message network address communication system based on two-dimensional bar code identification technology | |
| JP4251299B2 (en) | File search apparatus, method, and program | |
| Buchmann et al. | A preliminary study on the feasibility of storing fingerprint and iris image data in 2d-barcodes | |
| JP2005011161A (en) | Ic card and ic card program | |
| CN104506390A (en) | Log storage method and device of road test system | |
| CN1507608A (en) | Verification of access compliance of subjects with objects in a data processing system wiht a security policy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |