CN117151148A - Smart card and power-down protection method thereof - Google Patents

Smart card and power-down protection method thereof Download PDF

Info

Publication number
CN117151148A
CN117151148A CN202311139592.0A CN202311139592A CN117151148A CN 117151148 A CN117151148 A CN 117151148A CN 202311139592 A CN202311139592 A CN 202311139592A CN 117151148 A CN117151148 A CN 117151148A
Authority
CN
China
Prior art keywords
area
pulling
data
mark
updated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311139592.0A
Other languages
Chinese (zh)
Inventor
杨华威
陈小波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Hengbao Intelligent System Technology Co Ltd
Original Assignee
Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengbao Intelligent System Technology Co Ltd filed Critical Jiangsu Hengbao Intelligent System Technology Co Ltd
Priority to CN202311139592.0A priority Critical patent/CN117151148A/en
Publication of CN117151148A publication Critical patent/CN117151148A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0701Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising an arrangement for power management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a smart card and a power-down protection method thereof, and relates to the technical field of smart cards. The smart card includes a processor and a memory; a user data area and an anti-pulling area are arranged in the memory; the anti-pulling area comprises an anti-pulling data protection area and an anti-pulling mark area, the anti-pulling data protection area stores the whole page of data of the target area to be updated, and the anti-pulling mark area stores n effective marks and one invalid mark corresponding to each anti-pulling data protection area. The application greatly improves the performance of the intelligent card and realizes the balance of the performance and the space in the intelligent card because the repeated backup of the data in the same page and the redundant backup of the backup stack are avoided. The performance of the intelligent card is quickened, and the storage space is saved.

Description

Smart card and power-down protection method thereof
Technical Field
The application relates to the technical field of smart cards, in particular to a smart card and a power-down protection method thereof.
Background
The intelligent card uses IC card technology as core and uses computer and communication technology as means to connect all the facilities in the intelligent building into an organic whole. At present, the smart card is widely applied to various social fields such as banks, traffic, public security, telecommunications and the like. The use of smart cards in the financial industry is particularly important for security, and such cards are commonly referred to as financial IC cards.
The memory portion within the financial IC card has evolved through several stages: 1. originally, ROM (Read-Only Memory) products, masks were required in various applications. 2. With the demands of performance improvement and power consumption reduction, memories are converted from ROM to EEPROM (Electrically Erasable Programmable Read-Only Memory), electrically erasable programmable read Only Memory). For technical reasons, the same range of EEPROMs occupies a larger chip area than ROMs. Therefore, the ROM and the EEPROM are often concurrent in the product at this stage, the ROM exists for the program and other things which occupy large space and are unchanged, and the user data is stored in the EEPROM. Flash (also called Flash memory) products, wherein Flash combines the advantages of ROM and RAM, not only has the function of electronic erasable and programmable, but also can read data rapidly, and has the advantage of nonvolatile random access memory. The current financial IC card is multipurpose Flash memory, and has large capacity, low cost and high speed.
Although EEPROM and Flash have the characteristic that data is not easy to lose after power failure, the situation that data is scattered still exists if power is lost in the programming process. In view of the high requirements of financial IC cards for data security, a reasonable and efficient power-down protection mechanism must be provided.
Disclosure of Invention
The application provides a smart card, which comprises a processor and a memory; a user data area and an anti-pulling area are arranged in the memory; the anti-pulling area comprises an anti-pulling data protection area and an anti-pulling mark area, the anti-pulling data protection area stores the whole page of data of the target area to be updated, and the anti-pulling mark area stores n effective marks and one invalid mark corresponding to each anti-pulling data protection area.
A smart card as described above, wherein the valid flag includes a valid flag tag, an address of the data protection area, an address of the target area to be updated, and a check byte; the deactivation flag includes a deactivation flag label.
A smart card as described above wherein said memory includes a user data area and a tamper resistant area.
A smart card as described above, wherein the smart card, when processing non-transactions, is power-down protected by:
receiving a request for writing non-transaction data into a target area to be updated of a user data area;
copying the whole page data of the target area to be updated to an anti-pulling data protection area, and writing a corresponding effective mark in a mark area;
updating a target area to be updated;
if power is lost in the process of updating the target area to be updated, searching a corresponding effective mark from the anti-pulling mark area, and recovering data corresponding to the effective mark in the anti-pulling data protection area to the target area to be updated;
after non-transaction is submitted, a failure mark is written after the last effective mark of the anti-pulling mark area, and the process is finished.
A smart card as described above, wherein the smart card, when processing non-transactions, is power-down protected by:
a request to write transaction data to a target area to be updated of a user data area is received.
Checking whether a valid mark exists in the anti-pulling mark area or not at the page address of the target area to be updated, and if so, needing no backup; if the data does not exist, copying the whole page of data of the target area to be updated to an anti-pulling data protection area, and simultaneously writing a corresponding effective mark in an anti-pulling mark area;
updating a target area to be updated of a user data area;
if power is lost in the process of updating the target area to be updated, searching a corresponding effective mark from the anti-pulling mark area, and sequentially recovering all data in the anti-pulling data protection area before the effective mark to the target area to be updated by using the effective mark;
after the transaction is submitted, the invalid mark is written after the last valid mark of the anti-pulling mark area, and the transaction is ended.
A smart card as described above, wherein said memory comprises a user data area, two anti-unplugging areas and a backup stack;
the first anti-pulling data protection area of the first anti-pulling area stores the whole page of data of the target area to be updated, and the first anti-pulling mark area stores n effective marks and only one failure mark corresponding to each anti-pulling data protection area;
the second anti-pulling data protection area of the second anti-pulling area stores the whole page of data of the target area to be updated; the second anti-pulling mark area of the second anti-pulling area stores m effective marks and m invalid marks corresponding to each anti-pulling data protection area;
the backup stack stores the related data of the target area to be updated and consists of a plurality of backup records.
The smart card is characterized in that the second anti-pulling area is matched with the backup stack for use and can be recycled.
A smart card as described above, wherein the smart card, when processing non-transactions, is power-down protected by:
receiving a request for writing non-transaction data into a target area to be updated of a user data area;
copying the whole page data of the target area to be updated to a second anti-pulling data protection area, and simultaneously writing a corresponding effective mark in a second anti-pulling mark area;
updating a target area to be updated;
if power is lost in the process of updating the target area to be updated, searching a corresponding effective mark from a second anti-pulling mark area, and recovering data corresponding to the effective mark in a second anti-pulling data protection area to the target area to be updated;
and after the non-transaction is submitted, writing a failure mark after the last valid mark of the second anti-pulling mark area, and ending.
A smart card as described above, wherein the smart card, when processing non-transactions, is power-down protected by:
and starting the transaction, and receiving a request for writing the transaction data into the target area to be updated of the user data area.
If the number of the currently written target areas to be updated does not exceed the number of the first anti-pulling areas, checking whether the page address where the target areas to be updated are located has an effective mark in the first anti-pulling mark area, and if so, not needing to be backed up; if the target area does not exist, copying the whole page data of the target area to be updated to the first anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the first anti-pulling mark area.
Updating the target area to be updated.
If power is lost in the process of updating the target area to be updated, corresponding effective marks are searched from the anti-pulling mark area, and all data in front of the effective marks in the anti-pulling data protection area are restored to the target area to be updated by sequentially utilizing the effective marks, so that the integrity of the transaction is ensured;
after the transaction is submitted, a failure mark is written after the last effective mark of the first anti-pulling mark area, and the backup stack is failed, and the transaction is ended.
A smart card as described above, wherein the smart card, when processing non-transactions, is power-down protected by:
and starting the transaction, and receiving a request for writing the transaction data into the target area to be updated of the user data area.
If the number of the currently written target areas to be updated exceeds the number of the first anti-pulling areas, checking whether the page address where the target areas to be updated are located has an effective mark in the first anti-pulling mark area, and if so, not needing to be backed up; if the data of the target area to be updated does not exist, the data of the target area to be updated is stored in a backup stack in a backup record mode, then the whole page of data of the target area to be updated is copied to a second anti-pulling data protection area of a second anti-pulling area, and a corresponding effective mark is written in a second anti-pulling mark area of the second anti-pulling area;
updating a target area to be updated, and writing a failure mark in a second anti-pulling mark area of a second anti-pulling area;
if power is lost in the process of updating the target area to be updated, restoring the data of the second anti-pulling data protection area by using the effective mark of the second anti-pulling area, restoring the corresponding backup record of the backup stack, and sequentially restoring the data in the first anti-pulling data protection area according to the first anti-pulling mark area of the first anti-pulling area;
after the transaction is submitted, a failure mark is written after the last effective mark of the first anti-pulling mark area, and the backup stack is failed, and the transaction is ended.
The beneficial effects achieved by the application are as follows:
(1) The performance of the intelligent card is greatly improved because the repeated backup of the data in the same page and the redundant backup of the backup stack are avoided.
(2) A balance of performance and space is achieved in the smart card. The performance of the intelligent card is quickened, and the storage space is saved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a block diagram of a conventional power-down protection mechanism;
FIG. 2 is a schematic diagram of a smart card according to a first embodiment of the present application;
FIG. 3 is a flow chart of a power-down protection mechanism for processing non-transactions according to the present application;
FIG. 4 is a flow chart of a power-down protection mechanism for processing transactions according to the present application;
FIG. 5 is a schematic diagram of another smart card according to a first embodiment of the present application;
FIG. 6 is a flow chart of another power-down protection mechanism for processing non-transactions provided by the present application;
FIG. 7 is a flow chart of another power-down protection mechanism for processing transactions according to the present application.
Detailed Description
The application is further described in connection with the following detailed description, in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the application easy to understand.
Before introducing the technical scheme of the application, the existing motor-off system is summarized:
due to the characteristics of Flash programming: the unit of erase is a page, and the unit of write is typically 4 bytes, 8 bytes, or 32 bytes, etc., collectively referred to as the minimum unit of write, and the chips of different manufacturers are differentiated. Therefore, for the financial IC card of the Flash chip, the programming process comprises a process of erasing before writing, so that the power failure in the programming process can influence the data in N minimum writing units and the data of the whole page.
At present, due to the limitation of Flash user space, most of power-down protection mechanisms are backup record+page protection modes, namely two areas, namely a backup stack and an anti-pulling area (shown in fig. 1) are needed.
The backup stack is used for storing the data of the data area to be updated in the backup stack in a backup record mode, and the backup record mainly comprises the address, the length, the data, the check bytes and the like of the target area to be updated. The method is mainly used for protecting the data of each target area to be updated in the transaction, and is used for recovering the target data area once power is lost. The anti-pulling area is divided into a data protection area and a mark area. The function of the anti-pulling area is to copy the whole page data of the data area to be updated into the anti-pulling data protection area, and write the corresponding effective mark in the anti-pulling mark area, and once the updating is completed, re-write the corresponding failure mark in the anti-pulling mark area. The anti-pulling area is recycled, so that the integrity of the whole page data of the current operation page is ensured.
Defects: the power-down protection mechanism has poor performance because of the double backup of the backup stack and the anti-pulling area and the repeated protection of the data area of the same page in continuous operation.
And (II) the memories of the current financial IC cards are mostly Flash memories, and the power-down protection mechanisms of the memories are basically two.
(1) Backup stack + anti-unplug zone: the backup stack is used for organizing the data of the data area to be updated and the corresponding address, length and check byte, and copying the data into the backup stack for storage in a backup record mode. The method is mainly used for protecting the data of each target area to be updated in the transaction, and is used for recovering the target data area once power is lost. The anti-pulling area is used for protecting the whole page of data where the target area to be updated is located. The number of the anti-pulling areas can be more or less, the data protection pages are recycled, only the latest data protection pages are valid forever, and once the data updating of the target area is completed, the data of the data protection pages of the anti-pulling areas are invalid.
In the mechanism, the backup stack and the anti-pulling area are added up, so that less storage space can be occupied, and enough space is reserved for users. But has the disadvantages of slow performance, double backup of the backup stack and the anti-pulling area, and repeated protection of the data area continuously operating on the same page.
(2) Anti-pulling area: the power failure protection mechanism is to remove the backup stack area and the function and uniformly use the anti-pulling area to carry out whole page protection. And if the target area to be updated is in the same page, the backup can not be repeated, and the redundant backup of the backup stack is avoided.
In this mechanism, the performance belongs to the optimal state. But in the limit (i.e. all target pages in the transaction are involved in the user area) the user area needs to be split in two, half of which is used as the anti-pull area. This mechanism is not suitable for financial IC cards with smaller space, and causes space waste and insufficient space for users.
For scheme (one), because the unit of erasing in the programming process of the Flash chip is a page, the protection of the whole page in the programming process is considered in the power-down protection mechanism, and in the process, the protection of the target area data to be updated is already covered. Therefore, the power-down protection mechanism can be realized by protecting the data of the whole page, canceling the backup stack area and the function, only adopting the anti-pulling area to perfect the function of the area, wherein the data is effective all the time before commit, and double backup is avoided. Meanwhile, when the target area to be updated in the same transaction is in the same page, repeated backup can be avoided. Aiming at the second defect, from the prior art, the second power-down protection mechanism meets the high requirement of the financial IC card on the performance, and the first power-down protection mechanism occupies less available storage space.
Example 1
In order to balance the requirements of the financial card on performance and space, the two schemes are fused together to realize the technical scheme of the application, in normal use, the condition that the second mechanism rarely reaches or approaches the limit is realized, so that the performance advantage in the second mechanism can be reserved, but in certain special cases related to garbage recycling and the like, the characteristic that the first mechanism needs smaller space can be fused, and the novel power-down protection mechanism provided by the application is formed.
In an embodiment of the application, as shown in fig. 2, the smart card includes a processor and a memory. A user data area and an anti-pulling area are arranged in the memory; preferably, if the user space is large enough to warrant implementation of the scheme, the user space is split into two, half as the user data area and half as the anti-unplugging area. If the user space requirement is large or the whole space of the chip is small, the user space cannot be divided into two, and the available size of the anti-pulling area can be distributed according to experience.
The anti-pulling area specifically comprises an anti-pulling data protection area and an anti-pulling mark area, the anti-pulling data protection area stores the whole page of data of the target area to be updated, and the anti-pulling mark area stores n effective marks and only one failure mark corresponding to each anti-pulling data protection area. Wherein, the composition of the effective mark: the method comprises a valid Tag (label), an address of a data protection area, an address of a target area to be updated and a check byte. Composition of failure flag: including the failure flag Tag.
As an example, a data area and an anti-pull area are provided in the memory of the smart card, and the anti-pull area includes an anti-pull data protection area and an anti-pull flag area.
As shown in fig. 3, in this example, when non-transactions are processed, the power-down protection mechanism specifically includes:
step 310, receiving a request for writing non-transaction data into a target area to be updated of a user data area;
step 320, copying the whole page data of the target area to be updated to the anti-pulling data protection area, and writing a corresponding effective mark in the anti-pulling mark area;
step 330, updating the target area to be updated;
step 340, if power failure occurs in the process of updating the target area to be updated, searching a corresponding effective mark from the anti-pulling mark area, and recovering data corresponding to the effective mark in the anti-pulling data protection area to the target area to be updated;
and 350, after non-transaction submission, writing a failure mark after the last valid mark of the anti-pulling mark area, and ending.
When the intelligent card processes the non-transaction operation, the original data is backed up to the anti-pulling data protection area because no association exists between the non-transaction data writing, and after the non-transaction data is written, the failure mark is written in the anti-pulling mark area, and the non-transaction processing is finished.
As shown in fig. 4, in this example, when a transaction is processed, the power-down protection mechanism specifically includes:
step 410, the transaction is started, and a request for writing transaction data into a target area to be updated of the user data area is received.
Step 420, checking whether a valid mark exists in the anti-pulling mark area at the page address of the target area to be updated, and if so, not needing backup; if the data does not exist, copying the whole page of data of the target area to be updated to the anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the anti-pulling mark area.
Step 430, updating the target area to be updated of the user data area.
Step 440, if power failure occurs in the process of updating the target area to be updated, searching the corresponding effective mark from the anti-pulling mark area, and sequentially recovering all data before the effective mark in the anti-pulling data protection area to the target area to be updated by using the effective mark, thereby ensuring the integrity of the transaction.
And step 450, writing a failure mark after the last valid mark of the anti-pulling mark area after the transaction is submitted, and ending the transaction.
The area updated by the transaction data written to the user data area includes a target area to be updated 1, target areas to be updated 2, … …, and target area to be updated n.
And starting the transaction, copying the whole Page of data of the target area 1 to be updated to Page_1 of the data protection area, and writing a corresponding effective mark 1 in the mark area. Specifically, before updating the target area 1, the whole Page data of the target area 1 to be updated is backed up and validated, and once power is lost in the process of updating the target area 1, the valid flag 1 can be used to restore the page_1 data of the anti-pulling data protection area to the target area 1 to be updated.
Checking the page address of the target area 2 to be updated in the mark area, if the page address exists, the backup is not needed, repeated backup is avoided, and the performance is improved; if the data does not exist, copying the whole Page of data of the target area 2 to be updated to the Page_2 of the data protection area, and simultaneously writing a corresponding effective mark 2 in the mark area.
Before updating the target area 2, backing up the whole Page data of the target area 2 to be updated, enabling the data to be effective, and once power is lost in the process of updating the target area 2, recovering the Page_2 data of the anti-pulling data protection area to the target area 2 to be updated by using the effective mark 2, and recovering the Page_1 data of the anti-pulling data protection area to the target area 1 to be updated by using the effective mark 1. Thus, the integrity of the transaction is guaranteed.
……
And checking the page address of the target area n to be updated in the mark area, and if the page address exists, no backup is needed. If the data does not exist, copying the whole Page of data where the target n to be updated is located to the Page_n of the data protection area, and writing a corresponding effective mark in the mark area.
Before updating the target area n, backing up the whole Page data of the target area n to be updated, enabling the data to be effective, and once power is lost in the process of updating the target area n, recovering the Page_n data of the anti-pulling data protection area to the target area n to be updated, … … by using the effective mark n, recovering the Page_2 data of the anti-pulling data protection area to the target area 2 to be updated by using the effective mark 2, and recovering the Page_1 data of the anti-pulling data protection area to the target area 1 to be updated by using the effective mark 1. Thus, ensuring the integrity of the transaction
As another example, as shown in fig. 5, a data area, two anti-pull areas (a first anti-pull area and a second anti-pull area) and a backup stack are set in the memory of the smart card, where the first anti-pull area and the second anti-pull area each include an anti-pull data protection area and an anti-pull flag area. Preferably, the first anti-pull area has a greater storage capacity than the second anti-pull area.
The first anti-pulling data protection area of the first anti-pulling area stores the whole page of data of the target area to be updated, and the first anti-pulling mark area stores n effective marks and only one failure mark corresponding to each anti-pulling data protection area. Composition of the active flag: the method comprises the steps of including an effective mark Tag, an address of a data protection area, an address of a target area to be updated and a check byte; composition of failure flag: including the failure flag Tag.
The second anti-pulling area is matched with the backup stack for use and can be recycled. The second anti-pulling data protection area of the second anti-pulling area stores the whole page of data of the target area to be updated. The second anti-pulling mark area of the second anti-pulling area stores m effective marks and m invalid marks corresponding to each anti-pulling data protection area. Composition of the active flag: the method comprises the steps of including a valid flag Tag, an address of a data protection area, an address of a target area to be updated and a check byte. Composition of failure flag: including the failure flag Tag.
The backup stack mainly stores related data of a target area to be updated, and consists of a plurality of backup records, wherein the backup records consist of: including the address, length, data and check bytes of the target area to be updated.
As shown in fig. 6, in this example, when a non-transaction is processed, only the second anti-pull area is used to protect the whole page data of the target area to be updated (the non-transaction processing is equivalent to that of the example which uses only one anti-pull area), and the power-down protection mechanism specifically includes:
step 610, receiving a request for writing non-transaction data into a target area to be updated of a user data area;
step 620, copying the whole page data of the target area to be updated to a second anti-pulling data protection area, and writing a corresponding effective mark in a second anti-pulling mark area;
step 630, updating the target area to be updated;
step 640, if power failure occurs in the process of updating the target area to be updated, searching a corresponding effective mark from the second anti-pulling mark area, and recovering data corresponding to the effective mark in the second anti-pulling data protection area to the target area to be updated;
and step 650, after non-transaction submission, writing a failure mark after the last valid mark of the second anti-pulling mark area, and ending.
As shown in fig. 7, in this example, when a transaction is processed, the power-down protection mechanism specifically includes:
and 710, starting the transaction, and receiving a request for writing transaction data into a target area to be updated of the user data area.
Step 720, checking whether the number of the currently written target areas to be updated exceeds the number of the first anti-pulling areas, if so, executing step 760, otherwise, executing step 730;
setting a first anti-pulling data protection area of a first anti-pulling area as n pages (until the first anti-pulling data protection area is full), setting a second anti-pulling data protection area of a second anti-pulling area as m (capable of being recycled), copying target areas 1-n to be updated to the first anti-pulling area, copying the target areas n+1 to the second anti-pulling area after the target areas are updated, and starting a backup stack.
Step 730, checking whether a valid mark exists in the first anti-pulling mark area at the page address of the target area to be updated, and if so, not needing backup; if the target area does not exist, copying the whole page data of the target area to be updated to the first anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the first anti-pulling mark area.
Step 740, updating the target area to be updated.
Step 750, if power failure occurs in the process of updating the target area to be updated, searching a corresponding effective mark from the anti-pulling mark area, recovering all data before the effective mark in the anti-pulling data protection area to the target area to be updated by sequentially using the effective mark, ensuring the integrity of the transaction, and then executing step 790.
Step 760, checking whether a valid mark exists in the first anti-pulling mark area at the page address where the target area to be updated is located, if so, no backup is needed; if the data of the target area to be updated does not exist, the data of the target area to be updated is stored in a backup stack in a backup record mode, then the whole page of data of the target area to be updated is copied to a second anti-pulling data protection area of the second anti-pulling area, and meanwhile a corresponding effective mark is written in a second anti-pulling mark area of the second anti-pulling area.
The backup stack write backup record 1 contains the address, length, data, check bytes and the like of the target area n+1 to be updated. And copying the whole page data of the target area n+1 to be updated to a second anti-pulling data protection area of the second anti-pulling area, and simultaneously writing a corresponding effective mark in a second anti-pulling mark area of the second anti-pulling area.
Since the first anti-pulling area is used up, the backup stack and the second anti-pulling area are used for protecting and validating the area and the whole page related to the target area n+1 to be updated.
And step 770, updating the target area to be updated, and writing down a failure mark in a second anti-pulling mark area of the second anti-pulling area.
And 780, if power failure occurs in the process of updating the target area to be updated, restoring the data of the second anti-pulling data protection area by using the effective mark of the second anti-pulling area, restoring the corresponding backup record of the backup stack, and sequentially restoring the data in the first anti-pulling data protection area according to the first anti-pulling mark area of the first anti-pulling area.
And once power is lost in the process of updating the target area n+1, recovering the data of the second anti-pulling data protection area by using the effective mark of the second anti-pulling area, recovering the backup record 1 of the backup stack, and sequentially recovering the data in the first anti-pulling data protection area from n to 1 according to the first anti-pulling mark area.
And step 790, after the transaction is submitted, writing a failure mark after the last effective mark of the first anti-pulling mark area, and disabling the backup stack, and ending the transaction.
The area updated by the transaction data written in the user data area comprises a target area to be updated 1, target areas to be updated 2 and … …, a target area to be updated n, a target area to be updated n+1, a target area to be updated n+2 and a target area to be updated n+m.
And copying the whole Page data of the first target area to be updated to Page_1 of the data protection area of the first anti-pulling area, and simultaneously writing a corresponding effective mark 1 in a first anti-pulling mark area of the first anti-pulling area. (before updating the first target area to be updated, backing up and validating the whole Page data of the first target area to be updated, and once power is lost in the process of updating the first target area to be updated, using the valid flag 1 to restore Page_1 data of the first anti-pulling data protection area to the first target area to be updated)
Checking the page address of the second target area to be updated in a first anti-pulling mark area of the first anti-pulling area, if the page address exists, no backup is needed, repeated backup is avoided, and the performance is improved; if the data does not exist, copying the whole page of data of the second target area to be updated to the first anti-pulling data protection area, and simultaneously writing a corresponding effective mark 2 in the first anti-pulling mark area.
Before updating the second target area to be updated, backing up the whole Page data of the second target area to be updated to Page_2 of the first anti-pulling data protection area, enabling the data to be effective, and once power is lost in the process of updating the second target area to be updated, recovering Page_2 data of the first anti-pulling data protection area to the second target area to be updated by using the effective mark 2, and then recovering Page_1 data of the first anti-pulling data protection area to the first target area to be updated 1 by using the effective mark 1, so that the integrity of transactions is ensured.
……
Checking the page address of the target area n to be updated in the first anti-pulling mark area, and if the page address exists, needing no backup; if the data does not exist, copying the whole page of data of the target area n to be updated to the first anti-pulling data protection area, and simultaneously writing a corresponding effective mark n in the first anti-pulling mark area.
Before updating the target area n to be updated, backing up the whole Page data of the target area n to be updated to the Page_n of the first anti-pulling data protection area, enabling the data to be effective, once power is lost in the process of updating the target area n to be updated, recovering the Page_n data of the first anti-pulling data protection area to the target area n to be updated by using the effective mark n, recovering the Page_n-1 data of the first anti-pulling data protection area to the target area n-1 to be updated by using the effective mark n-1, … …, recovering the Page_2 data of the first anti-pulling data protection area to the target area 2 to be updated by using the effective mark 2, and recovering the Page_1 data of the first anti-pulling data protection area to the target area 1 to be updated by using the effective mark 1.
Since the number of the first anti-pulling data protection areas is set to be n, when the effective zone bit is written to the nth zone bit, the first anti-pulling area is fully written, and the first anti-pulling area needs to be checked again at the moment so as to prevent the first anti-pulling area from being backed up, if the page address of the target area to be updated is needed, the backup record and the page protection are not needed, and the time is saved.
And checking the page address of the target area n+1 to be updated in the first anti-pulling mark area. If already present, no backup is needed. If not, the data of the target area n+1 to be updated is stored in the backup stack in a backup record mode, namely the backup record 1. The backup record contains the address, length, data, check bytes and the like of the target area n+1 to be updated. And copying the whole page data of the target area n+1 to be updated to a second anti-pulling data protection area, and simultaneously writing a corresponding effective mark in a second anti-pulling mark area.
Since the first anti-pulling area is used up, the backup stack and the second anti-pulling area are used for protecting and validating the area and the whole page related to the target area n+1 to be updated. And once power is lost in the process of updating the target n+1, recovering the data of the second anti-pulling data protection area by using the effective mark of the second anti-pulling area, recovering the backup record 1 of the backup stack, and sequentially recovering the data in the first anti-pulling data protection area from n to 1 according to the first anti-pulling mark area.
Updating the target area n+1, and writing a failure mark in the second anti-pulling mark area. The second anti-pulling data protection page is disabled so as to be recycled;
checking the page address of the target area n+2 to be updated in the first anti-pulling mark area, and if the page address exists, needing no backup; if not, the data of the target area n+2 to be updated is stored in the backup stack in a backup record mode, namely the backup record 2. The backup record contains the address, length, data, check bytes and the like of the target area n+2 to be updated. And copying the whole page data of the target area n+2 to be updated to a second anti-pulling data protection area, and simultaneously writing a corresponding effective mark in a second anti-pulling mark area.
Since the first anti-pulling area is used up, the backup stack and the second anti-pulling area are used for protecting and validating the area and the whole page related to the target area n+2 to be updated. And once power is lost in the process of updating the target n+2, recovering the data of the second anti-pulling data protection area by using the effective mark of the second anti-pulling area, then recovering the backup record 2 and the backup record 1 of the backup stack, and sequentially recovering the data in the first anti-pulling data protection area from n to 1 according to the first anti-pulling mark area.
Updating the target area n+2, and writing a failure mark in the second anti-pulling mark area. The second anti-pulling data protection page is disabled for recycling.
……
Transaction commit: after the last valid mark of the first anti-pulling mark area, writing an end mark. While disabling the contents of the backup stack. The purpose is to make all data in the first anti-pulling area and the backup stack invalid, which means that the transaction is normally completed and the transaction is ended.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present application in further detail, and are not to be construed as limiting the scope of the application, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the application.

Claims (8)

1. A smart card, wherein the smart card comprises a processor and a memory; a user data area and an anti-pulling area are arranged in the memory; the anti-pulling area comprises an anti-pulling data protection area and an anti-pulling mark area, the anti-pulling data protection area stores the whole page of data of the target area to be updated, and the anti-pulling mark area stores n effective marks and one invalid mark corresponding to each anti-pulling data protection area; the effective mark comprises an address of the anti-pulling data protection area and an address of a target area to be updated.
2. A smart card power-down protection method, which is applied to the smart card as claimed in claim 1, and comprises the following steps:
receiving a data writing request to a target area to be updated of the user data area;
copying the whole page data of the target area to be updated to the anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the anti-pulling mark area;
updating a target area to be updated;
if power is lost in the process of updating the target area to be updated, searching a corresponding effective mark from the anti-pulling mark area, and recovering data corresponding to the effective mark in the anti-pulling data protection area to the target area to be updated;
after the data request is finished, writing a failure mark after the last effective mark of the anti-pulling mark area, and finishing.
3. The method for protecting against power failure of a smart card according to claim 2, further comprising, before copying the entire page of data in which the target area to be updated is located to the anti-unplugged data protection area:
checking whether an effective mark exists in the anti-pulling mark area or not in the address of the target area to be updated, and if so, needing no backup; if the data does not exist, copying the whole page of data of the target area to be updated to the anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the anti-pulling mark area.
4. A smart card, wherein the smart card comprises a processor and a memory; the memory is provided with a user data area, two anti-pulling areas and a backup stack;
the first anti-pulling data protection area of the first anti-pulling area stores the whole page of data of the target area to be updated, and the first anti-pulling mark area stores n effective marks and only one failure mark corresponding to each anti-pulling data protection area;
the second anti-pulling data protection area of the second anti-pulling area stores the whole page of data of the target area to be updated; the second anti-pulling mark area of the second anti-pulling area stores m effective marks and m invalid marks corresponding to each anti-pulling data protection area;
the backup stack stores the related data of the target area to be updated and consists of a plurality of backup records;
the first anti-pulling area and the second anti-pulling area comprise an anti-pulling data protection area and an anti-pulling mark area, the anti-pulling data protection area stores the whole page of data of the target area to be updated, and the anti-pulling mark area stores n effective marks and a failure mark corresponding to each anti-pulling data protection area.
5. A smart card as in claim 4 wherein the second anti-pull area is adapted to be recycled in conjunction with the backup stack.
6. A smart card power-down protection method, which is applied to a smart card according to any one of claims 4-5, and comprises the following steps:
receiving a data writing request to a target area to be updated of a user data area;
copying the whole page data of the target area to be updated to a second anti-pulling data protection area, and simultaneously writing a corresponding effective mark in a second anti-pulling mark area;
updating a target area to be updated;
if power is lost in the process of updating the target area to be updated, searching a corresponding effective mark from a second anti-pulling mark area, and recovering data corresponding to the effective mark in a second anti-pulling data protection area to the target area to be updated;
after the data request is finished, writing a failure mark after the last effective mark of the second anti-pulling mark area, and finishing.
7. The method for protecting against power failure of a smart card as recited in claim 6, wherein before copying the entire page of data in which the target area to be updated is located to the second anti-unplugged data protection area, further comprising: checking whether the number of the currently written target areas to be updated does not exceed the number of the first anti-pulling areas, checking whether the page addresses of the target areas to be updated have effective marks in the first anti-pulling mark areas, and if so, eliminating the need for backup; if the target area does not exist, copying the whole page data of the target area to be updated to the first anti-pulling data protection area, and simultaneously writing a corresponding effective mark in the first anti-pulling mark area.
8. The method for protecting against power failure of a smart card as recited in claim 6, wherein before copying the entire page of data in which the target area to be updated is located to the second anti-unplugged data protection area, further comprising: checking whether the number of the currently written target areas to be updated exceeds the number of the first anti-pulling areas or not, if so, not needing to be backed up; if the data of the target area to be updated does not exist, the data of the target area to be updated is stored in a backup stack in a backup record mode, then the whole page of data of the target area to be updated is copied to a second anti-pulling data protection area of the second anti-pulling area, and meanwhile a corresponding effective mark is written in a second anti-pulling mark area of the second anti-pulling area.
CN202311139592.0A 2023-09-05 2023-09-05 Smart card and power-down protection method thereof Pending CN117151148A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311139592.0A CN117151148A (en) 2023-09-05 2023-09-05 Smart card and power-down protection method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311139592.0A CN117151148A (en) 2023-09-05 2023-09-05 Smart card and power-down protection method thereof

Publications (1)

Publication Number Publication Date
CN117151148A true CN117151148A (en) 2023-12-01

Family

ID=88909710

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311139592.0A Pending CN117151148A (en) 2023-09-05 2023-09-05 Smart card and power-down protection method thereof

Country Status (1)

Country Link
CN (1) CN117151148A (en)

Similar Documents

Publication Publication Date Title
CA2420986C (en) Non-volatile memory control method
CN1900919B (en) Flash memory comprising a plurality of blocks
CN100576243C (en) The method for writing data of smart card
EP3866017B1 (en) Security check systems and methods for memory allocations
WO2007066720A1 (en) Nonvolatile memory device, method of writing data, and method of reading out data
CN101251826B (en) Flash memory, method and apparatus for data management of flash memory
US20060200500A1 (en) Method of efficiently recovering database
JP2003502732A (en) An array storing different versions of a data set in separate memory areas and a method for updating a data set in a memory
JP4046877B2 (en) Batch erase nonvolatile memory and mobile phone
WO2022126470A1 (en) Flash data power failure protection method and device
US20030106942A1 (en) IC card and data processing method therefor
CN113190470A (en) FLASH chip storage area and high-performance power-off-prevention read-write method thereof
CN111104253B (en) Smart card for power failure protection and working method thereof
US7167964B1 (en) Memory defragmentation in chipcards
EP1510924B1 (en) Apparatus and method for handling transactions with writes and reads to EEPROM or Flash memories
CN117151148A (en) Smart card and power-down protection method thereof
US8868822B2 (en) Data-processing method, program, and system
EP1046996A1 (en) Memory defragmentation in chipcards
CN110471626B (en) Nor Flash management layer and method applied to Java Card
US7773433B2 (en) Method for managing a non-volatile memory in a smart card
JP2008047155A (en) Batch erasable nonvolatile memory and mobile phone
US7849279B2 (en) Method for the secure updating data areas in non volatile memory, device to perform such a method
CN113419678A (en) Storage management method for embedded system
CN112948172B (en) Mirror image protection method and data structure based on FLASH chip with page atomicity
JP7322923B2 (en) Secure element, transaction control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination