CN117131553A - Method for introducing personalized data, corresponding system and computer program product - Google Patents
Method for introducing personalized data, corresponding system and computer program product Download PDFInfo
- Publication number
- CN117131553A CN117131553A CN202310594913.XA CN202310594913A CN117131553A CN 117131553 A CN117131553 A CN 117131553A CN 202310594913 A CN202310594913 A CN 202310594913A CN 117131553 A CN117131553 A CN 117131553A
- Authority
- CN
- China
- Prior art keywords
- integrated circuit
- volatile memory
- storing
- internal command
- circuit card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004590 computer program Methods 0.000 title abstract description 8
- 230000015654 memory Effects 0.000 claims abstract description 88
- 230000003068 static effect Effects 0.000 claims abstract description 34
- 230000004913 activation Effects 0.000 claims abstract description 10
- 238000005516 engineering process Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims 1
- 238000004519 manufacturing process Methods 0.000 description 6
- 238000004806 packaging method and process Methods 0.000 description 6
- 239000004065 semiconductor Substances 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 241001086438 Euclichthys polynemus Species 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 229910000679 solder Inorganic materials 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure relates to a method of introducing personalized data, a corresponding system and a computer program product. In an embodiment, a method is provided, the method comprising: writing a static data image in an unchanged portion of the integrated circuit that is used to store a non-volatile memory of an operating system; writing in the static data image a personalized data set representing integrated circuit specific data; storing a subset of the personalized data set in the reserved area of the non-volatile memory by reserving the reserved area and storing a command for writing the personalized data set by an application or an operating system; converting the command with known code to obtain an internal command script, the internal script comprising the encoded command; storing an internal command script in a reserved area of the nonvolatile memory; decoding and executing the internal command script during activation of the integrated circuit to obtain the command; and executing the command by the integrated circuit.
Description
Cross Reference to Related Applications
The present application claims priority from italian application No. 102022000011084 filed 5.26, 2022, which is incorporated herein by reference in its entirety.
Technical Field
The present disclosure relates generally to memories and, in particular embodiments, to methods, corresponding systems, and computer program products for introducing personalization data in a plurality of integrated circuits, nonvolatile memories of integrated circuit cards.
Background
Embodiments of the present disclosure relate to a solution for introducing personalization data in a non-volatile memory of a plurality of integrated circuits comprising a secure element by: storing the token nonvolatile memory image; writing a static data image in the non-volatile memory of a given integrated circuit, the static data image corresponding to an unchanged portion of the non-volatile memory common to a plurality of integrated circuit cards including an operating system; and writing in the static data image a personalized data set representing data specific to the given integrated circuit card, the personalized data set comprising at least a subset of unpredictable personalized data of unknown storage location or encoding form in the static data image.
Embodiments of the present disclosure relate specifically to secure elements such as embedded secure elements and integrated circuit cards produced using WLCSP (wafer level chip scale package) technology, specifically to integrated circuits for UICCs (universal integrated circuit cards) and more specifically to embedded UICCs (euiccs).
The solution involves generating a plurality of batches of integrated circuits including secure elements. The expression "secure element" here refers to an integrated circuit, i.e. a chip, which is protected by design from unauthorized access and is used for running a limited set of applications, as well as storing the secret and cryptographic data comprised therein, in particular as being based on secure element UICC, eSE (embedded secure element), eUICC, UICC (integrated UICC), SSP (smart security platform) architecture. By introducing personalization data (sometimes referred to as "personal data") specific to each integrated circuit card, such as encryption keys or identifiers, each secure element in the batch, in particular an integrated circuit card such as an eUICC, can be personalized.
In this case, WLCSP wafer level chip scale packaging, also known as Wafer Level Packaging (WLP) or Chip Scale Packaging (CSP), is a known technique for packaging integrated circuits with the integrated circuits still part of the wafer. This wafer level processing is in contrast to conventional methods of dicing a wafer into individual circuits (e.g., chips or dies) and then packaging them. WLCSP is actually a chip scale package because the resulting package is the same size as a die. WLCSP packages typically include an integrated circuit die, possibly a redistribution layer (RDL), and solder balls or bumps. The redistribution layer is required to be routed from the bond wire pads located at the periphery to the grid array of CSP pad locations. WLCSP can be a good choice for small pin count devices as a way to optimize area and cost. Alternatively, the integrated circuit may be laid out with bond wire I/O pads on the periphery of the integrated circuit. A redistribution layer may then be applied to the integrated circuit to redistribute the CSP ball pads to the desired grid pitch.
In the field of security elements for some applications, such as telecommunications, banking, identification and authentication, which are mainly introduced into integrated circuit cards, the circuitry of the integrated circuits cannot be identical: they must be diversified by the personalization operation to include the corresponding unique identifier or encryption key and other personalization data.
Typically, in order to produce an eUICC (embedded universal integrated circuit card), an OEM (original equipment manufacturer) or MNO (mobile network operator) needs the circuitry of a batch of integrated circuits for mobile connectivity of EUM (eUICC manufacturer).
In fig. 1, a flowchart example of a method 100 for introducing personalization data in a non-volatile memory of a plurality of integrated circuits, in particular euiccs produced by WLCSP, is shown.
A schematic diagram of an embodiment 50 of a system for introducing personalized data in a non-volatile memory of a plurality of integrated circuits, which may implement method 100, is shown in fig. 2.
Thus, referring to fig. 1 and 2, in a first step 110, the mobile network operator 52 sends an input file PD with personalization data, such as the personalization data table 11a shown in fig. 2, to the chip manufacturer 53 to generate personalization data (e.g., IMSI (international mobile subscriber identity), ICCID (integrated circuit card identification number), RSA/ECC certificate, encryption key, and other identifier, certificate or key specific to a particular card/chip. The chip manufacturer 53 (which typically corresponds to a card vendor of an integrated card such as an eUICC) may also receive pre-personalization data PPD, e.g., third party applets, software packages, software profiles, and other data that are common to multiple integrated circuits and form a static image SI (i.e., a data image) to be stored in a non-volatile memory of the integrated circuit, from the equipment user manufacturer 51 (i.e., an entity that has requested multiple integrated circuits) or the same MNO 52.
As shown in FIG. 2, the data table 11a may include a plurality of records R corresponding to rows of the table 11a 1 ...R n . Every ith record R i Corresponding to the determined i-th integrated circuit card 60 in the set or batch comprising the number n of cards 60 to be personalized.
Each column of the personalization data table 11a comprises a personalization field T 1 ...T j ...T m Where m is the number of fields in table 11a and j is an integer index of the personalization field in which different types of personalization values are stored. In personalisation field T 1 ...T m Some of which may store a cryptographic key and others of which may store a PIN number, unique Id and other personalization data.
The chip manufacturer 53 then prepares one or more batches of non-volatile memory images I containing the still image SI and the personalized image DI in step 120 for transmission to the semiconductor manufacturing facility 54 that produced the integrated circuit.
Thus, the semiconductor fabrication facility 54 prepares the integrated circuit 60 in step 130, the integrated circuit 60 in this embodiment on the wafer W, the integrated circuit 60 having circuitry ready to be cut and soldered/embedded as a personalized integrated circuit for an eUICC in a device (such as a SIM in a smart phone or tablet). Such integrated circuits 60 typically include at least a non-volatile memory in which data images can be stored for programming the integrated circuits, and the integrated circuits 60 typically also include a processing unit as in the case of integrated circuit cards (e.g., UICCs and euiccs) for banking and communications applications.
The WLCSP process applied in the last step 130 described above has some constraints in providing the non-volatile memory image that must be provided as follows: a static image SI corresponding to a constant portion of the non-volatile memory; a plurality of personalized images DI, each personalized image DI corresponding to a circuit of the final integrated circuit, i.e. a chip or die. Moreover, there should be no overlap in the non-volatile memory between the static image in each circuit and the corresponding personalized image.
Personalization by means of the token method may use subsets of personalization data which are transformed according to unknown rules, in particular rules unknown to the chip manufacturer, i.e. they represent so-called unpredictable personalization data. In a non-token based personalization method, those data will be transmitted by a management APDU (application protocol data unit) or command. In the case of a third party applet or proprietary OS mechanism, unpredictability of the data transformation from the generated data to the data stored in the non-volatile memory may occur.
In this case, a common scenario is that the chip manufacturer receives input files from customers (e.g., OEMs, MNOs, banks, governments, and transportation companies) to generate personalized data. The chip manufacturer then generates the personalization data. The chip manufacturer then needs to generate a token non-volatile memory (NVM) image to be stored in the non-volatile memory of the secure element (in this example, the eUICC).
If the personalization data is unpredictable personalization data, such problems may occur: because the conversion function used is unknown, the chip manufacturer (i.e. the security element producer) cannot convert some of the personalization data into values to be placed into the memory image area.
It is not feasible to personalize the secure element by means of APDUs and retrieve the memory image, due to time consumption or inadmissible production processes.
Such products may be issued by other techniques than token based techniques, i.e. via management APDU/command issues, which is not feasible in the case of WLCSP (wafer level chip scale package).
Disclosure of Invention
Based on the foregoing, a solution is needed that overcomes one or more of the previously outlined disadvantages.
Such objects are achieved, according to one or more embodiments, by a method having the features set out in particular in the appended claims. Furthermore, embodiments relate to a related system for personalization of integrated circuit card circuits and a corresponding related computer program product loadable in the memory of at least one computer and comprising software code portions for performing the steps of the method when the product is run on the computer. As used herein, reference to such a computer program product is intended to be equivalent to a reference to a computer readable medium containing instructions for controlling a computer system to coordinate the performance of the method. References to "at least one computer" are expressly intended to highlight the possibility of implementing the present disclosure in a distributed/modular manner.
The claims are an integral part of the technical teaching of the disclosure provided herein.
As mentioned before, the present disclosure provides a solution regarding a method for introducing personalization data in a non-volatile memory of a plurality of integrated circuit cards (in particular secure elements, in particular integrated circuit cards) by: storing the token non-volatile memory image, including writing a static data image in the non-volatile memory of the given integrated circuit, the static data image corresponding to an unchanged portion of the non-volatile memory common to a plurality of integrated circuits including an operating system; and writing in the static data image a personalized data set representing data specific to the given integrated circuit, wherein the method comprises: storing a subset of the personalized data set in the non-volatile memory of the plurality of integrated circuits by reserving an area of the non-volatile memory for the personalized data subset, a storage command (in particular APDU), the command being configured to perform writing of respective personalized data values in the personalized data subset by a corresponding application or operating system stored in the integrated circuits, the storage command comprising: converting the commands with known codes, thereby obtaining an internal command script comprising commands encoded therein, and storing the internal command script in an area of non-volatile memory for the personalized data subset; providing a decoding software circuit, in particular an application, the decoding software circuit being configured to decode an internal command script, thereby obtaining a command, in particular an APDU, the command being configured to: upon a subsequent activation of the integrated circuit, the writing of the personalized data values in the subset is performed and they are performed by the decoding software circuit decoding and executing the internal command script.
In a variant embodiment, providing the decoding software circuit comprises storing the decoding software circuit, in particular an application, in a non-volatile memory, the decoding software circuit being configured to decode the internal command script, thereby obtaining commands, in particular APDUs, which are configured to perform writing of the personalized data values in the subset and to perform them.
In variant embodiments, the known code is a length value code (LV code).
In a variant embodiment, the method comprises deleting the decoding software circuit or the internal command script, the decoding software circuit being configured to decode the internal command script, thereby obtaining the personalized data values configured to be written in the subset and executing their commands (in particular APDUs).
In a variant embodiment, the subset of personalization data is a subset of unpredictable personalization data whose location or encoding for storage in the static data image is unknown.
In a variant embodiment, if the personalization data set comprises another subset of the predictable personalization data (the storage location or encoded form of the predictable personalization data in the static data image is known), the predictable personalization data is stored by an alternative technique, the predictable personalization data image is written in the static data image at the known location and with the known encoded form.
In a variant embodiment, the method comprises: performing encryption of the internal command script, in particular AES encryption, before storing the internal command script in an area of the non-volatile memory for the personalized data subset; the software circuit is configured to decrypt the encryption and then decode the decrypted internal command script and execute the corresponding command.
In a variant embodiment, the encrypted (in particular AES encrypted) protection key is provided as predictable personalized data accessible to the software circuit.
In a variant embodiment, the non-volatile memory (NVM) image corresponds to an entire non-volatile memory image, an SSP software package, or an integrated circuit card software configuration file.
The present disclosure also provides a solution for a system for introducing personalization data in a non-volatile memory of a plurality of integrated circuits, the system comprising a chip manufacturer and a factory configured to present personalization data in a non-volatile memory of a plurality of integrated circuits according to a method of any of the embodiments.
In a variant embodiment, the factory is configured to produce integrated circuits according to WLCSP (wafer level chip scale package) technology, performing write operations on integrated circuits on a wafer.
The present disclosure also provides solutions regarding computer program products that may be loaded into the memory of at least one processor. The computer program product comprises portions of software code for implementing the method of any of the preceding embodiments.
Drawings
Embodiments of the present disclosure will now be described with reference to the accompanying drawings, which are provided by way of non-limiting example only, and in which:
figures 1 and 2 have been described above;
FIGS. 3A and 3B illustrate non-volatile memory of an integrated circuit in different stages of one embodiment of the method described herein;
FIG. 4 shows a flow chart illustrating one embodiment of the method described herein;
FIG. 5 shows a schematic representation of the encoding operation of one embodiment of the method described herein; and
FIG. 6 shows a schematic representation of an alternative encryption operation of one embodiment of the methods described herein.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the embodiments. Embodiments may be practiced without one or more of these specific details, or with other methods, components, materials, etc. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the embodiments.
Reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
The headings provided herein are for convenience only and do not interpret the scope or meaning of the embodiments.
The drawing parts, elements or components that have been described with respect to fig. 1 and 2 are denoted by the same reference numerals as previously used in these drawings; in order not to overburden the present detailed description, a description of these previously described elements will not be repeated below.
The solutions described herein relate generally to solutions for introducing personalization data into a non-volatile memory of a plurality of integrated circuit cards, in particular of a secure element (for example, an integrated circuit card), by: storing a token non-volatile memory (NVM) image, including writing a static data image in the non-volatile memory of a given integrated circuit, the static data image corresponding to a constant portion of the non-volatile memory common to a plurality of integrated circuits including an operating system; and writing in the static data image a personalized data set representing data specific to the given integrated circuit. The method includes storing a subset of the personalized data set in a non-volatile memory of the plurality of integrated circuits by: reserving an area of non-volatile memory for personalizing the subset of data; a command (e.g., APDU) is stored that is configured to perform writing of the respective personalized data value in the subset by a corresponding application or operating system stored in the integrated circuit.
In an embodiment, the storage command includes: converting the commands with a known encoding, thereby obtaining an internal command script comprising the commands encoded therein, and storing the internal command script in an area of non-volatile memory for a subset of the personalized data set; a decoding software circuit (e.g., an application) is provided, the decoding software circuit configured to decode the internal command script, thereby obtaining a command (e.g., APDU) configured to: upon a subsequent activation of the integrated circuit, the writing of the personalization data values in the subset is performed and performed by the decoding software circuit decoding and executing the internal command script (i.e. writing the personalization data in the non-volatile memory).
A subset of the personalized data set comprises only unpredictable personalized data (i.e. codes or locations for storage in non-volatile memory), in particular within static data images, which are unknown, and the personalized data set may comprise only such unpredictable personalized data.
However, in a variant embodiment, although the step of storing is performed by reserving an area of the non-volatile memory for a subset of the personalization data, storing a command (e.g. APDU) configured to perform writing of the respective personalization data values in the subset by a corresponding application or operating system stored in the integrated circuit, the application of the solution described herein to a personalization data set further comprising predictable personalization data is not excluded.
In an embodiment, the storage command includes: converting the commands with a known encoding, thereby obtaining an internal command script comprising the commands encoded therein, and storing the internal command script in an area of non-volatile memory for a subset of the personalized data set; a decoding software circuit (e.g., an application) is provided. The decoding software circuit is configured to decode the internal command script to obtain a command (APDU). The commands are used to perform writing of the personalization data values in the subset and to perform them by decoding and executing the internal command script by the decoding software circuit upon a subsequent activation of the integrated circuit (i.e. to write the personalization data in a non-volatile memory storage means which reserves an area of the non-volatile memory for the subset of personalization data, which area is however dedicated to only the subset of unpredictable personalization data).
The predictable personalized data may be stored by methods of the prior art or other methods that may be most efficient.
Thus, the subset of the personalized data set that includes only unpredictable personalized data may be a true subset (e.g., the personalized data set contains other personalized data). For example, in addition to this subset of personalization data (in particular unpredictable personalization data), there is also predictable personalization data, or a non-real subset. In an embodiment, the personalized data set does not contain other personalized data than a subset of the personalized data (in particular unpredictable personalized data) (i.e. the set and subset are identical).
The embodiments are described herein with reference to a flowchart representing a method 200 of introducing personalization data in a non-volatile memory of a plurality of integrated circuits including a secure element in an example of an eUICC using a third-party applet, according to an embodiment.
According to an embodiment, the method 200 may include the following operations. In step 210, a first entity (e.g., a customer or mobile network operator 52) sends an input file comprising a personalized data set comprising a subset of unpredictable personalized data UPD and may comprise pre-personalized data PPD to a second entity (e.g., a chip manufacturer 53).
In this example, the personalized data set also comprises a subset of predictable personalized data PD (i.e. personalized data as described with reference to fig. 1), the storage locations of which in the data image SI are known. The unpredictable personalization data UPD is transmitted by means of a sequence of commands (i.e. APDUs) indicated by means of SC, which are configured to perform writing of respective unpredictable input personalization data values (e.g. encryption keys, unique IDs) indicated in particular by K as values by means of corresponding applications (not shown) stored in the integrated circuit card 60. In an embodiment, this may be performed, for example, by a personalization process using APDUs, as described in the "global platform card specification", such as in the example of fig. 7.3 of version 2.3.1 (2018).
The command sequence SC may be an APDU sequence handled by an application identified by an Application Identifier (AID), such as INSTALL for personalization, SELECT and STORE DATA, which transforms the corresponding personalization DATA UPD in the subset. For example, as described above, APDUs cause the corresponding applications or operating systems to access the personalized data values and store them by the operating system in a manner known per se, wherein the required transformations (i.e. encoded forms) are deemed necessary by the applications and the utilization.
In step 220, the chip manufacturer 53 prepares a still image SI of the card. By way of non-limiting example, the memory image may be represented by a non-volatile memory image (e.g., to perform a dump of such an image in memory), by an SSP software package, an integrated circuit card (e.g., eUICC), or a software profile.
If there is predictable personalization data PD, then in step 225, one or more batches of non-volatile memory images I are generated for transmission to the semiconductor manufacturing plant 54 producing the integrated circuits, the batch or batches of non-volatile memory images I containing the obtained still image SI and personalization image DI as described with reference to FIG. 1; thus, the semiconductor fabrication facility 54 prepares in step 230 an integrated circuit 60' with a secure element (e.g., eUICC), which in this embodiment is on wafer W, with circuitry ready to be cut and soldered/embedded as a personalized integrated circuit of the eUICC in the device (such as a SIM in a smart phone or tablet). Such an integrated circuit 60 'typically includes at least a non-volatile memory in which data images can be stored for programming the integrated circuit, and the integrated circuit 60' typically also includes a processing unit as in the case of integrated circuit cards for banking and communications applications (e.g., UICC, eUICC, SSP, software profiles, and SSP packages).
However, as mentioned, a subset of the personalization data UPD (e.g., unpredictable personalization data) is not stored in the integrated circuit 60' by step 230. Note that in the absence/absence of the predictable personalization data PD (i.e. only the unpredictable personalization data UPD is present to personalize the card), the integrated circuit 60' from step 230 contains only the still image SI with the operating system and other software (e.g. applications).
In order to store in the final integrated circuit card 60 the unpredictable personalization data UPD (which final integrated circuit card 60 operates with all necessary personalization data (e.g. encryption keys) stored in the required locations of the memory of the card), which unpredictable personalization data UPD comprises a sequence of commands, in particular APDU sequences, comprising commands (in particular in the example APDUs) AC (the sequence SC may comprise one or more APDU AC, as illustrated with reference to fig. 5) and unpredictable personalization data values K (see fig. 5), after step 220 the unpredictable personalization data UPD is sent to operation 232, which operation 232 is described with reference to fig. 3A and 3B, fig. 3A and 3B schematically show the non-volatile memory 61 of the integrated circuit card 60 in two different sub-steps of operation 231 of storing 212 a subset of the unpredictable personalization data UPD in the non-volatile memory 61 of the plurality of integrated circuits 60 by: reserving 234 an area 61b of the non-volatile memory 61 (as depicted in fig. 3A) for a subset of unpredictable personalization data UPD, storing 236a sequence of commands SC (K), in particular APDUs, configured to perform writing of respective unpredictable personalization data values K in such subset UPD by means of a corresponding application stored in the integrated circuit card 60, the operation of such storing 236 commands comprising: converting 236a the command sequence SC (AC, K) by a known encoding, such as a Length Value (LV) encoding, obtaining an internal command script ICS comprising such command sequence SC encoded therein (as a command encoding sequence SCs, as shown in fig. 5); and stores 236b such an internal command script ICS in a region 61b of the non-volatile memory for such unpredictable personalization data UPD.
In an embodiment, the method 200 then comprises providing a decoding software circuit SEE, in particular in the example in the non-volatile memory 61, in particular in the area 61a not reserved for unpredictable personalization data UPD and its command sequence SC, storing 238 the decoding software circuit SEE, which is a script execution unit, in particular an application or applet, configured to decode such an internal command script ICS, for example a decoding length value encoding, thereby obtaining a command sequence SC, in particular an APDU, the command being configured to perform writing of the unpredictable personalization data value K and to perform such a command sequence SC. As mentioned, in a variant embodiment, instead of storing it in the area 61a, the operation 238 may comprise providing a separate decoding software circuit SEE (e.g. accompanying circuit) with respect to the integrated circuit 60.
Thus, upon a subsequent activation of the integrated circuit, by decoding the software circuit, the method 200 comprises an operation 250 of decoding and executing such an internal command script ICS with respect to the integrated circuit card 60', which integrated circuit card 60' comprises at least the still image SI as output by operation 220 or the still image with the personalized data image DI from operation 230, and comprises the stored third party application or other application for which the operation with respect to the personalized data is unknown.
As mentioned, operation 250 determines that the command sequence SC of subset UPD, when executed, causes the corresponding third party application or applet or operating system identified in such APDUs to access the corresponding unpredictable personalized data value K, which the application may then store or install in a location of static memory SI required by the application itself without requiring the chip manufacturer 53 to know such location prior to activating the integrated circuit card 60.
Therefore, according to a mechanism that the chip manufacturer 53 can ignore, the unpredictable personalized data value K is generated and stored inside the IC card at the time of the first activation.
The optional operation of deleting the software circuit SEE or the internal command script ICS to free up some memory in the non-volatile memory 61 is indicated with 260. As mentioned, the memory 61 after the reservation step 234 is shown in fig. 3A, wherein a reserved area 61B of the non-volatile memory 61 is used for the subset of unpredictable personalized data UPD, whereas the memory 61 after step 238 is shown in fig. 3B, i.e. wherein the software circuits SEE and the internal command script ICS (i.e. the coded command sequence SCS (K)) are stored, with step 260 such software and data SEE, ICS may be released from the reserved area 61B of the non-volatile memory and the reserved area 61B becomes available as a non-reserved area 61a for storing other software and circuits.
In fig. 5, it is illustrated that the command sequence SC is encoded as an internal command script ICS at step 236. Is shown to include a first command SC 1 And a second command SC 2 Is provided with a command sequence SC. First order SC 1 Is an APDU (in particular a SELECT APDU) AC 1 For a personalized data value K 1 The operation is performed. Then, the second command SC 2 Comprising APDU AC 2 In particular STORE DATA APDY, which is specific to three individual DATA values K 2 、K 3 、K 4 The operation is performed.
For example, APDU AC 1 Is 'A0a40400 06' (where 06 indicates the field length prior to TLV encoded data), while the corresponding personalization data value K 1 Is '010203040506'. CommandSC 2 Including APDU, wherein AC 2 = '80e28000 39', where the corresponding personalized data value K 2 =‘04142434445464748494A4B4C4D4E4F’, K 3 =‘505152535455565758595A5B5C5D5E5F’ , K 4 =‘606162636465666768696A6B6C6D6E6F’。
It has to be noted that in the illustrated example, the personalization data values in the command sequence SC (AC, K) have been TLV (tag length value) encoded before the application of the length value encoding 236, as specified for example by the "global platform card specification" for the data fields of APDUs. For example, command SC 2 In (a) 811310' is the personalisation data K 2 Is part of the TLV encoding (i.e., '81131004142434445464748494A4B4C4D4E4F' is a system that includes the personalized data K encoded with the TLV 2 Structured data of (a) in a database).
As shown, the length value encoding 236 transforms the command sequence SC into a string, where the encoded command SCS 1 And SCS 2 Are queued one after the other, each coded command comprising a command SC 1 And SC (SC) 2 At command SC 1 And SC (SC) 2 Preceding the length values LV1 and LV2 and having corresponding (in particular TLV encoded) personalized data values K 1 Or K 2 、K 3 、K 4 。
The command script ICS obtained in this example is '0BA0a40400060102030405063E80E2800039811310404142434445464748494A4B4C4D4E4F811310505152535455565758595A5B 5D5E5F811310606162636465666768696A6B6C6D6E6F …', where lv1=0b, lv2=3e.
Other coding forms than LV coding may be used to obtain the internal script ICS from the command sequence SC, such as coding according to the specification 3GPP TS 51.013V17.0.0 (2022-04), in particular as defined in annex B "Script file syntax and format description" pages 464-466.
In fig. 6, an optional protection step 236a' is graphically represented, which may occur after step 236a of generation of the internal command script ICS. To avoid that the personalized data value K transmitted by the script internal command script ICS exists in plaintext, a protection mechanism may be applied, such as encryption, e.g. AES encryption 400 applied to the whole internal command script ICS. The circuit SEE is then further configured to: AES decryption is performed before decoding (e.g., LV decoding) the internal command script ICS and then executing it. The AES protection key AK used by the AES process may be diversified between secure elements into regular/predictable personalized data PD.
In a variant embodiment, the ECC (error correction code) used for protection may be applied in a manner similar to encryption.
In variant embodiments, compression techniques such as zip can also be applied to the internal command script ICS, although in this case resources must be allocated for decompression/un-zip.
In a variant embodiment, the decoding software circuit SEE may be an accompanying circuit, i.e. not stored in a non-volatile memory, but may be used as a secondary circuit (e.g. may be used by the manufacturer as a discrete circuit), although this would mean that the circuit is not ready after switching on (i.e. activation).
In variant embodiments, the memory images may be sent to the circuitry 53/54 in batches or to each device (e.g., mobile equipment) individually via OTA (over the air) provisioning.
Of course, without prejudice to the principle of the application, the details of construction and the embodiments may vary widely with respect to what has been described and illustrated herein purely by way of example, without thereby departing from the scope of the present application as defined by the annexed claims.
The method specifically described herein may be applied to the introduction of personalization data in integrated circuits for smart cards like UICCs, euiccs and UICCs, but may also be applied in variant embodiments for integrated circuits for other devices like secure elements, NFC (near field communication) tags, SSPs, which have non-volatile memories to be programmed with personalization data.
The method specifically described herein may be applied to introduce personalization data related to a configuration file in a smart card or software package.
Furthermore, while the preferred embodiments provide for the production of integrated circuits by WLCSP wafer level chip scale packaging, such that the method of introducing personalized data described herein can be performed with the integrated circuits still on the wafer, and then cut and possibly soldered in place on a plastic support or in the device, the method described herein can also be applied to integrated circuits that have been separated by the wafer, particularly integrated circuits that have been mounted on a support or embedded in the device.
Claims (20)
1. A method, comprising:
writing a static data image in an unchanged portion of the integrated circuit card for storing a non-volatile memory of the operating system;
writing in the static data image a personalized data set representing data specific to the integrated circuit card;
storing a subset of the personalized data set in a reserved area of the non-volatile memory by storing a command for writing the personalized data set by an application or the operating system;
converting the commands with known code to obtain an internal command script, the internal command script comprising the encoded commands;
storing the internal command script in the reserved area of the non-volatile memory;
decoding and executing the internal command script during activation of the integrated circuit card to obtain the command; and
the command is executed by the integrated circuit card.
2. The method of claim 1, wherein the integrated circuit card is a secure element.
3. The method of claim 1, wherein the command is an application protocol data unit, ADPU, type command.
4. The method of claim 1, further comprising reserving the reserved area of the non-volatile memory.
5. The method of claim 1, wherein the decoding and the executing of the internal command script are performed by an application, and wherein the application is stored in the non-volatile memory.
6. The method of claim 5, wherein the method further comprises deleting the application after decoding and executing the internal command script.
7. The method of claim 1, wherein the known code is a length value code.
8. The method of claim 1, wherein the subset of the personalized data set is a subset of unpredictable personalized data having unknown locations or encodings.
9. The method of claim 1, further comprising, in response to the personalized data set containing a subset of predictable personalized data having known static data image locations, known codes, or both:
storing the predictable personalized data by an alternative technique; and
writing a subset of the predictable personalized data as an image into the static data image at the known static data image location and using the known code.
10. The method of claim 1, further comprising:
encrypting the internal command script using advanced encryption standard AES encryption prior to storing the command; and
decoding the decrypted internal command script.
11. The method of claim 10, wherein the AES encrypted protection key is predictable personalized data accessible to an application for decoding and executing the internal command script.
12. The method of claim 1, wherein the static data image corresponds to a non-volatile memory image, a smart security platform SSP software package, or an integrated circuit card software configuration file.
13. A non-transitory computer-readable medium storing computer instructions that, when executed by a processor, cause the processor to:
writing a static data image in an unchanged portion of the integrated circuit card for storing a non-volatile memory of the operating system;
writing in the static data image a personalized data set representing data specific to the integrated circuit card;
storing a subset of the personalized data set in a reserved area of the non-volatile memory by storing a command for writing the personalized data set by an application or the operating system;
converting the commands with known code to obtain an internal command script, the internal command script comprising the encoded commands;
storing the internal command script in the reserved area of the non-volatile memory;
decoding and executing the internal command script during activation of the integrated circuit card to obtain the command; and
the command is executed by the integrated circuit card.
14. The non-transitory computer readable medium of claim 13, wherein the computer instructions, when executed by the processor, cause the processor to:
encrypting the internal command script using advanced encryption standard AES encryption prior to storing the command; and
decoding the decrypted internal command script.
