CN111966443A - Intelligent card and working method thereof - Google Patents
Intelligent card and working method thereof Download PDFInfo
- Publication number
- CN111966443A CN111966443A CN201910419364.6A CN201910419364A CN111966443A CN 111966443 A CN111966443 A CN 111966443A CN 201910419364 A CN201910419364 A CN 201910419364A CN 111966443 A CN111966443 A CN 111966443A
- Authority
- CN
- China
- Prior art keywords
- application
- virtual machine
- smart card
- instruction
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000006870 function Effects 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 12
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000011017 operating method Methods 0.000 claims description 4
- 238000013519 translation Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000015572 biosynthetic process Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- JEIPFZHSYJVQDO-UHFFFAOYSA-N iron(III) oxide Inorganic materials O=[Fe]O[Fe]=O JEIPFZHSYJVQDO-UHFFFAOYSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45516—Runtime code conversion or optimisation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The application discloses a smart card and a working method thereof, which comprises the following steps: responding to a command for calling the application, and starting the virtual machine; the virtual machine converts the statements composed of binary byte codes in the application into at least one virtual machine instruction which can be recognized by the smart card operating system. According to the smart card, the application is generated by using the binary instruction format and is read and executed by matching with the specific virtual machine working method, so that the binary format file can be executed on the smart card, the universal hardware performance is exerted, and the smart card runs at the speed of the native application.
Description
Technical Field
The application relates to the field of smart cards, in particular to a smart card and a working method thereof.
Background
The existing smart card basically adopts Java technology, and the Java technology is widely accepted by the industry. The Java Card technology includes three parts, Java Card Runtime Environment (JCRE), Java Card Virtual Machine (JCVM), and Java Card Application Programming Interface (JCAPI).
Virtual machines are the key for achieving application independence and application platform independence. The method is an abstraction of real computer resources, provides a set of complete virtual machine interfaces for an interpreted language, namely defines a virtual command set, and provides a portable interface between an application program developed by the interpreted language and the computer resources. At the time of interpretation execution, each time a virtual command is submitted to the virtual machine for execution. The Java card virtual machine comprises two parts, and the upper part of the card comprises a Java card bytecode interpreter. The Java card converter is an off-card part, running on a PC or workstation. The on-card and off-card portions together implement the full functionality of the virtual machine. The converter loads and preprocesses class files constituting the Java package and outputs a cap (converted applet) file. The CAP file is then loaded into the Java smart card and executed by the interpreter.
The existing smart card system based on Java technology has the technical problem of low execution efficiency.
Disclosure of Invention
The application aims to provide the smart card which is higher in execution efficiency, higher in running speed and compatible.
The application provides a smart card working method, which comprises the following steps: responding to a command for calling the application, and starting the virtual machine; the virtual machine converts the statements composed of binary byte codes in the application into at least one virtual machine instruction which can be recognized by the smart card operating system.
Preferably, the application is composed of a plurality of modules, each module being composed of a binary byte code.
Preferably, the at least one virtual machine instruction forms a virtual machine instruction set, and the plurality of virtual machine instruction sets form a global instruction queue.
Preferably, the virtual context is mapped into the smart card memory upon exiting the application using the execution data during the virtual context save translation.
Preferably, the virtual machine circularly reads the global instruction queue and executes the corresponding function of the application.
The smart card working method provided by the application has the steps as described above, and since the application is generated by using the binary instruction format and is read and executed in cooperation with the specific virtual machine working method, the binary format file can be executed on the smart card, and the smart card can exert the general hardware performance and run at the speed of the native application.
In addition, the present application also provides a smart card, comprising the following components: a memory to store an application; and the virtual machine responds to a command for calling the application and converts a statement consisting of binary byte codes in the application into at least one virtual machine instruction which can be recognized by the smart card operating system.
Preferably, the application is composed of a plurality of modules, each module being composed of a binary byte code.
Preferably, the virtual machine comprises the following subcomponents:
the virtual Context VM Context is used for storing the execution data in the conversion process;
the initialization module VM Init is used for initializing the virtual machine when the virtual machine is started;
an Exit module VM Exit, which maps the virtual context into the smart card memory when exiting the application;
the Dispatcher converts a statement consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by an operating system of the smart card;
and the executor circularly reads the virtual machine instruction and executes the corresponding function of the application.
Preferably, the smart card further comprises: the at least one virtual machine instruction forms a virtual machine instruction set, and the plurality of virtual machine instruction sets form a global instruction queue.
Preferably, a plurality of applications are stored in the smart card, and the application boundary limitation is realized by fixing the size of the storage space and the address verification.
Because the smart card provided by the application is suitable for the smart card working method, the smart card has the same beneficial effects as the smart card working method, and the description is omitted here.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a smart card in an embodiment of the present application;
FIG. 2 is a schematic diagram of a smart card according to a second embodiment of the present application;
FIG. 3 is a schematic diagram of an application boundary;
fig. 4 is a schematic structural diagram of a virtual machine in the embodiment of the present application;
FIG. 5 is a flow chart of the operation of a smart card in an embodiment of the present application;
FIG. 6 is a schematic diagram of an application formation process;
FIG. 7 is a schematic diagram of application generation and execution on a smart card;
fig. 8 is a diagram of a smart card system architecture.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example one
The embodiment of the present application provides a smart card, and specifically, as shown in fig. 1, the smart card 100 includes: a memory 110 storing applications; the virtual machine 120, in response to a command for calling the application, converts a statement composed of binary byte codes in the application into at least one virtual machine instruction recognizable by the smart card operating system.
The smart card enables the running of applications stored in binary byte code, which may preferably be stored in the WASM (WebAssembly) format.
Example two
According to the second embodiment, the smart card 100 further comprises the components shown in fig. 2:
hardware: including CPU, memory (ROM, EEPROM (Flash), and RAM), various processors, and input-output circuitry.
Hardware abstraction layer: the hardware interface details of the platform are hidden, the platform directly communicates with hardware, and abstract support is provided for an upper layer. When the upper layer performs hardware operation, specific details do not need to be known, so that the complexity of understanding and developing the smart card system is greatly reduced. The embedded platform generally follows a hierarchical design method and is easy to transplant.
Operating the system: the system comprises a plurality of modules such as a communication protocol, memory management, an encryption algorithm, a virtual machine and an application installation program. The communication protocol module provides various communication protocol conversions required by the smart card; the encryption algorithm module provides functions of encryption, decryption, digital signature and the like. The memory management module provides storage support for the virtual machine and the application installation program module. The application installer installs the application into the card.
API (Application Program Interface): in order to make the programming of the intelligent card simpler, the built-in API is provided, the functions provided by the API are in accordance with the system architecture of the intelligent card, the application is provided with services, and a uniform development interface which is irrelevant to hardware is provided. The built-in APIs include a cryptographic API (crypto API), an APDU (Application Protocol Data Unit) API, a memory API (memory API), a transaction API (transaction API), and an algorithm API (arithmetic API). The encryption API provides cryptographic services, such as encryption and decryption, signature, random number, abstract calculation and other algorithm related functions; the APDU API provides communication services, i.e. the smart card and the terminal interact data, and the application developer processes APDU commands extremely easily using the method provided in the APDU API. The transaction API provides transaction protection services including the functions of starting a transaction, committing a transaction, and discarding a transaction. The algorithm API provides arithmetic functions of addition, subtraction, multiplication, division, remainder calculation, bit-oriented operation and the like, wherein the addition, subtraction, multiplication, division and remainder calculation support the BCD format.
The application program comprises the following steps: application services of different functions on the card are realized. The smart card is a multi-application smart card, and a plurality of applications for realizing different functions can be downloaded in each card. Each application is uniquely identified and selected by an Application Identifier (AID). Each application also has its own application space, protected by a firewall. The application program cannot access the space of other application programs, and similarly, other application programs cannot access the space of the application program, and the application spaces cannot be directly accessed except through an authorization mechanism. Authorization is to allow one application to call another application, and when the execution of the authorization is to be performed, the current application temporarily stops executing and starts executing the authorized application. Authorized applications are specified by AID.
A card manager: when an application is downloaded to the smart card, the card manager registers the application on the card, as shown in fig. 3, where the main registered data includes the application code and the storage address and length of the application data in the EEPROM of the smart card hardware. The storage address in the virtual machine is a virtual concept, and in the actual execution process, the virtual address needs to be converted into an actual physical address, so that the implementation is independent of a hardware platform. The application code length is used to determine the size of the application code space and the application data length is used to determine the size of the application data space. The range of the application code is checked by fixing the size of the application code space. The application can only access the private storage area belonging to the application by fixing the size of the application data space and checking the address when the application data space is accessed. Temporary data present in a Random Access Memory (RAM) may also be subject to address verification to ensure access rights. The application firewall function is realized by the boundary limitation of the application data, the application code and the temporary data area.
The virtual machine in the card is responsible for converting binary byte codes into a local method set which can be identified by the smart card operating system, and provides an abstract operating environment which is independent of a platform, so that application development is independent of bottom hardware and independent of hardware implementation, and development flexibility is improved. The virtual machine is a stack-based processor. In the specific working process of the virtual machine, each statement in the source code corresponds to a plurality of virtual machine instructions at the bottom layer. A cluster of virtual machine instructions corresponding to each statement in the source code is collectively called an instruction set, and a plurality of instruction sets form a global instruction queue. In the instruction queue, the virtual machine executes each instruction one by one in turn starting from the head of the instruction queue. The bytecode of the application is a machine-readable instruction set. Each instruction corresponds to a globally unique coded value in binary form, which is integrated into the binary file of the application module according to specific rules. When the application module is executed, the virtual machine can select different virtual instruction operations according to the coding value. There are many types of instructions available to an application module, each type of instruction set corresponding to a series of similar virtual machine operations.
The structure of the virtual machine will be described with reference to fig. 4. Virtual machine 120 includes the following subcomponents:
a virtual Context VM Context 420 for storing the execution data in the conversion process;
an initialization module VM Init 410, configured to initialize a virtual machine when the virtual machine is started;
an Exit module VM Exit 450, which maps the virtual context into the smart card memory when exiting the application;
the Dispatcher 430 is used for converting a statement consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by the operating system of the smart card;
and the executor 440 circularly reads the virtual machine instruction and executes the corresponding function of the application.
The virtual machine is a file for executing load, the general structure of the virtual machine is shown in fig. 4, and the virtual machine can execute a wasm file, which is an example, and the wasm (webassembly) file is a binary instruction format based on a stack virtual machine. Applications developed in multiple high-level languages may be compiled into a wasm file, such as C, C + +.
Wasm has the following advantages:
1) the Wasm bytecode is similar to the assembly instruction of a processor, is closer to a machine instruction and has higher running speed.
2) Wasm is a platform independent language that can be used in a variety of scenarios.
3) The application obtained by writing is modular, the basic units in the code are modules, the modular arrangement is convenient for step-by-step transmission, caching and execution, and the portability is good.
Preferably, the application file composed of binary byte codes of the present application is a Wasm file.
EXAMPLE III
The structure and internal structure of the smart card are described above with reference to fig. 1-4, and the work flow of the smart card is described below with reference to fig. 5, which includes the following steps:
The application stored in the smart card is composed of a plurality of modules, each module being composed of binary byte codes. The formation process of the application, as shown in fig. 6:
the off-smartcard compiler works in a PC or a specific workstation environment, and outside the smartcard compiles and assembles high-level language files, such as C/C + +/Rust files, into application files composed of binary byte codes, wherein the application is composed of a plurality of modules, each of which is composed of binary byte codes.
The generated application is installed into the smart card by an installer in the smart card and executed by the virtual machine as described above.
Still further, FIG. 7 illustrates the generation process applied outside the card and the transfer process into the card. The generation process is as described above, and is not described herein again, wherein the generated application file composed of binary byte codes is transmitted by the off-card installer to the application installer in the smart card through the card receiving device, the in-card installer installs the application into the in-card memory, and when the application is started, the virtual machine is started to process the application.
Fig. 8 shows a system structure diagram for executing the above method, and a smart card system 800 includes a generating device 801 shown in fig. 8 for generating an application file composed of binary byte codes, the generating device 801 transmitting the generated application file to a smart card 802, and the smart card 802 executing the operating method as described above.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A working method of a smart card comprises the following steps:
responding to a command for calling the application, and starting the virtual machine;
the virtual machine converts the statements composed of binary byte codes in the application into at least one virtual machine instruction which can be recognized by the smart card operating system.
2. Smart card operation method according to claim 1, characterized in that said application is composed of a plurality of modules, each module being composed of binary byte codes.
3. The smart card operating method according to claim 1, wherein the at least one virtual machine instruction constitutes one virtual machine instruction set, and a plurality of virtual machine instruction sets constitute a global instruction queue.
4. The smart card operating method as claimed in claim 1, wherein the virtual context is mapped to the smart card memory upon exiting the application using the execution data during the virtual context save translation.
5. The smart card operating method according to claim 3, wherein the virtual machine circularly reads the global instruction queue and executes the corresponding function of the application.
6. A smart card comprising the following components:
a memory to store an application;
and the virtual machine responds to a command for calling the application and converts a statement consisting of binary byte codes in the application into at least one virtual machine instruction which can be recognized by the smart card operating system.
7. The smart card of claim 6, wherein the application is comprised of a plurality of modules, each module comprised of a binary byte code.
8. The smart card of claim 6, wherein the virtual machine comprises the following subcomponents:
the virtual Context VM Context is used for storing the execution data in the conversion process;
the initialization module VM Init is used for initializing the virtual machine when the virtual machine is started;
an Exit module VM Exit, which maps the virtual context into the smart card memory when exiting the application;
the Dispatcher converts a statement consisting of binary byte codes in the application into at least one virtual machine instruction which can be identified by an operating system of the smart card;
and the executor circularly reads the virtual machine instruction and executes the corresponding function of the application.
9. The smart card of claim 6, further comprising: the at least one virtual machine instruction forms a virtual machine instruction set, and the plurality of virtual machine instruction sets form a global instruction queue.
10. Smart card according to one of claims 6 to 9, wherein a plurality of applications are stored in the smart card, the application boundary limitation being implemented by a fixed memory size and address checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419364.6A CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419364.6A CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111966443A true CN111966443A (en) | 2020-11-20 |
| CN111966443B CN111966443B (en) | 2024-02-23 |
Family
ID=73358311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910419364.6A Active CN111966443B (en) | 2019-05-20 | 2019-05-20 | Smart card and working method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111966443B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114327786A (en) * | 2021-12-28 | 2022-04-12 | 武汉天喻信息产业股份有限公司 | Virtual machine system, storage medium, electronic device and working method |
| CN114398029A (en) * | 2022-01-14 | 2022-04-26 | 武汉天喻信息产业股份有限公司 | Operating system based on C language virtual machine |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040068653A (en) * | 2003-01-27 | 2004-08-02 | 삼성전자주식회사 | Apparatus for improvement of performance in smart card based on java |
| CN1687862A (en) * | 2005-06-16 | 2005-10-26 | 北京航空航天大学 | Smart card safety environment control method |
| KR100576967B1 (en) * | 2003-12-02 | 2006-05-10 | 케이비 테크놀러지 (주) | Java smart card |
| CN101231597A (en) * | 2008-02-01 | 2008-07-30 | 东信和平智能卡股份有限公司 | Method for execution of JAVA program instruction in smart card |
| CN102567020A (en) * | 2011-12-26 | 2012-07-11 | 大唐微电子技术有限公司 | Implementation method and system of smart card applications |
| CN102930322A (en) * | 2012-09-29 | 2013-02-13 | 上海复旦微电子集团股份有限公司 | Smart card and method for processing instructions |
| CN103530171A (en) * | 2013-10-25 | 2014-01-22 | 大唐微电子技术有限公司 | Smart card virtual machine and implementation method thereof |
-
2019
- 2019-05-20 CN CN201910419364.6A patent/CN111966443B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040068653A (en) * | 2003-01-27 | 2004-08-02 | 삼성전자주식회사 | Apparatus for improvement of performance in smart card based on java |
| KR100576967B1 (en) * | 2003-12-02 | 2006-05-10 | 케이비 테크놀러지 (주) | Java smart card |
| CN1687862A (en) * | 2005-06-16 | 2005-10-26 | 北京航空航天大学 | Smart card safety environment control method |
| CN101231597A (en) * | 2008-02-01 | 2008-07-30 | 东信和平智能卡股份有限公司 | Method for execution of JAVA program instruction in smart card |
| CN102567020A (en) * | 2011-12-26 | 2012-07-11 | 大唐微电子技术有限公司 | Implementation method and system of smart card applications |
| CN102930322A (en) * | 2012-09-29 | 2013-02-13 | 上海复旦微电子集团股份有限公司 | Smart card and method for processing instructions |
| CN103530171A (en) * | 2013-10-25 | 2014-01-22 | 大唐微电子技术有限公司 | Smart card virtual machine and implementation method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114327786A (en) * | 2021-12-28 | 2022-04-12 | 武汉天喻信息产业股份有限公司 | Virtual machine system, storage medium, electronic device and working method |
| CN114398029A (en) * | 2022-01-14 | 2022-04-26 | 武汉天喻信息产业股份有限公司 | Operating system based on C language virtual machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111966443B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100713739B1 (en) | Token-based link | |
| US7506175B2 (en) | File language verification | |
| EP2364481B1 (en) | Method for securing java bytecode. | |
| Wallentowitz et al. | Potential of webassembly for embedded systems | |
| KR20020002383A (en) | Object-oriented instruction set for resource-constrained devices | |
| CN116466995B (en) | Instruction based on compound instruction and operand optimization method and device thereof | |
| CN111966443B (en) | Smart card and working method thereof | |
| JP4378459B2 (en) | Securing downloaded applications, especially on smart cards | |
| JP2005501334A (en) | A framework for generating Java macro instructions in a Java computing environment | |
| US7350193B2 (en) | Procedure invocation in an integrated computing environment having both compiled and interpreted code segments | |
| Grimaud et al. | FACADE: a typed intermediate language dedicated to smart cards | |
| CN110888674B (en) | Method and device for executing security calculation in Python virtual machine | |
| CN112306632B (en) | Java Card virtual machine execution engine device and execution method | |
| US7065747B2 (en) | Identifying references to objects during bytecode verification | |
| US6751790B2 (en) | Frameworks for efficient representation of string objects in Java programming environments | |
| CN110851140A (en) | System and method for realizing dynamic library of single chip microcomputer | |
| CN117093227B (en) | Method and device for executing intelligent contract | |
| Hyppönen et al. | Trading-off type-inference memory complexity against communication | |
| Bernardeschi et al. | Using control dependencies for space-aware bytecode verification | |
| CN119127075A (en) | Runtime memory management method, device, operating system, virtual machine, equipment, and terminal | |
| CN119829062A (en) | Function processing method and device | |
| Liu et al. | Implementation of Java Card Virtual Machine | |
| CN113378177A (en) | Safe and open Native multi-application system architecture and Native application program execution method | |
| Grimaud et al. | FACADE: A Typed Intermediate Language | |
| Markantonakis | Java card technology and security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |