US20040215674A1 - Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card - Google Patents
Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card Download PDFInfo
- Publication number
- US20040215674A1 US20040215674A1 US10/837,441 US83744104A US2004215674A1 US 20040215674 A1 US20040215674 A1 US 20040215674A1 US 83744104 A US83744104 A US 83744104A US 2004215674 A1 US2004215674 A1 US 2004215674A1
- Authority
- US
- United States
- Prior art keywords
- file
- code
- integrated circuit
- data
- runtime environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
Definitions
- This invention generally relates to integrated circuit cards and, more specifically, to a method and apparatus for sharing data files among runtime environment applets in an integrated circuit card (ICC).
- ICC integrated circuit card
- smart cards Today there is increasing use of integrated circuit cards, colloquially referred to as “smart cards”, in place of, or in addition to, conventional magnetic stripe cards (“mag cards”).
- a smart card is a thin card embedded with a memory device (volatile and/or non-volatile) and associated programmable or non-programmable logic. Unlike the mag card that merely stores “static” information (e.g., a credit card account number), a smart card can add, delete and otherwise manipulate information stored on the card. Accordingly, smart cards are capable of storing and executing applications to carry out one or more functions within a smart card.
- a smart card is often referred to as a “closed” system because, for security purposes, a smart card is purposefully designed to not expose its memory, intermediate system states or data and address bus information to external devices. To do so would render it susceptible to unauthorized access (hacking) and fraud. While its closed nature is useful for secure applications such as banking transactions, it makes it difficult to utilize prior art smart cards for development purposes. It is to be appreciated that application development often requires access to memory or bus values, or system state information during intermediate processing steps, access that has been specifically designed out of the smart card.
- each smart card is typically developed to support a few functions.
- the smart card functionality is typically embodied as a couple of stand-alone runtime environment applets, stored within a non-volatile memory of the smart card, and selectively invoked by a host system.
- FIG. 1 a block diagram of a typical prior art smart card system architecture is presented with reference to FIG. 1.
- smart card 100 is comprised of an input/output (I/O) interface 102 , control logic 104 , non-volatile memory 106 and volatile memory 108 , coupled as shown.
- Control logic 104 supports an operating system with native functions 110 and a runtime environment (RTE) 112 , which executes runtime environment applets 114 A and 114 B accessed from non-volatile memory 106 .
- the operating system 110 and RTE 112 are typically invoked when the smart card is introduced to a host system, e.g., a card reader, which provides power to smart card 100 .
- the runtime environment 112 is typically optimized for the functions it performs, i.e., to implement the functionality embedded within applets 114 .
- storage of the applets themselves are optimized, i.e., the bytecode and data for the applets are compiled and stored as a single executable entity within one or more segments of non-volatile memory, as shown.
- compiling the code and data into a common file may, in certain circumstances, waste memory resources. That is, if two applets require the same data, the prior art dictates that two applet files, each with the same data, be stored in the non-volatile memory of the smart card. By eliminating this needless duplication, memory resources may be freed to extend the functional capability of the smart card.
- This invention concerns an integrated circuit card (ICC), such as a smart card and, more particularly, a method and apparatus for sharing data files among runtime environment applets in an integrated circuit card.
- ICC integrated circuit card
- an integrated circuit card comprising a storage device having stored thereon one or more code files and one or more data files, and control logic.
- the control logic implements an ICC runtime environment that executes an applet in response to a command identifying a code file and a data file received from a host system.
- an ICC incorporating the teachings of the present invention stores and executes discrete code and data files, enabling runtime environment applets to share data files between discrete code files, according to one aspect of the invention.
- the runtime environment applets, with discrete code and data files are developed using an innovative application development agent that includes a compiler and a file system builder.
- the compiler incorporating the teachings of the present invention distinguishes the executable bytecode from data, storing the executable bytecodes in a code file and the data in a data file.
- the file system builder receives a description of a file system to be implemented on the ICC and generates a binary image of the file system.
- the received description is an ordered series of script commands that describe and build the file system.
- the binary image of the file system is then loaded (or masked) in the non-volatile memory of the ICC.
- the present invention also consists of an ICC file system, responsive to an innovative command set which enables a user (or host system program) to add, delete, modify and execute discrete code and data files stored in non-volatile memory of the ICC.
- the innovative ICC file system enables a user (or host system) to modify the functionality of an ICC (i.e., add, delete or modify code files) without disrupting the data files.
- the ICC file system facilitates modification of ICC data stores without modification to an ICC functionality.
- an ICC application development system incorporating the innovative compiler and file system builder represents a significant advancement in smart card application development and deployment.
- the present invention facilitates a much more flexible runtime environment, while reducing the amount of memory required to store otherwise redundant information.
- FIG. 1 is a block diagram of a system architecture for a prior art integrated circuit card
- FIG. 2 is a block diagram of an example data network including an integrated circuit card incorporating the teachings of the present invention
- FIG. 3 is a block diagram of an example computer system including an innovative integrated circuit card application development agent, according to one aspect of the present invention
- FIG. 4 is a block diagram of an example development agent, in accordance with the teachings of the present invention.
- FIG. 5 is a block diagram of an example integrated circuit card including a file system and discrete code files and data files, according to the teachings of the present invention
- FIG. 6 is a block diagram of an example application protocol data unit (APDU) suitable for use in accordance with the present invention.
- APDU application protocol data unit
- FIG. 7 is a flow chart for compiling a runtime environment applet, in accordance with the teachings of the present invention.
- FIG. 8 is a flow chart for building a file system for use on an integrated circuit card, in accordance with the teachings of the present invention.
- FIG. 9 is a flow chart illustrating the method steps of executing a runtime environment applet on the innovative ICC of FIG. 5, in accordance with the teachings of the present invention.
- FIG. 10 is a block diagram of an example storage medium having stored thereon a plurality of executable instructions including instructions which, when executed, implement the development agent of the present invention, according to an alternate embodiment of the present invention.
- FIG. 2 illustrates an example data network 200 including an integrated circuit card 208 incorporating the teachings of the present invention.
- network 200 includes a host system 202 coupled to ICC 208 via communication medium 204 and card reader 206 .
- Host system 202 includes an operating system 210 and one or more host applications 212 .
- the innovative ICC 208 is shown comprising a runtime environment 214 , a file system 216 and a storage medium having stored thereon one or more code files and one or more discrete data files (cumulatively referenced as 218 ).
- the communication medium 204 is intended to represent any of a number of typical communication links including, but not limited to, a proprietary data bus, an industry standard data bus, a local area network (LAN), a wide area network (WAN), or a global area network (e.g., the Internet).
- a proprietary data bus e.g., a proprietary data bus, an industry standard data bus, a local area network (LAN), a wide area network (WAN), or a global area network (e.g., the Internet).
- a runtime environment applet is invoked on ICC 208 upon receipt of a command from an application 212 executing on a host system 202 which identifies at least one code file and one data file from the discrete code and data files 218 .
- innovative smart card 208 includes an innovative file system 216 which facilitates sharing of discrete code and data files. It will be appreciated, based on the description to follow, that the innovative file system facilitates modification to ICC functionality without the need to modify the data stored on the ICC.
- Card reader 206 provides a necessary interface between ICC 208 and a computing system such as, e.g., host system 202 .
- Card readers are typically designed to support any of a number of standardized communication protocols supported within the smart card community and, in this way, can typically accommodate smart cards adhering to any of the recognized communication standards from any smart card manufacturer.
- card reader 206 is not chip- or card-specific.
- card reader 206 includes the necessary hardware and software resources required to support the interlaced debug protocol of the present invention. Consequently, card reader 206 is merely intended to be illustrative of card readers typically known within the art.
- host system 202 is depicted within FIG. 2 as comprising a plurality of executable applications 212 and an operating system 210 , as shown.
- host system 202 may well include an ICC application development agent as one or more of applications 212 .
- the ICC development tool includes a compiler to translate a single source code file into a discrete code file and a data file for storage on ICC 208 .
- the ICC development tool includes a file system builder, which takes a description of the code and data files to be provided on ICC 208 , and generates a binary image of a file system which is loaded into the non-volatile memory of ICC 208 to build the file system.
- a file system builder which takes a description of the code and data files to be provided on ICC 208 , and generates a binary image of a file system which is loaded into the non-volatile memory of ICC 208 to build the file system.
- program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
- program modules may be located in both local and remote memory storage devices.
- FIG. 3 shows a general example of a host system 202 incorporating the teachings of one aspect of the present invention, and suitable for use within data network 200 .
- host system 202 is intended to represent any of a class of general or special purpose computing platforms which, when endowed with the innovative application development agent, transforms data network 200 into an application development system.
- the following description of host system 202 is intended to be merely illustrative, as computer systems of greater or lesser capability may well be substituted without deviating from the spirit and scope of the present invention.
- host system 202 includes one or more processors or processing units 132 , a system memory 134 , and a bus 136 that couples various system components including the system memory 134 to processors 132 .
- the bus 136 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures.
- the system memory includes read only memory (ROM) 138 and random access memory (RAM) 140 .
- ROM read only memory
- RAM random access memory
- a basic input/output system (BIOS) 142 containing the basic routines that help to transfer information between elements within host system 202 , such as during start-up, is stored in ROM 138 .
- Host system 202 further includes a hard disk drive 144 for reading from and writing to a hard disk, not shown, a magnetic disk drive 146 for reading from and writing to a removable magnetic disk 148 , and an optical disk drive 150 for reading from or writing to a removable optical disk 152 such as a CD ROM, DVD ROM or other such optical media.
- the hard disk drive 144 , magnetic disk drive 146 , and optical disk drive 150 are connected to the bus 136 by a SCSI interface 154 or some other suitable bus interface.
- the drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for host system 202 .
- a number of program modules may be stored on the hard disk 144 , magnetic disk 148 , optical disk 152 , ROM 138 , or RAM 140 , including an operating system 158 , one or more application programs 160 including, for example, the innovative application development agent 120 , other program modules 162 , and program data 164 .
- a user may enter commands and information into host system 202 through input devices such as keyboard 166 and pointing device 168 .
- Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like.
- These and other input devices are connected to the processing unit 132 through an interface 170 that is coupled to bus 136 .
- a monitor 172 or other type of display device is also connected to the bus 136 via an interface, such as a video adapter 174 .
- personal computers often include other peripheral output devices (not shown) such as speakers and printers.
- host system 202 operates in a networked environment using logical connections to one or more remote computers, such as a remote computer 176 .
- the remote computer 176 may be another personal computer, a personal digital assistant, a server, a router or other network device, a network “thin-client” PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to host system 202 , although only a memory storage device 178 has been illustrated in FIG. 3.
- the logical connections depicted in FIG. 3 include a local area network (LAN) 180 and a wide area network (WAN) 182 .
- LAN local area network
- WAN wide area network
- remote computer 176 executes an Internet Web browser program such as the “Internet Explorer” Web browser manufactured and distributed by Microsoft Corporation of Redmond, Wash. to access and utilize online services.
- host system 202 When used in a LAN networking environment, host system 202 is connected to the local network 180 through a network interface or adapter 184 . When used in a WAN networking environment, host system 202 typically includes a modem 186 or other means for establishing communications over the wide area network 182 , such as the Internet.
- the modem 186 which may be internal or external, is connected to the bus 136 via a serial port interface 156 .
- program modules depicted relative to the personal host system 202 may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
- the data processors of host system 202 are programmed by means of instructions stored at different times in the various computer-readable storage media of the computer.
- Programs and operating systems are typically distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory.
- the invention described herein includes these and other various types of computer-readable storage media when such media contain instructions or programs for implementing the innovative steps described below in conjunction with a microprocessor or other data processor.
- the invention also includes the computer itself when programmed according to the methods and techniques described below.
- certain sub-components of the computer may be programmed to perform the functions and steps described below. The invention includes such sub-components when they are programmed as described.
- the invention described herein includes data structures, described below, as embodied on various types of memory media.
- FIG. 4 illustrates a block diagram of an example ICC development agent 120 , suitable for use in host system 202 .
- development agent 120 comprises control logic 402 , one or more development application(s) (or tools) 404 , an ICC command set 406 , an ICC compiler 408 and a file system builder 410 , coupled as depicted.
- Control logic 402 is intended to represent any of a broad range of logic known in the art.
- control logic 402 is a processor, while in alternate embodiments control logic is a microcontroller, a programmable logic array, or a series of executable instructions which perform logic functions.
- Control logic 402 communicates with ICC 208 in any of a plurality of standard communication protocols. In alternate embodiments, non-standard protocols may well be used to communicate between controller 402 and ICC 208 such as, for example, a unique development communication protocol.
- controller 402 communicates with ICC 208 , and any other peripheral for that matter, via the communication resources of operating system 210 of host system 202 . Insofar as such resources are well known in the art, they need not be described further here.
- development agent 120 is depicted as including one or more development application(s) or tools 404 .
- These tools may well be any of a number of application development tools commonly known in the art. That is, application development agent 120 may well be utilized with any of a number of development applications such as, for example, Visual Basic or Visual C/C++ application development tools available from Microsoft Corporation of Redmond, Wash. Moreover, such applications 404 need not be integrated with development agent 120 . Rather, agent 120 may well receive source code developed using an external application development tool without deviating from the spirit and scope of the present invention.
- the innovative smart card application development system 200 does not require the chip-specific, often proprietary software development application and associated compilers, linkers and debuggers that are typical of the prior art ICC application development systems.
- development agent 120 includes an innovative ICC applet compiler 408 .
- the ICC applet compiler 408 is comprised of a parser 412 and one or more translator(s) 414 .
- the translators 414 take source code developed using, for example, one of development applications 404 , and translates it into a lower-level, executable form, e.g., runtime environment bytecodes or assembly language instructions. It is common to employ two or more translator(s) in a compiler, one as a front-end compiler to receive and translate the source code to an intermediate level language, and a back-end translator to translate the intermediate level code into an executable form acceptable to the processor which will ultimately execute the applet.
- the use of translator(s) in compilers is well-known and, as a result, need not be further described here.
- ICC compiler 408 includes a parser 412 .
- the parser 412 analyzes the received code, in either source code, intermediate level, or executable form and separates the executable instructions from the data. More specifically, in accordance with the teachings of the present invention, parser 412 separates the code from the data and saves each in a separate and independent file. It is to be appreciated that a runtime environment applet created by the innovative ICC applet compiler 408 consists of at least two files, one code file and one data file.
- development agent 120 includes a file system builder 410 .
- file system builder 410 includes binary image generator 416 .
- binary image generator 416 receives a description of a file system and generates a binary image of the file system description.
- the file system description is an ordered series of commands that describe and build the file system. An example subset of the commands used to create a file system description are provided below, in Table I.
- Partition_size n Sets the size of the file system partition to n bytes.
- Num_FCB n Sets the number of file control blocks created in file system to n.
- Num_ACL n Sets the number of access control lists in the created file system to n.
- Sector_size sets the sector size of the file system in bytes. This is the number of bytes that are added to a file each time it needs more space. The larger n is, the more unused space there may be in files but the more quickly you can access them and the less overhead space they require. The smaller n is, the more tightly the data in the file fits the allocated space, but there is more overhead in managing the file.
- Target Sets the target to accommodate either the “x86”, “8051” or “AVR” processing environments.
- Create_Partition creates a partition within the file system and populates it with a default file and a default access control level.
- FILE filename ACL Aclfilename creates a file with the given file name whose access control rules are in the file with the given ACL file name.
- DELETE filename (or directory): deletes a named file or directory.
- ACL_Data ResourceOperationIndex ExpresionType ⁇ BooleanExpression ⁇ Add the given access control rule to the current file.
- Numeric_Data_At Position i1 i2 i3 . . . in: this pair of commands enter numeric data into the current file.
- the first version enters the data at the current position in the file and the second version sets the current position before beginning entry.
- ASCII_Data_At Position CharacterString: this pair of commands enter ASCII encoded data into current file. The first version enters the data at the current position, while the second version sets the current position before beginning entry at the current position.
- the first version enters the data at the current position, while the second version sets the current position before beginning entry.
- Set_File_ACL FileName AclFileName sets the access control level of the file by the given filename.
- Set_File_Size Filename n sets the size of the file by the given filename to the given value in bytes.
- END terminates reading of the file system description commands by the file system builder and invokes the binary image generator to output a binary image of the file system.
- filenames in the above syntax, this is for ease of explanation only, as other indicators of a file may well be used.
- suitable file descriptors include, without limitation, file names, file handles, and the like.
- the file system description is supplied to file system builder 410 by control logic 402 , and includes a list of code files and data files required to provide an ICC with certain functionality.
- ICC development agent 120 provides a graphical user interface (not shown) to a user with a list of available code and data files, enabling the user to dynamically create a file system description in a high-level, graphical representation.
- control logic 402 accesses ICC file system command set 406 which includes, at least, the file system syntax identified in Table I to generate the file system description.
- one or more applications 404 provide control logic 402 with the file system description based on functionality requirements or the input of a developer using a higher-level language.
- file system builder 410 invokes the binary image generator 416 to generate a binary image of the received file system description.
- the binary image generated from the received file system description is downloaded to non-volatile memory (e.g., EEPROM) of an innovative IC card 208 .
- the binary image is provided to a mass-producer of IC cards, which bums (or masks) the image on a read-only memory (ROM) device for the IC card.
- ROM read-only memory
- file system builder 410 provides an IC card ( 208 ) with the ability to uniquely access (add, delete, modify) and execute code files and data files independently to implement a flexible array of runtime environment applets.
- ICC file system command set 406 is a library of functional commands which control logic 402 utilizes to create and/or communicate with the file system 216 of an IC card incorporating the teachings of the present invention. More specifically, the ICC file system command set 406 provides control logic 402 with the vocabulary required to create, delete, access and execute the discrete code and data files 218 of ICC 208 . Although ICC file system command set 406 is depicted as a separate functional block, this is for ease of illustration and explanation. It will be appreciated that ICC file system command set 406 may well be integrated with other functional elements such as, for example, control logic 402 without deviating from the spirit and scope of the present invention.
- ISO International Standards Organization
- compiler 408 and/or file system builder 410 may well be integrated within control logic 402 . Accordingly, the teachings of the present invention may well be practiced with variation from the exemplary embodiment without deviating from the spirit and scope of the present invention.
- FIG. 5 illustrates a block diagram of an innovative integrated circuit card 208 incorporating the teachings of the present invention in greater detail.
- IC card 208 includes the I/O port 102 , runtime environment 214 , non-volatile and volatile memory ( 106 and 108 ) of prior art IC cards.
- ICC 208 includes control logic 502 , operating system with native functions 504 , each modified to accommodate the innovative ICC file system 216 and a plurality of discrete code files and data files 506 - 518 .
- control logic 502 is intended to represent any of a number control means known in the art, such as those described in association with control logic 104 . However, such control logic is modified, as necessary, to recognize and implement instructions from the innovative file system command set. In this regard, control logic 502 enables a host system to access or execute discrete code and data files 506 - 518 via the operating system 504 and the ICC file system 216 . Similarly, operating system 504 is modified only to the extent necessary to accommodate ICC file system 216 and the discrete code and data files 506 - 518 .
- An example of a suitable file system is the Smart Card for Windows operating system commonly available from Microsoft Corporation, of Redmond, Wash.
- control logic 502 receives an Execute command from a host denoting a code file and a data file.
- the received command is in the form of an application protocol data unit (APDU).
- APDU application protocol data unit
- FIG. 6 graphically illustrates an application protocol data unit suitable for use in accordance with the present invention, to communicate file system command set instructions between a host system 202 and an innovative ICC 208 , according to one embodiment of the present invention.
- APDU 600 is comprised of a mandatory header 602 , a conditional body 604 , and a mandatory trailer 606 .
- the mandatory header includes a class byte 608 , instruction byte 610 , and parameter bytes 612 and 614 .
- the conditional body includes a length field 616 , which denotes the number of bytes in the data field, and the number of bytes expected in any response.
- the data field 618 includes the data, if any, transmitted in the APDU.
- the mandatory trailer field 606 is comprised of status bytes 620 and 622 , respectively.
- a host system 202 implements a runtime environment applet within ICC 208 by issuing an EXECUTE command of the form: Execute (code_filename, data_filename).
- a runtime environment applet executed in accordance with the teachings of the present invention requires both a code filename and a data filename.
- the present invention provides for different combinations of code and data files, thereby enabling a code file to share data files, and for a code file to use multiple data files, without the need to integrate the content of the data file into a single applet file.
- FIG. 7 is a flow chart of an example method for compiling a runtime environment applet using a development agent incorporating the teachings of the present invention, according to one aspect of the present invention. For ease of explanation, and not limitation, the method of FIG. 7 will be developed with continued reference to FIGS. 1-6.
- the method begins with step 702 , wherein the innovative ICC applet compiler 408 receives the source code to be compiled.
- a development application e.g., 404
- ICC applet compiler 408 analyzes the received source code to parse data segments from bytecode segments, step 704 .
- parser 412 receives the source code, identifies data objects within the source code, and separates the data objects from the executable bytecodes. Each data object is assigned a relative location in the data file. A reference to this relative location is inserted to the code file that is being generated. In the second pass of the compiler, it decides on the absolute addresses of each data object and generates the data file accordingly. At the same time, it replaces all the data object references in the code file with actual addresses.
- step 706 the bytecode and data objects are passed to the translator(s), as they are translated into an executable form. More specifically, the bytecode and data objects of the applet are translated into a form suitable for execution by the control logic 502 of the IC card 208 .
- compiler 408 is chip-specific although it is anticipated that translator(s) 414 for control logic suitable for IC card applications may well be provided within compiler 408 .
- the illustrated example embodiment invokes the parsing step 704 before the translation step 706 , those skilled in the art will appreciate that there may be advantages to reversing this order. That is, it may be more convenient to first translate the received source code to some intermediate-level, compiler language.
- One common language is the static single assignment (SSA) form, which has the inherent property that reoccurring variables (i.e., local variables within a method) are uniquely identified within the SSA form. Accordingly, it may prove computationally easier to translate the received source code to an intermediate-level language, parse the code from the data, and then perform a back-end translation down to executable form.
- the entire translation step(s) may be completed, wherein the code is parsed from the data while in executable form. Regardless, all such variations are anticipated within the scope and spirit of the present invention.
- ICC applet compiler 408 generates two files from the received source code, one each for the bytecode (i.e., the code file) and for data (i.e., the data file). More specifically, once the parsing and translation steps have been completed, the executable code is saved in a discrete code file, while the data is saved in a discrete data file. In this way, data files may be shared across code files providing for more flexible implementations.
- the method begins with step 802 , wherein the file system builder 410 receives a file system description.
- the file system description is generated by control logic 402 based on received user (developer) input and the ICC file system command set 406 described with reference to Table I.
- the received file system description is read, step 804 , and a binary image of the file system is created, step 806 .
- binary image generator 416 reads the ordered series of commands describing the file system, and generates a binary image of the file system to create and implement the file system.
- step 808 the binary image created in step 806 is loaded into the non-volatile memory of a suitable integrated circuit card such as, for example, ICC 208 .
- the created binary image representation of the file system is loaded into the non-volatile memory 106 of ICC 208 from control logic 402 of development agent 120 .
- the binary image representation of the file system is stored by control logic 402 in an accessible storage medium, and is masked (burned) into read-only memory (ROM) during the manufacture of ICC 208 .
- FIG. 9 is a flow chart illustrating the method steps of executing a runtime environment applet on the innovative ICC of FIG. 5, in accordance with the teachings of the present invention.
- the method begins in step 902 when IC card 208 receives a command to invoke a runtime environment applet. More specifically, control logic 502 receives a command in the form EXECUTE (code_filename, data_filename) via I/O port 102 , and invokes an instance of runtime environment 214 to execute the applet defined by the identified code file and data file.
- EXECUTE code_filename, data_filename
- the command EXECUTE (codefile 1 ,datafile 3 ) is received by control logic 502 .
- control logic 502 any of a number of alternate means may be used to invoke an applet and/or application in accordance with the teachings of the present invention.
- the activation of the applets can be achieved by an implicit command such as “Execute” or can be explicitly selected by an event through a translation/dispatching table, for example.
- controller 402 passes the received file names (codefile 1 ,datafile 3 ) to file system 216 to retrieve the files from non-volatile memory 106 .
- the identified code file and data file are retrieved and loaded into the runtime environment (RTE) 214 , and the identified code file (codefile 1 ) is executed until reference to required data is reached, step 908 .
- the RTE accesses the identified data file (datafile 3 ) and performs the desired operation in the data file.
- step 912 a determination of whether the end of the applet has been reached. If, after performing the operation in the data file, the code file has additional executable code, the process continues with step 908 and the bytecode is executed until another reference to a data file operation is reached. If, however, in step 912 the end of the executable code of the identified code file is reached, the applet ends, and any updates to the identified data file (datafile 3 ) are made.
- FIG. 10 is a block diagram of an example storage medium having stored thereon a plurality of executable instructions including instructions which, when executed, implement the development agent of the present invention, according to an alternate embodiment of the present invention.
- FIG. 10 illustrates a storage medium/device 1000 having stored thereon a plurality of instructions 1002 including at least a subset of which that, when executed, implement the innovative features of development agent 120 of the present invention.
- the executable instructions implementing development agent 120 When executed by a processor of a host system, the executable instructions implementing development agent 120 perform the compiling and file system building functions described above.
- storage medium 1000 is intended to represent any of a number of storage devices and/or storage media known to those skilled in the art such as, for example, volatile memory devices, non-volatile memory devices, magnetic storage media, optical storage media, and the like.
- the executable instructions are intended to reflect any of a number of software languages known in the art such as, for example, C, C++, Visual Basic, Java, Smalltalk, Lisp, eXtensible Markup Language (XML), and the like.
- the storage medium/device 1000 need not be co-located with any host system. That is, storage medium/device 1000 may well reside within a remote server communicatively coupled to and accessible by an executing system. Accordingly, the software implementation of FIG. 10 is to be regarded as illustrative, as alternate storage media and software embodiments are anticipated within the spirit and scope of the present invention.
Abstract
An integrated circuit card includes a storage device to store one or more code files and one or more data files, and control logic. The control logic implements an ICC runtime environment that executes an applet in response to a command identifying both a code file and a data file received from a host system.
Description
- This application is a continuation of U.S. patent application Ser. No. 09/563,798 filed May 2, 2000, which claims the benefit of a related U.S. Provisional Application Serial No. 60/133,600 filed May 11, 1999, entitled “TBD”, to Odinak et al., which is incorporated by reference herein.
- This invention generally relates to integrated circuit cards and, more specifically, to a method and apparatus for sharing data files among runtime environment applets in an integrated circuit card (ICC).