15. The non-transitory computer readable medium of claim 13, wherein the static data image corresponds to a non-volatile memory image, a smart security platform SSP software package, or an integrated circuit card software configuration file.
16. The non-transitory computer readable medium of claim 13, wherein the computer instructions, when executed by the processor, cause the processor to respond to the personalized data set containing a subset of predictable personalized data with known static data image locations, known code, or both, to:
storing the predictable personalized data by an alternative technique; and
writing a subset of the predictable personalized data as an image into the static data image at the known static data image location and using the known code.
17. The non-transitory computer-readable medium of claim 13, wherein the decoding and the executing of the internal command script are performed by an application, and wherein the application is stored in the non-volatile memory.
18. The non-transitory computer readable medium of claim 13, wherein the computer instructions, when executed by the processor, cause the processor to delete the application after decoding and executing the internal command script.
19. An integrated circuit card comprising a non-volatile memory, the integrated circuit card configured to:
writing a static data image in an unchanged portion of a non-volatile memory of the integrated circuit card for storing an operating system;
writing in the static data image a personalized data set representing data specific to the integrated circuit card;
storing a subset of the personalized data set in a reserved area of the non-volatile memory by storing a command for writing the personalized data set by an application or the operating system;
converting the commands with known code to obtain an internal command script, the internal command script comprising the encoded commands;
storing the internal command script in the reserved area of the non-volatile memory;
decoding and executing the internal command script during activation of the integrated circuit card to obtain the command; and
the command is executed by the integrated circuit card.
20. The integrated circuit card of claim 19, wherein the integrated circuit card is produced according to wafer level chip scale package WLCSP technology.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IT102022000011084 | 2022-05-26 | ||
| US18/320,414 | 2023-05-19 | ||
| US18/320,414 US20230384969A1 (en) | 2022-05-26 | 2023-05-19 | Method for introducing personalization data in non volatile memories of a plurality of integrated circuits, in particular in integrated circuit cards, corresponding system and computer program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117131553A true CN117131553A (en) | 2023-11-28 |
Family
ID=88855389
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310594913.XA Pending CN117131553A (en) | 2022-05-26 | 2023-05-25 | Method for introducing personalized data, corresponding system and computer program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117131553A (en) |
-
2023
- 2023-05-25 CN CN202310594913.XA patent/CN117131553A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103164666B (en) | The method for protecting the storage arrangement and certification storage arrangement of secure data | |
| KR100978053B1 (en) | Method and apparatus for initializing a secure element in a wireless terminal | |
| AU2002350918B2 (en) | Smartcard system | |
| JP5910297B2 (en) | Information processing apparatus, IC chip, information processing method, program, and information processing system | |
| KR20130099999A (en) | Writing application data to a secure element | |
| EP2955872B1 (en) | Method for configuring a secure element, key derivation program, computer program product and configurable secure element | |
| EP2876593B1 (en) | Method of generating a structure and corresponding structure | |
| AU3154199A (en) | Chip card comprising means for managing a virtual memory, associated communication method and protocol | |
| CN102799815A (en) | Method and device for safely loading program library | |
| EP4283508A1 (en) | Method for introducing personalization data in non volatile memories of a plurality of integrated circuits, in particular in integrated circuit cards, corresponding system and computer program product | |
| CN117131553A (en) | Method for introducing personalized data, corresponding system and computer program product | |
| EP3799384B1 (en) | Method for introducing personalization data in non volatile memories of a plurality of integrated circuits, in particular in integrated circuit cards, corresponding system and computer program product | |
| CN112118564B (en) | Method, system and computer program product for generating personalized profile packages | |
| US20120030744A1 (en) | Method of Managing Sensitive Data in an Electronic Token | |
| US9749303B2 (en) | Method for personalizing a secure element, method for enabling a service, secure element and computer program product | |
| US20180107840A1 (en) | Method of restoring a secure element to a factory state | |
| KR101040577B1 (en) | Method and System for issuing of Mobile Application | |
| CN101227682A (en) | Method and apparatus for protecting data safety in terminal | |
| JP4642596B2 (en) | Information processing apparatus and method, and program | |
| NL2025375B1 (en) | Method, system and chip for centralised authentication | |
| CN107924447B (en) | Subscription management of subscription-specific profiles with functionality for restricting secure elements | |
| WO2013056989A1 (en) | Method of sending a command to a secure element | |
| US11082227B2 (en) | Method for customising a secure document | |
| WO2021214663A1 (en) | Method, system and chip for centralised authentication | |
| CN116686315A (en) | Method and apparatus for supporting a secondary platform package |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |