CN1430152A - Multipurpose safety intelligent card - Google Patents
Multipurpose safety intelligent card Download PDFInfo
- Publication number
- CN1430152A CN1430152A CN 01138380 CN01138380A CN1430152A CN 1430152 A CN1430152 A CN 1430152A CN 01138380 CN01138380 CN 01138380 CN 01138380 A CN01138380 A CN 01138380A CN 1430152 A CN1430152 A CN 1430152A
- Authority
- CN
- China
- Prior art keywords
- mode switch
- model
- instruction
- comparand register
- switch interrupt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A high-safety multi-purpose intelligent card allowing multiple users to download commands is composd of CPU which is a dual-mode (system and user) control system able to prevent application from accessing comparison register, RAM containing working unit, safety stack and ordinary stack, non-volatile memory, comparison register and interrupt control logic unit. Its advantages are high efficiency and high safety.
Description
Technical field
The present invention relates to a kind of multipurpose safety intelligent card, belong to field of information security technology, be particularly suitable for the occasion of one card for multiple uses, a plurality of user's download orders of permission.
Background technology
Smart card just towards safety, at a high speed, direction develops rapidly easily.Along with the continuous increase of one card for multiple uses demand, existing smart card and chip operating system thereof just expose some safety defects.They or the user's download function is not provided; changeless operating system is provided promptly for all users; perhaps allow user's download, but can't protect user and program thereof, the program that the specific user downloads can conduct interviews to other users' program and data.Existing most of smart card hardware design can not realize the insulation blocking of a plurality of user areas safely, promptly limits the access profile of specific user command.The patent No. is to propose to use the method for hardware isolated to realize the isolation of a plurality of application programs in the United States Patent (USP) of US006003134A, but still has potential safety hazard.At first, above-mentioned patent does not elaborate to the use of storehouse, if system under any circumstance all uses identical storehouse with the user, then can cause system crash.Secondly, mode switch interrupt instruction from the system model to the application model is identical order code with the use of the mode switch interrupt instruction from the application model to the system model, the parameter difference of Shi Yonging only, instruction analysis can become complicated like this, thereby makes efficient lower.Because the user can use the mode switch interrupt instruction from the application model to the system model,, then can reduce security to a certain extent if the order code of above-mentioned two instructions is identical.
Summary of the invention
The objective of the invention is to overcome the prior art shortcoming, particularly improve at the US006003134A United States Patent (USP), a kind of multipurpose safety intelligent card is provided, allows a plurality of users in smart card, to download its special command, and realize the isolation of a plurality of application safely.Each application can only be visited data or the user command of himself, can not visit the data or the order of other application; Therefore, it is simple and direct that the present invention also has instruction analysis, efficient height, information security reliable technique purpose.
Technical scheme of the present invention is: multipurpose safety intelligent card, and it comprises central processing unit, random access memory, nonvolatile memory and comparand register and interrupt control logic unit; Described central processing unit is a control system, adopts double mode and is the central processing unit that can stop the application access comparand register, described double mode be system model and application model; It is characterized in that described random access memory includes the working cell, also have independently storehouse of two classes at least, wherein a class is the employed safe stack of mode switch interrupt instruction, mode switch interrupt return instruction, and another kind of is common stack; Also have mode switch interrupt instruction, mode switch interrupt return instruction in the central processing unit at least and load the comparand register instruction.
Technique effect of the present invention is: the single-chip computer control system that is used for supporting the multi-usage IC-card.In IC-card a plurality of application can be arranged simultaneously, each application can be downloaded its user command.Instruction is divided into ordinary instruction and safety command.User command can only be used ordinary instruction, and system program can use ordinary instruction and safety command.The user must carry out user command by the mode switch interrupt instruction that operating system is carried out from the system model to the application model, system is provided with the value of corresponding comparand register for the specific user, if application program attempts to visit comparand register or comparand register scope address space in addition, then program is by abnormal end, and causes hardware interrupts.When returning, user command must use the mode switch interrupt return instruction.Must interrupt finishing to the mode switch of system model by application model during user command calling system routine, when system routine turns back to user command, must use interrupt to switch link order.System is divided into user model and system model, is user model or system model by the mode flags decision.Therefore the present invention has simple and direct, quick, the reliable advantage of information security of data command analysis.
Description of drawings
Fig. 1 is a multipurpose safety intelligent card of the present invention mechanism logic diagram.
Fig. 2 is a multipurpose safety intelligent card shape assumption diagram of the present invention.
" system program " comprises chip operating system among Fig. 1; " user program " comprises the user command of user's download; " user data " is general data and special data, and wherein special data comprises user's key data and permissions data.
Among Fig. 1 Fig. 2: C1: supply voltage (VCC),
C2: reset signal (RST),
C3: clock letter (CLK),
C4:RFU (keep in the future and use),
C5: ground connection (GND),
C6: program voltage (VPP)
C7: I/O (I/O)
C8:RFU (keep in the future and use)
Wherein GND and I/O are essential, and VPP then is optional.
Embodiment
Shown in Figure 2 as Fig. 1 is a kind of embodiment of the present invention:
Multipurpose safety intelligent card of the present invention, it comprises central processing unit, random access memory, nonvolatile memory and comparand register and interrupt control logic unit; Described central processing unit is a control system, adopts double mode and is the central processing unit that can stop the application access comparand register, described double mode be system model and application model; It is characterized in that described random access memory includes the working cell, also have independently storehouse of two classes, wherein a class is the employed safe stack of mode switch interrupt instruction, mode switch interrupt return instruction, and another kind of is common stack; Also have mode switch interrupt instruction, mode switch interrupt return instruction in the central processing unit and load the comparand register instruction.
Described mode switch interrupt instruction is the mode switch interrupt instruction and mode switch interrupt instruction from the application model to the system model from the system model to the application model.Mode switch interrupt instruction from the system model to the application model is different instructions with the mode switch interrupt instruction from the application model to the system model, and employed order code is an order code inequality.Comparand register is work internal memory comparand register, program address comparand register and data address comparand register; The value of comparand register is provided with by central processing unit, if application program attempts to visit the address space beyond the comparand register scope, then program is by abnormal end, and causes hardware interrupts.Comparand register can only load under system model, does not allow to visit comparand register under the user model, if application program attempts to visit comparand register, then program is by abnormal end, and causes hardware interrupts.Described mode switch interrupt return instruction is to turn back to application model or turn back to system model from application model from system model for realizing safely, and interrupts the mode switch interrupt return instruction must use when returning from mode switch.The central processing unit that central processing unit is to use different instructions that safety stack and common stack are conducted interviews; Mode switch interrupt instruction from the system model to the user model, the mode switch interrupt instruction from the application model to the system model, the link order stack safe in utilization that returns from the mode switch instruction.Described comparand register protection random access memory and nonvolatile memory.Nonvolatile memory is MROM (Mask ROM) and flash EEPROM (flash Electronic ErasableProgrammable ROM), can also be EEPROM, is used to deposit chip operating system, user command, user data.
Be described further as follows to principle of the present invention, embodiment and using method in conjunction with the accompanying drawings:
1, at first should under system model, discern this user command during application initializes, switch to user model by the mode switch interrupt instruction from the system model to the application model from system model then, the address and the necessary parameter of application program are stored in the register, remove all other untapped registers and work internal memory, operation flag and return address are pressed into safe stack, change Status Flag, executive utility; Realize user's calling by software interruption to system routine.
2, the order code of mode switch interrupt instruction from the system model to the application model and the use of the mode switch interrupt instruction from the application model to the system model is inequality.
3, application program can not be visited comparand register, attempts to visit comparand register under application model, and then CPU will produce hardware interrupts; Comparand register comprises address upper limit register and the lower bound register that allows visit; Comparand register can be a concordance list, and it indicates the storage area that allows visit, will cause hardware interrupts to the visit beyond these storage areas, and operation exception is stopped.
When 4, under application model, applying for the calling system routine, should use the mode switch interrupt instruction from the application model to the system model that operation flag and application program return address are pressed into safe stack and change operation flag; Under application model during application calling system routine, after the mode switch interrupt instruction from the application model to the system model was carried out, the executive system routine also was stored in execution result in register and the work internal memory.
5, finish in application model calling system routine, when system routine is returned, will remove all unnecessary registers and work internal memory except that return results, and from the safety stack taking-up operation flag and return address to turn back to application program.
When 6, application program attempts to visit comparand register, to produce hardware interrupts, and carry out the hardware interrupts service routine, this interrupt service routine is responsible for being stored in error message in the status word and sending external interface device to, the CPU that resets simultaneously, thus remove all registers and work internal memory.
7, after the application program successful execution is finished, the result should be stored in register and the work internal memory, remove all other unnecessary registers and work internal memory, turn back to system model, send the result who is stored in the register to external interface device.
Claims (8)
1, multipurpose safety intelligent card, it comprises central processing unit, random access memory, nonvolatile memory and comparand register and interrupt control logic unit; Described central processing unit is a control system, adopts double mode and is the central processing unit that can stop the application access comparand register, described double mode be system model and application model; It is characterized in that described random access memory includes the working cell, also have independently storehouse of two classes at least, wherein a class is the employed safe stack of mode switch interrupt instruction, mode switch interrupt return instruction, and another kind of is common stack; Also have mode switch interrupt instruction, mode switch interrupt return instruction in the central processing unit at least and load the comparand register instruction.
2, multipurpose safety intelligent card according to claim 1 is characterized in that, described mode switch interrupt instruction is the mode switch interrupt instruction and mode switch interrupt instruction from the application model to the system model from the system model to the application model.
3, multipurpose safety intelligent card according to claim 1 and 2, it is characterized in that, described mode switch interrupt instruction from the system model to the application model is different instructions with mode switch interrupt instruction from the application model to the system model, and employed order code is an order code inequality.
4, multipurpose safety intelligent card according to claim 1 is characterized in that, comparand register comprises work internal memory comparand register, program address comparand register and data address comparand register; The value of comparand register is provided with by central processing unit, if application program attempts to visit the address space beyond the comparand register scope, then program is by abnormal end, and causes hardware interrupts.
5, multifunctional safe smart card according to claim 1 is characterized in that, comparand register can only load under system model, do not allow to visit comparand register under the user model, if application program attempts to visit comparand register, then program is by abnormal end, and causes hardware interrupts.
6, multipurpose safety intelligent card according to claim 1, it is characterized in that, described mode switch interrupt return instruction is to turn back to application model or turn back to system model from application model from system model for realizing safely, and interrupts the mode switch interrupt return instruction must use when returning from mode switch.
7, multipurpose safety intelligent card according to claim 1 is characterized in that, the central processing unit that described central processing unit is to use different instructions that safety stack and common stack are conducted interviews; Mode switch interrupt instruction from the system model to the user model, the mode switch interrupt instruction from the application model to the system model, the link order stack safe in utilization that returns from the mode switch instruction.
8, multifunctional safe smart card according to claim 1 is characterized in that, described comparand register protection random access memory and nonvolatile memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01138380 CN1230751C (en) | 2001-12-31 | 2001-12-31 | Multipurpose safety intelligent card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01138380 CN1230751C (en) | 2001-12-31 | 2001-12-31 | Multipurpose safety intelligent card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1430152A true CN1430152A (en) | 2003-07-16 |
| CN1230751C CN1230751C (en) | 2005-12-07 |
Family
ID=4674577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01138380 Expired - Fee Related CN1230751C (en) | 2001-12-31 | 2001-12-31 | Multipurpose safety intelligent card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1230751C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101120354B (en) * | 2005-02-17 | 2010-06-09 | 皇家飞利浦电子股份有限公司 | A device and a method of operating a device |
| CN1886712B (en) * | 2003-11-28 | 2010-09-08 | 松下电器产业株式会社 | Data processor |
| CN103136571A (en) * | 2011-11-28 | 2013-06-05 | 国民技术股份有限公司 | Smart card system |
| CN103500316A (en) * | 2012-05-14 | 2014-01-08 | 英飞凌科技奥地利有限公司 | System and method for processing device with differentiated execution modes |
-
2001
- 2001-12-31 CN CN 01138380 patent/CN1230751C/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1886712B (en) * | 2003-11-28 | 2010-09-08 | 松下电器产业株式会社 | Data processor |
| CN101120354B (en) * | 2005-02-17 | 2010-06-09 | 皇家飞利浦电子股份有限公司 | A device and a method of operating a device |
| CN103136571A (en) * | 2011-11-28 | 2013-06-05 | 国民技术股份有限公司 | Smart card system |
| CN103136571B (en) * | 2011-11-28 | 2016-03-30 | 国民技术股份有限公司 | A kind of smart card system |
| CN103500316A (en) * | 2012-05-14 | 2014-01-08 | 英飞凌科技奥地利有限公司 | System and method for processing device with differentiated execution modes |
| CN103500316B (en) * | 2012-05-14 | 2016-08-10 | 英飞凌科技奥地利有限公司 | For having the system and method for the processing means of different execution pattern |
| US9658974B2 (en) | 2012-05-14 | 2017-05-23 | Infineon Technologies Austria Ag | System and method for processing device with differentiated execution mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1230751C (en) | 2005-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5386563A (en) | Register substitution during exception processing | |
| CN101351774A (en) | Page coloring to associate memory pages with programs | |
| CN1223947C (en) | Safe memory element and its manufacture | |
| US20010047472A1 (en) | System and method for altering an operating system start-up sequence prior to operating system loading | |
| JP2009151826A (en) | Modifiable partition boot record for computer memory device | |
| RU2607622C2 (en) | Recording of data into smart card nonvolatile memory | |
| WO1998030958A1 (en) | Secure multiple application ic card system | |
| CN1690957A (en) | A method and system of enforcing a security policy via a security virtual machine | |
| CN1315061C (en) | Method and apparatus for improved security in a data processor | |
| TWI259365B (en) | Microprocessor circuit for data carriers and method for organizing access to data stored in a memory | |
| CN1864138A (en) | Memory management with defragmentation in a computing device | |
| CN1230751C (en) | Multipurpose safety intelligent card | |
| CN101283333A (en) | Method and apparatus for maintaining a partition when booting another partition | |
| CN1296819C (en) | Controlled program execution by a portable data carrier | |
| CN2514421Y (en) | Multi purpose safety intelligent card | |
| CA1280511C (en) | Smart card apparatus and method of programming same | |
| CN1661586A (en) | PC104 embedded type computer based on ARM | |
| CN102736983B (en) | Control the method for smart card FLASH space size | |
| DE102004018473A1 (en) | Monolithic read-write flash memory device | |
| JP3923546B2 (en) | IC card | |
| Feng et al. | Multiple subpage writing FTL in MLC by exploiting dual mode operations | |
| CN102521077A (en) | Anti-plug read-in method and system for file | |
| US20050149884A1 (en) | System and method for coevolutionary circuit design | |
| CN1280721C (en) | Method of identifying big or small memory of imbedded system | |
| CN1427346A (en) | Method and device for controlling EEPROM access, computer software product and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: WUHAN RUIDA INFORMATION SAFETY INDUSTRY CO., LTD. Free format text: FORMER NAME OR ADDRESS: RUIDA ELECTRONICS CO., LTD., WUHAN |
|
| CP03 | Change of name, title or address |
Address after: 430070 Hubei Province, Wuhan city Wuchang District Wuluo Road No. 628 A Asia Trade Plaza, 27 floor Patentee after: Ruida Electronics Co., Ltd., Wuhan Address before: 430070 Hubei province Wuhan Wuluo road A yamoo Plaza No. 628 28 floor Patentee before: Wuhan Ruida Electronic Co., Ltd. |
|
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |