[go: up one dir, main page]

CN101282347B - Method for controlling intelligent storing card - Google Patents

Method for controlling intelligent storing card Download PDF

Info

Publication number
CN101282347B
CN101282347B CN2008101116245A CN200810111624A CN101282347B CN 101282347 B CN101282347 B CN 101282347B CN 2008101116245 A CN2008101116245 A CN 2008101116245A CN 200810111624 A CN200810111624 A CN 200810111624A CN 101282347 B CN101282347 B CN 101282347B
Authority
CN
China
Prior art keywords
order
memory card
command
authentication
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008101116245A
Other languages
Chinese (zh)
Other versions
CN101282347A (en
Inventor
曹会扬
李春华
廖剑
陈庆方
陶雄强
姜涌
廖泉
张旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Institute of Technology Co Ltd
Original Assignee
Potevio Institute of Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Potevio Institute of Technology Co Ltd filed Critical Potevio Institute of Technology Co Ltd
Priority to CN2008101116245A priority Critical patent/CN101282347B/en
Publication of CN101282347A publication Critical patent/CN101282347A/en
Application granted granted Critical
Publication of CN101282347B publication Critical patent/CN101282347B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a control method of an intelligent memory card. The invention fully utilizes the existing bus resource of the memory card and is additionally provided with a value added application module in the memory card, thereby being capable of implementing the function expansion by the value added application module, being convenient to have the value added service expansion of the value added service operator, and having stronger compatibility and scalability. Otherwise, the invention implements the management of the intelligent memory card via command data package by the application program, thereby being capable of guaranteeing the normal operation of the intelligent memory card.

Description

一种智能存储卡的控制方法 A kind of control method of smart memory card

技术领域technical field

本发明涉及控制技术,特别涉及一种智能存储卡的控制方法。The invention relates to control technology, in particular to a control method for an intelligent memory card.

背景技术Background technique

现有手机终端的增值应用大多基于SIM卡号,从而使得增值业务运营商受制于移动运营商。如需改变这种局面,则可以在手机终端的存储卡内增设智能卡芯片,并由智能卡芯片实现增值应用,使得增值应用脱离SIM卡号。其中,增设了智能卡芯片的存储卡称为智能存储卡。The value-added applications of the existing mobile terminals are mostly based on the SIM card number, so that the value-added service operators are subject to the mobile operators. If this situation needs to be changed, a smart card chip can be added in the memory card of the mobile phone terminal, and the value-added application can be realized by the smart card chip, so that the value-added application is separated from the SIM card number. Among them, a memory card added with a smart card chip is called a smart memory card.

然而,现有技术中仅提供了针对存储卡交互的流程,即应用程序直接向存储卡发送读/写命令,再由存储卡中的存储卡控制器根据该命令对物理存储介质执行对应的读/写操作,而并未提供针对智能存储卡的交互流程。而如果无法利用交互流程实现对智能存储卡的有效控制,例如对智能存储卡中的资源进行管理、对智能存储卡的身份认证和权限授予等,则无法保证智能存储卡的正常工作,因而即便增设了智能卡芯片也无法保证增值应用的有效实现。However, the prior art only provides a process for interacting with the memory card, that is, the application program directly sends a read/write command to the memory card, and then the memory card controller in the memory card performs corresponding read/write operations on the physical storage medium according to the command. /write operation, but does not provide an interactive process for smart memory cards. However, if the interactive process cannot be used to achieve effective control of the smart memory card, such as managing resources in the smart memory card, identity authentication and authorization of the smart memory card, etc., the normal operation of the smart memory card cannot be guaranteed. The addition of smart card chips cannot guarantee the effective realization of value-added applications.

发明内容Contents of the invention

有鉴于此,本发明提供了一种智能存储卡的控制方法,能够基于存储卡实现功能扩展并实现对其管理。In view of this, the present invention provides a control method for an intelligent memory card, which can implement function expansion and management based on the memory card.

本发明提供的一种智能存储卡的控制方法,所述智能存储卡中包括存储卡控制器和物理存储介质,所述智能存储卡中还承载有用于实现增值应用的增值应用模块,该方法包括:A method for controlling a smart memory card provided by the present invention, the smart memory card includes a memory card controller and a physical storage medium, and the smart memory card also carries a value-added application module for realizing value-added applications, the method includes :

应用程序发送命令数据包,其中携带有用于确定该命令数据包操作对象的目标类型、用于存储卡控制器获取命令的命令编码信息;The application program sends a command data packet, which carries the target type used to determine the operation object of the command data packet, and the command encoding information used for the memory card controller to obtain the command;

存储卡控制器根据所述目标类型选择物理存储介质或增值应用模块为操作对象,并对所述命令编码信息解码得到对应的命令,利用解码得到的命令对选择的操作对象进行相应操作,然后向应用程序发送应答数据包,该应答数据包中携带有表示所述相应操作是否成功的应答编码信息;The memory card controller selects a physical storage medium or a value-added application module as an operation object according to the target type, and decodes the command encoding information to obtain a corresponding command, uses the decoded command to perform a corresponding operation on the selected operation object, and then sends the The application program sends a response data packet, which carries response coding information indicating whether the corresponding operation is successful;

其中,所述命令分为四类,按照其使用权限级别由低至高依次为第一类命令、第二类命令、第三类命令、第四类命令;Among them, the commands are divided into four categories, which are the first type of command, the second type of command, the third type of command, and the fourth type of command according to their use authority levels from low to high;

利用第二类命令对选择的操作对象进行相应操作之前,该方法进一步包括:应用程序通过与智能存储卡的第一级认证;Before using the second type of command to perform a corresponding operation on the selected operation object, the method further includes: the application program passes the first-level authentication with the smart memory card;

利用第三类命令对选择的操作对象进行相应操作之前,该方法进一步包括:应用程序通过与智能存储卡的第一级和第二级认证;Before using the third type of command to perform corresponding operations on the selected operation object, the method further includes: the application program passes the first-level and second-level authentication with the smart memory card;

利用第四类命令对选择的操作对象进行相应操作之前,该方法进一步包括:应用程序通过与智能存储卡的第一级、第二级和第三级认证。Before using the fourth type of command to perform a corresponding operation on the selected operation object, the method further includes: the application program passes the first-level, second-level and third-level authentication with the smart memory card.

所述命令数据包中进一步携带有:用于表示命令数据包的数据包类型标识、用于表示该命令数据包所对应的协议版本号、该命令数据包的序列号、该命令数据包用于携带数据的数据域、该命令数据包的数据域长度;The command data packet further carries: the data packet type identifier used to represent the command data packet, the protocol version number used to represent the command data packet, the serial number of the command data packet, the command data packet used for The data field carrying the data, the length of the data field of the command packet;

所述应答数据包中进一步携带有:用于表示应答数据包的数据包类型标识、用于表示该应答数据包所对应的协议版本号、该应答数据包的序列号、该应答数据包的数据域、该应答数据包的数据域长度。The response data packet further carries: a data packet type identifier used to represent the response data packet, a protocol version number used to represent the response data packet, a serial number of the response data packet, and data of the response data packet field, the length of the data field of the response packet.

在所述智能存储卡中设置用于记录已通过认证等级的权限寄存器;Setting in the smart memory card an authority register for recording the certified level;

利用第二类至第四类命令对选择的操作对象进行相应操作之前,该方法进一步包括:存储卡控制器根据权限寄存器中记录的认证等级判断是否有权限利用当前命令对选择的操作对象进行相应操作。Before using the second to fourth types of commands to perform corresponding operations on the selected operation object, the method further includes: the memory card controller judges whether it has permission to use the current command to perform corresponding operations on the selected operation object according to the authentication level recorded in the authorization register. operate.

所述第一类命令包括:对智能存储卡进行复位的命令、读取智能存储卡版本信息的命令、发送应用协议数据单元APDU的命令、读物理存储介质中普通区域的命令、写物理存储介质中普通区域的命令、读物理存储介质中隐藏区域的命令、写物理存储介质中隐藏区域的命令、以及分别用于认证的认证请求命令。The first type of command includes: a command to reset the smart memory card, a command to read the version information of the smart memory card, a command to send an application protocol data unit APDU, a command to read a common area in a physical storage medium, and a command to write a physical storage medium Commands for the common area in the physical storage medium, commands for reading the hidden area in the physical storage medium, commands for writing the hidden area in the physical storage medium, and authentication request commands for authentication respectively.

所述智能存储卡版本信息包括:产品分类号、产品版本号、产品序列号、生产厂家名称的编码信息、生产厂家名称的长度、生产厂家名称、协议版本号。The smart memory card version information includes: product classification number, product version number, product serial number, encoding information of manufacturer's name, length of manufacturer's name, manufacturer's name, and protocol version number.

在所述智能存储卡中设置控制寄存器,其中记录有物理存储介质是否可读写的使能信息。A control register is set in the smart memory card, wherein enabling information of whether the physical storage medium is readable or writable is recorded.

