CN101401113B - Ic chip of supporting large size memory and method thereof - Google Patents

Ic chip of supporting large size memory and method thereof Download PDF

Info

Publication number
CN101401113B
CN101401113B CN2007800090222A CN200780009022A CN101401113B CN 101401113 B CN101401113 B CN 101401113B CN 2007800090222 A CN2007800090222 A CN 2007800090222A CN 200780009022 A CN200780009022 A CN 200780009022A CN 101401113 B CN101401113 B CN 101401113B
Authority
CN
China
Prior art keywords
data
apdu
chip
storer
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2007800090222A
Other languages
Chinese (zh)
Other versions
CN101401113A (en
Inventor
金勍台
罗准彩
金玟妌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KTFreetel Co Ltd
Original Assignee
KTFreetel Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020060026954A external-priority patent/KR100738032B1/en
Application filed by KTFreetel Co Ltd filed Critical KTFreetel Co Ltd
Priority claimed from PCT/KR2007/001295 external-priority patent/WO2007105926A1/en
Publication of CN101401113A publication Critical patent/CN101401113A/en
Application granted granted Critical
Publication of CN101401113B publication Critical patent/CN101401113B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0013Methods or arrangements for sensing record carriers, e.g. for reading patterns by galvanic contacts, e.g. card connectors for ISO-7816 compliant smart cards or memory cards, e.g. SD card readers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention is related to an IC chip, more specifically to an IC chip supporting a large capacity memory. According to an embodiment of the present invention, there is provided an IC chip including a command line, transmitting a command; a data line, transmitting a data token; a memory, storing data; a processor, exchanging data with the memory according to a connection state; a bus controller, outputting a command for requesting to set a connection state between the command line and the memory to the command line by the control of the processor; and a memory card controller, changing each connection between the data line, the memory and the processor according to the command received through the command line.

Description

Support the IC chip and the method thereof of large size memory
Technical field
The present invention relates to the IC chip, relate more specifically to support the IC chip of mass storage.
Background technology
As shown in fig. 1, the traditional IC chip comprises the IC chip memory.The IC chip memory can comprise the ROM storer that is used for storage code, the RAM storer that is used for the computing support and the EEPROM that is used for applet.
Yet,, yet for the EEPROM of IC chip memory, be difficult to realize 1M byte or more although cause many demands that relate to memory span based on the activation of IC chip service.Correspondingly, IC chip manufacturer attempts through flash memory (flash memory) is put into the IC chip that the traditional IC chip comes the development support mass storage.
Yet the traditional IC chip of support mass storage as shown in fig. 1 is physically realized on a chip, and IC chip and mass storage can not be integrated functionally.Therefore, in mass storage, store data through the security that makes full use of the IC chip or be impossible through making full use of the weakness that mass storage supplies as the IC-card of storer.
Simultaneously, mobile communication terminal, for example global system for mobile communications (GSM) phone and WCDMA (W-CDMA) phone adopt for example subscriber identification module (SIM) card and USIM (USIM) card.
This IC chip comprises the coprocessor that the secure datas such as mobile communication user information, personal information and financial information for example of encoding become security algorithm and store this security algorithm.
Yet as stated, the traditional IC chip can not be stored many data owing to the restriction of memory capacity.
The terminal mainly adopts flash memory to come storing various information.Compare with the IC chip memory, flash memory is enough greatly to store many data.And flash memory has the technology that enlarges memory capacity very apace.
Yet, different with the IC chip, because this flash memory does not have the built-in security algorithm or the coprocessor of coded data, so flash memory has the not high weakness of safety of data of storage.Even security algorithm is carried out guaranteeing the safety of data of storage in terminal self, because the different coding of each terminal type, flash memory can not guarantee the compatibility deciphered.
In other words, the IC chip has good security but has limited memory capacity, and flash memory has the data security that big memory capacity still has weakness.And the security algorithm of mobile communication terminal self can not guarantee the compatibility of data decoding.
Summary of the invention
The mass storage of being devoted to address the above problem that a kind of IC chip processor can the direct access mass storage that the invention provides is supported IC chip and support method thereof.Especially, this IC chip can carry out high-speed communication with main frame 400.
And the present invention also provides the such secure data of a kind of can encode for example mobile communication user information, personal information and financial information and can guarantee that the mass storage of the compatibility of data decoding supports IC chip and support method thereof simultaneously.
One aspect of the present invention is characterised in that the IC chip of supporting mass storage.
According to one embodiment of present invention, the IC chip memory can comprise: order wire, transmit order; Data line transmits data token (token); Storer, the storage data; Processor is according to connection status and memory transactions data; Bus controller, the order that under the control of processor, will ask to be provided with the connection status of storer outputs to order wire; And memory card controller, change each connection between data line, storer and processor according to the order that receives through order wire.Wherein said memory card controller comprises: interface driver, through said order wire and said data line and main-machine communication; Card interface controller, the type of the said order of confirming to receive through said order wire is also exported corresponding connection status and is changed signal; Register, the status information of storing said card interface controller; Switch changes signal according to said connection status and changes each connection between said card interface controller, said processor and the said storer; The storage core interface is connected to said switch, and the said storer of access is to read or to write data; And the power supply detecting unit,, power supply applies reset signal when being provided to said card interface controller and said storage core interface.
According to another embodiment of the invention, the IC chip can comprise input and output port, inputs or outputs control signal and data from main frame; First storage unit, memory encoding is imported or the security algorithm of institute's output data with decoding; And processor, receive the digital coding request signal and use this these data of security algorithm coding through input and output port, and receive the data decoding request signal and use this these data of security algorithm decoding through input and output port.
Another aspect of the present invention is characterised in that a kind of communication terminal that comprises the IC chip of supporting mass storage.
According to one embodiment of present invention, mobile communication terminal passes through to use IC chip coding and storage data, and decoding and use decoding data, and the IC chip can comprise input and output port, is electrically connected to mobile communication terminal; First storage unit, the security algorithm of memory encoding and these data of decoding; Processor; Receive digital coding request signal and these data of algorithm coding safe in utilization through input and output port from mobile communication terminal, and receive data decoding request signal and these data of algorithm safe in utilization decoding from mobile communication terminal through input and output port; And second storage unit, storage is by the data of processor decoding, and has the capacity bigger than first storage unit.
Another aspect of the present invention is characterised in that a kind of method that changes connection status.
According to one embodiment of present invention, a kind of method that changes connection status can comprise: receive order through the order wire in the memory card controller, memory card controller is through order wire and data line and main-machine communication and be connected to storer and processor; If order is the APDU order, then allows processor to permit APDU and be received and send through this data line; And if the order be bind command, then processor is connected to storer; Wherein said memory card controller comprises: interface driver, through said order wire and said data line and main-machine communication; Card interface controller, the type of the said order of confirming to receive through said order wire is also exported corresponding connection status and is changed signal; Register, the status information of storing said card interface controller; Switch changes signal according to said connection status and changes each connection between said card interface controller, said processor and the said storer; The storage core interface is connected to said switch, and the said storer of access is to read or to write data; And the power supply detecting unit,, power supply applies reset signal when being provided to said card interface controller and said storage core interface.
Another aspect of the present invention is characterised in that a kind of safety method of the data of in mobile communication terminal, using.
According to one embodiment of present invention, a kind of safety method of the data of in mobile communication terminal, using can comprise: first step receives the digital coding request signal from mobile communication terminal; Second step receives safe key and authorizes this safe key from mobile communication terminal; Third step is if the mandate of safe key success in second step is then carried out and is stored in the security algorithm in first storage unit and these data of encoding; And the 4th step, memory encoding data in second storage unit with capacity bigger than first storage unit.
Description of drawings
Fig. 1 is the block scheme of setting forth the traditional IC chip;
Fig. 2 is the concise and to the point instance of the present invention of setting forth;
Fig. 3 sets forth the block scheme of IC chip according to an embodiment of the invention;
Fig. 4 has set forth the operation of APDU order according to an embodiment of the invention;
Fig. 5 has set forth the operation of bind command according to an embodiment of the invention;
Fig. 6 has set forth the operation of the IC chip that uses APDU order and bind command according to an embodiment of the invention;
Fig. 7 has set forth the operation that transmits the IC chip of the R-APDU with data field value according to an embodiment of the invention, and this IC chip uses APDU order and bind command;
Fig. 8 has set forth the operation that transmits the IC chip of the R-APDU with data field value in accordance with another embodiment of the present invention, and this IC chip uses APDU order and bind command;
Fig. 9 has set forth the execution of data security algorithm according to an embodiment of the invention;
Figure 10 is the process flow diagram of setting forth the operation of using data security algorithm coding data according to an embodiment of the invention;
Figure 11 is the process flow diagram of setting forth the operation of using data security algorithm decoding data according to an embodiment of the invention; And
Figure 12 is the block scheme of setting forth the data in the safety storing part that can be stored in storer according to an embodiment of the invention.
Embodiment
Below, some embodiments of the present invention will be described with reference to the drawings.
Although following description is based on an embodiment of Application of MMC communication protocol; But under the situation of supporting the high speed protocol between IC chip and the terminal; Technical spirit of the present invention obviously may be used on this high speed protocol, and does not receive any restriction of high-speed communication protocol type.
Fig. 2 is the concise and to the point instance of the present invention of setting forth.IC chip of the present invention is according to the low-speed communication of ISO 7816 standards execution with the terminal.And the IC chip can comprise mass storage such as flash memory for example in addition and carry out and outside high-speed communication through high-speed interface.The IC chip can be for example subscriber identification module (SIM), USIM (USIM), user's identification module (UIM) and can remove IC chip that such being used for of user's identification module (R-UIM) discern mobile communication subscriber and any one of other IC-card that is used for ecommerce that for example financial chip is such.The IC chip not only can be carried out high-speed communication, also can carry out low-speed communication.Perhaps, IC-card can be through being transformed into the low-speed communication token high-speed communication token and only carrying out high-speed communication.
Be applied under the situation in the high-speed communication protocol at multimedia card (MMC), main frame 400 intercoms through two lines with the IC chip mutually.100 order transmits and 400 response transmits and carries out through order wire (CMD) from memory card controller 100 to main frame from main frame 400 to memory card controller.Data between main frame 400 and the memory card controller 100 transmit and carry out through data line (DATA).
As set forth in fig. 2, main frame 400 and memory card controller 100 interconnect through data line.Through changing the connection status between IC chip processor 200, storer 300 and the main frame 400, memory card controller 100 allows IC chip processor 200 to be connected to main frame 400 or storer 300.Memory card controller 100 is mainly kept the directly connection status of access memory 300 of memory card controller 100.In other words, the data of importing through data line are stored in the data that in the storer 300, perhaps from storer 300, read and are sent to main frame 400 through data line.
The inner connection status of memory card controller 100 must change, so that memory card controller 100 is transferred to the access right of storer 300 or through data token that data line received to IC chip processor 200.When first switch connection and second switch and the disconnection of the 3rd switch, the data line between main frame 400 and the memory card controller 100 is connected to storer 300.Under this connection status, memory card controller 100 can write data perhaps read the data that are written in the storer 300 in storer 300.During this period, when second switch connection and first switch and the disconnection of the 3rd switch, data line is connected to IC chip processor 200.When the 3rd switch connection and the disconnection of first and second switches, IC chip processor 200 is connected to storer 300.
The connection status of memory card controller 100 changes according to the order that receives through order wire.Order is classified as three types, and is as shown in table 1.
Table 1
Figure GSB00000619580500051
Non-Application Protocol Data Unit (non-APDU) order is to be sent to the order of memory card controller 100 and to be sent to the response of main frame 400 from memory card controller from main frame 400, comprises basic command and corresponding response by the high-speed communication protocol definition.When receiving NON APDU order; Memory card controller 100 is stored the data token that receives through data line in storer; Perhaps the second and the 3rd switch is changed to disconnection through allowing first switch to be changed to connection, comes through data line the data of being stored in the storer 300 to be sent to main frame 400.
The APDU order is the order that in main frame 400, is produced and be sent to memory card controller 100, is defined as through data line and transmits APDU.If APDU is imported from the IC chip main frame (not shown) that is connected to main frame 400, then produce the APDU order.At least one data token is transmitted certainly or is sent to main frame 400 through data line between APDU order and corresponding APDU response.
The data token that utilizes APDU to transmit through data line comprises by the order APDU (C-APDU) of main frame 400 or memory card controller 100 encapsulation or response APDU (R-APDU).
Have 48 or be less than 48 C-APDU or R-APDU and can be transmitted through a data token.Have 48 or can be transmitted through a data stream (order read) or a plurality of data token (polylith read) more than 48 C-APDU or R-APDU.
When receiving the APDU order, second switch is changed to connection, the first and the 3rd switch is changed to disconnection through allowing, and memory card controller 100 will be sent to IC chip processor 200 through the data token that data line receives.Here, data token must be dressed up C-APDU by deblocking through the decapsulation operation, to send it to IC chip processor 200.R-APDU can be packaged into data token, to send it to main frame 400.
Bind command is the order that in IC chip processor 200, is produced and be sent to memory card controller 100, is defined in to receive and transmit data between IC chip processor 200 and the storer 300.When receiving bind command, memory card controller 100 allows that the 3rd switch is changed to connection, first and second switches are changed to disconnection, makes IC chip processor 200 in storer 300, to write data and reads the data of write store 300.
ON-and OFF-command is the order that in the IC chip processor, is produced and be sent to memory card controller 100, notice has been accomplished in the data communication between IC chip processor 200 and the storer 300 given memory card controller 100.If receive ON-and OFF-command, memory card controller 100 turns back to the connection status that receives before the bind command or predetermined connection status.In another embodiment; Whether memory card controller 100 can will receive between IC chip processor 200 and storer 300 and transmit data rather than ON-and OFF-command through inspection, receives bind command connection status or predetermined connection status before and turn back to.Perhaps, memory card controller 100 can be designed to turn back to and receive the connection status before the bind command or have the predetermined connection status that certain hour postpones.
Although above description is based on the situation of using the MMC agreement as the high-speed communication protocol instance, obviously, usb protocol can easily be applied among the present invention.Method through using usb protocol to receive and send APDU is implemented according to ISO 7816-12.At this moment; Even using under the situation of USB as high-speed communication protocol; One of ordinary skill in the art can easily define and use the additional command and another additional command that allows IC chip processor access memory of the connection status of controller (for example memory card controller 100) that change to support high speed protocol, with the data token that transmits characteristic of the present invention with APDU to the IC chip processor.
IC chip processor 200 can be stored in coded data in the storer 300 through driving security algorithm, and the coded data of being stored in the translation memory, to provide decoding data to main frame 400.IC chip processor 200 can comprise the coprocessor of carrying out security algorithm.
If receive command signal writes data or reads write store 300 in storer 300 data, IC chip processor 200 is just carried out the safe handling of corresponding data.This will make more detailed description with reference to accompanying drawing 9 to accompanying drawing 12.
Fig. 3 sets forth the block scheme of IC chip according to an embodiment of the invention.
Memory card controller 100 all is included in the IC chip with IC chip processor 200.Realizing that storer 300 can be included in the IC chip under two modules, for example IC chip and the situation of storer 300 as the composite type of an integrated IC chip.Under the mixed type situation that each module interlinks through interface, storer 300 can be not included in the IC chip.
Use main frame 400 that high-speed communication protocol and memory card controller 100 communicate data and be connected to main frame 400, carry out the IC chip main frame that APDU communicates by letter with the IC chip processor of IC chip and be included in the terminal.
The such mobile communication terminal of mobile phone that for example is equipped with radio communication function can be not only in this terminal, also can be that for example PDA and laptop computer etc. are taken messaging device like this.
If IC chip main frame and one of IC chip processor 200 encapsulation APDU becomes data token that high speed protocol supports to transmit this token, then another in them just comes to intercom mutually through this data token of decapsulation.
According to this embodiment of the invention; The IC chip can comprise: storer 300; The storage Large Volume Data, memory card controller 100, through read/write data in storer and change connection status and between other parts relay data; The IC chip processor; Carry out reading and write operation of data through memory card controller and IC chip main-machine communication and in storer, and bus controller 210, allow memory card controller 100 to make IC chip processor 200 access memories become possibility through control IC chip processor 200.
Memory card controller 100, its through changing connection status between other parts of IC chip trunking traffic, comprise interface driver 110, card interface controller 120, switch 130, register 140, storage core interface 150 and power supply detecting unit 160.
Interface driver 110 carries out data token and command communication through data line and order wire with the main frame 400 that data line pin through being arranged in IC chip sides part and order wire pin are electrically connected.
The electric signal of the Physical layer that transmits through each data line and order wire is packaged into data token and order respectively, to be sent to card interface controller 120.
During this period, also dressed up the electric signal of Physical layer and be sent to main frame 400 with order from the data token of card interface controller 120 outputs through data line and order wire by deblocking.
Card interface controller 120 depends on from the type executable operations of the order of main frame 400 receptions.In other words, must change according to command type under the situation of connection status, card interface controller 120 output connection status change signal.
If receive NON APDU order; Card interface controller 120 just reads and write operation the execution of data in the storer 300; This read with write operation be the basic operation that meets high speed protocol, and keep the connection status that card interface controller 120 can access memory 300 through CS 130 (referring to table 1).
Here, storer 300 can be categorized into and can be specialized in storage card part that memory card controller 100 uses and only can be by the IC chip part of IC processor 200 accesses.Card interface controller 120 is limited to the storage card part according to the specific region of the storer 300 of NON APDU order access.
And storer 300 can be classified into the safety storing part, and the secure data of security algorithm is carried out in storage by IC chip processor 200; The user memory part; The typical data of security algorithm is not carried out in storage, and the system storage part, and storage is used for the information in diode-capacitor storage zone.This will describe in detail in Fig. 9.
If receive APDU order, card interface controller 120 is with regard to CS 130, makes the content of the data token that will receive through data line can be sent to IC chip processor 200 (referring to table 1).
To after receiving the APDU order, comprise the C-APDU that produces and use the high-speed communication protocol encapsulation by storage card main frame 400 through the received data token of data line.
Card interface controller 120 is removed head and afterbody from data token, and output content only subsequently.The content of being exported is C-APDU, and it is sent to IC chip processor 200 through switch 130.
Transmitting under the situation of a C-APDU through a plurality of data tokens, card interface controller 120 makes up corresponding contents continuously.If produced complete C-APDU, card interface controller 120 just can be sent to IC chip processor 200 by complete C-APDU.
Transmitting under the C-APDU situation through a plurality of data tokens, C-APDU comprises order and can not be packaged into a token.
Keep according to APDU order after connection status makes that the output of card interface controller 120 can be sent to IC chip processor 200 at switch 130, the C-APDU that receives through data line is sent to IC chip processor 200.
The IC processor 200 that has received C-APDU is carried out corresponding the processing.If finish dealing with, IC chip processor 200 just with result, be that R-APDU is sent to card interface controller 120.
Card with R-APDU transmits APDU through order wire and responds main frame 400.Do not comprise at R-APDU under the situation of response data that R-APDU can be included in the APDU response and be transmitted.Yet, comprise at R-APDU under the situation of response data that indication exists the response data identifier of response data can be included in the APDU response.The main frame 400 that has received the response data identifier can read R-APDU from memory card controller 100 according to data read command.
If the APDU response is transmitted, then card interface controller 120 can change the connection status of switch 130, to receive next order.Before or after the APDU response was transmitted, the connection status of switch 130 changed according to pre-defined rule.
At first, the current connection status of switch 130 can be kept, up to receiving next order.Correspondingly, in order to change connection status, NON APDU order or bind command must be received after transmitting the APDU response.The second, switch 130 can change current connection status to receiving APDU order connection status before.So the connection status of switch 130 turns back between card interface controller 120 and the storer 300 or the connection status between IC chip processor 200 and the storer 300.The 3rd, the connection status of switch 130 can only turn back to predetermined connection status.
So; Ordering according to NON APDU under the situation that the basic connection status of connection status conduct is set; Before or after transmitting the APDU response and according to after the finishing dealing with of bind command, the connection status of switch 130 turns back to the connection status between card interface controller 120 and the storer 300.
If receive bind command, card interface controller 120 makes IC chip processor 200 can be connected to storer 300 (referring to table 1) with regard to CS 130.
Bind command is produced by bus controller 210 according to the control signal of IC chip processor 200.The bind command that is produced is sent to card interface controller 120 through the order wire that is connected to bus controller 210.
Card interface controller 120 changes the connection status of switch 130, makes IC chip processor 200 can be connected to storer 300.The particular address of the storer 300 that 200 accesses of IC chip processor connect through switch 130, and read the data of storing or write data.
If IC chip processor 200 need read storer/write operation would accomplish notice and given card interface controller 120, then through bus controller 210 output ON-and OFF-commands.
Card interface controller 120 changes the connection status of switch 130 according to ON-and OFF-command, to receive R-APDU from the IC chip processor or to handle according to next command execution.
If IC chip processor 200 access memories to handle the C-APDU that transmits from main frame 400, then because R-APDU is transmitted, come to receive R-APDU from the IC chip processor so card interface controller 120 just changes connection status through CS.
At this moment, if access memory is not to produce R-APDU for IC chip processor 200, card interface controller 120 is just kept current connection status, or current connection status is changed to predetermined connection status.
If then there is condition of different in IC chip processor 200 access memories to carry out the processing of other purpose except that producing R-APDU, for example the data of storer 300 are carried out coding/decoding according to security algorithm and file management.
Especially, for the high-speed communication protocol that does not have additional security function, data security can realize through security algorithm.In other words, main frame 400 or memory card controller 100 can produce C-APDU, and corresponding data safe processing is also carried out, and C-APDU is offered IC chip processor 200 in the address of the specific region of designated memory 300.Here, the specific region of storer 300 can be only can be by the storage card part of memory card controller access.
The IC processor that has received the C-APDU that is used to carry out data safe processing is used for the bind command of access appropriate area through bus controller 210 outputs, and request changes connection status.Subsequently, IC chip processor 200 can be carried out the data safe processing of specific region.This will describe with reference to accompanying drawing 9 to accompanying drawing 12 in more detail.
In another embodiment; If (for example one-period) past schedule time; The connection that card interface controller 120 breaks off between IC chip processor and the storer 300, and CS 130 turns back to previous connection status or predetermined connection status to allow connection status.
In another embodiment, the data of card interface controller 120 monitorings between IC chip processor 200 and storer 300 transmit and accepting state.So, if swap data no longer between IC chip processor 200 and the storer 300, then CS 130 just allows connection status to turn back to previous connection status or predetermined connection status.
Switch 130 is connected respectively to card interface controller 120, IC chip processor and storer 300.And switch 130 makes becomes possibility between these three parts, transmitting and receive data under the control of card interface controller 120.
Switch 130 can be realized through using distinct methods.Any those of ordinary skill in affiliated field can easily be understood the composition of switch 130.The method that changes switch 130 connection status is referring to Fig. 2 and table 1.
The necessary status information of operation that comprises the register 140 memory card interface controllers 120 of essential register and optional register.Register 140 comprises 128 the card identifier (CID) that is used for storing identification, is stored in initialization process by 16 relative card address (RCA) of the card system address of main frame 400 dynamic assignment and by being used for 32 the mode of operation register (OCR) that the particular broadcast order of voltage form of identification card uses.Register 140 can include 16 driver-level register (DSR) of the output driver that selectively forms card further.
According to the request of card interface controller 120 or IC chip processor 200, the particular address of storage core interface 150 access memories, and read and write data.
If the IC chip is inserted in the slot at terminal, then power supply detecting unit 160 is responded to power supply that is applied and the reset signal that produces the driving IC chip parts, to apply reset signal to each parts.
IC chip processor 200 is carried out the basic operation of IC chips, partly obtains yet carry out the system storage of the essential module (for example code and little application) of basic operation through access memory 300, for example storer 300.
If receive C-APDU through memory card controller 100 from main frame 400, then IC chip processor 200 determines whether whether to be included among the C-APDU based on C-APDU type access memory 300 and data.
Owing to carried out such confirming, in must reading storer 300 the data of storing maybe must in storer 300, write under the data conditions, control signal is just outputed to bus controller 210.If IC chip processor and storer 300 are according to being interconnected by the bind command that control signal produced; The IC chip processor 200 predistribution IC chip part through using the method identical with prior art to come access memory 300 just then is to read and to write data.
Here, be configured such that IC chip processor 200 exceedingly the IC chip part memory module and the data of the storer 300 of access IC chip part.Preferably, the IC chip partly has the address system as the storage management system of traditional IC chip.In this case, although IC chip processor 200 uses the legacy memory address, storer 300 can freely be used.Certainly, owing to need more address to be used for writing Large Volume Data, thereby address system can expand to like required address so big.
If use the operation of storer 300 to accomplish, then IC chip processor 200 makes to produce ON-and OFF-command, and will hand over to card interface controller 120 to the access right of storer 300 with regard to control bus controller 210.
Certainly, in another embodiment, IC chip processor 200 can be only has the access right to storer 300 during at the fixed time.And, can confirm whether the operation of IC chip processor 200 is accomplished through the exchanges data state between monitoring IC chip processor 200 and the storer 300.IC chip processor 200 with operating result as R-APDU, to transmit R-APDU to card interface controller 120.
Owing to carried out such confirming, if need or not write data into storer 300 from storer 300 reading of data, IC chip processor 200 does not just produce bind command and transfer operation result to card interface controller 120.
At this moment, IC chip processor 200 can obtain to carry out the necessary memory resource of all operations, but when execution during basic operation, IC chip processor 200 can be in the RAM (not shown) storage computation result temporarily.
The bus controller 210 that is connected between IC chip processor 200 and the order wire produces bind command or ON-and OFF-command according to the control signal from the IC chip processor, to send it to memory card controller 100.
Storer 300 not only can be for example can electronically written or the such solid-state memory device of flash memory of deleted data, also can be the memory devices of other type.
Storer 300 can be divided into storage card part and IC chip part.Each part can be distinguished and only supplies memory card controller 100 and IC chip processor 200 to use.
The storage card part can be stored the data that transmit from main frame 400, and the necessary module of basic operation of IC chip processor 200 is carried out in the tender enough storages of IC chip part.
Storer 300 also can be divided into the safe storage part of storage security data, the user memory part of storage typical data and the system storage part of Management IC chip memory.This will describe in Fig. 9 in more detail.
Fig. 4 is an instance of setting forth APDU command operation according to an embodiment of the invention.At first, below the method that transmits APDU between main frame 400 and the IC chip, will describe briefly.Subsequently, description has been adopted the embodiment of MMC agreement.
The C-APDU that IC chip main frame is produced comprises the head of 4 bytes and the main body of variable-length.This head comprises the instruction class (CLA) of 1 byte, the instruction code (INS) of 1 byte, the parameter 1 (P1) of 1 byte and the parameter 2 (P2) of 1 byte.Main body comprises the Lc of 1 byte, measures the length of optional main body or data field; Data field comprises the command parameter or the data of variable-length; And the Le of 1 byte, the desired length of estimation return data.The R-APDU that IC chip processor 200 is produced comprises main body and the status word SW1 and the SW2 of variable-length.Main body comprises Le, measures the data of optional main body or data-field length and variable-length.
The LB head that main frame 400 will be measured C-APDU length is coupled to the C-APDU that IC chip main frame is produced, and it is packaged into a plurality of data tokens.
A plurality of encapsulation of data tokens are sent to memory card controller 100 through the Physical layer that between the memory card controller 100 at the main frame 400 of supporting high-speed communication protocol and terminal, forms.Card interface controller 120 is dressed up APDU with reference to the LB header value with a plurality of data token deblockings that receive.
Below, with the operation of describing the high-speed communication of using the MMC agreement in detail.
Under the situation of MMC agreement, command token transmits through order wire and data line respectively with the data token that is associated with command token.Data read/and write command (from main frame 400 to IC chips) and respective response (from the IC chip to main frame 400) receive and transmit through order wire, and receive and transmit through data line according to the data of order.Under the MMC agreement, data read/and write command is categorized into the order order and orders with sectional type.The order order transmits continuous data stream, and ceasing and desisting order appears in order wire in the transmission of keeping continuous data stream.The sectional type order transmits the continuous blocks (token) that comprise Cyclic Redundancy Check, and ceasing and desisting order appears in order wire in transmission block continuously.Here, order is sent to the IC chip from main frame 400, and response is sent to main frame 400 from the IC chip.Data transmit between main frame 400 and IC chip.
Command token has 48 total length.Start bit and stop bit respectively always 0 and 1.Forwarder position with next-door neighbour start bit of 1 is the position that expression comes the order of self terminal.Command context is close to the forwarder position and is protected with the position by 7 CNC verification.
The response token has 48 or 136 s' total length.Start bit and stop bit respectively always 0 and 1.Forwarder position with next-door neighbour start bit of 0 is the response of expression from IC-card.Response contents is close to the forwarder position and is protected by 7 CNC check bit sum.
In the sectional type data token, start bit and stop bit always are respectively 0 and 1.The sectional type data token, other partial-length that it has 512 bytes except that start bit, stop bit and CNC verification and position comprises the LB district of 2 bytes of indicating APDU length and the APDU district of 510 bytes.The APDU district comprises C-APDU or the R-APDU from main frame 400 or IC chip.The APDU that surpasses 510 bytes is divided at least 2 sectional type data tokens and is transmitted." 00h " is inserted in the not filling remainder bytes of last sectional type data token.
Fig. 4, APDU communication comprises following four kinds of situation.
First kind of situation is the data field value that does not have the data field value of C-APDU and do not have R-APDU.
Second kind of situation is not have the data field value of C-APDU and the arbitrary data field value of R-APDU.
The third situation is the arbitrary data field value of C-APDU and the data field value that does not have R-APDU.
The 4th kind of situation is the arbitrary data field value of C-APDU and the arbitrary data field value of R-APDU.
Under the situation of the data field value that does not have C-APDU, C-APDU can be included in APDU order 410 or the APDU token 420 (first kind of situation and second kind of situation).Under the situation of the arbitrary data field value of C-APDU, C-APDU is included in 420 neutralizations of APDU token and is transmitted (the third situation and the 4th kind of situation).Under aforementioned two kinds of situation, comprise that the APDU token of C-APDU transmits between APDU order 410 and APDU response 430.Under the situation of the data field value that does not have R-APDU, will receive R-APDU through APDU response 430.During this period, the memory card controller 100 that has received the APDU order that transmits C-APDU changes to the connection 425 between memory card controller and the IC chip processor with the connection status of switch 130 from the connection 415 between memory card controller and the storer.
Do not having under the situation enough little on the data field value of R-APDU (first with the third situation) or the R-APDU size, R-APDU is included in APDU and responds in 430.
Under the arbitrary data field value and the R-APDU situation that R-APDU is too big for transmitting through R-APDU of R-APDU, the processing of R-APDU is described as follows.Under the situation of the arbitrary data field value of R-APDU, IC chip processor 200 transmits the information that R-APDU self, the storage address that stores R-APDU or expression have the R-APDU that will be transmitted to memory card controller 100.The memory card controller 100 that has received R-APDU reads identifier with R-APDU and is inserted in the APDU response 430 and transmits this APDU response 430.It is that expression has the information of the R-APDU that will be sent to main frame 400 that R-APDU reads identifier, can only use simply 1 or more multidigit represent whether R-APDU is arranged.Perhaps, to read identifier can be to store the storage address of R-APDU or the combination of information and address to R-APDU.Received and had the main frame 400 that R-APDU reads the APDU response 430 of identifier and read R-APDU from the IC chip through reading order.During this period, before or after transmitting the APDU response, memory card controller 100 changes to previous connection status or predetermined connection status with the connection status of switch 130.Fig. 4 has set forth memory card controller 100 connection status of switch 130 has been changed to the connection between memory card controller and the storer.
Fig. 5 is an instance of setting forth the operation of bind command according to an embodiment of the invention.
In case receive C-APDU through memory card controller 100 from IC chip main frame, IC chip processor 200 just determines whether whether to comprise data based on C-APDU type access memory 300 and C-APDU.Must or storer 300, write under the data conditions from storer 300 reading of data, arrive data line through bus controller 210 output bind commands 500.The memory card controller 100 that has received bind command 500 through data line changes to the connection 515 between IC chip processor and the storer with connection status from the connection 505 between memory card controller and the storer.If IC chip processor 200 is connected to storer 300, IC chip processor 200 is the predistribution IC chip part through the method access memory 300 identical with prior art just, to read and to write data.So, in data line, do not produce any signal.
If use the operation of storer 300 to accomplish, IC chip processor 200 makes it possible to produce ON-and OFF-command with regard to the control bus controller, and will hand over to card interface controller 120 to the access right of storer 300.Certainly, in another embodiment, IC chip processor 200 can be only at the fixed time during in have access right to storer 300.And, can confirm whether the operation of IC chip processor 200 is accomplished through the exchanges data state between monitoring IC chip processor and the storer 300.So, ON-and OFF-command 520 can randomly be provided.If use the operation of storer 300 to accomplish, memory card controller 100 just turns back to previous connection status or predetermined connection status with connection status.Fig. 5 has set forth memory card controller 100 connection status has been changed to the connection between memory card controller and the storer.
Fig. 6 is an instance of setting forth the IC chip operation that uses APDU order and bind command according to an embodiment of the invention.
The main frame 400 that has received C-APDU from IC chip main frame transmits APDU order 600 to memory card controller 100 through order wire.Subsequently, C-APDU is packaged into the APDU token and is sent to memory card controller through order wire.Before receiving the APDU order, memory card controller 100 is connected to storer 300 (605).The memory card controller 100 that has received APDU order 600 changes connection status, makes that the connection 615 between memory card controller and the IC chip processor can be carried out.Subsequently, if receive APDU token 610 through data line, memory card controller 100 is just dressed up APDU token 610 deblockings C-APDU and C-APDU is sent to IC chip processor 200.The IC chip processor 200 that has received C-APDU determines whether essential access memory 300.If essential access is just exported bind command 620 to order wire.The memory card controller 100 that has received bind command 620 changes to the connection 625 between IC chip processor and the storer with connection status.Subsequently, if receive R-APDU from IC processor 200, memory card controller 100 just is transformed into APDU response 630 with R-APDU and transmits this APDU response 630 to main frame 400.Before or after APDU response 630, the connection status of memory card controller 100 maintains current state, perhaps changes to previous connection status or predetermined connection status.
Fig. 7 and Fig. 8 set forth the instance of IC chip operation that according to some embodiments of the invention transmission has the R-APDU of data field value, and the IC chip uses APDU order and bind command.Because it is identical with the part with Reference numeral 600 to 630 among Fig. 6 to have the part of Reference numeral 700 to 730 and 800 to 830, thereby following description is based on other part.
If memory card controller 100 receives R-APDU or respective response (storing the storage address of R-APDU or the information that expression has the R-APDU that will be transmitted) from IC chip processor 200, memory card controller 100 just is transformed into R-APDU or respective response APDU response 730 and transmits APDU response 730 to main frame 400.Memory card controller 100 reads identifier with R-APDU and is inserted in the APDU response 730 and transmits this APDU response 730.At this moment, before or after transmitting the APDUA response, the connection status of memory card controller 100 is maintained current state, perhaps changes to previous connection status or predetermined connection status 735.
Received and had the main frame 400 that R-APDU reads the APDU response 730 of identifier and read R-APDU from the IC chip through reading order 740.The memory card controller 100 that has received reading order 740 transmits to read and responds main frame 400.Subsequently, R-APDU is packaged into data token 760 and is sent to main frame 400.If the transmission of data token 760 is accomplished, main frame 400 just transmits ceases and desist order 770 to memory card controller 100.Memory card controller 100 770 will stop response and be sent to main frame 400 in response to ceasing and desisting order.
In this embodiment, wherein IC chip processor 200 only transmits information that expression has a R-APDU to memory card controller 100, as the APDU order 840 of reading order from IC chip processor 200 reading of data.So memory card controller 100 changes to the connection 835 between memory card controller and the IC chip processor with connection status, and IC chip processor 200 will be sent to memory card controller 100 by temporary transient stored R-APDU owing to the change of connection status.Memory card controller 100 is packaged into data token 850 with R-APDU and arrives main frame 400 to transmit data token 850, and connection status is changed to the connection 865 between memory card controller and the storer.
Fig. 9 has set forth the execution of security algorithm according to an embodiment of the invention.
The IC chip can comprise data input and output port 910, IC chip processor 200 and IC chip memory 920.
Data input and output port 910 is the ports that send the IC chip from the data of the outside input of IC chip receiving terminal or with the data of exterior of terminal input to.Data input and output port 910 is connected to aforementioned data line and order wire.Data input and output port 910 can be with multi-form ISO 7816, RF, MMC and USB standard input and output data.
As stated, IC chip processor 200 is according to the difference and storer 300 swap datas of connection status, and control IC chip is carried out the function of IC chip.Under the data conditions that transmits through data line of attempting to encode according to the request of main frame 400, encode and data are changed over secure data through driving security algorithm.The secure data of IC chip processor 200 memory encoding in safe storage part 310.
The safe handling operation relates to following operation; Promptly data are changed over secure data and it is stored in the safe storage part 310 of storer 300, and utilize same security algorithm that the secure data of storage is changed over typical decoding data and sends it to main frame 400 through utilizing the security algorithm that is driven by IC chip processor 200 to encode.
Require management not have under the situation of request of typical data of controlled signal coding receiving main frame 400, in user memory part 320, IC chip processor 200 does not drive security algorithm with data storage.When access data, send data to main frame 400, and do not carry out decoded operation.This operation is called the exemplary process operation.
As stated, security algorithm can adopt algorithm commonly known in the art.For example, security algorithm can use any one among DES, 3-DES and the AES.
In the present invention, all data through the data line input and output are not carried out security algorithm.The data that can be asked the main frame 400 or predetermined data type of control program carried out security algorithm.
Can utilize the control program that is installed in the IC chip memory 920 to carry out security algorithm.This control program can be controlled data that the data of whether encoding through data line input with whether are stored in the translation memory 300, perhaps can the address of storer be stored in the IC chip memory 920 or in the system storage part 320.Control program also can be stored in the system storage part 320.
Control program can pass through whether coded data of graphic user interface (GUI) inquiry terminal user.At this moment, ask the user under the situation of coded data, control program is carried out the security algorithm and the corresponding data of encoding.Subsequently, control program can be stored coded data in storer 300, and the information stores that the storage designation data is encoded in IC chip memory 920 or system storage part 320 has the address of memory of data.
Do not ask the user under the situation of coded data, control program is not carried out security algorithm and in storer 300, is stored corresponding data.Control program is stored designation data information that is not encoded and the address that stores memory of data in the storage area of IC chip.The information that designation data is not encoded and the address that stores memory of data are the essential information of the control program data of being stored in the searching storage 300 subsequently.
GUI can be used as a module and is included in the control program.Perhaps, GUI can be individually be implemented in the performed different application in the terminal.An instance of application program will be described in Figure 12 in more detail.
Storer 300 can be configured to comprise the integrated IC chip of an IC chip and a module.Perhaps, storer 300 can dispose with the form with the Module Links that is independent of the IC chip.
Under the situation of storer 300 with the configuration of integrated IC chip form, address bus and be used for the data bus that data transmit and can between IC chip and storer 300, provide.
Under the situation that storer 300 disposes with the form that is independent of the IC chip, data exchange between IC chip and storer 300 with any one method among ISO 7816, MMC standard, ISO 14443, ISO 15693 and the ISO 18092.Integrated IC chip form has than independent link form operating speed faster.
Form IC chip that realize, that store mobile communication user information with the usim card of the SIM of GSM method or W-CDMA method can be used as mobile communication terminal, if this IC chip is installed in this terminal.And this IC chip-stored is personal information and the such security information of financial information for example.
According to one embodiment of present invention; Storer 300 can comprise safe storage part 310; The security algorithm memory encoding data that utilization is driven by IC chip processor 200 in storer 300, user memory part 320, the typical data that storage is not encoded; And the system storage part, Management IC chip memory 300.Here, IC chip processor 200 can comprise special coprocessor as safe handling.
Storer 300 can be through dividing storage address in advance part and physically the allocate memory address come storage security data and typical data.Preferably, as stated, storer 300 is divided in advance and each zone is provided with respectively with effective management.For example, storer 300 can adopt the flash memory that can store Large Volume Data.
In aforementioned memory is partly divided; Can realize storer 300 by this way; Can with desired ratio storer 300 be divided into safe storage part and user memory part through the memory manager program that uses the terminal even get the user, and use the part of being divided.Because memory area is by management fully, thereby the system storage part can be by typically access.
Use the memory manager program at terminal to divide under the situation of memory area the user, if the storer access terminal first time then loads and drive the little application of initialization, with the initializes memory zone with desired ratio.
Use under the situation many times in the typical memory function, can specify than the more user memory part of safe storage part, multizone is used as the user memory part to use more.If mobile content uses a lot, can specify the safe storage part more than the user memory part.
For example, if user memory and safe storage are set with 50 to 50 ratio, User Part and the security that then can in the system storage part, divide whole physical addresss of diode-capacitor storage 300.
Divide in the part at each, using has a part independent access rule, that can be become the user memory part by the zone of user's control.In the terminal, memory area can be managed little application through institute's memory storing in the system storage part that applies memory manager program and driving IC chip and reset.
In this case, also can be provided with can be by the part of user access through using access rule that the storage address by system memory management is resetted.
Simultaneously, each part can have size separately.Yet each part preferably can have a size that can dynamically change.
Figure 10 is the process flow diagram of setting forth the operation of using data security algorithm coding data according to an embodiment of the invention.
Referring to Figure 10, in the step that S1010 representes, control program receives the check that whether allows control program that the user is encoded through the data of the input and output port input of IC chip.
In the step that S1020 representes, to select the user under the situation of coded data, control program receives the safe key of user's input and authorizes this safe key.Here, PIN or password can be used as authorization method.
In the step that S1030 representes, if the mandate of safe key success, then control program utilizes IC chip processor 200 to carry out security algorithm with the coding corresponding data.If the authorization failure of safe key then no longer continues next step, processing finishes.
During this period, do not select the user no longer to experience the step that S1030 representes under the situation of coded data, and arrive the step that S1040 representes.
In the step that S1040 representes, control program is stored related data in storer 300, and the information that whether the storage indication data of store are encoded in the IC of IC chip chip memory 920 and store the address of storing memory of data to some extent.Here, for the information whether the indication data of storing are encoded, under the situation of the step that experience S1030 representes, the information that designation data is encoded is stored in the step that S1040 representes.Under the situation that does not experience the step that S1030 representes, the information that designation data is not encoded is stored in the step that S1040 representes.
In the step that S1050 representes, control program passes through the event memory of the display unit at terminal to user's video data.
Figure 11 is the process flow diagram of setting forth the operation of using data security algorithm decoding data according to an embodiment of the invention.
Referring to Figure 11, in the step that S1110 representes, in the step that S1110 representes, the graphic user interface of control program through mobile communication terminal receives the request of the data of storing the searching storage 300 from the user.
In the step that S1120 representes, be under the situation of coded data in institute's search data, the safe key of control program authorized user.PIN or password can be as the mandates of safe key.
If safe key is successfully authorized in the step that S1130 representes, then control program is deciphered the data of being searched for storage address through utilizing IC chip processor 200 to carry out security algorithm in the step that S1140 representes.If in the step that S1120 representes, search the data that do not have encoding operation, then do not carry out the step that S1140 representes.Simultaneously, if the mandate of safe key in the step that S1130 representes, fail, then do not proceed any next step, and processing finishes.
In the step that S1150 representes, the display unit of control program through the terminal shows decoding data or do not have the data of encoding operation to the user.
Figure 12 is the block scheme of setting forth the data in the safe storage part that can be stored in storer according to an embodiment of the invention.
Data set forth in fig. 12 by item divided and constituted the terminal the information that is provided with and with the subscriber-related personal information of using this terminal.
Like what set forth among Figure 12, structured data can be divided into items such as " personal user's interface (MY UI) ", " personal information management system (PIMS) ", " browser ", " finance " and " application program ".
Personal user's interface (MY UI) comprises that the user conveniently uses or modify the information setting of his or her mobile communication terminal, for example " wallpaper ", " the tinkle of bells ", " time setting ", " font ", " contextual model " and " virtual pet ".
PIMS for example comprises " telephone number ", " schedule management ", " alarm clock ", " SMS transmission/reception " and information such as " E-mail ".Browser comprises " bookmark " and " historical information ".
Finance for example comprise " account number ", " password ", " using historical " and information such as " remittance account numbers ".
Application program comprises " courier ", " remote measurement ", " DMB ", " office " and sub-projects such as " ID ", and they are performed in mobile communication terminal.
The courier can comprise the information that is used for courier's chat, for example " my ID ", buddy list, interception tabulation, historical information etc.
Remote measurement can comprise through the service of terminal receive direction information necessary, for example " bookmark ", " my homepage ", " information is set " and " historical information " etc.
DMB can comprise through terminal reception broadcast service information necessary, for example " channel list ", " program listing " and " information is set " etc.
Office can comprise the information that is used for through terminal access office subassembly, for example " VPN " and " information is set " etc.
ID can comprise " key value " and the information such as " registration numbers temporarily " when registration train or aircraft of door of user's for example dwelling house or office.
One of ordinary skill in the art are readily appreciated that other coded message except that data set forth in fig. 12 also can comprise in the present invention.
So the terminal user can encode more simply and storage is provided with information and personal information, and also this information is offered the user through structure with the memory encoding information necessary and use coded and canned data.And under the situation about substituting with new terminal at old terminal, through in new terminal, placing IC chip or the storer 300 that stores data of the present invention, but former state ground uses previous information.In addition, at mobile communication terminal lost or by under the situation of stealing, the danger that does not exist personal information to leak.
Industrial applicibility
As stated, according to the present invention, because the IC chip can use mass storage to carry out its basic operation, then compared with prior art, the physical restriction of memory span is overcome.Correspondingly, can store photograph usually can not mandate of stored for example high capacity or the such data of security algorithm code.
Simultaneously, owing to carry out through high-speed communication protocol with communicating by letter of main frame 400, thereby communication can be carried out than prior art quickly.
In addition, owing to when storage in mass storage during data, store or use data through the security algorithm of use IC chip, thereby the security of mass storage increased, rather than only used high-speed communication protocol.

Claims (13)

1. IC chip comprises:
Order wire transmits order;
Data line transmits data token;
Storer, the storage data;
Processor is according to connection status and said memory transactions data;
Bus controller, the order that under the control of said processor, will ask to be provided with the connection status of said storer outputs to said order wire; And
Memory card controller changes each connection between said data line, said storer and said processor according to the said order that receives through said order wire;
Wherein said memory card controller comprises:
Interface driver is through said order wire and said data line and main-machine communication;
Card interface controller, the type of the said order of confirming to receive through said order wire is also exported corresponding connection status and is changed signal;
Register, the status information of storing said card interface controller;
Switch changes signal according to said connection status and changes each connection between said card interface controller, said processor and the said storer;
The storage core interface is connected to said switch, and the said storer of access is to read or to write data; And
The power supply detecting unit applies reset signal to said card interface controller and said storage core interface when power supply is provided.
2. according to the IC chip of claim 1; Wherein said order comprises Application Protocol Data Unit (APDU) order; Connection between said memory card controller and the said processor is set, and bind command, another connection between said processor and the said storer is set.
3. according to the IC chip of claim 2, wherein said order further comprises ON-and OFF-command, breaks off the connection between said processor and the said storer.
4. according to the IC chip of claim 2, wherein said memory card controller will become order APDU (C-APDU) and export said C-APDU to said processor corresponding to the APDU token decapsulation of said APDU order.
5. according to the IC chip of claim 2, the order APDU (C-APDU) that wherein said memory card controller output is included in the said APDU order arrives said processor.
6. according to the IC chip of claim 2, wherein said memory card controller will be inserted into from the response command (R-APDU) of said processor output the APDU response, and if said R-APDU do not comprise response data, then export said APDU through said data line.
7. according to the IC chip of claim 2; Wherein said memory card controller will indicate the response data identifier that has response data to be inserted in the APDU response; And if comprise response data from the response command (R-APDU) of said processor output, then export said response data identifier through said data line.
8. according to the IC chip of claim 1, wherein said storer is a flash memory.
9. according to Claim 8 IC chip, wherein said storer comprises IC chip memory part and storage card part.
10. according to the IC chip of claim 1, wherein said processor is carried out safe handling through algorithm safe in utilization to a part that is stored in the data in the said storer.
11., further comprise being connected to said processor and temporarily storing the RAS of the result of calculation of said processor according to the IC chip of claim 1.
12. according to the IC chip of claim 1, wherein said memory card controller at the fixed time during in said processor is connected to said storer.
13. a memory card controller changes the method for the connection status between storer and the processor; Said memory card controller through order wire and data line and main-machine communication and be connected to said storer and said processor and according to the order that receives through said order wire changes between said data line, said storer and said processor each is connected, this method comprises:
Receive order through said order wire;
If said order is the APDU order, then allows processor to permit APDU and be received and send through said data line; And
If said order is bind command, then said processor is connected to said storer;
Wherein said memory card controller comprises:
Interface driver is through said order wire and said data line and main-machine communication;
Card interface controller, the type of the said order of confirming to receive through said order wire is also exported corresponding connection status and is changed signal;
Register, the status information of storing said card interface controller;
Switch changes signal according to said connection status and changes each connection between said card interface controller, said processor and the said storer;
The storage core interface is connected to said switch, and the said storer of access is to read or to write data; And
The power supply detecting unit applies reset signal to said card interface controller and said storage core interface when power supply is provided.
CN2007800090222A 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof Expired - Fee Related CN101401113B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
KR1020060024337A KR20070094108A (en) 2006-03-16 2006-03-16 Data security device and method and mobile terminal including the same
KR1020060024337 2006-03-16
KR10-2006-0024337 2006-03-16
KR10-2006-0026954 2006-03-24
KR1020060026954A KR100738032B1 (en) 2006-03-24 2006-03-24 Smart card of supporting large size memory and method thereof
KR1020060026954 2006-03-24
PCT/KR2007/001295 WO2007105926A1 (en) 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof

Publications (2)

Publication Number Publication Date
CN101401113A CN101401113A (en) 2009-04-01
CN101401113B true CN101401113B (en) 2012-04-11

Family

ID=38688049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007800090222A Expired - Fee Related CN101401113B (en) 2006-03-16 2007-03-16 Ic chip of supporting large size memory and method thereof

Country Status (2)

Country Link
KR (1) KR20070094108A (en)
CN (1) CN101401113B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090037022A (en) * 2007-10-11 2009-04-15 슬림디스크 주식회사 Smart card with flash memory and memory reader of smart card and drm method using that
WO2009064131A2 (en) * 2007-11-15 2009-05-22 Slimdisc Corp. Smart card with flash memory and memory reader of smart card and drm method using the reader
KR20090058758A (en) * 2007-12-05 2009-06-10 슬림디스크 주식회사 Smart card with flash memory and display, card reader of smart card, drm method using that
US8613087B2 (en) 2010-12-06 2013-12-17 Samsung Electronics Co., Ltd. Computing system
CN102591735B (en) * 2011-12-31 2013-11-13 飞天诚信科技股份有限公司 Method for processing CAP file by intelligent card
KR101457183B1 (en) * 2012-02-24 2014-10-31 민정홍 RFID Security system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6178324B1 (en) * 1997-08-04 2001-01-23 Alcatel Method of adapting the operation of a subscriber identity module to one or more interfaces of a mobile radiocommunications terminal, a corresponding subscriber identity module, and a corresponding mobile terminal
KR20040085793A (en) * 2003-04-01 2004-10-08 이상은 Smart mobile storage device with embedded application programs
CN1696972A (en) * 2004-05-11 2005-11-16 株式会社瑞萨科技 IC card module
EP1258831B1 (en) * 2001-05-17 2006-07-26 Matsushita Electric Industrial Co., Ltd. IC Card and Electronic Devices having contact and non-contact interface

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6178324B1 (en) * 1997-08-04 2001-01-23 Alcatel Method of adapting the operation of a subscriber identity module to one or more interfaces of a mobile radiocommunications terminal, a corresponding subscriber identity module, and a corresponding mobile terminal
EP1258831B1 (en) * 2001-05-17 2006-07-26 Matsushita Electric Industrial Co., Ltd. IC Card and Electronic Devices having contact and non-contact interface
KR20040085793A (en) * 2003-04-01 2004-10-08 이상은 Smart mobile storage device with embedded application programs
CN1696972A (en) * 2004-05-11 2005-11-16 株式会社瑞萨科技 IC card module

Also Published As

Publication number Publication date
KR20070094108A (en) 2007-09-20
CN101401113A (en) 2009-04-01

Similar Documents

Publication Publication Date Title
CN101401113B (en) Ic chip of supporting large size memory and method thereof
US8931705B2 (en) IC card, mobile electronic device and data processing method in IC card
CN102129592A (en) Contact smart card
CN103414497B (en) For communication between electronic by the control method forwarded and corresponding equipment
JP6516133B2 (en) Communication device and communication system
CN103544114B (en) Based on many M1 card control system and the control method thereof of single CPU card
EP2919489B1 (en) Electronic device, communication system, control method of electronic device, and program
KR100782113B1 (en) Memory card system and method transmitting host identification information thereof
JP3863011B2 (en) Combination type IC card, control method therefor, and system program therefor
JPH079666B2 (en) Portable electronic device handling system
CN100570633C (en) The disposal route of CPU and logical encrypt double-purpose smart card and critical data thereof
US20110197203A1 (en) Communication device, communication method and program
CN104143996A (en) Radio communication devices and methods for controlling a radio communication device
CN105809231A (en) Multi-frequency multi-purpose electronic tag and using method thereof
JP3718564B2 (en) IC card
EP3800915A1 (en) Type 4 nfc tags as protocol interface
KR100738032B1 (en) Smart card of supporting large size memory and method thereof
JP5022434B2 (en) IC chip supporting large capacity memory and supporting method
JP4590201B2 (en) Data carrier and data carrier program
EP1384197B1 (en) Method of manufacturing smart cards
KR101749517B1 (en) Smart card reader
CN218630803U (en) House card distributing device and house card distributing device
CN101561860B (en) Card reader and method of mutual authentication of storage card
JP5991119B2 (en) COMMUNICATION SYSTEM, IC CARD, IC CARD PROCESSING PROGRAM, EXTERNAL DEVICE, AND COMMUNICATION METHOD
JP6819201B2 (en) Electronic information storage medium, IC card, setting information transmission method, and setting information transmission program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120411

Termination date: 20150316

EXPY Termination of patent right or utility model