DE102018001565A1 - Security element and method for access control to a security element - Google Patents

Abstract

The invention relates to a security element (1) having a memory (2) which comprises at least one partition (11, 12, 13) and to a memory controller (2H) which is adapted to connect the at least one partition (11, 12, 13) and to virtualize a chip card (21, 22, 23) in a respective one of the at least one partition (11, 12, 13).

Description

The invention relates to a security element and a method for access control to a security element.

Currently, there are a variety of different smart cards and security elements that are issued by different publishers and operated with different operating systems. Embedded security elements (so-called embedded secure elements, SEs) are often installed in mobile terminals (for example smartphones, tablet PCs, smartwatches, etc.). In such mobile terminals, in addition to the embedded security elements, another chip card, e.g. a μSD card with security element can be provided.

In order to avoid a larger number of different security elements or chip cards, there is a desire to integrate them on a common hardware. The challenge here is to be able to use the operating systems and applications developed for the different security elements and chip cards with a common operating system. Consolidation based on a common operating system, however, requires a lot of development effort and is inflexible with different publishers.

It is an object of the invention to provide a security element and a method for access control to a security element, which does not have the disadvantages described above.

This object is achieved by a security element according to the features of claim 1 and a method according to the features of claim 14. Advantageous embodiments emerge from the dependent claims.

To solve the problem, a security element is proposed which comprises a memory and a memory controller. The memory comprises at least one partition. The memory controller is configured to control the at least one partition and to virtualize a smart card in a respective one of the at least one partition.

With such a security element, it is possible to provide each virtualized smart card with its own operating system. Thus, the differentiation currently existing between different publishers and different functions, e.g. Telecommunications, payments and transit, exists, to be maintained.

In particular, such a security element also makes it possible to use customer-specific extensions of an operating system used for a respective chip card as well as possibly desired special solutions. The use of a security element according to the invention makes it possible for each publisher to provide a virtual chip card for his previously known, individual environment for applications.

In addition, certification is simplified. Due to a clear demarcation between different virtualized smart cards, only the memory controller has to be certified additionally. The certification of the chip card (s) corresponds to the procedure used so far and can, if necessary, be taken over by a non-virtualized chip card. Chip cards that are used on other partitions are not affected by the certification of a respective chip card.

The memory controller is expediently a hypervisor, in particular a type 1 hypervisor. Hypervisors are also called virtual machine monitors and refer to a class of systems that serve as an abstracting layer between existing hardware and other operating systems to install. The actual hardware present in the present invention is represented by the security element. Hypervisors make it possible to define a virtual environment with hardware resources (such as CPU, memory, available peripherals) that serves as the basis for the installation of (guest) operating systems, here: the virtualized smart cards, regardless of the actual hardware.

Hypervisors allow the simultaneous operation of multiple guest systems on the security element representing the host system. The hypervisor manages the resource allocation for each guest system, i. the chip cards virtualized on respective partitions. The hypervisor distributes the hardware resources such that, for each guest operating system, all resources are available as needed, as if an operating system were present. This can be done by hardware emulation, hardware virtualization or paravirtualization. The individual guest systems each have their own complete computer with all hardware elements (processor, memory and the like) played.

The actual hardware environment of the security element is called a host system.

A type 1 hypervisor (native or bare metal) sits directly on the hardware of the security element and does not require any prior Operating system installation. The prerequisite for this procedure is that the hardware of the security element of the type 1 hypervisor is supported by appropriate drivers.

A further expedient embodiment provides that the security element comprises one or more interfaces for communication with an external device, wherein the one or more interfaces are managed by the memory controller. This embodiment takes into account the fact that the security element - regardless of the number of virtualized smart cards - typically has only one interface that is modified so that the virtualized in the partitions smart cards can be addressed individually. In this case, one or more of the variants described below can be used.

According to a first variant, the memory controller for managing the one or more interfaces is arranged to provide address information, e.g. a Node Address Byte (NAD) to evaluate a message in a protocol used by at least one of the smart cards to address an associated smart card into a partition associated with the smart card depending on the content of the address information (e.g., the Node Address Byte). For example, the smart card protocol T = 1 defines the Node Address Byte that is not currently used. The use of this node address byte makes it possible to address the different virtualized chip cards with different destination addresses (destination node address).

In a second variant, the one or more interfaces comprise a USB interface (USB = Universal Serial Bus), wherein the memory controller is adapted to simulate a USB hub to which a respective chip card in a chip card associated partition as USB smart card device is connected. In other words, the memory controller simulates a USB hub to which the individual virtualized smart cards are connected as their own devices, each of which in turn implement the USB smart card Device Class.

A third variant provides that the one or more interfaces include a proprietary interface, in particular I2C or SPC, wherein the memory controller is adapted to read from a received command data block (eg an APDU) an address of the smart cards and forward the command / data block to the addressed chip card in the partition assigned to the chip card. In this case, any proprietary interface which does not yet have to be used for chip cards can be implemented as the interface.

