CN111966443B - Smart card and working method thereof - Google Patents
Smart card and working method thereof Download PDFInfo
- Publication number
- CN111966443B CN111966443B CN201910419364.6A CN201910419364A CN111966443B CN 111966443 B CN111966443 B CN 111966443B CN 201910419364 A CN201910419364 A CN 201910419364A CN 111966443 B CN111966443 B CN 111966443B
- Authority
- CN
- China
- Prior art keywords
- application
- virtual machine
- smart card
- virtual
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 2
- 238000011017 operating method Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 5
- 239000008186 active pharmaceutical agent Substances 0.000 description 4
- 238000013475 authorization Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- JEIPFZHSYJVQDO-UHFFFAOYSA-N iron(III) oxide Inorganic materials O=[Fe]O[Fe]=O JEIPFZHSYJVQDO-UHFFFAOYSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45516—Runtime code conversion or optimisation
Abstract
The application discloses a smart card and a working method thereof, comprising the following steps: starting a virtual machine in response to a command for calling an application; the virtual machine converts statements in the application that are made up of binary bytecodes into at least one virtual machine instruction recognizable by the smart card operating system. According to the smart card, the application is generated by using the binary instruction format, and the application is read and executed in cooperation with a specific virtual machine working method, so that the binary format file can be executed on the smart card, and the universal hardware performance is exerted and the smart card runs at the speed of the original application.
Description
Technical Field
The present disclosure relates to the field of smart cards, and more particularly, to a smart card and a method for operating the same.
Background
The existing smart card basically adopts Java technology, and the Java card technology is widely accepted in the industry. The Java card technology includes three parts, a Java card runtime environment (Java Card Runtime Environment, JCRE), a Java card virtual machine (Java Card Virtual Machine, JCVM), and a Java card application programming interface (Java Card Application Programming Interfaces, JCAPI).
Virtual machines are key to implementing application independence and application platform independence. An abstraction of real computer resources provides a complete set of virtual machine interfaces for an interpreted language, i.e., defines a set of virtual commands, and provides a portable interface between applications developed in the interpreted language and the computer resources. When the interpretation is executed, one virtual command is submitted to the virtual machine for execution at a time. The Java card virtual machine comprises two parts, the upper part of the card comprises a Java card byte code interpreter. The Java card converter is an off-card part that runs on a PC or workstation. The card and the external part of the card together realize the full functions of the virtual machine. The converter loads and preprocesses class files and output CAP (converted applet) files constituting the Java package. The CAP file is then loaded into the Java smartcard and executed by the interpreter.
The existing intelligent card system based on Java technology has the technical problem of lower execution efficiency.
Disclosure of Invention
The purpose of the application is to provide a smart card with higher execution efficiency, faster running speed and compatibility.
The application provides a smart card working method, which comprises the following steps: starting a virtual machine in response to a command for calling an application; the virtual machine converts statements in the application that are made up of binary bytecodes into at least one virtual machine instruction recognizable by the smart card operating system.
Preferably, the application is made up of a plurality of modules, each module being made up of binary bytecodes.
Preferably, the at least one virtual machine instruction constitutes a virtual machine instruction set, a plurality of virtual machine instruction sets and constitutes a global instruction queue.
Preferably, the virtual context is mapped into the smart card memory upon exiting the application, using the execution data in the virtual context save translation.
Preferably, the virtual machine circularly reads the global instruction queue to execute the corresponding function of the application.
The smart card working method provided by the application has the steps, and the binary instruction format is used for generating the application, so that the application is read and executed in cooperation with a specific virtual machine working method, and the binary format file can be executed on the smart card, thereby exerting the general hardware performance and running at the speed of the native application.
In addition, the application also provides a smart card, which comprises the following components: a memory storing an application; and the virtual machine responds to a command for calling the application and converts sentences consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system.
Preferably, the application is made up of a plurality of modules, each module being made up of binary bytecodes.
Preferably, the virtual machine comprises the following sub-components:
the virtual Context VM Context is used for storing execution data in the conversion process;
an initialization module VM Init is used for initializing the virtual machine when the virtual machine is started;
the method comprises the steps that an Exit module VM Exit maps virtual context to a smart card memory when an application is exited;
the Dispatcher converts sentences consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system;
and the executor circularly reads the virtual machine instruction and executes the corresponding function of the application.
Preferably, the smart card further comprises: the at least one virtual machine instruction forms a virtual machine instruction set, and a plurality of virtual machine instruction sets form a global instruction queue.
Preferably, a plurality of applications are stored in the smart card, and the application boundary limitation is realized by fixing the storage space size and address verification.
Because the smart card provided by the application is suitable for the smart card working method, the smart card has the same beneficial effects as the smart card working method, and the detailed description is omitted here.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a smart card according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a smart card according to a second embodiment of the present application;
FIG. 3 is an application boundary diagram;
fig. 4 is a schematic structural diagram of a virtual machine in an embodiment of the present application;
FIG. 5 is a workflow diagram of a smart card in an embodiment of the present application;
FIG. 6 is a schematic diagram of an application forming process;
FIG. 7 is a schematic diagram of application generation and running on a smart card;
fig. 8 is a block diagram of a smart card system.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Example 1
An embodiment of the present application provides a smart card, specifically, as shown in fig. 1, the smart card 100 includes: a memory 110 storing applications; the virtual machine 120, in response to a command to invoke the application, converts statements in the application that are made up of binary bytecodes into at least one virtual machine instruction recognizable by the smart card operating system.
The running of the application stored in binary byte codes is achieved by the smart card, preferably the binary byte codes may be stored in WASM (WebAssembly abbreviation) format.
Example two
According to a second embodiment, the smart card 100 further comprises the components shown in fig. 2:
hardware: including CPU, memory (ROM, EEPROM (Flash), and RAM), various processors, and input-output circuitry.
Hardware abstraction layer: the hardware interface details of the platform are hidden, and the platform is directly communicated with hardware to provide abstract support for an upper layer. When the upper layer carries out hardware operation, specific details do not need to be known, so that the complexity of understanding and developing the intelligent card system is greatly reduced. Embedded platforms generally follow a hierarchical design approach, and are easy to migrate.
Operating system: the system comprises a plurality of modules such as a communication protocol, memory management, an encryption algorithm, a virtual machine, an application installation program and the like. The communication protocol module provides various communication protocol conversions required by the smart card; the encryption algorithm module provides functions of encryption, decryption, digital signature and the like. The memory management module provides storage support for the virtual machine and the application installer module. The application installer installs the application into the card.
API (Application Program Interface application program interface): in order to make smart card programming simpler and provide built-in APIs, the functionality provided by these APIs conforms to the smart card's system architecture, providing services for applications, and providing a unified development interface independent of hardware. Built-in APIs include encryption API (Crypto API), APDU (Application Protocol Data Unit application protocol data unit) APIs, memory API (Memory API), transactions API (Transaction API), algorithms API (Arithmetic API), and the like. The encryption API provides cryptographic technology services such as encryption and decryption, signature, random number, digest calculation and other algorithm related functions; the APDU API provides a communication service, i.e., smart card and terminal interaction data, and an application developer processes APDU commands extremely easily using the method provided in the APDU API. The transaction API provides transaction protection services including functions such as starting transactions, committing transactions, and discarding transactions. The algorithm API provides arithmetic functions such as addition, subtraction, multiplication, division, remainder calculation, bit-oriented operation and the like, wherein the addition, subtraction, multiplication, division, remainder calculation supports a BCD format.
Application program: application services of different functions on the card are realized. The smart card is a multi-application smart card, and a plurality of applications realizing different functions can be downloaded in each smart card. Each application is uniquely identified and selected by an Application Identifier (AID). Each application also has its own application space, protected by a firewall. The application cannot access the space of other application, and other application cannot access the space of the application, and the application spaces cannot be directly accessed except by an authorization mechanism. Authorization is the process of allowing one application program to call another application program, and when the authorization is executed, the current application temporarily stops executing and starts to execute the authorized application program. The authorization application is specified by AID.
Card manager: when an application is downloaded to the smart card, the card manager registers the application on the card, as shown in fig. 3, where the data that is primarily registered includes the application code and the memory address and length of the application data in the charged EEPROM of the smart card hardware. The storage address can be used for address conversion, and the storage address in the virtual machine is a virtual concept, and in the actual execution process, the virtual address needs to be converted into an actual physical address, so that the implementation is irrelevant to a hardware platform. The application code length is used to determine the application code space size and the application data length is used to determine the application data space size. The scope of the application code is verified by fixing the application code space size. By fixing the application data space size and checking the address when accessing the application data space data, the application is guaranteed to only access the private memory area belonging to the application. Temporary data present in the random access memory RAM (random access memory, RAM) can likewise be secured with respect to access rights by address checking. The application firewall function is realized by the boundary limitation of the application data, the application code and the temporary data area.
The virtual machine in the card is responsible for converting the binary byte code into a local method set which can be identified by the intelligent card operating system, provides an abstract platform-independent running environment, enables application development to be independent of underlying hardware and hardware implementation, and improves development flexibility. The virtual machine is a stack-based processor. In a specific working process of the virtual machine, each statement in the source code corresponds to a plurality of virtual machine instructions at the bottom layer. The virtual machine instruction corresponding to each statement in the source code is called an instruction set, and a plurality of instruction sets form a global instruction queue. In the instruction queue, the virtual machine executes each instruction one by one in turn starting from the head of the instruction queue. The bytecode of an application is a set of machine-readable instructions. Each instruction corresponds to a globally unique binary form of encoded value, which is integrated into the binary file of the application module according to a specific rule. When executing the application module, the virtual machine may select different virtual instruction operations according to the encoded values. There are a number of types of instructions available to the application module, each type of instruction set corresponding to a similar series of virtual machine operations.
The structure of the virtual machine is described below with reference to fig. 4. The virtual machine 120 includes the following subcomponents:
virtual Context VM Context 420, for storing execution data during conversion;
an initialization module VM Init 410, configured to initialize a virtual machine when the virtual machine is started;
the Exit module VM Exit 450 maps the virtual context into the smart card memory when exiting the application;
the Dispatcher 430 converts statements made up of binary bytecodes in the application into at least one virtual machine instruction recognizable by the smart card operating system;
the executor 440 circularly reads the virtual machine instruction and executes the application corresponding function.
The virtual machine is a file for executing loading, the general structure of the virtual machine is shown in fig. 4, and the virtual machine can execute the loaded wasm file, and the Wasm (WebAssembly) file is a binary instruction format based on a stack virtual machine. Applications developed in a variety of high-level languages can be compiled into wasm files, such as C, C ++.
Wasm has the following advantages:
1) Wasm bytecode is similar to the assembler instructions of processors, more closely to machine instructions, and runs faster.
2) Wasm is a platform independent language that can be used in a variety of scenarios.
3) The application obtained by writing is modularized, the basic units in the codes are modules, and the modularized arrangement is convenient for step-by-step transmission, caching and execution and has good portability.
Preferably, the application file composed of binary bytecodes of the present application is a Wasm file.
Example III
The structure of the smart card and its internal construction are described above in connection with fig. 1-4, and the workflow of the smart card is described below in connection with fig. 5, comprising the steps of:
step 510, responding to a command for calling an application, and starting a virtual machine;
step 520, the virtual machine converts the statement composed of binary bytecodes in the application into at least one virtual machine instruction recognizable by the smart card operating system.
Wherein the application stored in the smart card is made up of a plurality of modules, each module being made up of binary bytecodes. The formation process of the application is as shown in fig. 6:
the off-card compiler works in a PC or specific workstation environment, compiles, off-card, a high-level language such as C/c++/Rust file into an application file consisting of binary bytecodes, where the application consists of a plurality of modules, each consisting of binary bytecodes.
The generated application is installed into the smart card by the installer in the smart card and executed by the virtual machine described above.
Still further, fig. 7 illustrates a generation process applied outside the card and a process transferred into the card. The generation process is described above and will not be described in detail here, wherein the generated application file composed of binary byte codes is transmitted to the application installation program in the smart card by the card external installation program through the card receiving device, the application is installed in the memory in the card by the card internal installation program, and when the application is started, the virtual machine is started to process the application.
Fig. 8 shows a system configuration diagram for performing the above method, a smart card system 800 comprising a generating device 801 as shown in fig. 8 for generating an application file composed of binary bytecodes, the generating device 801 sending the generated application file to a smart card 802, the smart card 802 performing the working method as described above.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. A method of operating a smart card comprising the steps of:
starting a virtual machine in response to a command for calling an application;
the virtual machine converts sentences composed of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system;
the virtual machine comprises the following sub-components:
the virtual Context VM Context is used for storing execution data in the conversion process;
an initialization module VM Init is used for initializing the virtual machine when the virtual machine is started;
the method comprises the steps that an Exit module VM Exit maps virtual context to a smart card memory when an application is exited;
the Dispatcher converts sentences consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system;
and the executor circularly reads the virtual machine instruction and executes the corresponding function of the application.
2. The smart card operation method according to claim 1, wherein the application is composed of a plurality of modules, each module being composed of binary bytecode.
3. The smart card operating method of claim 1 wherein the at least one virtual machine instruction comprises a virtual machine instruction set and a plurality of virtual machine instruction sets comprise a global instruction queue.
4. The method of claim 1, wherein the virtual context is used to store execution data during the conversion process, and wherein the virtual context is mapped into the smart card memory when the application is exited.
5. A method of operating a smart card as claimed in claim 3, wherein the virtual machine cycles through the global instruction queue to perform the application-specific function.
6. A smart card comprising the following components:
a memory storing an application;
the virtual machine responds to a command for calling the application and converts sentences consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system;
the virtual machine comprises the following sub-components:
the virtual Context VM Context is used for storing execution data in the conversion process;
an initialization module VM Init is used for initializing the virtual machine when the virtual machine is started;
the method comprises the steps that an Exit module VM Exit maps virtual context to a smart card memory when an application is exited;
the Dispatcher converts sentences consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the intelligent card operating system;
and the executor circularly reads the virtual machine instruction and executes the corresponding function of the application.
7. The smart card of claim 6, wherein the application is comprised of a plurality of modules, each module being comprised of binary bytecodes.
8. The smart card of claim 6, further comprising: the at least one virtual machine instruction forms a virtual machine instruction set, and a plurality of virtual machine instruction sets form a global instruction queue.
9. Smart card according to one of the claims 6-8, characterized in that a plurality of applications are stored in the smart card, the application boundary limitation being achieved by a fixed memory size and address verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419364.6A CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419364.6A CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111966443A CN111966443A (en) | 2020-11-20 |
| CN111966443B true CN111966443B (en) | 2024-02-23 |
Family
ID=73358311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910419364.6A Active CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111966443B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040068653A (en) * | 2003-01-27 | 2004-08-02 | 삼성전자주식회사 | Apparatus for improvement of performance in smart card based on java |
| CN1687862A (en) * | 2005-06-16 | 2005-10-26 | 北京航空航天大学 | Smart card safety environment control method |
| KR100576967B1 (en) * | 2003-12-02 | 2006-05-10 | 케이비 테크놀러지 (주) | Java smart card |
| CN101231597A (en) * | 2008-02-01 | 2008-07-30 | 东信和平智能卡股份有限公司 | Method for execution of JAVA program instruction in smart card |
| CN102567020A (en) * | 2011-12-26 | 2012-07-11 | 大唐微电子技术有限公司 | Implementation method and system of smart card applications |
| CN102930322A (en) * | 2012-09-29 | 2013-02-13 | 上海复旦微电子集团股份有限公司 | Smart card and method for processing instructions |
| CN103530171A (en) * | 2013-10-25 | 2014-01-22 | 大唐微电子技术有限公司 | Smart card virtual machine and implementation method thereof |
-
2019
- 2019-05-20 CN CN201910419364.6A patent/CN111966443B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040068653A (en) * | 2003-01-27 | 2004-08-02 | 삼성전자주식회사 | Apparatus for improvement of performance in smart card based on java |
| KR100576967B1 (en) * | 2003-12-02 | 2006-05-10 | 케이비 테크놀러지 (주) | Java smart card |
| CN1687862A (en) * | 2005-06-16 | 2005-10-26 | 北京航空航天大学 | Smart card safety environment control method |
| CN101231597A (en) * | 2008-02-01 | 2008-07-30 | 东信和平智能卡股份有限公司 | Method for execution of JAVA program instruction in smart card |
| CN102567020A (en) * | 2011-12-26 | 2012-07-11 | 大唐微电子技术有限公司 | Implementation method and system of smart card applications |
| CN102930322A (en) * | 2012-09-29 | 2013-02-13 | 上海复旦微电子集团股份有限公司 | Smart card and method for processing instructions |
| CN103530171A (en) * | 2013-10-25 | 2014-01-22 | 大唐微电子技术有限公司 | Smart card virtual machine and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111966443A (en) | 2020-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3123340B1 (en) | Object oriented marshaling scheme for calls to a secure region | |
| CN107041158B (en) | Restrictive access control for modular reflection | |
| EP4099153A1 (en) | Extending a virtual machine instruction set architecture | |
| WO2000046667A2 (en) | Token-based linking | |
| CN107924326B (en) | Overriding migration methods of updated types | |
| EP2196934A1 (en) | Method for securing java bytecode | |
| KR20020085872A (en) | Translating and Executing Object-Oriented Computer Programs | |
| Caracas et al. | Mote runner: A multi-language virtual machine for small embedded devices | |
| Wallentowitz et al. | Potential of webassembly for embedded systems | |
| JP4378459B2 (en) | Securing downloaded applications, especially on smart cards | |
| US7350193B2 (en) | Procedure invocation in an integrated computing environment having both compiled and interpreted code segments | |
| Luckow et al. | HVMTP: a time predictable and portable java virtual machine for hard real-time embedded systems | |
| CN110888674B (en) | Method and device for executing security calculation in Python virtual machine | |
| US6948156B2 (en) | Type checking in java computing environments | |
| Grimaud et al. | FACADE: a typed intermediate language dedicated to smart cards | |
| CN111966443B (en) | Smart card and working method thereof | |
| JP2002366914A (en) | Multiplatform type ic card | |
| CN101593258A (en) | A kind of system and method for realizing the .Net virtual machine of in software protecting equipment, simplifying | |
| CN112631662B (en) | Transparent loading method for multi-type object code under multi-core heterogeneous architecture | |
| CN110851140A (en) | System and method for realizing dynamic library of single chip microcomputer | |
| CN117093227B (en) | Method and device for executing intelligent contract | |
| Hyppönen et al. | Trading-off type-inference memory complexity against communication | |
| Déharbe et al. | Automation of Java Card component development using the B method | |
| Bernardeschi et al. | Using control dependencies for space-aware bytecode verification | |
| Jamgade | Java Program Running Smart Card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |