Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/355—Personalisation of cards for use
  • G06Q20/3552—Downloading or loading of personalisation data
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/357—Cards having a plurality of specified features
  • G06Q20/3576—Multiple memory zones on card

Definitions

• Tins application relates to a system and method for improving the storage capacity and efficiency of memory management, in particular in an integrated circuit card, through the selective storage of programming inst ctions.
• IC card typically is the size of a conventional IC card
• ROM read-only memory
• EEPROM electrically erasable programmable read-only-memory
• I/O Input/Output
• An IC card can be application specific or may contain multiple applications
• .MULTOSTM is a multiple application operating system which runs on IC
• terminal i.e., ATM and/or POS
• the card is inserted for use.
• IC c ⁇ ds typically have limited storage capacity due to the size and cost
• Multi-application smart cards have their
• MEL Multos Executable Language
• MEL program instructions are read from EEPROM, an alterable memoiy, when they are >
• the ROM on the IC card includes the operating system written in
• the operating code stored in ROM is fixed when the ROM is
• EEPROM becomes significant.
• the size of a typical EEPROM on an IC card is
• the size of an application program may be 3.3K for an electronic money
• the application typically has data associated with the
• operating system code requires 17.5K of the 24K of available memoiy in ROM.
• ROM read only memory
• EEPROM takes up six times more room on the chip than IK of ROM. As a result, it
• the invention is directed to a system and method of efficiently storing
• Codelets include programming instructions written
• microprocessor based system accesses in order to execute the codelet.
• codelet from the address table and execute the codelet's program instructions to perform
• the codelet is written in a non-native programming language such as MEL
• codelets can be used
• microprocessors When the codelets are executed, they will act upon the data used by the codelets.
• Figure 1 is a diagram of the memory of an IC card configured in
• Figure 2 is a flowchart of the steps for performing a codelet query
• Figure 3 is a block diagram of an IC card chip which can be used in
• codelets can be stored in ROM so as to maximize the usage of memoiy and allow ROM
• the codelet can be as small as one
• the codelet is assigned a name and that name is placed in an address table
• .Also present in ROM can be subroutines called primitives written in a
• Codelets because they are written in the native language code. Codelets allow
• Figure 1 shows an example of the memoiy configuration of ROM 101
• ROM 101 includes operating system code 109 stored in native language
• code (e.g., assembly language) which is run by the microprocessor to operate any
• Codelets 113 are
• codelets are called by another application or codelet.
• the operating system will not call codelets
• Program instruction sets called by the operating system are preferably primitives
• Operating system data 115 is stored in EEPROM 105. This data is
• space 119 has very few lines of code and calls the codelet B 121 which is stored in ROM
• the data associated with application B is stored in the EEPROM because the data
• a codelet address table 123 resides in EEPROM 105 as part of the operating system data.
• codelet is a codelet address table 123 for ROM 101 for ROM 101 for
• EEPROM 105 is described as a preferred embodiment of an
• any other memory whose contents can be changed can also be used as
• a codelet can be stored in EEPROM as well as in ROM, or any other
• the codelet can be called by one - 10 - WO 99/38131 PCT/GB99/00209
• a codelet is written in the application language
• Codelets applicability are not restricted simply to IC cards, but can also be
• Figure 2 is a flow chart of the steps for performing a query codelet. If an application needs to determine that a codelet has been stored on the IC card before it is called, it can execute a query codelet function. An exception to the general rule that codelets are written in an application programming language is the query codelet function, which is a series of program instructions that can be stored as a primitive. The query codelet function will check the address table stored in the memory of the IC card for the name of the codelet wliich is being checked. If the codelet name has been stored, then a flag indicator such as
• Step 201 sets the variable codelet_id equal to the name of the requested
• the name can be any combination of letters, numbers or
• Step 203 then retrieves the
• Step 205 sets the CCR Z flag to zero.
• the CCR register is preferably used
• the CCR register is used because it is very
• the default response to a codelet query is negative indicating that the codelet has not been stored on the IC card.
• the negative response is indicated by a zero value in the Z bit
• Step 207 checks if the name stored in codeletjd is present in the codelet »
• the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If a match does not occur, the Z flag remains set to zero in the negative state. If
• This wild card feature can be used as
• Step 209 then returns control of the processor to the application or other
• codelet instructions executed if the codelet was found in the address table. If the codelet
• the application can execute altemative instructions based on the
• a call_codelet primitive can be used to pass control over
• the codelet to be executed is identified by the specific codelet ID. If the request codelet ED is
• a .specific known codelet address can be
• codelet H is non-zero but does not appe.ar in the address table, then an abnormal end
• the c- ⁇ l_codelet .function can be used, for example, to (1) pass control
• control from a codelet to itself may be done for program memory management or
• codelets utilize the program and data .stacks and the application .abstract .architecture
• AAM Application Abstract Macliine arcliitecture.
• the AAM .Architecture applies to .any pl ⁇ fo ⁇ n independent of its hardware and enables developers to write applications to store on the IC cards which are portable across many different types of
• platfo ⁇ ns e.g., IC cards built by different manufacturers with different processor
• AAM application abstract machine
• Each application has a data memory space which is virtually allocated and
• the program data address space is effectively divided into three segments: a Static
• segments are logically mapped to the physical memory; they are virtual memory
• the AAM data address space is preferably addressed and processed using seven different address registers and two
• the operating system can
• Codelets which can contain substantially all, or possibly
• codele is called, codelets allow extra flexibility and efficiency in the operation of the IC
• the pointers to the AAM data segments can be redirected when a codelet
• codelet to perform its function on the applicable data and then return control to the
• codelets are preferably stored in a read- - 16 -
• codelets typically do not have their own variable data but instead use
• Figure 3 shows an example of a block diagram of an integrated circuit 380
• the integrated circuit chip is located on a chip on the card.
• the IC chip preferably includes a
• central processing unit 310 memory 320 including a RAM 326, a EEPROM 324, a ROM
• Control logic 330 in the smart card provides sufficient sequencing and
• CPU 310 in conjunction with control logic 330 can perform many different tasks
• Some IC cards also include a
• Input/output ports 350 are used for communication between the card and an interface
• Timer 340 (which
• Security circuitry 360 (which is optional) preferably includes .fusible
• the Static memory space is preferably mapped to memory locations in
• EEPROM 324 which are non- volatile.
• the Dynamic memory space is preferably mapped
• RAM 326 which is volatile memory.
• EEPROM is identified as a preferred non-volatile memory
• An operating system is preferably stored in ROM 322.
• One or more codelets are also preferably stored in ROM 322.
• EEPROM 324 EEPROM 324
• IC cards are becoming increasingly used for many reasons.
• IC card also called a smart card
• IC card typically is
• ROM read-only-memory
• EEPROM electrically erasable programmable read-only memory
• RAM random access memory
• I/O Input/Output
• card may contain a single application or may contain multiple independent applications in
• MULTOSTM is a multiple application operating system which runs on IC
• the multiple application operating system present on the IC card allows a card
• a conventional single application IC card such as a telephone card or an
• a telephone card could only be
• the card 21 - A user would be required to carry multiple physical cards on ffl his oir r a her person, wvhsicchn would
• a card user may have both a purse application and a credit/debit
• the present invention provides for a multiple application architecture for
• a M application abstract machine
• a data memory space including at least
• Additional delegation commands can be issued by the second application
• the command delegated is interpreted by a delegated application in the same manner as a selection command being issued directly by a terminal and therefore each application performs the security functions at the same level
• the volatile memory segment can further be separated into public
• the Dynamic memory region can be used solely as temporary work space for
• Fig. 1 is block diagram illustrating the data memory space segment
• Fig. 2 is a block diagram illustrating the code memory and the data
• Fig. 3 is a flow diagram illustrating the steps of performing a request for a
• Fig. 4 is a flow diagram illustrating the steps of perfo ⁇ ning a return
• Fig. 5 is a flow diagram illustrating the steps of performing an inquire
• Fig. 6 is a block diagram of an IC card chip which can be used as a
• FIGS. 7A, 7B and 7C illustrate multiple delegation calls made between
• the present invention provides for a method and apparatus for processing multiple application programs with associated data stored on an IC card which can be accessed and executed.
• An application stored on the card can be selected by a terming, or other interface device, or another application.
• processor located on the IC card) and the associated data which the application stores and uses during execution of the program.
• a multi-application card may store a purse application, or an
• Each application has software code and associated data to support the execution of that software code.
• Each application is allocated a memory space when
• purse application need not be aware of the specific loyalty program stored on the card, but instead may contain an instruction to communicate with any loyalty progr.am stored
• the loyalty program will require input data representative of the amount of
• transferred data may be
• te current invention which is described in greater detail below, is to selective
• AAM Application Abstract Machine
• AAM application abs f rac. machine
• Each application has a data memory space which is virtually allocated and
• the program data address space is effectively divided into three segments: a Static
• the AAM data address space is preferably addressed and
• Figure 1 shows an illustrative diagram of a logical data space allocation
• data portion 101 includes a Static data space 103, a Public data space 105 and a Dynamic
• address registers can contain physical memory addresses but preferably contain offset
• the overall address space is 64K bytes, although the size varies with the applicable platform and the available memory size.
• the registers can also be considered
• pointers or can be any other conventional addressing mechanism.
• memory is non-volatile which is not erased after power is removed from the IC card (such as EEPROM), the Dynamic space is volatile (such as RAM) which may be erased
• An IC card can receive power from a terminal after it is interfaced into the terminal.
• an IC card may contain a battery to maintain some power for memory and
• volatile memory will typically be erased after the IC card is removed from its
• the def i ned AAM data space has bytes in each segment which are
• the segment address of the fust byte of the Static segment is zero, so that d i e
• segment address of a given location within the Static region is equal to its offset. - 29 r- ⁇ -..ir: P f 1
• Pointers to other specific regions of the Static data area can be stored in
• the Static data because the Static region is non- volatile. For example, if the card user's
• Public segments is not always equal to a particular offset from the beginning of the
• the fourth location in the Dynamic segment will be different for each operation
• MEL Executable Language
• a tagged address preferably is used to
• a tagged address is a nineteen bit value consisting of a three bit tag
• Each of the seven address registers for - 3o - 'S. * nny ⁇ - ' ⁇ y- ⁇ um ' -' ' ⁇ the AAM data space contain a segment physical address. For " Tnsta ⁇ cer
• registers SB 109 and ST 111 point to the boundaries of the Static, the address registers
• PB 113 and PT 115 point to the boundaries of the Public and the address registers DB
• register points to the byte immediately after the last valid byte. For example, the last
• Register LB functions as a stack frame pointer. It
• the allocated Static segment 103 contains the
• Static data includes data which is associated with each
• Static data also includes variable data which is stored for use in future
• the Static data is addressed using register SB (Static Base) and the
• register ST (Static Top) as offset registers. These registers contain the offset value from a
• SB is defined as zero
• the Static segment is preferably mapped
• EEPROM Electrical Erasable Programmable Read-Only Memory
• the Dynamic segment 107 contains the application's volatile or temporary
• Dynamic data includes data which is temporarily used during the execution of an
• a purse application may temporarily store the value of a transaction in order to
• Dynamic segment preferably is divided into two parts, the session data portion and the
• the size of the session data is a constant for each application and is
• the stack data portion stores data in a last-
• the stack is initially empty, but expands and contracts during
• the Dynamic data is addressed from the register DB 117 to register DT
• Register LB 119 serves as a local stack frame pointer to particular memory
• Register LB LB
• Register DT 121 serves as an address offset for the stack pointer.
• That application also contains the application's session data which is used in performing
• the session data is set to zero upon the start of the execution of
• Stack data will be saved in the stack if the application delegates a task or
• a delegation function occurs when one application selects another
• the delegator calls the Delegate primitive.
• primitive is a subroutine recognized by the multiple application operating system which - 33 - fl ⁇ ( is executed when the operating system interprets the Delegate instruction. Primitives can
• delegated application then generates its own data memory space according to the AAM
• the Dynamic memory space is also shared
• the delegated application is executed because the Dynamic data is secret.
• delegated application has finished processing the command, and has written a response
• Delegate primitive The response generated by the delegated application is retrieved or
• the delegator application may simply - 34 - _ Y exit in turn, thus sending the response to the IFD, or may cany out further processing
• command can delegate the function B to application A in order to reduce the need for
• an application stored on the card can delegate the "retrieve
• PIN function to a PIN application which returns a stored universal PIN for the card.
• a new session begins whenever the IFD, e.g. a terminal,
• the delegated application treats the delegate function as if the IFD
• application A is selected by an IFD device, and receives commands X, Y and Z from the
• application A may delegate all three commands to application B. For example,
• delegations may occur in response to delegation comma. nds in the program code. Both
• application A is selected, and receives commands X,
• Application A will have its session and stack data initialized when it
• One example of a use of session data is to support the use of a session
• the application could reserve one byte of session
• selected delegated application could update the flag as follows: if the PIN command is
• the PIN checking function could be a delegated function from the selected application to a PIN checking application.
• the Public segment 105 is used for command and response data being
• segment contains the data passed between two applications, the delegator (the application
• An application may also use the Public segment as a further application
• register PB 113 stored in register PB 113 as a starting address, to register PT 115 as an ending address.
• Register PB 113 and Register PT 115 are fixed for the duration of a command-response
• Public data can include data inputted into or
• a terminal such as a transaction amount, vendor identification data, terminal
• Public data can also include data which is to be transmitted to an IFD
• the multiple application operating system ensures that the data stored in
• the Public segment remains private to the application until the application exits or
• the data in the Public segment is then made available to other - 37 - entities as follows: (1) if the application delegates, th lee wwhhoollee ooff t thhee PPuubblliicc sseeggmmeenntt
• segment containing the I/O response parameters and data are made available to the IFD.
• the operating system on the IC card preferably overwrites
• MCD MULTOS carrier device
• a portion of the Public memory segment is also used as a communications
• the I/O protocol data and parameters are preferably stored at the top of the Public Switches.
• FIG. 1 shows an extended illustration of the AAM implemented
• Data memory space 201 includes the three segments Static, Public and
• Code memory space 203 contains the program
• the application instructions are
• Instruction 205 is stored at
• AAM architecture A code pointer (CP) register 207 indicates the particular code
• the register indicates, e.g., through an offset
• Register 209 contains eight bits, four of which are for use by the individual application
• condition codes can be used by conditional instructions such as
• condition codes can include a carry bit, an overflow bit, a
• SB When the application is loaded, SB is set to zero and ST is equal to the number of bytes in the application's Static database.
• the other address registers are initialized when the
• CP 207 is set to zero and all eight bits in CCR 209 are
• a communications interface mechanism is present between the IFD and an
• a command-response parameter means an application is given a command to perform and returns a response to the entity issuing the
• the delegation can be directly in response to a received command
• the delegator acts as a controller for delegating commands or subcommands to
• the delegated command can be embedded
• Figure 3 shows a flow chart of the steps which are performed when a
• Step 301 sets the parameter named delegator_application_id
• ID indicates the current application which is selected and which is currently being
• the delegator ID indicates the application which delegates a function to
• Step 303 then pushes (stores) the
• delegator ID onto the top of the delegate_id_stack (delegate stack).
• the delegate stack is preferably stored outside of an application's AAM
• the delegate stack preferably operates in a LIFO
• Step 305 sets the selected ID to the delegate_request.delegate_
• Step 307 sets the application_command parameter to the value stored in
• the delegator application can choose which
• Step 309 then sends the application_command to the AAM operating system for execution by the delegatee
• the delegator application is then suspended (or interrupted). . Any data that
• Figure 4 is a flow chart of the steps for performing a "return delegation
• Step 401 gets application_responses from the Public memory space of the delegated
• the response data is passed in the Public memory segment of the delegatee AAM.
• Step 403 sets the delegate_response. status variable to a success condition.
• This - 42 ANNEX ⁇ l TO THE DESCRIPTION means that a delegation operation has been successfully completed.
• Step 405 sets the delegate , response.application_responses parameter to the application_responses values
• Step 407 sets the delegate_response.delegate_application_id parameter to
• Step 409 pops the top (i.e.,
• delegate_application_id from the delegate_id_stack. This information indicates the identity of the delegator application for
• Step 411 sets the select_file.application_id value to the delegator_application_id value.
• the Dynamic data for the delegator application will be retrieved for the delegator application from its stored location so that the application will continue to execute where it left off with all data intact but will also
• step 413 the .5 delegate_response data is sent to the current application for further processing.
• response data is passed through the Public data space which could be the same physical RAM memory location because all applications share the physical volatile memory space.
• Figure 5 shows a flow chart of the steps involved for inquiring about a
• delegator ID when a delegate command is received by a delegated application.
• 2 o delegated application may need to know the identity of the delegator because it may
• an - 43 - fi i r.7 airline loyalty program may need to l now if awarded frequent flyers will be based on
• Step 501 receives the delegator_id_enq_request from the AAM operating
• Step 503 checks if
• the delegate_id_stack is empty. If the stack is empty, then no delegation operations have
• step 511 sets the
• Step 513 sets the
• delegator_is_enq_request.error_cause a value indicating "no delegator
• step 505 sets the delegator_id_enq_response.status parameter to a
• Step 507 sets the delegator_id_enq_response.delegator_
• the stored data at the top of the stack indicates
• Step 509 then sends the I f. L'.-' ⁇ i.' m
• Figure 6 shows an example of a block diagram of an integrated circuit
• the integrated circuit chip is located on a chip on the card.
• the IC chip preferably includes a
• central processing unit 601 a RAM 603, a EEPROM 605, a ROM 607, a timer 609,
• control logic 611 I/O ports 613 and security circuitry 615, which are connected together
• Control logic 611 in the smart card provides sufficient sequencing and
• CPU 601 in conjunction with control logic 611 can perform many different tasks
• Some IC cards also include a
• Input/output ports 613 are used for communication between the card and an IFD which
• Timer 609 (which generates and/or provides a
• clock pulse drives the control logic 611, CPU 601 and other components requiring a
• o circuitry 615 (wliich is optional) preferably includes fusible links that connect the
• EEPROM 605 which is non ⁇ volatile.
• Dynamic memory space is preferably mapped to RAM 603 which is
• the Public memory space is also preferably
• RAM 603 which is volatile memory.
• RAM 603 RAM is identified as a preferred non ⁇
• volatile memory and EEPROM is identified as a preferred volatile memory. Other types of memory could also be used with the same characteristics.
• Figures 7A, 7B and 7C illustrate an example of a delegation function being performed in order to process multiple applications on an IC card.
• a delegation function 702 is
• FIG. 7A Also shown in Figure 7A is an empty delegator ID stack 705. Since the stack is empty, there is no data associated with it and it is shown only for illustrative purposes.
• the multiple application operating system receives the delegate command
• microprocessor and other circuitry on the card will process the instructions and allocate
• the delegator ID 707 is placed on top of the stack 705.
• delegate function 711 is called to delegate the operation to the third application.
• the multiple application operating system receives the delegate command
• the delegator ID 713 of the second application is
• delegator ID at the top of the stack is popped to indicate that execution of the second
• Additional applications can be managed by the delegator ID stack in a
• -An integrated circuit card comprising: a microprocessor; a volatile memory coupled to said
• microprocessor a non-volatile memory coupled to said microprocessor; and a plurality of
• said microprocessor allocates for each said executing application an
• associated data memory space comprising at least a volatile memory segment for
• a public region is divided into at least two regions, including a public region and a dynamic region.
• ⁇ 2 is divided into at least two regions, including a public region and a dynamic region.
• volatile segment includes a public and dynamic portion.
• single integrated circuit card comprising: means for allocating a data space comprising at least a non-volatile
• volatile memory segment is divided into at least two regions, including a public region
• ⁇ 2 is divided into at least two regions, including a public region and a dynamic region.
• 4 application's volatile memory segment includes a public and dynamic portion.
• each application has an associated identifier; a data stack accessible by said databus for storing said applications'
• processor means for executing instructions from said application programs
• said processor means allocates a data memory space for said application which is
• volatile memory volatile memory and at least one address in said volatile memory; and wherein said processor means interrupts said first application at least once
• data memory space comprises at least a volatile
• non-volatile memory segment for referencing static data stored in said non-volatile
• 2 memory segment is divided into at least two regions, including a public region and a
• application's volatile memory segment includes a public and dynamic portion.
• An integrated circuit card comprising:
• data memory space comprises at least a volatile memory segment for referencing
• the integrated circuit card of claim 51 further including means for storing
• the integrated circuit card of claim 53 further including means for
• volatile memory segment is divided into at least two regions, including a public region
• volatile segment is divided into at least two regions, including a public region and a
• a multi-application IC card which processes two or more applications
• the AAM architecture only allows
• one application to be executed at a time and allows for shared processing by performing a
• the data space includes a volatile and
• the delegation function temporarily interrupts the execution of the
• the first application then retrieves the saved data and completes its
• a delegator stack is used to keep track of the delegator' s identity when
• the AAM model allows for a high level of security while

Applications Claiming Priority (3)

Publications (1)

Family

ID=22108399

Family Applications (1)

Country Status (4)

Families Citing this family (5)

Family Cites Families (11)

• 1999
  • 1999-01-21 EP EP99901065A patent/EP1050028A1/de not_active Withdrawn
  • 1999-01-21 JP JP2000528961A patent/JP2002501269A/ja active Pending
  • 1999-01-21 WO PCT/GB1999/000209 patent/WO1999038131A1/en active Application Filing
  • 1999-01-21 AU AU20691/99A patent/AU2069199A/en not_active Abandoned

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events