CN1223737A - Portable, secure transaction system for programmable, intelligent devices - Google Patents
Portable, secure transaction system for programmable, intelligent devices Download PDFInfo
- Publication number
- CN1223737A CN1223737A CN 97195913 CN97195913A CN1223737A CN 1223737 A CN1223737 A CN 1223737A CN 97195913 CN97195913 CN 97195913 CN 97195913 A CN97195913 A CN 97195913A CN 1223737 A CN1223737 A CN 1223737A
- Authority
- CN
- China
- Prior art keywords
- module
- mark
- address space
- read
- logical address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The present invention provides a transaction management system for executing transactions between a first device (1) and a second device, said first and second devices being adapted for communication with each other and at least one of said first and second devices being an integrated circuit card, said system comprising: at least one input/output device (25); a portable virtual machine (20) for interpreting a computer program on said first device, said virtual machine comprising a virtual microprocessor and a driver for said at least one input/output device (25); and execution means responsive to said interpreted program for executing said program. The general linking technical concept behind the present invention is portability combined with security of data and run-time guarantees in a transaction system which are independent of the target implementation provided compile time checks are passed successfully. This concept is achieved by: using a virtual machine as an interpreter, including a driver for the I/O devices in the virtual machine so that application programs have a common interface with I/O devices and are therefore portable across widely differing environments, allocating and deallocating memory and including an indication of the amount of memory in the application program which means that the program will only run successfully or it will not run at all and security management functions are reduced to a minimum which improves operating speed, and providing a secure way of importing and exporting data in and out of application programs and databases.
Description
The present invention relates to a kind of programmable, intelligent devices and the system of integrated circuit card and method of operating of this card and terminating machine that comprises such as terminating machine, terminating machine comprises ATM (Automatic Teller Machine), PC, pay TV device, point-of-sale terminals, health care card or similar device.The present invention is specially adapted to carry out financial transaction.
Technical background
Known various types of terminating machine can be concluded the business, and as financial transaction, it contains the transfer of securities or the transaction of exchange or nature of business security, such as the transaction that utilizes the health care card or with general data access, for example the SLM card of gsm mobile telephone.Terminating machine is known as point of sale (POS) device, ATM (Automatic Teller Machine) (ATM) or gsm mobile telephone.The scope of actual product arrives thirty-two bit computer operation system as the Intel 8031/8051 of American I ntel company supply or the small handheld devices of integrated circuit card (ICC), as the UNNIX that is provided by MS from adopting simple 8-bit microprocessor
TMOr form NT.Some machine and personal user block interaction, and this card can be magnetic stripe card, smart card or integrated circuit card, have wherein stored designated user identification and confirmation required before beginning between user and the terminating machine to communicate.The user is positioned over card in the card reader relevant with terminating machine, carries out the resident program in the terminating machine and checks this card, checks user profile, confirms its validity, can point out the user to input password or special number if desired, as PIN (individual identification numeral).After affirmation, program normally allows the user to select to want the service of carrying out, and for example, extracts cash, checks present balance of payment.This terminating machine can stand alone type or is connected with mainframe computer by local mode or communication network.The service in general one day 24 hours of this terminating machine, tight security must be minimumly safeguarded and be had in its operation.
The significant investment of this terminating machine representative on hardware do not need to replace continually usually.When the software that provides new service the time must be updated in to move on this terminating machine and program and upgrade and to carry out safely.Usually, the terminating machine operating mechanism requires each renewal guaranteed as bank.So renewal can be by manually or through special use or the remote control of public correspondence networking carrying out, as United States Patent (USP) numbering 5,434, shown in 999.So the type of known arrangement requirement terminating machine and pattern, therefore cost an arm and a leg owing to be necessary for the software that a Terminal Type facility body is set up each terminating machine for newly developed known.Moreover, can be from all possible mechanism that similar service is provided, for example all banks or credit agency provide service, and terminating machine must be able to be handled all programs of all mechanisms.Because the height movability of individual and businessperson, it is favourable that all services that provide in a country all should provide at every station terminal machine.This just causes each terminating machine unnecessary big processing capacity and memory size.Moreover each program in these programs must be upgraded on demand.A kind of solution is that each terminating machine can use small-sized workstation, can be connected to telecommunication system.So system can carry out the off-line processing and switch to the online treatment of unusual transaction or the automatic renewal of resident program.For example can be through general telephone network and the security of attacked open system in order to keep, require workstation is carried out complicated affirmation and carries out necessary encipherment scheme.Along with the increase of scale and complexity, the problem of maintenance safe also increases.
Even utilize this system to have the problem of Version Control, not that all service-users of same mechanism all have the card that is suitable for the latest edition service.When mechanism of multinational family introduces or can this thing happens during update service in country variant at different time.Only in WO 96/18979, proposed this section user's individual integrated circuit card and upgraded terminating machine.The programmed instruction of expression subroutine is stored in the terminating machine that explanation was gone up and be may be output to card.Adopt the interpreter in the terminating machine to allow same card to be used for any terminating machine that comprises interpreter, make transaction and master microprocessor on terminating machine irrelevant.Yet, do not have a kind of method of controlling security to be used for eliminating possible dangerous subroutine by narration.
The terminating machine of the above-mentioned type also has a processor, the storer that comprises some form, be generally some random-access memory (ram) of working procedure, storage only needs some ROM (read-only memory) (ROM) of sense data (program that comprises terminating machine operating system), and non-volatile read/write memory, store changeable general data.It is special-purpose that users personal data should be held, and therefore should make the user can not other people data of visit, no matter is accidental or intentionally.Moreover the various writable memories of terminating machine should not produce fragment along with the time.Memory fragmentation may cause adjacent memory block size to reduce so that some program can not be moved.For fear of this problem, some program languages are such as Java
TMUse garbage collection.Garbage collection is a kind of data of no longer need in the recognition memory attempting and removes the subroutine that it is distributed.It is the option of having notified at present, removes the data of distributing himself to store significantly compared with usefulness-program.Garbage collection is the more reliable fashion of diode-capacitor storage.Obviously memory allocation and releasing are assigned and are retained as public high-level programming language such as C or C
++The maximum single source of middle programming error.
Garbage collection has several shortcomings.At first, garbage collection is a kind of operation system function rather than application program functions peculiar.So garbage collection does not guarantee that the data of each application are disengaged distribution when using end, but on the contrary, such data a period of time may occur up to there not being access to trigger garbage collection.In financial transaction, need a kind of safer method that reduces addressing private user data possibility.The second, it can increase the size of the desired storage space of operating system.Be restricted on integrated circuit card and some terminating machine storeies, the use of garbage collection has a critical defect.As mentioned above, terminating machine seldom is replaced, so that various terminating machines have different processor ability and memory size, normal running in system simultaneously.Terminating machine early is subjected to strict restriction usually on its ability.Though the oldest type may be replaced, provide more careful and mean that with demand complex services older terminating machine perhaps no longer often is replaced later on, there is the capacity of some no longer to lag behind in them.Therefore, to need will may keeping according to requiring of the compact operating system that can work on multiple processor, last, garbage collection just can not discharge storer in case do not utilize explicit solution to remove distribution.Because storer is piled up, this can also increase required amount of memory when discharging.
A kind of safety method of memory management working time such as United States Patent (USP) numbering 5,434,999 is described.Whether for example, according to this known method, the interpreter in the terminating machine carries out the systems inspection of any processing memory address instruction, approved with the memory area of checking request access.The shortcoming of this system is that each instruction must be checked, handles very slow in this way.The program runtime inspection is the waste condition.
Need a kind of system that the programmable terminal machine is provided, allow the application programmer to be created in portable and software neutrality on different types of terminating machine, that is, irrelevant with the processor that uses in the terminating machine, do not need the type approval is carried out in each type or the manufacturing of terminating machine.Terminating machine resident operating system and application program be preferably compact, carry out rapidly and meet safety requirements.Moreover if application program is upgraded easily, each user service that can obtain expecting at least preferably has nothing to do with the terminating machine geographic position.
The purpose of this invention is to provide a kind of secure transaction management system of the usefulness of concluding the business and the method for this system of operation.
The method that further purpose of the present invention provides the transaction security terminal machine of usefulness and integrated circuit card and operates these devices.
Further purpose of the present invention provides a kind of can be in small handheld devices, as carrying out the device that uses in the transaction on the integrated circuit card.
Further purpose of the present invention provides a kind of transaction system that can utilize terminating machine or integrated circuit card as the source of lastest imformation terminating machine or integrated circuit card to be upgraded.
Further purpose of the present invention provides a kind of the have trade managing system of tight security and good travelling speed and the method for this system of operation.
Brief summary of the invention
The present invention relates to a kind of trade managing system of between first device and second device, carrying out transaction, first and second device is suitable for communicating with one another, have at least one to be integrated circuit card in first and second device, this system comprises: at least one input/output device; Portable virtual machine, in order to explain the computer program on first device, this virtual machine comprises a virtual microprocessor and the driver that is used for this at least one input/output device; And carry out described program implementation device according to described interpretive routine.Preferably, if portable virtual machine is a stack machine, bring operating speed and compactedness like this.
The present invention also provides a kind of terminating machine that comprises first device of concluding the business with second device; Have at least one to be integrated circuit card in first and second device, terminating machine comprises: a portable virtual machine, explain the computer program on first device, described portable virtual machine comprises a virtual microprocessor and is used for the driver of at least one input/output device, and carries out described program implementation device according to described interpretive routine.
The present invention also provides a kind of self-contained portable smart card that comprises first device of concluding the business with second device, and this smart card comprises: a portable virtual machine, it comprises a virtual microprocessor and is used for the driver of at least one defeated people/output unit.
The present invention also provides a kind of trade managing system, comprising: first device and second device, first and second device are suitable for communicating with one another and first and second has at least one to be integrated circuit card in installing; Described second device comprises provides at least one can revise the upward device of the programmed instruction of the execution time condition of computer program of first device at least; Described first device comprises a virtual machine, this virtual machine comprises the device that is written into and explains described computer program, described be written into the loaded described computer program of interpreting means after and described computer program when moving, described being written into interpreting means further is suitable for being written into and explaining described at least one programmed instruction according to predetermined safety condition; With carry out described loaded and explanation program implementation device according to described programmed instruction loaded and that explain with described modifications back condition.
In addition, the present invention also provides a kind of terminating machine that comprises first device of concluding the business with second device, have at least one to be integrated circuit card in described first and second device, described second device comprises provides at least one can revise the upward device of the programmed instruction of the execution time condition of computer program of first device at least; Described terminating machine comprises: described first device, described first device comprises a virtual machine, this virtual machine comprises the device that is written into and explains described computer program, described be written into the loaded described computer program of interpreting means after and described computer program when moving, described being written into interpreting means further is suitable for being written into and explaining described at least one programmed instruction according to predetermined safety condition; With carry out described loaded and explanation program implementation device according to described programmed instruction loaded and that explain with described modifications back condition.
The present invention also provides a kind of self-contained portable smart card that comprises first device of concluding the business with second device, described second device comprises provides at least one can revise the upward device of the programmed instruction of the execution time condition of computer program of first device at least, described smart card comprises: described first device, described first device comprises a virtual machine, this virtual machine comprises the device that is written into and explains described computer program, described be written into the loaded described computer program of interpreting means after and described computer program when moving, described being written into interpreting means further is suitable for being written into and explaining described at least one programmed instruction according to predetermined safety condition; With carry out described loaded and explanation program implementation device in response to described programmed instruction loaded and that explain with described modifications back condition.
The present invention also provides a kind of transaction system of carrying out transaction between first device and second device, and described system comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one first application program comprises that it carries out the indication of required read/writable logical address space amount, and this at least one first application program is to patch into the mode of the stream of data with mark that is selected from one group of mark and respective straight to write; Described virtual machine also comprises: the loader that is written into described at least one first application program; Described indication distributes the first read/writable logical address space amount with foundation, and particularly at the device of described at least one first application program, the read/writable logical address space of described distribution has qualification and protection border.First device according to the present invention can be the personal computer that is connected to Internet and running browser, the requirement of each module that is received by browser must comprise its memory requirement indication, improves the security of browser and the infringement that restriction may be subjected to being included in any virus in the load module.
The present invention also provides a kind of terminating machine that comprises first device of concluding the business with second device, and described first device comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one first application program comprises that it carries out indication of required read/writable logical address space amount and can be output to the first mutual exclusion table that has a function on other application program at least, and this at least one first application program is to patch into the mode of the stream of data with mark that is selected from one group of mark and respective straight to write; Described virtual machine also comprises: the loader that is written into described at least one first application program; Described indication distributes the first read/writable logical address space amount with foundation, and particularly at the device of described at least one first application program, the read/writable logical address space of described distribution has qualification and protection border.
The present invention also provides a kind of self-contained portable smart cards that comprises first device of concluding the business with second device, and described first device comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one first application program comprises that it carries out the indication of required read/writable logical address space amount, and this at least one first application program is to patch into the mode of the stream of data with mark that is selected from one group of mark and respective straight to write; Described virtual machine also comprises: the loader that is written into described at least one first application program; Described indication distributes the first read/writable logical address space amount with foundation, and particularly at the device of described at least one first application program, the read/writable logical address space of described distribution has qualification and protection border.
The present invention also provides a kind of transaction system of carrying out transaction between first device and second device, and at least one is an integrated circuit card in first and second device, and this system comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one database comprises at least one record and at least one computer program of being carried out by described virtual machine, and described computer program is a module of writing in the mark stream mode that is selected from one group of mark and comprises the indication of carrying out the required non-initialization read/writable logical address space amount of described module; Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With the device that writes down in the described database of visit, record in the database only can be by described module accesses, and described access means provides a form and copies to this record by the addressable part of described application program in the non-initial read/writable logical address space on the record at present at database.
In addition, the present invention also provides a kind of terminating machine that comprises first device of concluding the business with second device, at least one is an integrated circuit card in first and second device, and described first device comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one database comprises at least one record and computer program that at least one is carried out by described virtual machine, and described computer program is a module of writing in the mark stream mode that is selected from one group of mark and comprises the indication of carrying out the required non-initialization read/writable logical address space amount of described module; Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With the device that writes down in the described database of visit, record in the database only can be by described module accesses, and described access means provides a form and copies to this record by the addressable part of described application program in the non-initial read/writable logical address space on the record at present at database.
The present invention also provides a kind of self-contained portable smart cards that comprises first device of concluding the business with second device, and described first device comprises: the virtual machine of explaining the one group of private byte code mark that puts on this; Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space; At least one database comprises at least one record and computer program that at least one is carried out by described virtual machine, and described computer program is a module of writing in the mark stream mode that is selected from one group of mark and comprises the indication of carrying out the required non-initialization read/writable logical address space amount of described module; Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With the device that writes down in the described database of visit, record in the database only can be by described module accesses, and described access means provides a form and copies to this record by the addressable part of described application program in the non-initial read/writable logical address space on the record at present at database.
The present invention also provides a kind of and carry out transaction method between first device and second device, and first device has at least one to be integrated circuit card in installing with second; Described method comprises: provide at least one programmed instruction on second device, can revise the execution time condition that first device is gone up computer program at least; Be written into and explain this computer program, when this computer program is moving, be written into and explain this at least one programmed instruction according to predetermined safety condition; And in response to being carried out the computer program that this is written into and explains with amended condition by described loaded and interpreter directive.
The present invention also provides a kind of and carry out transaction method between first device and second device, and at least one was an integrated circuit card during first device installed with second; Described method comprises: explain with the syllabified code mark that is selected from one group of mark and respective straight to patch at least one application program of writing into the mode of the stream of data; Be written into this at least one application program; Carry out the indication of required read/writable logical address space amount according to the program in the described application program of being included in; be specially this at least one application assigned first read/writable logical address space amount, limit and protect the described border that is assigned with the read/writable logical address space.This method is used in combination with optional trivial solution the distribution of interpreter and storer except that distributing.This provides dirigibility and portable mixing to be provided at simultaneously and has guaranteed the working time of compilation phase after application program is passed through to check fully.This has reduced the infringement that is caused by virus in the application program of importing.
The present invention also comprises a kind of method of carrying out transaction system between first device and one second device, has at least one to be integrated circuit card in first and second device; Described method comprises: the mark of writing in the mark stream mode that is selected from one group of mark in the explanation module; The indication of required non-initial read/writable logical address space amount distributes non-basic logical address/amount of space when carrying out in this module; The record that provides in the database current record in the form accessing database is provided, and the record in the database only can pass through this module accesses; With described record is copied to by in the non-initial read/writable logical address space of the addressable part of this module.
The present invention also comprises a kind of method of carrying out transaction system between first device and second device, and at least a in first and second device is integrated circuit card; Described method comprises: a portable virtual machine is provided, and it comprises a virtual microprocessor and is used for the driver of at least one input/output device; Utilize the computer program on portable virtual machine interpretation first device; With carry out described program in response to the described program of having explained.
According to the present invention, a kind of secure transaction management system is provided, preferably comprise a portable virtual microprocessor.Each module preferably has one group of virtual address space that guarantees to be different from other any virtual address spaces.In addition, portable virtual microprocessor better preserved is to shared resource, as the access of various storehouses or database.Preferably, minimum protection is a storer of checking that the data space access border reading and write and absolute prohibition are written to code space.Moreover, check preferably underflow and overflow and return stack at data.Preferably, but the module data directly exported of other certain modules of access only.Preferably, but the data (virtual microprocessor does not leak) do not exported of access never, except the function that provides by module.The best output data not of module in general sense; Module is output function only preferably.Preferably, leak in logical boundary forbidden data space.In other words, all data that module had are preferably fully special-purpose.Preferably all execute this restriction in compilation time with on working time,, this means that the address of some data in the certain module is meaningless fully outside its own module because module has address space separately.Preferably, module is only exported one group of handle, triggers opening or closing of specific condition.Preferably, the good module of condition can failure-free operation, and the bad module of condition will be ended by exception, and these exceptions are directly produced by portable virtual microprocessor when violation operation.
Dependent claims limits each embodiment of the present invention.Referring now to the following drawings explanation the present invention and embodiment and advantage.
Brief Description Of Drawings
Fig. 1 is the graphic representation according to terminating machine of the present invention.
Fig. 2 is the graphic representation according to integrated circuit card of the present invention.
Fig. 3 is exploitation and the schematic flow diagram of carrying out the process of module of the present invention.
Fig. 4 is the graphic representation when carrying out on terminating machine according to portable virtual microprocessor of the present invention.
Fig. 5 is the graphic representation according to portable virtual microprocessor of the present invention.
Fig. 6 is the graphic representation that module is written into storer according to the present invention.
Fig. 7 is the graphic representation that obtains the method for accessing database record according to the present invention.
Fig. 8 is according to the graphic representation of plug of the present invention and socket program.
Fig. 9 is the process flow diagram of module loader of the present invention.
Figure 10 is the process flow diagram of module executive routine of the present invention.
Figure 11 is the process flow diagram that socket of the present invention inserts program.
Figure 12 is the process flow diagram according to card module loader of the present invention.
The present invention provides mark code and standard exception in appendix.
The description of example embodiment
Below with reference to certain figures and some embodiment the present invention is described, yet, the invention is not restricted to these embodiment.Accompanying drawing only be the diagram and unrestricted.The present invention will be described with reference to financial transaction, yet the invention is not restricted to this.Moreover, the present invention is described the main reference terminating machine, but also being included in, the present invention provides on any appropriate device according to portable virtual microprocessor of the present invention, for example, the combination of personal computer (PC), integrated circuit card (ICC) or ICC and interface is described in WO incorporated by reference here 94/10657.
The present invention's general chained technology notion behind be portable capability with transaction system in the combining of data and the security that guarantees working time, if compile time checking is successfully implemented to have nothing to do with the target that is provided by then guaranteeing working time.This notion can realize by following one or more features: utilize virtual machine as interpreter, the driver that in virtual machine, comprises an I/O device, so that application program has a common interface with the I/O device, therefore can take in the varying environment widely, comprise the indication of memory usage in the application program and according to this indication allocate memory, trivial solution removes the distribution of storer and and provides a kind of and be input to data in application program and/or the database and the safety method of output data from application program and/or database.
Fig. 1 is the graphic representation according to terminating machine 1 of the present invention.Usually, terminating machine 1 comprises CPU (central processing unit) (CPU) 2, and it is connected with I/O (I/O) device 6 with storer 4 through bidirectional communications bus 3.I/O device 6 can be the keyboard of input data and such as the display screen of display unit (as liquid crystal (LCD) or light emitting diode (LED) display), shows progress and/or the display message or the prompting of transaction.I/O device 6 can be card reader 7, can read ICC 5 when utilizing it in the receiving slit that ICC 5 is inserted reader 7.Actual terminating machine can alter a great deal, and for example, it can be point of sale (POS) terminating machine, can comprise from Intel 8051 to Pentium
TMProcessor.Moreover, terminating machine 1 needn't all place a position, the various piece of terminating machine is as card reader 7, can place the different location and be connected or interconnected for the part of LAN (Local Area Network) or by telecommunication network route by cable, wireless transmission or similar installation such as the I/O device of keyboard and display and processor.
Fig. 2 is the graphic representation according to ICC 5 of the present invention.Yet the invention is not restricted to this.ICC 5 comprises at least one I/O (I/O) port one 0 and some permanent storage devices, for example, by EEPROM (Electrically Erasable Programmable Read Only Memo) (EEPROM) 15 that is connected to I/O port one 0 through bus 17 or the nonvolatile memory that provides by the battery backup random-access memory (ram).I/O port one 0 can be used for communicating by letter with terminating machine 1 via card reader 7.Integrated circuit card is to insert one or more integrated circuit to carry out the card of memory function at least.Selectively, ICC 5 can be self-contained portable smart card and comprises the read/writable working storage, all necessary circuitry that for example provide volatile memory and central processing unit 12 and ICC 5 can be operated as microprocessor by RAM14, for example store the ROM (read-only memory) 13 of code, sequencer 16, be connected with card reader 7, receive voltage source V ss and VDD, processor 12 reset and clock CLK to this sequencer 16.According to the present invention, ICC 5 can be used as bank card, credit card, debt-credit card, electronic money, health card, SIM card etc.
The invention provides the trade managing system of a kind of integrated circuit control, attempt between ICC 5 and terminating machine 1 (is connected or be not connected), to conclude the business, conclude the business and form by carrying out a following order at least with central location:
1. set up the communication link of 1 of ICC 5 and terminating machine;
2. carry out compliance check to guarantee that ICC 5 and terminating machine 1 are the mechano-electronic compatibilities;
3. select a kind of application, comprise and select a computer program and limit the related data set of concluding the business with terminating machine 1 array mode with specific I CC 5;
4. executive utility;
5. Jiao Yi termination, it randomly comprises the communication link that interrupts 1 of ICC 5 and terminating machine, adopts the interpreter executive utility thus, or on ICC 5 or on terminating machine or on the two.Transaction is to be the exchange of data at least between two or more devices, and not specifying according to the present invention is the trade financing transaction.This system can learn from PCT/BE 95/00017.ICC 5 may only be the integrated circuit card of storer, does not promptly comprise processor 12, and ICC 5 carries out the transaction determined by terminating machine 1.On the other hand, ICC 5 can be self-contained portable smart card, and transaction can be by terminating machine 1 or by ICC 5 or by the two decision.According to the present invention, ICC 5 can comprise that strengthening terminating machine handles safe program code.Specifically, ICC 5 can be one or more maintenance cards, is used for the application program that is stored in terminating machine 5 is upgraded.
According to the present invention, running software randomly runs among the ICC 5 in terminating machine 1 and in the mode of " virtual machine ".Virtual machine of the present invention (VM) has directly utilized the desirable or virtual microprocessor with standard feature, defines the addressing of addressing mode, storehouse use, register use, address space, I/O device etc. with general fashion.Kernel program is written to each particular CPU type of using among terminating machine 1 or the ICC 5 and makes each processor 2,12 simulation VM.A particular aspects of the present invention, promptly the core of VM provides the driver of I/O device and all low layer CPU (central processing unit) logics and arithmetic function, flow control, and the time handles.The advantage that provides the I/O driver to have in VM is any program addressable standard virtual i/o device of writing for VM of the present invention.On concrete CPU, implement VM and then provide the condition of similar addressable virtual i/o device for being connected to actual I/O device on terminating machine 1 or the ICC 5.Very compact and (derivative types of INTEL 8051 families) the upward successful implementation on Siemens (Siemens) SLCO44CR chip of VM of the present invention, this chip is included on the ICC 5.Utilize highly standardizedly according to virtual machine of the present invention, can be used for having simplified program transferability, test and checking on diversified CPU (central processing unit) and the I/O type.According to the application, this VM is described as portable V M 20.Portable V M 20 comprises the driver of a virtual microprocessor and I/O device.VM20 provides the addressing of logical and arithmetic function and storer and at least one I/O device.According to portable V M 20 of the present invention by on different terminals machine 1 and card 5, providing the program transferability for the intermediate code of compiler terminating machine and/or card routine processes.This code is made up of the syllabified code that is called as mark.Terminating machine 1 or ICC 5 are by handling it to the explanation of this code or by the alternate manner that compiles such as native code.Virtual machine explains that mark is preferably by a kind of the finishing in three kinds of methods: promptly directly explain virtual machine instruction, virtual machine language is translated into the intermediate form that can directly carry out, perhaps it in time is compiled into the actual code of target CPU.The two kinds of methods in back have the condition height, cost is moderate but complicated.Mark provides with the set form, can regard the machine instruction set of VM 20 as.
Application program of the present invention is presented as module, and it can comprise the mark table that resembles executable code.According to the present invention, the module that two kinds of fundamental types are arranged: i.e. executable module (when module is written into the inlet point that Shi Youyi is directly called by VM 20) and routine library module (play a part to provide resource to other module by executable program is provided, exportable module can be by calling between the module be carried out respectively).
Mark collection of the present invention at first comprises the instruction set of VM 20, and it provides the desired and effective executive routine of general processing language required instruction, and next comprises provides the mark that is commonly referred to " operation system function ".At terminating machine 1 or block in 5, the function of operating system comprises the specific function of the present invention such as I/O driver (as display and keyboard), in terminating machine 1 and card 5, systemic-function also comprises by the management of the data object communication of I/O port and transmission and the access and the access control mechanism of intermodule.The mark that provides is preferably at the operating system of VM, the operation of storehouse, the processing of socket, as the exception logos, the control of socket itself comprises its access right, the access of I/O device, the time handles, language and Message Processing, the I/O reader is handled (as the processing of ICC, magnetic stripe card and modulator-demodular unit), the management of blacklist, security algorithm, the terminating machine service, database service, the processing of data object (as the processing of TLV), the processing of module and the processing of extendible storer.
The byte mark is called original token; These marks refer to such as the presumptive instruction of usually seeing in any instruction set.The multibyte mark is called the secondary mark, is used as the low service of usage frequency.The whole mark of VM 20 is provided in the application's the appendix.Anticipate as shown in Figure 3, application program is write on the main development system 70 of PC (PC), through debugging and the type approval such as suitable higher level lanquage such as Forth, C, Pascal.Then, on mark compiler 71, the former code compile of program become mark stream.Other data (respective straight patches into data) and title combination that this mark stream is can be respectively required with program, and be encapsulated in module and transmit in the file, set up a module 72, preferably adopt the standardized module data format of transfering.Can carry out mark if module contains, transmit with the executable program form.A special aspect of the present invention is that executable module not only comprises mark stream but also comprises that all respective straight patch into data (encapsulation).Another different special aspects of the present invention are to comprise that according to module of the present invention how many readable and writable memories VM 20 should distribute for the finger of the usefulness of module execution not.
By any appropriate device, as in ICC 5, module 72 being passed to terminating machine 1 by telecommunication network route.After module was unloaded, it was stored in one " the module storage vault ".When its function of needs, terminating machine 1 or block the 5 execution marks that adopt mark loader/interpreters 73 to come on the processing terminal machine CPU2.This process is formed by carrying out with each mark function associated.Mark loader/interpreter 72 is provided by VM 20 of the present invention.
Can be divided into the VM related software on the terminating machine 1 four big classes:
Core, it comprises in the facility relevant with terminating machine of I/O driver and this instructions for supporting the required all functions of VM 20.Other each softwares relevant with VM 20 are write with machine-independent mark.
The resident service of terminating machine (TRS) is a kind of module of the operation on VM 20 resemble the application manager at least, comprises the function of all non-application, supports the library of these functions, and module is written into function and limits the major loop of terminating machine condition.Special token (for example DIOCTL) allows defining with the terminating machine related aspect of I/O device directly inserted function.
Terminating machine selection service (TSS) comprises the library such as the application program of payment service function and these functions of support.TSS only comprises and the irrelevant mark of terminating machine, resides on the terminating machine 1.The TSS function will be selected and call to the TRS main program loop when particular transaction needs.
Card selection service (CSS) comprises the function of supporting the terminating machine transaction, such as the payment service function, as the part of TSS application.CSS resides on the ICC 5, is discharged into when needing on the terminating machine 1.For two ICC readers 8 terminating machine 1 of (for example, is used for arm's length transaction, and is used for safeguarding) is arranged, two incoherent CSS groups (CSS1 and CSS2) can be arranged.
All softwares on the terminating machine 1 of the present invention on core, are organized as one group of separate modules.The fundamental characteristics of module is that it is by mark compiler 71 and the definition that has encapsulated according to the individual packaging that is passed to targeted environment (as terminating machine 1 or ICC 5) and the set of program.Master terminal program (TRS), each application program, each routine library and each CSS unloading are the examples of module.Preferably, all modules are used standard format.Core will provide the VM 20 of various high-level service to be defined as to these modules in system of the present invention:
Universal cpu and instruction set are represented by mark;
The general purpose I of utility device/O supports, and provides general I/O to support the attachment device that can add;
Database management function;
The data object transfer management; Comprise format conversion and other functions;
The management of mark module is included in the storer to they safeguard (upgrading when needing) with when needed to their execution.In preferred embodiment of the present invention, the execution of module free all under VM 20 controls, carry out.Therefore, module had not obtained the control of primary processor, was passive for VM 20.VM 20 is preferably always with supervision pattern work, can only carry out the instruction that the mode with its mark collection defines.Module all cannot be according to user model work, and promptly hypothesis obtains the control of VM 20.Therefore, utilize in the execution of memory-mapped, can only set up a memory-mapped at VM 20, promptly should the supervision mapping.
Module cannot be held the operating system of VM 20 defineds.This is guaranteed, because module only comprises the mark that the VM mark is concentrated, these marks do not allow to visit the code space of storage core.If the mark VM 20 outer with being positioned at limiting set meets, abnormal signal dished out (ILLOP).
Anticipate as shown in Figure 4, terminating machine 1 comprises terminating machine specific operation system 8, is responsible for being written into the TRS module (hereinafter being described as loader) of VM 20.The code of VM 20 is stored in the read-only nonvolatile memory 11 of terminating machine.Before being written into TRS, the terminal volatile memory 19 of terminating machine 1 is empty, the data that do not have relevant transaction, terminal read/write nonvolatile memory 18 comprises the application program of being carried out by VM 20 with the form of module 72 in the module storage vault, the data of nonvolatile storage storehouse comprises user's particular data and such as the file store of plug file store, hereinafter will be described this.If VM 20 also implements on ICC 5, aforesaid same principle is applied to read-only nonvolatile memory 13, volatile memory 14 and the read/write nonvolatile memory 15 of ICC 5.
Because VM 20 is virtual machines, it resembles, and terminating machine or the ICC storer 11,18,19,13,14,15 to form of ownership carries out addressing the virtual memory, promptly as what see, in logical address space they all carried out addressing from VM 20.In the actual execution of VM 20, by memory-mapped or similar approach these logical address spaces are mapped in the actual address space in the internal memory of terminating machine 1 or ICC 5.Hereinafter, will be with reference to volatibility, read/write is non-volatile and read-only nonvolatile memory is the part of VM 20.Should be understood that this is meant logic addressable memory space, unless the executory actual address of VM 20 on terminating machine 1 or the ICC 5 is had special instruction.Volatile memory cannot stand program be written into or cut off the power supply and/or again the start.Preferably, for the safety cause, do not cut off the electricity supply to volatile memory.Nonvolatile memory stand program be written into or cut off the power supply and/or again the start.
The description of virtual machine
Fig. 5 illustrates the diagram of VM 20 of the present invention.VM 20 is stack machine and have data stack (being stored in the data stack register 32) preferably, points in the single-chip storer and presses down data stack 27.All operations carries out on this storehouse 27.Data stack 27 is used for the temporary transient result of prewired program parameter and evaluation of expression.Data are pressed into data stack 27 or eject from data stack.VM 20 also comprises return stack 28.VM 20 can use return stack 28 to comprise the return address, also can be used for temporary transient storage.This many stack architectures are learnt from Forth programming language (ANSI X3215-1994)., this structure is made some modifications at portable capability, code density, safety, compiling and use easily with other program languages.For example, comprise the local variable frame that use in the high level language (as the C language) can be provided.Therefore, not only can but also can compile according to mark compiler 71 of the present invention with Forth language with C language and other program languages.
According to the present invention, data and a return stack 27,28 relevant with VM 20 is only arranged.Data and return stack 27,28 are not set up for each processing threads.According to the present invention, application program can be only from return stack 28 retrievals, and they are placed directly in the present procedure, must remove in the data that place during the present procedure on the return stack 28 before quitting a program.Randomly, VM 20 comprises a security manager, in order to provide runtime integrity, each all movable and inspection is removed data on the monitoring return stack during present procedure.Except placing the direct data in order to temporary transient storage in there, VM 20 can keep the unusual execution state information on the return stack 28, local variable frame, circuit controls parameter and database context.
According to the present invention, VM 20 can comprise most storehouses.For example, not only to adopt return stack 28, but other storehouse 29 randomly is provided, as unusual storehouse and frame storehouse.Adopt the executing state during unusual storehouse is stored in abnormality processing.Adopt the frame storehouse to keep local variable information, and the activation record of similar C language.As mentioned above, unusual and frame storehouse 29 can be realized on return stack 28.
But data, return stack 27,28 and be not in the storage space of Any Application direct access such as other storehouses 29 of unusual storehouse.Data or return stack 27,28 can not directly addresss, and they can only be by the stack manipulation access.For the safety cause, how to store data during reality carried out and do not have any restriction, so despiteful people can't tentation data be how by physical holding of the stock.
At last, virtual i/o device 25 is connected with CPU22 by virtual bus system 21, and virtual bus system 21 also is connected with storehouse 27-29, ALU 23, register 30, code memory 26 and data space 24.
All program run of module must be observed following rule.
Program can not supposed to guarantee the data of above-mentioned any class are remained on the return stack 28, so, can only use obviously to be the search mechanism of given classification appointment, because security manager can be deleted any of these data.
The program that class data in these classifications is sent to VM 20 must be taked suitable action in the Cheng Qian excessively of withdrawing from the transmission data, recover the data storing of VM 20, otherwise VM 20 will remove the relevant portion of storage allocation.
Program must be supposed can not access with any data that are prepended on the return stack 28 by class data in these classifications being sent to VM 20 makes.
Program must suppose to make in these classifications that are sent to VM 20 that by code that carry out to give return stack 28 assignment class data can not access, when removing these values till because return stack is only by appointment mark program access.
According to the present invention, single address space 24 that can offer each module of the operating system of VM 20 definition.This address space 24 will be called " data space " 24 only for the access of data storing.
Data space 24 is divided into three logic areas and an optional logic area, and each logic area is adjacent respectively:
1. the initialization data space 41, it be included in the appointment of when compiling and when starting the VM core and the initial value of then when being written into the module that contains initialization data, setting;
2. non-initialization data space 42, it is included in variable and the status buffer that distributes during the program compilation.This data space 42 is initialized to zero by VM 20;
3. frame memory 46, and it is managed by the frame mark;
4. Ren Xuan extendible storer 45, the one or more impact dampers that dynamically distribute the term of execution that it being included in program.
Other has two data fields, and their right and wrong are directly addressable:
5. extended storage 43 mass storage typically is used to comprise data object and volatile data storehouse;
For the access of safe, the expansion that increases data and nonvolatile memory 43,44 only by the mark of " window " and selected data is provided with the impact damper form in the non-primary data space 42.Therefore, the programmer only can inquire record and can not know the definite position of access data.Preferably, without any file, do not allow the programmer to locate the tree construction of personal document or database yet.
In each data space 24 that module is used, storer is by relevant addressed and only distribution when moving.This meaning is that the address is only just meaningful in each module when insmoding.Owing to do not adopt absolute addressing, so module can not be obtained the access to another module data, unless security module access mechanism hereinafter described.
The language requirement that frame mechanism allows VM 20 to satisfy such as the C language is permitted definition local variable when operation.Frame remains on procedure parameter and " part " variable (interim data storage when discharging this frame, is carried out when finishing and will be automatically released in program usually) that transmits on the data stack 27.Frame is initial in a frame is automatically kept by VM 20 with end pointer.Frame pointer register 34 points to the logic base address of frame and the whole address of logic that postamble pointer 35 points to frame in the data space 24.Utilize frame access mark can from frame, take out parameter.
If module is carried out with single thread then is preferable, yet the invention is not restricted to this.This meaning is, if module invokes second module, second module stops, and removes the distribution of second all resources of module before VM 20 is back to first module and continues to handle.Fig. 6 illustrates the graphic representation by the seen logical storage of VM 20.1 place begins to be written into that readable/writeable memory first module is also called and the extendible buffer zone 45 of distribution portion in the address for sketch map as shown in Figure 6, first module (left side) that has initial memory 41, non-initial memory 42 and frame memory 46 and a mark code space 26.When second module (the right) by first module invokes (for example, input function fgh, but it is in the stem of module 1 input function in the mutual exclusion table), so from the address 2 beginnings distribute as required the data space 24 comprise initial memory 41 ', non-initial memory 42 ' and frame memory 46 ' '.The mark of module 2 is directly read from the module storage vault by VM 20, and this is the option that the present invention allows.If call from module 2, the extendible storer 45 ' of second module that VM 20 distributes in internal memory is higher than the extendible storer 45 ' of first module.When finishing second module, on address 4, remove the distribution (" bungee effect ") of all storeies.Divide timing preferably to delete all temporary transient data that store in releasing.If need, can call more extendible storer 45 so and be back to first module.If call second module once more, with the reference position of distributing to be different from the extendible storer 45 ' when calling for the first time.
Except that extendible memory management mark EXTEND, CEXTEND and RELEASE and abnormality processing mark THROW and QTHROW, require institute's markedness that extendible memory pointer is not had any clean influence.If mark is distributed to extendible storer 45, also must discharge it, comprise any effect that the unit is aimed at.Extendible storer 45 be distributed in the module adjacency preferably successively, yet need not to be adjacency at intermodule, unless utilize the intermodule of IMCALL or DOSOCKET mark to call with the maintenance adjacency.The automatic release of the extendible storer 45 of dynamic assignment when the execution of finishing module, will occur, limit the program error discharging the influence of storer fully.In addition, if THROW is unusual, can return to the condition of its control CATCH when unusual to the distribution of the extendible storer 45 of dynamic assignment.
User-variable is a variable of weighing size with the unit, and wherein VM 20 keeps the contextual information of CLIENT PROGRAM.VM 20 has allocated the reservoir of user-variable in advance.Can provide the limited number variable, for example, 16 variablees (being called 0 to 15).The VM 20 that supports multitask carries out and one group of user-variable is provided can for each task.
VM 20 provides single exception handling through mark CATCH, THROW and QTHROW.These marks are derived from the Lisp exception handling, come across among the ANS Forth as CATCH and THROW.The purpose of this mechanism is that unusual Local treatment is being provided under programmed control on the different levels of software.This notion promptly, program is carried out pointer to function and is sent to mark CATCH, it will be carried out this function and return a code, what (if any) unusually that occurs the term of execution of being illustrated in it.If THROW occurs in delivering to the function of CATCH for execution, the CATCH record information relevant with executive routine is enough recovered its current executing state and is answered so.This includes, but is not limited to data and the return stack degree of depth, frame pointer and extendible memory pointer in some cases.The information of the representative executing state of collecting is called " abnormal frame ", and abnormal frame is maintained on the unusual storehouse.According to CATCH, program can be checked any abnormality code that may return, and selected it is carried out local handle or with the processing of its THROW to higher one deck.VM 20 provides a default outermost layer, will catch unusual on it.This outermost layer will not be activated when having internal layer CATCH to set up.Any current terminal transaction of default exception handler aborted and attempt to be written into again the TRS module and reenter the TRS major loop.If this condition, VM 20 sends unusual-10 (the removing zero) of ANS Forth.VM 20 can send that ANS Forth supports other are generally unusual.
For treating apparatus and I/O (I/O) service, distribute a type of device (being used for) and a unique device numbering to the object code classification to each device (comprising that VM 20 is hidden in device specific function those devices afterwards to the lower level operation).The device numbering is arbitrarily; Yet, can be only with the reference number of single mark, so the most frequently used device is distributed in these numbers, as keyboard, ICC reader, magnetic stripe card reader, display, printer, electric power controller or vending machine as device numbering-1 to 15 (4).General I/O facility is to be provided by the function of handle assembly numbering as input parameter.
Preferably include at least three main Nonvolatile data storehouses according to terminating machine 1 of the present invention: specify the transaction record storehouse of using, the message database of one or more language and module database.VM 20 is the protected data storehouse as far as possible, because they are surrounded by specific information.Restriction is to the access of database.VM 20 provides a kind of mechanism (VM 20 is as " server ") of process database, the execution details of the hidden application software of this mechanism (application software is as " client ").Do not allow from running on the direct accessing database of module on the VM 20.The enforcement of service has following properties, will these features be described with reference to figure 7:
At any given time, the client has promptly visited current selected database (DBCURRENT) and has limited the current selected record number of sharing on the database (DBRECNUM) at all with the program of module operation.
In the information that transmits relevant each database between client and the server, server can be read and write by database parameter piece (DPB) 51.On the meaning that is in customer data space 24, the client " has " DPB 51; But, do not allow the client directly to visit it.But, only can adopt database service mark visit data.DPB 51 has a kind of normal structure, and it comprises at least one DPB chain, database pointer, type of database and record size indication and the next field that can utilize the record number.In DPB 51, must preset all information of specified database.Client software can not done any direct visit of following to DPB 51, must not be made in the module that is written into definition DPB 51 and directly remain on hypothesis among the DPB 51 for the execution value.Database parameter piece 51 is transferred into mark loader/interpreter with pointer (DPB chain) form of pointing to chained list in the module initialization data segments.This field must reset to the address in next DPB 51 initialization data in the table; If perhaps be that zero this DPB 51 is last or only DPB 51 in the table.For the compiling database that is present in client's initialization data space, the DB pointer must reset to " original " address in the initialization data.For the storage by the server controls database, field must be preset to zero.The DB type provides the database details with code form.Have three kinds of databases at least:
" volatibility " database need not to preserve its content between the module load or during 1 outage of the resident terminating machine of database.
" non-volatile " database need be preserved its content between the module load or during 1 outage of the resident terminating machine of database.If the module in definition Nonvolatile data storehouse is replaced, database disappears when old module is unloaded so.
" compiling database " is according to being structured in the adjacent country of initialization data according to fixed-length record by mark compiler 71.Can add or deletion record from the compiling database, can database not carried out initialization in working time, otherwise will support complete literacy.
For the compiling database, next operational record numeric field must be set one and add the last record number that distributes in the database.For other any databases, this field is set as zero.
The form address in the current record (record buffer 53) offered the client of each customer database by server.For some database manipulation, the client can be sent to server to the address of character string and key buffer 52.For by client's module each database of notification server, provide record buffer 53 by VM 20.This impact damper 53 is from aligned address.Record buffer 53 contexts relevant with certain database select the back maintenance can provide use till the client selects another record from this database at a record.Except these record buffer 53, compiling database and the parameter that on data stack 27, transmits by the particular data built-in function, shared other any data spaces 54 between client and server.Program not being recorded in the internal memory in the tentation data storehouse is an adjacency.
The process that is written into by the module that wherein defines DPB specifies database.When using by the resident end of service of terminal, when the data storing of distributing when the Servers-all that relates to these databases was released, the volatile data storehouse of being installed by application module need not be specified and is transparent to server by server.
When the module that limits the Nonvolatile data storehouse was replaced, server was deleted them.If module is written into when being replaced, for example in the situation of TRS module, the Nonvolatile data storehouse that server must removing module when module is unloaded.
When the action of being taked by VM 20 when module is written into specifies value and the database that database depends on DP type among the DPB 51 or DB pointer is volatibility or non-volatile.If database is non-volatile type, adopt DPB address and binding modules cognizance code (module I D) to discern any available data that belongs to database.If there is available data, next available record number returns to its value in the past.Otherwise server (VM 20) specifies new nonvolatile storage space and can utilize the record number to be set at zero the next one.In two kinds of situations, for the current record in the database provides an impact damper 53.If being zero-sum DP type, the DB pointer is not the compiling type, server specifies and maybe can utilize the required reservoir of database can supply to utilize so, reservoir all is initialized as zero, one impact damper 53 is provided for " current record " of database, and can utilizes record number (DBAVAIL) to be set at zero next.If the DB pointer is non-vanishing and the DP type is the compiling type, server is set up inner structure so, in order to being used in the client data structure that DB pointer place has transmitted original address, and can utilize record number (DBAVAIL) to be set at that next can utilize on the value that transmits in the record digital section at DPB 51 next.Relation and the current just record of that database in access contextual information piece 57 of module between server is kept address location in actual database record 55, the data base control block 56 and write down.
Now with reference to Fig. 6 security module handling procedure of the present invention is described.Figure 6 illustrates the zone of logic read/writable memory device.Can a dotted line be arranged by the memory area of left side module (first module) access.First module can not access memory area the boundary line of a solid line is arranged.Can illustrate with dot-and-dash line by a memory area with the upper module access.Module in VM 20 protected data storehouse DB1 and DB2 and database repository and the module storage vault is not so that they are by any module access.When first module is written into, but the non-initialization data in the storer 42 can not allow the outer any zone of this module by the module direct access by the first module access VM 20.Access to register, storehouse or frame memory 46 only can be undertaken by relevant mark.Database can only be through above-mentioned window writing routine access.Specifically, its program storage 26 at the first module inaccessible mark place is not visited any other module.This is crucial for protected storage with anti-virus.According to the present invention, memory allocation is given first module that limits and protect.This is to be limited by memory allocation according to the indication that is assigned with amount of memory that is included in the module.It is shielded, but because there are not other module access institute allocation space, provides other to be written into mechanism for module any program in addition.Because the preferred approach of operation module is single-threaded, any storer that is distributed in the extendible impact damper before other any module becomes effectively can be removed distribution.Removing the storer that distributes preferably deletes.
The mutual exclusion input table of first module be in its first module can not the stem of direct access in.VM 20 reads stem and calls second module described in the input table (the function fgh of second module).VM 20 is written into second module and gives non-initialization data 42 ', frame memory 46 ' and initialization data 41 ' storage allocation.First module can not access second module any part, vice versa.In the stem of second module, function fgh be placed in can the mutual exclusion table of output function in.This can make function fgh for other module utilizations.The function fgh that VM 20 searches in the second block code storage space 26 ' carries out mark stream and the corresponding data (TITTITT represents by character string) of directly inserting.In this example, this section code needs access to arrive database D B2.Database of the present invention " is had " by module, and promptly database has been done to specify to it when insmoding for the first time only by the module access.Carried out by VM 20 from the database access mark that code space 26 ' is read, it distributes non-initialization data space 42 ' the middle impact damper 53 ' of second module when being written into.Function fgh needs the 3rd record of access DB2.Then, VM 20 is sent to window 53 ' in second module to the record of institute's reference, exports the non-initialization space 42 of first module thus to.Utilize identical database window procedure, first module also can obtain a record from its own database D B1, and impact damper 53. first modules that are sent in the non-initialization data space 42 can be operated on the result of two programs now.
VM 20 preferably adopts Basic Encoding Rules (Basic Encoding Rules) or mark, length, value (shortening to TLV for the application BER-TLV) deal with data object, described in ISO/IEC 8825 (1990).The TLV data object is made up of two or three continuation fields: a tag field is stipulated its classification, type and number, the size of a length field specified data, if length is non-vanishing, a value field comprises data.Because the ICC response is limited to 255 bytes or littler in size usually, according to the present invention, there is maximum-norm in the TLV target.Tag field is preferably one or two bytes, and length field is one or two bytes preferably, so the maximum-norm of value field 252 bytes (so long field needs two length bytes, and is as described below) preferably.First byte of tag field is broken down into three fields.The classification of position 7 and 8 define objectives.Whether position 6 determined value fields comprise whether " original " data or it form " structure " target by other TLV code field.Structural object is also referred to as template.They can cause that its value field makes syntax parsing to the TLV sequence when meeting them.The number of position 1 to 5 define objective, if perhaps set all these positions, their indication additional marking bytes are followed.If also have another byte to follow, the additional marking byte is set its 8th.Adopt all positions, be up to two bytes and determine token name.Length field is made up of one to three successive byte (being generally two).If the position 8 of first byte is 0, then the size of 1 to 7 an indicated value field.The position 8 of first byte is 1, then the number of position 1 to 7 indication byte subsequently.The size and the highest byte of byte subsequently (if any) indicated value field occur at first.Value field can be made up of or with additional TLV code sequence " structure " " original " data.If the position 6 of first byte in the setting tag field, value field comprises additional TLV sequence so.Can adopt several different-formats that original object is encoded: leading portion be zero or back segment all be set at 1 binary-coded decimal nibble, binary number or byte sequence, the character string of letter/number or ASC II byte or non-limiting form.When adopting each form, can carry out different disposal to it.ICC 5 also can use data object table (DOL) to ask the value of assigned tags title.Card 5 transmits the data object table of being made up of mark and length word segment table, and terminating machine 1 returns corresponding value field, does not have and defines symbol.
Each TLV that adopts must be by terminating machine or application program definition, to set up its data type and title.Because terminating machine program and application program are developed respectively, VM 20 of the present invention uses link structure (balanced binary system tree) to allow from the quick interpolation of overall labeling namelist or removes the mark title.This need each TLV in the initialization data space 41 compiles array structure down in the TLV module in order to limit:
" link " provides the unit with " left side " (two bytes of high-order) and " right side " (two bytes of low order) component of link for the tree element.
" link a left side ", from the access parameter of this TLV to its mark numerically less than 16 bit strip symbol displacements of the TLV record accessing parameter of this record mark.Null value represents that this TLV and its mark numerically do not link less than this TLV of mark.
" link right " from the access parameter of this TLV to its mark numerically greater than 16 bit strip symbol displacements of the TLV record accessing parameter of this record mark.Null value represents that this TLV and its mark numerically do not link greater than this TLV of mark.
" mark ", its big end (big-endian) numerical value is the strings of double-byte characters of TLV mark.
" type ", the byte of regulation control information.
" reservation " must be initialized as zero byte by compiler 71.
" data ", the unit of maintenance VM customizing messages (comprising the length and the value field of visiting this TLV).This field must be initialized as zero by compiler 71.System also is necessary for each TLV and keeps a state byte.It can be the reserve bytes in the said structure.If distribute a value to TLV, the result will set the low-order bit of this byte in the sequence that adopts mark TLVPARSE or TLVSTORE to handle.The purpose of keeping institute's distribution state is that identification comprises the TLV value of valid data (it may be zero) and they are different from and never sets and so be invalid TLV value.The VM core is maintained to the integral body table that the TLV mark is managed in initialization data space 41 (comprise aforesaid their actual definition) by pointer gauge.When module was written into, its TLV definition was added in this table, as its initialized part; When module is unloaded, automatically from table, remove its TLV definition by VM 20.If module comprises the TLV definition that has existed, it is unusual to dish out.The address of above-mentioned " link " field is as " access parameter " of TLV reference and return.After VM 20 had specified the TLV definition, the programmer did not answer these fields of direct access, did not make the hypothesis of any relevant its content yet.
Reference to TLV definition in the source code is compiled as direct reference or numeric indicia value to the definition structure of above qualification.In some scale-of-two TLV definition, stipulate that each position or one group of position have certain sense.They are called as " TLV position ".Reference to the TLV position can be compiled as a literal that points to the position in the TLV value field.Position 0 is the first byte lowest order, and position 7 is most significant digits of same byte, and position 8 is second byte lowest orders, and the rest may be inferred.
Give the application program (see figure 7) data exposed of distributing to the TLV definition by the 252 byte temporary storage aeras of keeping by VM 20 with the form of database window.The allowance application program changes the content of this temporary storage aera.Be retained if change, address in the temporary storage aera and length must send back to the TLVSTORE mark.When then carrying out any TLV mark, it is invalid that address in the temporary storage aera and content may become.
As a part of inserting the safety management of card 5 in the reader 7, need check the card 5 of known missing or inefficacy.The list of this card 5 is called blacklist or calorie table.The management of blacklist or calorie table is managed distinctive one group of special function by big calorie table and is provided.Typical list table can comprise 10,000 primary account numbers (PAN) (each account number mostly is 10 bytes most) or 20 binary-coded decimals (BCD) numeral.The PAN project is with the storage of compression value (cn) form, and sexadecimal FH is filled on the right.Because PAN is at most 19 BCD numerals, the project in the table always will be filled at least one FH.When the calorie table was searched, the FH in the table entry was considered to asterisk wildcard or " not minding " numeral, and still, any FH that is used as input among the PAN is not an asterisk wildcard.Asterisk wildcard only appears at the right side of project.If have one with the identical table entry of a FH in the project, can think and in the calorie table, will find PAN.
Another of safety management partly is to provide cryptographic services to encryption and decoded data.Can adopt any suitable encryption method.Three kinds of cryptographic algorithm are provided for particularly VM 20: modulus sum of products modulus exponentiation (they are applied in the RSA Algorithm) and safe hash algorithm SHA-1, but the invention is not restricted to this.The modulus product carries out product to two not signed value x and y, utilizes modulus z to simplify this product here, and formula is:
Result=mod (x
*Y, z)
(x, y z) all have equal length to input value.They are shown by the byte character string list, can be any 8 multiple, comprise 1024.Its value must be by " big end " byte-orders.
Safe hash algorithm (SHA-1) algorithm is standardized as FIPS 180-1.SHA-1 adopts the input message of random length and produces the Hash Value of one 20 byte.The modulus exponentiation utilizes modulus z to simplify this product here not signed value x involution tape symbol power y not, and formula is:
Result=mod (x^y, z)
Input value x and modulus z are shown by the byte character string list, can be any multiple of 8, comprise 1024.Its value must be by " big end " byte-orders.
Service, so software, even the I/O device can change in time according to the market demand.When needs are done material alterations, can be by manually or through telecommunication network route the software in the terminating machine 1 being upgraded with remote control mode.Yet, for subscriber-related service, the dynamic and safe method that minority or specific user are upgraded the service that is provided by terminating machine 1 preferably is provided.Provide a kind of flexibility and secured fashion that constitutes the disparate modules of terminal program and application at line structure according to " plug and socket " of the present invention software service.As shown in Figure 8, in transaction system of the present invention, can define many programs (being called " socket " 60), (person of obtaining controls down and payment system is supervised down because he is in by the application programmer, therefore be safety) they can be inserted into and use 61, in 62, plaing during transaction processing increases the auxiliary seat support effect that strengthens code (being called " plug " 66).All auxiliary codes that are inserted in the socket 60 must be write in the mode of the mark collection of VM 20.Socket 60 preferably places existing terminating machine to use different solution spaces in 61,62, even in terminating machine program itself.They are practised and often are called built-in function, if the payment system precognition needs to change the built-in function mode of operation, even can appear in the built-in function.By VM 20 socket 60 is initialized as default condition.If terminal program is no longer taked further action, when socket 60 is performed, their default condition will be not as (promptly not having operation).
When the transaction termination, socket 60 returns to the default condition of its original application.According to the present invention, ICC 5 does not preferably comprise whole application and only comprises plug 66, uses because they need less storer to strengthen existing terminating machine.
Module can be specified socket 60 automatic reconfigurations when socket 60 is written into execution, and perhaps CLIENT PROGRAM can adopt the mode of sequencing when operation new procedures to be distributed to socket.As long as safety condition is permitted, distribute default condition can for the socket 60 in using, can insert socket again with new procedures by next module then, specific condition is provided.For fear of indefinite situation, if do not have data stack effect (hereinafter described socket is except zero) towards all programs of the particular outlet of using 60, this is best.This has guaranteed the program continuity, no matter carry out the program towards which version.The default action of all sockets 60 is inactive action at least before modification.
As the part of above-mentioned CSS, obtain taker and can allow transaction to strengthen by the code on the ICC 5.If they can utilize socket 60 to implement so.Library or executable module comprise the definition from the new socket 60 of the nearest plug 66 of ICC 5.In this case, module should define socket 60, uses the SETSOCKET mark to distribute default condition (being generally zero condition) to it then.If access control allows it, so, ICC 5 can download plug 66 after a while, comprises the mark that defines new condition, uses the SETSOCKE mark that it is stored in this same socket 60 then, replaces default condition.
Revise condition and be easily and flexibly, and revise the condition that help them can for the people of malice to offer an opportunity.If they can revise socket condition or card succeed the authentication be prepended in the program circuit, need SC for plug 66 so from ICC 5.For the sake of security, according to the present invention, terminating machine software can be specified the socket control program, and whether this programmed control can revise each socket 60.Therefore, for example, the execution of the code of downloading from ICC 5 can be by obtaining the strict control of taker, so that cannot insert sockets until till having carried out all proving programs on the card, as electronic signature from ICC 5.
According to the present invention, socket secure comprises that appointment will be applied to the socket control program that next attempts to insert socket 60 (SETPLUGCONTROL mark).No matter could revise socket 60 now,, must write program PLUGCONTROL and return for given socket number.When module is written into, then the socket table of module being handled, perhaps when inserting socket 60 in the sequencing mode, VM 20 at first carries out the PLUGCONTROL program that the user writes, to determine whether really can to insert socket 60, if can not, the existing condition of maintenance socket 60.
Be written into another module can be with selected PLUGCONTROL function as a parameter for wishing before carrying out to limit to the module of any socket 60 accesses, before being written into this module, can carry out by inserting the upward program that defines of SETPLUGCONTROL mark of socket (socket zero).When being written into when making its socket table processed for next module of its execution and other any module, the socket 60 of the PLUGCONTROL program refusal access that is limited by the user will keep its existing condition.This situation is not thought mistake.Wish that before carrying out further code the code that limits any socket 60 accesses can be with selected PLUGCONTROL program as parameter, the suitable some place in program circuit carries out by SETPLUGCONTROL mark define program.Can determine to the request able to programme of plug 60 whether this request is accepted or refused calling of SETSOCKET.Or be written into process or being restored to it by any socket 60 that its condition is dynamically revised in the sequencing order is written into the condition of up-to-date executable module when carrying out by module, carry out the part of the terminator in the program of mark (EXECUTEMDULE) definition as being encapsulated in module.
As an example that obtains the taker specific function, suppose that the basic transaction code comprises phrase 27 SOCKETLOYALTY, it the definition LOYALTY and provide after the execution.The transaction program code that obtains taker further defines code, only sets for this socket at publisher's this code when obtaining the identical and trading volume of taker and surpass a certain minimum flow and permits indicating.At trading time period an order of reading with arbitrary code is arranged from ICC 5.The part of ICC code can define the REWARD program, to the user fly the mile upgrade, attempt execution phrase PLUG REWARD INTO LOYALTY then.This phrase is connected the execution of REWARD with the execution of LOYALTY.Set according to above-mentioned logic if the LOYALTY socket is permitted sign, so SETSOCKET will take place; Otherwise LOYALTY will keep its default condition, as inoperation.Then, when application code is carried out its LOYALTY function after a while, only with the REWARD that will allow the ICC definition according to the rule that obtains the taker definition.
Usually, run on the socket 60 that the VM 20 on the terminating machine 1 has limited number, for example 64 sockets number 0 to 63.Adopt its most basic form, the framework terminal program almost completely is made up of socket 60 and the stream of the base program from the socket to the socket.Then, utilize transaction processing program, by inserting socket 60 in the application choice time or from terminating machine 1 or from other modules that ICC 5 is written into.The socket 60 that occurs in framing program before application choice distributes default empty condition by TRS.If given socket 60 utilizes program to insert by one with upper module, so, last operation can replace any operation early simply.
Being written into, handling and carry out of module
Can suppose for upward moving the code of writing: after the energising at VM 20 (comprising the resident service of terminal) by the mark module compiles, support the particular terminal machine kernel software of VM 20 to carry out the initialization of the particular terminal machine energising of any necessity, by hereinafter the module of describing being written into the main treatment loop that process has begun to carry out the resident service of terminal (TRS).If withdraw from the main treatment loop of TRS, control turns back to the particular terminal machine layer of software, is responsible for being written into TRS again and reentering its main loop.When withdrawing from TRS, just discharge all VM resources, but the exception of the data in the Nonvolatile data storehouse.The release of resource is when terminating machine cuts off the power supply, when TRS withdraws from or TRS takes place when being restarted by the operating system (if there is) of terminating machine.Because the main loop of TRS is up-to-date entering, if obtained the renewal version of TRS module, so, will discharge all TRS resources when TRS withdraws from, and comprises the data in its Nonvolatile data storehouse.
On terminating machine 1 or ICC 5 software of operation be by VM 20 with the format management of one or more modules, each module can comprise the information of following any kind of here:
The signifying word code
Initialization data
Non-initialization data distributes
Database definition
The TLV definition
Socket table
The relation of interdependence of module
Each module preferably is sent to terminating machine 1 with module data format of transfering (MDF).The nonvolatile storage storehouse that VM 20 safeguards in the read/write nonvolatile memory 18 that has been transmitted and be installed in the module on the terminating machine 1.Each module in the storage vault will be discerned by module identifier or module I D.After the registration, module information provides by the nonvolatile module database of being safeguarded by VM 20 and uses and be stored in the nonvolatile memory 18 in the module storage vault.According to the present invention, the module in the VM 20 protection storage vaults avoids being revised by other any module, because can do such visit without any mark.Moreover, when existence have the module of equal modules identifier can be when carrying out VM 20 redaction that can offer the cover half piece be placed in the storage vault.
In resume module in two stages of conceptive existence: at first, module " is written into ", the meaning is meant and can carries out access and to its data, database etc. to it, can specify, secondly, if module is an executable module, VM 20 begins its mark is handled from its entrance so.With reference to process flow diagram shown in Figure 9 executive routine will be described.
At first, in step 100, resource is indicated and preserves.Before module was carried out, VM 20 indicated its state and preserves required any resource, so that can recover this state later.State comprises:
Extendible memory pointer, frame pointer and postamble pointer the position.
The content of whole current socket table.
The TLV that registers in the TLV mark namelist.
For the startup of administration module and other internal datas of execution VM execution needs.
In step 102, be written into next module.The module I D of execution module is sent to " insmoding " subroutine, hereinafter will be described.Do not have mistake definite in the step 104 if module is written into, it can be carried out, and program line proceeds to step 108.If in step 104, define mistake, abandon the execution of module, release module is carried out required whole resources in step 105.This needs VM 20 to carry out following action:
Must discharge all volatile memory that insmod required and any module and the zero clearing that need be written into.This comprises (but being not limited thereto):
The initialization of all modules and the required space of non-initialization data.
The space that any inner TLV impact damper is required and the management data structures of these module definitions.
The space that any internal buffer is required and by the required management data structures of the database of these module definitions.
For mark is checked, the TLV namelist of being safeguarded by VM must recover its state immediately before module is carried out.
The content of the socket table of being safeguarded by VM must be recovered its state at once before module is carried out.
The content of frame pointer, postamble pointer and extendible memory pointer is recovered its value at once before module is carried out.
After module successfully was written into, determination module was executable module or library module in step 106.If the execution of module does not take place the latter, as described in the step 105, VM20 discharges all resources in step 110.If module is executable, determine the field of the entrance of designated module.
With the description required process that insmods, subroutine promptly " insmods " with reference to the process flow diagram shown in Figure 10.If detect mistake during module is written into, this causes " insmoding " subroutine to turn back to " vacation " at once.General mistake is meant the mistake such as " exceeding storer ",, when finding to repeat the TLV mark, does not have enough resources to give initialization data, non-initialization data here, and database or TLV provide the space.Initialization data must carry out preceding foundation to database, and so the TLV fragment is the part of initialization data fragment.In step 120, whether determination module is written in the storer.If be written into, be written into so no longer for the second time, " insmoding " be success at once, returns " very ".Then, in step 122, whether determination module is in storage vault.If not, can not be written into, so " vacation " returned in the failure of " insmoding " subroutine.In step 124, how many data bytes the non-initialization data district 41 of determination module needs and keeps aequum.Should all be set at zero in zone 41 by VM 20.Equally, in step 126, keep the aequum of the data byte of module initialization data field 42.Then, initialization data is copied in this zone.In step 18, by VM 20 TLV that limits in waiting to insmod is increased to TLV and checks in the employed inner namelist.The root directory of TLV data structure is to be stored.Then, in step 130, specify the database that limits in waiting to insmod by VM 20.Step 128 and 130 can be carried out by any order.In step 132, select load module when front module.In step 134,, be written into to recycle each module by the table of load module.If owing to any reason can not be written into load module, as what determine in step 136, the module of input is regarded as being written into and fails, because it can not visit the service of load module.In this case, " insmod " and return " vacation ".In step 138, determine whether other module input.If program is back to step 132.After step 138 is determined, the module of up-to-date input recursively is written into, when front module is distributed, is written into and clear specifically its resource in zero defect ground, so, in step 139, " insmod " insert its table in socket 60 in, return " very " then, representation module successfully is written into.VM 20 must ignore any socket zero of attempting to insert.If must insert socket zero, this can utilize the SETSOCKET mark to realize so.
With reference to Figure 11 the program of inserting socket 60 in step 140 will be described.In step 140, specify the default characteristic of each socket in insmoding.In step 141, determined whether plug.If no, execution module in step 149 so.If have, in step 142, select first plug.In step 143, determine whether to set the safety notice of associated socket.If no, in step 146, insert socket.If have, carry out the security function of this socket defined.If safety evaluation is sure, in step 146, insert socket.In step 148, determine whether plug is last plug.If not, select next plug to judge.If safety inspection is negated to determine in step 147 whether plug is last plug.If determine that in step 147 or step 148 plug is last plug, for all sockets that also do not insert with the default characteristic execution module, for the socket that has inserted to insert the characteristic execution module.Realized the improvements in security of characteristic in this way.
Processing for the module that is written into from ICC 5 by the LOADCARDMODULE mark must be different from for the processing that utilizes the EXECUTEMODULE mark module that storage vault is written into from terminating machine 1.Figure 12 illustrates the process flow diagram of LOADCARDMODULE.Before card module was carried out, VM 20 indicated its state and preserves required any resource in step 150, so that can be resumed after this state.State comprises:
The position of extendible memory pointer, frame pointer and postamble pointer.
The content of whole current socket table.
Be registered in the TLV in the TLV mark namelist.
VM carries out other internal datas with the startup of control card module that need.
Module is utilized in step 152 with reference to figure 9 explanation " insmoding " subroutines and is written into; Difference is that module is on ICC 5, rather than in storage vault, is not to be written into.
If determination module successfully is not written in step 154, all resources are returned to their state before carrying out the LOADCARDMODULE mark in step 155 so.This needs:
All volatile memory that insmod required, any module and the zero clearing that must release need be written into.This will comprise (but being not limited thereto):
The initialization of all modules and the required space of non-initialization data.
Space that any inner TLV impact damper is required and the management data structures that limits by these modules.
The space that any internal buffer is required and limit the required management data structures of database by these modules.
The TLV namelist of being safeguarded by VM of checking in order to mark must return to the preceding state of module execution immediately.
The content of the socket table of being safeguarded by VM must return to the state before module is carried out at once.
Their value before the content of frame pointer, postamble pointer and extendible memory pointer is resumed at once and carries out to module.
If card module successfully is written into, the state of being preserved in the step 150 of " indicating and preserve resource " is abandoned in step 156 simply.Therefore, card module is transplanted on the operational system.In order to become usefulness, card module must insert socket, otherwise any code that occurs in can't the execute card module.Next, whether determination module is executable module in step 158, if, according to step 106 among Fig. 9 to the described execution of step 108.
Above-mentioned specific embodiment of the present invention is only attempted to describe, and can make many other improvement and variation according to principle of the present invention.All these embodiment and improvement thereof and variation are considered to be in the scope of the invention defined in following claims.
Appendix
1. mark definition
1.1 general introduction
EPI code mark is the instruction set with two storehouse virtual machines of additional frame pointer.Mark can also be treated to a kind of intermediate language of compiler.In fact some enforcement of program translation device can be compiled as machine code to EPI code mark.
EPI code mark is the byte mark, permits having 256 marks at most.Byte prefix mark is allowed the scope of mark is extended to theoretical maximum, mostly is 65536 marks most, and prefix is thought the qualification page or leaf of per 256 marks.In fact, define narrow prefix mark.The value representation of each mark is the hexadecimal code of 2 numerals in sexadecimal, has its corresponding title.
Do not have the mark (byte mark) of prefix to be called as original token, and the mark (two byte marks) that has a prefix is called as the secondary mark.
The execution of undefined any original token or secondary mark will cause ILLOP unusual in the following table.
1.1.1 the Forth function of EPI code mark
This section provides the letter index table as the Forth word of EPI code mark.Each row from left to right comprises:
Define name is with capitalization, single space bold-type letter;
Natural language pronunciation if not English;
Applicable certain indicators:
A ANS Forth word (comprising all optional word collection)
The instruction of C compiler; In definition, must use.
The general Forth word of G (commonly used, for example Forth pays close attention to the group, yet not in ANS Forth).
H master's (compiler) word, it can maybe cannot contribute mark to target.
The EPI code mark of equivalence
| Word | Pronunciation | Code | EPI code mark |
| ?- | Subtract | A | ?SUB |
| ?! | Store | A | ?STORE |
| ?# | Numeric character | A | ?NMBR |
| ?#> | Numeric character greater than | A | ?NMBRGT |
| ????#S | Numeric character S | ????A | ????NMBRS |
| ????* | Asterisk | ????A | ????MUL |
| ????/ | Oblique line | ????A | ????DIV |
| ????: | Colon | ????A,H | ????PROC |
| ????; | Branch | ????A,C,H | ????ENDPROC |
| ?????DO | Question mark do | ????A,C,H | ????RQDO<+addr> |
| ?????DUP | Question mark dupe | ????A | ????QDUP |
| ?????THROW | ????G | ????QTHROW | |
| ????@ | Take out | ????A | ????FETCH |
| ????[‘] | Square bracket-left-falling stroke | ????A,C,H | ????LITC<+addr> |
| ????[char] | Square bracket-character | ????A,C,H | ????PLIT<n> |
| ????+ | Add | ????A | ????ADD |
| ????+! | Add-store | ????A | ????INCR |
| ????+LOOP | Add-loop | ????A,C | ????RPLUSLOOP<+a ddr> |
| ????< | Less than | ????A | ????CMPLT |
| ????<# | Less than-numeral-symbol | ????A | ????LTNMBR |
| ????<> | Be not equal to | ????A | ????CMPNE |
| ????= | Equal | ????A | ????CMPEQ |
| ????> | Greater than | ????A | ????CMPGT |
| ????>BODY | To-style | ????A,H | ????WLIT<+addr> |
| ????>NUMBER | To-numeral | ????A | ????TONUMBER |
| ????>R | To-r | ????A,C | ????TOR |
| ????0< | Zero-less than | ????A | ????SETLT |
| ????0<> | Zero-be not equal to | ????A | ????SETNE |
| ????0= | Zero-equal | ????A | ????SETEQ |
| ????0> | Zero-greater than | ????A | ????SETGT |
| ????1- | 1-subtracts | ????A | ????SSUBLIT?1 |
| ????1+ | 1-adds | ????A | ????SADDLIT?1 |
| ????2! | 2-stores | ????A | ????VSTORE |
| ????2 * | The 2-asterisk | ????A | ????SHL |
| ????2/ | The 2-oblique line | ????A | ????SHR |
| ????2@ | 2-takes out | ????A | ????VFETCH |
| ????2>R | 2-is to-r | ????A,C | ????TWOTOR |
| ????2DROP | The 2-landing | ????A | ????TWODROP |
| ????2DUP | 2-duplicates | ????A | ????TWODUP |
| ????2OVER | 2-surpasses | ????A | ????TWOOVER |
| ????2R@ | 2-r-takes out | ????A,C | ????TWORFETCH |
| ????2R> | 2-r-certainly | ????A,C | ????TWORFROM |
| ????2ROT | The 2-routine | ????A | ????TWOROT |
| ????2SWAP | The 2-exchange | ????A | ????TWOSWAP |
| ????2VARIABLE | The 2-variable | ????A,H | ????LITU<+addr> |
| ????ABS | ????abs | ????A | ????ABS |
| ????AGAIN | ????A,C,H | ????BRA<+addr> | |
| ????AND | ????A | ????AND | |
| ????BASE | ????A | ????USERVAR?1 | |
| ????BUFFER: | Impact damper-colon | ????G,H | ????LITU<+addr> |
| ????C! | C-stores | ????A | ????BSTORE |
| ????C@ | C-takes out | ????A | ????BFETCHU |
| ????C+! | C-adds-stores | ????G | ????BINCR |
| ????CATCH | ????A | ????CATCH | |
| ????CELL | ????G | ????FOUR | |
| ????CELL+ | Unit-Jia | ????A | ????SADDLIT?4 |
| ????CELLS | ????A | ????SMULLIT?4 | |
| ????char | Character | ????A | ????PLIT<n> |
| ????char+ | Character-Jia | ????A | ????SADDLIT?1 |
| ????charS | Character | ????A | ????NOOP |
| ????COMPARE | ????A | ????BCMP | |
| ????CONSTANT | ????A,H | ????LIT<X> | |
| ????D+ | D-adds | ????A | ????VADD |
| ????DEPTH | ????A | ????DEPTH | |
| ????DNEGATE | D-is negative | ????A | ????VNEGATE |
| ????DO | ????A,C,H | ????RDO | |
| ????DROP | ????A | ????DROP | |
| ????DUP | ????A | ????DUP | |
| ????ELSE | ????A,C,H | ????BRA<+addr> | |
| ????ENDCASE | End-situation | ????A,C,H | ????DROP |
| ????ENDOF | Finish | ????A,C,H | ????BRA<+addr> |
| ????EXECUTE | ????A | ????ICALL | |
| ????EXIT | ????A,C | ????RETURN | |
| ????FILL | ????A | ????BFILL | |
| ????GET_MSECS | ????G | ????GETMS | |
| ????HOLD | ????A | ????HOLD | |
| ????I | ????A,C | ????RI | |
| ????IF | ????A,C,H | ????BZ<+addr> | |
| ????INVERT | ????A | ????INVERT | |
| ????J | ????A,C | ????RJ | |
| ????LEAVE | ????A,C | ????RLEAVE <+addr> | |
| ????LITERAL | ????A,C,H | ????LIT<n> | |
| ????LOCALS | Part-lines | ????A,C,H | ????<method><addr> |
| ????LOOP | ????A,C,H | ????RLOOP <+addr> | |
| ????LSHIFT | L-moves | ????A | ????SHLN |
| ????M * | The m-asterisk | ????A | ????MMUL |
| ????M/MOD | M-oblique line-modulus | ????G | ????MSLMOD |
| ????MAX | ????A | ????MAX | |
| ????MIN | ????A | ????MIN | |
| ????MOD | ????A | ????MOD | |
| ????MOVE | ????A | ????BMOVE | |
| ????MS | ????A | ????MS | |
| ????NEGATE | ????A | ????NEGATE | |
| ????NIP | ????A | ????NIP | |
| ????NOT | ????SETEQ | ||
| ????OF | ????A,C,H | ????ROF<+addr> | |
| ????OR | ????A | ????OR | |
| ????OVER | ????A | ????OVER | |
| ????PICK | ????A | ????PICK | |
| ????PLUG | ????H | ????LITC<+addr> | |
| ????RECURSE | ????A,H | ????CALL | |
| ????REPEAT | ????A,C,H | ????BRA<+addr> | |
| ????-ROT | Subtract-routine | ????G | ????ROTB |
| ????R@ | R-takes out | ????A,C | ????RFETCH |
| ????R> | R-from | ????A,C | ????RFROM |
| ????ROT | ????A | ????ROT | |
| ????RSHIFT | R-moves | ????A | ????SHRNU |
| ????SIGN | ????A | ????SIGN | |
| ????SOCKET | ????H | ????DOSOCKET <+addr> | |
| ????SWAP | ????A | ????SWAP | |
| ????THROW | ????A | ????THROW | |
| ????TIME&DATE | Time and date | ????A | ????GETTIME |
| ????-TRAILING | Subtract-tail | ????A | ????MINUSTRAILIN G |
| ????TUCK | ????A | ????TUCK |
| ????U< | U-less than | ????A | ????CMPLTU |
| ????U<= | U-less than-or-equal | ????G | ????CMPLEU |
| ????U> | U-greater than | ????A | ????CMPGTU |
| ????U>= | U-greater than-or-equal | ????G | ????CMPGEU |
| ????UM * | The u-m-asterisk | ????A | ????MMULU |
| ????UM/MOD | U-m-oblique line-modulus | ????A | ????MSIMODU |
| ????UMOD | The u-modulus | ????G | ????MODU |
| ????UNTIL | ????A,C,H | ????BZ<+addr> | |
| ????USER | ????G | ????USERVAR<n> | |
| ????VALUE | ????A,H | ????LITD<+addr> ????<method> | |
| ????VARIABLE | ????A,H | ????LITU<n> | |
| ????WHILE | ????A,C,H | ????BZ<+addr> | |
| ????WITHIN | ????A | ????WITHIN | |
| ????XOR | ????A | ????XOR |
1.2 agreement
1.2.1 digital format
Numeral greater than a byte sends with " big end " two's complement form in the mark program, and highest byte at first.In the EPI program in machine code, numeral always should be by the operational character access of correct format, to allow that program is to be suitable for most the form store digital of used structure.
Keep a plurality of precise information types on storehouse, the unit of most significant digit is topmost.In storer, keep these data types, the unit of most significant digit is positioned on the unit of lowest address in the multiple-unit type.
1.2.2 control structure skew
Control structure is by control mark (BRA, RLOOP etc.), is then formed by signed nybble, two bytes or byte skew.After having taken out skew, following the skew behind the control mark to be increased on the mark pointer (TP).Therefore, if branch's mark at addr, destination address is addr+2+offset (for 1 byte offset (SBRA)), addr+3+offset (for 2 byte offset (BRA)) and addr+5+offset (for 4 byte offset (EBRA)).
The mark of getting the nybble skew only can use for the particular terminal machine code that the virtual machine of supporting 32 bit linear address code spaces is implemented.
1.2.3 address
User-defined program is limited by its address in the EPI program in machine code.If mark is translated or for the compiling of large-scale processor is a native code, so, the mark space address will not correspond to the actual address of code.
1.3 data type
Most of mark is operated quantity, and by mark established data size and tape symbol or not tape symbol explanation, still, the instruction of reference-to storage can access the replacement of prefix mark established data type in the frame storage.One group of syllabified code shown in the table 1 is for such prefix mark keeps, still, and current SBYTE and the UBYTE of only adopting.
The operator of utilizing the byte operator or having an increment prefix is taken out from storer need be less than the data type of a unit (1 byte).If implicit or specify signed data type, so, data can be with sign extended to cell width.If the implicit or not signed data type of appointment, so, data are zero the expansion.Table 1 data type prefix
| Prefix | Abbreviation | Explanation | Size |
| ????SBYTE | ????SB | The | 1 byte |
| ????UBYTE | ????UB | Tape symbol byte not | 1 byte |
| ????SLONG | ????SL | Tape symbol is long | 4 bytes |
| ????ULONG | ????UL | Tape symbol is not long | 4 bytes |
| ????SVLONG | ????SV | The tape symbol overlength | 8 bytes |
| ????UVLONG | ????UV | Tape symbol overlength not | 8 bytes |
1.4 arithmetic
Overflow the addition of the specified size of return results and subtraction with return results modulus (open ended the most very much not signed value in this size)+1.
Its purpose reservoir will be stored after will being punctured into the purpose storage width to value less than the store operation of delivery value size.
Divide operations is a symmetry; Promptly regardless of symbol, always round off towards zero.
1.5 original token
For convenience's sake, mark is divided into several logical groups, below will be shown in the different chapters and sections.The value of institute's markedness is a sexadecimal.
Utilize the abbreviation that provides in the table 1 to list the data type prefix that can be applicable to mark significantly, its prefix adds that any original token in prefix table is not invalid, and the execution of this mark will cause unusual being dished out of ILLOP.The default type of mark is an italics, always at first lists.The default data type prefix is a redundance character, as mentioned above, is invalid if be used to the mark prefixing.
1.5.1 operation set
00?NOOP
(-)
Do not take action
04?BFETCHS
(addr-num)
Take out octet from given address, symbol extends it.
08?LIT
(-X)
Return to follow and directly inserting the unit of (in-line) back as data.
09?LITC
(-addr)
Return to follow and directly inserting the unit of back as literal, literal is the address in the code image.The value of literal can place this code image again by the program loader.
0A?LITD
(-addr)
Return to follow and directly inserting the unit of back as literal, literal is the address in the initialization data space.The value of literal can place the code image again by the program loader.
0B?LITU
(-addr)
Return to follow and directly inserting the unit of back as literal, literal is the address in the non-initialization data space.The value of literal can place the code image again by the program loader.
0C?PLIT
(-u)
Return the byte of following after directly inserting.Byte is added zero and is extended to 32.
0D?NLIT
(-num)
Return the byte of following after directly inserting, added zero and extend to 32, get negative then.
0E?HLIT
(-M)
10?HLITC
(-addr)
Return following not tape symbol 2 byte values after directly inserting to be added on the plot of code image and the address that produces.Value is extended to 32 by zero.
11?SLITD
(-a-addr)
Return following the address unsigned word that is interpreted as just being offset in the unit after directly inserting to save on the base address that is added to initialization data and the address that produces.Byte is extended to 32 and be multiplied by 4 skews that obtain byte by zero.
12?HLITD
(-addr)
Return following 2 byte values after directly inserting to be added on the base address of initialization data and the address that produces.Value is by sign extended to 32.
13?SLITU
(-addr)
Return not tape symbol 2 byte values of following the address that is interpreted as just being offset in the unit after directly inserting are added on the base address of non-initialization data and the address that produces.Byte is extended to 32 and be multiplied by 4 skews that obtain byte by zero.
14??????HLITU
(-addr)
15?ADDLIT
(x
1-x
2)
Data in the unit of following after directly inserting are added to x
1, obtain x
2
16?SADDLIT
(x
1-x
2)
Being added to x from directly insertion value of signed 1 byte
1, obtain x
2
19?SUBLIT
(x
1-x
2)
From x
1In deduct data in the unit of following after directly inserting, obtain x
2
1A?SSUBLIT
(x1-x2-t)
From x
1In deduct directly insertion value of signed 1 byte, obtain x
2
1C?VSUBLIT
(d-d-lit)
From even numbers word d, deduct directly insertion value of signed 8 bytes.
1D?SMULLIT
(num-num*lit)
Num multiply by the signed 1 byte literal after the direct insertion.
1E?SDIVLIT
(num-num/lit)
Num is divided by the signed 1 byte literal after directly inserting.
21?DIVU
(u1u-u3)
u
1Divided by u
2(not tape symbol) obtains u
3
3A?SHRU
(u-u>>1)
A zero-bit is inserted in one of u logical shift to the right.The N.B.SETxx operator is carried out and zero comparison, sets sign according to comparative result.42 SETGE (num-flag) are if num 〉=0 (tape symbol) returns " very " 45 SETLE (num-flag) num≤0 (tape symbol), return " very " 48 CMPGEU (u1u2-flag) more not signed value u1 and u2, if u1 〉=u2, return " very " 4C CMPGE (num1 num2-flag) relatively signed value num1 and num2, if num1 〉=num2, return " very " 4F CMPLE (num1 num2-flag) relatively signed value num1 and num2, if num1≤num2 returns " very " following mark the access 50 that frame is stored is provided ... 53 PFRFETCH2 ... PFRFETCH5
The short format of (-num) is equivalent to SFRFETCH n (q.v.), and n is 2 here ... 5.Possible data type replacement value comprises: SL, SB, UB.54…5F?TFRFETCH12…TFRFETCH1
The short format of (-num) is equivalent to SFRFETCH n (q.v.), and n is-12 here ... ,-1.Possible data type replacement value comprises: SL, SB, UB.60…63?PFRSTORE2…PFBSTORE5
(num-) short format is equivalent to SFRSTORE n (q.v.), and n is 2 here ... 5.Possible data type replacement value comprises: SL, SB.64…6F?TFRSTORF12…TFRSTORE1
(num-)
Short format is equivalent to SFRSTORE n (q.v.), and n is-12 here ... ,-1.
Possible data type replacement value comprises: SL, SB.
70?SFRFETCH
(-num)
From frame pointer at signed direct insertion 1 byte offset taking-up value (defaulting to the unit) num.Skew is interpreted as the unit index (soon it multiply by 4 and gets byte addressing skew) of default data type and the byte index of byte-sized data replacement value.Attention: SFRFETCH 0 and SFRFETCH 1 turn back to calling program with frame interior management data (without any meaning), so do the effective reference that does not constitute in the frame.Therefore, parameter begins to begin at SFRFETCH-1 with temporary variable at SFRFETCH2, because the frame storehouse in the storer increases downwards.Possible data type replacement value comprises: SL, SB, UB.
71?SFRSTORE
(num-)
From value (by default, the unit) num of frame pointer in signed direct insertion 1 byte offset storage independent variable.Skew provides as direct insertion value, this value be treated to the default data type the unit index (be about to its multiply by 4 byte addressing skew) with as the byte index of byte-sized data replacement value.More detailed details is seen SFRFETCH.
Possible data type replacement value comprises: SL, SB.
72?FRFETCH
(-num)
Tape symbol skew taking-up value rum from frame pointer.Skew provides by directly insertion value of 2 bytes.More detailed details is seen SFRFETCH.
Possible data type replacement value comprises: SL, SB, UB.
73?FRSTORE
(num-)
Value num from the tape symbol skew storage independent variable of frame pointer.Skew provides by directly insertion value of 2 bytes.Details is seen SFRSTORE.
Possible data type replacement value comprises: SL, SB.
74?SFRADDR
(-addr)
Turn back to address in the frame from the tape symbol skew of frame pointer.Skew provides by directly insertion value of 1 byte, and it be multiply by 4 byte offset that obtain the default data type, directly is used as the byte index of byte-sized data replacement value.
Possible data type replacement value comprises: SL, SB.
75?FRADDR
(-addr)
Turn back to address in the frame from the tape symbol unit skew of frame pointer.Skew provides by directly insertion value of 2 bytes, and it be multiply by 4 byte offset that obtain the default data type, directly is used as the byte index of byte-sized data replacement value.
For the mark of providing support for Forth standard digital translation function, the NMBR pronunciation in the mark title is " numeral ".Mark LTNMBR, NMBRS and TONUMBER adopt the number base of user-variable BASE as conversion.
8C?UNDER
(x1x2-x1x1x2)
On storehouse, duplicate second.
9C?ZERO
(-O)
The value of staying 0 on storehouse.
9D?ONE
(-1)
The value of staying 1 on storehouse.
9E?MINUSONE
(-1)
Value of staying on storehouse-1.
A0?INDEX
(addr
1?num-addr
2)
Num be multiply by 4 and add addr
1, obtain addr
2
A2?EDOCREATE
(-a-addr)
Turn back to the address in the data space, its skew is carried out subroutine and is returned following immediately behind this mark directly inserting in the unit.By calling the process corresponding to it, this mark is used to the recognition data district, permits the data form of establishment and location independent.
A3?EDOCLASS
(-a-addr)
Be branched off into the code space address, its skew is maintained in the direct-insert subsequently unit, after being pressed on the data stack, by the not tape symbol skew (promptly after the code offset) of directly inserting subsequently in the next unit is increased to the address that produces on the base address in initialization data space.This mark is used to the recognizer data structure in memory and to the conversion and control of the subroutine of its processing, provides the basis of simple classification mechanism.
A4?DOCREATE
(-a-addr)
Turn back to the address in the data space, its skew is carried out subroutine and is returned following immediately behind this mark directly inserting in 2 byte values.By calling the program corresponding to it, this mark is used to the recognition data district, permits the data form of establishment and location independent.
A5?DOCLASS
(-a-addr)
Be branched off into the code space address, its skew is maintained in the direct-insert subsequently unit, after being pressed on the data stack, by the not tape symbol skew (promptly after the code offset) of directly inserting subsequently in next 2 byte is increased to the address that produces on the base address in initialization data space.This mark is used to the recognizer data structure in memory and to the conversion and control of the subroutine of its processing, provides the basis of simple classification mechanism.
A6?ECALL
(-)
Before directly inserting the unit, utilize this unit as the tape symbol byte offset that enters in the code space, call this process.
A7?SCALL
(-)
Before directly inserting 1 byte, utilize this byte as the tape symbol byte offset that enters in the code space, call this process.
A8?CALL
(-)
Before directly inserting 2 byte offset, utilize this value as the tape symbol byte offset that enters in the code space, call this process.
AB?SMAKEFRAME
(x
params…x1-)
Before two not signed 1 byte literal, at first comprise params, the unit number of forming process parameter, next comprises temps, the unit number of temporary variable.Distribute the params+temps+2 unit, the present frame pointer is set at points to new frame then.This mark allows procedure parameter and temporary variable by FRFETCH and FRSTORE visit.
Permit virtual machine and on return stack, build frame, so the use of frame is subjected to being applied to usually the rule limits of return stack purposes.By SMAKEFRAME procedure parameter is transferred to the frame from data stack, so that they can be by FRFETCH and FRSTORE visit.
If can not build the frame of required size, will abandon FRAME_STACK_ERROR.
AC?MAKEFRAME
(x
params…x1…)
At first comprise params at two not before the tape symbol 2 byte literal, the unit number of forming process parameter, next comprises temps, the unit number of temporary variable.More detailed situation is seen SMAKEFRAME.
AD?RELFRAME
(-)
Make frame pointer return to its value and release present frame in the past.
1.5.2 branch support
These marks comprise stack machine branch commonly used operator, add Forth word DO? the working time of DO LOOP+LOOPLEAVE I and J.
AF?EBRA
(-)
Total branch.Nybble directly inserts skew.
B0?EBZ
(num-)
If num=0 then branch.Nybble directly inserts skew.
B1?EBNZ
(num-)
If num ≠ 0 then branch.Nybble directly inserts skew.
B2?SBRA
(-)
Short branch.Skew is directly inserted in the tape symbol position.
B3?SBZ
(num-)
If num=0 then short branch.The direct-insert skew of tape symbol byte.
B4?SBNZ
(num-)
If S were num ≠ 0 then short branch.The tape symbol byte is directly inserted skew.
B5?BRA
(-)
Unconditional branch.Tape symbol 2 bytes are directly inserted skew.
B7?BNZ
(num-)
If num ≠ 0 then branch.The direct-insert skew of tape symbol 2 bytes.
1.5.3 data type and code page replacement value
This group allows to break through the restriction of 8 marks.Attention: their storehouse action depends on following mark.Paired mark is called the secondary mark.
The expansion mark of data type occupies mark C0 to CF.Obsolete mark is retained in this scope, for using when the needs additional data type prefix future.
C1?SBYTE
(-)
The tape symbol byte.
C2?UBYTE
(-)
Tape symbol byte not.
C5?SLONG
(-)
The tape symbol long form, 32.
C6?ULONG
(-)
Tape symbol long form not, 32.
1.5.4 socket is handled mark
D2?DOSOCKET
(-)
Directly inserting byte (0 ... 63) preceding, it specifies required function digit.Stack function is to be limited by the function that is attached on the socket.
D3?IDOSOCKET
(u-)
Execution is specified its socket number (0 by u ... 63) socket function.The stack function of lower level is to be limited by the function that is attached on the socket.If u is greater than 63, unusual 24 (the invalid numerical value independents variable) of the ANS Forth that will dish out.
1.5.5 control collection
E6?IMCALL
(-)
Carry out function from module, its module number (0-255) provides in direct-insert next byte, and its follow-me function number (0-255) is providing in the direct-insert byte subsequently.Stack function is decided on the function that is called.
E7?CLASSPROC
(-)
During being written into, CLASSPROC indicates the inlet of handling code to grade.Be used for compiling and assist and can be used as NOOP enforcement.
F9?SYSFUNC
(-)
Page or leaf expansion mark is treated to first byte of secondary mark.Call by the program of directly inserting the byte appointment subsequently.The secondary mark collection of supporting is defined in the 1.7th joint.The storehouse effect is by specifying routine to limit.
1.6 socket
Preceding 8 Secondary socket marks keep to the socket management function, will describe defined management function below.All the other sockets (D2 08 to D2 3F) supply is with using.
F9?91?SETSOCKET
(xpu-flag)
Set to carry out the handle of pointer xp to function of socket u, this follow-up execution that will cause that xp passes through DOSOCKET<u〉is carried out.Before set carrying out pointer, the program that operation is installed by SETPLUGCONTROL is so that determine whether can be with should new xp insertion socket." sign " is the value of being returned by this program.To only set pointer if " sign " is " vacation " SETSOCKET, otherwise just abandon pointer.If u is greater than 63, unusual-24 (the invalid numerical value independents variable) of will dishing out.
D2?00?SETPLUGCONTROL
(xp-)
The execution pointer xp of process that stored user is write, this process will be by SETSOCKET operation so that determine whether can plugs and sockets.
The action of this process (being referred to as PLUGCONTROL here for the purpose of illustration) is necessary for:
(u-flag)
Here u is the socket number, returns " vacation " if can insert socket " sign ", if can not insert then return " very ".In addition, the u value exceeds beyond the 0-63 scope, the inevitable exception throw-24 (invalid numerical value independent variable) of PLUGCONTROL process.
The default action of PLUGCONTROL is to be installed by VM, returns " vacation " for all u values, thereby can insert all sockets.
D2?03?OSCALLBACK
(dev?fn?num
1num
2-ior)
Call the operating system program that has parameter: for having the array of being included in num
2In num
1The function fn of 32 parameters, dev selects required I/O device, returns ior, and it is relevant with equipment.Attention: num
2At the storehouse top.In C uses, num
1With num
2Correspond respectively to arvc and argv.
Attention: this socket is relevant with equipment, provides it so that the terminating machine specific program (TRS) that utilizes the EPI code to be write can have the I/O relevant with terminating machine.If appointed function is not supported, unusual-21 (operations that are not supported) of then dishing out.
D2?04?EPICALLBACK
(dev?fn?num
1num
2-ior)
The socket of EPI program in machine code, it can be called by lower floor's operating system.Four parameters are to make 32 place values of following purposes: for having the array of being included in num
2In num
1The function fn of 32 parameters, dev selects required I/O device, returns ior, and its meaning is relevant with equipment.In C uses, num
1With num
2Correspond respectively to arvc and argv.
Notice that this socket is relevant with equipment, provide it so that the terminating machine specific program (TRS) that utilizes the EPI code to be write can provide callback procedure for operating system.If the function of appointment is not supported, unusual-21 (operations that are not supported) of then dishing out.
1.7 systemic-function I/O collection
This collection defines the function that use can be provided by the SYSFUNC mark, and the action of its this mark is to provide the broad sense interface to lower floor's operating system program.
1.7.1 device access
Each device distributes a unique equipment number.State ior code is relevant with device, and the ior code is always 0, represents successful exception.
F900?DKEY
(dev-echar)
Dev reads character from input media.
F901?DKEYTEST
(dev-flag)
If character is prepared to read from input media dev, return " very ".
F902?DEMIT
(char?dev)
Char is sent to output unit dev.
F903?BEEP
(u?dev-)
Request output unit dev produces sound and continues the u millisecond.This function can be suspended one period fixed time of processing.
F904?DREAD
(addrlen?dev-ior)
Dev reads character string from input media, turns back to and installs relevant ior.This character string of returning only comprises the lower-order byte of the character of reading from key board unit.
F905?DWRITE
(addr?len?dev-ior)
Character string is write among the output unit dev, turned back to and install relevant ior.
F906?DSTATUS
(dev-ior)
Turn back to the state of resources ior relevant with installing dev, in normal conditions, " preparation " indicates by 0 with " can serve ", and " preparing " is by other any value indication.Specific device can turn back to nonzero value, and it is significant for device.If device is selected by " OUTPUT " mark of carrying out in the past, DSTATUS should turn back to " preparing " and ends until finishing the condition of holding that is sent to the OUTPUT function so.
F907?DIOCTL
(dev?fn?num?a-addr-ior)
Carry out the IOCTL function fn of passage dev, in the array of a-addr, have num cell size independent variable.
F908?OUTPUT
(xp?dev-ior)
Carry out its carry out pointer by) process that xp provides, output is directed to device dev.When returning, current output unit (seeing GETOP) is unaffected from " OUTPUT ".If program is to carry out, ior returns as zero.All that come from that xp carries out are arrested by virtual machine unusually, cause to stop " OUTPUT " immediately.
F909?DWRITESTRING
(dev-)
Before this mark is located at a string character, be stored in the mark stream, as the counting byte, follow the so much byte of counting thereafter after.The DWRITESTRING mark is write character among the screening device dev of institute.In the end and then continue behind the character to carry out.
P90A?GETOP
(-dev)
Turn back to by the last selected device dev of SETOP or be sent to " OUTPUT " function the term of execution.Be used to seek the default device of device oriented I/O operation.This function allows to implement easily and current device function associated.
P90B?SETOP
(dev-)
The default device dev that is used to device oriented I/O operating and setting to return by GETOP.This function allows to implement easily and current device function associated.
F90C?FORMFEED
(dev-)
On device dev, carry out " new model " action relevant, as " cls " (terminal demonstration) or " throwing page or leaf " (printer) with device.
F90D?CR
(dev-)
On device dev, carry out " newline " action relevant with device.
F90E?SETXY
(num
1num
2dev-)
Utilize num
1Make the x coordinate, num
2Make the y coordinate, on device dev, carry out " setting absolute position " action relevant with device.
1.7.2 the time handles
Standard Forth word
1.7.3 language and Message Processing
Mark in this group provides a kind of handle language and message selection and the mechanism that shows.
F920?CHOOSELANG
(addr-flag)
The language of selecting its ISO639 language codes to provide by 2 characters in addr place.If " sign " is " very ", language is found so, is current language now.Otherwise calling program should be selected another kind of language.At least a language (native language of terminating machine) is always utilizable.
F921?CODEPAGE
(num-flag)
Attempt selecting resident code page num page or leaf Code to be numbered according to ISO8859 (the public character set of 0=, 1=Latin 1, etc.).Selected code page." sign " is " very ".
F922?LOADPAG
(addr-flag)
Code page (this page or leaf can find usually) is installed at addr place at terminating machine in card.This page or leaf of sign expression loads successfully.When the installation that can finish page or leaf when ICC has been written into new message table, this needs code page, can not provide on the terminating machine.
F923?INITMESSAGES
(-)
This function is deleted private publisher message, and numbering is from C0 to FF (sexadecimal) and any message of being installed by LOADMESSAGES.After each user hotline, can call this function.
F924?LOADMESSAGES
(c-addr-)
Installation message table on the appropriate location in instantaneous message database.C-addr provides the position of message table definition, comprises page code that uses for message, according to two alphabetic language codes and the message to be installed of ISO639.
F925?GETMESSAGE
(num-c-addr?len)
The string argument of return messages num.From the length l en of character string, remove trailing space.
F927?UPDATEMESSAGES
(addr?len-)
Message table is installed in the resident language table.If there has been the language with same code, it will be replaced; Otherwise, will increase new language.If there are not enough spaces to offer new language, so by code 22 (TOO_MANY_LANGUAGES) issue THROW.
Addr provides the position of the TLV that comprises message table definition, comprises page code that uses for message, according to two alphabetic language codes and the message to be installed of ISO639.
F928?MESSAGESIZE
(-len)
Turn back to the standard length of the message of this terminal.
F929?TYPEMESSAGE
(addr?len-)
On the message line of terminating machine, show given character string.
1.7.4 ICC code process
Mark in this group provides a kind of mechanism of processing integrated circuit card reader.
F930?INITCARD
(num-ior)
Select ICC reader num, num is 0 or 1 here.
F931?CARD
(c-addr
1?len
1?c-addr
2len
2-c-addr
2?len
3)
Impact damper c-addr
1Len
1In data deliver to card, at c-addr
2Len
2Receive data.The len that returns
3Provide the physical length of the character string that receives.
Impact damper c-addr
1Len
1Must comprise:
4 byte standard ISO titles (classification, instruction, P1, P2)
Optional data (" length " byte follow " length " and after, here " length " can 0-255).
Impact damper c-addr
2Len
2Must provide suitable space to add two state bytes, comprise SW1 and SW2 from the answer that blocks.
Error processing is carried out in CARD.
F932?CARDON
(c-addr?len
1-c-addr?len
2?ior)
To ICC power supply and execute card reset function.C-addr len
1Impact damper is provided in the placement " to the answer that resets "; Len
2It is the physical length of return string.
F933?CARDOFF
(-)
Cut off the ICC power supply.When finishing All Activity, carry out.
F934?CARDABSENT
(-flag)
If there is not ICC in the reader, returns " very ", otherwise return " vacation ".
1.7.5 magnetic stripe is handled
Mark in this group provides a kind of mechanism of handling the magnetic stripe device.
F938?FROMMAG
(c-addr?len
1?num-c-addr?len
2?ior)
Read one or more ISO magnetic stripes.By user's " cancellation " key or by overtime can interrupt operation.Num is the ISO identifier that the magnetic stripe track is read, and c-addr is the destination address of character string, len
1Be its maximum length (108 of at least 78 bytes of ISO, 41 bytes of ISO2 and ISO3, the length summation of perhaps reading a plurality of magnetic stripes).When returning, len
2Provide the physical length that character string is read.
F939?TOMAG
(c-addrlen?num?ior)
Write an ISO magnetic stripe.Data will be written into magnetic stripe num (1-3) in impact damper c-addrlen.Operation can be by user's " cancellation " key or overtime the interruption.
1.7.6 modem processes
Mark in this group provides a kind of mechanism of handling modem apparatus.
F940?MODEMCALL
(num
1?num
2?num
3?num
4?num
5?c-addr?len-ior)
Utilize the inside terminals modulator-demodular unit to come call number.
Num
1With num
2Input that indication is used and the speed (from 75 to 19200 baud) of exporting row.The actual speed of supporting is limited by facility.
Num
3Indication parity check (0=does not have, and 1=is strange, the 2=idol).
Num
4The number (7 or 8) of the position that indication is used.
Num
5The number (1 or 2) of the position of rest that indication is used to transmit
C-addrlen is a character string, comprises the telephone number of calling.Can comprise that ", " waits in order to dialing tone.If first character of this symbol string is " P ", adopt pulse dialing to replace default voice-frequency dialing.
F941?MODEMHANGUP
(-ior)
This function is used to finish current modulator-demodular unit dialogue.
F942?TOMODEM
(c-addrlen-ior)
When setting up the modulator-demodular unit dialogue, on c-addr len, send character string.
F943?FROMMODEM
(c-addrlen
1-c-addr?len
2-ior)
Receive character string from modulator-demodular unit.C-addr is the destination address of character string, len
1It is its maximum length.When returning, len
2Provide the physical length of reading character string.If in designated period, do not receive character, produce overtime so.
F944?MODEMBREAK
(-ior)
This function transmits in the modulator-demodular unit dialogue that is connected and disconnects.
1.7.7 blacklist management
Mark in this group provides a kind of mechanism of handling the blacklist file.
F948?INITBLACKLIST
(-)
This function is initialized as space state to the blacklist table.
F949?BLACKLISTINSERT
(c-addr?len-flag)
This function c-addr len place in table inserts a project, and it is kept with memory sequencing.
When being upgraded, the blacklist table must use this function.
(do not find project and table to be discontented with in existing table) if insert successfully, " sign " that returns is " vacation ".
F94A?INBLACKLIST
(c-addr
1?len
1-c-addr
2?len
2?flag)
This merit attempts to look for the key word c-addr in the table
1Len
1
If key word is found, c-addr
2Len
2The result's (comprising) who comprises search from all the other bytes of the required entries purpose and some possible other information bytes.
If find this numeral, " sign " that returns is " vacation ".
F94B?BLACKLISTDELETE
(c-addrlen-flag)
Project in this function delete list, c-addr len is the key word of delete items here, it can reach 18 byte longs.
If delete successfully and (find project), " sign " that returns is " vacation ".
1.7.8 the support of security algorithm
Mark in this group provides initialization and utilizes the support of security service.
F950?INITSECALGO
(c-addr?len?num-flag)
C-addr is the address of initialization impact damper, and len is its length.Carry out initialization although key word should be transmitted usually, the input parameter of every kind of algorithm may be different.If initialization successfully takes place, " sign " is " vacation ".
F95l?SECALGO
(c-addr
1?len?c-addr
2?num-flag)
Here c-addr
1Be the Input Data Buffer that calculates usefulness, len is its length.C-addr
2It is the output buffer that event memory is used.
If calculate successfully, " sign " is " vacation ".
The terminating machine service.
1.7.9 terminating machine service
F958??POWERLESS
(-flag)
If have enough electric power to finish current transaction, return " vacation ".
1.7.10 database service
Following mark provides a kind of mechanism of process database.
F961?DBMAKECURRENT
(a-addr-)
Make the database that is in a-addr become current database.
F962?DBSIZE
(-len)
The size of return recording impact damper provides window in the current record of current database.
F963?DBFETCHCELL
(num
1-num
2)
Unit aligned bytes skew num from the current record of current database
1The unit at place returns 32 place value num
2
F964?DBFETCHBYTE
(num-char)
Byte offset num returns 1 byte value char from the current record of current database.
F965?DBFETCHSTRING
(num?len-addr?len)
In the current record of current database, be offset num
1The place returns the character string addr and the len of byte sequence with length l en.
F966?DBSTORECELL
(num
1?num
2-)
In the current record of current database, be offset num in the unit aligned bytes
2The place is 32 place value num
1Store in the unit, data-base recording is upgraded.
F967?DBSTOREBYTE
(char?rnum-)
In the current record of current database, 1 byte value char is stored in the byte, data-base recording is upgraded at skew num place.
F968?DBSTORESTRING
(addr?len
1?num?len
2-)
In the current record of current database at the longest len of addr place store byte sequence of skew num
2Byte is upgraded data-base recording.If len
1Less than len
2, then the terminal point in the data-base recording impact damper is filled into len with the space
2
F969?DBINITIALIZE
(-)
Current database all is initialized as zero, " current " of database and " can use " record number (seeing DBRECNUM and DBAVAIL) is set at 0.
F96A?DBRECNUM
(-u)
Return the current record number.
F96B?DBCAPACITY
(-u)
Return the sum of the record that current database can keep.
F96C?DBAVAIL
(-num)
Return the next record number that can utilize record in the current file.
F96D?DBADDREC
(-)
Ending place at current database on the record number that is provided by DBAVAIL increases by a record.
F96F?DBSELECT
(num-)
In current selected data storehouse, select record num.
F970?DBMATCHBYKEY
(addr?len-flag)
Search current database, on critical field, mating by the specified character string of addr and len.For this structure, len can be shorter than the qualification length of critical field, utilizes all the other characters and space (ASC II 20h) character relatively.If the match is successful, matched record becomes current, and " sign " is " vacation ".
This mark only uses with sorting data storehouse.
F971?DBADDBYKEY
(addr?len-fiag)
Search current database,, on critical field, mate at by addr and the specified character string of len.For this structure, len can be shorter than the qualification length of critical field, utilizes all the other characters and space (ASC II 20h) character relatively.If the match is successful, matched record becomes current, and " sign " is " very ".If coupling is unsuccessful, insert a new record on the tram in database, " sign " is " vacation ".This new record is carried out initialization, and except its critical field, critical field will comprise given key word.
This mark only uses with sorting data storehouse.
F972?DBDELBYKEY
(addr?len-fiag)
Search current database,, on critical field, mate at by addr and the specified character string of len.For this structure, len can be shorter than the qualification length of critical field, utilizes all the other characters and space (ASC II 20h) character relatively.If the match is successful, the deletion matched record, " sign " is " vacation ".By taking suitable action, the record physics in the pre-initialize database to be reorientated or link again, the deletion action can be blocked any potential " leak " in the entity device.
This mark only uses with sorting data storehouse.
F973?DBSAVECONTEXT
(-)
Cause server current context information is pressed into storehouse, comprise current database, current record number and for information about any.Give the right of the return stack preservation contextual information of server use VM, therefore, client software must be observed the general rule that return stack uses.
F974?DBRESTORECONTEXT
(-)
Cause server and recover the contextual information (seeing DBSAVECONTEXT) of up-to-date preservation.Give the right of the return stack preservation contextual information of server use VM, therefore, client software must be observed the general rule that return stack uses.
1.8 TLV management
Mark described in this section provides TLV management and access facility.
1.8.1 handling, character string supports
F978?PLUSSTRING
(c-addr
1?lenl?c-addr
2?len
2-c-addr
2?len
3)
At c-addr
2The len at the end of place's character string
2On the byte, be stored in c-addr
1The len at place
1The byte character string.Turn back to purpose character string (c-addr
2) begin the place and two length (len
3) sum.End in the purpose character string must have living space, to keep two character strings.
F979?CPLUSSTRING
(char?c-addr?len-c-addr?len+1)
Store the character char of len byte at the end of c-addr place character string.Turn back to the beginning of purpose character string (c-addr) and the length (len+1) of generation character string.End in the purpose character string must have living space, to keep two character strings.
F97A?MINUSTAILING
(c-addr?len
1-c-addr?len
2)
If len
1Greater than zero, len
2Equal len
1Deduct by c-addrlen
1The terminal space of the character string of appointment (ASC II 20h) number.If len
1Be zero or whole character string form len so by the space
2Be zero.
F97B?MINUSZEROS
(c-addr?len
1-c-addr?len
2)
If len
1Greater than zero, len
2Equal len
1Deduct by c-addr len
1Terminal zero (ASC II 0h) number of the character string of appointment is little.If len
1Be zero or whole character string form len so by null character (NUL)
2Be zero.
F97C?STORECOUNT
(char?c-addr-)
Digital char is stored into the byte at c-addr place.If char is greater than 255 then produce the STRING_TOO_LARGE code of dishing out.
1.8.2 TLV buffer accesses
F980?TLV
(num-c-addr?len?fmt)
Turn back to the access parameter of TLV, its Tag is num.This can produce the UNDEFINED_TLV code of dishing out.
F9?81?TLVFETCH
(c-addr
1?len
1?fmt-num|c-addr
2?len
2)
" TYPE " field according to inner TLV impact damper turns back to its content, and " TYPE " field is low eight of fmt.Type code 0 and 2 turns back to numeral on the storehouse, and other turn back to the character string pointer.The address of being returned by type code 3 fields is interim, must transfer to more permanent location at once.The len that character string is returned
2Be stored in identical in the impact damper at last.
F982?TLVSTORE
(num?c-addr
2?len
2?fmt|c-addr
1?len
1?c-addr
2?len
2?fmt-)
Set the content of inner TLV impact damper according to its " type " field, type field is low eight of fmt, and type code 0 and 2 is got the number on the storehouse, and other get the character string pointer.This move will be established the attribute method analysis state position of this TLV.
F983?TLVBITFETCH
(c-addr-fiag)
Turn back to the result who shelters inner TLV content of buffer, its content is quoted by the sequence at c-addr place, at the value field of this position.This can produce the UNDEFINED_TLV code of dishing out.If all positions with the mask definition are positioned on the internal buffer, " sign " will turn back to " very " so.Otherwise, will turn back to " vacation ".Only short in two a positions byte that is covered is checked.
F984?TLVBITSTORE
(flag?c-addr-)
Based on its locational value field, the content of the inside TLV impact damper that setting c-addr place sequence is quoted.If " sign " is " false (0) ", then disconnect defined all positions, there.Otherwise, with they whole connections.
1.8.3TLV handle
F985?PARSETLV
(c-addr?len-)
For the TLV sequence, the len byte at c-addr place is handled.This can produce the UNDEFINED_TLV code of dishing out.Each tag field of running into places the length field byte its internal buffer and sets its grammatical analysis mode bit from its value field.During the tag field that constitutes when running into, before carrying out the grammatical analysis of value field, remove and be defined as all inner TLV impact dampers relevant with it at the TLV sequence.If in not being defined as the formation template relevant, meet TLV, will not produce unusual with it.
F986?PLUSDOL
(c-addr
1?len?c-addr
2?len
2-c-addr
2?len
3-)
For " mark " field and " length " field, to c-addr
1The len at place
1Byte is handled.This can produce the UNDEFINED_TLV code of dishing out.At c-addr
2The terminal len of place's output string
2The byte place places value field with " length " field byte from its internal buffer to each tag field of running into.Turn back to purpose character string (c-addr
2) beginning and two length (len
3) sum.End at output string must have living space to keep two character strings.
F987?PLUSTLV
(c-addrlen
1?num-c-addrlen
2)
The TLV sequence that is its " mark " num adds to c-addr
1The terminal len of the output string at place
1The byte place.This can produce the UNDEFINED_TLV code of dishing out.According to the TLV rule, mark, length and value field are formatd based on data in its internal buffer.Turn back to beginning and two length sum (len of purpose character string (c-addr)
2).End at output string must have living space to keep two character strings.
F989?TLVSTATUS
(fmt-num?char)
State to TLV access parameter fmt is decoded.The num that returns is a format indicator 0, and the character among the char that returns has following meaning, and 0 is lowest order here:
| ????0 | The non-grammatical analysis of 0=, the 1=grammatical analysis |
| ????1-7 | Keep to give in the future and use |
1.8.4 TLV sequential access
F98A?STOREBCD
(uc-addr?len-)
Number u stores in the character string of the len of c-addr place byte as the binary-decimal sequence.Numeral is formatd 4 nibbles of each digitized representation in output string.If necessary the nibble of front is filled 0.If len not tool is that sufficient length keeps all numerals, the most significant digit of number part will be cast out.
F98B?FETCHBCD
(c-addr?len-u)
From the binary-decimal sequence of c-addr, take out several u of len byte.Numeral is formatd 4 nibbles of each digitized representation in input of character string.If any nibble is not effective BCD numeral, the DIGIT_TOO_LARGE that dishes out so is unusual.
F98C?STOREBN
(uc-addr?len-)
Numeral u stores into as binary number in the character string of len byte at c-addr place.The most significant digit byte of at first storage numeral.If necessary, the byte of front will fill 0.If len not tool is that sufficient length keeps all numerals, the most significant digit of number part will be cast out.
F98D?FETCHBN
(c-addr?len-u)
From the character string of c-addr, take out the digital u of len byte, as binary number.At first take out the most significant digit byte of number.If data surpass nybble on this position, will lose the most significant digit byte so.
F98E?STORECN
(c-addr
1?len
1?c-addr
2?len
2-)
C-addr
1The len of place
1The number of byte stores c-addr into as the compression number
2The len at place
2In the byte character string.This number is formatd, and 4 nibbles represented in each character in output string.If necessary, the nibble of back will be filled F.If len
2Curtailment is to keep all character (len
2<[len
1+ 1]/2), numeral will be blocked.If the character in the input of character string is not a numeral, will produce the DIGIT_TOO_LARGE code of dishing out so.
F98F?FETCHCN
(c-addr
1?len
1-c-addr
2?len
2)
Take out len
2The byte character string is to c-addr
2The temporary position at place, it represents c-addr
1The len of place
1" compressed digital " in the byte character string.Numeral is formatd, and 4 nibbles in the input of character string represented in each character of output string.When running into nibble with all hytes or character string terminal, will stop output string.If not being numeral, the nibble in the input of character string will not produce the DIGIT_TOO_LARGE code of dishing out.Output string must move to more permanent location at once.
F990?TLVFETCHNAME
(c-addr
1-c-addr
2?num)
For " mark " field, carry out c-addr
1The grammatical analysis of the TLV of place sequence.Return address c-addr
2, it is the tag field in the past and the num of tag field.
F991?TLVFETCHLENGTH
(c-addr
1-c-addr
2?len)
For " length " field, carry out c-addr
1The grammatical analysis of the TLV of place sequence.Return address c-addr
2, it is length field in the past and the len that is included in this field.
1.9 resume module
Following mark offers storage and the execution of EPI code module in virtual machine.
F9A0?EXECUTEMODULE
(c-addr?len-flag)
Utilize the AID of c-addr len appointment from module directory, to insmod.If the generation mistake, unusual CANNOT_LOAD_MODULE dishes out.If the module of not finding, then " sign " is " very ", if be written into success then for " vacation ".
F9A1?INITMODULEBUFFER
(-)
Prepare obtaining of new module.
F9A2?MODULEBUFFERAPPEND
(c-addr?len-)
The content of the impact damper of c-addr and len qualification is added to module to be obtained in the impact damper.If also preparation module impact damper is not handled capacity if perhaps exceed module buffer, unusual CANNOT_AAD_TO_MODULE then dishes out.
F9A3?REGISTERMODULE
(c-addr?len-)
Under given EPI code AID, module buffer is deposited with in the module directory by c-addr len appointment.Automatically discharge the resource relevant with the administration module impact damper.
F9A4?RELEASEMODULEBUFFER
(-)
Discharge the employed resource of internal module impact damper.Jejune being written into of module must be stopped by application program, module is not deposited with in the module directory, then needs like this.
F9A5?DELETEMODULE
(c-addr?len-flag)
Its AID of deletion is by the module of c-addr len appointment from module directory.If operating successfully, " sign " is zero.
F9A6?MODULEINFO
(c-addr
1?len
1-c-addr
2?len
2?flag)
Turn back to " public " information on the module, this module is at c-addr
1Len
1Be deposited with in the module directory under the AID of appointment." sign " is zero if operate successfully, c-addr
1The data at place are effective.The structure of the impact damper that is returned by this mark is limited by the module heading message.This function is only returned the EPF_VER project by EPF_ENTRY.
F9A7?LOADCARDMODULE
(a-addr-)
Insmod at a-addr.A-addr is the address that is delivered to the EPI code module title the interior magazine from card.If module is violated any precondition that card module is written into, unusual BAD_CARD_MODULE dishes out.
F9A8?MODULESCHANGED
(-u)
Rreturn value u, whether representation module is changed.Which module classification position 0 to 7 definition has deposited in module directory since the last execution of this mark.For example, utilizing initial AID byte is that the module that F4 deposits is set at return state with position 4.Position 8 to 31 is retained for following amplification.
1.10 extendible memory processes
Following mark provides to be provided and the access of extendible " bungee " impact damper of the data space neutral line storer managed virtual machine.
F9B0?EXTEND
(len-a-addr)
By len unit extensions " bungee " impact damper, return the unit aligned address a-addr of first module in institute's distributing buffer device.ZERO EXTEND makes pointer turn back to next unappropriated unit.If there are not enough storeies can supply to utilize, the OUT_OF_MEMORY that then dishes out is unusual.
F9B1?BEXTEND
(len-c-addr)
By len byte expansion " bungee " impact damper, return the address c-addr of first byte in institute's distributing buffer device.ZERO EXTEND makes pointer turn back to next unappropriated byte.If there are not enough storeies can supply to utilize, the OUT_OF_MEMORY that then dishes out is unusual.
F9B2?RELEASE
(addr-)
The storage that release is obtained by EXTEND or BEXTEND is set to addr to " free pointer ".If addr is invalid (before starting the bungee impact damper, perhaps exceeding current " free pointer "), in unusual-9 (the invalid storage addresss) of the ANS that dishes out.
Further mark:
F9B0?DSCHECK
(u-flag)
Check that the u data cell is retained on the data stack at least.If this is the case, return " vacation ", otherwise return " very ".
F9B1????RSCHECK
(u-flag)
Check that the u data cell is retained on the return stack at least.In this case, returns " vacation ", otherwise return " very ".
1.11 security command
Security algorithm is handled may occupy several seconds time on some terminating machine.The present invention includes present single SECALGO order is resolved into the beginning part and finished part, so that use multitasking facility.This is in the middle of the research, proposes following suggestion and selects as the another kind to SECALGO.
F956????SECALGOBEGIN
(c-addr
1?len?c-addr
2?num-flag)
This is that the algorithm of use pattern num calculates.C-addr
1Be the Input Data Buffer that calculates usefulness, len is its length.C-addr
2It is the output buffer that event memory is used.This function is returned one " sign ", and expression " vacation " is the calculating that can successfully begin.
F957?SECALGOEND
(-ior)
This function is returned an ior, and expression: 0=calculates and completes successfully;-1=calculates and still carries out; 1=calculates failure.
Abnormality code
This section comprises all codes as the independent variable use of " dishing out " for standard abnormality processing function.
Express the ANS Forth code that uses in the EPIC core down.
| # keeps | # keeps |
| -3 storehouses overflow | -23 addresses are aimed at unusual |
| -4 stack underflows | -24 invalid numerical value independents variable |
| -5 return stacks overflow | -25 return stacks are unbalance |
| -6 return stack underflows | -26 loop parameters can not use |
| Nested loops is too dark term of execution of-7 | -27 invalid recurrence |
| -9 invalid storage addresses | -28 users are interrupted |
| -10 remove zero | -36 inactive file positions |
| -11 results go beyond the scope | -37 file I/Os are unusual |
| -12 argument types mismatches | -38 inactive files |
| -17 image digitization output strings overflow | The accident of-39 files finishes |
| -20 are written to read-only position | -53 unusual storehouses overflow |
| -21 operations that are not supported | -57 send or receive character unusually |
Claims (64)
1. trade managing system of carrying out transaction between first device and second device is characterized in that: described first and second devices are suitable for communicating with one another and described first and second at least one is an integrated circuit card in installing, and described system comprises:
At least one input/output device;
Described first device is gone up the portable virtual machine that computer program carries out decipher, and described virtual machine comprises that a virtual microprocessor and is used for the driver of described at least one device of input/output device; And
Carry out described program implementation device in response to described program interpreter.
2. one kind comprises first terminating machine that installs of concluding the business with second device, it is characterized in that: at least one device is integrated circuit card in described first and second devices, and described terminating machine comprises:
Described first device is gone up the portable virtual machine that computer program carries out decipher, and described virtual machine comprises that a virtual microprocessor and is used for the driver of described at least one device of input/output device; And
Carry out described program implementation device in response to described program interpreter.
3. one kind comprises the first self-contained portable smart card that installs of concluding the business with second device, it is characterized in that described smart card comprises:
Portable virtual machine, described virtual machine comprise that a virtual microprocessor and is used for the driver of described at least one device of input/output device.
4. the system as claimed in claim 1 or terminating machine as claimed in claim 2 or smart card as claimed in claim 3, it is characterized in that: the machine instruction of described virtual machine is one group of mark, and described mark is the private byte code.
5. as claim 3 or 4 described smart cards, it is characterized in that further comprising the computer program that is stored on the described smart card, described computer program is carried out the described virtual machine of decipher and carries out described program implementation device in response to described program interpreter.
6. system as claimed in claim 4 or terminating machine or smart card as claimed in claim 5 is characterized in that: described computer program is write with mark and the corresponding mode of directly inserting the stream of data selected from described group of mark.
7. system as claimed in claim 6 or terminating machine or smart card is characterized in that: described mark stream transmits with module, and module comprises that described mark stream and the required respective straight of execution module patch into data.
8. system as claimed in claim 7 or terminating machine or smart card is characterized in that: described module also comprises carries out the indication of described module to memory requirement.
9. system as claimed in claim 8 or terminating machine or smart card is characterized in that: described virtual machine also comprises and is written into the wherein device of mark of described module and decipher.
10. system as claimed in claim 9 or terminating machine or smart card is characterized in that: described mark is written into the decipher device and reads described mark in the described module, does not send abnormal conditions if the mark of reading does not belong to described token groups.
11. as any one described system or terminating machine or smart card in the claim 7 to 10, it is characterized in that: described virtual machine comprises the logical address space of read/writable, described space has the storage vault of at least one described module, and described module comprises the indication of the logical address space amount of the read/writable that its execution is required;
Described virtual machine also comprises according to described indication and distributes the device of the logical address space amount of read/writable when being written into of described module, and describedly distributed the read/writable logical address space to have to limit and shielded border.
12. system as claimed in claim 11 or terminating machine or smart card is characterized in that further being included in and remove the described device that has distributed read/writable logical address space amount when stopping described module.
13. as any one described system or terminating machine or smart card in the claim 9 to 12, it is characterized in that: described second device comprises provides at least one device that can revise the programmed instruction of described computer program execution time condition at least; Described be written into be written into described module with the decipher device after and described module when moving; Described being written into the decipher device is written into and described at least one programmed instruction of decipher according to predetermined safety condition; Described actuating unit responds to described loader instruction according to the decipher of described virtual machine and utilizes described modification condition to carry out described computer program.
14. system as claimed in claim 13 or terminating machine or smart card is characterized in that: described safety condition is provided by a function.
15. as any one described system or terminating machine or smart card in the claim 9 to 14, it is characterized in that further comprising the read/writable logical address space, described space comprises at least one database, described database comprises at least one record, and described module comprises the indication of carrying out the necessary non-initialization read/writable logical address space amount of described module;
Described loader distributes the aequum of non-initialization logic address space according to described indication; And
Visit the device that writes down in the described database, described record in the described database only can be by described module accesses, and described access means provides a form and described record is copied in described database current record can be by in the described non-initialization read/writable logical address space of the part of described application program addressing.
16. a trade managing system is characterized in that described system comprises:
First device and second device, described first and second devices are suitable for communicating with one another, and at least a in described first and second devices is integrated circuit card;
Described second device comprises provides at least one device of programmed instruction that can revise described first the above computer program execution time condition of device at least;
Described first device comprises a virtual machine, described virtual machine comprises the device that is written into the described computer program of decipher, packed into behind the described computer program with the decipher device and described computer program when moving described being written into, described being written into the decipher device further is suitable for being written into and described at least one programmed instruction of decipher according to predetermined safety condition; Instruction utilizes described modification condition to carry out the computer program of described loaded and decipher to described actuating unit according to described loader.
17. a terminating machine that comprises first device of concluding the business with second device, at least one device is integrated circuit card in described first and second devices, it is characterized in that:
Described second device comprises provides at least one device of programmed instruction that can revise described first the above computer program execution time condition of device at least; Described terminating machine comprises:
Described first device comprises a virtual machine, described virtual machine comprises the device that is written into the described computer program of decipher, packed into behind the described computer program with the decipher device and described computer program when moving described being written into, described being written into the decipher device further is suitable for being written into and described at least one programmed instruction of decipher according to predetermined safety condition; Instruction utilizes described modification condition to carry out the computer program of described loaded and decipher to described actuating unit according to described loader.
18. a self-contained portable smart card that comprises first device of concluding the business with second device is characterized in that:
Described second device comprises provides at least one device of programmed instruction that can revise described first the above computer program execution time condition of device at least, and described smart card comprises:
Described first device comprises a virtual machine, described virtual machine comprises the device that is written into the described computer program of decipher, packed into behind the described computer program with the decipher device and described computer program when moving described being written into, described being written into the decipher device is written into and described at least one programmed instruction of decipher according to predetermined safety condition; Instruction utilizes described modification condition to carry out the computer program of described loaded and decipher to described actuating unit according to described loader.
19. system as claimed in claim 16 or terminating machine as claimed in claim 17 or smart card as claimed in claim 18 is characterized in that: described safety condition is provided by a function.
20. system as claimed in claim 19 or terminating machine or smart card, it is characterized in that: described at least one programmed instruction is first programmed instruction, described first device comprises second programmed instruction that can revise described computer program execution time condition at least, and described first programmed instruction comprises quoting described second programmed instruction; And
Described being written into the decipher device made sound directly to described quoting, and is written into described second programmed instruction, and described actuating unit is carried out described computer program according to the determined modification of described second programmed instruction back condition.
21. system as claimed in claim 20 or terminating machine or smart card, it is characterized in that: described computer program and described first and second programmed instruction patch into the stream mode of data with mark and respective straight and write, the private byte code of each mark for selecting from one group of private byte code.
22. system as claimed in claim 21 or terminating machine or smart card, described virtual machine is directed to the stream of the described mark of described first and second programmed instruction and described direct insertion data in the mark stream of described computer program.
23. as claim 21 or 22 described systems or terminating machine or smart card, it is characterized in that: the mark stream and described at least second programmed instruction of described at least computer program transmit with module separately, and each module is to comprise relevant mark stream and carry out the required respective straight of described module patching into data.
24. system as claimed in claim 23 or terminating machine or smart card is characterized in that: described module also comprises carries out the required storer indication of described module.
25. as claim 23 or 24 described systems or terminating machine or smart card, it is characterized in that: the module of described computer program also comprises the mutual exclusion table of at least one revisable socket, and described at least one socket limits described virtual machine in the mark stream of described computer program module and the position of directly inserting described first programmed instruction of input in the data.
26. system as claimed in claim 25 or terminating machine or smart card is characterized in that: at least one revisable socket described in the described computer program module comprises that execute vector is to default condition.
27. system as claimed in claim 26 or terminating machine or smart card is characterized in that: if when described predetermined safety condition does not allow described at least one programmed instruction to be written into, described actuating unit is carried out described computer program with described default condition.
28. as claim 23 or 27 described systems or terminating machine or smart card, it is characterized in that: described virtual machine comprises the read/writable logical address space, described module comprises the read/writable logical address space amount indication that its execution is required;
Described virtual machine comprises that also the described indication of foundation distributes the device of read/writable logical address space amount when being written into described computer program module, and the described read/writable logical address space that distributed has the border that limits and protect; And
When finishing, removes described computer program module the device that distributes described read/writable logical address space amount.
29. as claim 23 or 28 described systems or terminating machine or smart card, further comprise the read/writable logical address space, described space comprises at least one database, described database comprises many records, and described module comprises the indication of carrying out the necessary non-initialization read/writable logical address space amount of described module;
Described device for loading distributes the aequum of non-initialization logic address space according to described indication; And
The device that writes down in the described database of access, record in the described database only can be by described module access, described access device described database at present provide a form on the record and described record copied to can be by the non-initialization read/writable of the part of described application program addressing logical address space in.
30. as claim 16 or 27 described systems or terminating machine or smart card, it is characterized in that: described safety condition is to comprise verifying that at least described second installs the device that plays former and integrality of going up data and programmed instruction.
31. a transaction system of carrying out transaction between first device and second device, described system comprises: decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises Virtual Processing Unit and read/writable logical address space;
At least one first application program comprises the indication of read/writable logical address space amount required when being used to carry out, and described at least one first application program patches into the mode of the stream of data with the mark selected from described one group of mark and respective straight and writes;
Described virtual machine also comprises:
Be written into the loader of described at least one first application program;
According to described indication, be in particular the device of described at least one first application assigned, first read/writable logical address space amount, the described read/writable logical address space that distributed has the border that limits and protect.
32. a terminating machine that comprises first device of concluding the business with second device, described first device comprises: decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises Virtual Processing Unit and read/writable logical address space;
At least one first application program comprises the indication of read/writable logical address space amount required when being used to carry out, and described at least one first application program patches into data mode with the mark selected from described one group of mark stream and respective straight and writes;
Described virtual machine also comprises:
Be written into the loader of described at least one first application program;
According to described indication, be in particular the device of described at least one first application assigned, first read/writable logical address space amount, the described read/writable logical address space that distributed has the border that limits and protect.
33. a self-contained portable smart card that comprises first device of concluding the business with second device, described first device comprises: decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises Virtual Processing Unit and read/writable logical address space;
At least one first application program comprises the indication of read/writable logical address space amount required when being used to carry out, and described at least one first application program patches into the mode of the stream of data with the mark selected from described one group of mark and respective straight and writes;
Described virtual machine also comprises:
Be written into the loader of described at least one first application program;
According to described indication, be in particular the device of described at least one first application assigned, first read/writable logical address space amount, the described read/writable logical address space that distributed has the border that limits and protect.
34. system as claimed in claim 31 or terminating machine as claimed in claim 32 or smart card as claimed in claim 33, trivial solution removes the device that distributes the described first read/write logical address space amount when it is characterized in that further being included in described at least one EOP (end of program).
35., it is characterized in that: have at least one to be ICC in described first and second devices as any one described system or terminating machine or smart card in the claim 31 to 34.
36. as any one described system or terminating machine or smart card in the claim 31 to 35, it is characterized in that: described first application program also comprises the first mutual exclusion table with at least one function that can be output on other application program, further comprises can offering the device that other programs are used to described at least one function.
37. as any one described system or terminating machine or smart card in the claim 31 to 36, it is characterized in that: described first application program is first module, described other application programs are other modules, and each module comprises the indication of read/writable logical address space amount required when the first mutual exclusion table of the mark stream of selecting, corresponding at least one function that directly inserts data, is output and module are carried out at least from described one group of mark.
38. system as claimed in claim 37 or terminating machine, it is characterized in that: described first module comprises the second mutual exclusion table of discerning one second module at least, therefrom will import at least one function, described loader is written into described at least the second module according to described second table when being written into described first module.
39. system as claimed in claim 38 or terminating machine or smart card is characterized in that:, stop described first module so if described at least one that is transfused to second module successfully is not written into.
40. as any one described system or terminating machine or smart card in the claim 37 to 39, it is characterized in that: described distributor distributes the first read/writable logical address space amount when being written into described first module, only gives first module assignment second described in the single extendible impact damper or further read/writable logical address space amount since first address; With
When being discharged the described second read/writable logical address space amount by described first module, described releasing distributor is removed the described second read/writable logical address space amount of distributing and all exceed the further distribution of described first address.
41. system as claimed in claim 40 or terminating machine or smart card is characterized in that: described releasing distributor is removed when described first module finishes and is distributed the described second read/writable logical address space amount and all to exceed the further distribution of described first address.
42. as any one described system or terminating machine or smart card in the claim 37 to 41, it is characterized in that: described read/writable logical address space comprises at least one database, described database comprises at least one record, described module comprises the indication of the non-initialization read/writable logical address space amount that described module execution is required, and the record in the described database only can be by described module accesses;
Described loader distributes the aequum of non-initialization logic address/amount of space according to described indication; With
Visit the device that writes down in the described database, described access means provides a form and described record is copied in described database current record can be by in the described non-initialization read/writable logical address space of the part of described application program addressing.
43., it is characterized in that: described releasing distributor any read/writable logical address space amount that deletion has distributed when described first module finishes as any one described system or terminating machine or smart card in the claim 34 to 42.
44. a transaction system of carrying out transaction between first device and second device has at least one to be integrated circuit card in described first and second devices, described system comprises: a decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space;
At least one database comprises at least one record and at least one computer program of being carried out by described virtual machine, the module of described computer program for writing in the mark stream mode that is selected from described one group of mark comprises the indication of the non-initialization read/writable logical address space amount that described module execution is required;
Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With
Visit the device that writes down in the described database, record only can be by described module accesses in the described database, and described access means provides a form and described record is copied in described database current record can be by in the described non-initialization read/writable logical address space of the part of described application program addressing.
45. one kind comprises the terminating machine of carrying out first device of transaction with second device, have at least one to be integrated circuit card in described first and second devices, described first device comprises: a decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space;
At least one database comprises at least one record and at least one computer program of being carried out by described virtual machine, the module of described computer program for writing in the mark stream mode that is selected from described one group of mark comprises the indication of the non-initialization read/writable logical address space amount that described module execution is required;
Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With
Visit the device that writes down in the described database, record only can be by described module accesses in the described database, and described access means provides a form and described record is copied in described database current record can be by in the described non-initialization read/writable logical address space of the part of described application program addressing.
46. one kind comprises the self-contained portable smart card of carrying out first device of transaction with second device,
Described first device comprises:
One decipher is applied to the virtual machine of one group of private byte code mark on it;
Described virtual machine comprises a Virtual Processing Unit and read/writable logical address space;
At least one database comprises at least one record and at least one computer program of being carried out by described virtual machine, the module of described computer program for writing in the mark stream mode that is selected from described one group of mark comprises the indication of the non-initialization read/writable logical address space amount that described module execution is required;
Be written into the loader that described module and the described indication of foundation distribute non-initialization logic address space aequum; With
Visit the device that writes down in the described database, record only can be by described module accesses in the described database, and described access means provides a form and described record is copied in described database current record can be by in the described non-initialization read/writable logical address space of the part of described application program addressing.
47. system as claimed in claim 44 or terminating machine as claimed in claim 45 or smart card as claimed in claim 46 is characterized in that: described database is to be written into illustrational the first time of described module.
48. as any one described system or terminating machine or smart card in the claim 1 to 47, it is characterized in that: described virtual machine is a stack machine.
49. system as claimed in claim 48 or terminating machine or smart card is characterized in that: described virtual machine is at least two stack machines, and wherein first storehouse is a data stack and second storehouse is a return stack.
50. as any one described system or terminating machine or smart card in the claim 1 to 49, it is characterized in that: described virtual machine comprises the local variable frame memory, the frame pointer register is used for storing the frame end pointer that points to the initial frame pointer of storer frame and point to frame end in the storer.
51. as claim 49 or 50 described systems or terminating machine or smart card, it is characterized in that: described data stack and return stack not in storer by described computer program immediated addressing, but only can be by limiting by mark and by the stack manipulation access of described virtual machine decipher.
52. described system of any one claim or terminating machine as described above is characterized in that: described first device is hand-hold device.
53. system as claimed in claim 52 or terminating machine is characterized in that: described hand-held device comprises an integrated circuit card (ICC).
54. as any one described system or terminating machine in the claim 1 to 53, it is characterized in that: described second device comprises an ICC.
55. as any one described system in the claim 1 to 54, it is characterized in that: described first device is a terminating machine.
56. as any one described system or terminating machine or smart card in the claim 1 to 55, it is characterized in that: described first and second devices include integrated circuit card (ICC).
57. as any one described system or terminating machine or smart card in the claim 1 to 56, it is characterized in that: described transaction comprises carries out once following sequence at least:
A. set up the communication link between described first and second device;
B. select to comprise the application program of described computer program and the one group of related data that limits described transaction;
C. carry out described application program; With
D. stop described transaction.
58. as any one described system or terminating machine or smart card in the claim 1 to 57, it is characterized in that: described transaction is that financial transaction and described system are financial transaction management system.
59. an integrated circuit card is characterized in that described integrated circuit card comprises can revise as in any one described system in the claim 1 to 58 or as in any one described terminating machine in the claim 2 to 58 or as the programmed instruction of program run condition in any one described smart card in the claim 3 to 58.
60. one kind is carried out transaction method, has at least one to be integrated circuit card in described first and second devices between first device and one second device; Described method is included on described second device at least one programmed instruction is provided, and can revise the execution time condition that described first device is gone up computer program at least;
Be written into and the described computer program of decipher,
When described computer program is being carried out,, be written into and described at least one programmed instruction of decipher according to the predetermined safe condition; With
According to the programmed instruction of described loaded and decipher, carry out the described computer program that is written into decipher with described modification condition.
61. one kind is carried out transaction method between first device and second device, have at least one to be integrated circuit card in described first and second devices, described method comprises:
At least one application program of decipher, described program are to patch into the mode of the stream of data with syllabified code mark that is selected from one group of mark and respective straight to write;
Be written into described at least one application program;
According to the indication that is included in the described application program of carrying out required read/writable logical address space amount, distribute first read/writable the logical space amount, particularly described at least one application program; And
Limit and protect the described border of having distributed the read/writable logical address space.
62. method as claimed in claim 61 is characterized in that further comprising:
When stopping, described at least one first application program removes the first read/writable logical address space amount of distribution significantly.
63. method of between first device and second device, carrying out transaction system, have at least one to be integrated circuit card in described first and second devices, described method comprises: the mark in the interpretation module, and described mark is write in the mode that is selected from one group of mark stream in the mark;
Indication according to non-initialization read/writable logical address space amount in the required described module of described module execution distributes non-initialization logic address/amount of space;
By providing a form to visit record in the database in described database current record, the record in the database only can be by described module accesses; Described record is copied to can be by in the described non-initialization read/writable logical address space of the part of described module addressing.
64. one kind is carried out transaction method between first device and second device, have at least one to be integrated circuit card in described first and second devices, described method comprises:
A portable virtual machine is provided, and described machine comprises a virtual microprocessor and is used for the driver of an input/output device at least;
The computer program that utilizes described portable virtual machine to come decipher described first to install; And
Carry out described program according to described program interpreter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 97195913 CN1223737A (en) | 1996-06-27 | 1997-06-26 | Portable, secure transaction system for programmable, intelligent devices |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB9613450.7 | 1996-06-27 | ||
| CN 97195913 CN1223737A (en) | 1996-06-27 | 1997-06-26 | Portable, secure transaction system for programmable, intelligent devices |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1223737A true CN1223737A (en) | 1999-07-21 |
Family
ID=5179451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 97195913 Pending CN1223737A (en) | 1996-06-27 | 1997-06-26 | Portable, secure transaction system for programmable, intelligent devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1223737A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100413238C (en) * | 2000-12-29 | 2008-08-20 | 诺基亚有限公司 | Method and system for administering digital collectible cards |
| CN108932155A (en) * | 2018-07-25 | 2018-12-04 | 迈普通信技术股份有限公司 | Virtual machine memory management method, device, electronic equipment and readable storage medium storing program for executing |
-
1997
- 1997-06-26 CN CN 97195913 patent/CN1223737A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100413238C (en) * | 2000-12-29 | 2008-08-20 | 诺基亚有限公司 | Method and system for administering digital collectible cards |
| CN108932155A (en) * | 2018-07-25 | 2018-12-04 | 迈普通信技术股份有限公司 | Virtual machine memory management method, device, electronic equipment and readable storage medium storing program for executing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1290009C (en) | Technique for permitting access across a context barrier in a small footprint device using global data structures | |
| CN1183449C (en) | using a high level programming language with a microcontroller | |
| CN1338070A (en) | Techniques for permitting access across a context barrier on a small footprint device using on entry point object | |
| CN1157655C (en) | Techniques for implementing security on a small footprint device using a context barrier | |
| CN1308818C (en) | Dynamic optimizing target code translator for structure simulation and translating method | |
| CN1922576A (en) | Operating systems | |
| CN1267820C (en) | Common application metamodel including c/c++ metamodel | |
| CN1073540A (en) | Managing class method manes | |
| CN1220939C (en) | Management protocol, method for verifying and transforming downloaded programme fragment and corresponding systems | |
| CN1073276A (en) | The middle sex object of language | |
| CN1351728A (en) | Techniques for permitting access across a context barrier on a small footprint device using run time environment privileges | |
| CN1524216A (en) | System and method for software component plug-in framework | |
| CN101042736A (en) | Smart card and method for accessing objects in smart card | |
| CN1294710A (en) | Extensible distributed enterprise application integration system | |
| CN1869923A (en) | System data interfaces, related system architectures | |
| CN1338072A (en) | Techniques for permitting access across a context barrier in a small footprint device using shared object interfaces | |
| CN1130434A (en) | Electronic bankbook and cash transaction information processing system using the same | |
| CN1624657A (en) | Security-related programming interface | |
| CN1781078A (en) | Hardware accelerator personality compiler | |
| CN101042738A (en) | Method for implementing smart card multi-application and data processing apparatus | |
| CN1672150A (en) | Views for software atomization | |
| CN101040292A (en) | Data management device and its method | |
| CN101052949A (en) | Operating systems | |
| CN1625731A (en) | Configurable data processor with multi-length instruction set architecture | |
| CN1423232A (en) | IC card capable of carrying multiple card-management programmes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |