Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F8/00—Arrangements for software engineering
  • G06F8/60—Software deployment
  • G06F8/61—Installation
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
  • G06F21/12—Protecting executable software
  • G06F21/121—Restricting unauthorised execution of programs
  • G06F21/128—Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/44—Program or device authentication
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/357—Cards having a plurality of specified features
  • G06Q20/3574—Multiple applications on card

Definitions

• the invention relates to a resource-limited card device, in particular a card device based on Java Card technology or native technology, in particular a chip card, a chip card module, or a chip card module in a housing of any desired form factor.
• SIM Subscriber Identity Module for mobile radio.
• the invention relates to a charging packet and a method for implementing one or more applet instances in such a resource-limited card device.
• each applet to be installed has exactly one application identifier AID.
• a separate applet AID must be provided for each constellation of eg applet, country and access possibility . Since each applet has only one AID, a separate separate applet is conventionally installed for each constellation of, for example, applet and deployment country and accessibility. For example, instance 1) Applet A in contact with Country X; 2) applet A in country Y contacted; 3) Applet B in country X contacted; 4) Applet B in country Y contacted; 5) Applet A in country X contactless; 6) Applet A in country Y contactless; etc.
• the invention has for its object to provide a card device that allows a memory-saving installation of applets to be provided in different configurations. Furthermore, a method for implementing one or more applet instances in such a resource-limited card device is to be specified.
• a card device is created which enables a memory-saving installation of applets in the card device.
• the method is characterized in that at least one further application identifier is included in the loading packet, which refers to the same instance of the applet to be installed, and that the method comprises the further step: 4) setting up the at least one further application identifier in the card device.
• an INSTALL command creates an applet instance and two or more applet identifiers in the card device.
• a method according to the invention for creating an applet identifier in a card device to an instance to be installed in the card device of the applet, by means of a charging packet, according to a second option (alternative), the following steps are included. 1) Loading the charging package into the card device, wherein the charging package includes an application identifier that relates to the instance of the applet to be installed. Preferably, the loading packet contains, as usual, only a single applet identifier per applet. 2) Optionally, install the instance of the applet in the card device by applying an INSTALL command to the loading package. 3) At the instigation of the INSTALL command, set up the application identifier in the card device.
• the method is characterized in that 4) the charging of the charging packet is carried out at least twice in succession, 5) the first time the charging packet is loaded (or when the INSTALL command is first executed) the instance of the applet is installed (ie in step 2) ) "Applet Installation") and the application identifier in the card device is set up, and 6) each time the loading package is loaded (or the INSTALL command is executed), another application identifier is set up in the card device without any further loading Instance of the applet is set up in the card device (ie in step 2 option "do not install an applet instance").
• the loading in step 2) is optional in that only when the loading package is loaded for the first time or when the INSTALL command is used for the first time, an applet instance is installed in the device, but not during subsequent loading or INSTALL command executions.
• the card device includes a registry
• setting up the application identifier or the other application identifier includes storing the application identifier or the other application identifier in the registry, or the setting consists in saving in the registry.
• a parameter is assigned to the applet.
• different parameter values of the parameter of the applet are assigned to the application identifier and the further application identifier.
• the parameter parameterizes the applet. This makes a configuration of the applet for the applet using the parameter. Different parameter values of the parameter lead to different configurations of the applet.
• several configurations of the applet are realized without several applet instances being installed in the card device.
• the applet is assigned (at least or exactly) two parameters, namely the type of contacting and the country of use. This allows you to create different configurations of the applet.
• the following example shows a card device with two applet instances for two different applets, namely applet A and applet B, which can be parameterized with two parameters PI, P2.
• Second parameter P2 type of contacting; possible parameter values: contact or contactless.
• Applet A virtual credit card Domestic.
• Applet B virtual credit card International.
• Applet A has only one Application Identifier AID-A.
• Applet B has two Application Identifiers AID-INT-B and AID-DOM-NFC-B.
• AID-A Application Identifier Applet A.