所述认证请求命令中包括第一级认证请求命令,所述第一级认证包括:The authentication request command includes a first-level authentication request command, and the first-level authentication includes:

应用程序将命令数据包中的编码信息设置为认证请求命令的命令编码信息,并将包含有用于识别当前使用应用程序的用户身份的特征信息的第一级认证请求命令,携带于命令数据包的数据域中发送至存储卡控制器;The application program sets the encoding information in the command data packet as the command encoding information of the authentication request command, and carries the first-level authentication request command containing the feature information used to identify the identity of the user currently using the application program in the command data packet. sent to the memory card controller in the data domain;

存储卡控制器对命令数据包中的特征信息与智能存储卡中存储的特征信息进行匹配,并将包含有匹配结果的第一级认证结果携带于应答数据包的数据域中返回给应用程序。The memory card controller matches the characteristic information in the command data packet with the characteristic information stored in the smart memory card, and returns the first-level authentication result including the matching result in the data field of the response data packet to the application program.

所述第一级认证请求命令中进一步包括:第一级认证请求命令的命令标识、第一级认证请求命令的长度、标识当前第一级认证交互的会话标识、以及特征信息的类型;The first-level authentication request command further includes: the command identifier of the first-level authentication request command, the length of the first-level authentication request command, the session identifier identifying the current first-level authentication interaction, and the type of feature information;

所述第一级认证结果中进一步包括:第一级认证结果的应答标识、第一级认证结果的长度、标识当前第一级认证交互的会话标识、认证结果为失败时的失败原因、表示是否进行密钥协商的密钥协商标识。The first-level authentication result further includes: the response identifier of the first-level authentication result, the length of the first-level authentication result, the session identifier identifying the current first-level authentication interaction, the failure reason when the authentication result is a failure, indicating whether Key agreement identifier for key agreement.

所述认证请求命令中包括第二级认证请求命令,所述第二级认证包括:The authentication request command includes a second-level authentication request command, and the second-level authentication includes:

应用程序将命令数据包中的编码信息设置为认证请求命令的编码信息,生成第一随机数,并将包含有第一随机数的第二级认证请求命令携带于命令数据包的数据域中发送至存储卡控制器;The application program sets the encoding information in the command packet as the encoding information of the authentication request command, generates the first random number, and sends the second-level authentication request command containing the first random number in the data field of the command packet to the memory card controller;

存储卡控制器利用预设的密钥种子对第一随机数进行哈希Hash运算得到第一Hash运算结果,将包含有第一Hash运算结果的第二级认证应答携带于应答数据包的数据域中返回给应用程序;The memory card controller uses the preset key seed to perform a Hash operation on the first random number to obtain the first Hash operation result, and carries the second-level authentication response containing the first Hash operation result in the data field of the response data packet returned to the application in

应用程序利用与存储卡控制器相同的密钥种子对其生成的第一随机数进行Hash运算,并将得到的第二Hash运算结果与应答数据包中的第一Hash运算结果进行比较,如果二者相同,则将表示认证成功的第二级认证结果携带于命令数据包的数据域发送至存储卡控制器。The application uses the same key seed as that of the memory card controller to perform Hash operation on the first random number generated by it, and compares the obtained second Hash operation result with the first Hash operation result in the response data packet, if two or the same, the second-level authentication result indicating successful authentication is carried in the data field of the command packet and sent to the memory card controller.

所述第二级认证请求命令中进一步包括:第二级认证请求命令的命令标识、第二级认证请求命令的长度、标识当前第二级认证交互的会话标识、Hash算法类型标识、Hash算法密钥长度、Hash算法的密钥、密钥种子标识;The second-level authentication request command further includes: the command identifier of the second-level authentication request command, the length of the second-level authentication request command, the session identifier identifying the current second-level authentication interaction, the Hash algorithm type identifier, the Hash algorithm password Key length, key of Hash algorithm, key seed identification;

所述第二级认证应答中进一步包括:第二级认证应答的应答标识、第二级认证应答的长度、标识当前第二级认证交互的会话标识、Hash运算错误时的错误原因、第一Hash运算结果的长度。The second-level authentication response further includes: the response identifier of the second-level authentication response, the length of the second-level authentication response, the session identifier identifying the current second-level authentication interaction, the error reason when the Hash operation is wrong, the first Hash The length of the operation result.

所述认证请求命令中包括第三级认证请求命令,所述第三级认证包括:The authentication request command includes a third-level authentication request command, and the third-level authentication includes:

应用程序将命令数据包中的编码信息设置为认证请求命令的编码信息,并生成第二随机数与第三级认证请求命令一起携带于命令数据包的数据域中发送至存储卡控制器;The application program sets the coded information in the command data packet as the coded information of the authentication request command, and generates a second random number to be carried in the data field of the command data packet together with the third-level authentication request command and sent to the memory card controller;

存储卡控制器生成第三随机数,并对第三随机数与命令数据包中的第二随机数进行异或运算,然后利用智能存储卡中的预设公钥证书所对应的私钥对异或运算结果进行数字签名;将包含有所述公钥证书和数字签名的第三级认证应答携带于应答数据包的数据域中返回给应用程序;The memory card controller generates a third random number, and performs an XOR operation on the third random number and the second random number in the command packet, and then uses the private key corresponding to the preset public key certificate in the smart memory card to pair the XOR operation. or carry out a digital signature on the operation result; carry the third-level authentication response containing the public key certificate and digital signature in the data field of the response packet and return it to the application program;

应用程序利用应答数据包中的公钥证书对数字签名进行验证,如果验证通过,则将表示认证成功的第三级认证结果携带于命令数据包的数据域发送至存储卡控制器。The application program uses the public key certificate in the response data packet to verify the digital signature, and if the verification is passed, the third-level authentication result indicating successful authentication is carried in the data field of the command data packet and sent to the memory card controller.

所述第三级认证请求命令中进一步包括:第三级认证请求命令的命令标识、第三级认证请求命令的长度、标识当前第三级认证交互的会话标识;The third-level authentication request command further includes: the command identifier of the third-level authentication request command, the length of the third-level authentication request command, and the session identifier identifying the current third-level authentication interaction;

所述第三级认证应答中进一步包括:第三级认证应答的应答标识、第三级认证应答的长度、标识当前第三级认证交互的会话标识、异或运算或签名处理错误时的错误原因、数字签名的算法类型标识、第三随机数、数字签名长度、公钥证书长度。The third-level authentication response further includes: the response identifier of the third-level authentication response, the length of the third-level authentication response, the session identifier identifying the current third-level authentication interaction, the XOR operation or the cause of the error when the signature is processed incorrectly , the algorithm type identification of the digital signature, the third random number, the length of the digital signature, and the length of the public key certificate.

在所述智能存储卡中设置用于记录物理存储介质读写使能信息的控制寄存器;A control register for recording the read and write enable information of the physical storage medium is set in the smart memory card;

利用解码得到的命令对物理存储介质进行相应操作之前,该方法进一步包括:存储卡控制器根据控制寄存器中记录的读写使能信息,判断是否允许利用当前命令对物理存储介质进行读写操作。Before using the decoded commands to perform corresponding operations on the physical storage medium, the method further includes: the memory card controller judges whether to allow the current command to perform read and write operations on the physical storage medium according to the read and write enable information recorded in the control register.

所述使能信息包括:表示物理存储介质是否可访问的通用使能信息、表示物理存储介质的普通区域是否可写的写使能信息、表示物理存储介质的普通区域是否可读的读使能信息。The enable information includes: general enable information indicating whether the physical storage medium is accessible, write enable information indicating whether the common area of the physical storage medium is writable, and read enable information indicating whether the common area of the physical storage medium is readable information.

所述第二类命令包括:读控制寄存器的命令、写控制寄存器的命令、表示同时发送多个应用协议数据单元APDU的命令。The second type of command includes: a command to read a control register, a command to write a control register, and a command indicating to send multiple application protocol data units APDU at the same time.

在所述智能存储卡中设置用于记录下载和预个人化使能信息的特殊控制寄存器;A special control register for recording download and pre-personalization enabling information is set in the smart memory card;

利用解码得到的命令对选择的操作对象进行相应操作之前,该方法进一步包括:存储卡控制器根据特殊控制寄存器中记录的下载和预个人化使能信息,判断是否允许下载应用程序和/或是否允许预个人化。Before using the decoded command to perform corresponding operations on the selected operation object, the method further includes: the memory card controller judges whether to allow the download of the application program and/or whether to Allows for pre-personalization.

所述第三类命令包括:读特殊控制寄存器的命令、写特殊控制寄存器的命令。The third type of commands include: commands for reading special control registers and commands for writing special control registers.

所述第四类命令包括:写智能存储卡版本信息的命令、测试智能存储卡的命令、初始化智能存储卡的命令、读智能存储卡中密钥的命令、写智能存储卡中密钥的命令。The fourth type of commands include: commands for writing version information of the smart memory card, commands for testing the smart memory card, commands for initializing the smart memory card, commands for reading the key in the smart memory card, and commands for writing the key in the smart memory card .

由上述技术方案可见,本发明充分利用了存储卡现有的总线资源,在存储卡中增设包含有增值应用模块因而能够通过增值应用模块实现功能扩展,使得增值应用的实现不再受限于SIM卡,因而便于增值业务运营商的增值业务拓展,且具有较强的兼容性和可升级性。而且,本发明由应用程序通过命令数据包实现对智能存储卡的管理,从而能够保证智能存储卡的正常工作。It can be seen from the above technical solution that the present invention makes full use of the existing bus resources of the memory card, and adds a value-added application module to the memory card so that the function expansion can be realized through the value-added application module, so that the realization of the value-added application is no longer limited by SIM card, so it is convenient for value-added service operators to expand value-added services, and has strong compatibility and upgradeability. Moreover, in the present invention, the management of the smart memory card is realized by the application program through the command data packet, so as to ensure the normal operation of the smart memory card.

附图说明Description of drawings

图1为本发明实施例中智能存储卡的结构示意图。FIG. 1 is a schematic structural diagram of a smart memory card in an embodiment of the present invention.

图2为本发明实施例中智能存储卡系统的协议层结构示意图。FIG. 2 is a schematic diagram of the protocol layer structure of the smart memory card system in the embodiment of the present invention.

图3为本发明实施例中智能存储卡的控制方法的示例性流程图。Fig. 3 is an exemplary flow chart of a method for controlling a smart memory card in an embodiment of the present invention.

图4为本发明实施例中的多级认证流程示意图。FIG. 4 is a schematic diagram of a multi-level authentication process in an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

图1为本发明实施例中智能存储卡的结构示意图。如图1所示,本实施例中的智能存储卡包括:物理接口、存储卡控制器、物理存储介质、智能卡芯片。其中,物理接口、存储卡控制器、物理存储介质均为现有存储卡中的结构;而智能卡芯片中则承载有用于实现增值应用的增值应用模块,能够脱离SIM卡实现各种增值应用。FIG. 1 is a schematic structural diagram of a smart memory card in an embodiment of the present invention. As shown in FIG. 1 , the smart memory card in this embodiment includes: a physical interface, a memory card controller, a physical storage medium, and a smart card chip. Among them, the physical interface, memory card controller, and physical storage medium are all structures in the existing memory card; while the smart card chip carries a value-added application module for implementing value-added applications, which can realize various value-added applications without the SIM card.

其中,增值应用模块可以按照现有SIM卡的方式,经终端设备的透传与网络侧交互来实现增值应用,SIM与网络侧的交互方式为本领域技术人员所能够实现,且本发明主要针对如何控制管理智能存储卡、而不针对实现增值应用所涉及的交互,因而在本文中不再赘述。Among them, the value-added application module can realize the value-added application through the transparent transmission of the terminal equipment and the interaction with the network side according to the existing SIM card mode. The interaction mode between the SIM and the network side can be realized by those skilled in the art, and the present invention mainly aims at How to control and manage the smart memory card is not aimed at the interaction involved in implementing value-added applications, so it will not be described in detail in this article.

物理存储介质和智能卡芯片中的增值应用模块均可看作智能存储卡中可访问的资源,而本发明所述的资源管理主要是指对智能卡芯片的管理。Both the physical storage medium and the value-added application modules in the smart card chip can be regarded as accessible resources in the smart memory card, and the resource management in the present invention mainly refers to the management of the smart card chip.

本实施例可以通过如下方式来实现应用程序对智能卡芯片的访问:In this embodiment, the access of the application program to the smart card chip can be realized in the following manner:

1、开发驱动程序,以使得应用程序能够访问到物理存储介质之外的地址。如何按照上述要求开发驱动程序为本领域技术人员所能实现,在此不再赘述。1. Develop a driver program to enable applications to access addresses other than physical storage media. How to develop the driver program according to the above requirements can be realized by those skilled in the art, and will not be repeated here.

2、使用存储卡扩展协议定义专用于访问智能卡芯片的命令,且保证存储卡控制器能够识别。如何定义专用命令为本领域技术人员所能实现,在此不再赘述。2. Use the memory card extension protocol to define commands dedicated to accessing the smart card chip, and ensure that the memory card controller can recognize it. How to define the dedicated command can be realized by those skilled in the art, and will not be repeated here.

3、将智能卡芯片的地址映射在物理存储介质的预设地址,使得存储卡控制器能够根据访问地址实现对扩展应用芯片的定位,在应用程序需要访问扩展应用芯片时,存储卡控制器能够定位扩展应用芯片的地址。如何实现地址映射以及基于地址映射的定位也为本领域技术人员所能实现,在此不再赘述。3. Map the address of the smart card chip to the preset address of the physical storage medium, so that the memory card controller can locate the extended application chip according to the access address. When the application program needs to access the extended application chip, the memory card controller can locate the Extends the address of the application chip. How to realize the address mapping and the positioning based on the address mapping can also be realized by those skilled in the art, and will not be repeated here.

上述3种方式均能够保证应用程序能够访问到智能卡芯片,但相比之下,开发驱动程序具有较高的开发难度、需要较长的开发周期;使用存储卡扩展协议则需要修改手机终端和存储卡控制器;而地址映射的方式则不具有前两种方式的缺陷。因此,本实施例中较佳地采用地址映射的方式。The above three methods can ensure that the application program can access the smart card chip, but in comparison, the development of the driver program is more difficult to develop and requires a longer development cycle; the use of the memory card extension protocol requires modification of the mobile phone terminal and storage device. Card controller; and the way of address mapping does not have the defects of the first two ways. Therefore, address mapping is preferably used in this embodiment.

参见图2,访问智能存储卡中的物理存储介质时,应用程序与智能存储卡通过应用接口、驱动程序和终端设备进行交互。Referring to Fig. 2, when accessing the physical storage medium in the smart memory card, the application program and the smart memory card interact through the application interface, the driver program and the terminal device.

仍参见图2,以地址映射方式保证应用程序能够访问到智能卡芯片为例,应用程序依次通过预设的接口文件、驱动程序、终端设备向智能存储卡中的智能卡芯片发送命令数据包,以供智能卡芯片中的增值应用模块执行相应的操作。相应地,智能卡芯片中的增值应用模块也会通过反向的路径向应用程序返回应答数据包。Still referring to Figure 2, taking the address mapping method to ensure that the application program can access the smart card chip as an example, the application program sequentially sends command packets to the smart card chip in the smart memory card through the preset interface file, driver program, and terminal equipment for The value-added application module in the smart card chip performs corresponding operations. Correspondingly, the value-added application module in the smart card chip will also return a response data packet to the application program through a reverse path.

其中,接口文件映射于物理存储介质中映射有智能卡芯片的预设地址,该接口文件遵从文件系统原理,占用磁盘空间的基本单位不是字节而是簇,即使某个接口文件只有一个字节,也会分配到一个最小单元、即一个簇。Among them, the interface file is mapped to the preset address of the smart card chip in the physical storage medium. The interface file follows the principle of the file system, and the basic unit of occupying disk space is not a byte but a cluster. Even if an interface file has only one byte, It will also be assigned to a smallest unit, a cluster.

应用接口需要向智能卡芯片发送命令数据包时,只需将该命令数据包写入在接口文件中,而写入在接口文件中的命令通过命令数据包的方式经由驱动程序、终端设备发送至智能存储卡,且该命令数据包的目标操作对象即可被设置为映射有智能卡芯片的预设地址。When the application interface needs to send a command packet to the smart card chip, it only needs to write the command packet in the interface file, and the command written in the interface file is sent to the smart card via the driver and the terminal device through the command packet. memory card, and the target operation object of the command data packet can be set as the preset address mapped with the smart card chip.

然后,智能存储卡中的存储卡控制器判断命令数据包的目标操作对象是否为表示扩展应用芯片的预设地址。如果目标操作对象为该预设地址,则将接口协议程序转至对扩展应用类型标识对应的扩展应用芯片操作的入口程序,并将该命令数据包传送至对应的扩展应用芯片。Then, the memory card controller in the smart memory card judges whether the target operation object of the command data packet is the preset address representing the extended application chip. If the target operation object is the preset address, the interface protocol program is transferred to the entry program for operating the extended application chip corresponding to the extended application type identifier, and the command data packet is sent to the corresponding extended application chip.

以上是对智能存储卡的结构及其基本工作原理的简要说明,下面,再针对智能存储卡的控制方法进行详细说明。The above is a brief description of the structure and basic working principle of the smart memory card, and the control method of the smart memory card will be described in detail below.

图3为本发明实施例中智能存储卡的控制方法的示例性流程图。如图3所示,该方法包括:Fig. 3 is an exemplary flow chart of a method for controlling a smart memory card in an embodiment of the present invention. As shown in Figure 3, the method includes:

步骤301,应用程序向所述智能存储卡发送命令数据包,其中携带有用于确定该应用命令数据包操作对象的目标类型、用于智能存储卡中的存储卡控制器获取命令的命令编码信息。Step 301 , the application program sends a command data packet to the smart memory card, which carries command encoding information for determining the target type of the operation object of the application command data packet and for the memory card controller in the smart memory card to acquire the command.

步骤302,智能存储卡中的存储卡控制器根据目标类型选择物理存储介质或增值应用模块为操作对象,并对命令编码信息进行解码得到对应的命令,利用解码得到的命令对选择的操作对象进行相应操作。Step 302, the memory card controller in the smart memory card selects the physical storage medium or the value-added application module as the operation object according to the target type, and decodes the command encoding information to obtain the corresponding command, and uses the decoded command to perform the operation on the selected operation object. Operate accordingly.

在本实施例中,可以将命令分为四类,按照其使用权限级别由低至高依次为第一类命令、第二类命令、第三类命令、第四类命令。In this embodiment, the commands can be divided into four types, which are the first type of commands, the second type of commands, the third type of commands, and the fourth type of commands according to their use authority levels from low to high.

智能存储卡利用第二类命令对选择的操作对象进行相应操作之前,需要应用程序通过与智能存储卡的第一级认证;Before the smart memory card uses the second type of command to perform corresponding operations on the selected operation object, the application program needs to pass the first-level authentication with the smart memory card;

智能存储卡利用第三类命令对选择的操作对象进行相应操作之前,需要应用程序通过与智能存储卡的第一级和第二级认证;Before the smart memory card uses the third type of command to perform corresponding operations on the selected operation object, the application program needs to pass the first-level and second-level authentication with the smart memory card;

智能存储卡利用第四类命令对选择的操作对象进行相应操作之前,需要应用程序通过与智能存储卡的第一级、第二级和第三级认证。Before the smart memory card uses the fourth type of command to perform corresponding operations on the selected operation object, the application program needs to pass the first level, second level and third level authentication with the smart memory card.

如果没有通过相应等级的认证,则操作失败。If the corresponding level of certification is not passed, the operation fails.

为了记录已通过认证等级,可以在所述智能存储卡中设置权限寄存器,该权限寄存器的各标志位可如表1所示。In order to record the level of authentication passed, a permission register can be set in the smart memory card, and each flag bit of the permission register can be shown in Table 1.

Figure GSB00000353938400081
Figure GSB00000353938400081

Figure GSB00000353938400091
Figure GSB00000353938400091

表1Table 1

在智能存储卡利用第二类至第四类命令对选择的操作对象进行相应操作之前,智能存储卡中的存储卡控制器可以根据权限寄存器中记录的认证等级判断是否有权限利用当前命令对选择的操作对象进行相应操作。Before the smart memory card uses the second to fourth types of commands to perform corresponding operations on the selected operation object, the memory card controller in the smart memory card can judge whether it has the right to use the current command to select according to the authentication level recorded in the permission register. The operation object performs the corresponding operation.

步骤303,智能存储卡中的存储卡控制器向应用程序发送应答数据包,其中携带有表示相应操作是否成功的应答编码信息。In step 303, the memory card controller in the smart memory card sends a response data packet to the application program, which carries response coded information indicating whether the corresponding operation is successful.

在本步骤中,应答成功是指对成功执行了命令相应的操作;对于表示失败的应答编码信息,按照失败原因还可分为多种,如表2所示。In this step, the success of the response refers to the successful execution of the corresponding operation of the command; for the response coding information indicating failure, it can be divided into multiple types according to the cause of failure, as shown in Table 2.

表2Table 2

步骤304,应用程序对应答编码信息进行解码,获知操作是否成功。Step 304, the application program decodes the response coded information to know whether the operation is successful.

至此,本流程结束。So far, this process ends.

需要说明的是,并不是所有的命令都需要应答,因而上述流程中的步骤303~步骤304为可选的步骤。It should be noted that not all commands need to be answered, so steps 303 to 304 in the above process are optional steps.

可见,基于如图1所示的结构,只需在存储卡中加入智能卡芯片即可实现功能扩展,且通过如上所述的流程即可实现对智能存储卡的管理控制。例如对智能存储卡中的资源进行管理、对智能存储卡的身份认证和权限授予等。It can be seen that, based on the structure shown in FIG. 1 , function expansion can be realized only by adding a smart card chip into the memory card, and the management and control of the smart memory card can be realized through the above-mentioned process. For example, resources in the smart memory card are managed, identity authentication and permission granting of the smart memory card are performed.

在本实施例中,命令数据包和应答数据包的格式如表3所示。In this embodiment, the formats of the command data packet and the response data packet are shown in Table 3.

  名称name   含义meaning   数据字段1Data field 1   数据包类型标识Packet Type Identifier   数据字段2Data field 2   协议版本号Protocol version number   数据字段3Data field 3   目标类型target type   数据字段4Data field 4   命令/应答编码信息Command/response encoding information   数据字段5Data field 5   数据包序列号Packet Sequence Number   数据字段6Data field 6   数据域的长度The length of the data field   数据字段7Data field 7   数据域data field

表3table 3

在表1中,除了必要的目标类型、以及编码信息之外,命令数据包和应答数据包中还可以包括:数据包类型标识、数据包所对应的协议版本号、数据包的序列号、数据域、数据包的数据域长度。In Table 1, in addition to the necessary target type and encoding information, the command data packet and the response data packet can also include: data packet type identification, protocol version number corresponding to the data packet, serial number of the data packet, data field, the length of the data field of the data packet.

数据包类型标识用于表示该应用接口数据包是命令数据包还是应答数据包,例如可用0x53AC表示命令数据包,0xAC53表示应答数据包;The data packet type identifier is used to indicate whether the application interface data packet is a command data packet or a response data packet, for example, 0x53AC can be used to indicate a command data packet, and 0xAC53 can be used to indicate a response data packet;

协议版本号表示应用接口数据包遵循的协议版本号,例如可用0x01表示第一版协议,其余类推;The protocol version number indicates the protocol version number followed by the application interface data packet. For example, 0x01 can be used to indicate the first version of the protocol, and the rest can be deduced by analogy;

目标类型表示应用接口数据包的操作对象,例如可用0x01表示操作对象为片智能卡芯片中的增值应用模块,0x02表示操作对象为物理存储介质,其余保留做扩展对象操作;The target type indicates the operation object of the application interface data packet. For example, 0x01 can be used to indicate that the operation object is a value-added application module in a smart card chip, 0x02 can indicate that the operation object is a physical storage medium, and the rest are reserved for extended object operations;

命令/应答类型编码则包括数据域内携带的命令/应答的编码信息,用于对命令/应答解码;例如,命令数据包中的编码信息为0x0,则存储卡控制器即可根据0x0解码得到表示复位的命令;应答数据包中的编码信息为0,则终端应用程序可根据0解码得到表示成功的应答;实际上,上述方式的编码信息也可看作是命令标识,而得到编码信息的一方可以根据预设的编码信息与命令/应答的对应关系,获知对应的命令/应答;The command/response type encoding includes the encoding information of the command/response carried in the data field, which is used to decode the command/response; for example, if the encoding information in the command data packet is 0x0, the memory card controller can decode it according to 0x0 to obtain the expression Reset command; if the encoded information in the response data packet is 0, the terminal application program can decode it according to 0 to obtain a successful response; in fact, the encoded information in the above method can also be regarded as a command identifier, and the party that obtains the encoded information The corresponding command/response can be obtained according to the corresponding relationship between the preset coding information and the command/response;

数据包序列号可占用4个字节,例如可用第一个字节表示数据包的发送月份,从1~12(十进制),第二个字节表示数据包的发送日期,从1~31(十进制);后两个字节表示当天发送的序列号,从0x0000~0xFFFF。The serial number of the data packet can occupy 4 bytes. For example, the first byte can be used to represent the sending month of the data packet, from 1 to 12 (decimal), and the second byte can represent the sending date of the data packet, from 1 to 31 ( Decimal system); the last two bytes represent the serial number sent on the day, from 0x0000 to 0xFFFF.

数据域的长度表示数据包内带的数据长度,数据长度最大为500(十进制),如果没有数据,则为0。如果数据域的长度不为0,则数据域中可携带命令或应答的相关数据。The length of the data field indicates the length of the data contained in the data packet. The maximum length of the data is 500 (decimal), and it is 0 if there is no data. If the length of the data field is not 0, the data field can carry relevant data of the command or response.

以下,再对各种命令及其编码信息进行详细说明。Hereinafter, various commands and their encoding information will be described in detail.

如前所述,本实施例中可以按照命令的使用权限将所有命令划分为四个类别。As mentioned above, in this embodiment, all commands can be divided into four categories according to the usage rights of the commands.

其中,第一类命令向普通用户开放;第二类命令用于高级应用、对普通用户受限开放;第三类命令用于智能存储卡厂商内部应用,基于厂商自行开发的软件对开发机构开放;第四类命令用于智能存储卡厂商内部设置,仅限于厂商内部使用。Among them, the first type of command is open to ordinary users; the second type of command is used for advanced applications and is limited to ordinary users; the third type of command is used for internal applications of smart memory card manufacturers, and is open to development organizations based on the software developed by the manufacturer itself ; The fourth type of command is used for the internal setting of the smart memory card manufacturer, and is limited to the internal use of the manufacturer.

这样,本实施例即可针对智能存储卡的生产、开发、以及用户级应用,分别对相应的功能实现控制管理。In this way, this embodiment can control and manage the corresponding functions for the production, development, and user-level applications of the smart memory card.

在本实施例中,第一类命令可以包括:对智能存储卡进行复位的命令、读取智能存储卡版本信息的命令、发送应用协议数据单元(APDU)的命令、读物理存储介质中普通区域的命令、写物理存储介质中普通区域的命令、读物理存储介质中隐藏区域的命令、写物理存储介质中隐藏区域的命令、以及分别用于认证的认证请求命令。In this embodiment, the first type of commands may include: a command to reset the smart memory card, a command to read the version information of the smart memory card, a command to send an application protocol data unit (APDU), and a command to read a common area in the physical storage medium commands, commands for writing common areas in physical storage media, commands for reading hidden areas in physical storage media, commands for writing hidden areas in physical storage media, and authentication request commands for authentication respectively.

相应地,第一类命令的编码信息可如表4所示。Correspondingly, the encoding information of the first type of command may be as shown in Table 4.

Figure GSB00000353938400111
Figure GSB00000353938400111

表4Table 4

对于对智能存储卡进行复位的命令,命令数据包中的数据域长度为0;其对应的应答数据包中,应答编码信息表示复位是否成功,而数据域中则携带有表示复位应答的标识。For the command to reset the smart memory card, the length of the data field in the command data packet is 0; in the corresponding response data packet, the response code information indicates whether the reset is successful, and the data field carries an identifier representing the reset response.

表4中所示的智能存储卡版本信息包括:产品分类号、产品版本号、产品序列号、生产厂家名称的编码信息、生产厂家名称的长度、生产厂家名称、协议版本号,具体参见表5。The smart memory card version information shown in Table 4 includes: product classification number, product version number, product serial number, encoding information of the manufacturer’s name, length of the manufacturer’s name, manufacturer’s name, and protocol version number, see Table 5 for details .

Figure GSB00000353938400122
Figure GSB00000353938400122

表5table 5

对于发送APDU的命令,数据域中则携带的数据为APDU。其中,APDU中可携带用于与网络侧交互以实现增值应用的数据。应用程序接收到智能存储卡发送的数据域中携带有APDU的应答数据包后,可将该APDU透传至网络侧;在接收到网络侧的APDU后,可将该APDU携带于编码信息表示发送APDU的命令数据包中发送至智能存储卡。For the command to send APDU, the data carried in the data field is APDU. Wherein, the APDU may carry data for interacting with the network side to implement value-added applications. After the application program receives the response data packet with APDU in the data field sent by the smart memory card, it can transparently transmit the APDU to the network side; after receiving the APDU from the network side, it can carry the APDU in the coded information to indicate sending APDU command packets are sent to the smart memory card.

如前所述,由于增值应用模块可以按照现有SIM卡的方式,经终端设备的透传与网络侧交互来实现增值应用,且SIM与网络侧的交互方式为本领域技术人员所能够实现,因而APDU中涉及所述交互的相关数据在本文中不再赘述。As mentioned above, because the value-added application module can realize the value-added application through the transparent transmission of the terminal equipment and the interaction with the network side in the way of the existing SIM card, and the interaction mode between the SIM and the network side can be realized by those skilled in the art. Therefore, relevant data related to the interaction in the APDU will not be described in detail herein.

对于读物理存储介质中普通区域和隐藏区域的命令,数据域中则携带有地址编号;对于写物理存储介质中普通区域和隐藏区域的命令,数据域中则携带有地址编号、以及待写入的数据,具体参见表6。For the command to read the common area and hidden area in the physical storage medium, the data field carries the address number; for the command to write the normal area and the hidden area in the physical storage medium, the data field carries the address number and the For details, see Table 6.

  字节偏移量byte offset   名称name   含义meaning   0~30~3   地址 address   地址编号address number

  4~5094~509   数据 data   待写入的数据data to be written

表6Table 6

对于身份认证的命令,可分为第一级认证请求命令、第二级认证请求命令、以及第三级认证请求命令。The commands for identity authentication can be divided into first-level authentication request commands, second-level authentication request commands, and third-level authentication request commands.

这三种认证请求命令可以如表4所示采用相同的命令编码信息,但分别在数据域中携带不同的命令标识,当然,也可采用不同的命令编码信息,这样就无需在数据域中携带命令标识。These three types of authentication request commands can use the same command encoding information as shown in Table 4, but carry different command identifiers in the data field respectively. Of course, different command encoding information can also be used, so that there is no need to carry in the data field Command ID.

第一级认证也可称作简单认证,该流程包括:The first level of certification, also known as simple certification, involves:

1a、应用程序将命令数据包中的编码信息设置为认证请求命令的命令编码信息,并将包含有用于识别当前使用应用程序的用户身份的特征信息的第一级认证请求(SimAuthRequire)命令,携带于命令数据包的数据域中发送至智能存储卡;1a. The application program sets the encoding information in the command data packet as the command encoding information of the authentication request command, and uses the first-level authentication request (SimAuthRequire) command containing the feature information for identifying the identity of the user currently using the application program to carry sent to the smart memory card in the data field of the command packet;

1b、智能存储卡中的存储卡控制器对命令数据包中的特征信息与智能存储卡中存储的特征信息进行匹配,并将包含有匹配结果的认证结果(SimAuthResult)信息携带于应答数据包的数据域中返回给应用程序。当然,本步骤也可以将应答数据包的应答编码信息设置为表示成功的应答编码信息,而不在数据域中携带AuthResult信息。如果智能存储卡中存储的特征信息在物理存储介质中,则携带有SimAuthRequire命令的命令数据包的目标操作对象表示物理存储介质,否则,表示智能卡芯片中的增值应用模块。1b. The memory card controller in the smart memory card matches the characteristic information in the command data packet with the characteristic information stored in the smart memory card, and carries the authentication result (SimAuthResult) information containing the matching result in the response data packet returned to the application in the data field. Certainly, in this step, the response encoding information of the response data packet may also be set as response encoding information indicating success, without carrying AuthResult information in the data field. If the feature information stored in the smart memory card is in the physical storage medium, the target operation object of the command packet carrying the SimAuthRequire command represents the physical storage medium; otherwise, it represents the value-added application module in the smart card chip.

其中,SimAuthRequire的格式如表7所示,其中包括:SimAuthRequire的命令标识、SimAuthRequire的长度、标识当前第一级认证交互的会话标识(SessionID)、特征信息(CharInfo)、以及特征信息的类型(CharInfoCat)。Among them, the format of SimAuthRequire is shown in Table 7, which includes: the command identifier of SimAuthRequire, the length of SimAuthRequire, the session identifier (SessionID) identifying the current first-level authentication interaction, characteristic information (CharInfo), and the type of characteristic information (CharInfoCat ).

  字段field   长度 length   类型 type   SimAuthRequire的命令标识Command ID for SimAuthRequire   2字节2 bytes   整型Integer   SimAuthRequire的长度The length of SimAuthRequire   2字节2 bytes   整型Integer   SessionIDSessionID   2字节2 bytes   整型Integer   保留字段 reserved text   2字节2 bytes   整型Integer   特征信息Feature information   1字节1 byte   整型Integer   特征信息的类型type of feature information   变量variable   整型/字符串Integer/String

表7Table 7

在表7中,特征信息类型至少可以包括:用户名和密码、智能存储卡的唯一标识,分别由0x00和0x01表示。特征信息为应用程序和智能存储卡间共享的信息,长度任意。In Table 7, the characteristic information type may at least include: a user name and a password, and a unique identifier of a smart memory card, represented by 0x00 and 0x01 respectively. The characteristic information is the information shared between the application program and the smart memory card, and the length is arbitrary.

SimAuthResult的格式如表8所示,其中包括:SimAuthResult的应答标识、SimAuthResult的长度、标识当前第一级认证交互的SessionID、认证结果(VerifyResult)为失败时的失败原因、表示是否进行密钥协商的密钥协商标识(KAFlag)。The format of SimAuthResult is shown in Table 8, which includes: the response identifier of SimAuthResult, the length of SimAuthResult, the SessionID that identifies the current first-level authentication interaction, the failure reason when the authentication result (VerifyResult) fails, and whether to perform key negotiation Key agreement flag (KAFlag).

  字段field   长度 length   类型 type   应答标识Response ID   2字节2 bytes   整型Integer   第一级认证结果的长度The length of the first-level certification result   2字节2 bytes   整型Integer   SessionIDSessionID   2字节2 bytes   整型Integer   失败原因Reason for failure   2字节2 bytes   整型Integer   认证结果Certification result   1字节1 byte   整型Integer   密钥协商标识key agreement identifier   1字节1 byte   整型Integer   保留字段 reserved text   2字节2 bytes   整型Integer

表8Table 8

第二级认证也可称作有限认证,该流程包括:The second level of certification, also known as limited certification, involves:

2a、应用程序将命令数据包中的编码信息设置为认证请求命令的编码信息,生成64bit的第一随机数,并将包含有第一随机数的第二级认证请求(LimAuthRequire)命令携带于命令数据包的数据域中发送至智能存储卡;2a. The application program sets the encoding information in the command packet as the encoding information of the authentication request command, generates a 64-bit first random number, and carries the second-level authentication request (LimAuthRequire) command containing the first random number in the command sent to the smart memory card in the data field of the data packet;

2b、智能存储卡中的存储卡控制器利用预设的密钥种子对第一随机数进行哈希(Hash)运算得到第一Hash运算结果,将包含有第一Hash运算结果的第二级认证应答(LimAuthResponse)携带于应答数据包数据域中返回给应用程序;如果预设的密钥种子存储于物理存储介质,则携带有LimAuthRequire命令的命令数据包的目标操作对象表示物理存储介质,否则表示智能卡芯片中的增值应用模块;2b. The memory card controller in the smart memory card uses the preset key seed to perform a hash (Hash) operation on the first random number to obtain the first Hash operation result, and will include the second-level authentication of the first Hash operation result The response (LimAuthResponse) is carried in the data field of the response packet and returned to the application program; if the preset key seed is stored in the physical storage medium, the target operation object of the command packet carrying the LimAuthRequire command represents the physical storage medium, otherwise it represents Value-added application modules in smart card chips;

2c、应用程序利用与存储卡控制器相同的密钥种子对其生成的第一随机数进行Hash运算,并将得到的第二Hash运算结果与应答数据包中的第一Hash运算结果进行比较,如果二者相同,则将表示认证成功的第二级认证结果(LimAuthResult)携带于命令数据包的数据域发送至智能存储卡。2c. The application program uses the same key seed as that of the memory card controller to perform Hash operation on the first random number generated by it, and compares the obtained second Hash operation result with the first Hash operation result in the response data packet, If the two are the same, the second-level authentication result (LimAuthResult) indicating successful authentication is carried in the data field of the command packet and sent to the smart memory card.

其中,LimAuthRequire的格式如表9所示,其中包括:LimAuthRequire的命令标识、LimAuthRequire的长度、标识当前第二级认证交互的SessionID、Hash算法类型标识(HashAlgorithm)、Hash算法密钥长度(HashKeyLen)、Hash算法的密钥(HashKey)、密钥种子标识(SeedID)、第一随机数。Among them, the format of LimAuthRequire is shown in Table 9, which includes: the command identifier of LimAuthRequire, the length of LimAuthRequire, the SessionID identifying the current second-level authentication interaction, the Hash algorithm type identifier (HashAlgorithm), the Hash algorithm key length (HashKeyLen), The key (HashKey) of the Hash algorithm, the key seed identifier (SeedID), and the first random number.

  字段field   长度 length   类型 type   LimAuthRequire的命令标识Command ID for LimAuthRequire   2字节2 bytes   整型Integer   LimAuthRequire的长度The length of LimAuthRequire   2字节2 bytes   整型Integer

  SessionIDSessionID   2字节2 bytes   整型Integer   HashAlgorithmHashAlgorithm   4字节4 bytes   整型Integer   HashKeyLenHashKeyLen   2字节2 bytes   整型Integer   HashKeyHashKey   变量variable   整型Integer   SeedIDSeedID   2字节2 bytes   整型Integer   第一随机数The first random number   8字节8 bytes   整型Integer   保留字段 reserved text   2字节2 bytes   整型Integer

表9Table 9

LimAuthResponse的格式如表10所示,包括:LimAuthResponse的应答标识、LimAuthResponse的长度、标识当前第二级认证交互的SessionID、Hash运算错误时的错误原因、第一Hash运算结果的长度、第一Hash运算结果(HashVal)。The format of the LimAuthResponse is shown in Table 10, including: the response identifier of the LimAuthResponse, the length of the LimAuthResponse, the SessionID identifying the current second-level authentication interaction, the error reason when the Hash operation is wrong, the length of the first Hash operation result, and the first Hash operation result(HashVal).

 字段field   长度 length   类型 type  LimAuthResponse的应答标识Response ID of LimAuthResponse   2字节2 bytes   整型Integer  LimAuthResponse的长度Length of LimAuthResponse   2字节2 bytes   整型Integer  SessionIDSessionID   2字节2 bytes   整型Integer  错误原因 wrong reason   2字节2 bytes   整型Integer  第一Hash运算结果的长度The length of the first Hash operation result   2字节2 bytes   整型Integer  HashValHashVal   变量variable   整型Integer  保留字段 reserved text   2字节2 bytes   整型Integer

表10Table 10

第三级认证也可称作增强认证,该流程包括:Level 3 Certification, also known as Enhanced Certification, involves:

3a、应用程序将命令数据包中的编码信息设置为认证请求命令的编码信息,并生成第二随机数与第三级认证请求(EnhAuthRequire)命令一起携带于命令数据包的数据域中发送至智能存储卡;3a. The application program sets the coded information in the command data packet as the coded information of the authentication request command, and generates a second random number to carry in the data field of the command data packet together with the third-level authentication request (EnhAuthRequire) command and send it to the smart storage card;

3b、智能存储卡中的存储卡控制器生成第三随机数,并对第三随机数与命令数据包中的第二随机数进行异或运算,然后利用智能存储卡中的预设公钥证书所对应的私钥对异或运算结果进行数字签名;将包含有公钥证书和数字签名的第三级应答(EnhAuthResponse)携带于应答数据包数据域中返回给应用程序;如果预设的公钥证书及其对应的私钥存储于物理存储介质,则携带有EnhAuthRequire命令的命令数据包的目标操作对象表示物理存储介质,否则表示智能卡芯片中的增值应用模块;3b. The memory card controller in the smart memory card generates a third random number, and performs an XOR operation on the third random number and the second random number in the command packet, and then uses the preset public key certificate in the smart memory card The corresponding private key digitally signs the XOR operation result; carries the third-level response (EnhAuthResponse) containing the public key certificate and digital signature in the data field of the response packet and returns it to the application; if the preset public key The certificate and its corresponding private key are stored in the physical storage medium, then the target operation object of the command packet carrying the EnhAuthRequire command represents the physical storage medium, otherwise it represents the value-added application module in the smart card chip;

3c、应用程序利用应答数据包中的公钥证书对数字签名进行验证,如果验证通过,则将表示认证成功的第三级认证结果(EnhAuthResult)携带于命令数据包的数据域发送至智能存储卡。3c. The application program uses the public key certificate in the response packet to verify the digital signature. If the verification is passed, the third-level authentication result (EnhAuthResult) that indicates successful authentication is carried in the data field of the command packet and sent to the smart memory card .

其中,EnhAuthRequire的格式如表11所示,包括:EnhAuthRequire的命令标识、EnhAuthRequire的长度、标识当前第三级认证交互的SessionID、第二随机数。Wherein, the format of EnhAuthRequire is shown in Table 11, including: the command identifier of EnhAuthRequire, the length of EnhAuthRequire, the SessionID identifying the current third-level authentication interaction, and the second random number.

  字段field   长度 length   类型 type   EnhAuthRequire的命令标识Command ID for EnhAuthRequire   2字节2 bytes   整型Integer   EnhAuthRequire的长度The length of EnhAuthRequire   2字节2 bytes   整型Integer   SessionIDSessionID   2字节2 bytes   整型Integer   第二随机数second random number   8字节8 bytes   整型Integer   保留字段 reserved text   2字节2 bytes   整型Integer

表11Table 11

EnhAuthResponse的格式如表12所示,包括:EnhAuthResponse的应答标识、EnhAuthResponse的长度、标识当前第三级认证交互的SessionID、异或运算或签名处理错误时的错误原因、数字签名的算法类型标识(SignAlgorithm)、第三随机数、数字签名长度(SignLen)、数字签名(Signature)、公钥证书长度(PKCertificateLen)、公钥证书(PKCertificate)。The format of EnhAuthResponse is shown in Table 12, including: the response identifier of EnhAuthResponse, the length of EnhAuthResponse, the SessionID identifying the current third-level authentication interaction, the error reason when XOR operation or signature processing error, and the algorithm type identification of digital signature (SignAlgorithm ), the third random number, the digital signature length (SignLen), the digital signature (Signature), the public key certificate length (PKCertificateLen), and the public key certificate (PKCertificate).

 字段field   长度 length   类型 type  EnhAuthResponse的应答标识Response ID of EnhAuthResponse   2字节2 bytes   整型Integer  EnhAuthResponse的长度The length of EnhAuthResponse   2字节2 bytes   整型Integer  SessionIDSessionID   2字节2 bytes   整型Integer  错误原因 wrong reason   2字节2 bytes   整型Integer  SignAlgorithmSign Algorithm   2字节2 bytes   整型Integer  第三随机数third random number   8字节8 bytes   整型Integer  SignLenSignLen   2字节2 bytes   整型Integer

 SignatureSignature   变量variable   整型/字符串Integer/String  PKCertificateLenPKCertificateLen   2字节2 bytes   整型Integer  PKCertificatePKCertificate   变量variable   整型/字符串Integer/String  保留字段 reserved text   2字节2 bytes   整型Integer

表12Table 12

上述各级认证之间的关系可以如图4所示。智能存储卡开始与应用程序交互后,便可以使用第一类命令以实现普通应用;经过第一级认证后可使用第二类命令以实现高级应用,同时可以使用第一类命令以实现普通应用;经过第二级认证后可使用第三类命令以实现厂商内部应用并最终交由发卡商使用,同时可使用第二类命令以实现高级应用,也可以使用第一类命令以实现普通应用;经过第三级认证后可使用第四类命令以实现厂商内部应用并由厂商自己使用,同时可使用第三类命令以实现厂商内部应用并最终交由发卡商使用,也可使用第二类命令以实现高级应用,还可使用第一类命令以实现普通应用。The relationship between the above-mentioned levels of authentication may be shown in FIG. 4 . After the smart memory card starts to interact with the application program, the first type of commands can be used to realize common applications; after the first level of authentication, the second type of commands can be used to realize advanced applications, and the first type of commands can be used to realize common applications ; After passing the second-level certification, the third type of commands can be used to realize the internal application of the manufacturer and finally handed over to the card issuer for use. At the same time, the second type of commands can be used to achieve advanced applications, and the first type of commands can also be used to achieve common applications; After the third-level certification, the fourth type of command can be used to realize the manufacturer's internal application and be used by the manufacturer itself. At the same time, the third type of command can be used to realize the manufacturer's internal application and finally be used by the card issuer. The second type of command can also be used In order to realize advanced applications, the first type of commands can also be used to realize ordinary applications.

上述各级认证所涉及的加解密、Hash运算、以及密钥协商等过程均为本领域技术人员所能够实现,在本文中不再赘述。The processes of encryption and decryption, Hash operation, and key negotiation involved in the above-mentioned authentication levels at all levels can be realized by those skilled in the art, and will not be repeated here.

在本实施例中,可以在智能存储卡中设置用于记录物理存储介质读写使能信息的控制寄存器。这样,在利用解码得到的命令对物理存储介质进行相应操作之前,可以根据控制寄存器中记录的读写使能信息,判断是否允许利用当前命令对物理存储介质进行读写操作。In this embodiment, a control register for recording read and write enable information of the physical storage medium may be set in the smart memory card. In this way, before using the decoded commands to perform corresponding operations on the physical storage medium, it may be determined whether the current command is allowed to perform read and write operations on the physical storage medium according to the read and write enable information recorded in the control register.

控制寄存器中表示读写使能信息的各标志位可以如表13所示,包括:表示物理存储介质是否可访问的通用使能信息、表示物理存储介质的普通区域是否可写的写使能信息、表示物理存储介质的普通区域是否可读的读使能信息。The flag bits representing the read-write enable information in the control register can be as shown in Table 13, including: general enable information indicating whether the physical storage medium is accessible, write enable information indicating whether the common area of the physical storage medium is writable , read enable information indicating whether the common area of the physical storage medium is readable.

Figure GSB00000353938400181
Figure GSB00000353938400181

表13Table 13

而本实施例中的第二类命令则主要是针对控制寄存器的,具体包括:读控制寄存器的命令、写控制寄存器的命令,第二类命令还可以包括表示同时发送多个APDU的命令。The second type of command in this embodiment is mainly aimed at the control register, and specifically includes: a command to read the control register, a command to write the control register, and the second type of command may also include a command indicating to send multiple APDUs at the same time.

第二类命令的命令编码信息参见表14。For the command encoding information of the second type of command, see Table 14.

Figure GSB00000353938400182
Figure GSB00000353938400182

Figure GSB00000353938400191
Figure GSB00000353938400191

表14Table 14

此外,在本实施例中,还可以在智能存储卡中设置用于记录下载和预个人化使能信息的特殊控制寄存器。这样,在利用解码得到的命令对选择的操作对象进行相应操作之前,可以根据特殊控制寄存器中记录的下载和预个人化使能信息,判断是否允许下载应用程序和/或是否允许预个人化。对于如何实现预个人化为本领域技术人员所能够实现,在此不再赘述。In addition, in this embodiment, a special control register for recording download and pre-personalization enabling information may also be set in the smart memory card. In this way, before using the decoded command to perform corresponding operations on the selected operation object, it can be determined whether to allow downloading of application programs and/or whether to allow pre-personalization according to the download and pre-personalization enabling information recorded in the special control register. How to implement pre-personalization can be realized by those skilled in the art, and will not be repeated here.

特殊控制寄存器中表示读写使能信息的各标志位可以如表15所示。Each flag bit representing the read-write enable information in the special control register may be as shown in Table 15.

Figure GSB00000353938400192
Figure GSB00000353938400192

表15Table 15

而本实施例中的第三类命令则主要是针对特殊控制寄存器的,具体包括:读特殊控制寄存器的命令、写特殊控制寄存器的命令。第三类命令的命令编码信息参见表16。The third type of commands in this embodiment is mainly for special control registers, specifically including: commands for reading special control registers and commands for writing special control registers. For the command encoding information of the third type of command, see Table 16.

表16Table 16

本实施例中的第四类命令包括:写智能存储卡版本信息的命令、测试智能存储卡的命令、初始化智能存储卡的命令、读智能存储卡中密钥的命令、写智能存储卡中密钥的命令。第四类命令的编码信息参见表17。The fourth type of commands in this embodiment include: commands for writing version information of smart memory cards, commands for testing smart memory cards, commands for initializing smart memory cards, commands for reading keys in smart key command. For the encoding information of the fourth type of command, see Table 17.

Figure GSB00000353938400201
Figure GSB00000353938400201

表17Table 17

其中,测试智能存储卡的命令可针对不同的测试对象,对应不同对象的测试命令具有不同的测试命令标识,具体参见表18。Wherein, the command to test the smart memory card may be aimed at different test objects, and the test commands corresponding to different objects have different test command identifiers, see Table 18 for details.

Figure GSB00000353938400202
Figure GSB00000353938400202

表18Table 18

对于如何实现回环测试为本领域技术人员所能够实现,在此不再赘述。How to implement the loopback test can be realized by those skilled in the art, and will not be repeated here.

以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所作的任何修改、等同替换以及改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (18)

1. the control method of an intelligent memory card comprises memory card controller and physical storage medium in the described intelligent memory card, it is characterized in that, also carries the valued added applications module that is used to realize valued added applications in the described intelligent memory card, and this method comprises:
Application program sends command packet, wherein carries the target type that is used for determining this command packet operand, is used for the command code information that memory card controller obtains order;
It is operand that memory card controller is selected physical storage medium or valued added applications module according to described target type, and described command code information decoding obtained corresponding order, the order that utilizes decoding to obtain is carried out corresponding operating to the operand of selecting, send the reply data bag to application program then, carry the whether successful encoding the response information of the described corresponding operating of expression in this reply data bag;
Wherein, described order is divided into four classes, is followed successively by first kind order, the second class order, the 3rd class order, the 4th class order from low to high according to its rights of using rank;
Utilize the second class order that the operand of selecting is carried out before the corresponding operating, this method further comprises: application program by with the first order authentication of intelligent memory card;
Utilize the 3rd class order that the operand of selecting is carried out before the corresponding operating, this method further comprises: application program by with the first order and the second level authentication of intelligent memory card;
Utilize the 4th class order that the operand of selecting is carried out before the corresponding operating, this method further comprises: application program by with the first order, the second level and the third level authentication of intelligent memory card.
2. the method for claim 1, it is characterized in that, further carry in the described command packet: be used to represent that the type of data packet of command packet identifies, is used to represent that sequence number, this command packet of the pairing protocol version of this command packet, this command packet are used to carry the data field of data, the data field length of this command packet;
Further carry in the described reply data bag: be used to represent that the type of data packet of reply data bag identifies, is used to represent the sequence number of the pairing protocol version of this reply data bag, this reply data bag, the data field of this reply data bag, the data field length of this reply data bag.
3. the method for claim 1 is characterized in that, is provided for writing down the authority register that passes through authentication grade in described intelligent memory card;
Utilize the four class orders of second class to that the operand of selecting is carried out before the corresponding operating, this method further comprises: memory card controller judges whether that according to the authentication grade that writes down in the authority register authority utilizes the current command that the operand of selecting is carried out corresponding operating.
4. method as claimed in claim 3, it is characterized in that described first kind order comprises: order, the order of reading the intelligent memory card version information, the order that sends Application Protocol Data Unit APDU, reading matter that intelligent memory card resets are managed the order of hidden area in the order of normal areas in the storage medium, the order of writing normal areas in the physical storage medium, the reading matter reason storage medium, the authentication request order of writing the order of hidden area in the physical storage medium and being respectively applied for authentication.
5. method as claimed in claim 4, it is characterized in that described intelligent memory card version information comprises: product classification number, Production Version, product ID, the coded message of manufacturer's title, the length of manufacturer's title, manufacturer's title, protocol version.
6. whether read-write method as claimed in claim 4 is characterized in that, in described intelligent memory card control register is set, wherein record physical storage medium enable information.
7. method as claimed in claim 4 is characterized in that, comprises the order of first order authentication request in the described authentication request order, and described first order authentication comprises:
Coded message in the application program command packet is set to the command code information of authentication request order, and will include the first order authentication request order of the characteristic information of the user identity that is used to discern current use application program, be carried in the data field of command packet and be sent to memory card controller;
Memory card controller mates the characteristic information of storing in characteristic information in the command packet and the intelligent memory card, and the first order authentication result that will include matching result is carried in the data field of reply data bag and returns to application program.
8. method as claimed in claim 7 is characterized in that,
Further comprise in the order of described first order authentication request: the length of the command id of first order authentication request order, the order of first order authentication request, the current first order of sign authenticate the mutual session identification and the type of characteristic information;
Further comprise in the described first order authentication result: whether the length of replying sign, first order authentication result of first order authentication result, mutual session identification, the failure cause when authentication result is failure, the expression of the current first order authentication of sign carry out the key agreement sign of key agreement.
9. method as claimed in claim 5 is characterized in that, comprises second level authentication request order in the described authentication request order, and the authentication of the described second level comprises:
Coded message in the application program command packet is set to the coded message of authentication request order, generate first random number, and the second level authentication request order that will include first random number is carried in the data field of command packet and is sent to memory card controller;
The default key seed of memory card controller utilization is carried out Hash Hash computing to first random number and is obtained a Hash operation result, and the second level authentication response that will include a Hash operation result is carried in the data field of reply data bag and returns to application program;
The application program utilization key seed identical with memory card controller carried out the Hash computing to first random number of its generation, and the 2nd Hash operation result that will obtain and the Hash operation result in the reply data bag compare, if the two is identical, the data field that the second level authentication result that then will represent authentication success is carried on command packet is sent to memory card controller.
10. method as claimed in claim 9 is characterized in that,
Further comprise in the authentication request order of the described second level: the length of the command id of second level authentication request order, second level authentication request order, mutual session identification, hash algorithm type identification, hash algorithm key length, the key of hash algorithm, the key seed sign of sign current second level authentication;
Further comprise in the authentication response of the described second level: the length of replying sign, second level authentication response of second level authentication response, the error reason when the current second level of sign authenticates mutual session identification, Hash operation mistake, the length of a Hash operation result.
11. method as claimed in claim 4 is characterized in that, comprises the order of third level authentication request in the described authentication request order, described third level authentication comprises:
Coded message in the application program command packet is set to the coded message of authentication request order, and generates second random number and be carried in the data field of command packet with the order of third level authentication request and be sent to memory card controller;
Memory card controller generates the 3rd random number, and second random number in the 3rd random number and the command packet is carried out XOR, utilizes the pairing private key of default public key certificate in the intelligent memory card that the XOR result is carried out digital signature then; The third level authentication response that will include described public key certificate and digital signature is carried in the data field of reply data bag and returns to application program;
Application program utilizes the public key certificate in the reply data bag that digital signature is verified, if the verification passes, the data field that the third level authentication result that then will represent authentication success is carried on command packet is sent to memory card controller.
12. method as claimed in claim 11 is characterized in that,
Further comprise in the order of described third level authentication request: the length of the command id of third level authentication request order, the order of third level authentication request, the mutual session identification of the current third level authentication of sign;
Further comprise in the described third level authentication response: the length of replying sign, third level authentication response of third level authentication response, error reason, the algorithm types sign of digital signature, the 3rd random number, digital signature length, public key certificate length when mutual session identification, XOR or the signature of the current third level authentication of sign handled mistake.
13. method as claimed in claim 3 is characterized in that, is provided for writing down the control register of physical storage medium read-write enable information in described intelligent memory card;
The order that utilizing decodes obtains is carried out before the corresponding operating to physical storage medium, this method further comprises: memory card controller judges whether to allow to utilize the current command that physical storage medium is carried out read-write operation according to the read-write enable information that writes down in the control register.
14. method as claimed in claim 13, it is characterized in that described enable information comprises: the expression physical storage medium whether the normal areas of addressable general enable information, expression physical storage medium whether can write the normal areas of writing enable information, expression physical storage medium whether readable read enable information.
15. method as claimed in claim 13 is characterized in that, the described second class order comprises: the order of read control register, the order of write control register, expression send the order of a plurality of Application Protocol Data Unit APDU simultaneously.
16. method as claimed in claim 3 is characterized in that, is provided for writing down the special control register of downloading and individualizing enable information in advance in described intelligent memory card;
The order that utilizing decodes obtains is carried out before the corresponding operating to the operand of selecting, this method further comprises: whether memory card controller judges whether to allow the down load application program and/or allows pre-individualized according to download of writing down in the special control register and pre-individualized enable information.
17. method as claimed in claim 16 is characterized in that, described the 3rd class order comprises: read special control register order, write the order of special control register.
18. method as claimed in claim 3, it is characterized in that described the 4th class order comprises: write the intelligent memory card version information order, test intelligent memory card order, initialization intelligent memory card order, read key in the intelligent memory card order, write the order of key in the intelligent memory card.
CN2008101116245A 2008-05-15 2008-05-15 Method for controlling intelligent storing card Expired - Fee Related CN101282347B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101116245A CN101282347B (en) 2008-05-15 2008-05-15 Method for controlling intelligent storing card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101116245A CN101282347B (en) 2008-05-15 2008-05-15 Method for controlling intelligent storing card

Publications (2)

Publication Number Publication Date
CN101282347A CN101282347A (en) 2008-10-08
CN101282347B true CN101282347B (en) 2011-04-06

Family

ID=40014621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101116245A Expired - Fee Related CN101282347B (en) 2008-05-15 2008-05-15 Method for controlling intelligent storing card

Country Status (1)

Country Link
CN (1) CN101282347B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009019982A1 (en) * 2009-05-05 2010-11-18 Giesecke & Devrient Gmbh Method for accessing a portable storage medium with an add-on module and a portable storage medium
CN101765101B (en) * 2009-12-15 2013-08-21 大唐微电子技术有限公司 Method and system for aerially writing personalized card
CN102377570B (en) * 2011-11-07 2014-03-12 飞天诚信科技股份有限公司 Method and device for generating dynamic passwords
CN103297849B (en) * 2012-02-24 2018-02-27 北京四达时代软件技术股份有限公司 A kind of method for generating bi-directional set-top box MAC Address
CN105528291B (en) * 2015-12-04 2018-05-15 中国联合网络通信集团有限公司 Application program of intelligent card remote test method and device
CN108985396B (en) * 2018-06-12 2020-05-19 Oppo广东移动通信有限公司 Matching method and device of radio frequency chip

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050204092A1 (en) * 2004-03-11 2005-09-15 Taishi Masuyama Memory card device, and memory card control method for controlling the device
CN101105776A (en) * 2007-01-10 2008-01-16 上海瀚银信息技术有限公司 Standard extension card with embedded CPU IC and method for realizing electronic payment
CN101145141A (en) * 2006-09-14 2008-03-19 北京欣网科科技有限公司 Peripheral device using universal external memory card for extension and its data processing method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050204092A1 (en) * 2004-03-11 2005-09-15 Taishi Masuyama Memory card device, and memory card control method for controlling the device
CN101145141A (en) * 2006-09-14 2008-03-19 北京欣网科科技有限公司 Peripheral device using universal external memory card for extension and its data processing method
CN101105776A (en) * 2007-01-10 2008-01-16 上海瀚银信息技术有限公司 Standard extension card with embedded CPU IC and method for realizing electronic payment

Also Published As

Publication number Publication date
CN101282347A (en) 2008-10-08

Similar Documents

Publication Publication Date Title
US8789195B2 (en) Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
US8447889B2 (en) Portable mass storage device with virtual machine activation
CN106161359A (en) The method and device of certification user, the method and device of registration wearable device
KR101019354B1 (en) A method for realizing data security storage and algorithm memory through semiconductor memory device
CN101282347B (en) Method for controlling intelligent storing card
US12069173B2 (en) Key recovery based on contactless card authentication
JP2000148567A (en) Method for storing data object in memory of smart card
CN104680389A (en) NFC mobile phone terminal anti-fake system and method based on time encryption
CN102799803A (en) Secure removable media and method for managing the same
CN107766738A (en) A kind of binding method of smart machine, device and system, communication system
CN107679370A (en) A kind of device identification generation method and device
CN101595488A (en) Method and apparatus for binding content to separate storage devices
CN114491682A (en) Virtual Subscriber Identification Module and Virtual Smart Card
CN117203939A (en) Security management of accounts on a display device using contactless cards
CN114223176B (en) A certificate management method and device
CN101866411A (en) Security certification and encryption method and system of multi-application noncontact-type CPU card
CN111259364B (en) A method, device, device and storage medium for using a national secret encryption card
CN110533128B (en) Encryption-based anti-counterfeiting traceability data processing method, device, system and medium
CN106529271A (en) Terminal and binding check method thereof
CN114039736B (en) A Method of Dynamically Loading Encryption Engine
CN103914642A (en) USB (universal serial bus) KEY-based security suite structure system
CN113364593B (en) A method and system for eSIM chip identity authentication
CN117077142A (en) Tracking activity of components in endpoints having secure memory devices via authentication
CN110048831A (en) The distribution method and diostribution device of POS terminal master key
JP4052158B2 (en) IC card system and IC card issuing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: CHINA POTEVIO CO., LTD.

Free format text: FORMER OWNER: PUTIAN IT TECH INST CO., LTD.

Effective date: 20130922

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20130922

Address after: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Patentee after: China Potevio Information Industry Co., Ltd.

Address before: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Patentee before: Putian IT Tech Inst Co., Ltd.

ASS Succession or assignment of patent right

Owner name: PUTIAN IT TECH INST CO., LTD.

Free format text: FORMER OWNER: CHINA POTEVIO CO., LTD.

Effective date: 20131211

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20131211

Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Patentee after: Putian IT Tech Inst Co., Ltd.

Address before: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Patentee before: China Potevio Information Industry Co., Ltd.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110406

Termination date: 20210515

CF01 Termination of patent right due to non-payment of annual fee