System and method for installing/de-installing an application on a smart card
First Claim
Patent Images
1. A method of initializing a smart card, the smart card comprising a microprocessor and a memory, the memory comprising ROM and read/write memory, the ROM storing an operating system (OS) and an application, the method comprising:
- powering the smart card via a terminal;
determining whether the smart card has ever previously been powered;
upon determining that the smart card has never previously been powered, performing an first-power initialization routine.
5 Assignments
0 Petitions
Accused Products
Abstract
A set of related routines allows an application to be securely installed on, or de-installed from a smart card or other portable token. The capabilities of a true operating system on the smart card are used to facilitate installation/de-installation.
131 Citations
31 Claims
-
1. A method of initializing a smart card, the smart card comprising a microprocessor and a memory, the memory comprising ROM and read/write memory, the ROM storing an operating system (OS) and an application, the method comprising:
-
powering the smart card via a terminal;
determining whether the smart card has ever previously been powered;
upon determining that the smart card has never previously been powered, performing an first-power initialization routine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
initializing the read/write memory;
locating the application in ROM; and
installing the application in read/write memory.
-
-
3. The method of claim 2, wherein the application comprises a boot application allowing insertion of a new data object into read/write memory, and a call to a download manager in the OS.
-
4. The method of claim 3, further comprising:
-
following installation of the application in read/write memory, performing an initialization routine, comprising;
building a memory management record; and
sending an Answer-To-Reset (ATR) signal to the terminal.
-
-
5. The method of claim 4, further comprising:
-
before performing the first-power initialization routine, sending a first portion of the ATR signal to the terminal; and
wherein the step of sending the ATR signal to the terminal following the step of building the memory management record comprises sending a second portion of the ATR signal to the terminal.
-
-
6. The method of claim 1, wherein upon determining that the smart card has previously been powered, performing an initialization routine, comprising:
-
building a memory management record; and
sending an Answer-To-Reset (ATR) signal to the terminal.
-
-
7. The method of claim 6, wherein the initialization routine further comprises:
-
determining whether a transaction record is present in memory; and
upon determining that a transaction record is present in memory calling a transaction manager, and by operation of the transaction manager, clearing the transaction record.
-
-
8. The method of claim 6, wherein the initialization routine further comprises, after sending the ATR, entering an Input/Output routine.
-
9. The method of claim 6, further comprising:
-
before performing the initialization routine, sending a first portion of the ATR signal to the terminal; and
wherein the step of sending the ATR signal to the terminal following the step of building the memory management record comprises sending a second portion of the ATR signal to the terminal.
-
-
10. The method of claim 2, wherein installing the application in read/write memory comprises:
-
calling the application from the terminal;
receiving in the application a command to create a command table in read/write memory.
-
-
11. The method of claim 10, further comprising:
following creation of the command table in read/write memory, creating additional data objects in read/write memory.
-
12. The method of claim 3, wherein installing the application in read/write memory comprises:
-
calling the boot application from the terminal;
receiving in the boot application a first command, and in response thereto generating at least one data record and storing the at least one data record in read/write memory.
-
-
13. The method of claim 12, wherein the at least one data record is a command table for the boot application.
-
14. The method of claim 13, wherein following storage of the boot application command table, and in responsive to a second command from the terminal, downloading a new application from the terminal.
-
15. The method of claim 14, wherein the step of downloading the new application comprises:
inserting a new application data object in read/write memory, and converting the new application data object into a new application.
-
16. The method of claim 15, wherein the step of converting the new application data object into a new application comprises:
-
calling a download manager;
from the download manager, calling the new application data object;
by operation of the of the new application data object, creating a command table for the new application; and
storing the command table in read/write memory.
-
-
17. The method of claim 16, further comprising:
before calling the download manager, performing in the boot application a security verification routine on the new application data object.
-
18. A method of downloading a second application from a terminal into a smart card memory, the memory storing an operating system (OS) and a first application, the method comprising:
-
calling the first application from the terminal;
by operation of the first application, inserting a new application data object in memory; and
converting the new application data object into the second application. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31)
before converting the new application data object into the second application, verifying the authenticity of the new application data object within the first application.
-
-
20. The method of claim 19, wherein verifying the authenticity of the new application data object comprises:
verifying a digital signature associated with the new application data object.
-
21. The method of claim 18, wherein the step of converting the new application data object into the second application comprises:
-
calling a download manager in the OS;
calling the second application from the download manager, and generating a command table for the second application.
-
-
22. The method of claim 21, further comprising:
-
following generation of the command table, calling a file manager in the OS; and
by operation of the file manager, generating a first data record associated with the command table and storing the first data record in memory.
-
-
23. The method of claim 22, wherein the step of inserting the new application data object comprises:
-
calling the file manager in the OS;
by operation of the file manager generating a second data record associated with the new application data object and storing the second data record in memory.
-
-
24. The method of claim 23, wherein the first and second data records each comprise an ownership field and a type field.
-
25. The method of claim 24, wherein the step of generating the second data record associated with the new application data object comprises:
-
defining the ownership field in the second data record to indicate first application ownership; and
defining the type field in the second data record to indicate a data object type.
-
-
26. The method of claim 25, wherein the step of generating the first data record associated with the new application comprises:
-
defining the ownership field in the first data record to indicate OS ownership; and
defining the type field in the first data record to indicate an application type.
-
-
27. The method of claim 23, wherein the command table comprises an index of all commands executable by the second application.
-
29. The method of claim 27, wherein the step of deleting all data objects associated with the application, and deleting all data record associated with the application comprises:
-
beginning with a I st data object associated with the application and continuing through the Nth data object associated with the application, for each data object;
deleting the data object by operation of the application; and
calling the file manager, and by operation of the file manager, deleting the data record associated with the data object.
-
-
30. The method of claim 29, wherein an application data record associated with the application is stored in memory, the method further comprising:
following deletion of the Nth data object and the Nth data record associated with the application, deleting the application data record from memory.
-
31. The method of claim 30, further comprising:
following deletion of the application data record from memory, calling a memory manager and by operation of the memory manager reallocating memory space associated with the application as being available.
-
28. A method of de-installing an application on a smart card, the smart card comprising a microprocessor and a memory, the memory storing an operating system (OS) and the application, the method comprising:
-
receiving a de-install command;
locating the application owning the de-install command, and by operation of the owning application calling a download manager located in the operating system;
by operation of the download manager, deleting all data objects associated with the application; and
deleting all data record associated with the application.
-
Specification