• AID-I TB Application Identifier Applet B International.
• AID-DOM-NFC-B Application Identifier Applet B Domestic contactless.
• FIG. 1 shows the installation of an applet instance by first sending a load packet, according to embodiments of the invention
• FIG. 2 illustrates the personalization of an applet instance installed according to FIG. 1, according to embodiments of the invention
• FIG. 4 shows the creation of a further applet identifier without installing another applet instance, according to embodiments of the invention
• 5 illustrates the personalization of an installed applet instance, according to embodiments of the invention
• Fig. 6 calling an applet with AID2 and subsequent processing of commands, according to embodiments of the invention.
• FIG. 1 shows the installation ("INSTALL") of an applet instance by first sending a load packet, in accordance with embodiments of the invention.
• a terminal sends APDU commands to the card device (referred to here for short as a card).
• the terminal switches on the card device with the ICC_ON command.
• the Card Manager is called with APDU SELECT Card Manager.
• Authentication is performed with APDU AUTHENTICATE.
• a loading package is loaded into the card device and an applet instance Applet Instance Object 1 is set up in the card device by creating an applet instance object with "Create new.”
• the applet identifier AIDl of the applet is created , which is sent in the System Specific Parameters of the INSTALL, is set up in the Card Device by entering a new Card Registry Entry (entry) in the Card Registry of the Card Device using CREATE new.
• Fig. 2 shows the personalization ("perso") of an applet instance Applet Instance Object 1 installed according to Fig. 1.
• the applet instance With APDU SELECT and specifying the AID1, the applet instance is selected.
• APDU AUTHENTICATE an authentication is carried out With several consecutive APDU STORE DATA, up to a LAST STORE DATA indicating the end of the personalization data, data required for personalization is stored in the card device
• Fig. 3 shows the calling ("CALL") and use of an applet with AIDl and a subsequent processing of commands, after installing an applet of Fig. 1 and personalizing the applet of Fig. 2.
• APDU SELECT and specifying the AIDl is The applet instance is selected
• Various applet-specific APDU commands (“Applet Specific Commands") are sent one after the other from the terminal to the card device.
• the card manager selects the applet instance APPLET Instance Object 1 on the card device via SELECT and sends the APD US received from the terminal to the APPLET Instance Object.
• the applet (more precisely, the applet instance Applet Instance Object 1) carries out its (or its) intended activity.
• FIG. 4 shows the creation of a further applet identifier by means of a new INSTALL FOR INSTALL command, without another applet instance being installed in the card device, according to embodiments of the invention.
• a terminal sends APDU commands to the card device (referred to here for short as a card).
• the terminal switches on the card device with the ICC_ON command.
• the Card Manager is called with APDU SELECT Card Manager.
• Authentication is performed with APDU AUTHENTICATE.
• the APDU command INSTALL FOR INSTALL loads a charge package into the card device.
• the card device detects that an applet instance Applet Instance Object 1 has already been set up in the card device and does not install another applet instance.
• Applet Identifier AID1 of the applet is detected, which was created at the previous INSTALL FOR INSTALL when creating the applet instance that was created in the System Specific Parameters of the INSTALL.
• FIG. 4 further illustrates an example of applying the system specific parameters to accommodate an applet identifier.
• TAG Preferably, a value is used for TAG that is not permanently assigned, for example 4F.
• FIG. 6 shows the call-up ("CALL") and use of an applet with a further applet identifier AID2 and a subsequent execution of commands, according to an embodiment of the invention
• CALL call-up
• AID2 further applet identifier
• Various applet-specific APDU commands (“Applet Specific Commands") are sent one after the other from the terminal to the card device.
• the card manager selects the APPLET Instance Object 1 (not 2) on the card device by means of SELECT and sends it from the terminal.
• the applet (more precisely, the applet instance 1) carries out its (or its) intended action, initiated with the further applet identifier AID2, and based on a and the same applet instance 1.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Software Systems (AREA)
• General Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• Business, Economics & Management (AREA)
• Computer Networks & Wireless Communication (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Accounting & Taxation (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Signal Processing (AREA)
• Multimedia (AREA)
• Technology Law (AREA)
• Stored Programmes (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=59152812

Family Applications (1)

Country Status (5)

Families Citing this family (6)

Family Cites Families (10)

• 2016
  • 2016-06-14 DE DE102016007189.3A patent/DE102016007189A1/de active Pending
• 2017
  • 2017-06-09 EP EP17732302.9A patent/EP3469479A1/de not_active Ceased
  • 2017-06-09 WO PCT/EP2017/000679 patent/WO2017215782A1/de unknown
  • 2017-06-09 US US16/308,918 patent/US10735559B2/en active Active
  • 2017-06-09 CN CN201780034980.9A patent/CN109313545B/zh active Active

Also Published As

Similar Documents

Legal Events