- Today there is increasing use of integrated circuit cards, colloquially referred to as “smart cards”, in place of, or in addition to, conventional magnetic stripe cards (“mag cards”). A smart card is a thin card embedded with a memory device (volatile and/or non-volatile) and associated programmable or non-programmable logic. Unlike the mag card that merely stores “static” information (e.g., a credit card account number), a smart card can add, delete and otherwise manipulate information stored on the card. Accordingly, smart cards are capable of storing and executing applications to carry out one or more functions within a smart card.
- A smart card is often referred to as a “closed” system because, for security purposes, a smart card is purposefully designed to not expose its memory, intermediate system states or data and address bus information to external devices. To do so would render it susceptible to unauthorized access (hacking) and fraud. While its closed nature is useful for secure applications such as banking transactions, it makes it difficult to utilize prior art smart cards for development purposes. It is to be appreciated that application development often requires access to memory or bus values, or system state information during intermediate processing steps, access that has been specifically designed out of the smart card.
- Another encumbrance to the smart card application designer is the limited resources of the smart card. That is, due to the physical and processing constraints placed on the smart card, prior art smart cards do not enjoy any dedicated debug facilities. Aside from the limited processing and memory attributes of a smart card, a smart card typically has but a single, bi-directional input/output (I/O) port. The communication bandwidth of this single I/O port is typically consumed to support execution of the smart card application itself, leaving little to no communication bandwidth to support debug features. Thus, application development using a smart card itself is virtually impossible. Consequently the development of applications for a smart card currently requires the use of an in-circuit emulator (ICE) and an associated, often proprietary software development application.
- As a result of the limited processing and memory capability of the smart card, and the cost of development, each smart card is typically developed to support a few functions. The smart card functionality is typically embodied as a couple of stand-alone runtime environment applets, stored within a non-volatile memory of the smart card, and selectively invoked by a host system. To better illustrate this architecture, a block diagram of a typical prior art smart card system architecture is presented with reference to FIG. 1.
- As shown, from a hardware perspective,
smart card 100 is comprised of an input/output (I/O)interface 102,control logic 104,non-volatile memory 106 andvolatile memory 108, coupled as shown.Control logic 104 supports an operating system withnative functions 110 and a runtime environment (RTE) 112, which executesruntime environment applets non-volatile memory 106. Theoperating system 110 and RTE 112 are typically invoked when the smart card is introduced to a host system, e.g., a card reader, which provides power tosmart card 100. - Because of the limited memory and processing capability of the smart card, the
runtime environment 112 is typically optimized for the functions it performs, i.e., to implement the functionality embedded within applets 114. Moreover, storage of the applets themselves are optimized, i.e., the bytecode and data for the applets are compiled and stored as a single executable entity within one or more segments of non-volatile memory, as shown. - It should be appreciated that while the prior art runtime environment and applets were optimized to preserve the processing and memory capabilities of the smart card, they do not provide a flexible environment for, say, smart card applet development. One of the drawbacks of the self-contained applets typical of the prior art is that in order to change the functionality of an applet, the data must be replaced as well. That is, the code and data of the applet are inextricably tied together.
- In addition to limiting the flexibility of the applets, compiling the code and data into a common file may, in certain circumstances, waste memory resources. That is, if two applets require the same data, the prior art dictates that two applet files, each with the same data, be stored in the non-volatile memory of the smart card. By eliminating this needless duplication, memory resources may be freed to extend the functional capability of the smart card.
- Thus, a method and apparatus for sharing data files among runtime environment applets is required, unencumbered by the limitations commonly associated with the prior art. One such solution is presented below.
- This invention concerns an integrated circuit card (ICC), such as a smart card and, more particularly, a method and apparatus for sharing data files among runtime environment applets in an integrated circuit card.
- In accordance with a first aspect of the invention, an integrated circuit card is presented comprising a storage device having stored thereon one or more code files and one or more data files, and control logic. When the ICC is inserted into a card reader, the control logic implements an ICC runtime environment that executes an applet in response to a command identifying a code file and a data file received from a host system. It is to be appreciated that an ICC incorporating the teachings of the present invention stores and executes discrete code and data files, enabling runtime environment applets to share data files between discrete code files, according to one aspect of the invention.
- The runtime environment applets, with discrete code and data files are developed using an innovative application development agent that includes a compiler and a file system builder. In addition to the typical function of translating source code into executable bytecodes, the compiler incorporating the teachings of the present invention distinguishes the executable bytecode from data, storing the executable bytecodes in a code file and the data in a data file.
- The file system builder receives a description of a file system to be implemented on the ICC and generates a binary image of the file system. According to one embodiment of the invention, the received description is an ordered series of script commands that describe and build the file system. The binary image of the file system is then loaded (or masked) in the non-volatile memory of the ICC.
- In this regard, the present invention also consists of an ICC file system, responsive to an innovative command set which enables a user (or host system program) to add, delete, modify and execute discrete code and data files stored in non-volatile memory of the ICC. It will be appreciated that the innovative ICC file system enables a user (or host system) to modify the functionality of an ICC (i.e., add, delete or modify code files) without disrupting the data files. Similarly, the ICC file system facilitates modification of ICC data stores without modification to an ICC functionality.
- Thus, it is to be appreciated that an ICC application development system incorporating the innovative compiler and file system builder represents a significant advancement in smart card application development and deployment. By separating an applet into distinct code files and data files, the present invention facilitates a much more flexible runtime environment, while reducing the amount of memory required to store otherwise redundant information.
- Drawings:
- FIG. 1 is a block diagram of a system architecture for a prior art integrated circuit card;
- FIG. 2 is a block diagram of an example data network including an integrated circuit card incorporating the teachings of the present invention;
- FIG. 3 is a block diagram of an example computer system including an innovative integrated circuit card application development agent, according to one aspect of the present invention;
- FIG. 4 is a block diagram of an example development agent, in accordance with the teachings of the present invention;
- FIG. 5 is a block diagram of an example integrated circuit card including a file system and discrete code files and data files, according to the teachings of the present invention;
- FIG. 6 is a block diagram of an example application protocol data unit (APDU) suitable for use in accordance with the present invention;
- FIG. 7 is a flow chart for compiling a runtime environment applet, in accordance with the teachings of the present invention;
- FIG. 8 is a flow chart for building a file system for use on an integrated circuit card, in accordance with the teachings of the present invention;
- FIG. 9 is a flow chart illustrating the method steps of executing a runtime environment applet on the innovative ICC of FIG. 5, in accordance with the teachings of the present invention; and
- FIG. 10 is a block diagram of an example storage medium having stored thereon a plurality of executable instructions including instructions which, when executed, implement the development agent of the present invention, according to an alternate embodiment of the present invention.
- Example Network
- FIG. 2 illustrates an
example data network 200 including anintegrated circuit card 208 incorporating the teachings of the present invention. As shown,network 200 includes ahost system 202 coupled toICC 208 viacommunication medium 204 andcard reader 206.Host system 202 includes anoperating system 210 and one ormore host applications 212. Theinnovative ICC 208 is shown comprising aruntime environment 214, afile system 216 and a storage medium having stored thereon one or more code files and one or more discrete data files (cumulatively referenced as 218). Thecommunication medium 204 is intended to represent any of a number of typical communication links including, but not limited to, a proprietary data bus, an industry standard data bus, a local area network (LAN), a wide area network (WAN), or a global area network (e.g., the Internet). - According to the teachings of the present invention, a runtime environment applet is invoked on
ICC 208 upon receipt of a command from anapplication 212 executing on ahost system 202 which identifies at least one code file and one data file from the discrete code and data files 218. Unlike prior art smart card implementations wherein the bytecodes and data necessary to implement a runtime environment applet were saved as a single file and implemented by the runtime environment, innovativesmart card 208 includes aninnovative file system 216 which facilitates sharing of discrete code and data files. It will be appreciated, based on the description to follow, that the innovative file system facilitates modification to ICC functionality without the need to modify the data stored on the ICC. -
Card reader 206 provides a necessary interface betweenICC 208 and a computing system such as, e.g.,host system 202. Card readers are typically designed to support any of a number of standardized communication protocols supported within the smart card community and, in this way, can typically accommodate smart cards adhering to any of the recognized communication standards from any smart card manufacturer. In this regard,card reader 206 is not chip- or card-specific. For purposes of this discussion,card reader 206 includes the necessary hardware and software resources required to support the interlaced debug protocol of the present invention. Consequently,card reader 206 is merely intended to be illustrative of card readers typically known within the art. - For ease of explanation, and not limitation,
host system 202 is depicted within FIG. 2 as comprising a plurality ofexecutable applications 212 and anoperating system 210, as shown. According to one aspect of the present invention, to be described more fully below,host system 202 may well include an ICC application development agent as one or more ofapplications 212. The ICC development tool includes a compiler to translate a single source code file into a discrete code file and a data file for storage onICC 208. In addition, the ICC development tool includes a file system builder, which takes a description of the code and data files to be provided onICC 208, and generates a binary image of a file system which is loaded into the non-volatile memory ofICC 208 to build the file system. It is to be appreciated, then, that the innovative development agent described below facilitates the innovative features ofICC 208. When endowed with the innovative development agent,host system 202 may well be utilized in association withcommunication medium 204,card reader 206 andinnovative ICC 208 as an application development system. Further reference to an application development system throughout this application is intended to referencedata network 200. - Example Computer System
- In the discussion herein, the invention is described in the general context of computer-executable instructions, such as program modules, being executed by one or more conventional computers. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations, including hand-held devices, personal digital assistants, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. In a distributed computer environment, program modules may be located in both local and remote memory storage devices.
- FIG. 3 shows a general example of a
host system 202 incorporating the teachings of one aspect of the present invention, and suitable for use withindata network 200. It will be evident, from the discussion to follow, thathost system 202 is intended to represent any of a class of general or special purpose computing platforms which, when endowed with the innovative application development agent, transformsdata network 200 into an application development system. In this regard, the following description ofhost system 202 is intended to be merely illustrative, as computer systems of greater or lesser capability may well be substituted without deviating from the spirit and scope of the present invention. - As shown,
host system 202 includes one or more processors orprocessing units 132, asystem memory 134, and abus 136 that couples various system components including thesystem memory 134 toprocessors 132. - The
bus 136 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 138 and random access memory (RAM) 140. A basic input/output system (BIOS) 142, containing the basic routines that help to transfer information between elements withinhost system 202, such as during start-up, is stored inROM 138. -
Host system 202 further includes ahard disk drive 144 for reading from and writing to a hard disk, not shown, amagnetic disk drive 146 for reading from and writing to a removablemagnetic disk 148, and anoptical disk drive 150 for reading from or writing to a removableoptical disk 152 such as a CD ROM, DVD ROM or other such optical media. Thehard disk drive 144,magnetic disk drive 146, andoptical disk drive 150 are connected to thebus 136 by aSCSI interface 154 or some other suitable bus interface. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data forhost system 202. - Although the exemplary environment described herein employs a
hard disk 144, a removablemagnetic disk 148 and a removableoptical disk 152, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, random access memories (RAMs) read only memories (ROM), and the like, may also be used in the exemplary operating environment. - A number of program modules may be stored on the
hard disk 144,magnetic disk 148,optical disk 152,ROM 138, orRAM 140, including anoperating system 158, one ormore application programs 160 including, for example, the innovativeapplication development agent 120,other program modules 162, andprogram data 164. A user may enter commands and information intohost system 202 through input devices such askeyboard 166 andpointing device 168. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are connected to theprocessing unit 132 through aninterface 170 that is coupled tobus 136. Amonitor 172 or other type of display device is also connected to thebus 136 via an interface, such as avideo adapter 174. In addition to themonitor 172, personal computers often include other peripheral output devices (not shown) such as speakers and printers. - As shown,
host system 202 operates in a networked environment using logical connections to one or more remote computers, such as aremote computer 176. Theremote computer 176 may be another personal computer, a personal digital assistant, a server, a router or other network device, a network “thin-client” PC, a peer device or other common network node, and typically includes many or all of the elements described above relative tohost system 202, although only amemory storage device 178 has been illustrated in FIG. 3. - As shown, the logical connections depicted in FIG. 3 include a local area network (LAN)180 and a wide area network (WAN) 182. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet. In one embodiment,
remote computer 176 executes an Internet Web browser program such as the “Internet Explorer” Web browser manufactured and distributed by Microsoft Corporation of Redmond, Wash. to access and utilize online services. - When used in a LAN networking environment,
host system 202 is connected to thelocal network 180 through a network interface oradapter 184. When used in a WAN networking environment,host system 202 typically includes amodem 186 or other means for establishing communications over thewide area network 182, such as the Internet. Themodem 186, which may be internal or external, is connected to thebus 136 via aserial port interface 156. In a networked environment, program modules depicted relative to thepersonal host system 202, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used. - Generally, the data processors of
host system 202 are programmed by means of instructions stored at different times in the various computer-readable storage media of the computer. Programs and operating systems are typically distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory. The invention described herein includes these and other various types of computer-readable storage media when such media contain instructions or programs for implementing the innovative steps described below in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described below. Furthermore, certain sub-components of the computer may be programmed to perform the functions and steps described below. The invention includes such sub-components when they are programmed as described. In addition, the invention described herein includes data structures, described below, as embodied on various types of memory media. - For purposes of illustration, programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computer, and are executed by the data processor(s) of the computer.
- FIG. 4 illustrates a block diagram of an example
ICC development agent 120, suitable for use inhost system 202. As shown,development agent 120 comprisescontrol logic 402, one or more development application(s) (or tools) 404, an ICC command set 406, anICC compiler 408 and afile system builder 410, coupled as depicted. -
Control logic 402 is intended to represent any of a broad range of logic known in the art. In one implementation,control logic 402 is a processor, while in alternate embodiments control logic is a microcontroller, a programmable logic array, or a series of executable instructions which perform logic functions.Control logic 402 communicates withICC 208 in any of a plurality of standard communication protocols. In alternate embodiments, non-standard protocols may well be used to communicate betweencontroller 402 andICC 208 such as, for example, a unique development communication protocol. Although not specifically denoted, it is to be appreciated thatcontroller 402 communicates withICC 208, and any other peripheral for that matter, via the communication resources ofoperating system 210 ofhost system 202. Insofar as such resources are well known in the art, they need not be described further here. - According to the illustrated example embodiment,
development agent 120 is depicted as including one or more development application(s) ortools 404. These tools may well be any of a number of application development tools commonly known in the art. That is,application development agent 120 may well be utilized with any of a number of development applications such as, for example, Visual Basic or Visual C/C++ application development tools available from Microsoft Corporation of Redmond, Wash. Moreover,such applications 404 need not be integrated withdevelopment agent 120. Rather,agent 120 may well receive source code developed using an external application development tool without deviating from the spirit and scope of the present invention. It is to be appreciated that by using common software development tools such as those described above, it is to be appreciated that the innovative smart cardapplication development system 200 does not require the chip-specific, often proprietary software development application and associated compilers, linkers and debuggers that are typical of the prior art ICC application development systems. - According to one aspect of the present invention,
development agent 120 includes an innovativeICC applet compiler 408. As shown, theICC applet compiler 408 is comprised of aparser 412 and one or more translator(s) 414. Thetranslators 414 take source code developed using, for example, one ofdevelopment applications 404, and translates it into a lower-level, executable form, e.g., runtime environment bytecodes or assembly language instructions. It is common to employ two or more translator(s) in a compiler, one as a front-end compiler to receive and translate the source code to an intermediate level language, and a back-end translator to translate the intermediate level code into an executable form acceptable to the processor which will ultimately execute the applet. The use of translator(s) in compilers is well-known and, as a result, need not be further described here. - In addition to translator(s)414,
ICC compiler 408 includes aparser 412. As used herein, theparser 412 analyzes the received code, in either source code, intermediate level, or executable form and separates the executable instructions from the data. More specifically, in accordance with the teachings of the present invention,parser 412 separates the code from the data and saves each in a separate and independent file. It is to be appreciated that a runtime environment applet created by the innovativeICC applet compiler 408 consists of at least two files, one code file and one data file. - In addition to the
innovative compiler 408,development agent 120 includes afile system builder 410. As shown,file system builder 410 includesbinary image generator 416. As alluded to above,binary image generator 416 receives a description of a file system and generates a binary image of the file system description. The file system description is an ordered series of commands that describe and build the file system. An example subset of the commands used to create a file system description are provided below, in Table I. - Partition_size n: Sets the size of the file system partition to n bytes.
- Num_FCB n: Sets the number of file control blocks created in file system to n.
- Num_ACL n: Sets the number of access control lists in the created file system to n.
- Sector_size: sets the sector size of the file system in bytes. This is the number of bytes that are added to a file each time it needs more space. The larger n is, the more unused space there may be in files but the more quickly you can access them and the less overhead space they require. The smaller n is, the more tightly the data in the file fits the allocated space, but there is more overhead in managing the file.
- Target [x86/8051/AVR]: Sets the target to accommodate either the “x86”, “8051” or “AVR” processing environments.
- Create_Partition: creates a partition within the file system and populates it with a default file and a default access control level.
- FILE filename ACL Aclfilename: creates a file with the given file name whose access control rules are in the file with the given ACL file name.
- DELETE filename (or directory): deletes a named file or directory.
- KP_Data {GroupUids} Protocol {ProtocolData}: Put data that describes a known principal into the current file which must be a file in Is/k
- ACL_Data ResourceOperationIndex ExpresionType {BooleanExpression}: Add the given access control rule to the current file.
- Numeric_Data i1 i2 i3 . . . in
- Numeric_Data_At Position=i1 i2 i3 . . . in: this pair of commands enter numeric data into the current file. The first version enters the data at the current position in the file and the second version sets the current position before beginning entry.
- ASCII_Data CharacterString
- ASCII_Data_At Position=CharacterString: this pair of commands enter ASCII encoded data into current file. The first version enters the data at the current position, while the second version sets the current position before beginning entry at the current position.
- Unicode_Data Characterstring
- Unicode_Data_At Characterstring: this pair of commands enter UNICODE encoded alphanumeric data into the current file.
- The first version enters the data at the current position, while the second version sets the current position before beginning entry.
- Set_File_ACL FileName AclFileName: sets the access control level of the file by the given filename.
- Set_File_Size Filename n: sets the size of the file by the given filename to the given value in bytes.
- END: terminates reading of the file system description commands by the file system builder and invokes the binary image generator to output a binary image of the file system.
- Table I: Example File System Description Syntax and Definitions
- It should be noted that although reference is made to “filenames” in the above syntax, this is for ease of explanation only, as other indicators of a file may well be used. Examples of suitable file descriptors include, without limitation, file names, file handles, and the like.
- According to one implementation, the file system description is supplied to file
system builder 410 bycontrol logic 402, and includes a list of code files and data files required to provide an ICC with certain functionality. In on embodiment,ICC development agent 120 provides a graphical user interface (not shown) to a user with a list of available code and data files, enabling the user to dynamically create a file system description in a high-level, graphical representation. Based on the description received from the user,control logic 402 accesses ICC file system command set 406 which includes, at least, the file system syntax identified in Table I to generate the file system description. - In an alternate embodiment, one or
more applications 404 providecontrol logic 402 with the file system description based on functionality requirements or the input of a developer using a higher-level language. - Once the file system description is received,
file system builder 410 invokes thebinary image generator 416 to generate a binary image of the received file system description. According to one implementation, the binary image generated from the received file system description is downloaded to non-volatile memory (e.g., EEPROM) of aninnovative IC card 208. In an alternate embodiment, the binary image is provided to a mass-producer of IC cards, which bums (or masks) the image on a read-only memory (ROM) device for the IC card. In either case,file system builder 410 provides an IC card (208) with the ability to uniquely access (add, delete, modify) and execute code files and data files independently to implement a flexible array of runtime environment applets. - As alluded to above, ICC file system command set406 is a library of functional commands which control
logic 402 utilizes to create and/or communicate with thefile system 216 of an IC card incorporating the teachings of the present invention. More specifically, the ICC file system command set 406 providescontrol logic 402 with the vocabulary required to create, delete, access and execute the discrete code anddata files 218 ofICC 208. Although ICC file system command set 406 is depicted as a separate functional block, this is for ease of illustration and explanation. It will be appreciated that ICC file system command set 406 may well be integrated with other functional elements such as, for example,control logic 402 without deviating from the spirit and scope of the present invention. - According to one implementation,
control logic 402 communicates withfile system 216 using the innovative file system command set in accordance with a standard communication protocol such as, for example, International Standards Organization (ISO) 7816 T=0, or T=1. - Although depicted as a separate functional elements, those skilled in the art will appreciate that
compiler 408 and/orfile system builder 410 may well be integrated withincontrol logic 402. Accordingly, the teachings of the present invention may well be practiced with variation from the exemplary embodiment without deviating from the spirit and scope of the present invention. - Example Integrated Circuit Card
- FIG. 5 illustrates a block diagram of an innovative
integrated circuit card 208 incorporating the teachings of the present invention in greater detail. As shown,IC card 208 includes the I/O port 102,runtime environment 214, non-volatile and volatile memory (106 and 108) of prior art IC cards. In addition,ICC 208 includescontrol logic 502, operating system withnative functions 504, each modified to accommodate the innovativeICC file system 216 and a plurality of discrete code files and data files 506-518. - As used herein,
control logic 502 is intended to represent any of a number control means known in the art, such as those described in association withcontrol logic 104. However, such control logic is modified, as necessary, to recognize and implement instructions from the innovative file system command set. In this regard,control logic 502 enables a host system to access or execute discrete code and data files 506-518 via theoperating system 504 and theICC file system 216. Similarly,operating system 504 is modified only to the extent necessary to accommodateICC file system 216 and the discrete code and data files 506-518. An example of a suitable file system is the Smart Card for Windows operating system commonly available from Microsoft Corporation, of Redmond, Wash. - As introduced above, to implement a runtime applet in
ICC 208,control logic 502 receives an Execute command from a host denoting a code file and a data file. According to one embodiment of the present invention, the received command is in the form of an application protocol data unit (APDU). An example APDU is graphically illustrated with brief reference to FIG. 6. - As shown, FIG. 6 graphically illustrates an application protocol data unit suitable for use in accordance with the present invention, to communicate file system command set instructions between a
host system 202 and aninnovative ICC 208, according to one embodiment of the present invention. As shown,APDU 600 is comprised of amandatory header 602, aconditional body 604, and amandatory trailer 606. The mandatory header includes aclass byte 608,instruction byte 610, and parameter bytes 612 and 614. The conditional body includes alength field 616, which denotes the number of bytes in the data field, and the number of bytes expected in any response. Thedata field 618 includes the data, if any, transmitted in the APDU. Themandatory trailer field 606 is comprised ofstatus bytes - According to the teachings of the present invention, a
host system 202 implements a runtime environment applet withinICC 208 by issuing an EXECUTE command of the form: Execute (code_filename, data_filename). As shown, a runtime environment applet executed in accordance with the teachings of the present invention requires both a code filename and a data filename. As shown in FIG. 6, the present invention provides for different combinations of code and data files, thereby enabling a code file to share data files, and for a code file to use multiple data files, without the need to integrate the content of the data file into a single applet file. - Example Operation
- FIG. 7 is a flow chart of an example method for compiling a runtime environment applet using a development agent incorporating the teachings of the present invention, according to one aspect of the present invention. For ease of explanation, and not limitation, the method of FIG. 7 will be developed with continued reference to FIGS. 1-6.
- Turning to FIG. 7, the method begins with
step 702, wherein the innovativeICC applet compiler 408 receives the source code to be compiled. More specifically, a development application (e.g., 404) providescontrol logic 402 ofdevelopment agent 120 with a file containing source code in a high-level programming language, which must be compiled to an executable form for use in an IC card, e.g.,ICC 208. - According to one implementation,
ICC applet compiler 408 analyzes the received source code to parse data segments from bytecode segments,step 704. As described above,parser 412 receives the source code, identifies data objects within the source code, and separates the data objects from the executable bytecodes. Each data object is assigned a relative location in the data file. A reference to this relative location is inserted to the code file that is being generated. In the second pass of the compiler, it decides on the absolute addresses of each data object and generates the data file accordingly. At the same time, it replaces all the data object references in the code file with actual addresses. - In
step 706, the bytecode and data objects are passed to the translator(s), as they are translated into an executable form. More specifically, the bytecode and data objects of the applet are translated into a form suitable for execution by thecontrol logic 502 of theIC card 208. In this regard,compiler 408 is chip-specific although it is anticipated that translator(s) 414 for control logic suitable for IC card applications may well be provided withincompiler 408. - Although the illustrated example embodiment invokes the parsing
step 704 before thetranslation step 706, those skilled in the art will appreciate that there may be advantages to reversing this order. That is, it may be more convenient to first translate the received source code to some intermediate-level, compiler language. One common language is the static single assignment (SSA) form, which has the inherent property that reoccurring variables (i.e., local variables within a method) are uniquely identified within the SSA form. Accordingly, it may prove computationally easier to translate the received source code to an intermediate-level language, parse the code from the data, and then perform a back-end translation down to executable form. In another embodiment, the entire translation step(s) may be completed, wherein the code is parsed from the data while in executable form. Regardless, all such variations are anticipated within the scope and spirit of the present invention. - In
step 708,ICC applet compiler 408 generates two files from the received source code, one each for the bytecode (i.e., the code file) and for data (i.e., the data file). More specifically, once the parsing and translation steps have been completed, the executable code is saved in a discrete code file, while the data is saved in a discrete data file. In this way, data files may be shared across code files providing for more flexible implementations. - Turning now to FIG. 8, the operation of the innovative
file system builder 410 will be described, according to one aspect of the present invention. As shown, the method begins withstep 802, wherein thefile system builder 410 receives a file system description. As described above, in accordance with one example embodiment, the file system description is generated bycontrol logic 402 based on received user (developer) input and the ICC file system command set 406 described with reference to Table I. - The received file system description is read,
step 804, and a binary image of the file system is created,step 806. As described above,binary image generator 416 reads the ordered series of commands describing the file system, and generates a binary image of the file system to create and implement the file system. - In
step 808, the binary image created instep 806 is loaded into the non-volatile memory of a suitable integrated circuit card such as, for example,ICC 208. According to one embodiment of the present invention, the created binary image representation of the file system is loaded into thenon-volatile memory 106 ofICC 208 fromcontrol logic 402 ofdevelopment agent 120. In an alternate embodiment, the binary image representation of the file system is stored bycontrol logic 402 in an accessible storage medium, and is masked (burned) into read-only memory (ROM) during the manufacture ofICC 208. - FIG. 9 is a flow chart illustrating the method steps of executing a runtime environment applet on the innovative ICC of FIG. 5, in accordance with the teachings of the present invention. As shown, the method begins in
step 902 whenIC card 208 receives a command to invoke a runtime environment applet. More specifically,control logic 502 receives a command in the form EXECUTE (code_filename, data_filename) via I/O port 102, and invokes an instance ofruntime environment 214 to execute the applet defined by the identified code file and data file. With reference to FIG. 5, for purposes of illustration, assume that codefile1 and datafile3 are designated. Accordingly, the command EXECUTE (codefile1,datafile3) is received bycontrol logic 502. It should be appreciated, given the scope of the discussion, that any of a number of alternate means may be used to invoke an applet and/or application in accordance with the teachings of the present invention. In one implementation, for example, the activation of the applets (and the selection of the code and data file) can be achieved by an implicit command such as “Execute” or can be explicitly selected by an event through a translation/dispatching table, for example. - In
step 904,controller 402 passes the received file names (codefile1,datafile3) tofile system 216 to retrieve the files fromnon-volatile memory 106. Instep 906, the identified code file and data file are retrieved and loaded into the runtime environment (RTE) 214, and the identified code file (codefile1) is executed until reference to required data is reached,step 908. Instep 910, the RTE accesses the identified data file (datafile3) and performs the desired operation in the data file. - In
step 912, a determination of whether the end of the applet has been reached. If, after performing the operation in the data file, the code file has additional executable code, the process continues withstep 908 and the bytecode is executed until another reference to a data file operation is reached. If, however, instep 912 the end of the executable code of the identified code file is reached, the applet ends, and any updates to the identified data file (datafile3) are made. - FIG. 10 is a block diagram of an example storage medium having stored thereon a plurality of executable instructions including instructions which, when executed, implement the development agent of the present invention, according to an alternate embodiment of the present invention. In general, FIG. 10 illustrates a storage medium/
device 1000 having stored thereon a plurality ofinstructions 1002 including at least a subset of which that, when executed, implement the innovative features ofdevelopment agent 120 of the present invention. When executed by a processor of a host system, the executable instructions implementingdevelopment agent 120 perform the compiling and file system building functions described above. - As used herein,
storage medium 1000 is intended to represent any of a number of storage devices and/or storage media known to those skilled in the art such as, for example, volatile memory devices, non-volatile memory devices, magnetic storage media, optical storage media, and the like. Similarly, the executable instructions are intended to reflect any of a number of software languages known in the art such as, for example, C, C++, Visual Basic, Java, Smalltalk, Lisp, eXtensible Markup Language (XML), and the like. Moreover, it is to be appreciated that the storage medium/device 1000 need not be co-located with any host system. That is, storage medium/device 1000 may well reside within a remote server communicatively coupled to and accessible by an executing system. Accordingly, the software implementation of FIG. 10 is to be regarded as illustrative, as alternate storage media and software embodiments are anticipated within the spirit and scope of the present invention. - Although the invention has been described in language specific to structural features and/or methodological steps, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific features or steps described. Rather, the specific features and steps are disclosed as preferred forms of implementing the claimed invention.
Claims (17)
1. An integrated circuit card (ICC) comprising:
an operating system; and
a file system responsive to the operating system and configured to add, delete, modify, or execute discrete code files and data files.
2. An integrated circuit card as recited in claim 1 , further comprising a runtime environment responsive to the operating system and configured to interface with the file system to execute a runtime environment applet.
3. An integrated circuit card as recited in claim 2 , wherein the runtime environment selectively invokes one or more code files and one or more data files to implement the runtime environment applet.
4. An integrated circuit card as recited in claim 2 , wherein the runtime environment is configured to selectively invoke a data file with different code files to implement the runtime environment applet.
5. An integrated circuit card as recited in claim 2 , wherein the runtime environment is configured to selectively invoke a code file with multiple data files to implement the runtime environment applet.
6. An integrated circuit card as recited in claim 2 , wherein the runtime environment applet is invoked in response to receiving a command from a host identifying one or more code files and one or more data files.
7. An integrated circuit card as recited in claim 2 , wherein the runtime environment applet can execute the code file and the data file in response to a command received from a host system via the operating system.
8. An integrated circuit card as recited in claim 1 , wherein the code files and the data files implement one or more runtime environment applets.
9. An integrated circuit card as recited in claim 1 , wherein the file system facilitates modification in integrated circuit functionality without modifying the data files.
10. An integrated circuit card as recited in claim 1 , wherein the file system facilitates addition and deletion of the code files independent of the data files.
11. An integrated circuit card application development system comprising a computer system communicatively coupled to the integrated circuit card of claim 1 .
12. An integrated circuit readable storage medium having stored thereon a plurality of executable instructions to implement the file system of claim 1 .
13. A method for executing a runtime environment applet in an integrated circuit card (ICC) comprising:
receiving a command at the ICC to execute an identified code file and an identified data file to execute the runtime environment applet;
accessing a file system to retrieve and load the identified code file and the identified data file; and
executing the identified code file through completion to perform operations in the identified data file called for by the executing code.
14. A method as recited in claim 13 , further comprising:
receiving the command to execute multiple data files with the identified code file;
accessing the file system to retrieve and load the multiple data files; and
executing the identified code file through completion to perform operations in the multiple data files called for by the executing code.
15. A method as recited in claim 13 , wherein the command is received from a host system in response to inserting the ICC into a card reader.
16. A method as recited in claim 13 , further comprising:
receiving a second command to execute the identified code file with a different identified data file;
accessing the file system to retrieve and load the different identified data file; and
executing the identified code file through completion to perform operations in the different identified data file called for by the executing code.
17. A method as recited in claim 13 , further comprising:
receiving a second command to execute a different identified code file with the identified data file;
accessing the file system to retrieve and load the different identified code file; and
executing the different identified code file through completion, performing operations in the identified data file called for by the executing code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/837,441 US20040215674A1 (en) | 1999-05-11 | 2004-04-29 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13360099P | 1999-05-11 | 1999-05-11 | |
US09/563,798 US6845498B1 (en) | 1999-05-11 | 2000-05-02 | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US10/837,441 US20040215674A1 (en) | 1999-05-11 | 2004-04-29 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/563,798 Continuation US6845498B1 (en) | 1999-05-11 | 2000-05-02 | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
Publications (1)
Publication Number | Publication Date |
---|---|
US20040215674A1 true US20040215674A1 (en) | 2004-10-28 |
Family
ID=33134554
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/563,798 Expired - Lifetime US6845498B1 (en) | 1999-05-11 | 2000-05-02 | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US10/837,127 Expired - Fee Related US7703086B2 (en) | 1999-05-11 | 2004-04-29 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
US10/837,441 Abandoned US20040215674A1 (en) | 1999-05-11 | 2004-04-29 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
US10/968,245 Expired - Fee Related US7454741B2 (en) | 1999-05-11 | 2004-10-19 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/563,798 Expired - Lifetime US6845498B1 (en) | 1999-05-11 | 2000-05-02 | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US10/837,127 Expired - Fee Related US7703086B2 (en) | 1999-05-11 | 2004-04-29 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/968,245 Expired - Fee Related US7454741B2 (en) | 1999-05-11 | 2004-10-19 | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
Country Status (1)
Country | Link |
---|---|
US (4) | US6845498B1 (en) |
Cited By (100)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040133800A1 (en) * | 2001-05-02 | 2004-07-08 | Laurence Sterling | Method of manufacturing smart cards |
US10425129B1 (en) | 2019-02-27 | 2019-09-24 | Capital One Services, Llc | Techniques to reduce power consumption in near field communication systems |
US10438437B1 (en) | 2019-03-20 | 2019-10-08 | Capital One Services, Llc | Tap to copy data to clipboard via NFC |
US10467622B1 (en) | 2019-02-01 | 2019-11-05 | Capital One Services, Llc | Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms |
US10467445B1 (en) | 2019-03-28 | 2019-11-05 | Capital One Services, Llc | Devices and methods for contactless card alignment with a foldable mobile device |
US10489781B1 (en) | 2018-10-02 | 2019-11-26 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10498401B1 (en) | 2019-07-15 | 2019-12-03 | Capital One Services, Llc | System and method for guiding card positioning using phone sensors |
US10506426B1 (en) | 2019-07-19 | 2019-12-10 | Capital One Services, Llc | Techniques for call authentication |
US10505738B1 (en) | 2018-10-02 | 2019-12-10 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10511443B1 (en) | 2018-10-02 | 2019-12-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10510074B1 (en) | 2019-02-01 | 2019-12-17 | Capital One Services, Llc | One-tap payment using a contactless card |
US10516447B1 (en) | 2019-06-17 | 2019-12-24 | Capital One Services, Llc | Dynamic power levels in NFC card communications |
US10523708B1 (en) | 2019-03-18 | 2019-12-31 | Capital One Services, Llc | System and method for second factor authentication of customer support calls |
US10535062B1 (en) | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US10541995B1 (en) | 2019-07-23 | 2020-01-21 | Capital One Services, Llc | First factor contactless card authentication system and method |
US10546444B2 (en) | 2018-06-21 | 2020-01-28 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10554411B1 (en) | 2018-10-02 | 2020-02-04 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10565587B1 (en) | 2018-10-02 | 2020-02-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10581611B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10582386B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10579998B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10592710B1 (en) | 2018-10-02 | 2020-03-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10607216B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10607214B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10615981B1 (en) | 2018-10-02 | 2020-04-07 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10623393B1 (en) | 2018-10-02 | 2020-04-14 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10630653B1 (en) | 2018-10-02 | 2020-04-21 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10643420B1 (en) | 2019-03-20 | 2020-05-05 | Capital One Services, Llc | Contextual tapping engine |
US10657754B1 (en) | 2019-12-23 | 2020-05-19 | Capital One Services, Llc | Contactless card and personal identification system |
US10664941B1 (en) | 2019-12-24 | 2020-05-26 | Capital One Services, Llc | Steganographic image encoding of biometric template information on a card |
US10680824B2 (en) | 2018-10-02 | 2020-06-09 | Capital One Services, Llc | Systems and methods for inventory management using cryptographic authentication of contactless cards |
US10686603B2 (en) | 2018-10-02 | 2020-06-16 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10685350B2 (en) | 2018-10-02 | 2020-06-16 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10701560B1 (en) | 2019-10-02 | 2020-06-30 | Capital One Services, Llc | Client device authentication using contactless legacy magnetic stripe data |
US10713649B1 (en) | 2019-07-09 | 2020-07-14 | Capital One Services, Llc | System and method enabling mobile near-field communication to update display on a payment card |
US10733601B1 (en) | 2019-07-17 | 2020-08-04 | Capital One Services, Llc | Body area network facilitated authentication or payment authorization |
US10733645B2 (en) | 2018-10-02 | 2020-08-04 | Capital One Services, Llc | Systems and methods for establishing identity for order pick up |
US10733283B1 (en) | 2019-12-23 | 2020-08-04 | Capital One Services, Llc | Secure password generation and management using NFC and contactless smart cards |
US10748138B2 (en) | 2018-10-02 | 2020-08-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10757574B1 (en) | 2019-12-26 | 2020-08-25 | Capital One Services, Llc | Multi-factor authentication providing a credential via a contactless card for secure messaging |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
US10771253B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10783519B2 (en) | 2018-10-02 | 2020-09-22 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10797882B2 (en) | 2018-10-02 | 2020-10-06 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10832271B1 (en) | 2019-07-17 | 2020-11-10 | Capital One Services, Llc | Verified reviews using a contactless card |
US10841091B2 (en) | 2018-10-02 | 2020-11-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10853795B1 (en) | 2019-12-24 | 2020-12-01 | Capital One Services, Llc | Secure authentication based on identity data stored in a contactless card |
US10860914B1 (en) | 2019-12-31 | 2020-12-08 | Capital One Services, Llc | Contactless card and method of assembly |
US10861006B1 (en) | 2020-04-30 | 2020-12-08 | Capital One Services, Llc | Systems and methods for data access control using a short-range transceiver |
US10862540B1 (en) | 2019-12-23 | 2020-12-08 | Capital One Services, Llc | Method for mapping NFC field strength and location on mobile devices |
US10860814B2 (en) | 2018-10-02 | 2020-12-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10871958B1 (en) | 2019-07-03 | 2020-12-22 | Capital One Services, Llc | Techniques to perform applet programming |
US10885410B1 (en) | 2019-12-23 | 2021-01-05 | Capital One Services, Llc | Generating barcodes utilizing cryptographic techniques |
US10885514B1 (en) | 2019-07-15 | 2021-01-05 | Capital One Services, Llc | System and method for using image data to trigger contactless card transactions |
US10909527B2 (en) | 2018-10-02 | 2021-02-02 | Capital One Services, Llc | Systems and methods for performing a reissue of a contactless card |
US10909544B1 (en) | 2019-12-26 | 2021-02-02 | Capital One Services, Llc | Accessing and utilizing multiple loyalty point accounts |
US10915888B1 (en) | 2020-04-30 | 2021-02-09 | Capital One Services, Llc | Contactless card with multiple rotating security keys |
US10949520B2 (en) | 2018-10-02 | 2021-03-16 | Capital One Services, Llc | Systems and methods for cross coupling risk analytics and one-time-passcodes |
US10963865B1 (en) | 2020-05-12 | 2021-03-30 | Capital One Services, Llc | Augmented reality card activation experience |
US10970712B2 (en) | 2019-03-21 | 2021-04-06 | Capital One Services, Llc | Delegated administration of permissions using a contactless card |
US10984416B2 (en) | 2019-03-20 | 2021-04-20 | Capital One Services, Llc | NFC mobile currency transfer |
US10992477B2 (en) | 2018-10-02 | 2021-04-27 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11030339B1 (en) | 2020-04-30 | 2021-06-08 | Capital One Services, Llc | Systems and methods for data access control of personal user data using a short-range transceiver |
US11038688B1 (en) | 2019-12-30 | 2021-06-15 | Capital One Services, Llc | Techniques to control applets for contactless cards |
US11037136B2 (en) | 2019-01-24 | 2021-06-15 | Capital One Services, Llc | Tap to autofill card data |
US11063979B1 (en) | 2020-05-18 | 2021-07-13 | Capital One Services, Llc | Enabling communications between applications in a mobile operating system |
US11062098B1 (en) | 2020-08-11 | 2021-07-13 | Capital One Services, Llc | Augmented reality information display and interaction via NFC based authentication |
US11100511B1 (en) | 2020-05-18 | 2021-08-24 | Capital One Services, Llc | Application-based point of sale system in mobile operating systems |
US11113685B2 (en) | 2019-12-23 | 2021-09-07 | Capital One Services, Llc | Card issuing with restricted virtual numbers |
US11120453B2 (en) | 2019-02-01 | 2021-09-14 | Capital One Services, Llc | Tap card to securely generate card data to copy to clipboard |
US11165586B1 (en) | 2020-10-30 | 2021-11-02 | Capital One Services, Llc | Call center web-based authentication using a contactless card |
US11182771B2 (en) | 2019-07-17 | 2021-11-23 | Capital One Services, Llc | System for value loading onto in-vehicle device |
US11200563B2 (en) | 2019-12-24 | 2021-12-14 | Capital One Services, Llc | Account registration using a contactless card |
US11210656B2 (en) | 2020-04-13 | 2021-12-28 | Capital One Services, Llc | Determining specific terms for contactless card activation |
US11210664B2 (en) | 2018-10-02 | 2021-12-28 | Capital One Services, Llc | Systems and methods for amplifying the strength of cryptographic algorithms |
US11216799B1 (en) | 2021-01-04 | 2022-01-04 | Capital One Services, Llc | Secure generation of one-time passcodes using a contactless card |
US11222342B2 (en) | 2020-04-30 | 2022-01-11 | Capital One Services, Llc | Accurate images in graphical user interfaces to enable data transfer |
US11245438B1 (en) | 2021-03-26 | 2022-02-08 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US11354555B1 (en) | 2021-05-04 | 2022-06-07 | Capital One Services, Llc | Methods, mediums, and systems for applying a display to a transaction card |
US11361302B2 (en) | 2019-01-11 | 2022-06-14 | Capital One Services, Llc | Systems and methods for touch screen interface interaction using a card overlay |
US11373169B2 (en) | 2020-11-03 | 2022-06-28 | Capital One Services, Llc | Web-based activation of contactless cards |
US11392933B2 (en) | 2019-07-03 | 2022-07-19 | Capital One Services, Llc | Systems and methods for providing online and hybridcard interactions |
US11438329B2 (en) | 2021-01-29 | 2022-09-06 | Capital One Services, Llc | Systems and methods for authenticated peer-to-peer data transfer using resource locators |
US11455620B2 (en) | 2019-12-31 | 2022-09-27 | Capital One Services, Llc | Tapping a contactless card to a computing device to provision a virtual number |
US11482312B2 (en) | 2020-10-30 | 2022-10-25 | Capital One Services, Llc | Secure verification of medical status using a contactless card |
US11521262B2 (en) | 2019-05-28 | 2022-12-06 | Capital One Services, Llc | NFC enhanced augmented reality information overlays |
US11521213B2 (en) | 2019-07-18 | 2022-12-06 | Capital One Services, Llc | Continuous authentication for digital services based on contactless card positioning |
US11562358B2 (en) | 2021-01-28 | 2023-01-24 | Capital One Services, Llc | Systems and methods for near field contactless card communication and cryptographic authentication |
US11615395B2 (en) | 2019-12-23 | 2023-03-28 | Capital One Services, Llc | Authentication for third party digital wallet provisioning |
US11637826B2 (en) | 2021-02-24 | 2023-04-25 | Capital One Services, Llc | Establishing authentication persistence |
US11651361B2 (en) | 2019-12-23 | 2023-05-16 | Capital One Services, Llc | Secure authentication based on passport data stored in a contactless card |
US11682012B2 (en) | 2021-01-27 | 2023-06-20 | Capital One Services, Llc | Contactless delivery systems and methods |
US11687930B2 (en) | 2021-01-28 | 2023-06-27 | Capital One Services, Llc | Systems and methods for authentication of access tokens |
US11694187B2 (en) | 2019-07-03 | 2023-07-04 | Capital One Services, Llc | Constraining transactional capabilities for contactless cards |
US11777933B2 (en) | 2021-02-03 | 2023-10-03 | Capital One Services, Llc | URL-based authentication for payment cards |
US11792001B2 (en) | 2021-01-28 | 2023-10-17 | Capital One Services, Llc | Systems and methods for secure reprovisioning |
US11823175B2 (en) | 2020-04-30 | 2023-11-21 | Capital One Services, Llc | Intelligent card unlock |
US11902442B2 (en) | 2021-04-22 | 2024-02-13 | Capital One Services, Llc | Secure management of accounts on display devices using a contactless card |
US11935035B2 (en) | 2021-04-20 | 2024-03-19 | Capital One Services, Llc | Techniques to utilize resource locators by a contactless card to perform a sequence of operations |
Families Citing this family (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6845498B1 (en) * | 1999-05-11 | 2005-01-18 | Microsoft Corporation | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
WO2001039463A1 (en) * | 1999-11-19 | 2001-05-31 | Swisscom Mobile Ag | Logical interface between two applications |
US6961838B2 (en) * | 2000-06-02 | 2005-11-01 | Hewlett-Packard Development Company, L.P. | Generating updated virtual disks using distributed mapping tables accessible by mapping agents and managed by a centralized controller |
US7233998B2 (en) * | 2001-03-22 | 2007-06-19 | Sony Computer Entertainment Inc. | Computer architecture and software cells for broadband networks |
JP4348190B2 (en) * | 2001-12-07 | 2009-10-21 | エセブス・リミテッド | Smart card system |
US7467167B2 (en) * | 2002-03-19 | 2008-12-16 | Network Appliance, Inc. | System and method for coalescing a plurality of snapshots |
US7305681B2 (en) * | 2003-03-20 | 2007-12-04 | Nokia Corporation | Method and apparatus for providing multi-client support in a sip-enabled terminal |
US20050071828A1 (en) * | 2003-09-25 | 2005-03-31 | International Business Machines Corporation | System and method for compiling source code for multi-processor environments |
US7549145B2 (en) * | 2003-09-25 | 2009-06-16 | International Business Machines Corporation | Processor dedicated code handling in a multi-processor environment |
US7523157B2 (en) * | 2003-09-25 | 2009-04-21 | International Business Machines Corporation | Managing a plurality of processors as devices |
US7389508B2 (en) * | 2003-09-25 | 2008-06-17 | International Business Machines Corporation | System and method for grouping processors and assigning shared memory space to a group in heterogeneous computer environment |
US7415703B2 (en) * | 2003-09-25 | 2008-08-19 | International Business Machines Corporation | Loading software on a plurality of processors |
US7496917B2 (en) | 2003-09-25 | 2009-02-24 | International Business Machines Corporation | Virtual devices using a pluarlity of processors |
US7444632B2 (en) * | 2003-09-25 | 2008-10-28 | International Business Machines Corporation | Balancing computational load across a plurality of processors |
US7475257B2 (en) * | 2003-09-25 | 2009-01-06 | International Business Machines Corporation | System and method for selecting and using a signal processor in a multiprocessor system to operate as a security for encryption/decryption of data |
US7478390B2 (en) * | 2003-09-25 | 2009-01-13 | International Business Machines Corporation | Task queue management of virtual devices using a plurality of processors |
ATE532142T1 (en) * | 2004-03-16 | 2011-11-15 | Microdasys Inc | CONTENT MONITORING FOR XML |
KR100579053B1 (en) * | 2004-08-26 | 2006-05-12 | 삼성전자주식회사 | Method of multi-interfacing between smart card and memory card and multi-interface card |
JP2006119901A (en) * | 2004-10-21 | 2006-05-11 | Toshiba Corp | Portable electronic apparatus and application updating method for the portable electronic apparatus |
US7921425B2 (en) * | 2005-03-14 | 2011-04-05 | Cisco Technology, Inc. | Techniques for allocating computing resources to applications in an embedded system |
JP4944033B2 (en) * | 2005-07-27 | 2012-05-30 | パナソニック株式会社 | Information processing system, information processing method, execution binary image creation device, execution binary image creation method, execution binary image creation program, computer-readable recording medium recording the execution binary image creation program, execution binary image execution device, execution binary image Execution method, execution binary image execution program, and computer-readable recording medium recording execution binary image execution program |
US9032359B1 (en) * | 2005-11-03 | 2015-05-12 | Oracle America, Inc. | Method and apparatus for modifying a platform-independent programming language build tool |
JP5329884B2 (en) * | 2008-09-18 | 2013-10-30 | 株式会社東芝 | Portable electronic device and data processing method in portable electronic device |
US8904366B2 (en) * | 2009-05-15 | 2014-12-02 | International Business Machines Corporation | Use of vectorization instruction sets |
US20120117537A1 (en) * | 2010-11-02 | 2012-05-10 | Velocio Networks, Inc. | Flow Chart Programming Platform for Testers and Simulators |
PL2466505T3 (en) * | 2010-12-01 | 2013-10-31 | Nagravision Sa | Method for authenticating a terminal |
CN103544037B (en) * | 2013-10-29 | 2016-08-17 | 飞天诚信科技股份有限公司 | The implementation method that a kind of software and hardware supporting OpenSC drives |
JP6759851B2 (en) * | 2016-08-22 | 2020-09-23 | 富士通株式会社 | Program generation program, program generation method, program generator and compilation program |
US10613882B2 (en) | 2016-10-14 | 2020-04-07 | Seagate Technology Llc | Active drive API |
Citations (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4888773A (en) * | 1988-06-15 | 1989-12-19 | International Business Machines Corporation | Smart memory card architecture and interface |
US5504901A (en) * | 1989-09-08 | 1996-04-02 | Digital Equipment Corporation | Position independent code location system |
US5615331A (en) * | 1994-06-23 | 1997-03-25 | Phoenix Technologies Ltd. | System and method for debugging a computing system |
US5630049A (en) * | 1994-11-30 | 1997-05-13 | Digital Equipment Corporation | Method and apparatus for testing software on a computer network |
US5787245A (en) * | 1995-11-13 | 1998-07-28 | Object Technology Licensing Corporation | Portable debugging service utilizing a client debugger object and a server debugger object |
US5802519A (en) * | 1994-02-08 | 1998-09-01 | Belle Gate Investment B.V. | Coherent data structure with multiple interaction contexts for a smart card |
US5923884A (en) * | 1996-08-30 | 1999-07-13 | Gemplus S.C.A. | System and method for loading applications onto a smart card |
US5966702A (en) * | 1997-10-31 | 1999-10-12 | Sun Microsystems, Inc. | Method and apparatus for pre-processing and packaging class files |
US6005942A (en) * | 1997-03-24 | 1999-12-21 | Visa International Service Association | System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card |
US6115472A (en) * | 1996-09-11 | 2000-09-05 | Nippon Telegraph And Telephone Corporation | Contents transmission control method with user authentication functions and recording medium with the method recorded thereon |
US6148083A (en) * | 1996-08-23 | 2000-11-14 | Hewlett-Packard Company | Application certification for an international cryptography framework |
US6173419B1 (en) * | 1998-05-14 | 2001-01-09 | Advanced Technology Materials, Inc. | Field programmable gate array (FPGA) emulator for debugging software |
US6195774B1 (en) * | 1998-08-13 | 2001-02-27 | Xilinx, Inc. | Boundary-scan method using object-oriented programming language |
US6296191B1 (en) * | 1998-09-02 | 2001-10-02 | International Business Machines Corp. | Storing data objects in a smart card memory |
US6308270B1 (en) * | 1998-02-13 | 2001-10-23 | Schlumberger Technologies, Inc. | Validating and certifying execution of a software program with a smart card |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
US6430570B1 (en) * | 1999-03-01 | 2002-08-06 | Hewlett-Packard Company | Java application manager for embedded device |
US6481632B2 (en) * | 1998-10-27 | 2002-11-19 | Visa International Service Association | Delegated management of smart card applications |
US6490720B1 (en) * | 2001-05-11 | 2002-12-03 | Sospita As | Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications |
US6493823B1 (en) * | 1996-09-04 | 2002-12-10 | Atos Services | Instrument for making secure data exchanges |
US6519767B1 (en) * | 1995-06-07 | 2003-02-11 | Microsoft Corporation | Compiler and method for automatically building version compatible object applications |
US6546546B1 (en) * | 1999-05-19 | 2003-04-08 | International Business Machines Corporation | Integrating operating systems and run-time systems |
US6581206B2 (en) * | 1999-11-12 | 2003-06-17 | Sun Microsystems, Inc. | Computer program language subset validation |
US20040015853A1 (en) * | 1998-09-18 | 2004-01-22 | Prenn M. Therese | System having an arithmetic-logic circuit for determining the maximum or minimum of a plurality of codes |
US6845498B1 (en) * | 1999-05-11 | 2005-01-18 | Microsoft Corporation | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US6848111B1 (en) * | 1999-02-02 | 2005-01-25 | Sun Microsystems, Inc. | Zero overhead exception handling |
US6877154B2 (en) * | 1996-06-28 | 2005-04-05 | Fujitsu Limited | Object-oriented programming apparatus, object-oriented programming supporting apparatus, component builder apparatus, object-oriented program storage medium, program storage medium for use in object-oriented programming, component storage medium, and object-between-network display method |
US6926203B1 (en) * | 1997-06-24 | 2005-08-09 | Richard P. Sehr | Travel system and methods utilizing multi-application traveler devices |
US7159213B2 (en) * | 1996-05-30 | 2007-01-02 | Sun Microsystems, Inc. | Computer program product having preloaded software module |
US7182250B2 (en) * | 2000-12-19 | 2007-02-27 | Smart Card Solutions Limited | Computing device with an embedded microprocessor or micro-controller |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61177585A (en) | 1985-02-04 | 1986-08-09 | Toshiba Corp | Sealing body of portable electronic device |
GB2204973A (en) | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data processing system |
JPH0259937A (en) | 1988-08-26 | 1990-02-28 | Hitachi Maxell Ltd | Ic card |
DE59004248D1 (en) | 1990-07-20 | 1994-02-24 | Siemens Nixdorf Inf Syst | Procedure for preventing inadmissible deviations from the run log of an application in a data exchange system. |
FR2667419A1 (en) | 1990-10-02 | 1992-04-03 | Gemplus Card Int | Memory-card application-program debugging process and debugging system |
FR2673476B1 (en) | 1991-01-18 | 1996-04-12 | Gemplus Card Int | SECURE METHOD FOR LOADING MULTIPLE APPLICATIONS INTO A MICROPROCESSOR MEMORY CARD. |
US5710884A (en) * | 1995-03-29 | 1998-01-20 | Intel Corporation | System for automatically updating personal profile server with updates to additional user information gathered from monitoring user's electronic consuming habits generated on computer during use |
WO1998025239A1 (en) | 1996-12-03 | 1998-06-11 | Strategic Analysis, Inc. | Method and apparatus for formatting smart cards and card readers |
US5901330A (en) | 1997-03-13 | 1999-05-04 | Macronix International Co., Ltd. | In-circuit programming architecture with ROM and flash memory |
US6488211B1 (en) | 1997-05-15 | 2002-12-03 | Mondex International Limited | System and method for flexibly loading in IC card |
EP0949595A3 (en) | 1998-03-30 | 2001-09-26 | Citicorp Development Center, Inc. | Method and system for managing applications for a multi-function smartcard |
US6101607A (en) * | 1998-04-24 | 2000-08-08 | International Business Machines Corporation | Limit access to program function |
US6004049A (en) * | 1998-10-29 | 1999-12-21 | Sun Microsystems, Inc. | Method and apparatus for dynamic configuration of an input device |
US6547150B1 (en) * | 1999-05-11 | 2003-04-15 | Microsoft Corporation | Smart card application development system and method |
-
2000
- 2000-05-02 US US09/563,798 patent/US6845498B1/en not_active Expired - Lifetime
-
2004
- 2004-04-29 US US10/837,127 patent/US7703086B2/en not_active Expired - Fee Related
- 2004-04-29 US US10/837,441 patent/US20040215674A1/en not_active Abandoned
- 2004-10-19 US US10/968,245 patent/US7454741B2/en not_active Expired - Fee Related
Patent Citations (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4888773A (en) * | 1988-06-15 | 1989-12-19 | International Business Machines Corporation | Smart memory card architecture and interface |
US5504901A (en) * | 1989-09-08 | 1996-04-02 | Digital Equipment Corporation | Position independent code location system |
US5802519A (en) * | 1994-02-08 | 1998-09-01 | Belle Gate Investment B.V. | Coherent data structure with multiple interaction contexts for a smart card |
US5615331A (en) * | 1994-06-23 | 1997-03-25 | Phoenix Technologies Ltd. | System and method for debugging a computing system |
US5630049A (en) * | 1994-11-30 | 1997-05-13 | Digital Equipment Corporation | Method and apparatus for testing software on a computer network |
US6519767B1 (en) * | 1995-06-07 | 2003-02-11 | Microsoft Corporation | Compiler and method for automatically building version compatible object applications |
US5787245A (en) * | 1995-11-13 | 1998-07-28 | Object Technology Licensing Corporation | Portable debugging service utilizing a client debugger object and a server debugger object |
US7159213B2 (en) * | 1996-05-30 | 2007-01-02 | Sun Microsystems, Inc. | Computer program product having preloaded software module |
US6877154B2 (en) * | 1996-06-28 | 2005-04-05 | Fujitsu Limited | Object-oriented programming apparatus, object-oriented programming supporting apparatus, component builder apparatus, object-oriented program storage medium, program storage medium for use in object-oriented programming, component storage medium, and object-between-network display method |
US6148083A (en) * | 1996-08-23 | 2000-11-14 | Hewlett-Packard Company | Application certification for an international cryptography framework |
US5923884A (en) * | 1996-08-30 | 1999-07-13 | Gemplus S.C.A. | System and method for loading applications onto a smart card |
US6493823B1 (en) * | 1996-09-04 | 2002-12-10 | Atos Services | Instrument for making secure data exchanges |
US6115472A (en) * | 1996-09-11 | 2000-09-05 | Nippon Telegraph And Telephone Corporation | Contents transmission control method with user authentication functions and recording medium with the method recorded thereon |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
US6005942A (en) * | 1997-03-24 | 1999-12-21 | Visa International Service Association | System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card |
US6926203B1 (en) * | 1997-06-24 | 2005-08-09 | Richard P. Sehr | Travel system and methods utilizing multi-application traveler devices |
US5966702A (en) * | 1997-10-31 | 1999-10-12 | Sun Microsystems, Inc. | Method and apparatus for pre-processing and packaging class files |
US6308270B1 (en) * | 1998-02-13 | 2001-10-23 | Schlumberger Technologies, Inc. | Validating and certifying execution of a software program with a smart card |
US6173419B1 (en) * | 1998-05-14 | 2001-01-09 | Advanced Technology Materials, Inc. | Field programmable gate array (FPGA) emulator for debugging software |
US6195774B1 (en) * | 1998-08-13 | 2001-02-27 | Xilinx, Inc. | Boundary-scan method using object-oriented programming language |
US6296191B1 (en) * | 1998-09-02 | 2001-10-02 | International Business Machines Corp. | Storing data objects in a smart card memory |
US20040015853A1 (en) * | 1998-09-18 | 2004-01-22 | Prenn M. Therese | System having an arithmetic-logic circuit for determining the maximum or minimum of a plurality of codes |
US6481632B2 (en) * | 1998-10-27 | 2002-11-19 | Visa International Service Association | Delegated management of smart card applications |
US6848111B1 (en) * | 1999-02-02 | 2005-01-25 | Sun Microsystems, Inc. | Zero overhead exception handling |
US6430570B1 (en) * | 1999-03-01 | 2002-08-06 | Hewlett-Packard Company | Java application manager for embedded device |
US6845498B1 (en) * | 1999-05-11 | 2005-01-18 | Microsoft Corporation | Method and apparatus for sharing data files among run time environment applets in an integrated circuit card |
US6546546B1 (en) * | 1999-05-19 | 2003-04-08 | International Business Machines Corporation | Integrating operating systems and run-time systems |
US6581206B2 (en) * | 1999-11-12 | 2003-06-17 | Sun Microsystems, Inc. | Computer program language subset validation |
US7182250B2 (en) * | 2000-12-19 | 2007-02-27 | Smart Card Solutions Limited | Computing device with an embedded microprocessor or micro-controller |
US6490720B1 (en) * | 2001-05-11 | 2002-12-03 | Sospita As | Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications |
Cited By (147)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7014119B2 (en) * | 2001-05-02 | 2006-03-21 | Keycorp Limited | Method of manufacturing smart cards |
US20040133800A1 (en) * | 2001-05-02 | 2004-07-08 | Laurence Sterling | Method of manufacturing smart cards |
US10546444B2 (en) | 2018-06-21 | 2020-01-28 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10878651B2 (en) | 2018-06-21 | 2020-12-29 | Capital One Services, Llc | Systems and methods for secure read-only authentication |
US10797882B2 (en) | 2018-10-02 | 2020-10-06 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10623393B1 (en) | 2018-10-02 | 2020-04-14 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10489781B1 (en) | 2018-10-02 | 2019-11-26 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11301848B2 (en) | 2018-10-02 | 2022-04-12 | Capital One Services, Llc | Systems and methods for secure transaction approval |
US11728994B2 (en) | 2018-10-02 | 2023-08-15 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10505738B1 (en) | 2018-10-02 | 2019-12-10 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10511443B1 (en) | 2018-10-02 | 2019-12-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11232272B2 (en) | 2018-10-02 | 2022-01-25 | Capital One Services, Llc | Systems and methods for contactless card applet communication |
US11233645B2 (en) | 2018-10-02 | 2022-01-25 | Capital One Services, Llc | Systems and methods of key selection for cryptographic authentication of contactless cards |
US11321546B2 (en) | 2018-10-02 | 2022-05-03 | Capital One Services, Llc | Systems and methods data transmission using contactless cards |
US11336454B2 (en) | 2018-10-02 | 2022-05-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11699047B2 (en) | 2018-10-02 | 2023-07-11 | Capital One Services, Llc | Systems and methods for contactless card applet communication |
US11843700B2 (en) | 2018-10-02 | 2023-12-12 | Capital One Services, Llc | Systems and methods for email-based card activation |
US11210664B2 (en) | 2018-10-02 | 2021-12-28 | Capital One Services, Llc | Systems and methods for amplifying the strength of cryptographic algorithms |
US10554411B1 (en) | 2018-10-02 | 2020-02-04 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10565587B1 (en) | 2018-10-02 | 2020-02-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10581611B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10582386B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10579998B1 (en) | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10592710B1 (en) | 2018-10-02 | 2020-03-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10607216B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10607214B1 (en) | 2018-10-02 | 2020-03-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10615981B1 (en) | 2018-10-02 | 2020-04-07 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10841091B2 (en) | 2018-10-02 | 2020-11-17 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10630653B1 (en) | 2018-10-02 | 2020-04-21 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11341480B2 (en) | 2018-10-02 | 2022-05-24 | Capital One Services, Llc | Systems and methods for phone-based card activation |
US11843698B2 (en) | 2018-10-02 | 2023-12-12 | Capital One Services, Llc | Systems and methods of key selection for cryptographic authentication of contactless cards |
US11804964B2 (en) | 2018-10-02 | 2023-10-31 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10680824B2 (en) | 2018-10-02 | 2020-06-09 | Capital One Services, Llc | Systems and methods for inventory management using cryptographic authentication of contactless cards |
US10686603B2 (en) | 2018-10-02 | 2020-06-16 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10685350B2 (en) | 2018-10-02 | 2020-06-16 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11790187B2 (en) | 2018-10-02 | 2023-10-17 | Capital One Services, Llc | Systems and methods for data transmission using contactless cards |
US11349667B2 (en) | 2018-10-02 | 2022-05-31 | Capital One Services, Llc | Systems and methods for inventory management using cryptographic authentication of contactless cards |
US11195174B2 (en) | 2018-10-02 | 2021-12-07 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10733645B2 (en) | 2018-10-02 | 2020-08-04 | Capital One Services, Llc | Systems and methods for establishing identity for order pick up |
US11784820B2 (en) | 2018-10-02 | 2023-10-10 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10748138B2 (en) | 2018-10-02 | 2020-08-18 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11770254B2 (en) | 2018-10-02 | 2023-09-26 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10771254B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for email-based card activation |
US10771253B2 (en) | 2018-10-02 | 2020-09-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10778437B2 (en) | 2018-10-02 | 2020-09-15 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10783519B2 (en) | 2018-10-02 | 2020-09-22 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11182784B2 (en) | 2018-10-02 | 2021-11-23 | Capital One Services, Llc | Systems and methods for performing transactions with contactless cards |
US11297046B2 (en) | 2018-10-02 | 2022-04-05 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11924188B2 (en) | 2018-10-02 | 2024-03-05 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11182785B2 (en) | 2018-10-02 | 2021-11-23 | Capital One Services, Llc | Systems and methods for authorization and access to services using contactless cards |
US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US11144915B2 (en) | 2018-10-02 | 2021-10-12 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards using risk factors |
US11658997B2 (en) | 2018-10-02 | 2023-05-23 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US11610195B2 (en) | 2018-10-02 | 2023-03-21 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US10860814B2 (en) | 2018-10-02 | 2020-12-08 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11129019B2 (en) | 2018-10-02 | 2021-09-21 | Capital One Services, Llc | Systems and methods for performing transactions with contactless cards |
US11423452B2 (en) | 2018-10-02 | 2022-08-23 | Capital One Services, Llc | Systems and methods for establishing identity for order pick up |
US10880327B2 (en) | 2018-10-02 | 2020-12-29 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US10887106B2 (en) | 2018-10-02 | 2021-01-05 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11563583B2 (en) | 2018-10-02 | 2023-01-24 | Capital One Services, Llc | Systems and methods for content management using contactless cards |
US11438164B2 (en) | 2018-10-02 | 2022-09-06 | Capital One Services, Llc | Systems and methods for email-based card activation |
US10909527B2 (en) | 2018-10-02 | 2021-02-02 | Capital One Services, Llc | Systems and methods for performing a reissue of a contactless card |
US11544707B2 (en) | 2018-10-02 | 2023-01-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11102007B2 (en) | 2018-10-02 | 2021-08-24 | Capital One Services, Llc | Contactless card emulation system and method |
US10949520B2 (en) | 2018-10-02 | 2021-03-16 | Capital One Services, Llc | Systems and methods for cross coupling risk analytics and one-time-passcodes |
US10965465B2 (en) | 2018-10-02 | 2021-03-30 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11502844B2 (en) | 2018-10-02 | 2022-11-15 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11438311B2 (en) | 2018-10-02 | 2022-09-06 | Capital One Services, Llc | Systems and methods for card information management |
US11444775B2 (en) | 2018-10-02 | 2022-09-13 | Capital One Services, Llc | Systems and methods for content management using contactless cards |
US10992477B2 (en) | 2018-10-02 | 2021-04-27 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11469898B2 (en) | 2018-10-02 | 2022-10-11 | Capital One Services, Llc | Systems and methods for message presentation using contactless cards |
US11456873B2 (en) | 2018-10-02 | 2022-09-27 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
US11361302B2 (en) | 2019-01-11 | 2022-06-14 | Capital One Services, Llc | Systems and methods for touch screen interface interaction using a card overlay |
US11037136B2 (en) | 2019-01-24 | 2021-06-15 | Capital One Services, Llc | Tap to autofill card data |
US10510074B1 (en) | 2019-02-01 | 2019-12-17 | Capital One Services, Llc | One-tap payment using a contactless card |
US10467622B1 (en) | 2019-02-01 | 2019-11-05 | Capital One Services, Llc | Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms |
US11120453B2 (en) | 2019-02-01 | 2021-09-14 | Capital One Services, Llc | Tap card to securely generate card data to copy to clipboard |
US10425129B1 (en) | 2019-02-27 | 2019-09-24 | Capital One Services, Llc | Techniques to reduce power consumption in near field communication systems |
US10523708B1 (en) | 2019-03-18 | 2019-12-31 | Capital One Services, Llc | System and method for second factor authentication of customer support calls |
US10643420B1 (en) | 2019-03-20 | 2020-05-05 | Capital One Services, Llc | Contextual tapping engine |
US10535062B1 (en) | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
US10984416B2 (en) | 2019-03-20 | 2021-04-20 | Capital One Services, Llc | NFC mobile currency transfer |
US10783736B1 (en) | 2019-03-20 | 2020-09-22 | Capital One Services, Llc | Tap to copy data to clipboard via NFC |
US10438437B1 (en) | 2019-03-20 | 2019-10-08 | Capital One Services, Llc | Tap to copy data to clipboard via NFC |
US10970712B2 (en) | 2019-03-21 | 2021-04-06 | Capital One Services, Llc | Delegated administration of permissions using a contactless card |
US10467445B1 (en) | 2019-03-28 | 2019-11-05 | Capital One Services, Llc | Devices and methods for contactless card alignment with a foldable mobile device |
US11521262B2 (en) | 2019-05-28 | 2022-12-06 | Capital One Services, Llc | NFC enhanced augmented reality information overlays |
US10516447B1 (en) | 2019-06-17 | 2019-12-24 | Capital One Services, Llc | Dynamic power levels in NFC card communications |
US11694187B2 (en) | 2019-07-03 | 2023-07-04 | Capital One Services, Llc | Constraining transactional capabilities for contactless cards |
US10871958B1 (en) | 2019-07-03 | 2020-12-22 | Capital One Services, Llc | Techniques to perform applet programming |
US11392933B2 (en) | 2019-07-03 | 2022-07-19 | Capital One Services, Llc | Systems and methods for providing online and hybridcard interactions |
US10713649B1 (en) | 2019-07-09 | 2020-07-14 | Capital One Services, Llc | System and method enabling mobile near-field communication to update display on a payment card |
US10885514B1 (en) | 2019-07-15 | 2021-01-05 | Capital One Services, Llc | System and method for using image data to trigger contactless card transactions |
US10498401B1 (en) | 2019-07-15 | 2019-12-03 | Capital One Services, Llc | System and method for guiding card positioning using phone sensors |
US10733601B1 (en) | 2019-07-17 | 2020-08-04 | Capital One Services, Llc | Body area network facilitated authentication or payment authorization |
US11182771B2 (en) | 2019-07-17 | 2021-11-23 | Capital One Services, Llc | System for value loading onto in-vehicle device |
US10832271B1 (en) | 2019-07-17 | 2020-11-10 | Capital One Services, Llc | Verified reviews using a contactless card |
US11521213B2 (en) | 2019-07-18 | 2022-12-06 | Capital One Services, Llc | Continuous authentication for digital services based on contactless card positioning |
US10506426B1 (en) | 2019-07-19 | 2019-12-10 | Capital One Services, Llc | Techniques for call authentication |
US10541995B1 (en) | 2019-07-23 | 2020-01-21 | Capital One Services, Llc | First factor contactless card authentication system and method |
US11638148B2 (en) | 2019-10-02 | 2023-04-25 | Capital One Services, Llc | Client device authentication using contactless legacy magnetic stripe data |
US10701560B1 (en) | 2019-10-02 | 2020-06-30 | Capital One Services, Llc | Client device authentication using contactless legacy magnetic stripe data |
US11651361B2 (en) | 2019-12-23 | 2023-05-16 | Capital One Services, Llc | Secure authentication based on passport data stored in a contactless card |
US10733283B1 (en) | 2019-12-23 | 2020-08-04 | Capital One Services, Llc | Secure password generation and management using NFC and contactless smart cards |
US11113685B2 (en) | 2019-12-23 | 2021-09-07 | Capital One Services, Llc | Card issuing with restricted virtual numbers |
US10657754B1 (en) | 2019-12-23 | 2020-05-19 | Capital One Services, Llc | Contactless card and personal identification system |
US11615395B2 (en) | 2019-12-23 | 2023-03-28 | Capital One Services, Llc | Authentication for third party digital wallet provisioning |
US10862540B1 (en) | 2019-12-23 | 2020-12-08 | Capital One Services, Llc | Method for mapping NFC field strength and location on mobile devices |
US10885410B1 (en) | 2019-12-23 | 2021-01-05 | Capital One Services, Llc | Generating barcodes utilizing cryptographic techniques |
US11200563B2 (en) | 2019-12-24 | 2021-12-14 | Capital One Services, Llc | Account registration using a contactless card |
US10853795B1 (en) | 2019-12-24 | 2020-12-01 | Capital One Services, Llc | Secure authentication based on identity data stored in a contactless card |
US10664941B1 (en) | 2019-12-24 | 2020-05-26 | Capital One Services, Llc | Steganographic image encoding of biometric template information on a card |
US10757574B1 (en) | 2019-12-26 | 2020-08-25 | Capital One Services, Llc | Multi-factor authentication providing a credential via a contactless card for secure messaging |
US10909544B1 (en) | 2019-12-26 | 2021-02-02 | Capital One Services, Llc | Accessing and utilizing multiple loyalty point accounts |
US11038688B1 (en) | 2019-12-30 | 2021-06-15 | Capital One Services, Llc | Techniques to control applets for contactless cards |
US11455620B2 (en) | 2019-12-31 | 2022-09-27 | Capital One Services, Llc | Tapping a contactless card to a computing device to provision a virtual number |
US10860914B1 (en) | 2019-12-31 | 2020-12-08 | Capital One Services, Llc | Contactless card and method of assembly |
US11210656B2 (en) | 2020-04-13 | 2021-12-28 | Capital One Services, Llc | Determining specific terms for contactless card activation |
US10915888B1 (en) | 2020-04-30 | 2021-02-09 | Capital One Services, Llc | Contactless card with multiple rotating security keys |
US11562346B2 (en) | 2020-04-30 | 2023-01-24 | Capital One Services, Llc | Contactless card with multiple rotating security keys |
US11222342B2 (en) | 2020-04-30 | 2022-01-11 | Capital One Services, Llc | Accurate images in graphical user interfaces to enable data transfer |
US10861006B1 (en) | 2020-04-30 | 2020-12-08 | Capital One Services, Llc | Systems and methods for data access control using a short-range transceiver |
US11030339B1 (en) | 2020-04-30 | 2021-06-08 | Capital One Services, Llc | Systems and methods for data access control of personal user data using a short-range transceiver |
US11823175B2 (en) | 2020-04-30 | 2023-11-21 | Capital One Services, Llc | Intelligent card unlock |
US11270291B2 (en) | 2020-04-30 | 2022-03-08 | Capital One Services, Llc | Systems and methods for data access control using a short-range transceiver |
US10963865B1 (en) | 2020-05-12 | 2021-03-30 | Capital One Services, Llc | Augmented reality card activation experience |
US11063979B1 (en) | 2020-05-18 | 2021-07-13 | Capital One Services, Llc | Enabling communications between applications in a mobile operating system |
US11100511B1 (en) | 2020-05-18 | 2021-08-24 | Capital One Services, Llc | Application-based point of sale system in mobile operating systems |
US11062098B1 (en) | 2020-08-11 | 2021-07-13 | Capital One Services, Llc | Augmented reality information display and interaction via NFC based authentication |
US11165586B1 (en) | 2020-10-30 | 2021-11-02 | Capital One Services, Llc | Call center web-based authentication using a contactless card |
US11482312B2 (en) | 2020-10-30 | 2022-10-25 | Capital One Services, Llc | Secure verification of medical status using a contactless card |
US11373169B2 (en) | 2020-11-03 | 2022-06-28 | Capital One Services, Llc | Web-based activation of contactless cards |
US11216799B1 (en) | 2021-01-04 | 2022-01-04 | Capital One Services, Llc | Secure generation of one-time passcodes using a contactless card |
US11682012B2 (en) | 2021-01-27 | 2023-06-20 | Capital One Services, Llc | Contactless delivery systems and methods |
US11687930B2 (en) | 2021-01-28 | 2023-06-27 | Capital One Services, Llc | Systems and methods for authentication of access tokens |
US11792001B2 (en) | 2021-01-28 | 2023-10-17 | Capital One Services, Llc | Systems and methods for secure reprovisioning |
US11562358B2 (en) | 2021-01-28 | 2023-01-24 | Capital One Services, Llc | Systems and methods for near field contactless card communication and cryptographic authentication |
US11922417B2 (en) | 2021-01-28 | 2024-03-05 | Capital One Services, Llc | Systems and methods for near field contactless card communication and cryptographic authentication |
US11438329B2 (en) | 2021-01-29 | 2022-09-06 | Capital One Services, Llc | Systems and methods for authenticated peer-to-peer data transfer using resource locators |
US11777933B2 (en) | 2021-02-03 | 2023-10-03 | Capital One Services, Llc | URL-based authentication for payment cards |
US11637826B2 (en) | 2021-02-24 | 2023-04-25 | Capital One Services, Llc | Establishing authentication persistence |
US20220311475A1 (en) | 2021-03-26 | 2022-09-29 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US11848724B2 (en) | 2021-03-26 | 2023-12-19 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US11245438B1 (en) | 2021-03-26 | 2022-02-08 | Capital One Services, Llc | Network-enabled smart apparatus and systems and methods for activating and provisioning same |
US11935035B2 (en) | 2021-04-20 | 2024-03-19 | Capital One Services, Llc | Techniques to utilize resource locators by a contactless card to perform a sequence of operations |
US11902442B2 (en) | 2021-04-22 | 2024-02-13 | Capital One Services, Llc | Secure management of accounts on display devices using a contactless card |
US11354555B1 (en) | 2021-05-04 | 2022-06-07 | Capital One Services, Llc | Methods, mediums, and systems for applying a display to a transaction card |
Also Published As
Publication number | Publication date |
---|---|
US6845498B1 (en) | 2005-01-18 |
US20050081187A1 (en) | 2005-04-14 |
US20040205714A1 (en) | 2004-10-14 |
US7703086B2 (en) | 2010-04-20 |
US7454741B2 (en) | 2008-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7454741B2 (en) | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card | |
EP1179209A1 (en) | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card | |
US9400668B2 (en) | Computer program product containing instructions for providing a processor the capability of executing an application derived from a compiled form | |
KR100713740B1 (en) | Object-oriented instruction set for resource-constrained devices | |
US6547150B1 (en) | Smart card application development system and method | |
Poll et al. | Specification of the Javacard API in JML: Towards formal specification and verification of applets and API implementations | |
US6643711B2 (en) | Method and apparatus for dispatch table construction | |
EP0945791A2 (en) | Techniques for reducing the cost of dynamic class initialization checks in compiled code | |
US7467376B2 (en) | Semantic analysis based compression of interpreted code by replacing object instruction groups with special instruction specifying a register representing the object | |
KR19980702349A (en) | Integrated Circuit Control Transaction Management System | |
US20020059475A1 (en) | Java run-time system with modified linking identifiers | |
AU716558B2 (en) | Portable, secure transaction system for programmable, intelligent devices | |
US6948156B2 (en) | Type checking in java computing environments | |
CN113703779A (en) | Cross-platform multi-language compiling method and ultra-light Internet of things virtual machine | |
US20050183081A1 (en) | Installation of a compiled program, particularly in a chip card | |
Jacobs et al. | VerifiCard: A European project for smart card verification | |
Hansmann et al. | Introduction to Smart Card Software | |
Møller | Automatic Specialization of Client/Server Interfaces | |
Manual | Martin Grabmueller | |
Johannes_Kepler_Universität | Metaprogramming in Oberon | |
MXPA99003796A (en) | Using a high level programming language with a microcontroller |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0001 Effective date: 20141014 |