According to an expedient embodiment, the memory controller is set up to associate a message received by the security element from an external device with a specific partition of the at least one partition and to forward the message and to the chipcard contained in the specific partition.

It is also expedient if the memory controller is set up to provide the at least one partition with a respectively assigned interface which corresponds to the interface of the virtualized chip card in the relevant partition. As a result, addressing of the different chip cards in the security element is made possible in a simple manner.

A further expedient embodiment provides that the partitions in the memory are separated from one another such that one of the chip cards can not execute any actions on one of the partitions on one of the other / remaining partitions. This isolation can be realized, for example, with the aid of a memory management unit (MMU), which can be a component of the memory controller or can be provided as a separate component on the security element.

A further embodiment provides that a complete operating system with a smart card profile is loaded or stored in a respective partition. In particular, a profile is understood to mean a collection of attributes which specify operations which a user may execute on the relevant partition. This concerns in particular reading rights, writing rights, the execution of applications or programs and the like.

Conveniently, the memory controller is arranged to manage, for each of the at least one partition, a table comprising status information about the respective partition. The memory controller takes over the task of a partition manager, which ensures that at a given time only one partition and thus a profile is active.

It is expedient if the memory controller is set up to switch over from a currently active partition to another non-active partition upon receipt of a switch command from a user or a subscription manager. Such an embodiment of the memory controller makes it possible to switch between different partitions user-dependent or depending on the receipt of a command of a subscription manager. In this way, it can be ensured with the help of the memory controller that at a given time never more than one partition and thus a profile is active.

The invention further provides a method for access control to a security element, which is designed according to the type described above. The method includes the steps of providing a memory controller to control access to at least one partition of a memory of the security element and the step of virtualizing a smartcard in each of the at least one partition.

The method according to the invention has the same advantages as described above in connection with a security element.

• 1 eine schematische Darstellung eines erfindungsgemäßen Sicherheitselements; und
• 2 das erfindungsgemäße Sicherheitselement mit einer Mehrzahl von Partitionen, in denen jeweils Profile und ein Betriebssystem einer Chipkarte illustriert sind.

The invention will be explained in more detail below with reference to an embodiment in the drawing. Show it:

• 1 a schematic representation of a security element according to the invention; and
• 2 the security element according to the invention with a plurality of partitions, in each of which profiles and an operating system of a chip card are illustrated.

1 shows a schematic representation of a security element according to the invention 1 according to the invention. The security element 1 includes a memory 2 , The memory 2 includes in the embodiment three partitions 11 . 12 . 13 , The number of partitions 11 . 12 . 13 may be greater or less than three in practice. The partitions 11 . 12 . 13 be from a memory controller 2H provided and managed. The memory controller 2H is, for example, a so-called hypervisor, which allows to define a virtual environment in terms of hardware resources (especially CPU, memory and available peripherals), regardless of the actual hardware as the basis for the installation of software components in the partitions 11 . 12 . 13 serves.

This allows the memory controller 2H the operation of several in the partitions 11 . 12 . 13 virtualized smart cards 21 . 22 . 23 , With the virtualized smart cards 21 . 22 . 23 For example, these can be different smart cards, for example one for telecommunications, one for payment traffic and one for transit, etc. Each of the virtualized smart cards 21 . 22 . 23 has a specific operating system 24 . 25 . 26 for executing specific functions and applications. The control of the partitions and the installed virtualized smart cards 21 . 22 . 23 is done by means of the memory controller 2H ,

The memory controller 2H represents the individual partitions 21 . 22 . 23 an interface 14 . 15 . 16 ready, which is not from the respective interfaces of the chip card in question 21 . 22 . 23 different. The partitions are eg via a memory management unit 2M (Memory Management Unit) so against each other foreclosed that no chip card 21 . 22 . 23 (ie no application executed by the chip card) realizes the existence of another chip card on the other partitions and, moreover, no activity outside its partition 11 . 12 . 13 can perform.

The storage controller also provides common functionality for the virtualized operating systems 24 . 25 . 26 the chip cards 21 . 22 . 23 available, such as low-level, attack-resistant cryptographic or encryption routines.

The security element 1 has one or more interfaces 2S for communication with an external device 6 on. The one or more interfaces 2S be this by the memory controller 2H managed. Regardless of the number of interfaces provided 2S it is necessary to extend each of the interfaces such that the virtualized smart cards 21 . 22 . 23 in their respective assigned partitions 11 . 12 . 13 individually from an external device 6 can be addressed.

For this purpose, various variants are possible: For example, in the known smart card protocol T = 1, a so-called Node Address Byte (NAD) are used, which is currently unused in the smart card protocol (communication 3 ). The use of the Node Address Byte allows the different, virtualized smart cards 21 . 22 . 23 to address with different addresses. The addresses are called Destination Node Address.

Alternatively, the memory controller 2H if the interface (s) 2S is designed as a USB interface to simulate a USB hub (communication 4 ). The simulation is such that at the USB hub the individual virtualized smart cards 21 . 22 . 23 appear as separate devices connected. These in turn implement the USB smart card device class, which makes the individual smart cards 21 . 22 . 23 are clearly addressable.

In addition, there is a possibility that the security element 1 its own interface, which has not previously been used for smart cards implemented (communication 5 ). Such a proprietary interface could for example be a SPI or I2C his. In addition to the transport of command / data blocks (so-called APDUs), the protocol used also takes into account the addressing option for the individual virtualized smart cards.

The memory controller 2H then ensures that from the external device 6 incoming data of the correct partition 11 . 12 . 13 be assigned. The memory controller 2H then routes incoming data to the appropriate virtualized smart card 21 . 22 . 23 continue. Response data of a respective virtualized chip card 21 . 22 . 23 are optional by the memory controller 2H encapsulated, so by the external device 6 a correct assignment to the sending virtualized chip card 21 . 22 . 23 is possible.

Because every virtualized smart card 21 . 22 . 23 their own operating system 24 . 25 . 26 can show, the distinction made today between different functions (eg telecommunications, payments, transit, etc.) can be maintained. In particular, this also allows the maintenance of customized operating system extensions and special solutions. Each publisher of the now virtual chip card can by the described security element 1 his known, individual environment for the execution of applications are provided.

A certification can be done easily because of the clear demarcation of the various virtual smart cards 21 . 22 . 23 it only requires the memory controller 2H in addition to certify. The certification of the chip cards 21 . 22 . 23 can be done in a conventional manner.

2 shows an embodiment of the security element according to the invention 1 with a plurality of partitions 11 . 12 . 13 in which each profile 21P . 22P . 23P the chip cards 21 . 22 . 23 are deposited. In each of the partitions 11 . 12 . 13 is thus a profile 21P . 22P . 23P with a complete operating system 24 . 25 . 26 loaded. Every profile 21P . 22P . 23P includes a file system constructed in a known manner 21D . 22D . 23D and a security domain 21S . 22S . 23S which issuer-specific applications App 1 , ..., app x includes. Editor of the profiles 21P . 22P . 23P respective virtualized smart cards 21 . 22 . 23 For example, various network operators (Mobile Network Operators, MNOs), issuers of payment cards or transit cards may be.

Using the storage management unit 2M As previously described, it ensures that the partitions 11 . 12 . 13 strictly separated from each other. This means every operating system 24 . 25 . 26 can only in its partition 11 . 12 . 13 work and has, with the exception of the information described below, no knowledge of the other partitions and no access to them.

The storage management unit 2M is set up to switch between the partitions 11 . 12 . 13 and to realize the profiles stored therein. Through the storage management unit 2M This ensures that there is only one partition at a time 11 . 12 . 13 with the profile stored in it 21P . 22P . 23P is marked as active. At the system start of the security element 1 the active profile is activated.

The storage management unit 2M includes a table (not shown) with status information about each of the partitions 11 . 12 . 13 , The table contains a respective information, if ever a profile 21P . 22P . 23P in a respective partition 11 . 12 . 13 of the memory 2 loaded. The table also contains information as to whether a respective profile 21P . 22P . 23P can be activated and allowed. It includes information about whether a particular profile 21P . 22P . 23P is active or inactive. The table also includes a unique textual identification of a respective profile 21P . 22P . 23P which is processed for the possibility of profile switching by a user. Finally, the table includes information on how to manage the partitions 11 . 12 . 13 or the profiles stored on it 21P . 22P . 23P should occur when problems occur. This information represents a fallback strategy. For example, the administration can be such that a predefined profile is activated if, for example, the profile that is actually to be activated can not be activated due to a lack of network connection.

These through the storage management unit 2M managed and in the store 2 saved table can be from any partition 11 . 12 . 13 to be read. Every profile 21P . 22P . 23P This gives you the opportunity to make changes to the table that affect your own profile. Exceptions to this general rule may be allowed.

A switch between the profiles 21P . 22P . 23P can be done by a user, a subscription manager or automatically.

If a switch is made by a user, the user is presented with the list of all activatable profiles on an output unit of the currently active profile, this information being taken from the table just described. The user is given the opportunity via an input means to select a desired profile. The selected profile is then marked active (i.e., a corresponding entry is created in the table). The next system start of the security element then activates the profile marked as active.

When switching between the partitions 11 . 12 . 13 Through a subscription manager, this is done by the external device 6 external access (Over the Air, OTA) to each of the profiles 21P . 22P . 23P granted, as well as the right to change the activation status and possibly trigger a restart. This can be done, for example, using the CAT command "REFRESH".

An automatic switch between the partitions 11 . 12 . 13 for example, by a monitoring application in one of the profiles 21P . 22P . 23P done, which triggers a profile change similar to the fallback strategy described above due to an event.

In addition, it can be provided to give a subscription manager further rights, since there is typically a requirement for a security element, profiles after the output of the security element 1 to be able to reload. For this purpose, the subscription manager can be granted the right, eg from the profile 21P create another partition, fill it with a profile and create the corresponding table entries. For this purpose, the subscription manager expediently includes its own security domain with these privileges in each profile. Alternatively, the functions associated with the subscription manager may be implemented in a separate partition accessible from any other partition.

position list

1

security element

2

Storage

2H

Storage controller (hypervisor)

2M

Memory management unit

2S

Interface of the memory element

3, 4, 5

communication

6

external device

11

first partition

12

second partition

13

third partition

14

Interface of the first partition

15

Interface of the second partition

16

Interface of the third partition

21

first chip card (e.g., payment card)

21P

profile

21D

file system

21S

security domain

22

second chip card (e.g., SIM card)

22P

profile

22D

file system

23

third chip card (for example transit card)

23S

security domain

23P

profile

23D

file system

23S

security domain

24

operating system

25

operating system

26

operating system

Claims (14)

Security element (1) comprising: - a memory (2) comprising at least one partition (11, 12, 13); and a memory controller (2H) adapted to - to control the at least one partition (11, 12, 13); and - Virtualize in a respective one of the at least one partition (11, 12, 13) a smart card (21, 22, 23). Security element after Claim 1 , characterized in that the memory controller (2H) is a hypervisor, in particular a type 1 hypervisor. Security element after Claim 1 or 2 characterized in that the security element (1) comprises one or more interfaces (2S) for communication with an external device (6), the one or more interfaces (2S) being managed by the memory controller (2H). Security element after Claim 3 , characterized in that the memory controller (2H) for managing the one or more interfaces (2S) is adapted to address information, in particular a node address byte, a message in one of at least one of the smart cards (21, 22, 23 ) to evaluate, depending on the content of the address information, an associated chip card (21, 22, 23) in one of the Chip card (21, 22, 23) associated partition (11, 12, 13) to address. Security element after Claim 3 or 4 characterized in that the one or more interfaces (2S) comprise a USB interface, the memory controller (2H) being adapted to simulate a USB hub to which a respective smart card (21, 22, 23) in one of the smart card (21, 22, 23) associated partition (11, 12, 13) is connected as a USB smart card device. Security element after Claim 3 . 4 or 5 , characterized in that the one or more interfaces (2S) comprise a proprietary interface, in particular I2C or SPC, wherein the memory controller (2H) is adapted to receive from an received command / data block an address of one of the smart cards (21 , 22, 23) and to forward this to the addressed chip card (21, 22, 23) in the partition (11, 12, 13) associated with the chip card (21, 22, 23). Security element according to one of the preceding claims, characterized in that the memory controller (2H) is adapted to receive a message from a security device (1) from an external device (6) of a specific partition of the at least one partition (11, 12, 13) and forward the message to the smart card (21, 22, 23) contained in the particular partition. Security element according to one of the preceding claims, characterized in that the memory controller (2H) is adapted to provide the at least one partition (11, 12, 13) with an associated interface (14, 15, 16) corresponding to the interface of the in the relevant partition (11, 12, 13) virtualized chip card (21, 22, 23) corresponds. Security element according to one of the preceding claims, characterized in that the partitions (11, 12, 13) in the memory (2) are separated from one another such that one of the chip cards (21, 22, 23) on one of the partitions (11, 12 , 13) can not perform any actions on any of the other partitions (11, 12, 13). Security element according to one of the preceding claims, characterized in that a complete operating system with a smart card profile (21P, 22P, 23P) is loaded or stored in a respective partition (11, 12, 13). Security element according to one of the preceding claims, characterized in that the memory controller (2H) is adapted to keep only one partition (11, 12, 13) active at a given time. Security element according to one of the preceding claims, characterized in that the memory controller (2H) is adapted to manage for each of the at least one partitions (11, 12, 13) a table which status information about the respective partition (11, 12 , 13). Security element according to one of the preceding claims, characterized in that the memory controller (2H) is adapted, upon receipt of a switching command of a user or a subscription manager, a switch from a currently active partition (11, 12, 13) to another to perform non-active partition (11, 12, 13). Method for access control to a security element according to one of the preceding claims, with the steps: - providing a memory controller (2H) to control access to at least one partition (11, 12, 13) of a memory (2) of the security element (1); and - Virtualizing a smart card (21, 22, 23) in a respective one of the at least one partition (11,12,13).

Images