PROTECTED MODE FOR GLOBAL PLATFORM COMPLIANT SMART CARDS
First Claim
1. A memory device for a smart card, the memory device comprising:
- a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD);
a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and
a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS.
10 Assignments
0 Petitions
Accused Products
Abstract
A multiple application smart card (102) uses hardware firewalls (130) and an internal communications scheme to isolate applications from different service providers. A first application (116) from a first service provider is stored within a first supplemental security domain (SSD) (126) of a memory device on the multiple application smart card (102). A second application (116) from a second service provider is stored within a second SSD (128) of the memory device. A hardware firewall (130) is located between the first and second applications (116) of the first and second SSDs (128). The hardware firewall (130) prevents direct data access between the first and second applications (116) of the first and second SSDs (128).
-
Citations
20 Claims
-
1. A memory device for a smart card, the memory device comprising:
-
a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD); a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A smart card comprising:
-
a first application from a first service provider stored within a first supplemental security domain (SSD) of a memory device; a second application from a second service provider stored within a second SSD of the memory device; and a hardware firewall between the first and second applications of the first and second SSDs, the hardware firewall to prevent direct data access between the first and second applications of the first and second SSDs. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for managing control within a smart card, the method comprising:
-
establishing control by a master OS implemented on a master memory segment of a memory device; passing the control from the master OS to a selected slave OS for execution of an application operation by the selected slave OS, wherein the selected slave OS comprises one of a plurality of slave OSs implemented on corresponding slave memory segments of the memory device, wherein the slave memory segments are separated from one another and from the master memory segment by hardware firewalls; and passing the control from the selected slave OS directly and exclusively back to the master OS subsequent to the execution of the application operation by the selected slave. - View Dependent Claims (19, 20)
-
Specification