CN101401113A - IC chip of supporting large size memory and method thereof - Google Patents

IC chip of supporting large size memory and method thereof Download PDF

Info

Publication number
CN101401113A
CN101401113A CNA2007800090222A CN200780009022A CN101401113A CN 101401113 A CN101401113 A CN 101401113A CN A2007800090222 A CNA2007800090222 A CN A2007800090222A CN 200780009022 A CN200780009022 A CN 200780009022A CN 101401113 A CN101401113 A CN 101401113A
Authority
CN
China
Prior art keywords
data
chip
apdu
processor
storer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007800090222A
Other languages
Chinese (zh)
Other versions
CN101401113B (en
Inventor
金勍台
罗准彩
金玟妌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KTFreetel Co Ltd
Original Assignee
KTFreetel Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020060026954A external-priority patent/KR100738032B1/en
Application filed by KTFreetel Co Ltd filed Critical KTFreetel Co Ltd
Priority claimed from PCT/KR2007/001295 external-priority patent/WO2007105926A1/en
Publication of CN101401113A publication Critical patent/CN101401113A/en
Application granted granted Critical
Publication of CN101401113B publication Critical patent/CN101401113B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0013Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention is related to an IC chip, more specifically to an IC chip supporting a large capacity memory. According to an embodiment of the present invention, there is provided an IC chip including a command line, transmitting a command; a data line, transmitting a data token; a memory, storing data; a processor, exchanging data with the memory according to a connection state; a bus controller, outputting a command for requesting to set a connection state between the command line and the memory to the command line by the control of the processor; and a memory card controller, changing each connection between the data line, the memory and the processor according to the command received through the command line.

Description

Support the IC chip and the method thereof of large size memory
Technical field
The present invention relates to the IC chip, relate more specifically to support the IC chip of mass storage.
Background technology
As shown in fig. 1, the traditional IC chip comprises the IC chip memory.The IC chip memory can comprise the ROM storer that is used for storage code, the RAM storer that is used for the computing support and the EEPROM that is used for applet.
Yet,, yet for the EEPROM of IC chip memory, be difficult to realize 1M byte or more although cause many demands that relate to memory span based on the activation of IC chip service.Correspondingly, IC chip manufacturer attempts by flash memory (flash memory) is put into the IC chip that the traditional IC chip comes the development support mass storage.
Yet the traditional IC chip of support mass storage is as shown in fig. 1 physically realized on a chip, and IC chip and mass storage can not be integrated functionally.Therefore, in mass storage, store data by the security that makes full use of the IC chip or be impossible by making full use of the weakness that mass storage supplies as the IC-card of storer.
Simultaneously, mobile communication terminal, for example global system for mobile communications (GSM) phone and Wideband Code Division Multiple Access (WCDMA) (W-CDMA) phone adopt for example subscriber identification module (SIM) card and USIM (Universal Subscriber Identity Module) (USIM) card.
This IC chip comprises the coprocessor that the secure datas such as mobile communication user information, personal information and financial information for example of encoding become security algorithm and store this security algorithm.
Yet as mentioned above, the traditional IC chip can not be stored many data owing to the restriction of memory capacity.
Terminal mainly adopts flash memory to come storing various information.Compare with the IC chip memory, flash memory is enough greatly to store many data.And flash memory has the technology that enlarges memory capacity very apace.
Yet, different with the IC chip, because this flash memory does not have the built-in security algorithm or the coprocessor of coded data, so flash memory has the not high weakness of safety of data of storage.Even terminal self is carried out security algorithm guaranteeing the safety of data of storage, because the different coding of each terminal type, flash memory can not guarantee the compatibility deciphered.
In other words, the IC chip has good security but has limited memory capacity, and flash memory has the data security that big memory capacity still has weakness.And the security algorithm of mobile communication terminal self can not guarantee the compatibility of data decoding.
Summary of the invention
The mass storage of being devoted to address the above problem that a kind of IC chip processor can the direct access mass storage that the invention provides is supported IC chip and support method thereof.Especially, this IC chip can carry out high-speed communication with main frame 400.
And the present invention also provides the such secure data of a kind of can encode for example mobile communication user information, personal information and financial information and can guarantee that the mass storage of the compatibility of data decoding supports IC chip and support method thereof simultaneously.
One aspect of the present invention is characterised in that the IC chip of supporting mass storage.
According to one embodiment of present invention, the IC chip memory can comprise: order wire, transmit order; Data line transmits data token (token); Storer, the storage data; Processor is according to connection status and memory transactions data; Bus controller, the order that will ask to be provided with the connection status of storer under the control of processor outputs to order wire; And memory card controller, according to order change each connection between data line, storer and processor that receives by order wire.
According to another embodiment of the invention, the IC chip can comprise input and output port, inputs or outputs control signal and data from main frame; First storage unit, memory encoding and decoding are imported or the security algorithm of institute's output data; And processor, receive the digital coding request signal and use this security algorithm this data of encoding by input and output port, and receive the data decoding request signal and use this security algorithm to decipher this data by input and output port.
Another aspect of the present invention is characterised in that a kind of communication terminal that comprises the IC chip of supporting mass storage.
According to one embodiment of present invention, mobile communication terminal passes through to use IC chip coding and storage data, and decoding and use decoding data, and the IC chip can comprise input and output port, is electrically connected to mobile communication terminal; First storage unit, the security algorithm of memory encoding and these data of decoding; Processor, receive digital coding request signal and these data of algorithm coding safe in utilization by input and output port from mobile communication terminal, and decipher this data from mobile communication terminal reception data decoding request signal and algorithm safe in utilization by input and output port; And second storage unit, storage is by the data of processor decoding, and has the capacity bigger than first storage unit.
Another aspect of the present invention is characterised in that a kind of method that changes connection status.
According to one embodiment of present invention, a kind of method that changes connection status can comprise: receive order by the order wire in the memory card controller, memory card controller is by order wire and data line and main-machine communication and be connected to storer and processor; If order is the APDU order, then allows processor to permit APDU and be received and send by this data line; And if the order be bind command, then processor is connected to storer.
Another aspect of the present invention is characterised in that a kind of safety method of the data of using in mobile communication terminal.
According to one embodiment of present invention, a kind of safety method of the data of using in mobile communication terminal can comprise: first step receives the digital coding request signal from mobile communication terminal; Second step receives safe key and authorizes this safe key from mobile communication terminal; Third step is if the mandate of safe key success in second step is then carried out and is stored in the security algorithm in first storage unit and these data of encoding; And the 4th step, memory encoding data in second storage unit with capacity bigger than first storage unit.
Description of drawings
Fig. 1 is the block scheme of setting forth the traditional IC chip;
Fig. 2 briefly sets forth an example of the present invention;
Fig. 3 sets forth the block scheme of IC chip according to an embodiment of the invention;
Fig. 4 has set forth the operation of APDU order according to an embodiment of the invention;
Fig. 5 has set forth the operation of bind command according to an embodiment of the invention;
Fig. 6 has set forth the operation of the IC chip that uses APDU order and bind command according to an embodiment of the invention;
Fig. 7 has set forth the operation that transmits the IC chip of the R-APDU with data field value according to an embodiment of the invention, and this IC chip uses APDU order and bind command;
Fig. 8 has set forth the operation that transmits the IC chip of the R-APDU with data field value in accordance with another embodiment of the present invention, and this IC chip uses APDU order and bind command;
Fig. 9 has set forth the execution of data security algorithm according to an embodiment of the invention;
Figure 10 is the process flow diagram of setting forth the operation of using data security algorithm coding data according to an embodiment of the invention;
Figure 11 is the process flow diagram of setting forth the operation of using data security algorithm decoding data according to an embodiment of the invention; And
Figure 12 is the block scheme of setting forth the data in the safe storage part that can be stored in storer according to an embodiment of the invention.
Embodiment
Below, some embodiments of the present invention will be described with reference to the drawings.
Although following description is based on an embodiment who uses MMC communication protocol, but under the situation of supporting the high speed protocol between IC chip and the terminal, technical spirit of the present invention obviously may be used on this high speed protocol, and is not subjected to any restriction of high-speed communication protocol type.
Fig. 2 briefly sets forth an example of the present invention.IC chip of the present invention is according to the low-speed communication of ISO7816 standard execution with terminal.And the IC chip can comprise mass storage such as flash memory for example in addition and carry out and outside high-speed communication by high-speed interface.The IC chip can be for example subscriber identification module (SIM), USIM (Universal Subscriber Identity Module) (USIM), user's identification module (UIM) and can remove IC chip that such being used for of user's identification module (R-UIM) discern mobile communication subscriber and any one of other IC-card that is used for ecommerce that for example financial chip is such.The IC chip not only can be carried out high-speed communication, also can carry out low-speed communication.Perhaps, IC-card can be by being transformed into the low-speed communication token high-speed communication token and only carrying out high-speed communication.
Under multimedia card (MMC) was applied to situation in the high-speed communication protocol, main frame 400 intercomed by two lines mutually with the IC chip.100 order transmits and 400 response transmits and carries out by order wire (CMD) from memory card controller 100 to main frame from main frame 400 to memory card controller.Data between main frame 400 and the memory card controller 100 transmit and carry out by data line (DATA).
As set forth in fig. 2, main frame 400 and memory card controller 100 interconnect by data line.By changing the connection status between IC chip processor 200, storer 300 and the main frame 400, memory card controller 100 allows IC chip processor 200 to be connected to main frame 400 or storer 300.Memory card controller 100 is mainly kept the directly connection status of access memory 300 of memory card controller 100.In other words, the data of importing by data line are stored in the storer 300 or the data that read from storer 300 are sent to main frame 400 by data line.
The connection status of memory card controller 100 inside must change, so that memory card controller 100 is transferred to the access right of storer 300 or by data token that data line received to IC chip processor 200.When first switch connection and second switch and the disconnection of the 3rd switch, the data line between main frame 400 and the memory card controller 100 is connected to storer 300.Under this connection status, memory card controller 100 can be in storer 300 write data or read the data that are written in the storer 300.During this period, when second switch connection and first switch and the disconnection of the 3rd switch, data line is connected to IC chip processor 200.When the 3rd switch connection and the disconnection of first and second switches, IC chip processor 200 is connected to storer 300.
The connection status of memory card controller 100 changes according to the order that receives by order wire.Order is classified as three types, and is as shown in table 1.
Table 1
Figure A200780009022D00101
Non-Application Protocol Data Unit (non-APDU) order is to be sent to the order of memory card controller 100 and to be sent to the response of main frame 400 from memory card controller from main frame 400, comprises basic command and corresponding response by the high-speed communication protocol definition.When receiving NON APDU order, memory card controller 100 is stored the data token that receives by data line in storer, perhaps the second and the 3rd switch is changed to disconnection by allowing first switch to be changed to connection, comes by data line the data of being stored in the storer 300 to be sent to main frame 400.
The APDU order is the order that is produced and be sent to memory card controller 100 in main frame 400, is defined as transmitting APDU by data line.If APDU is imported from the IC chip main frame (not shown) that is connected to main frame 400, then produce the APDU order.At least one data token is transmitted certainly or is sent to main frame 400 by data line between APDU order and corresponding APDU response.
The data token that utilizes APDU to transmit by data line comprises by the order APDU (C-APDU) of main frame 400 or memory card controller 100 encapsulation or response APDU (R-APDU).
Have 48 or be less than 48 C-APDU or R-APDU and can be transmitted by a data token.Have 48 or can pass through a data stream more than 48 C-APDU or R-APDU
(order read) or a plurality of data token (polylith read) and be transmitted.
When receiving the APDU order, second switch is changed to connection, the first and the 3rd switch is changed to disconnection by allowing, and memory card controller 100 will be sent to IC chip processor 200 by the data token that data line receives.Here, data token must be dressed up C-APDU by deblocking by the decapsulation operation, to send it to IC chip processor 200.R-APDU can be packaged into data token, to send it to main frame 400.
Bind command is the order that is produced and be sent to memory card controller 100 in IC chip processor 200, is defined in to receive and transmit data between IC chip processor 200 and the storer 300.When receiving bind command, memory card controller 100 allows that the 3rd switch is changed to connection, first and second switches are changed to disconnection, makes IC chip processor 200 to write data in storer 300 and reads the data of write store 300.
ON-and OFF-command is the order that is produced and be sent to memory card controller 100 in the IC chip processor, the data communication between IC chip processor 200 and the storer 300 has been finished being notified to memory card controller 100.If receive ON-and OFF-command, memory card controller 100 turns back to the connection status that receives before the bind command or predetermined connection status.In another embodiment, whether memory card controller 100 can will receive between IC chip processor 200 and storer 300 and transmit data rather than ON-and OFF-command by checking, and turn back to receive bind command before connection status or predetermined connection status.Perhaps, memory card controller 100 can be designed to turn back to and receive the connection status before the bind command or have the predetermined connection status that certain hour postpones.
Although above description is based on the situation of using the MMC agreement as the high-speed communication protocol example, obviously, usb protocol can easily be applied among the present invention.Implement according to ISO 7816-12 by the method for using usb protocol to receive and send APDU.At this moment, even using under the situation of USB as high-speed communication protocol, one of ordinary skill in the art can easily define and use controller (for example memory card controller 100) that change to support high speed protocol connection status additional command and allow another additional command of IC chip processor access memory, with the data token that transmits feature of the present invention with APDU to the IC chip processor.
IC chip processor 200 can be stored in coded data in the storer 300 by driving security algorithm, and the coded data of being stored in the translation memory, to provide decoding data to main frame 400.IC chip processor 200 can comprise the coprocessor of carrying out security algorithm.
If receive command signal writes data or reads write store 300 in storer 300 data, IC chip processor 200 is just carried out the safe handling of corresponding data.This is will be with reference to the accompanying drawings 9 for a more detailed description to accompanying drawing 12.
Fig. 3 sets forth the block scheme of IC chip according to an embodiment of the invention.
Memory card controller 100 and IC chip processor 200 all are included in the IC chip.Realizing that storer 300 can be included in the IC chip under two modules, for example IC chip and the situations of storer 300 as the composite type of an integrated IC chip.Under the mixed type situation that each module interlinks by interface, storer 300 can be not included in the IC chip.
Use main frame 400 that high-speed communication protocol and memory card controller 100 communicate data and be connected to main frame 400, carry out the IC chip main frame that APDU communicates by letter with the IC chip processor of IC chip and be included in the terminal.
This terminal can be not only the such mobile communication terminal of mobile phone that for example is equipped with radio communication function, also can be that for example PDA and laptop computer etc. are taken messaging device like this.
If IC chip main frame and one of IC chip processor 200 encapsulation APDU becomes data token that high speed protocol supports to transmit this token, then another in them just intercoms mutually by this data token of decapsulation.
According to this embodiment of the invention, the IC chip can comprise: storer 300, the storage Large Volume Data, memory card controller 100, by read/write data in storer and change connection status and between other parts relay data, the IC chip processor, carry out reading and write operation of data by memory card controller and IC chip main-machine communication and in storer, and bus controller 210, allow memory card controller 100 to make IC chip processor 200 access memories become possibility by control IC chip processor 200.
Memory card controller 100, its by changing connection status between other parts of IC chip trunking traffic, comprise interface driver 110, card interface controller 120, switch 130, register 140, storage core interface 150 and power supply detecting unit 160.
Interface driver 110 carries out data token and command communication by data line and order wire with the main frame 400 that data line pin by being arranged in IC chip sides part and order wire pin are electrically connected.
The electric signal of the Physical layer that transmits by each data line and order wire is packaged into data token and order respectively, to be sent to card interface controller 120.
During this period, also dressed up the electric signal of Physical layer and be sent to main frame 400 from the data token and the order of card interface controller 120 outputs by data line and order wire by deblocking.
Card interface controller 120 depends on from the type executable operations of the order of main frame 400 receptions.In other words, must change according to command type under the situation of connection status, card interface controller 120 output connection status change signal.
If receive NON APDU order, card interface controller 120 just reads and write operation the execution of data in the storer 300, this read with write operation be the basic operation that meets high speed protocol, and keep the connection status that card interface controller 120 can access memory 300 by gauge tap 130 (referring to table 1).
Here, storer 300 can be categorized into and can be specialized in storage card part that memory card controller 100 uses and only can be by the IC chip part of IC processor 200 accesses.Card interface controller 120 is limited to the storage card part according to the specific region of the storer 300 of NON APDU order access.
And storer 300 can be classified into the safe storage part, and the secure data of security algorithm is carried out in storage by IC chip processor 200, the user memory part, the typical data of security algorithm is not carried out in storage, and the system storage part, and storage is used for the information in diode-capacitor storage zone.This will describe in detail in Fig. 9.
If receive APDU order, card interface controller 120 is with regard to gauge tap 130, makes the content of the data token that will receive by data line can be sent to IC chip processor 200 (referring to table 1).
To after receiving the APDU order, comprise the C-APDU that produces and use the high-speed communication protocol encapsulation by storage card main frame 400 by the received data token of data line.
Card interface controller 120 is removed head and afterbody from data token, and output content only subsequently.The content of being exported is C-APDU, and it is sent to IC chip processor 200 by switch 130.
Transmitting under the situation of a C-APDU by a plurality of data tokens, card interface controller 120 makes up corresponding contents continuously.If produced complete C-APDU, card interface controller 120 just can be sent to IC chip processor 200 by complete C-APDU.
Transmitting under the C-APDU situation by a plurality of data tokens, C-APDU comprises order and can not be packaged into a token.
Keep according to APDU order after connection status makes that the output of card interface controller 120 can be sent to IC chip processor 200 at switch 130, the C-APDU that receives by data line is sent to IC chip processor 200.
The IC processor 200 that has received C-APDU is carried out corresponding the processing.If finish dealing with, IC chip processor 200 just with result, be that R-APDU is sent to card interface controller 120.
Card with R-APDU transmits APDU by order wire and responds main frame 400.Do not comprise at R-APDU under the situation of response data that R-APDU can be included in the APDU response and be transmitted.Yet, comprise at R-APDU under the situation of response data that indication exists the response data identifier of response data can be included in the APDU response.The main frame 400 that has received the response data identifier can read R-APDU from memory card controller 100 according to data read command.
If the APDU response is transmitted, then card interface controller 120 can change the connection status of switch 130, to receive next order.Before or after the APDU response was transmitted, the connection status of switch 130 changed according to pre-defined rule.
At first, the current connection status of switch 130 can be kept, up to receiving next order.Correspondingly, in order to change connection status, NON APDU order or bind command must be received after transmitting the APDU response.The second, switch 130 can change current connection status to receiving APDU order connection status before.So the connection status of switch 130 turns back between card interface controller 120 and the storer 300 or the connection status between IC chip processor 200 and the storer 300.The 3rd, the connection status of switch 130 can only turn back to predetermined connection status.
So, ordering according to NON APDU under the situation that the basic connection status of connection status conduct is set, before or after transmitting the APDU response and according to after the finishing dealing with of bind command, the connection status of switch 130 turns back to the connection status between card interface controller 120 and the storer 300.
If receive bind command, card interface controller 120 makes IC chip processor 200 can be connected to storer 300 (referring to table 1) with regard to gauge tap 130.
Bind command is produced by bus controller 210 according to the control signal of IC chip processor 200.The bind command that is produced is sent to card interface controller 120 by the order wire that is connected to bus controller 210.
Card interface controller 120 changes the connection status of switch 130, makes IC chip processor 200 can be connected to storer 300.The particular address of the storer 300 that 200 accesses of IC chip processor connect by switch 130, and read the data of storing or write data.
If IC chip processor 200 need read storer/write operation would finish and has been notified to card interface controller 120, then by bus controller 210 output ON-and OFF-commands.
Card interface controller 120 changes the connection status of switch 130 according to ON-and OFF-command, to receive R-APDU from the IC chip processor or to handle according to next command execution.
If IC chip processor 200 access memories to handle the C-APDU that transmits from main frame 400, then because R-APDU is transmitted, come to receive R-APDU from the IC chip processor so card interface controller 120 just changes connection status by gauge tap.
At this moment, if access memory is not to produce R-APDU for IC chip processor 200, card interface controller 120 is just kept current connection status, or current connection status is changed to predetermined connection status.
If then there is different situations in IC chip processor 200 access memories to carry out the processing of other purpose except that producing R-APDU, for example the data of storer 300 are carried out coding/decoding according to security algorithm and file management.
Especially, for the high-speed communication protocol that does not have additional security function, data security can realize by security algorithm.In other words, main frame 400 or memory card controller 100 can produce C-APDU, and corresponding data safe processing is also carried out, and C-APDU is offered IC chip processor 200 in the address of the specific region of designated memory 300.Here, the specific region of storer 300 can be only can be by the storage card part of memory card controller access.
The IC processor that has received the C-APDU that is used to carry out data safe processing is used for the bind command of access appropriate area by bus controller 210 outputs, and request changes connection status.Subsequently, IC chip processor 200 can be carried out the data safe processing of specific region.This will be with reference to the accompanying drawings 9 describes to accompanying drawing 12 in more detail.
In another embodiment, if (for example one-period) past schedule time, the connection that card interface controller 120 disconnects between IC chip processor and the storer 300, and gauge tap 130 turns back to previous connection status or predetermined connection status to allow connection status.
In another embodiment, the data of card interface controller 120 monitorings between IC chip processor 200 and storer 300 transmit and accepting state.So, if swap data no longer between IC chip processor 200 and the storer 300, then gauge tap 130 just allows connection status to turn back to previous connection status or predetermined connection status.
Switch 130 is connected respectively to card interface controller 120, IC chip processor and storer 300.And switch 130 makes becomes possibility transmitting and receive data under the control of card interface controller 120 between these three parts.
Switch 130 can be realized by using distinct methods.Any those of ordinary skill in affiliated field can easily be understood the composition of switch 130.The method that changes switch 130 connection status is referring to Fig. 2 and table 1.
The necessary status information of operation that comprises the register 140 memory card interface controllers 120 of essential register and optional register.Register 140 comprises 128 card identifier (CID) will being used for storing identification, be stored in initialization process by 16 relative card address (RCA) of the card system address of main frame 400 dynamic assignment and by being used for 32 the mode of operation register (OCR) that the specific broadcasting command of voltage form of identification card uses.Register 140 can include 16 driver-level register (DSR) of the output driver that selectively forms card further.
According to the request of card interface controller 120 or IC chip processor 200, the particular address of storage core interface 150 access memories, and read and write data.
If the IC chip is inserted in the slot of terminal, then power supply detecting unit 160 is responded to power supply that is applied and the reset signal that produces the driving IC chip parts, to apply reset signal to each parts.
IC chip processor 200 is carried out the basic operation of IC chips, partly obtains yet carry out the system storage of the essential module (for example code and little application) of basic operation by access memory 300, for example storer 300.
If receive C-APDU by memory card controller 100 from main frame 400, then IC chip processor 200 determines whether whether to be included among the C-APDU based on C-APDU type access memory 300 and data.
Owing to carried out such determining, in must reading storer 300 the data of storing or must in storer 300, write under the data conditions, control signal just is output to bus controller 210.If IC chip processor and storer 300 are according to being interconnected by the bind command that control signal produced, then IC chip processor 200 is just by using method same as the prior art to come the predistribution IC chip part of access memory 300, to read and to write data.
Here, be configured such that IC chip processor 200 exceedingly the IC chip part memory module and the data of the storer 300 of access IC chip part.Preferably, the IC chip partly has the address system as the storage management system of traditional IC chip.In this case, although IC chip processor 200 uses the legacy memory address, storer 300 can freely be used.Certainly, owing to need more address to be used for writing Large Volume Data, thereby address system can expand to as required address so big.
If use the operation of storer 300 to finish, then IC chip processor 200 makes to produce ON-and OFF-command, and will hand over to card interface controller 120 to the access right of storer 300 with regard to control bus controller 210.
Certainly, in another embodiment, IC chip processor 200 can be only has the access right to storer 300 during at the fixed time.And, can determine whether the operation of IC chip processor 200 is finished by the exchanges data state between monitoring IC chip processor 200 and the storer 300.IC chip processor 200 with operating result as R-APDU, to transmit R-APDU to card interface controller 120.
Owing to carried out such determining, if do not need from storer 300 reading of data or write data into storer 300, IC chip processor 200 does not just produce bind command and transfer operation result to card interface controller 120.
At this moment, IC chip processor 200 can obtain to carry out the necessary memory resource of all operations, but when execution during basic operation, IC chip processor 200 can be in the RAM (not shown) storage computation result temporarily.
The bus controller 210 that is connected between IC chip processor 200 and the order wire produces bind command or ON-and OFF-command according to the control signal from the IC chip processor, to send it to memory card controller 100.
Storer 300 not only can be for example can electronically written or the such solid-state memory device of flash memory of deleted data, also can be the memory devices of other type.
Storer 300 can be divided into storage card part and IC chip part.Each part can be distinguished only for memory card controller 100 and 200 uses of IC chip processor.
The storage card part can be stored the data that transmit from main frame 400, and the necessary module of basic operation of IC chip processor 200 is carried out in the tender enough storages of IC chip part.
Storer 300 also can be divided into the safe storage part of storage security data, the user memory part of storage typical data and the system storage part of Management IC chip memory.This will describe in Fig. 9 in more detail.
Fig. 4 is an example of setting forth APDU command operation according to an embodiment of the invention.At first, below the method that transmits APDU between main frame 400 and the IC chip, will describe briefly.Subsequently, description has been adopted the embodiment of MMC agreement.
The C-APDU that IC chip main frame is produced comprises the head of 4 bytes and the main body of variable-length.This head comprises the instruction class (CLA) of 1 byte, the instruction code (INS) of 1 byte, the parameter 1 (P1) of 1 byte and the parameter 2 (P2) of 1 byte.Main body comprises the Lc of 1 byte, measures the length of optional main body or data field; Data field comprises the command parameter or the data of variable-length; And the Le of 1 byte, the desired length of estimation return data.The R-APDU that IC chip processor 200 is produced comprises main body and the status word SW1 and the SW2 of variable-length.Main body comprises Le, measures the data of optional main body or data-field length and variable-length.
The LB head that main frame 400 will be measured C-APDU length is coupled to the C-APDU that IC chip main frame is produced, and it is packaged into a plurality of data tokens.
A plurality of encapsulation of data tokens are sent to memory card controller 100 by the Physical layer that forms between the memory card controller 100 of the main frame 400 of supporting high-speed communication protocol and terminal.Card interface controller 120 is dressed up APDU with reference to the LB header value with a plurality of received data token deblockings.
Below, will describe the operation of the high-speed communication of using the MMC agreement in detail.
Under the situation of MMC agreement, command token transmits by order wire and data line respectively with the data token that is associated with command token.Data read/write command (from main frame 400 to IC chips) and respective response (from the IC chip to main frame 400) receive and transmit by order wire, and receive and transmit by data line according to the data of order.Under the MMC agreement, data read/write command is categorized into order order and sectional type order.The order order transmits continuous data stream, and ceasing and desisting order appears in order wire in the transmission of keeping continuous data stream.The sectional type order transmits the continuous blocks (token) that comprise Cyclic Redundancy Check, and ceasing and desisting order appears in order wire in transmission block continuously.Here, order is sent to the IC chip from main frame 400, and response is sent to main frame 400 from the IC chip.Data transmit between main frame 400 and IC chip.
Command token has 48 total length.Start bit and stop bit respectively always 0 and 1.Forwarder position with next-door neighbour start bit of 1 is the position that expression comes the order of self terminal.Command context is close to the forwarder position and is protected by 7 CNC verification and position.
The response token has 48 or 136 s' total length.Start bit and stop bit respectively always 0 and 1.Forwarder position with next-door neighbour start bit of 0 is the response of expression from IC-card.Response contents is close to the forwarder position and is protected by 7 CNC check bit sum.
In the sectional type data token, start bit and stop bit always are respectively 0 and 1.The sectional type data token, the other parts length that it has 512 bytes except that start bit, stop bit and CNC verification and position comprises the LB district of 2 bytes of indicating APDU length and the APDU district of 510 bytes.The APDU district comprises C-APDU or the R-APDU from main frame 400 or IC chip.The APDU that surpasses 510 bytes is divided at least 2 sectional type data tokens and is transmitted." 00h " is inserted in the not filling remainder bytes of last sectional type data token.
Fig. 4, APDU communication comprises following four kinds of situations.
First kind of situation is the data field value that does not have the data field value of C-APDU and do not have R-APDU.
Second kind of situation is not have the data field value of C-APDU and the arbitrary data field value of R-APDU.
The third situation is the arbitrary data field value of C-APDU and the data field value that does not have R-APDU.
The 4th kind of situation is the arbitrary data field value of C-APDU and the arbitrary data field value of R-APDU.
Under the situation of the data field value that does not have C-APDU, C-APDU can be included in APDU order 410 or the APDU token 420 (first kind of situation and second kind of situation).Under the situation of the arbitrary data field value of C-APDU, C-APDU is included in 420 neutralizations of APDU token and is transmitted (the third situation and the 4th kind of situation).Under aforementioned two kinds of situations, comprise that the APDU token of C-APDU transmits between APDU order 410 and APDU response 430.Under the situation of the data field value that does not have R-APDU, will respond 430 by APDU and receive R-APDU.During this period, the memory card controller 100 that has received the APDU order that transmits C-APDU changes to connection 425 between memory card controller and the IC chip processor with the connection status of switch 130 from the connection 415 between memory card controller and the storer.
Do not having under the situation enough little on the data field value of R-APDU (first and the third situation) or the R-APDU size, R-APDU is included in APDU and responds in 430.
The arbitrary data field value of R-APDU and R-APDU for the situation that R-APDU is too big by R-APDU transmits under, the following description of the processing of R-APDU.Under the situation of the arbitrary data field value of R-APDU, IC chip processor 200 transmits the information that R-APDU self, the storage address that stores R-APDU or expression have the R-APDU that will be transmitted to memory card controller 100.The memory card controller 100 that has received R-APDU reads identifier with R-APDU and is inserted in the APDU response 430 and transmits this APDU response 430.It is that expression has the information of the R-APDU that will be sent to main frame 400 that R-APDU reads identifier, can only use simply 1 or more multidigit represent whether R-APDU is arranged.Perhaps, to read identifier can be to store the storage address of R-APDU or the combination of information and address to R-APDU.Received and had the main frame 400 that R-APDU reads the APDU response 430 of identifier and read R-APDU from the IC chip by reading order.During this period, before or after transmitting the APDU response, memory card controller 100 changes to previous connection status or predetermined connection status with the connection status of switch 130.Fig. 4 has set forth memory card controller 100 connection status of switch 130 has been changed to connection between memory card controller and the storer.
Fig. 5 is an example of setting forth the operation of bind command according to an embodiment of the invention.
In case receive C-APDU by memory card controller 100 from IC chip main frame, IC chip processor 200 just determines whether whether to comprise data based on C-APDU type access memory 300 and C-APDU.Must or storer 300, write under the data conditions from storer 300 reading of data, arrive data line by bus controller 210 output bind commands 500.The memory card controller 100 that receives bind command 500 by data line changes to connection 515 between IC chip processor and the storer with connection status from the connection 505 between memory card controller and the storer.If IC chip processor 200 is connected to storer 300, IC chip processor 200 is with regard to the predistribution IC chip part by method access memory 300 same as the prior art, to read and to write data.So, in data line, do not produce any signal.
If use the operation of storer 300 to finish, IC chip processor 200 makes it possible to produce ON-and OFF-command with regard to the control bus controller, and will hand over to card interface controller 120 to the access right of storer 300.Certainly, in another embodiment, IC chip processor 200 can be only at the fixed time during in have access right to storer 300.And, can determine whether the operation of IC chip processor 200 is finished by the exchanges data state between monitoring IC chip processor and the storer 300.So, ON-and OFF-command 520 can randomly be provided.If use the operation of storer 300 to finish, memory card controller 100 just turns back to connection status previous connection status or predetermined connection status.Fig. 5 has set forth memory card controller 100 connection status has been changed to connection between memory card controller and the storer.
Fig. 6 is an example of setting forth the IC chip operation that uses APDU order and bind command according to an embodiment of the invention.
The main frame 400 that receives C-APDU from IC chip main frame transmits APDU order 600 to memory card controller 100 by order wire.Subsequently, C-APDU is packaged into the APDU token and is sent to memory card controller by order wire.Before receiving the APDU order, memory card controller 100 is connected to storer 300 (605).The memory card controller 100 that has received APDU order 600 changes connection status, makes that the connection 615 between memory card controller and the IC chip processor can be carried out.Subsequently, if receive APDU token 610 by data line, memory card controller 100 is just dressed up APDU token 610 deblockings C-APDU and C-APDU is sent to IC chip processor 200.The IC chip processor 200 that has received C-APDU determines whether essential access memory 300.If essential access is just exported bind command 620 to order wire.The memory card controller 100 that has received bind command 620 changes to connection 625 between IC chip processor and the storer with connection status.Subsequently, if receive R-APDU from IC processor 200, memory card controller 100 just is transformed into R-APDU APDU response 630 and transmits this APDU response 630 to main frame 400.Before or after APDU response 630, the connection status of memory card controller 100 maintains current state, perhaps changes to previous connection status or predetermined connection status.
Fig. 7 and Fig. 8 set forth the example of IC chip operation that according to some embodiments of the invention transmission has the R-APDU of data field value, and the IC chip uses APDU order and bind command.Because it is identical with the part with Reference numeral 600 to 630 among Fig. 6 to have the part of Reference numeral 700 to 730 and 800 to 830, thereby following description is based on other parts.
If memory card controller 100 receives R-APDU or respective response (storing the storage address of R-APDU or the information that expression has the R-APDU that will be transmitted) from IC chip processor 200, memory card controller 100 just is transformed into R-APDU or respective response APDU response 730 and transmits APDU response 730 to main frame 400.Memory card controller 100 reads identifier with R-APDU and is inserted in the APDU response 730 and transmits this APDU response 730.At this moment, before or after transmitting the APDUA response, the connection status of memory card controller 100 is maintained current state, perhaps changes to previous connection status or predetermined connection status 735.
Received and had the main frame 400 that R-APDU reads the APDU response 730 of identifier and read R-APDU from the IC chip by reading order 740.The memory card controller 100 that has received reading order 740 transmits to read and responds main frame 400.Subsequently, R-APDU is packaged into data token 760 and is sent to main frame 400.If the transmission of data token 760 is finished, main frame 400 just transmits ceases and desist order 770 to memory card controller 100.Memory card controller 100 770 will stop response and be sent to main frame 400 in response to ceasing and desisting order.
In this embodiment, wherein IC chip processor 200 only transmits information that expression has a R-APDU to memory card controller 100, as the APDU order 840 of reading order from IC chip processor 200 reading of data.So memory card controller 100 changes to connection 835 between memory card controller and the IC chip processor with connection status, and IC chip processor 200 will be sent to memory card controller 100 by temporary transient stored R-APDU owing to the change of connection status.Memory card controller 100 is packaged into data token 850 transmitting data token 850 to main frame 400 with R-APDU, and connection status is changed to connection 865 between memory card controller and the storer.
Fig. 9 has set forth the execution of security algorithm according to an embodiment of the invention.
The IC chip can comprise data input and output port 910, IC chip processor 200 and IC chip memory 920.
Data input and output port 910 is data of importing from IC chip receiving terminal outside or the port that the data of exterior of terminal input is sent to the IC chip.Data input and output port 910 is connected to aforementioned data line and order wire.Data input and output port 910 can be with multi-form ISO7816, RF, MMC and USB standard input and output data.
As mentioned above, IC chip processor 200 is according to the difference and storer 300 swap datas of connection status, and control IC chip is carried out the function of IC chip.Under the data conditions that transmits by data line of attempting to encode according to the request of main frame 400, encode and data are changed over secure data by driving security algorithm.The secure data of IC chip processor 200 memory encoding in safe storage part 310.
The safe handling operation relates to following operation, promptly data are changed over secure data and it is stored in the safe storage part 310 of storer 300, and utilize same security algorithm that the secure data of storage is changed over typical decoding data and sends it to main frame 400 by utilizing the security algorithm that is driven by IC chip processor 200 to encode.
Require management not have under the situation of request of typical data of controlled signal coding receiving main frame 400, in user memory part 320, IC chip processor 200 does not drive security algorithm with data storage.When access data, send data to main frame 400, and do not carry out decoded operation.This operation is called the exemplary process operation.
As mentioned above, security algorithm can adopt algorithm commonly known in the art.For example, security algorithm can use any one among DES, 3-DES and the AES.
In the present invention, all data by the data line input and output are not carried out security algorithm.The data that can be asked the main frame 400 or predetermined data type of control program carried out security algorithm.
Can utilize the control program that is installed in the IC chip memory 920 to carry out security algorithm.This control program can be controlled the data of whether encoding by data line input and the data of whether being stored in the translation memory 300 or the address of storer can be stored in the IC chip memory 920 or in the system storage part 320.Control program also can be stored in the system storage part 320.
Control program can pass through whether coded data of graphic user interface (GUI) inquiry terminal user.At this moment, ask the user under the situation of coded data, control program is carried out the security algorithm and the corresponding data of encoding.Subsequently, control program can be stored coded data in storer 300, and the information stores that the storage designation data is encoded in IC chip memory 920 or system storage part 320 has the address of memory of data.
Do not ask the user under the situation of coded data, control program is not carried out security algorithm and store corresponding data in storer 300.Control program is stored designation data information that is not encoded and the address that stores memory of data in the storage area of IC chip.Information that designation data is not encoded and the address that stores memory of data are the essential information of the control program data of being stored in the searching storage 300 subsequently.
GUI can be used as a module and is included in the control program.Perhaps, GUI can be individually be implemented in the performed different application in terminal.An example of application program will be described in Figure 12 in more detail.
Storer 300 can be configured to comprise the integrated IC chip of an IC chip and a module.Perhaps, storer 300 can dispose with the form with the Module Links that is independent of the IC chip.
Under the situation of storer 300 with the configuration of integrated IC chip form, address bus and be used for the data bus that data transmit and can between IC chip and storer 300, provide.
Under the situation that storer 300 disposes with the form that is independent of the IC chip, data exchange between IC chip and storer 300 with any one method among ISO 7816, MMC standard, ISO 14443, ISO 15693 and the ISO 18092.Integrated IC chip form has than independent link form operating speed faster.
Form IC chip that realize, that store mobile communication user information with the usim card of the SIM card of GSM method or W-CDMA method can be used as mobile communication terminal, if this IC chip is installed in this terminal.And this IC chip-stored is personal information and the such security information of financial information for example.
According to one embodiment of present invention, storer 300 can comprise safe storage part 310, the security algorithm memory encoding data that utilization is driven by IC chip processor 200 are in storer 300, user memory part 320, the typical data that storage is not encoded, and the system storage part, Management IC chip memory 300.Here, IC chip processor 200 can comprise special coprocessor as safe handling.
Storer 300 can be by dividing storage address in advance part and physically the allocate memory address come storage security data and typical data.Preferably, as mentioned above, storer 300 is divided in advance and each zone is provided with respectively with effective management.For example, storer 300 can adopt the flash memory that can store Large Volume Data.
In aforementioned memory is partly divided, can realize storer 300 by this way, can with desired ratio storer 300 be divided into safe storage part and user memory part by the memory manager program that uses terminal even get the user, and use the part of being divided.Because memory area is managed fully, thereby the system storage part can be by typically access.
Use the memory manager program of terminal to divide under the situation of memory area the user, if the storer access terminal first time then loads and drive the little application of initialization, with the initializes memory zone with desired ratio.
Under typical memory function use situation many times, can specify than the more user memory part of safe storage part, multizone is used as the user memory part to use more.If mobile content uses a lot, can specify the safe storage part more than the user memory part.
For example, if user memory and safe storage are set, then can in system storage part, divide the User Part and the security of whole physical addresss of diode-capacitor storage 300 with 50 to 50 ratio.
Divide in the part at each, using has a part independent access rule, that can be become the user memory part by the zone of user's control.In terminal, memory area can be managed little application by institute's memory storing in the system storage part that applies memory manager program and driving IC chip and reset.
In this case, also can be provided with can be by the part of user access by using access rule that the storage address by system memory management is resetted.
Simultaneously, each part can have size separately.Yet each part preferably can have a size that can dynamically change.
Figure 10 is the process flow diagram of setting forth the operation of using data security algorithm coding data according to an embodiment of the invention.
Referring to Figure 10, in the step that S1010 represents, control program receives the check that whether allows control program that the user is encoded by the data of the input and output port input of IC chip.
In the step that S1020 represents, to select the user under the situation of coded data, control program receives the safe key of user's input and authorizes this safe key.Here, PIN or password can be used as authorization method.
In the step that S1030 represents, if the mandate of safe key success, then control program utilizes IC chip processor 200 to carry out security algorithm with the coding corresponding data.If the authorization failure of safe key then no longer continues next step, processing finishes.
During this period, do not select the user no longer to experience the step that S1030 represents under the situation of coded data, and arrive the step that S1040 represents.
In the step that S1040 represents, control program is stored related data in storer 300, and the information that whether the storage indication data of store are encoded in the IC of IC chip chip memory 920 with store the address of storing memory of data to some extent.Here, for the information whether the indication data of storing are encoded, under the situation of the step that experience S1030 represents, the information that designation data is encoded is stored in the step that S1040 represents.Under the situation that does not experience the step that S1030 represents, the information that designation data is not encoded is stored in the step that S1040 represents.
In the step that S1050 represents, control program passes through the event memory of the display unit of terminal to user's video data.
Figure 11 is the process flow diagram of setting forth the operation of using data security algorithm decoding data according to an embodiment of the invention.
Referring to Figure 11, in the step that S1110 represents, in the step that S1110 represents, the graphic user interface of control program by mobile communication terminal receives the request of the data of storing the searching storage 300 from the user.
In the step that S1120 represents, be under the situation of coded data in institute's search data, the safe key of control program authorized user.PIN or password can be as the mandates of safe key.
If safe key is successfully authorized in the step that S1130 represents, then control program is deciphered the data of being searched for storage address by utilizing IC chip processor 200 to carry out security algorithm in the step that S1140 represents.If in the step that S1120 represents, search the data that do not have encoding operation, then do not carry out the step that S1140 represents.Simultaneously, if the mandate of safe key in the step that S1130 represents, fail, then do not proceed any next step, and processing finishes.
In the step that S1150 represents, the display unit of control program by terminal shows decoding data or do not have the data of encoding operation to the user.
Figure 12 is the block scheme of setting forth the data in the safe storage part that can be stored in storer according to an embodiment of the invention.
Data set forth in fig. 12 be divided and constitute by item terminal configuration information and with the subscriber-related personal information of using this terminal.
As setting forth among Figure 12, structured data can be divided into items such as " personal user's interface (MY UI) ", " personal information management system (PIMS) ", " browser ", " finance " and " application program ".
Personal user's interface (MY UI) comprises that the user conveniently uses or modify the information setting of his or her mobile communication terminal, for example " wallpaper ", " the tinkle of bells ", " time setting ", " font ", " contextual model " and " virtual pet ".
PIMS for example comprises " telephone number ", " schedule management ", " alarm clock ", " SMS transmission/reception " and information such as " E-mail ".Browser comprises " bookmark " and " historical information ".
Finance for example comprise " account number ", " password ", " using historical " and information such as " remittance account numbers ".
Application program comprises " courier ", " remote measurement ", " DMB ", " office " and sub-projects such as " ID ", and they are performed in mobile communication terminal.
The courier can comprise the information that is used for courier's chat, for example " my ID ", buddy list, interception tabulation, historical information etc.
Remote measurement can comprise by the service of terminal receive direction information necessary, for example " bookmark ", " my homepage ", " configuration information " and " historical information " etc.
DMB can comprise by terminal reception broadcast service information necessary, for example " channel list ", " program listing " and " configuration information " etc.
Office can comprise the information that is used for by terminal access office subassembly, for example " VPN " and " configuration information " etc.
ID can comprise " key value " and the information such as " registration numbers temporarily " when registration train or aircraft of the door of user's for example dwelling house or office.
One of ordinary skill in the art are readily appreciated that other coded message except that data set forth in fig. 12 also can comprise in the present invention.
So the terminal user can encode and store configuration information and personal information more simply, and also this information is offered the user by structure and memory encoding information necessary and use coded and canned data.And under the situation that old terminal substitutes with new terminal, by placing IC chip or the storer 300 that stores data of the present invention in new terminal, but former state ground uses previous information.In addition, under mobile communication terminal lost or stolen situation, the danger that does not exist personal information to leak.
Industrial applicibility
As mentioned above, according to the present invention, because the IC chip can be carried out its base with mass storage This operation, then compared with prior art, the physical restriction of memory span is overcome. Correspondingly, can deposit Storage is shone usually can not stored for example big capacity grant or the such data of security algorithm code.
Simultaneously, owing to carry out by high-speed communication protocol with communicating by letter of main frame 400, thereby communication can be than existing There is technology to carry out quickly.
In addition, owing to when storage data in mass storage, calculate by the safety of using the IC chip Method is stored or usage data, thereby the security of mass storage increased, rather than has only used height Speed communication protocol.

Claims (27)

1, a kind of IC chip comprises:
Order wire transmits order;
Data line transmits data token;
Storer, the storage data;
Processor is according to connection status and described memory transactions data;
Bus controller, the order that will ask to be provided with the connection status of described storer under the control of described processor outputs to described order wire; And
Memory card controller is according to described order change each connection between described data line, described storer and described processor that receives by described order wire.
2, according to the IC chip of claim 1, wherein said memory card controller comprises:
Interface driver is by described order wire and described data line and main-machine communication;
Card interface controller is determined the type of the described order that receives by described order wire and exports corresponding connection status to change signal;
Register, the status information of storing described card interface controller;
Switch is according to each connection between the described card interface controller of described connection status change signal change, described IC-card controller and the described storer;
The storage core interface is connected to described switch, and the described storer of access is to read or to write data; And
The power supply detecting unit applies reset signal to described card interface controller and described storage core controller when power supply is provided.
3, according to the IC chip of claim 1 or 2, wherein said order comprises Application Protocol Data Unit (APDU) order, connection between described memory card controller and the described processor is set, and bind command, another connection between described processor and the described storer is set.
4, according to the IC chip of claim 3, wherein said order further comprises ON-and OFF-command, disconnects the connection between described processor and the described storer.
5, according to the IC chip of claim 3, wherein said memory card controller will become order APDU (C-APDU) and export described C-APDU to described processor corresponding to the APDU token decapsulation of described APDU order.
6, according to the IC chip of claim 3, the described C-APDU that wherein said memory card controller output is included in the described APDU order arrives described processor.
7, according to the IC chip of claim 3, wherein said memory card controller will be inserted into the APDU response from the response command (R-APDU) of described processor output, if and described R-APDU do not comprise response data, then export described APDU by described data line.
8, according to the IC chip of claim 3, wherein said memory card controller will indicate the response data identifier that has response data to be inserted in the APDU response, if and comprise response data from the response command (R-APDU) of described processor output, then export described response data identifier by described data line.
9, according to the IC chip of claim 1 or 2, wherein said storer is a flash memory.
10, according to the IC chip of claim 9, wherein said storer comprises IC chip memory part and storage card part.
11, according to the IC chip of claim 1, wherein said processor is carried out safe handling by algorithm safe in utilization to a part that is stored in the data in the described storer.
12,, further comprise the random access memory that is connected to described processor and temporarily stores the result of calculation of described processor according to the IC chip of claim 1 or 2.
13, according to the IC chip of claim 1 or 2, wherein said memory card controller at the fixed time during in described processor is connected to described storer.
14, a kind of memory card controller changes the method for the connection status between storer and the processor, and described memory card controller is by order wire and data line and main-machine communication and be connected to described storer and described processor, and this method comprises:
Receive order by described order wire;
If described order is the APDU order, then allows processor to permit APDU and be received and send by described data line; And
If described order is bind command, then described processor is connected to described storer.
15, a kind of IC chip comprises:
Input and output port inputs or outputs control signal and data from main frame;
First storage unit, memory encoding and the described security algorithm that inputs or outputs data of decoding; And
Processor receives the digital coding request signal and uses the described security algorithm described data of encoding by described input and output port, and receives the data decoding request signal and use described security algorithm to decipher described data by described input and output port.
16, according to the IC chip of claim 15, further comprise second storage unit, the described decoding data of storage under the control of described processor, and have the capacity bigger than first storage unit.
17, according to the IC chip of claim 16, wherein said second storage unit further is included in the module with described input and output port, described first storage unit and described processor, and be constructed to integrated IC chip, perhaps be included in another module of described relatively module separation, each in the described module interlinks by interface.
18, according to the IC chip of claim 15 or 16, any one inputs or outputs control signal and data to wherein said input and output port among ISO 7816, RF, MMC and the USB by using with main frame.
19, according to the IC chip of claim 16, wherein said first cell stores is to the storage data and carry out the control program that security algorithm is controlled, and storage is used to store the address date of described second storage unit of described data.
20, according to the IC chip of claim 15 or 16, if wherein data be encoded or coded data decoded, then described processor is at first carried out PIN Authorized operation or password confirming operation.
21, according to the IC chip of claim 16, wherein said second storage unit is a flash memory.
22, according to the IC chip of claim 16, wherein said second storage unit comprises:
Store the safe storage part of described coded data; And
The user memory part, storage typical data and do not experience the security algorithm of described processor.
23, according to the IC chip of claim 22, wherein said second storage unit further comprises the system storage part in the zone of managing described second storage unit,
Wherein said safe storage part is provided with by the memory manager program that is stored in the described system storage part by the user with the ratio of described user memory part.
24, a kind ofly use IC chip coding and storage data, and decoding and use the mobile communication terminal of decoding data, described IC chip comprises:
Input and output port is electrically connected to described mobile communication terminal;
First storage unit, the security algorithm of memory encoding and the described data of decoding;
Processor, receive the digital coding request signal and use the described security algorithm described data of encoding from described mobile communication terminal by described input and output port, and receive the data decoding request signal and use described security algorithm to decipher described data from described mobile communication terminal by described input and output port; And
Second storage unit, the data that storage is deciphered by described processor, and have than the big capacity of described first storage unit.
25, according to the mobile communication terminal of claim 24, wherein said second storage unit further is included in the module with described input and output port, described first storage unit and described processor, and be constructed to integrated IC chip, perhaps be included in another module of described relatively module separation, each in the described module interlinks by interface.
26, a kind of safety method of the data of in mobile communication terminal, using, this method comprises:
First step receives the digital coding request signal from described mobile communication terminal;
Second step receives safe key and authorizes this safe key from described mobile communication terminal;
Third step is if the mandate of described safe key success in second step is then carried out and is stored in the security algorithm in first storage unit and the described data of encoding; And
The 4th step, memory encoding data in second storage unit with capacity bigger than described first storage unit.
27, according to the method for claim 26, further comprise:
The 5th step receives the data decoding request signal from described mobile communication terminal;
The 6th step receives safe key and authorizes decoding from described mobile communication terminal;
The 7th step is if described decoding mandate success in the 6th step then carries out being stored in the security algorithm in described first storage unit and deciphering described coded data; And
The 8th step provides described decoding data to described mobile communication terminal.
CN2007800090222A 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof Expired - Fee Related CN101401113B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
KR1020060024337A KR20070094108A (en) 2006-03-16 2006-03-16 Data security device and method and mobile terminal including the same
KR1020060024337 2006-03-16
KR10-2006-0024337 2006-03-16
KR10-2006-0026954 2006-03-24
KR1020060026954 2006-03-24
KR1020060026954A KR100738032B1 (en) 2006-03-24 2006-03-24 Smart card of supporting large size memory and method thereof
PCT/KR2007/001295 WO2007105926A1 (en) 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof

Publications (2)

Publication Number Publication Date
CN101401113A true CN101401113A (en) 2009-04-01
CN101401113B CN101401113B (en) 2012-04-11

Family

ID=38688049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007800090222A Expired - Fee Related CN101401113B (en) 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof

Country Status (2)

Country Link
KR (1) KR20070094108A (en)
CN (1) CN101401113B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102591735A (en) * 2011-12-31 2012-07-18 飞天诚信科技股份有限公司 Method for processing CAP file by intelligent card

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090037022A (en) * 2007-10-11 2009-04-15 슬림디스크 주식회사 Smart card with flash memory and memory reader of smart card and drm method using that
WO2009064131A2 (en) * 2007-11-15 2009-05-22 Slimdisc Corp. Smart card with flash memory and memory reader of smart card and drm method using the reader
KR20090058758A (en) * 2007-12-05 2009-06-10 슬림디스크 주식회사 Smart card with flash memory and display, card reader of smart card, drm method using that
US8613087B2 (en) 2010-12-06 2013-12-17 Samsung Electronics Co., Ltd. Computing system
KR101457183B1 (en) * 2012-02-24 2014-10-31 민정홍 RFID Security system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2767011B1 (en) * 1997-08-04 1999-09-24 Alsthom Cge Alcatel METHOD FOR ADAPTING THE FUNCTIONING OF A SUBSCRIBER IDENTIFICATION MODULE TO AN INTERFACE (S) OF A MOBILE RADIO COMMUNICATION TERMINAL, CORRESPONDING SUBSCRIBER IDENTIFICATION MODULE AND MOBILE TERMINAL
US6899277B2 (en) * 2001-05-17 2005-05-31 Matsushita Electric Industrial Co., Ltd. IC card and electronic devices
KR20040085793A (en) * 2003-04-01 2004-10-08 이상은 Smart mobile storage device with embedded application programs
JP2005322109A (en) * 2004-05-11 2005-11-17 Renesas Technology Corp Ic card module

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102591735A (en) * 2011-12-31 2012-07-18 飞天诚信科技股份有限公司 Method for processing CAP file by intelligent card
US9449020B2 (en) 2011-12-31 2016-09-20 Feitian Technologies Co., Ltd Method for smart card to process CAP file

Also Published As

Publication number Publication date
KR20070094108A (en) 2007-09-20
CN101401113B (en) 2012-04-11

Similar Documents

Publication Publication Date Title
US11039293B2 (en) Method and devices for transmitting a secured data package to a communication device
CN101401113B (en) Ic chip of supporting large size memory and method thereof
CN103023539A (en) Method and system for starting functions of electronic devices
CN102129592A (en) Contact smart card
US9978056B2 (en) Smart card having multiple payment instruments
SG179374A1 (en) Ic card, mobile electronic device and data processing method in ic card
JP6516133B2 (en) Communication device and communication system
CN103544114A (en) Multiple M1 card control system based on single CPU card and control method thereof
CN103368612B (en) By switching to silence, electronic equipment communication is controlled method and apparatus
CN100570633C (en) The disposal route of CPU and logical encrypt double-purpose smart card and critical data thereof
CN101187912A (en) Memory card system and method transmitting host identification information thereof
CN102112992A (en) Communication device, communication method, and program
CN101799955B (en) Method for operating double electronic purses
CN104573765B (en) Smart card information processing method and processing device
JP3718564B2 (en) IC card
EP3800915A1 (en) Type 4 nfc tags as protocol interface
JP5022434B2 (en) IC chip supporting large capacity memory and supporting method
EP1384197B1 (en) Method of manufacturing smart cards
JP4334538B2 (en) IC card
KR101749517B1 (en) Smart card reader
CN218630803U (en) House card distributing device and house card distributing device
EP3291503B1 (en) Method and devices for transmitting a secured data package to a communication device
CN101561860B (en) Card reader and method of mutual authentication of storage card
JP6819201B2 (en) Electronic information storage medium, IC card, setting information transmission method, and setting information transmission program
CN1756154B (en) Digital signature method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120411

Termination date: 20150316

EXPY Termination of patent right or utility model