KR101018632B1 - Smart card and smart card managing system of having function of managing database - Google Patents

Abstract

A smart card, comprising: a database, an application driving module having a database access account, and receiving the database access account and a database query from the application driving module to confirm the access account, and to the database query statement. A smart card is provided, comprising a database manager for generating a corresponding object code and executing the object code based on data stored in the database. According to the present invention, it is possible to provide a database management unit of a smart card for integrating data scattered according to an application program and enabling each application program to efficiently use the integrated data.

Smart Card, Database Manager, Multiplatform Filesystem Interface

Description

Smart card and smart card managing system of having function of managing database}

The present invention relates to a smart card and a smart card management system having a database management function, and more particularly, to allow a smart card application or an application of a server of an external communication network to access a database included in the smart card. It relates to a smart card and a smart card management system.

Recently, as the mobile communication terminal is rapidly replaced from the 2G support terminal to the 3G support terminal, the development of hardware and software technology of the USIM card essential to the 3G support terminal is emerging as an urgent task.

USIM is a type of smart card that can contain memory and a processor. In the first USIM, subscriber information is stored to enable subscriber management and authentication in the communication network. However, the current USIM storage ranges from 144KB to USIM cards with a storage capacity of 256MB or more.

The increase in storage capacity of such USIM cards is only a matter of time in terms of smart card manufacturing technology.

The smart card for a communication terminal such as USIM can provide various functions in addition to the basic function of authentication of a mobile subscriber due to the rapid increase in memory and the mounting of a processor.

The most representative of these is the Smart Card Web Server (SCWS) function. The smart card web server is an HTTP server implemented in a smart card and supports the HTTP protocol standard. The smart card web server enables various web pages and applications to be run in a mobile communication terminal browser as a client.

Therefore, as various applications are installed on the smart card, a lot of information used by the applications is stored in the storage of the smart card. That is, not only the communication subscriber information but also various information to be referred to by the application program are stored in the storage of the smart card.

However, in order to allow various applications installed in the smart card to access the database of the smart card, each API must be provided to allow the application to refer to the information of the database. This limits the installation or change of various applications on the smart card.

In addition, the SCWS implemented in the smart card enables access to the smart card from the server side of the external communication network, which can cause serious security problems if the external database cannot be managed and authenticated.

The present invention has been made to solve the above problems, and provides a smart card and smart card management system for managing the application of the smart card or the application of the server of the external communication network to the database included in the smart card Its purpose is to.

Other objects of the present invention will become more apparent through the preferred embodiments described below.

According to an aspect of the present invention for achieving the above object, a smart card is provided.

According to an embodiment of the present invention, a smart card, comprising: a database; An application driving module having a database access account; Receiving the database access account and the database query from the application driving module, authenticates the access account, generates the object code corresponding to the database query, and based on the data stored in the database And a database manager that executes an object code, wherein the database manager comprises a path for accessing the database by the database engine to perform an operation corresponding to the command code according to the file system of the database. A smart card is provided, further comprising a multiplatform filesystem interface to adjust.

The database manager may include an account manager that determines a database area corresponding to the access account; It may include a query compiler for interpreting the database query statement to generate the object code, and a database engine receiving the command code from the query compiler to access the database to perform operations corresponding to the command code. .

The database may include at least one of a NOR memory and a NAND memory.

The NOR memory and the NAND memory may respectively store or delete data by file systems of different platforms.

The smart card further includes a smart card web server (SCWS), wherein the application driving module transfers the database access account and the database query to the database access module through the smart card web server. I can send it.`

The application driving module may include a web based application driving module, and the web based application driving module may access the database through the smart card web server and the data manager.

The smart card may be connected to a communication terminal to exchange data with the communication terminal using TCP / IP, and may receive a smart card control command transmitted from an external management server connected to the communication terminal through the communication terminal.

According to another aspect of the present invention for achieving the above object, a method for managing a database is provided.

According to an embodiment of the present invention, in the method for managing a database by processing a database query received from a card application driving module included in the smart card data management unit included in the smart card, the database query statement Authenticating the included database access account; A compilation step of generating object codes corresponding to database queries in which the access account is authorized; Adjusting the object code based on a file system of a database included in the smart card; And executing the object code to calculate the result data by accessing the database.

According to another aspect of the present invention for achieving the above object, a recording medium is provided.

According to an embodiment of the present invention, a record in which a program for implementing a method for managing a database by processing a database query received from a card application driving module included in a smart card is implemented. A medium, comprising: authenticating a database access account included in the database query; A compilation step of generating object codes corresponding to database queries in which the access account is authorized; Adjusting the object code based on a file system of a database included in the smart card; And accessing the database and executing the object code to calculate the result data. A recording medium having a program recorded thereon is provided.

According to another aspect of the present invention for achieving the above object, there is provided a smart card management system.

According to an embodiment of the present invention, in a system for managing a smart card, upon receiving a database query, the database query is analyzed to generate an object code corresponding to the analysis result, and the object code is stored in the database. A smart card including a database manager for adjusting the file system to execute the object code; A mobile communication terminal connected to the smart card and capable of transmitting and receiving data with the smart card; A remote management server (Admin Sever) capable of transmitting and receiving data over a wirelessly connected session with the mobile communication terminal; And a remote database management server for transmitting a database query to the smart card through the remote management server and the mobile communication terminal, wherein the database query is linked with an application program included in the smart card. It is transmitted from the management terminal of the server, the remote database management server is provided with a smart card management system, characterized in that to authenticate the account of the management terminal of the application program server.

The smart card management system further includes a subscriber information management server for storing and managing subscriber information of the mobile communication terminal, wherein the remote management server receives a database query from the remote database management server. Whether or not the smart card of the terminal can process the database query can be authenticated through the subscriber information management server.

As described above, according to the present invention, it is possible to provide a smart card database management unit (lightweight DBMS) for integrating data scattered according to an application program and allowing each application program to efficiently use the integrated data. .

In addition, even in the case of accessing the smart card in the external communication network, the database can be configured and managed by the smart card included in the data management unit of the present invention.

As the invention allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the written description. However, this is not intended to limit the present invention to specific embodiments, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention.

Terms including ordinal numbers such as first and second may be used to describe various components, but the components are not limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component. And / or < / RTI > includes any combination of a plurality of related listed items or any of a plurality of related listed items.

When a component is referred to as being "connected" or "connected" to another component, it may be directly connected to or connected to that other component, but it may be understood that other components may be present in between. Should be. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "comprise" or "have" are intended to indicate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, and one or more other features. It is to be understood that the present invention does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, and in describing the present invention with reference to the accompanying drawings, the same or corresponding components are given the same reference numerals regardless of the reference numerals. Duplicate explanations will be omitted.

1 is a view showing a state in which a smart card is connected to a mobile communication terminal according to an embodiment of the present invention.

Referring to FIG. 1, the mobile communication terminal 100 includes an HTTP client (browser) 105, an application 110, and a mobile communication terminal OS (Operating System) 115.

The smart card 120 connected to the mobile communication terminal 100 includes a smart card OS 125, an SCWS 130, an application driving module 140, a database management unit 150, and a database 160. ).

The smart card 120 may be electrically connected to the mobile communication terminal 100 to transmit and receive signals, and the method of transmitting and receiving data may include a method through an APDU (Application Protocol Data Unit) environment and a universal serial bus (USB) environment. Through the TCP / IP method and the USB environment, the Mass Storage command method can be used. However, the environment or protocol for the smart card 120 of the present invention to communicate with the mobile communication terminal 100 is not limited thereto, and various methods may be applied.

The smart card OS 125 refers to a smart card operating system, and may also be called other names such as a chip operation system (COS). The smart card OS 125 may perform hardware, management, and forgery, tampering, and copy protection through a security mechanism, as well as a program that is embedded in the smart card 120 to execute each module and the smart card 120. There is also.

The SCWS 130 corresponds to a Hyper Text Transfer Protocol (HTTP) server included in the smart card 120 of the present invention. The mobile communication terminal 100 or the mobile communication terminal 100 transmits an HTTP protocol to an external communication network. Thereby transmitting a data such as a web document.

That is, the SCWS 130 corresponds to a mobile server implemented in the smart card 120 of the present invention, and basically a web page document (Static or Dynamic) at the request of a browser (client) 105 of the mobile communication terminal 100. HTML pages) may be transferred to the mobile communication terminal 100.

In addition, the mobile communication terminal 100 of the present invention may be connected to an external communication network by performing TCP / IP communication, and the SCWS 130 has a URL in a DNS (Domain Name System) system as in a conventional web server. It may be registered to access the SCWS of the present invention from an external communication network.

That is, the mobile communication terminal 100 enables the external access to the SCWS 130 by acting as an IP gateway between the SCWS 130 and the external communication network. For this reason, a session is established with a remote management server (not shown) located in an external communication network so that it can be controlled from the outside. It is apparent that such server-to-server data exchange and update are possible by a separate agent program (not shown).

The application driving module 140 is illustrated as including a servlet driving module 142 and an applet driving module 144.

The servlet driving module 142 refers to an application program driving module based on a web server by the SCWS 130 to the mobile communication terminal 130 or an external communication network. ) May be required.

In addition, unlike the servlet driving module 142, the applet driving module 144 is a module for driving an application program that is operated without interworking with the SCWS 130, and may also need to access the database 160.

However, the servlet driving module 142 and the applet driving module 144 described above are examples for distinguishing the application driving module that requires the interworking with the SCWS 130 and the application driving module that does not need the interworking with the SCWS according to the type of the application program. Obviously, it may be possible to further include other types of application driving modules.

Database management unit (DBMS: 150) included in the smart card 120 of the present invention is a database for the data required to be referenced in the application driving module 140 to drive the application program described above. This module manages to access and use the 160.

In addition, when data such as a web page document, an image, etc. to be provided to the mobile communication terminal 100 by the SCWS 130 is stored in the database 160, the 130 may also access the database.

When the database manager 150 of the present invention does not exist as described above in the background art, various modules such as the above-described SCWS 130, the servlet drive module 142, and the applet drive module 144 may be used. API (Application Program Interface) had to be implemented separately.

However, when the application program is updated and changed in the smart card 120, the API for accessing the database 160 to the application driving module 140 must also be changed, so it must be newly designed up to the API every time. This greatly reduces the utility of).

In addition, as will be described later, the database 160 of the present invention may include both a NOR-type flash memory and a NAND-type flash memory. Each of the storage units NOR and NAND managing data using different file systems may be provided. Since a variety of APIs for access must be considered, a problem arises in updating the application program of the smart card 120.

The database manager 150 of the present invention allows the application driver 140, which can be driven by the SCWS 130 and various programs, to easily access the database 160.

That is, the database manager 150 may receive a query (or query command) for accessing the database 160 from the SCWS 130 and the application driver 140 through an application access interface. have.

In this case, the application access interface may perform a function of authenticating and authorizing each database access authority account by various modules such as the SCWS 130, the servlet driving module 142, and the applet driving module 144. As a result, various application driving modules 140 may be managed to prevent access to an area of the database 160 which is not authorized by the user account.

The query command may include operation commands such as Create Dictionary, Create Table, Create Views, Create User, Commit, Drop table, Drop view, Insert, Update, Delete, Revoke, and Rollback.

The database manager 150 includes a query compiler, which queries and parses a query (or query command) from the SCWS 130 and the application driver 140. (Parsing) Thereafter, based on the parsed result, the database 160 is accessed to generate an object code capable of performing the above-described command operation.

The database manager 150 accesses the database 160 based on the corresponding code, reads out the corresponding data, and performs a command operation based on the read data to transmit the result to the application driving module 140.

Therefore, according to the database manager 150 of the present invention, various types of application driving modules 140 can access the database 160 through SQL (Standard Query Language), which is a standardized query word.

In addition, when the database manager 150 of the present invention accesses the database 160, a multiplatform file for accessing each of the storage units NOR and NAND managing data with different file systems. Contains the system interface.

In other words, the file system of various platforms exists as a system that adds indexes to data files and arranges rules such as where to logically locate and organize them for data storage and retrieval.

Accordingly, the database manager 150 of the present invention includes a multi platform file system interface for accessing a database of file systems of various platforms.

That is, for example, the NOR type flash memory, which is currently used in smart cards 120 such as USIM, is an ESTI standardized file system (ISO-7816-4) in which basic reads, writes, and updates are defined. Flash memory has limitations in speed and capacity. For this reason, the smart card 120 of the present invention may include a NAND type flash memory. In this case, the NAND type flash memory is operated by another file system such as FAT16.

For this reason, a NOR flash memory and a NAND flash memory may coexist in one smart card 120, and a NAND flash memory operated by a different file system may be mounted in each smart card 120.

Therefore, in order to access the memory of the various file systems consistently, the above-described multiplatform file system interface may control the object codes of the corresponding file system to access the object codes to the database 160 of different file systems. Performs a matching function.

In addition, even when the database 160 of various types of smart cards 100 (for example, smart cards manufactured by different manufacturers) has a memory using different file systems, the database manager of the present invention ( 150) to function normally.

Therefore, according to the data management unit 150 of the present invention, it is possible to manage the database through SQL without the application developer and the like need to understand all the file systems of various platforms. This will be described later in detail with reference to FIG. 4.

The above description is for various modules such as the SCWS 130, the servlet driving module 142, and the applet driving module 144 in the smart card 120 to access the database 160 in the smart card 120. Although the configuration has been described, it is not only the access to the database 160 inside the smart card 120.

That is, as shown in the figure, the smart card 120 according to the embodiment of the present invention is connected to the mobile communication terminal 100 to perform data communication, so that the application 110 of the mobile communication terminal 100 is also present. The database 160 of the smart card 120 may be accessed.

However, the channel through which the mobile communication terminal 100 performs data communication with the smart card 120 of the present invention may be TCP / IP communication through USB as described above. Is performed through. That is, when the mobile communication terminal 100 requests in a relationship between the server and the client, data exchange is performed in a manner that the SCWS 130 responds. However, as described above, not only TCP / IP but also data exchange may be performed in various manners of a bearer independence protocol (BIP).

In this case, the application 110 installed in the mobile communication terminal 100 also accesses the SCWS 130 through the communication terminal OS 115, and the database 160 through the database manager 150 as described above. Can be accessed.

In addition, the database 160 in the smart card 120 is accessible to a remote management server (Admin. Server, not shown) located in the mobile communication network. That is, the remote management server external to the smart card 120 transmits a query or the like transmitted from the remote remote database management server 610 (not shown) or the gateway server (not shown) to the mobile communication terminal, and the mobile communication terminal. 100 may access the database 160 in the communication network by transmitting it to the smart card 120. That is, data storage, retrieval, and updating of the database 160 can be performed externally. This will be described in detail with reference to FIG. 6.

In addition, in the smart card 120 according to another embodiment of the present invention, the mobile communication terminal 100 accesses the database 160 of the smart card 120 through the SCWS 130 and the database manager 150. Rather, it may be allowed to access the database 160 directly.

That is, the predetermined area of the database 160 may function as a mass memory, in which case the mobile communication terminal 100 accesses the mobile memory conventionally through the communication terminal OS 115. As described above, data may be read by accessing a predetermined area of the database 160. The communication terminal can access the removable memory area of the database through a separate USB environment in order to store, retrieve, and delete data in the mass storage.

That is, in the case of the smart card according to another embodiment of the present invention, the mobile communication terminal 100 and the separate mass storage and read command must be connected to a USB channel that can transmit a predetermined area of the database.

FIG. 2 is a detailed diagram illustrating an internal configuration of the database manager described with reference to FIG. 1.

Referring to FIG. 2, the database manager 150 includes an application access interface 200, a query compiler 210, a database engine 220, and a multiplatform file system interface 230.

The application access interface 200 is an interior of the database manager 150 that provides an environment in which the applet drive module 144 of the application driver 140 of the smart card 120 can access the database manager 150. Module.

In the case of the applet driving module 144, since the application program is not executed at the server side, it is not necessary to transmit a query statement to the database manager 150 via the SCWS 130, and thus, directly to the application access interface 200. I can access it.

However, the servlet driving module 144, which is a web-based application, accesses the application access interface 200 through the SCWS 130. In addition, even when a query or the like is transmitted from the mobile communication terminal 100 connected to the smart card 120 through TCP / IP as described in FIG. 1, the database management unit 150 is connected to the database manager 150 through the SCWS 130. .

In each case described above, the application access interface 200 may perform access authority authentication. That is, the application access interface 200 allows access only when the database 160 of the smart card 120 matches the account presented by the application driving module 140 which accesses the database 160 separately for each account.

That is, one type of data is not stored in the database 160, but data required by various application driving modules 140 may be stored. For example, in the case of the data related to E-banking (for example, an accredited certificate) among the application driving module 140, access should not be allowed by another application driving module.

In addition, when the application driving module 140 of the smart card 120 receives a driving command from the server in the external communication network and transmits the driving command to the mobile communication terminal 100 for driving (interlocking), except for the area of the corresponding database 160. Security features that do not allow access are mandatory.

Therefore, according to the database manager 150 included in the smart card 120 of the present invention, only the access of the area of the preset database 160 is allowed by performing account management or authorization authentication by the application access interface 200. Can be.

However, when the application driving module 140 is the servlet driving module 144, the SCWS 130 may determine whether the application driving module 140 is a registered account. This case will be described later with reference to FIG. 3.

In the case of passing through the application access interface 200, the query transmitted from each application driver 140 or the SCWS 130 is transmitted to the query compiler.

The query compiler 210 includes a tokenizer, a parser, and a code generator. In addition, the query compiler 210 may further include a semantic analyzer, a source code optimizer, and the like, but a description thereof will be omitted.

The tokenizer performs the function of separating SQL queries into tokens. In other words, SQL is read one by one to recognize tokens (symbolic words) and information about them (Literal / symbol table) is written. In other words, SQL is read character by character and converted into token string.

The parser parses a sequence of tokens and creates a parse tree that can be used to generate executable code. That is, the parser generates a parse tree through a syntax analysis that checks whether a sentence is grammatically correct using token tokens generated by the tokenizer and information about the tokenizer. The parse tree is a tree expressed as a node including information such as identifiers, expressions, and numbers among the tokens in the parsing step. It is obvious that a parse tree can also be replaced with a Syntax Tree consisting only of the information needed by the code generator.

The code generator converts the parse tree into intermediate code. In other words, the code generator generates the intermediate code by executing the code generation routine that matches the grammar rules using the parse tree. The code generator can save the space and execution time when executing the code through local optimization or global optimization in order to optimize the operation of the code.

The code generator then selects the number of registers in the database to perform the operation, determines the storage location for the data, and generates optimized intermediate codes as codes for the target machine language.

The generated object code is transmitted to the database engine 220 of the database manager 150 included in the smart card 120 of the present invention. Therefore, the database engine 220 can execute the object code using the data stored in the database 160 as a variable and store the result in the database 160.

However, if the smart card 120 has a storage unit (memory) in the database operated by different file systems, it may be impossible to access the database 160. Therefore, the multiplatform file system interface 230 exists in the database manager 150 of the present invention.

The multiplatform file system interface 230 matches a file control command of a file system used in each file system to a command and a variable of each object code included in the command code.

Thus, the database engine 220 accesses the database 160 through the multiplatform file system interface 230 of the present invention, regardless of which file system the storage included in the database 160 is operated by. The object code can be processed. Detailed operations of the multiplatform file system interface 230 will be described with reference to FIG. 5.

3 is a diagram illustrating a process of accessing a database by a database manager according to an exemplary embodiment of the present invention.

Referring to FIG. 3, first, an on-card application driving module 140 attempts to access an account registered as the SCWS 130. Therefore, in this case, it is assumed that the application driving module 140 is the servlet driving module 142.

In this case, since the servlet driving module 140 corresponds to the driving module of the web-based application program, the servlet driving module 140 accesses the SCWS 130 through an API in the form of a Uniform Resource Locator (URL). API access between the servlet drive module and the SCWS 130 is defined in the ETSI standard (TS 102 588), and thus a detailed description thereof will be omitted.

The servlet driving module 140 accessing the registered account requests a query command (question query) within a preset authority range under the registered account (S300).

The SCWS 130 transmits the query command requested from the servlet driving module to the database manager 150 according to the present invention (S310).

The database manager 150 performs an authentication procedure to determine whether the corresponding servlet drive module 140 can access the area of the database 160 and analyzes the authority to use the database 160.

When the above-described authentication process and usage authority analysis are completed, the compiler analyzes the query command to generate the object code, and the object code is executed by the database engine to generate the result data (S320).

In this case, as described above with reference to FIG. 2, the multi-platform file system interface may exist on a path through which the database engine accesses the database 160 to generate the result data.

The database manager 150 transmits the generated result data to the SCWS 130. The SCWS 130 transmits the result data to the servlet driving module 140 (S330).

The servlet driving module 140 receives the result data to drive the servlet program (S350).

The driving result of the servlet program may be transmitted to the mobile communication terminal 100 or another client located in an external communication network through the SCWS 130 and output through the web browser.

4 is a diagram illustrating a process of accessing a database by a database manager according to another exemplary embodiment of the present invention.

Referring to FIG. 4, the application driving module 140 attempts to access an account registered directly to the database manager 150, and requests a query command within a privilege range differently from that described in FIG. 3 (S400). Accordingly, in the case of FIG. 4, the application driving module 140 corresponds to the applet driving module 144 instead of the servlet driving module 142.

In this case, the applet driving module 140 may access the database manager 150 in the form of an application API.

Thereafter, the database manager 150 generates the object code by analyzing the query command by the compiler as described in FIG. 3, and executes the object code by the database engine to generate the result data (S410).

The database manager 150 transmits the generated result data to the applet driving module 142 so that the applet driving module 142 can drive the applet program using the result data.

5 is a diagram illustrating a process of accessing a database by a database manager of the present invention.

Referring to FIG. 5, the database manager 150 receives a query from the application driving module 140 or the SCWS 130 through the application access interface 200 (S500).

As described with reference to FIG. 2, the object code to be executed in the database engine is generated through a query statement analysis process (lexical analysis and syntax analysis) (S510 and S520).

However, when the object code is executed in the database engine 220, the database 160 in which data to be referred to by the database engine 220 is stored may be operated by different file systems according to storage hardware characteristics. .

For example, the NOR type flash memory 162 is operated by the file system 541 of ETSI (ISO 7816-4) according to the current smart card standard, but the NAND type flash memory 164 like the smart card of the present invention. ) May be added, the memory may be operated by various file systems 549, such as FAT16 (542), FAT32 (543), and the like.

Therefore, in order to access the respective memory in the database engine 220, the object code must match the operation code of the corresponding file system (S530).

The multiplatform file system interface 200 included in the database manager 150 of the present invention must match an object code with a file control command of the corresponding file system. In this case, the object code generated by the compiler 210 and the file control command of the corresponding file system may be matched in advance and stored as a look up table.

That is, the multiplatform file system interface 230 may match the operation command corresponding to the file system of the database 160 used for the operation of the object code and add or replace the operation command to the object code.

Thereafter, the database engine 220 may generate the result data by accessing the corresponding database 160 and performing the operation of the object code.

The method of the present invention as described above may be implemented in a program and stored in a computer-readable recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.).

6 is a diagram illustrating a remote smart card operating system according to an embodiment of the present invention.

6, the remote smart card operating system according to an embodiment of the present invention is an AS (Application Server) group 620, a remote database management server 610, a remote management server (Admin. Server, 600), subscribers An information management server 601, a smart card information management server 602, an over-the-air activation server (OTA) 603, a mobile communication terminal 100, and a smart card 120 may be included.

The remote management server 600 may manage the SCWS by transmitting an Admin command to the SCWS included in the smart card 120 as an HTTP server. For example, setting or changing configuration parameters of SCWS or installing or deleting an HTML page can be performed.

The application server group 620 transmits an application that can be run on the smart card 120 according to the present invention to the smart card 120 or provides data required for driving the corresponding application on the smart card 120. Means one or more servers capable of doing so. An application server group does not have to consist of related servers.

The application server group 620 may include service servers operated by various service providers. That is, each bank server for E-banking, a web server that provides a web page or a portal service, and an application server that provides various services such as a content providing server may be included.

The application server transmits query commands directly to the remote management server 600 through a gateway server (not shown) connected between the application server group 620 and the remote management server 600, and the remote management server 600 sends the query command. It may be transmitted to the smart card 120 through the mobile communication terminal (100). In this case, as a result, the application server can access the database 160 of the smart card 100.

However, in this case, assuming that the servers of the various application server group 620 can access all of the database of the smart card without account and authorization authentication, a serious problem occurs in information security.

That is, when accessing the database 160 of the smart card 120 for a service provided by the content providing server (for example, upgrading of the smart card), it is stored in the database 160 of the smart card 120. Because a public certificate can be exposed, a security policy is required.

Therefore, the remote database management server 610 of the present invention is a security and authentication server configured to always go through when the application server accesses the database 160 of the smart card 120. Detailed configuration of the remote database management server 610 of the present invention will be described later in FIG.

The remote database management server 610 of the present invention is connected to the remote management server 600 to receive or authenticate information required for authenticating the application server from the subscriber information management server 601, the smart card information management server 602, etc. You can request

The subscriber information management server 601 is a server that manages information of a network subscriber and a mobile communication terminal (screen resolution, supportable application information, browser version, etc.).

The smart card information management server 602 is an identification number of the smart card 120 managed by the remote management server 600, a model name, an identification number of the mobile communication terminal 100 used in connection with the smart card 120 Smart card related information such as user identification number can be managed.

In other words, the smart card 120 may provide an application or authenticate an allowed application server 621. In addition, when the application server 621 accesses the remote database management server 610 of the present invention, an authentication procedure such as ID / password may be performed.

Therefore, only the application server 621 administrator registered as being able to access the remote database management server 610 of the present invention accesses the remote database management server 610 of the present invention and finally accesses the smart card 120. This is possible.

The OTA server 603 transmits an SMS (S to the mobile communication terminal 100) from the remote management server 600 to the mobile communication terminal 100, thereby communicating with the mobile communication terminal 100 and the remote management server 600. Make sure that the Session is connected.

That is, since the mobile communication terminal 100 does not always form a dedicated channel with the mobile communication network 100, the OTA server 603 transmits the session connection request message to the SMS when the user wants to request a session connection in the forward direction. do.

The above-described remote management server 600, OTA server 603, subscriber information management server 601 and smart card information management server 602 may be operated by a mobile communication service provider, a separate third provider It may be operated by.

The application server 621 authenticated from the remote database management server 610 of the present invention may transmit a query request to the mobile communication terminal 100 through the remote management server 600, and the mobile communication terminal 100 may transmit data. The base query request is transmitted to the smart card 120 by TCI / IP to access the database. Since the configuration inside the smart card 120 is the same as described with reference to FIGS. 1 and 2, the description thereof will be omitted.

7 is a diagram showing the configuration of a database management server according to an embodiment of the present invention.

Referring to FIG. 7, the remote database management server 610 may include an application access interface 700, a security policy management module 710, a data backup processor 750, a command processor 760, and a management access interface. 770 may be included.

The application access interface 700 provides an API for accessing the remote database management server 610 from the application server 621 described with reference to FIG. 6, whereby the application server 621 provides a security policy management module 710. Or it provides an environment to communicate with a separate DBA (Data Base Administrator, 615).

The security policy management module 710 may include an account management module 720, a rights management module 730, and a version management module 740. It includes an account management module and a rights management module for authenticating the account of the application server connected to the remote database management server 610 and setting the rights.

The version control module 740 manages account rights and preferences and the database 160 settings of the current smart card 120.

The data backup processor 750 corresponds to a data processing module that backs up and stores information stored in the database 160 of the smart card 120.

That is, the manager (manager terminal, 625) of the application server 621 upgrades the data stored in the smart card 120, or the user of the smart card 120 to format the database 160 of the smart card 120 In this case, data previously stored in the database 160 of the smart card 120 should be backed up.

However, the data backup processor 760 of the remote database management server 610 of the present invention because the data can not be backed up unless a separate reader and memory capable of backing up the data stored in the smart card 120 cannot be backed up. Backs up data of the database 160 at the request of the smart card 120 or the application server 621.

The command processor 760 generates and transmits a management command or a management query to the remote management server 600 connected through the management access interface 770. Management access interface 770 provides an API for the remote management server to communicate with the database management server of the present invention.

In the above-described management access interface 770, "management access" refers to an access for accessing the smart card management infrastructure, which is named management infrastructure in FIG. 6 and is indicated by a dotted line. This infrastructure can meet the standards of the Open Mobile Alliance (OMA).

The infrastructure refers to a network configuration for controlling the smart card 120 of the mobile communication terminal and may be operated by the mobile communication service provider as described above in FIG. 6.

Accordingly, the management infrastructure may further include a mobile communication network configuration device such as a PDSN, an exchange, a base station, and the like. The subscriber information management server and the smart card information management server may be replaced with a home location register (HLR).

8 is a diagram illustrating a process of controlling the database manager of the smart card by the smart card operating system of the present invention.

First, the application server 620 or the administrator of the application server (administrator terminal, 615) transmits a login request to the remote database management server 610 of the present invention (S800).

In this case, the login request may include an ID and password. This request is sent via the application access interface described in FIG.

The remote database management server 610 inquires the account of the application server based on information such as ID and password included in the login request (S802). If the inquiry result is authenticated, "OK" is transmitted to the administrator of the application server (S804).

The manager 615 of the application server generates a query command for accessing the database 160 of the smart card 120 (S806).

The manager 615 of the application server requests the remote database management server 610 to transmit the generated query command to the mobile communication terminal 100 (S808).

The remote database management server 610 transmits an ACK message indicating that the request has been received and is being processed, to the manager 615 of the application server (S811).

On the other hand, the remote database management server 610 transmits a request for performing a database query request received from the manager 615 of the application server to the remote management server (S810). In this case, the execution request may include database information, application information, and application manager account information.

The remote management server 600 transmits subscriber authentication and terminal inquiry request to the subscriber information management server 601 (S812).

Thereafter, whether the database 160 of the smart card 120 is accessible from the subscriber information management server 601 (for example, whether it is connected to the smart card 120 or the smart card (! 20)). It is determined whether or not the database manager 150 exists, and reports whether or not the database 160 of the smart card 120 is accessible (S814).

The remote management server 600 transmits an "OK" message to the remote database management server 610 (S816).

The remote database management server 610 is a query statement (for example, SQL) that can recognize the database query command transmitted in step S808 by the manager 615 of the application server in the database manager 150 of the smart card 120. Can be regenerated (S818).

The remote database management server 610 transmits the query to the remote management server 600 and requests to transmit the query to the mobile communication terminal 100 (DB service request) (S820).

Accordingly, the remote management server 600 transmits an SMS transmission request for establishing a communication session with the mobile communication terminal 100 to the OTA server 603 (S822).

The OTA server 603 transmits an SMS to the mobile communication terminal 100 (S824). The sent SMS includes a session connection request message with the remote management server.

The mobile communication terminal 100 receiving the SMS connects a session with the remote management server 600 through a Gateway GPRS Support Node (GGSN), a Serving GPRS Support Node (SGSN), etc. of the mobile communication network (S826).

Thereafter, the remote management server 600 transmits a DB service execution request to the mobile communication terminal 100 (S828). The mobile communication terminal 100 transmits a DB access permission request to the database manager 150 of the smart card 120 (S830).

In this case, the DB access permission request may include an account of the administrator 615 of the application server, and the database manager 150 reads it from the DB access permission request and checks the account and authority (S832).

In the case of the application server or the administrator 615 having access to the database 160 as a result of checking the account and the authority, an “OK” message indicating that the access is granted is transmitted to the mobile communication terminal 100 (S834). The mobile communication terminal 100 transmits it to the remote management server 600 again (S836).

The remote management server 600 accordingly transmits an "OK" message indicating that the database 160 is accessible to the remote database management server 610 (S838).

Thereafter, the remote management server 600 transmits the DB query received in step S820 to the mobile communication terminal (S842). The mobile communication terminal 100 transmits a DB query to the database manager 150 of the smart card 120 (S844).

As described above with reference to FIGS. 1 and 2, the database manager 150 analyzes the query and generates the object code to perform this. In this case, when the DB query is linked with the On Card application driving module of the smart card 120, the DB query is received through the corresponding application driving module, and the database manager 150 may process it. The database manager 150 performs an operation (eg, "Update") corresponding to the corresponding object code, and stores the result in the database 160. (S846)

The database manager 150 transmits an "OK" message indicating that the requested DB query has been processed to the mobile communication terminal 100 (S848). In this case, the processed result data together with the "OK" message can be transmitted together.

The mobile communication terminal 100 accordingly transmits an "OK" message to the remote management server 600, and may also transmit the processed result data together.

The remote management server 600 transmits an "OK" message to the remote database management server 610 again, and the remote database management server 610 may confirm that the DB query has been normally processed through the result data. Can be stored.

The remote database management server 610 transmits an "OK" message indicating that the processing of the DB query command is completed to the manager 621 of the application server.

Although the above has been described with reference to the embodiments of the present invention, those skilled in the art may variously modify and modify the present invention without departing from the spirit and scope of the present invention as set forth in the claims below. It will be appreciated that it can be changed.

1 is a view showing a state in which a smart card is connected to a mobile communication terminal according to an embodiment of the present invention.

FIG. 2 is a diagram illustrating in detail the internal structure of the database manager described with reference to FIG. 1; FIG.

3 is a diagram illustrating a process of accessing a database by a database manager according to an embodiment of the present invention.

4 is a diagram illustrating a process of accessing a database by a database manager according to another exemplary embodiment of the present invention.

5 is a diagram illustrating a process of accessing a database by a database manager of the present invention.

6 is a diagram illustrating a remote smart card operating system according to an embodiment of the present invention.

7 is a diagram showing the configuration of a database management server according to an embodiment of the present invention.

8 is a diagram illustrating a process of controlling a database manager of a smart card by the smart card operating system of the present invention.

Claims (11)

In the smart card, database; An application driving module having a database access account; Receiving the database access account and the database query from the application driving module, authenticates the access account, generates the object code corresponding to the database query, and based on the data stored in the database Including a database management unit that performs the object code, The database management unit And a multiplatform file system interface for adjusting the path of accessing the database according to the file system of the database in order that the database engine performs an operation corresponding to the instruction code. The method of claim 1, The database management unit An account manager which determines a database area corresponding to the access account; A query compiler for interpreting the database query statement and generating an object code; And a database engine receiving the command code from the query compiler and accessing the database to perform an operation corresponding to the command code. The method of claim 1, The database is A smart card comprising at least one of a NOR memory and a NAND memory. The method of claim 3, The NOR memory and the NAND memory are each smart card, characterized in that for storing data by the file system of a different platform. The method of claim 1, The smart card further includes a smart card web server (SCWS: Smart Card Web Server), The application driving module transmits the database access account and the database query to the database access module through the smart card web server. The method of claim 5, The application driving module Including a web-based application driving module, The web-based application driving module accesses the database through the smart card web server and the data management unit. The method of claim 1, The smart card is connected to a communication terminal to exchange data with the communication terminal using TCP / IP, and receives a smart card control command transmitted from an external management server connected to the communication terminal through the communication terminal. Smart card. In the method of managing a database by processing a database query received from the card application driving module included in the smart card data management unit included in the smart card, Authenticating a database access account included in the database query; A compilation step of generating object codes corresponding to database queries in which the access account is authorized; Adjusting the object code based on a file system of a database included in the smart card; And Accessing the database and executing the object code to calculate result data A recording medium in which a program for implementing a method of managing a database by processing a database query received from a card application driving module included in a smart card is included in a smart card. Authenticating a database access account included in the database query; A compilation step of generating object codes corresponding to database queries in which the access account is authorized; Adjusting the object code based on a file system of a database included in the smart card; And And accessing the database and executing the object code to calculate the result data. In the system for managing smart cards, Receiving a database query, the database query to analyze the query to generate the object code corresponding to the analysis results, and adjusts the object code according to the file system of the database includes a database management unit for performing the object code Smart card; A mobile communication terminal connected to the smart card and capable of transmitting and receiving data with the smart card; A remote management server (Admin Sever) capable of transmitting and receiving data over a wirelessly connected session with the mobile communication terminal; Including a remote database management server for transmitting a database query to the smart card through the remote management server and the mobile communication terminal, The database query is transmitted from a management terminal of an application server linked with an application program included in the smart card, and the remote database management server authenticates an account of the management terminal of the application server. Smart card management system. The method of claim 10, The smart card management system Further comprising a subscriber information management server for storing and managing subscriber information of the mobile communication terminal, When the remote management server receives a database query from the remote database management server, the remote management server authenticates through the subscriber information management server whether the smart card of the mobile communication terminal can process the database query. Smart card management system characterized by.

Images