Protected mode for global platform compliant smart cards
First Claim
1. A memory device for a smart card, the memory device comprising:
- a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD) ;
a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and
a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS,wherein the master OS, the first slave OS, and the second slave OS operate independently, and wherein the first slave OS and corresponding first SSD and the second slave OS and corresponding second SSD are reserved for distinct service providers.
10 Assignments
0 Petitions
Accused Products
Abstract
A multiple application smart card (102) uses hardware firewalls (130) and an internal communications scheme to isolate applications from different service providers. A first application (116) from a first service provider is stored within a first supplemental security domain (SSD) (126) of a memory device on the multiple application smart card (102). A second application (116) from a second service provider is stored within a second SSD (128) of the memory device. A hardware firewall (130) is located between the first and second applications (116) of the first and second SSDs (128). The hardware firewall (130) prevents direct data access between the first and second applications (116) of the first and second SSDs (128).
-
Citations
20 Claims
-
1. A memory device for a smart card, the memory device comprising:
-
a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD) ; a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS, wherein the master OS, the first slave OS, and the second slave OS operate independently, and wherein the first slave OS and corresponding first SSD and the second slave OS and corresponding second SSD are reserved for distinct service providers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A smart card comprising:
-
a first application from a first service provider stored within a first supplemental security domain (SSD) of a memory device; a second application from a second service provider stored within a second SSD of the memory device; a hardware firewall between the first and second applications of the first and second SSDs, the hardware firewall to prevent direct data access between the first and second applications of the first and second SSDs; a master operating system (OS) for an issuer security domain (ISD) within the memory device, the master OS corresponding to an issuer of the smart card; a first slave OS for the first SSD; and a second slave OS for the second SSD, wherein the master OS, the first slave OS, and the second slave OS operate independently. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for managing control within a smart card, the method comprising:
-
establishing control by a master OS implemented on a master memory segment of a memory device; passing the control from the master OS to a selected slave OS for execution of an application operation by the selected slave OS, wherein the selected slave OS comprises one of a plurality of slave OSs implemented on corresponding slave memory segments of the memory device, wherein the slave memory segments are separated from one another and from the master memory segment by hardware firewalls; and passing the control from the selected slave OS directly and exclusively back to the master OS subsequent to the execution of the application operation by the selected slave OS, wherein the master OS and each one of the plurality of slave OSs operate independently, and wherein each one of the plurality slave OSs and corresponding slave memory segments of the memory device are reserved for distinct service providers. - View Dependent Claims (19, 20)
-
Specification