CN1516052A - Opened function dynamic integrated intelligent card system - Google Patents

Opened function dynamic integrated intelligent card system Download PDF

Info

Publication number
CN1516052A
CN1516052A CNA031135080A CN03113508A CN1516052A CN 1516052 A CN1516052 A CN 1516052A CN A031135080 A CNA031135080 A CN A031135080A CN 03113508 A CN03113508 A CN 03113508A CN 1516052 A CN1516052 A CN 1516052A
Authority
CN
China
Prior art keywords
functional areas
card
rule
data
smart card
Prior art date
Application number
CNA031135080A
Other languages
Chinese (zh)
Other versions
CN1308882C (en
Inventor
李之彦
Original Assignee
李之彦
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李之彦 filed Critical 李之彦
Priority to CNB031135080A priority Critical patent/CN1308882C/en
Publication of CN1516052A publication Critical patent/CN1516052A/en
Application granted granted Critical
Publication of CN1308882C publication Critical patent/CN1308882C/en

Links

Abstract

The present invention relates to an integrated circuit intelligent card system, including an intelligent card device and card reading/wrinting and network access device, in which on the intelligent card device several intelligent cards can be invented, on every virtual intelligent card various application systems can be loaded, downloaded, used and unloaded. The card reading/writing and network access device can be connected with the intelligent card by adopting non-contact or contact mode, and can be used for providing power supply energy for intelligent card and making data interaction. It adopts the structure separating program storage zone from data storage zone in the card interior, so that it can create several virtual intelligent cards structur,e it is a hardware and software integrated intelligent card, therefore its application process can be effectively monitored and managed.

Description

The smart card system of open function dynamic integrity
1, technical field:
The present invention relates to a kind of integrated circuit smart card system, belong to the innovative technology of integrated circuit smart card system.
2, background technology:
Along with the development of integrated circuit technique, integrated circuit card (IC-card) is to intelligent, multi-functional, and the direction of high capacity, microminiaturization, low-power consumption develops.Non-contact IC card particularly, this card is to contain CPU and firmware at IC-card, and electromagnetic induction coil and wireless data receiving trap are housed in the card, the reading and write of data sent electromagnetic wave by equipment and transmitted as the power supply energy supply and the wireless data of IC-card.This card is used by the members of all social strata rapidly.
Smart card has been brought into play irreplaceable effect in people's work and life, but also causes following problem thus:
1) application scenario of smart card is in develop rapidly, and kind that individual subscriber holds and quantity are being on the increase.As dividing from big kind, bank card is arranged, transportation card, ID (identity number) card, attendance card ....; Just with a certain class card, as bank card, several big banks card of China does not have truly " all-purpose card " yet at present, and there is the card of each bank in each bank.Use as the newly-increased class of need, generally also need increase an IC-card physically newly.This individual the increasing fast to the holder of quantity that hold carried, taking care of, all bringing great inconvenience in the management.
2) the dynamic integrity problem of IC-card function.Individual's work living environment migration and commercial affairs, tourist activity expanded range, frequent, this variation objectively requires IC-card to have good expansion and integration capability, and the application firmware of IC-card can load and unload (dynamic integrity that is function) easily.If the loading of application program can be supplemented with money promptly to carry promptly with unloading and be used as stored value card in the IC-card, just more can bring into play the effect of IC-card, because all working of cybertimes and rhythm of life are all being accelerated, the application of many present the unknowns, if will increase and use in the future, if then be difficult to adapt to the disposable loading mode of present IC-card.
3) to the centralized auxiliary management of IC-card, safety precaution is illegally used, and protects the legitimate rights and interests problem of holder and trade company simultaneously.Along with increasing of IC-card application, it is very important that IC-card is carried out intelligentized unified management; Simultaneously, increasing of IC-card and increasing of card reader/writer, no matter to consumer or trade company, potential security threat is also increasing, and worldwide credit-card-related offenses also often takes place.
And existing IC-card, most just technological improvement and technical raisings in single user smart card design." all-purpose card " of the domestic use of China as all-in-one campus card, only focuses on general in the scope of organization, fail to accomplish open, the all-purpose card that function is integrated.The common feature of these smart cards is to have only single cpu on same sheet smart card, but is the many sheet smart cards that are difficult to fictionalize the function dynamic integrity on safety, thereby also is difficult to realize the intelligent unified management of multiple IC-card.
Also have some patented technologies can be on a card integrated many IC-cards physically, as Chinese patent application number be disclose in 99805715.0 a kind of on a card smart card of integrated many IC-cards physically, this many IC-cards that physically exist also fail to address the above problem fully.Because the n sheet smart card integrates n CPU card physically just arranged, n cover command execution unit is physically arranged, contradiction at aspects such as quantity and volume, quantity and power consumptions is difficult to solve, a card synchronization is generally only carried out a kind of task, and the parallel advantage of a plurality of CPU does not embody under this occasion.
In addition, the general strick precaution of all only paying attention to illegal holder of existing smart card system, supervision and strick precaution to trade company are not enough, and the geographic position of merchant machine is most with this relative positioning system representations of place name/street name, does not use this advanced person's of GPS latitude and longitude coordinates quantitative positioning system.Place name/street name is owing to reasons such as construction change easily, also is inconvenient to retrieve, law proof etc.
3, summary of the invention:
The objective of the invention is to overcome above-mentioned shortcoming and provide a kind of can be with the smart card system of cutting apart the open function dynamic integrity of creating many virtual smart cards in program storage area in the card and data storage area.The present invention can reach on usability, security performance or near physically smart card, be the incorporate smart card of a kind of hardware and software, thereby realize " all-purpose card " of real meaning.
Another object of the present invention provide a kind of can to the card use effectively monitor and manage, realize management computerization, the intellectuality of card, thereby make things convenient for the holder that smart card is carried out unified management, make the smart card system of holder important informations such as the electronic money stream energy open function dynamic integrity complete, that grasp accurately and timely of card.
A further object of the present invention provides a kind of modern society that can be jural aucillary document is provided, and cooperates the smart card system of social rules with the open function dynamic integrity of the further strick precaution information crime relevant with smart card.
Structural representation of the present invention as shown in drawings, include the read-write and the network insertion device (10) of a smart card apparatus (90), card, wherein can fictionalize several smart cards on the smart card apparatus (90), can load or download, use and unload various application systems on each virtual smart card, the read-write of card is connected by contactless or contact with smart card (90) with network insertion device (10), for smart card (90) provides power supply energy and carries out data interaction.
Above-mentioned smart card apparatus (90) includes at least:
The external interface of a smart card (91), the available contactless or contact of the read-write of the external interface (91) of smart card apparatus (90) by smart card and card and network insertion device (10) is connected, for whole smart card apparatus provides power supply and realizes smart card apparatus (90) and the read-write that blocks and the data communication of network insertion device (10); And
A semiconductor chip, integrated rule treatments system (92), communication pond (93) and application processing system (94) on this substrate, wherein the functional areas protection mechanism (20) in communication pond (93) and the rule treatments system (92) couples together rule treatments system (92) and application processing system (94), and rule treatments system (92) is connected with the external interface (91) of card; Communication pond (93) is a dual-ported memory, can read and write from rule treatments system (92) and application processing system (94) respectively.
Above-mentioned on-chip rule treatments system (92) includes rule processor RCPU (30), identity characteristic reflection and authentication (31), operating system RCOS (32), daily record (33), help information (34), publisher's Password Management (35) and functional areas protection mechanism (20), identity characteristic reflection and authentication (31), operating system RCOS (32), daily record (33), help information (34), publisher's Password Management (35) all is connected with rule processor RCPU (30) with functional areas protection mechanism (20), and and rule processor RCPU (30) is on the same bus, wherein operating system (32) is by rule processor (30) control, and all the other are jointly controlled by rule processor (30) and functional areas protection mechanism (20); The program space of processor and data space are independent addressings; functional areas protection mechanism (20) is carried out the branch block protection with each class method in this system space and data; wherein each functional areas is united by several base program districts and several elementary data area and is constituted, and handle as an indivisible applying unit program area of functional areas and data field.Above-mentioned on-chip application processing system (94) includes application processor APCPU (60), operating system APCOS (61), functional areas 1~n (70,75), auxiliary region (79), operating system APCOS (61), functional areas 1~n (70,75), auxiliary region (79) all is connected with application processor APCPU (60), and be on the bus of application processor, wherein functional areas 1~n (70,75) jointly controlled by the functional areas protection mechanism (20) in application processor (60) and the rule treatments system (92), other parts are controlled by application processor (60); The program space of processor and data space are independent addressings; functional areas protection mechanism (20) is carried out the branch block protection with each class method in this system space and data; one of them functional areas is united by several base program districts and several elementary data area and is constituted; handle as an indivisible applying unit program area of these functional areas and data field; functional areas 1~n (70; 75) program in and data can be in use dynamically subregion independently download independent the use.
The read-write of above-mentioned card and network insertion device (10) include inquiry Terminal Type and non-inquiry Terminal Type, wherein inquire about data maintenance or management that Terminal Type can only carry out smart card apparatus (90), can not carry out data trade and handle; Non-inquiry Terminal Type can only be inquired about the operation (needing when functional areas load except the look facility district operating position) that Terminal Type can not be done, wherein non-inquiry Terminal Type is further divided into private inquiry Terminal Type and common enquiring terminal, the common enquiring terminal can only be read management data in the card, and the private inquiry terminal can also be made amendment in the card as personal identification number, the management data of deletion daily record etc.; Each functional areas (70 of application processing system (94), 75) the non-inquiry Terminal Type of the read-write of an all corresponding class card and network insertion device (10), its once with the device (90) access procedure in, can only use at the most with the corresponding functional areas of application processing system (94).
The read-write of above-mentioned card and network insertion device (10) include place name station location marker method, also include the latitude and longitude coordinates representation of global position system GPS, they are installed to the operation site, and are provided with so that key features such as the ID that the holder checks number, classification and gps coordinates at their above the folds separately.
Above-mentioned identity characteristic reflection includes with authentication (31):
The static nature storehouse of identity, further comprise feature database data and characteristic disposal route, wherein the static nature database data is used to write down and authenticate holder's photograph, fingerprint, the prominent features information of identity such as DNA, these characteristic informations are consistent with the information-based feature of non-contact IC card resident identification card.
The behavioral characteristics storehouse, further comprise behavioral characteristics database data and behavioral characteristics data processing method, complement one another in it and static nature storehouse, wherein the behavioral characteristics storehouse also comprises and is used to write down and handle registration and the authentication password data that the holder is given in public security department and publisher's Random assignment.
Above-mentioned identity characteristic reflection can be realized by one of following approach with the authentication method of authentication (31): verification process is by the control of one group of formative rule string, and smart card apparatus (90) is explained by the interpretive routine in the rule processor (30) and carried out; Or this regular word string is integrated in same on-chip special IC execution by one with rule treatments system (92).
Daily record (32) in the above-mentioned disposal system (92) comprises the record of daily record; output; deletion; method and storage protection blocks such as Password Management; wherein the output of daily record, modification and Password Management can only be carried out on the inquiry Terminal Type of smart card, have comprised key features such as the classification of the read-write of card and access device (10) and gps coordinate in the log record.
Above-mentioned help information (34) comprises method and corresponding information stores protected locations such as the loading, output, unloading of help information; these information are loaded by the publisher who uses application processing system (94); be used to illustrate the using method of each functional areas; or provide the website information of using method, and read with the inquiry Terminal Type by the holder.
Publisher's Password Management (35) in the above-mentioned disposal system (92) includes publisher's cryptoguard district; in password area, set up a publisher's the password and the record of Cipher Processing rule, be used to identify the lawful owner of each functional areas for each functional areas of rule treatments system (92) and application processing system (94).
Functional areas protection mechanism (20) in the above-mentioned disposal system (92) includes:
Functional areas rule base data, functional areas rule base data comprise the attribute of functional areas, functional areas running status record, table is used in functional areas;
Rule base data management, rule base data management are used for the functional areas attribute, functional areas running status record, and functional areas use table is configured, administers and maintains;
Logic is realized in functional areas; functional areas realize that logic comprises the application area protection logic of rule treatments system (92); the memory block protection logic of rule treatments system; the application area protection logic of application processing system (94); the memory block protection logic of application processing system, rule realizes the regular registers group of logic.
The recorded content of each functional areas correspondence of above-mentioned functions district attribute comprises functional areas ID at least, user mode, program heavy duty attribute, the program area plot, the program area option code, memory block plot, memory block option code, deleted marker, wherein whether functional areas ID, user mode are used to identify these functional areas and are used; Whether can be deleted after program heavy duty attribute and deleted marker are respectively applied for and set these functional areas and load and sign trade company whether deleted these functional areas; Program area plot, program area option code and memory block plot, memory block option code are respectively applied for the program space and the storage space in selection and control function district.
Above-mentioned regular registers group comprises:
The program area of rule treatments system (92) rule register further comprises the program region base register (PRBR) of this program area, program area option code register, program area ID register;
The memory block of rule treatments system (92) rule register further comprises the memory block base register of this memory block, memory block option code register, memory block ID register, memory block access limit register;
The program area of application processing system (94) rule register further comprises the program region base register (PRBR) of this program area, program area option code register, program area ID register, program area programming authority register;
The memory block rule register of application processing system (94) further comprises the storage district base register of depositing this memory block, memory block option code register, memory block ID register, memory block access limit register.
Said procedure regional address protection logic comprises a CPU, an EEPROM, an abnormal state detecting device, a N position base register, a N position option code register, a N bit digital equality comparator, a N group either-or switch; Wherein N organizes either-or switch and CPU, EEPROM, and base register, the option code register connects, and is used to generate M position (M≤N, N=1,2...L) physical address of EEPROM; N bit digital equality comparator and CPU, EEPROM, the abnormal state detecting device connects, and is used to generate chip selection signal and the state detection signal of EEPROM.
Above-mentioned memory block address protection logic comprises a CPU, an EEPROM, an abnormal state detecting device, a N position base register, a N position option code register, a M position program area ID, a M position memory block ID, a N+M bit digital equality comparator (M=0,1,2 ..., Q), N group either-or switch, wherein a N group either-or switch and a CPU, EEPROM, base register, the option code register connects, be used to generate L position (L≤N, N=1,2...P) physical address of EEPROM; N+M bit digital equality comparator and CPU, EEPROM, program area ID, memory block ID, the abnormal state detecting device connects, and is used to generate chip selection signal and the state detection signal of EEPROM.
The said procedure district carries out and programming allows logic to comprise a CPU, an EEPROM, a programming authority register, a state detector, a program area ID, a fuse steering logic, and several with door and or door, wherein the verification of reading control line, programming authority register of CPU allow position, fuse steering logic an output mutually or the back form state detection signal and this signal and CPU the instruction fetch control line and after generation EEPROM read control line; The programming of the write line of CPU, programming authority register allows an output phase of line, fuse steering logic or the back generates the write line of EEPROM and send state detector to detect; Program fuse steering logic is subjected to program area ID register controlled, and its current state also outputs to state detector.
Above-mentioned approaches to IM comprises the data of needs change identity characteristic image library, and its processing procedure is: the outlet that the holder need arrive card sending mechanism or public security department's mandate carries out authentication, and authentication success then allows operation, puts on record otherwise do the operation failure.
Above-mentioned safe precaution method also comprises:
The holder can be with the illegal trade company of following procedure identification: after the holder carries out once suspicious transaction, write down ID number and gps coordinate of merchant machine, compare to nearby inquiry terminal or with the daily record that the PDA that carries reads card then, if the still suspicious network address that then further provides according to help information in the card by the Internet access trade company more particulars carry out respective handling;
Trade company can be with the illegal holder of following procedure identification: after the authentication of trade company by card, still suspicious to once concluding the business, then trade company can be by the number of registration/identification card number of holder in card sending mechanism or public security department, find the network address of registrar, download holder's identity characteristic data then, as photograph, fingerprint etc., compare simultaneously with card, special card people, if consistent, then holder's identity is credible, otherwise insincere and handle accordingly.
Above-mentioned intelligent card function district loading method comprises following steps:
Permission in holder's smart card apparatus (90) loads sign and is set to very, allows the publisher to load new function;
Smart card apparatus (90) is transferred to the authentication processing that block operation site that the publisher authorizes, and make card (90) set up data to be connected with publisher's functional areas data download server;
Authentication is found out enough big blank functional areas by the back in card, newly-increased record in the rule base of functional areas protection logic, corresponding data are set, and these data are write corresponding functional areas rule register, order application processing system (94) to enter programming state then, if this clear area is big inadequately, the more recyclable useless programs of holder can repeat said process in the heavy duty district again;
Generate the program code and the data of new functional areas and download to the corresponding function district of the application processing system (94) in the card according to the setting of smart card apparatus (90), publisher's server, and then generate publisher's password area and the help information district that publisher's password, help information download to the rule treatments system respectively;
If loading procedure is complete, then upgrade the rule treatments system and the application processing system of smart card apparatus (90), if these functional areas are set to " non-program heavy duty district ", then the loading fuse of fuse function district protection mechanism to distinguishing forbidden reading or deleting this program area simultaneously; Otherwise the storer of cancellation strictly all rules disposal system writes operation; The permission that the holder closes in the card at the appropriate time loads sign.
The present invention is because employing is created many virtual smart card structures with program storage area and the data storage area cut apart in the card, therefore, the present invention can reach on usability, security performance or near physically smart card, be the incorporate smart card of a kind of hardware and software, thereby realize " all-purpose card " of real meaning.In addition, the present invention can effectively monitor and manage the use of card, management computerization, the intellectuality of realization card, thus make things convenient for the holder that smart card is carried out unified management, make important informations such as electronic money stream energy complete, the accurately and timely grasp of holder to card.In addition, the present invention also can be modern society jural aucillary document is provided, and cooperates social rules with the further strick precaution information crime relevant with smart card.The present invention is that a kind of design is ingenious, the smart card system of convenient and practical open function dynamic integrity.
4, description of drawings:
Fig. 1 is the schematic diagram of the smart card system of open function dynamic integrity;
Fig. 2 is identity characteristic reflection and the processing flow chart that authenticates;
Fig. 3 is identity characteristic reflection and authentication principles figure;
Fig. 4 writes the daily record process flow diagram;
Fig. 5 is the loading process flow diagram of help information;
Fig. 6 is daily record output, deletion and modification daily record password process flow diagram;
Fig. 7 is the unloading process flow diagram of help information;
Fig. 8 is the process flow diagram that reads of help information;
Fig. 9 puts functional areas deleted marker process flow diagram;
Figure 10 is a delete program heavy duty district process flow diagram;
Figure 11 is that the rule of functional areas realizes logical diagram;
Figure 12 is a kind of structural drawing of RCPU application area protection logic;
Figure 13 is a kind of structural drawing of RCPU memory block protection logic;
Figure 14 is a kind of structural drawing of APCPU program area protection logic;
Figure 15 is a kind of structural drawing of APCPU memory block protection logic;
Figure 16 is a kind of structural drawing that memory read/write allows logic;
Figure 17 is a kind of structural drawing that APCPU execution and programming allow logic;
Figure 18 is a kind of structural drawing of program area address protection logic;
Figure 19 is a kind of structural drawing of memory block address protection logic;
Figure 20 is an APCPU functional areas process scheduling process flow diagram;
Figure 21 is the new functional flow diagram that loads card;
Figure 22 is the order communication flow figure that RCPU gives APCPU;
Figure 23 is the communication request process flow diagram that APCPU gives RCPU;
Figure 24 is a process flow diagram of resetting password after forgetting Password;
Figure 25 is the process flow diagram of change personal identification characteristic;
Figure 26 is the processing flow chart that the holder takes precautions against illegal trade company;
Figure 27 is the processing flow chart that illegal holder takes precautions against in trade company.
5, embodiment:
Embodiment:
Structural representation of the present invention as shown in Figure 1, include the read-write and the network insertion device 10 of a smart card apparatus 90, card, wherein can fictionalize several smart cards on the smart card apparatus 90, load or download, use and unload various application systems on each virtual smart card, the read-write of card is connected by contactless or contact with smart card 90 with network insertion device 10, for smart card apparatus 90 provides power supply energy and carries out data interaction.The rule treatments system 92 in the smart card apparatus 90 wherein, communication pond 93, application processing system 94 is that to be integrated in a block semiconductor on-chip, it is by the external interface 91 of card, two microprocessing systems one regular cpu systems 92 that bus is separate, the communication interface 93 of using cpu system 94 and connecting these two cpu systems is formed.The external interface 91 of card has two effects, and the one, power supply is provided for whole smart card apparatus 90 by it, another is implementation rule cpu system 92 and the read-write of card and the communication of network insertion device 10.The user of smart card apparatus 90 can pass through INTERNET, PC, the read-write of other smart machine such as PDA one of them and card and network are gone into device 10 and are set up physical link, read-write and network insertion device 10 by card is converted to the form and the communication of smart card apparatus 90 with data again, thereby sets up the user of card and the data link of smart card apparatus 90.
The read-write of card and network insertion device 10 comprise inquiry Terminal Type and non-inquiry Terminal Type, wherein inquire about data maintenance or management that Terminal Type can only carry out smart card apparatus 90, at least comprise output, deletion log content, the output help information, various required personal identification numbers in the card are set, and the operating position in search-read function district, deletion can heavily loaded functional areas etc. operation, can not carry out data trade to handle; Non-inquiry Terminal Type can only be inquired about the operation that Terminal Type can not the do operating position of look facility district (need when loading new functional areas except).Because native system is open system, therefore to limits trade company when using as far as possible and consult Ka Nei and transaction irrelevant information and restriction holder and illegally use the data of functional areas in the card not influencing.Therefore, the holder has only the authority of using inquiry terminal that the data of card are carried out unified management; Trade company has only the authority of using the own functional areas that loaded.
In non-inquiry Terminal Type, the non-inquiry Terminal Type that further comprises the publisher, the non-inquiry Terminal Type of the corresponding class in each functional areas of application processing system 94 in the card, this non-inquiry Terminal Type with once the linking of smart card apparatus 90 in, can only use pairing functional areas.Transregional operation can use the auxiliary region 79 of application processing system as headend.As using the A of application processing system, once link must be set up with the A district earlier in B two functional areas, and the A district deposits intermediate result in auxiliary region 79, closes link; Start a B district link then, the B district takes out the data that write by A from auxiliary region 79, operate again.In like manner, the method in the also available A in B district district writes auxiliary region 79 with data, closes this time link, restarts the access in A district, so repeatedly.
For non-inquiry Terminal Type, also has an important characteristic, be exactly to comprise that further the sign of its position is except conventional methods such as place name, the latitude and longitude coordinates representation that also has global position system GPS, all there is a globally unique station location marker read-write of the card in each operation and the installation site of network insertion device 10.
The supervision and management task that rule cpu system 92 is responsible for whole smart card apparatus 90; it is by rule processor 30; identity characteristic reflection and data and disposal routes such as authentication 31, operating system RCOS32, daily record 33, help information 34, publisher's Password Management 35, the control method of functional areas protection mechanism 20 and hardware circuit constitute.The used firmware of rule cpu system 92 is the acquiescence IP of available native system (IntellectualProperty) both, also available other IP that meets regular cpu system 92.But this firmware IP anywhere rule cpu system 92 is integrated on the same block semiconductor substrate, and its all firmwares of the integrated back of hardware architecture assurance of 92 can only be expanded as the microprogram of RCPU 30 and carry out, and its program code can not be modified or read.Though the firmware of regular cpu system 92 can not be changed, it includes the interpretive routine of rule or electronic transaction standard, can realize the management function of various IC-cards as JAVA easily.The firmware operation system 32 of rule treatments system 92 comprises that executive routine, the Communication Control with the read-write of card and network insertion device 10, process control, Communication Control, the functional areas management of application processing system 94, interpretation of rules executive routine with application processing system 94 are explained in process scheduling, the authentication of rule processor 30, operation exception is monitored and treatment scheme and method such as fault-tolerant.
Application processing system 94 is responsible for loading, safeguarding, delete the program and the data of each functional areas, and carries out the program of each functional areas under the rule control of rule treatments system.Application processing system 94 comprises application processor APCPU60, operating system APCOS61, the program and the data of functional areas 1~n (70,75), auxiliary region 79.Wherein operating system APCOS 61 must be integrated on the same substrate with using cpu system 94 admittedly, and 94 hardware architecture assurance integrated back APCOS61 can only expand as the microprogram of APCPU 60 and carry out, and its program code can not be modified or read.The operating system 61 of application processing system 94 comprise application processor 60 process scheduling, with treatment scheme and methods such as the loading of communication, functional areas program and the data of rule treatments system 92 and deletion control, operation exception monitoring and fault-tolerant processing, auxiliary region management.
According to rule CP U management characteristic, rule treatments system 92 is divided into several directorial areas, and there are identity characteristic reflection and authentication district 31, log area 33, help information district 34, publisher's Password Management district 35 in necessary district.These districts have all comprised data field and program area, the data that each district is all used by program and these programs of one group of disposal route correspondence, and control the program space, the storage space in this district, the Rule Information of access limit is formed.
Identity characteristic reflection and authentication district 31 are used to write down, manage and check holder's characteristic, and it comprises static nature storehouse and behavioral characteristics storehouse and program of independently cutting apart and storage space.Wherein the static nature storehouse further comprises static nature data (as ID (identity number) card No., photograph, fingerprint, DNA data) and authentication method; The behavioral characteristics storehouse further comprises behavioral characteristics data (distributing to authenticate key data of holder etc. as card sending mechanism or public security department) and authentication method.All verification process all are formatted as a string verify data, and the authentication authorization and accounting information frame is controlled.Each of the control information of authentication information frame all comprises a treatment step, and this treatment step leaves in the function library of operating system RCOS, and is called by interpretive routine.The information frame of authentication identifies each content by the interpretive routine among the operating system RCOS 32 of rule processor to the authentication information frame sequential, and carries out item by item by the treatment step in the processing rule call function storehouse.Figure below is a kind of imperative structures that merchant machine is issued smart card in feature reflection and the verification process:
Command code The ID of trade company Information frame length Formative rule description word string Authorization code
Figure below is a kind of response message structure of smart card loopback in feature reflection and the verification process:
Answer back code Identity ID Message length Message text Authorization code
The another kind of implementation of identity characteristic reflection and authentication is to utilize one to integrate with rule treatments unit 92, and is realized by the specific authentication integrated circuit that rule processor 30 is in charge of and is controlled, as shown in Figure 3.In Fig. 3, the communication pond is used for the high-speed data exchange of rule processor and identification application-specific integrated circuit, and it is a kind of storer or impact damper with dual-port.Buses isolator is used for the bus of identification application-specific integrated circuit and rule processor 30 and isolates, to prevent illegal use, attack or the interference of identification application-specific integrated circuit to the rule treatments system.If use the identification application-specific integrated circuit, it is in the characteristic of handling verification process, at least comprise the authentication encryption and decryption algorithm velocity characteristic, as RSA, the algorithm speed of DES, the images category evident characteristics, as the identification of face picture, DNA identification, fingerprint recognition speed, and one of pseudo random number distribution character of being generated, on the performance considerably beyond rule processor 30.Identification is seen Fig. 2 with the identifying procedure of reflection authentication, and it can be handled specific authentication IC and not have the smart card of specific authentication IC.
In native system, very convenient and safety are set up, change, safeguarded to the identity characteristic reflection with the data of authentication.Holder's static nature data in the identity characteristic, as photograph, DNA identification, view data such as fingerprint, after compression, original is stored in the certificate server of card sending mechanism or public security department, and with identification card number or number of registration and smartcards; Both can store the copy data of these features in the smart card, also can only store the network address of its log-on data and certificate server.Holder's behavioral characteristics data in the identity characteristic are further to discern special card people's identity from the angle of information management for auxiliary static nature data: the certificate server by card sending mechanism distributes one group of code data right, portion leaves certificate server in, and portion downloads in the smart card.It is right that identifying algorithm uses this code data during use, if correctly just confirm as legal identity.
Figure 25 is the flow process of change (comprising establishment) personal identification characteristic.Number consider China and will use contactless IC card as resident identification card, China public security department can be with Chinese citizen's above-mentioned static nature data (identification card number, photograph, fingerprint, DNA etc.) progressively digitizing, informationization, simultaneously also can supporting foundation and static nature corresponding dynamic characteristic (as access to your password etc.) and relevant service, make the described identity characteristic of native system video and the authentication easier realization that becomes.After the digitizing of Chinese citizen's identity characteristic, the holder can be with these digitized legal parts, as photograph, identification card number, the standard for information system data of copies such as code data and using method are applied for to public security department, be installed on holder's the card, so just set up getting in touch of card and common authentication server." read-write and the network insertion device of the personality card on the operation site of authorizing to card sending mechanism or public security department carry out authentication " described in Figure 25 just is meant the flow process of this application in information processing.This authentication branch following steps: the holder shows identity document to staff's (or machine automatic recognition system), verify errorless after, the holder together puts into the I.D. (IC-card formula) and the IC-card that will change the read-write and the network insertion device of card, these information arrive the certificate server of public security department by INTERNET, and with the application data download in the card that will change, this card just can use these verify datas later on.For security consideration, if holder's status incongruence, public security department can put on record to holder's the behavior information of carrying out.
Log area 33 is used for the various operation behaviors of smart card apparatus 90 are carried out record, particularly carries out record to occurring in the various trading activities of using in the cpu system 94.The inner structure of daily record has comprised the record of daily record, output, methods such as deletion and daily record Password Management and program and the storage space independently cut apart.Fig. 4 writes the daily record flow process, be characterized in the characteristic behavior unconditional record of daily record to read-write and network each access of connecing device of card, the content of record comprises publisher ID at least, the read-write of card and network insertion device ID and gps coordinate, turn-on time, the function area code of use; Simultaneously, the functional areas of application processing system can be in access procedure be write additional content in the mode of writing the daily record frame to rule CP U application, as dealing money etc.The data of daily record can be easily output to PDA (Personal DigitalAssistant) with the output flow process of Fig. 6, or PC, or the computing machine on the INTERNET, thereby can be in order to further the service data of all smart card apparatus 90 being implemented unified intelligent management with the software and hardware resources on these computing machines.Because any access operation of merchant machine, the ID of trade company sign has all unconditionally been write down in daily record, the gps coordinate of merchant machine, this just has quantitative data to the geographic position of merchant machine, this accurate geographic that not only makes things convenient for the holder to grasp outlet distributes, transacting business just can arrive nearest agency, increases work efficiency; And the holder just has a believable geographic position benchmark when checking this trade company, because the gps coordinate of each point all is unique on the earth.This benchmark has been arranged, checked other data and just become easily, simultaneously also for Transaction Disputes provides a kind of aucillary document, Figure 26 is a kind of method that the holder takes precautions against illegal trade company.The development of modern microelectric technique, and the inquiry Terminal Type of card has only management work such as daily record, password, rule requires very low to the processor performance of inquiry Terminal Type, make that the inquiry Terminal Type of the card price that becomes is low, volume is little, and power consumption is little and universal, thereby the inquiry of daily record can be carried out at any time.Simultaneously, along with INTERNET the popularizing of China, utilize INTERNET to check trade company according to the information in the card and also become easily, thereby this prevention method is implemented easily.Simultaneously, Figure 27 has provided a kind of method that illegal holder takes precautions against in trade company.Because the identity characteristic of native system reflection can be set up joint qualification mechanism with the authentication district with the common authentication server, trade company utilizes the characteristic of card, as identification card number, number of registrations etc. link with certificate server by INERNET, access positive eigen from certificate server, static nature data particularly, as photograph etc., just can carry out spy card people and stick into capable multidimensional identification, from and reach the effect that existing smart card authentication method can't realize.
The inner structure of help information 34 is loaded, is unloaded by information, methods such as information reads and the program of independently cutting apart and storage space are formed, it is equivalent to the service manual at random of smart card apparatus 90, so that make the holder can consult the effect and the using method of each functional areas in the card at any time.Because smart card apparatus 90 is open function dynamic integrities, the publisher of each functional areas in the card both can have business relations, also can have no to concern, therefore will independently put down in writing publisher's help information, but they can be concentrated in together management.
Figure below has provided a kind of communication and storage format of help information:
Functional areas ID Publisher ID The card reader/writer classification Operational overview Publisher's network address Authorization code
Fig. 5 and Fig. 7 are respectively the loading and the unloading flow processs of help information, and these flow processs all are that the needs according to the publisher are provided with.The record of the help information in each functional areas is to load during with publisher's value-added tax function district, and delete function is deleted during the district.Help information can be read with the flow process of Fig. 8, makes the holder can fully understand the using method of each functional areas.
Publisher's Password Management district 35 is used to write down, manage and to publisher's authentication, be the registration of publisher on card 90, each publisher's code data comprises publisher's code data and Cipher Processing rule, these data storage are in the storage space of independently cutting apart, and the processing rule of password is then explained by the operating system 32 of rule processor and carried out.The publisher with the flow process of Figure 21 with program and data load to the functional areas of rule treatments system 94 after, just should in publisher's directorial area, write corresponding password and Cipher Processing rule simultaneously, with the ownership of sign to the functional areas that loaded, promptly register functional areas.In use, the publisher who registered can require once to link with smart card apparatus 90 foundation with following command frame:
Command code The ID of trade company Information frame length Formative rule description word string Authorization code
The following response frame of smart card 90 usefulness is responded the requirement of trade company:
Answer code Registration ID Message length Message text Authorization code
Below be the verification process that trade company and smart card carry out:
By this verification process, smart card apparatus 90 just and trade company set up a kind of mutual trust relation of this communication, just can enter the corresponding function area resource of the flow process use application cpu system 94 of Figure 20.
In order to cut apart each functional areas that on the hardware level, will use cpu system 94; the address and the data space of each functional areas are isolated mutually; realize fictionalizing many sheet smart cards with program and the data storage area of using cpu system 94 on hardware, smart card apparatus 90 systems have used a kind of special, rigorous methods enforcement functional areas address protection.The principle of work of native system address protection mechanism is as follows:
The characteristics of functional areas protection mechanism 20 are to need mutual cpu system cooperating of isolating on two buses; native system is regular cpu system 92 and uses cpu system 94; they are by communication pond swap data; protection mechanism by functional areas realizes hardware controls, makes these two disposal systems constitute brand-new, complete, an indivisible integral body.
The inner structure of functional areas protection mechanism comprises that further functional areas rule base data 201, functional areas rule base management 202, functional areas rule realize logic 203.
Functional areas rule base data 201 further comprise functional areas attribute 2010, functional areas running status record 2011, and table 2012 is used in functional areas; Functional areas regulation management 202 further comprises functional areas attribute 2010, functional areas running status record 2011, and the data of functional areas use table 2012 write, use, revise, delete and method such as maintenance; The functional areas rule realizes that logic 203 further comprises the application area protection logic 2030 of rule treatments system 92, the hardware circuit of memory block protection logic 2031; the application area protection logic 2032 of application processing system 94, the hardware circuit and the regular registers group 2034 of memory block protection logic 2033.
The functional areas rule realizes that the regular registers group 2034 of logic further comprises program area rule register 20340, the memory block rule register 20341 of rule treatments system 92, the program area rule register 20342 of application processing system 92, memory block rule register 20343.
The program area rule register 20340 of rule treatments system 92 further comprises program region base register (PRBR) 203401, program area option code register 203402, program area ID register 203403; Memory block rule register 20341 further comprises memory block base register 203411, memory block option code register 203412, memory block ID register 203413, memory block access limit register 203414.
The program area rule register 20342 of application processing system 94 further comprises program region base register (PRBR) 203421, program area option code register 203422, program area ID register 203423, program area programming authority register 203424; Memory block rule register 20343 further comprises memory block base register 203431, memory block option code register 203432, memory block ID register 203433, memory block access limit register 203434.
Behind the electrification reset and rule processor 30 with regular registers group clear 0 after, the rule registers group is set to original state, this Status Disable rule processor and application processor are to the operation in all functions district, rule processor and application processor can only move operating system (32,61) separately.Before the functions of use district, must use the flow process of Figure 20 to carry out process scheduling earlier, these registers group are write data, could use the function corresponding district.In operational process, the executive routine of functional areas can dynamically be applied for the read-write and the programming authority of these functional areas to the operating system 32 of rule processor, and rule processor is according to the rule approval or refuse these requests.In application program exit function district, rule processor is unconditionally clear 0 with corresponding regular registers group, forbids the further operation to these functional areas, makes simultaneously when using next functional areas, not disturbed by last hardware.
Functional areas rule base 201 has write down the use and the ruuning situation of functional areas, and these data are to use the main foundation with control function district protection mechanism 20.When not having the load function district, rule base all is blank, and after having loaded functional areas, just the loading procedure by Figure 21 is provided with content corresponding, loads, deletes for new functional areas, uses during process scheduling.Functional areas attribute 2010 has been described the operating characteristic of using cpu system 94 each functional areas.Figure below is a kind of data layout of functional areas attribute,
Functional areas ID User mode Program heavy duty attribute Publisher ID The program area plot
Program area length The program area option code The memory block plot Memory block length The memory block option code
Deleted marker Check code
Wherein the user mode of functional areas indicates these functional areas has and does not have occupiedly, if these functional areas are occupied, just wouldn't load new function.Program heavy duty attribute points out whether the program of these functional areas can be heavily loaded, if not can the heavy duty, after then in a single day these functional areas have loaded function, just indicate regular handling procedure with the corresponding fuse failure in the fuse steering logic among Figure 17, its program just can not be read and delete forever; If the heavily loaded attribute of these functional areas is set to " can be heavily loaded ", then can put the functional areas deleted marker for effectively with the flow process of Figure 24 earlier, delete this functional areas with the flow process of Figure 10 again, reload new function with the flow process of Figure 21 then.Download because functional areas are trade company, so must obtain the permission ability delete function district of trade company, Figure 24 is exactly the flow process of trade company's permission.After trade company's permission, also should obtain the holder and confirm just can delete,, reclaim this functional areas so used the control data in the flow process delete function district of Figure 10.
Functional areas running status record 2011 is used to write down the ruuning situation of each functional areas, and figure below is the data layout of a kind of functional areas running status.
The completion status of current affairs The Data Update mark Functional areas ID Card reader/writer ID
Recover to carry out breakpoint Turn-on time Check code
Wherein, the completion status of current affairs is meant whether the last operation in these functional areas is finished smoothly.If finish smoothly, next operation just can normally carry out.If last operation be non-normal termination (as yet operation finish with regard to power down etc.), will whether upgrade other state that waits according to data again, according to functional areas ID and card reader/writer ID, cooperate trade company to do necessary fault recovery and handle.Because the memory block of the application cpu system 94 of smart card apparatus 90 can virtual nearly n (1,2 ..., N) sheet smart card, it is separate that this n opens card, so every virtual card just has a running status record correspondingly.
Functional areas have been used table record and have been used the program's memory space of cpu system 94 and the operating position of data space.Figure below is a program area user mode table:
Program area 0 state Program area 1 state …… Program area n state Verification
Figure below then is the user mode table of memory block:
Memory block 0 state Memory block 1 state ?…… Memory block n state Check code
User mode wherein has to be used and not to use two kinds.When the unloaded functional areas, corresponding functional areas are " not using " state; The functional areas of having loaded are " using " state.Untapped program area or memory block can be distributed and load new function with the flow process of Figure 21; For functional areas, redistribute again after then recyclable with the deletion of the flow process of Figure 10.
Figure 11 is the hardware one-piece construction figure that the functional areas rule realizes logic; rule realizes that the regular registers group 2034 of logic is application area protection logic 2030, the memory block protection logic 2031 in the rule treatments system 92; reach the application area protection logic 2032 in the application processing system 94, the control register of data storage area protection logic 2033, all control commands of these protection logics all realize the regular registers group 2034 of logic from rule.
The application program of rule treatments system 92 protection logic 2030 is used for the application program of safeguard rule processor and common mathematical function according to reservoir area 364; Its memory block protection logic 2031 protection non-volatile data storage districts 365.Data of being protected and program area comprise identity characteristic reflection and authentication 31, daily record 33, and help information 34, publisher's Password Management 35, the program of these functional areas and data are handled as a whole object.
The application program protection logic 2032 of application processing system 94 is used to protect the application area 663 of application processing system; Its data storage area protection logic 2033 protection non-volatile data storage districts 664.Data of being protected and program area are functional areas 1~n (70,75), and the program of these functional areas and data are to handle as a whole object.Auxiliary region 79 is not protected, it can be at any time by functional areas 1~n (n=1,2 ..., program N) is used, as centre/media nonvolatile memory.
Among Figure 11 360,361,362 is respectively the data bus of regular cpu system 92, address bus and control bus; 660,661,662 is respectively data bus, address bus and the control bus of using cpu system 94.
The communication pond 93 of Figure 11 is dual port data memory, is used for the high-speed bidirectional data communication of rule treatments system 92 and application processing system 94.Rule treatments system 92 and answer disposal system 94 by interface control logic (366,666) separately control is read and write in communication pond 93 respectively and status information mutual.Four following figure are respectively that rule treatments system 92 is to the command information structure of application processing system 94, the command response message structure that application processing system 94 is given rule treatments system 92, the communication request message structure that application processing system 94 is given rule treatments system 92, the request response message structure that rule treatments system 92 gives application processing system 94.
Command code Text length Text Check code
Answer back code Text length Text Check code
Request code Text length Text Check code
Answer code Text length Text Check code
Figure 22 is the treatment scheme of rule treatments system 92 usefulness command modes and application processing system 94 communications; Figure 23 is the flow process of application processing system 94 requests and 92 communications of rule treatments system, all exchanges in communication pond 93 of all data in these flow processs.In communication process, be provided with overtime detection, in case timeout treatment is just carried out in not response at the appointed time, interrupt this time communication and do recovering accordingly to handle.
The realization principle of the protection logic of each program and data field is as follows:
Figure 12 is the hardware circuit diagram of rule treatments system 92 application area protection logic 2030, address wire A0-An (the n=1 of program regional address protection logic 2060 and rule processor 30 among the figure, 2, ..., N), the address wire A0-An of program area EEPROM 364 and chip selection signal CS, program region base register (PRBR) 203401, program area option code register 203402 are connected; The instruction fetch control line PSEG of rule processor 30 is connected with the control line RD that reads of EEPROM 364.The data line of rule processor links to each other with the data line of program area EEPROM.
Figure 18 is the further realization schematic diagram of program area address protection logic; in the example of address protection logic 2060; CPU rule of correspondence processor 30; program region base register (PRBR) and program area option code register be the program region base register (PRBR) 20341 and the program area option code register 20342 of rule of correspondence disposal system respectively, EEPROM correspondence 364.The address wire A0-An of the processor among Figure 18 (n=1,2 ..., N) be connected with n bit digital comparer, n group either-or switch respectively; N group either-or switch also is connected with RA0-RAn, the SD0-SDn of program area option code register, the address wire PA0-PAn of EEPROM of program region base register (PRBR) respectively; The comparative result output EQ signal wire of n bit digital comparer is connected with chip selection signal line CS and the abnormal state pick-up unit of EEPROM; The address signal line PA0-PAn of EEPROM also is connected with n bit digital equality comparator.The characteristic of n group either-or switch is:
For the arbitrary PAi among the PA0-PAn (i=0,1,2 ... n), if SDi=" vacation ", then PAi=RAi; Otherwise PAi=Ai.Here " vacation " be instantiated as 0 signal, " very " is instantiated as 1 signal.
The characteristic of n bit digital comparer is:
And if only if to all i (i=0,1,2 ... n), during Ai=PAi, EQ is a significant level.Here the significant level of EQ is instantiated as 0 level, equates that practical circuit relatively turns to n group XOR gate and n input or door, and formula is
EQ=(A0PA0)∪(A1PA1)∪...∪(AnPAn)
Figure 13 is the hardware circuit diagram of rule treatments system 92 memory blocks protection logic 2031, wherein memory block address protection logic 2061 respectively with the address wire A0-An of rule processor 30, the address wire A0-An of memory block EEPROM 365 and chip selection signal CS, memory block base address register 203411, memory block option code register 203412, memory block ID203413, program area ID203403 is connected; The data line of memory block EEPROM 365 is connected with the data line of rule processor 30, and read-write control line RD allows logic 2070 to be connected with WR with read-write; Read-write allows the output line of logic 2070 and memory block access limit register 203414, and the read-write control line RD of rule processor 30 is connected with WR.
Figure 16 realizes logic for read-write allows the further hardware of logic, wherein the read-write RD that sends of CPU and WR respectively with the access limit register read allow RDEN and write allow WREN by with Men Xiangyu after, form the read-write of memory block EEPROM respectively and send state detector to detect.
Figure 19 is the further realization schematic diagram of memory block address protection logic 2061, and the address wire A0-An of processor is connected with n bit digital comparer, n group either-or switch respectively among the figure; N group either-or switch also is connected with RA0-RAn, the SD0-SDn of memory block option code register, the address wire PA0-PAn of EEPROM of memory block base register respectively; The output EQ2 of the comparative result of n bit digital comparer output EQ1 signal wire and m bit digital equality comparator by be connected with chip selection signal line CS and the abnormal state pick-up unit of EEPROM behind the door; The address signal line PA0-PAn of EEPROM also is connected with n bit digital equality comparator; M (m=0,1,2 ..., M) the bit digital equality comparator also is connected with program area ID, storage ID.
Figure 14 is the hardware circuit diagram of application processing system 94 application area protection logic.The program area address protection logic 2062 among the figure and the address wire A0-An of application processor 60, the address wire A0-An of program area EEPROM 663 and chip selection signal CS, program area base address register 203421, program area option code register 203422 are connected; Carry out and programme allowing read-write output line RD and the WR and the program area EEPROM 663 of logic 208, getting of application processor 60 refers to control line PSEG, read-write control line RD and WR, and the output signal line of program area programming authority register etc. links to each other; The data line of application processor 60 links to each other with the data line of program area EEPROM 663.
Figure 18 is the further realization schematic diagram of program area protection logic 2062.CPU among the figure handles 60 for using, and program area plot, option code register, EEPROM all belong to the application area of application processing system.The principle of work of Figure 18 is consistent with the program area address protection logic of above-mentioned rule treatments system 92.
Figure 17 is the execution of application processing system 94 and the further realization schematic diagram that programming allows logic 208.Data output PRGEN, the CHKEN of programming authority register is respectively programming permission and reader check permission among the figure; The programming signal WR of program area EEPROM 663 by the memory write signals WR of output, PRGEN and the application processor 60 of fuse steering logic by one three with Men Xiangyu after generate, and send state detector to detect; The memory read signal RD of another output of fuse steering logic, CHKEN and application processor 60 becomes state detection signal by one three or pupil, and with getting of application processor 60 refer to signal PSEG with after, the read output signal line RD of generator program district EEPROM.The output state of fuse steering logic also send state detector to detect, and the output of program area ID register is connected with the fuse steering logic.The fuse steering logic is here used programmable logic array, as realizations such as PLD.
The principle of work of each functional areas protection logic is as follows:
If the functional areas of wanting the service regeulations disposal system, the process dispatcher of its operating system 32 will take out the program area plot of these functional areas earlier from the functional areas attribute the rule base of functional areas, the program area option code, the memory block plot, the memory block option code writes the regular register 20340 of rule treatments system 92 respectively, program region base register (PRBR) 203401 in 20341, program area option code register 203402, memory block base register 203411, memory block option code register 203412, in the attribute of functional areas, take out functional areas ID number, as program area ID, the common ID of memory block ID writes the program area ID register 203403 of rule treatments system 92, memory block ID register 203413.And the RDEN that the memory block access limit register 203414 of rule treatments system 92 is set is that effectively WREN is invalid.Change this functional areas executive routine then over to.In the executive routine process of functional areas, if will carry out the memory write operation, then will be earlier to operating system 32 application memory write authorities, after operating system 32 approvals, the WREN that memory block access limit register 203414 just is set is for effective; When functional areas did not need write operation, it was invalid timely notifying operation system 32 to put WREN, closed the write operation of storer.At the functional areas complete operation, behind the exit function district, the scheduler program of operating system 32 can be removed the regular register 20340,20341 of rule treatments system earlier, just does other work then.
If the functional areas (70 that will use application processing system, 75), then the process dispatcher of the operating system 32 of rule processor 92 program area plot, program area option code, memory block plot, the memory block option code that will take out these functional areas earlier from the functional areas attribute the rule base of functional areas writes program region base register (PRBR) 203421, program area option code register 203422, memory block base register 203431, memory block option code register 203432 in the regular register 20342,20343 of application processing system 94 respectively; In the attribute of functional areas, take out functional areas ID number,, write program area ID register 203423, the memory block ID register 203433 of application processing system 94 as the common ID of program area ID, memory block ID.And the RDEN of memory block access limit register 203434 that application processing system 94 is set is for effectively, and WREN is invalid, and PRGEN, the CHKEN of program area programming authority register are invalid.Format command application processing system 94 with command frame changes this functional areas over to then.After application processing system 94 receives this order, just change this functional areas executive routine over to.In the executive routine process of functional areas, if will carry out the memory write operation, then application processing system 94 carries out communication to the rule treatments system, requires the memory write authority of application processing system.After operating system 32 approvals, the WREN that memory block access limit register 203434 just is set is for effective; When function did not need write operation, it was invalid timely notifying operation system 32 to put WREN, closed the write operation of storer.At the functional areas complete operation, behind the exit function district, the scheduler program of operating system 32 can be removed regular register 20342,20343 earlier, just does other work then.
Figure 21 is that the functional areas of application processing system 92 load flow process.The permission that the loading of new functional areas will hold earlier, the load lock of the open card of the private class inquiry terminal of the available card of this work, and delete useless functional areas makes enough spaces give new functional areas usefulness, and this card is transferred to the publisher and is loaded then.When loading beginning, the functional areas supervisory routine of the application processing system of operating system 32 is record of increase in rule base just, the space of allocator district and memory block, and set the data of the attribute 2010 of new functional areas.Then the program area plot in the attribute of newly-installed functional areas, program area option code, memory block plot, memory block option code, functional areas ID are write the program area rule register 20342 and the memory block rule register 20343 of application corresponding disposal system 94.Rule treatments system command application processing system enters programming and state then, after application processing system is ready to, with regard to the notification rule disposal system.Then rule treatments system system is program area programme PRGEN, the CHKEN of authority register 203424, the RDEN of memory block access limit register 203434, and WREN all is set to effectively.Publisher's functional areas code and data just are sent to rule treatments system 92 by the read-write and the network insertion device 10 of card afterwards, be sent to application processing system by the rule treatments system again, and be written to the function corresponding district and make checking treatment by application processing system.And then publisher's code data, help information is loaded into the publisher's Password Management district 35 and the help information district 34 of rule treatments system correspondence respectively.If this loading procedure is finished smoothly, the rule treatments system uses table with regard to functional areas attribute in the update rule storehouse and functional areas, publisher's Password Management district, help information district content corresponding, if the functional areas attribute is set to " non-heavy duty district ", corresponding fuse in the fuse steering logic in China Merchants Bank and the programming permission logic of also need fusing is forbidden the program area read-write to these functional areas, and the program of these functional areas can only be carried out.If this loading procedure is unsuccessful, then to cancel current all operations, recover original state.After operation was finished, the holder can lock value-added tax function with the private inquiry terminal, prevents from illegally to load new functional areas.
With the interval protection logic that the functional areas protection mechanism 20 of native system realizes, to Figure 19, its steering logic is tight as Figure 11, and the decoding delay of every kind of control is little, and as either-or switch, equality comparator etc. are generally two or three grade of gate delay, and sort circuit is supported high-speed CPU.Simultaneously, the interval range of each functional areas is controlled in native system service regeulations storehouse, makes different publishers can set different functional areas sizes according to actual needs, the utilization factor of raising program and memory block EEPROM.
In addition, Figure 26, Figure 27 have provided the consumer respectively and the illegal a kind of method used of the other side is taken precautions against by trade company, has further improved Information Security of the present invention.The holder can be with the illegal trade company of following procedure identification: after the holder carries out once suspicious transaction, write down ID number and gps coordinate of merchant machine, compare to nearby inquiry terminal or with the daily record that the PDA that carries reads card then, if the still suspicious network address that then further provides according to help information in the card by the Internet access trade company more particulars carry out respective handling;
Trade company can be with the illegal holder of following procedure identification: after the authentication of trade company by card, still suspicious to once concluding the business, then trade company can be by the number of registration/identification card number of holder in card sending mechanism or public security department, find the network address of registrar, download holder's identity characteristic data then, as photograph, fingerprint etc., compare simultaneously with card, special card people, if consistent, then holder's identity is credible, otherwise insincere and handle accordingly.
Above-mentioned intelligent card function district loading method comprises following steps:
Permission in holder's smart card apparatus (90) loads sign and is set to very, allows the publisher to load new function;
Smart card apparatus (90) is transferred to the authentication processing that block operation site that the publisher authorizes, and make card (90) set up data to be connected with publisher's functional areas data download server;
Authentication is found out enough big blank functional areas by the back in card, newly-increased record in the rule base of functional areas protection logic, corresponding data are set, and these data are write corresponding functional areas rule register, order application processing system (94) to enter programming state then, if this clear area is big inadequately, the more recyclable useless programs of holder can repeat said process in the heavy duty district again;
Generate the program code and the data of new functional areas and download to the corresponding function district of the application processing system (94) in the card according to the setting of smart card apparatus (90), publisher's server, and then generate publisher's password area and the help information district that publisher's password, help information download to the rule treatments system respectively;
If loading procedure is complete, then upgrade the rule treatments system and the application processing system of smart card apparatus (90), if these functional areas are set to " non-program heavy duty district ", then the loading fuse of fuse function district protection mechanism to distinguishing forbidden reading or deleting this program area simultaneously; Otherwise the storer of cancellation strictly all rules disposal system writes operation; The permission that the holder closes in the card at the appropriate time loads sign.

Claims (20)

1, a kind of smart card system of open function dynamic integrity, it is characterized in that including the read-write and the network insertion device (10) of a smart card apparatus (90), card, wherein can fictionalize several smart cards on the smart card apparatus (90), can load or download, use and unload various application systems on each virtual smart card, the read-write of card is connected by contactless or contact with smart card (90) with network insertion device (10), for smart card (90) provides power supply energy and carries out data interaction.
2, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned smart card apparatus (90) includes at least:
The external interface of a smart card (91), the available contactless or contact of the read-write of the external interface (91) of smart card apparatus (90) by smart card and card and network insertion device (10) is connected, for whole smart card apparatus provides power supply and realizes smart card apparatus (90) and the read-write that blocks and the data communication of network insertion device (10); And
A semiconductor chip, integrated rule treatments system (92), communication pond (93) and application processing system (94) on this substrate, wherein the functional areas protection mechanism (20) in communication pond (93) and the rule treatments system (92) couples together rule treatments system (92) and application processing system (94), and rule treatments system (92) is connected with the external interface (91) of card; Communication pond (93) is a dual-ported memory, can read and write from rule treatments system (92) and application processing system (94) respectively.
3, the smart card system of open function dynamic integrity according to claim 1, it is characterized in that above-mentioned on-chip rule treatments system (92) includes rule processor RCPU (30), identity characteristic reflection and authentication (31), operating system RCOS (32), daily record (33), help information (34), publisher's Password Management (35) and functional areas protection mechanism (20), identity characteristic reflection and authentication (31), operating system RCOS (32), daily record (33), help information (34), publisher's Password Management (35) all is connected with rule processor RCPU (30) with functional areas protection mechanism (20), and and rule processor RCPU (30) is on the same bus, wherein operating system (32) is by rule processor (30) control, and all the other are jointly controlled by rule processor (30) and functional areas protection mechanism (20); The program space of processor and data space are independent addressings; functional areas protection mechanism (20) is carried out the branch block protection with each class method in this system space and data; wherein each functional areas is united by several base program districts and several elementary data area and is constituted, and handle as an indivisible applying unit program area of functional areas and data field.
4, the smart card system of open function dynamic integrity according to claim 1, it is characterized in that above-mentioned on-chip application processing system (94) includes application processor APCPU (60), operating system APCOS (61), functional areas 1~n (70,75), auxiliary region (79), operating system APCOS (61), functional areas 1~n (70,75), auxiliary region (79) all is connected with application processor APCPU (60), and be on the bus of application processor, wherein functional areas 1~n (70,75) jointly controlled by the functional areas protection mechanism (20) in application processor (60) and the rule treatments system (92), other parts are controlled by application processor (60); The program space of processor and data space are independent addressings; functional areas protection mechanism (20) is carried out the branch block protection with each class method in this system space and data; one of them functional areas is united by several base program districts and several elementary data area and is constituted; handle as an indivisible applying unit program area of these functional areas and data field; functional areas 1~n (70; 75) program in and data can be in use dynamically subregion independently download independent the use.
5, the smart card system of open function dynamic integrity according to claim 1, the read-write and the network insertion device (10) that it is characterized in that above-mentioned card include inquiry Terminal Type and non-inquiry Terminal Type, wherein inquire about data maintenance or management that Terminal Type can only carry out smart card apparatus (90), can not carry out data trade and handle; Non-inquiry Terminal Type can only be inquired about the operation (needing when functional areas load except the look facility district operating position) that Terminal Type can not be done, wherein non-inquiry Terminal Type is further divided into private inquiry Terminal Type and common enquiring terminal, the common enquiring terminal can only be read management data in the card, and the private inquiry terminal can also be made amendment in the card as personal identification number, the management data of deletion daily record etc.; Each functional areas (70 of application processing system (94), 75) the non-inquiry Terminal Type of the read-write of an all corresponding class card and network insertion device (10), its once with the device (90) access procedure in, can only use at the most with the corresponding functional areas of application processing system (94).
6, the smart card system of open function dynamic integrity according to claim 1, the read-write and the network insertion device (10) that it is characterized in that above-mentioned card include place name station location marker method, also include the latitude and longitude coordinates representation of global position system GPS, they are installed to the operation site, and are provided with so that key features such as the ID that the holder checks number, classification and gps coordinates at their above the folds separately.
7, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned identity characteristic reflection includes with authentication (31):
The static nature storehouse of identity, further comprise feature database data and characteristic disposal route, wherein the static nature database data is used to write down and authenticate holder's photograph, fingerprint, the prominent features information of identity such as DNA, these characteristic informations are consistent with the information-based feature of non-contact IC card resident identification card.
The behavioral characteristics storehouse, further comprise behavioral characteristics database data and behavioral characteristics data processing method, complement one another in it and static nature storehouse, wherein the behavioral characteristics storehouse also comprises and is used to write down and handle registration and the authentication password data that the holder is given in public security department and publisher's Random assignment.
8, the smart card system of open function dynamic integrity according to claim 1, the authentication method that it is characterized in that above-mentioned identity characteristic reflection and authentication (31) can be realized by one of following approach: verification process is by the control of one group of formative rule string, and smart card apparatus (90) is carried out by the explanation of the interpretive routine in the rule processor (30); Or this regular word string is integrated in same on-chip special IC execution by one with rule treatments system (92).
9, the smart card system of open function dynamic integrity according to claim 1; it is characterized in that daily record (32) in the above-mentioned disposal system (92) comprises the record of daily record; output; deletion; method and storage protection blocks such as Password Management; wherein the output of daily record, modification and Password Management can only be carried out on the inquiry Terminal Type of smart card, have comprised key features such as the classification of the read-write of card and access device (10) and gps coordinate in the log record.
10, the smart card system of open function dynamic integrity according to claim 1; it is characterized in that above-mentioned help information (34) comprises method and corresponding information stores protected locations such as the loading, output, unloading of help information; these information are loaded by the publisher who uses application processing system (94); be used to illustrate the using method of each functional areas; or provide the website information of using method, and read with the inquiry Terminal Type by the holder.
11, the smart card system of open function dynamic integrity according to claim 1; it is characterized in that the publisher's Password Management (35) in the above-mentioned disposal system (92) includes publisher's cryptoguard district; in password area, set up a publisher's the password and the record of Cipher Processing rule, be used to identify the lawful owner of each functional areas for each functional areas of rule treatments system (92) and application processing system (94).
12, the smart card system of open function dynamic integrity according to claim 1 is characterized in that the functional areas protection mechanism (20) in the above-mentioned disposal system (92) includes:
Functional areas rule base data, functional areas rule base data comprise the attribute of functional areas, functional areas running status record, table is used in functional areas;
Rule base data management, rule base data management are used for the functional areas attribute, functional areas running status record, and functional areas use table is configured, administers and maintains;
Logic is realized in functional areas; functional areas realize that logic comprises the application area protection logic of rule treatments system (92); the memory block protection logic of rule treatments system; the application area protection logic of application processing system (94); the memory block protection logic of application processing system, rule realizes the regular registers group of logic.
13, the smart card system of open function dynamic integrity according to claim 1, the recorded content that it is characterized in that each functional areas correspondence of above-mentioned functions district attribute comprises functional areas ID at least, user mode, program heavy duty attribute, program area plot, program area option code, the memory block plot, the memory block option code, deleted marker, wherein whether functional areas ID, user mode are used to identify these functional areas and are used; Whether can be deleted after program heavy duty attribute and deleted marker are respectively applied for and set these functional areas and load and sign trade company whether deleted these functional areas; Program area plot, program area option code and memory block plot, memory block option code are respectively applied for the program space and the storage space in selection and control function district.
14, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned regular registers group comprises:
The program area of rule treatments system (92) rule register further comprises the program region base register (PRBR) of this program area, program area option code register, program area ID register;
The memory block of rule treatments system (92) rule register further comprises the memory block base register of this memory block, memory block option code register, memory block ID register, memory block access limit register;
The program area of application processing system (94) rule register further comprises the program region base register (PRBR) of this program area, program area option code register, program area ID register, program area programming authority register;
The memory block rule register of application processing system (94) further comprises the storage district base register of depositing this memory block, memory block option code register, memory block ID register, memory block access limit register.
15, the smart card system of open function dynamic integrity according to claim 1, it is characterized in that said procedure regional address protection logic comprises a CPU, an EEPROM, an abnormal state detecting device, a N position base register, a N position option code register, a N bit digital equality comparator, a N group either-or switch; Wherein N organizes either-or switch and CPU, EEPROM, and base register, the option code register connects, and is used to generate M position (M≤N, N=1,2...L) physical address of EEPROM; N bit digital equality comparator and CPU, EEPROM, the abnormal state detecting device connects, and is used to generate chip selection signal and the state detection signal of EEPROM.
16, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned memory block address protection logic comprises a CPU, an EEPROM, an abnormal state detecting device, a N position base register, a N position option code register, a M position program area ID, a M position memory block ID, N+M bit digital equality comparator (M=0,1,2, ..., Q), N group either-or switch, wherein a N group either-or switch and a CPU, EEPROM, base register, the option code register connects, and is used to generate L position (L≤N of EEPROM, N=1,2...P) physical address; N+M bit digital equality comparator and CPU, EEPROM, program area ID, memory block ID, the abnormal state detecting device connects, and is used to generate chip selection signal and the state detection signal of EEPROM.
17, the smart card system of open function dynamic integrity according to claim 1, it is characterized in that the said procedure district carries out and programming allows logic to comprise a CPU, an EEPROM, a programming authority register, a state detector, a program area ID, a fuse steering logic, and several with door and or door, wherein CPU's reads control line, the verification of programming authority register allows the position, one of fuse steering logic output mutually or the back form state detection signal and this signal and CPU the instruction fetch control line and after generation EEPROM read control line; The programming of the write line of CPU, programming authority register allows an output phase of line, fuse steering logic or the back generates the write line of EEPROM and send state detector to detect; Program fuse steering logic is subjected to program area ID register controlled, and its current state also outputs to state detector.
18, the smart card system of open function dynamic integrity according to claim 1, it is characterized in that above-mentioned approaches to IM comprises the data of needs change identity characteristic image library, its processing procedure is: the outlet that the holder need arrive card sending mechanism or public security department's mandate carries out authentication, authentication success then allows operation, puts on record otherwise do the operation failure.
19, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned safe precaution method also comprises:
The holder can be with the illegal trade company of following procedure identification: after the holder carries out once suspicious transaction, write down ID number and gps coordinate of merchant machine, compare to nearby inquiry terminal or with the daily record that the PDA that carries reads card then, if the still suspicious network address that then further provides according to help information in the card by the Internet access trade company more particulars carry out respective handling;
Trade company can be with the illegal holder of following procedure identification: after the authentication of trade company by card, still suspicious to once concluding the business, then trade company can be by the number of registration/identification card number of holder in card sending mechanism or public security department, find the network address of registrar, download holder's identity characteristic data then, as photograph, fingerprint etc., compare simultaneously with card, special card people, if consistent, then holder's identity is credible, otherwise insincere and handle accordingly.
20, the smart card system of open function dynamic integrity according to claim 1 is characterized in that above-mentioned intelligent card function district loading method comprises following steps:
Permission in holder's smart card apparatus (90) loads sign and is set to very, allows the publisher to load new function;
Smart card apparatus (90) is transferred to the authentication processing that block operation site that the publisher authorizes, and make card (90) set up data to be connected with publisher's functional areas data download server;
Authentication is found out enough big blank functional areas by the back in card, newly-increased record in the rule base of functional areas protection logic, corresponding data are set, and these data are write corresponding functional areas rule register, order application processing system (94) to enter programming state then, if this clear area is big inadequately, the more recyclable useless programs of holder can repeat said process in the heavy duty district again;
Generate the program code and the data of new functional areas and download to the corresponding function district of the application processing system (94) in the card according to the setting of smart card apparatus (90), publisher's server, and then generate publisher's password area and the help information district that publisher's password, help information download to the rule treatments system respectively;
If loading procedure is complete, then upgrade the rule treatments system and the application processing system of smart card apparatus (90), if these functional areas are set to " non-program heavy duty district ", then the loading fuse of fuse function district protection mechanism to distinguishing forbidden reading or deleting this program area simultaneously; Otherwise the storer of cancellation strictly all rules disposal system writes operation; The permission that the holder closes in the card at the appropriate time loads sign.
CNB031135080A 2003-01-06 2003-01-06 Opened function dynamic integrated intelligent card system CN1308882C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031135080A CN1308882C (en) 2003-01-06 2003-01-06 Opened function dynamic integrated intelligent card system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031135080A CN1308882C (en) 2003-01-06 2003-01-06 Opened function dynamic integrated intelligent card system

Publications (2)

Publication Number Publication Date
CN1516052A true CN1516052A (en) 2004-07-28
CN1308882C CN1308882C (en) 2007-04-04

Family

ID=34239304

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031135080A CN1308882C (en) 2003-01-06 2003-01-06 Opened function dynamic integrated intelligent card system

Country Status (1)

Country Link
CN (1) CN1308882C (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853416A (en) * 2010-06-02 2010-10-06 东信和平智能卡股份有限公司 Physical smart card with virtual smart cards and configuration method of virtual smart card
CN102043972A (en) * 2009-10-21 2011-05-04 索尼公司 Information processing apparatus, communication apparatus, and program
CN102087716A (en) * 2011-03-02 2011-06-08 武汉天喻信息产业股份有限公司 Multi-application Java smart card
CN101256645B (en) * 2008-01-16 2012-01-11 苏州市城市信息化建设有限公司 Setting method of integrated citizen card system
CN102446312A (en) * 2011-06-28 2012-05-09 于佳辉 Identity card management system and method based on Internet of things
CN102103651B (en) * 2009-12-21 2012-11-14 中国移动通信集团公司 Method and system for realizing all-purpose card system and smart card
CN101147161B (en) * 2005-03-24 2012-12-19 晟碟以色列有限公司 Loading internal applications on a smartcard
CN101822025B (en) * 2007-10-15 2013-10-23 Nxp股份有限公司 Method and service provider for managing expired or consumed applications being stored in mobile communication devices
CN103903022A (en) * 2012-12-28 2014-07-02 北京握奇数据系统有限公司 Realization method and system of intelligent card application supporting multiple sets of personal data
CN104469771A (en) * 2014-12-12 2015-03-25 深圳市宜联畅游技术有限公司 Data transmission method for having access to cellular mobile network system and associated equipment
CN104765777A (en) * 2015-03-18 2015-07-08 韩山师范学院 Method and system for converting one-card RFID data into process event logs
CN107026954A (en) * 2015-11-03 2017-08-08 爱思打印解决方案有限公司 Imaging device and recover its wrong method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2160943Y (en) * 1993-09-23 1994-04-06 李幼夫 Multifunctional acoustooptic credit card
DE19609732A1 (en) * 1996-03-13 1997-09-18 Michael R Dipl Phys Bedrich Multi function smart card
EP0949595A3 (en) * 1998-03-30 2001-09-26 Citicorp Development Center, Inc. Method and system for managing applications for a multi-function smartcard
CN1302415A (en) * 1998-05-01 2001-07-04 张玮 Internet IC card system

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101147161B (en) * 2005-03-24 2012-12-19 晟碟以色列有限公司 Loading internal applications on a smartcard
CN101822025B (en) * 2007-10-15 2013-10-23 Nxp股份有限公司 Method and service provider for managing expired or consumed applications being stored in mobile communication devices
US9329853B2 (en) 2007-10-15 2016-05-03 Nxp B.V. Method and service provider for managing expired or consumed applications being stored in mobile communication devices
CN101256645B (en) * 2008-01-16 2012-01-11 苏州市城市信息化建设有限公司 Setting method of integrated citizen card system
CN102043972B (en) * 2009-10-21 2013-11-20 索尼公司 Information processing apparatus, communication apparatus, and program
CN102043972A (en) * 2009-10-21 2011-05-04 索尼公司 Information processing apparatus, communication apparatus, and program
CN102103651B (en) * 2009-12-21 2012-11-14 中国移动通信集团公司 Method and system for realizing all-purpose card system and smart card
CN101853416B (en) * 2010-06-02 2013-05-29 东信和平科技股份有限公司 Physical smart card with virtual smart cards and configuration method of virtual smart card
CN101853416A (en) * 2010-06-02 2010-10-06 东信和平智能卡股份有限公司 Physical smart card with virtual smart cards and configuration method of virtual smart card
CN102087716B (en) * 2011-03-02 2013-02-13 武汉天喻信息产业股份有限公司 Multi-application Java smart card
CN102087716A (en) * 2011-03-02 2011-06-08 武汉天喻信息产业股份有限公司 Multi-application Java smart card
CN102446312A (en) * 2011-06-28 2012-05-09 于佳辉 Identity card management system and method based on Internet of things
CN103903022A (en) * 2012-12-28 2014-07-02 北京握奇数据系统有限公司 Realization method and system of intelligent card application supporting multiple sets of personal data
CN103903022B (en) * 2012-12-28 2017-06-20 北京握奇数据系统有限公司 It is a kind of support more cover personal data application of IC cards realization method and system
CN104469771A (en) * 2014-12-12 2015-03-25 深圳市宜联畅游技术有限公司 Data transmission method for having access to cellular mobile network system and associated equipment
CN104469771B (en) * 2014-12-12 2018-04-17 深圳市宜联畅游技术有限公司 Access the data transmission method and relevant device of cellular mobile network system
CN104765777A (en) * 2015-03-18 2015-07-08 韩山师范学院 Method and system for converting one-card RFID data into process event logs
CN107026954A (en) * 2015-11-03 2017-08-08 爱思打印解决方案有限公司 Imaging device and recover its wrong method

Also Published As

Publication number Publication date
CN1308882C (en) 2007-04-04

Similar Documents

Publication Publication Date Title
CN104704505B (en) Protect the assets in equipment
US9021594B2 (en) Intelligent risk level grouping for resource access recertification
JP5270655B2 (en) Built-in modules for real-time risk analysis and risk processing
CN103514386B (en) The authority controlling and managing method of application program and electronic installation
US6834799B2 (en) IC card with capability of having plurality of card managers installed
JP4912406B2 (en) Transfer of digital license from the first platform to the second platform
CN104412242B (en) Internal memory is protected
CN1258141C (en) Safe application distribution and execution in wireless environment
CN1291326C (en) Systems and methods for integrity certification and verification of content consumption environments
CN100576148C (en) Be used to provide the system and method for security server cipher key operation
US8547232B2 (en) Method and apparatus for transferring data via radio frequency (RF) memory tags
CN101853363B (en) File protection method and system
CN1292353C (en) Secret and safe financial trade system and method
KR101654956B1 (en) Mitigations for potentially compromised electronic devices
US6848047B1 (en) Security managing system, data distribution apparatus and portable terminal apparatus
US8402269B2 (en) System and method for controlling exit of saved data from security zone
CN100504714C (en) Implementation and use of a PII data access control facility employing personal identification information labels and purpose serving function sets
JP4625000B2 (en) Data protection system and record carrier
EP1950682B1 (en) Computer data management method, program, and recording medium
JP4645000B2 (en) Method for dividing storage area of portable device
CN1096166C (en) Configurable password integrity servers for use in shared resource environment
CN100555298C (en) The method and apparatus of virtulizing personal office environment
US7800499B2 (en) RFID and sensor signing algorithm
CN101529366B (en) Identification and visualization of trusted user interface objects
JP5149195B2 (en) Mobile security system and method

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
C14 Grant of patent or utility model
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070404

Termination date: 20100208

C17 Cessation of patent right