Using a high level programming language with a microcontroller
DC CAFCFirst Claim
Patent Images
1. An integrated circuit card for use with a terminal, comprising:
- a communicator configured to communicate with the terminal;
a memory storing;
an application derived from a program written in a high level programming language format wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including at least one step selected from a group consisting of recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa;
modifying byte code operands from references using identifying strings to references using unique identifiers; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
an interpreter operable to interpret such an application derived from a program written in a high level programming language format; and
a processor coupled to the memory, the processor configured to use the interpreter to interpret the application for execution and to use the communicator to communicate with the terminal.
3 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
An integrated circuit card is used with a terminal. The integrated circuit card includes a memory that stores an interpreter and an application that has a high level programming language format. A processor of the card is configured to use the interpreter to interpret the application for execution and to use a communicator of the card to communicate with the terminal.
-
Citations
87 Claims
-
1. An integrated circuit card for use with a terminal, comprising:
-
a communicator configured to communicate with the terminal;
a memory storing;
an application derived from a program written in a high level programming language format wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including at least one step selected from a group consisting of recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa;
modifying byte code operands from references using identifying strings to references using unique identifiers; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
an interpreter operable to interpret such an application derived from a program written in a high level programming language format; and
a processor coupled to the memory, the processor configured to use the interpreter to interpret the application for execution and to use the communicator to communicate with the terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
the application has been processed from a second application having a plurality of program elements, at least one being a string of characters, and wherein in the first application the string of characters is replaced with an identifier. -
7. The integrated circuit card of claim 6, wherein the identifier comprises an integer.
-
8. The integrated circuit card of claim 1 wherein the processor is further configured to:
-
receive a request from a requester to access an element of the card;
after receipt of the request, interact with the requester to authenticate an identity of the requester; and
based on the identity, selectively grant access to the element.
-
-
9. The integrated circuit card of claim 8, wherein the requester comprises the processor.
-
10. The integrated circuit card of claim 8, wherein the requester comprises the terminal.
-
11. The integrated circuit card of claim 8, wherein
the element comprises the application stored in the memory, and once access is allowed, the requester is configured to use the application. -
12. The integrated circuit card of claim 8, wherein
the element comprises another application stored in the memory. -
13. The integrated circuit card of claim 8, wherein the element includes data stored in the memory.
-
14. The integrated circuit card of claim 8 wherein the element comprises the communicator.
-
15. The integrated circuit card of claim 8, wherein the memory also stores an access control list for the element, the access control list furnishing an indication of types of access to be granted to the identity, the processor further configured to:
based on the access control list, selectively grant specific types of access to the requester.
-
16. The integrated circuit card of claim 15 wherein the types of access include reading data.
-
17. The integrated circuit card of claim 15 wherein the types of access include writing data.
-
18. The integrated circuit card of claim 15 wherein the types of access include appending data.
-
19. The integrated circuit card of claim 15 wherein the types of access include creating data.
-
20. The integrated circuit card of claim 15 wherein the types of access include deleting data.
-
21. The integrated circuit card of claim 15 wherein the types of access include executing an application.
-
22. The integrated circuit card of claim 1, wherein the application is one of a plurality of applications stored in the memory, the processor is further configured to:
-
receive a request from a requester to access one of the plurality of applications;
after receipt of the request, determine whether said one of the plurality of applications complies with a predetermined set of rules; and
based on the determination, selectively grant access to the requester to said one of the plurality of applications.
-
-
23. The integrated circuit card of claim 22, wherein the predetermined rules provide a guide for determining whether said one of the plurality of applications accesses a predetermined region of the memory.
-
24. The integrated circuit card of claim 22, wherein the processor is further configured to:
-
authenticate an identity of the requester; and
grant access to said one of the plurality of applications based on the identity.
-
-
25. The integrated circuit card of claim 1, wherein the processor is further configured to:
-
interact with the terminal via the communicator to authenticate an identity; and
determine if the identity has been authenticated; and
based on the determination, selectively allow communication between the terminal and the integrated circuit card.
-
-
26. The integrated circuit card of claim 25, wherein the communicator and the terminal communicate via communication channels, the processor further configured to assign one of the communication channels to the identity when the processor allows the communication between the terminal and the integrated circuit card.
-
27. The integrated circuit card of claim 26, wherein the processor is further configured to:
-
assign a session key to said one of the communication channels, and use the session key when the processor and the terminal communicate via said one of the communication channels.
-
-
28. The integrated circuit card of claim 1, wherein the terminal has a card reader and the communicator comprises a contact for communicating with the card reader.
-
29. The integrated circuit card of claim 1, wherein the terminal has a wireless communication device and the communicator a wireless transceiver for communicating with the wireless communication device.
-
30. The integrated circuit card of claim 1, wherein the terminal has a wireless communication device and the communicator comprises a wireless transmitter for communicating with the wireless communication device.
-
-
31. A method for use with an integrated circuit card and a terminal, comprising:
-
storing an interpreter operable to interpret programs derived from programs written in a high level programming language and an application derived from a program written in a high level programming language format in a memory of the integrated circuit card wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including at least one step selected from a group consisting of recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa;
modifying byte code operands from references using identifying strings to references using unique identifiers; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
using a processor of the integrated circuit card to use the interpreter to interpret the application for execution; and
using a communicator of the card when communicating between the processor and the terminal. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
the application has been processed from a second application having a plurality of program elements, at least one being a string of characters, further comprising: replacing the string of characters in the first application with an identifier.
-
-
37. The method of claim 36, wherein the identifier includes an integer.
-
38. The method of claim 31, further comprising:
-
receiving a request from a requester to access an element of the card;
after receipt of the request, interacting with the requester to authenticate an identity of the requester; and
based on the identity, selectively granting access to the element.
-
-
39. The method of claim 38, wherein the requester comprises the processor.
-
40. The method of claim 38, wherein the requester comprises the terminal.
-
41. The method of claim 38, wherein the element comprises the application stored in the memory, further comprising:
once access is allowed, using the application with the requester.
-
42. The method of claim 38, wherein the element comprises another application stored in the memory.
-
43. The method of claim 38, wherein the element includes data stored in the memory.
-
44. The method of claim 38, wherein the element comprises the communicator.
-
45. The method of claim 38, wherein the memory also stores an access control list for the element, the access control list furnishing an indication of types of access to be granted to the identity, further comprising:
based on the access control list, using the processor to selectively grant specific types of access to the requester.
-
46. The method of claim 45, wherein the types of access include reading data.
-
47. The method of claim 45, wherein the types of access include writing data.
-
48. The method of claim 45, wherein the types of access include appending data.
-
49. The method of claim 45, wherein the types of access include creating data.
-
50. The method of claim 45, wherein the types of access include deleting data.
-
51. The method of claim 45, wherein the types of access including executing an application.
-
52. The method of claim 31, wherein the application is one of a plurality of applications stored in the memory, further comprising:
-
receiving a request from a requester to access one of the applications stored in the memory;
upon receipt of the request, determining whether said one of the plurality of applications complies with a predetermined set of rules; and
based on the determining, selectively granting access to the said one of the plurality of applications.
-
-
53. The method of claim 52, wherein the predetermined rules provide a guide for determining whether said one of the plurality of applications accesses a predetermined region of the memory.
-
54. The method of claim 52, further comprising:
-
authenticating an indentity of the requester; and
based on the indentity, granting access to said one of the plurality of applications.
-
-
55. The method of claim 31, further comprising:
-
communicating with the terminal to authenticate an identity;
determining if the identity has been authenticated; and
based on the determining, selectively allowing communication between the terminal and the integrated circuit card.
-
-
56. The method of claim 55, further comprising:
-
communicating between the terminal and the processor via communication channels; and
assigning one of the communication channels to the identity when the allowing allows communication between the card reader and the integrated circuit card.
-
-
57. The method of claim 56, further comprising:
-
assigning a session key to said one of the communication channels; and
using the session key when the processor and the terminal communicate via said one of the communication channels.
-
-
58. A microcontroller comprising:
-
a memory storing;
a derivative application derived from an application having a class file format wherein the application is derived from an application having a class file format by first compiling the application having a class file format into a compiled form and then converting the compiled form into a converted form, the converting step including at least one step selected from a group consisting of recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa;
modifying byte code operands from references using identifying strings to references using unique identifiers; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation, and an interpreter configured to interpret applications derived from applications having a class file format; and
a processor coupled to the memory, the processor configured to use the interpreter to interpret the derivative application for execution. - View Dependent Claims (59, 60, 61, 62, 63)
a communicator configured to communicate with a terminal.
-
-
60. The microcontroller of claim 59, wherein the terminal has a card reader and the communicator comprises a contact for communicating with the card reader.
-
61. The microcontroller of claim 59, wherein the terminal has a wireless communicator and a wireless transceiver for communicating with the wireless communication device.
-
62. The microcontroller of claim 59, wherein the terminal has a wireless communication device and the communicator comprises a wireless transmitter for communicating with the wireless communication device.
-
63. The microcontroller of claim 58, wherein the class file format comprises a Java class file format.
-
64. An integrated circuit card for use with a terminal, comprising:
-
a communicator configured to communicate with the terminal;
a memory storing;
applications, each application derived from applications having a high level programming language format, and an interpreter operable to interpret applications derived from applications having a high level programming language format wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including at least one step selected from a group consisting of recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa;
modifying byte code operands from references using identifying strings to references using unique identifiers; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
a processor coupled to the memory, the processor configured to;
a.) use the interpreter to interpret the applications for execution, b.) use the interpreter to create a firewall to isolate the applications from each other, and c.) use the communicator to communicate with the terminal.
-
-
65. A microcontroller having a set of resource constraints and comprising:
-
a memory, and an interpreter loaded in memory and operable within the set of resource constraints, the microcontroller having;
at least one application loaded in the memory to be interpreted by the interpreter, wherein the at least one application is generated by a programming environment comprising;
a) a compiler for compiling application source programs written in high level language source code form into a compiled form, and b) a converter for post processing the compiled form into a minimized form suitable for interpretation within the set of resource constraints by the interpreter, wherein the converter comprises means for translating from the byte codes in the compiled form to byte codes in a format suitable for interpretation by the interpreter by;
a) using at least one step in a process including the steps;
a.1) recording all jumps and their destinations in the original byte codes;
a.2) converting specific byte codes into equivalent generic byte codes or vice-versa;
a.3) modifying byte code operands from references using identifying strings to references using unique identifiers; and
a.4) renumbering byte codes in the compiled form to equivalent byte codes in the format suitable for interpretation; and
b) relinking jumps for which destination address is effected by conversion step a.1, a.2, a.3, or a.4. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
not allowing the application access to unauthorized portions of memory, not allowing the application access to unauthorized microcontroller resources, wherein the application is composed of byte codes and checking a plurality of byte codes at least once prior to execution to verify that execution of the byte codes does not violate a security constraint.
-
-
75. The microcontroller of claim 65 wherein at least one application program is generated by a process including the steps of:
-
prior to loading the application verifying that the application does not violate any security constraints; and
loading the application in a secure manner.
-
-
76. The microcontroller of claim 75 wherein the step of loading in a secure manner comprises the step of:
verifying that the loading identity has permission to load applications onto the microcontroller.
-
77. The microcontroller of claim 75 wherein the step of loading in a secure manner comprises the step of:
encrypting the application to be loaded using a loading key.
-
78. A method of programming a microcontroller having a memory and a processor operating according to a set of resource constraints, the method comprising the steps of:
-
inputting an application program in a first programming language;
compiling the application program in the first programming language into a first intermediate code associated with the first programming language, wherein the first intermediate code being interpretable by at least one first intermediate code virtual machine;
converting the first intermediate code into a second intermediate code, wherein the step of converting comprises;
at least one of the steps of;
a) recording all jumps and their destinations in the original byte codes;
b) converting specific byte codes into equivalent generic byte codes or vice-versa;
c) modifying byte code operands from references using identifying strings to references using unique identifiers; and
d) renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
relinking jumps for which destination address is effected by conversion step a), b), c), or d);
wherein the second intermediate code is interpretable within the set of resource constraints by at least one second intermediate code virtual machine; and
loading the second intermediate code into the memory of the microcontroller. - View Dependent Claims (79, 80, 81, 82, 83)
associating an identifying string for objects, classes, fields, or methods; and
mapping such strings to unique identifiers.
-
-
80. The method of claim 79 wherein the step of mapping comprises the step of mapping strings to integers.
-
81. The method of claim 80 wherein the step of loading the second intermediate code into the memory of the microcontroller further comprises checking the second intermediate code prior to loading the second intermediate code to verify that the second intermediate code meets a predefined integrity check and that loading is performed according to a security protocol.
-
82. The method of claim 81 wherein the security protocol requires that a particular identity must be validated to permit loading prior to the loading of the second intermediate code.
-
83. The method of claim 81 further characterized by providing a decryption key and wherein the security protocol requires that the second intermediate code is encrypted using a loading key corresponding to the decryption key.
-
84. An integrated circuit card for use with a terminal, comprising:
-
a communicator configured to communicate with the terminal;
a memory storing;
an application derived from a program written in a high level programming language format wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including the steps of;
modifying byte code operands from references using identifying strings to references using unique identifiers;
recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
an interpreter operable to interpret such an application derived from a program written in a high level programming language format; and
a processor coupled to the memory, the processor configured to use the interpreter to interpret the application for execution and to use the communicator to communicate with the terminal.
-
-
85. A method for use with an integrated circuit card and a terminal, comprising:
-
storing an interpreter operable to interpret programs derived from programs written in a high level programming language and an application derived from a program written in a high level programming language format in a memory of the integrated circuit card wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including;
modifying byte code operands from references using identifying strings to references using unique identifiers;
recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation;
using a processor of the integrated circuit card to use the interpreter to interpret the application for execution; and
using a communicator of the card when communicating between the processor and the terminal.
-
-
86. An integrated circuit card for use with a terminal, comprising:
-
a communicator configured to communicate with the terminal;
a memory storing;
applications, each application derived from applications having a high level programming language format, and an interpreter operable to interpret applications derived from applications having a high level programming language format wherein the application is derived from a program written in a high level programming language format by first compiling the program into a compiled form and then converting the compiled form into a converted form, the converting step including the steps of;
modifying byte code operands from references using identifying strings to references using unique identifiers;
recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation; and
a processor coupled to the memory, the processor configured to;
a.) use the interpreter to interpret the applications for execution, b.) use the interpreter to create a firewall to isolate the applications from each other, and c.) use the communicator to communicate with the terminal.
-
-
87. A microcontroller comprising:
-
a memory storing;
a derivative application derived from an application having a class file format wherein the application is derived from an application having a class file format by first compiling the application having a class file format into a compiled form and then converting the compiled form into a converted form, the converting step including;
recording all jumps and their destinations in the original byte codes;
converting specific byte codes into equivalent generic byte codes or vice-versa; and
renumbering byte codes in a compiled format to equivalent byte codes in a format suitable for interpretation, and an interpreter configured to interpret applications derived from applications having a class file format; and
a processor coupled to the memory, the processor configured to use the interpreter to interpret the derivative application for execution.
-
Specification