Partitioning the namespace of a contactless smart card
First Claim
1. A computer-implemented method for partitioning namespaces of secure elements into at least two storage types by control software applications within secure elements, comprising:
- defining, in a control software application, a first access key and a second access key for a plurality of sectors within a secure element namespace of a secure element, each sector comprising at least an access memory block and a plurality of data memory blocks, the access memory block storing an access type for each sector, wherein the first access key controls access to the memory blocks in a sector, and the second access key overrides changes to the first access key;
assigning, by the control software application, a first access type to a first sector, the first access type comprising providing the first and second access key to a first application such that the control software application can reclaim control of the first sector only if the first application cooperates by returning the first access key and second access key to an initialized state;
assigning, by the control software application, a second access type to a second sector, the second access type comprising providing only the first access key to a second application such that the control software application can reclaim control of the second sector using the second access key to return the first access key to an initialized state even if the second application does not cooperate by returning the first access key to an initialized state; and
transmitting, from the control software application, for storage in the access memory block for at least each of the first and second sectors appropriate ones of the first access key and the second access key to provide the selected access type for each respective selected sector, thereby partitioning the namespace of the secure element into at least two storage types.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.
102 Citations
20 Claims
-
1. A computer-implemented method for partitioning namespaces of secure elements into at least two storage types by control software applications within secure elements, comprising:
-
defining, in a control software application, a first access key and a second access key for a plurality of sectors within a secure element namespace of a secure element, each sector comprising at least an access memory block and a plurality of data memory blocks, the access memory block storing an access type for each sector, wherein the first access key controls access to the memory blocks in a sector, and the second access key overrides changes to the first access key; assigning, by the control software application, a first access type to a first sector, the first access type comprising providing the first and second access key to a first application such that the control software application can reclaim control of the first sector only if the first application cooperates by returning the first access key and second access key to an initialized state; assigning, by the control software application, a second access type to a second sector, the second access type comprising providing only the first access key to a second application such that the control software application can reclaim control of the second sector using the second access key to return the first access key to an initialized state even if the second application does not cooperate by returning the first access key to an initialized state; and transmitting, from the control software application, for storage in the access memory block for at least each of the first and second sectors appropriate ones of the first access key and the second access key to provide the selected access type for each respective selected sector, thereby partitioning the namespace of the secure element into at least two storage types. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a secure element; and a processor communicatively coupled to the secure element, wherein the processor executes application code instructions that are stored in the secure element and that cause the system to; define at least a first access key and a second access key for a plurality of sectors within a secure element namespace, each sector comprising at least an access memory block and a plurality of data memory blocks, the access memory block storing an access type for each sector, wherein the first access key controls access to the memory blocks in a sector, and the second access key overrides changes to the first access key; provide the first access key and the second access key to a first application such that the system can reclaim control of the first sector only if the first application cooperates by returning the first access key and second access key to an initialized state; provide only the first access key to a second application such that the system can reclaim control of the second sector even if the second application does not cooperate by returning the first access key to an initialized state; and reclaim control of the second sector from the second application using the second access key to change the first access back to an initialized state. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification