Protected mode for global platform compliant smart cards

US 9,003,116 B2
Filed: 12/18/2009
Issued: 04/07/2015
Est. Priority Date: 12/18/2009
Status: Active Grant

First Claim

Patent Images

1. A memory device for a smart card, the memory device comprising:

a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD) ;

a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and

a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS,wherein the master OS, the first slave OS, and the second slave OS operate independently, and wherein the first slave OS and corresponding first SSD and the second slave OS and corresponding second SSD are reserved for distinct service providers.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multiple application smart card (102) uses hardware firewalls (130) and an internal communications scheme to isolate applications from different service providers. A first application (116) from a first service provider is stored within a first supplemental security domain (SSD) (126) of a memory device on the multiple application smart card (102). A second application (116) from a second service provider is stored within a second SSD (128) of the memory device. A hardware firewall (130) is located between the first and second applications (116) of the first and second SSDs (128). The hardware firewall (130) prevents direct data access between the first and second applications (116) of the first and second SSDs (128).

Citations

20 Claims

1. A memory device for a smart card, the memory device comprising:
- a master memory segment corresponding to a master operating system (OS) and an issuer security domain (ISD) ;
  
  a first slave memory segment corresponding to a first slave OS and a first supplemental security domain (SSD), wherein the first slave OS is configured to exclusively communicate with the master OS; and
  
  a second slave memory segment corresponding to a second slave OS and a second SSD, wherein the second slave OS is configured to exclusively communicate with the master OS,wherein the master OS, the first slave OS, and the second slave OS operate independently, and wherein the first slave OS and corresponding first SSD and the second slave OS and corresponding second SSD are reserved for distinct service providers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The memory device of claim 1, wherein the master OS has exclusive control over communications involving at least one slave OS of the first slave OS and the second slave OS.
  - 3. The memory device of claim 1, further comprising a hardware firewall separating the first slave OS of the first slave memory segment and the second slave OS of the second slave memory segment, wherein the hardware firewall prevents direct communications between the first slave OS and the second slave OS.
  - 4. The memory device of claim 1, further comprising a hardware firewall separating the master OS of the master memory segment from both the first slave OS of the first slave memory segment and the second slave OS of the second slave memory segment, wherein the hardware firewall prevents the first slave OS and the second slave OS from accessing the master memory segment.
  - 5. The memory device of claim 1, further comprising a programmable memory device, wherein the programmable memory device comprises the master memory segment, the first slave memory segment, and the second slave memory segment.
  - 6. The memory device of claim 5, wherein the programmable memory device comprises an electrically erasable programmable read only memory (EEPROM) to store application data from different service providers separately in the first and second SSDs.
  - 7. The memory device of claim 5, further comprising:
    - an OS specific read-only memory (ROM) , wherein the OS specific ROM comprises;
      
      a master OS ROM to store a communications protocol to manage communications with the first slave OS and the second slave OS; and
      
      a slave OS ROM for each slave OS, each slave OS ROM to store a unique slave OS identifier for the corresponding slave OS for identification to the master OS; and
      
      a common ROM coupled to the OS specific ROM, the common ROM (to provide a shared ROM for the master OS, the first slave OS, and the second slave OS.
  - 8. The memory device of claim 5, further comprising:
    - an OS specific random-access memory (RAM) , wherein the OS specific RAM comprises;
      
      a master OS RAM to store data processing logic for the master OS; and
      
      a slave OS RAM for each slave OS, each slave OS RAM to store data processing logic for the corresponding slave OS; and
      
      a common RAM coupled to the OS specific RAM, the common RAM to store messages exchanged between applications of different security domains.
  - 9. The memory device of claim 1, further comprising a coupling to an external interface, the external interface to allow communications between the master OS and an external device, wherein the master OS controls all of the communications between each slave OS and the external device.

10. A smart card comprising:
- a first application from a first service provider stored within a first supplemental security domain (SSD) of a memory device;
  
  a second application from a second service provider stored within a second SSD of the memory device;
  
  a hardware firewall between the first and second applications of the first and second SSDs, the hardware firewall to prevent direct data access between the first and second applications of the first and second SSDs;
  
  a master operating system (OS) for an issuer security domain (ISD) within the memory device, the master OS corresponding to an issuer of the smart card;
  
  a first slave OS for the first SSD; and
  
  a second slave OS for the second SSD,wherein the master OS, the first slave OS, and the second slave OS operate independently.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The smart card of claim 10,wherein the master OS is configured to have exclusive authority to pass control to either of the first and second slave OSs, and the first and second slave OSs have restricted authority to only pass the control back to the master OS.
  - 12. The smart card of claim 11, further comprising another hardware firewall to isolate the master OS and the ISD from the first and second SSDs to prevent data access of the ISD from either of the first and second SSDs.
  - 13. The smart card of claim 12, wherein the memory device comprises:
    - a programmable memory device to store the first and second applications in the first and second SSDs, respectively, separated by the hardware firewall;
      
      an OS specific read-only memory (ROM) separated by the hardware firewalls into a master OS ROM for the master OS, a first slave OS ROM for the first slave OS, and a second slave OS ROM for the second slave OS; and
      
      an OS specific random-access memory (RAM) separated by the hardware firewalls into a master OS RAM for the master OS, a first slave OS RAM for the first slave OS, and a second slave OS RAM for the second slave OS.
  - 14. The smart card of claim 13, wherein the memory device further comprises:
    - a common ROM shared by the master OS, the first slave OS, and the second slave OS; and
      
      a common RAM shared by the master OS, the first slave OS, and the second slave OS.
  - 15. The smart card of claim 11, wherein the master OS is further configured to control all internal communications between the first and second applications within the first and second SSDs.
  - 16. The smart card of claim 11, further comprising an external interface coupled to the memory device, the external interface to allow communications between the master OS and an external device.
  - 17. The smart card of claim 16, wherein the master OS is further configured to exclusively control:
    - all communications between the first slave OS and the external interface; and
      
      all communications between the second slave OS and the external interface.

18. A method for managing control within a smart card, the method comprising:
- establishing control by a master OS implemented on a master memory segment of a memory device;
  
  passing the control from the master OS to a selected slave OS for execution of an application operation by the selected slave OS, wherein the selected slave OS comprises one of a plurality of slave OSs implemented on corresponding slave memory segments of the memory device, wherein the slave memory segments are separated from one another and from the master memory segment by hardware firewalls; and
  
  passing the control from the selected slave OS directly and exclusively back to the master OS subsequent to the execution of the application operation by the selected slave OS,wherein the master OS and each one of the plurality of slave OSs operate independently, and wherein each one of the plurality slave OSs and corresponding slave memory segments of the memory device are reserved for distinct service providers.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising facilitating a communication between a first slave OS and a second slave OS of the plurality of slave OSs by:
    - passing the control from the master OS to the first slave OS;
      
      dispatching a message from a first application in a first supplemental security domain (SSD) of the first slave OS to the master OS;
      
      passing the control back to the master OS;
      
      sending the message from the master OS to the second slave OS; and
      
      dispatching the message to a second application in a second SSD of the second slave OS.
  - 20. The method of claim 18, further comprising facilitating a communication between an external device and a first slave OS by:
    - receiving a message at the master OS, wherein the message is intended for a first application;
      
      identifying the first slave OS as having a first supplemental security domain (SSD) with the first application;
      
      dispatching the message from the master OS to the a first slave OS;
      
      passing control to the first slave OS;
      
      dispatching the message from the first slave OS to the first application in the first SSD;
      
      receiving a response message at the first slave OS from the first application;
      
      dispatching the message from the first slave OS to the master OS;
      
      passing the control back to the master OS; and
      
      sending the message from the master OS to the external interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
Malzahn, Ralf, Gallo, Francesco
Primary Examiner(s)
NGUYEN, THAN VINH

Application Number

US13/513,811
Publication Number

US 20120246404A1
Time in Patent Office

1,936 Days
Field of Search

711/115, 711/163
US Class Current

711/115
CPC Class Codes

G06F 12/1433   for a module or a part of a...

G06F 21/74   operating in dual or compar...

G06F 3/0622   in relation to access

G06F 3/0632   by initialisation or re-ini...

G06F 3/0679   Non-volatile semiconductor ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3563   Software being resident on ...

G06Q 20/3576   Multiple memory zones on card

G07F 7/1008   Active credit-cards provide...

Protected mode for global platform compliant smart cards

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protected mode for global platform compliant smart cards

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links