System and method for controlling access to computer code in an IC card
First Claim
1. In a multiple application card system including an integrated circuit card comprising a microprocessor, a read-only memory, a random access memory and an electrically erasable programmable read only memory, a system for controlling access to at least one set of programming instructions stored at a first time in said read-only memory comprising:
- means for storing on said IC card at a second time, for at least one application loaded onto said card, at least one access flag having a value indicating whether or not said at least one application shall be allowed to execute said at least one set of programming instructions, said second time being after said first time; and
means dependent on said value for allowing said at least one application to execute said at least one set of programming instructions, wherein said value of said at least one access flag comprises one of a first possible access flag value and a second possible access flag value, said means dependent on said value allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said first possible access flag value, and said means dependent on said value not allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said second possible access flag value;
wherein execution of said cryptographic primitive is denied when the value of said at least one access flag is set to 0 and is granted when the value of said at least one access flag is set to 1.
1 Assignment
0 Petitions
Accused Products
Abstract
In a multiple application card system including an IC card comprising a microprocessor, a read-only memory, a random access memory and an electronically erasable programmable read only memory, a system for controlling access to one or more sets of programming instructions embedded in said read-only memory comprising means for storing on said IC card for at least one application loaded onto said card at least one access flag having a value indicating whether or not access by the at least one application to the at least one set of programming instructions shall be granted and means dependent on said value for allowing access to one or more sets of programming instructions.
254 Citations
6 Claims
-
1. In a multiple application card system including an integrated circuit card comprising a microprocessor, a read-only memory, a random access memory and an electrically erasable programmable read only memory, a system for controlling access to at least one set of programming instructions stored at a first time in said read-only memory comprising:
-
means for storing on said IC card at a second time, for at least one application loaded onto said card, at least one access flag having a value indicating whether or not said at least one application shall be allowed to execute said at least one set of programming instructions, said second time being after said first time; and
means dependent on said value for allowing said at least one application to execute said at least one set of programming instructions, wherein said value of said at least one access flag comprises one of a first possible access flag value and a second possible access flag value, said means dependent on said value allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said first possible access flag value, and said means dependent on said value not allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said second possible access flag value;
wherein execution of said cryptographic primitive is denied when the value of said at least one access flag is set to 0 and is granted when the value of said at least one access flag is set to 1.
-
-
2. An integrated circuit card comprising:
-
a microprocessor;
at least one memory coupled to said microprocessor for storing at least one application program, said at least one memory further for storing one or more sets of programming instructions at a first time and at least one access flag at a second time, said second time being after said first time, said at least one access flag being associated with said one or more sets of programming instructions; and
a multiple application operating system stored on said integrated circuit card and executed by said microprocessor which enables execution of said one or more sets of programming instructions responsive to a value of said at least one access flag, wherein said value of said at least one access flag comprises one of a first possible access flag value and a second possible access flag value, said multiple application operating system enabling execution of said one or more sets of programming instructions if said value of said at least one access flag comprises said first possible access flag value, and said multiple application operating system disabling execution of said one or more sets of programming instructions if said value of said at least one access flag comprises said second possible access flag value;
wherein at least one set of said one or more sets of programming instructions comprises a cryptographic primitive, and wherein execution of said cryptographic primitive is denied when the value of said at least one access flag is set to 0 and is granted when the value of said at least one access flag is set to 1.
-
-
3. In a multiple application card system including an integrated circuit card comprising a microprocessor, a read-only memory, a random access memory and an electrically erasable programmable read only memory, a method for controlling access to at least one set of programming instructions stored at a first time in said read-only memory comprising:
-
storing on said IC card at a second time, for at least one application loaded onto said card, at least one access flag having a value indicating whether or not said at least one application shall be allowed to execute said at least one set of programming instructions, said second time being after said first time; and
depending on said value, allowing said at least one application to execute said at least one set of programming instructions, wherein said value of said at least one access flag comprises one of a first possible access flag value and a second possible access flag value, said step depending on said value comprising;
(a) allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said first possible access flag value, and (b) not allowing said at least one application to execute said at least one set of programming instructions if said value of said at least one access flag comprises said second possible access flag value;
wherein said at least one set of programming instructions comprises a cryptographic primitive and wherein execution of said cryptographic primitive is denied when the value of said at least one access flag is set to 0 and is granted when the value of said at least one access flag is set to 1.
-
-
4. A multiple application card system including an integrated circuit card comprising a microprocessor, a read-only memory, a random access memory, an electronically erasable programmable read-only memory, and at least one set of programming instructions stored in said read-only memory comprising:
-
means for storing on said integrated circuit card at least one application capable of accessing said at least one set of programming instructions;
means for storing, for said at least one application, application control data particular to each said at least one application and having at least one access flag indicating whether access by said application to said set of programming instructions for execution is allowable; and
means dependent on said access flag for allowing access to said at least one set of programming instructions by said application;
wherein said means for storing application control data resides in said electronically erasable programmable read-only memory, at least one set of programming instructions is a cryptographic primitive, and access to said cryptographic primitives is denied when the value of said access flag is set to 0 and is granted when set to 1.
-
-
5. An integrated circuit card comprising:
-
a microprocessor;
at least one memory coupled to said microprocessor for storing at least one application capable of accessing at least one set of programming instructions based upon application control data particular to each said application, said data having at least one access flag associated with said at least one set of program instructions, said flag having a first value indicative of allowing said access and a second value indicative of denying said access; and
a multiple application operating system stored on said integrated circuit card and executed by said microprocessor which, responsive to said first value, enables access by said application to said at least one set of program instructions;
wherein said at least one set of programming instructions is a cryptographic primitive, and wherein access to said cryptographic primitives is denied when the value of said at least one access flag is set to 0 and is granted when set to 1.
-
-
6. In a multiple-application card system including an integrated circuit card comprising a microprocessor, a read-only memory, a random access memory and an electronically erasable programmable read-only memory, a method for controlling access to at least one set of programming instructions stored in said read-only memory comprising:
-
storing at least one application on said IC card which application is capable of accessing said at least one set of programming instructions;
storing on said IC card application control data particular to each said application and including at least one access flag, said application control data for controlling access to said at least one set of programming instructions;
depending on the at least one stored application, setting a value to said at least one access flag to either enable or deny access by said application to the at least one set of programming instructions; and
allowing access to at least one set of programming instructions in the event said access flag is set to enable access;
wherein at least one set of programming instructions is a cryptographic primitive, and wherein access to said cryptographic primitives is denied when the value of said access flag is set to 0 and is granted when set to 1.
-
Specification