CN108665045A - A method of realizing that more publishers' applies Java card more - Google Patents
A method of realizing that more publishers' applies Java card more Download PDFInfo
- Publication number
- CN108665045A CN108665045A CN201810408255.XA CN201810408255A CN108665045A CN 108665045 A CN108665045 A CN 108665045A CN 201810408255 A CN201810408255 A CN 201810408255A CN 108665045 A CN108665045 A CN 108665045A
- Authority
- CN
- China
- Prior art keywords
- card
- security domain
- isdxx
- main security
- isd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0719—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising an arrangement for application selection, e.g. an acceleration sensor or a set of radio buttons
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of methods for more applying Java card for realizing more publishers, are related to field of intelligent cards.Unique main security domain there are one meeting on the card of Global Platform specifications, method provided by the invention can make it is each using supplier gather around there are one with main security domain have par main security domain, respective application is managed by the main security domain, technical solution is:When creating security domain, identify whether the security domain is main security domain by the installation parameter of a specific label, when the security domain has required key and is associated with itself, current card will automatically switch into supports more publishers' to apply Java card more, this switching is completed without particular arrangement order, if card in do not have create with main security domain label security domain, card still be meet Global Platform standards apply Java card.The invention avoids application of the card in other industry field is restricted because card issuing side is to the super privilege of card, to substantially increase the adaptability of platform.
Description
Technical field
The present invention relates to technical field of intelligent card more particularly to a kind of sides for more applying Java card realizing more publishers
Method.
Background technology
In the card specification of GlobalPlatform tissue publications, has and only there are one publishers, which is card
The owner of piece is simultaneously finally responsible for the behavior of card, which corresponds to a special security domain in card, is claimed
For publisher's security domain, also referred to as main security domain, it, which represents publisher, needs on card for card Content Management, safety and communication etc.
Offer support is provided.
When card enters OPREADY life cycles, it is necessary to have been provided with such a main security domain, pass through this master
Security domain blocks the relevant information that outer entity can obtain card, it is also possible to be completed under application packet by the main security domain
It carries, application example establishment, wrap the operations such as deletion, application example deletion, it is safe that others can also be created by the main security domain
Domain, but other security domains are all supplement security domains.
Difference lies in main security domain has characteristic below to main security domain with supplement security domain:
1. it is the application of upper first installation of card;
2. the life cycle for the card inherited when its life cycle, rather than use peace as other supplement security domains
The life cycle state of universe.
Main security domain has significantly different, the life cycle state of main security domain with supplement security domain in life cycle management
Inherit card life cycle state, that is to say, that can by lock or terminate the life cycle state of main security domain come
Achieve the purpose that pintle hook lock or terminate card, after card locking, to other all supplement security domains and the upper all applications of card
Operation can all be prohibited, unless card is unlocked, after card termination, to any behaviour in addition to GET DATA orders of card
Work will be prohibited, that is to say, that if the life cycle of ISD to be revised as locking or terminate, this modification is to blocking entirely
What piece came into force.
In addition, according to the card specification of GlobalPlatform tissue publications, main security domain is given tacit consent to global lock, entirely
The permission that office deletes, but also be the Final applications that may finally be selected when card is locked and terminated, it is basic logic channel
On silent choosing application, these permissions are just default when main security domain is created to be had, unless pass through more new registry
Mode modify to it, otherwise it can arbitrarily go to lock the application of its hetero-organization publication, arbitrarily go to delete card
On any packet and application, even these packet and application be not to belong to main security domain, these permissions will obviously make these packets
It is in very weak tendency and passive status with the supplier of application.
But at home, since there is the card issuing sides of many different industries, even if when combining hair fastener they
Want to manage security domain and the application of oneself independently, be not desired to the control of acceptor's security domain, is not desired to manipulate card by single publisher
Life cycle, be more not desired to oneself packet and application by its hetero-organization to delete, so if there is a kind of card can support it is more
A publisher, and their security domains that independent can draw oneself up and application, so that it may to meet above-mentioned industry requirement, this hair
Bright to provide for such a method for more applying Java card for realizing more publishers, on a card, there may be multiple
Publisher's security domain, that is, multiple main security domains, each manage packet and the application of oneself, and a main security domain can only manage
Packet and the application for managing own, cannot manage the packet under other main security domains and application, can not go to delete other main security domains
Under packet and application, each main security domain have the life cycle state of oneself, the life cycle state of oneself can only be managed, no
The life cycle state that other main security domains can be removed to change, by these limitations, make each main security domain and its under associated packet
With application and other main security domains and its lower packet and apply all in mutually independent state, be independent of each other, it is non-interference, and
And the present invention uses a kind of mode of pure software, does not need chip level and does any change, reduces chip correcting and brings
Cost increase.
Invention content
An embodiment of the present invention provides a kind of methods for more applying Java card for realizing more publishers, are not installing other masters
In the case of security domain, here it is the cards that one meets Global Platform standards, but if are mounted with other masters
Security domain, this just becomes one can support more publishers' to apply Java card more.
To achieve the purpose of the present invention, it needs to operate according to the following steps, including:
Step 1:It is created in card initialization procedure and blocks upper first main security domain, do not creating other main security domains
In the case of, which is the standard Java card for meeting Global Platform specifications, has a unique main security domain on card
ISD1;
Step 2:According to the needs of application supplier, can creating other main security domain ISDxx, (xx represents the volume of ISD
Number, for distinguishing ISD1), these security domains are ordered by INSTALL [for install and make selectable]
Come what is created, it is ISD that there are one labels for identifying these security domains in the installation parameter of the order, life cycle state with
Initial life cycle after the completion of ISD1 is created is consistent, and due to not any key, it is can not externally to provide security domain phase
The service of pass, card is still that only there are one can use the card for meeting Global Platform specifications of ISD at this time;
Step 3:When ISDxx have escape way key and with the relevant all keys of its permission and be associated with
When to itself, which is available mode, it can externally provide security domain relevant service at this time, but the life of the ISD at this time
It is OPREADY states to order periodic state still;
Step 4:When coming into available mode there are one ISDxx on card, card, which can automatically switch to, supports multiple row
More the apply Java card, this switching of side are intervened without extraneous, what card was automatically performed, and this operation is irreversible;
Step 5:After card personalization, to ensure card security, do not allow to create ISD, ISDxx and ISD1 again
It is independent from each other, they exist as the root of separate tree, and management other side is gone not across tree
Associated application.
The method provided in an embodiment of the present invention that more apply Java card for realizing more publishers, can pass through adaptive side
Formula is switched to from the card for meeting Global Platform specifications supports more publishers' to apply Java card more, without making
It is switched with configuration, code space can be saved, and if configuration is too many, it is easy to lead to card issuing due to configuration error
Failure, in addition, this card can meet the needs of more publishers completely, makes them can the independent management safety of oneself
Domain and application, and the application of other security domain managements cannot be operated, ensure them independently of each other.
Description of the drawings
Fig. 1 is the embodiment flow chart of the embodiment of the present invention;
Specific implementation mode
With reference to the accompanying drawings and examples to it is provided by the invention realize more publishers apply more the method for Java card into
Row is described in more detail.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
The every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The method for more applying Java card of the more publishers of realization provided in the embodiment of the present invention, needs to wrap the step of execution
It includes:
When S101, card initialization, only has unique ISD1 on card;
S102, establishment ISDxx is ordered by INSTALL [for install and make selectable];
S103, the key by giving ISDxx loadings required, and completion moves to itself to make ISDxx enter available mode;
S104, ISDxx enter available mode, and card automatically switches to supports more publishers' to apply Java card more;
S105, card personalization are completed, and forbid creating ISDxx, and ISDxx is independent from each other with ISD1, they are as each
Exist from the root of independent tree, the associated application of management other side is gone not across tree;
Specifically, in step S101, when card initializes, only has unique ISD1 on card, ISD1 is on card
First application, card is a card for complying with standard Global Platform specifications, the life cycle shape of ISD1 at this time
State is OPREADY states;
In step s 102, ISD1 is selected, and passes through INSTALL [for install and make
Selectable] order establishment ISDxx, in the installation that INSTALL [for install and make selectable] is ordered
In parameter, by a specific parameter come to identify the application that this to be created be ISD, this ISDxx is raw after the completion of establishment
It is identical as ISD1 to order periodic state, is all OPREADY states, the associated security domain of the ISDxx is ISD1;
In step s 103, ISDxx is selected, escape way is established, there are no the escape way of oneself is close because of it at this time
Key after the completion of escape way is established, fills so needing to establish escape way using the escape way key of ISD1 for ISDxx
The key of own, including escape way key and other and the relevant key of its permission are carried, ISDxx is then moved to oneself
Body makes it be completely independent with ISD1, and after ISDxx completes to move to itself and load the action of all required keys, ISDxx will
Into available mode, but its life cycle state is still OPREADY states;
In step S104, after will enter available mode there are one ISDxx on card, card automatically switches into a support
More the apply Java card, this switching of more publishers is intervened without extraneous, what card was automatically performed, because of each ISD, nothing
By ISD1 or ISDxx be all do not allow it is deleted, so be switched to more publishers apply Java card operation can not
It is inverse;
In step S105, after card personalization, does not allow to create ISDxx again, retransmit INSTALL [for
Install and make selectable] order attempt establishment ISDxx, exception information will be returned to, ISDxx and ISD1 is phase
Mutually independent, they exist as the root of separate tree, and the phase of management other side is gone not across tree
Associated application, each represent some publisher, and this structure can fully meet the needs of each entity joint hair fastener.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art is in technical scope of the present invention, the change or replacement that can be readily occurred in, all
It is covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (9)
1. a kind of method for more applying Java card for realizing more publishers, which is characterized in that mainly include the following steps that:
Step 1:It is created in card initialization procedure and blocks upper first main security domain;
Step 2:Other main security domains are created, are pacified based on the security domain to identify by the installation parameter of a specific label
Universe, the ISD created in this way, abbreviation ISDxx;
Step 3:Required escape way key is loaded for ISDxx, is completed with the relevant all cipher key associateds of its permission to certainly
Body, the ISD are available mode;
Step 4:When coming into available mode there are one ISDxx on card, card, which can automatically switch to, supports more publishers
Apply Java card, and this operation is irreversible more;
Step 5:Card personalization terminates, and no longer allows to create ISD.
2. method as described in claim 1, it is characterised in that:
The step 1 can create the upper first main security domain of card in card initialization procedure, not create other main security domains
In the case of, which is the standard Java card for meeting Global Platform specifications, has unique main safety on card
Domain ISD1.
3. method as described in claim 1, it is characterised in that:
The step 2 can create other main security domain ISDxx according to the needs of application supplier, these security domains are
It orders to create by INSTALL [for install and make selectable], in the installation parameter of the order
It is ISD that there are one labels for identifying these security domains.
4. method as described in claim 1, it is characterised in that:
In the step 2, these order to create by INSTALL [for install and make selectable]
ISDxx, after the completion of establishment, the initial life cycle after the completion of life cycle state is created with ISD1 is consistent for they.
5. method as described in claim 1, it is characterised in that:
In the step 3, after in ISDxx, installation is complete, due to not any key, it is can not externally to provide security domain
Relevant service, card is still that only there are one can use the card for meeting Global Platform specifications of ISD at this time.
6. method as described in claim 1, it is characterised in that:
In the step 3, when ISDxx have escape way key and with the relevant all keys of its permission and closed
When being linked to itself, which is available mode, it can externally provide security domain relevant service at this time, but its life
Periodic state is still OPREADY states, consistent with the initial life cycle state of ISD1.
7. method as described in claim 1, it is characterised in that:
In the step 4, when coming into available mode there are one ISDxx on card, it is multiple that card can automatically switch to support
Row side applies Java card, this switching that need not be controlled using configuration switch more, is that card is automatically performed.
8. method as described in claim 1, it is characterised in that:
In the step 4, no matter ISD1 or ISDxx, be all do not allow it is deleted, so card be switched to support it is multiple
The action of Java card of more applying of row side is irreversible.
9. method as described in claim 1, it is characterised in that:
In the step 5, multiple main security domains, each main security domain can be created according to the different needs using supplier
It independently gathers around there are one tree structure, each ISD manages packet and the application of its subordinate independently, cannot manage other across tree structure
The packet of ISD subordinate or application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810408255.XA CN108665045A (en) | 2018-05-02 | 2018-05-02 | A method of realizing that more publishers' applies Java card more |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810408255.XA CN108665045A (en) | 2018-05-02 | 2018-05-02 | A method of realizing that more publishers' applies Java card more |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108665045A true CN108665045A (en) | 2018-10-16 |
Family
ID=63781562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810408255.XA Pending CN108665045A (en) | 2018-05-02 | 2018-05-02 | A method of realizing that more publishers' applies Java card more |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108665045A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102087716A (en) * | 2011-03-02 | 2011-06-08 | 武汉天喻信息产业股份有限公司 | Multi-application Java smart card |
CN102831468A (en) * | 2012-08-06 | 2012-12-19 | 中国移动通信集团江苏有限公司 | Intelligent card chip of mobile terminal as well as initialization and use method thereof |
CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
CN105809064A (en) * | 2014-12-31 | 2016-07-27 | 北京华大智宝电子系统有限公司 | Smart card safety control method and smart card |
CN106228090A (en) * | 2016-07-28 | 2016-12-14 | 飞天诚信科技股份有限公司 | One how main security domain Java smart card and its implementation |
-
2018
- 2018-05-02 CN CN201810408255.XA patent/CN108665045A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102087716A (en) * | 2011-03-02 | 2011-06-08 | 武汉天喻信息产业股份有限公司 | Multi-application Java smart card |
CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
CN102831468A (en) * | 2012-08-06 | 2012-12-19 | 中国移动通信集团江苏有限公司 | Intelligent card chip of mobile terminal as well as initialization and use method thereof |
CN105809064A (en) * | 2014-12-31 | 2016-07-27 | 北京华大智宝电子系统有限公司 | Smart card safety control method and smart card |
CN106228090A (en) * | 2016-07-28 | 2016-12-14 | 飞天诚信科技股份有限公司 | One how main security domain Java smart card and its implementation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103593621B (en) | Method for managing safety element, safety element and mobile communication device | |
US20140189880A1 (en) | System and method for administrating access control rules on a secure element | |
US20170017956A1 (en) | Systems, methods, and computer program products for managing states | |
CN111357240B (en) | Cryptographic system, method and medium for cryptographic system | |
KR20100132055A (en) | Method of access and of transferring data related to an application installed on a security module associated with a mobile terminal, associated security module, management server and system | |
CN107330333A (en) | Ensure the method and device of POS firmware safety | |
CN106470430A (en) | The processing method of operator's configuration, equipment and system | |
CN105046146A (en) | Resource access method of Android system | |
US9980128B2 (en) | Method for modifying rights to security domain for smartcard, and server, smartcard, and terminal for same | |
CN106127077A (en) | A kind of method protecting user privacy information and terminal | |
CN102236764A (en) | Method and monitoring system for Android system to defend against desktop information attack | |
CN105915338A (en) | Key generation method and key generation system | |
KR20180100087A (en) | Method and Embedded UICC for Management and Execution of Policy Rule | |
CN105005730A (en) | Authority design method based on APP (application) | |
CA2546163A1 (en) | Attribute-based allocation of resources to security domains | |
CN114143069B (en) | Authority management system and method applied to microservice | |
CN108665045A (en) | A method of realizing that more publishers' applies Java card more | |
CN106228090B (en) | A kind of how main security domain Java smart card and its implementation | |
CN102902916B (en) | The authority control method that application program is general | |
US9794351B2 (en) | Distributed management with embedded agents in enterprise apps | |
AU2011344503A1 (en) | Definition of objects in object-oriented programming environments | |
WO2013111490A1 (en) | Information processing apparatus, information processing method, and computer program | |
Sylla et al. | Design framework for reliable and environment aware management of smart environment devices | |
US11665204B2 (en) | Computer implemented method and apparatus for management of non-binary privileges in a structured user environment | |
JP6701719B2 (en) | Information processing equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181016 |
|
WD01 | Invention patent application deemed withdrawn after publication |