TW200820076A - Portable mass storage with virtual machine activation - Google Patents

Abstract

A portable mass storage device is used to store large files such as digital pictures, movies and music. The mass storage device has firmware with security mechanisms that limit access to read write operations to ensure reliable operation of the device to prevent unwanted copying or storing of secure content such a copyrighted material. Although the security mechanisms generally limit access, the firmware is operable to work with a virtual machine and allows the virtual machine to access the secure content and work in conjunction with the firmware to read and write data to the mass storage memory, if the virtual machine is present. The virtual machine is either loaded but not activated at the time of manufacture, or is downloaded and activated post manufacture. Any royalty for the virtual machine is paid for only if and when the virtual machine is both present and activated in the device.

Description

200820076 IX. Description of the Invention: [Technical Field] The present invention generally focuses on a portable mass storage device and a blade body and software running on the device, and more specifically, regarding providing the software and Direct his content and enable it and pay for it. 〃 [Prior Art] Smart cards have been around for quite some time and are often used as transfers and letters (among other cards). Smart Cards are processor-controlled and include a small amount of memory to retain identification and transaction-related data. Recently, the ability to build and run Java-based programs on smart cards has been developed and is common. The main program can also be implemented in other smart devices (such as those commonly used in digital cameras and music players). These other cards are recognized as mass storage devices because they must be stored and stored. Take a library of extremely large data (such as photos and music), the level of which is greater than the level of transactions and identification data stored in the smart card. Examples of such a large number of memory cards are small flash ("CF") cards, secure digital ("sd") card', East your milk card, micro SD card, multimedia ("_〇卡, and memory stick. In addition to the use of examples, there are more than a large number of memory cards in different formats. Portable flash memory is a general-purpose serial bus ("USB") driver: a type of portable mass storage device. ° A / Java CardTM technology enables a program written in a "programming language" to run on a smart card And other small resource-constrained devices. Developers can build and test programs with the software development tools and environment, and then turn them into a form that can be installed on Java CardTM technology enabled devices. , eight. For 123l8l.d〇c 200820076

The application soft system of the Java CardTM platform is called a small application, or more specifically, a Java CardTM small application or a small card application (to distinguish it from a browser small application). Although Java CardTM technology enables programs written in a Java programming language to run on small memory cards, the power of such small devices is too low to support the full functionality of the Java platform. Therefore, the Java CardTM platform only supports a carefully selected subset of the features of the Java platform. This subset provides object-oriented capabilities that are well-suited for writing features for small devices and retaining the Java programming language.

Java CardTM is a type of virtual machine. Other virtual machines may also be used and the virtual machine is abstracted by a physical processor and has a virtual counterpart of a conventional processor. In the case of the Java language, the Java Virtual Machine is used as an interface between the compiled Java binary code and the lower hardware platform microprocessor. An application that is particularly useful when implemented in a small device involves text-protected content. (such as music or movies, etc.) pay. In order to run an application written in Java, the Java CardTM virtual machine must be loaded into the card and enabled. Each instance of the machine is required to pay an authorization fee to Sun or a supplier of such components. Because the primary use of the smart card is parental, the issuer of the card can accept the cost of the license fee as a business cost. However, the user of the large memory card may or may not use the virtual machine H to make it available for additional applications. Because the typical system owns and uses the card primarily for data storage purposes. Therefore, the manufacturer cannot pass or absorb the cost of the license fee as usual. In addition, running on a virtual machine 123181.doc 200820076 Small applications or other programs may also require a license fee that cannot be passed (for users who may not use it) or absorbed. The role of the Java CardTM virtual machine is best understood in the context of the production and configuration procedures for the software for the Java platform. Several components that make up the Java CardTM system include the Java CardTM virtual machine, the converter for the Java CardTM platform ("Java CardTM converter"), the terminal installation tool, and the installer running on the device. The development of Java CardTM small applications begins like any other Java program: the developer writes one or more Java classes and compiles the source code with a Java compiler to produce one or more category files. Simulate the device environment by running, testing, and debugging small applications on the workstation using simulation tools. Next, when a small application is ready to be downloaded to a device, a Java CardTM converter is used to convert the category file containing the small application into a CAP (Transformed Small Application) file. The Java CardTM converter takes all the class slots (which form a Java package) as input. The Java converter also takes one or more export files as input. The export file contains the name and link information of the other packaged content that is imported by the category being converted. When converting a small application or library package, the converter can also generate a export file for the package. ' Typically, after conversion, the CAP file is copied to a card terminal, such as a desktop computer with a card reader peripheral. Next, one of the installation tools on the terminal loads the CAP file and sends it to the Java CardTM technology enabled device. One of the installers on the device receives the contents of the CAP file and prepares a small application to be run by the Java CardTM virtual machine. Virtual Machines 123181.doc 200820076 There is no need to load or process CAP files; it only needs to execute the small application code found in the CAP file on the device by the installer. These and other aspects of the Java CardTM platform are described in the following specifications from Sun Microsystems, which is incorporated herein by reference in its entirety. Application Programming Interface, Java CardTM Platform, Version 2 2 1 · Runtime Environment Specifications , Java CardTM platform, version 221; and virtual machine specifications, Java CardTM platform, version 2.2.1 As mentioned above, in order to run an application written in j^va, the Java CardTM virtual machine must be loaded into the card and Enable it. In one of the prior methods described in U.S. Patent No. 6,772,955, the disclosure of which is incorporated herein by reference in its entirety in its entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all all The source code used to use the card as a point card is written in Java and loaded into the card. Update the balance of each item for the purchase of the card.

Each instance of the Java Virtual Machine is required to pay an authorization fee to Sun or other vendors. Similarly, any other proprietary virtual machine may need to pay for the licensor of this machine. In the smart card, each card has one of the Java CardTM virtual machines enabled and a paid copy. This would increase the cost of each smart card as it may increase the cost of the system described in the Yoshimoto patent. Since the basic functionality of a smart card is a transaction in most applications, this cost can be absorbed and/or communicated to the manufacturer, intermediary or consumer by the manufacturer, intermediary or consumer. However, it is not desirable to absorb or pass on the cost of the license in a mass storage device that may not have utilized the functionality of the virtual machine. 123181.doc -10- 200820076 Global Platform is the Smart Card Promotion and Standardization Industry Association. The Global Platform serves as a smart card industry standard body that establishes and maintains an open technology framework for the global deployment of smart card programs by many service providers across many industries. Global Platform Card Specification V·1·1 ·1 and global platform card security requirements Formal Specification of Global Platform Card

Security Requirements) (marked on December 4, 2004, which is available on www.globalplatform.com and is incorporated by reference in its entirety). The global platform application design interface for global platforms ("Αρι&quot ;) and other aspects. The global platform provides downloads of small applications to smart cards or other devices that already have virtual machines. However, while this provides the small applications and associated functionality required, it is provided for cards that already have the virtual machines needed to run small applications. SUMMARY OF THE INVENTION This month increases the potential use of portable mass storage devices while minimizing manufacturing and usage costs. The present invention allows such devices to run a variety of specialized software applications, but only if the user chooses to utilize the functionality of such applications to bear the cost of such applications. In other words, the costs associated with possible use are only brought out in real time. For the city, the two are the advantages of this system. Manufacturers can increase product functionality and the city "transparent, without having to absorb or pass the cost of a certain::::: levy, consumers with these characteristics can not want to (4) consumers of this feature do not need to Some features are required or paid for. " 123181.doc •11- 200820076 Virtual Machine II is not useful in portable mass storage devices because it is used by placing the virtual machine in a suitable location. A wide variety of applications (compared to applications that can be used directly on the device). This is due to the independence of the virtual machine from any particular processing platform. A virtual machine is a self-contained (4) environment that is executed by a microprocessor but functions as a stand-alone computer. Virtual machine n application will

Executing and running on the virtual machine towel in the same manner is independent of which processor and operating system the virtual machine is running on. 2 However, the previous solution has already made the money machine and the person remembers the card. However, if the “Shabbers” want or need a virtual machine, the cost of the virtual machine must be borne by the manufacturer and the consumer. While this is acceptable in devices primarily intended for use as a card or "electronic wallet", it is not desirable in portable mass storage devices that may otherwise be used for other purposes. I & % ’ only need to pay the license fee for the virtual machine if the user wants to use it - a virtual machine is required. Due to &

The cost of the storage device can be reduced to the minimum value of the A person's 4" and can be paid for additional applications and virtual machines only when necessary or required. The virtual machine can be enabled at any time during the life of the device and only pays when it is enabled. The machine ^ is loaded into the card independently of any time, or in combination with the application of the machine 11. Too sweet ^ ^ In some preferred embodiments, the installation of a virtual machine is performed when a virtual machine is required in the background as part of the activation of a virtual machine or a higher-order application, without the user having to know. The present invention allows an environment in which only the backup roads to use the program at a cost to pay for the authorization, such that the program can be used otherwise. Xin 123181.doc -12- 200820076 This can be especially useful for a large number of different application choices that can be implemented in small devices such as mass storage memory cards. The present invention allows a user to quickly and easily select and activate only the program he wants and pay for it. This allows everyone to afford the basic device while allowing people who need to customize the app to use the custom app. Integrating a virtual machine with a firmware running on a portable mass storage device is not a simple task. This is especially true in "safe" devices that must restrict access to protected content. In such devices, the firmware of the device is at least partially responsible for protecting the content. Therefore, it limits the use of read/write operations. Therefore, it is a goal of a person who wants to copy unauthorized content without authorization. Therefore, the lower firmware must protect the content from hacking while still allowing an application (such as a virtual machine) to access the content. The virtual machine can be loaded at any point (or open an application (which runs in a device that uses such a valley)) the blade must therefore be able to be with or without a virtual machine (or application) Under the condition of running and preventing malicious software from impersonating a virtual machine (or application). [Embodiment] As described in the prior art, portable flash memory is mainly used for storing large files and software. Program. Due to the widespread use of digital devices (which rely on memory cards or pocket-sized USB flash drives), many people already have such a large number of portable devices. One or more of the storage devices. The present invention increases the potential use of such devices while minimizing manufacturing and usage costs. The present invention allows such devices to run a variety of specialized software applications, but only if the user chooses to utilize such The functionality of the application is 123181.doc -13- 200820076:: The cost of such applications. In other words, only the implementation may lead to the cost associated with the use of the available. For manufacturers and consumers, this is a Advantages: Manufacturers can increase product functionality and market penetration without having to absorb or deliver the cost of a consumer's subset, or the cost of a branch. Consumers who want to take advantage of these characteristics can Consumers who do not want to take advantage of this feature do not have to pay for certain features that they do not want or need.

:: Many software and other content stored and/or stored on a large number of storage devices need to be paid to the owner or licensor. For example, a software program needs to pay an authorization fee, and content such as music, movies, photos, or works is also paid to resellers, founders, providers, and/or licensors. One of the software programs that are particularly useful when implemented in a large number of storage devices is a virtual machine. This is a software that is customized for the characteristics of the lower hardware platform because the virtual machine allows the establishment and execution of .... The virtual machine - the example is described in the prior art as j a V a as the main virtual machine (by

Provided by Sun Microsystems). Although it will be used as an example to illustrate the virtual machine from the Sun Hall (10) state coffee, there are other virtual machines and other virtual machines will be developed. Virtual machine system - with microprocessing! I add Weixing but it is a self-contained operating environment that operates as a stand-alone computer. The Demonizer application will execute and run in the same way in the virtual machine, regardless of the processor and operating system on which the virtual machine is running. This provides independence from any particular processing platform. Therefore, a larger software program range will be available to run on the virtual machine and the device on the virtual machine compared to the available software programs without the virtual machine. The present invention can be combined with any virtual machine and the applications it makes available to it. Figure 1 shows the general architecture of a large I-storage memory card. The various components of the mass storage device 00 are lightly coupled together and communicate via the system bus bar 1. The device 100 communicates with an external device 1〇5 (also referred to as host 1〇5) via a host interface. The host interface 4〇 contains the logical and hardware components for transferring data back and forth between the host 1〇5 and the device (10). If the device 100 has a large number of memory card memory factor's, the interface includes, for example, electrical contacts that interface with the contact structure of the digital camera. If the device 100 has the form factor of the USB device: the host interface 1; 40 includes an electrical contact interface and a required (4) i-type controller 11G to control the device and manage a large number of units storing the flash memory 140. Read/write user operations and data distribution. The device 100 also includes a random access memory ("RAM") 120, which may be a separate component (not shown) or may be integrated into the controller 110. The controller 110 executes a body from the RAM 12G. It is stored in the read-only memory 13G or in the mass storage flash memory 140. Only the product _ ▼ item 圯 体 body 13 〇 can be erased and then OM or EPR 〇 M. The system is controlled and controlled The operation of the memory card 0 婪 和 土 土 土 丁 丑 ί ί ί ί ί ί ί ί ί ί ί ί ί ί ί ί ί ί , , , , , , , , , , 记忆 记忆 记忆 记忆 记忆 记忆 记忆 记忆 记忆 记忆Ensure that the second and second parties can change the state of the application (for example, the unactivated to open state is controlled by the device and the body can be used for a bucket, and the & It is enabled and usable. These measures are also in the hardware of the device, the parental implementation of hardware and software (_), and in some specific examples plus I23181.doc -15- 200820076 Data stored in the device and transmitted back and forth relative to the device. To learn more about this type of safe mass storage device For information, please refer to the following U.S. Patent Application Serial No. 11/053,273 issued to Holtzman et al. entitled "Secure Memory Card With Life Cycle Phases" Application No. 11,314,032 to Holtzman et al., entitled "Secure Yet Flexible System Architecture for Secure Devices With Flash Mass Storage Memory" 11/317, 339. Device 100 will be referred to as a memory card (a specific embodiment of the device), although as previously described, device 100 may take the form of a memory card, USB device, or other form factor. (Some of these can provide a path to protected data.) The integrity of the firmware of the operating controller is important, especially in a security card. If the card is a security card (for example, - implement a form of digital rights) Management ("DRM") security card), one of the functions of the firmware is to restrict access to protected content. DRM is used to describe A broad term used to limit the technology of free use and transmission of digital content, so some people find it more appropriate to describe it as ''digital limit management'. Figure 2 shows some of the software components of device 100 (including firmware) ). The virtual machine 220 includes functionality that is not present in the base card firmware 210, but is also capable of accessing content in the flash memory. Therefore, in a sense, it can also be regarded as one of the types of firmware in the card, and must be fully integrated and compatible with the firmware 210. Therefore, the card firmware 210 must be implemented in such a way that it can function solidly in the presence or absence of the VM 220 in its 123181.doc •16.200820076. Similarly, the VM 220 is implemented in such a manner that it functions in conjunction with the card firmware 210. The design aspect of the code implemented in the firmware 210 that allows it to be integrated with the VM 220 can be considered as a "hook" in the firmware 210. The double arrow between the firmware 210 and the VM 220 indicates that the hooks and their phases are provided. Capacitance. The small application loaded into the card 100 can communicate with the firmware via the VM 220 and can provide many different software applications on the card. These small applications 240A...X run on the virtual machine, so there is no need The controller 110 and other hardware components of the device 100 are customized. This pair will not open the device with a different software application library that is not compatible with the card. As can be seen from Figure 2, the host 105 must pass an application. The programming interface ("API") communicates with firmware 210 (including VM 220). Many APIs 250A...X can be implemented in the card. This includes standard or native device API 250A, industry standard or widely accepted API 250B (eg, Global Platform API), proprietary API 250C (eg, API bundled to VM 220, such as API for Java Virtual Machine, or API for one of Small Applications 240), and any other API 250X. VM 220 Must put the correct API The appropriate location is functional, so a method of enabling a particular virtual machine is by enabling and/or loading an API that is compatible with a particular virtual machine. Of course, various other triggers can be used to directly enable the VM. Types, which will be discussed later with respect to Figure 9. The various enabling methods are discussed below. Regardless of the application of the card application, the functionality of adding the previously described virtual machine needs to be integrated with other firmware of the card. All small applications and firmware integration, no matter before the card leaves the factory or after 123181.doc -17- 200820076, the cards must be seamlessly operated. In the case of downloading small applications in the field, it will not be easy to verify (may not be possible at all) Verification) The application of the small application and the raw shell. Therefore, the basic firmware of the card must be flexible enough to provide the live download and data access required by the small application, and it must be compact enough so that even the small application has been written. It can also function when it is very poor. In addition, in the case of a small application attempting to destroy the drm of the card, The firmware must protect the data from the small application and continue to provide content for authorized users. Unlike the smart card that is built to protect a small number of highly protected transaction data, the large storage card must provide a great content program. The library is accessed by $. This user content is always in flux during the life of the card, just like the application that the card is encountered. The firmware and hardware of the card will adapt to the user's needs for the new application. It also allows you to download new applications on-site (or in the factory) while always protecting the contents of the card. This is not a simple task. Figure 3 shows the representation of some of the software components in the A-Card. Various small applications 240A to X run on the card. Better virtual machine

CardTM virtual machine, and under the condition of "Ca"dTM or other Java virtual machine, based on specific small applications and virtual machines 22

Java Card framework (if needed or needed). All of these components are shipped

4亍; card operation system or initial body 210. In this case, Java CardTM and other industry accessories 23 and Java Virtual Machine 22 are both running on the card operating system 210. 0 B , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , The package may include not only the virtual machine 220, but also (as needed) one or more soft-to-use programs 270. The mobile unit 21 is equipped to function in conjunction with the additional software of the program and application program 27G. Any (4) application 27G running on the virtual machine can be loaded in the card at any time. The dotted line is loaded with 乂 and 彳 with or without application 27. (Μ(10) and the application is installed without VM The installation is simultaneous. Any charge associated with the packaged component is required only if the package is present in the card and ii) the package is enabled. The package shown in Figure 3B can be provided to the user in a number of ways. The package is provided in the card at the time of sale, as shown in Figure 4A. In this case, it must be "lived" before the package can be used. Alternatively, the user can download the package as a complete package or piece by piece, as shown in Figure 4B. As another method, the new firmware 210 can be loaded into the card, as shown in Figure 4C. It also includes all or part of the package not shown in Fig. 3B. In a specific embodiment, it is thought that the firmware shown in Fig. 2 is in the process of updating the blade to ^^~220, and the small application 240 is all Loading. These basic methods are shown in the flowcharts of 4A, 4B, and 4C, which will be described below. As described in 4, virtual machines and small applications or applications need to be enabled or enabled for use. Of course, although it is not preferred in many cases, there may be no security measures necessary to download the enablement component. This may (but not necessarily) be suitable for a secure or trusted environment with restricted card allocation. In addition, in some In a specific embodiment, the security month b is part of the download process and does not need to be additionally enabled. In other words, it is assumed that the user has been authorized to download first or as part of the download sequence. If enabled, the component can be downloaded as soon as it is enabled. The card has an enable manager that receives and verifies the enable command. The enable & device can be part of the body 21G or can be viewed as a standalone software model. ^ Enable the official to open and close the application or operating system features. This is enabled by the King (for example, on the top of the secure channel). In a specific K & example, the government processor is enabled to receive the positive 4 code. Enable encapsulation. _ a Use & handle: Receive the code, compare it with - verify the code for the service to double check ' or relative to the code stored in one of the memory of the card The card is checked by a coronation version. The enable manager also records the I fail to start S' and in some embodiments limits the number of failed attempts and can lock the card when the number is exceeded. The private code can be different The parameter is based and can be calculated in a number of ways. The code can also be a simple number that is expected to open & match the application. The code can be generally enabled and can also be associated with an application ID. One The unique associated number of a particular application is associated with and/or based on it. The code may be based in part on a card unique ID (which is a number associated with only the special card). The code may also have The specified application (whether the application should be enabled or disabled) and the part of the code itself. The code can also specify or contain a specific application status 'eg not enabled, enabled, temporarily suspended, or revoked. You may specify and provide access to various required licenses (such as different license levels in the DRM scheme). The code may also be based on or include some aspects of all of the above options. 123181.doc -20- 200820076

Using different algorithms to increment the password (in the card and the feeder), even if the value or single password value in one card is compromised, it cannot be used to steal the card. In an example, enabling the code or οτρ card ID, card type, the code may also be part of a symmetric or asymmetric cryptographic authentication scheme. For example, in the I_called scheme, 'the code can be a -type single password ΓΟΤΡ" (which is widely known in the art). In this case, both the card and the authentication server have (four) values and are based on The value and a number of selected algorithms independently build the code or οτρ. The program code is incremented or updated at regular intervals or at any given time, relative to the οτρ calculated by the verification server. To verify the οτρ calculated in the card. When using the scheme, 'if the two cards are the same value for the first time, if the application ID and the value of the OTP value are used in the two cards, the card type can be any known card type. For example, a small flash card, SD card, mini card, MMC card, transflash card, XD card, memory stick, etc... or can be a USB flash drive. In an embodiment, the OTP and/or code can be used to enable or disable an application or software layer. Send οτρ or a code (generated by a remote server or other device) to the card and associate it with the OTP generated by the card. compared to Verify the enable code or οτρ. If you verify that it is correct, you can enable or disable the application or software layer. It is better to use OTP for these purposes, because this value can only be used once 'and thus cannot be used for multiple enable or In an embodiment, the application ID of the application to be enabled may also be used to generate the enable code or OTP. In this way, οτρ will be 123181.doc -21- 200820076 A unique OTP for an application. As mentioned previously, in some embodiments, the same value can be used for multiple cards. This value is the basis for the 0TP calculation. Similarly, the code or OTP card ID is enabled. , card type, application ID, and 〇τρ value function. This allows the same private value to be loaded into multiple cards, which reduces the number of records on the server database. At the same time 'because different algorithms can be used ( It is a function of one or more of the card ID, card type, and application ID, so that only OTP and enable code can be generated to provide a high security level. The most common asymmetric scheme involves Public key infrastructure (PKI) One device or entity has two keys (private key and public key), which are password-related so that the data encrypted with one key can be decrypted by another key, and cannot be The private key is mathematically derived from the public key. In this scheme, the public key is freely assigned, and the private key is privately owned by the owning entity. By performing a query/response sequence (where a decryption is required) A method of verifying the ownership of a private key using its public key to verify the ownership of the private key is used to effect authentication of an entity. A specific embodiment of one of the uses of the present invention is shown in Figures 6 and 7 which will be described later. In a particular embodiment, aspects of a symmetric scheme are combined with aspects of an asymmetric scheme. In one example of this embodiment, 'in one stage, οτρ is used to verify the card, and in another stage' a question/response dialog is used. The enabling procedure has been discussed and will now return to the flowcharts of Figures 4, 4 and 4C (which show several aspects of downloading and enabling). I23181.doc •22- 200820076 Figure 4A shows the program to be executed – the manned virtual machine. In the course of Figure 4A, the card issuer or provider provides the virtual machine at some point prior to the sale of the card to the user. This can be the manufacturing time or a certain point in time, and there is also a card body. The virtual machine will be in a stand-by or inactive state, ie the consumer is not allowed to use the virtual machine. Therefore, you should not have to pay an authorization fee for this (unused or not enabled) virtual machine. Preferably, the consumer does not realize that it is already present on the card before it is enabled or "unlocked." The virtual machine can be any type or brand of virtual machine. Some examples of currently available virtual machines are: java Mult〇s; Java Card·; embedded linux; embedded; d〇tm and Windows CE. Different virtual machines may be required to support different small applications, so multiple VMs can be loaded into the device. Device firmware management Availability of resources required by different VMs and mini-apps. The user, card or server of the system decides whether a virtual machine is needed or desired in step 410. Next, in step 415, a trusted authority enables the virtual machine. At this point in time, any authorization fees associated with the virtual machine need to be paid. In public key infrastructure, the trusted authority is often referred to as the certification authority. Figure 6 shows the certification authority 620. Figure 6 shows a verification of the credentials / Authorization to use a specific embodiment of the public key infrastructure. Since the transaction may not be more secure than the system in which the transaction takes place, the most important component is built for the communicator A public key that is used to position each other and is convinced that it is used by the person (or machine) that it wants to communicate with. The public key infrastructure is designed to provide this trust. Use one called digital authentication or The public key authentication data element (which links the public key to the identification information about its owner), and the infrastructure is designed to establish the link and is based on the use of the owner of the community. Benefits manage the bundle. Once the credentials are verified, the package is enabled with a code or OTP as described above. Alternatively, the credentials themselves or their verification are sufficient for the verification/authorization of the credentials, allowing or triggering the enablement. Using a combination of a private key and a public key password, the PKI enables many other security services, including data encryption, data integrity, and key management. Defined in ITU-T Rec. X.5 09 [X.509] The basis or framework of the PKI, which is incorporated by reference in its entirety. Sometimes the end entity is considered an end user. Although this is usually the case, the term end entity has a more meaning. The terminal entity can be an end user, a device (such as a router or server), a program, or any entity that can be identified in the subject name of the public key authentication. The terminal entity can also be considered a consumer of PKI related services. In the present invention, it can be seen from the specific embodiment shown in Fig. 6 that the terminal system has a large number of storage devices 100 and its users. The public key is assigned in the form of public key authentication. CA 620 is the basis of PKI because of its A component that can issue a public key authentication. The public key authentication is sent to the device 100 and the repository 610. The issuing CA (which effectively links the subject name to the public key) digitally signs the public key authentication. Responsible for issuing a Certificate of Completion List (CRL), except where this has been delegated to the Independent CRL Issuer 630. The CA can also handle many administrative tasks, such as end-user registration, but these tasks are usually delegated to a Registration Authority (RA) (which is optional and not shown in Figure 6). In practice, CA can also be used as a key backup and recovery facility, although this feature can be delegated to a separate component. 123181.doc -24- 200820076 The CA is usually considered as the "trust source" in the PKI. In a specific embodiment utilizing a public key infrastructure, the CA 610 indicates that the trusted device 1 and the server to be packaged will be downloaded. This trust will be used for download, enablement, and payment purposes. Figure 7 is a diagram illustrating the components of Figure 6 and is provided as a quick test. Figure 4 is another program that provides a virtual machine, either alone or as part of a larger software package. In step 435, the card firmware 21 is provided. This mobile has a "hook" for future integration with a virtual machine and in conjunction with the virtual machine, or in other words is designed to be compatible with a virtual machine. Preferably, the virtual machine compatible firmware is provided during card manufacture, but the virtual machine compatible firmware can also be loaded at any time during the card's lifetime. The firmware has a security mechanism designed to limit access to certain types of data on the card. This includes the security mechanism itself in the firmware and the protected content stored in the memory of the card. Before installing or enabling a virtual machine, the firmware (the security mechanism) does not allow software applications running inside or outside the card to access protected data. However, the firmware can also be manipulated to detect virtual machines and have access to certain protected data once the virtual machine is installed and enabled. In other words, the firmware can be viewed as having different operational states, an operational state being used when there is no virtual machine, and an operational state being used in conjunction with the virtual machine. In both states, the firmware must protect and limit the information on the access card, including the firmware itself. In the second state, the firmware must allow the virtual machine to read and write data without permitting unauthorized read/write access by any malicious application. Next, in step 440, after the card leaves the manufacturer, the user or the middle person, or the card itself, decides whether or not a virtual machine is desired or needed. Thereafter, the virtual machine and its provider are authenticated in step 123181.doc -25- 200820076 step 445. This can be a symmetric and/or asymmetric discrimination as previously described. In the steps, download the virtual machine to the card and enable it. At this point in time, any authorization fees associated with the virtual machine need to be paid. Once enabled, the payment is triggered. Figure 4C is another procedure for providing a virtual machine, either alone or as part of a larger software bundle. In step 460, the user or card needs or wants a virtual machine # to authenticate the virtual machine and its provider in step 465. This can be a symmetric or asymmetric discrimination as previously described. In step 470, a new chapter blade 21G replica or version (with _virtual machine 2) is downloaded to the card. At the same time, you can load additional small applications 24 or other programs as needed. Figure 5 shows the virtual machine download 管理ρι management. At step (4), the request for the γ-loaded application is received. A server T from any smart device makes this request from any network, including the Internet. The card is issued ^ or the provider (or any third party) can operate the feeder. The issuer of the card may provide any entity that processes, distributes or sells the card for each merchant or its representative'. The server receiving the request of step 51 then proceeds to the request, the hacker or provider of the σ card, if the issuer or provider does not directly receive the request. In step 520, the issuer or provider quickly retrieves a virtual machine' if required for the operation of the mini-app. Then, in step = 530, the virtual machine and the small application are seamlessly loaded into the card. The user does not need (but can) know that the virtual machine has been retrieved and loaded into his card. Virtual machines and mini-applications are enabled in step 440 (which may occur before, after, or/or at the same time as step 54). In step 550, the card selects and utilizes the correct 123181.doc -26-200820076 API for virtual machines and small applications. If the correct API does not exist, the publisher or provider will load the correct API into the card. Again, as with step 520, the user preferably does not need (but can) know to load the API into the card. In summary, the program is executed as quickly and easily as possible for the user. Once a small application is requested, the mini-app can be automatically loaded in an ultra-fast manner and all the necessary software that enables the small application to run (the user does not know the various applications that load his small application and make it work) step). As mentioned previously, providing the correct API is one way to enable virtual machines and/or small applications. Fees and usage fees collection and distribution Once a virtual machine, mini-app, or other software application is enabled, an authorization fee must be paid for the application. If, for example, a small application involves digital rights management ("DRM") to control the security content loaded into the card, the content may also require a usage fee. In any event, the present invention can be used to pay for any type of usage fee or license fee. Figure 8 shows a system for paying fees between various entities. The chargeer 81 receives a consumer fee of 805A. This preferably involves a security service provided over the Internet. The payee 810 will retain a portion of the fee for its service and transfer the remaining fee to the device issuer 820. For example, if the content or program is loaded onto an SD card issued by SanDisk, SanDisk will be the card issuer and receive part 805B of the fee 805. The issuer then retains a portion of the fee 8〇5 and sends a portion 805C to the content owner or authorized person 83〇. In the specific embodiments described so far, it is possible to pay for Java Virtual Machine licenses and different small applications running on virtual machines. The system can also be used more generally to pay for other types of content that require authorization. This payment system is also useful when paying for the content and the software required by the user who presents the content to the device in 123181.doc -27- 200820076. Security In addition to the safe activation of virtual machines, the device also implements other security measures. Before the virtual machine is stored in flash memory, the card may need to be signed by a previously trusted authority. In addition, various encryption techniques can be implemented so that virtual machines (or other software applications) cannot be falsified, sneaked, or illegally copied and installed on the device. The VM can be encrypted in a variety of well-known hash functions, or alternatively with a device unique key. This encryption can be implemented in software and/or hardware. This may require the use of a MAC value, a SHA-1 value, or a hash value. The basic principles of these encryption/decryption techniques are well known and need not be elaborated here. In one embodiment, the encryption is performed using an encryption engine implemented in the hardware of the controller. The hardware of the encryption engine encrypts the application as it is loaded into the memory of the card. The controller is used to establish a hash value specific to the controller and associated with the controller for use as a type-control signature for H. This is then verified before the application is executed. Implementing the crypto engine at least in part in the hardware of the controller (but not fully implemented in the firmware) results in a solid device that is extremely difficult to destroy. This is due to the inability to replace the controller's conventional method of securing the device with a replacement controller (which has a different signature). It is also not easy to fake the signature of the controller. As shown in FIG. 9, the firmware 21A can have a boot loader portion 2m portion, and (4) various mac values, SHAH Ge, which can be divided into individually loadable ram memories 123181.doc -28· 200820076 A fragment or overlap for execution. For more information on this and other aspects of the encryption techniques utilized in certain embodiments of the present invention, please refer to the application to M. Holtzman et al. (which is incorporated by reference in its entirety) . Various firmware applications can be stored in the flash memory space shown in Figure 9. Virtual machines and small applications can be viewed as firmware applications. For example, an APPFW! numbered with 202a may include a virtual machine, and an APP FW 2 with a 2 hole number may contain a small application. If these firmware segments are overlapped, an application firmware overlay mapping 2〇1& will indicate various fragments of the application firmware, the confusing "storage location. The heavy hash value, SHA The -1 value, or the MAC value itself, is stored in encrypted form in the table 201b in the flash memory. These values may in turn be encrypted by themselves, and in some embodiments may employ the device-specific hardware encryption previously described. The technology performs encryption. In some embodiments, the space within the flash memory will be reserved for the virtual machine to facilitate integration with and integration with other firmware of the card. This is provided in the security card (where the firmware portion provides The security of the card may in other cases be compromised by the virtual machine and any other application running on the card and accessing the stored data therein. Of particular importance. While specific embodiments of the invention have been shown and described, However, variations and modifications of the illustrative embodiments may be made without departing from the broader aspects of the invention. Therefore, it should be understood that the invention may have other embodiments. Although not explicitly stated above, it is still within the scope of the present invention, and thus the scope of the present invention is not limited only by the illustrative embodiments provided. Since 12318l.doc -29- 200820076 The scope of the invention is provided by the appended claims. However, since the wording is not a perfect way of illustrating the material of the invention, it should be understood that the equivalent structure and method, although not within the expression of the scope of the claims, It is also within the true scope of the present invention. [Simple Description of the Drawings] Fig. 1 is a schematic diagram of a mass storage device 100. Fig. 2 is a schematic diagram of a software component of a large storage device 1〇〇 and a host 1〇5. A software component of a mass storage device in accordance with one embodiment of the present invention. Figure 3B shows an application downloaded in accordance with one embodiment of the present invention. Figure 4A is a flow diagram in accordance with a first aspect of the present invention. Figure 4B is a flow chart according to a second aspect of the present invention. Figure 4C is a flow chart according to a third aspect of the present invention. Figure 5 is a flow chart showing An application protocol interface management in accordance with an embodiment of the present invention is shown in Figure 6. Figure 6 shows a public key infrastructure and a mass storage device (Figure 1). Figure 7 is a table illustrating certain components of a public key infrastructure. Figure 8 shows the revenue flow in accordance with an embodiment of the present invention. Figure 9 shows a portion of the memory space of the flash memory 14 【 [Main component symbol description] 100 mass storage device / card 105 external device / host 12318I. Doc -30- 200820076 110 Controller 120 Random Access Memory 130 Read Only Memory 140 Host Interface / Mass Storage Flash Memory 150 糸 Bus 201a Application Firmware Overlay Mapping 201b Table 202a APP FW1 202b APP FW2 210 Card Firmware/Card Operating System 210a Boot Loader Part 210b System Part 220 Virtual Machine (VM) 230 Industry Attachment 240A to X Small Application 250A Standard or Native Device API 250B Industry Standard or Widely Accepted API 250C Exclusive API 250X Other API 270 Software Application 610 Repository 620 Certification Authority (CA) 630 Independent CRL Issuer 805A Consumption Fees 123181.doc -31 - 200820076 805B Part of the fee 805C part of the fee 810 chargeer 820 device issuer 830 content owner or authorized person 123181.doc -32-

Claims (1)

200820076 X. Patent application scope: 1 · A method for using a software application in a mass storage type memory card, the method comprising: providing a firmware for running a data storage operation of the memory card; Providing one or more application design interfaces; and providing a virtual machine that is not enabled when loaded into the card, wherein the memory card is operable to use the software by a user The virtual machine is enabled when private is applied and the ability to utilize the virtual machine is thereby utilized. 2. The method of claim 1, further comprising paying an authorization fee only if the virtual machine is enabled. 3. The method of claim </ RTI> further comprising loading the software application using the monthly force of the virtual machine into the card, the software application relying on the virtual machine for the mass storage type memory One of the cards handles execution. ° 4. The method of claim 1, wherein the virtual machine is loaded into the card. 5. The method of claim 1, wherein the consumer loads the virtual machine feed into the meter after receiving the card. The method of 1 item 1 of μ field, wherein the virtual machine allows the virtual machine to access the data stored on the card only when it is enabled. 7. According to the method of claim 3, Ganshi is managed from μ. The software application contains digital rights 8 · as requested in the 7th, + ^, and the law, which further contains digital rights management should be 123181.doc 200820076 User-oriented content to one of the content owners or The licensee pays a fee. The method of claim 7, wherein the virtual machine is encrypted. The method of claim 9, wherein the virtual machine is encrypted by the hardware of the memory card when it is loaded into the card. • The method of claim 9, wherein the encrypted virtual machine includes one of the hardware of the memory card and cannot be executed by a different hardware than the hardware that created the signature. 12. The method of claim 5, further comprising verifying the authentication of the virtual machine and the provider of the virtual machine. 13. A method of providing a portable flash memory mass storage device, the method comprising: supplying the flash memory mass storage device; and verifying that the first party has one of the applications to be loaded into the device A voucher 'this voucher allows the first party to carry the application, the application containing a virtual machine. 14. The method of claim 13, wherein 1 cold - the a A /, further comprises loading the application into the device. 15. If the method of claim 14, and Zhong Cong: Jinzhuang ^ /, 肀 sell the device to a consumer, the application is loaded into the device on site. 16 • As in the method of claim 13, i is half, and the v includes a fee for charging a fee associated with the application. 17. The method of claim 16, wherein the step of inferring the distribution comprises assigning a portion of the fee to a second party. The method of claim 16, wherein the fee includes a usage fee. 19. The method of claim 16, wherein the fee comprises an electronic payment for a good or service. 20) A method of providing a software application to a user of a mass storage memory device, comprising: providing a firmware for running a data storage operation of the memory card; providing one or more applications in the card Programming interface; Receiving a request to load the application; and thereafter loading a virtual machine into the card and loading the application into the card. 21. The method of claim 20, wherein the virtual machine is downloaded without knowing the requestor of the application. 22. The method of claim 20, further comprising receiving a request to load the virtual machine into the card. 23. The method of claim 20, further comprising authorizing a provider of the application prior to loading the application. 24. If the method of claim 20 is used, i pushes a feng yi _ _ 上 ^ /, progress includes loading the virtual machine to one of the virtual machine providers. 25. If you are in the 18th or 19th of the request, you will be given a method of symmetry. Wherein the authorization contains an asymmetry. 26. The method of claim 18 or 19 identifies. It further includes encrypting the application within the card. 27. The method of claim 20. 123181.doc 200820076 28·If the method of the 20th method, the basin who one ^ ^ eight progress contains the virtual machine in the card to encrypt. ^ 29. The method of any of the items jg er, + &amp; 丄 t ^ ^ ^ of claim 22 or 23, wherein the encrypting comprises utilizing a _key stored in a controller of the memory card. 30. As in the method of claim 20, the virtual machine u ^ _ application needs to run the virtual machine. 31. - A method of providing a virtual machine for use in conjunction with a mass storage type memory device, the method comprising: providing a firmware for running a data storage operation of the memory card; loading a virtual machine into the card; Receiving a request to utilize the function of the virtual machine within the card; and thereafter providing an application design interface necessary for the virtual machine to function, thereby enabling the virtual machine to be utilized. 32. The method of claim 31, further comprising providing the application design interface. 33. The method of claim 31, wherein the step further comprises issuing an authorization fee for the virtual machine upon enabling the virtual machine to be used. 34. A method for enabling or disabling a software application for use in a mass storage type memory device, comprising: providing a firmware for operating a data storage operation of the memory device, the software application dependent The firmware storage operation is performed to access data stored in the memory device; the firmware of the device is used to generate a single password value; 123181.doc 200820076 will be generated by the firmware of the device The single-password value is compared to a single-password value generated outside the device; and if the comparison verifies that the value produced by the device matches the value generated externally to the device, then the execution or not is permitted The software application. 35. The method of claim 34, wherein generating the single password comprises establishing the password based on a value &apos; and/or the following: _ and the software The application-associated unique-identifier; and a unique identifier associated with the device. 36. The method of claim 35 wherein the generating the single password further comprises establishing the password in accordance with the device type. 37. The method of claim 34, wherein a plurality of mass storage memory devices are produced, each of the devices comprising the same value but generating a different single-cut code value by using a single-password generation algorithm ride-count comparison The single-password generation algorithm is based on the -only-language and makes the values different. 38. The method of claim 34, wherein the unique identifier comprises a number uniquely associated with a particular device. 39. The method of claim 34, wherein the ^^^ callout includes a number uniquely associated with a particular instance of the software application private. 40·—a mass storage type flash memory device, which includes a controller and a controller; a random access memory; a large storage device that contains a flash memory; a virtual machine; 123181.doc 200820076 a mechanism, The operation is enabled when the operation of the virtual machine is required, wherein the mechanism is triggered by the activity of one of the users of the device, and an authorization fee associated with the virtual machine is paid. 41. The device of claim 40, wherein the virtual machine is stored in the mass storage flash memory. 42. A mass storage type flash memory device comprising: a controller; a random access memory; a large memory storage comprising a flash memory; a virtual machine; and an enabling component, The virtual machine is enabled, wherein the field triggers the moonlight component to take the day and initiates payment of one of the virtual machines. 43. A mass storage type memory card, comprising: a flash memory Γ a controller; and a plucking body that controls reading and writing operations of the flash memory, wherein the firmware includes the firmware a security routine that limits the usage rights of the read and write operations; a first operational state of the firmware, the first state being used for operations of the card without a virtual machine 1 §; a second operating state of the blade, the second state being used for the operation of the card having a virtual machine, wherein the security routine of the firmware is in the second state, 123181.doc 200820076 The virtual machine accesses information from the reading of the palace to take care of the redundant protection data. 44. In the case of the large storage type of the disciplinary item of claim 43, the memory card is reserved for the virtual machine. 45. The mass storage type memory card of claim 43, wherein the card is operated in the first state prior to loading a virtual machine into the card, and thereafter operates in the second state. 46. The mass storage memory card of claim 45, wherein a virtual application is loaded into a small application. _ 47. The mass storage memory card of claim 45, wherein the small application comprises a digital rights management application. 123181.doc