EP1989621A1 - Betriebssystem für eine chipkarte mit einem multi - tasking kernel - Google Patents
Betriebssystem für eine chipkarte mit einem multi - tasking kernelInfo
- Publication number
- EP1989621A1 EP1989621A1 EP07722887A EP07722887A EP1989621A1 EP 1989621 A1 EP1989621 A1 EP 1989621A1 EP 07722887 A EP07722887 A EP 07722887A EP 07722887 A EP07722887 A EP 07722887A EP 1989621 A1 EP1989621 A1 EP 1989621A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data carrier
- mobile data
- applications
- mtk
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
Definitions
- the invention is in the field of smart card technology and more particularly relates to a method and a system for operating mobile data carriers.
- Smart cards such as a smart card
- the application as access control, smart cards in healthcare, in the field of mobile technology as a SIM card (Subscriber Identity Module).
- SIM card Subscriber Identity Module
- the SIM card is a check card-sized identification card for subscribers of a mobile service and is also referred to as a "smart card”.
- smart cards such as in the field of navigation technology, in digital dictation or camera asy stemen etc.
- the mobile data carrier in particular the chip card, comprises the following hardware resources: A microprocessor or a CPU (Central Processing Unit) for data processing, a plurality of data memories of different types, such as RAM (Random Access Memory), ROM (Read OnIy Memory) and the EEPROM (Electrical Erasable Read On Memory) and interfaces for data exchange between the various components, in particular between the microprocessor and the data storage and optionally to other modules on the smart card, and to other external modules that are provided outside the smart card and should be in data exchange with the chip card. It may be z. For example, readers or more complex back-office systems. Depending on the field of application, it is possible to run one or more applications on the chip card.
- a microprocessor or a CPU Central Processing Unit
- ROM Read OnIy Memory
- EEPROM Electrical Erasable Read On Memory
- Smart card microcontrollers currently on the market are usually equipped with processors that have no memory protection mechanisms or other monitoring options against unauthorized access.
- the reloaded program code is not executed directly, but only indirectly, eg. B. via a so-called virtual machine, the individual program commands (ie the byte code) in turn interpreted in platform-dependent program code, so that address ranges of individual programs or applications via the virtual machine or the interpreter are separated.
- the virtual machine defines which accesses are allowed or which data an application has access to.
- a major disadvantage is the fact that basically only interpreter code can be reloaded.
- Platform-dependent program code eg. B. Input / output interface drivers can not be loaded after card output.
- Another disadvantage is that the security of the memory protection is based on the security of the virtual machine or on the interpreter. It is possible to provide a so-called bytecode verifier which checks the bytecode accordingly.
- the disadvantage is that the required checks of the verifier for resource and / or performance reasons mainly outside the smart card be performed. However, if the checks of the bytecode verifier are performed outside the smart card, it is vulnerable.
- the present invention has therefore set itself the task of finding a way with which a significantly improved memory protection for smart card operating systems can be achieved and allows a more flexible use of smart cards.
- a multi-tasking operating system for chip cards or a corresponding chip card and a corresponding microprocessor to be provided.
- This object is achieved by a method for operating a mobile data carrier, with a mobile data carrier, a microprocessor, a computer program product and with a method for producing and maintaining a mobile data carrier according to the appended independent patent claims.
- the object is achieved by a method for operating a mobile data carrier which is equipped with the following resources: at least one microprocessor,
- At least one data store which usually consists of several different data storage areas
- Interfaces for data exchange between microprocessor and data storage and / or other modules that are assigned to the mobile data carrier, wherein on the mobile data carrier different applications can be performed by the mobile data carrier comprises a central control unit, the operation of the mobile data carrier , in particular the execution of the applications, controls and / or monitors in such a way that several applications can be active at the same time by assigning or depriving resources of an application according to a configurable scheduling mechanism and / or by controlling the data exchange.
- the mobile data carrier is usually a chip card or a SIM card or other microprocessor cards that are in a terminal such.
- the inventive mobile data carrier z. B. in navigation systems, PDAs, digital dictation systems, digital cameras or telephones are used.
- the main embodiment of the invention relates to a smart card, and thus the term smart card is to be understood as the main embodiment for a mobile data carrier.
- a smart card typically includes the following hardware resources: a microprocessor for data processing, data storage and interfaces. It However, in alternative embodiments, it is also possible to provide additional resources here, such as. B. a mathematical coprocessor.
- the interfaces are usually input / output interfaces.
- further interfaces for example to other external and / or internal modules, which are assigned to the mobile data carrier, can be provided.
- the central point of the method according to the invention for operating the chip card is the central control unit, which in the preferred embodiment is designed as a multi-tasking kernel and is part of an existing or new operating system for the chip card.
- the central multi-tasking kernel controls and / or controls processes on the chip card and provides protected areas for execution.
- all commands are executed by the multi -Tasking kernel controlled.
- the multi-tasking kernel controls the operation of the chip card and the processing of the processes running on it such that several applications can be executed simultaneously on one and the same chip card. This is accomplished by the multi-tasking kernel operating on a scheduling mechanism that is preferably configurable. The scheduling mechanism is allowed - with regard to the entirety of all activatable or activated on the mobile data carrier applications - an optimized version or an optimized operation of the data carrier.
- the multi-tasking kernel enables a quasi-parallel execution of several software-based applications executable on the chip card.
- the multi-tasking kernel assigning appropriate allocations of computation time and resources to the applications according to the configurable scheduling mechanism. The execution or execution of commands is thus triggered according to the invention exclusively by the central multi-tasking kernel.
- the multi-tasking kernel thus offers the possibility of executing various user programs or various applications virtually simultaneously, in particular with the option of allocating resources (such as, for example, certain memory areas in RAM or in non-volatile memory, interfaces or input / Output channels, cryptological modules, etc.) exclusively to an application and to withdraw them if necessary.
- resources such as, for example, certain memory areas in RAM or in non-volatile memory, interfaces or input / Output channels, cryptological modules, etc.
- This allows an application in conjunction with a smart card terminal z.
- a "classic" smart card legacy task may be performed (eg, credit / debit commands) while another application is running in the background.
- Each service or application has a protected address space. It is also possible for several applications to be combined with respect to memory management, so that they are integrated in a common address space.
- inventive According to a secure data exchange between all participating modules of the smart card will be enabled.
- the data exchange between the individual, different applications is completely secured by the multi-tasking kernel, as well as the data exchange with other modules that may be connected to corresponding interfaces to the smart card, which significantly increases the overall security of the overall system.
- the functionality of the respective applications or services is not limited. Services that reside in a protected address space can even emulate the full functionality of a previously common smart card operating system (eg debit card, access control, SIM card, health card, etc.) in an environment that is protected from other services ,
- the protection mechanism according to the invention can completely encapsulate the applications, so that a plurality of virtual smart cards can reliably coexist on a hardware platform.
- the multi-tasking kernel it is possible by means of the multi-tasking kernel according to the invention to offer several "virtual" chip cards in strictly separate areas on a hardware platform, in particular on one and the same chip card.
- the individual applications, each of which realizes "virtual chip cards" are no longer grouped around the command interface, as in the case of classic state-of-the-art operating systems, but are controlled as services via the functions of the central multi-tasking kernel ,
- memory protection Another central aspect of the present invention is seen in memory protection.
- memory protection for platform-dependent program code is implemented in the multi-tasking kernel. With that you can the above-mentioned disadvantages of the interpreter-based memory protection are overcome by the operating systems known from the prior art.
- the multi-tasking kernel accesses a mechanism for supporting the separation of the address spaces, in particular a memory management unit (MMU for short) and / or a memory protection unit (MPU for short) ).
- MMU memory management unit
- MPU memory protection unit
- multi-tasking kernel By using the multi-tasking kernel at a central location, ie at the hierarchically highest priority level, several simultaneous active applications can be executed on a chip card. This opens up the possibility that individual applications can access non-conflicting resources in parallel and thus simultaneously, and e.g. Exchange data via possibly different input / outpunt interfaces with external or internal systems. Cumulatively or alternatively, data in the background can also be processed, in particular prepared, by an application, without this being triggered explicitly via external communication.
- the multi-tasking kernel provides that priorities can be assigned, in particular with regard to individual applications or application groups, and that a calculation time control takes place. By monitoring priorities and computation time, the multi-tasking kernel can ensure that the computational time or execution time available to an application is limited and that the multi-tasking kernel - li ⁇
- a limitation of the computing time is achieved by controlling the consumption of the computing time by the multi-tasking kernel and assigning the computing time in the form of time quanta decidedly to the applications. Tamper protection is achieved by running only the multi-tasking kernel in a more privileged mode of operation, while all applications operate in a hierarchically lower-level user mode.
- the multi-tasking kernel has more tasks.
- it also serves to manage the resources of the chip card (such as memories and interfaces).
- the resources can be requested by the application at the first loading or dynamically at runtime at the multi-tasking kernel.
- the multi-tasking kernel decides alone and in the first instance, whether the resources are assigned exclusively to an application or not.
- the application can pass on further sub-applications rights that are smaller or equal to the rights granted to it by the multi-tasking kernel.
- subcontracting or subcontracting of rights to subordinate subapplications is envisaged.
- the multi-tasking kernel serves to provide mechanisms for secure data exchange between the individual applications.
- the data exchange between the applications controlled and / or monitored by the multi-tasking kernel is fundamentally based on the principle that the data exchange takes place exclusively under the control of the multi-tasking kernel. There are basically two alternatives for this: 1.- The participating applications are exchanging data or can exchange corresponding messages via special multi-tasking kernel function calls.
- the participating applications can exchange data via predefined memory areas that contain several - in this case the active -
- each application itself decides whether and which data it makes available to other applications.
- the advantage is achieved that different applications can be integrated on a chip card, but they are securely sealed off from each other.
- a significant advantage of the solution according to the invention is further to be seen in the fact that the fundamental advantage of flexibility, which can be achieved inter alia in the prior art by the approach of reloadable program code, can be maintained even with the inventive solution and even significantly improved .
- Another advantage of the solution according to the invention is the fact that the possibilities of data transfer in relation to the mobile data carriers can be extended.
- the multi-tasking kernel By controlling the multi-tasking kernel, it becomes possible to trigger necessary communication processes in an optimized manner so that parallel or simultaneous communication with internal or external modules takes place via a number of identical or different types of hardware interfaces.
- a chip card system based on the multi-tasking kernel according to the invention can use the quasi-parallel execution of program code to simultaneously transfer data via different input / output interfaces, eg. B. via a contactless interface according to the standard ISO14443 or the NFC standard (Near Field Communication) and in parallel to replace it via a contact interface according to the ISO7816 standard.
- a privileged mode in which runs the central multi-tasking kernel, the rights are granted more than a second mode in which basically all applications and / or processes or applications work.
- a second mode in which basically all applications and / or processes or applications work.
- the central multi-tasking kernel is in each case the most privileged in order to enable central control of the entire operation of the data carrier.
- the multi-tasking kernel according to the invention is based on a scheduling mechanism which is geared towards achieving an optimized execution or execution of all processes with regard to the entirety of all processes running on the data carrier (comprising operating system processes and application processes).
- the scheduling mechanism accesses an optimization algorithm which optimizes the operation of the data carrier with regard to one or more of the following optimization criteria: optimization with regard to time, in particular with respect to a processing speed Dwell time of processes in the main memory and / or a response time of the processes; an optimization in terms of system resources, in particular hardware resources; an optimization in terms of space requirements and an optimization in terms of the necessary data transfer.
- optimization criteria are configurable. This has the advantage that the solution according to the invention is very flexible with regard to the basic processing of the process.
- the operating system of the chip card is thus not limited to a specific optimization criterion.
- the configurable mechanism is set based on predefined input parameters.
- the input parameters can be read in via corresponding interfaces. Alternatively, it is possible that for certain applications, a preferred treatment of the respective application takes place. Then, the multi-tasking kernel can exclusively allocate all or selected resources to a particular application. However, the formation of this feature according to the invention is not necessary and only optional.
- the multi-tasking kernel In order for the task of the scheduling process to be implemented, it is necessary for the multi-tasking kernel to automatically record and control the execution time for each process. Furthermore, a limitation is imposed on the execution time of each process (this is done according to the mechanism: "how long may which process last?"). Thereupon, it is possible for the scheduling mechanism to automatically limit the execution time for a given application by controlling the consumption of the computation time and by monitoring compliance with the constraints.
- a nested or cross-processed processing of processes can be driven, so that the total execution time of all necessary processes on the disk can be optimized. According to the optimized scheduling method, computer time is then allocated to the respective process or to the respective application.
- smart cards can also be used in terminals such. B. are used in mobile phones and are formed in this case as a SIM card.
- terminals such. B. are used in mobile phones and are formed in this case as a SIM card.
- other interfaces such. B. USB or MMC interfaces to the SIM contacts in the mobile phone provided, can be addressed via the other security devices, eg.
- security modules or security components that should perform security checks are designed distributed in the system. This distribution of safety-critical functions to different systems and components in the chip card-related components or devices leads to several disadvantages.
- TMM trust management module
- This module is also controlled by the multi-tasking kernel.
- the TMM module can perform various safety-critical tasks in a protected environment, such as: B. in addition to the pure SIM functionality, a DRM authentication (DRM stands for Digital Rights Management and concerns a control system for checking a transmission of protected or protected content).
- DRM Digital Rights Management
- other authorization mechanisms can be supported.
- the TMM module can be designed both physically and as a hardware component. However, it is also possible to provide the module or individual functionalities of the module as software or as a computer program product, which can be used on a specific security processor z. For example, on a secure ARM core.
- TMM module An important advantage in connection with the security aspects of the TMM module is that security functions can be reloaded flexibly.
- security functions can be reloaded flexibly.
- the TMM module operated by the multi-tasking kernel according to the invention can offer significantly more functions than e.g. of javacard applets.
- platform-dependent security protocol drivers such as IFSec or SSL / TLS, or digital rights management authorization systems related to multimedia content.
- TMM module A significant, advantageous aspect of the TMM module according to the invention is further to be seen in the fact that it can also actively perform security checks itself. This is not the case with previous TPM modules (Trusted Platform Module, TPM for short, is a security standard developed by the Trusted Computing Group, the modules of which are basically implemented as system-on-chip).
- TPM Trusted Platform Module
- the TMM module according to the invention is not operated as a pure slave, which only responds to requests from another entity, but the TMM module can also control actions independently.
- this self-contained control feature is not mandatory and only optional.
- an improved memory protection can be achieved by the inventive operation of the chip card with a TMM module. Due to the multi-tasking-capable operating system, different security mission-critical tasks in a security system, in particular in a specific chip card processor, housed and thus realized.
- the TMM module can be implemented on the mobile data carrier.
- An alternative task solution provides a storage medium that is intended for storing the computer-implemented method described above and is readable by a computer.
- a further solution of the problem can be seen in that the method described above is designed as an operating system or operating system component for a mobile data carrier which is operated in accordance with at least one feature of the method.
- FIG. 1 shows a schematic, overview-like representation of a multi-tasking kernel according to the invention, which controls the operation of the mobile data carrier according to an embodiment of the invention
- FIG. 2 shows an overview of an activation of applications by the multi-tasking kernel according to the invention according to a preferred embodiment
- FIG. 3 shows an overview of a possible structuring of components of a data carrier according to the invention.
- a mobile data carrier is designed as a chip card C.
- the applications of the chip card C are, however, in principle not limited and can be in the field of payments, finance, access control. Furthermore, it is possible that the chip card C for use in other devices, eg. B. mobile devices such as telephones, is used and it is in particular an inventively extended SIM card.
- the chip card C itself and the applications A running on it are controlled by an operating system.
- the program modules of the operating system were usually stored in a ROM memory module (read-only memory ROM).
- ROM memory module read-only memory ROM
- the main tasks of a chip card operating system include the exchange of data with the chip card, the flow control of the commands to be executed, the file management and the management and execution of security functions and algorithms, such as cryptographic keys, etc.
- the chip card C comprises an embedded microcontroller which triggers, controls and monitors all activities of the chip card C.
- the most important, typical components of a chip card microcontroller are the microprocessor MP, all interfaces SS of the chip card C, in particular the address and data bus and the data storage DS, which include all different types of memory, such as RAM, ROM and EEPROM.
- the interfaces SS of the chip card C include all input
- a central control device MTK is provided, which in particular is provided by the multi-component
- FIG. 3 shows the multi-tasking kernel MTK as a separate component on the chip card C.
- MTK the multi-tasking kernel
- FIG. 3 shows the multi-tasking kernel MTK - in contrast to the known chip card operating systems - is provided as an additional component.
- it will not be provided as a separate, independent component, but rather integrated in other areas of the chip card as a separate module.
- it will be provided as a modular, separate operating system component in addition to the previous operating system of the chip card C.
- an application A comprises a plurality of commands or processes which must or can be executed at different times.
- An application usually comprises several applications A. However, it is also possible in principle that a very simple application consists only of a single application A.
- the central multi-tasking kernel MTK creates the possibility of offering several "virtual" chip cards on the same hardware platform of a chip card C, as it were.
- the individual virtual smart cards are strictly separated, since all applications and commands are controlled by the central multi-tasking kernel MTK. A one-sided or mutual influence of active applications or applications is thus reliably prevented by the multi-tasking kernel MTK.
- the multi-tasking kernel MTK assigns applications A the appropriate contingents of computing time and resources according to a configurable scheduling method. As shown by way of example in FIG. 1, all applications A or chip card services A are in data exchange with the multi-tasking kernel MTK and are controlled and executed by them. In Fig. 1 it is indicated that the scheduling of the multi-tasking kernel MTK is time-based. This is to be clarified by the time-slice-like representation in FIG. 1.
- the multi-tasking kernel MTK monitors and controls the execution of the individual applications at runtime. By means of the configurable scheduling mechanism, in each case an application is automatically provided with a quota of computing time and resources which can be utilized by the respective application A. The Execution time of each application A is thus automatically limited to a configurable level.
- the multi-tasking kernel MTK must perform an analysis of the existing system state with applications A to be triggered accordingly and must then control the entire execution or operation of the chip card C, so that with regard to the totality of all commands to be executed an optimized execution takes place.
- the optimization criteria are configurable: z. As an optimization in terms of time, system resources, storage space, power consumption, etc.
- the multi-tasking kernel MTK Before executing a respective application A, the multi-tasking kernel MTK records how much computation time is required for execution and how much and / or what resources are required. If now several applications A are to be executed, the multi-tasking kernel MTK can trigger an optimized execution of individual processes, which are assigned to the respective applications A, based on the analysis of the computing time and the required resources of all applications. Has z. For example, a first application A 1 has the task of forwarding data via a contactless interface to an external module and has, for example, B.
- the multi-tasking kernel MTK can cause a quasi-parallel, that is, simultaneous activation of the two applications A 1 and A2, da the two applications access different resources (in this case different interfaces SS). This makes it possible to parallelize the processing path of instructions that is sequential in prior art systems of the prior art and to make them more common be shared, so that the overall performance can be increased.
- the multi-tasking kernel MTK accesses time-based scheduling if it detects concurrent access from different applications to the same resources at the same time.
- the time-based scheduling then provides that the entirety of the processes to be executed in the two applications Ai and A2 is controlled in such a way that overall (ie with regard to the entirety of the two applications Ai and A2) an optimized, in particular time-optimized, version is made possible , This is z. B. possible to prepare data of an application Ai in the background, while another application A2 z. B. communicates with an external system via interfaces SS.
- FIG. 2 schematically shows how the multi-tasking kernel MTK activates different applications Ai, A2, A3 in an optimized manner.
- the applications Ai and A2 shown in FIG. 2 are each caused by external systems. This can be z.
- an account sales request may be in the context of a financial application.
- the central idea of the present invention is that the individual requests and commands to be executed are no longer executed directly, but are all controlled via the central multi-tasking kernel MTK. Due to the scheduling algorithm, the multi-tasking kernel MTK activates individual processes of the applications Ai, A2 and A3,..., Ai in such a way that an optimized execution the entirety of all applications Ai is made possible. This is illustrated in FIG.
- the applications activated by the multi-tasking kernel MTK are identified by a thick vertical line while the respective processes or commands of an application A, which are currently not active, or by the multi -Tasking Kernel MTK have not been activated, only marked with a thin vertical line.
- the multi-tasking kernel MTK first activates the application A 1 on request of the external system IB, and then an instruction cycle of the application A2, which has been caused by the external system IA. Following this, the application A 1 is returned again to then start the application A3 and then terminate the application A2. Following the termination of the application A2, the remaining commands of the application A3 are executed. Overall, such a time-optimized scheduling of the entirety of the applications Ai is possible.
- a central aspect of the present invention is improved security measures, in particular improved memory protection.
- all security-relevant commands or processes that are necessary in the context of the operation of the chip card C are summarized and integrated.
- This application A or this module is called TMM module (Trust Management Module).
- TMM module Trust Management Module
- all safety-relevant functions and commands are summarized. It is possible to reload additional security functions flexibly via specific protocols.
- the content of the TMM module can be flexibly configured. This makes it possible, depending on the application, to activate and / or deactivate different security mechanisms in order to optimize Ie safety cover of the chip card C for each application to achieve.
- the TMM module according to the invention is designed so that it can actively perform safety checks and thus not - as in the prior art - is operated as a purely dependent process.
- Another, significant advantage of the solution according to the invention is the fact that the safety-related processes that are integrated in the TMM module, optimized in the process or in the entire operation of the smart card C can be bordered.
- This has the background that certain safety checks make sense only at a certain point in the system flow. So z.
- an authentication measure only makes sense before the start of a transaction, while further security measures can also be carried out at a later time.
- the optimal, in particular time-optimized, control of all processes on the chip card C is controlled and monitored by the multi-tasking kernel MTK.
- the solution according to the invention is advantageously independent of the respective platform of the chip card C and, in particular, independently of this, whether a virtual machine is used or not, or whether the virtual machine is realized off-card or on-card.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102006008248A DE102006008248A1 (de) | 2006-02-22 | 2006-02-22 | Betriebssystem für eine Chipkarte mit einem Multi-Tasking Kernel |
PCT/EP2007/001511 WO2007096153A1 (de) | 2006-02-22 | 2007-02-21 | Betriebssystem für eine chipkarte mit einem multi - tasking kernel |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1989621A1 true EP1989621A1 (de) | 2008-11-12 |
Family
ID=38169584
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07722887A Ceased EP1989621A1 (de) | 2006-02-22 | 2007-02-21 | Betriebssystem für eine chipkarte mit einem multi - tasking kernel |
Country Status (4)
Country | Link |
---|---|
US (1) | US20090222835A1 (de) |
EP (1) | EP1989621A1 (de) |
DE (1) | DE102006008248A1 (de) |
WO (1) | WO2007096153A1 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657582A (zh) * | 2016-09-29 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | 应用程序的分身功能启动方法、分身功能启动装置和终端 |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004503031A (ja) * | 2000-07-11 | 2004-01-29 | カバ・シュリースジステーメ・アー・ゲー | 移動データ記憶媒体の初期化のための方法 |
DE102008020343A1 (de) * | 2008-04-23 | 2009-10-29 | Giesecke & Devrient Gmbh | Portabler Datenträger |
DE102008045046A1 (de) | 2008-08-27 | 2010-03-04 | Capcologne Gmbh | Verfahren zur Anwendung von unterschiedlichen Applikationen in einem Telematiksystem |
WO2010070656A1 (en) * | 2008-12-15 | 2010-06-24 | Raj S Paul | Health guard system |
FR2942330B1 (fr) * | 2009-02-13 | 2011-08-19 | Renesas Design France Sas | Dispositif de traitement de l'information communiquant permettant un acces rapide a un ensemble d'informations personnelles |
DE102010003581A1 (de) * | 2010-04-01 | 2011-10-06 | Bundesdruckerei Gmbh | Elektronisches Gerät, Datenverarbeitungssystem und Verfahren zum Lesen von Daten aus einem elektronischen Gerät |
DE102010053053A1 (de) * | 2010-12-01 | 2012-06-06 | Giesecke & Devrient Gmbh | Mikroprozessormodul, insbesondere Chipkarten-Mikroprozessormodul |
KR101867960B1 (ko) * | 2012-01-05 | 2018-06-18 | 삼성전자주식회사 | 매니 코어 시스템을 위한 운영체제 동적 재구성 장치 및 방법 |
US9781054B1 (en) * | 2014-07-25 | 2017-10-03 | Google Inc. | Quota-based resource scheduling |
CN105511961B (zh) * | 2015-11-25 | 2019-02-05 | 珠海市魅族通讯设备有限公司 | 一种数据发送方法及终端 |
TWI774081B (zh) * | 2020-10-12 | 2022-08-11 | 瑞昱半導體股份有限公司 | 具有多工處理的晶片 |
US11934255B2 (en) | 2022-01-04 | 2024-03-19 | Bank Of America Corporation | System and method for improving memory resource allocations in database blocks for executing tasks |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5901303A (en) * | 1996-12-27 | 1999-05-04 | Gemplus Card International | Smart cards, systems using smart cards and methods of operating said cards in systems |
US6824064B2 (en) * | 2000-12-06 | 2004-11-30 | Mobile-Mind, Inc. | Concurrent communication with multiple applications on a smart card |
US7313705B2 (en) * | 2002-01-22 | 2007-12-25 | Texas Instrument Incorporated | Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory |
US7631196B2 (en) * | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
FI116166B (fi) * | 2002-06-20 | 2005-09-30 | Nokia Corp | Menetelmä ja järjestelmä sovellusistuntojen suorittamiseksi elektroniikkalaitteessa, ja elektroniikkalaite |
US7509487B2 (en) * | 2003-09-29 | 2009-03-24 | Gemalto Inc. | Secure networking using a resource-constrained device |
-
2006
- 2006-02-22 DE DE102006008248A patent/DE102006008248A1/de not_active Ceased
-
2007
- 2007-02-21 US US12/224,295 patent/US20090222835A1/en not_active Abandoned
- 2007-02-21 EP EP07722887A patent/EP1989621A1/de not_active Ceased
- 2007-02-21 WO PCT/EP2007/001511 patent/WO2007096153A1/de active Application Filing
Non-Patent Citations (2)
Title |
---|
See also references of WO2007096153A1 * |
TANENBAUM A S: "Modern Operating Systems, PROCESSES AD THREADS", MODERN OPERATING SYSTEMS, XX, XX, 1 January 2001 (2001-01-01), pages 71 - 73,81, XP002372417 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657582A (zh) * | 2016-09-29 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | 应用程序的分身功能启动方法、分身功能启动装置和终端 |
Also Published As
Publication number | Publication date |
---|---|
DE102006008248A1 (de) | 2007-08-23 |
WO2007096153A1 (de) | 2007-08-30 |
US20090222835A1 (en) | 2009-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007096153A1 (de) | Betriebssystem für eine chipkarte mit einem multi - tasking kernel | |
DE60006217T2 (de) | Techniken zum gewähren des zugriffs durch eine kontextsperre in einem gerät mit kleinem platzbedarf unter verwendung von einem eingangspunktobjekt | |
EP2678796B1 (de) | Verfahren zum datenaustausch in einer gesicherten laufzeitumgebung | |
DE102012200613A1 (de) | System und Verfahren zur Unterstützung von JIT in einem sicheren System und zufällig zugewiesenen Speicherbereichen | |
WO2019020233A1 (de) | Vorrichtung und verfahren zum kryptographisch geschützten betrieb einer virtuellen maschine | |
DE10324337B4 (de) | Rechnersystem und zugehöriges Verfahren zum Durchführen eines Sicherheitsprogramms | |
DE102011122242A1 (de) | Verfahren zur Kommunikation mit einer Applikation auf einem portablen Datenträger sowie ein solcher portabler Datenträger | |
EP1695207A2 (de) | Java smart card chip mit für globale variablen reserviertem speicherbereich | |
DE112014001815T5 (de) | Eingebetteter Speicher mit Managementschema für Echtzeit-Applikationen | |
CN107577454A (zh) | 一种基于python的应用程序多线程运行优化方法 | |
CN107633087A (zh) | 一种基于数据库的数据存储方法 | |
EP3159821B1 (de) | Prozessor-system mit applet security settings | |
EP0966711B1 (de) | Mikrocomputer mit einer speicherverwaltungseinheit | |
EP1393164B1 (de) | Prozessor mit interner speicherkonfiguration und anordnung mit diesem prozessor | |
DE102011083468A1 (de) | Schaltungsanordnung zur Ablaufplanung bei einer Datenverarbeitung | |
DE102005056357A1 (de) | Multithreading-fähige virtuelle Maschine | |
DE102018001565A1 (de) | Sicherheitselement und Verfahren zur Zugriffskontrolle auf ein Sicherheitselement | |
DE102004040296B3 (de) | Schreiben von Daten in einen nichtflüchtigen Speicher eines tragbaren Datenträgers | |
EP2112595A2 (de) | Portabler Datenträger | |
DE102005019260A1 (de) | Steuerung der Programmausführung in einem ressourcenbeschränkten System | |
EP2780804B1 (de) | Verfahren zur steuerung der programmausführung | |
DE102016122982B4 (de) | Multiplexer zum Steuern eines Zugriffs einer Datenverarbeitungsvorrichtung auf eine Smartcard | |
DE102005027709A1 (de) | Verfahren zum Betreiben eines tragbaren Datenträgers | |
EP0991995A1 (de) | Computersystem mit unterbrechungssteuerung | |
EP2740070A1 (de) | Mechanismus zur kommunikation zwischen zwei applikationen auf einem sicherheitsmodul |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080922 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: HOCKAUF, ROBERT Inventor name: SPITZ, STEPHAN Inventor name: ENGLBRECHT, ERICH Inventor name: EFFING, WOLFGANG |
|
17Q | First examination report despatched |
Effective date: 20081201 |
|
DAX | Request for extension of the european patent (deleted) | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20150507 |